SCHOOL OF BUSINESS AND INFORMATION TECHNOLOGY (SoBIT)

DEPARTMENT OF INFORMATION TECHNOLOGY

COM 411 – CRYPTOGRAPHY AND NETWORK SECURITY

SYLLABUS AND DETAILED COURSE GUIDE

Part 1: Course Description and Resources

Lecturer : Chanda Chibwe; PhD (c), Information & Communication
Engineering (University of Electronics, Science &
Technology of China), MSc, Radio Engineering &
Telecommunication (Vladimir State University), BSc
(Vladimir State University).
Office : Main Campus, 2nd Floor
Office Hours : 8.00 - 17.00; Monday-Friday
Telephone : +260953577218
Lecturer’s E-mail: [email protected]

Course Description
This module provides the learner with the underlying theory and practical
skills required to secure networks and to send data safely and securely over
network communications. It also looks at the technologies employed to
secure a network. It is designed to provide students with knowledge of the
fundamental principles and techniques employed in securing information and
networks.

Students will be allowed to assess the security risks inherent in computer

networks and the technologies that can be employed to counter such risks.

Prerequisites

Learners must have successfully completed the following modules:

 Mathematics for computing

 Computer programming in C, Java.

Page 1
 Required Texts
Core Reading:
1) Title: International Standards Organization. Information Technology —
Code of Practice for Information Security Management, ISO/IEC
Author: 17799:2000(E). Geneva, Switzerland: ISO, 2000
Year: 2000
2) Title: Security Architecture: Design, Deployment and Operations. New
York:
Author: King, Christopher M; Curtis E. Dalton; and T. Ertem Osmanoglu.
Publisher: Osborn/McGraw-Hill,
Year: 2001.

Supplementary Reading:
1) Title: Hacking Exposed: Network Security Secrets & Solutions,
Author: Scambrey, J., McClure, S. and Kurtz, J.
Edition: 2nd Edition
Publisher: McGraw Hill
Year: 2009
2) Title: Building Internet Firewalls,
Author: Zwicky, E.D.
Edition: 2nd Edition.
Year: 2010.
Publisher: Pearson Education Ltd

Online Resources
1) www.cs.iit.edu/~cs549/lectures/CNS-1.pdf
2) https://www.amazon.com/Cryptography-Network-Security-
Principles.../0133354695
3) www.vssut.ac.in/lecture_notes/lecture1428550736.pdf

Course Delivery

 Lectures

Page 2
  Discussions

 Group work

 Laboratory work

Part 2: Student Learning Outcomes

General Learning Outcomes:

1. Understand the most common types of cryptographic algorithm

2. Understand the public key infrastructure

3. Understand security protocols for protecting data on networks.

4. Be able to digitally sign emails and files.

Specific Learning Outcomes:

On completion of this module the student should be able to:

1. Explain the most types of cryptographic algorithm.

2. Select and justify an appropriate algorithm for a particular purpose.

3. Describe the public key infrastructure and explain the different

authentication mechanisms.

4. Describe biometrics and their issues.

5. To be able to deploy wireless security.

Part 3: Weekly Topics and Assignments

WEEK 1:

Topic 1: Cryptography fundamentals

Readings: Hacking Exposed: Network Security Secrets & Solutions,
https://www.amazon.com/Cryptography-Network-Security-
Free online videos: https://www.youtube.com/watch?v=Q-HugPvA7GQ
https://www.youtube.com/watch?v=TUBtpG77zkU

Problems sets for week1:

Page 3
Home Work: You have found an old ciphertext, where you know that the
plaintext discusses cryptographic methods. You suspect that a Vigenere
cipher has been used and therefore look for repeated strings in the
ciphertext.
You find that the string TICRMQUIRTJR occurs twice in the ciphertext. The first
occurrence starts at character position 10 in the text and the second at
character position 241 (we start counting from 1).
You make the inspired guess that this ciphertext sequence is the encryption
of the plaintext word cryptography. If this guess is correct, what is the key?
Hint: Analyze the possible periods.

WEEK 2:

Topic 2: Public Key Infrastructure

Readings: International Standards Organization. Information Technology —

Code of Practice for Information Security Management, ISO/IEC
Free online videos: https://www.youtube.com/watch?v=fZGFyA_CzxA
https://www.youtube.com/watch?v=NeDCbLNDPh8
Problem sets:
1. Consider an automated teller machine (ATM) in which users provide a
personal identification number (PIN) and a card for account access.
Give examples of confidentiality, integrity, and availability
requirements associated with the system and, in each case, indicate
the degree of importance of the requirement.
2. List and briefly define categories of passive and active security attacks.
3. List and briefly define categories of security services.
4. List and briefly define categories of security mechanisms.

WEEK 3:

Topic 3: Web Security

Readings: https://www.amazon.com/Cryptography-Network-Security-
Principles.../0133354695

Free online videos: https://www.youtube.com/watch?v=Q-HugPvA7GQ

https://www.youtube.com/watch?v=TUBtpG77zkU

Page 4
Problem sets:
Research Internet Key Exchange (IKE) as used in IPSec and note its purpose
and key features.

WEEK 4:

Topic 4: E-mail security

Readings: International Standards Organization. Information Technology —

Code of Practice for Information Security Management, ISO/IEC

Free online videos: https://www.youtube.com/watch?v=HOVcw7upfTY

https://www.youtube.com/watch?v=2aHkqB2-46k

Problem sets:
1. Describe email security mechanisms,
2. In pairs, send an e-mail to each other. Examine the email header,
make a note of each part and determine the information this gives
you. Use the remaining time to write a report of your findings.

WEEK 5:

Topic 5: Data protection

Readings: Hacking Exposed: Network Security Secrets & Solutions,

https://www.amazon.com/Cryptography-Network-Security

Free online videos: https://www.youtube.com/watch?v=9XZ45SAnJnk

https://www.youtube.com/watch?v=rA_ZmWPormM

Problem sets:
1. Briefly explain how invertible matrix is used in data cryptography.
2. Give reasons whether invertible matrix algorithm is a symmetric or asymmetric
algorithm.
3. Describe how a man-in-the-middle attack may be performed on a Wi-Fi network and the
consequences of such an attack.
4. Briefly discuss the protocols that comprise SSL.

WEEK 6: 1ST CONTINUOUS ASSESSMENT TEST (CAT 1) 15%

WEEK 7:

Page 5
Topic 6: Vulnerability assessment

Readings: International Standards Organization. Information Technology —

Code of Practice for Information Security Management, ISO/IEC

Free online videos: https://www.youtube.com/watch?v=HOVcw7upfTY

https://www.youtube.com/watch?v=2aHkqB2-46k

Problem sets:
1. What is Single Sign On (SSO) and explain how this is achievable in the
case study above.
2. What are the key security aspects of a bank transaction?
3. List the classes of intruders regarding the case study.
4. Explain what Kerberos is and how it provides authenticated services.

WEEK 8:

Topic 7: Authentication

Readings: Hacking Exposed: Network Security Secrets & Solutions,

https://www.amazon.com/Cryptography-Network-Security-
Principles.../0133354695

Free online videos: https://www.youtube.com/watch?v=OZCJR1o0oDI

https://www.youtube.com/watch?v=WGmvE9ns4nM

Problem sets:
1. Research and make a note of the twenty most common passwords
used in common applications (replace any rude words or swearing with
***)

WEEK 9:

Topic 8: Access control

Readings:
1. International Standards Organization. Information Technology — Code
of Practice for Information Security Management, ISO/IEC
2. Hacking Exposed: Network Security Secrets & Solutions,
3. https://www.amazon.com/Cryptography-Network-Security

Free online videos:

1. https://www.youtube.com/watch?v=OZCJR1o0oDI
2. https://www.youtube.com/watch?v=Q-HugPvA7GQ

Page 6
Problem sets:
1. Briefly describe the key expansion algorithm.
2. What is the difference between SubBytes and SubWord?
3. What is the difference between ShiftRows and RotWord?
4. What is the difference between the AES decryption algorithm and the
equivalent
inverse cipher?

