M.TECH. CYBER SECURITY - Gayatri Vidya Parishad ...

ACADEMIC REGULATIONS

COURSE STRUCTURE AND SYLLABI

M.TECH.

CYBER SECURITY (Department of Computer Science and Engineering)

2013 – 2014

GAYATRI VIDYA PARISHAD

COLLEGE OF ENGINEERING

(AUTONOMOUS)

Accredited by NAAC with A Grade with a CGPA of 3.47/4.00

Affiliated to JNTUK-Kakinada

MADHURAWADA, VISAKHAPATNAM – 530 048

VISION

To evolve into and sustain as a Centre of

Excellence in Technological Education

and Research with a holistic approach.

MISSION

To produce high quality engineering graduates

with the requisite theoretical and practical

knowledge and social awareness to be able to

contribute effectively to the progress of the

society through their chosen field of endeavor.

To undertake Research & Development, and

extension activities in the fields of Science and

Engineering in areas of relevance for immediate

application as well as for strengthening or

establishing fundamental knowledge.

F O R E W O R D

Two batches of students have successfully completed the M.Tech.

programme under autonomous status, which gave us a lot of satisfaction

and encouragement. In the light of changing scenario of accreditation

process globally, to upkeep the quality of education further, a major

revision in the curriculum has been taken up with an objective to provide

outcome based education.

As the college is getting funds under TEQIP-II, S.C.1.2 for up-scaling

P.G education and research, two more P.G programmes in the thrust

areas are being introduced from this academic year leading to a total of

13 programmes.

We could execute these changes only with the help of the commendable

academicians, enthusiastic representatives from Industry and support

from the representatives of affiliating University JNTU-K present in the

Boards of Studies, Academic Council and Governing Body.

It is hoped that the new regulations and curriculum will enhance the all-

round ability of students so that they can technically compete at global

level with native ethical standards.

PRINCIPAL

MEMBERS ON THE BOARD OF STUDIES

IN

COMPUTER SCIENCE AND ENGINEERING

Prof. P.S. Avadhani, Professor in CS & SE, A.U.College of Engineering, Visakhapatnam.

Ms. S. Malathi,

Country Leader – Academic Initiative, IBM Software Group, IBM India

Pvt Ltd., No.12, Subramanya Arcade, Bannerghatta Road, Bangalore.

Sri Sudheer Reddy K.,

Lead-Education & Research Team – Campus connect, Infosys Ltd.,

Survey No.210, Manikonda Village, Lingampally, Hyderabad–500 032.

Prof. B. Yegnanarayana,

Professor & Microsoft Chair, A3-116, IIT, Hyderabad, Gachibowli,

Hyderabad – 500 032.

Prof. D.V.L.N. Somayajulu,

Professor, Department of Computer Science & Engineering, National

Institute of Technology (NIT), Warangal – 506 004.

Prof. R. Krishnan,

Head, Engineering Research, Amritha Vishwa Vidyapeetham,

Amritanagar, Coimbatore – 641 112.

Dr. V. Kamakshi Prasad, Professor, School of Information Technology,

JNTU-H, Kukatpally, Hyderabad – 500 085.

Ms. Malathi S.,

Country Leader - Academic Initiative, IBM Software Group, IBM India

Pvt. Ltd., No.12, Subramanya Arcade, Bannerghatta Road, Bangalore.

Sri C. Srinivas,

Associate Professor & Head, Department of C.S.e.,

G.V.P. College of Engg. for Women, Madhurawada, Visakhapatnam.

All faculty members of the Department.

GVPCE(A) M.Tech. Cyber Security 2013

M.TECH. ACADEMIC REGULATIONS (Effective for the students admitted into first year from the Academic Year 2013 - 14)

The M.Tech. Degree of Jawaharlal Nehru Technological University

Kakinada shall be recommended to be conferred on candidates who are

admitted to the program and fulfill all the following requirements for the

award of the Degree.

1.0 ELGIBILITY FOR ADMISSION:

Admission to the above program shall be made subject to the

eligibility, qualifications and specialization as per the guidelines

prescribed by the APSCHE and AICTE from time to time.

2.0 AWARD OF M.TECH. DEGREE:

a. A student shall be declared eligible for the award of the M.Tech.

degree, if he pursues a course of study and completes it

successfully for not less than two academic years and not more

than four academic years.

b. A student, who fails to fulfill all the academic requirements for

the award of the Degree within four academic years from the

year of his admission, shall forfeit his seat in M.Tech. Course.

c. The duration of each semester shall normally be 20 weeks with

5 days a week. A working day shall have 7 periods each of

50 minutes.

3.0 STRUCTURE OF THE PROGRAMME:

*Elective 1

Semester No. of Courses per Semester Credits

Theory + Lab

I (5 +1*) + 1 20

II (5+1*) + 1 20

III Seminar 02

III, IV Project Work 40

TOTAL 82


4.0 ATTENDANCE:

The attendance shall be considered subject wise.

a. A candidate shall be deemed to have eligibility to write his end

semester examinations in a subject if he has put in at least 75%

of attendance in that subject.

b. Shortage of attendance up to 10% in any subject (i.e. 65% and

above and below 75%) may be condoned by a Committee on

genuine and valid reasons on representation by the candidate

with supporting evidence.

c. Shortage of attendance below 65% shall in no case be

condoned.

d. A student who gets less than 65% attendance in a maximum of

two subjects in any semester shall not be permitted to take the

end- semester examination in which he/she falls short. His/her

registration for those subjects will be treated as cancelled. The

student shall re-register and repeat those subjects as and when

they are offered next.

e. If a student gets less than 65% attendance in more than two

subjects in any semester he/she shall be detained and has to

repeat the entire semester.

5.0 EVALUATION:

The performance of the candidate in each semester shall be

evaluated subject-wise with 100 marks for each theory subject

and 100 marks for each practical, on the basis of Internal

Evaluation and External End -Semester Examination.

The question paper of the external end semester examination

shall be set externally and valued both internally and externally.

If the difference between the first and second valuations is less

than or equal to 9 marks, the better of the two valuations shall

be awarded. If the difference is more than 9 marks, the scripts

are referred to third valuation and the corresponding marks are

awarded.

a. A candidate shall be deemed to have secured the minimum

academic requirement in a subject if he secures a minimum of

40% of marks in the End Semester Examination and aggregate

minimum of 50% of the total marks of the End Semester

Examination and Internal Evaluation taken together. 2


b. For the theory subjects, 60 marks shall be awarded based on the

performance in the End Semester examination and 40 marks

shall be awarded based on the Internal Evaluation. One part of

the internal evaluation shall be made based on the average of the

marks secured in the two internal examinations of 30 marks

each conducted one in the middle of the Semester and the other

immediately after the completion of instruction. Each mid-term

examination shall be conducted for a duration of 120 minutes

with 4 questions without any choice. The remaining 10 marks

are awarded through an average of continuous evaluation of

assignments / seminars / any other method, as notified by the

teacher at the beginning of the semester.

c. For practical subjects, 50 marks shall be awarded based on the

performance in the End Semester Examinations, 50 marks shall

be awarded based on the day-to-day performance as Internal

marks. A candidate has to secure a minimum of 50% in the

external examination and has to secure a minimum of 50% on

the aggregate to be declared successful.

d. There shall be a seminar presentation during III semester. For

seminar, a student under the supervision of a faculty

member(advisor), shall collect the literature on a topic and

critically review the literature and submit it to the Department in

a report form and shall make an oral presentation before the

Departmental Committee. The Departmental Committee shall

consist of the Head of the Department, advisor and two other

senior faculty members of the department. For Seminar, there

will be only internal evaluation of 50 marks. A candidate has to

secure a minimum of 50% to be declared successful.

e. In case the candidate does not secure the minimum academic

requirement in any subject (as specified in 5.a to 5.c), he has to

reappear for the End Examination in that subject. A candidate

shall be given one chance to re-register for each subject

provided the internal marks secured by a candidate in that

subject is less than 50% and he has failed in the end

examination. In such a case, the candidate must re-register for

the subject (s). In the event of re-registration, the internal marks

and end examination marks obtained in the previous attempt are

nullified. 3


f. In case the candidate secures less than the required attendance

in any subject(s), he shall not be permitted to appear for the End

Examination in those subject(s). He shall re-register for the

subject(s) when they are next offered.

g. Laboratory examination for M.Tech. subjects must be

conducted with two Examiners, one of them being Laboratory

Class Teacher and second examiner shall be other than the

Laboratory Teacher.

