Due to the Covidrelated restrictions, we are experimenting with different online teaching formats.
My lectures on Information Security I are on a public Twitch channel, which also hosts recent recordings.
Please register to the platform in order to participate in chat, which will be the primary feedback channel.
Feel free to use a pseudonym that does not reveal your true identity.
Schedule and Access
The lecture is streamed on Thursdays between 14:15 and 15:45, with an occasional second part from 16:00 to 17:30. The stream usually starts shortly after 14:00.
Link to the steam: https://www.twitch.tv/uibkseclab
The stream is recorded and will be available on the platform for about 10 days.
We use ARSnova to handle questions to the audience.
The proseminar takes place on Tuesdays between 13:15 and 14:45. We use the university’s BigBlueButton instance, which allows direct interactions between students. This class is not public and restricted to students enrolled at the University of Innsbruck.
Access to the virtual classroom: via the OLAT system
Syllabus
Here is the provisional lecture plan. Topics in italics are primers intended to refresh essential theoretical foundations.


14:15–15:45 
16:00–17:30 
08.10.20 
01 
General introduction 

15.10.20 
02 
Security principles 

22.10.20 

Probability theory 
(cont’d) 
29.10.20 

(reserved) 

05.11.20 

Information theory 
Coding theory 
12.11.20 
03 
Introduction to cryptography 
Number theory 
19.11.20 
04 
Block ciphers 
(cont’d) 
26.11.20 
05 
Complexity theory 
Asymmetric encryption 
03.12.20 

(reserved) 

10.12.20 
06 
Authentication 

17.12.20 
07 
Block cipher operation modes 



(winter break) 

