Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
COURSE DETAILS
Name Of The Programme:: / MCA / Batch:: / 2013-14
Designation::
Year / 2nd / Semester / IV
Department:: / MCA
Title of The Subject / Information Security / Subject Code / IS
No of Students / 40
1
/ COURSE PLAN / 2013-14
Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
1. TARGET
a) Percentage Pass / 100%
b) Percentage I class / 95%
- COURSE PLAN
(Please write how you intend to cover the contents: i.e., coverage of Units by lectures, guest lectures, design exercises, solving numerical problems, demonstration of models, model preparation, or by assignments, etc.)
- METHOD OF EVALUATION
3.1. Continuous Assessment Examinations (CAE 1, CAE 2)
3.2. Assignments / Seminars
3.3. Mini Projects
3.4. Quiz
3.5. Term End Examination
3.6. Others
- List out any new topic(s) or any innovation you would like to introduce in teaching the subject in this Semester.
In this semester I would like to introduce advanced topic to motivate students in designing machine instruction:
(i)Instruction-Level Parallelism
(ii)Thread-Level Parallelism used in multiprocessors.
Signature of HODSignature of Faculty
Date:Date:
2
/ GUIDELINES TO STUDY THE SUBJECT / 2013-14
Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay pramanik
Designation: / Asst. Professpr
Department:: / MCA
Guidelines for Preparing the Course:
Course Description:
It is a challenge to assure security in information systems – networked, embedded, and plain vanilla computation systems. We will study security from multiple perspectives. We will consider a variety of security policies, for example, authentication before access, integrity of information, and confidentiality of information. The course will focus on the models, the tools, and the techniques for enforcement of security policies, with some emphasis on the use of cryptography. And because today’s implementation approaches are typically flawed, we will also address the penetration and disruption of information systems in the context of operating systems and networks. We will discus national regulatory policy in the cyber-security area.
Course Objectives: (CO)
- Develop an understanding of information assurance as practiced in computer operating systems, distributed systems, networks and representative applications.
- Gain familiarity with prevalent network and distributed system attacks, defenses against them, and forensics to investigate the aftermath.
- Develop a basic understanding of cryptography, how it has evolved, and some key encryption techniques used today.
- Develop an understanding of security policies (such as authentication, integrity and confidentiality), as well as protocols to implement such policies in the form of message exchanges.
- Develop an understanding of security policies (such as authentication, integrity and confidentiality), as well as protocols to implement such policies in the form of message exchanges.
- To understand systems definition, systems requirements, and information needed for decision maker.
Learning Outcomes: (LO)
- Define the concepts and definition of the information systems.
- Differentiate between several types of information
- Identify the threats to information security.
- Show how to protect information recourses.
- Differentiate between transaction processing system and functional area information system.
3
/ COURSE OBJECTIVES / 2013-14Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
On completion of this Subject / Course the student shall be able to:
S.No. / Objectives (CO) / Outcomes (LO)
1. / To provide students with basic concepts in information system and the benefits with
these systems in modern society / 1
2.
To differentiate between data, information, and knowledge / 1,2
3.
To understand systems definition, systems requirements, and information needed
for decision maker / 1,4
4.
To understand several requirement and operations that the analyst needed to
analyze, design, and implement the systems in what is called system development
life cycle (SDLC) / 1,5
5.
To identify several methods to enhance and develop information systems and to
manage the information system recourses / 3
6.
To understand several ethical issues in information system / 2,4
7.
To test system quality and how to enhance it / 5
8. / Define the concepts and definition of the information systems
4
9.
Differentiate between several types of information system / 4
10.
Identify the threats to information security / 4,5
Signature of Faculty
Date:
Note: For each of the OBJECTIVE indicate the appropriate OUTCOMES to be achieved.
Kindly refer Page 16, to know the illustrative verbs that can be used to state the objectives.
4
/ COURSE OUTCOMES / 2013-14Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The expected outcomes of the Course / Subject are:
S.No. / General Categories of Outcomes / Specific Outcomes of the Course
A. / An ability to apply knowledge of mathematics,
science, and engineering
B. / An ability to design and conduct experiments, as
well as to analyze and interpret data
An ability to design a system, component, or
C. / process to meet desired needs within realistic
Constraints such as economic, environmental,
social, political, ethical, health and safety,
Manufacturability and sustainability
D. / An ability to function on multi-disciplinary teams
E. / An ability to identify, formulate, and solve
engineering problems
F. / An understanding of professional and ethical
responsibility
G. / An ability to communicate effectively
The broad education necessary to understand the
H. / impact of engineering solutions in a global,
economic, environmental, and societal context
I. / A recognition of the need for, and an ability to
engage in life-long learning
J. / A knowledge of contemporary issues
An ability to use the techniques, skills, and
K. / modern engineering tools necessary for
engineering practice.
