Information Technology

(Subject Code: MCA 104)

For

Master Of Computer Application

Prepared by: Dr Hanif Khan

Syllabus of MCA 104 Information Technology

UNIT I
Introduction and basic concept of modern communication and technology: CDMA, WLL, GSM,
VOIP, Bluetooth, WI-Fi, Communication Technology: 2G, 3G, 4G, And 5G. Communication
over radio, microwave systems, Communication satellite, radar, fiber optics, ISDN-their
properties, Geographic Information System (GIS), Components of a GIS- H/W,S/W, Data,
people, methods, working and application of GIS.

UNIT II
Information Security: Introduction, malicious programs, cryptography, digital signature,
Firewall, Users Identification and Authentication, Security awareness and policies, Application
areas requiring security. Mobile Commerce: Introduction, Growth, Success Stories of Mobile
commerce, Technologies for mobile commerce, M-commerce in India, Digital Marketing.

UNIT III
Artificial Intelligence: Concept of Artificial Intelligence, Introduction to branches of Artificial
Intelligence: Machine Learning, Neural Network, Robotics, Natural Language Processing,
Expert System, and Fuzzy Logic. Applications of all the branches of AI, General application of
AI.

UNIT IV
Introduction to IoT: Characteristics of IoT, physical design of IoT, Logical design of IoT,
Functional blocks of IoT, home Automation, Industry applications, Surveillance and other IoT
applications. Introduction to Virtual Reality (VR): Definition, Application of VR, Smart
Systems,
Embedded Systems.

UNIT V
Computing and Cloud Computing: History of Centralized and Distributed Computing,
Overview of Distributed Computing, Cluster computing, Grid computing. Introduction to
Cloud Computing- Cloud issues and challenges – Properties – Characteristics – Service models,
Deployment models. Cloud resources: Network and API – Virtual and Physical computational
Resources – Data-storage.

Text Books
1. Fundamental of Information Technology by Alex Leon & M.Leon, Vikas Publications,
New Delhi
2. Security in Computing (Third Edition) by C.P. Pfleeger, S.L. Pfleeger,D.N. Shah, S. Ware,
Prentice Hall 2002.
3. Recent Magazines of Computers and Communication.
4. Cloud Computing PHI by Rao M.N.
5. Internet of Things, McGrawHill by Raj Kamal
Reference Books
1. Introduction to Information Technology – ITL Education Solutions Ltd.,Seventh
Impression, Pearson Education 2008.
2. Concepts in Computing-Kenneth Hoganson, First Indian Edition, Jones & Bartlett
Publishers, Inc. 2010

3. Computer Networks – Andrew S. Tanenbaum, 4th Edition, Pearson Education.

 Introduction to Information Security

What is Information Security?

Information security is the name given to the preventive steps we take to guard our information
and our capabilities.

Characteristics:

Availability
Accuracy
Authenticity
Confidentiality
Integrity

I nformation security, sometimes shortened to infosec. The protection of information and

information systems from unauthorized access, use, or disruption.(disruption is
synonymous to “interruption”)

Malicious program:

M alicious programs can be divided into the following groups: worms, viruses, trojans, hacker
utilities and other malware. All of these are designed to damage the infected machine or
other networked machines.

Network Worms

This category includes programs that propagate via LANs or the Internet with the following
objectives:

 Penetrating remote machines.

 Launching copies on victim machines.
 Spreading further to new machines.

Worms use different networking systems to propagate: email, instant messaging, file-sharing
(P2P), IRC channels, LANs, WANs and so forth.
Most existing worms spread as files in one form or another: e-mail attachments, in ICQ or IRC
messages, links to files stored on infected websites or FTP servers, files accessible via P2P
networks and so on.

There are a small number of so-called file less or packet worms; these spread as network packets
and directly penetrate the RAM of the victim machine, where the code is then executed.

Worms use a variety of methods for penetrating victim machines and subsequently executing
code, including:

 Social engineering; emails that encourage recipients to open the attachment.

