Course Description

The course, Information Security, introduces the theoretical as well as practical concepts of computer and information security. The course includes concepts of cryptographic algorithms, authentication systems, access controls, malicious logics, network security and security audits.

Objectives

The objectives of this course are to familiarize the students with the computer security concepts, security policies and security mechanisms so that students will be able to design, implement and manage the secure computer systems.

Course Units

8 Units · 48 Hrs

Computer Security Concepts
Computer Security, Information Security, Network Security
Threats, Attacks and Assets
Security Requirements
Security Design Principles
Attack Surfaces and Attack Trees
Computer Security Strategy

Classical Cryptosystems: Ceasar, Vignere, Playfair, Rail Fence Ciphers
Modem Ciphers: Block vs. Stream Ciphers, Symmetric vs. Asymmetric Ciphers
Symmetric Encryption: Fiestel Cipher Structure, Data Encryption Standards (DES), Basic Concepts of Fields: Groups, Rings, Fields, Modular Arithmetic, Galois Fields, Polynomial Arithmetic, Advanced Encryption Standards (AES)
Number Theory: Prime Numbers, Fermat’s Theorem, Primility Testing: Miller-Rabin Algorithm, Euclidean Theorem, Extended Euclidean Theorem, Euler Totient Function
Asymmetric Encryption: Diffie-Helman Key Exchange, RSA Algorithm

Message Authentication
Hash Functions
Message Digests: MD4 and MD5
Secure Hash Algorithms: SHA-1
HMAC
Digital Signatures

User Authentication Principles
Password-Based Authentication
Token-Based Authentication
Biometric Authentication
Remote User Authentication
Two Factor Authentication

Access Control Principles
Subjects, Objects and Access Rights
Access Control Matrix and Capability Lists
Discretionary Access Control
Role Based Access Control
Attribute Based Access Control
Identity, Credential and Access Management
Trust Frameworks

Malicious Software
Virus and its phases, Virus Classification
Worm, Worm Propagation Model, State of Worm Technology
Trojan Horse
Intrusion and Intruders
Intrusion Detection System
Analysis Approaches: Anomaly Based, Signature Based
Honeypots

Overview of Network Security
Email Security: S/MIME, Pretty Good Privacy (PGP)
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
IP Security (IPSec)
Firewalls and their types

Security Audit
Security Auditing Architecture
Security Audit Trail
Implementing Logging Function
Audit Trail Analysis

Laboratory Works

The laboratory work includes implementing and simulating the concepts of cryptographic algorithms, hash functions, digital signatures, authentication & authorization systems, and malicious logics. The laboratory work covers implementing programs for following;
Classical ciphers like Caeser, Playfair, Railfence
DES, AES
Primality Testing, Euclidean Algorithm, RSA
MD5, SHA
Authentication systems like password based, Captcha, two factor authentications etc.
Role Based Access Controls
Malicious Logics

Teaching Methods

The major teaching methods that can be followed for this course includes class lectures, laboratory activity, group discussions, presentations and case studies. For laboratory work, the instructor can choose any programming language based on the comfort level of students.

References & Books

William Stallings and Lawrie Brown, Computer Security: Principles and Practice, Pearson
William Stallings, Cryptography and Network Security: Principles and Practice, Pearson.
Reference Books
Mark Stamp, Information Security: Principles and Practices, Wiley
Matt Bishop, Introduction to Computer Security, Addison Wesley
Matt Bishop, Computer Security, Art and Science, Addison Wesley
Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Pearson

Information Security - BCA 8th Semester, Tribhuvan University

Information Security - BCA 8th Semester, Tribhuvan University

Course Syllabus

Course Information

Course Description

Objectives

Course Units

Overview of Computer security

Cryptographic Algorithms

Message Authentication and Hash Functions

User Authentication

Access Control

Malicious Software and Intrusion

Network Security

Security Auditing

Laboratory Works

Teaching Methods

References & Books

Course Overview