Information Security

Due to the Covid-related restrictions, we are experimenting with different online teaching formats. My lectures on Information Security I+II are on a public Twitch channel, which also hosts recent recordings.

Please register to the platform in order to participate in chat, which will be the primary feedback channel. Feel free to use a pseudonym that does not reveal your true identity.

Schedule and Access

The lecture is streamed on Tuesdays between 9:15 and 10:45. The stream usually starts shortly after 9:00.

Link to the steam:

The stream is recorded and will be available on the platform for about 10 days.

We use ARSnova to handle questions to the audience.

The proseminar takes place on Thursdays between 15:15 and 17:45. We use the university’s BigBlueButton instance, which allows direct interactions between students. This class is not public and restricted to students enrolled at the University of Innsbruck.

Access to the virtual classroom: via the OLAT system


Here is the provisional lecture plan for Information Security II.

    Lecture Proseminar
02.03.21 01 Introduction, prerequisites, a secure single-purpose device  
09.03.21 02 Special topic: machine learning in adversarial environments  
16.03.21 03 Multi-purpose systems: confinement & side channels  
23.03.21 04 Multi-purpose systems: access control & vulnerabilities  
13.04.21 05 Hardware-supported security systems  
20.04.21 06 Securing end-to-end network connections  
27.04.21 07 Securing network infrastructures  
04.05.21 08 Availability  
11.05.21 09 Security economics  
18.05.21 10 Privacy policy & theory  
01.06.21 11 Privacy-enhancing technology  
08.06.21 12 Q & A  
22.06.21   Exams (cont’d)

For reference, here is the final lecture plan of Information Security I in the past winter term. Topics in italics are primers intended to refresh essential theoretical foundations.

    14:15–15:45 16:00–17:30
08.10.20 01 General introduction  
15.10.20 02 Security principles  
22.10.20   Probability theory (cont’d)
29.10.20   (reserved)  
05.11.20   Information theory Coding theory
12.11.20 03 Introduction to cryptography (cont’d)
19.11.20   Number theory (cont’d)
26.11.20 04 Blockciphers Complexity theory
03.12.20 05 Asymmetric encryption  
10.12.20 06 Authentication  
17.12.20 07 Block cipher operation modes  
    (winter break)  
07.01.21 08 Cryptographic protocols  
14.01.21 09 Elliptic curve cryptography  
21.01.21 10 Q & A  
28.01.21   Exams (cont’d)


  • Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2021.
  • van Oorschot, P. Computer Security and the Internet. Tools and Jewels. 2020.
  • Ferguson, N., Schneier, B., and Kohno, T. Cryptography Engineering: Design Principles and Practical Applications. Wiley, 2010.
  • Vaudenay, S. A Classical Introduction to Cryptography. Springer, 2005.
  • Katz, J. and Lindell, Y. Introduction to Modern Cryptography. Chapman & Hall, 2014.
  • Paar, C. and Pelzl, J. Understanding Cryptography. Springer, 2010.
  • Goldreich, O. Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, 2001.
  • Goldreich, O. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, 2004.
  • Gollmann, D. Computer Security. Wiley, 2010.