Objectives – Outcome Relationship Matrix (Indicate the relationships bymark).
Outcomes / A / B / C / D / E / F / G / H / I / J / KObjectives
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
5
FACULTY DETAILS:Name of the Faculty:: / Chinmay pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
/ COURSE SCHEDULE / 2013-14
Regulation: R11
S. No. / Description / Duration (Date) / Total No.
From / To / of Periods
1.
Security Goals / 10
2.
Public key cryptography principles / 8
3.
Email Security / 10
4.
Web Security Requirements / 10
5.
Intruders / 10
Total No. of Instructional periods available for the course: / 85 Periods (50 minutes per period)
Text Books:
TB1- Information Security by Mark Stamp, Wiley – INDIA, 2006.
TB2-Fundamentals of Computer Security , Springer.
TB3- Network Security: The complete reference, Robert Bragg, Mark Rhodes, TMH
TB4- Computer Security Basics by Rick Lehtinen, Deborah Russell & G.T.Gangemi Sr., SPD O’REILLY 2006.
TB5-Modern Cryptography by Wenbo Mao, Pearson Education 2007.
TB6-Principles of Information Security, Whitman, Thomson.
TB7-Information Systems Security,Godbole,Wiley Student Edition.
TB8-Cryptography and Information Security,V.K.Pachghare,PHI.
TB9-Network Security and Cryptography,B.Menezes,Cengage Learning.
6
/ SCHEDULE OF INSTRUCTIONS / 2013-14
UNIT - I / Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
SI. / No. of / Objectives(CO) / References
Date / Topics / Sub - Topics / Outcome(LO) / (Text Book, Journal…)
No. / Periods
Nos. / Page No___ to ___
1 / 1 / Security Goals / Co5,lo4
2 / 2 / Security Attacks (Interruption, Interception, Modification and Fabrication) / Co5 / lo4
3 / 3 / Security Services (Confidentiality, Authentication, Integrity, Non-repudiation, access Control and Availability) and Mechanisms / Co5 / lo4
4 / 4 / A model for Internetwork security / Co5 / lo4
5 / 5 / Internet Standards / Co5 / lo4
6 / 6 / RFCs Conventional Encryption Principles & Algorithms(DES, AES, RC4) / Co5 / lo4
7 / 7 / RFCs Conventional Encryption Principles & Algorithms(DES, AES, RC4) / Co5 / lo4
8 / 8 / Block Cipher Modes of Operation / Co5 / lo4
9 / 9 / Location of Encryption Devices / Co5 / lo4
10 / 10 / Key Distribution / Co5 / lo4
Signature of Faculty
Date
Note: 1. ENSURE THAT ALL TOPICS SPECIFIED IN THE COURSE ARE MENTIONED.
- ADDITIONAL TOPICS COVERED, IF ANY, MAY ALSO BE SPECIFIED BOLDLY.
- MENTION THE CORRESPONDING COURSE OBJECTIVE AND OUT COME NUMBERS AGAINST EACH TOPIC.
7
/ SCHEDULE OF INSTRUCTIONS / 2013-14
UNIT - II / Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
SI. / No. of / Objectives(CO) / References
Date / Topics / Sub - Topics / Outcome(LO) / (Text Book, Journal…)
No. / Periods
Nos. / Page No___ to ___
1 / 1 / Public key cryptography principles / Co3,lo1
2 / 2 / public key cryptography algorithms(RSA, RABIN, ELGAMAL, Diffie-Hellman, ECC) / Co3 / lo1
3 / 3 / Key Distribution. Approaches of Message Authentication / Co3 / lo1
4 / 4 / Secure Hash Functions(SHA-512, WHIRLPOOL) / Co3 / lo1
5 / 5 / HMAC Digital Signatures: Comparison / Co3 / lo1
6 / 6 / Process- Need for Keys, Signing the Digest, Services / Co3 / lo1
7 / 7 / Attacks on Digital Signatutres, Kerberos / Co3 / lo1
8 / 8 / X.509 Directory Authentication Service / Co3 / lo1
Signature of Faculty
Date
Note: 1. ENSURE THAT ALL TOPICS SPECIFIED IN THE COURSE ARE MENTIONED.
