M.Tech. (Information Security & Cyber Forensics) 

Full Time 

Curriculum & Syllabus 

2013  

 

 

 

FACULTY OF ENGINEERING AND TECHNOLOGY 

SRM UNIVERSITY 

SRM NAGAR, KATTANKULATHUR – 603 203 

SRM University Department of Information Technology

M.Tech( Information Security and Cyber Forensics) Course code Course Name L T P C

Core Courses: I and II Semester

IS2001 Introduction to Cryptography 3 0 2 4

IT2001 Data Structures and Algorithms 3 0 2 4

IS2002 Operating Systems Administration and Security

3 0 2 4

IS2003 Network Security 3 0 2 4

IS2004 TCP/IP 3 0 2 4

IS2005 Forensics and Incident Response 3 0 2 4

Core Courses: III Semester

IS2047 Seminar (Pass/Fail Course) 0

IS2049 Project Phase-I 0 0 12 6

Core Courses: IV Semester

IS2050 Project Phase-II 0 0 32 16

Supportive Course:

IS2011 Number Theory 3 0 0 3

Program Electives

IS2101 Applied Cryptography 3 0 0 3

IS2102 Principles of Secure Coding 2 0 2 3

IS2103 Mobile and Digital Forensics 3 0 0 3

IS2104 Mobile and Wireless Security 3 0 0 3

IS2105 Interactive Programming with Python

2 0 2 3

IS2106 Malware Analysis 2 0 2 3

IS2107 Penetration Testing and Vulnerability Assessment.

2 0 2 3

IS2108 Computer and Information Security Management

3 0 0 3

IS2109 Risk Assessment and Security Audit

3 0 0 3

IS2110 Storage Management and Security 3 0 0 3

IS2111 Cloud Architectures and Security 2 0 2 3

IS2112 Cyber Law 3 0 0 3

Total Number of credits to be earned for M.TECH degree: 70

NOTE:

Students have to register for the courses as per the following guidelines:

Sl. No. Category

Credits

I Semester II Semester III Semester IV

Semester Category total

1 Core courses 12 ( 3 courses)

12 ( 3 courses)

--- --- 24

2 Program Elective courses

18 (in I to III semesters) --- 18

Interdisciplinary elective courses (any one program elective from other programs)

3 (in I to III semesters) 3

3 Supportive courses – mandatory

3 (in I to III semesters) --- 3

4 Seminar --- --- 0 --- 0 6 Project work --- --- 06 16 22 Total 70

Course Code

Course Title L T P C

IS2001 INTRODUCTION TO CRYPTOLOGY 3 0 2 4

Total Contact Hours – 75 Prerequisite Nil PURPOSE

The course provides a comprehensive view of symmetric and asymmetric cryptographic Schemes and key management issues.

INSTRUCTIONAL OBJECTIVES 1. Understand OSI security architecture and classic encryption techniques 2. Acquire fundamental knowledge on the concepts of finite fields and number theory 3. Understand various block cipher and stream cipher models 4. Describe the principles of public key cryptosystems, hash functions and digital

signature UNIT 1- INTRODUCTION (9 Hours) Services, Mechanisms and attacks-the OSI security architecture-Network security model classical Encryption techniques (Symmetric cipher model, substitution techniques, transposition Techniques, steganography) UNIT II- FINITE FIELDS AND NUMBER THEORY (9 Hours) Groups, Rings, Fields-Modular arithmetic-Euclid’s algorithm-Finite fields-Polynomial Arithmetic –Prime numbers-Fermat’s and Euler’s theorem-Testing for primality -The Chinese Remainder theorem- Discrete logarithms. UNIT III- BLOCK CIPHERS (9 Hours) Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. UNIT IV- PUBLIC KEY CRYPTOGRAPHY (9 Hours) Principles of public key cryptosystems-The RSA algorithm-Key management -Diffie Hellman Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography. UNIT -V HASH FUNCTIONS AND DIGITAL SIGNATURES (9 Hours) Authentication functions-Message authentication codes-Hash functions-Hash Algorithms (MD5, Secure Hash Algorithm)-Digital signatures (Authentication protocols, Digital signature Standard ).

Practical: (30 hours)

REFERENCE BOOKS:

1. William Stallings, “Cryptography and Network Security”, Pearson Education, 6th Edition,

2013,ISBN 10: 0133354695. 2. AtulKahate, “Cryptography and Network Security”, McGraw Hill Education India (Pvt

Ltd),2nd edition, 2009,ISBN 10: 0070151458. 3. Charlie Kaufman, Radia Perlman, Mike Speciner, “ Network Security: Private

Communication in a Public World”, Prentice Hall, 2 nd edition, 2002, ISBN 10: 0130460192.

4. Charles Pfleeger, Shari Lawrence Pfleeger “Security in computing”, Prentice Hall,4th Edition, 2006,ISBN 10: 0132390779

Course Code

Course Title L T P C

IT2001 Data Structures and Algorithms 3 0 2 4 Total Contact Hours - 75 Prerequisite: NIL PURPOSE:

Data structures play a central role in modern computer science. You interact with data structures much more often than with algorithms (think of Google, your mail server, and even your network routers). In addition, data structures are essential building blocks in obtaining efficient algorithms. This course will cover major results and current directions of research in data structures.

INSTRUCTIONAL OBJECTIVES

1. To make the student learn a object oriented way of solving problems.

2. To make the student write ADTS for all data structures.

3. To make the student learn different algorithm design techniques.

UNIT 1-OVERVIEW OF C++ (5 hours) C++ class overview-class definition-objects-class members- access control- constructors and destructors-parameter passing methods-dynamic memory allocation and de-allocation-Function overloading.

UNIT II-LINEAR DATA STRUCTURES AND ALGORITHM ANALYSIS (7 hours)

Review of Arrays-Stacks-Queues-linked lists-Linked stacks and Linked queues-Applications- Efficiency of algorithms-Asymptotic Notations- Time complexity of an algorithm using O notation- Average- Best- and Worst Case Complexities- Analyzing Recursive Programs.

UNIT III-NON LINEAR DATA STRUCTURES AND HASH TABLES (14 hours)

Introduction- Definition and Basic terminologies of trees and binary trees- Representation of trees and Binary trees- Binary tree Traversals- Threaded binary trees- Graphs- basic concepts –- representation and traversals. Introduction- Binary Search Trees: Definition- Operations and applications. AVL Trees: Definition- Operations and applications. B Trees: Definition- Operations and applications. Red – Black Trees- Splay Trees and its applications. Hash Tables: Introduction- Hash Tables- Hash Functions and its applications.

