Page 1
ACADEMIC REGULATIONS
COURSE STRUCTURE AND SYLLABI
M.TECH.
CYBER SECURITY (Department of Computer Science and Engineering)
2013 – 2014
GAYATRI VIDYA PARISHAD
COLLEGE OF ENGINEERING
(AUTONOMOUS)
Accredited by NAAC with A Grade with a CGPA of 3.47/4.00
Affiliated to JNTUK-Kakinada
MADHURAWADA, VISAKHAPATNAM – 530 048
Page 3
VISION
To evolve into and sustain as a Centre of
Excellence in Technological Education
and Research with a holistic approach.
Page 4
MISSION
To produce high quality engineering graduates
with the requisite theoretical and practical
knowledge and social awareness to be able to
contribute effectively to the progress of the
society through their chosen field of endeavor.
To undertake Research & Development, and
extension activities in the fields of Science and
Engineering in areas of relevance for immediate
application as well as for strengthening or
establishing fundamental knowledge.
Page 5
F O R E W O R D
Two batches of students have successfully completed the M.Tech.
programme under autonomous status, which gave us a lot of satisfaction
and encouragement. In the light of changing scenario of accreditation
process globally, to upkeep the quality of education further, a major
revision in the curriculum has been taken up with an objective to provide
outcome based education.
As the college is getting funds under TEQIP-II, S.C.1.2 for up-scaling
P.G education and research, two more P.G programmes in the thrust
areas are being introduced from this academic year leading to a total of
13 programmes.
We could execute these changes only with the help of the commendable
academicians, enthusiastic representatives from Industry and support
from the representatives of affiliating University JNTU-K present in the
Boards of Studies, Academic Council and Governing Body.
It is hoped that the new regulations and curriculum will enhance the all-
round ability of students so that they can technically compete at global
level with native ethical standards.
PRINCIPAL
Page 6
MEMBERS ON THE BOARD OF STUDIES
IN
COMPUTER SCIENCE AND ENGINEERING
Prof. P.S. Avadhani, Professor in CS & SE, A.U.College of Engineering, Visakhapatnam.
Ms. S. Malathi,
Country Leader – Academic Initiative, IBM Software Group, IBM India
Pvt Ltd., No.12, Subramanya Arcade, Bannerghatta Road, Bangalore.
Sri Sudheer Reddy K.,
Lead-Education & Research Team – Campus connect, Infosys Ltd.,
Survey No.210, Manikonda Village, Lingampally, Hyderabad–500 032.
Prof. B. Yegnanarayana,
Professor & Microsoft Chair, A3-116, IIT, Hyderabad, Gachibowli,
Hyderabad – 500 032.
Prof. D.V.L.N. Somayajulu,
Professor, Department of Computer Science & Engineering, National
Institute of Technology (NIT), Warangal – 506 004.
Prof. R. Krishnan,
Head, Engineering Research, Amritha Vishwa Vidyapeetham,
Amritanagar, Coimbatore – 641 112.
Dr. V. Kamakshi Prasad, Professor, School of Information Technology,
JNTU-H, Kukatpally, Hyderabad – 500 085.
Ms. Malathi S.,
Country Leader - Academic Initiative, IBM Software Group, IBM India
Pvt. Ltd., No.12, Subramanya Arcade, Bannerghatta Road, Bangalore.
Sri C. Srinivas,
Associate Professor & Head, Department of C.S.e.,
G.V.P. College of Engg. for Women, Madhurawada, Visakhapatnam.
All faculty members of the Department.
Page 7
GVPCE(A) M.Tech. Cyber Security 2013
M.TECH. ACADEMIC REGULATIONS (Effective for the students admitted into first year from the Academic Year 2013 - 14)
The M.Tech. Degree of Jawaharlal Nehru Technological University
Kakinada shall be recommended to be conferred on candidates who are
admitted to the program and fulfill all the following requirements for the
award of the Degree.
1.0 ELGIBILITY FOR ADMISSION:
Admission to the above program shall be made subject to the
eligibility, qualifications and specialization as per the guidelines
prescribed by the APSCHE and AICTE from time to time.
2.0 AWARD OF M.TECH. DEGREE:
a. A student shall be declared eligible for the award of the M.Tech.
degree, if he pursues a course of study and completes it
successfully for not less than two academic years and not more
than four academic years.
b. A student, who fails to fulfill all the academic requirements for
the award of the Degree within four academic years from the
year of his admission, shall forfeit his seat in M.Tech. Course.
c. The duration of each semester shall normally be 20 weeks with
5 days a week. A working day shall have 7 periods each of
50 minutes.
3.0 STRUCTURE OF THE PROGRAMME:
*Elective 1
Semester No. of Courses per Semester Credits
Theory + Lab
I (5 +1*) + 1 20
II (5+1*) + 1 20
III Seminar 02
III, IV Project Work 40
TOTAL 82
Page 8
GVPCE(A) M.Tech. Cyber Security 2013
4.0 ATTENDANCE:
The attendance shall be considered subject wise.
a. A candidate shall be deemed to have eligibility to write his end
semester examinations in a subject if he has put in at least 75%
of attendance in that subject.
b. Shortage of attendance up to 10% in any subject (i.e. 65% and
above and below 75%) may be condoned by a Committee on
genuine and valid reasons on representation by the candidate
with supporting evidence.
c. Shortage of attendance below 65% shall in no case be
condoned.
d. A student who gets less than 65% attendance in a maximum of
two subjects in any semester shall not be permitted to take the
end- semester examination in which he/she falls short. His/her
registration for those subjects will be treated as cancelled. The
student shall re-register and repeat those subjects as and when
they are offered next.
e. If a student gets less than 65% attendance in more than two
subjects in any semester he/she shall be detained and has to
repeat the entire semester.
5.0 EVALUATION:
The performance of the candidate in each semester shall be
evaluated subject-wise with 100 marks for each theory subject
and 100 marks for each practical, on the basis of Internal
Evaluation and External End -Semester Examination.
The question paper of the external end semester examination
shall be set externally and valued both internally and externally.
If the difference between the first and second valuations is less
than or equal to 9 marks, the better of the two valuations shall
be awarded. If the difference is more than 9 marks, the scripts
are referred to third valuation and the corresponding marks are
awarded.
a. A candidate shall be deemed to have secured the minimum
academic requirement in a subject if he secures a minimum of
40% of marks in the End Semester Examination and aggregate
minimum of 50% of the total marks of the End Semester
Examination and Internal Evaluation taken together. 2
Page 9
GVPCE(A) M.Tech. Cyber Security 2013
b. For the theory subjects, 60 marks shall be awarded based on the
performance in the End Semester examination and 40 marks
shall be awarded based on the Internal Evaluation. One part of
the internal evaluation shall be made based on the average of the
marks secured in the two internal examinations of 30 marks
each conducted one in the middle of the Semester and the other
immediately after the completion of instruction. Each mid-term
examination shall be conducted for a duration of 120 minutes
with 4 questions without any choice. The remaining 10 marks
are awarded through an average of continuous evaluation of
assignments / seminars / any other method, as notified by the
teacher at the beginning of the semester.
c. For practical subjects, 50 marks shall be awarded based on the
performance in the End Semester Examinations, 50 marks shall
be awarded based on the day-to-day performance as Internal
marks. A candidate has to secure a minimum of 50% in the
external examination and has to secure a minimum of 50% on
the aggregate to be declared successful.
d. There shall be a seminar presentation during III semester. For
seminar, a student under the supervision of a faculty
member(advisor), shall collect the literature on a topic and
critically review the literature and submit it to the Department in
a report form and shall make an oral presentation before the
Departmental Committee. The Departmental Committee shall
consist of the Head of the Department, advisor and two other
senior faculty members of the department. For Seminar, there
will be only internal evaluation of 50 marks. A candidate has to
secure a minimum of 50% to be declared successful.
e. In case the candidate does not secure the minimum academic
requirement in any subject (as specified in 5.a to 5.c), he has to
reappear for the End Examination in that subject. A candidate
shall be given one chance to re-register for each subject
provided the internal marks secured by a candidate in that
subject is less than 50% and he has failed in the end
examination. In such a case, the candidate must re-register for
the subject (s). In the event of re-registration, the internal marks
and end examination marks obtained in the previous attempt are
nullified. 3
Page 10
GVPCE(A) M.Tech. Cyber Security 2013
f. In case the candidate secures less than the required attendance
in any subject(s), he shall not be permitted to appear for the End
Examination in those subject(s). He shall re-register for the
subject(s) when they are next offered.
g. Laboratory examination for M.Tech. subjects must be
conducted with two Examiners, one of them being Laboratory
Class Teacher and second examiner shall be other than the
Laboratory Teacher.
