Subject Orientation

On
Cryptography & System Security
SEM- VI
Dept- Computer Engineering

Presented by Mr. Atul

Shintre
(Assistant Professor VPPCOE & VA)
 Outline
Subject Scheme
Prerequisite
Subject Objectives
Subject Outcome
Teaching Methodology
Syllabus
Reference and Text Books
Experiment List
Applications
Subject Scheme
Teaching Scheme

Theory 03 hrs
Practical 02 hrs

Examination Scheme/Total Marks allocated :

Internal Test : 20 Marks(Avg. of Test1 & Test2)

End Semester Exam : 80 Marks
Term Work : 25 Marks
Total : 125 Marks
 Prerequisite
 Computer Networks

 Mathematics
 Subject Objective
1. To introduce classical encryption techniques and concepts of modular
arithmetic and number theory.
2. To explore the working principles and utilities of various cryptographic
algorithms including secret key cryptography, hashes and message
digests, and public key algorithms
3. To explore the design issues and working principles of various
authentication protocols, PKI standards and various secure
communication standards including Kerberos, IPSec, and SSL/TLS.
4. To develop the ability to use existing cryptographic utilities to build
programs for secure communication
 Subject Outcome
After completion of the course, students will be able to:

Understand system security goals and concepts, classical encryption

techniques and acquire fundamental knowledge on the concepts of
modular arithmetic and number theory
Understand, compare and apply different encryption and decryption
techniques to solve problems related to confidentiality and
authentication
Apply different message digest and digital signature algorithms to
verify integrity and achieve authentication and design secure
applications
Understand network security basics, analyse different attacks on
networks and evaluate the performance of firewalls and security
protocols like SSL, IPSec, and PGP
Analyse and apply system security concept to recognize malicious
code
 Teaching Methodology
 Chalk and board method .

 Lecture ppt’s to cover syllabus.

 Expert Lecture.

 Webinars

 Case Study
 Syllabus
Module Title Contents Hrs

Security Goals
Module 1 Attacks
Services and Mechanisms
Introduction - Techniques
Number Modular Arithmetic: Euclidean Algorithm, Fermat‘s 08 Hrs
Theory and and Euler‘s theorem
Basic Classical Encryption techniques
Cryptograph Symmetric cipher model
y mono-alphabetic and polyalphabetic substitution
techniques: Vigenere cipher, playfair cipher, Hill
cipher
transposition techniques: keyed and keyless
transposition ciphers
 Syllabus
Module Title Contents Hrs

Block cipher principles

Module 2 block cipher modes of operation
DES , Double DES , Triple DES
Symmetric Advanced Encryption Standard (AES)
and Stream Ciphers: RC4 algorithm 11 Hrs
Asymmetric Public key cryptography: Principles of public key
key cryptosystems
Cryptograph The RSA Cryptosystem
y and key The knapsack cryptosystem
Management Symmetric Key Distribution: KDC
Needham- schroeder protocol
Kerberos: Kerberos Authentication protocol
Symmetric key agreement: Diffie Hellman
Public key Distribution: Digital Certificate: X.509,
PKI
 Syllabus
Module Title Contents Hrs

Cryptographic hash functions,

Module 3 Properties of secure hash function,
MD5, SHA-1, MAC, HMAC, CMAC.
Cryptographic
Hash 03 Hrs
Functions
 Syllabus
Module Title Contents Hrs

User Authentication
Module 4 Entity Authentication: Password Base, Challenge
Response Based
Authentication Digital Signature
Protocols & Attacks on Digital Signature 05 Hrs
Digital Digital Signature Scheme: RSA
Signature
Schemes
 Syllabus
Module Title Contents Hrs

Network security basics: TCP/IP vulnerabilities

Module 5 (Layer wise)
Network Attacks: Packet Sniffing, ARP spoofing,
Network port scanning, IP spoofing
Security and Denial of Service: DOS attacks, ICMP flood, SYN
Applications flood, UDP flood, Distributed Denial of Service
Internet Security Protocols: PGP, SSL, IPSEC. 09 Hrs
Network security: IDS, Firewalls
 Syllabus
Module Title Contents Hrs

Buffer Overflow
Module 6 malicious Programs: Worms and Viruses
SQL injection
System
Security

03 Hrs
 Text Books
William Stallings, “Cryptography and Network Security,
Principles and Practice”, 6th Edition, Pearson Education, March
2013
Behrouz A. Forouzan, “Cryptography & Network Security”,
Tata McGraw Hill
Behrouz A. Forouzan & Debdeep Mukhopadhyay,
“Cryptography and Network Security” 3rd Edition, McGraw
Hill.
Reference Books
Bruce Schneider, “Applied Cryptography, Protocols
Algorithms and Source Code in C”, Second Edition, Wiley.
Atul Kahate, “Cryptography and Network Security”, Tata
McGraw-Hill Education, 2003.
Eric Cole, “Network Security Bible”, Second Edition, Wiley,
2011.
 Experiment List
1. Design and Implementation of a product cipher using Substitution and Transposition
ciphers.
2. Implementation and analysis of RSA crypto system.
3. Implementation of Diffie Hellman Key exchange algorithm
4. For varying message sizes, test integrity of message using MD-5, SHA-1, and analyse
the performance of the two protocols. Use crypt APIs.
5. Study the use of network reconnaissance tools like WHOIS, dig, trace route, ns lookup
to gather information about networks and domain registrars.
6. Study of packet sniffer tools: wireshark: A.Download and install wireshark and capture
icmp, tcp, and http packets in promiscuous mode. B. Explore how the packets can be
traced based on different filters.
7. Download and install nmap. Use it with different options to scan open ports, perform
OS fingerprinting, do a ping scan, tcp port scan, udp port scan, xmas scan etc.
8. Detect ARP spoofing using nmap and/or open-source tool ARPWATCH and wireshark.
Use arping tool to generate gratuitous arps and monitor using wireshark
9. Simulate DOS attack using Hping, hping3 and other tools
10. Simulate buffer overflow attack using Ollydbg, Splint, Cpp check etc
11. a. Set up IPSEC under LINUX. b. Set up Snort and study the logs.
12. Setting up personal Firewall using iptables
13. Explore the GPG tool of linux to implement email security
14. SQL injection attack, Cross-Cite Scripting attack simulation
15. Case Study /Seminar: Topic beyond syllabus related to topics covered.
 Applications
1. Banking

2. Social Networks

3. Software and Application Security and many more

 o u ! ! !
Th a n kY