- ADDITIONAL TOPICS COVERED, IF ANY, MAY ALSO BE SPECIFIED BOLDLY.
- MENTION THE CORRESPONDING COURSE OBJECTIVE AND OUT COME NUMBERS AGAINST EACH TOPIC.
/ SCHEDULE OF INSTRUCTIONS / 2013-14
UNIT - III / Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
SI. / No. of / Objectives(CO) / References
Date / Topics / Sub - Topics / Outcome(LO) / (Text Book, Journal…)
No. / Periods
Nos. / Page No___ to ___
1 / 1 / Email Security / Co2,lo3
2 / 2 / Pretty Good Privacy (PGP) / Co2 / lo3
3 / 3 / S/MIME.IP Security Overview / Co2 / lo3
4 / 4 / IP Security Architecture / Co2 / lo3
5 / 5 / Authentication Header / Co2 / lo3
6 / 6 / Encapsulating Security Payload / Co2 / lo3
7 / 7 / Encapsulating Security Payload / Co2 / lo3
8 / 8 / Combining Security Associations / Co2 / lo3
9 / 9 / Combining Security Associations / Co2 / lo3
10 / 10 / Key Management / Co2 / lo3
Signature of Faculty
Date
Note: 1. ENSURE THAT ALL TOPICS SPECIFIED IN THE COURSE ARE MENTIONED.
- ADDITIONAL TOPICS COVERED, IF ANY, MAY ALSO BE SPECIFIED BOLDLY.
3. MENTION THE CORRESPONDING COURSE OBJECTIVE AND OUT COME NUMBERS AGAINST EACH TOPIC
/ SCHEDULE OF INSTRUCTIONS / 2013-14
UNIT - IV / Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information security
SI. / No. of / Objectives & / References
Date / Topics / Sub - Topics / Outcome / (Text Book, Journal…)
No. / Periods
Nos. / Page No___ to ___
1 / 1 / Web Security Requirements / Co1,lo5
2 / 2 / Secure Socket Layer (SSL) / Co1 / lo5
3 / 3 / Secure Socket Layer (SSL) / Co1 / lo5
4 / 4 / Transport Layer Security (TLS) / Co1 / lo5
5 / 5 / Transport Layer Security (TLS) / Co1 / lo5
6 / 6 / Secure Electronic Transaction (SET) / Co1 / lo5
7 / 7 / Secure Electronic Transaction (SET) / Co1 / lo5
8 / 8 / Basic concepts of SNMP / Co1 / lo5
9 / 9 / SNMPv1 Community facility / Co1 / lo5
10 / 10 / SNMPv3 / Co1 / lo5
Signature of Faculty
Date
Note: 1. ENSURE THAT ALL TOPICS SPECIFIED IN THE COURSE ARE MENTIONED.
- ADDITIONAL TOPICS COVERED, IF ANY, MAY ALSO BE SPECIFIED BOLDLY.
3. MENTION THE CORRESPONDING COURSE OBJECTIVE AND OUT COME NUMBERS AGAINST EACH TOPIC
/ SCHEDULE OF INSTRUCTIONS / 2013-14
UNIT - V / Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
SI. / No. of / Objectives & / References
Date / Topics / Sub - Topics / Outcome / (Text Book, Journal…)
No. / Periods
Nos. / Page No___ to ___
1 / 1 / Intruders / Co2,lo3
2 / 2 / Intruders / Co2 / lo3
3 / 3 / Viruses and related threats / Co2 / lo3
4 / 4 / Viruses and related threats / Co2 / lo3
5 / 5 / Virus Countermeasures / Co2 / lo3
6 / 6 / Virus Countermeasures / Co2 / lo3
7 / 7 / Firewall Design principles / Co2 / lo3
8 / 8 / Firewall Design principles / Co2 / lo3
9 / 9 / Trusted Systems / Co2 / lo3
10 / 10 / Intrusion Detection Systems / Co2 / lo3
Signature of Faculty
Date
Note: 1. ENSURE THAT ALL TOPICS SPECIFIED IN THE COURSE ARE MENTIONED.
- ADDITIONAL TOPICS COVERED, IF ANY, MAY ALSO BE SPECIFIED BOLDLY.