6.0 EVALUATION OF PROJECT / DISSERTATION WORK:
Every candidate shall be required to submit the thesis or
dissertation after taking up a topic approved by the
Departmental Research Committee (DRC).
a. A Departmental Research Committee (DRC) shall be
constituted with the Head of the Department as the Chairman
and two senior faculty as Members to oversee the proceedings
of the project work from allotment of project topic to
submission of the thesis.
b. A Central Research Committee (CRC) shall be constituted with
a Senior Professor as Chair Person, Heads of the Departments
which are offering the M.Tech. programs and two other senior
faculty members from the same department.
c. Registration of Project Work: A candidate is permitted to
register for the project work after satisfying the attendance
requirement of all the subjects (theory and practical subjects.)
d. After satisfying 6.0 c, a candidate has to submit, in consultation
with his project supervisor, the title, objective and plan of action
of his project work to the DRC for its approval. Only after
obtaining the approval of DRC the student can initiate the
Project work.
e. If a candidate wishes to change his supervisor or topic of the
project he can do so with the approval of the DRC. However,
the Departmental Research Committee shall examine whether
the change of topic/supervisor leads to a major change in his
initial plans of project proposal. If so, his date of registration
for the Project work shall start from the date of change of
Supervisor or topic as the case may be whichever is earlier. 4
Page 11
GVPCE(A) M.Tech. Cyber Security 2013
f. A candidate shall submit and present the status report in two
stages at least with a gap of 3 months between them after
satisfying 6.0 d. The DRC has to approve the status report, for
the candidate to proceed with the next stage of work.
g. The work on the project shall be initiated in the beginning of the
second year and the duration of the project is for two semesters.
A candidate shall be permitted to submit his dissertation only
after successful completion of all theory and practical subject
with the approval of CRC but not earlier than 40 weeks from the
date of registration of the project work. For the approval by
CRC the candidate shall submit the draft copy of the thesis to
the Principal through the concerned Head of the Department and
shall make an oral presentation before the CRC.
h. Three copies of the dissertation certified by the Supervisor shall
be submitted to the College after approval by the CRC.
i. For the purpose of adjudication of the dissertation, an external
examiner shall be selected by the Principal from a panel of 5
examiners who are experienced in that field proposed by the
Head of the Department in consultation with the supervisor.
j. The viva-voce examination shall be conducted by a board
consisting of the supervisor, Head of the Department and the
external examiner. The board shall jointly report the candidate‟s
work as:
A. Excellent
B. Good
C. Satisfactory
k. If the adjudication report is not favorable, the candidate shall
revise and resubmit the dissertation, in a time frame prescribed
by the CRC. If the adjudication report is unfavorable again, the
dissertation shall be summarily rejected and the candidate shall
change the topic of the Project and go through the entire process
afresh.
7.0 AWARD OF DEGREE AND CLASS :
A candidate shall be eligible for the degree if he satisfies the
minimum academic requirements in every subject and secures
satisfactory or higher grade report on his dissertation and viva-
voce. 5
Page 12
GVPCE(A) M.Tech. Cyber Security 2013
After a student has satisfied the requirements prescribed for the
completion of the program and is eligible for the award of M.Tech.
Degree, he shall be placed in one of the following three classes.
% of Marks secured Class Awarded
70% and above First Class with Distinction
60% and above but less than 70% First Class
50% and above but less than 60% Second Class
The grade of the dissertation shall be mentioned in the marks
memorandum.
8.0 WITHHOLDING OF RESULTS:
If the candidate has not paid any dues to the college or if any case
of indiscipline is pending against him, the result of the candidate
shall be withheld and he will not be allowed into the next higher
semester. The recommendation for the issue of the degree shall be
liable to be withheld in all such cases.
9.0 TRANSITORY REGULATIONS:
a. A candidate who has discontinued or has been detained for
want of attendance or who has failed after having studied the
subject is eligible for admission to the same or equivalent
subject(s) as and when subject(s) is/are offered, subject to 4.0
d, e and 2.0.
b. Credit equivalences shall be drawn for the students re-
admitted into 2013 regulations from the earlier regulations. A
Student has to register for the substitute / compulsory / pre-
requisite subjects identified by the respective Boards of
Studies.
c. The student has to register for substitute subjects, attend the
classes and qualify in examination and earn the credits.
d. The student has to register for compulsory subjects, attend
the classes and qualify in examination.
e. The student has to register for the pre-requisite courses,
attend the classes for which the evaluation is totally internal.
6
Page 13
GVPCE(A) M.Tech. Cyber Security 2013
10.0 GENERAL
1. The academic regulations should be read as a whole for
purpose of any interpretation.
2. In case of any doubt or ambiguity in the interpretation of the
above rules, the decision of the Chairman, Academic
Council is final.
3. The College may change or amend the academic regulations
and syllabus at any time and the changes amendments made
shall be applicable to all the students with effect from the
date notified by the College.
4. Wherever the word he, him or his occur, it will also include
she, hers.
******
7
Page 14
GVPCE(A) M.Tech. Cyber Security 2013
COURSE STRUCTURE SEMESTER - I
SEMESTER-II
8
Course
Code Theory / Lab L P C
13CS2201 Computer Networks 4 - 3
13CS2202 Computational Number Theory 4 - 3
13CS2203 Scripting Languages 4 - 3
13CS2204 Operating Systems Internals 4 - 3
13IT2111 Network Security and Cryptography 4 - 3
13CS2205
13CS2206
13CS2207
ELECTIVE – 1 1. Secure protocol Design
2. Public Key infrastructure and Trust
Management
3. Web Security
4 - 3
13CS2208 Cryptography and security Lab - 3 2
TOTAL 2 3 20
Course
Code Theory / Lab L P C
13CS2209 Security Threats & Vulnerabilities 4 - 3
13CS2210 Cyber Laws & Security Policies 4 - 3
13CS2106 Digital Forensics 4 - 3
13CS2211 Wireless Networks 4 - 3
13CS2212 Ethical Hacking 4 - 3
13CS2213
13CS2214
13CS2215
ELECTIVE -2 1. Biometric Security
2. Intrusion Detection Systems
3. Wireless and Mobile Security
4 - 3
13CS2216 Ethical hacking and Digital Forensic Tools Lab - 3 2
TOTAL 24 3 20
Page 15
GVPCE(A) M.Tech. Cyber Security 2013
SEMESTER – III
Course Code SEMINAR/ PROJECT WORK CREDITS
13CS2217 SEMINAR 2
13CS2218 PROJECT WORK (Contd..) -
SEMESTER – IV
Course code PROJECT WORK CREDITS
13CS2218 PROJECT WORK 40
9
Page 16
GVPCE(A) M.Tech. Cyber Security 2013
COMPUTER NETWORKS
Course code: 13CS2201 L P C
4 0 3
Pre requisites: ACA, DATA COMMUNICATION SYSTEM
Course Educational Objectives:
The main objective of this course is to make the student learn the design
of computer networks.
Course Outcomes:
A Student Who Successfully Completes This Course Should, at a
Minimum, Be Able To
1. Understand Basics of Computer Networks and different
Transmission Media.
2. Differentiate Protocols which play a major role in providing
internet effectively.
3. Understand various protocol layers and inner operations.
4. Understand architectures of network protocols.
5. Understand security issues in network protocols.
UNIT-I
NETWORK MODELS: Layered Tasks, WAN, LAN, MAN, OSI
model, TCP/ IP protocol stack, addressing (Text book 2), Novell
Networks Arpanet, Internet. (Text book 1).
PHYSICAL LAYER: Transmission media: copper, twisted pair,
wireless; switching and encoding asynchronous communications;
Narrow band ISDN, broad band ISDN and ATM. (Text book 1)
UNIT-II
DATA LINK LAYER: Design issues, framing, error detection and
correction, CRC, Elementary data link protocols, Sliding Window
Protocol, Slip, HDLC, Internet, and ATM.
MEDIUM ACCESS SUB LAYER: Random access, Controlled access,
Channelization, IEEE 802.X Standards, Ethernet, wireless LANS,
Bridges. (Text book 2)
10
Page 17
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III
NETWORK LAYER: Network Layer Design Issues, Routing
Algorithms, Internetworking, Network Layer in Internet. (Text book-1)
CONGESTION CONTROL: General Principles, policies, traffic
shaping, flow specifications,
Congestion control in virtual subnets, choke packets, loads shedding,
jitter control.(Text book-2)
UNIT-IV
TRANSPORT LAYER: Transport Services, Elements of Transport
Protocols, Internet Transport Protocols (TCP & UDP); ATM AAL Layer
Protocol.(Text book-1)
APPLICATION LAYER: Network Security, Domain name system,
SNMP, Electronic Mail: the World WEB, Multi Media
UNIT-V
SONET/SDH: SONET/SDH Architecture, SONET Layers, SONET
Frames, STS Multiplexing, SONET Networks.
