BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK INTEGRATED LEARNING PROGRAMMES
Digital Learning
Part A: Course Design
|
Course Title
|
Network
Security
|
|
Course No(s)
|
SS
ZG513
|
|
Credit Units
|
4
|
|
Credit Model
|
|
|
Content Authors
|
Sanjay K. Sahay
|
Course Objectives:
|
No
|
Course Objective
|
|
CO1
|
Information security is an important area of information technology and this course on Network Security help audience to
understand the three important security goals in the networks -
Confidentiality, Integrity and Availability and cryptographic techniques to
implement these security goals.
|
|
CO2
|
The course provides a top down approach to explore the
security implementations in different network layers - application, transport
and network.
|
|
CO3
|
The course provides a necessary review of mathematical
concepts to implement different cryptographic techniques to achieve the
network security goals and then
provides a deeper dive to the field of cryptography - symmetric and
asymmetric key cryptography and methods to implement them.
|
|
CO4
|
The course consolidates and sums up the learning taking few
case studies and examples from latest trends and industry deployments.
|
Text Book(s):
|
T1
|
Stallings William:
Cryptography and Network Security - Principles and Practice, Pearson India,
6th Edition, 2014.
|
Reference Books & other resources:
|
R1
|
Forouzan B A, Mukhopadhyay Debdeep : Cryptography and Network Security, McGraw Hill, 2nd Edition, 2010. |
|
R2
|
Schneier Bruice: Applied Cryptography : Protocols, Algorithms And Source Code In C, Wiley India, 2nd Edition, Reprint - 2013. |
|
R3
|
Kurose James F and Keith
W. Ross: Computer Networking: A Top-Down Approach, Pearson India, 5th
Edition, 2012.
|
Learning Outcomes:
|
No
|
Learning Outcomes
|
|
LO1
|
Knowledge to visualize
the security goals clearly in the networks.
|
|
LO2
|
Knowledge of mathematical background and different
cryptographic techniques to provides security in the networks.
|
|
LO3
|
Ability to compare merits and demerits of different
Cryptographic techniques and take decisions while securing a network.
|
|
LO4
|
Ability to analyse a network for security flaws and fool
proofing.
|
M1: Introduction
|
Type
|
Description
|
|
RL1.1
|
RL1.1.1
= Introduction to Network Security
RL1.1.2
= Standardization in Information Security & OSI Security Architecture
|
|
RL1.2
|
RL1.2.1
= Security Attacks
RL1.2.2
= Security Mechanisms
RL1.2.3
= Security Services
|
|
RL1.3
|
RL1.3.1
= Reference Model for Network Security
RL1.3.2
= Techniques to Implement Network Security - An Introduction
|
M2: Classical Encryption
Techniques
|
Type
|
Description/Plan/Reference
|
|
RL2.1
|
RL2.1.1
= Basics of Cryptography
RL2.1.2
= Classical Encryption Techniques – Introduction
RL2.1.3
= General Thoughts on Breaking the Cryptosystems
RL2.1.4
= Cryptanalytic Attacks and Security Criteria
|
|
RL2.2
|
RL2.2.1
= Modular Arithmetic, Groups and Rings
RL2.2.2
= Classical Encryption Technique: Substitution and Transposition Cipher
RL2.2.3
= Ceaser and Affine Cipher
RL2.2.4
= One Time Pad
RL2.2.5
= Comparison of Classical Substitution Encryption Techniques
|
M3: Pseudo Random Number (PRN) Generation and Stream Ciphering
|
Type
|
Description/Plan/Reference
|
|
RL3.1
|
RL3.1.1
= True Random Number Generators (TRNG)
RL3.1.2
= Pseudo Random Number Generators (PRNG)
RL3.1.3
= Cryptography Secure Pseudo Random Number Generators (CSPRNG)
|
|
RL3.2
|
RL3.2.1
