5 credits
30.0 h + 15.0 h
Q1
Teacher(s)
Avoine Gildas;
Language
English
Main themes
The goal of this course is to learn how to build a secure application from theory to practice in a production environment. As a case study, we will focus on token-based applications whose primary goal is to ensure authentication.
- Introduction to token-based applications.
- RFID Primer: current applications and characteristics.
- Symmetric Key Authentication Protocols.
- Examples of poor designs (MIT, DST), TMTO.
- Implementation of cryptographic building blocks
- Generating randomness.
- Examples of poor designs (Mifare).
- Relay attacks and distance bounding.
- Privacy: Information leakage and malicious traceability.
- Denial of Service.
- Study case the biometric passport.
Aims
At the end of this learning unit, the student is able to : | |
1 | Given the learning outcomes of the "Master in Computer Science and Engineering" program, this course contributes to the development, acquisition and evaluation of the following learning outcomes:
Given the learning outcomes of the "Master [120] in Computer Science" program, this course contributes to the development, acquisition and evaluation of the following learning outcomes:
Students completing successfully this course will be able to
Students will have developed skills and operational methodology. In particular, they have developed their ability to
|
The contribution of this Teaching Unit to the development and command of the skills and learning outcomes of the programme(s) can be accessed at the end of this sheet, in the section entitled “Programmes/courses offering this Teaching Unit”.
Content
The current attractive way to perform authentication with token is to use the RFID technology. Several billion RFID devices are sold every year and no one engineer should ignore this technology, its nice features, but its security flaws as well. To illustrate the course, we will see how to break an access card, a biometric passport, how to steal a car while being 20'000 km far from it, etc.
From this technology, the course will describe and extend the main points one should take care when designing a secure application.
Develop from scratch a secured solution.
From this technology, the course will describe and extend the main points one should take care when designing a secure application.
Develop from scratch a secured solution.
- How to read a standard.
- Implement cryptographic tools.
- Consider the solution as a whole.
- ...
- Everyday life applications based on RFID.
- Several billions computing devices around us.
- Computer science is no longer only PCs interconnected.
- ...
Teaching methods
Lectures introduce the theoretical and practical background needed to build a secure token-based applcation.
Evaluation methods
Homework
The homework should be done by groups of two students.
Exam
- First and second sessions exams are written exam.
- Documents and electronic devices are strictly forbidden during the exam.
Final Grade
The final grade is Max(exam, 14/20 exam + 6/20 homework)
Other information
INGI2347 vs INGI2144
- INGI2347 is an introduction to network and application security.
- INGI2144 is an advanced course on application security.
- computer systems and programming. Students should have an general background in information security as provided by INGI2347.
- Students who do no know whether their background allows them to attend the course (e.g. students from ELEC, ELME or MAP) should contact the lecturer.
Online resources
Bibliography
Support obligatoire: copie des diapositives disponible sur le site icampus.
Faculty or entity
INFO