07.01.21 
08 
Cryptographic protocols 

14.01.21 
09 
Elliptic curve cryptography 

21.01.21 
10 
Q & A 

28.01.21 

Exams 
(cont’d) 
Bibliography
Recommended textbooks
 Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2008.
 Ferguson, N., Schneier, B., and Kohno, T. Cryptography Engineering: Design Principles and Practical Applications. Wiley, 2010.
 Vaudenay, S. A Classical Introduction to Cryptography. Springer, 2005.
 Katz, J. and Lindell, Y. Introduction to Modern Cryptography. Chapman & Hall, 2014.
 Paar, C. and Pelzl, J. Understanding Cryptography. Springer, 2010.
 Goldreich, O. Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, 2001.
 Goldreich, O. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, 2004.
 Gollmann, D. Computer Security. Wiley, 2010.
Works cited in the theoretical lectures
 Abdalla, M., Bellare, M., and Rogaway, P. The Oracle Diffie–Hellman Assumptions and an Analysis of DHIES. In D. Naccache, ed., Topics in Cryptology (Proceedings of CTRSA). LNCS 2020, Springer, Berlin Heidelberg, 2001, pp. 143–158.
 Bellare, M. Optimal Asymmetric Encryption Padding. In A. De Santis, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 950, Springer, Berlin Heidelberg, 1994, pp. 92–111.
 Bellare, M., Canetti, R., and Krawczyk, H. Keying Hash Functions for Message Authentication. In N. Koblitz, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 1109, Springer, Berlin Heidelberg, 1996, pp. 1–15.
 Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. On the Indifferentiability of the Sponge Construction. In N.P. Smart, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 4965, Springer, Berlin Heidelberg, 2008, pp. 181–197.
 Biham, E. and Shamir, A. Differential Cryptanalysis of DESlike Cryptosystems. In A. Menezes and S.A. Vanstone, eds., Advances in Cryptology (Proc. of CRYPTO). LNCS 536, Springer, Berlin Heidelberg, 1990, pp. 2–21.
 Bleichenbacher, D. Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1. In H. Krawczyk, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 1462, Springer, Berlin Heidelberg, 1998, pp. 1–12.
 Blum, M. Coin Flipping by Telephone. In Proceedings of IEEE Spring COMPCOM. 1982, pp. 133–137.
 Boneh, D. Tewnty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society (AMS), 46, 2 (1999), 203–213.
 Burrows, M., Abadi, M., and Needham, R. A Logic of Authentication. ACM Transactions on Computer Systems, 8, 1 (1990), 18–36.
 Coppersmith, D. The Data Encryption Standard (DES) and Its Strength Against Attacks. IBM Journal of Research and Development, 38, 3 (1994), 243–250.
 Daemen, J. and Rijmen, V. The Rijndael Block Cipher. 1999. AES Proposal to NIST.
 Damgård, I.B. A Design Principle for Hash Functions. In G. Brassard, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 435, Springer, Berlin Heidelberg, 1989, pp. 416–427.
 Davida, G. Chosen Signature Cryptanalysis of the RSA (MIT) Public Key Cryptosystem. University of Wisconsin, Department of EECS, Milwaukee, 1982.
 Diffie, W. and Hellman, M.E. New Directions in Cryptography. IEEE Transactions on Information Theory, 22, 11 (1976), 644–654.
 Dolev, D. and Yao, A.C. On the Security of Public Key Protocols. IEEE Transactions on Information Theory, 29, 2 (1983), 198–208.
 ElGamal, T. A Public Key Cryptosystem and Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory, 31, 4 (1985), 469–472.
 Feistel, H., Notz, W., and Smith, J. Some Cryptographic Techniques for Machinetomachine Data Communications. Proceedings of the IEEE, 63, 11 (1975), 1545–1554.
 Gilbert, E.N., MacWilliams, F.J., and Sloane, N.J.A. Codes Which Detect Deception. Bell System Technical Journal, 53, 3 (1974), 405–424.
 Goldreich, O., Micali, S., and Widgerson, A. Proofs that yield nothing but their validity or all languages in NP have zeroknowledge proof systems. Journal of the ACM (JACM), 38, 1 (1991), 691–729.
 Herley, C. and van Oorschot, P.C. SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. In IEEE Symposium on Security and Privacy. 2017, pp. 99–120.
 Kerckhoffs, A. La cryptographie militaire. Journal des sciences militaires, IX, (1883), 5–38, 161–191.
 Luby, M. and Rackoff, C. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, 17, 2 (1988), 373–386.
 Manger, J. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. In J. Kilian, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 2139, Springer, Berlin Heidelberg, 2001, pp. 230–238.
 Merkle, R.C. Secure Communications Over Insecure Channels. Communications of the ACM, 21, 4 (1978), 294–299.
 Rivest, R.L., Shamir, A., and Adleman, L. A Method for Obtaining Digital Signatures and PublicKey Cryptosystems. Communications of the ACM, 21, 2 (1978), 120–126.
 Shamir, A. How to Share a Secret. Communications of the ACM, 22, 11 (1979), 612–613.