6.0 EVALUATION OF PROJECT / DISSERTATION WORK:

Every candidate shall be required to submit the thesis or

dissertation after taking up a topic approved by the

Departmental Research Committee (DRC).

a. A Departmental Research Committee (DRC) shall be

constituted with the Head of the Department as the Chairman

and two senior faculty as Members to oversee the proceedings

of the project work from allotment of project topic to

submission of the thesis.

b. A Central Research Committee (CRC) shall be constituted with

a Senior Professor as Chair Person, Heads of the Departments

which are offering the M.Tech. programs and two other senior

faculty members from the same department.

c. Registration of Project Work: A candidate is permitted to

register for the project work after satisfying the attendance

requirement of all the subjects (theory and practical subjects.)

d. After satisfying 6.0 c, a candidate has to submit, in consultation

with his project supervisor, the title, objective and plan of action

of his project work to the DRC for its approval. Only after

obtaining the approval of DRC the student can initiate the

Project work.

e. If a candidate wishes to change his supervisor or topic of the

project he can do so with the approval of the DRC. However,

the Departmental Research Committee shall examine whether

the change of topic/supervisor leads to a major change in his

initial plans of project proposal. If so, his date of registration

for the Project work shall start from the date of change of

Supervisor or topic as the case may be whichever is earlier. 4


f. A candidate shall submit and present the status report in two

stages at least with a gap of 3 months between them after

satisfying 6.0 d. The DRC has to approve the status report, for

the candidate to proceed with the next stage of work.

g. The work on the project shall be initiated in the beginning of the

second year and the duration of the project is for two semesters.

A candidate shall be permitted to submit his dissertation only

after successful completion of all theory and practical subject

with the approval of CRC but not earlier than 40 weeks from the

date of registration of the project work. For the approval by

CRC the candidate shall submit the draft copy of the thesis to

the Principal through the concerned Head of the Department and

shall make an oral presentation before the CRC.

h. Three copies of the dissertation certified by the Supervisor shall

be submitted to the College after approval by the CRC.

i. For the purpose of adjudication of the dissertation, an external

examiner shall be selected by the Principal from a panel of 5

examiners who are experienced in that field proposed by the

Head of the Department in consultation with the supervisor.

j. The viva-voce examination shall be conducted by a board

consisting of the supervisor, Head of the Department and the

external examiner. The board shall jointly report the candidate‟s

work as:

A. Excellent

B. Good

C. Satisfactory

k. If the adjudication report is not favorable, the candidate shall

revise and resubmit the dissertation, in a time frame prescribed

by the CRC. If the adjudication report is unfavorable again, the

dissertation shall be summarily rejected and the candidate shall

change the topic of the Project and go through the entire process

afresh.

7.0 AWARD OF DEGREE AND CLASS :

A candidate shall be eligible for the degree if he satisfies the

minimum academic requirements in every subject and secures

satisfactory or higher grade report on his dissertation and viva-

voce. 5


After a student has satisfied the requirements prescribed for the

completion of the program and is eligible for the award of M.Tech.

Degree, he shall be placed in one of the following three classes.

% of Marks secured Class Awarded

70% and above First Class with Distinction

60% and above but less than 70% First Class

50% and above but less than 60% Second Class

The grade of the dissertation shall be mentioned in the marks

memorandum.

8.0 WITHHOLDING OF RESULTS:

If the candidate has not paid any dues to the college or if any case

of indiscipline is pending against him, the result of the candidate

shall be withheld and he will not be allowed into the next higher

semester. The recommendation for the issue of the degree shall be

liable to be withheld in all such cases.

9.0 TRANSITORY REGULATIONS:

a. A candidate who has discontinued or has been detained for

want of attendance or who has failed after having studied the

subject is eligible for admission to the same or equivalent

subject(s) as and when subject(s) is/are offered, subject to 4.0

d, e and 2.0.

b. Credit equivalences shall be drawn for the students re-

admitted into 2013 regulations from the earlier regulations. A

Student has to register for the substitute / compulsory / pre-

requisite subjects identified by the respective Boards of

Studies.

c. The student has to register for substitute subjects, attend the

classes and qualify in examination and earn the credits.

d. The student has to register for compulsory subjects, attend

the classes and qualify in examination.

e. The student has to register for the pre-requisite courses,

attend the classes for which the evaluation is totally internal.

6


10.0 GENERAL

1. The academic regulations should be read as a whole for

purpose of any interpretation.

2. In case of any doubt or ambiguity in the interpretation of the

above rules, the decision of the Chairman, Academic

Council is final.

3. The College may change or amend the academic regulations

and syllabus at any time and the changes amendments made

shall be applicable to all the students with effect from the

date notified by the College.

4. Wherever the word he, him or his occur, it will also include

she, hers.

******

7


COURSE STRUCTURE SEMESTER - I

SEMESTER-II

8

Course

Code Theory / Lab L P C

13CS2201 Computer Networks 4 - 3

13CS2202 Computational Number Theory 4 - 3

13CS2203 Scripting Languages 4 - 3

13CS2204 Operating Systems Internals 4 - 3

13IT2111 Network Security and Cryptography 4 - 3

13CS2205

13CS2206

13CS2207

ELECTIVE – 1 1. Secure protocol Design

2. Public Key infrastructure and Trust

Management

3. Web Security

4 - 3

13CS2208 Cryptography and security Lab - 3 2

TOTAL 2 3 20

Course

Code Theory / Lab L P C

13CS2209 Security Threats & Vulnerabilities 4 - 3

13CS2210 Cyber Laws & Security Policies 4 - 3

13CS2106 Digital Forensics 4 - 3

13CS2211 Wireless Networks 4 - 3

13CS2212 Ethical Hacking 4 - 3

13CS2213

13CS2214

13CS2215

ELECTIVE -2 1. Biometric Security

2. Intrusion Detection Systems

3. Wireless and Mobile Security

4 - 3

13CS2216 Ethical hacking and Digital Forensic Tools Lab - 3 2

TOTAL 24 3 20


SEMESTER – III

Course Code SEMINAR/ PROJECT WORK CREDITS

13CS2217 SEMINAR 2

13CS2218 PROJECT WORK (Contd..) -

SEMESTER – IV

Course code PROJECT WORK CREDITS

13CS2218 PROJECT WORK 40

9


COMPUTER NETWORKS

Course code: 13CS2201 L P C

4 0 3

Pre requisites: ACA, DATA COMMUNICATION SYSTEM

Course Educational Objectives:

The main objective of this course is to make the student learn the design

of computer networks.

Course Outcomes:

A Student Who Successfully Completes This Course Should, at a

Minimum, Be Able To

1. Understand Basics of Computer Networks and different

Transmission Media.

2. Differentiate Protocols which play a major role in providing

internet effectively.

3. Understand various protocol layers and inner operations.

4. Understand architectures of network protocols.

5. Understand security issues in network protocols.

UNIT-I

NETWORK MODELS: Layered Tasks, WAN, LAN, MAN, OSI

model, TCP/ IP protocol stack, addressing (Text book 2), Novell

Networks Arpanet, Internet. (Text book 1).

PHYSICAL LAYER: Transmission media: copper, twisted pair,

wireless; switching and encoding asynchronous communications;

Narrow band ISDN, broad band ISDN and ATM. (Text book 1)

UNIT-II

DATA LINK LAYER: Design issues, framing, error detection and

correction, CRC, Elementary data link protocols, Sliding Window

Protocol, Slip, HDLC, Internet, and ATM.

MEDIUM ACCESS SUB LAYER: Random access, Controlled access,

Channelization, IEEE 802.X Standards, Ethernet, wireless LANS,

Bridges. (Text book 2)

10


UNIT-III

NETWORK LAYER: Network Layer Design Issues, Routing

Algorithms, Internetworking, Network Layer in Internet. (Text book-1)

CONGESTION CONTROL: General Principles, policies, traffic

shaping, flow specifications,

Congestion control in virtual subnets, choke packets, loads shedding,

jitter control.(Text book-2)

UNIT-IV

TRANSPORT LAYER: Transport Services, Elements of Transport

Protocols, Internet Transport Protocols (TCP & UDP); ATM AAL Layer

Protocol.(Text book-1)

APPLICATION LAYER: Network Security, Domain name system,

SNMP, Electronic Mail: the World WEB, Multi Media

UNIT-V

SONET/SDH: SONET/SDH Architecture, SONET Layers, SONET

Frames, STS Multiplexing, SONET Networks.

