Secure Application Design (SS 2022)
Building Secure Applications
Table of Content
The lecture will give a recap on the core properties of cryptographic primitives, which will themselves be regarded as a black box: e.g. an RSA-based signature algorithm or an ECC-based signature algorithm achieve the same results from an application’s point of view regardless of the huge differences in their mathematical or structural nature (hint: if you are interested in how ECC, RSA or the AES algorithm actually works, there are other lecture for that).
After having a clear view on the available building blocks and their protective functions the lecture will focus on the primary task on how to build secure functions and applications by considering all aspects: key delivery, key storage and usage, trust-models, or high-level crypto protocols. To do so the lecture will focus on real world examples, whose cryptographic functions will be built up from scratch dealing with all required aspects. The practical assignments will focus on the actual usage and deployment of cryptographic primitives and their associated keys.
For the second half of the semester, the lecture (VO) is in person in HS i11. Recordings will be made available. VO exams will be conducted in person near the end of the semester. The exercises (KU) are virtual.
For live updates and announcements, please join the IAIK Discord and enable the SEAD channels in
Also, please feel free to send more private questions via email to
email@example.com. Further, please use this email address to submit your team’s KU concept of Phase One, as described in the KU description below, and also to contact your mentor.
|16.03.2022||JH, KK||Intro – Welcome to SEAD||VO Intro, KU Intro|
|Introduction to the Building Block format|
|Building Block: Hash||Slides|
|Building Block: MAC||Slides|
|Building Block: Digital Signatures||Slides|
|Building Block: Symmetric Encryption||Slides|
|Building Block: Asymmetric Encryption||Slides|
|Building Block: Hybrid Encryption||Slides|
|06.04.2022||KT||Recap 1: Basic Building Blocks (Recording)||Slides|
|Building Block: Perfect Forward Secrecy||Slides|
|Building Block: Key Management||Slides|
|Building Block: Trust||Slides|
|Building Block: Data Formats||Slides|
|04.05.2022||KT||Recap 2: Higher-Level Building Blocks (Recording: Part 1, Part 2)||Slides|
|11.05.2022||JH||Case Study 1: Registrierkassensicherheitsverordnung (RKSV)||Slides, .py demo|
|18.05.2022||KT||Case Study 2: ID Austria||Slides|
|25.05.2022||KT||Case Study 3: Green Pass||Slides|
|01.06.2022||KK||Case Study 4: Building Block: Signal Protocol||Slides|
|15.06.2022||KK||On Threat Modeling||Slides_plain, Slides_video|
Previous Lecture Exams
|16.03.2022||KU Description v1.0|
|Link for Team Registration|
|24.03.2022||Update: KU Description v1.1|
|03.06.2022||Update: KU Description v2.0|
Previous KnowledgeKnowledge on how cryptography works (RSA, ECC, AES, hashes etc.)
Prerequisites CurriculumSee position in the curriculum
ObjectiveUnderstanding on how to arrange cryptographic primitives to higher level functions and how to deal with auxiliary functions (e.g. key-management, trust-relationships, secure key storage/usage) in applications.
Teaching MethodEmphasis on a strong interaction between the students and the teacher
How to get a grade