Security properties: availability, confidentiality, integrity, non-repudiation.
Authentication and authorization systems. Password security
Security risks. Threats and countermeasures
- Viruses, worms, keyloggers, rootkits, malware, botnets, phishing
- Antivirus, Intrusion Detection Systems, Firewall
Cybercrime and cybersecurity economics
Privacy
- Cookies and Fingerprinting
- General Data Protection Regulation
(GDPR)
- Privacy by design and by default.
Pseudonymisation
Security risk management
- The Italian National Framework for Cyber Security and Data Protection
- AGID Minimum ICT security measures for public administrations
Cryptography: basic principles.
Symmetric key cryptography
- Classic transposition and substitution ciphers. Polygraphic and polyalphabetic ciphers.
Vigenere, One-time pad
- Confusion and diffusion. Avalanche criterion
- Substitution-permutation networks
- Key exchange problem. Diffie-Helmann protocol
Asymmetric key cryptography. RSA algorithm
Hybrid cryptography.
Digital certificates and PKI
- X.509 certificates
- Public Key Infrastructures
- Certificate Revocation lists and OCSPs
Digital signature.
- Hash functions
- "Remote" digital signature
- Graphometric signature
- Digital stamp
- Time stamp
- CAdES and PAdES signatures
Data backup and digital preservation
Email and network security
- Pretty Good Privacy (PGP)
- Certified Electronic Mail (PEC) and S / MIME
- Transport Layer Security (TLS)
Credential and identity Management
- Firefox Sync, Chrome Sync, Pain Free Passwords, FIDO UAF
Single Sign On systems
- Centralized approaches. Kerberos. Needham-Schroeder protocol
- Federated approaches. Shibboleth, OpenID, OAuth
- Public Digital Identity System (SPID)
Blockchain and Distributed Ledger
- Bitcoin, Ethereum, Algorand
- Smart contracts
Virtual private networks (VPN)
Anonymity and Onion Routing (TOR)