UNIT IV–DIVIDE AND CONQUER & GREEDY METHOD (9 hours)

General Method- Binary Search- Finding Maximum and Minimum- Quick Sort- Merge sort- Strassen’s Matrix Multiplication- Greedy Method- General Method- Minimum Cost Spanning Trees- Single Source Shortest Path.

UNIT V-DYNAMIC PROGRAMMING AND BACKTRACKING (10 hours)

General Method- 0 / 1 Knapsack problem- Reliability Design- Traveling Sales Person’s Problem. General Method-8–Queen’s Problem-Graph Coloring-Branch and Bound

Practical: (30 hours)

REFERENCES

1. Mark Allen Weiss, “Data Structures and Problem Solving using C++”, The Benjamin Cummings/ Addison Wesley Publishing Company, 2002.

2. G.A.V. Pai ,”Data Structures and Algorithms”, 2009, TMH. 3. Ellis Horowitz, SartajSahni and SanguthevarRajasekaran “Fundamentals of Computer

Algorithms” 2nd edition, University Press. 4. D. Samanta “Classic Data Structures”,2005,PHI 5. Aho, Hopcraft, Ullman,“Design and Analysis of Computer Algorithms” 1998, PEA. 6. Goodman and Hedetniemi, “Introduction to the Design and Analysis of Algorithms”,

TMG. 7. E. Horowitz, S. Sahani , “Design and Analysis of Algorithms”, 3rd Edition, Galgotia. 8. Drozdek, “Data Structures and Algorithms in C++”, 2nd Edition, Thomson.

PURPOSE

Any information security professional, needs to have a thorough knowledge related operating systems concepts. With this in mind, this course’s purpose is to make the learner knowledgeable in the various functions of OS, basic administration of an open source OS and methods to secure operating systems.

INSTRUCTIONAL OBJECTIVES 1. Become knowledgeable in the concepts of various functions of operating systems 2. Gain hands-on experience in the basic administration of a linux system. 3. Understand the concepts of securing operating systems.

Course Code

Course Title L T P C

IS2002 Operating Systems Administration and Security 3 0 2 4 Total Contact Hours – 75 Pre-requisites Nil

UNIT I - INTRODUCTION TO COMPUTER ARCHITECTURE (8 hours)

Introduction- Computer system Organization and Architecture- Operating System structure and operations- Protection and Security- Process Management- Process Scheduling – Inter process communication- Multi threading models- Semaphores- Deadlocks- Mutexes- Critical Section problem

UNIT II - MEMORY MANAGEMENT TECHNIQUES (8 hours)

Memory Management: Swapping, Segmentation, Page replacement algorithms- File Systems: File system mounting and sharing, File system implementation and allocation methods- Device management: Disk structure, scheduling and management, I/O hardware and kernel I/O subsystem

UNIT III-LINUX ADMINISTRATION AND OTHER SERVICES (12 hours)

Open source operating system- Linux Kernel architecture- User administration in Linux- Services offered by Linux OS- Configuration of email service, web service, NFS, DNS in Linux- Syntactical Interpretation of various files related to different services in Linux

UNIT IV - TRUST IN SECURE OPERATING SYSTEMS (9 hours)

Secure operating systems- Security goals- Trust model- Threat model- Access Control fundamentals: Lampson’s access matrix, mandatory protection systems, Reference monitor- Secure operating system definition- Assessment criteria

UNIT V-OPERATING SYSTEM SECURITY (8 hours)

Security in Windows and Unix: Protection system, authorization, security analysis and vulnerabilities- The security kernel- Secure communications processor – Retrofitting security into operating systems

Practical: (30 hours)

REFERENCE BOOKS:

1. Abraham Silberschatz, Peter Baer Galvin and Greg Gagne, Operating System Concepts, John Wiley & Sons ,Inc., 9th Edition,2012

2. William Stallings, Operating System: Internals and Design Principles, Prentice Hall, 7th Edition,2012

3. Tom Adelstein and Bill Lubanovic, Linux System Administration, O'Reilly Media, Inc., 1st Edition, 2007

4. Trent Jaeger, Operating Systems Security, Morgan & Claypool Publishers, 2008 5. Michael J.Palmer, Guide to Operating Systems Security, Thomson/Course Technology,

2004

L T P C

IS2003

NETWORK SECURITY 3 0 2 4

Total Contact Hours – 75 Prerequisite Computer Networks, Cryptography

PURPOSE

This course provides a comprehensive view of the network security principles and measures to prevent vulnerabilities and security attacks in the networks.

INSTRUCTIONAL OBJECTIVES 1. Understand the basic concepts of networks, networking devices and various attacks

possible on networking devices 2. Understand the concept of IP security and architecture 3. Understand the various methods and protocols to maintain E-mail security , and web

security 4. Understand the various methods of password management and protocols to maintain

system security UNIT I- INTRODUCTION TO NETWORK SECURITY ( 10 hours) Networking Devices(Layer1,2,3)- Different types of network layer attacks–Firewall (ACL, Packet Filtering, DMZ, Alerts and Audit Trials) – IDS,IPS and its types (Signature based, Anomaly based, Policy based, Honeypot based). UNIT II -VIRTUAL PRIVATE NETWORKS (12 hours) VPN and its types –Tunneling Protocols – Tunnel and Transport Mode –Authentication Header-Encapsulation Security Payload (ESP)- IPSEC Protocol Suite – IKE PHASE 1, II – Generic Routing Encapsulation(GRE). UNIT III-MPLS AND MPLS VPN (10 hours) WAN Topologies- Standard IP based Switching – CEF based Multi-Layer switching-MPLS Characteristics- Frame Mode MPLS Operation – MPLS VPN. UNIT IV -E-MAIL SECURITY (6 hours) Security Services for E-mail-attacks possible through E-mail – establishing keys-privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. UNIT V -WEB SECURITY (7 hours) SSL/TLS Basic Protocol-computing the keys- client authentication-PKI as deployed by SSL Attacks fixed in v3- Exportability-Encoding-Secure Electronic Transaction (SET), Kerberos

Practical: (30 hours)

REFERENCES

1. Charlie Kaufman, Radia Perlman, Mike Speciner, “Network Security”, Prentice Hall,2 ndedition , 2002, ISBN-10: 0130460192, ISBN-13: 978-0130460196.