 Poorly configured networks; networks that leave local machines open to access from
outside the network.
 Vulnerabilities in operating systems and applications.

Today's malware is often a composite creation: worms now often include Trojan functions or are
able to infect exe files on the victim machine. They are no longer pure worms, but blended
threats.

Classic Viruses

A computer virus is a computer

program that can copy itself and
infect a computer without the
permission or knowledge of the
owner. A virus can only spread from
one computer to another (in some
form of executable code) when its
host is taken to the target computer;
for instance because a user sent it
over a network or the Internet, or
carried it on a removable medium
such as a floppy disk, CD, DVD, or
USB drive. Viruses can increase their
chances of spreading to other
computers by infecting files on a
network file system or a file system
that is accessed by another computer.

Viruses spread copies of themselves in order to:

 Launch and/or execute code once a user fulfills a designated action.

 Penetrate other resources within the victim's machine.
Unlike worms, viruses do not use network resources to penetrate other machines. Copies of
viruses can penetrate other machines only if an infected object is accessed and the code is
launched by a user on an uninfected machine. This can happen in the following ways:

 The virus infects files on a network resource that other users can access.
 The virus infects removable storage media which are then attached to a clean machine.
 The user attaches an infected file to an email and sends it to a 'healthy' recipient.

Trojan Programs

A trogen horse is a version of virus which, unlike a computer virus, does not attempt to inject
itself on other files. Instead, a Trojan horse is programmed to deceive the user by appearing to be
genuine file. However when used it perform other malicious activities like make a copy of itself,
steal information or harm their host computer. Trojan sometimes access personal details like
email address, credit card number stored locally at home computer, then send this data to remote
party via the internet.

A subset of Trojans damage remote machines or networks without compromising infected

machines; these are Trojans that utilize victim machines to participate in a Denial of Service
"DoS" attack on a designated web site.

Hacker Utilities and other malicious programs

This diverse class includes:

 Utilities such as constructors that can be used to create viruses, worms and Trojans.
 Program libraries specially developed to be used in creating malware.
 Hacker utilities that encrypt infected files to hide them from antivirus software.
 Programs that deliberately misinform users about their actions in the system.
 Other programs that are designed to directly or indirectly damage local or networked
machines.

Cryptography
Introduction to cryptography: Human being from ages had two inherent needs − (a) to
communicate and share information and (b) to communicate selectively. These two needs gave
rise to the art of coding the messages in such a way that only the intended people could have
access to the information. Unauthorized people could not extract any information, even if the
scrambled messages fell in their hand.

The art and science of concealing the messages to introduce secrecy in information security is
recognized as cryptography.
The word ‘cryptography’ was coined by combining two Greek words, ‘Krypto’ meaning hidden
and ‘graphene’ meaning writing.

Definition: Cryptography is associated with the process of converting ordinary plain text into
unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read and process it. Cryptography not only
protects data from theft or alteration, but can also be used for user authentication.

Modern cryptography concerns with:

Confidentiality - Information cannot be understood by anyone

Integrity - Information cannot be altered.

Non-repudiation - Sender cannot deny his/her intentions in the transmission of the information at
a later stage

Authentication - Sender and receiver can confirm each

Cryptography is used in many applications like banking transactions cards, computer passwords,
and e- commerce transactions.

Three types of cryptographic techniques used in general.

1. Symmetric-key cryptography

2. Public-key cryptography

3. Hash functions.

Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender
uses this key to encrypt plaintext and send the cipher text to the receiver. On the other side the
receiver applies the same key to decrypt the message and recover the plain text.

Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In
Public-Key Cryptography two related keys (public and private key) are used. Public key may be
freely distributed, while its paired private key, remains a secret. The public key is used for
encryption and for decryption private key is used.

Public key is a cryptographic key that can be obtained and used by anyone to encrypt messages
intended for a particular recipient, such that the encrypted messages can be deciphered only by
using a second key that is known only to the recipient (the private key ).

