M.TECH.

(INFORMATION SECURITY & CYBER FORENSICS)

FULL TIME
CURRICULUM & SYLLABUS
2015-16

FACULTY OF ENGINEERING AND TECHNOLOGY

SRM INSTITUTE OF SCIENCE AND TECHNOLOGY
SRM NAGAR, KATTANKULATHUR – 603 203
 SRM Institute of Science and Technology
Department of Information Technology
M.Tech( Information Security and Cyber Forensics)

COURSE
COURSE NAME L T P C
CODE
CORE COURSES: I AND II SEMESTER
IS2001 Introduction to Cryptography 3 0 2 4
IS2006 Security Scripting and Analysis 3 0 2 4
IS_R2002 Operating Systems Administration and Security 3 0 2 4
IS2003 Network Security 3 0 2 4
IS2004 TCP/IP 3 0 2 4
IS2005 Forensics and Incident Response 3 0 2 4
CAC2001 Career Advancement Course for Engineers - I 1 0 1 1
CAC2002 Career Advancement Course for Engineers - II 1 0 1 1
Total 20 0 14 26
Total Contact hours:34
CORE COURSES: III SEMESTER
IS2047 Seminar (Pass/Fail Course) 0 0 1 1
IS2049 Project Phase-I 0 0 12 6
CAC2003 Career Advancement Course for Engineers - III 1 0 1 1
Total 1 0 14 8
CORE COURSES: IV SEMESTER
IS2050 Project Phase-II 0 0 32 16
SUPPORTIVE COURSE:
MA2019 Number Theory 3 0 0 3
Inter Disciplinary Elective
One course to be taken in Semester I or II or III 3 0 0 3
PROGRAM ELECTIVES
6 courses of 3 credits each to be taken in 0 0 0 18
Semesters I -III
Total Credits 74

Total Number of credits to be earned for M.TECH degree: 74

CONTACT HOUR/CREDIT:
L: Lecture Hours per week
T: Tutorial Hours per week
P: Practical Hours per week
C: Credit
PROGRAM ELECTIVES
COURSE COURSE NAME L T P C
 CODE
IS2101 Applied Cryptology 3 0 0 3
IS2102 Principles of Secure Coding 2 0 2 3
IS2103 Mobile and Digital Forensics 3 0 0 3
IS_R2104 Mobile and Wireless Security 3 0 0 3
IS_R2106 Malware Analysis 2 0 2 3
IS_R2107 Penetration Testing and Vulnerability Assessment. 2 0 2 3
IS2108 Computer and Information Security Management 3 0 0 3
IS2109 Risk Assessment and Security Audit 3 0 0 3
IS2110 Storage Management and Security 3 0 0 3
IS2111 Cloud Architectures and Security 2 0 2 3
IS2112 Cyber Law 3 0 0 3
IS2113 Android Security Design and Internals 2 0 2 3

CREDITS
SL.
CATEGORY I II III IV CATEGOR
NO.
SEMESTER SEMESTER SEMESTER SEMESTER Y TOTAL
1 Core courses 12 12 --- --- 24
(3 courses) (3 courses)
2 Program Elective
18 (in I to III semesters) --- 18
courses
Interdisciplinary
elective courses
(any one
3 (in I to III semesters) --- 3
program elective
from other
programs)
3 Supportive
courses – 3 (in I to III semesters) --- 3
mandatory
4 Seminar --- --- 1 --- 1
5 Career
Advancement 1 1 1 -- 3
Cources
6 Project work --- --- 06 16 22
Total 74
 COURSE
COURSE TITLE L T P C
CODE
INTRODUCTION TO CRYPTOLOGY 3 0 2 4
Total Contact Hours – 75
IS2001
Prerequisite
Nil
PURPOSE
The course provides a comprehensive view of symmetric and asymmetric
cryptographic Schemes and key management issues.
INSTRUCTIONAL OBJECTIVES
1. Understand OSI security architecture and classic encryption techniques
2. Acquire fundamental knowledge on the concepts of finite fields and number
theory
3. Understand various block cipher and stream cipher models
4. Describe the principles of public key cryptosystems, hash functions and digital
signature

UNIT 1 - INTRODUCTION (9 Hours)

Services, Mechanisms and attacks-the OSI security architecture-Network security
model classical Encryption techniques (Symmetric cipher model, substitution
techniques, transposition, Techniques, steganography)

UNIT II - FINITE FIELDS AND NUMBER THEORY (9 Hours)

Groups, Rings, Fields-Modular arithmetic-Euclid’s algorithm-Finite fields-Polynomial
Arithmetic –Prime numbers-Fermat’s and Euler’s theorem-Testing for primality -The
Chinese Remainder theorem- Discrete logarithms.

UNIT III - BLOCK CIPHERS (9 Hours)

Data Encryption Standard-Block cipher principles-block cipher modes of operation-
Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm.

UNIT IV - PUBLIC KEY CRYPTOGRAPHY (9 Hours)

Principles of public key cryptosystems-The RSA algorithm-Key management -Diffie
Hellman Key exchange - Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT V - HASH FUNCTIONS AND DIGITAL SIGNATURES (9 Hours)
Authentication functions-Message authentication codes-Hash functions - Hash
Algorithms (MD5, Secure Hash Algorithm)-Digital signatures (Authentication
protocols, Digital signature Standard).
Practical: (30 Hours)
REFERENCES
1. William Stallings, “Cryptography and Network Security”, Pearson Education, 6th
Edition, 2013, ISBN 10: 0133354695.
2. AtulKahate, “Cryptography and Network Security”, McGraw Hill Education India
(Pvt Ltd),2nd edition, 2009, ISBN 10: 0070151458.
3. Charlie Kaufman, Radia Perlman, Mike Speciner, “Network Security: Private
Communication in a Public World”, Prentice Hall, 2 nd edition, 2002, ISBN 10:
0130460192.
4. Charles Pfleeger, Shari Lawrence Pfleeger “Security in computing”, Prentice
Hall,4th Edition, 2006,ISBN 10: 0132390779

SECURITY SCRIPTING AND

IS2006
ANALYSIS L T P C

Total Contact Hours – 75 3 0 2 4

PURPOSE Prerequisite
NIL
This course will help the students to gain mastery over scripting and its
application to problems in computer and network security. This course is
ideal for penetration testers, security enthusiasts, Packet analyzers and
network administrators who want to learn to automate tasks or go beyond just
using readymade tools.

INSTRUCTIONAL OBJECTIVES

1 Understand the system and network security programming.

2 Acquire knowledge on developing web servers and clients

3 Understand various exploitation techniques.

UNIT I - Introduction To Programming Language Types and styles (8 hours)

Introduction to Interpreted Languages - Data Types and variables - Operators
and Expressions - Program Structure and Control - Functions and Functional
Programming - Classes, Objects and other OOPS concepts. I/O stream- File and
Directory Access - Multithreading and Concurrency - Inter Process
Communication (IPC) - Permissions and Controls

UNIT II - NETWORK SECURITY PROGRAMMING (9 hours)

Raw Socket basics -Socket Libraries and Functionality - Programming Servers
and Clients - Asynchronous socket channels, Multithreaded server -
Programming Wired and Wireless Sniffers - Programming arbitrary packet
injectors - Symmetric and Asymmetric encryption client/server

UNIT III - WEB APPLICATION SECURITY (9 hours)

Web Servers and Client scripting - Web Application Fuzzers - Scraping Web
Applications – HTML and XML file analysis - Web Browser Emulation - Attacking
Web Services - Application Proxies and Data Mangling - Attacking Session
Management - Attacking Access Controls

UNIT IV - EXPLOITATION TECHNIQUES (9 hours)

Exploit Development techniques - Immunity Debuggers and Libs - Writing
plugins - Binary data analysis - Exploit analysis Automation- Finding
Vulnerabilities in Source Code - Automating Customized Attacks

UNIT V - Mastering Packet Analysis (10 Hours)

Capturing methodologies, Capture filters, Display filters, Searching for packets
using the Find dialog, Create new Wireshark profiles, Graphs-(I/O,TCP, Flow),
Inspecting Application Layer protocols - DNS,FTP, HTTP, SMTP. Analyzing
Transport Layer Protocol, Analyzing Traffic in thin Air
Network Security Analysis.

