The intertwinement of telecommunications, mobile communications and data networks is turning IT security into an explosive topic and a key risk factor in today's businesses. Services such as e-commerce, e-government or digital media and their copyright protection severely stress data, network and transmission security. In the Master's degree program you will be specializing in aspects of technical security and the "human risk factor"
Master of Science in Engineering (MSc)
tuition fee per semester
+ ÖH premium + contribution2
Application winter semester 2023/24
19th September 2022 to 15th July 2023
1 Tuition fees for students from third countries € 727,- per semester
2 for additional study expenses (currently up to € 83,- depending on degree program and year)
Data protection and system security are your top priority. You have the ability to identify potentially weak points in systems and networks. This motivates you to find suitable measures to prevent manipulation and to block unauthorized access. New technologies arouse your interest - yet always with guaranteed security standards in mind. Your are familiar with encryption methods and you would like, in your Master's degree program, to delve deeper into cryptography as a field for research and application.
This way, fun and experience are guaranteed!
Modern laboratory equipment and high-tech research facilities enable practice-oriented teaching.
Obtain additional certificates while still studying and increase your market value.
To apply you will require the following documents:
It is not possible to save incomplete online applications. You must complete your application in one session. Your application will be valid as soon as you upload all of the required documents and certificates. In the event that some documents (e.g. references) are not available at the time you apply, you may submit these later via e-mail, mail or in person by no later than the start of the admission process.
The admission procedure assesses the professional suitability of the applicants for the Master's program. It consists of an oral interview. You will receive the date for the admission procedure from the secretary's office. The admission interview usually takes place online via ZOOM.
IT security is a highly agile field. Attacks on servers and networks are getting increasingly sophisticated. Our state-of-the-art network laboratory where you may refine your strategies for preventing unauthorized access and develop measures and scenarios for protection is at your disposal. You will have the opportunity of participating in research and development (R&D) projects, engaging in active exchange between science and practice at the university. The degree program also includes an own "IT security competence team", working in close cooperation with companies. The research focuses on the transmission of data, safe from manipulation or eavesdropping.
The number of mobile end devices will continue to increase and thereby also the demands made on data security for these tiny devices with their weak computing power. Sensor nodes which, albeit very versatile, are also small and have limited computing capacity and very little storage space are another example. Contrasting with these, we have the Cloud with its seemingly infinite computing and storage resources. The IT Security Master's degree program addresses both these developments in its research program.
The course experts implement, evaluate and compare a diversity of cryptographic algorithms in the affiliated Competence Center for IT Security.
The goal is to establish easily realizable secure data encryption options in practice. Findings are directly incorporated into the degree program to assuring you, the Master's student, of a decisive advantage of knowledge. The specialist know-how of our lecturers is also in high demand internationally. Experts of the IT Security Competence Center are often asked to participate as speakers at international conferences on data security and data protection. Papers published by the IT experts often receive awards such as the FH Best Paper Award, repeatedly awarded to FH Campus Wien.
The Master's degree program will impart to you the know-how enabling you to make overall system security assessments. To achieve this goal, you will combine your technical knowledge of information technology, data systems and communication networks with the focus on IT security. You will also acquire skills in personal development and business administration.
- Dependability and Fault Tolerance
- Synchronization and Agreement
- Redundancy and Replication
- Transaction Control
- Group Membership and Failure Detection
- Group Communication
- Practical Project
The lecture covers basic concepts of cryptography, methods of classical cryptography, symmetric and asymmetric cryptography as well as basic concepts of data security.
In addition to basic procedures for the encryption and decryption of data, digital signatures and other basic mechanisms as well as cryptographic protocols and their respective areas of application are considered. In addition, modern procedures such as elliptic curves are also considered in an overview. The associated key management and an overarching security infrastructure are also taken into account. Practical application examples are used for a better understanding and illustration of the functionality.
The exercise accompanies and deepens the contents of the lectures by means of computational problems to be solved independently by the students as well as the implementation of small cryptographic tasks in C and Java.
