NOORUL ISLAM CENTRE FOR HIGHER EDUCATION

NOORUL ISLAM UNIVERSITY, KUMARACOIL

M.E. CYBER SECURITY

CURRICULUM & SYLLABI

SEMESTER – I

SL.

NO.

SUBJECT

CODESUBJECT L T P C

Theory

1. MA1508 Mathematical Foundations of Cyber Security 3 1 0 4

2. CY1501 Applied Cryptography 3 0 0 3

3. CS1502 Advanced Data Structures and Algorithms 3 0 0 3

4. CY1502 Cyber Security Threats 3 0 0 3

5. CY1503 Advanced Operating System and its Security 3 0 0 3

6. XX15E1 Elective I 3 0 0 3

Practical

7. CY1571Operating System and Data Structures Lab 0 1 2 2

Total 18 2 2 21

MA1508 MATHEMATICAL FOUNDATIONS OF CYBER SECURITY3 1 0 4

UNIT I NUMBER THEORY- Introduction - Divisibility - Greatest common divisor- Prime numbers - Fundamental theorem of arithmetic - Mersenne primes - Fermatnumbers - Euclidean algorithm Fermat’s theorem - Euler totient function - Euler’stheoerem. Congruences: Definition - Basic properties of congruences - Residue classes(excluding proof of theorems) - Chinese remainder theorem.

UNIT I I ALGEBRAIC STRUCTURES - Groups – Cyclic groups, Cosets,Modulo groups - Primitive roots - Discrete logarithms. Rings – Sub rings, ideals andquotient rings, Fields (Simple Examples) – Lattice, Lattice as Algebraic system, sublattices.

UNIT III PROBABILITY THEORY - Introduction – Concepts of Probability -Conditional Probability - Baye’s Theorem - Random Variables – discrete andcontinuous-Expectation-MGF

UNIT IV STOCHASTIC PROCESSES - Classification – Stationary randomprocesses – Ergodic process – Markov process- Markov Chain

Unit V SIMULATION - Discrete Event Simulation – Stochastic Simulation -Monte Carlo Simulation – Generation of Random Numbers using Congruent method –Applications to Queueing systems.

L: 45 + T: 15, TOTAL: 60 PERIODSREFERENCES:

1. Kenneth H.Rosen, ‘Discrete Mathematics and its Applications’, McGraw Hill,2006.

2. Joseph A. Gallian, ‘’Contemporary Abstract Algebra’, Narosa, 1998.3. Sheldon M Ross, “Introduction to Probability Models”, Academic Press, 2003.4. Peebles Jr., P.Z., “Probability, Random Variables and Random Signal

Principles”, McGraw-Hill Inc..2002.5. J.K. Sharma, “ Operations Research “ Macmillan, 2003.

CY1501 APPLIED CRYPTOGRAPHY 3 0 0 3

UNIT I INTRODUCTION: Cryptography and modern cryptography – Thesetting of private-key encryption – Historical ciphers and their cryptanalysis – Basicprinciples of modern cryptography – Services, Mechanisms and Attacks – OSI securityarchitecture.

UNIT II SYMMETRIC TECHNIQUES: Definition – Substitution ciphers –Transposition ciphers - Stream and block ciphers - A5, RC4 .Characteristics of goodciphers - SDES- Data Encryption Standard (DES) – International Data Encryption

Algorithm – Advanced Encryption Standard – Block cipher modes of operation –Confidentiality using symmetric encryption.

UNIT III ASYMMETRIC TECHNIQUES: Principles of Public KeyCryptosystems – The RSA Algorithm – Key Management – Diffie Hellman KeyExchange – Elliptic Curve Cryptography – over reals, prime fields and binary fields,Applications, Practical considerations. Cryptography in Embedded Hardware.

UNIT IV DATA AUTHENTICATION: Authentication requirements –Authentication functions – Message Authentication Codes (MAC) – Hash functions –Security of hash functions and MACs. MD5 Message Digest Algorithm – Secure HashAlgorithm (SHA) –RIPMED160 – HMAC.

