Course Material
There is no book that covers the topics in the course in a satisfying way. Thus, there is no course book. (If you know of a good book that is suitable, please notify me.) Instead, the lecture slides and lecture notes will serve as course material. The slides and notes will be made available here before each lecture.
As a complement, some web resources are also given below. Note that the material given below is not included in the course UNLESS it is also covered by the slides/notes OR it is explicitly stated.
Lecture 1
Lecture slides: 2 slides per page 4 slides per page
Additional resources
These are (at least) two books on cryptology, freely available online:
Menezes, van Oorschot and Vanstone - Handbook of Applied Cryptography
Smart - Cryptography, An Introduction
Statistics used on the lecture were taken from the IBM Security Report. The 2010 version used for the lectures requires (free) registration for download, but the 2008 version is freely available here:
IBM security report
Lecture 2
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
The complete HTTP/1.1 standard. Read only parts relevant for the course (those discussed on lecture).
RFC2616 - Hypertext Transfer Protocol -- HTTP/1.1
The UTF-8 encoding standard:
RFC3629 - UTF-8, a transformation format of ISO 10646
Basic and Digest Authentication in HTTP:
RFC2069 - An Extension to HTTP : Digest Access Authentication The old version
RFC2617 - HTTP Authentication: Basic and Digest Access Authentication
The Base64 encoding. Note that Base16 and Base32 are basically the same thing but with smaller alphabet:
RFC4648 - The Base16, Base32, and Base64 Data Encodings
The Apache documentation. Read only parts relevant for the course (those discussed on lecture).
Apache Documentation
Lecture 3
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
Documentation for PHP. Read only parts relevant for the course (those discussed on lecture):
www.php.net
A good introduction to regular expressions can be found here:
www.regular-expressions.info/
Lecture 4
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
Documentation for PHP. Read only parts relevant for the course (those discussed on lecture):
www.php.net
OWASP (Open Web Application Security Project) contains material related to this lecture (Session attacks, XSS, CSRF, SQL injections). Their search engine will also search on several related pages.
www.owasp.org
Lecture 5
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
DNS is described in 2 RFCs. The first is more relevant to the course than the second:
RFC1034 - Domain Names - Concepts and Facilities
RFC1035 - Domain Names - Implementation and Specification
The DNSSEC specification is divided into three RFCs:
RFC4033 - DNS Security Introduction and Requirements
RFC4034 - Resource Records for the DNS Security Extensions
RFC4035 - Protocol Modifications for the DNS Security Extensions
Lecture 6
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
The latest version of the SMTP standard:
RFC5321 - Simple Mail Transfer Protocol
The DKIM standard:
RFC4871 - DomainKeys Identified Mail (DKIM) Signatures
The SPF proposal:
RFC4408 - Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail
Lecture 7
Lecture slides: 2 slides per page 4 slides per page
Lecture notes: here
Additional resources
First paper by Chaum, describing Mixes: (Digital Pseudonyms are not included in course)
Chaum - Untraceable Electronic Mail...
Tor design paper:
Dingledine, Mathewson and Syverson - Tor: the second-generation onion router
Paper describing the disclosure attack:
Kedogan, Agrawal and Penz - Limits of Anonymity in Open Environments
News article describing Tor "problem":
Wired article