This course is obligatory in the specialty of Computer Engineering of the Degree in Computer Engineering, but it is also offered as elective for students of other specialties that are coursing their fourth year.



Currently, cybersecurity has become one of the most important areas of computing. Cybersecurity can be found at all levels of a computer system. The Computer Engineering specialty is divided into three branches: networks and systems, architecture and technology and security; and security is becoming more and more important in each and every one of these branches.



In this course, we will analyze the most currently used types and techniques of attack, as well as ways to avoid them. This will grants students a global vision of cybersecurity and a future ability to protect infrastructures. This course will address aspects such as cryptography (classical, quantum, post-quantum and cryptoanalysis), techniques and methodologies to measure the level of security of computer systems (audits and penetration testing), analysis of errors and their use to compromise the security of systems, vulnerability and exploits and industrial cybersecurity.

This course has no prerequisites, but having passed the courses of the 1st semester of the specialty and being enrolled in all the courses of the 2nd semester of the specialty is advised.

After completing this course, the student will have obtained the following learning outcomes:

1. Ability to develop programs using classical cryptography, both symmetric and asymmetric.

2. Ability to understand some quantum cryptography algorithms for solving the key distribution problem.

4. Knowledge of the most typical cyberattacks.

5. Understanding of the methodologies and tools used to carry out audits and penetration analyses.

6. Understanding of the SCADA architectures used in industrial environments and knowledge on how to protect it.

1. Introduction

2. Classic cryptography

3. Advaned cryptography

4. Cryptoanalysis

5. Audits and penetration tests

6. Vulnerability and exploits

7. Industrial cybersecurity

This course combines different teaching methodologies. On the one hand, the conceptual contents of the subjects will be taught in master classes, the participation of students in debates will be encouraged. The resolution of individual or group problems will be carried out in a participatory manner. On the other hand, other tasks will be carried out through laboratory practices and a final project that the students must develop autonomously and collaboratively.

In addition, practical assignments and projects will be developed individually or in groups. In them, students will have to carry out tasks taking into account the theoretical contents discussed in class and the proposed bibliography.

To facilitate and ensure student leaning, both classroom practices and computer practices will be monitored. Feedback will be provided based on previously established evaluation criteria, to ensure that students have the opportunity to become aware of their learning.

• Continuous Assessment System
• Final Assessment System
• Tools and qualification percentages:
  • The different evaluation criteria are described at length in the following sections. (%): 100

The evaluation systems that are contemplated are the continuous assessment and the final assessment. The continuous evaluation system is the default system for the ordinary examination, as indicated in the current regulations of the UPV/EHU.



a. Continuous assessment



This the default evaluation mode,

The final grade will be calculated as follows:

- Individual written tests: 40%

- Group practical assignments: 60%



In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.



This evaluation method requires active and continuous participation on the part of the students, with the following conditions:

- Attending classes and laboratories: no more than 5 unexcused class absences

- Handing in exercises and assignments and obtain a grade of at least 4 point (out of 10) for each task.

- Taking individual tests and obtain a grade of at least 4 points (out of 10) in each test taken.



In case of not fulfilling these conditions, the student will lose the option of the continuous assessment evaluation. Having met the continuous assessment requirements, students who decide to opt for the global assessment must inform the teachers within the period and in the manner indicated in the notice: by email before the tenth week. Leaving before the end of the continuous evaluation or not taking the final exam will be enough to obtain a non-taken grade.



b. Final assessment



The final grade will be calculated as follows:

- Individual written tests: 40%

- Individual practical assignments: 60%



In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.



Failure to take the final exam will be enough to obtain a non-taken grade.

The final grade will be calculated as follows:

- Individual written tests: 40%

- individual practical assignments: 60%



In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.

Material in eGela (class notes, lab guides, scientific articles...)

Basic bibliography

- Understanding Cryptography: A Textbook for Students and Practitioners, Christof Paar, Jan Pelzi, Bart Preneel, 2011

- Quantum Cryptography: From Key Distribution to Conference Key Agreement (Quantum Science and Technology), Federico Grasselli, 2021

- Industrial Cybersecurity: Efficiently secure critical infrastructure systems. Pascal Ackerman, 2017.