FUNDAMENTALS OF DATA SECURITY
- Overview
- Assessment methods
- Learning objectives
- Contents
- Full programme
- Teaching methods
- Contacts/Info
no prerequisites
The exam consists of a written test lasting 2 hours in which the student is required to answer open questions, aimed at ascertaining the acquisition and correct understanding of the topics covered in the course. The final grade, expressed out of thirty, will take into account the accuracy and quality of the answers (70%), the ability to show (10%) and the ability to adequately justify statements, analyzes and judgments (20%).
The course aims to provide the minimum knowledge and skills necessary for the design and verification of data protection mechanisms in information systems and networks. The goal is achieved by initially discussing the main notions of cryptography. This involves the analysis of the basic transformations of symmetric cryptography and the study of the main symmetric cryptography algorithms (i.e., DES, AES). In this part, the principles of asymmetric cryptography are also analyzed, then presenting the most used asymmetric algorithm, i.e., RSA. Data protection during transmission is presented by analyzing the protocols in the different network layers: IPSec for data protection at the network level, SSL for data protection at the transport level, and Kerberos as an example of an application layer protocol. The proposed organization provides the ability to identify the criticalities of individual protocols, an understanding necessary for the design of a data protection system.
At the end of the course, the student will be able to: 1. Know the principles of cryptography, the fundamental security protocols in installments and access control mechanisms. These will give the student a solid foundation that will allow him to independently learn new tools and applications for the protection of data not seen in the course. 2. Express a judgment on the degree of data protection offered by an information system, allowing it to propose solutions, where necessary, in line with current security standards. 3. Know the main bodies and institutes that issue standards relating to data protection in information systems and networks. Furthermore, thanks to the insights and references to existing standards, the student is expected to acquire the terminology of the field of data protection.
Knowledge of the principles of cryptography, fundamental network security protocols, and access control mechanisms gives the student a solid foundation that will allow them to independently learn new tools and applications for the protection of data not seen in the course. Furthermore, the references to the standards provided in the course will help the student to independently retrieve in-depth material concerning the problems analyzed in the course and not. This ability is very relevant because it will allow him to always be updated in a field, such as that of data protection, where new standards and criticisms are frequently proposed.
The lessons will address the following topics: Introduction to IT security. Lessons 2 hours, objectives 2,3; Classic encryption security analysis: replacements and transpositions. Lessons 4 hours, objectives 1,2;
Symmetric encryption: DES. Lessons 4 hours, objectives 1,2,3; Symmetric encryption: AES. 3 hours lessons, objectives 1,2,3; Asymmetric encryption: RSA. Lessons 3 hours, objectives 1,2,3; Application of asymmetric encryption: digital signature, digital envelope. Lessons 5 hours; Digital certificates (X.509, web of trust). Lessons 3 hours, objectives 2,3; Network level data protection: IPSEC. Lessons 6 hours, objectives 2,3; Transport level data protection: SSL. Lessons 6 hours, objectives 2,3; Kerberos. Lessons 6 hours, objectives 2,3; Access control systems in DBMS in standard SQL. Lessons 6 hours, objectives 1, 2, 3;
The lessons will address the following topics: Introduction to IT security. Lessons 2 hours, objectives 2,3; Classic encryption security analysis: replacements and transpositions. Lessons 4 hours, objectives 1,2;
Symmetric encryption: DES. Lessons 4 hours, objectives 1,2,3; Symmetric encryption: AES. 3 hours lessons, objectives 1,2,3; Asymmetric encryption: RSA. Lessons 3 hours, objectives 1,2,3; Application of asymmetric encryption: digital signature, digital envelope. Lessons 5 hours; Digital certificates (X.509, web of trust). Lessons 3 hours, objectives 2,3; Network level data protection: IPSEC. Lessons 6 hours, objectives 2,3; Transport level data protection: SSL. Lessons 6 hours, objectives 2,3; Kerberos. Lessons 6 hours, objectives 2,3; Access control systems in DBMS in standard SQL. Lessons 6 hours, objectives 1, 2, 3;
The course is divided into 48 hours of lectures. The lessons are dedicated to the explanation of the conceptual and application aspects relating to the mechanisms for data protection as per the program. During the course, the student will be directed to the current NIST reference standards (e.g., AES, DES, RBAC), IEFT (e.g., IPsec, SSL / TLS), W3C (e.g., XML signature), ISO / EIC (e.g., SQL standard) in order to improve the autonomy of judgment and critical evaluation.
William Stallings. Crittografia, Pearson, 2022
Slides and other material offered by the instructor during classes