Course Title: Information Security (3 Cr.)

Course Code: CACS459

Year/Semester: IV/VIII

Class Load: 6 Hrs. I Week (Theory: 3Hrs. Practical: 3 Hrs.)

Course Description

The course, Information Security, introduces the theoretical as well as practical concepts of computer and information security. The course includes concepts of cryptographic algorithms, authentication systems, access controls, malicious logics, network security and security audits.

Course Objectives

The objectives of this course are to familiarize the students with the computer security concepts, security policies and security mechanisms so that students will be able to design, implement and manage the secure computer systems.

Course Contents:

Unit I: Overview of Computer security (4 Hrs)

1. Computer Security Concepts
2. Computer Security, Information Security, Network Security
3. Threats, Attacks and Assets
4. Security Requirements
5. Security Design Principles
6. Attack Surfaces and Attack Trees
7. Computer Security Strategy

Unit II:   Cryptographic Algorithms (12 Hrs)

1. Classical Cryptosystems: Ceasar, Vignere, Playfair, Rail Fence Ciphers
2. Modem Ciphers: Block vs. Stream Ciphers, Symmetric vs. Asymmetric Ciphers
3. Symmetric Encryption: Fiestel Cipher Structure, Data Encryption Standards (DES), Basic Concepts of Fields: Groups, Rings, Fields, Modular Arithmetic, Galois Fields, Polynomial Arithmetic, Advanced Encryption Standards (AES)
4. Number Theory: Prime Numbers, Fermat’s Theorem, Primility Testing: Miller-Rabin Algorithm, Euclidean Theorem, Extended Euclidean Theorem, Euler Totient Function
5. Asymmetric Encryption: Diffie-Helman Key Exchange, RSA Algorithm

Unit Ill: Message Authentication and Hash Functions (6 Hrs)

1. Message Authentication
2. Hash Functions
3. Message Digests: MD4 and MD5
4. Secure Hash Algorithms: SHA-1
5. HMAC
6. Digital Signatures

Unit IV: User Authentication (5 Hrs)

1. User Authentication Principles
3. Token-Based Authentication
4. Biometric Authentication
5. Remote User Authentication
6. Two Factor Authentication

Unit 5: Access Control 5 Hrs

1. Access Control Principles
2. Subjects, Objects and Access Rights
3. Access Control Matrix and Capability Lists
4. Discretionary Access Control
5. Role Based Access Control
6. Attribute Based Access Control
7. Identity, Credential and Access Management
8. Trust Frameworks

Unit 6: Malicious Software and Intrusion 4 Hrs

1. Malicious Software
2. Virus and its phases, Virus Classification
3. Worm, Worm Propagation Model, State of Worm Technology
4. Trojan Horse
5. Intrusion and Intruders
6. Intrusion Detection System
7. Analysis Approaches: Anomaly Based, Signature Based
8. Honeypots

Unit 7: Network Security 5 Hrs

1. Overview of Network Security
2. Email Security: S/MIME, Pretty Good Privacy (PGP)
3. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
4. IP Security (IPSec)
5. Firewalls and their types

Unit 8: Security Auditing 7 Hrs

1. Security Audit
2. Security Auditing Architecture
3. Security Audit Trail
4. Implementing Logging Function
5. Audit Trail Analysis

Laboratory Works

The laboratory work includes implementing and simulating the concepts of cryptographic algorithms, hash functions, digital signatures, authentication & authorization systems, and malicious logics. The laboratory work covers implementing programs for following;

• Classical ciphers like Caeser, Playfair, Railfence
• DES, AES
• Primality Testing, Euclidean Algorithm, RSA
• MD5, SHA
• Role Based Access Controls
• Malicious Logics

Teaching Methods

The major teaching methods that can be followed for this course includes class lectures, laboratory activity, group discussions, presentations and case studies. For laboratory work, the instructor can choose any programming language based on the comfort level of students.

Evaluation

Text Book

1. William Stallings and Lawrie Brown, Computer Security: Principles and Practice, Pearson
2. William Stallings, Cryptography and Network Security: Principles and Practice, Pearson.

Reference Books

1. Mark Stamp, Information Security: Principles and Practices, Wiley
2. Matt Bishop, Introduction to Computer Security, Addison Wesley
3. Matt Bishop, Computer Security, Art and Science, Addison Wesley
4. Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Pearson