This course deals with advanced protection techniques for modern networked computer systems. The course aims to teach the skills needed to perform both a detailed technical analysis of the security features of IT components and systems and to design solutions to protect them.

At the end of the course, the students: - will have knowledge about and be able to perform critical evaluation of public key infrastructures and digital signature techniques. - will have knowledge about and be able to perform a critical evaluation of advanced solutions for data and communication protection. - will have knowledge about and be able to perform a critical evaluation of advanced aspects of authentication. - will be able to analyse the risks of a network application and design a solution for its protection. - will have knowledge of the general concepts and theories from the sociological heritage applied to IT systems security.

Foundations of telecommunication systems. Local and wide area networks, wired and wireless (Ethernet, xDSL, Wifi, GSM, IP, routing, ...). TCP/IP networks and applications. High-level programming (C, C++, or Java) and web programming (HTML, JS, PHP, ...). Operating systems and database. Cryptography, data protection techniques, and security architectures (as provided by the courses "Information System Security" and "Cryptography" that are a prerequisite).

(1.5 CFU) Public-key certificates and PKI: features, benefits, and threats, secure electronic documents; (1 CFU) Secure network channels (TLS, SSH): features, risks, and their management. (1 CFU) Advanced authentication: passkeys and federated authentication architectures (SAML and OIDC for distributed authentication and authorisation) (1.5 CFU) Software security: pitfalls and design principles; trusted computing (TC), Trusted Execution Environment (TEE), and Confidential Computing. (0.5 CFU) Cybersecurity obligations: privacy (GDPR) and infrastructure protection (NIS2). (0.5 CFU) Quantum computing threats and post-quantum security. (2 CFU) The Self-Sovereign Identity (SSI) model and its components: Decentralized IDentitifier (DID), Verifiable Credential (VC), and the Verifiable Presentation (VP). The underlying Triangle of Trust: Issuer vs Holder vs Verifier of the credential. The presentation of the credential and its validation and verification for authentication and authorization purposes in different target systems.

The course consists of lectures (56 hours), classroom exercises (9 hours), and laboratories (15 hours). The laboratory includes the development and analysis of several security solutions. There will be five laboratory subjects. The classroom exercises will analyse security solutions, including those tested in the laboratory.

Handouts of the instructor's foils and manuals for laboratory coursework. The teachers will also provide and link additional material (parts from textbooks and links to online resources) on the course website. All learning stuff is available at the teaching portal. An auxiliary textbook, covering many but not all the topics, is: - W. Stallings, 'Cryptography and Network Security - principles and practice', Prentice-Hall

Slides; Esercitazioni di laboratorio; Video lezioni dell’anno corrente;

Modalità di esame: Prova scritta (in aula);

Exam: Written test;

... Written test (90 minutes) with up to 10 open- or closed-answer questions about the analysis and design of security solutions, including the knowledge acquired in the laboratory exercises. For closed questions, there is no penalty for a missing answer, while there is a penalty for a wrong answer. The written test is a "closed book" one.

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.