TEXT BOOKS:

1. Andrew S Tanenbaum: Computer Networks ,6th

Edition. Pearson

Education/PI, 2012.

2. 2 .Behrouz A. Forouzan : Data Communications and Networking,

4th

Edition TMH, 2012.

REFERENCES:

1. S.Keshav: An Engineering Approach to Computer Networks, 2nd

Edition, Pearson Education, 2001.

2. William, A. Shay : Understanding communications and Networks,

3rd Edition, Thomson Publication, 2006

11


COMPUTATIONAL NUMBER THEORY


4 0 3

Pre requisites: Number theory basics, Security issues.


This course offers a study of divisibility, the division algorithm, Euclid‟s

algorithm, prime numbers, congruence‟s, number theoretic functions,

and quadratic reciprocity.

Course Outcomes:

A Student Who Successfully Completes This Course Should, At a

Minimum, Be Able To

1. Develop the mathematical skills to solve number theory problems

and to develop the mathematical skills of divisions, congruence‟s,

and number functions.

2. Learn the history of number theory and its solved and unsolved

problems.

3. Investigate applications of number theory and the use of computers

in a Number theory.

4. Estimate the time and space complexities of various Secure

Algorithms.

5. Learn various factorization and logarithmic methods.

UNIT-I

Topics in elementary number theory: O and Ω notations – time estimates

for doing arithmetic – divisibility and the Euclidean algorithm –

Congruence‟s: Definitions and properties – linear congruence‟s ,

residue classes, Euler‟s phi function

UNIT-II

Fermat‟s Little Theorem – Chinese Remainder Theorem –

Applications to factoring – finite fields – quadratic residues and

reciprocity: Quadratic residues – Legendre symbol – Jacobi symbol.

Enciphering Matrices – Encryption Schemes – Symmetric and

Asymmetric Cryptosystems – Cryptanalysis – Block ciphers –Use of

Block Ciphers. 12


UNIT-III

Multiple Encryption – Stream Ciphers –Affine cipher – Vigenere, Hill,

and Permutation Cipher – Secure Cryptosystem. Public Key

Cryptosystems: The idea of public key cryptography – The Diffie–

Hellman Key Agreement Protocol - RSA Cryptosystem – Bit security of

RSA – ElGamal Encryption

UNIT-IV

Discrete Logarithm – Knapsack problem – Zero-Knowledge Protocols

– From Cryptography to Communication Security - Oblivious Transfer.

Primality and Factoring: Pseudo primes – the rho (γ) method – Format

factorization and factor bases.

UNIT-V The continued fraction method – the quadratic sieve method. Number

Theory and Algebraic Geometry: Elliptic curves – basic facts –

elliptic curve cryptosystems – elliptic curve primality test – elliptic

curve factorization.

TEXT BOOKS:

1. Neal Koblitz: “A Course in Number Theory and Cryptography”,

2nd

Edition, Springer,2002.

2. Johannes A. Buchman: “Introduction to Cryptography”, 2nd

Edition, Springer, 2004.

REFERENCES:

1. Serge Vaudenay: “Classical Introduction to Cryptography –

Applications for Communication Security”, Springer, 2006.

2. Victor Shoup: “A Computational Introduction to Number

Theory and Algebra”, Cambridge University Press, 2005.

3. A. Manezes, P. Van Oorschot and S. Vanstone: “Hand Book of

Applied Cryptography”, CRC Press, 1996.

13


SCRIPTING LANGUAGES

Course Code: 13CS2203 L P C

4 0 3

Pre requisites: Any programming course, knowledge of Unix

and PC environments

Course Educational Objectives: 1. This course emphasizes programming using scripting languages

for the purpose of collecting and manipulating system information

by system administrators and managers.

2. Programming concepts such as data types and control structures

will be discussed as well as operating system commands.

3. A variety of languages and utilities will be discussed such as the

Bourne shell, Perl, awk, and the Common Gateway Interface. The

student is expected to have programming experience and

knowledge of the Unix and PC environments.

Course Outcomes:

Upon successful completion of this course, the students:

1. Understand the scripting language paradigm.

2. Know the tradeoffs (advantages and disadvantages) of scripting

versus traditional programming.

3. Are proficient programmers in at least two scripting

tools/languages, including bash and Perl.

4. Can write scripts using Unix/bash / perl.

5. Understand crypto system like encryption and decryption with

scripting Languages.

UNIT- I

Introduction to PERL and Scripting- Scripts and Programs, Origin of

Scripting , Scripting Today, Characteristics of Scripting Languages,

Web Scripting, and the universe of Scripting Languages.

UNIT- II

PERL- Names and Values, Variables, Scalar Expressions, Control

Structures, arrays, list, hashes, strings, pattern and regular expressions,

subroutines, advance perl - finer points of looping, pack and unpack. 14


UNIT- III

File system, eval, data structures, packages, modules, objects,

interfacing to the operating system, Creating Internet ware applications,

Dirty Hands Internet Programming, security Issues.

PHP Basics- Features, Embedding PHP Code in your Web pages,

Outputting the data to the

browser, Data types, Variables, Constants, expressions, string

interpolation, control structures.

Function ,Creating a Function, Function Libraries ,Arrays ,strings and

Regular Expressions.

UNIT- IV

Advanced PHP Programming-Php and Web Forms, Files, PHP

Authentication and Methodologies -Hard Coded, File Based, Database

Based, IP Based, Login Administration, Uploading Files with PHP,

Sending Email using PHP, PHP Encryption Functions, the Mcrypt

package, Building Web sites for the World

UNIT – V TCL – Tk: TCL Structure, syntax, Variables and Data in TCL, Control

Flow, Data Structures, input/output, procedures , strings , patterns, files,

Advance TCL- eval, source, exec and up level commands, Name spaces,

trapping errors, event driven programs, making applications internet

aware, Nuts and Bolts Internet Programming, Security Issues, C

Interface.

TEXT BOOKS:

1. David Barron: “The World of Scripting Languages”, 1st Edition,

Wiley Publications, 2009.

2. Steve Holden and David Beazley: “Python Web Programming”,

1st Edition, New Riders Publications.

3. Jason Gilmore: “Beginning PHP and MySQL”, 3rd

Edition, Apress

Publications (Dream tech.).

REFERENCES:

1. J.Lee and B.Ware: “Open Source Web Development with LAMP

using Linux, Apache,MySQL,Perl and PHP” , 1st Edition, Pearson

Education, 2002.

2. M.Lutz : “Programming Python”,SPD.

3. Julie Meloni and Matt Telles: “ PHP 6 Fast and Easy Web

Development ” , 1st Edition, Cengage Learning Publications, 2008.

15


OPERATING SYSTEMS INTERNALS


4 0 3

Pre requisites: Operating systems, Computer Networks, Android


This Course aims in Describing process creation, execution, and

termination and Discuss kernel thread scheduling and preemption the

placement policies that the UNIX file system (UFS) uses to place inodes

and blocks of data.

Course Outcomes:

By the end of the course student will gain knowledge on

1. UINIX O.S. Architecture and internals of Unix O.S.

2. System calls which explore networking and security Applications.

3. Process and inner mechanism with processes security issues in

operating system.

4. Inter process communication mechanism

5. Android mobiles inner process system.

UNIT – I

Introduction to Kernel - Architecture of the UNIX operating

system, System concepts, Data structures. Buffer Cache: Buffer

header, Structure of Buffer pool, Reading and writing disk blocks.

Files INODES, Structure of a regular file, Directories, Super block,

Inode assignment. System calls - OPEN, Read, Close, Write,

Create, CHMOD, CHOWN, Pipes, Mounting and Unmounting

UNIT – II Process - Layout the system memory, Context, Process control, process

creation, signals, Process scheduling, time, clock. Inter-Process

Communications - Process tracing, System V IPC, Shared Memory,

Semaphores.

UNIT – III Network Communications - Socket programming: Sockets,

descriptors, Connections, Socket elements, Stream and Datagram

Sockets. 16


UNIT – IV Windows Operating system - versions, Concepts and tools,

Windows internals, System Architecture, Requirements and design

goals, Operating system model, Architecture overview.

