Secure Application Design (SS 2023)

Course Number 705056 | Sommersemester 2023

Building Secure Applications


This is the 2023 version of the course. To go to the 2024 version, click here.

In this lecture, we will translate the cryptographic groundwork of your Bachelor's studies into the real world. We will discuss how cryptographic keys are managed, how trust in them is established, and how protocols are built. Additionally, we will review various real-world applications, and investigate how they use cryptographic tools to address the challenges they set out to solve. The course is held on campus (HS i11); lecture recordings will be available after the fact via TUbe. At the end of the semester, a written exam will be offered on campus. After the main exam date, further exams will be oral, offered on demand. The initial KU presentation is on campus (HS i11). A recording will be available. All other KU tasks can be undertaken remotely. Discord is the primary means of communication. Private questions may be addressed via email.


NOTE: The contents of this course have significantly changed in SS2023. Any previous recordings you may find will likely not reflect the current state of the curriculum.
Date Who Lecture 14:00–16:00 (HS i11) Recording
03.03.2023 JH Intro & Recap: Cryptography TUbe
10.03.2023 JH Common Attacks & Vulnerabilities TUbe
17.03.2023 HW Introduction to the Practicals TUbe
24.03.2023 JH Trust & Privacy TUbe
31.03.2023 MT Identity TUbe
21.04.2023 JH Authentication TUbe
28.04.2023 MT Key Management TUbe
05.05.2023 SRN TLS Handshake Protocol TUbe (errata)
12.05.2023 TZ eIDAS & ID Austria TUbe (part 1, part 2)
26.05.2023 JH Registerkassensicherheitsverordnung TUbe
02.06.2023 KK & SRN The Signal Protocol & WhatsApp's Backups TUbe
16.06.2023 PT Green Pass & Ausweisplattform TUbe
23.06.2023 You! Seminar Presentation: Secure Boot TUbe
07.07.2023 VO Exam


Date What?
17.03.2023 Introductory Lecture (recording)
17.03.2023 Assignment Sheet
20.03.2023 Intro Challenges Available
≤ 29.03.2023 Solve Intro Challenges
≤ 29.03.2023 Group Formation
≤ 21.04.2023 Submit Design Concept
≤ 28.04.2023 Kick-off Meeting
≤ 21.05.2023 Implement Your Challenges
≤ 29.05.2023 Deployment Meeting
≤ 30.06.2023 Solve Others' Challenges & Submit Write-Up

Administrative Information

Getting a Grade (VO)

There are two ways to obtain a grade for the VO. You can either take an exam or give a seminar talk. The standard way to get a grade is to take a written 60-minute exam at the end of the semester. There will be one scheduled exam date on the 07th of July. After this date, exams will default to being oral unless there is significant coordinated student demand. To arrange an oral exam date, email us at least two weeks in advance and offer at least three potential timeslots. Both written and oral exams are partial open-book. You may bring one two-sided, hand-written, A4 sheet containing whatever information you think you will need during the exam. Only hand-written sheets are permitted. Print-outs, photocopies, etc. are not permitted. You can find & register for upcoming written exam dates in TUGRAZonline. For very motivated students, it is also possible to give a seminar talk. To do this, choose a subject related to real-world use of cryptography that you are passionate about, or find particularly interesting. Submit a brief outline of your proposal via email by March 19th. We will communicate with you to agree on a topic. You will then submit a ≥7 page report by May 31st, and give a seminar talk in the lecture on June 23rd. If these tasks are completed satisfactorily, you will receive a passing VO grade without the need for an exam. The range of acceptable topics is very broad, from case studies of particularly clever cryptographic protocols to usability analyses or ethical discussions. If you are unsure about a potential topic, do not hesitate to get in touch.

Practicals (KU)

The practicals are divided into three phases. In phase 1, you will solve pre-made Capture-the-Flag (CTF) challenges from last year's course, to familiarize yourself with the concept. This is done by yourself. In phase 2, you will design and implement your own challenge. This is done in groups. In phase 3, you will solve challenges posed by the other teams. This is done by yourself. Phase 1 awards 10 points. Phase 2 awards 30 points. Phase 3 awards 60 points. You need at least 50% of points in each phase to pass the course. If you pass all phases, your grade will be determined as follows:
  • ≥ 87½ points: Sehr Gut (1)
  • ≥ 75 points: Gut (2)
  • ≥ 62½ points: Befriedigend (3)
  • ≥ 50 points: Genügend (4)
For the full details, please see the KU assignment sheet.

Contact and Communication

For questions regarding the courses we have the following communication channels:
  • Discord: IAIK server, channels #sead-*-announcements for any necessary announcements and reminders.
  • Discord: IAIK server, channel #sead for all questions regarding lectures and exercises.
  • Discord: IAIK server, channel #sead-looking-for-team to find team members for the exercises.
  • for administrative questions specific to your situation. Please use Discord for questions that might be of interest for other students as well.


Jakob Heher

PhD Student

View more
Sudheendra Raghav Neela
Sudheendra Raghav

View more