TEXT BOOKS:
1. Andrew S Tanenbaum: Computer Networks ,6th
Edition. Pearson
Education/PI, 2012.
2. 2 .Behrouz A. Forouzan : Data Communications and Networking,
4th
Edition TMH, 2012.
REFERENCES:
1. S.Keshav: An Engineering Approach to Computer Networks, 2nd
Edition, Pearson Education, 2001.
2. William, A. Shay : Understanding communications and Networks,
3rd Edition, Thomson Publication, 2006
11
Page 18
GVPCE(A) M.Tech. Cyber Security 2013
COMPUTATIONAL NUMBER THEORY
Course code: 13CS2202 L P C
4 0 3
Pre requisites: Number theory basics, Security issues.
Course Educational Objectives:
This course offers a study of divisibility, the division algorithm, Euclid‟s
algorithm, prime numbers, congruence‟s, number theoretic functions,
and quadratic reciprocity.
Course Outcomes:
A Student Who Successfully Completes This Course Should, At a
Minimum, Be Able To
1. Develop the mathematical skills to solve number theory problems
and to develop the mathematical skills of divisions, congruence‟s,
and number functions.
2. Learn the history of number theory and its solved and unsolved
problems.
3. Investigate applications of number theory and the use of computers
in a Number theory.
4. Estimate the time and space complexities of various Secure
Algorithms.
5. Learn various factorization and logarithmic methods.
UNIT-I
Topics in elementary number theory: O and Ω notations – time estimates
for doing arithmetic – divisibility and the Euclidean algorithm –
Congruence‟s: Definitions and properties – linear congruence‟s ,
residue classes, Euler‟s phi function
UNIT-II
Fermat‟s Little Theorem – Chinese Remainder Theorem –
Applications to factoring – finite fields – quadratic residues and
reciprocity: Quadratic residues – Legendre symbol – Jacobi symbol.
Enciphering Matrices – Encryption Schemes – Symmetric and
Asymmetric Cryptosystems – Cryptanalysis – Block ciphers –Use of
Block Ciphers. 12
Page 19
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III
Multiple Encryption – Stream Ciphers –Affine cipher – Vigenere, Hill,
and Permutation Cipher – Secure Cryptosystem. Public Key
Cryptosystems: The idea of public key cryptography – The Diffie–
Hellman Key Agreement Protocol - RSA Cryptosystem – Bit security of
RSA – ElGamal Encryption
UNIT-IV
Discrete Logarithm – Knapsack problem – Zero-Knowledge Protocols
– From Cryptography to Communication Security - Oblivious Transfer.
Primality and Factoring: Pseudo primes – the rho (γ) method – Format
factorization and factor bases.
UNIT-V The continued fraction method – the quadratic sieve method. Number
Theory and Algebraic Geometry: Elliptic curves – basic facts –
elliptic curve cryptosystems – elliptic curve primality test – elliptic
curve factorization.
TEXT BOOKS:
1. Neal Koblitz: “A Course in Number Theory and Cryptography”,
2nd
Edition, Springer,2002.
2. Johannes A. Buchman: “Introduction to Cryptography”, 2nd
Edition, Springer, 2004.
REFERENCES:
1. Serge Vaudenay: “Classical Introduction to Cryptography –
Applications for Communication Security”, Springer, 2006.
2. Victor Shoup: “A Computational Introduction to Number
Theory and Algebra”, Cambridge University Press, 2005.
3. A. Manezes, P. Van Oorschot and S. Vanstone: “Hand Book of
Applied Cryptography”, CRC Press, 1996.
13
Page 20
GVPCE(A) M.Tech. Cyber Security 2013
SCRIPTING LANGUAGES
Course Code: 13CS2203 L P C
4 0 3
Pre requisites: Any programming course, knowledge of Unix
and PC environments
Course Educational Objectives: 1. This course emphasizes programming using scripting languages
for the purpose of collecting and manipulating system information
by system administrators and managers.
2. Programming concepts such as data types and control structures
will be discussed as well as operating system commands.
3. A variety of languages and utilities will be discussed such as the
Bourne shell, Perl, awk, and the Common Gateway Interface. The
student is expected to have programming experience and
knowledge of the Unix and PC environments.
Course Outcomes:
Upon successful completion of this course, the students:
1. Understand the scripting language paradigm.
2. Know the tradeoffs (advantages and disadvantages) of scripting
versus traditional programming.
3. Are proficient programmers in at least two scripting
tools/languages, including bash and Perl.
4. Can write scripts using Unix/bash / perl.
5. Understand crypto system like encryption and decryption with
scripting Languages.
UNIT- I
Introduction to PERL and Scripting- Scripts and Programs, Origin of
Scripting , Scripting Today, Characteristics of Scripting Languages,
Web Scripting, and the universe of Scripting Languages.
UNIT- II
PERL- Names and Values, Variables, Scalar Expressions, Control
Structures, arrays, list, hashes, strings, pattern and regular expressions,
subroutines, advance perl - finer points of looping, pack and unpack. 14
Page 21
GVPCE(A) M.Tech. Cyber Security 2013
UNIT- III
File system, eval, data structures, packages, modules, objects,
interfacing to the operating system, Creating Internet ware applications,
Dirty Hands Internet Programming, security Issues.
PHP Basics- Features, Embedding PHP Code in your Web pages,
Outputting the data to the
browser, Data types, Variables, Constants, expressions, string
interpolation, control structures.
Function ,Creating a Function, Function Libraries ,Arrays ,strings and
Regular Expressions.
UNIT- IV
Advanced PHP Programming-Php and Web Forms, Files, PHP
Authentication and Methodologies -Hard Coded, File Based, Database
Based, IP Based, Login Administration, Uploading Files with PHP,
Sending Email using PHP, PHP Encryption Functions, the Mcrypt
package, Building Web sites for the World
UNIT – V TCL – Tk: TCL Structure, syntax, Variables and Data in TCL, Control
Flow, Data Structures, input/output, procedures , strings , patterns, files,
Advance TCL- eval, source, exec and up level commands, Name spaces,
trapping errors, event driven programs, making applications internet
aware, Nuts and Bolts Internet Programming, Security Issues, C
Interface.
TEXT BOOKS:
1. David Barron: “The World of Scripting Languages”, 1st Edition,
Wiley Publications, 2009.
2. Steve Holden and David Beazley: “Python Web Programming”,
1st Edition, New Riders Publications.
3. Jason Gilmore: “Beginning PHP and MySQL”, 3rd
Edition, Apress
Publications (Dream tech.).
REFERENCES:
1. J.Lee and B.Ware: “Open Source Web Development with LAMP
using Linux, Apache,MySQL,Perl and PHP” , 1st Edition, Pearson
Education, 2002.
2. M.Lutz : “Programming Python”,SPD.
3. Julie Meloni and Matt Telles: “ PHP 6 Fast and Easy Web
Development ” , 1st Edition, Cengage Learning Publications, 2008.
15
Page 22
GVPCE(A) M.Tech. Cyber Security 2013
OPERATING SYSTEMS INTERNALS
Course code: 13CS2204 L P C
4 0 3
Pre requisites: Operating systems, Computer Networks, Android
Course Educational Objectives:
This Course aims in Describing process creation, execution, and
termination and Discuss kernel thread scheduling and preemption the
placement policies that the UNIX file system (UFS) uses to place inodes
and blocks of data.
Course Outcomes:
By the end of the course student will gain knowledge on
1. UINIX O.S. Architecture and internals of Unix O.S.
2. System calls which explore networking and security Applications.
3. Process and inner mechanism with processes security issues in
operating system.
4. Inter process communication mechanism
5. Android mobiles inner process system.
UNIT – I
Introduction to Kernel - Architecture of the UNIX operating
system, System concepts, Data structures. Buffer Cache: Buffer
header, Structure of Buffer pool, Reading and writing disk blocks.
Files INODES, Structure of a regular file, Directories, Super block,
Inode assignment. System calls - OPEN, Read, Close, Write,
Create, CHMOD, CHOWN, Pipes, Mounting and Unmounting
UNIT – II Process - Layout the system memory, Context, Process control, process
creation, signals, Process scheduling, time, clock. Inter-Process
Communications - Process tracing, System V IPC, Shared Memory,
Semaphores.
UNIT – III Network Communications - Socket programming: Sockets,
descriptors, Connections, Socket elements, Stream and Datagram
Sockets. 16
Page 23
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – IV Windows Operating system - versions, Concepts and tools,
Windows internals, System Architecture, Requirements and design
goals, Operating system model, Architecture overview.
Key system components. System mechanisms - Trap dispatching,
object manager, Synchronization, System worker threads, Windows
global flags, Local procedural calls, Kernel
event tracing.