UNIT V DIGITAL SIGNATURES AND CRYPTOGRAPHY TOOLS: DigitalSignatures - Authentication Protocols - Digital Signature Standard (DSS). CryptographyTools: TrueCrypt- AxCrypt. Cryptography-Case Studies.

TOTAL: 45 PERIODSREFERENCES:1. Bernard Menezes, “Network Security and Cryptography”, Cengage Learning, New

Delhi, 2010.2. William Stallings, “Cryptography and Network Security, Prentice Hall, New Delhi,

2006.3. Wenbo Mao, “Modern Cryptography – Theory and Practice”, Pearson Education,

New Delhi, 2006.4. Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman &

Hall/CRC, New York, 2007.5. Bruce Schneier, “Applied Cryptography”, John Wiley & Sons, New York, 2004.6. http://www.truecrypt.org/docs/tutorial.7. http://www.darknessgate.com/index.php/security-tutorials/using-encryption-

tools/axcrypt/.

CS1502 ADVANCED DATA STRUCTURES AND ALGORITHMS 3 0 0 3

AIMTo provide an in-depth knowledge in problem solving techniques and data

structures with C++.

OBJECTIVE To learn the systematic way of solving problems To understand the different methods of organizing large amounts of data To learn to program in C++ To efficiently implement the different data structures To efficiently implement solutions for specific problems

UNIT I INTRODUCTION 8Basic concepts of OOPs – Templates – Algorithm Analysis – ADT - List (Singly, Doublyand Circular) Implementation - Array, Pointer, Cursor Implementation

UNIT II BASIC DATA STRUCTURES 11Stacks and Queues – ADT, Implementation and Applications - Trees – General, Binary,Binary Search, Expression Search, AVL, Splay, B-Trees – Implementations - TreeTraversals.

UNIT III ADVANCED DATA STRUCTURES 10Set – Implementation – Basic operations on set – Priority Queue – Implementation -Graphs – Directed Graphs – Shortest Path Problem - Undirected Graph - Spanning Trees– Graph Traversals

UNIT IV MEMORY MANAGEMENT 7Issues - Managing Equal Sized Blocks - Garbage Collection Algorithms for Equal SizedBlocks - Storage Allocation for Objects with Mixed Sizes - Buddy Systems - StorageCompaction

UNIT V SEARCHING, SORTING AND DESIGN TECHNIQUES 9Searching Techniques, Sorting – Internal Sorting – Bubble Sort, Insertion Sort, QuickSort, Heap Sort, Bin Sort, Radix Sort – External Sorting – Merge Sort, Multi-way MergeSort, Polyphase Sorting - Design Techniques - Divide and Conquer - DynamicProgramming - Greedy Algorithm – Backtracking - Local Search Algorithms

TOTAL: 45 PERIODSREFERNCES

1. Mark Allen Weiss, “Data Structures and Algorithm Analysis in C++”, PearsonEducation, 2002.

2. Aho, Hopcroft, Ullman, “Data Structures and Algorithms”, Pearson Education,2002

3. Horowitz, Sahni, Rajasekaran, “Computer Algorithms”, Galgotia, 20004. Tanenbaum A.S., Langram Y, Augestien M.J., ”Data Structures using C & C++”,

Prentice Hall of India, 2002

CY1502 CYBER SECURITY THREATS 3 0 0 3

UNIT I CYBER SECURITY THREATS: Introduction and Overview of CyberCrime, Nature and Scope of Cyber Crime, Types of Cyber Crime: Social Engineering,Categories of Cyber Crime, Property Cyber Crime.

UNIT II SECURITY THREATS: Introduction: Security threats - Sources ofsecurity threats- Motives - Target Assets and vulnerabilities – Consequences of threats-E-mail threats - Web-threats - Intruders and Hackers, Insider threats.

UNIT III NETWORK THREATS: Active/Passive – Interference – Interception –Impersonation – Worms – Virus – Spam’s – Ad ware - Spy ware – Trojans and covertchannels – Backdoors – Bots – IP Spoofing - ARP spoofing - Session Hijacking -Sabotage-Internal treats- Environmental threats - Threats to Server security.