2. Charles Pfleeger,” Security in Computing”, Prentice Hall, 4 th Edition, 2006, ISBN-10: 0132390779, ISBN-13: 978-01323907744.

3. UlysessBlack,”Internet Security Protocols: Protecting IP Traffic”, Prentice Hall PTR; 1st edition, 2000, ISBN-10: 0130142492, ISBN-13: 978-0130142498.

4. Amir Ranjbar 2007, CCNP ONT Official Exam Certification Guide, Cisco Press [ISBN: 978-1-58720-176-3].

5. Luc De Ghein 2006, MPLS Fundamentals, 1st Ed. Ed., Cisco Press [ISBN: 978-1- 58705-197-5]

6. William Stallings, “Cryptography and Network Security”, Pearson Education, 6th Edition, 2013,ISBN 10: 0133354695.

Course Code

Course Name L T P C

IS2004 TCP/IP Technology 3 0 2 4 Total Contact Hours – 75 (Theory – 45, Practical – 30) Prerequisite Computer Networks

PURPOSE TCP/IP is arguably the single most important computer networking technology. The Internet and most home networks support TCP/IP as communication protocol. This course provides a foundation to understand various principles, protocols and design aspects of Computer Network and also helps to achieve the fundamental purpose of computer networks in the form of providing access to shared resources.

INSTRUCTIONAL OBJECTIVES

1. Understand the evolution of computer networks over the period of time using the layered network architecture.

2. Work with client server sockets and also can develop applications to speak with each other.

3. Learn and understand the next generation Internet protocol and also to work with wide area network technologies.

UNITI-INTRODUCTION TO COMPUTER NETWORKS (6 hours) Introduction to Layered Architecture (TCP/IP, OSI), Networking Devices, IP addressing, Subnetting, VLSM, CIDR. UNIT II -NETWROK LAYER PROTOCOLS (12hours) Router IOS- Static and Default Routing-Interior Gateway Routing Protocols: RIP V1&V2, OSPF, EIGRP- Exterior Gateway Routing Protocol: BGP. UNIT III - TRANSPORT LAYER PROTOCOLS (9 hours)

TCP & UDP datagram and its characteristics, RTP, Flow Control and Error Control Mechanisms, Silly Window Syndrome - Clark’s and Nagle Algorithm - Congestion Control Mechanisms - Token Bucket and Leaky Bucket.

UNIT IV - SOCKET PROGRAMMING (9 hours)

Introduction to socket programming- Concurrent Processing in Client-Server Software-Byte ordering and address conversion functions – Socket Interface - System calls used with sockets - Iterative server and concurrent server- Multi protocol and Multi service server- TCP/UDP Client server programs – Thread Creation and Termination – TCP Echo Server using threads- Remote Procedure Call.

UNIT V - NEXT GENERATION INTERNET PROTOCOL (9 hours)

Introduction to IPv6 – IPv6 Advanced Features –V4 and V6 header comparison – V6 Address types –Stateless auto configuration – IPv6 routing protocols – IPv4-V6 Tunnelingand Translation Techniques.

REFERENCE BOOKS: 1.Douglas E. Comer ,”Internetworking with TCP/IP, Principles, Protocols, and Architecture”, Addison-Wesley, 5th edition, Vol 1, 2005,ISBN-10: 0131876716 | ISBN-13: 978-0131876712 .

2.Douglas E. Comer, David L. Stevens ,”Internetworking with TCP/IP Vol. III, Client-Server Programming and Applications”, Addison-Wesley, 2 nd edition, 2000 , ISBN-10: 013260969X, ISBN-13: 978-0132609692.

3.Wendell Odom,” CCNP Route 642-902, CCIE”, Official Certification Guide, Pearson .

4.Behrouz A. Forouzan, “Data Communications and Networking”, McGraw-Hill, 5th edition, 2012, ISBN- 10: 0073376221, ISBN-13: 978-0073376226.

Course Code

Course Name L T P C

IS2005

Forensics and Incident Response 3 0 2 4 Total Contact Hours – 75 Prerequisite NIL

PURPOSE The course focuses on the procedures for identification, preservation, and extraction of electronic evidence, auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence. The course will also provide hands on experience on various forensic tools and resources for system administrators and information system security officers.

INSTRUCTIONAL OBJECTIVES 1. Plan and prepare for all stages of an investigation - detection, initial response and

management interaction . 2. Investigate web server attacks, DNS attacks and router attacks and also can learn the

importance of evidence handling and storage . 3. Monitor network traffic and detect illicit servers and covert channels

UNIT I-INCIDENT AND INCIDENT RESPONSE (9 hours)

Introduction to Incident - Incident Response Methodology – Steps - Activities in Initial Response Phase after detection of an incident

UNIT II- INITIAL RESPONSE AND FORENSIC DUPLICATION (9 hours)

Initial Response & Volatile Data Collection from Windows system - Initial Response & Volatile Data Collection from Unix system - Forensic Duplication: Forensic duplication:Forensic Duplicates as Admissible Evidence,Forensic Duplication Tool Requirements,Creating a Forensic Duplicate/Qualified Forensic Duplicate of a Hard Drive

UNIT III- STORAGE AND EVIDENCE HANDLING (9 hours)

File Systems: FAT,NTFS - Forensic Analysis of File Systems - Storage Fundamentals: Storage Layer, Hard Drives Evidence Handling: Types of Evidence,Challenges in evidence handling, Overview of evidence handling procedure

UNIT IV -NETWORK FORENSICS (9 hours)

Collecting Network Based Evidence - Investigating Routers - Network Protocols - Email Tracing - Internet Fraud

UNIT V-SYSTEMS INVESTIGATION AND ETHICAL ISSUES (9 hours)

Data Analysis Techniques - Investigating Live Systems (Windows &Unix) - Investigating Hacker Tools - Ethical Issues - Cybercrime

REFERENCES

1. Kevin Mandia, Chris Prosise, “Incident Response and computer forensics”,Tata McGrawHill,2006.

2. Peter Stephenson, "Investigating Computer Crime: A Handbook for Corporate Investigations", Sept 1999

3. Eoghan Casey, "Handbook Computer Crime Investigation's Forensic Tools and Technology", Academic Press, 1st Edition, 2001

4. Skoudis. E., Perlman. R. Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.Prentice Hall Professional Technical Reference. 2001.

