Uka Tarsadia University

B.Tech. Computer
Semester V

INFORMATION SECURITY

CE5006

EFFECTIVE FROM July-2021

Syllabus version: 1.00
 Teaching Scheme
Subject
Subject Title Hours Credits
Code
Theory Practical Theory Practical
CE5006 Information Security 3 2 3 1

Theory Practical
Subject Examination Examination Total
Subject Title
Code Marks Marks Marks
Internal External CIE
CE5006 Information Security 40 60 50 150

Objectives of the course:

• To describe the concept and need of security in real life applications.
• To explore the principles and practice of cryptography and fundamental mathematics
behind cryptography.
• To introduce the necessity of security in network and web applications, their challenges
and their mitigating techniques.

Course outcomes:
Upon completion of the course, the student shall be able to
CO1: Understand the basics of information security and various vulnerabilities which
exploits information security.
CO2: Comprehend and apply classical and symmetric key cryptographic algorithms.
CO3: Analyze security challenges and select appropriate key distribution scenario and
illustrate usage of public key cryptography mechanism.
CO4: Discuss and assess various solutions to provide authentication, integrity and
confidentiality.
CO5: Explain and apply security mechanisms in network applications.
CO6: Understand security mechanisms in web applications and apply authentication
mechanisms on web applications.

Sr. No. Topics Hours

Unit – I
1 Introduction and Need of Security: 5
Security introduction, Characteristics of information: Availability,
Accuracy, Authenticity, Confidentiality, Integrity, Utility,
Possession, CIA Triad, Reference Model of Information Assurance
& Security (RMIAS), Balancing information security and access,
Approaches to information security implementation, Business
needs - Protecting the functionality, Enabling safe operation,
Protecting data, Safeguarding technology assets, Threats, Attacks -
Malicious code, Backdoors, Password crack, Brute force,
Dictionary, DoS and DDoS, Spoofing, Man-in-the-Middle,
Spamming, Sniffing, Social engineering, Buffer overflow, Timing
attack.
 Unit – II
2 Classical Cryptography: 9
Symmetric cipher model, Substitution techniques, Transposition
techniques, Steganography.
Symmetric Key Cryptography:
Block cipher principles, Substitution-Permutation networks, Data
Encryption Standard (DES), Block cipher modes of operation.
Unit – III
3 Number Theory: 8
Prime and relative prime numbers, Modular arithmetic, Fermat's
Little theorem, Euler Totient function, Euler's theorem, Chinese
Remainder theorem, Pseudo random number generation.
Public key Cryptography:
Principles of public key cryptosystems, RSA algorithm, Key
management, Diffie-Hellman key exchange.
Unit – IV
4 Hash Functions: 9
Hash functions and Data integrity, Security of hash function,
Iterated hash functions - Merkle Damgard Construction, Secure
Hash Algorithm(SHA), Message Authentication Codes(MAC),
HMAC.
Digital Signature Scheme:
Digital signatures requirements, Digital signature standards,
Digital Signature Algorithm(DSA).
Unit – V
5 Network Security: 9
Secure Socket Layer(SSL) architecture and working, Transport
Level Security(TLS), Secure Shell SSH protocol, Electronic mail
security - Email security enhancements, Pretty Good Privacy(PGP),
S/MIME, IP Security, IPSec, IPSec key management, Intrusion
detection.
Unit – VI
6 Web Application Security: 5
Web application security - Common issues in web apps, Basic web
security model, Password vulnerabilities, Local and remote file
inclusion, HTTPS, CAPTCHA, User authentication and session
management for web apps.

