FORMAN CHRISTIAN COLLEGE

(A Chartered University)

Spring 2016

CSIT 421 – Information Security (3 Credits Hrs)

Course Outline and Lesson Plan

 

Instructor Information:

Name

Dr Saad Bin Saleem

Email

saadsaleem@fccollege.edu.pk

Office

S-214

Office Hours

  • 10:00 am to 11:00 am on Tuesday and Thursday.
  • Any other time only by appointment.

Teaching Assistant

  • Umair Aziz

16-10604@formanite.fccollege.edu.pk

 

Course Information:

Code

CSIT 421

Credits

3

Title

Information Security

Course Description

The purpose of this course is to help students to gain understanding of basic concepts relevant to information security and to train them to use the protection techniques against malicious attacks. The course will remain focused on three areas cryptography, program security and network security.

Category

 

Pre- Requisite

COMP 311

Course web page

http://saadbinsaleem.com/courses/infosec/Spring 2016/CSIT421.htm

Learning Objectives

Upon the completion of this course, the students are expected to have the following conceptual knowledge and can apply the learned concepts in the real world scenarios.        

  • The understanding of basic concepts relevant to information security.
  •  Able to identify assets in the system and will know the various types of threats to the assets.
  • Knowledge of the basic principles and techniques relevant to authentication and access control.
  • The understanding of basic algorithms of cryptography and will be able to implement the learned algorithms.
  • Able to categories security faults in a program and will have deep understanding about the buffer overflow program fault.
  • Able to perform the denial of service chargen attack on a venerable website. 

Text Book

  • Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 5th edition, Prentice Hall, ISBN-13: 978-0132390774.(Download the pdf version of 3rd edition)

Reference Books

  • Ross J. Anderson, Security Engineering: a guide to building Dependable Distributed systems, 2nd Edition, Wiley Publications, ISBN-13: 978-0470068526.
  • John Viega  and Gary McGraw   (2011), Building Secure Software: How to Avoid Security Problems the Right Way (Paperback) (Addison-Wesley Professional Computing Series), 1st edition, Addison-Wesley Professional.
  • Helen F. Gaines, Cryptanalysis: A Study of Ciphers and Their Solution, Dover Publications, ISBN-13: 978-0-486-20097-2.
  • Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, ISBN-13: 978-0471117094.

Important to know

·         All the assignments are due before midnight on the due date at 11:59 pm.

·         In this course, the students can be called to appear for a viva randomly to determine their knowledge. However, it is compulsory for students to appear in the viva sessions arranged by the instructor. 

·         The late assignments will not be graded, unless previous accommodations have been made with the course instructor.

·         There will be no retake for the quiz, unless previous accommodations have been made with the course instructor.

·         The students are advised to attend all lectures. However, 85% attendance is compulsory for this course. It is entirely the students' responsibility to recover any information or announcements presented in lectures from which they were absent.

·         Any work you submit in this course that should be your own.

·         You are not allowed to submit a work of a fellow or a work which you have done together with a peer.

·         You are allowed to work in the groups only with the permission of course instructor or only if he asks you to form groups in the class. Otherwise an unauthorized group effort will be considered as an academic dishonesty.

·         You may discuss homework in a general way with your fellows. However, you are not allowed to copy or consult anyone else's written work.

·         You are guilty of academic dishonesty if:

                                I.            You examine another's solution to an assignment/quiz/project/exam

                             II.            You allow another student to examine your solution of an assignment/quiz/project/ lab-work or any exam.

                           III.            You fail to take reasonable care to prevent another student from examining your solution and that student does examine your solution.

Course Policy:

In case of unauthorized group efforts, academic dishonesty/fraud, cheating and plagiarism following policy is applicable (All cases of breach of Academic Integrity will be reported to head of department at first instance. The instructor of this course can report such cases to Vice Rectors’ office/AIC) directly. The following are key points of course policy to remember.

 

·         ZERO TOLERANCE POLICY on any academic integrity breach for midterm exam, final exam, assignments, quizzes and project.    

·         Cheating or violation of academic integrity in any exam/project will cause F grade in the course.

·         In this course, the instructor will take attendance quiz randomly without announcing in advance.

·         In this course, the instructor can judge the discipline of a student and can deduct discipline marks whenever necessary.

·         All the assignments should be submitted to the email fcc.submissions@gmail.com with subject CSIT421 Spring 2016.

·         You should name your document with your roll number for each assignment while sending on the “fcc.submissions@gmail.com”.  

 

Grading Policy:

·         The relative method of grading will be adopted in this course.

·         One percent from the overall 5 percent absolute attendance marks will be deducted if you are absent during the attendance quiz.

·         Misbehavior or disturbance in the class will lead to the deduction of 1% absolute mark from the overall discipline marks.