5. Norbert Zaenglein, "Disk Detective: Secret You Must Know to Recover Information From a Computer", Paladin Press, 2000

6. Bill Nelson,Amelia Philips and Christopher Steuart, “Guide to computer forensics and investigations”,course technology,4thedition,ISBN: 1-435-49883-6

L T P CIS2047 SEMINAR

PURPOSE Seminar is one of the important components for the engineering graduates to exhibit and expose their knowledge in their field of interest. It also gives a platform for the students to innovate and express their ideas in front of future engineering graduates and professionals.

INSTRUCTIONAL OBJECTIVES

1. To make a student study and present a seminar on a topic of current relevance in Information Technology or related fields.

2. Enhancing the debating capability of the student while presenting a seminar on a technical topic.

3. Training a student to face the audience and freely express and present his ideas without any fear and nervousness, thus creating self-confidence and courage which are essentially needed for anEngineer.

GUIDELINES:

1. Each student is expected to give a seminar on a topic of current relevance in IT/Related field with in a semester.

2. Students have to refer published papers from standard journals. 3. The seminar report must not be the reproduction of the original papers but it can be used

as reference.

ASSESMENT:

Assessment will be done according to university regulation.

L T P CIS2049 PROJECT PHASE-I 0 0 12 6

Total Contact Hours – 16

PURPOSE: The purpose of a project report is to convey adequate information to the reader about how the tasks were implemented, the results, and what knowledge was gained by a student.MTech projects are expected to be innovative, socially relevant and product oriented ones. INSTRUCTIONAL OBJECTIVES:

1. To make the students understand and analyze the current technical advancements. 2. To enhance their innovative skills while producing engineering products. 3. To test their individuality of their technical work. 4. To enhance their technical reading and writing skills.

ASSESMENT (Phase I & II): Assessment will be done according to university regulation.

L T P C IS2050 Project Phase-II 0 0 32 16

Total Contact Hours – 32

INSTRUCTIONAL OBJECTIVES:

To make the student learn, understand and analyze their engineering field of study and to produce products which helps them to improve the life style of humanity.

ASSESMENT (Phase I): Assessment will be done according to university regulation.

Course Code Course Name L T P C MA2019 NUMBER THEORY

3 0 0 3 Total Contact Hours:45

Pre-requisite Knowledge of basic algebra is preferred

PURPOSE 

To  familiarize  the  students  with  the  applied  mathematical  methods  that  can  be  used  for  solving problems in solar energy applications 

INSTRUCTIONAL OBJECTIVES 

1.   Gain an appreciation of the importance and beauty of the basic ideas in elementary number theory.

2.  Develop and improve problem solving skills

3.  Develop basic understanding of the concepts in prime numbers, congruence, quadratic reciprocity and number theory algorithms.

Unit I -Prime numbers and divisibility . (9 hours) Divisibility in integers, , G.C.D, L.C.M -- prime numbers – prime factorization--Fundamental theorem of arithmetic – Euclidean division algorithm -- Fermat numbers. Unit II -Arithmetical Functions (9 hours) The Mobius function μ(n)- divisor sum formulafor μ(n) – The Euler totient function φ(n) - divisor sum formulafor φ(n)– A relation connecting μ and φ- A product formula for φ(n) – properties ofφ(n)–Multiplicative functions–completely multiplicative function. Unit III –Congruences (9 hours) Basic properties – Residue classes and complete residue systems – linear congruences – Reduced residue systems and Euler Fermat theorem – Simultaneous linear congruences – The Chinese remainder theorem. Unit IV - Primitive Roots (9 hours) Primitive roots and reduced residue system – Non existence of p-roots - existence of p-roots mod p for odd primes p – Existence of p-root mo

mod 2 ( 3)α α ≥

d pα - p- root mod 2 pα -Non existence of p-roots in other cases. Unit V -Quadratic Reciprocity and Elliptic curves (9 hours) Quadratic Residues – Legendre’s symbol and its properties – Evaluation of (-1 | p) and (2 | p) – Gauss’ lemma – The Quadratic Reciprocity law – Applications – The Jacobi symbol – continued fractions – elliptic curves –applications

REFERENCES: 1. A.Jones&M.Jones, Elementary Number Theory, Springer publications, 1998 2. William Stein, Elementary Number Theory, Springer 2009 3. Tom M.Apostol, Introduction to Analytic Number Theory, Springer International Student

Edition, Narosa Publishing House, New Delhi. 4. David M.Burton , “Elementary Number Theory “ Mcgraw Hill science ,sixth edition . 

L T P CIS2101 APPLIED CRYPTOLOGY 3 0 0 3

Total contact hours – 45 Prerequisite Cryptography, Network Security PURPOSE

The course provides an overview of the various encryption techniques, how to use them to protect the data.

INSTRUCTIONAL OBJECTIVES 1. Understand basic encryption methods and algorithms , he strengths and weaknesses of

encryption algorithms 2. Understand encryption key exchange and management 3. Understand how to deploy encryption techniques to secure data stored on computer

systems 4. Understand how to deploy encryption techniques to secure data in transit across data

networks and also to demonstrate best practice deployment of cryptographically technologies

UNIT I (9 hours) Foundations – Protocol Building Blocks - Basic Protocols - Intermediate Protocols - Advanced Protocols - Zero-Knowledge Proofs - Zero-Knowledge Proofs of Identity -Blind Signatures - Identity-Based Public-Key Cryptography - Oblivious Transfer - Oblivious Signatures - Esoteric Protocols UNIT II (9 hours) Key Length - Key Management - Electronic Codebook Mode - Block Replay - Cipher Block Chaining Mode - Stream Ciphers - Self-Synchronizing Stream Ciphers - Cipher-Feedback Mode - Synchronous Stream Ciphers - Output-Feedback Mode - Counter Mode - Choosing a Cipher Mode - Interleaving - Block Ciphers versus Stream Ciphers - Choosing an Algorithm - Public- Key Cryptography versus Symmetric Cryptography - Encrypting Communications Channels - Encrypting Data for Storage - Hardware Encryption versus Software Encryption - Compression, Encoding, and Encryption - Detecting Encryption – Hiding and Destroying Information. UNIT III (9 hours) Information Theory - Complexity Theory - Number Theory - Factoring - Prime Number Generation - Discrete Logarithms in a Finite Field - Data Encryption Standard (DES) – Lucifer - Madryga - NewDES - GOST – 3 Way – Crab – RC5 - Double Encryption - Triple Encryption - CDMF Key Shortening - Whitening.