PRACTICAL (30 hours)

REFERENCES

1. Mike Dawson,”More Python programming for Absolute Beginner”, Cengage

Learning PTR; 3rd edition, ISBN-10: 1435455002, ISBN-13: 978-
14354550092, 2010.
2. The Web Application Hacker’s Handbook, 2nd Edition, Wiley
Publication, Dafydd Stuttard, Marcus Pinto
3. Learning Network Programming with Java, PACKT Publishing, By Richard
M Reese, December 2015
4. Mastering Wireshark, PACKT Publishing, By Charit Mishra, March 2016
5. Mark Lutz,” Python Pocket reference”, O'Reilly Media; 4 th edition , ISBN-
10: 0596158084, ISBN-13: 978-0596158088, 2009.
SUBJECT
COURSE TITLE L T P C
CODE
OPERATING SYSTEMS ADMINISTRATION AND
3 0 2 4
SECURITY
IS_R2002 Total Contact Hours – 75
Prerequisite
NIL
PURPOSE
Any information security professional, needs to have a thorough knowledge related
operating systems concepts. With this in mind, this course’s purpose is to make the
learner knowledgeable in the various functions of OS, basic administration of an open
source OS and methods to secure operating systems.
INSTRUCTIONAL OBJECTIVES
1. Become knowledgeable in the concepts of various functions of operating systems.
2. Gain hands-on experience in the basic administration of a linux system.
3. Understand the concepts of securing operating systems.

UNIT I – OVERVIEW OF OPERATING SYSTEMS (9 Hours)

Introduction- Computer system Organization and Architecture- Operating System
structure and operations; Principles and design of process, memory, and file systems
management. Protection and security, Secure OS: Scope of system security-security
goals -trust model -threat model

UNIT I – ACCESS CONTROL FUNDAMENTS (9 Hours)

Access Control Fundaments: Protection systems – Lampson’s access matrix,
mandatory protection systems, Reference monitor – Secure operating system
definition – Assessment criteria’ MULTICS: security fundamentals – protection
systems -access control lists reference monitor – security – vulnerability analysis.

UNIT III - OPERATING SYSTEM SECURITY (9 Hours)

Security in Windows and Unix: Protection system, Authorization, Security analysis
and vulnerabilities; Verifiable security goals: Information flow – secrecy models –
integrity models- convert channels; security kernel: Secure Communication processor
– architecture – hardware – SCOMP trusted OS-Gemini Secure OS; VM systems.
UNIT IV – COMPUTER SECURITY TECHNIQUES (9 Hours)
Authentication – Access control-intrusion detection-malware defenses-buffer overflow
attacks; Unix and Windows security

UNIT V – LINUX ADMINISTRATION WITH SHELL SCRIPTS (9 Hours)

Introduction – Linux Kernel architecture; system administration tasks in linux
managing user accounts-.rc files-device management – disk space allocation
automation system administration with shell scripts.

Practical
1. Shell programming and administrative commands
2. Buffer Overflow attack
3. Race Condition Attack
4. Shell Shock Attack
5. Implementing access control policy
6. Logging, Auditing and log monitoring
7. Enforcing password policies
8. Adding a new system call
9. VM Security
10. Configuring and installing OS
11. Intrusion Detection System
12. Writing your own shell interpreter

REFERENCES
1. William Stalling, Operating System: Internals and Design Principles, Prentice
Hall, 7th Edition, 2012.
2. Promod Chandra P Bhat, An Introduction to Operating Systems: Concepts and
practice, Prentice hall of India, 4th Edition, 2014
3. Tom Adelstein and Bill Lubanovic, Linux System Administration, O’Reilly Media,
Inc., 1st Edition, 2007.
4. Trent Jaeger, Operating Systems Security, Morgan & Claypool Publisher, 2008.
5. Michael J.Palmer, Guide to Operating System Security, Thomson / Course
technology, 2004.
6. Randal E. Bryant and David R. O’Hallaron, Computer Systems: A Programmer’s
Perspective, prentice Hall, 2nd Edition, 2011
COURSE
COURSE TITLE L T P C
CODE
NETWORK SECURITY 3 0 2 4
Total Contact Hours – 75
IS2003
Prerequisite
Computer Networks, Cryptography
PURPOSE
This course provides a comprehensive view of the network security principles and
measures to prevent vulnerabilities and security attacks in the networks.
INSTRUCTIONAL OBJECTIVES
1. Understand the basic concepts of networks, networking devices and various
attacks possible on networking devices
2. Understand the concept of IP security and architecture
3. Understand the various methods and protocols to maintain E-mail security and
web security
4. Understand the various methods of password management and protocols to
maintain system security

UNIT I - INTRODUCTION TO NETWORK SECURITY (10 Hours)

Networking Devices(Layer1,2,3)- Different types of network layer attacks–Firewall
(ACL, Packet Filtering, DMZ, Alerts and Audit Trials) – IDS,IPS and its types
(Signature based, Anomaly based, Policy based, Honeypot based).

UNIT II - VIRTUAL PRIVATE NETWORKS (12 Hours)

VPN and its types –Tunneling Protocols – Tunnel and Transport Mode –
Authentication Header-Encapsulation Security Payload (ESP)- IPSEC Protocol Suite
– IKE PHASE 1, II – Generic Routing Encapsulation(GRE).

UNIT III - MPLS AND MPLS VPN (10 Hours)

WAN Topologies- Standard IP based Switching – CEF based Multi-Layer switching-
MPLS Characteristics- Frame Mode MPLS Operation – MPLS VPN.

UNIT IV - E-MAIL SECURITY (6 Hours)

Security Services for E-mail-attacks possible through E-mail – establishing keys-
privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good
Privacy-S/MIME.
UNIT V -WEB SECURITY (7 Hours)
SSL/TLS Basic Protocol-computing the keys- client authentication-PKI as deployed
by SSL Attacks fixed in v3- Exportability-Encoding-Secure Electronic Transaction
(SET), Kerberos

Practical: (30 hours)

REFERENCES

1. Charlie Kaufman, Radia Perlman, Mike Speciner, “Network Security”, Prentice

Hall, 2ndedition, 2002, ISBN-10: 0130460192, ISBN-13: 978-0130460196.
2. Charles Pfleeger,” Security in Computing”, Prentice Hall, 4th Edition, 2006, ISBN-
10: 0132390779, ISBN-13: 978-01323907744.
3. Ulysess Black, “Internet Security Protocols: Protecting IP Traffic”, Prentice Hall
PTR; 1st edition, 2000, ISBN-10: 0130142492, ISBN-13: 978-0130142498.
4. Amir Ranjbar 2007, CCNP ONT Official Exam Certification Guide, Cisco Press
[ISBN: 978-1-58720-176-3].
5. Luc De Ghein 2006, MPLS Fundamentals, 1st Ed. Ed., Cisco Press [ISBN: 978-
1- 58705-197-5]
6. William Stallings, “Cryptography and Network Security”, Pearson Education, 6th
Edition, 2013, ISBN 10: 0133354695.

COURSE
COURSE NAME L T P C
CODE
TCP/IP 3 0 2 4
Total Contact Hours – 75 (Theory – 45, Practical –
IS2004 30)
Prerequisite
Computer Networks
PURPOSE
TCP/IP is arguably the single most important computer networking technology. The
Internet and most home networks support TCP/IP as communication protocol. This
course provides a foundation to understand various principles, protocols and design
aspects of Computer Network and also helps to achieve the fundamental purpose of
computer networks in the form of providing access to shared resources.

INSTRUCTIONAL OBJECTIVES
1. Understand the evolution of computer networks over the period of time using the
layered network architecture.
2. Work with client server sockets and also can develop applications to speak with
 each other.
3. Learn and understand the next generation Internet protocol and also to work
with wide area network technologies.

