Information must be protected for several reasons. Some information must be protected from eavesdroppers and some from unauthorized modification. Users must be authenticated and access to information must be controlled. At the same time, the number of Internet connected devices are increasing and so is the amount of information that we are able to access online.
This course will give an introduction to the problems we are facing when designing security for computers, mobile devices and web applications. It will also give an overview of the solutions to these problems.
The course focus will be on concepts and ideas, not on technical details. Still, the goal is to provide a good understanding of building blocks, attacks, and defenses.
It is suitable for anyone that wants to have an increased general understanding of information security and how it affects the systems and products that we interact with in everyday life. No technical or mathematical background in higher education is assumed. The knowledge gained from this course is useful not only in your everyday life when interacting with computers, products and applications, but also in virtually any profession due to the widespeard use of computers.
The course will consist of 10 lectures which gives an overview of important topics, and reading material which gives both broader and deeper understanding of the concepts. Below is a list of topics covered in the course. Even though these topics have several advanced aspects, the focus will be on concepts and ideas. The treatment of the topics is targeting a general public.
- Security terminology - This part will introduce terminology such as confidentiality, integrity and availability.
- Cryptography - This will give an overview of the tools that can be used in order to achieve e.g., confidentiality, integrity and authentication for individuals and messages.
- Digital certificates - This is probably the most important concept used in secure Internet communication. An overview of certificates, what problems they solve, and which problems they cannot solve will be given.
- Email security - How secure is it to send emails? Who can read your emails, and what security features have evolved over the years in order to make email more secure? This will be the focus of this topic.
- DNS architecture and security - What is the DNS system and why is it so important when we e.g., browse the web? How can we add security to the DNS system in order to lower the probability of attacks?
- Web session security - Always when you log in to a website, the web browser has to maintain a session with the other party, e.g., a web store, a web based email service or a social network application such as Facebook, Twitter or Instagram. How is this achieved and what can attackers do to steal your information?
- Web application security - The web application has much information to keep track of and process. This part will cover some common attacks based on problems in the web application.
- Remote and local authentication - Passwords is still the most common way for authenticating user, both on local computers and on Internet web sites. What is a secure password? How are passwords stolen? What can we do to protect ourselves, and what can the computing system do to help protect users against common attacks.
- Operating system security - Both computers, smart phones and tablets have an operating system that is responsible for security. How can we make sure that different applications are separated? How do we separate users in multiuser systems?
- Transport Layer Security (TLS) - The TLS protocol is by far the most widely used protocol for securing information on the Internet. This part will give an overview of how it works and how it both incorporates and protects several of the previous topics in the course.
- Internet anonymity - The importance and the impact of anonymity has increased the last few years. It can be used both for good and bad. This part will give a short overview of how it is possible to be anonymous on the Internet. It will also provide an overview of the limitations of anonymity.
Assessment is based on home exercises and written assigments. Grading is as follows:
- G (pass): Fulfilled and approved home exercises.
- VG (pass with distinction): Fulfilled and approved home exercises. Approved written assignment.