UNIT IV (9 hours) Pseudo-Random-Sequence Generators and Stream Ciphers – RC4 - SEAL - Feedback with Carry Shift Registers - Stream Ciphers Using FCSRs - Nonlinear-Feedback Shift Registers - System-Theoretic Approach to Stream-Cipher Design - Complexity-Theoretic Approach to Stream-Cipher Design - N- Hash - MD4 - MD5 - MD2 - Secure Hash Algorithm (SHA) - One- Way Hash Functions Using Symmetric Block Algorithms - Using Public-Key Algorithms - Message Authentication Codes UNIT V (9 hours) RSA - Pohlig-Hellman - McEliece - Elliptic Curve Cryptosystems -Digital Signature Algorithm (DSA) - Gost Digital Signature Algorithm - Discrete Logarithm Signature Schemes - Ongchnorr- Shamir -Cellular Automata - Feige-Fiat-Shamir -Guillou-Quisquater - Diffie-Hellman - Station-to-Station Protocol -Shamir’s Three-Pass Protocol - IBM Secret-Key Management Protocol - MITRENET - Kerberos - IBM Common Cryptographic Architecture

REFERENCES 1. Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code in C” John Wiley & Sons, Inc, 2nd Edition, 1996. 2. Wenbo Mao, “Modern Cryptography Theory and Practice”, Pearson Education, 2004 3. AtulKahate, “Cryptography and Network Security”, Tata McGrew Hill, 2003. 4. William Stallings, “Cryptography and Network Security”, 3rd Edition, Pearson Education, 2003.

L T P CIS2102 PRINCIPLES OF SECURE CODING 2 0 2 3 Total Contact Hours – 60 Prerequisite Knowledge of Programming is preferred PURPOSE Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Overcoming these defects during the process of development of software leads to secure coding practices. So, the purpose of this course is to identify, explain and demonstrate the problems in insecure coding practices and methods to rectify the same.

INSTRUCTIONAL OBJECTIVES 1. Understand the need for secure coding and proactive development process 2. Explain and demonstrate secure coding practices 3. Learn input issues related to database and web and fundamental principles of software

security engineering UNIT I- INTRODUCTION (6 hours) Need for secure systems- Proactive security development process- Security principles to live by and threat modeling UNIT II-SECURE CODING IN C (6 hours) Character strings- String manipulation errors – String Vulnerabilities and exploits – Mitigation strategies for strings- Pointers – Mitigation strategies in pointer based vulnerabilities – Buffer Overflow based vulnerabilities UNIT III-SECURE CODING IN C++ AND JAVA (6 hours) Dynamic memory management- Common errors in dynamic memory management- Memory managers- Double –free vulnerabilities –Integer security- Mitigation strategies UNIT IV-DATABASE AND WEB SPECIFIC INPUT ISSUES (6 hours) Quoting the Input – Use of stored procedures- Building SQL statements securely- XSS related attacks and remedies UNIT V–SOFTWARE SECURITY ENGINEERING (6 hours) Requirements engineering for secure software: Misuse and abuse cases- SQUARE process model- Software security practices and knowledge for architecture and design

REFERENCES

1. Michael Howard , David LeBlanc, “Writing Secure Code”, Microsoft Press, 2nd Edition, 2003

2. Robert C.Seacord, “ Secure Coding in C and C++”, Pearson Education, 2nd edition, 2013 3. Julia H. Allen, Sean J. Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead, “

Software Security Engineering : A guide for Project Managers”, Addison-Wesley Professional, 2008

Course Code

Course Name L T P C

IS2103

Mobile and Digital Forensics 3 0 0 3 Total Contact Hours – 45 Prerequisite Knowledge of Forensics and Incident response is preferred

PURPOSE The use of Mobile phones and digital devices across the globe has increased dramatically. These devices are more susceptible to information security attacks and thus they also possess huge evidences which shall be used during crime scene investigation. This makes the course on mobile and digital forensics an inevitable one for the security professionals. This course on mobile and digital forensics will provide a better understanding for the course participants on different forms of evidences in many digital devices, collection and interpretation of the same.

INSTRUCTIONAL OBJECTIVES 1. Understand the basics of wireless technologies and security. 2. Become knowledgeable in mobile phone forensics and android forensics.

3. Learn the methods of investigation using digital forensic techniques.

Unit I (9 hours)

Overview of wireless technologies and security: Personal Area Networks, Wireless Local Area Networks, Metropolitan Area Networks, Wide Area Networks. Wireless threats, vulnerabilities and security: Wireless LANs, War Driving, War Chalking, War Flying, Common Wi-fi security recommendations, PDA Security, Cell Phones and Security, Wireless DoS attacks, GPS Jamming, Identity theft.

Unit II (9 hours)

CIA triad in mobile phones-Voice, SMS and Identification data interception in GSM: Introduction, practical setup and tools, implementation- Software and Hardware Mobile phone tricks: Netmonitor, GSM network service codes, mobile phone codes, catalog tricks and AT command set- SMS security issues

Unit III (12 hours)

Mobile phone forensics: crime and mobile phones, evidences, forensic procedures, files present in SIM card, device data, external memory dump, evidences in memory card, operators systems-

Android forensics: Procedures for handling an android device, imaging android USB mass storage devices, logical and physical techniques

Unit IV (7 hours)

Digital forensics: Introduction – Evidential potential of digital devices: closed vs. open systems, evaluating digital evidence potential- Device handling: seizure issues, device identification, networked devices and contamination-

Unit V (8 hours)

Digital forensics examination principles: Previewing, imaging, continuity, hashing and evidence locations- Seven element security model- developmental model of digital systems- audit and logs- Evidence interpretation: Data content and context

References

1. Gregory Kipper, “Wireless Crime and Forensic Investigation”, Auerbach Publications, 2007

2. Iosif I. Androulidakis, “ Mobile phone security and forensics: A practical approach”, Springer publications, 2012

3. Andrew Hoog, “ Android Forensics: Investigation, Analysis and Mobile Security for Google Android”, Elsevier publications, 2011

4. Angus M.Marshall, “ Digital forensics: Digital evidence in criminal investigation”, John – Wiley and Sons, 2008

Course Code

Course Name L T P C

IS2104

Mobile and Wireless Security 3 0 0 3 Total Contact Hours – 45 Prerequisite TCP/IP,Principles of Network Security

PURPOSE The course deals with the security and privacy problems in the realm of wireless networks and mobile computing. The subject is useful to researchers working in the fields of mobile and wireless security and privacy and to graduate students seeking new areas to perform research.

