The course aims to explain the problems related to cybersecurity in a modern IT system, to introduce the main protection techniques and how use them for creating a security architecture. Based on this foundations, the course will then focus on the threats posed by the quantum computing paradigm as well as the opportunities offered to cybersecurity by this new technology.

At the end of the course, the students will: • be aware of the major cybersecurity problems in the current IT landscape; • be able the evaluate the security offered by various cryptographic techniques and their applications; • be able to design a security architecture for modern IT systems based on a mixtures of techniques and tools (e.g. encryption, digital signature, firewall, secure network channels); • have knowledge of the cybersecurity threats posed and opportunities offered by the quantum computing paradigm.

Computer architecture Computer programming in at least one high-level language (e.g. C, Java, Python) Internet applications.

Security issues in modern IT systems: vulnerabilities, attacks, and attackers. [1 CFU] Cybersecurity foundations: cryptography (encryption, digest, digital signature, and public-key certificates) and authentication (passwords, challenge-response, authenticators) [1 CFU] Network security and protection of the networked applications: firewall, intrusion detection, VPN, TLS, electronic identity [2 CFU] Quantum Computing: cybersecurity risks and opportunities (quantum cryptography, quantum key distribution, post-quantum cryptography) [2 CFU]

The course consists of lectures (30 hours), classroom exercises (15 hours), and laboratory experiments (15 hours). The lessons present the theoretical concepts and introduce the main solutions for the design, analysis, and validation of security solutions and their application to protocols, internetworked systems or various application contexts. Next the attacks, challenges, and opportunities offered by quantum computing are considered. The classroom exercises are held in an interactive manner with the audience, in order to test and further explain the concepts presented in the lectures. Some sessions are devoted to performing a risk analysis for a chosen system and designing appropriate protection for a specific use-case. The laboratory includes the analysis, configuration, and test of various attacks and security solutions presented in the lectures. There will be five different laboratory subjects: cybersecurity attacks, traditional cryptography, network protection, secure network channels, and quantum and post-quantum cryptography.

Handouts of the instructor’s slides, support material for classroom exercises, and manuals for laboratory coursework. All learning stuff is available at the teaching portal. An auxiliary textbook, covering many but not all the topics, is W. Stallings, “Cryptography and Network Security - principles and practice”, Prentice-Hall

Slides; Esercitazioni di laboratorio; Video lezioni dell’anno corrente;

Modalità di esame: Prova scritta (in aula);

Exam: Written test;

... The written test (up to 120 minutes) contains up to 10 open or closed questions about the analysis and design of cybersecurity solutions. The test is a “closed book” one. Note: in sessions with less than 10 students enrolled, the test may be replaced by oral questions (3 questions per candidate).

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.