Works cited in the theoretical lectures

  • Abdalla, M., Bellare, M., and Rogaway, P. The Oracle Diffie–Hellman Assumptions and an Analysis of DHIES. In D. Naccache, ed., Topics in Cryptology (Proceedings of CT-RSA). LNCS 2020, Springer, Berlin Heidelberg, 2001, pp. 143–158.
  • Bellare, M. Optimal Asymmetric Encryption Padding. In A. De Santis, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 950, Springer, Berlin Heidelberg, 1994, pp. 92–111.
  • Bellare, M., Canetti, R., and Krawczyk, H. Keying Hash Functions for Message Authentication. In N. Koblitz, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 1109, Springer, Berlin Heidelberg, 1996, pp. 1–15.
  • Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. On the Indifferentiability of the Sponge Construction. In N.P. Smart, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 4965, Springer, Berlin Heidelberg, 2008, pp. 181–197.
  • Biham, E. and Shamir, A. Differential Cryptanalysis of DES-like Cryptosystems. In A. Menezes and S.A. Vanstone, eds., Advances in Cryptology (Proc. of CRYPTO). LNCS 536, Springer, Berlin Heidelberg, 1990, pp. 2–21.
  • Bleichenbacher, D. Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1. In H. Krawczyk, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 1462, Springer, Berlin Heidelberg, 1998, pp. 1–12.
  • Blum, M. Coin Flipping by Telephone. In Proceedings of IEEE Spring COMPCOM. 1982, pp. 133–137.
  • Boneh, D. Tewnty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society (AMS), 46, 2 (1999), 203–213.
  • Burrows, M., Abadi, M., and Needham, R. A Logic of Authentication. ACM Transactions on Computer Systems, 8, 1 (1990), 18–36.
  • Coppersmith, D. The Data Encryption Standard (DES) and Its Strength Against Attacks. IBM Journal of Research and Development, 38, 3 (1994), 243–250.
  • Daemen, J. and Rijmen, V. The Rijndael Block Cipher. 1999. AES Proposal to NIST.
  • Damgård, I.B. A Design Principle for Hash Functions. In G. Brassard, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 435, Springer, Berlin Heidelberg, 1989, pp. 416–427.
  • Davida, G. Chosen Signature Cryptanalysis of the RSA (MIT) Public Key Cryptosystem. University of Wisconsin, Department of EECS, Milwaukee, 1982.
  • Diffie, W. and Hellman, M.E. New Directions in Cryptography. IEEE Transactions on Information Theory, 22, 11 (1976), 644–654.
  • Dolev, D. and Yao, A.C. On the Security of Public Key Protocols. IEEE Transactions on Information Theory, 29, 2 (1983), 198–208.
  • ElGamal, T. A Public Key Cryptosystem and Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory, 31, 4 (1985), 469–472.
  • Feistel, H., Notz, W., and Smith, J. Some Cryptographic Techniques for Machine-to-machine Data Communications. Proceedings of the IEEE, 63, 11 (1975), 1545–1554.
  • Gilbert, E.N., MacWilliams, F.J., and Sloane, N.J.A. Codes Which Detect Deception. Bell System Technical Journal, 53, 3 (1974), 405–424.
  • Goldreich, O., Micali, S., and Widgerson, A. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM (JACM), 38, 1 (1991), 691–729.
  • Herley, C. and van Oorschot, P.C. SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. In IEEE Symposium on Security and Privacy. 2017, pp. 99–120.
  • Kerckhoffs, A. La cryptographie militaire. Journal des sciences militaires, IX, (1883), 5–38, 161–191.
  • Luby, M. and Rackoff, C. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, 17, 2 (1988), 373–386.
  • Manger, J. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. In J. Kilian, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 2139, Springer, Berlin Heidelberg, 2001, pp. 230–238.
  • Merkle, R.C. Secure Communications Over Insecure Channels. Communications of the ACM, 21, 4 (1978), 294–299.
  • Rivest, R.L., Shamir, A., and Adleman, L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21, 2 (1978), 120–126.
  • Shamir, A. How to Share a Secret. Communications of the ACM, 22, 11 (1979), 612–613.
  • Shannon, C.E. A Mathematical Theory of Communications. Bell System Technical Journal, 27, (1948), 379–423, 623–656.
  • Shannon, C.E. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28, (1949), 656–715.
  • Wegman, M.N. and Carter, J.L. New Hash Functions and Their Use in Authentication and Set Equality. Journal of Computer and System Sciences, 22, 3 (1981), 265–279.
  • Yao, A.C. Theory and Application of Trapdoor Functions. In Proceedings of the IEEE Symposium on Foundations of Computer Science. 1982, pp. 80–91.

Additional reading for the proseminar

  • Diffie, W. and Hellman, M.E. Exhaustive Crytanalysis of the NBS Data Encryption Standard. IEEE Computer, 10, 6 (1977), 74–84.
  • Dobbertin, H. Cryptanalysis of MD4. Journal of Cryptology, 11, 4 (1998), 253–271.
  • Douceur, J.R. The Sybil Attack. In P. Druschel, F. Kaashoek and A. Rowstron, eds., Peer-to-peer Systems. LNCS 2429, Springer, Berlin Heidelberg, 2002, pp. 251–260.
  • Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. AES Implementation on a Grain of Sand. IEE Proceedings on Information Security, 152, 1 (2005), 13–20.
  • Hansen, M., Köhntopp, K., and Pfitzmann, A. The Open Source Approach – Opportunities and Limitations with Respect to Security and Privacy. Computers & Security, 21, 5 (2002), 461–471.
  • Massey, J.L. Guessing and Entropy. In Proceedings of the IEEE International Symposium on Information Theory. 1994, pp. 204.
  • Oechslin, P. Making a Faster Cryptanalytic Time-Memory Trade-Off. In D. Boneh, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 2729, Springer, Berlin Heidelberg, 2003, pp. 617–630.
  • Preneel, B. and van Oorschot, P.C. MDx-MAC and Building Fast MACs from Hash Functions. In D. Coppersmith, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 963, Springer, Berlin Heidelberg, 1995, pp. 1–14.
  • Rabin, M. Probabilistic Algorithm for Testing Primality. Journal of Number Theory, 12, 1 (1980), 128–138.
  • Schneier, B. Attack Trees. Dr Dobb’s Journal, 24, 12 (1999).
  • Siegenthaler, T. Decrypting a Class of Stream Ciphers Using Ciphertext Only. IEEE Transactions on Computers, 34, 1 (1985), 81–85.
  • Stein, A. and Teske, E. Optimized Baby Step-Giant Step Methods. Journal of the Ramanujan Mathematical Society, 20, 1 (2005), 1–32.
  • Witten, B., Landwehr, C., and Caloyannides, M. Does Open Source Improve System Security? IEEE Software, 18, 5 (2001), 57–61.