UNIT – V
what is android, basic building blocks – activities, services, broadcast
receivers & content, ui components- views & notifications, components
for communication -intents & intent filters, android api levels launching
emulator editing emulator settings emulator shortcuts log cat usage,
Applications of Android.
TEXT BOOKS:
1. Maurice J. Bach: “The Design of the Unix Operating System”,
Prentice Hall of India, 1991.
2. Mark E. Russinovich and David A. Solomon: “Microsoft®
Windows® Internals”, 4th
Edition, Microsoft Press, 2004.
REFERENCES:
1. W. Stallings: “Operating Systems: Internals and Design
Principles”, 5th
Edition, Prentice Hall, 2005.
2. A. Tanenbaum, A. Woodhull: “Operating Systems Design and
Implementation”, 3rd
Edition, Prentice Hall, 2006.
17
Page 24
GVPCE(A) M.Tech. Cyber Security 2013
NETWORK SECURITY AND CRYPTOGRAPHY
Course code: 13IT2111 L P C
4 0 3
Pre requisites: Discrete Mathematical Structures.
Course Educational Objectives:
To gives an idea about the security issues and how to secure the
information from unauthorized users and they implement the respective
algorithms. Upon completion of this course, the student should be able
to:1. Analyze basic Encryption and Decryption algorithms.
2. Understand cryptographic data integrity algorithms.
3. Understand Key management and distribution of keys.
4. Understand security in the web, e-mail security.
5. Understand intrusion detection, malicious software and firewalls.
Course Outcomes:
At the end of the course the student will be able to
1. Understand various attacks, services, mechanisms and various
conventional and modern encryption techniques. 2. Analyze conventional encryption system and various algorithms in it.
3. Understand number theory and various algorithms and theorems
involved in it.
4. Understand Hash and Mac algorithms and authentication
applications.
5. Analyze IP Security Overview and Intruders, Viruses and Worms.
UNIT-I
Introduction: Attacks, Services and Mechanisms, Security attacks,
Security services, A Model for Internetwork security. Classical
Techniques: Conventional Encryption model, Steganography, Classical
Encryption Techniques.
Modern Techniques: Simplified DES, Block Cipher Principles, Data
Encryption standard, Strength of DES, Differential and Linear
Cryptanalysis, Block Cipher Design Principles and Modes of operations.
Algorithms: Triple DES, International Data Encryption algorithm,
Blowfish, RC5, CAST-128, RC2, Characteristics of Advanced
Symmetric block ciphers. 18
Page 25
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-II
Conventional Encryption: Placement of Encryption function, Traffic
confidentiality, Key distribution, Random Number Generation. Public
Key Cryptography: Principles, RSA Algorithm, Key Management,
Diffie-Hellman Key exchange, Elliptic Curve Cryptography.
UNIT-III
Number theory: Prime and Relatively prime numbers, Modular
arithmetic, Fermat‟s and Euler‟s theorems, Testing for primality ,
Euclid‟s Algorithm, the Chinese remainder theorem, Discrete
logarithms. Message authentication and Hash functions: Authentication
requirements and functions, Message Authentication, Hash functions,
Security of Hash function and MACs.
UNIT-IV
Hash and Mac Algorithms: MD File, Message digest Algorithm,
Secure Hash Algorithm, RIPEMD-160, HMAC. Digital signatures and
Authentication protocols: Digital signatures, Authentication Protocols,
Digital signature standards.
Authentication Applications: Kerberos, X.509 directory
Authentication service. Electronic Mail Security: Pretty Good Privacy,
S/MIME.
UNIT-V
IP Security: Overview, Architecture, Authentication, Encapsulating
Security Payload Combining security Associations, Key Management.
Web Security: Web Security requirements, Secure sockets layer and
Transport layer security, Secure Electronic Transaction.
Intruders, Viruses and Worms: Intruders, Viruses and Related threats.
Fire Walls: Fire wall Design Principles, Trusted systems.
Text books:
1. William Stallings, Cryptography and Network Security Principles
and Practices, 5th
Edition, PHI/Pearson, 2011.
2. William Stallings, Network Security Essentials Applications and
Standards, 4th
Edition, Pearson Education, 2011.
19
Page 26
GVPCE(A) M.Tech. Cyber Security 2013
References:
1. Eric Maiwald, Fundamentals of Network Security, 1 Edition,
Dreamtech press, 2008.
2. Charlie Kaufman, Radia Perlman and Mike Speciner, Network
Security Private Communication in a Public World, 2nd
Edition,
Pearson/PHI, 2009.
3. Whitman, Principles of Information Security, 3rd
Edition,
Thomson, 2008.
4. Robert Bragg, Mark Rhodes, Network Security The complete
Reference, 4th
Edition, TMH, 2009.
5. Buchmann, Introduction to Cryptography, 2nd
Edition,
Springer, 2009.
20
Page 27
GVPCE(A) M.Tech. Cyber Security 2013
SECURE PROTOCOL DESIGN
(ELECTIVE – 1)
Course code: 13CS2205 L P C
4 0 3
Pre requisites: Network security, Computer Networks.
Course Educational objectives:
The main objective of this course is that to explore various protocols and
design of various protocols with deeper security.
Course Outcomes:
By the end of the course Student will
1. Get the exposure to various protocols.
2. Gain knowledge on various secure mechanisms through set of
protocols.
3. Efficiently design new set of protocols.
4. Learn Security issues and overcome means with protocols.
UNIT – I
OSI:ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP,
SHTTP, LDAP, MIME,-POP& POP3-RMON-SNTP-SNMP.
Presentation Layer Protocols-Light Weight Presentation
Protocol Session layer protocols.
UNIT – II
RPC protocols-transport layer protocols-ITOT, RDP, RUDP, TALI,
TCP/UDP, compressed TCP. Network layer Protocols – routing
protocols-border gateway protocol-exterior gateway protocol-internet
protocol IPv4- IPv6- Internet Message Control Protocol- IRDP-
Transport Layer Security-TSL-SSL-DTLS
UNIT – III
Data Link layer Protocol – ARP – In ARP – IPCP – IPv6CP – RARP –
SLIP .Wide Area and Network Protocols- ATM protocols – Broadband
Protocols – Point to Point Protocols – Other
WAN Protocols- security issues.
21
Page 28
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – IV
Local Area Network and LAN Protocols – ETHERNET Protocols –
VLAN protocols – Wireless
LAN Protocols – Metropolitan Area Network Protocol – Storage Area
Network and SAN
UNIT – V
Protocols -FDMA, WIFI and WIMAX Protocols- security issues.
Mobile IP – Mobile Support
Protocol for IPv4 and IPv6 – Resource Reservation Protocol. Multi-
casting Protocol – VGMP –
IGMP – MSDP .Network Security and Technologies and Protocols –
AAA Protocols – Tunneling Protocols – Secured Routing Protocols –
GRE- Generic Routing Encapsulation – IPSEC – Security.
TEXT BOOKS:
1. Jawin: “Networks Protocols Handbook”, 3rd Edition, Jawin
Technologies Inc., 2005.
2. Bruce Potter and Bob Fleck : “802.11 Security”, 1st Edition,
O‟Reilly Publications, 2002.
REFERENCES:
1. Ralph Oppliger :“SSL and TSL: Theory and Practice”, 1st Edition,
Arttech House, 2009.
2. Lawrence Harte: “Introduction to CDMA- Network services
Technologies and Operations”, 1st Edition, Althos Publishing,
2004.
3. Lawrence Harte: “Introduction to WIMAX”, 1st Edition, Althos
Publishing, 2005.
22
Page 29
GVPCE(A) M.Tech. Cyber Security 2013
PUBLIC KEY INFRASTRUCTURE AND TRUST
MANAGEMENT
(ELECTIVE – 1) Course code: 13CS2206 L P C
4 0 3
Prerequisites: Network security.
Course Educational Objectives:
The goal of this course is to enable the student to understand the
foundational elements and complexity of a public key infrastructure.
Course Outcomes:
By the end of the course student can
1. Distinguish between public key technology and a public key
infrastructure.
2. Understand the relationship of identity management to PKI
3. Understand the components of a public key infrastructure.
4. Understand the issues related to Trust management mechanisms.
5. Understand Secure Crypto protocols like SSL and so on.
UNIT – I
Uses of cryptography, the concept devil and Alice. Principle of
Cryptography. PKCS standards IEEE P1363, Block cipher modes
of operation and data transformation for asymmetrical algorithms,
Data transformation for RSA algorithm, Cryptographic Protocols,
Protocol properties, Attributes of cryptographic protocols.
UNIT – II
Crypto Hardware and software, Smart cards, Universal Crypto
interface, Real world attacks, Evaluation and certification, Public Key
Infrastructure, PKI Works.
