Time: 14 April – 3 May 2020, intensive period 25 April – 3 May 2020
Responsible teachers: Professor Tuomas Aura, Doctoral candidate Jacopo Bufalino
Credits: 5 ECTS
Location: online

Background

The curriculum of the SECCLO Erasmus Mundus program includes an annual summer school, where the students are expected to work as groups on a timely topic in information security. Due to the COVID-19 epidemic, the summer school had to be cancelled on a short notice. The summer course on cyber security is primarily a replacement for the cancelled event, and its learning goals remain unchanged. Since the course was implemented online, we were able to invite other students majoring in security to join the course.

Learning goals

After this course, the students have experience of offensive security analysis. They understand the penetration testing process against Windows and Linux based computer systems and know the most common tools and techniques. They are familiar with several types of security vulnerabilities in server and desktop systems. They are also able to identify and critically analyze potential new vulnerabilities. They can communicate and discuss with security professionals and are aware of the latest trends in security analysis. In the project part, the students plan their own work and carry it out in a goal-oriented way as members of a group. They use online tools for remote collaboration and presentation of the results.

Course implementation

The course consists of penetration testing exercises, which are done in an online platform; guest talks and discussion meetings; and a group project with a demo on vulnerability analysis. The course starts with a two-week preparation period with preliminary exercises and project work. The highlight of the course is a nine-day intensive period with daily online meetings for discussion and guest talks and collaborative penetration testing exercises. The course ends with demos and presentations of the project work.

The exercises are based on a carefully selected set of penetration-testing labs from the commercial Hack The Box (HTB) platform. The regular university learning platforms are used for distributing the materials, Zoom is used for the meetings, and Microsoft Teams for continuous communication among the course staff and students. During the intensive period, the course staff engages in the collaborative hacking, monitors the students’ progress, and is continuously available for guidance. The students are encouraged to help each other in an atmosphere of cooperation rather than competition.

Organizing university: NTNU – Norwegian University of Science and Technology, Department of Information Security and Communication Technology, Trondheim

Responsible professor: Professor Danilo Gligoroski

Course description

This course will provide conceptual understanding of Blockchain as a public distributed database (distributed ledger) that records its immutable transactions through transparent consensus using secure cryptographic techniques. Blockchain is considered as a disruptive technology due to its impact on our modern digital society, especially in the areas of currencies and financial services, banking, contracting, governmentally regulated legal relations, identity management and anonymity and many others. This course will cover in details the blockchain operations and functionality. It will also cover current innovative directions in Blockchain technologies, opportunities and challenges.

Learning outcomes

After completion of this course, students will have the following:

Knowledge:

• What is blockchain
• The structure of a blockchain
• How blockchain works, its underlying concept of transactions, blocks, proof-of-work, consensus building and its cryptographic building blocks
• Advantages and limitations of blockchain vs traditional techniques
• How decentralized and distributed blockchain ledger maintains its transparency, and guarantees privacy, anonymity, security and immutability
• How cryptocurrencies work
• What are “smart” contracts

Skills:

• Practical understanding of how cryptocurrencies are implemented
• How to launch a new blockchain introducing a new cryptocurrency
• How to mine a cryptocurrency
• How to form and join mining pools
• How to use blockchain for applications other than cryptocurrency

Learning methods and activities

Lectures, invited lectures and laboratory exercises. An individual practical involvement of every course participant is mandatory. Approximately one month before the start of the summer course, every participant will become an early adopter of a new virtual crypto currency especially developed for the course. During the one week of the summer course there will be online quizzes to support the theoretical and practical aspects. Every participant will receive homework tasks, that will be delivered one week after the summer course. The amount of mined coins, transactions and the overall wealth at the end of the course will influence the final grade.

Grading

• 50% The amount of mined coins in comparison with all other participants
• 25% Online quizzes
• 25% Final report and homeworks

Recommended previous knowledge

Basic Cryptography and Information Security. It would be very useful for participants if they have a basic knowledge of computer networks, use of Unix-like operating systems, programming languages such as C, Python, and familiarity with basic web technologies such as Javascript, PHP and SQL.

Course materials

Recommended textbook: “Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction”, by Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder, July 2016.

Online material will be provided for all participants.