 Shannon, C.E. A Mathematical Theory of Communications. Bell System Technical Journal, 27, (1948), 379–423, 623–656.
 Shannon, C.E. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28, (1949), 656–715.
 Wegman, M.N. and Carter, J.L. New Hash Functions and Their Use in Authentication and Set Equality. Journal of Computer and System Sciences, 22, 3 (1981), 265–279.
 Yao, A.C. Theory and Application of Trapdoor Functions. In Proceedings of the IEEE Symposium on Foundations of Computer Science. 1982, pp. 80–91.
Additional reading for the proseminar
 Diffie, W. and Hellman, M.E. Exhaustive Crytanalysis of the NBS Data Encryption Standard. IEEE Computer, 10, 6 (1977), 74–84.
 Dobbertin, H. Cryptanalysis of MD4. Journal of Cryptology, 11, 4 (1998), 253–271.
 Douceur, J.R. The Sybil Attack. In P. Druschel, F. Kaashoek and A. Rowstron, eds., Peertopeer Systems. LNCS 2429, Springer, Berlin Heidelberg, 2002, pp. 251–260.
 Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. AES Implementation on a Grain of Sand. IEE Proceedings on Information Security, 152, 1 (2005), 13–20.
 Hansen, M., Köhntopp, K., and Pfitzmann, A. The Open Source Approach – Opportunities and Limitations with Respect to Security and Privacy. Computers & Security, 21, 5 (2002), 461–471.
 Massey, J.L. Guessing and Entropy. In Proceedings of the IEEE International Symposium on Information Theory. 1994, pp. 204.
 Oechslin, P. Making a Faster Cryptanalytic TimeMemory TradeOff. In D. Boneh, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 2729, Springer, Berlin Heidelberg, 2003, pp. 617–630.
 Preneel, B. and van Oorschot, P.C. MDxMAC and Building Fast MACs from Hash Functions. In D. Coppersmith, ed., Advances in Cryptology (Proceedings of CRYPTO). LNCS 963, Springer, Berlin Heidelberg, 1995, pp. 1–14.
 Rabin, M. Probabilistic Algorithm for Testing Primality. Journal of Number Theory, 12, 1 (1980), 128–138.
 Schneier, B. Attack Trees. Dr Dobb’s Journal, 24, 12 (1999).
 Siegenthaler, T. Decrypting a Class of Stream Ciphers Using Ciphertext Only. IEEE Transactions on Computers, 34, 1 (1985), 81–85.
 Stein, A. and Teske, E. Optimized Baby StepGiant Step Methods. Journal of the Ramanujan Mathematical Society, 20, 1 (2005), 1–32.
 Witten, B., Landwehr, C., and Caloyannides, M. Does Open Source Improve System Security? IEEE Software, 18, 5 (2001), 57–61.
Works cited in the practical lectures
 von Ahn, L., Blum, M., Hopper, N.J., and Langford, J. CAPTCHA: Using Hard AI Problems for Security. In E. Biham, ed., Advances in Cryptology (Proceedings of EUROCRYPT). LNCS 2656, Springer, Berlin Heidelberg, 2003, pp. 294–311.
 Anderson, R. ‘Trusted Computing’ Frequently Asked Questions. 2003. http://www.cl.cam.ac.uk/ rja14/tcpafaq.html.
 Chaum, D. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM, 28, 10 (1985), 1030–1044.
 Cohen, F. Computer Viruses, Theory and Experiments. In Proceedings of the 7th National Computer Security Conference. National Bureau of Standards, Gaitherburg, MD, 1984, pp. 240–263.
 Dwork, C. and Naor, M. Pricing via Processing or Combatting Junk Mail. In E.F. Brickell, ed., Advances in Cryptology (Proc. of CRYPTO). LNCS 740, Springer, Berlin Heidelberg, 1992, pp. 139–147.
 Kocher, P., Jaffe, J., Jun, B., and Rohatgi, P. Introduction to Differential Power Analysis. Journal of Cryptography Engineering, 1, 1 (2011), 5–27.
 Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T., and Jalote, A. Detection and Prevention of Stack Buffer Flow Attacks. Communications of the ACM, 48, 11 (2005), 51–56.
 Landwehr, C. Formal Models for Computer Security. ACM Computing Surveys, 13, 3 (1981), 247–278.
 Manadhata, P.K. and Wing, J.M. An Attack Surface Metric. IEEE Transactions on Software Engineering, 37, 3 (2011), 371–386.
 Maxion, R. and Reeder, R. Improving UserInterface Dependability through Mitigation of Human Error. International Journal of HumanComputer Studies, 63, 1–2 (2005), 25–50.
 Pfitzmann, A., Pfitzmann, B., Schunter, M., and Waidner, M. Trusting Mobile User Devices and Security Modules. IEEE Computer, 30, 2 (February 1997), 61–68.
 Sailer, R., Federrath, H., and Pfitzmann, A. Security Functions in Telecommunications – Placement & Achievable Security. In G. Müller and K. Rannenberg, eds., Multilateral Security in Communications. AddisonWesley, 1999, pp. 323–348.
 Saltzer, J.H. and Schroeder, M.D. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63, 9 (1975), 1278–1305.
 Shacham, H. The Geometry of Innocent Flesh on the Bone: Returnintolibc without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). ACM, New York, 2007, pp. 552–561.
 Wheatley, S., Maillart, T., and Sornette, D. The Extreme Risk of Personal Data Breaches and the Erosion of Privacy. European Physical Journal B, 89, 7 (2016), 1–12.