UNIT – III
Directory service, Requesting certificate revocation information,
Practical Aspects Of PKI Construction- The course of construction
of PKI, Basic questions about PKI construction,
The most important PKI suppliers.
23
Page 30
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – IV
The internet and the OSI model-
The OSI model, Crypto standards for OSI Layers 1 and 2-Crypto
extensions for ISDN (Layer 1), Cryptography in the GSM standard
(Layer 1), Crypto extensions for PPP (Layer 2), Virtual private
networks.
UNIT – V
IPsec and IKE, IPsec, IKE, SKIP, Critical assessment of IPsec, Virtu
al private network with IPsec,SSL, TLS AND WTLS (Layer 4)-
SSL working method, SSL protocol operation,
Successful SSL, Technical comparison between IPsec and SSL, WTLS.
TEXT BOOKS:
1. Klaus schmeh:“Cryptography and public key infrastructure on
the internet”, 1st Edition, Allied Publishers, 2004.
REFERENCES:
1. Wenbo Mao: “Modern Cryptography : theory and practice”, 1st
Edition, Pearson Education, 2005.
24
Page 31
GVPCE(A) M.Tech. Cyber Security 2013
WEB SECURITY
(ELECTIVE – 1) Course Code: 13CS2207 L P C
4 0 3
Pre requisites: Network security and Cryptography, and proficiency in
Java and web programming Languages.
Course Educational Objectives: The main objective of this course is that to give exposure to various
security threats to web servers and providing security to web servers.
Course Outcomes:
By the completion of this course, Student will
1. Understand security concepts, security professional roles, and
security resources in the context of systems and security
development life cycle
2. Understand applicable laws, legal issues and ethical issues
regarding computer crime
3. Understand the business need for security, threats, attacks, top ten
security vulnerabilities, and secure software development
4. Understand information security policies, standards and practices,
the information security blueprint.
5. Analyze and describe security requirements for typical web
application scenario.
UNIT – I
Introduction- A web security forensic lesson, Web languages,
Introduction to different web
attacks. Overview of N-tier web applications, Web Servers: Apache, IIS,
Database Servers.
UNIT – II Review of computer security, Public Key cryptography, RSA. Review of
Cryptography Basics, On-line Shopping, Payment Gateways.
25
Page 32
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – III
Web Hacking Basics HTTP & HTTPS URL, Web Under the Cover
Overview of Java security
Reading the HTML source, Applet Security Servlets Security.
Symmetric and Asymmetric Encryptions, Network security Basics,
Firewalls & IDS
UNIT – IV
Basics, Securing databases, Secure JDBC, Securing Large Applications,
Cyber Graffiti.
Case study on various web forensic tools like helix 3.0, deft_6.1,related
web tools.
UNIT – V Introduction to Information Hiding: Technical Steganography,
Linguistic Steganography, Copy Right Enforcement, Wisdom from
Cryptography Principles of Steganography: Framework for Secret
Communication, Security of Steganography System, Information Hiding
in Noisy Data, Adaptive versus non-Adaptive Algorithms, Active and
Malicious Attackers, Information hiding in Written Text.
TEXT BOOKS:
1. 1.McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking
: attacks and defense. Addison Wesley. 2003.
2. Garms, Jess and Daniel Somerfield. Professional Java Security.
Wrox. 2001.
Related Web Sites:
1. 1.Collection of Cryptography Web Sites, Publications, FAQs, and
References:
http://world.std.com/~franl/crypto.html
2. FAQ: What is TLS/SSL?
http://www.mail.nih.gov/user/faq/tlsssl.htm.
3. The Open SSL Project (SDKs for free download):
http://www.openssl.org/
26
Page 33
GVPCE(A) M.Tech. Cyber Security 2013
CRYPTOGRAPHY AND SECURITY LAB
Course code: 13CS2208 L P C
0 3 2
Pre requisites: Network security and Cryptography, CPC.
Course Educational Objectives:
The objective of this course is that to understand the principles of
encryption algorithms, conventional and public key cryptography
practically with real time applications.
Course Outcomes:
By the end of the course students will
1. Know the methods of conventional encryption.
2. Understand the concepts of public key encryption and number
theory
3. Understand various applications of cryptography and security
issues practically.
The following programs should be implemented preferably on platform
Windows/Unix using C
language (for 1-5) and other standard utilities available with UNIX
systems (for 6-15) :-
1. Implement the encryption and decryption of 8-bit data using
Simplified DES Algorithm (created by Prof. Edward Schaefer) in C
2. Write a program to break the above DES coding
3. Implement Linear Congruential Algorithm to generate 5 pseudo-
random numbers in C
4. Implement Rabin-Miller Primality Testing Algorithm in C
5. Implement the Euclid Algorithm to generate the GCD of an array of
10 integers in C
6. a)Implement RSA algorithm for encryption and decryption in C
b) In an RSA System, the public key of a given user is e=31,n=3599.
Write a program to find private key of the User.
7. Configure a mail agent to support Digital Certificates, send a mail
and verify the correctness of this system using the configured
parameters. 27
Page 34
GVPCE(A) M.Tech. Cyber Security 2013
8. Configure SSH (Secure Shell) and send/receive a file on this
connection to verify the correctness of this system using the
configured parameters.
9. Configure a firewall to block the following for 5 minutes and verify
the correctness of this system using the configured parameters:
(a) Two neighborhood IP addresses on your LAN
(b) All ICMP requests
(c) All TCP SYN Packets
10. Configure S/MIME and show email-authentication.
11. Implement encryption and decryption with openssl.
12. Implement Using IP TABLES on Linux and setting the filtering
rules.
13. Implementation of proxy based security protocols in C or C++ with
features like Confidentiality, integrity and authentication.
14. Working with Sniffers for monitoring network communication
(Ethereal)
15. Using IP TABLES on Linux and setting the filtering rules
28
Page 35
GVPCE(A) M.Tech. Cyber Security 2013
SECURITY THREATS & VULNERABILITIES
Course Code: 13CS2209 L P C
4 0 3
Pre requisites: Network security
Course Educational Objectives:
The main objective of this course is that to provide security to various
systems by identifying various Types of threats and vulnerabilities.
Course Outcomes:
By the end of the course
1. The Student will gain the knowledge on various security threats
and issues and how to overcome those issues.
2. The student will get the capability to handle various attackers and
crime issues.
3. Learning various issues involved in threats overcome methods.
4. Learning Forensic analysis and risk analysis.
5. Learn inner security issues involved in mail agents, viruses and
worms.
UNIT – I Introduction: Security threats - Sources of security threats- Motives -
Target Assets and
Vulnerabilities. Consequences of threats- E-mail threats - Web-threats -
Intruders and Hackers,
Insider threats, Cyber crimes.
UNIT – II Network Threats: Active/ Passive – Interference – Interception –
Impersonation – Worms –
Virus – Spam‟s – Ad ware - Spy ware – Trojans and covert channels –
Backdoors – Bots - IP
Spoofing - ARP spoofing - Session Hijacking - Sabotage-Internal treats-
Environmental threats -
Threats to Server security.
29
Page 36
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – III
Security Threat Management: Risk Assessment - Forensic Analysis -
Security threat correlation
– Threat awareness - Vulnerability sources and assessment-
Vulnerability assessment tools -
Threat identification - Threat Analysis - Threat Modeling - Model for
Information Security Planning.
UNIT – IV
Security Elements: Authorization and Authentication - types, policies
and techniques - Security
certification - Security monitoring and Auditing - Security Requirements
Specifications - Security Policies and Procedures, Firewalls, IDS, Log
Files, Honey Pots
UNIT – V Access control, Trusted Computing and multilevel security - Security
models, Trusted Systems,
Software security issues, Physical and infrastructure security, Human
factors – Security awareness, training, Email and Internet use policies.
TEXT BOOKS:
1. Swiderski, Frank and Syndex: “Threat Modeling”, 1st Edition,
Microsoft Press, 2004.
2. Joseph M Kizza: “Computer Network Security”, 1st Edition,
Springer, 2010.
3. William Stallings and Lawrie Brown: “Computer Security:
Principles and Practice”, 2nd
Edition Prentice Hall, 2008.
REFERENCES:
1. Lawrence J Fennelly : “Handbook of Loss Prevention and Crime
Prevention” 5th
Edition, Butterworth-Heinemann,2012.
2. Tipton Ruthbe Rg : “Handbook of Information Security
Management”, 6th
Edition, Auerbach Publications,2010.
3. Mark Egan : “The Executive Guide to Information Security” , 1st
Edition, Addison-Wesley Professional,2004.
30
Page 37
GVPCE(A) M.Tech. Cyber Security 2013
CYBER LAWS AND SECURITY POLICIES
Course Code: 13CS2210 L P C
4 0 3
Pre requisites: Cyber Laws.
Course Educational Objectives:
The Objectives Of This Course Is To Enable Learner To Understand,
Explore, And Acquire A Critical Understanding Cyber Law. Develop
Competencies For Dealing With Frauds And Deceptions (Confidence
Tricks, Scams) And Other Cyber Crimes For Example, Child
Pornography Etc. That Are Taking Place Via The Internet.
Course Outcomes:
1. Make Learner Conversant With The Social And Intellectual
Property Issues Emerging From „Cyberspace.
2. Explore The Legal And Policy Developments In Various
Countries To Regulate Cyberspace;
3. Develop The Understanding Of Relationship Between Commerce
And Cyberspace; And
4. Give Learners In Depth Knowledge Of Information Technology
Act And Legal Frame Work Of Right To Privacy, Data Security
And Data Protection.
5. Make Study On Various Case Studies On Real Time Crimes.
UNIT – I
Introduction to Cyber Law Evolution of Computer Technology :
Emergence of Cyber space. Cyber Jurisprudence, Jurisprudence and law,
Doctrinal approach, Consensual approach, Real Approach, Cyber Ethics,
Cyber Jurisdiction, Hierarchy of courts, Civil and criminal jurisdictions,
Cyberspace-Web space, Web hosting and web Development agreement,
Legal and Technological Significance of domain Names, Internet as a
tool for global access.
UNIT – II
Information technology Act : Overview of IT Act, 2000, Amendments
and Limitations of IT Act, Digital Signatures, Cryptographic Algorithm,
Public Cryptography, Private Cryptography, Electronic Governance,
Legal Recognition of Electronic Records, Legal Recognition of Digital
Signature Certifying Authorities, Cyber Crime and Offences, Network
Service Providers Liability, Cyber Regulations Appellate Tribunal,
Penalties and Adjudication. 31
Page 38
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – III
Cyber law and related Legislation : Patent Law, Trademark Law,
Copyright, Software – Copyright or Patented, Domain Names and
Copyright disputes, Electronic Data Base and its Protection, IT Act and
Civil Procedure Code, IT Act and Criminal Procedural Code, Relevant
Sections of Indian Evidence Act, Relevant Sections of Bankers Book
Evidence Act, Relevant Sections of Indian Penal Code, Relevant
Sections of Reserve Bank of India Act, Law Relating To Employees
And Internet, Alternative Dispute Resolution , Online Dispute
Resolution (ODR).
UNIT – IV
Electronic Business and legal issues: Evolution and development in E-
commerce, paper vs paper less contracts E-Commerce models- B2B,
B2C,E security.
Application area: Business, taxation, electronic payments, supply
chain, EDI, E-markets, Emerging Trends.
UNIT – V
Case Study On Cyber Crimes: Harassment Via E-Mails, Email
Spoofing (Online A Method Of Sending E-Mail Using A False Name Or
E-Mail Address To Make It Appear That The E-Mail Comes From
Somebody Other Than The True Sender, Cyber Pornography
(Exm.MMS),Cyber-Stalking.
TEXT BOOKS :
1 .K.Kumar,” Cyber Laws: Intellectual property & E Commerce,
Security”,1st Edition, Dominant Publisher,2011.
2. Rodney D. Ryder, “ Guide To Cyber Laws”, Second Edition,
Wadhwa And Company, New Delhi, 2007.
3. Information Security policy &implementation Issues, NIIT, PHI.
REFERENCES :
1. Vakul Sharma, "Handbook Of Cyber Laws" Macmillan India Ltd,
2nd
Edition,PHI,2003.
2. Justice Yatindra Singh, " Cyber Laws", Universal Law Publishing,
1st Edition,New Delhi, 2003.
3. Sharma, S.R., “Dimensions Of Cyber Crime”, Annual Publications
Pvt. Ltd., 1st Edition, 2004.
4. Augastine, Paul T.,” Cyber Crimes And Legal Issues”, Crecent
Publishing Corporation, 2007. 32
Page 39
GVPCE(A) M.Tech. Cyber Security 2013
DIGITAL FORENSICS
Course Code: 13CS2106 L P C
4 0 3
Pre requisites: Secure Protocols, Image processing.
Course Educational Objectives: The main objective of the course is to introduce the students to bring
awareness in crimes and tracing the attackers.
1. Define digital forensics from electronic media.
2. Describe how to prepare for digital evidence investigations and
explain the differences between law enforcement agency and
corporate investigations.
3. Explain the importance of maintaining professional conduct
Course Outcomes: Upon completion, the student will be able to
1. Utilize a systematic approach to computer investigations.
2. Utilize various forensic tools to collect digital evidence.
3. Perform digital forensics analysis upon Windows, MAC and
LINUX operating systems
4. Perform email investigations.
5. Analyze and carve image files both logical and physical
UNIT – I
Introduction & evidential potential of digital devices – Key
developments, Digital devices in society, Technology and culture,
Comment, Closed vs. open systems, evaluating digital evidence
potential.
Device Handling & Examination Principles: Seizure issues, Device
identification, Networked devices, Contamination, Previewing, Imaging,
Continuity and hashing, Evidence locations.
UNIT – II
A sevenelement security model, A developmental model of digital sys
tems, Knowing, Unknowing, Audit and logs , Data content, Data
context. Internet & Mobile Devices The ISO / OSI model, The internet
protocol suite, DNS, Internet applications, Mobile phone PDAs, GPS,
Other personal technology. 33
Page 40
GVPCE(A) M.Tech. Cyber Security 2013
UNIT – III Introduction to Computer Forensics, Use of Computer Forensics in Law
Enforcement, Computer Forensics Assistance to Human Resources /
Employment Proceedings, Computer Forensics Services, Benefits of
Professional Forensics Methodology, Steps Taken by Computer Forensics
Specialists, Who Can Use Computer Forensic Evidence?,
Case Histories, Case Studies.
UNIT – IV
Types of Military Computer Forensic Technology, Types of Law
Enforcement: Computer Forensic Technology, Types of Business
Computer Forensic Technology, Specialized Forensics Techniques,
Hidden Data and How to Find It, Spyware and Adware, Encryption
Methods and Vulnerabilities, Protecting Data from Being Compromised,
Internet Tracing Methods 65.
UNIT – V
Homeland Security Systems. Occurrence of Cyber Crime, Cyber
Detectives, Fighting Cyber Crime withRisk Management
Techniques, Computer Forensics Investigative Services, Forensic
Process Improvement, Course Content, Case Histories.
TEXT BOOKS:
1. Angus M.Mashall, “Digital Forensics”, 2nd
Edition,Wiley-
Blackwell, A John Wiley & Sons Ltd Publication, 2008.
2. John R. Vacca, “ Computer forensics : Computer Crime Scene
Investigation”, 2nd
Edition, Charles River Media, Inc. Boston,
Massachusetts.
REFERENCES:
1. Michael G. Noblett; Mark M. Pollitt, Lawrence A. Presley
(October 2000), "Recovering and examining computer forensic
evidence", Retrieved 26 July 2010.
2. Leigland, R (September 2004). "A Formalization of Digital
Forensics".(Pdf document ).
3. Geiger, M (March 2005). "Evaluating Commercial Counter-
Forensic Tools" (Pdf document). 34
Page 41
GVPCE(A) M.Tech. Cyber Security 2013
WIRELESS NETWORKS
Course Code: 13CS2211 L P C
4 0 3
Pre requisites : Computer Networks.
Course Educational Objectives: The main objective of this course is
that to teach the fundamentals of connectivity and communication of
computers.
Course Outcomes:
1. To give exposure on different issues involved in setting up
different types of networks of computers.
2. Students will gain knowledge on various wireless protocols and
wifi technologies.
3. To give exposure on issues involved in MANETS.
4. To give an understanding of GPS mechanisms and issues.
5. To give exposure on various wireless and mobile protocols and
their design issues
UNIT-I
WIRELESS COMMUNICATIONS STANDARD: Wireless
Communication Standard-First, Second and Third Generation Wireless
Communication Network, Coverage Extension, Types; Characterization
of Wireless Channels-multipath Propagation, Linear Time Variant,
Channel Model, Channel Correlation Function, Large Scale Path Loss
and Shadowing, Fading.
UNIT-II
BAND PASS TRANSMISSION TECHNIQUE FOR MOBILE RADIO:
Band pass Transmission Technique for Mobile Radio- Signal Space and
Decision Region, Digital Modulation-MPSK, MSK, GMSK,OFDA,
Power Spectral Density, Probability of Transmission Error; Receiver
Technique for Fading Dispersive Channels
UNIT-III
FREQUENCY REUSE AND MOBILITY MANAGEMENT: Frequency
reuse and mobility Management, Cell Cluster Concept, Co Channel and
Adjacent Channel Interference, Call Blocking and Delay at Cell Site,
Cell Splitting, Sectoring. 35
Page 42
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-IV
MULTIPLE ACCESS TECHNIQUE: Multiple Access Technique,
Random Access, Carrier Sense Multiple Access (CSMA), Conflict Free
Multiple Access Technology and Spectral Efficiency-FDMA, TDMA,
CDMA,Mobility management and In wireless network-CAC, Handoff
Management, Location Management for Cellular Network and PCS
network, Traffic calculation.