The most important properties of public key encryption scheme are −

 Different keys are used for encryption and decryption. This is a property which set this
scheme different than symmetric encryption scheme.
 Each receiver possesses a unique decryption key, generally referred to as his private key.
 Receiver needs to publish an encryption key, referred to as his public key.

Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per
the plain text that makes it impossible for the contents of the plain text to be recovered. Hash
functions are also used by many operating systems to encrypt passwords.

Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.
Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −

Features of Hash Functions

The typical features of hash functions are −
 Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length. This process is
often referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence hash functions are
sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also referred to as
a digest.
D igital Signature:

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or
documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very
strong reason to believe that the message was created by a known sender (authentication), and
that the message was not altered in transit (integrity).

Alice signs a message—"Hello Bob!"—by appending to the original message a version of the
message encrypted with her private key. Bob receives the message, including the signature, and
using Alice's public key, verifies the authenticity of the message, i.e. that the signature can be

decrypted to match the original message using Alice's public key.

Digital signatures allow us to verify the author, date and time of signatures, authenticate the
message contents. It also includes authentication function for additional capabilities.
Applications
There are several reasons to implement digital signatures to communications:

Authentication

Digital signatures help to authenticate the sources of messages. For example, if a bank’s branch
office sends a message to central office, requesting for change in balance of an account. If the
central office could not authenticate that message is sent from an authorized source, acting of
such request could be a grave mistake.

Integrity

Once the message is signed, any change in the message would invalidate the signature.
F irewall: A firewall is a system designed to prevent unauthorized access to or from a private
network. You can implement a firewall in either hardware or software form, or a combination of
both. Firewalls prevent unauthorized internet users from accessing private networks connected
to the internet, especially intranets. All messages entering or leaving the intranet (the local network to
which you are connected) must pass through the firewall, which examines each message and blocks
those that do not meet the specified security criteria.

Firewall is a network security device, either hardware or software based, which monitors all incoming
and outgoing traffic and based on defined set of security rules it accept, reject or drop that specific
traffic.

Accept: allow the traffic

Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
Firewall establishes a barrier between secured internal networks and outside untrusted network,
such as Internet.

User Identification & Authentication:

Computer-based information systems in general, and Internet e-commerce and e-business

systems in particular, employ many types of resources that need to be protected against
access by unauthorized users. Three main components of access control are used in most
information systems: identification, authentication, and authorization.
User authentication is a security process that covers all of the human-to-computer interactions
that require the user to register and log in. Said more simply, authentication asks each user, “who
are you?” and verifies their response.

When a user registers for an account, they must create a unique ID and key that will allow them
to access their account later on. Generally, a username and password are used as the ID and key,
but the credentials can include other forms of keys as well .

In order to gain access, users must prove to the website that they are who they say they are. The
ID and key are enough to confirm the user’s identity, which will allow the system to authorize
the user.

To put it simply, user authentication has three tasks:

Manage the connection between the human (user) and the website’s server (computer).

Verify users’ identities.

Approve (or decline) the authentication so the system can move to authorizing the user.

The process is fairly simple; users input their credentials on the website’s login form. That
information is then sent to the authentication server where the information is compared with all
the user credentials on file.

When a match is found, the system will authenticate users and grant them access to their
accounts. If a match isn’t found, users will be prompted to re-enter their credentials and try
again. After several unsuccessful attempts, the account may be flagged for suspicious activity or
require alternative authentication methods such as a password reset or a onetime password.

When your user authentication isn’t secure, however, cybercriminals can hack the system and gain
access, taking whatever information the user is authorized to access. In order to prevent such a
situation, it’s a good idea to invest in high-quality authentication tools to help you secure your website
and protect it from potential breaches.

I nformation security awareness is an evolving part of information security that focuses on raising
consciousness regarding potential risks of the rapidly evolving forms of information and the rapidly
evolving threats to that information which target human behavior. As threats have matured and
information has increased in value, attackers have increased their capabilities and expanded to broader
intentions, developed more attack methods and methodologies and are acting on more diverse motives.
As information security controls and processes have matured, attacks have matured to circumvent
controls and processes. Attackers have targeted and successfully exploited individuals human behavior
to breach corporate networks and critical infrastructure systems. Targeted individuals who are unaware
of information and threats may unknowingly circumvent traditional security controls and processes and
enable a breach of the organization.

