Formal Methods for Information Security

Overview

Lecturers and Tutors:
Dr. Ralf Sasse, Dr. Christoph Sprenger and Dr. Michael Reichle

Lectures:
Tuesday 10-12 CAB G 59

Exercises:
Tuesday 12-13 CAB G 59

Credits: 5 ECTS (2V + 1U + 1A)

Project:
25% of the grade

Homework:
optional, but strongly recommended

Exams:
Oral exam (session examination - mid-​to-late August), date individually communicated by examination planning office (Prüfungsplanstelle), usually in late June.

Language: English

Announcements

• Welcome the the course. First lecture starts on Tue, Feb 17 at 10h. 

Description

The course treats formal methods mainly for the modeling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

The second part of this course will cover a selection of advanced topics in security protocols such as secure communication with humans and RFID protocols (a staple of the Internet of Things) including the relevant privacy properties.

In the third part, we will give an introduction to cryptographic modeling and analysis. First, we will look at key-dependent messaging for encryption schemes and discuss how cryptographic analysis complements formal methods. Second, we will look at cryptographic modeling of interactive protocols using the example of multi-signatures.