The following optional courses are offered to students of the master programme by the three locations.

Introduction to Biometrics: Raymond Veldhuis (UT)

Content: - Introduction - biometrics and its applications - overview of biometric recognition methods - The biometric recognition problem - Verification - Identification - Optimal classifiers - Other classifiers - Feature extraction - High- vs. low-level features. - Dimensionality reduction - Estimating the parameters of a classifier - Training - The small sample size problem - Dimensionality reduction - Principal component analysis - Linear Discriminant analysis - Pre-processing and signal conditioning - Object detection - Alignment (registration) - Normalization - "Hot topics" - 3d face recognition - active appearance models - TBD - Applications and their specific requirements Face recognition will be used throughout as an example.
Style: lecture + seminar
Examination: - (MATLAB) exercises - practical assignment - end paper.
Materials: Selected book chapters and articles.

Security of Information Services: A. van Cleeff, W. Pieters, S. Etalle (UT)

Content: The migration to information services in a networked business world comes with new problems and challenges in the security domain. As long as information is stored and used within one organization, security policies and mechanisms can be designed and implemented by this organization. These policies and mechanisms aim at preventing people outside the organization from accessing the information. In a networked world, businesses cooperate with other businesses by performing information services for each other, and thereby sharing information. Security policies and mechanisms must now selectively make information available to other organizations, rather than shield the information from other organizations. At the same time, organizations must trust that other organizations have effective internal security policies and mechanisms in place. In this course, we study the mechanisms and policies to secure these cooperations between businesses. Topics include service-oriented architecture (SOA), virtualization and cloud computing.
Style: lecture + seminar
Examination: Written examination: 40%. Presentation + Report: 60%
Materials: - Selected Articles - SOA Security, Ramarao Kanneganti and Prasad Chodavarapu, Manning Publications (2008) ISBN-13: 978-1932394689 (also available as e-book via the publisher)

Secure data management: Wim Jonker (UT)

Content: Introduce the fundamental knowledge of security in the context of XML data management, including XML encryption, search in encrypted XML data, cryptography, private/public key management, access control, identity management, digital right management, privacy protection; etc. Practice the theories learned during the course in solving a real-world security problem, like building a secure email server with advertisement function, searching in encrypted data, etc. Introduction to cryptography and private/public key management; Introduction to XML and XML encryption; Search in encrypted XML data; Digital right management; Access control for databases; Identity Management; Privacy Protection.
Style: 2hc + practical assignment
Examination: Written examination 70%. One practical group assignment 30%.
Materials: Reader

Cryptography 2: Berry Schoenmakers, Benne de Weger (TU/e)

Content: In this course we extend the exploration of cryptography from basic cryptographic algorithms (covered in Cryptography 1) to cryptographic protocols, and more generally to cryptographic systems. Whereas cryptographic algorithms can be executed locally, by entities on their own, a cryptographic protocol requires two or more entities to interact by exchanging messages to jointly achieve a set of security (and privacy) goals. A typical cryptographic system combines the use of several cryptographic algorithms and protocols to provide security services to the surrounding information systems. The goal of this course is to treat a wide range of cryptographic protocols and to get a basic understanding of the cryptographic systems that are in use today. In some cases, the security goals will be defined formally, and some cryptographic protocols will be accompanied by a security proof showing that the goals are met. Furthermore, practical examples of cryptographic systems will be treated showing how security goals such as message protection, transaction security, or access control can be achieved.
Style: Lecture, 2 hours per week
Examination: Written exam plus assignments
Materials: Lecture notes

Seminar Information Security Technology: Boris Skoric, Alexander Serebrenik (TU/e)

Content: In the course of the seminar we will discuss a number of information security-related subjects, such as side-channel attacks and security considerations in radio frequency identification applications. The lecturers will provide an introduction to the chosen subjects. Students are responsible for choosing a topic related to the subject proposed, performing a literature study, and reporting on the findings in a proposed form (oral, written, oral and written). Participation in all meetings is obligatory. Participants are expected to contribute actively to the discussion as well as to review presentations by their peers.
Style: Seminar
Examination: Assignments (paper and presentation)
Materials:

Linux Kernel and OS Security: Andries Brouwer (TU/e)

Content: System security can be approached from two sides - the viewpoint of the attacker and that of the defender. For a defender it is necessary to know what threats to defend against, no use installing a heavily shielded front door when intruders enter through unprotected backdoors and windows. The present course talks about security primarily from the hackers' point of view - it points out categories of weaknesses in various systems, shows how to learn about these weaknesses and how to exploit them. It is a hands-on course - students are expected to write some exploits themselves. Topics are for example Discovery, Active Data, Smashing the Stack, Local and Remote Root Exploits, Stealth, Unicode, Password Cracking, Denial of Service, Cross-site Scripting, DNS spoofing, etc. Most examples are formulated in a Unix context, but the concepts apply everywhere. Illegal activities are strongly discouraged.
Style: Lecture, 2 hours per week
Examination: Assignments
Materials: Lecture notes

Hardware and Operating Systems Security: Erik Poll, Lejla Batina (RU)

Content: Focus of this course in on security hardware, in particular smartcard and RFID, and side-channel attacks (SPA,DPA), and sample applications (EMV, e-passports, Mifare). Students built their own smartcard application, from the design incl. key management and cryptographic protocols, down to an actual implementation on hardware, and will experiment with side-channel (DPA) attacks on smartcards.
Style: Lectures and groups project work.
Examination: Project work.
Materials: Literature available from the course webpage.

Privacy Seminar: J. H. Hoepman (RU)

Content: Privacy has always been a controversial topic. Governments and business want to collect information about their citizens and customers - for their own benefit as well their clients. In surveys, people claim that they value their privacy. In practise, people give away personal information very easily, either because they do not receive a service otherwise, or because they are unable to protect that information reliably. With the calls for ever increasing security - after the events of the last few years - privacy has eroded even further, it seems. In this seminar we will explore the state of the art in privacy enhancing technologies (PET), and discuss theories (technical, legal and societal) of privacy.
Style: seminar
Examination: Presentation in class, writing a student paper, and refereeing a student paper.
Materials: A selection of scientific papers.

Law in Cyberspace: Ronald Leenes (TILT) (RU)

Content: Can I legally play a dvd bought in the US on a European dvd player? Is downloading music from the internet stealing? Is using an open WiFi access point legally permissible? What about liability when illegal activities are conducted by someone else than the owner of the access points? Do I have a right to be anonymous on the Internet? These are but some of the legal questions arising in the network society. In this course, provided by researchers of TILT - the Tilburg Institute of Law, Technology, and Society - an introduction is provided to the role of law with regard to ICT. Focusing on problems arising in everyday life online, the course will provide an overview of these issues from a legal perspective. The course will start with a brief introduction to law, regulation and the defining features of core two legal areas: private law and criminal law. This is followed by lectures on important areas within Cyberlaw: 1) privacy, data protection, and identity management 2) copyright and 'code' as code 3) computer crime 4) computer crime II 5) electronic signatures and e-commerce. The lectures for autumn are scheduled as listed in the Kerckhoffs calendar, on 13/9, 20/9, 4/10, 11/11, 18/10, 8/11, 15/11, 22/11 and 29/11. Note that the first lecture is on Sept 13 2010.
Style: lectures, self-study using literature
Examination: written exam.
Materials: A selection of articles, see the Nijmegen Blackboard site.