Courses

In November 2024, the EU’s Cyber Resilience Act (CRA) was published. After a 36 month transition period, it will be in full effect on 11 December 2027. The CRA aims to enhance the security of all digital products sold within the EU. With its broad scope, it will affect numerous organizations. But what does this actually entail? What criteria must products fulfill to comply with the CRA? What organizational processes are required? And how does it align with existing regulations and standards such as NIS2 and the security requirements in the Radio Equipment Directive (RED/DA)? Shouldn’t those already address these needs?

Building trust on the web is a challenging task that often leads to failures. In this course, we will explore what a public key infrastructure (PKI) is and why it is essential for the web. By examining various methods that have been proposed and tried, many of which did not succeed, participants will gain insight into the complexities of managing a PKI. By the end of the course, participants will appreciate why what looks like a simple job—managing certificates—is actually notoriously difficult. This knowledge will easily translate to other tasks related to establishing trust in the digital world.

In the fall semester, I teach in the master-level Network Security course at ETH Zürich. The course covers a broad range of topics, and aims to give students a strong conceptual understanding of the intricacies of securing modern networks.