Formal Methods for Information Security

Overview

Lecturers and Tutors:
Dr. Ralf Sasse and Dr. Christoph Sprenger

Lectures:
Thursday 9am–11am, CAB G52

Exercises:
Thursday 11am–12pm, CAB G52

Credits: 5 ECTS (2V + 1U + 1A)

Project:
20% of the grade

Homework:
optional, but strongly recommended

Exams:
Oral exam (session examination - mid-to-late August), date individually communicated by examination planning office (Prüfungsplanstelle), usually in late June.

Language: English

Description

The course treats formal methods for the modelling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

In addition to the classical security properties for confidentiality and authentication, we will study strong secrecy, privacy, and fairness properties. We will discuss electronic voting protocols, and RFID protocols (a staple of the Internet of Things), where these properties are central. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols.