Professional Documents
Culture Documents
Ajay Kumar
Assistant Professor
S.No Topic Remark
1 Vision and Mission of Department
2 Academic Calendar &Syllabus
3 Program Outcomes
4 Course Outcomes
5 Mapping of COs with Pos
6 Program Educational Objectives
7 Lecture Plan
8 I Interm Details
8.1 Paper
8.2 Solutions
8.3 Award List
8.4 List of Weak Students
8.5 Result Analysis
8.6 Assignment Given to Weak Students detail etc.
9 Interm 2 Details
9.1 Paper
9.2 Solutions
9.3 Award List
9.4 List of Weak Students
9.5 Result Analysis
9.6 Assignment Given to Weak Students detail etc.
10 Assignments
10.1 Assignment Solutions(I to V)
10.2 Assignment’s award list
11 Unit Test Details
11.1 Papers
11.2 Award List
13 University Questions in last five year of related subject
14 Lecture Notes
15 Topics Beyond Syllabus
Department of Computer Science & Engineering
The Department of Computer Science and Engineering provides an outstanding research
environment complemented by excellence in teaching.
The Department has a comprehensive curriculum on topics related to all aspects of Computer
Hardware and Software with an emphasis on practical learning.
The course structure is up-to-date and includes courses on nascent topics to equip our
students with the latest developments in Computer Science and Engineering.
Vision of Department
To promote Research and Development in the frontier areas of Information Technology.
To provide necessary strengths to enable the Students to Innovate and become Entrepreneurs.
SYLLABUS
Text Books
Principles of Information Security : Michael E. Whitman, Herbert J. Mattord,
1. CENGAGE Learning, 4th Edition.
Websites References
1.
http://www.cs.iit.edu/~cs549/cs549s07/lectures.htm
2.
http://www.cengagebrain.com/content/whitman38214_1111138214_01.01_toc.pdf
3.
http://williamstallings.com/Extras/Security-Notes/
4. http://www.cs.hofstra.edu/~cscvjc/Spring06/
5. http://williamstallings.com/NetworkSecurity/styled/
PROGRAM EDUCATIONAL OBJECTIVES (PEO’s)
PEO- I :Students will develop themselves as effective professionals by solving real problems
through the use of computer science knowledge and with attention to team work, effective
communication, critical thinking and problem solving skills.
PEO- II: Students will develop professional skills that prepare them for immediate employment
and for life-long learning in advanced areas of computer science and related fields.
PEO- III: Students will demonstrate their ability to adapt to a rapidly changing environment by
having learned and applied new skills and new technologies.
PEO- IV: Students will be provided with an educational foundation that prepares them for
excellence, leadership roles along diverse career paths with encouragement to professional ethics
and active participation needed for a successful career.
PO2. Problem analysis: Identify, formulate, research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.
PO3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
PO4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of the
information to provide valid conclusions.
PO5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and
modern engineering and IT tools including prediction and modeling to complex engineering
activities with an understanding of the limitations.
PO6. The engineer and society: Apply reasoning informed by the contextual knowledge to
assess societal, health, safety, legal and cultural issues and the consequent responsibilities
relevant to the professional engineering practice.
PO7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need
for sustainable development.
PO8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.
PO9. Individual and team work: Function effectively as an individual, and as a member or leader
in diverse teams, and in multidisciplinary settings.
PO11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
PO12. Life-long learning: Recognize the need for, and have the preparation and ability to engage
in independent and life-long learning in the broadest context of technological change.
Course Outcomes:
Ajay Kumar
08.30- 09.30- 10.30- 11.30- 01:30- 02:25-
Day/Time 12:30-1:30
09.30 10.30 11.30 12.30 02:25 3:20
MC ISS
Monday
C+D A+B
Tuesday
ISS
Wednesday OOAD Lab-C2
A+B
MC MC
Thursday
A+B LT-5 A+B LT-5
Friday OOAD-C `
ISS
Saturday OOAD-C1
A+B
COURSE SCHEDULE
The number of topic in every unit is not the same – because of the variation, all the units
have an unequal distribution of hours
Lecture Plan
Unit-1
Information Security : introduction 19-08-2017 1,4
1
History of Information security, What is Security, 21-08-2017 1,2,4
2
CNSS Security Model
3 Components of Information System, 23-08-2017 1,4
Unit-2
Unit-3
Message Authentication and Hash Functions: 27-09-2017 2,3,4
17
Authentication requirements and functions
18 MAC and Hash Funtions 04-10-2017 2,3,4
Unit-4
24 IPSecurity 18-10-2017 4
29 S/MIME 01-11-2017 4
Unit-5
30 Intruders 04-11-2017 3,4
Registration No.