Works cited in the practical lectures

  • von Ahn, L., Blum, M., Hopper, N.J., and Langford, J. CAPTCHA: Using Hard AI Problems for Security. In E. Biham, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 2656, Springer, Berlin Heidelberg, 2003, pp. 294–311.
  • Anderson, R. ‘Trusted Computing’ Frequently Asked Questions. 2003. rja14/tcpa-faq.html.
  • Chaum, D. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM, 28, 10 (1985), 1030–1044.
  • Cohen, F. Computer Viruses, Theory and Experiments. In Proceedings of the 7th National Computer Security Conference. National Bureau of Standards, Gaitherburg, MD, 1984, pp. 240–263.
  • Dwork, C. and Naor, M. Pricing via Processing or Combatting Junk Mail. In E.F. Brickell, ed., Advances in Cryptology (Proc. of CRYPTO). LNCS 740, Springer, Berlin Heidelberg, 1992, pp. 139–147.
  • Kocher, P., Jaffe, J., Jun, B., and Rohatgi, P. Introduction to Differential Power Analysis. Journal of Cryptography Engineering, 1, 1 (2011), 5–27.
  • Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T., and Jalote, A. Detection and Prevention of Stack Buffer Flow Attacks. Communications of the ACM, 48, 11 (2005), 51–56.
  • Landwehr, C. Formal Models for Computer Security. ACM Computing Surveys, 13, 3 (1981), 247–278.
  • Manadhata, P.K. and Wing, J.M. An Attack Surface Metric. IEEE Transactions on Software Engineering, 37, 3 (2011), 371–386.
  • Maxion, R. and Reeder, R. Improving User-Interface Dependability through Mitigation of Human Error. International Journal of Human-Computer Studies, 63, 1–2 (2005), 25–50.
  • Pfitzmann, A., Pfitzmann, B., Schunter, M., and Waidner, M. Trusting Mobile User Devices and Security Modules. IEEE Computer, 30, 2 (February 1997), 61–68.
  • Sailer, R., Federrath, H., and Pfitzmann, A. Security Functions in Telecommunications – Placement & Achievable Security. In G. Müller and K. Rannenberg, eds., Multilateral Security in Communications. Addison-Wesley, 1999, pp. 323–348.
  • Saltzer, J.H. and Schroeder, M.D. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63, 9 (1975), 1278–1305.
  • Shacham, H. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). ACM, New York, 2007, pp. 552–561.
  • Wheatley, S., Maillart, T., and Sornette, D. The Extreme Risk of Personal Data Breaches and the Erosion of Privacy. European Physical Journal B, 89, 7 (2016), 1–12.
  • Yilek, S., Rescorla, E., Shacham, H., Enright, B., and Savage, S. When Private Keys are Public: Results From the 2008 Debian OpenSSL Vulnerability. In A. Feldmann and L. Mathy, eds., Proc. of ACM Internet Measurement Conference. ACM Press, 2009, pp. 15–27.

Basic texts on techniques mentioned in the practical lectures

  • Bellovin, S.M. and Cheswick, W.R. Network Firewalls. IEEE Communications Magazine, 32, 9 (1994), 50–57.
  • Denning, D. An Intrusion-detection Model. IEEE Transactions on Software Engineering, 13, 2 (1987), 222–232.
  • Neumann, B.C. and Ts’o, T. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, 32, 9 (1994), 33–38.