= Introduction to Stream Cipher
RL3.2.2
= Example of Stream Ciphering - RC4
|
M4: Mathematics for Symmetric Key
Cryptography
|
Type
|
Description/Plan/Reference
|
|
RL4.1
|
RL4.1.1
= Basic Number Theory
RL4.1.2
= GCD and Euclidean's Theorem
RL4.1.3
= Galois Field and Polynomial Arithmetic
|
M5: Block Ciphering Techniques
|
Type
|
Description/Plan/Reference
|
|
RL5.1
|
RL5.1.1
= Block Ciphering
RL5.1.2
= Shannon's Confusion and Diffusion Theory
|
|
RL5.2
|
RL5.2.1
= Advanced Encryption Standard (AES)
|
M6: Modes of Operations and Data Integrity
|
Type
|
Description/Plan/Reference
|
|
RL6.1
|
RL6.1.1
= Modes of Operations: ECB, CBC, OFB, CFB, CTR
RL6.1.2
= Multiple Encryption and Meet-in-the Middle Attack
|
|
RL6.2
|
RL6.2.1
= Secure Hash Algorithms: SHA-1 and SHA-3
RL6.2.3
= Message Authentication Codes: HMAC and CBC-MAC
|
M7: Mathematics for Asymmetric Key Cryptography
|
Type
|
Description/Plan/Reference
|
|
RL7.1
|
RL7.1.1
= Relevant Mathematical Concepts Used in Asymmetric Key Cryptography
RL7.1.2
= Fermat's Theorem
RL7.1.3
= Euler's Theorem
RL7.1.4
= Primitive Roots
|
M8: Asymmetric (Public) Key Cryptography
|
Type
|
Description/Plan/Reference
|
|
RL8.1
|
RL8.1.1 = Reference Model for
Asymmetric (Public) Key Cryptography
|
|
RL8.2
|
RL8.2.1
= Public Key Cryptosystems: RSA, OAEP
RL8.2.2
= Diffie-Hellman Key Exchange Algorithm
|
M9: Digital Signature
|
Type
|
Description/Plan/Reference
|
|
RL9.1
|
RL9.1.1
= Distribution of Symmetric Key
|
|
RL9.2
|
RL9.2.1
= Distribution of Asymmetric (Public) Keys
RL9.2.2
= Basic Concept of Digital Signatures and DSA
RL9.2.3
= Basic Concept of Public Key Certificates
RL9.2.4
= X.509 Certificate Structure
RL9.2.5
= Man-in-the Middle Attack
|
M10: User Authentication
|
Type
|
Description/Plan/Reference
|
|
RL10.1
|
RL10.1.1
= Problem Statement of User Authentication
RL10.1.2
= Kerberos
|
M11: Security at the Application Layer
|
Type
|
Description/Plan/Reference
|
|
RL11.1
|
RL11.1.1
= Overview - Layered Architecture in the service model and Networking Layers
RL11.1.2
= Security at the application layers - objectives, issues and need.
|
|
RL11.2
|
RL11.2.1
= E-Mail System Architecture
|
|
RL11.3
|
RL11.3.1
= Introduction to PGP
RL11.3.2
= Integrity services through PGP
RL11.3.3
= Confidentiality services through PGP
RL11.3.4
= Brief discussion on the Cryptographic Algorithms used in PGP
|
|
RL11.4
|
RL11.4.1
= Introduction to MIME and MIME Headers
|
|
RL11.5
|
RL11.5.1
= Introduction to S/MIME
RL11.5.2
= Security Services through S/MIME
RL11.5.3
= Certificates and Cryptographic Algorithms in S/MIME
|
M12: Security at the Transport Layer
|
Type
|
Description/Plan/Reference
|
|
RL12.1
|
RL12.1.1
= Web Security - threats, challenges and solutions.
|
|
RL12.2
|
RL12.2.1
= Secure Socket Layer (SSL): Introduction
RL12.2.2
= Secure Socket Layer (SSL): Handshake Protocol
RL12.2.3
= Secure Socket Layer (SSL): Change Cipher Spec Protocol
RL12.2.4
= Secure Socket Layer (SSL): Alert Protocol
RL12.2.5
= Secure Socket Layer (SSL): Record Protocol
|
|
RL12.3
|
RL12.3.1
= Secure Shell (SSH) Protocol for Secure Remote Login
|
M13: Security at the Network Layer
|
Type
|
Description/Plan/Reference
|
|
RL13.1
|
RL13.1.1
= Security Challenges at the Network Layer
RL13.1.2
= IP Security (IPSec) Overview
|
|
RL13.2
|
RL13.2.1
= IP Security - Different Variations
RL13.2.2
= IP Security Architecture
RL13.2.3
= Security Policy - IP Security Packer Processing
|
Instructional
Plan:
|
Sl. No.