WEEK 10:

Topic 9: Firewall & remote access

Readings:
1. International Standards Organization. Information Technology — Code
of Practice for Information Security Management, ISO/IEC.
2. Hacking Exposed: Network Security Secrets & Solutions,

Free online videos:

1. https://www.youtube.com/watch?v=OZCJR1o0oDI
2. https://www.youtube.com/watch?v=Q-HugPvA7GQ

Problem sets:

Compute the output of the MixColumns transformation for the following

sequence of input bytes “67 89 AB CD”. Apply the InvMixColumns
transformation to the obtained result to verify your calculations. Change the
first byte of the input from ‘67’ to ‘77’, perform the MixColumns
transformation again for the new input, and determine how many bits have
changed in the output.
Note: You can perform all calculations by hand or write a program supporting
these computations. If you choose to write a program, it should be written
entirely by you; no use of libraries or public domain source code is allowed in
this work.

WEEK 11: 2ND CONTINUOUS ASSESSMENT TEST (CAT 2) 15%

Page 7
 Part 4: Grading Policy
Graded Coursework, assignments and examinations

ASSESSMENT COMMENTS % OF FINAL GRADE

Continuous Assessment (CA 1) Assessment for topics 20%

1, 2, 3, 4

Test (or CA 2) Test 1will be given for 10%

topics 5, 6, 7, 8, 9

Test 2 (or third assessment)

Teamwork

Lab Work 10%

FINAL EXAM 60%

TOTAL POINTS 100%

Letter Grades

Letter Grade Percentage Performance

A+ 75 -100% Distinction
A 70-74% Distinction
B+ 65-69% Merit
B 60-64% Merit
C+ 55-59% Credit
C 50-54% Pass
D+ 45-49% Bare fail
D 0-44% fail

Part 5: Course Policies

Class Attendance, Participation and
Emergencies
1.Attending classes is mandatory for all

Page 8
 students.
2. Participation in group work or teamwork is required whenever such
work is assigned.
3. In case of any emergency that disenables a student from attending
classes or completing work, the student is expected to communicate
with the lecturer or dean as soon as possible.
4. Students with disabilities should inform the dean of the faculty of
any special needs that they may have.

Late Work and Missing Assessments

1. Each student is responsible for making sure that his or her work is
done on time.
2. Any student who misses assessments or misses class should talk to
his or her lecturer or professor as soon as possible and seek the
lecturer’s advice on how to make up for work missed or
assessments missed.
3. Students who expect to miss classes or to miss assessments for
health reasons or special family reasons should communicate with
the lecturer or professor for the course as soon as possible.
4. Students should note that there may be a penalty for late work, and
missed assessments. The penalty may include not being allowed to
sit for the final examination.
5. Students who are unable to keep up with class work should consult
with the course lecturer or faculty dean or dean of students, and
seek advice.

Integrity and Zero Tolerance for Plagiarism

1. All students are expected to abide by the university’s policy on
ethical conduct.

2. Any student involved in cheating in tests, coursework or

examinations will be suspended pending investigations, and may be
expelled from the University.

3. Any student involved in buying or selling tests or examinations will

be suspended from the University pending investigations.

4. Any student involved in using sexual favors in exchange for marks

will be suspended pending investigations, and may be expelled from
the University.

5. Plagiarism means presenting other people’s work from online or

from other sources as your own. Plagiarism is a serious offence and
will not be tolerated, and offenders will fail that particular course.

6. Students are required to read the University’s policy on

examinations.

Page 9
Make up of Missed Classes
1. There will be special make up classes for each class that is missed
because the lecturer could not come to class on a particular day

2. Students are required to treat make up classes as part of the regular

learning program

Page 10