Questions
Syllabus
Qns. By Syllabus

Semester

Subject

Bachelors Level/Third Year/Fifth Semester/Science bit/fifth semester/information security/syllabus

Bachelors In Information Technology

Institute of Science and Technology, TU

Nature of the course: (Theory+Lab)

F.M: 60+20+20 P.M: 24+8+8

Credit Hrs: 3Hrs

Information Security [BIT303]
Course Objective
i.
The objective of this course is to familiarize the students with the concepts of information security, different security measures, policies and security mechanisms, security auditsso that students will be able to design, implement and manage the information and computers securely.
Course Description

This course familiarizes with basic concepts of information security. This course includes cryptographic algorithms, authentication systems, access controls, malicious logics, network security and security audits and ethical issues.

S1:Introduction[4]
1
Threats, Attacks and Assets
2
Security Functional Requirements
3
Security Design Principles
4
Attack Surfaces and Attack Trees
5
Computer Security Strategy
S2:Symmetric and Asymmetric Encryption Algorithms[10]
1
Classical Cryptosystems: Substitution and Transposition Ciphers
2
Symmetric Encryption Principles
3
Data Encryption Standards (DES)
4
Basic concepts of fields, Modular Arithmetic, Galois Fields, Polynomial Arithmetic
5
Advanced Encryption Standards (AES)
6
Prime Numbers, Fermat’s Theorem, Primality Testing: Miller-Rabin Algorithm, Euclidean Algorithm, Extended Euclidean Algorithm, Euler Totient Function
7
Asymmetric Encryption
8
Diffie-Hellman Protocol , RSA Algorithm
S3:Message Authentication[6]
1
Message Authentication
2
Secure Hash Functions
3
Message Digests: MD5
4
Secure Hash Algorithms: SHA-1, SHA-2
5
Digital Signature
S4:User Authentication[5]
1
User Authentication Principles
2
Password-Based Authentication
3
Token-Based Authentication
4
Biometric Authentication
5
Two Factor Authentication
6
Security Issues for User Authentication
S5:Access Control[5]
1
Access Control Principles
2
Subjects, Objects and Access Rights
3
Discretionary Access Control
4
Role Based Access Control
5
Attribute Based Access Control
6
Identity, Credential and Access Management
7
Trust Frameworks
S6:Malicious Software[6]
1
Malicious Software
2
Types of Malicious Software
3
Advanced Persistent Threat
4
Virus, Worms, Spam E-mail, Trojans
5
System Corruption, Zombie, Bots , Key loggers, Phishing, Spyware
6
Backdoors, Rootkits
7
Countermeasures for Malwares
S7:IT Security Management, Risk Assessment and Security Auditing[5]
1
IT Security Management
2
Organizational Context and Security Policy
3
Security Risk Assessment
4
Security Risk Analysis
5
Security Auditing Architecture
6
Security Audit Trails
7
Implementing Logging Function
8
Implementing Logging Function
S8:Legal and Ethical Issues[4]
1
Cybercrime and Computer crime
2
Intellectual Property
3
Privacy, Ethical Issues
4
Cyber Law in Nepal
References
1.
William Stallings and Lawrie Brown, Computer Security: Principles and Practice, Pearson, Latest Edition
2.
William Stallings, Cryptography and Network Security: Principles and Practice, Pearson
3.
Mark Stamp, Information Security: Principles and Practices, Wiley
4.
Matt Bishop, Introduction to Computer Security, Addison Wesley
5.
Matt Bishop, Computer Security, Art and Science, Addison Wesley
6.
Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Pearson
7.
William Stallings, Information Privacy Engineering and Privacy by Design, Pearson
Labrotary Work
The laboratory work includes implementing and simulating the concepts of cryptographic algorithms, hash functions, digital signatures, authentication & authorization systems, and malicious logics. The laboratory work covers implementing programs for following;
1.
Classical ciphers like Caeser, Railfence
2.
DES, AES
3.
Primality Testing, Euclidean Algorithms, Deffie-Hellman RSA
4.
MD5, SHA-1, SHA-2
5.
Authentication systems like password based, token based, two factor authentication etc.
6.
Access control and capability lists
7.
Malicious Logics
8.
In addition, students have to perform case studies including preparation of security policies for some system and perform the security audits.