|
Contact Session
|
Pre-contact Session
Preparation
|
Post Contact Session
Homework
|
|
1
|
CS-1
|
Recorded
Lectures for Module-1
|
Uses of Wireshark
|
|
2
|
CS-2
|
Recorded
Lectures for Module-1
|
Uses of Wireshark
|
|
3
|
CS-3
|
Recorded
Lectures for Module-2
|
Review the Simple attack to break the cryptosystem
|
|
4
|
CS-4
|
Recorded
Lectures for Module-2
|
Ceaser/Affine
Cipher –Worksheet and Lab Program
|
|
5
|
CS-5
|
Recorded
Lectures for Module-3
|
Find
out more on Intel processors that include True RNG
|
|
6
|
CS-6
|
Recorded
Lectures for Module-3
|
Stream
Cipher - RC4 Lab Program – Worksheet.
|
|
7
|
CS-7
|
Recorded
Lectures for Module-4
|
Relevance
of Extended Eculidean Algorithm
|
|
8
|
CS-8
|
Recorded
Lectures for Module-4
|
Example
of Polynomial Arithmetic
|
|
9
|
CS-9
|
Recorded
Lectures for Module-5
|
Understand
the algebra of AES e.g. finding invererse etc.
|
|
10
|
CS-10
|
Recorded
Lectures for Module-5
|
Implementatin
of AES
|
|
11
|
CS-11
|
Review
Session before Mid-Semester Exams
|
|
|
12
|
CS-12
|
Recorded
Lectures for Module-6
|
Modes of Operations Implementation
|
|
13
|
CS-13
|
Recorded
Lectures for Module-6
|
CBC-MAC implemetation
|
|
14
|
CS-14
|
Recorded
Lectures for Module-7
|
Generation of Large Prime Numbers
|
|
15
|
CS-15
|
Recorded
Lectures for Module-8
|
RSA Lab Programs
|
|
16
|
CS-16
|
Recorded
Lectures for Module-9
|
Check a digital certificate while accessing a secure
website and compare its structure with X.509 standard
|
|
17
|
CS-17
|
Recorded
Lectures for Module-10
|
Authentication with Digital Certificate
|
|
18
|
CS-18
|
Recorded
Lectures for Module-11
|
S/MIME in MS-Outlook - worksheet.
|
|
19
|
CS-19
|
Recorded
Lectures for Module-12
|
SSL Protocol Analysis using Wireshark - worksheet.
|
|
20
|
CS-20
|
Recorded
Lectures for Module-12
|
SSH Channel Types - Experimentation using PuTTY and
XMing - worksheet.
|
|
21
|
CS-21
|
Recorded
Lectures for Module-13
|
IPSec with Wireshark - Worksheet.
|
|
22
|
CS-10
|
Review
Session Before Comprehensive Exams
|
|
Contact
Session Details:
|
Sl. No.
|
Contact Session
|
Details need to be
covered in the contact session
|
|
1
|
CS-1
|
o Network Security and OSI Security Architecture
o Review of Attacks, Mechanisms and Services, Network
Security Model
|
|
2
|
CS-2
|
o Network Security Model
o Techniques to Implement Network Security
|
|
3
|
CS-3
|
o Cyrptography, Classical Encryption
o Breaking the Cryptosystem
|
|
4
|
CS-4
|
o Modular Arithmetic, Groups and Rings
o One example each in classical substitutive and
transposition ciphering.
|
|
5
|
CS-5
|
o Random numbers, its types and usage.
o TRNG, PRNG, CSPRNG
o Review of BBS
|
|
6
|
CS-6
|
o Stream Ciphering
o RC4 algorithm
|
|
7
|
CS-7
|
o Basic Number Theory
o Extended Euclidean Algorithm
|
|
8
|
CS-8
|
o Galois Field
o Polynomial Arithmetic
|
|
9
|
CS-9
|
o Block Ciphering
o Confusion and Diffusion Theory
|
|
10
|
CS-10
|
o AES and its importance in security
o Efficient implementation of AES.