Key system components. System mechanisms - Trap dispatching,

object manager, Synchronization, System worker threads, Windows

global flags, Local procedural calls, Kernel

event tracing.

UNIT – V

what is android, basic building blocks – activities, services, broadcast

receivers & content, ui components- views & notifications, components

for communication -intents & intent filters, android api levels launching

emulator editing emulator settings emulator shortcuts log cat usage,

Applications of Android.

TEXT BOOKS:

1. Maurice J. Bach: “The Design of the Unix Operating System”,

Prentice Hall of India, 1991.

2. Mark E. Russinovich and David A. Solomon: “Microsoft®

Windows® Internals”, 4th

Edition, Microsoft Press, 2004.

REFERENCES:

1. W. Stallings: “Operating Systems: Internals and Design

Principles”, 5th

Edition, Prentice Hall, 2005.

2. A. Tanenbaum, A. Woodhull: “Operating Systems Design and

Implementation”, 3rd

Edition, Prentice Hall, 2006.

17


NETWORK SECURITY AND CRYPTOGRAPHY

Course code: 13IT2111 L P C

4 0 3

Pre requisites: Discrete Mathematical Structures.


To gives an idea about the security issues and how to secure the

information from unauthorized users and they implement the respective

algorithms. Upon completion of this course, the student should be able

to:1. Analyze basic Encryption and Decryption algorithms.

2. Understand cryptographic data integrity algorithms.

3. Understand Key management and distribution of keys.

4. Understand security in the web, e-mail security.

5. Understand intrusion detection, malicious software and firewalls.

Course Outcomes:

At the end of the course the student will be able to

1. Understand various attacks, services, mechanisms and various

conventional and modern encryption techniques. 2. Analyze conventional encryption system and various algorithms in it.

3. Understand number theory and various algorithms and theorems

involved in it.

4. Understand Hash and Mac algorithms and authentication

applications.

5. Analyze IP Security Overview and Intruders, Viruses and Worms.

UNIT-I

Introduction: Attacks, Services and Mechanisms, Security attacks,

Security services, A Model for Internetwork security. Classical

Techniques: Conventional Encryption model, Steganography, Classical

Encryption Techniques.

Modern Techniques: Simplified DES, Block Cipher Principles, Data

Encryption standard, Strength of DES, Differential and Linear

Cryptanalysis, Block Cipher Design Principles and Modes of operations.

Algorithms: Triple DES, International Data Encryption algorithm,

Blowfish, RC5, CAST-128, RC2, Characteristics of Advanced

Symmetric block ciphers. 18


UNIT-II

Conventional Encryption: Placement of Encryption function, Traffic

confidentiality, Key distribution, Random Number Generation. Public

Key Cryptography: Principles, RSA Algorithm, Key Management,

Diffie-Hellman Key exchange, Elliptic Curve Cryptography.

UNIT-III

Number theory: Prime and Relatively prime numbers, Modular

arithmetic, Fermat‟s and Euler‟s theorems, Testing for primality ,

Euclid‟s Algorithm, the Chinese remainder theorem, Discrete

logarithms. Message authentication and Hash functions: Authentication

requirements and functions, Message Authentication, Hash functions,

Security of Hash function and MACs.

UNIT-IV

Hash and Mac Algorithms: MD File, Message digest Algorithm,

Secure Hash Algorithm, RIPEMD-160, HMAC. Digital signatures and

Authentication protocols: Digital signatures, Authentication Protocols,

Digital signature standards.

Authentication Applications: Kerberos, X.509 directory

Authentication service. Electronic Mail Security: Pretty Good Privacy,

S/MIME.

UNIT-V

IP Security: Overview, Architecture, Authentication, Encapsulating

Security Payload Combining security Associations, Key Management.

Web Security: Web Security requirements, Secure sockets layer and

Transport layer security, Secure Electronic Transaction.

Intruders, Viruses and Worms: Intruders, Viruses and Related threats.

Fire Walls: Fire wall Design Principles, Trusted systems.

Text books:

1. William Stallings, Cryptography and Network Security Principles

and Practices, 5th

Edition, PHI/Pearson, 2011.

2. William Stallings, Network Security Essentials Applications and

Standards, 4th


19


References:

1. Eric Maiwald, Fundamentals of Network Security, 1 Edition,

Dreamtech press, 2008.

2. Charlie Kaufman, Radia Perlman and Mike Speciner, Network

Security Private Communication in a Public World, 2nd

Edition,

Pearson/PHI, 2009.

3. Whitman, Principles of Information Security, 3rd

Edition,

Thomson, 2008.

4. Robert Bragg, Mark Rhodes, Network Security The complete

Reference, 4th

Edition, TMH, 2009.

5. Buchmann, Introduction to Cryptography, 2nd

Edition,

Springer, 2009.

20


SECURE PROTOCOL DESIGN

(ELECTIVE – 1)


4 0 3

Pre requisites: Network security, Computer Networks.

Course Educational objectives:

The main objective of this course is that to explore various protocols and

design of various protocols with deeper security.

Course Outcomes:

By the end of the course Student will

1. Get the exposure to various protocols.

2. Gain knowledge on various secure mechanisms through set of

protocols.

3. Efficiently design new set of protocols.

4. Learn Security issues and overcome means with protocols.

UNIT – I

OSI:ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP,

SHTTP, LDAP, MIME,-POP& POP3-RMON-SNTP-SNMP.

Presentation Layer Protocols-Light Weight Presentation

Protocol Session layer protocols.

UNIT – II

RPC protocols-transport layer protocols-ITOT, RDP, RUDP, TALI,

TCP/UDP, compressed TCP. Network layer Protocols – routing

protocols-border gateway protocol-exterior gateway protocol-internet

protocol IPv4- IPv6- Internet Message Control Protocol- IRDP-

Transport Layer Security-TSL-SSL-DTLS

UNIT – III

Data Link layer Protocol – ARP – In ARP – IPCP – IPv6CP – RARP –

SLIP .Wide Area and Network Protocols- ATM protocols – Broadband

Protocols – Point to Point Protocols – Other

WAN Protocols- security issues.

21


UNIT – IV

Local Area Network and LAN Protocols – ETHERNET Protocols –

VLAN protocols – Wireless

LAN Protocols – Metropolitan Area Network Protocol – Storage Area

Network and SAN

UNIT – V

Protocols -FDMA, WIFI and WIMAX Protocols- security issues.

Mobile IP – Mobile Support

Protocol for IPv4 and IPv6 – Resource Reservation Protocol. Multi-

casting Protocol – VGMP –

IGMP – MSDP .Network Security and Technologies and Protocols –

AAA Protocols – Tunneling Protocols – Secured Routing Protocols –

GRE- Generic Routing Encapsulation – IPSEC – Security.

TEXT BOOKS:

1. Jawin: “Networks Protocols Handbook”, 3rd Edition, Jawin

Technologies Inc., 2005.

2. Bruce Potter and Bob Fleck : “802.11 Security”, 1st Edition,

O‟Reilly Publications, 2002.

REFERENCES:

1. Ralph Oppliger :“SSL and TSL: Theory and Practice”, 1st Edition,

Arttech House, 2009.

2. Lawrence Harte: “Introduction to CDMA- Network services

Technologies and Operations”, 1st Edition, Althos Publishing,

2004.

3. Lawrence Harte: “Introduction to WIMAX”, 1st Edition, Althos

Publishing, 2005.

22


PUBLIC KEY INFRASTRUCTURE AND TRUST

MANAGEMENT

(ELECTIVE – 1) Course code: 13CS2206 L P C

4 0 3

Prerequisites: Network security.


The goal of this course is to enable the student to understand the

foundational elements and complexity of a public key infrastructure.

Course Outcomes:

By the end of the course student can

1. Distinguish between public key technology and a public key

infrastructure.

2. Understand the relationship of identity management to PKI

3. Understand the components of a public key infrastructure.

4. Understand the issues related to Trust management mechanisms.

5. Understand Secure Crypto protocols like SSL and so on.

UNIT – I

Uses of cryptography, the concept devil and Alice. Principle of

Cryptography. PKCS standards IEEE P1363, Block cipher modes

of operation and data transformation for asymmetrical algorithms,

Data transformation for RSA algorithm, Cryptographic Protocols,

Protocol properties, Attributes of cryptographic protocols.

UNIT – II

Crypto Hardware and software, Smart cards, Universal Crypto

interface, Real world attacks, Evaluation and certification, Public Key

Infrastructure, PKI Works.