UNIT IV SECURITY ELEMENTS: Authorization and Authentication - Types,policies and techniques – Security certification - Security monitoring and Auditing -Security Requirements Specifications - Security Polices and Procedures, Firewalls, IDS,Log Files, Honey Pots

UNIT V THREAT MANAGEMENT AND CRITICAL INFRASTRUCTUREPROTECTION: Security Threat Management: Risk Assessment - Forensic Analysis -Security threat correlation – Threat awareness - Vulnerability sources and assessment-Vulnerability assessment tools - Threat identification - Threat Analysis - ThreatModeling - Model for Information Security Planning, Critical Infrastructure Protection.

TOTAL: 45 PERIODSREFERENCES:1. Bernadette H Schell, Clemens Martin, “Cyber Crime”, ABC-CLIO Inc, California,

2004.2. Joseph M Kizza, “Computer Network Security”, Springer Verlag, 2005.3. Swiderski, Frank and Syndex, “Threat Modeling”, Microsoft Press, 2004.4. William Stallings and Lawrie Brown, “Computer Security: Principles and Practice”,

Prentice Hall, 2008.5. Thomas Calabres and Tom Calabrese, “Information Security Intelligence:

Cryptographic Principles & Application”, Thomson Delmar Learning, 2004.

CY1503 ADVANCED OPERATING SYSTEM AND ITS SECURITY 3 0 0 3

UNIT I INTRODUCTION: Operating System concepts – Functions – Structureof Operating system – Types of Operating System.

UNIT II PROCESS MANAGEMENT: Introduction to processes – ProcessScheduling - Threads-CPU Scheduling objectives, criteria – Types of schedulingalgorithms – Performance comparison – Inter process Communications- Synchronization– Semaphores – Dead lock Prevention, Recovery, Detection and Avoidance

UNIT III MEMORY MANAGEMENT: Single contiguous allocation – Partitionedallocation – Paging – Virtual memory concepts – Swapping – Demand paging – PageReplacement Algorithms – Segmentation.

UNIT IV DEVICE AND FILE MANAGEMENT: Principles of I/O hardware –I/O software – Disks – Disk Scheduling Algorithms--File Systems - Files andDirectories- File System Implementation - Allocation Methods, File Recovery.

UNIT V SECURITY ISSUES: Protection in General Purpose Operating Systems:protected objects and methods of protection – memory and address protection – controlof access to general objects – file protection Mechanisms – user authentication -Designing Trusted Operating Systems

TOTAL: 45 PERIODSREFERENCES:1. Silberschatz A, Galvin P, Gagne G, "Operating Systems Concepts", John Wiley &

Sons, Singapore, 2006.2. Michael Palmer, Guide to Operating Systems Security”, Course Technology –

Cengage Learning, New Delhi, 20083. Charles P. Pleeger, "Security in Computing", Prentice Hall, New Delhi, 20094. Deitel H M, “Operating Systems ", PHI/ Pearson Education, New Delhi, 2004.

CY1571 OPERATING SYSTEM AND DATA STRUCTURES LAB

1. Implementation of Stack and Infix to postfix conversion.2. Implementation of Queue, Circular Queue, De queue and Priority Queue.3. Implementation of Linked list and Double Linked List.4. Implementation of Binary Tree, Traversal Techniques and BST.5. Implementation of Prim’s algorithm.6. Implementation of Sort using Divide Conquer Method.7. Implementation of Quick, Bubble, Radix and Heap Sort.8. Implementation of Linear and Binary search.9. Implement the following CPU Scheduling Algorithms.

a. i) FCFS ii) Round Robin iii) Shortest Job First.10. Implement Best fit, First Fit Algorithm for Memory Management.11. Implement FIFO page Replacement Algorithm.12. Implement LRU page Replacement Algorithm.13. Implement the creation of Shared memory Segment.14. Implement File Locking.

