Janardan Bhagat Shikshan Prasarak Sanstha’s

CHANGU KANA THAKUR

Arts, Commerce and Science College, New Panvel
(Autonomous)
Re-Accredited ‘A+’ Grade by NAAC, (3rd cycle CGPA 3.61)
‘College with Potential for Excellence’ Status Awarded by UGC
‘Best College Award’ by University of Mumbai

T.Y.B.Sc. Computer Science

 SEMESTER V
Course Credit L / Week
TOPICS s
Elective-I (Select Any Two)
EI-I Artificial Intelligence 100 3 3
EI-II Linux Server Administration 3 3
EI-III Software Testing and Quality Assurance 100 3 3
Elective-II (Select Any Two)
EII-I Information and Network Security 100 3 3
EII-II Architecting of IoT 3 3
EII-III Web Services 100 3 3
Skill Enhancement
Skill
Enhancement Game Programming 100 2 3

Practical
PR1 Practical of Elective-I 100 2 6
PR2 Practical of Elective-II 100 2 6
PR3 Project Implementation 50 1 3
PR4 Practical of Skill Enhancement 50 1 3
 EII-I
Information and Network Security

• Objectives:
• To provide students with knowledge of basic concepts of
computer security including network security and
cryptography.
• Expected Learning Outcomes:
• Understand the principles and practices of cryptographic
techniques. Understand a variety of generic security
threats and vulnerabilities, and identify & analyze
particular security problems for a given application.
Understand various protocols for network security to
protect against thethreats in a network
 Syllabus
Introduction: Security Trends, The OSI Security Architecture, Security
Attacks, Security Services, Security Mechanisms
Classical Encryption Techniques: Symmetric Cipher Model, Substitution
Unit I Techniques, Transposition Techniques, Steganography, Block Cipher 15L
Principles, The Data Encryption Standard, The Strength of DES, AES
(round details not expected), Multiple Encryption and Triple DES, Block
Cipher Modes of Operation, Stream Ciphers
Public-Key Cryptography and RSA: Principles of Public-Key
Cryptosystems, The RSA Algorithm
 Key Management: Public-Key Cryptosystems, Key Management, Diffie-Hellman
Key Exchange
Message Authentication and Hash Functions: Authentication Requirements,
Authentication Functions, Message Authentication Codes, Hash Functions,
Unit II
Security of Hash Functions and Macs, Secure Hash Algorithm, HMAC
Digital Signatures and Authentication: Digital Signatures, Authentication
Protocols, Digital Signature Standard
Authentication Applications: Kerberos, X.509 Authentication, Public-Key
Infrastructure

Electronic Mail Security: Pretty Good Privacy, S/MIME

IP Security: Overview, Architecture, Authentication Header, Encapsulating

Security Payload, Combining Security Associations, Key Management
Web Security: Web Security Considerations, Secure Socket Layer and Transport
Unit III
Layer Security, Secure Electronic Transaction
Intrusion: Intruders, Intrusion Techniques, Intrusion Detection

Malicious Software: Viruses and Related Threats, Virus Countermeasures, DDOS

Firewalls: Firewall Design Principles, Types of Firewalls
 Textbook:
1) Cryptography and Network Security:
Principles and Practice 5th Edition,
William Stallings,Pearson,2010
Additional Reference(s):
2) Cryptography and Network Security, Atul
Kahate, Tata McGraw-Hill, 2013.
3) Cryptography and Network, Behrouz A
Fourouzan, Debdeep Mukhopadhyay,
2nd Edition,TMH,2011
 Introduction of Chapter 1
The Open Systems Interconnection (OSI) security architecture provides a systematic framework

for defining security attacks, mechanisms, and services.

◆ Security attacks are classified as either passive attacks, which include unauthorized reading of

a message of file and traffic analysis or active attacks, such as modification of messages or files,

and denial of service.

◆ A security mechanism is any process (or a device incorporating such a process) that is designed

to detect, prevent, or recover from a security attack.

Examples of mechanisms are encryption algorithms, digital signatures, and authentication

protocols.

◆ Security services include authentication, access control, data confidentiality, data integrity,

nonrepudiation, and availability.