UNIT – III

Directory service, Requesting certificate revocation information,

Practical Aspects Of PKI Construction- The course of construction

of PKI, Basic questions about PKI construction,

The most important PKI suppliers.

23


UNIT – IV

The internet and the OSI model-

The OSI model, Crypto standards for OSI Layers 1 and 2-Crypto

extensions for ISDN (Layer 1), Cryptography in the GSM standard

(Layer 1), Crypto extensions for PPP (Layer 2), Virtual private

networks.

UNIT – V

IPsec and IKE, IPsec, IKE, SKIP, Critical assessment of IPsec, Virtu

al private network with IPsec,SSL, TLS AND WTLS (Layer 4)-

SSL working method, SSL protocol operation,

Successful SSL, Technical comparison between IPsec and SSL, WTLS.

TEXT BOOKS:

1. Klaus schmeh:“Cryptography and public key infrastructure on

the internet”, 1st Edition, Allied Publishers, 2004.

REFERENCES:

1. Wenbo Mao: “Modern Cryptography : theory and practice”, 1st


24


WEB SECURITY

(ELECTIVE – 1) Course Code: 13CS2207 L P C

4 0 3

Pre requisites: Network security and Cryptography, and proficiency in

Java and web programming Languages.

Course Educational Objectives: The main objective of this course is that to give exposure to various

security threats to web servers and providing security to web servers.

Course Outcomes:

By the completion of this course, Student will

1. Understand security concepts, security professional roles, and

security resources in the context of systems and security

development life cycle

2. Understand applicable laws, legal issues and ethical issues

regarding computer crime

3. Understand the business need for security, threats, attacks, top ten

security vulnerabilities, and secure software development

4. Understand information security policies, standards and practices,

the information security blueprint.

5. Analyze and describe security requirements for typical web

application scenario.

UNIT – I

Introduction- A web security forensic lesson, Web languages,

Introduction to different web

attacks. Overview of N-tier web applications, Web Servers: Apache, IIS,

Database Servers.

UNIT – II Review of computer security, Public Key cryptography, RSA. Review of

Cryptography Basics, On-line Shopping, Payment Gateways.

25


UNIT – III

Web Hacking Basics HTTP & HTTPS URL, Web Under the Cover

Overview of Java security

Reading the HTML source, Applet Security Servlets Security.

Symmetric and Asymmetric Encryptions, Network security Basics,

Firewalls & IDS

UNIT – IV

Basics, Securing databases, Secure JDBC, Securing Large Applications,

Cyber Graffiti.

Case study on various web forensic tools like helix 3.0, deft_6.1,related

web tools.

UNIT – V Introduction to Information Hiding: Technical Steganography,

Linguistic Steganography, Copy Right Enforcement, Wisdom from

Cryptography Principles of Steganography: Framework for Secret

Communication, Security of Steganography System, Information Hiding

in Noisy Data, Adaptive versus non-Adaptive Algorithms, Active and

Malicious Attackers, Information hiding in Written Text.

TEXT BOOKS:

1. 1.McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking

: attacks and defense. Addison Wesley. 2003.

2. Garms, Jess and Daniel Somerfield. Professional Java Security.

Wrox. 2001.

Related Web Sites:

1. 1.Collection of Cryptography Web Sites, Publications, FAQs, and

References:

http://world.std.com/~franl/crypto.html

2. FAQ: What is TLS/SSL?

http://www.mail.nih.gov/user/faq/tlsssl.htm.

3. The Open SSL Project (SDKs for free download):

http://www.openssl.org/

26

http://world.std.com/~franl/crypto.html

http://www.mail.nih.gov/user/faq/tlsssl.htm

http://www.openssl.org/


CRYPTOGRAPHY AND SECURITY LAB


0 3 2

Pre requisites: Network security and Cryptography, CPC.


The objective of this course is that to understand the principles of

encryption algorithms, conventional and public key cryptography

practically with real time applications.

Course Outcomes:

By the end of the course students will

1. Know the methods of conventional encryption.

2. Understand the concepts of public key encryption and number

theory

3. Understand various applications of cryptography and security

issues practically.

The following programs should be implemented preferably on platform

Windows/Unix using C

language (for 1-5) and other standard utilities available with UNIX

systems (for 6-15) :-

1. Implement the encryption and decryption of 8-bit data using

Simplified DES Algorithm (created by Prof. Edward Schaefer) in C

2. Write a program to break the above DES coding

3. Implement Linear Congruential Algorithm to generate 5 pseudo-

random numbers in C

4. Implement Rabin-Miller Primality Testing Algorithm in C

5. Implement the Euclid Algorithm to generate the GCD of an array of

10 integers in C

6. a)Implement RSA algorithm for encryption and decryption in C

b) In an RSA System, the public key of a given user is e=31,n=3599.

Write a program to find private key of the User.

7. Configure a mail agent to support Digital Certificates, send a mail

and verify the correctness of this system using the configured

parameters. 27


8. Configure SSH (Secure Shell) and send/receive a file on this

connection to verify the correctness of this system using the

configured parameters.

9. Configure a firewall to block the following for 5 minutes and verify

the correctness of this system using the configured parameters:

(a) Two neighborhood IP addresses on your LAN

(b) All ICMP requests

(c) All TCP SYN Packets

10. Configure S/MIME and show email-authentication.

11. Implement encryption and decryption with openssl.

12. Implement Using IP TABLES on Linux and setting the filtering

rules.

13. Implementation of proxy based security protocols in C or C++ with

features like Confidentiality, integrity and authentication.

14. Working with Sniffers for monitoring network communication

(Ethereal)

15. Using IP TABLES on Linux and setting the filtering rules

28


SECURITY THREATS & VULNERABILITIES


4 0 3

Pre requisites: Network security


The main objective of this course is that to provide security to various

systems by identifying various Types of threats and vulnerabilities.

Course Outcomes:

By the end of the course

1. The Student will gain the knowledge on various security threats

and issues and how to overcome those issues.

2. The student will get the capability to handle various attackers and

crime issues.

3. Learning various issues involved in threats overcome methods.

4. Learning Forensic analysis and risk analysis.

5. Learn inner security issues involved in mail agents, viruses and

worms.

UNIT – I Introduction: Security threats - Sources of security threats- Motives -

Target Assets and

Vulnerabilities. Consequences of threats- E-mail threats - Web-threats -

Intruders and Hackers,

Insider threats, Cyber crimes.

UNIT – II Network Threats: Active/ Passive – Interference – Interception –

Impersonation – Worms –

Virus – Spam‟s – Ad ware - Spy ware – Trojans and covert channels –

Backdoors – Bots - IP

Spoofing - ARP spoofing - Session Hijacking - Sabotage-Internal treats-

Environmental threats -

Threats to Server security.

29


UNIT – III

Security Threat Management: Risk Assessment - Forensic Analysis -

Security threat correlation

– Threat awareness - Vulnerability sources and assessment-

Vulnerability assessment tools -

Threat identification - Threat Analysis - Threat Modeling - Model for

Information Security Planning.

UNIT – IV

Security Elements: Authorization and Authentication - types, policies

and techniques - Security

certification - Security monitoring and Auditing - Security Requirements

Specifications - Security Policies and Procedures, Firewalls, IDS, Log

Files, Honey Pots

UNIT – V Access control, Trusted Computing and multilevel security - Security

models, Trusted Systems,

Software security issues, Physical and infrastructure security, Human

factors – Security awareness, training, Email and Internet use policies.

TEXT BOOKS:

1. Swiderski, Frank and Syndex: “Threat Modeling”, 1st Edition,

Microsoft Press, 2004.

2. Joseph M Kizza: “Computer Network Security”, 1st Edition,

Springer, 2010.

3. William Stallings and Lawrie Brown: “Computer Security:

Principles and Practice”, 2nd

Edition Prentice Hall, 2008.

REFERENCES:

1. Lawrence J Fennelly : “Handbook of Loss Prevention and Crime

Prevention” 5th

Edition, Butterworth-Heinemann,2012.

2. Tipton Ruthbe Rg : “Handbook of Information Security

Management”, 6th

Edition, Auerbach Publications,2010.

3. Mark Egan : “The Executive Guide to Information Security” , 1st

Edition, Addison-Wesley Professional,2004.

30


CYBER LAWS AND SECURITY POLICIES


4 0 3

Pre requisites: Cyber Laws.


