Secure Application Design (SS 2023)
Building Secure Applications
Table of Content
In this lecture, we will translate the cryptographic groundwork of your Bachelor’s studies into the real world. We will discuss how cryptographic keys are managed, how trust in them is established, and how protocols are built. Additionally, we will review various real-world applications, and investigate how they use cryptographic tools to address the challenges they set out to solve.
The course is held on campus (HS i11); lecture recordings will be available after the fact via TUbe. At the end of the semester, a written exam will be offered on campus. After the main exam date, further exams will be oral, offered on demand.
The initial KU presentation is on campus (HS i11). A recording will be available. All other KU tasks can be undertaken remotely.
Discord is the primary means of communication. Private questions may be addressed via email.
NOTE: The contents of this course have significantly changed in SS2023. Any previous recordings you may find will likely not reflect the current state of the curriculum.
|Date||Who||Lecture 14:00–16:00 (HS i11)||Recording|
|03.03.2023||JH||Intro & Recap: Cryptography||TUbe|
|10.03.2023||JH||Common Attacks & Vulnerabilities||TUbe|
|17.03.2023||HW||Introduction to the Practicals||TUbe|
|24.03.2023||JH||Trust & Privacy||TUbe|
|05.05.2023||SRN||TLS Handshake Protocol
|12.05.2023||TZ||eIDAS & ID Austria||TUbe (part 1, part 2)|
|02.06.2023||KK & SRN||The Signal Protocol & WhatsApp’s Backups||TUbe|
|16.06.2023||PT||Green Pass & Ausweisplattform||TUbe|
|23.06.2023||You!||Seminar Presentation: Secure Boot
|17.03.2023||Introductory Lecture (recording)|
|20.03.2023||Intro Challenges Available|
|≤ 29.03.2023||Solve Intro Challenges|
|≤ 29.03.2023||Group Formation|
|≤ 21.04.2023||Submit Design Concept|
|≤ 28.04.2023||Kick-off Meeting|
|≤ 21.05.2023||Implement Your Challenges|
|≤ 29.05.2023||Deployment Meeting|
|≤ 30.06.2023||Solve Others’ Challenges & Submit Write-Up|
Getting a Grade (VO)
There are two ways to obtain a grade for the VO. You can either take an exam or give a seminar talk.
The standard way to get a grade is to take a written 60-minute exam at the end of the semester. There will be one scheduled exam date on the 07th of July. After this date, exams will default to being oral unless there is significant coordinated student demand. To arrange an oral exam date, email us at least two weeks in advance and offer at least three potential timeslots.
Both written and oral exams are partial open-book. You may bring one two-sided, hand-written, A4 sheet containing whatever information you think you will need during the exam. Only hand-written sheets are permitted. Print-outs, photocopies, etc. are not permitted.
You can find & register for upcoming written exam dates in TUGRAZonline.
For very motivated students, it is also possible to give a seminar talk. To do this, choose a subject related to real-world use of cryptography that you are passionate about, or find particularly interesting.
Submit a brief outline of your proposal via email by March 19th. We will communicate with you to agree on a topic. You will then submit a ≥7 page report by May 31st, and give a seminar talk in the lecture on June 23rd.
If these tasks are completed satisfactorily, you will receive a passing VO grade without the need for an exam.
The range of acceptable topics is very broad, from case studies of particularly clever cryptographic protocols to usability analyses or ethical discussions. If you are unsure about a potential topic, do not hesitate to get in touch.
The practicals are divided into three phases.
In phase 1, you will solve pre-made Capture-the-Flag (CTF) challenges from last year’s course, to familiarize yourself with the concept. This is done by yourself.
In phase 2, you will design and implement your own challenge. This is done in groups.
In phase 3, you will solve challenges posed by the other teams. This is done by yourself.
Phase 1 awards 10 points. Phase 2 awards 30 points. Phase 3 awards 60 points. You need at least 50% of points in each phase to pass the course.
If you pass all phases, your grade will be determined as follows:
- ≥ 87½ points: Sehr Gut (1)
- ≥ 75 points: Gut (2)
- ≥ 62½ points: Befriedigend (3)
- ≥ 50 points: Genügend (4)
For the full details, please see the KU assignment sheet.
Contact and Communication
For questions regarding the courses we have the following communication channels:
- Discord: IAIK server, channels
#sead-*-announcementsfor any necessary announcements and reminders.
- Discord: IAIK server, channel
#seadfor all questions regarding lectures and exercises.
- Discord: IAIK server, channel
#sead-looking-for-teamto find team members for the exercises.
- email@example.com for administrative questions specific to your situation. Please use Discord for questions that might be of interest for other students as well.