UNIT-V
WIRELESS INTERNETWORKING: Wireless Internetworking-Mobile
IP, Internet Protocol (IP), Transmission Control Protocol (TCP),
Network Performance, Wireless Application Protocol(WAP) , Mobile
AD HOC Network Characteristics of MANETs, Table-driven and
Source-initiated On Demand routing protocols, Hybrid protocols,
Wireless Sensor networks- Classification, MAC and Routing protocols.
TEXT BOOKS:
1. William Stallings: "Wireless Communications and networks"
Pearson / Prentice Hall of India, 2nd
Edition, 2007.
2. Mark & Zuang : “Wireless communication & networking”,
Prentice Hall , 1st Edition, PHI , 2006.
REFERENCES:
1. Jim Geier: “Wireless Networks first-step”,2nd Edition Pearson,
2005.
2. Sumit Kasera et al: “2.5G Mobile Networks: GPRS and EDGE”,
3rd
Edition TMH, 2008.
3. Matthew S.Gast: “802.11 Wireless Networks”, O‟Reilly, 2nd
Edition, 2006.
4. Theodore s. Rappaport: “Wireless Communications –principles
and practice”, 2nd
Edition, PHI, 200
36
Page 43
GVPCE(A) M.Tech. Cyber Security 2013
ETHICAL HACKING
Course Code: 13CS2212 L P C
4 0 3
Pre requisites : Information Security.
Course Educational Objectives:
The main objective of this course is to render every database based
transaction safe, secure and simple. We aim to transform the internet
security industry by infusing professionalism and a never before seen
efficiency.
Course Outcomes:
By the end of the course students will
1. Learn various hacking methods.
2. Perform system security vulnerability testing.
3. Perform system vulnerability exploit attacks.
4. Produce a security assessment report
5. Learn various issues related to hacking.
UNIT-I
Hacking Windows: BIOS Passwords, Windows Login Passwords,
Changing Windows Visuals, Cleaning Your Tracks, Internet Explorer
Users, Cookies, URL Address Bar, Netscape Communicator, Cookies,
URL History, The Registry, Baby Sitter Programs.
UNIT-II
Advanced Windows Hacking: Editing your Operating Systems by
editing Explorer.exe, The Registry, The Registry Editor, Description of
.reg file, Command Line Registry Arguments, Other System Files, Some
Windows & DOS Tricks, Customize DOS, Clearing the CMOS without
opening your PC, The Untold Windows Tips and Tricks Manual, Exiting
Windows the Cool and Quick Way, Ban Shutdowns: A Trick to Play,
Disabling Display of Drives in My Computer, Take Over the Screen
Saver, Pop a Banner each time Windows Boots, Change the Default
Locations, Secure your Desktop Icons and Settings.
37
Page 44
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III
Getting Past the Password: Passwords: An Introduction, Password
Cracking, Cracking the Windows Login Password, The Glide Code,
Windows Screen Saver Password, XOR, Internet Connection Password,
Sam Attacks, Cracking Unix Password Files, HTTP Basic
Authentication, BIOS Passwords, Cracking Other Passwords, .
UNIT-IV The Perl Manual: Perl: The Basics, Scalars, Interacting with User by
getting Input, Chomp() and Chop(), Operators, Binary Arithmetic
Operators, The Exponentiation Operator(**), The Unary Arithmetic
Operators, Other General Operators, Conditional Statements,
Assignment Operators. The?: Operator, Loops, The While Loop, The
For Loop, Arrays, THE FOR EACH LOOP: Moving through an Array,
Functions Associated with Arrays, Push() and Pop(), Unshift() and
Shift(), Splice(), Default Variables, $_, @ARGV, Input Output, Opening
Files for Reading, Another Special VariableS.
UNIT-V
How does a Virus Work? What is a Virus?, Boot Sector Viruses (MBR
or Master Boot Record), File or Program Viruses, Multipartite Viruses,
Stealth Viruses, Polymorphic Viruses, Macro Viruses, Blocking Direct
Disk Access, Recognizing Master Boot Record (MBR) Modifications,
Identifying Unknown Device Drivers, How do I make my own Virus?,
Macro Viruses, Using Assembly to Create your own Virus, How to
Modify a Virus so Scan won‟t Catch it, How to Create New Virus
Strains, Simple Encryption Methods.
TEXT BOOKS:
1. Patrick Engbreston: “The Basics of Hacking and Penetration
Testing: Ethical Hacking and Penetration Testing Made Easy”,1st
Edition, Syngress publication,2011.
2. Ankit Fadia : “Unofficial Guide to Ethical Hacking”, 3rd Edition ,
McMillan India Ltd,2006.
REFERENCES:
1. Simpson/backman/corley, “HandsOn Ethical Hacking & Network
Defense International”, 2nd
Edition,Cengageint,2011. 38
Page 45
GVPCE(A) M.Tech. Cyber Security 2013
BIOMETRIC SECURITY
(ELECTIVE – II)
Course Code: 13CS2213 L P C
4 0 3
Pre-Requisites: Fundamental knowledge in Biometrics
Course Educational Objective:
To provide students with understanding of biometrics, biometric
equipment and standards applied to security.
Course Outcomes:
1. Demonstrate knowledge of the basic physical and biological
science and engineering principles underlying biometric systems.
2. Understand and analyze biometric systems at the component level
and be able to analyze and design basic biometric system
applications.
3. Be able to work effectively in teams and express their work and
ideas orally and in writing.
4. Identify the sociological and acceptance issues associated with the
design and implementation of biometric systems.
5. Understand various Biometric security issues.
UNIT-I
Biometrics- Introduction- benefits of biometrics over traditional
authentication systems -benefits
of biometrics in identification systems-selecting a biometric for a system
–Applications - Key
biometric terms and processes - biometric matching methods -Accuracy
in biometric systems.
UNIT-II
Physiological Biometric Technologies: Fingerprints - Technical
description –characteristics - Competing technologies - strengths –
weaknesses – deployment - Facial scan - Technical description -
characteristics - weaknesses-deployment - Iris scan - Technical
description – characteristics - strengths – weaknesses – deployment
- Retina vascular pattern 39
Page 46
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III Technical description – characteristics - strengths – weaknesses –
deployment - Hand scan - Technical description-characteristics -
strengths – weaknesses deployment – DNA biometrics.
Behavioral Biometric Technologies: Handprint Biometrics - DNA
Biometrics.
UNIT-IV
signature and handwriting technology - Technical description –
classification – keyboard / keystroke dynamics- Voice – data
acquisition - feature extraction - characteristics - strengths –
weaknesses-deployment.
UNIT-V
Multi biometrics and multi factor biometrics - two-factor authentication
with passwords - tickets and tokens – executive decision -
implementation plan.
TEXT BOOKS:
1. Samir Nanavathi, Michel Thieme, and Raj Nanavathi : “Biometrics
-Identity verification
in a network”, 1st Edition, Wiley Eastern, 2002.
2. John Chirillo and Scott Blaul : “Implementing Biometric
Security”, 1st Edition, Wiley Eastern Publication, 2005.
REFERENCES:
1. John Berger: “Biometrics for Network Security”, 1st Edition,
Prentice Hall, 2004.
40
Page 47
GVPCE(A) M.Tech. Cyber Security 2013
INTRUSION DETECTION SYSTEMS
(ELECTIVE – 2)
Course Code: 13CS2214 L P C
4 0 3
Pre requisites: Fundamental knowledge in Operating Systems, and
Networks
Course Educational Objectives: 1. Understand when, where, how, and why to apply Intrusion
Detection tools and techniques in order to improve the security
posture of an enterprise.
2. Apply knowledge of the fundamentals and history of Intrusion
Detection in order to avoid common pitfalls in the creation and
evaluation of new Intrusion Detection Systems
3. Analyze intrusion detection alerts and logs to distinguish attack
types from false alarms
Course Outcomes:
1. Explain the fundamental concepts of Network Protocol Analysis
and demonstrate the skill to capture and analyze network packets.
2. Use various protocol analyzers and Network Intrusion Detection
Systems as security tools to detect network attacks and
troubleshoot network problems.
UNIT-I History of Intrusion detection, Audit, Concept and definition , Internal
and external threats to data, attacks, Need and types of IDS, Information
sources Host based information sources, Network based information
sources.