The Objectives Of This Course Is To Enable Learner To Understand,

Explore, And Acquire A Critical Understanding Cyber Law. Develop

Competencies For Dealing With Frauds And Deceptions (Confidence

Tricks, Scams) And Other Cyber Crimes For Example, Child

Pornography Etc. That Are Taking Place Via The Internet.

Course Outcomes:

1. Make Learner Conversant With The Social And Intellectual

Property Issues Emerging From „Cyberspace.

2. Explore The Legal And Policy Developments In Various

Countries To Regulate Cyberspace;

3. Develop The Understanding Of Relationship Between Commerce

And Cyberspace; And

4. Give Learners In Depth Knowledge Of Information Technology

Act And Legal Frame Work Of Right To Privacy, Data Security

And Data Protection.

5. Make Study On Various Case Studies On Real Time Crimes.

UNIT – I

Introduction to Cyber Law Evolution of Computer Technology :

Emergence of Cyber space. Cyber Jurisprudence, Jurisprudence and law,

Doctrinal approach, Consensual approach, Real Approach, Cyber Ethics,

Cyber Jurisdiction, Hierarchy of courts, Civil and criminal jurisdictions,

Cyberspace-Web space, Web hosting and web Development agreement,

Legal and Technological Significance of domain Names, Internet as a

tool for global access.

UNIT – II

Information technology Act : Overview of IT Act, 2000, Amendments

and Limitations of IT Act, Digital Signatures, Cryptographic Algorithm,

Public Cryptography, Private Cryptography, Electronic Governance,

Legal Recognition of Electronic Records, Legal Recognition of Digital

Signature Certifying Authorities, Cyber Crime and Offences, Network

Service Providers Liability, Cyber Regulations Appellate Tribunal,

Penalties and Adjudication. 31


UNIT – III

Cyber law and related Legislation : Patent Law, Trademark Law,

Copyright, Software – Copyright or Patented, Domain Names and

Copyright disputes, Electronic Data Base and its Protection, IT Act and

Civil Procedure Code, IT Act and Criminal Procedural Code, Relevant

Sections of Indian Evidence Act, Relevant Sections of Bankers Book

Evidence Act, Relevant Sections of Indian Penal Code, Relevant

Sections of Reserve Bank of India Act, Law Relating To Employees

And Internet, Alternative Dispute Resolution , Online Dispute

Resolution (ODR).

UNIT – IV

Electronic Business and legal issues: Evolution and development in E-

commerce, paper vs paper less contracts E-Commerce models- B2B,

B2C,E security.

Application area: Business, taxation, electronic payments, supply

chain, EDI, E-markets, Emerging Trends.

UNIT – V

Case Study On Cyber Crimes: Harassment Via E-Mails, Email

Spoofing (Online A Method Of Sending E-Mail Using A False Name Or

E-Mail Address To Make It Appear That The E-Mail Comes From

Somebody Other Than The True Sender, Cyber Pornography

(Exm.MMS),Cyber-Stalking.

TEXT BOOKS :

1 .K.Kumar,” Cyber Laws: Intellectual property & E Commerce,

Security”,1st Edition, Dominant Publisher,2011.

2. Rodney D. Ryder, “ Guide To Cyber Laws”, Second Edition,

Wadhwa And Company, New Delhi, 2007.

3. Information Security policy &implementation Issues, NIIT, PHI.

REFERENCES :

1. Vakul Sharma, "Handbook Of Cyber Laws" Macmillan India Ltd,

2nd

Edition,PHI,2003.

2. Justice Yatindra Singh, " Cyber Laws", Universal Law Publishing,

1st Edition,New Delhi, 2003.

3. Sharma, S.R., “Dimensions Of Cyber Crime”, Annual Publications

Pvt. Ltd., 1st Edition, 2004.

4. Augastine, Paul T.,” Cyber Crimes And Legal Issues”, Crecent

Publishing Corporation, 2007. 32


DIGITAL FORENSICS


4 0 3

Pre requisites: Secure Protocols, Image processing.

Course Educational Objectives: The main objective of the course is to introduce the students to bring

awareness in crimes and tracing the attackers.

1. Define digital forensics from electronic media.

2. Describe how to prepare for digital evidence investigations and

explain the differences between law enforcement agency and

corporate investigations.

3. Explain the importance of maintaining professional conduct

Course Outcomes: Upon completion, the student will be able to

1. Utilize a systematic approach to computer investigations.

2. Utilize various forensic tools to collect digital evidence.

3. Perform digital forensics analysis upon Windows, MAC and

LINUX operating systems

4. Perform email investigations.

5. Analyze and carve image files both logical and physical

UNIT – I

Introduction & evidential potential of digital devices – Key

developments, Digital devices in society, Technology and culture,

Comment, Closed vs. open systems, evaluating digital evidence

potential.

Device Handling & Examination Principles: Seizure issues, Device

identification, Networked devices, Contamination, Previewing, Imaging,

Continuity and hashing, Evidence locations.

UNIT – II

A sevenelement security model, A developmental model of digital sys

tems, Knowing, Unknowing, Audit and logs , Data content, Data

context. Internet & Mobile Devices The ISO / OSI model, The internet

protocol suite, DNS, Internet applications, Mobile phone PDAs, GPS,

Other personal technology. 33


UNIT – III Introduction to Computer Forensics, Use of Computer Forensics in Law

Enforcement, Computer Forensics Assistance to Human Resources /

Employment Proceedings, Computer Forensics Services, Benefits of

Professional Forensics Methodology, Steps Taken by Computer Forensics

Specialists, Who Can Use Computer Forensic Evidence?,

Case Histories, Case Studies.

UNIT – IV

Types of Military Computer Forensic Technology, Types of Law

Enforcement: Computer Forensic Technology, Types of Business

Computer Forensic Technology, Specialized Forensics Techniques,

Hidden Data and How to Find It, Spyware and Adware, Encryption

Methods and Vulnerabilities, Protecting Data from Being Compromised,

Internet Tracing Methods 65.

UNIT – V

Homeland Security Systems. Occurrence of Cyber Crime, Cyber

Detectives, Fighting Cyber Crime withRisk Management

Techniques, Computer Forensics Investigative Services, Forensic

Process Improvement, Course Content, Case Histories.

TEXT BOOKS:

1. Angus M.Mashall, “Digital Forensics”, 2nd

Edition,Wiley-

Blackwell, A John Wiley & Sons Ltd Publication, 2008.

2. John R. Vacca, “ Computer forensics : Computer Crime Scene

Investigation”, 2nd

Edition, Charles River Media, Inc. Boston,

Massachusetts.

REFERENCES:

1. Michael G. Noblett; Mark M. Pollitt, Lawrence A. Presley

(October 2000), "Recovering and examining computer forensic

evidence", Retrieved 26 July 2010.

2. Leigland, R (September 2004). "A Formalization of Digital

Forensics".(Pdf document ).

3. Geiger, M (March 2005). "Evaluating Commercial Counter-

Forensic Tools" (Pdf document). 34


WIRELESS NETWORKS


4 0 3

Pre requisites : Computer Networks.

Course Educational Objectives: The main objective of this course is

that to teach the fundamentals of connectivity and communication of

computers.

Course Outcomes:

1. To give exposure on different issues involved in setting up

different types of networks of computers.

2. Students will gain knowledge on various wireless protocols and

wifi technologies.

3. To give exposure on issues involved in MANETS.

4. To give an understanding of GPS mechanisms and issues.

5. To give exposure on various wireless and mobile protocols and

their design issues

UNIT-I

WIRELESS COMMUNICATIONS STANDARD: Wireless

Communication Standard-First, Second and Third Generation Wireless

Communication Network, Coverage Extension, Types; Characterization

of Wireless Channels-multipath Propagation, Linear Time Variant,

Channel Model, Channel Correlation Function, Large Scale Path Loss

and Shadowing, Fading.