INSTRUCTIONAL OBJECTIVES 1. Gain in-depth knowledge on wireless and mobile network security and its relation to the

new security based protocols. 2. Apply proactive and defensive measures to counter potential threats, attacks and

intrusions. 3. Design secured wireless and mobile networks that optimise accessibility whilst

minimising vulnerability to security risks.

UNIT I-INTRODUCTION (5 hours)

Security and Privacy for Mobile and Wireless Networks: Introduction- State of the Art- Areas for Future Research- General Recommendation for Research. Pervasive Systems: Enhancing Trust Negotiation with Privacy Support: Trust Negotiation- Weakness of Trust Negotiation- Extending Trust Negotiation to Support Privacy

Unit II-MOBILE SECURITY (10 hours)

Mobile system architectures, Overview of mobile cellular systems, GSM and UMTS Security & Attacks, Vulnerabilities in Cellular Services, Cellular Jamming Attacks & Mitigation, Security in Cellular VoIP Services, Mobile application security.

UNIT III-SECURING WIRELESS NETWORKS (10 hours)

Overview of Wireless security, Scanning and Enumerating 802.11 Networks, Attacking 802.11 Networks, Attacking WPA protected 802.11 Networks, Bluetooth Scanning and Reconnaissance, Bluetooth Eavesdropping, Attacking and Exploiting Bluetooth, Zigbee Security, Zigbee Attacks

UNIT IV - ADHOC NETWORK SECURITY (9 hours)

Security in Ad Hoc Wireless Networks, Network Security Requirements, Issues and Challenges in Security Provisioning, Network Security Attacks, Key Management in Adhoc Wireless Networks, Secure Routing in Adhoc Wireless Networks UNIT V-RFID Security (11 hours)

Introduction, RFID Security and privacy, RFID chips Techniques and Protocols, RFID anti-counterfeiting, Man-in-the-middle attacks on RFID systems, Digital Signature Transponder, Combining Physics and Cryptography to Enhance Privacy in RFID Systems, Scalability Issues in Large-Scale Applications, An Efficient and Secure RFID Security Method with Ownership Transfer, Policy-based Dynamic Privacy Protection Framework leveraging Globally Mobile RFIDs, User-Centric Security for RFID based Distributed Systems, Optimizing RFID protocols for Low Information Leakage, RFID: an anti-counterfeiting tool.

Text Books:

1. Kia Makki, Peter Reiher, “Mobile and Wireless Network Security and Privacy “, Springer, 2007, ISBN 978-0-387-71057-0

2. C. Siva Ram Murthy, B.S. Manoj, “Adhoc Wireless Networks Architectures and Protocols”, Prentice Hall, 2004, ISBN 9788131706885

3. NoureddineBoudriga, Security of Mobile Communications, 2010, ISBN 9780849379413. 4. Kitsos, Paris; Zhang, Yan , “RFID Security Techniques, Protocols and System-On-Chip

Design “,2008, ISBN 978-0-387-76481-8 5. Johny Cache, Joshua Wright and Vincent Liu,” Hacking Wireless Exposed: Wireless

Security Secrets & Solutions “,second edition, McGraw Hill, 2010, ISBN: 978-0-07-166662-6

L T P CIS2105 INTERACTIVE PROGRAMMING WITH PYTHON 2 0 2 3 Total Contact Hours – 60 Prerequisite Web systems and Network security

PURPOSE This course will help the students to gain mastery over Python scripting and its application to problems in computer and network security. This course is ideal for penetration testers, security enthusiasts and network administrators who want to learn to automate tasks or go beyond just using readymade tools.

INSTRUCTIONAL OBJECTIVES 1. Acquire fundamental knowledge on the concepts of python scripting 2. Understand the system and network security programming 3. Acquire knowledge on developing web servers and clients 4. Understand various exploitation techniques

UNIT-I: INTRODUCTION TO PYTHON (6 hours)

Introduction to Interpreted Languages and Python - Data Types and variables - Operators and Expressions - Program Structure and Control - Functions and Functional Programming - Classes, Objects and other OOPS concepts

UNIT-II: SYSTEM PROGRAMMING AND SECURITY (6 hours)

I/O in Python - File and Directory Access - Multithreading and Concurrency - Inter Process Communication (IPC) - Permissions and Controls

UNIT- III: NETWORK SECURITY PROGRAMMING (6 hours)

Raw Socket basics -Socket Libraries and Functionality - Programming Servers and Clients - Programming Wired and Wireless Sniffers - Programming arbitrary packet injectors - PCAP file parsing and analysis.

UNIT-IV: WEB APPLICATION SECURITY (6 hours)

Web Servers and Client scripting - Web Application Fuzzers - Scraping Web Applications – HTML and XML file analysis - Web Browser Emulation - Attacking Web Services - Application Proxies and Data Mangling - Automation of attacks such as SQL Injection, XSS etc.

UNIV-V: EXPLOITATION TECHNIQUES (6 hours)

Exploit Development techniques - Immunity Debuggers and Libs - Writing plugins in Python - Binary data analysis - Exploit analysis Automation.

Practical 30 hours

REFERENCE BOOKS

1.Mike Dawson,”More Python programming for Absolute Beginner”, Cengage Learning PTR; 3rd edition,2010, ISBN-10: 1435455002, ISBN-13: 978-14354550092.

2.Mark Lutz,” Python Pocket reference”, O'Reilly Media; 4 th edition ,2009,ISBN-10: 0596158084, ISBN-13: 978-0596158088

L T P CIS2106 MALWARE ANALYSIS 2 0 2 3 Total Contact Hours – 60 Prerequisite Network Security

PURPOSE

The purpose is to understand the purpose of malware, work with examples of famous virus and worms.

INSTRUCTIONAL OBJECTIVES

1. To understand the purpose of computer infection program.

2. To implement the covert channel and mechanisms.

3. To test and exploit various malware in open source environment.

4. To analyze and design the famous virus and worms.

UNIT I INTRODUCTION (6 hours)

Computer Infection Program- Life cycle of malware- Virus nomenclature- Worm nomenclature- Tools used in computer virology.

