What now?

Welcome to
Foundation of Information Security
Foundation of Information
Security
Lecture-1
Introduction
• Instructor : Sweta Mishra
• Room No. : 219C, Block-C
• Phone Number: 477 (internal)
• Email : [email protected]
• Web Link : https://cse.snu.edu.in/people/faculty/sweta-mishra

• Research Interests
• Cryptography, Password-based Cryptosystems, Biometric Security, Information
Security, Blockchain Technology…
• Google scholar link: https://scholar.google.co.in/citations?user=nqSP0nIAAAAJ&hl=en
Spring Semester 2025: Timetable
Lecture Time: 2:00 – 3:30 PM (Tuesday & Thursday)
Credits: 3
Contact Hours (L:T:P): 3:0:0

Office hour: Wednesday (11:00 AM - 1:00 PM) or email appointment.

TA: Shanu Poddar ([email protected]), Research Scholar, CSE

Course logistics
• Lecture slides, assignments will be posted on ‘Blackboard’.
• For each assignment there will be a deadline for submission.
• Be sure that you complete the exercise well before the deadline and
submit your assignment in time, submitted after due date will not be
evaluated.
Course Grading Structure
• These weights are indicative, and may change as semester progresses
Mode-I Mode-II

Evaluation Weightage Evaluation Weightage

Instrument Instrument
Mid Term 30% Mid Term 30%
Quiz 15% Quiz 15%
Assignment 10% Mini-project 25%
Programming 15% (Group of max 2)
Assignment End Term 30%
End Term 30%
Evaluation Strategy

• Relative Grading

• Attendance requirement: 75% (minimum) or as per university policy.

Course contents
• Security Overview, CIA model, Threats, Security Policies and Mechanisms

• Cryptography Basics: Stream Ciphers and Block Ciphers, Public Key Cryptography,
Hash Functions

• Authentication and Access Control

• Malicious Software: Trojan Horses, Viruses, Worms, Logic Bombs, Defenses.

• Denial-of-Service Attacks: DoS, DDoS, Defenses.

• Intrusion Detections, Firewalls and Intrusion Prevention Systems

• Protocols: TLS security, Authentication protocol

Recommended
Books

1. Matt Bishop, S.S.

Venkatramanayya, “Introduction
to Computer Security, 3/e”,
Pearson Education

2. W Stallings, “Cryptography and

Network Security: Principles and
Practice, 6/e”, Prentice Hall
What is Security?
What is Security?
- Protection of our assets
Physical Security

Image source: web

Logical Assets

• Data or Intellectual property

• Main focus on securing our logical assets

The term "ubiquitous" means something that is found everywhere or seems to be

present all the time. It's often used to describe something that is very common or
widespread. For example, in today's world, smartphones are considered ubiquitous
because they are used by people all over the globe and are a common part of daily
life.
Computers are Ubiquitous!

Online
- work/ school
- Play games
- Buy goods from merchants
- track activities with sensors on our wrists.
- Connect IoTs

Access of information on a click!!!

Computers are Ubiquitous!

Online
- work/ school
- Play games
- Buy goods from merchants
- track activities with sensors on our wrists.
- Connect IoTs

Poses Major
Access of information on a click!!! Security Risks…
Authorized Access
Database Breach!
Biometric
Authentication
Alternate
approach to
Fingerprint…
Secure?
Liveness
detection – Face
Recognition?
Blink your
Eyes…
Personal Identifying Information!
Many Challenges…

• When securing an asset, system, or environment, we must consider

how the level of security relates to the value of the item being
secured.
• No single activity or action will make you secure in every situation.
• Always emerging new attacks to which, you are vulnerable.
• Conducting different level of awareness programs
• ……
Difficult to define user Security!
• Insecure approaches are easier to list down
• Not applying security patches or application updates to your systems
• Using weak passwords
• Downloading programs from the internet
• Opening email attachments from unknown senders
• Using wireless networks without encryption
Why this course is important ?
• In this era of ubiquitous computing where we are connected to each
other through so many computing devices, it is important to protect
our data.
• Technology changes at an increasingly rapid rate but theory about
keeping ourselves secure lags behind.
• Good understanding of the basics of information security helps to
cope with changes as they come.
Why this course is important ?
• In this era of ubiquitous computing where we are connected to each
other through so many computing devices, it is important to protect
our data
• Data protection can be divided into 2 parts:
• PC Centric
• Safety of sensitive data from unauthorized access within your computing device
• Mobile Phones, Laptops, Bank Cards etc.
• Network Centric
• Protect data during transmission between computer to computer
• Distributed Computing
• Internet and Intranet
 Security

Digital Forensics Biometrics Security

Mobile Databases
Security Security

Network Hardware Security

Online Social Distributed Systems
Security
Media Security Security

Cryptography
 Security

Digital Forensics Biometrics Security

Mobile Databases
Security Security

Network Hardware Security

Online Social Distributed Systems
Security
Media Security Security

Cryptography
Learning Outcomes
• Recognize threats to Confidentiality, Integrity, and Availability of Information
systems and how security evolves around the CIA principle
• Understand and explain the basic computer security terminologies
• To use the security solutions correctly
• Find and apply documentation of security-related problems and tools
• Think of the countermeasures to identified threats and argue their effectiveness
• Compare different security mechanisms
Information Security
The term ‘information security’ means protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide
confidentiality, integrity and availability

— Federal Information Security Modernization Act of 2014.

Security Model
CIA triad
 Confidentiality
• Ability to protect data from
unauthorized personnel.
Confidentiality
• Possible to achieve through
• Access control
Prevents
• unauthorised users to access confidential data
• Authorised users from accessing information not authorised for

• Use of Cryptography: Encryption methods

• Keeping data at rest, secure
• Provides secure communication
Integrity
Integrity
Availability

• The ability of the authorised user to access data for legitimate

purposes whenever required.

We could lose availability

• Power loss, operating system or application problems, network attacks, etc.
CIA triad

Information Security Illuminated by G. Solomon and Mike Chapple

CIA/DAD

• Considering the
Threats also known as
Disclosure, Alteration,
and Denial (DAD)
• A Model for malicious
user