Digital Systems Security

6th Course of Study (Start: Academic Year 2023-24)

1st Semester

ΨΣ-ΑΦ-812 Network Security [M] C. Xenakis

Objective

The main objective of this course is to study and analyse the security of computer networks. It focuses on wired networks based on the Internet technology for computer communication and the provision of networked services. The security requirements (from both users and network point of view), technologies, mechanisms and protocols that aim to safeguard the network and the provided services are presented, analysed and evaluated. Finally, the open research issues in this area are highlighted.

Upon completion of this course, the students will be able to:

  • Determine the security requirements of a networked system.
  • Analyse potential threats / risks that may affect the operation, effectiveness, efficiency and privacy of a networked system.
  • Design security mechanisms and protocols that meet well-defined requirements and protect against specific threats.
  • Evaluate the effectiveness and efficiency of a network security architecture identifying potential weaknesses and limitations.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to network security considering the security requirements as well as the attacks that aim at preventing the provided services. Description of the basic security services and mechanisms.
  • Fundamental network security tools. Confidentiality and conventional cryptography.
  • Asymmetric cryptography and the required public key infrastructure. Providing trust in networks and services.
  • Authentication services. Trust and reputation management for organizations and services.
  • Security mechanisms at the application level. Analysis of the Pretty Good Privacy.
  • Security mechanisms at the network level. Analysis of the IPsec.
  • Security mechanisms on the web. Analysis of the protocols SSL, SSH, SET, etc.
  • Protection against network attacks. Analysis, implementation and evaluation of security firewalls.
  • Presentation and analysis of malware (malicious software) that is found on the Internet.
  • Intrusion attacks and intrusion detection systems.
  • Denial of service attacks and countermeasures.
  • Attacks on Domain Name System (DNS) and Address Resolution Protocol (ARP)
More »

ΨΣ-ΑΦ-806 Security Assessment and Vulnerability Exploitation [M] N. Sgouros , C. Ntantogian

Objective

The main objective of this hands-on course is to provide practical experience for conducting in-depth security assessments and exploitation. The students will spend the majority of the course time in practical lab scenarios, to learn methodologies, techniques and tools to perform comprehensive vulnerability assessment and penetration testing. The course includes a “Capture The Flag” contest, where students put the acquired exploit writing skills to test in a real world environment. Finally, the open research issues in this area are highlighted.

Upon completion of this course, the students will be able to:

  • Understand various aspects of computer architecture and its importance for software security.
  • Design and write their own custom shellcode in assembly language to bypass defensive technologies.
  • Analyse and evaluate source code to find new vulnerabilities and exploit them.
  • Apply practical skills of penetration testing techniques as well as post-exploitation to pivot through an IT infrastructure.
  • Utilise a variety of open source and well-known security tools in industry.
  • Create their own exploits and security tools and utilise them in attack vectors.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to the Linux Operating System. Basic Bash shell commands and security tools. Introduction to C and Python programming language.
  • Hardware-software interface. Number representation, assembly language, memory management, the operating-system process model.
  • Memory corruption and exploitation based on stack overflows in Linux and Windows operating systems.
  • Understanding and writing shellcodes. Encoding techniques to evade antivirus/IDS.
  • Privilege Escalation in Linux and Windows and mobile platforms (IOS and Android).
  • Source code auditing. Fuzzing techniques to discover bugs and vulnerabilities.
  • Advanced memory corruption exploitation. Return to Libc attacks, heap overflows, integer overflows. OS security defenses.
  • Vulnerability assessment and Penetration testing. Social Engineering.
More »

ΨΣ-ΑΦ-805 Applied Cryptography [M] P. Rizomiliotis

  • Course Code ΨΣ-ΑΦ-805 Type of Course Mandatory [M]
  • Semester 1st Semester FacultyP. Rizomiliotis
  • ECTS Credits 7,5

Objective

This course will

  • Introduce the art and science of cryptography.
  • Cover the main types of cryptographic algorithms and protocols.
  • Present a wide variety of algorithms and their analysis.
  • Explain how different cryptographic mechanisms are used in practice.
  • Analyse the performance and security trade-offs between different kinds of algorithms.

Upon completion of this course, the students will be able to:

  • Explain the role and the importance of cryptography.
  • Identify the limitations of cryptography.
  • Understand the differences between various types of cryptographic mechanisms and critically compare their properties.
  • Choose the most adequate cryptographic mechanism with regards to performance and the identified security requirements.
  • Be aware of the current research trends and appreciate the influence that this work will have in the coming years.