Definition of information management
Levels of information management
Information architecture and information infrastructure
Information needs analysis
Basic assumptions of communication, body language, presentation techniques, social competence, effective communication strategies, rhetorical basics, application of different conversation and questioning techniques, promoting and hindering conversation behavior, self-organization, conflict management
In a bottom-up approach, the individual components of a computer system and, subsequently, of a network are examined, and starting points for possible attacks are presented at each level. Cryptographic options for counteracting these attacks are then discussed. This covers side-channel attacks on the silicon level, TPM and BIOS encryption, network authentication mechanisms and a brief introduction to security in the cloud environment.
- Threat overview
- Firewalls (stateless/stateful)
- Intrusion detection and prevention
- Overview of SSL and TLS as well as VPN technologies (L2TP, PPTP, MPLS, IPsec)
- Practical lab exercises in the VPN environment
Final written exam
- Lecture with slides and beamer, additional explanations on whiteboard
- Lectures by external company experts
- Laboratory exercises
Historical and current vulnerabilities in software products are discussed, and approaches to solutions are discussed that help to avoid or detect these errors already in the development process. Measures to minimize the effects of errors in existing, non-modifiable software by means of suitable system configuration are also presented.
Accompanying the VO "Secure Software Development", selected topics from the field of IT security will be worked on independently and deepened.
In particular, the following aspects are relevant - Practical implementation of more complex implementation tasks - Independent project management
- Basics of RF transmission (antennas, radio field)
- Security aspects of wireless network technologies (shared medium vs. wire, attack methods, mobile devices)
- Wireless network technologies and their security mechanisms- Wireless LAN (802.11)
- Practical examples of attacks and system setups
Final examination and accompanying exercises
Lector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk. tech.
The course tries to bridge the gap between the pure "textbook" version of cryptographic algorithms and their application in actual systems. Symmetric techniques like DES and especially AES with its most important variants are described in detail, as well as padding techniques, and selected chapters from PKCS. These topics are complemented by notes on the practical implementation of the long number arithmetic necessary for cryptographic primitives.
Lector: Tobias Buchberger, BSc MSc, Silvia Schmidt, BSc MSc
Based on the lecture "Secure Software Development" and the corresponding exercise from the first semester, measures and techniques along the life cycle of an application are discussed in order to detect or avoid security vulnerabilities in design, implementation, deployment, upgrade or maintenance of an application or in the underlying system. In addition, the course deals with security aspects at runtime of applications as well as aspects of DevOps or DevSecOps (Development, Security and Operations). These techniques will be further deepened by means of practical exercises. In particular, the following technologies will be considered:
- Virtualization (e.g. KVM, Proxmox VE)
- Container technologies (system vs. application containers)
- LXC, Docker, and related tools
- Security Automation, Infrastructure as Code (e.g. Ansible)
- Continuous Integration/Continuous Deployment (CI/CD)
- CIS benchmarks
Lector: Tobias Buchberger, BSc MSc, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk. tech.
- Technical basics of identity management
- Single sign-on systems, Shibboleth, Kerberos
- OAuth, OpenID Connect, SAML; FIDO, U2F
- Practical project
- Cloud paradigms (IAAS, PAAS, SAAS)
- Security in the Cloud (Searchable/Homomorphic Encryption)
Practical work in small group
Lector: Tobias Buchberger, BSc MSc, Ing. Reinhard Kugler, MSc
In this course, we will examine computer security from the perspective of an attacker. In lab exercises, the attacks demonstrated in the lecture will be tried independently to gain a deeper understanding of how attackers work. This trains the critical perspective for computer security in operation and design. This lecture is part one of the Cyber Security/Cyber Crime Defense lecture series.
TCP/IP, UDP & IP Spoofing, ARP Poisoning, DNS, Traffic Amplification Attacks, Web Applications, OWASP Top10, XSS, SQL Injections, Java Security, Buffer Overflows.
5 practical challenges (of which you need to solve 3) and a written exam.