UNIT-II

BAND PASS TRANSMISSION TECHNIQUE FOR MOBILE RADIO:

Band pass Transmission Technique for Mobile Radio- Signal Space and

Decision Region, Digital Modulation-MPSK, MSK, GMSK,OFDA,

Power Spectral Density, Probability of Transmission Error; Receiver

Technique for Fading Dispersive Channels

UNIT-III

FREQUENCY REUSE AND MOBILITY MANAGEMENT: Frequency

reuse and mobility Management, Cell Cluster Concept, Co Channel and

Adjacent Channel Interference, Call Blocking and Delay at Cell Site,

Cell Splitting, Sectoring. 35


UNIT-IV

MULTIPLE ACCESS TECHNIQUE: Multiple Access Technique,

Random Access, Carrier Sense Multiple Access (CSMA), Conflict Free

Multiple Access Technology and Spectral Efficiency-FDMA, TDMA,

CDMA,Mobility management and In wireless network-CAC, Handoff

Management, Location Management for Cellular Network and PCS

network, Traffic calculation.

UNIT-V

WIRELESS INTERNETWORKING: Wireless Internetworking-Mobile

IP, Internet Protocol (IP), Transmission Control Protocol (TCP),

Network Performance, Wireless Application Protocol(WAP) , Mobile

AD HOC Network Characteristics of MANETs, Table-driven and

Source-initiated On Demand routing protocols, Hybrid protocols,

Wireless Sensor networks- Classification, MAC and Routing protocols.

TEXT BOOKS:

1. William Stallings: "Wireless Communications and networks"

Pearson / Prentice Hall of India, 2nd

Edition, 2007.

2. Mark & Zuang : “Wireless communication & networking”,

Prentice Hall , 1st Edition, PHI , 2006.

REFERENCES:

1. Jim Geier: “Wireless Networks first-step”,2nd Edition Pearson,

2005.

2. Sumit Kasera et al: “2.5G Mobile Networks: GPRS and EDGE”,

3rd

Edition TMH, 2008.

3. Matthew S.Gast: “802.11 Wireless Networks”, O‟Reilly, 2nd

Edition, 2006.

4. Theodore s. Rappaport: “Wireless Communications –principles

and practice”, 2nd

Edition, PHI, 200

36


ETHICAL HACKING


4 0 3

Pre requisites : Information Security.


The main objective of this course is to render every database based

transaction safe, secure and simple. We aim to transform the internet

security industry by infusing professionalism and a never before seen

efficiency.

Course Outcomes:

By the end of the course students will

1. Learn various hacking methods.

2. Perform system security vulnerability testing.

3. Perform system vulnerability exploit attacks.

4. Produce a security assessment report

5. Learn various issues related to hacking.

UNIT-I

Hacking Windows: BIOS Passwords, Windows Login Passwords,

Changing Windows Visuals, Cleaning Your Tracks, Internet Explorer

Users, Cookies, URL Address Bar, Netscape Communicator, Cookies,

URL History, The Registry, Baby Sitter Programs.

UNIT-II

Advanced Windows Hacking: Editing your Operating Systems by

editing Explorer.exe, The Registry, The Registry Editor, Description of

.reg file, Command Line Registry Arguments, Other System Files, Some

Windows & DOS Tricks, Customize DOS, Clearing the CMOS without

opening your PC, The Untold Windows Tips and Tricks Manual, Exiting

Windows the Cool and Quick Way, Ban Shutdowns: A Trick to Play,

Disabling Display of Drives in My Computer, Take Over the Screen

Saver, Pop a Banner each time Windows Boots, Change the Default

Locations, Secure your Desktop Icons and Settings.

37


UNIT-III

Getting Past the Password: Passwords: An Introduction, Password

Cracking, Cracking the Windows Login Password, The Glide Code,

Windows Screen Saver Password, XOR, Internet Connection Password,

Sam Attacks, Cracking Unix Password Files, HTTP Basic

Authentication, BIOS Passwords, Cracking Other Passwords, .

UNIT-IV The Perl Manual: Perl: The Basics, Scalars, Interacting with User by

getting Input, Chomp() and Chop(), Operators, Binary Arithmetic

Operators, The Exponentiation Operator(**), The Unary Arithmetic

Operators, Other General Operators, Conditional Statements,

Assignment Operators. The?: Operator, Loops, The While Loop, The

For Loop, Arrays, THE FOR EACH LOOP: Moving through an Array,

Functions Associated with Arrays, Push() and Pop(), Unshift() and

Shift(), Splice(), Default Variables, $_, @ARGV, Input Output, Opening

Files for Reading, Another Special VariableS.

UNIT-V

How does a Virus Work? What is a Virus?, Boot Sector Viruses (MBR

or Master Boot Record), File or Program Viruses, Multipartite Viruses,

Stealth Viruses, Polymorphic Viruses, Macro Viruses, Blocking Direct

Disk Access, Recognizing Master Boot Record (MBR) Modifications,

Identifying Unknown Device Drivers, How do I make my own Virus?,

Macro Viruses, Using Assembly to Create your own Virus, How to

Modify a Virus so Scan won‟t Catch it, How to Create New Virus

Strains, Simple Encryption Methods.

TEXT BOOKS:

1. Patrick Engbreston: “The Basics of Hacking and Penetration

Testing: Ethical Hacking and Penetration Testing Made Easy”,1st

Edition, Syngress publication,2011.

2. Ankit Fadia : “Unofficial Guide to Ethical Hacking”, 3rd Edition ,

McMillan India Ltd,2006.

REFERENCES:

1. Simpson/backman/corley, “HandsOn Ethical Hacking & Network

Defense International”, 2nd

Edition,Cengageint,2011. 38


BIOMETRIC SECURITY

(ELECTIVE – II)


4 0 3

Pre-Requisites: Fundamental knowledge in Biometrics

Course Educational Objective:

To provide students with understanding of biometrics, biometric

equipment and standards applied to security.

Course Outcomes:

1. Demonstrate knowledge of the basic physical and biological

science and engineering principles underlying biometric systems.

2. Understand and analyze biometric systems at the component level

and be able to analyze and design basic biometric system

applications.

3. Be able to work effectively in teams and express their work and

ideas orally and in writing.

4. Identify the sociological and acceptance issues associated with the

design and implementation of biometric systems.

5. Understand various Biometric security issues.

UNIT-I

Biometrics- Introduction- benefits of biometrics over traditional

authentication systems -benefits

of biometrics in identification systems-selecting a biometric for a system

–Applications - Key

biometric terms and processes - biometric matching methods -Accuracy

in biometric systems.

UNIT-II

Physiological Biometric Technologies: Fingerprints - Technical

description –characteristics - Competing technologies - strengths –

weaknesses – deployment - Facial scan - Technical description -

characteristics - weaknesses-deployment - Iris scan - Technical

description – characteristics - strengths – weaknesses – deployment

- Retina vascular pattern 39


UNIT-III Technical description – characteristics - strengths – weaknesses –

deployment - Hand scan - Technical description-characteristics -

strengths – weaknesses deployment – DNA biometrics.

Behavioral Biometric Technologies: Handprint Biometrics - DNA

Biometrics.

UNIT-IV

signature and handwriting technology - Technical description –

classification – keyboard / keystroke dynamics- Voice – data

acquisition - feature extraction - characteristics - strengths –

weaknesses-deployment.

UNIT-V

Multi biometrics and multi factor biometrics - two-factor authentication

with passwords - tickets and tokens – executive decision -

implementation plan.

TEXT BOOKS:

1. Samir Nanavathi, Michel Thieme, and Raj Nanavathi : “Biometrics

-Identity verification

in a network”, 1st Edition, Wiley Eastern, 2002.

2. John Chirillo and Scott Blaul : “Implementing Biometric

Security”, 1st Edition, Wiley Eastern Publication, 2005.

REFERENCES:

1. John Berger: “Biometrics for Network Security”, 1st Edition,

Prentice Hall, 2004.

40


INTRUSION DETECTION SYSTEMS

(ELECTIVE – 2)


4 0 3

Pre requisites: Fundamental knowledge in Operating Systems, and

Networks

Course Educational Objectives: 1. Understand when, where, how, and why to apply Intrusion

Detection tools and techniques in order to improve the security

posture of an enterprise.

2. Apply knowledge of the fundamentals and history of Intrusion

Detection in order to avoid common pitfalls in the creation and

evaluation of new Intrusion Detection Systems

3. Analyze intrusion detection alerts and logs to distinguish attack

types from false alarms

Course Outcomes:

1. Explain the fundamental concepts of Network Protocol Analysis

and demonstrate the skill to capture and analyze network packets.

2. Use various protocol analyzers and Network Intrusion Detection

Systems as security tools to detect network attacks and

troubleshoot network problems.

UNIT-I History of Intrusion detection, Audit, Concept and definition , Internal

and external threats to data, attacks, Need and types of IDS, Information

sources Host based information sources, Network based information

sources.