The goal of Information security awareness is to make everyone aware that they are susceptible to the
opportunities and challenges in today's threat landscape, change human risk behaviors and create or
enhance a secure organizational culture.

Computer based crimes are not something new to us. Viruses have been
with us for well over 20 years; spyware has clocked up more than a decade since the earliest
incidents; and large-scale use of phishing can be traced back to at least 2003. One of the reasons
researchers agreed upon that the pace at information system is evolving and expanding, the security
awareness program among the employees is falling way behind.

A pplication security describes security measures at the application level that aim to
prevent data or code within the app from being stolen or hijacked. It encompasses the
security considerations that happen during application development and design, but it
also involves systems and approaches to protect apps after they get deployed.

Application security may include hardware, software, and procedures that identify or minimize security
vulnerabilities. A router that prevents anyone from viewing a computer’s IP address from the Internet is
a form of hardware application security. But security measures at the application level are also typically
built into the software, such as an application firewall that strictly defines what activities are allowed
and prohibited.

Types of application security

Different types of application security features include authentication, authorization, encryption,

logging, and application security testing. Developers can also code applications to reduce
security vulnerabilities.

Authentication: When software developers build procedures into an application to ensure that
only authorized users gain access to it. Authentication procedures ensure that a user is who they
say they are. This can be accomplished by requiring the user to provide a user name and
password when logging in to an application. Multi-factor authentication requires more than one
form of authentication—the factors might include something you know (a password), something
you have (a mobile device), and something you are (a thumb print or facial recognition).

Authorization: After a user has been authenticated, the user may be authorized to access and use
the application. The system can validate that a user has permission to access the application by
comparing the user’s identity with a list of authorized users. Authentication must happen before
authorization so that the application matches only validated user credentials to the authorized
user list.

Encryption: After a user has been authenticated and is using the application, other security
measures can protect sensitive data from being seen or even used by a cybercriminal. In cloud-
based applications, where traffic containing sensitive data travels between the end user and the
cloud, that traffic can be encrypted to keep the data safe.

Logging: If there is a security breach in an application, logging can help identify who got access
to the data and how. Application log files provide a time-stamped record of which aspects of the
application were accessed and by whom.

Application security testing: A necessary process to ensure that all of these security controls
work properly.

Part 2: Mobile Commerce

M -commerce (mobile commerce) is the buying and selling of goods and services through
wireless handheld devices such as Smartphone’s and tablets. As a form of e-commerce, m-
commerce enables users to access online shopping platforms without needing to use a
desktop computer. Examples of m-commerce include in-app purchasing, mobile banking, virtual
marketplace apps like the Amazon mobile app or a digital wallet such as Apple Pay, Android Pay and
Samsung Pay.

M-commerce can be categorized by function as either mobile shopping, mobile banking or

mobile payments. Mobile shopping allows for a customer to purchase a product from a mobile
device, using an application such as Amazon, or over a web app. A subcategory of mobile
shopping is app commerce, which is a transaction that takes place over a native app. Mobile
banking includes any handheld technology that enables customers to conduct fanatical
transactions. This is typically done through a secure, dedicated app provided by the banking
institution. Mobile payments enable users to buy products in-person using a mobile device.
Digital wallets, such as Apple Pay, allow a customer to buy a product without needing to swipe a
card or pay with physical cash.

Advantages and disadvantages of mobile commerce

The advantages of m-commerce include:

Added customer retention by being more easily accessible.

More convenience for customers in comparing prices, reading reviews and making
purchases without the need of a desktop computer.
Wider variety of products and services.