JECRC UNIVERSITY
I In Sem Examination September- 2017
VII Semester, B.Tech. (CSE)
Subject: Principles of Information System Security (BCO 030A)
Time: 1:30 hrs. Maximum
marks: 50
Instructions:
1. Attempt all the questions.
2. Illustrate your answers with suitable examples and diagrams, wherever necessary.
3. Write relevant question numbers before writing the answer.
3. The type of threats on the security of a computer system or network are ……………………..
i) Interruption ii) Interception iii) Modification
iv) Creation v) Fabrication
4. Select the correct order for the different phases of virus execution.
i) Propagation phase ii) Dormant phase
iii) Execution phase iv) Triggering phase
A) i, ii, iii, and iv B) i, iii, ii and iv
C) ii, i, iv an iii D) ii, iii, iv and i
1. Alice meets Bob and says “phhw ph dw jdxudy wrzhu wr qljkw”. If she is using Caesar
Cipher, what does she want to convey?
2. What is masquerade? Which principle of security is breached because of that?
3. What is the main feature of Polygram Substitution Cipher?
4. What is the application area of CFB mode?
JECRC UNIVERSITY
I In Sem Examination September- 2017
VII Semester, B.Tech. (CSE)- Solution
Subject: Principles of Information System Security (BCO 030A)
Time: 1:30 hrs. Maximum
marks: 50
Instructions:
4. Attempt all the questions.
5. Illustrate your answers with suitable examples and diagrams, wherever necessary.
6. Write relevant question numbers before writing the answer.
3. The type of threats on the security of a computer system or network are ……………………..
i) Interruption ii) Interception iii) Modification
iv) Creation v) Fabrication
4. Select the correct order for the different phases of virus execution.
i) Propagation phase ii) Dormant phase
iii) Execution phase iv) Triggering phase
A) i, ii, iii, and iv B) i, iii, ii and iv
C) ii, i, iv an iii D) ii, iii, iv and i
5. Alice meets Bob and says “phhw ph dw jdxudy wrzhu wr qljkw”. If she is using Caesar
Cipher, what does she want to convey?
Ans: meet me at gaurav tower at night
/*Ciphering*/
for(i=0,j=0;i<l;i++)
{
if(i%2==0)
c[j++]=a[i];
}
for(i=0;i<l;i++)
{
if(i%2==1)
c[j++]=a[i];
}
c[j]='\0';
printf("\nCipher text after applying rail fence :");
printf("\n%s",c);
/*Deciphering*/
if(l%2==0)
k=l/2;
else
k=(l/2)+1;
for(i=0,j=0;i<k;i++)
{
d[j]=c[i];
j=j+2;
}
for(i=k,j=1;i<l;i++)
{
d[j]=c[i];
j=j+2;
}
d[l]='\0';
printf("\nText after decryption : ");
printf("%s",d);
getch();
}
4. Explain the cipher block chaining mode with its application area.
Cipher Block Chaining (CBC) Mode
CBC mode of operation provides message dependence for generating ciphertext and makes
the system non-deterministic.
Operation
The operation of CBC mode is depicted in the following illustration. The steps are as follows
−
Load the n-bit Initialization Vector (IV) in the top register.
XOR the n-bit plaintext block with data value in top register.
Encrypt the result of XOR operation with underlying block cipher with key K.
Feed cipher text block into top register and continue the operation till all plaintext blocks are
processed.
For decryption, IV data is XOR ed with first cipher text block decrypted. The first cipher text block is
also fed into to register replacing IV for decrypting next ciphertext block.
The 'key' for a playfair cipher is generally a word, for the sake of example we will choose
'monarchy'. This is then used to generate a 'key square', e.g.
monar
chybd
efgik
lpqst
uvwxz
Any sequence of 25 letters can be used as a key, so long as all letters are in it and there are no
repeats. Note that there is no 'j', it is combined with 'i'. We now apply the encryption rules to
encrypt the plaintext.
1. Remove any punctuation or characters that are not present in the key square (this may
mean spelling out numbers, punctuation etc.).
2. Identify any double letters in the plaintext and replace the second occurence with an 'x'
e.g. 'hammer' -> 'hamxer'.
3. If the plaintext has an odd number of characters, append an 'x' to the end to make it even.
4. Break the plaintext into pairs of letters, e.g. 'hamxer' -> 'ha mx er'
5. The algorithm now works on each of the letter pairs.
6. Locate the letters in the key square, (the examples given are using the key square above)
a. If the letters are in different rows and columns, replace the pair with the letters on
the same row respectively but at the other pair of corners of the rectangle defined by
the original pair. The order is important – the first encrypted letter of the pair is the one
that lies on the same row as the first plaintext letter. 'ha' -> 'bo', 'es' -> 'il'
b. If the letters appear on the same row of the table, replace them with the letters to
their immediate right respectively (wrapping around to the left side of the row if a
letter in the original pair was on the right side of the row). 'ma' -> 'or', 'lp' -> 'pq'
c. If the letters appear on the same column of the table, replace them with the letters
immediately below respectively (wrapping around to the top side of the column if a
letter in the original pair was on the bottom side of the column). 'rk' -> 'dt', 'pv' -> 'vo'
JECRC UNIVERSITY
II In Sem Examination November- 2017
VII Semester, B.Tech. (CSE)
Subject: Principles of Information System Security (BCO 030A)
Time: 1:30 hrs. Maximum
marks: 50
Instructions:
7. Attempt all the questions.
8. Illustrate your answers with suitable examples and diagrams, wherever necessary.
9. Write relevant question numbers before writing the answer.
3. When there is a lack of a central point of control.” Which type of Wireless network threat
would you classify this under?
a) Man in the middle attack b) Identity Theft
c) Ad Hoc Networks d) Non-Traditional Networks
7. If the sender and receiver use different keys, the system is referred to as conventional cipher
system.(T/F)
8. Wired networks are far more susceptible to eavesdropping and jamming than wireless
networks.(T/F)
9. In substitution cipher, the following happens.
a) Characters are replaced by other characters b) rows are replaced by columns
c) Columns are replaced by rows d) none of the above
Unit – 1
list the six components of an information system with neat diagram?[L2]
1.
Unit – 2
Compare and contrast symmetric and asymmetric cryptographies? Describe DES
1.
algorithm with example.[L4]
2. Analyze RSA algorithm with DES? [L4]
Advantage of diffie-hellman key exchange over RSA?[L3]
3.
Unit – 3
Unit – 4
Unit – 5
1 Implement DES & RSA algorithms for the any text data.
Unit – 4
Unit – 5
Unit Wise Multiple Choice Questions for CRT & Competitive Examinations
Unit – I:
Unit – II:
4. Cryptanalysis is used
a. to find some insecurity in a cryptographic scheme
b. to increase the speed
c.to encrypt the data
d. none of the above
11. The RSA public key encryption algorithm was developed by___.
A. John
B. Rivert
C. Mohammed
D. schildt
12. The most commonly used conventional algorithms are ____.
A. block ciphers
B. transposition cipher
C. both a and b
D. none of the above
13. The ________ method provides a one-time session key for two parties.
A. Diffie-Hellman
B. RSA
C. DES
D. AES
Unit – III:
3. A(n)______ creates a secret key only between a member and the enter
a. CA
b. KDC
c. KDD
d. None
4. _______ is a popular session key creator protocol that requires an authentication server
and a ticket-granting server
a. KDC
b. Kerberos
c. CA
d. None
Unit – IV:
Unit – V:
JECRC UNIVERSITY
End Term Examination ,December- 2017
VII Semester, B.Tech. (CSE)
Principles of Information System Security (BCO 030A)
Time: 3:00 hrs. Maximum
marks: 100
Instructions:
10. Attempt all the questions.
11. Illustrate your answers with suitable examples and diagrams, wherever necessary.
12. Write relevant question numbers before writing the answer.
Course Outcome:
1. CO1:Explain the objectives of information security
2. CO2:Analyse the trade-offs inherent in security
3. CO3:Describe the enhancements made to IPv4 by IPSec
4. CO4:Understand the basic categories of threats to computers and networks
5. CO5:Discuss issues for creating security policy for a large organization
i/co1: What is the replay attack? Give the example of replay attack/
ii/co2: What is the problem with exchanging of public key?
