Security Group TU/e

Starting from 2021-2022 TU Eindhoven offers a fully local Information Security Technology master track where all lectures are offered on the TU/e campus. The IST track used to be part of the “TRU/e Master in Cyber Security” which was offered in collaboration with Radboud University (RU). The last intake of the TRU/e master was in 2020-2021. For more info, visit the website.

In this course, students train the skills required for doing independent research in security. The student has to be able to explore a new security topic on his/her own and present the results in oral and written form. The Seminar is a preparation for the master's thesis project. The students get a project assignment, consisting of a literature study and a practical assignment. They have to hand in a report and present their results orally to their fellow students. The reports are subjected to peer review.

The course covers a number of subjects where digital security is heavily influenced by interaction with the physical world: Fuzzy extractors, true random number generation, distance bounding, physical unclonable functions, quantum computers, quantum key exchange. The emphasis lies on the adaptation of algorithms and protocols to cope with and maximally exploit, the properties of the physical world.

The student will learn what are security protocols, which kind of flaws they can contain and how to detect and fix such flaws. The following topics are treated:

• The Spi-calculus modeling language
• Typing for Secrecy, Authenticity, Authentication
• The Proverif protocol verification tool
• Anonymity
• Information flow

Objectives

• Learn the principles of how IT systems can be exploited by cyberattackers.
• Learn how cyber attackers actually operate,
• Learn the principles of defense technologies and how they can be used,
• Learn the basics of cybercrime, and the organization of the criminal markets.

Content

We will start discussing the technical attack vectors (XSS, SQL Injections, XSRF, drive-by download) and how these vectors are embodied in complex attacks (malware, spyware, ransomware, botnets) Then, we will see how these attacks are used in the cybercrime economy (spam, phishing, infections and money laundering). We will discuss the principles of defense technology. We will touch on the economic aspects of cyber criminality, and on the markets of cybercrime as a service. Finally, we will discuss attacks sophistication, state-sponsored attacks, and the emergence of a grey market. We will make use of case studies (e.g., Hacking Team, Stuxnet, Flame, etc).

This course focuses on data protection technologies designed to prevent the dissemination of sensitive information of individuals. The course will provide a solid introduction to the most important access control models (e.g., DAC, MAC, RBAC) and their extensions for distributed systems (e.g., RT) and usage control (e.g., UCON). The course also covers industry standards in the area of access control and privacy (e.g., XACML and EPAL). See the course website for more information.

The course is divided in THREE (3) parts.

1. The first part is dedicated to the recall of basic notions, such as cryptography, hashing, and fundamental related security services, that will be the roots of the following part of the course.
2. The second part of the course is dedicated to the security of IoT networks. The course will mostly follow a bottom-up approach, following the ISO/OSI Stack. We will establish several comparisons between traditional security protocols and the way these protocols are integrated into constrained IoT networks.
3. The third part will focus on specific network security applications. It will cover network security and privacy aspects of several use-case protocols, such as avionics protocols, maritime scenarios, and GNSS architectures.

The goal of this course is to provide students with a platform to get in-depth, hands-on experience on the building blocks of cyber security monitoring: network-based, host- and log-based intrusion detection. To do so, the course is not focused on front classes but rather adopts a reverse classroom setup: the course will start by providing students with material covering practical and theoretical elements of security monitoring and additional material and pointers covering all three pillars, and their relationship. The students will then form groups and will be able to choose one of the building blocks to explore in depth by developing a fully-fledged laboratory activity for the other students of the course to attend. These laboratory activities will be run and coordinated, in class, by the very students developing them. The development and delivery of these lab sessions in class is also the final examination of the course for the group of students handling it. The outcome of this setup is that all students will have developed, by the end of the course, a profound understanding of a technology of their choice, and at the same time get hands-on experience on a multitude of aspects of intrusion detection, through the lab activities developed by the fellow students.