Sr. No. Information Security (Practical) Hours

1 Perform a practical to demonstrate ping of death (Denial of Service)
2
attack in Ubuntu machine.
2 Perform a practical to install network mapper tool and analyze the
4
open ports in your Ubuntu machine.
 Run a script to close all the insecure port, reopen and demonstrate
3 Perform a practical to demonstrate the difference between TELNET
and SSH applications. Analyze the security information and TCP 4
packet flows in both the applications.
4 Perform a practical to implement Caesar cipher and play fair cipher. 2
5 Perform following using NMAP.
a. Find open ports on a system
b. Find the machines which are active 2
c. Find the version of remote OS on other systems
Find the version of Software installed on other system
6 Perform a practical to install IPcop firewall on LINUX machine and
2
configure all its security feature
7 Perform a practical to grab a banner with TELNET and perform the
2
task using NETCAT utility.
8 Perform a practical to implement block chain network using bit coin
4
core tool and demonstrate the bitcoin transaction on local network.
9 Perform a practical to Install jcrypt tool (or any other equivalent) and
demonstrate asymmetric, symmetric crypto algorithm, hash and 2
digital/pki signatures
10 Perform a practical to implement key management services using
2
web services. (Hint: Use AWS or Azure services).
11 Perform a practical to implement role base access of information
4
using server operating system.

Text book:
1. Forouzan and Mukhopadhyay - “Cryptography and Network Security”, 3 rd Edition,
McGraw Hill, 2015.

Reference books:
1. William Stallings - "Cryptography and Network Security – Principles and Practice", 7 th
Edition, Pearson Education.
2. Menezes Bernard - "Network Security and Cryptography", Cengage Learning India.
3. Douglas Stinson - "Cryptography: Theory and Practice", 3 rd Edition, Chapman & Hall.
4. Bruce Schneier - “Applied Cryptography: Protocols, Algorithms and Source Code in C”,
2nd Edition, John Wiley & Sons.

Course objectives and Course outcomes mapping:

• To describe the concept and need of security in real life applications: CO1, CO5, CO6
• To explore the principles and practice of cryptography and fundamental mathematics
behind cryptography: CO2, CO3, CO4
• To introduce the necessity of security in network and web applications, their
challenges and their mitigating techniques: CO4, CO5, CO6

Course units and Course outcomes mapping:

Unit Unit Name Course Outcomes
No. CO1 CO2 CO3 CO4 CO5 CO6
1 Introduction and Need of Security ✓
2 Classical and Symmetric key ✓
Cryptography
3 Number Theory and Public key
✓
Cryptography
4 Hash functions and Digital signatures
✓
Scheme:
5 Network Security ✓
6 Web Application Security ✓

Programme outcomes:
PO 1: Engineering knowledge: An ability to apply knowledge of mathematics,
science, and engineering.
PO 2: Problem analysis: An ability to identify, formulates, and solves engineering
problems.
PO 3: Design/development of solutions: An ability to design a system, component, or
process to meet desired needs within realistic constraints.
PO 4: Conduct investigations of complex problems: An ability to use the techniques,
skills, and modern engineering tools necessary for solving engineering
problems.
PO 5: Modern tool usage: The broad education and understanding of new
engineering techniques necessary to solve engineering problems.
PO 6: The engineer and society: Achieve professional success with an unders tanding
and appreciation of ethical behaviour, social responsibility, and diversity, both
as individuals and in team environments.
PO 7: Environment and sustainability: Articulate a comprehensive world view that
integrates diverse approaches to sustainability.
PO 8: Ethics: Identify and demonstrate knowledge of ethical values in non-classroom
activities, such as service learning, internships, and field work.
PO 9: Individual and team work: An ability to function effectively as an individual,
and as a member or leader in diverse teams, and in multidisciplinary settings.
PO 10: Communication: Communicate effectively on complex engineering activities
with the engineering community and with society at large, such as, being able
to comprehend and write effective reports and design documentation, make
effective presentations, and give/receive clear instructions.
PO 11: Project management and finance: An ability to demonstrate knowledge and
understanding of the engineering and management principles and apply th ese
to one’s own work, as a member and leader in a team, to manage projects and
in multidisciplinary environments.
PO 12: Life-long learning: A recognition of the need for, and an ability to engage in life -
long learning.

Programme outcomes and Course outcomes mapping:

Programme Course Outcomes
Outcomes CO1 CO2 CO3 CO4 CO5 CO6
PO1 ✓ ✓ ✓ ✓ ✓
PO2 ✓ ✓ ✓ ✓ ✓
PO3 ✓ ✓
PO4
PO5
PO6
PO7
PO8
PO9 ✓ ✓ ✓ ✓ ✓ ✓
PO10
PO11
PO12