Course Contents

  • History and overview of cryptography
  • Mathematical background
  • Cryptographic foundations (Pseudorandom number generators, Pseudorandom functions and permutations, One-way functions)
  • Data confidentiality protection protocols and primitives (stream ciphers, block ciphers, El Gamal, RSA, elliptic curves)
  • Data integrity protection protocols (hash functions, HMAC, CBC-MAC, digital signatures, DSS)
  • Key distribution and key agreement protocols (Diffie-Helman, secret key sharing, PKI, Kerberos)
  • Key size selection and key generation
  • Advanced topics (E-voting, E-payments, Outsourcing data and computation, Multiparty Computation)

More »

ΨΣ-ΑΦ-824 Information Systems Security and Privacy Protection [M] C. Lambrinoudakis, S. Gritzalis

Objective

The main objective of the course is the familiarisation of the students with the terminology and main principles of the Information Systems Security area, thus ensuring a common understanding among students of differing backgrounds. Methodologies for analysing and managing in a systematic way the risk of an information system will be presented in detail, while the main principles for specifying the security policy of an organization will be also discussed.

Upon completion of this course, the students will be able to:

  • Understand in detail the main principles of the Information Systems Security Area.
  • Apply a Risk Analysis and Management Methodology.
  • Understand the aims and the structure of the security policy of an organization.
  • Understand the identification, authentication and access control mechanisms.
  • Evaluate the usability of a security product.
  • Judge the consequences from cyberspace risks.

Course Contents

  • Information and Communication Systems Security Terminology: Definitions and Principles.
  • Need for and scientific foundation of ‘Risk Analysis’
  • Best practices for Risk Management and for the identification of the appropriate security measures. Detailed presentation of the CRAMM Risk Analysis and Management Method.
  • Identification and Authentication Mechanisms.
  • Access Control Mechanisms.
  • Security Policies: Principles, Alternative Approaches, Required Characteristics.
  • Legal Framework for the protection of personal and sensitive data.
  • Usability of Security: Importance and Consequences.
  • Cyberspace Security.

More »

2nd Semester

ΨΣ-ΑΦ-816 Mobile Internet Security [M] C. Xenakis

Objective

The main objective of this course is to study and analyse the security of mobile and wireless networks. These networks integrate heterogeneous technologies, provide a wide range of multimedia services regardless of the users’ location, and implement the concept of the mobile internet.

Upon completion of this course, the students will be able to:

  • Determine the security requirements of a wireless networked system.
  • Analyse potential threats / risks that may affect the operation, effectiveness, efficiency and privacy of a wireless networked system.
  • Design security mechanisms and protocols that meet well-defined requirements and protect against specific threats.
  • Evaluate the effectiveness and efficiency of a wireless network security architecture by identifying potential weaknesses and limitations.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to mobile/wireless security, mobile Internet security, security requirements and challenges.
  • Wireless local area networks (WLANs) security, substantial weaknesses and possible attacks.
  • The security standard IEEE 802.11i; basic mechanisms and security services.
  • Security in wireless infrastructureless networks (ad hoc networks, Internet of things).
  • GSM and GPRS security.
  • UMTS security.
  • Wireless metropolitan area networks (WiMAX) security.
  • Security in wireless community network.
  • Security in Long Term Evolution (LTE).
  • Android and iOS operating systems security.
More »

ΨΣ-ΑΦ-822 Digital Forensics and Web Security [M] C. Ntantogian

  • Course Code ΨΣ-ΑΦ-822 Type of Course Mandatory [M]
  • Semester 2nd Semester FacultyC. Ntantogian
  • ECTS Credits 7,5

Objective

The objective of this hands-on course is to present the students with techniques, methodologies and tools for successful forensics investigations. Moreover, it aims to broaden their knowledge of web application hacking and help them identify and circumvent various protection mechanisms in use on the web today. Finally, the open research issues in this area are highlighted.