·         In this course, all the assignments and a best quiz will be added in the overall grading.

·         In this course, 8% is the weight of each assignment and 6% is the weight of one best quiz.

   

Assessment Criteria

Attendance quizzes

5%

Discipline

5%

Quizzes and Assignments

30%

Midterm exam

25%

Final exam

35%

Total

100.00%

Lesson Plan

Week no

Contents

Activities and Deadlines

1

Course Introduction:

  • The objectives of course.
  • Why students need to study this course.
  • How this course will help students in shaping their careers.
  • The teaching strategy I am adopting.
  • The course assessment criteria.

 

Introduction to Security in Computing

  • What is mean by the security?
  • What is Computer security
  • What is Information Security? 
  • Why we need to study Information Security?
  • Assets in Computer and Values of assets.
  • Threats, vulnerabilities and controls.
  • Confidentiality, Integrity, availability and Accountability (CIAA).  
  • Types of threats.
  • Types of attackers.

Class Room Activity: Please write down your rational of choosing the information security course. 

 

 

2 and 3

 

Toolbox for Securing Software Systems

  • Authentication.

o   What is Authentication?

o   Identification versus Authentication.

o   Authentication based on what you know.

o Authentication based on what you have.

  • Access control.

o   The basic access control model.

o   Elementary access operations.

o   Access Control List (ACL).

o   Access Control Capabilities (C-List).

  • Cryptography (Secure communication between the systems).

o   Why study Cryptography.

o   Explanation.

o   Terminologies.

Quiz 1 (What is the difference between Computer security and Information security? Please explain with examples).

 

Quiz1 will be conducted on Wednesday 10th February in the class room.

 

Quiz1 Results

 

Quiz 2 (What is CIAA in information security? Explain the concepts relevant to each word of the term CIAA with examples).

 

It is a descriptive quiz.

 

The submission deadline for Quiz2 is 19th February at midnight 11:59.

 

Quiz2 Results

4, 5 and 6

Cryptography in Detail 

  • Terminology and Background

o  Basic communication

o   Threats to messages

o   Basic terminology and notations

o   Requirements for crypto protocols

o   Representing characters

  • Basic types of Ciphers
  • Symmetric encryption
  • Substitution ciphers

o  The Caesar cipher

o   Vigenere tableau cipher

o  On-Time pad ciphers

1.      Vernam cipher

2.      Book cipher

  • Transposition cipher
  • Product ciphers

o  Stream cipher

o  Block cipher

  • Asymmetric encryption

Assignment 1 (Write a program to implement Vernam cipher). The program should take a message .e.g. “VERNAMCIPHER” and output the encrypted message “tahrspitxmab”.

 

Note: You have to show the running program and explain the logic.

The submission deadline for Assignment 1 is 15thMarch 2016 at midnight 11:59.

 

Assignment 1 Results

7

 

Revision Midterm Exam

 

 

 

 

Your Midterm exam will be held on Wednesday 30th March, 2016.

 

  Midterm Results

8, 9 and 10

Program Security

  • Introduction to program security.
  • Taxonomy of programming flaws.
  • Unintentional (no malicious programming flaws).

o  Buffer overflow.

o  Integer overflow.

o  Incomplete mediation.

  • Buffer overflows in detail.
  • Introduction to malicious code.

(Viruses, Worms, Trojan horses, Time bomb, Logic bomb, Rabbit, Bacterium)    

Assignments 2 Description

 

The submission deadline for Assignment 2 is 20th April 2016 at midnight 11:59.

 

Submit your code in a notepad++ file at “Fcc.Submissions@gmail.com”.

 

Any submission after the deadline will be graded with “0”.

 

Assignment 2 Results

11, 12 and 13

Security in Networks

  • Introduction to Networks.

o   ISO OSI reference model.

  • Network security.

o   Network Vulnerabilities

o   Who Attacks Networks

o   Introduction to threat procedures (Port Scan, Social Engineering, Reconnaissance, OS and application finger printing, Using bulletin boards/ chats, Getting available documentation)

o   Denial of service (Web failure, Flooding attacks).

  • Distributed denial of service (Scripted denial of service attacks).  
  • Firewalls and Intrusion Detection.

Assignments 3 Description

 

The submission deadline for Assignment 3 is 24th April 2016 at midnight 11:59.

 

Please submit the screen-shot of LOIC with all the filled fields to perform the attack and also a screen-shot of the website before and after the attack. Submit the attack script in notepad++ file.  

 

Both files should be submitted at “Fcc.Submissions@gmail.com”.

 

 

Any submission after the deadline will be graded with “0”.

14

Final Exam

 

Your final exam will be held as per the University schedule.

 

 

Final exam Result