|
|
11
|
CS-11
|
Recapitulation
of the all the sessions / problem solving before mid-semester exams
|
|
12
|
CS-12
|
o Modes of Operation and its applications
o Multiple Encryption and Meet-in-the Middle Attack
|
|
13
|
CS-13
|
o SHA-1 and SHA-3
o HMAC and CBC-MAC and its Security
|
|
14
|
CS-14
|
o Model of Asymmetric Key Cryptography
o Factorization and other methods for Public Key
Cryptography
|
|
15
|
CS-15
|
o RSA and OAEP
o Diffe-Hellman Key Exchange and its Security Aspects
|
|
16
|
CS-16
|
o Distribution of Symmetric and Asymmetric Key
o Digital Signature: DSA
o X.509 Certificate
o Man-in-the Middle Attack
|
|
17
|
CS-17
|
o User/Entity Authentication
o Kerberos
|
|
18
|
CS-18
|
o Review of PGP - Authentication and Confidentiality.
o Review of S/MIME.
|
|
19
|
CS-19
|
o Review of SSL and TLS.
o Review of SSH, its phases and its supported channel
types.
|
|
20
|
CS-20
|
o Need for IPSec
o Details of ESP and
brief idea of AH.
|
|
21
|
CS-21
|
o SAD and SPD with inbound/outbound packet processing.
o Discussion on the IPSec .
|
|
22
|
CS-22
|
Recapitulation
of the all the sessions / problem solving before comprehensive exams.
|
Evaluation Scheme:
Legend: EC = Evaluation Component; AN =
After Noon Session; FN = Fore Noon Session
|
No
|
Name
|
Type
|
Duration
|
Weight
|
Day, Date, Session, Time
|
|
EC-1
|
Quiz-I/ Assignment-I
|
Online
|
-
|
5%
|
September 1-10, 2016
|
|
|
Quiz-II
|
Online
|
|
5%
|
October 1-10, 2016
|
|
|
Lab
|
Online
|
|
10%
|
To be announced
|
|
EC-2
|
Mid-Semester Test
|
Closed Book
|
2 hours
|
30%
|
24/09/2016 (FN) 10 AM – 12 Noon
|
|
EC-3
|
Comprehensive Exam
|
Open Book
|
3 hours
|
50%
|
05/11/2016 (FN) 9 AM – 12 Noon
|
Note - Evaluation components can be tailored depending on the
proposed model.
Important
Information:
Syllabus for
Mid-Semester Test (Closed Book): Topics covered in session Nos. 1 to 11
Syllabus for Comprehensive Exam (Open
Book): All topics (Session Nos. 1 to 22)
Important links and
information:
Elearn portal: https://elearn.bits-pilani.ac.in
Students are expected to visit the Elearn portal on a regular basis and
stay up to date with the latest announcements and deadlines.
Contact sessions: Students should attend the online lectures as per the
schedule provided on the Elearn portal.
Evaluation Guidelines:
1. EC-1 consists of either two
Assignments or three Quizzes. Students will attempt them through the course
pages on the Elearn portal. Announcements will be made on the portal, in a
timely manner.
2. For Closed Book tests: No
books or reference material of any kind will be permitted.
3. For Open Book exams: Use of
books and any printed / written reference material (filed or bound) is
permitted. However, loose sheets of paper will not be allowed. Use of
calculators is permitted in all exams. Laptops/Mobiles of any kind are not
allowed. Exchange of any material is not allowed.
4. If a student is unable to
appear for the Regular Test/Exam due to genuine exigencies, the student should
follow the procedure to apply for the Make-Up Test/Exam which will be made
available on the Elearn portal. The Make-Up Test/Exam will be conducted only at
selected exam centres on the dates to be announced later.
It shall be the responsibility of the individual student to be regular
in maintaining the self study schedule as given in the course handout, attend
the online lectures, and take all the prescribed evaluation components such as
Assignment/Quiz, Mid-Semester Test and Comprehensive Exam according to the
evaluation scheme provided in the handout.
No comments:
Post a Comment