3. MENTION THE CORRESPONDING COURSE OBJECTIVE AND OUT COME NUMBERS AGAINST EACH TOPIC
/ COURSE COMPLETION STATUS / 2013-14
Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Subject:: / Information Security / Subject CodeIS
Department:: / MCA
Actual Date of Completion & Remarks, if any
Nos. of
Units / Remarks / Objectives
Achieved
Unit 1
Unit 2
Unit 3
Unit 4
Unit 5
Signature of Dean of SchoolSignature of Faculty
Date:Date:
NOTE: AFTER THE COMPLETION OF EACH UNIT MENTION THE NUMBER OF OBJECTIVES ACHIEVED.
/ TUTORIAL SHEETS - I / 2013-14Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
Date:
This Tutorial corresponds to Unit Nos. I, II, III and IVTime:
Q1.What Security attacks are possible during the transmission of data?Mention the services on which these attacks are made?
Q2.“DNS would be a popular protocol to hijack”. Explain how?
Q3.Explain the use of link encryption and end-to-end Encryption across apacket-switching network.
Q4.Explain Cipher feedback mode with an illustration.
Q5.Illustrate the public key encryption process and explain.
Q6. Summarize the Kerberos version 5 message exchanges.
Q7. Explain TGP trust model with example?
Q8. List the limitations of SnMP / 822 schemes?
Please write the Questions / Problems / Exercises which you would like to give to the students and also mention the objectives to which these questions / Problems are related.
Signature of Dean of SchoolSignature of Faculty
Date:Date:
/ TUTORIAL SHEETS - II / 2013-14Regulation: R11
FACULTY DETAILS:
Name of the Faculty:: / Chinmay Pramanik
Designation: / Asst. Professor
Department:: / MCA
The Schedule for the whole Course / Subject is:: / Information Security
Date:
This Tutorial corresponds to Unit Nos. V, VI, VII and VIIITime:
Q1.Explain how a trusted system defends Trojan horse attacks?
Q2.Explain how the bastion host serves as a platform for an application – level or circuit –level gateway?
Q3.With a neat diagram illustrate the typical steps in the Digital Immune system operation?
Q4.What is a proxy? Explain how the SNMP acts on behalf of the proxied devices.
Q5.Mention the participants of SET.
Q6. Explain SSL handshake protocol in detail?
Please write the Questions / Problems / Exercises which you would like to give to the students and also mention the objectives to which these questions / Problems are related.
Signature of Dean of SchoolSignature of Faculty
Date:Date:
/ ILLUSTRATIVE VERBSFOR STATING
INSTRUCTIONAL OBJECTIVES / 2013-14
Regulation: R11
These verbs can also be used while framing questions for Continuous Assessment Examinations as well as for End – Semester (final) Examinations.
ILLUSTRATIVE VERBS FOR STATING GENERAL OBJECTIVES
Know / Understand / Analyze / GenerateComprehend / Apply / Design / Evaluate
ILLUSTRATIVE VERBS FOR STATING SPECIFIC OBJECTIVES:
A. Cognitive Domain
1 / 2 / 3 / 4 / 5 / 6
Knowledge / Comprehension / Application / Analysis / Synthesis / Evaluation
Understanding
of knowledge & / of whole w.r.t. its / combination of / judgement
comprehension / constituents / ideas/constituents
Define / Convert / Change / Breakdown / Categorize / Appraise
Identify / Defend / Compute / Differentiate / Combine / Compare
Label / Describe (a / Demonstrate / Discriminate / Compile / Conclude
List / procedure) / Deduce / Distinguish / Compose / Contrast
Match / Distinguish / Manipulate / Separate / Create / Criticize
Reproduce / Estimate / Modify / Subdivide / Devise / Justify
Select / Explain why/how / Predict / Design / Interpret
State / Extend / Prepare / Generate / Support
Generalize / Relate / Organize
Give examples / Show / Plan
Illustrate / Solve / Rearrange
Infer / Reconstruct
Summarize / Reorganize
Revise
B. Affective Domain / C. Psychomotor Domain (skill development)
Adhere / Resolve / Bend / Dissect / Insert / Perform / Straighten
Assist / Select / Calibrate / Draw / Keep / Prepare / Strengthen
Attend / Serve / Compress / Extend / Elongate / Remove / Time
Change / Share / Conduct / Feed / Limit / Replace / Transfer
Develop / Connect / File / Manipulate / Report / Type
Help / Convert / Grow / Move preciselyReset / Weigh
Influence / Decrease / Handle / Operate / Run
Initiate / Demonstrate / Increase / Paint / Set
/ LESSON PLAN
Unit-1 / 2013-14
Regulation: R11
Name of the Faculty: / Chinmay Pramanik
Subject / Information security / Subject Code / IS
Unit / I
INSTRUCTIONAL OBJECTIVES: /
- Develop an understanding of security policies (such as authentication, integrity and confidentiality), as well as protocols to implement such policies in the form of message exchanges.