The integrated course uses individual lecture blocks and an online platform where students solve exercise examples. The exercise examples are, for example, exploiting vulnerabilities in Linux and Windows, buffer overflows or modifying a mobile app.
Lector: MMag. Christoph Hubatschke, Dr. techn. Albert Rafetseder, MSc. BSc.
In this course, students will be introduced to the ethical aspects of cryptography (the relationship between security and privacy), the trading of data ("surveillance capitalism"), decisions based on algorithms, and the responsibility of programmers and scientists for algorithms.
The course emphasizes active student participation and reflection, through case studies, group work, and students' own projects. The goal is to sensitize the students, as future programmers, to the ethical aspects of their work and to encourage their own reflection on their personal roles.
Lector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk. tech.
The course provides an overview of different types of cryptographic protocols and describes their areas of application and special features. In the context of topic days, students implement selected protocols in group work and compare the results in a presentation.
The topics in detail are
- Public-Key Schemes
- Challenge Response Schemes/Authentication
- Signature Schemes
Each theme day has the character of a partial exam, not a written final exam
Independent implementation and presentation of the results in group work by the students.
Lector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk. tech., Nenad Milanovic, MSc
The students learn to implement IT security concepts on a concrete task and can set up and secure a complete network environment with different security mechanisms at the end of the course. They learn what attacks on IT systems look like and how corresponding countermeasures work.
Practical/constructive permanent performance control and documentation
- Independent implementation of a project
- Support is provided at any time upon request
- Regular review of progress
As a continuation of Cyber Security, this semester will examine an attacker's view of the Internet of Things, malware, and identity theft. Lab exercises will be used to independently try the attacks demonstrated in lecture to gain a deeper understanding of how attackers work. This trains the critical perspective for computer security in operation and design.
Unix Security, Windows Security, OS X Security, Memory Corruption (Stack Overflows, Heap Overflow, Return-to-libc, return oriented programming), Format String Vulnerabilities, Shellcode, Race conditions, Reverse Engineering, Malware Analysis, CSRF, Hardware Security
Five practical challenges (of which you need to solve at least three) and a written exam.
The integrated course uses individual lecture blocks and an online platform where students solve exercise examples. The exercise examples are e.g. reverse engineering of a firmware, an ELF virus or a memory attack via Return Oriented Programming.
- Methods of digital forensics- File systems
- Network forensics
- Operating systems
- Analysis of application data
- Timeline analysis
- Keyword Search
- Norms and Standards / Related Documents- RFC 3227 "Guidelines for Evidence Collection and Archiving".
- NIST SP 800-86 "Guide to Integrating Forensic Techniques into Incident Response".
- Legal Framework- Legal basis
- Types and roles of expert witnesses
- Form and content of an expert report
Hard disk image creation & analysis, file systems (esp. NTFS), memory forensics, network forensics, application data analysis, smartphones, anti-forensics, legal frameworks, best practices, ISO 3227 & NIST 800-86
The course will include different didactic teaching methods, e.g.:
- Frontal teaching
- Independent work in the group or in individual deliveries
- Interactive media support
- Computer room teaching
Application of VO Content: Acquisition and analysis of hard disk images, network analysis, smartphones and application data, cryptography & antiforensics.
Evaluation of the submitted reports
Summary of the essential aspects of project management, process management and system safety, as well as their concrete application in practical examples. Clarification of the distinction between safety and security, as well as the interfaces between the two areas. Discussion of the experiences gained by the students and reflection on the findings.
ILV, assessment of submissions and presentations.
Implementation and presentation of a hands-on project in small groups.
- Side channel attacks
- RSA method
- Elliptic curves
- Long-number arithmetic
- Functionality of smart cards
The exercise deepens the topics covered in the lecture by practical implementation tasks on microcontrollers and in the environment of sensor nodes. Selected cryptographic algorithms are implemented and tested by the students.