UNITI - INTRODUCTION TO COMPUTER NETWORKS (6 Hours)

Introduction to Layered Architecture (TCP/IP, OSI), Networking Devices, IP
addressing, Subnetting, VLSM, CIDR.

UNIT II - NETWROK LAYER PROTOCOLS (12 Hours)

Router IOS- Static and Default Routing-Interior Gateway Routing Protocols: RIP
V1&V2, OSPF, EIGRP- Exterior Gateway Routing Protocol: BGP.

UNIT III - TRANSPORT LAYER PROTOCOLS (9 Hours)

TCP & UDP datagram and its characteristics, RTP, Flow Control and Error Control
Mechanisms, Silly Window Syndrome - Clark’s and Nagle Algorithm - Congestion
Control Mechanisms - Token Bucket and Leaky Bucket.

UNIT IV - SOCKET PROGRAMMING (9 Hours)

Introduction to socket programming- Concurrent Processing in Client-Server
Software-Byte ordering and address conversion functions – Socket Interface - System
calls used with sockets - Iterative server and concurrent server- Multi protocol and
Multi service server- TCP/UDP Client server programs – Thread Creation and
Termination – TCP Echo Server using threads- Remote Procedure Call.
UNIT V - NEXT GENERATION INTERNET PROTOCOL (9 Hours)
Introduction to IPv6 – IPv6 Advanced Features –V4 and V6 header comparison – V6
Address types –Stateless auto configuration – IPv6 routing protocols – IPv4-V6
Tunnelingand Translation Techniques.

REFERENCE BOOKS:
1. Douglas E. Comer,” Internetworking with TCP/IP, Principles, Protocols, and
Architecture”, Addison-Wesley, 5th edition, Vol 1, 2005, ISBN-10: 0131876716 |
ISBN-13: 978-0131876712.
2. Douglas E. Comer, David L. Stevens,” Internetworking with TCP/IP Vol. III,
Client-Server Programming and Applications”, Addison-Wesley, 2nd edition,
2000, ISBN-10: 013260969X, ISBN-13: 978-0132609692.
3. Wendell Odom,” CCNP Route 642-902, CCIE”, Official Certification Guide,
Pearson.
4. Behrouz A. Forouzan, “Data Communications and Networking”, McGraw-Hill, 5th
edition, 2012, ISBN- 10: 0073376221, ISBN-13: 978-0073376226.

COURSE
COURSE NAME L T P C
CODE
 IS2005 Forensics and Incident Response 3 0 2 4
Total Contact Hours – 75
Prerequisite
NIL
PURPOSE
The course focuses on the procedures for identification, preservation, and extraction
of electronic evidence, auditing and investigation of network and host system
intrusions, analysis and documentation of information gathered, and preparation of
expert testimonial evidence. The course will also provide hands on experience on
various forensic tools and resources for system administrators and information
system security officers.
INSTRUCTIONAL OBJECTIVES
1. Plan and prepare for all stages of an investigation - detection, initial response
and management interaction.
2. Investigate web server attacks, DNS attacks and router attacks and also can
learn the importance of evidence handling and storage.
3. Monitor network traffic and detect illicit servers and covert channels

UNIT I - INCIDENT AND INCIDENT RESPONSE (9 Hours)

Introduction to Incident - Incident Response Methodology – Steps - Activities in Initial
Response Phase after detection of an incident

UNIT II - INITIAL RESPONSE AND FORENSIC DUPLICATION (9 Hours)

Initial Response & Volatile Data Collection from Windows system - Initial Response &
Volatile Data Collection from Unix system - Forensic Duplication: Forensic
duplication: Forensic Duplicates as Admissible Evidence, Forensic Duplication Tool
Requirements, Creating a Forensic Duplicate/Qualified Forensic Duplicate of a Hard
Drive

UNIT III - STORAGE AND EVIDENCE HANDLING (9 Hours)

File Systems: FAT, NTFS - Forensic Analysis of File Systems - Storage
Fundamentals: Storage Layer, Hard Drives Evidence Handling: Types of Evidence,
Challenges in evidence handling, Overview of evidence handling procedure
UNIT IV - NETWORK FORENSICS (9 Hours)
Collecting Network Based Evidence - Investigating Routers - Network Protocols -
Email Tracing - Internet Fraud

UNIT V - SYSTEMS INVESTIGATION AND ETHICAL ISSUES (9 Hours)

Data Analysis Techniques - Investigating Live Systems (Windows &Unix) -
Investigating Hacker Tools - Ethical Issues - Cybercrime

REFERENCES
1. Kevin Mandia, Chris Prosise, “Incident Response and computer forensics”, Tata
McGrawHill,2006.
2. Peter Stephenson, "Investigating Computer Crime: A Handbook for Corporate
Investigations", Sept 1999
3. Eoghan Casey, "Handbook Computer Crime Investigation's Forensic Tools and
Technology", Academic Press, 1st Edition, 2001
4. Skoudis. E., Perlman. R. Counter Hack: A Step-by-Step Guide to Computer
Attacks and Effective Defenses. Prentice Hall Professional Technical Reference.
2001.
5. Norbert Zaenglein, "Disk Detective: Secret You Must Know to Recover
Information from a Computer", Paladin Press, 2000
6. Bill Nelson, Amelia Philips and Christopher Steuart, “Guide to computer
forensics and investigations”, course technology,4thedition, ISBN: 1-435-49883-6

COURSE
COURSE NAME L T P C
CODE
IS2047 SEMINAR 0 0 1 1

PURPOSE
Seminar is one of the important components for the engineering graduates to exhibit
and expose their knowledge in their field of interest. It also gives a platform for the
students to innovate and express their ideas in front of future engineering graduates
and professionals.

INSTRUCTIONAL OBJECTIVES
1. To make a student study and present a seminar on a topic of current relevance
in Information Technology or related fields.
2. Enhancing the debating capability of the student while presenting a seminar on a
technical topic.
3. Training a student to face the audience and freely express and present his ideas
without any fear and nervousness, thus creating self-confidence and courage
which are essentially needed for an Engineer.

GUIDELINES
1. Each student is expected to give a seminar on a topic of current relevance in
IT/Related field with in a semester.
2. Students have to refer published papers from standard journals.
3. The seminar report must not be the reproduction of the original papers but it can
be used as reference.

ASSESMENT
Assessment will be done according to university regulation.
 COURSE
COURSE TITLE L T P C
CODE
IT2049 PROJECT WORK PHASE I / III SEMESTER 0 0 12 6
IT2050 PROJECT WORK PHASE II / IV SEMESTER 0 0 32 16
PURPOSE
To undertake research in an area related to the program of study
INSTRUCTIONAL OBJECTIVES
The student shall be capable of identifying a problem related to the program of study
and carry out wholesome research on it leading to findings which will facilitate
development of a new/improved product, process for the benefit of the society.
M.Tech projects should be socially relevant and research-oriented ones. Each
student is expected to do an individual project. The project work is carried out in two
phases – Phase I in III semester and Phase II in IV semester. Phase II of the project
work shall be in continuation of Phase I only. At the completion of a project the
student will submit a project report, which will be evaluated (end semester
assessment) by duly appointed examiner(s). This evaluation will be based on the
project report and a viva voce examination on the project. The method of assessment
for both Phase I and Phase II is shown in the following table:

ASSESMENT Tool Weightage

In-semester I review 10%
II review 15%
III review 35%
End semester Final viva voce examination 40%

Student will be allowed to appear in the final viva voce examination only if he / she
has submitted his / her project work in the form of paper for presentation / publication
in a conference / journal and produced the proof of acknowledgement of receipt of
paper from the organizers / publishers.

COURSE CODE COURSE NAME L T P C

NUMBER THEORY
Total Contact Hours:45
MA2019 3 0 0 3
Pre-requisite
Knowledge of basic algebra is preferred
PURPOSE
To familiarize the students with the applied mathematical methods that can be used
for solving problems in solar energy applications
INSTRUCTIONAL OBJECTIVES
1. Gain an appreciation of the importance and beauty of the basic ideas in
elementary number theory.
2. Develop and improve problem solving skills
3. Develop basic understanding of the concepts in prime numbers, congruence,
quadratic reciprocity and number theory algorithms.