iii/co3: What is the initialization vector(IV)?what is its significance?
iv/co4: Why SSL layer is positioned between the application layer and the transport layer?
v/co5: What are the problems associated with clear text passwords?
i/co1: What is the Encryption? What is Decryption? Draw the block diagram showing plain text,
cipher text, encryption and Decryption. Explain your answer with help of postal system.
ii/co2: Alice and Bob want to establish a secret key using the Diffe-Hellman Key exchange
protocol.
Assuming the values as n=11 ,g-5,x=2 and y=3.Find the values of A&B and the secret
key
K1&k2.
iii/co3: What is message digest and which security principle is achieved through message digest?
Also
Explain MD5 algorithm with suitable block diagram.
iv/co4: Explain the SET with help of block diagram.
v/co5: What do you understand by the firewall? Explain its various types. Discuss the technique
by
which attacker can break the security of packet filter.
UNIT-I
Introduction:
Computer security began immediately after the first mainframes were developed
Groups developing code-breaking computations during World War II created the first
modern computers
Physical controls were needed to limit access to authorized personnel to sensitive
military locations
Only rudimentary controls were available to defend against physical theft, espionage,
and sabotage
MULTICS was an operating system, now obsolete. MULTICS is noteworthy because it was
the first and only OS created with security as its primary goal. It was a mainframe, time-sharing
OS developed in mid – 1960s by a consortium from GE,Bell Labs, and MIT.
What is Security?
Hardware is the physical technology that houses and executes the software, stores and
carries the data, provides interfaces for the entry and removal of information from the system.
Physical security policies deal with the hardware as a physical asset and with the protection of
these assets from harm or theft.
Data – Data stored, processed, and transmitted through a computer system must be
protected. Data is the most valuable asset possessed by an organization and it is the main target
of intentional attacks.
Networks - Information systems in LANs are connected to other networks such as the
internet and new security challenges are rapidly emerge. Apart from locks and keys which are
used as physical security measures, network security also an important aspect to be considered.
The same phases used in the traditional SDLC adapted to support the specialized
implementation of a security project
Basic process is identification of threats and controls to counter them
The SecSDLC is a coherent program rather than a series of random, seemingly
unconnected actions
Investigation
Identifies process, outcomes and goals of the project, and constraints
Begins with a statement of program security policy
Teams are organized, problems analyzed, and scope defined, including objectives, and
constraints not covered in the program policy
An organizational feasibility analysis is performed
Analysis
Analysis of existing security policies or programs, along with documented current threats
and associated controls
Includes an analysis of relevant legal issues that could impact the design of the security
solution
The risk management task (identifying, assessing, and evaluating the levels of risk) also
begins
Logical & Physical Design
Creates blueprints for security
Critical planning and feasibility analyses to determine whether or not the project should
continue
In physical design, security technology is evaluated, alternatives generated, and final
design selected
At end of phase, feasibility study determines readiness so all parties involved have a
chance to approve the project
Implementation
The security solutions are acquired (made or bought), tested, and implemented, and tested
again
Personnel issues are evaluated and specific training and education programs conducted
Finally, the entire tested package is presented to upper management for final approval
Maintenance and Change
The maintenance and change phase is perhaps most important, given the high level of
ingenuity in today’s threats
The reparation and restoration of information is a constant duel with an often unseen
adversary
As new threats emerge and old threats evolve, the information security profile of an
organization requires constant adaptation
Senior Management
Chief Information Officer
– the senior technology officer
– primarily responsible for advising the senior executive(s) for strategic planning
Chief Information Security Officer
– responsible for the assessment, management, and implementation of securing the
information in the organization
– may also be referred to as the Manager for Security, the Security Administrator, or
a similar title
Security Project Team
A number of individuals who are experienced in one or multiple requirements of both the
technical and non-technical areas:
– The champion
– The team leader
– Security policy developers
– Risk assessment specialists
– Security professionals
– Systems administrators
– End users
Previous Question Papers