UNIT-II
Intrusion Prevention Systems, Network IDs protocol based IDs ,Hybrid
IDs, Analysis schemes,
thinking about intrusion. A model for intrusion analysis , techniques
Responses requirement of responses, types of responses mapping
responses to policy Vulnerability analysis, credential analysis non
credential analysis 41
Page 48
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III
Introduction to Snort, Snort Installation Scenarios, Installing Snort,
Running Snort on Multiple
Network Interfaces, Snort Command Line Options. Step-By-Step
Procedure to Compile and
Install Snort Location of Snort Files, Snort Modes Snort Alert Modes
UNIT-IV Working with Snort Rules, Rule Headers, Rule Options, The Snort
Configuration File etc. Plugins, Preprocessors and Output Modules,
Using Snort with MySQL
UNIT-V
Using ACID and Snort Snarf with Snort, Agent development for
intrusion detection, Architecture models of IDs and IPs.
TEXT BOOKS:
1. Rafeeq Rehman : “ Intrusion Detection with SNORT, Apache,
MySQL, PHP and ACID,” 1st Edition, Prentice Hall , 2003.
REFERENCES:
1. Christopher Kruegel,Fredrik Valeur, Giovanni Vigna: “Intrusion
Detection and Correlation Challenges and Solutions”, 1st Edition,
Springer, 2005.
2. Carl Endorf, Eugene Schultz and Jim Mellander “ Intrusion
Detection & Prevention”, 1st Edition, Tata McGraw-Hill, 2004.
3. Stephen Northcutt, Judy Novak : “Network Intrusion Detection”, 3rd
Edition, New Riders Publishing, 2002.
4. T. Fahringer, R. Prodan, “A Text book on Grid Application
Development and Computing Environment”. 6th
Edition,
KhannaPublihsers, 2012.
42
Page 49
GVPCE(A) M.Tech. Cyber Security 2013
WIRELESS AND MOBILE SECURITY
(ELECTIVE – II)
Course Code: 13CS2215 L P C
4 0 3
Pre requisites: Mobile Computing.
Course Educational Objectives:
This skill oriented course equips the system Administrators with the
skills required to protect & recover the computer systems & networks
from various security threats.
Course Outcomes:
By the end of the course Students will
1. Familiarize with the issues and technologies involved in designing
a wireless and mobile system that is robust against various attacks.
2. Gain knowledge and understanding of the various ways in which
wireless networks can be attacked and tradeoffs in protecting
networks.
3. Have a broad knowledge of the state-of-the-art and open problems
in wireless and mobile security, thus enhancing their potential to
do research or pursue a career in this rapidly developing area.
4. Learn various security issues involved in cloud computing.
5. Learn various security issues related to GPRS and 3G.
UNIT-I
Security Issues in Mobile Communication: Mobile Communication
History, Security – Wired Vs Wireless, Security Issues in Wireless and
Mobile Communications, Security Requirements in Wireless and Mobile
Communications, Security for Mobile Applications, Advantages and
Disadvantages of Application – level Security.
UNIT-II
Security of Device, Network, and Server Levels: Mobile Devices
Security Requirements, Mobile Wireless network level Security, Server
Level Security. Application Level Security in Wireless Networks:
Application of WLANs, Wireless Threats, Some Vulnerabilities and
Attach Methods over WLANs, Security for 1G Wi-Fi Applications,
Security for 2G Wi-Fi Applications, Recent Security Schemes for Wi-Fi
Applications 43
Page 50
GVPCE(A) M.Tech. Cyber Security 2013
UNIT-III
Application Level Security in Cellular Networks: Generations of
Cellular Networks, Security Issues and attacks in cellular networks,
GSM Security for applications, GPRS Security for applications, UMTS
security for applications, 3G security for applications, Some of Security
and authentication Solutions.
UNIT-IV
Application Level Security in MANETs: MANETs, Some applications
of MANETs, MANET Features, Security Challenges in MANETs,
Security Attacks on MANETs, External Threats for MANET
applications, Internal threats for MANET Applications, Some of the
Security Solutions.
Ubiquitous Computing, Need for Novel Security Schemes for UC,
Security Challenges for UC, and Security Attacks on UC networks,
Some of the security solutions for UC.
UNIT V
Data Center Operations - Security challenge, implement “Five Principal
Characteristics of Cloud Computing, Data center Security
Recommendations Encryption for Confidentiality and Integrity,
Encrypting data at rest, Key Management Lifecycle, Cloud Encryption
Standards.
TEXT BOOKS:
1. Pallapa Venkataram, Satish Babu: “Wireless and Mobile Network
Security”, 1st Edition, Tata McGraw Hill,2010.
2. Frank Adelstein, K.S.Gupta : “Fundamentals of Mobile and
Pervasive Computing”, 1st Edition, Tata McGraw Hill 2005.
REFERENCES:
1. Randall k. Nichols, Panos C. Lekkas : “Wireless Security Models,
Threats and Solutions”, 1st Edition, Tata McGraw Hill, 2006.
2. Bruce Potter and Bob Fleck : “802.11 Security” , 1st Edition, SPD
O‟REILLY 2005.
3. James Kempf: “Guide to Wireless Network Security, Springer.
Wireless Internet Security – Architecture and Protocols”, 1st
Edition, Cambridge University Press, 2008. 44
Page 51
GVPCE(A) M.Tech. Cyber Security 2013
ETHICAL HACKING AND DIGITAL FORENSIC TOOLS LAB
Course code: 13CS2216 L P C
0 3 2
Pre requisites : Information Security.
Course Educational Objectives:
The main objective this practical session is that students will get the
exposure to various forensic tools and scripting languages.
Course Outcomes:
By the completion of this laboratory session Student
1. Will get the practical exposure to forensic tools.
2. Will gain the knowledge on perl and Unix scripting languages to
implement various security attacks.
3. Will get the ideas in various ways to trace an attacker.
The following programs should be implemented preferably on platform
Windows/Unix through perl, shell scripting language and other
standard utilities available with UNIX systems. :-
Part A : 1. Write a perl script to concatenate ten messages and transmit to
remote server
a) Using arrays
b) Without using arrays.
2. Write a perl script to implement following functions:
a) Stack functions
b) File functions
c) File text functions
d) Directory functions
e) Shift, unshift, Splice functions.
3. Write a Perl script to secure windows operating systems and web
browser by disabling Hardware and software units.
4. Write a perl script to implement Mail bombing and trace the hacker.
5. Write a shell script to crack UNIX login passwords and trace it
when breaking is happened.
45
Page 52
GVPCE(A) M.Tech. Cyber Security 2013
6. Write a shell script to send fake mails to the remote servers or web
browsers.
7. Write a shell script to crack windows login password and trace it
who is the attacker.
8. Write a shell script to implement buffer overflow attacks.
9. Write a shell script to implement formal string Vulnerabilities.
10. Write a shell script to trace an attacker how he is connected to
various servers URL‟s and various processes and services ? (Note:
Use Santoku O.S)
11. Write a perl script to handle Bluetooth attacks.
12. Write a perl script to implement Web Data Extractor and Web site
watcher
13. Test the Vulnerabilities Using Security Scanner through following
packages support
(a) Zlib (b) libcap (c) MYSQL (d) Apache software products
(e) PHP (f) Snort.
14. Test and Show the functionality of secure database through the
support of packages
(a) JPGraph (b) ADOdb (c) ACID
Part B: Exposure on Forensic tools.
1. Backup the images file from RAM using Helix3pro tool and show
the analysis.
2. Introduction to Santhoku Linux operating system and features
extraction.
3. Using Santoku operating system generates the analysis document
for any attacked file from by taking backup image from RAM.
4. Using Santoku operating system generates the attacker injected
viewing java files.
5. Using Santoku operating system shows how attackers opened
various Firefox URL‟s and pdf document JavaScript files and
show the analysis.
6. Using Santoku operating System files show how an attacker
connected to the various network inodes by the specific process.
7. Using exiftool (-k) generate the any picture hardware and software.
8. Using deft_6.1 tool recover the attacker browsing data from any
computer. 46
Page 53
GVPCE(A) M.Tech. Cyber Security 2013
9. Using Courier tool Extract a hacker secret bitmap image hidden
data.
10. Using sg (Stegnography) cyber Forensic tool hide a message in a
document or any file.
11. Using sg cyber Forensic tool unhide a message in a document or
any file.
12. Using Helix3pro tool show how to extract deleted data file from
hard disk or usb device.
13. Using Ghostnet tool hide a message into a picture or any image
file.
14. Using kgbkey logger tool record or generate an document what a
user working on system
15. Using pinpoint metaviewr tool extract a metadata from system or
from image file.
16. Using Bulk Extractor tool extract information from windows file
system.
47