- Show how to protect information recourses.
Session
No / Topics to be covered / Time (Min) / Ref / Teaching Method
1 / Security Goals / 50 / Chalkboard
2 / Security Attacks (Interruption, Interception, Modification and Fabrication) / 50 / Chalkboard
3 / Security Services (Confidentiality, Authentication, Integrity, Non-repudiation, access Control and Availability) and Mechanisms / 50 / Chalkboard
4 / A model for Internetwork security / 50 / Chalkboard
5 / Internet Standards / 50 / Chalkboard
6 / RFCs Conventional Encryption Principles & Algorithms(DES, AES, RC4) / 50 / Chalkboard
7 / RFCs Conventional Encryption Principles & Algorithms(DES, AES, RC4) / 50 / Chalkboard
8 / Block Cipher Modes of Operation / 50 / Chalkboard
9 / Location of Encryption Devices / 50 / Chalkboard
10 / Key Distribution / 50 / Chalkboard
On completion of this lesson the student shall be able to(Outcomes)
1.Show how to protect information recourses.
/ ASSIGNMENT
Unit-I / 2013-14
Regulation: R11
Assignment / Questions
What Security attacks are possible during the transmission of data? Mention the services on which these attacks are made?
- Course Objectives:Develop an understanding of security policies (such as authentication, integrity and confidentiality), as well as protocols to implement such policies in the form of message exchanges.
- Learning Outcomes:Show how to protect information recourses.
Signature of Faculty
Note: Mention for each question the relevant objectives and outcomes.
/ LESSON PLAN
Unit-II / 2013-14
Regulation: R11
Name of the Faculty: / Chinmay Pramanik
Subject / Information security / Subject Code / IS
Unit / II
INSTRUCTIONAL OBJECTIVES: /
- Develop a basic understanding of cryptography, how it has evolved, and some key encryption techniques used today.
- Define the concepts and definition of the information systems.
Session
No / Topics to be covered / Time (Min) / Ref / Teaching Method
1 / Public key cryptography principles / 50 / Chalkboard
2 / public key cryptography algorithms(RSA, RABIN, ELGAMAL, Diffie-Hellman, ECC) / 50 / Chalkboard
3 / Key Distribution. Approaches of Message Authentication / 50 / Chalkboard
4 / Secure Hash Functions(SHA-512, WHIRLPOOL) / 50 / Chalkboard
5 / HMAC Digital Signatures: Comparison / 50 / Chalkboard
6 / Process- Need for Keys, Signing the Digest, Services / 50 / Chalkboard
7 / Attacks on Digital Signatutres, Kerberos / 50 / Chalkboard
8 / X.509 Directory Authentication Service / 50 / Chalkboard
On completion of this lesson the student shall be able to (Outcome)
- Define the concepts and definition of the information systems.
/ ASSIGNMENT
Unit-II / 2013-14
Regulation: R11
Assignment / Questions
“DNS would be a popular protocol to hijack”. Explain how?
- Course Objectives:Develop a basic understanding of cryptography, how it has evolved, and some key encryption techniques used today.
- Learning Outcomes:Define the concepts and definition of the information systems.
Signature of Faculty
Note: Mention for each question the relevant objectives and outcomes.
/ LESSON PLAN
Unit-III / 2013-14
Regulation: R11
Name of the Faculty: / Chinmay Pramanik
Subject / Information Security / Subject Code / IS
Unit / III
INSTRUCTIONAL OBJECTIVES: /
- Gain familiarity with prevalent network and distributed system attacks, defenses against them, and forensics to investigate the aftermath.
Session
No / Topics to be covered / Time / Ref / Teaching Method
1 / Email Security / 50 / Chalkboard
2 / Pretty Good Privacy (PGP) / 50 / Chalkboard
3 / S/MIME.IP Security Overview / 50 / Chalkboard
4 / IP Security Architecture / 50 / Chalkboard
5 / Authentication Header / 50 / Chalkboard
6 / Encapsulating Security Payload / 50 / Chalkboard
7 / Encapsulating Security Payload / 50 / Chalkboard
8 / Combining Security Associations / 50 / Chalkboard
9 / Combining Security Associations / 50 / Chalkboard
10 / Key Management / 50 / Chalkboard
On completion of this lesson the student shall be able to(Outcomes)