UNIT I - PRIME NUMBERS AND DIVISIBILITY (9 Hours)

Divisibility in integers, G.C.D, L.C.M - prime numbers – prime factorization-
Fundamental theorem of arithmetic – Euclidean division algorithm - Fermat numbers.

UNIT II - ARITHMETICAL FUNCTIONS (9 Hours)

The Mobius function (n)- divisor sum formulafor (n) – The Euler totient function
(n) - divisor sum formulafor (n)– A relation connecting  and - A product formula
for (n) – properties of(n)–Multiplicative functions–completely multiplicative
function.
UNIT III – CONGRUENCES (9 Hours)
Basic properties – Residue classes and complete residue systems – linear
congruences – Reduced residue systems and Euler Fermat theorem – Simultaneous
linear congruences – The Chinese remainder theorem.

UNIT IV - PRIMITIVE ROOTS (9 Hours)

Primitive roots and reduced residue system – Non existence of p-roots
mod 2 (  3) - existence of p-roots mod p for odd primes p – Existence of p-root
mod p - p- root mod 2 p -Non existence of p-roots in other cases.

UNIT V - QUADRATIC RECIPROCITY AND ELLIPTIC CURVES (9 Hours)

Quadratic Residues – Legendre’s symbol and its properties – Evaluation of (-1 | p)
and (2 | p) – Gauss’ lemma – The Quadratic Reciprocity law – Applications – The
Jacobi symbol – continued fractions – elliptic curves –applications
REFERENCES
1. A.Jones & M.Jones, Elementary Number Theory, Springer publications, 1998
2. William Stein, Elementary Number Theory, Springer 2009
3. Tom M. Apostol, Introduction to Analytic Number Theory, Springer International
Student Edition, Narosa Publishing House, New Delhi.
4. David M.Burton, “Elementary Number Theory “Mcgraw Hill science ,sixth edition.

INTERDISCIPLINARY ELECTIVE L T P C
Total Contact Hours:45 3 0 0 3
Students to choose one Elective course from the list of Post Graduate courses
specified under the faculty of Engineering and Technology other than the courses
under MTech(ISCF) curriculum either I,II or III semester.

COURSE
COURSE NAME L T P C
CODE
APPLIED CRYPTOLOGY 3 0 0 3
Total contact hours – 45
IS2101
Prerequisite
Cryptography, Network Security
PURPOSE
The course provides an overview of the various encryption techniques, how to use
them to protect the data.

INSTRUCTIONAL OBJECTIVES
1. Understand basic encryption methods and algorithms, he strengths and
 weaknesses of encryption algorithms
2. Understand encryption key exchange and management
3. Understand how to deploy encryption techniques to secure data stored on
computer systems
4. Understand how to deploy encryption techniques to secure data in transit
across data networks and also to
demonstrate best practice deployment of cryptographically technologies
UNIT - I (9 Hours)
Foundations – Protocol Building Blocks - Basic Protocols - Intermediate Protocols –
Advanced Protocols - Zero-Knowledge Proofs - Zero-Knowledge Proofs of Identity -
Blind Signatures - Identity-Based Public-Key Cryptography - Oblivious Transfer -
Oblivious Signatures - Esoteric
Protocols
UNIT - II (9 Hours)
Key Length - Key Management - Electronic Codebook Mode - Block Replay - Cipher
Block Chaining Mode - Stream Ciphers - Self-Synchronizing Stream Ciphers - Cipher-
Feedback Mode - Synchronous Stream Ciphers - Output-Feedback Mode - Counter
Mode - Choosing a Cipher Mode - Interleaving - Block Ciphers versus Stream
Ciphers - Choosing an Algorithm - Public- Key Cryptography versus Symmetric
Cryptography - Encrypting Communications Channels - Encrypting Data for Storage -
Hardware Encryption versus Software Encryption - Compression, Encoding, and
Encryption - Detecting Encryption – Hiding and Destroying Information.
UNIT - III (9 Hours)
Information Theory - Complexity Theory - Number Theory - Factoring - Prime Number
Generation - Discrete Logarithms in a Finite Field - Data Encryption Standard (DES) –
Lucifer - Madryga - NewDES - GOST – 3 Way – Crab – RC5 - Double Encryption -
Triple Encryption - CDMF Key Shortening - Whitening.
UNIT - IV (9 Hours)
Pseudo-Random-Sequence Generators and Stream Ciphers – RC4 - SEAL -
Feedback with Carry Shift Registers - Stream Ciphers Using FCSRs - Nonlinear-
Feedback Shift Registers - System-Theoretic Approach to Stream-Cipher Design -
Complexity-Theoretic Approach to Stream-Cipher Design - N- Hash - MD4 - MD5 -
MD2 - Secure Hash Algorithm (SHA) - One- Way Hash Functions Using Symmetric
Block Algorithms - Using Public-Key Algorithms - Message Authentication Codes
UNIT - V (9 Hours)
RSA - Pohlig-Hellman - McEliece - Elliptic Curve Cryptosystems -Digital Signature
Algorithm (DSA) - Gost Digital Signature Algorithm - Discrete Logarithm Signature
Schemes - Ongchnorr- Shamir -Cellular Automata - Feige-Fiat-Shamir -Guillou-
Quisquater - Diffie-Hellman - Station-to-Station Protocol -Shamir’s Three-Pass
Protocol - IBM Secret-Key Management Protocol - MITRENET - Kerberos - IBM
Common Cryptographic Architecture

REFERENCES
1. Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code
in C”
1. John Wiley & Sons, Inc, 2nd Edition, 1996.
2. Wenbo Mao, “Modern Cryptography Theory and Practice”, Pearson Education,
2004
3. AtulKahate, “Cryptography and Network Security”, Tata McGrew Hill, 2003.
4. William Stallings, “Cryptography and Network Security”, 3rd Edition, Pearson
Education, 2003.

COURSE
COURSE NAME L T P C
CODE
PRINCIPLES OF SECURE CODING 2 0 2 3
Total Contact Hours – 60
IS2102
Prerequisite
Knowledge of Programming is preferred
PURPOSE
Commonly exploited software vulnerabilities are usually caused by avoidable
software defects. Overcoming these defects during the process of development of
software leads to secure coding practices. So, the purpose of this course is to
identify, explain and demonstrate the problems in insecure coding practices and
methods to rectify the same.
INSTRUCTIONAL OBJECTIVES
1. Understand the need for secure coding and proactive development process
2. Explain and demonstrate secure coding practices
3. Learn input issues related to database and web and fundamental principles of
software security engineering

UNIT I - INTRODUCTION (6 Hours)

Need for secure systems- Proactive security development process- Security
principles to live by and threat modeling

UNIT II - SECURE CODING IN C (6 Hours)

Character strings- String manipulation errors – String Vulnerabilities and exploits –
Mitigation strategies for strings- Pointers – Mitigation strategies in pointer based
vulnerabilities – Buffer Overflow based vulnerabilities

UNIT III - SECURE CODING IN C++ AND JAVA (6 Hours)

Dynamic memory management- Common errors in dynamic memory management-
Memory managers- Double –free vulnerabilities –Integer security- Mitigation
strategies

UNIT IV - DATABASE AND WEB SPECIFIC INPUT ISSUES (6 Hours)

Quoting the Input – Use of stored procedures- Building SQL statements securely-
XSS related attacks and remedies

UNIT V - SOFTWARE SECURITY ENGINEERING (6 Hours)

Requirements engineering for secure software: Misuse and abuse cases- SQUARE
process model- Software security practices and knowledge for architecture and
design

REFERENCES
1. Michael Howard , David LeBlanc, “Writing Secure Code”, Microsoft Press, 2nd
Edition, 2003
2. Robert C.Seacord, “ Secure Coding in C and C++”, Pearson Education, 2nd
edition, 2013
3. Julia H. Allen, Sean J. Barnum, Robert J. Ellison, Gary McGraw, Nancy R.
Mead, “ Software Security Engineering : A guide for Project Managers”, Addison-
Wesley Professional, 2008