Disadvantages of m-commerce include:

 A poorly executed mobile experience can deter customers from making purchases.
Mobile payment options are not available in every geographic location and may not
support every type of digital wallet

G
rowth: eMarketer expects global ecommerce sales to reach $4.058 trillion by 2020, representing 15% of
total retail sales.
And the percentage of that belonging to m-commerce will also continue to grow, as more online retailers
see more than 50% of traffic coming from mobile devices.

Buying and selling products and services through mobile devices are the new trend. A housewife can
purchase her kitchen appliances from the comfort of her living room, a busy person can order lunch
from office, one can use mobile platforms to sell goods and services − all with a few clicks.
There are a number of content assets that can be bought and sold via a mobile device such as games,
applications, ringtones, subscriptions etc.

Mobile technology has grown leaps and bounds

over the last few decades. The journey from the
clunky wireless phone to sleek Smartphone has
been peppered by a number of amazing
innovations and discoveries.

With the 3G mobiles available today, users can do a

lot more with their smartphones than just sending
a voicemail or SMS. They can browse the web,
check the weather, read a book, prepare a to-do-
list, carry their favorite music around, find their way
around a new city with GPRS, and do much more.

Mobile Marketing Technology & Reach

In such a scenario, every business person willing to practice the mobile marketing technique has
to be aware about the following top 5 ways in which mobile technologies have changed the way
users interact with mobile devices −
 Anywhere anytime access

Unlike laptops and desktops, tablet and

mobile devices are easy to carry around.
Users can access the internet in their
mobile devices at anytime and anywhere
and it has decreased use of the laptops.

Mobile Apps are easier than websites

Companies that have an online customer base for instance e-commerce portals have noticed that
the sales and subscriptions they get from their apps are higher in comparison to that of their
websites. This means, online purchasing from the mobile phones are easier.

Advertisements should be personalized

Most of the users feel that the mobile are more personal device than say a laptop or a desktop.
Therefore, they expect that the content they receive on their mobile phones must be
personalized as well.

Social media is a prime channel

Whether your customers are business professionals, students, home-makers, teenagers etc.,
commonly, they spend more than 3 hours a week on social media channels, such as Twitter,
Facebook etc. Surprisingly, most of these customers access these channels on their
smartphones.

Mobiles are turning into mini-computers

Slowly but surely technicians and developers are packing the mobile phones with computer-like
features. With bigger screens, faster performance, optimum storage capacity, longer battery life,
and a ton of productivity booster applications. The evolution of phones from a simple calling
device to multi-tasking-pocket-size computers has revolutionized the world.

GROWTH OF M-COMMERCE IN INDIA:

Various mobile applications are developed for Smartphone users. State Bank Freedom of State
Bank of India , iMobile of ICICI , Axis Mobile for Android of AXIS Bank are the mobile
banking applications which are used for on line fund transfer, utility bill payment. IRCTC
Connect is used for railway ticket reservation, Mpesa by vodafone is used to transfer fund, pay
utility bills, Book My Show is used to book movie tickets. Ubiquitous feature of M-Commerce is
turning people from E-Commerce to M-Commerce. The development of low-cost smart phones
and low mobile tariffs helped for tremendous growth in mobile internet subscribers and hence
 tremendous growth of MCommerce in India. In India 60% of internet users access the internet via
their mobile phones. The number is expected to reach 315 million. Mobile Internet users in India
Mobile internet is the next BIG revolution in India and as per a study conducted by Google India.
Around 94% Indian Smartphone users have used their smart device to access internet
from their phone.
56% of smartphone users in the country access the internet multiple times a day.,40%
users surf the Net at least once a day. Only 6% never use their phone for connecting to
the Web.
About 76% of smartphone users in India access social networking sites on their devices.
77% of smartphone owners listen to music, while 33 per cent use it for playing games
and 32 percent read newspapers or magazine.
Thus India is going through a sort of E-Commerce revolution
and with more activities happening on the smartphones, experts believe that M-Commerce is
becoming the future of E-Commerce. M-Commerce is benefiting from an evolution in consumer
behavior and advancement in technology. More and more consumers are shopping across smart
phones and tablets. Consumers are getting more comfortable using mobile devices for payment via
everyday activities like buying coffee. These repetitive purchases with mobile apps not only open the
way for larger transactions, but provides companies more and more information about their
customers to give more relevant offers and increase long-term customer value.