UNIT II IMPLEMENTATIONOF COVERT CHANNEL (6 hours)

Non self-reproducing Malware- Working principle of Trojan Horse- Implementation of Remote access and file transfer- Working principle of Logical Bomb- Case Study: Conflicker C worm.

UNIT III VIRUS DESIGN AND ITS IMPLICATIONS (6 hours)

Virus components- Function of replicator, concealer and dispatcher- Trigger Mechanisms- Testing virus codes- Case Study: Brute force logical bomb.

UNIT IV MALWARE DESIGN USING OPEN SOURCE (6 hours) Computer Virus in Interpreted programming language- Designing Shell bash virus under Linux- Fighting over infection- Anti –antiviral fighting – Polymorphism- Case study: Companion virus.

UNIT V VIRUS AND WORM ANALYSYS (6 hours) Klez Virus- Clone Virus- Doom Virus- Black wolf worm- Sassar worm- Happy worm 99. Practical 30 hours REFERENCES

1. ErciFiliol, “Computer Viruses: from theory to applications”, Springer, 1st edition, 2005. ISBN 10: 2-287-23939-1

2. Mark.A .Ludwig, “The Giant black book of computer viruses,CreateSpace Independent Publishing Platform, 2 nd edition, 2009,ISBN 10: 144140712X.

IS2107

L T P C Penetration Testing & Vulnerability Assessment 2 0 2 3

Total Contact Hours – 60 Prerequisite Network Security

PURPOSE The purpose is to understand the methodologies and techniques used for penetrating a machine using tools.

INSTRUCTIONAL OBJECTIVES 1. To identify security vulnerabilities and weaknesses in the target applications.

2. To identify how security controls can be improved to prevent hackers gaining access to operating systems and networked environments.

3. To test and exploit systems using various tools.

4. To understand the impact of hacking in real time machines.

Unit I Introduction (6 Hours) Ethical Hacking terminology- Five stages of hacking- Vulnerability Research- Legal implication of hacking- Impact of hacking. Unit II Foot printing & Social engineering (6 Hours) Information gathering methodologies- Competitive Intelligence- DNS Enumerations- Social Engineering attacks. Unit III Scanning & Enumeration (6 Hours) Port Scanning-Network Scanning- Vulnerability Scanning- NMAP scanning tool- OS Fingerprinting- Enumeration. Unit IV System Hacking (6 Hours) Password cracking techniques- Key loggers- Escalating privileges- Hiding Files- Steganography technologies- Countermeasures. Unit IV Sniffers & SQL Injection (6 Hours) Active and passive sniffing- ARP Poisoning- Session Hijacking- DNS Spoofing- Conduct SQL Injection attack - Countermeasures. Practical 30 hours

References

1. Kimberly Graves, “CEH: Official Certified Ethical Hacker Review Guide”, Wiley Publishing Inc., 2007. ISBN: 978-0-7821-4437-6.

2. Shakeel Ali &TediHeriyanto, “Backtrack -4: Assuring security by penetration testing”, PACKT Publishing., 2011. ISBN: 978-1-849513-94-4.

L T P C IS2108 Computer and Information Security Management 3 0 0 3 Pre-requisite Knowledge of TCP/IP, Cryptography and Network

security is preferred

PURPOSE The ubiquity of computers and internet in the life of human beings has enabled chance, motive and means to do harm. With such endangers in front of us, it becomes necessary security for security professionals, to learn about how manage computer and information security aspects. Hence this course provides methods to develop new framework for information security, overview of security risk assessment and management and security planning in an organization.

INSTRUCTIONAL OBJECTIVES 1. Understand the myths of information security management and methods to develop new

frameworks for information security. 2. Understand the myths of information security management and methods to develop new

frameworks for information security. 3. Understand the fundamentals of information security risk assessments.

4. Become knowledgeable in the area of security management planning and configuration management.

Unit I Myths of Information Security Management (6 hours)

The big picture-Learning from experience-Weaknesses in Information Security-The extent of crime in cyberspace- The cyberspace crimoid syndrome-Policies and technologies- A new framework for information security

Unit II Information Security Assessments (9 hours)

Risk assessment-Richard Baskerville’s risk assessment methodology- Generations of risk assessment techniques- Quantitative approach to risk assessment-Problems with Quantitative approach – NIST ALE- Baseline approach

Unit III Security Management Concepts and Principles (9 hours)

Measuring ROI on security- Security patch management- Purposes of Information Security management- The building blocks of information security- Human side of information security-Security management- Securing new information technology

Unit IV Configuration Management (11 hours )

Overview of SSE CMM- SSE CMM relationship to other initiatives- Capability levels- Security Engineering- Security Engineering process overview- Basic process areas- Configuration management- Base practices- Establish configuration management

Unit V Security Management Planning (10 hours )

Maintaining information security during downsizing- Business case for Information Security- Information Security Management in healthcare industry- Protecting high tech trade secrets- Outsourcing Security

References

1. Donn Parkers, “ Fighting Computer Crime: A New Framework for Protecting Information”, John Wiley&Sons, 2003

2. Micki Krause, Harold F.Tripton, “ Information Security Management Handbook”,Auerbach Publications, 2012.

L T P C IS2109 Risk Assessment & Security Audit 3 0 0 3 Total Contact Hours – 45 Prerequisite Nil PURPOSE

The purpose is to understand the risk assessment while handling and processing information and implementing security in audit.

INSTRUCTIONAL OBJECTIVES 1. To gain the knowledge about Information Risk.

2. To discovery knowledge in collecting data about organization.

3. To do various analysis on Information Risk Assessment.

4. To understand IT audit and its activities.

Unit 1: Introduction (9 Hours)

What is Risk? –Information Security Risk Assessment Overview- Drivers, Laws and Regulations- Risk Assessment Frame work – Practical Approach.

Unit 2: Data Collection (9 Hours)

The Sponsors- The Project Team- Data Collection Mechanisms- Executive Interviews- Document Requests- IT Assets Inventories- Profile & Control Survey- Consolidation.

Unit 3: Data Analysis (9 Hours)

Compiling Observations- Preparation of catalogs- System Risk Computation- Impact Analysis Scheme- Final Risk Score.