Course
Course Name L T P C
Code
MOBILE AND DIGITAL FORENSICS 3 0 0 3
Total Contact Hours – 45
IS2103 Prerequisite
Knowledge of Forensics and Incident
response is preferred
PURPOSE
The use of Mobile phones and digital devices across the globe has increased
dramatically. These devices are more susceptible to information security attacks and
thus they also possess huge evidences which shall be used during crime scene
investigation. This makes the course on mobile and digital forensics an inevitable one
for the security professionals. This course on mobile and digital forensics will provide
a better understanding for the course participants on different forms of evidences in
many digital devices, collection and interpretation of the same.
INSTRUCTIONAL OBJECTIVES
1. Understand the basics of wireless technologies and security.
2. Become knowledgeable in mobile phone forensics and android forensics.
3. Learn the methods of investigation using digital forensic techniques.
UNIT- I (9 Hours)
Overview of wireless technologies and security: Personal Area Networks, Wireless
Local Area Networks, Metropolitan Area Networks, Wide Area Networks. Wireless
threats, vulnerabilities and security: Wireless LANs, War Driving, War Chalking, War
Flying, Common Wi-fi security recommendations, PDA Security, Cell Phones and
Security, Wireless DoS attacks, GPS Jamming, Identity theft.

UNIT - II (9 Hours)
CIA triad in mobile phones-Voice, SMS and Identification data interception in GSM:
Introduction, practical setup and tools, implementation- Software and Hardware
Mobile phone tricks: Netmonitor, GSM network service codes, mobile phone codes,
catalog tricks and AT command set- SMS security issues

UNIT - III (12 Hours)

Mobile phone forensics: crime and mobile phones, evidences, forensic procedures,
files present in SIM card, device data, external memory dump, evidences in memory
card, operators systems- Android forensics: Procedures for handling an android
device, imaging android USB mass storage devices, logical and physical techniques

UNIT - IV (7 Hours)
Digital forensics: Introduction – Evidential potential of digital devices: closed vs. open
systems, evaluating digital evidence potential- Device handling: seizure issues,
device identification, networked devices and contamination-

UNIT - V (8 Hours)
Digital forensics examination principles: Previewing, imaging, continuity, hashing and
evidence locations- Seven element security model- developmental model of digital
systems- audit and logs- Evidence interpretation: Data content and context
REFERENCES
1. Gregory Kipper, “Wireless Crime and Forensic Investigation”, Auerbach
Publications, 2007
2. Iosif I. Androulidakis, “ Mobile phone security and forensics: A practical
approach”, Springer publications, 2012
3. Andrew Hoog, “ Android Forensics: Investigation, Analysis and Mobile Security
for Google Android”, Elsevier publications, 2011
4. Angus M.Marshall, “ Digital forensics: Digital evidence in criminal investigation”,
John – Wiley and Sons, 2008

COURSE
COURSE NAME L T P C
CODE
MOBILE AND WIRELESS SECURITY 3 0 0 3
Total Contact Hours – 45
IS_R2104
Prerequisite
TCP/IP, Principles of Network Security
PURPOSE
The course deals with the security and privacy problems in the realm of wireless
networks and mobile computing. The subject is useful to researchers working in the
fields of mobile and wireless security and privacy and to graduate students seeking
new areas to perform research.
INSTRUCTIONAL OBJECTIVES
1. Gain in-depth knowledge on wireless and mobile network security and its
relation to the new security based protocols.
2. Apply proactive and defensive measures to counter potential threats, attacks
and intrusions.
3. Design secured wireless and mobile networks that optimise accessibility
whilst minimising vulnerability to security risks.

UNIT I - WIRELESS NETWORK SECURITY THREATS AND VULNERABILITIES

(6 HOURS)

Introduction to wireless technologies, Design Factors, security threats and

vulnerabilities present at the different protocol layers, family of security protocols and
algorithms used in the existing wireless networks (Bluetooth, Wi-Fi, WiMAX and LTE
standards)

UNIT II – 4G MOBILE SECURITY (10 HOURS)

Introduction To Mobile Network Techs, Vulnerabilities Threats And Attack Entry
Points. Categorization Of Attacks In Mobile Networks, Signaling Attacks. Threats And
Attacks In 4g Networks- Attacks Against Security And Confidentiality, Ip-Based
Attacks, Gtp-Based Attacks, Volte Sip-Based Attacks, Diameter-Based Attacks,

UNIT III - SECURINGPHYSICAL LAYER (9 HOURS)

Emerging physical layer security in wireless communications. Class of information-

Theoretic security, artificial-noise-aided security, security-oriented beam forming,
security-oriented diversity, and physical-layer secret key generation techniques.
Review on various wireless jammers, open challenges in wireless security

UNIT IV - ADHOC NETWORK SECURITY (9 HOURS)

Security in Ad Hoc Wireless Networks, Network Security Requirements, Issues

andChallenges in Security Provisioning, Network Security Attacks, Key Management
inAdhoc Wireless Networks, Secure Routing in Adhoc Wireless Networks

UNIT V - RFID SECURITY (11 HOURS)

Introduction, RFID Security and privacy, RFID chips Techniques and Protocols, RFID
anti-counterfeiting, Man-in-the-middle attacks on RFID systems, Digital Signature
Transponder, Combining Physics and Cryptography to Enhance Privacy in RFID
Systems, Scalability Issues in Large-Scale Applications, An Efficient and Secure
RFID Security Method with Ownership Transfer, Policy-based Dynamic Privacy
Protection Framework leveraging Globally Mobile RFIDs, User-Centric Security for
RFID based Distributed Systems, Optimizing RFID protocols for Low Information
Leakage, RFID: an anti-counterfeiting tool.

REFERENCES

1. Kia Makki, Peter Reiher, “Mobile and Wireless Network Security and
Privacy “, Springer, ISBN 978-0-387-71057-0, 2007.
2. Siva Ram Murthy.C, Manoj B.S, “Adhoc Wireless Networks Architectures
andBy Yulong Zou, Senior Member IEEE, Jia Zhu, Xianbin Wang, Senior
Member IEEE, and Lajos Hanzo, Fellow IEEE
3. “A Survey on Wireless Security: Technical Challenges, Recent Advances,
and Future Trends” Zou et al.: A Survey on Wireless Security: Technical
Challenges, Recent Advances, and Future Trends
 4. Noureddine Boudriga, ”Security of MobileCommunications”,
5. ISBN 9780849379413, 2010.
6. Kitsos, Paris; Zhang, Yan, “RFID Security Techniques, Protocols and
System-On-Chip Design”, ISBN 978-0-387-76481-8, 2008.
7. Johny Cache, Joshua Wright and Vincent Liu,” Hacking Wireless
Exposed:Wireless Security Secrets & Solutions “, second edition, McGraw
Hill, ISBN: 978-0-07-166662-6, 2010.

COURSE
COURSE NAME L T P C
CODE
INTERACTIVE PROGRAMMING WITH PYTHON 2 0 2 3
Total Contact Hours – 60
IS2105
Prerequisite
Web systems and Network security
PURPOSE
This course will help the students to gain mastery over Python scripting and its
application to problems in computer and network security. This course is ideal for
penetration testers, security enthusiasts and network administrators who want to
learn to automate tasks or go beyond just using readymade tools.
INSTRUCTIONAL OBJECTIVES
1. Acquire fundamental knowledge on the concepts of python scripting
2. Understand the system and network security programming
3. Acquire knowledge on developing web servers and clients
4. Understand various exploitation techniques

UNIT I - INTRODUCTION TO PYTHON (6 Hours)