 Yilek, S., Rescorla, E., Shacham, H., Enright, B., and Savage, S. When Private Keys are Public: Results From the 2008 Debian OpenSSL Vulnerability. In A. Feldmann and L. Mathy, eds., Proc. of ACM Internet Measurement Conference. ACM Press, 2009, pp. 15–27.
Basic texts on techniques mentioned in the practical lectures
 Bellovin, S.M. and Cheswick, W.R. Network Firewalls. IEEE Communications Magazine, 32, 9 (1994), 50–57.
 Denning, D. An Intrusiondetection Model. IEEE Transactions on Software Engineering, 13, 2 (1987), 222–232.
 Neumann, B.C. and Ts’o, T. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, 32, 9 (1994), 33–38.
Works cited on adversarial machine learning
 Goodfellow, I., Shlens, J., and Szegedy, C. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR). 2015.
 Papernot, N., McDaniel, P., Sinha, A., and Wellman, M.P. SoK: Security and Privacy in Machine Learning. In IEEE European Symposium on Security and Privacy (EuroS&P). 2018, pp. 399–414.
 Szegedy, C., Zaremba, W., Sutskever, I., et al. Intriguing Properties of Neural Networks. In International Conference on Learning Representations (ICLR). 2014.
Works cited on distributed ledger protocols
 Böhme, R., Christin, N., Edelman, B., and Moore, T. Bitcoin: Economics, Technology, and Governance. Journal of Economic Perspectives, 29, 2 (2015), 213–238. [Publisher]
 Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J., and Felten, E. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. In IEEE Symposium on Security and Privacy. San Jose, CA, USA, 2015, pp. 104–121.
 Eyal, I. and Sirer, E.G. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. In N. Christin and R. SafaviNaini, eds., Financial Cryptography and Data Security. LNCS 8437, Springer, Berlin Heidelberg, 2014, pp. 436–454.
 Nakamoto, S. Bitcoin: A PeertoPeer Electronic Cash System. 2008. Mimeo.
 Tschorsch, F. and Scheuermann, B. Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies. IEEE Communications Surveys and Tutorials, 18, 3 (2016), 2084–2123.
 Zohar, A. Bitcoin: Under the Hood. Communications of the ACM, 58, 9 (2015), 104–113.
Works cited in the strategy and privacy lectures
 Anderson, R. Why Cryptosystems Fail. Communications of the ACM, 37, 11 (1994), 32–40.
 Clauß, S. and Köhntopp, M. Identity Management and Its Support of Multilateral Security. Computer Networks, 37, (2001), 205–219.
 Díaz, C., Seys, S., Claessens, J., and Preneel, B. Towards Measuring Anonymity. In P. Syverson and R. Dingledine, eds., Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer, Berlin Heidelberg, 2003.
 Englehardt, S., Han, J., and Narayanan, A. I Never Signed Up for This! Privacy Implications of Email Tracking. Proceedings on Privacy Enhancing Technologies, 4, 1 (2018), 109–126.
 Hirshleifer, J. Privacy: Its Origin, Function, and Future. The Journal of Legal Studies, 9, 4 (1980), 649–664.
 Narayanan, A. and Shmatikov, V. Robust Deanonymization of Large Sparse Datasets. In IEEE Symposium on Security and Privacy. Oakland, CA, 2008.
 Pfitzmann, A. and Köhntopp, M. Anonymity, Unobservability, and Pseudinymity – A Proposal for Terminology. In H. Federrath, ed., Proceedings of Anonymity 2000. LNCS 2009, Springer, Berlin Heidelberg, 2001, pp. 1–9.
 Rochet, J.C. and Tirole, J. Platform Competition in Twosided Markets. Journal of the European Economic Association, 1, 4 (2003), 990–1029.
 Serjantov, A. and Danezis, G. Towards an Information Theoretic Metric for Anonymity. In P. Syverson and R. Dingledine, eds., Workshop on Privacy Enhancing Technologies. LNCS 2482, Springer, Berlin Heidelberg, 2003.
 Shapiro, C. and Varian, H.R. Information Rules. A Strategic Guide to the Network Economy. Harvard Business School Press, 1998.
 Smith, H.J., Milberg, S.J., and Burke, S.J. Information Privacy: Measuring Individuals’ Concerns About Organizational Practices. MIS Quarterly, 20, 2 (1996), 167–196.
 Solove, D.J. ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, 44, (2007), 745–772.
 Warren, S. and Brandeis, L. The Right to Privacy. Harvard Law Review, 4, (1890), 193–220.
 Wolf, G. and Pfitzmann, A. Properties of protection goals and their integration into a user interface. Computer Networks, 32, (2000), 685–699.
 Wondracek, G., Holz, T., Kirda, E., and Kruegel, C. A Practical Attack to DeAnonymize Social Network Users. In IEEE Symposium on Security and Privacy. Oakland, CA, 2010.
 Zuboff, S. Big Other: Surveillance Capitalism and the Prospects of an Information Civilization. Journal of Information Technology, 30, 1 (2015), 75–89.
Supporting Material
Links to video units on security investment and management (originally developed for the edX Professional Education MOOC on the Economics of Cybersecurity)
The whole set of videos from the 2015 edition is here.
The 2016 edition of the course is free for participants unless you want to get a certificate.