Home 
About
Blog
Course Description
This course familiarizes with basic concepts of information security. This course includes cryptographic algorithms, authentication systems, access controls, malicious logics, network security and security audits and ethical issues.
Course Objectives
The objective of this course is to familiarize the students with the concepts of information security, different security measures, policies and security mechanisms, security auditsso that students will be able to design, implement and manage the information and computers securely.
Course Contents
1.1. Computer Security Concepts
1.2. Threats, Attacks and Assets
1.3. Security Functional Requirements
1.4. Security Design Principles
1.5. Attack Surfaces and Attack Trees
1.6. Computer Security Strategy
2.1. Classical Cryptosystems: Substitution and Transposition Ciphers
2.2. Symmetric Encryption Principles
2.3. Data Encryption Standards (DES),
2.4. Basic concepts of fields, Modular Arithmetic, Galois Fields, Polynomial Arithmetic,
2.5. Advanced Encryption Standards (AES)
2.6. Prime Numbers, Fermat's Theorem, Primality Testing: Miller-Rabin Algorithm, Euclidean Algorithm, Extended Euclidean Algorithm, Euler Totient Function
2.7. Asymmetric Encryption
2.8. Diffie-Hellman Protocol , RSA Algorithm
3.1. Message Authentication
3.2. Secure Hash Functions
3.3. Message Digests: MD5
3.4. Secure Hash Algorithms: SHA-1, SHA-2
3.5. Digital Signature
4.1. User Authentication Principles
4.2. Password-Based Authentication
4.3. Token-Based Authentication
4.4. Biometric Authentication
4.5. Two Factor Authentication
4.6. Security Issues for User Authentication
5.1. Access Control Principles
5.2. Subjects, Objects and Access Rights
5.3. Discretionary Access Control
5.4. Role Based Access Control
5.5. Attribute Based Access Control
5.6. Identity, Credential and Access Management
5.7. Trust Frameworks
6.1. Malicious Software
6.2. Types of Malicious Software
6.3. Advanced Persistent Threat
6.4. Virus
6.5. Worms
6.6. Spam E-mail, Trojans
6.7. System Corruption,
6.8. Zombie, Bots
6.9. Key loggers, Phishing, Spyware
6.10. Backdoors, Rootkits
6.11. Countermeasures for Malwares
7.1 IT Security Management
7.2 Organizational Context and Security Policy
7.3. Security Risk Assessment
7.4. Security Risk Analysis
7.5. Security Auditing Architecture
7.6. Security Audit Trails
7.7. Implementing Logging Function
7.8. Audit Trail Analysis
8.1 Cybercrime and Computer crime
8.2.Intellectual Property
8.3. Privacy
8.4. Ethical Issues
8.5. Cyber Law in Nepal
The laboratory work includes implementing and simulating the concepts of cryptographic algorithms, hash functions, digital signatures, authentication & authorization systems, and malicious logics. The laboratory work covers implementing programs for following;
- Classical ciphers like Caesar, Railfence
- DES, AES
- Primality Testing, Euclidean Algorithms, Deffie-Hellman RSA
- MD5, SHA-1, SHA-2
- Authentication systems like password based, token based, two factor authentication etc.
- Access control and capability lists
- Malicious Logics
In addition, students have to perform case studies including preparation of security policies for some system and perform the security audits.
References:
1. William Stallings and Lawrie Brown, Computer Security: Principles and Practice, Pearson, Latest Edition
2. William Stallings, Cryptography and Network Security: Principles and Practice, Pearson
3. Mark Stamp, Information Security: Principles and Practices, Wiley
4. Matt Bishop, Introduction to Computer Security, Addison Wesley
5. Matt Bishop, Computer Security, Art and Science, Addison Wesley
6. Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Pearson
7. William Stallings, Information Privacy Engineering and Privacy by Design, Pearson