Upon completion of this course, the students will be able to:

  • Effectively preserve and analyse a large number of digital evidence sources, including both on disk and in memory data.
  • Find network-based evidence and extract it from packet capture files.
  • Carry out static and dynamic analysis of malware code.
  • Create a secure web application avoiding common security flaws.
  • Perform penetration testing to web applications.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to digital forensics. File systems analysis, file carving techniques.
  • Network forensics, packet analysis, statistical flow record analysis.
  • Log data analysis, SIEM, visual analytics and security intelligence.
  • Malware forensics, static and dynamic malware analysis. Windows memory acquisition techniques and analysis.
  • Introduction to Web technologies including PHP, HTML, SQL, Javascript.
  • Cross Site Scripting attacks (XSS) and Cross Site Request Forgery (CSRF) attacks.
  • SQL injection and Local file inclusion attacks (LFI). Remote command execution.
  • Common Flaws and failures in Authentication, Session Management, Access Control mechanisms as well as in cryptographic implementations.
  • Defending web applications with input validation and sanitization methods. Web application penetration testing.

More »

ΨΣ-ΑΦ-811 Legal and Regulatory Framework of Security [M] N. Sgouros, C. Doulkeridis , L. Mitrou

Objective

This course considers the interaction between law and technology. It aims at giving students an appreciation of the regulatory, legal and ethical issues surrounding the use of information systems with emphasis on security issues. Computer specialists are also becoming involved in legal issues such as privacy and data protection or cybercrime. The goal of this course is to help security specialists to understand and meet these emerging needs.

Upon completion of this course, the students will be able to:

  • Identify the key regulatory, legal and ethical issues related to information systems, and in particular to security, and to deal with them from a legal point of view.
  • Understand the adequacy and relevance of the existing law and the regulatory frameworks in information technology and identify possible weaknesses and deficiencies.
  • To understand and integrate their computer and security background into a general social, economic and institutional context.

Course Contents

  • Introduction to Law of Information Society. Context, Basic notions, principles and institutions.
  • Security – Confidentiality/Secrecy-Privacy and Data Protection. Legal aspects of information and systems security
  • Data Protection Law : European and National Regulatory Framework
  • Privacy Enhancing Technologies/ Privacy by design and Privacy by Default
  • Freedom of speech, rights and powers in the Information Society.
  • Cybercrime and Computer crime: ethical, social, legal and economic aspects. Penal law and Information and Communication Technologies. Computer/Internet Forensics
  • Intellectual property in the Information Society: software and database protection, open source, licenses, issues relating to peer to peer.
  • Identity and Authentication: Electronic signatures. Identity in Web- Domain names

More »

ΨΣ-ΑΦ-823 Research Methodology [M] C. Lambrinoudakis, S. Gritzalis, D. Kyriazis

Objective

The main objective of the course is to highlight the privacy violation concerns in the modern digital world. The privacy concept and requirements are clearly distinguished from those of security, while the latest privacy enhancing technologies are presented. Finally, the risks against privacy introduced in new environments, like that of cloud computing, are discussed.

Upon completion of this course, the students will be able to:

  • Understand in detail the privacy requirements and the way they can be identified.
  • Understand the existing privacy enhancing techniques and tools.
  • Identify the new risks that modern computing environments, like cloud computing, introduce.

Course Contents

  • Privacy Requirements.
  • Privacy Enhancing Technologies and tools.
  • Personal data protection and privacy of communications.
  • Identity Management and Federations – Digital Authentication Framework.
  • Location Privacy.
  • Definition and main architectural and functional characteristics of distributed systems and cloud environments.
  • Identification of new threats in the new computing environments.
  • Managing the new threats against security and privacy in cloud environments.
  • Privacy and Data Protection in Emerging Scenarios.

More »

3rd Semester

ΨΣ-ΑΦ-888 MSc Dissertation [M] Member of faculty

  • Course Code ΨΣ-ΑΦ-888 Type of Course Mandatory [M]
  • Semester 3rd Semester FacultyMember of faculty
  • ECTS Credits 30

The master thesis project is carried out under the supervision of one of the faculty members and involves – at a first stage – the identification of the research topic/ technological problem to be addressed and the research of literature for existing state-of-the-art. The output of the project, namely the description of the research area, the problem formulation, the solution definition and implementation and the illustration of results and final conclusions and recommendations, is presented in the master thesis.

The master thesis project aims to

  • Extend the student’s academic skills, introduce them to a certain research area and potentially motivate them to continue their research work beyond the completion of their Master’s Degree. This may be achieved not only by exploiting particular skills and knowledge acquired from taught courses but also by enhancing their ability to tackle a novel research area and/or problem.
  • Expand the student’s professional skills by developing/improving their ability to research, manage/organise information, think creatively, pursue innovation and report adequately the findings of their research.
More »