Introduction to Interpreted Languages and Python - Data Types and variables -
Operators and Expressions - Program Structure and Control - Functions and
Functional Programming - Classes, Objects and other OOPS concepts
UNIT II - SYSTEM PROGRAMMING AND SECURITY (6 Hours)
I/O in Python - File and Directory Access - Multithreading and Concurrency - Inter
Process Communication (IPC) - Permissions and Controls
UNIT III - NETWORK SECURITY PROGRAMMING (6 Hours)
Raw Socket basics -Socket Libraries and Functionality - Programming Servers and
Clients - Programming Wired and Wireless Sniffers - Programming arbitrary packet
injectors - PCAP file parsing and analysis.
UNIT IV - WEB APPLICATION SECURITY (6 Hours)
Web Servers and Client scripting - Web Application Fuzzers - Scraping Web
Applications – HTML and XML file analysis - Web Browser Emulation - Attacking Web
Services - Application Proxies and Data Mangling - Automation of attacks such as
SQL Injection, XSS etc.
UNIV V - EXPLOITATION TECHNIQUES (6 Hours)
Exploit Development techniques - Immunity Debuggers and Libs - Writing plugins in
Python - Binary data analysis - Exploit analysis Automation.
Practical 30 Hours
REFERENCE BOOKS
1. Mike Dawson,” More Python programming for Absolute Beginner”, Cengage
Learning PTR; 3rd edition,2010, ISBN-10: 1435455002, ISBN-13: 978-
14354550092.
2. Mark Lutz,” Python Pocket reference”, O'Reilly Media; 4th edition, 2009, ISBN-10:
0596158084, ISBN-13: 978-0596158088

COURSE
COURSE NAME L T P C
CODE
MALWARE ANALYSIS 2 0 2 3
Total Contact Hours – 60
IS_R2106
Prerequisite
Network Security
PURPOSE
The purpose is to understand the purpose of malware, work with examples of famous
virus and worms.
INSTRUCTIONAL OBJECTIVES
1. To understand the purpose of computer infection program.
2. To implement the covert channel and mechanisms.
3. To test and exploit various malware in open source environment.
4. To analyze and design the famous virus and worms.

UNIT I – MALWARE BASICS (6

HOURS)
General Aspect of Computer infection program , Non Self Reproducing
Malware, How does Virus Operate?, Virus Nomenclature, Worm Nomenclature,
Recent Malware Case Studies

UNIT II –BASIC ANALYSIS (6 HOURS)

Antivirus Scanning, x86 Disassembly, Hashing, Finding Strings, Packed
Malware, PE File Format, Linked Libraries & Functions, PE Header File &
Section .

UNIT III - ADVANCED STATIC & DYNAMIC ANALYSIS (6 HOURS)

IDA Pro, Recognizing C code constructs, Analyzing malicious windows
program, Debugging, OllyDbg, Kernel Debugging with WinDbg, Malware
Focused Network Signatures.

UNIT IV –MALWARE FUNCTIONALITIES (6 HOURS)

Malware Behavior, Covert Malware Launch, Data Encoding,Shellcode Analysis

UNIT V ANTI-REVERSE ENGINEERING (6 HOURS)

Anti-Disassembly, Anti-Debugging, Anti-virtual machine techniques, Packers
and Unpacking.

PRACTICAL (30 hours)

REFERENCES

1. ErciFiliol, “Computer Viruses: from theory to applications”, Springer, 1st

edition, 2005.
2.Michael Sikorski and Andrew Honig, "Practical Malware Analysis" ,No
starch press-February, 2012.

COURSE
COURSE TITLE L T P C
CODE
PENETRATION TESTING & VULNERABILITY 2 0 2 3
ASSESSMENT
IS_R2107 Total Contact Hours – 60
Prerequisite
Network Security
PURPOSE
The purpose is to understand the methodologies and techniques used for penetrating
a machine using tools.
INSTRUCTIONAL OBJECTIVES
1. To identify security vulnerabilities and weaknesses in the target applications.
2. To identify how security controls can be improved to prevent hackers gaining
access to operating systems and networked environments.
3. To test and exploit systems using various tools.
4. To understand the impact of hacking in real time machines.

UNIT I - INTRODUCTION (6 Hours)

UNIT I – INTRODUCTION (6 hours)
 Penetration Testing phases/Testing Process, types and Techniques, Blue/Red
Teaming, Strategies of Testing, Non Disclosure Agreement Checklist, Phases of
hacking, Open-source/proprietary Pentest Methodologies

UNIT II - Information Gathering and Scanning (5 hours)

Information gathering methodologies- Foot printing, Competitive Intelligence-
DNS Enumerations- Social Engineering attacks, Port Scanning-Network Scanning-
Vulnerability Scanning- NMAP scanning tool- OS Fingerprinting- Enumeration.

UNIT III - SYSTEM HACKING (6 hours)

Password cracking techniques- Key loggers- Escalating privileges- Hiding
Files,Double Encoding, Steganography technologies and its Countermeasures.
Active and passive sniffing- ARP Poisoning, MAC Flooding- SQL Injection - Error-
based, Union-based, Time-based, Blind SQL, Out-of-band. Injection Prevention
Techniques.

UNIT IV - ADVANCED SYSTEM HACKING (6 hours)

Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken

Access Code, XSS - Stored, Reflected, DOM Based

UNIT V - WIRELESS PENTEST (7 hours)

Wi-Fi Authentication Modes, Bypassing WLAN Authentication, Types of Wireless

Encryption, WLAN Encryption Flaws, AP Attack, Attacks on the WLAN Infrastructure,
DoS-Layer1, Layer2, Layer 3, DDoS Attack, Client Misassociation, Wireless Hacking
Methodology, Wireless Traffic Analysis.

PRACTICAL (30 hours)

REFERENCES
1. Kali Linux Wireless Penetration Testing Beginner's Guide by Vivek
Ramachandran, Cameron Buchanan,2015 Packt Publishing
2. SQL Injection Attacks and Defense 1st Edition, by Justin Clarke-Salt, Syngress
Publication
3. Mastering Modern Web Penetration Testing By Prakhar Prasad, October 2016
Packt Publishing.
4. Kali Linux 2: Windows Penetration Testing, By Wolf Halton, Bo Weaver , June
2016 Packt Publishing.
 5. Kali Linux Revealed: Mastering the Penetration Testing Distribution – June 5,
2017,by Raphael Hertzog (Author), Jim O'Gorman (Author), Offsec Press
Publisher

COURSE
COURSE NAME L T P C
CODE
COMPUTER AND INFORMATION SECURITY
3 0 0 3
MANAGEMENT
IS2108 Pre-requisite
Knowledge of TCP/IP, Cryptography and
Network security is preferred
PURPOSE
The ubiquity of computers and internet in the life of human beings has enabled chance, motive
and means to do harm. With such endangers in front of us, it becomes necessary security for
security professionals, to learn about how manage computer and information security aspects.
Hence this course provides methods to develop new framework for information security,
overview of security risk assessment and management and security planning in an
organization.
INSTRUCTIONAL OBJECTIVES
1. Understand the myths of information security management and methods to develop new
frameworks for information security.
2. Understand the myths of information security management and methods to develop new
frameworks for information security.
3. Understand the fundamentals of information security risk assessments.
4. Become knowledgeable in the area of security management planning and configuration
management.

UNIT I - MYTHS OF INFORMATION SECURITY MANAGEMENT (6 Hours)

The big picture-Learning from experience-Weaknesses in Information Security-The
extent of crime in cyberspace- The cyberspace crimoid syndrome-Policies and
technologies- A new framework for information security
UNIT II - INFORMATION SECURITY ASSESSMENTS (9 Hours)
Risk assessment-Richard Baskerville’s risk assessment methodology- Generations of
risk assessment techniques- Quantitative approach to risk assessment-Problems with
Quantitative approach – NIST ALE- Baseline approach

UNIT III - SECURITY MANAGEMENT CONCEPTS AND PRINCIPLES (9 Hours)

Measuring ROI on security- Security patch management- Purposes of Information
Security management- The building blocks of information security- Human side of
information security-Security management- Securing new information technology

UNIT IV - CONFIGURATION MANAGEMENT (11 Hours )

Overview of SSE CMM- SSE CMM relationship to other initiatives- Capability levels-
Security Engineering- Security Engineering process overview- Basic process areas-
Configuration management- Base practices- Establish configuration management

UNIT V - SECURITY MANAGEMENT PLANNING (10 Hours )

Maintaining information security during downsizing- Business case for Information
Security- Information Security Management in healthcare industry- Protecting high
tech trade secrets- Outsourcing Security

REFERENCES
1. Donn Parkers, “Fighting Computer Crime: A New Framework for Protecting
Information”, John Wiley & Sons, 2003.
2. Micki Krause, Harold F.Tripton, “Information Security Management Handbook”,
Auerbach Publications, 2012.