Works cited on adversarial machine learning

  • Goodfellow, I., Shlens, J., and Szegedy, C. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR). 2015.
  • Papernot, N., McDaniel, P., Sinha, A., and Wellman, M.P. SoK: Security and Privacy in Machine Learning. In IEEE European Symposium on Security and Privacy (EuroS&P). 2018, pp. 399–414.
  • Szegedy, C., Zaremba, W., Sutskever, I., et al. Intriguing Properties of Neural Networks. In International Conference on Learning Representations (ICLR). 2014.

Works cited on distributed ledger protocols

  • Böhme, R., Christin, N., Edelman, B., and Moore, T. Bitcoin: Economics, Technology, and Governance. Journal of Economic Perspectives, 29, 2 (2015), 213–238. [Publisher]
  • Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J., and Felten, E. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. In IEEE Symposium on Security and Privacy. San Jose, CA, USA, 2015, pp. 104–121.
  • Eyal, I. and Sirer, E.G. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. In N. Christin and R. Safavi-Naini, eds., Financial Cryptography and Data Security. LNCS 8437, Springer, Berlin Heidelberg, 2014, pp. 436–454.
  • Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. Mimeo.
  • Tschorsch, F. and Scheuermann, B. Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies. IEEE Communications Surveys and Tutorials, 18, 3 (2016), 2084–2123.
  • Zohar, A. Bitcoin: Under the Hood. Communications of the ACM, 58, 9 (2015), 104–113.

Works cited in the strategy and privacy lectures

  • Anderson, R. Why Cryptosystems Fail. Communications of the ACM, 37, 11 (1994), 32–40.
  • Clauß, S. and Köhntopp, M. Identity Management and Its Support of Multilateral Security. Computer Networks, 37, (2001), 205–219.
  • Díaz, C., Seys, S., Claessens, J., and Preneel, B. Towards Measuring Anonymity. In P. Syverson and R. Dingledine, eds., Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer, Berlin Heidelberg, 2003.
  • Englehardt, S., Han, J., and Narayanan, A. I Never Signed Up for This! Privacy Implications of Email Tracking. Proceedings on Privacy Enhancing Technologies, 4, 1 (2018), 109–126.
  • Hirshleifer, J. Privacy: Its Origin, Function, and Future. The Journal of Legal Studies, 9, 4 (1980), 649–664.
  • Narayanan, A. and Shmatikov, V. Robust De-anonymization of Large Sparse Datasets. In IEEE Symposium on Security and Privacy. Oakland, CA, 2008.
  • Pfitzmann, A. and Köhntopp, M. Anonymity, Unobservability, and Pseudinymity – A Proposal for Terminology. In H. Federrath, ed., Proceedings of Anonymity 2000. LNCS 2009, Springer, Berlin Heidelberg, 2001, pp. 1–9.
  • Rochet, J.-C. and Tirole, J. Platform Competition in Two-sided Markets. Journal of the European Economic Association, 1, 4 (2003), 990–1029.
  • Serjantov, A. and Danezis, G. Towards an Information Theoretic Metric for Anonymity. In P. Syverson and R. Dingledine, eds., Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer, Berlin Heidelberg, 2003.
  • Shapiro, C. and Varian, H.R. Information Rules. A Strategic Guide to the Network Economy. Harvard Business School Press, 1998.
  • Smith, H.J., Milberg, S.J., and Burke, S.J. Information Privacy: Measuring Individuals’ Concerns About Organizational Practices. MIS Quarterly, 20, 2 (1996), 167–196.
  • Solove, D.J. ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, 44, (2007), 745–772.
  • Warren, S. and Brandeis, L. The Right to Privacy. Harvard Law Review, 4, (1890), 193–220.
  • Wolf, G. and Pfitzmann, A. Properties of protection goals and their integration into a user interface. Computer Networks, 32, (2000), 685–699.
  • Wondracek, G., Holz, T., Kirda, E., and Kruegel, C. A Practical Attack to De-Anonymize Social Network Users. In IEEE Symposium on Security and Privacy. Oakland, CA, 2010.
  • Zuboff, S. Big Other: Surveillance Capitalism and the Prospects of an Information Civilization. Journal of Information Technology, 30, 1 (2015), 75–89.

Supporting Material

Links to video units on security investment and management (originally developed for the edX Professional Education MOOC on the Economics of Cybersecurity)

The whole set of videos from the 2015 edition is here.

The 2016 edition of the course is free for participants unless you want to get a certificate.