Unit 4: Risk Assessment (9 Hours) System Risk Analysis- Risk Prioritization- System Specific Risk Treatment- Issue Registers- Methodology- Result- Risk Registers- Post Mortem.

Unit 5: Security Audit Process (9 Hours) Pre-planning audit- Audit Risk Assessment- Performing Audit- Internal Controls- Audit Evidence- Audit Testing- Audit Finding- Follow-up activities. REFERENCES

1. Mark Talabis, “Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis”, Kindle Edition. ISBN: 978-1-59749-735-0.

2. David L. Cannon, “CISA Certified Information Systems Auditor Study Guide”, SYBEX Publication. ISBN: 978-0-470-23152-4.

L T P C IS2110 Storage Management & Security 3 0 0 3 Total Contact Hours – 45 Prerequisite Nil PURPOSE The purpose is to understand the managing information in storage system and effective security implementation on platforms. INSTRUCTIONAL OBJECTIVES 1. To explain the basic information storage and retrieval concepts. 2. To understand the issues those are specific to efficient information retrieval. 3. To design and implement a small to medium size information storage and

Retrieval system. 4. To implement security issues while storing and retrieving information. Unit I (9 Hours) Storage System- Intro to Information Storage and Management, Storage System Environment, Data Protection : Raid, Intelligent Storage System. Unit II (9 Hours) Storage Networking Technologies and Virtualization, Storage Networks, Network Attached Storage, IP SAN, Content Addressed Storage, Storage Virtualization. Unit III (9 Hours) Introduction to Business Continuity, Backup and Recovery, Local Replication, Remote Replication. Unit IV (9 Hours) Securing the storage Infrastructure, Storage Security Framework, Risk Triad, Storage Security Domains, Security Implementation in Storage Networking. Unit V (9 Hours) Managing the Storage Infrastructure, Monitoring the Storage Infrastructure, Storage Management Activities, Developing an Ideal Solution, Concepts in Practice, References: 1. Information Storage and Management: Storing, Managing, and Protecting Digital Information, EMC Corporation 2. John Chirillo, Scott Blaul, “Storage Security: Protecting SAN, NAS and DAS”, Wiley Publishers, 2003 3. David Alexander , Amanda French , David Sutton ,”Information Security Management Principles” The British Computer Society, 2008

PURPOSE

Cloud computing has drawn the attention of many business organization and normal users of computers in the recent past. Security aspects of cloud computing have always been subjected to many criticisms. Hence it becomes important for any security professional to possess an understanding of the cloud architecture and methods to secure the same. The aforementioned fact evident the need for the course.

INSTRUCTIONAL OBJECTIVES 1. Understand the fundamentals of cloud computing.

2. Understand the requirements for an application to be deployed in a cloud. 3. Become knowledgeable in the methods to secure cloud.

L T P C IS2111 Cloud Architectures and Security 2 0 2 3 Total Contact Hours – 60 (Theory – 30, Practical – 30) Pre-requisite Knowledge of TCP/IP, Cryptography and Network security

is preferred

Unit I (4 hours)

Cloud Computing Fundamental: Cloud Computing definition, private, public and hybrid cloud. Cloud types; IaaS, PaaS, SaaS. Benefits and challenges of cloud computing, public vs private clouds, role of virtualization in enabling the cloud; Business Agility: Benefits and challenges to Cloud architecture.

Unit II (6 hours)

Cloud Applications: Technologies and the processes required when deploying web services-Deploying a web service from inside and outside a cloud architecture, advantages and disadvantages- Development environments for service development; Amazon, Azure, Google App.

Unit III (5 hours)

Security Concepts: Confidentiality, privacy, integrity, authentication, non-repudiation, availability, access control, defence in depth, least privilege- how these concepts apply in the cloud and their importance in PaaS, IaaS and SaaS. e.g. User authentication in the cloud;

Unit IV (7 hours)

Multi-tenancy Issues: Isolation of users/VMs from each other- How the cloud provider can provide this- Virtualization System Security Issues: e.g. ESX and ESXi Security, ESX file system security- storage considerations, backup and recovery- Virtualization System Vulnerabilities

Unit V (8 hours)

Security management in the cloud – security management standards- SaaS, PaaS, IaaS availability management- access control- Data security and storage in cloud

References

1. GautamShroff, Enterprise Cloud Computing Technology Architecture Applications [ISBN: 978-0521137355]

2. Toby Velte, Anthony Velte, Robert Elsenpeter, Cloud Computing, A Practical Approach [ISBN: 0071626948]

3. Tim Mather, SubraKumaraswamy, ShahedLatif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance [ISBN: 0596802765]

4. Ronald L. Krutz, Russell Dean Vines, Cloud Security [ISBN: 0470589876]

L T P C IS2112 Cyber Law 3 0 0 3 Total contact hours – 45 Prerequisite Nil PURPOSE The purpose is to understand the basics of cyber law and its related issues. INSTRUCTIONAL OBJECTIVES 1. To explain the basic information on cyber security. 2. To understand the issues those are specific to amendment rights. 3. To have knowledge on copy right issues of software’s. 4. To understand ethical laws of computer for different countries. Unit-I (9 hours) Introduction-Cyber Security and its problem-Intervention Strategies: Redundancy, Diversity and Autarchy. Unit-II (9 hours) Private ordering solutions, Regulation and Jurisdiction for global Cyber security, Copy Right-source of risks, Pirates, Internet Infringement, Fair Use, postings, criminal liability, First Amendments, Data Losing. Unit-III (9 hours) Copy Right-Source of risks,Pirates,InternetInfringement,FairUse,postings,CriminalLiability,First Amendments,Losing Data, Trademarks, Defamation, Privacy-Common Law Privacy, Constitutional law,Federal Statutes, Anonymity, Technology expanding privacy rights. Unit-IV (9 hours) Duty of Care, Criminal Liability, Procedural issues, Electronic Contracts & Digital Signatures, Misappropriation of information, Civil Rights, Tax, Evidence. Unit-V (9 hours) Ethics, Legal Developments, Late 1990 to 2000,Cyber security in Society, Security in cyber laws case studies, General law and Cyber Law-a Swift Analysis. REFERENCES: 1. Jonathan Rosenoer,“Cyber Law: The law of the Internet”, Springer-Verlag, 1997 2. Mark F Grady, FransescoParisi, “The Law and Economics of Cyber Security”, Cambridge University Press, 2006