UCL - Secured systems engineering

[INGI2144]

[30h + 15h] 5 credits

This course is taught in the 1st semester.

Teacher(s): Gildas Avoine

Language: English

Level: Second

Aims
Main themes
Content and teaching methods
Other information (prerequisite, evaluation (assessment methods), course materials recommended readings, ...)

Aims

The goal of this course is to learn how to build a secure application from theory to practice in a production environment. As a case study, we will focus on token-based applications whose primary goal is to ensure authentication.

Main themes

The current attractive way to perform authentication with token is to use the RFID technology. Several billion RFID devices are sold every year and no one engineer should ignore this technology, its nice features, but its security flaws as well. From this technology, the course will describe and extend the main points one should take care when designing a secure application. To illustrate the course, we will see how to break and access card, a biometric passport, how to steal a car while being 20'000 km far from it, etc. The topics below will be considered in this course.

- Introduction to tokens, RFID.
- Authentication protocols, secret and public key, standards.
- Implementing a pseudo-randon generation or hardware random generator.
- Privacy, database.
- RFID standards, ISO14443, EPC, ...
- Secure code, collision-avoidance protocols.
- Relay attacks and distance bounding.
- Some famous examples: ePassport, Mifare Classic.
- Security certification: Common Criteria.

- Lectures
Lectures introduce the theoretical and practical background needed to build a secure token-based applcation.

- Project
Students are required to achieve a project over the whole semester, that is taken into account into the grade. Topic of the project is defined in September.

Content and teaching methods

See above

Other information (prerequisite, evaluation (assessment methods), course materials recommended readings, ...)

INGI2347 vs INGI2144
Class INGI2347 is an introduction to network and application security.
While class INGI2144 is an advanced course on application security.

Prerequisites:
Background in computer systems and programming is required. Students should have followed INGI2347. INFO2MS and SINF2MS are both compliant with these requirements. Students who do no know whether their background allows them to attend the course (e.g. students from ELEC, ELME or MAP) should contact the lecturer.