- IT Security Management and Risk Assessment
- IT Security Controls, Plans, and Procedures
- Physical and Human Resources Security
- Access Control Management
- Security Compliance / Audit
Security Management & IT Governance, ISO 27001:2013, Internal Control System for IT, ISMS Set-up, Risk Management & Business Continuity Management, Policy and Guideline Design, System Development Life Cycle, Access Control, Physical and environmental security, COBIT, Basic Protection Manual
1/3: Personal case studies
1/3: Group work incl. presentation
1/3: Classroom Quizzes
Lecture, individual processing of a case study, group work incl. presentation of the result.
Forms of white-collar crime, social engineering, values and needs in the work environment, change processes and their effects, analysis of fraud events, crime prevention in the company, emergency strategy and investigation process, examples of criminal cases and their processing, trends and development of white-collar crime.
A well-founded academic education also includes the ability to consider and deal with a wide variety of problems scientifically. This course therefore provides an introduction to scientific work and scientific methodology.
The course focuses on reading, understanding and interpreting relevant scientific texts as well as literature research and the formal methods of scientific work. Furthermore, the students independently write a short scientific paper on an exemplary topic and present and defend it in plenary.
In the course of the course, the procedure of a scientific conference is simulated. After a general introduction to scientific work, the students are to work independently on a problem in a chosen subject area. After writing a short disposition, a scientific article is to be written based on this (draft paper). The resulting articles are then distributed to colleagues who are to critically examine and evaluate them (peer reviews). Afterwards, an improved, final version of the article is to be written (camera-ready paper), taking into account the reviews received. At the end of this course, the written scientific papers will be presented to the other course participants in lectures.
Independent work on a relevant subject at a scientific level under the guidance of a supervisor, preparation of the master's thesis.
Approval of the master thesis
Independent scientific work under the guidance of a supervisor
The students present the current development of their master thesis at regular intervals and put it up for discussion in the plenum.
Presentations by students followed by discussion
This event presents the fundamental principles of human perception in the context of risk- and security-related actions and decisions. The overarching context represents the general way society and politics deal with new technologies.
Neuro- and sensory-physiological, psychological and social foundations of human behavior
V.a. of risk perception, risk assessment and risk evaluation of technical systems
Human choice and decision behavior
Foundations and phenomena of human error and possibilities of error avoidance
The grade is composed of the two partial performances "Presentation of a self-selected topic" and a seminar paper of about 10 pages on the same topic.
Lectures of the LV leader and presentations of the participants
The Privacy in Internet lecture is an introduction to privacy technologies and their application areas. The following topics will be discussed:
Privacy Definition, Introduction ,Legal Aspects, DSGVO and data protection impact assessment
- Identity management
- Anonymous communication
- Privacy policies
- Database privacy
- Vehicular privacy, Location privacy
- Search engine privacy,
- Social network privacy,
- Privacy and the Smart grid
- Exercises and project work (40%)
- Written exam (60%)
Lecture series, 2-3 homework assignments, small group project.
Basics, copyright law with special focus on IT, data protection and data security, general contract law, consumer protection in distance selling, signature, domain names
Collaboration, presentation and written exam
Lecture, student presentation, practical insight into the professional life of an IT Security Officer, PPT slides.
Number of teaching weeks
18 per semester
5.30 p.m.-7.00 p.m. and 7.15 p.m.-8.45 p.m.
As a graduate of this program, a wide range of professional fields and career opportunities are open to you. Find out where your path can lead you.
Graduates are active in both the core information technology and telecommunications industries as well as in sector spanning positions. Your task will be to design and implement comprehensive security solutions. You will specify, plan, integrate, test and operate voice and data networks, taking into account the necessary security standards. You will work in the following areas:
In teaching and research we work closely with renowned companies from commerce and industry, universities and research institutions. These partnerships provide you with opportunities to find a job, write your thesis, or participate in current research and development activities - also in our competence center for IT security. You can find many of our cooperations in the campus network. It is always worth taking a look and you might find a new job or an interesting event with one of our cooperation partners.
Academic Staff, Competence Center for IT-Security
Academic Staff, Competence Center for IT-Security
Research Staff, Competence Center for IT-Security
Competence Center for IT-Security, Academic Staff