COURSE
COURSE NAME L T P C
CODE
RISK ASSESSMENT & SECURITY AUDIT 3 0 0 3
Total Contact Hours – 45
IS2109
Prerequisite
Nil
PURPOSE
The purpose is to understand the risk assessment while handling and processing information
and implementing security in audit.
INSTRUCTIONAL OBJECTIVES
1. To gain the knowledge about Information Risk.
2. To discovery knowledge in collecting data about organization.
3. To do various analysis on Information Risk Assessment.
4. To understand IT audit and its activities.
UNIT I - INTRODUCTION (9 Hours)
What is Risk? –Information Security Risk Assessment Overview- Drivers, Laws and
Regulations- Risk Assessment Frame work – Practical Approach.
UNIT II - DATA COLLECTION (9 Hours)
The Sponsors- The Project Team- Data Collection Mechanisms- Executive
Interviews- Document Requests- IT Assets Inventories- Profile & Control Survey-
Consolidation.
UNIT III - DATA ANALYSIS (9 Hours)
Compiling Observations- Preparation of catalogs- System Risk Computation- Impact
Analysis Scheme- Final Risk Score.
UNIT IV - RISK ASSESSMENT (9 Hours)
System Risk Analysis- Risk Prioritization- System Specific Risk Treatment- Issue
Registers- Methodology- Result- Risk Registers- Post Mortem.
UNIT V - SECURITY AUDIT PROCESS (9 Hours)
Pre-planning audit- Audit Risk Assessment- Performing Audit- Internal Controls- Audit
Evidence- Audit Testing- Audit Finding- Follow-up activities.
REFERENCES
1. Mark Talabis, “Information Security Risk Assessment Toolkit: Practical
Assessments through Data Collection and Data Analysis”, Kindle Edition. ISBN:
978-1-59749-735-0.
2. David L. Cannon, “CISA Certified Information Systems Auditor Study Guide”,
SYBEX Publication. ISBN: 978-0-470-23152-4.

COURSE
COURSE NAME L T P C
CODE
STORAGE MANAGEMENT & SECURITY 3 0 0 3
Total Contact Hours – 45
IS2110
Prerequisite
Nil
PURPOSE
The purpose is to understand the managing information in storage system and effective
security implementation on platforms.
INSTRUCTIONAL OBJECTIVES
1. To explain the basic information storage and retrieval concepts.
2. To understand the issues those are specific to efficient information retrieval.
3. To design and implement a small to medium size information storage and
Retrieval system.
4. To implement security issues while storing and retrieving information.
UNIT - I (9 Hours)
Storage System- Intro to Information Storage and Management, Storage System
Environment, Data Protection: Raid, Intelligent Storage System.
UNIT - II (9 Hours)
Storage Networking Technologies and Virtualization, Storage Networks, Network
Attached Storage, IP SAN, Content Addressed Storage, Storage Virtualization.
UNIT - III (9 Hours)
Introduction to Business Continuity, Backup and Recovery, Local Replication, Remote
Replication.
UNIT - IV (9 Hours)
Securing the storage Infrastructure, Storage Security Framework, Risk Triad, Storage
Security Domains, Security Implementation in Storage Networking.
UNIT - V (9 Hours)
Managing the Storage Infrastructure, Monitoring the Storage Infrastructure, Storage
Management Activities, Developing an Ideal Solution, Concepts in Practice,
REFERENCES
1. Information Storage and Management: Storing, Managing, and Protecting Digital
1. Information, EMC Corporation
2. John Chirillo, Scott Blaul, “Storage Security: Protecting SAN, NAS and DAS”,
Wiley Publishers, 2003
3. David Alexander, Amanda French, David Sutton,” Information Security
Management Principles” The British Computer Society, 2008
COURSE
COURSE NAME L T P C
CODE
CLOUD ARCHITECTURES AND SECURITY 2 0 2 3
Total Contact Hours – 60 (Theory – 30, Practical –
30)
IS2111
Pre-requisite
Knowledge of TCP/IP, Cryptography and Network
security is preferred
PURPOSE
Cloud computing has drawn the attention of many business organization and normal users of
computers in the recent past. Security aspects of cloud computing have always been subjected
to many criticisms. Hence it becomes important for any security professional to possess an
understanding of the cloud architecture and methods to secure the same. The aforementioned
fact evident the need for the course.
INSTRUCTIONAL OBJECTIVES
1. Understand the fundamentals of cloud computing.

2. Understand the requirements for an application to be deployed in a cloud.

3. Become knowledgeable in the methods to secure cloud.

UNIT - I (4 Hours)
Cloud Computing Fundamental: Cloud Computing definition, private, public and
hybrid cloud. Cloud types; IaaS, PaaS, SaaS. Benefits and challenges of cloud
computing, public vs private clouds, role of virtualization in enabling the cloud;
Business Agility: Benefits and challenges to Cloud architecture.

UNIT - II (6 Hours)
Cloud Applications: Technologies and the processes required when deploying web
services-Deploying a web service from inside and outside a cloud architecture,
advantages and disadvantages- Development environments for service development;
Amazon, Azure, Google App.
UNIT - III (5 Hours)
Security Concepts: Confidentiality, privacy, integrity, authentication, non-
repudiation, availability, access control, defence in depth, least privilege- how these
concepts apply in the cloud and their importance in PaaS, IaaS and SaaS. e.g. User
authentication in the cloud;

UNIT - IV (7 Hours)
Multi-tenancy Issues: Isolation of users/VMs from each other- How the cloud provider
can provide this- Virtualization System Security Issues: e.g. ESX and ESXi Security,
ESX file system security- storage considerations, backup and recovery- Virtualization
System Vulnerabilities

UNIT - V (8 Hours)
Security management in the cloud – security management standards- SaaS, PaaS,
IaaS availability management- access control- Data security and storage in cloud

REFERENCES
1. GautamShroff, Enterprise Cloud Computing Technology Architecture
Applications [ISBN: 978-0521137355]
2. Toby Velte, Anthony Velte, Robert Elsenpeter, Cloud Computing, A Practical
Approach [ISBN: 0071626948]
3. Tim Mather, SubraKumaraswamy, ShahedLatif, Cloud Security and Privacy: An
Enterprise Perspective on Risks and Compliance [ISBN: 0596802765]
4. Ronald L. Krutz, Russell Dean Vines, Cloud Security [ISBN: 0470589876]

COURSE
COURSE NAME L T P C
CODE
Cyber Law 3 0 0 3
Total contact hours – 45
IS2112
Prerequisite
Nil
PURPOSE
The purpose is to understand the basics of cyber law and its related issues.
INSTRUCTIONAL OBJECTIVES
1. To explain the basic information on cyber security.
2. To understand the issues those are specific to amendment rights.
3. To have knowledge on copy right issues of software’s.
4. To understand ethical laws of computer for different countries.

UNIT - I (9 Hours)
Introduction-Cyber Security and its problem-Intervention Strategies: Redundancy,
Diversity and Autarchy.

UNIT - II (9 Hours)
Private ordering solutions, Regulation and Jurisdiction for global Cyber security, Copy
Right-source of risks, Pirates, Internet Infringement, Fair Use, postings, criminal
liability, First Amendments, Data Losing.

UNIT - III (9 Hours)

Copy Right-Source of risks, Pirates, Internet Infringement, Fair Use, postings,
Criminal Liability, First Amendments, Losing Data, Trademarks, Defamation, Privacy-
Common Law Privacy, Constitutional law, Federal Statutes, Anonymity, Technology
expanding privacy rights.

UNIT - IV (9 Hours)
Duty of Care, Criminal Liability, Procedural issues, Electronic Contracts & Digital
Signatures, Misappropriation of information, Civil Rights, Tax, Evidence.

