Unit DATA SECURITY AND BLOCKCHAIN
- Course
- Computer engineering and robotics
- Study-unit Code
- A003193
- Curriculum
- In all curricula
- Teacher
- Luca Grilli
- Teachers
-
- Luca Grilli
- Hours
- 48 ore - Luca Grilli
- CFU
- 6
- Course Regulation
- Coorte 2022
- Offered
- 2023/24
- Learning activities
- Caratterizzante
- Area
- Ingegneria informatica
- Academic discipline
- ING-INF/05
- Type of study-unit
- Opzionale (Optional)
- Type of learning activities
- Attività formativa monodisciplinare
- Language of instruction
- Italian
- Contents
- Basic concepts and terminology of data security. Applied cryptography for data security. Data anonymization techniques. Basics of (programmable) blockchain and smart contracts. The Ethereum blockchain and the Solidity language.
- Reference texts
- The course addresses many recent topics on rapidly evolving technologies, which are not collected in a single textbook. For this reason, the majority of course topics are illustrated in a set of slides and lecture notes prepared by the teacher.
However, for a deep understanding of the covered topics, there are several reference books, online tutorials and official documentations, which are listed hereafter.
Recommended books
Michael Goodrich, Roberto Tamassia. Introduction to Computer Security (2nd Edition). Pearson Education, 2021.
Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography (3rd Edition). Chapman & Hall/CRC, 2021.
Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner. Network Security: Private Communication in a Public World (3rd Edition). Addison-Wesley Professional, 2022.
A. Narayanan, J. Bonneau, E. Felten, A. Miller, S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016.
Andreas M. Antonopoulos, Gavin Wood. Mastering Ethereum: Building Smart Contracts and Dapps. O'Reilly Media, Inc., 2018.
Free Online Books
Paul C. van Oorschot. Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin (2nd Edition). Springer, 2021.
[https://people.scs.carleton.ca/~paulv/toolsjewels.html]
A. J. Menezes, P. C. van Oorschot and S. A. Vanstone. Handbook of Applied Cryptography (5th printing). CRC Press, 2001.
[https://cacr.uwaterloo.ca/hac/]
Online tutorials and official documentation
Developer Guides - Bitcoin [https://developer.bitcoin.org/]
Ethereum Development Documentation [https://ethereum.org/en/developers/docs/]
Ethereum Development Tutorials [https://ethereum.org/en/developers/tutorials/]
Ethereum Whitepaper [https://ethereum.org/en/whitepaper/]
Solidity [https://docs.soliditylang.org/] - Educational objectives
- The main aim of this course is to provide students with the knowledge of fundamental cryptographic algorithms, and the methodologies and technologies for data protection, with special emphasis on blockchain.
The main knowledge acquired will be:
• fundamental cryptographic primitives;
• methods for secure data communication and storage;
• methods for trusted data sharing;
• inference attacks and methods for anonymity protection;
• overview of (programmable) blockchain and DLT technologies and their applications;
• overview of the Bitcoin blockchain;
• overview of the Ethereum blockchain;
• basics of the Solidity language;
• basics of Ethereum smart contracts;
• tools and frameworks for developing and testing Ethereum dapps.
The main abilities that the students will acquire are:
• capability to recognize and to classify vulnerabilities and attacks to data management systems;
• capability to design data management systems and communication protocols that ensure a specific level of security, including anonymity protection;
• capability to develop and test decentralized applications (dapps) for Ethereum. - Prerequisites
- For a full comprehension of all course topics it is helpful (but not strictly necessary) to be familiar with algorithms and data structures, basic concepts of computer networks, including Internet protocols, Web technologies, RESTful Web services, Remote Procedure Calls (RPCs), JavaScript and Node.js.
- Teaching methods
- The course uses two main types of teaching methods:
• Lessons in the classroom (80% of total time): they consist of face-to-face lessons in the classroom. In each lesson, the teacher illustrates specific data security topics, through the projection of slides.
• Guided exercises on the computer (about 20% of total time): they are focused on developing and testing simple decentralized applications (dapps) for the Ethereum blockchain, using the Solidity language. - Other information
- None.
- Learning verification modality
- [Aims of the assessment]. Evaluating (i) the knowledge of the theoretical concepts given by the teacher; (ii) the ability to analyze the security of specific data protection solutions; and (iii) the capability to develop protocols and systems, including blockchain dapps, that offer a determined level of security and meet certain design constraints.
The exam consists of an oral test and of a project work as described hereunder.
Oral test
• Duration: 30 minutes.
• Score: 20/30.
• Composition: 2 theoretical questions and 1 practical exercise.
Project
• Objective: development of a basic data protection system, including a blockchain dapp.
• Deliverables: software and project report.
• Number of participants: 1 (individual project) or 2 (group project).
• Score: 10/30. - Extended program
- [Basic concepts and terminology of data security]
CIA triad: confidentiality, integrity, availability.
AAA triad: assurance (trust), authenticity, anonymity.
Vulnerabilities, threats, and attacks.
Data breach, data leak, data loss, data theft.
[Applied cryptography for data security]
Secret key cryptography.
Cryptographic hash functions and accumulators.
Public key cryptography.
Digital signature.
Hybrid encryption.
Basics concepts of elliptic curve cryptography, homomorphic encryption and blind signature.
[Data access control]
AAA model: authentication, authorization, accounting.
Authentication of systems and of people.
Challenge-response authentication protocols.
Perfect forward secrecy.
Access control models: access control matrices, access control lists, capability lists, role-based access control.
[Anonymity attacks and data anonymization techniques]
Re-identification (or de-anonymization) and inference attacks.
Basic anonymization techniques: attribute and record suppression, character masking, pseudonymization, generalization, swapping, aggregation, perturbation.
Advanced anonymization techniques: k-anonymity, l-diversity, anatomization.
[Blockchain basics]
Blockchain components: transactions, blocks, decentralized consensus mechanisms.
Types of blockchains: public permissionless and permissioned.
Bitcoin's blockchain.
Basic concepts of programmable blockchains and smart contracts.
Applications of blockchain.
[The Ethereum blockchain and the Solidity language]
Ethereum accounts.
Gas and payment.
Types of transactions in Ethereum.
Ethereum as a state transition system.
Ethereum's consensus mechanisms.
Examples of smart contracts in Solidity.
Ethereum development standards.
Tools and frameworks for developing and testing Ethereum dapps.