D igital India: Discussion and debate around the topic “Digital” and “Digital India” has
increased in the past few years after the initiation of Digital India program by
Government of India. GOI’s aim of bringing digital in governance, among people has
increased in the recent years, where most of the government organization and services are
migrated towards digital format. As a result of migration towards the digital life or digital India,
opportunities for techies have increased. It has also influenced in the creation of large number of
Startup communities in India.
We are going to see the opportunities for the young generation in Digital India, especially in the
area of SMAC (Social Mobility and Cloud). These are the core area, which is used by the
Government organization and private organization to migrate towards the digital life. The term
digital India or digitization can be defined as,

“Process of involving digital medium for faster

and efficient service to the people”.
Let us look upon some of the core area of
Digital India in this article.
Be Social
The term social generally indicates social
networking sites (Facebook, Twitter, Quora,
LinkedIn, Instagram), which have become popular after the implementation of Web 2.0. Number
of social networking site users has increased in the recent years, which has placed India in the
2nd highest number of social networking users. Social networking sites has opened a wide
opportunities for politicians and business people, where they can directly connect with people via
advertisements and other medium. Social networking sites have become agent of inducement for
the business. Traffic in the social networking sites is always higher than the normal websites,
which obviously become the target for the business people. These sites offer faster, reliable,
required, wide reach of advertisements than any other medium with low cost.

Social networking site have opened a new are of job

opportunities, such as “Digital Marketing”, “Social Networking
Marketing”, “Social Networking Engineer”, “Social
Networking Analyst”. And the basic skills that are required for
these jobs are: Marketing skill, presentation skill, Problem
solving skill, Analytics skill.
Mo, Mo, Mobility
Mobility and Mobile communication plays a vital role in Indian society, which has changed the
nature of the common man. India has worlds’ largest tele-communication market in the world,
with largest number of users using the mobile technologies. Mobile communication had created a
new area of computing called pervasive computing, which is considered as the base for the
Internet of things (IoT). IoT has connected all the non living entities and elements under single
roof using the available mobile communications.
At many occasions, IoT environment is formed using the Bluetooth network or using the
Internet. Internet of things has converted the normal object as the digital object. These digital
objects are capable of creating data, which can also be utilized for the analytics.

Thereby these mobile communication and IoT

had created an Omni present digital
environment, which is also the major reason for
making the digitalization as the fastest medium
of communication and delivery of service.
Network Engineer, IoT Engineer, Mobile
Marketing, Tele marketing are some of major
opportunities created by Mobility. Strong
networking knowledge, Communication skill,
analytical skill, problem solving skill are the
few important skills required to grab the
opportunities in the domain of Mobility.
Automation Analytics Era

Analytics and Automation is the budding domain in the information and technology sector,
which has tremendously changed the nature of the common business. Analytics has influenced
the business by predicting the nature of the business with the previous old historical data. It has
also wide opened by creating a new area of analytics such as Big Data analytics. Big Data
Analytics helps to identify the scope of the business and automation takes it forward. Data which
were (was/is) once considered as memory occupier is now considered as Gold.
Yes, in the (today’s) digital world Data is considered as Gold. Data analytics will predict the
future of the business and automation will implements the same. Data analytics helps the human
engineers to increase the productivity by helping them to identify the key area of the business.
These kinds of analytics have opened a new branch of science called as Data science. Data
science is the combination of Mathematics and Data structures.

Data science engineer, Big Data Engineer, Analytics Engineer,

Storage Administrator, Data base administrator, Big Data
infrastructure engineer are some of the important and key roles
of Data analytics evolution. Strong knowledge on Data
structures, Research Mathematics, Probability, Problem
Solving skills, Analytical skill are some of the commonly
required skill for grabbing the opportunities in the domain of
analytics.