ICT Security Basics from Trust to Blockchain (5 cr)

Code: ICT4HM103-3004

Basic information of implementation

Enrollment: 13.06.2022 - 21.10.2022; Enrolment for the implementation has ended.

Timing: 24.10.2022 - 16.12.2022; Implementation has ended.

ECTS Credits: 5 cr

Campus: Pasila Campus

Teaching languages: English

Seats: 15 - 25

Degree programmes: ATBUM Degree Programme in Aviation and Tourism Business; LEBUM Degree Programme in Leading Business Transformation; BUTEM Degree Programme in Business Technologies

Teachers: Tero Karvinen

Groups: MAICTE
Information Services and Systems, Masters, Pasila; MAICTF
ICT-palvelut ja tietojärjestelmät, masterit, Pasila; EVENING
Evening implementation; MADIGE
Digital Business Opportunities, Masters, Pasila; MADIGF
Digitaalisen liiketoiminnan mahdollisuudet, masterit, Pasila; EXCH
EXCH Exchange students; ONLINE
Online implementation

Course: ICT4HM103

Evaluation scale

H-5

Schedule

In course homepage, updated during the course.

- Organizing. Overview of the course. Fundamentals vs common attacks.
- Adversarial situation. The most common ways to attack companies
- Encryption. CIA tirad in encryption. Symmetric and asymmetric encryption.
- Hashing. Two way authentication.
- Practical encryption technieques.
- New applications for encryption.
- Bitcoin and cryptocurrencies. Incentives. Consensus.

Implementation methods, demonstration and Work&Study

Depending on the implementation, learning takes place in contact lessons, independent studies, teamwork and online-studies. The course includes the assessment of one’s own learning.

Theoretical instruction combined with practical demonstrations. Laboratory exercises in a computer lab. Independent work (reading and practice) and reporting. There are 25 machines and seats in the laboratory, so the number of participants is limited to this.

Recognition of prior learning (RPL)
If students have acquired the required competence in previous work tasks, recreational activities or on another course, they can show their competence via a demonstration. The demonstration must be agreed with the course teacher. More information and instructions for recognising and validating prior learning (RPL) are available at https://www.haaga-helia.fi/en/recognition-learning Look at "Instructions to students (master)"

Materials

Articles, videos and book chapters provided by teacher. Software is mostly free open source software used in the industry, with the aim of providing a fully licensed copy to student's use even after the course.

For example

- Schneier 2015: Applied Cryptography
- Santos et al 2017: Security Penetration Testing - The Art of Hacking Series
- MITRE: ATT&CK Enterprise Matrix.
- Felten et al 2015: Bitcoin and Cryptocurrency Technologies
- Schneier 1999: Modeling security threats
- Cryptopals
- Debian 11 Bullsyeye non-free
- Metasploitable
- Karvinen 2022: Cracking Passwords with Hashcat

Previous homework, student feedback, reading lists on https://terokarvinen.com/2021/trust-to-blockchain-2022/

Please note that this is not a penetration testing course, even if some of the exercises demonstrate similar techniques. If you want to learn penetration testing, have the time and technical background, consider my non-masters level course "Tunkeutumistestaus" in addition to this course.

Reading list is likely to change during the course. Paid content behind paywalls could be available for free using Haaga-Helia student access.

Teaching methods and instruction

ONLINE: Fully remote, mandatory participation to classes.

- Teaching in video conference
- Independent study, reading, summarizing, solving technical tasks and reporting, giving feedback to fellow students
- The assessment of one’s own learning 1 h
- Studying includes classes and exercises

Online course, fully remote. Requires active participation to classes in video conference, at the time marked in the timetable.

To participate, you'll need Internet connection, headphones, camera and a computer where you can install Linux on a virtual machine (with instructions). To be able to discuss pentest techniques, you must accept course rules.

Working life connections

Many participants are usually already working in the field, which hopefully leads to interesting discussions. No matter if you're a CEO, CIO, helpdesk worker (or not working with IT at all), you're welcome here.

Exam dates and re-exam possibilities

No exam.

Internationality

Likely international participation. It's possible to publish homework reports to talk to international audience. Course material is developed by authors from many countries, and some technical tools are multinational FOSS (Free, open source software) projects.

Learning assignments

- Active participation in the classes, including discussions and technical tasks
- Presentation
- Homework, including reporting technical tasks
- Cross evaluation of reports and giving helpful feedback to fellow students

Assessment methods

Homework reports, active participation in classes, cross evaluation, presentations.