• Information security is the process of securing
information data from unauthorized access, use,
modification, tempering, or disclosure.
• With the increased use of electronics media in our
personal lives as well as businesses, the possibility of
security breach and its major impact has increased.
• The theft of personal identity, credit card information,
and other important data using hacked user names
and passwords have become common these days.
• In addition, the theft of confidential business data
may lead to loss of business for commercial
organizations.
 COMPUTER SECURITY
The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the integrity,
availability, and confidentiality of information
system resources (includes hardware, software,
firmware, information/ data, and
telecommunications).
This definition introduces three key objectives that are at the heart of
computer security:
• Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to
whom that information may be disclosed.
• Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed
only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function
in an unimpaired manner, free from deliberate or inadvertent
unauthorized manipulation of the system.
• Availability: Assures that systems work promptly and service is not
denied to authorized users.
These three concepts form often referred to as
the CIA triad….
 Open Systems Interconnection (OSI)
security architecture
• Security attack: Any action that compromises the security
of information owned by an organization.
• Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or
recover from a security attack.
• Security service: A processing or communication service
that enhances the security of the data processing systems
and the information transfers of an organization. The
services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide
the service.
 SECURITY ATTACKS

Security attacks classify

• Passive
• Active Attack:
 Passive Attack
• Passive Attack divides in two categories:-
1. Release of message contents
2. Traffic analysis
Release of message contents
The release of message contents is easily understood A telephone conversation,
an electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the
contents of these transmissions.
2. Traffic analysis
• Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents,
even if they captured the message, could not extract the
information from the message.
• The common technique for masking contents is
encryption. If we had encryption protection in place, an
opponent might still be able to observe the pattern of
these messages.
• The opponent could determine the location and identity
of communicating hosts and could observe the frequency
and length of messages being exchanged.
• This information might be useful in guessing the nature of
the communication that was taking place.
Passive Attack: Traffic Analysis

Observe traffic pattern

 Active Attacks:-
Active attacks involve some modification of the data
stream or the creation of a false stream
It can be subdivided into four categories:
1. masquerade
2. replay
3. Modification of messages
4. denial of service.
 masquerade
• A masquerade takes place when one entity
pretends to be a different entity A masquerade
attack usually includes one of the other forms of
active attack.
• For example, authentication sequences can be
captured and replayed after a valid authentication
sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those
privileges.
masquerade
2. Modification of messages simply means that some
portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect.

For example, a message meaning “Allow John Smith

to read confidential file accounts” is modified to
mean “Allow Fred Brown to read confidential file
accounts.”
Active Attack: Modification of messages

Fabricate message
3. Replay involves the passive
capture of a data unit and its
subsequent retransmission to
produce an unauthorized effect
Active Attack: Replay
4. The denial of service prevents or inhibits
the normal use or management of
communications facilities.
This attack may have a specific target;
For example, an entity may suppress all
messages directed to a particular
destination
Active Attack: denial of service

Block delivery of message

 Security Service
– enhance security of data processing systems and
information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated
with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
 Security Services (X.800)
 Authentication - assurance that communicating entity is
the one claimed have both peer-entity & data origin
authentication
Peer Entity Authentication
Used in association with a logical connection to
provide confidence in the identity of the
entities
connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance
that the source of received data is as claimed.
Access Control - prevention of the
unauthorized use of a resource
The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to a
resource, under what conditions access can occur,
and what those accessing the resource are allowed
to do).
Data Confidentiality –protection of data from
unauthorized disclosure
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality
The confidentiality of selected fields within the user
data on a connection or in a single data block.
Traffic-Flow Confidentiality
The protection of the information that might be
derived from observation of traffic flows.
Data Integrity - assurance that data received
is as sent by an authorized entity
– Connection Integrity with Recovery
– Connection Integrity without Recovery
– Selective-Field Connection Integrity
– Connectionless Integrity
– Selective-Field Connectionless Integrity
Non-Repudiation - protection against denial
by one of the parties in a communication
Nonrepudiation, Origin
Proof that the message was sent by the specified party.
Nonrepudiation, Destination
Proof that the message was received by the specified
party.
 Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
• SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate
protocol
layer in order to provide some of the OSI security
services.
• Encipherment
The use of mathematical algorithms to transform
data into a form that is not readily intelligible. The
transformation and subsequent recovery of the
data depend on an algorithm and zero or more
encryption keys.
• Digital Signature
Data appended to, or a cryptographic
transformation of, a data unit that allows a
recipient of the data unit to prove the source
and integrity of the data unit and protect against
forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access
rights to resources.
Data Integrity
A variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of
an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically secure
routes for certain data and allows routing changes,
especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.