Studying at the University of Verona

Here you can find information on the organisational aspects of the Programme, lecture timetables, learning activities and useful contact details for your time at the University, from enrolment to graduation.

This information is intended exclusively for students already enrolled in this course.
If you are a new student interested in enrolling, you can find information about the course of study on the course page:

Laurea magistrale in Ingegneria e scienze informatiche - Enrollment from 2025/2026

The Study Plan includes all modules, teaching and learning activities that each student will need to undertake during their time at the University.
Please select your Study Plan based on your enrollment year.

CURRICULUM TIPO:

1° Year 

2° Year   activated in the A.Y. 2022/2023

ModulesCreditsTAFSSD
Final exam
24
E
-
activated in the A.Y. 2022/2023
ModulesCreditsTAFSSD
Final exam
24
E
-
Modules Credits TAF SSD
Between the years: 1°- 2°
Between the years: 1°- 2°
Between the years: 1°- 2°
Between the years: 1°- 2°
Further activities
3
F
-
Between the years: 1°- 2°
3
F
L-LIN/12

Legend | Type of training activity (TTA)

TAF (Type of Educational Activity) All courses and activities are classified into different types of educational activities, indicated by a letter.




S Placements in companies, public or private institutions and professional associations

Teaching code

4S008904

Credits

6

Coordinator

Massimo Merro

Language

Italian

Scientific Disciplinary Sector (SSD)

INF/01 - INFORMATICS

The teaching is organized as follows:

Teoria

Credits

5

Period

Secondo semestre

Academic staff

Massimo Merro

Laboratorio

Credits

1

Period

Secondo semestre

Academic staff

Massimo Merro

Learning outcomes

The course aims to present the main methodologies and technologies to ensure the security of computer networks and, more generally, distributed information systems. At the end of the course, the student must demonstrate to be able to know the main theoretical and applicative notions for the design, the practical implementation and the formal analysis of tools and protocols for the security of distributed networks and distributed information systems. This knowledge will allow the student to compare different techniques of network protection and choose between them the most appropriate according to the context of use and to make the most appropriate design choices when defining a new computer network. The student will then be able to continue his/her studies in the field of network security and distributed information system in autonomy, studying autonomously and presenting in clear way new vulnerabilities in computer networks and the related solutions adopted to mitigate their effects

Program

Frontal Teaching (36 hours)

1) Introduction
- Cybersecurity, Information Security, and Network Security
- The OSI Security Architecture
- Cryptography

- Network Security

- Trust and Trustworthiness

- Standards


2) Symmetric encryption
- Symmetric Encryption Principles 

- Symmetric Block Encryption Algorithms
- Random and Pseudorandom Numbers
- Stream Ciphers and RC4

- Cipher Block Modes of Operation 


3) Public-Key Cryptography and Message Authentication
- Approaches to Message Authentication
- Secure Hash Functions

- Message Authentication Codes
- Public-Key Cryptography Principles
- Public-Key Cryptography Algorithms
- Digital Signatures

4) Cryptographic Key Management and distribution
- Symmetric Key Distribution Using Symmetric Encryption
- Symmetric Key Distribution Using Asymmetric Encryption
- Distribution of Public Keys

- X.509 Certificates

- Public-Key Infrastructure

5) User Authentication

- Remote User-Authentication Principles
- Remote User-Authentication Using Symmetric Encryption
- Kerberos
- Remote User-Authentication Using Asymmetric Encryption
- Federated Identity Management

6) Transport-Level Security
- Web Security Considerations
- Transport Layer Security

- HTTPS

- Secure Shell (SSH)


7) Wireless Network Security
- Wireless Security
- Mobile Device Security
- Wireless Lan Overview
- IEEE 802.11i Wireless Lan Security


8) Electronic Mail Security
- Internet Mail Architecture
- Email Formats
- Email Threats and Comprehensive Email Security
- S/MIME
- DNSSEC
- DNS-Based Authentication of Named Entities
- Sender Policy Framework
- Domainkeys Identified Mail
- Domain-Based Message Authentication, Reporting, and Conformance

9) IP Security
- IP Security Overview
- IP Security Policy

- Encapsulating Security Payload

- Combining Security Associations

- Internet Key Exchange


10) Network Endpoint Security
- Firewalls
- Intrusion Detection Systems
- Malicious Software
- Distributed Denial of Service Attacks.

Laboratory (12 hours):

- Sockets and network connections
* Introduction to network connections, socket management
* Writing a port scanner in Python. Hints to the nmap tool.

- Network traffic analysis:
* Popular packet filtering systems (firewalls). Introduction to Netcat, Wireshark and tcpdump.
* Network layer limits as a defense tool for application layer attacks.

- ARP tables, ARP spoofing and DoS attacks
* Physical addresses and ARP protocol, ARP tables and ARP spoofing attacks. The concept of ARP poisoning. The Ettercap tool. How ARP-based spoofing attacks are detected and risk mitigation.
* Hints on HTTP header striping modes. SSLStrip and Bettercap tool.
* Case study: SYN flood attacks (half-open-attack) and impact mitigation methods: limiting the resources absorbed by the attack using network tools.
* Implementation of IPS system for brute force attacks on ftp credentials and in the case of port scanning. IPS prototype writing via the iptables firewall and Linux shell. The OSSEC IPS.

- ICS Security
Security of Industrial Control Systems (ICSs). Shodan.io. The Stuxnet attack. Replication of attacks on industrial system controllers.

- Detection of anomalies in network traffic:
* Netfilter extensions for connection status matching (new, established, related and invalid), types of addresses (unspec, local prohibit, unicast, broadcast), comments, limits and the concept of burst, filters at the MAC address level, use of the firewall to mitigate ARP spoofing attacks.
* Major web application vulnerabilities arising from the network layer.

Bibliography

Visualizza la bibliografia con Leganto, strumento che il Sistema Bibliotecario mette a disposizione per recuperare i testi in programma d'esame in modo semplice e innovativo.

Examination Methods

Examination consists of:
- an oral examination on the topics dealt with during frontal lessons;
- a project on subject related to the lab.

The final vote comes from the average of the evaluations obtained in the oral test and in the discussion of the project.

Students with disabilities or specific learning disorders (SLD), who intend to request the adaptation of the exam, must follow the instructions given HERE