UNIT-II

Intrusion Prevention Systems, Network IDs protocol based IDs ,Hybrid

IDs, Analysis schemes,

thinking about intrusion. A model for intrusion analysis , techniques

Responses requirement of responses, types of responses mapping

responses to policy Vulnerability analysis, credential analysis non

credential analysis 41


UNIT-III

Introduction to Snort, Snort Installation Scenarios, Installing Snort,

Running Snort on Multiple

Network Interfaces, Snort Command Line Options. Step-By-Step

Procedure to Compile and

Install Snort Location of Snort Files, Snort Modes Snort Alert Modes

UNIT-IV Working with Snort Rules, Rule Headers, Rule Options, The Snort

Configuration File etc. Plugins, Preprocessors and Output Modules,

Using Snort with MySQL

UNIT-V

Using ACID and Snort Snarf with Snort, Agent development for

intrusion detection, Architecture models of IDs and IPs.

TEXT BOOKS:

1. Rafeeq Rehman : “ Intrusion Detection with SNORT, Apache,

MySQL, PHP and ACID,” 1st Edition, Prentice Hall , 2003.

REFERENCES:

1. Christopher Kruegel,Fredrik Valeur, Giovanni Vigna: “Intrusion

Detection and Correlation Challenges and Solutions”, 1st Edition,

Springer, 2005.

2. Carl Endorf, Eugene Schultz and Jim Mellander “ Intrusion

Detection & Prevention”, 1st Edition, Tata McGraw-Hill, 2004.

3. Stephen Northcutt, Judy Novak : “Network Intrusion Detection”, 3rd

Edition, New Riders Publishing, 2002.

4. T. Fahringer, R. Prodan, “A Text book on Grid Application

Development and Computing Environment”. 6th

Edition,

KhannaPublihsers, 2012.

42


WIRELESS AND MOBILE SECURITY

(ELECTIVE – II)


4 0 3

Pre requisites: Mobile Computing.


This skill oriented course equips the system Administrators with the

skills required to protect & recover the computer systems & networks

from various security threats.

Course Outcomes:

By the end of the course Students will

1. Familiarize with the issues and technologies involved in designing

a wireless and mobile system that is robust against various attacks.

2. Gain knowledge and understanding of the various ways in which

wireless networks can be attacked and tradeoffs in protecting

networks.

3. Have a broad knowledge of the state-of-the-art and open problems

in wireless and mobile security, thus enhancing their potential to

do research or pursue a career in this rapidly developing area.

4. Learn various security issues involved in cloud computing.

5. Learn various security issues related to GPRS and 3G.

UNIT-I

Security Issues in Mobile Communication: Mobile Communication

History, Security – Wired Vs Wireless, Security Issues in Wireless and

Mobile Communications, Security Requirements in Wireless and Mobile

Communications, Security for Mobile Applications, Advantages and

Disadvantages of Application – level Security.

UNIT-II

Security of Device, Network, and Server Levels: Mobile Devices

Security Requirements, Mobile Wireless network level Security, Server

Level Security. Application Level Security in Wireless Networks:

Application of WLANs, Wireless Threats, Some Vulnerabilities and

Attach Methods over WLANs, Security for 1G Wi-Fi Applications,

Security for 2G Wi-Fi Applications, Recent Security Schemes for Wi-Fi

Applications 43


UNIT-III

Application Level Security in Cellular Networks: Generations of

Cellular Networks, Security Issues and attacks in cellular networks,

GSM Security for applications, GPRS Security for applications, UMTS

security for applications, 3G security for applications, Some of Security

and authentication Solutions.

UNIT-IV

Application Level Security in MANETs: MANETs, Some applications

of MANETs, MANET Features, Security Challenges in MANETs,

Security Attacks on MANETs, External Threats for MANET

applications, Internal threats for MANET Applications, Some of the

Security Solutions.

Ubiquitous Computing, Need for Novel Security Schemes for UC,

Security Challenges for UC, and Security Attacks on UC networks,

Some of the security solutions for UC.

UNIT V

Data Center Operations - Security challenge, implement “Five Principal

Characteristics of Cloud Computing, Data center Security

Recommendations Encryption for Confidentiality and Integrity,

Encrypting data at rest, Key Management Lifecycle, Cloud Encryption

Standards.

TEXT BOOKS:

1. Pallapa Venkataram, Satish Babu: “Wireless and Mobile Network

Security”, 1st Edition, Tata McGraw Hill,2010.

2. Frank Adelstein, K.S.Gupta : “Fundamentals of Mobile and

Pervasive Computing”, 1st Edition, Tata McGraw Hill 2005.

REFERENCES:

1. Randall k. Nichols, Panos C. Lekkas : “Wireless Security Models,

Threats and Solutions”, 1st Edition, Tata McGraw Hill, 2006.

2. Bruce Potter and Bob Fleck : “802.11 Security” , 1st Edition, SPD

O‟REILLY 2005.

3. James Kempf: “Guide to Wireless Network Security, Springer.

Wireless Internet Security – Architecture and Protocols”, 1st

Edition, Cambridge University Press, 2008. 44


ETHICAL HACKING AND DIGITAL FORENSIC TOOLS LAB


0 3 2

Pre requisites : Information Security.


The main objective this practical session is that students will get the

exposure to various forensic tools and scripting languages.

Course Outcomes:

By the completion of this laboratory session Student

1. Will get the practical exposure to forensic tools.

2. Will gain the knowledge on perl and Unix scripting languages to

implement various security attacks.

3. Will get the ideas in various ways to trace an attacker.

The following programs should be implemented preferably on platform

Windows/Unix through perl, shell scripting language and other

standard utilities available with UNIX systems. :-

Part A : 1. Write a perl script to concatenate ten messages and transmit to

remote server

a) Using arrays

b) Without using arrays.

2. Write a perl script to implement following functions:

a) Stack functions

b) File functions

c) File text functions

d) Directory functions

e) Shift, unshift, Splice functions.

3. Write a Perl script to secure windows operating systems and web

browser by disabling Hardware and software units.

4. Write a perl script to implement Mail bombing and trace the hacker.

5. Write a shell script to crack UNIX login passwords and trace it

when breaking is happened.

45


6. Write a shell script to send fake mails to the remote servers or web

browsers.

7. Write a shell script to crack windows login password and trace it

who is the attacker.

8. Write a shell script to implement buffer overflow attacks.

9. Write a shell script to implement formal string Vulnerabilities.

10. Write a shell script to trace an attacker how he is connected to

various servers URL‟s and various processes and services ? (Note:

Use Santoku O.S)

11. Write a perl script to handle Bluetooth attacks.

12. Write a perl script to implement Web Data Extractor and Web site

watcher

13. Test the Vulnerabilities Using Security Scanner through following

packages support

(a) Zlib (b) libcap (c) MYSQL (d) Apache software products

(e) PHP (f) Snort.

14. Test and Show the functionality of secure database through the

support of packages

(a) JPGraph (b) ADOdb (c) ACID

Part B: Exposure on Forensic tools.

1. Backup the images file from RAM using Helix3pro tool and show

the analysis.

2. Introduction to Santhoku Linux operating system and features

extraction.

3. Using Santoku operating system generates the analysis document

for any attacked file from by taking backup image from RAM.

4. Using Santoku operating system generates the attacker injected

viewing java files.

5. Using Santoku operating system shows how attackers opened

various Firefox URL‟s and pdf document JavaScript files and

show the analysis.

6. Using Santoku operating System files show how an attacker

connected to the various network inodes by the specific process.

7. Using exiftool (-k) generate the any picture hardware and software.

8. Using deft_6.1 tool recover the attacker browsing data from any

computer. 46


9. Using Courier tool Extract a hacker secret bitmap image hidden

data.

10. Using sg (Stegnography) cyber Forensic tool hide a message in a

document or any file.

11. Using sg cyber Forensic tool unhide a message in a document or

any file.

12. Using Helix3pro tool show how to extract deleted data file from

hard disk or usb device.

13. Using Ghostnet tool hide a message into a picture or any image

file.

14. Using kgbkey logger tool record or generate an document what a

user working on system

15. Using pinpoint metaviewr tool extract a metadata from system or

from image file.

16. Using Bulk Extractor tool extract information from windows file

system.

47

M.TECH. CYBER SECURITY - Gayatri Vidya Parishad ...

Documents