UNIT - V (9 Hours)
Ethics, Legal Developments, Late 1990 to 2000, Cyber security in Society, Security in
cyber laws case studies, General law and Cyber Law-a Swift Analysis.
REFERENCES
1. Jonathan Rosenoer,“Cyber Law: The law of the Internet”, Springer-Verlag, 1997
2. Mark F Grady, FransescoParisi, “The Law and Economics of Cyber Security”,
Cambridge University Press, 2006
 SEMESTER I

COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - I
CAC2001 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To enhance holistic development of students and improve their employability skills.
INSTRUCTIONAL OBJECTIVES
1 To improve aptitude, problem solving skills and reasoning ability of the student.
2 To collectively solve problems in teams & group.
3 Understand the importance of verbal and written communication in the
workplace
4 Understand the significance of oral presentations, and when they may be used.
5 Practice verbal communication by making a technical presentation to the class
6 Develop time management Skills

UNIT I–BASIC NUMERACY

Types and Properties of Numbers, LCM, GCD, Fractions and decimals, Surds

UNIT II-ARITHMETIC – I
Percentages, Profit & Loss, Equations

UNIT III-REASONING - I
Logical Reasoning

UNIT IV-SOFT SKILLS - I

Presentation skills, E-mail Etiquette

UNIT V-SOFT SKILLS - II

Goal Setting and Prioritizing
ASSESSMENT
Soft Skills (Internal)
Assessment of presentation and writing skills.

Quantitative Aptitude (External)

Objective Questions- 60 marks
Descriptive case lets- 40 marks*
Duration: 3 hours
*Engineering problems will be given as descriptive case lets.

REFERENCES
1. Quantitative Aptitude by Dinesh Khattar – Pearsons Publicaitons
2. Quantitative Aptitude and Reasoning by RV Praveen – EEE Publications
3. Quantitative Aptitude by Abijith Guha – TATA Mc GRAW Hill Publications
4. Soft Skills for Everyone by Jeff Butterfield – Cengage Learning India Private
Limited
5. Six Thinking Hats is a book by Edward de Bono - Little Brown and Company
6. IBPS PO - CWE Success Master by Arihant - Arihant Publications(I) Pvt.Ltd –
Meerut
 SEMESTER II

COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - II
CAC2001 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To enhance holistic development of students and improve their employability skills.
INSTRUCTIONAL OBJECTIVES
1 To improve aptitude, problem solving skills and reasoning ability of the student.
2 To collectively solve problems in teams & group.
3 Understand the importance of verbal and written communication in the
workplace
4 Understand the significance of oral presentations, and when they may be used.
5 Understand the fundamentals of listening and how one can present in a group
discussion
6 Prepare or update resume according to the tips presented in class.

UNIT - I- ARITHMETIC – II
Ratios & Proportions, Mixtures & Solutions

UNIT - II - MODERN MATHEMATICS

Sets & Functions, Data Interpretation, Data Sufficiency

UNIT - III – REASONING - II

Analytical Reasoning

UNIT - IV – COMMUNICATION - I
Group discussion, Personal interview

UNIT - V - COMMUNICATION - II
Verbal Reasoning test papers
ASSESSMENT
Communication (Internal)
 Individuals are put through formal GD and personal interviews.
 Comprehensive assessment of individuals’ performance in GD & PI will be
carried out.

Quantitative Aptitude (External)

Objective Questions- 60 marks (30 Verbal +30 Quants)
Descriptive case lets- 40 marks*
Duration: 3 hours
*Engineering problems will be given as descriptive case lets.

REFERENCES
1. Quantitative Aptitude by Dinesh Khattar – Pearsons Publicaitons
2. Quantitative Aptitude and Reasoning by RV Praveen – EEE Publications
3. Quantitative Aptitude by Abijith Guha – TATA Mc GRAW Hill Publications
4. General English for Competitive Examination by A.P. Bharadwaj – Pearson
Educaiton
5. English for Competitive Examination by Showick Thorpe - Pearson Educaiton
6. IBPS PO - CWE Success Master by Arihant - Arihant Publications(I) Pvt.Ltd -
Meerut
7. Verbal Ability for CAT by Sujith Kumar - Pearson India
8. Verbal Ability & Reading Comprehension by Arun Sharma - Tata McGraw - Hill
Education
 SEMESTER III

COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - III
CAC2003 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To develop professional skills abreast with contemporary teaching learning
methodologies.
INSTRUCTIONAL OBJECTIVES
1 Acquire knowledge on planning, preparing and designing a learning program
2 Prepare effective learning resources for active practice sessions
3 Facilitate active learning with new methodologies and approaches
4 Create balanced assessment tools
5 Hone teaching skills for further enrichment

UNIT I- DESIGN (2 Hours)

Planning &Preparing a learning program.
Planning & Preparing a learning session

UNIT II – PRACTICE (2 Hours)

Facilitating active learning
Engaging learners

UNIT III – ASSESSMENT (2 Hours)

Assessing learner’s progress
Assessing learner’s achievement

UNIT IV – HANDS ON TRAINING (10 Hours)

Group activities – designing learning session
Designing teaching learning resources
Designing assessment tools
Mock teaching session

UNIT V – TEACHING IN ACTION (14 Hours)

Live teaching sessions
Assessments
ASSESSMENT (Internal)
Weightage:
Design - 40%
Practice – 40%
Quiz – 10%
Assessment – 10%

REFERENCES
1. Cambridge International Diploma for Teachers and Trainers Text book by Ian
Barker - Foundation books
2. Whitehead, Creating a Living Educational Theory from Questions of the kind:
How do I improve my Practice? Cambridge J. of Education
 Android Security Design and Internals L T P C
Total Contact Hours 3 0 2 4
IS2113
Prerequisite
NIL
PURPOSE
The purpose is to understand the working of Android and learning about its
architecture and security related issues
INSTRUCTIONAL OBJECTIVES
1 To study about the basic architecture of Android and its features
2 To learn the various natures of permission in Android Platform
3 To implement a simple Android APK following Secure coding principles
4 To understand and implement the various services provided through Android
platform
5 To build and secure custom Android ROM.

Unit-I Android Security Model (6 Hours)

Linux Kernel- Native User space – Dalvik VM- Java Run Time Libraries- System
Services- IPC- Binder’s- Framework Libraries- Applications- Sandboxing- Code
Signing and Platform Key- SELinux- System Updates- Verified Boot.

Unit-II Permissions( 4 Hours)

Nature of Permission- Request for permission- Management- Protecting Levels-
Assignment- Enforcement- System Permission- Shared User ID- Custom Permission
– Broadcast Permissions- Content Provider Permission- Pending Intents.

Unit- III Introduction to Secure Coding (6 Hours)

Building a Secure Smartphone Society - Developer's Context- Steps to Install Sample
Codes into Android Studio- Android Application Security- Handling Input Data
Carefully and Securely.

Unit-IV Application Development (6 Hours)

Creating/Using Activities- Receiving/Sending Broadcasts.-Creating/Using Content
Providers- Creating/Using Services- Using SQLite- Handling Files- Using Browsable
Intent- Outputting Log to LogCat- Using WebView- Using Notifications.

Unit-V – Secure Functions (8 Hours)

Building custom Android ROM- Steps and Tools, Creating Password Input Screens-
Permission and Protection Level- Add In-house Accounts to Account Manager-
Communicating via HTTPS- Handling privacy data- Using Cryptography- Using
fingerprint authentication features- Risk of Information Leakage from Clipboard.
Reference Books
1. Nikolay Elenkov, “Android Security Internals: An In-Depth Guide to
Android's Security “, ISBN-13: 978-1-59327-581-5, reprint, No Starch Press,
2014.
2. Japan Smartphone Security Association, “Android Application Secure
Design/Secure Coding Guidebook”, JSSEC-TECA-SC-GD20170201BE,
Secure Coding Working Group, February 1, 2017 Edition.
3. Jeff Six, “Application Security for the Android Platform”, ISBN-13:
9781449322274, O'Reilly Media, Inc., 2011.