TOTAL: 45 PERIODS

REFERENCES:1. Silberschatz, Galvin, Gagne “ Operating System Concepts” Sixth Edition, 20032. Mark Allen Weiss, “Data Structures and Algorithm Analysis in C++”, Pearson

Education, 2002.3. K.R Venugopal, Rajkumar Buyya, T. Ravishankar, “Mastering C++”, TMH 2003.

NOORUL ISLAM CENTRE FOR HIGHER EDUCATION

NOORUL ISLAM UNIVERSITY, KUMARACOIL

M.E. CYBER SECURITY

CURRICULUM & SYLLABI

SEMESTER – II

SL.

NO.

SUBJECT

CODESUBJECT L T P C

Theory

1. CY1504Cybercrime Investigations and DigitalForensics

3 0 0 3

2. CY1505 Database Design and Security 3 0 0 3

3. CY1506 Distributed Systems Security 3 0 0 3

4. CY1507 Advanced Network Security 3 0 0 3

5. CY1508 Cyber Law and Security Policies 3 0 0 3

6. XX15E2 Elective II 3 0 0 3

Practical

7. CY1572 Database and Cyber Security Lab 0 1 2 2

Total 18 1 2 20

CY1504 CYBERCRIME INVESTIGATIONS AND DIGITAL FORENSICS3 0 0 3

UNIT I INTRODUCTION: Introduction and Overview of Cyber Crime, Digitallaws and legislation, Law Enforcement Roles and Responses, Social engineering, Policiesfollowed in cybercrime investigations.

UNIT II CYBER CRIME ISSUES: Unauthorized Access to Computers,Computer Intrusions, White collar Crimes, Viruses and Malicious Code, Internet Hackingand Cracking, Virus Attacks, Pornography, Software Piracy, Intellectual Property, MailBombs, Exploitation ,Stalking and Obscenity in Internet.

UNIT III INVESTIGATION: Introduction to Cyber Crime Investigation,Investigation Tools, e Discovery, Digital Evidence Collection, Evidence Preservation, E-Mail Investigation, E-Mail Tracking, IP Tracking, E-Mail Recovery, Hands on CaseStudies. Encryption and Decryption Methods, Search and Seizure of Computers,Recovering Deleted Evidences, Password Cracking.

UNIT IV DIGITAL FORENSICS: Introduction to Digital Forensics, ForensicSoftware and Hardware, Analysis and Advanced Tools, Forensic Technology andPractices, Forensic Ballistics and Photography, Face, Iris and Fingerprint Recognition,Audio Video Analysis.

UNIT V OPERATING SYSTEM FORENSICS: Windows System Forensics,Linux System Forensics, MAC system forensics, Mobile Phone OS Forensics: Android,BADA, IOS, Windows OS, BlackBerry, Symbian, Network Forensics.

TOTAL: 45 PERIODSREFERENCES:1. Nelson Phillips and Enfinger Steuart, “Computer Forensics and Investigations”,

Cengage Learning, New Delhi, 2009.2. Kevin Mandia, Chris Prosise, Matt Pepe, “Incident Response and Computer Forensics

“, Tata McGraw -Hill, New Delhi, 2006.3. Robert M Slade,” Software Forensics”, Tata McGraw - Hill, New Delhi, 2005.4. Bernadette H Schell, Clemens Martin, “Cybercrime”, ABC – CLIO Inc, California,

2004.5. ”Understanding Forensics in IT “, NIIT Ltd, 2005.

CY1505 DATABASE DESIGN AND SECURITY 3 0 0 3

UNIT I INTRODUCTION: Data models, structure of relational databases,component of management system – DDL, DML, database languages, SQL standard,database users and administrators.

UNIT II RELATIONAL DBMS: Design issues - basic normal forms andadditional normal forms, Transforming E-R diagram to relations, Integrity constraints,Query processing and optimization.

UNIT III TRANSACTION PROCESSING: Transaction concept, concurrentexecution, isolation, testing for serializability, Concurrency control, lock based - time-stamp based - validation based protocols, multi-version schemes, deadlock handling.

UNIT IV DATABASE SECURITY: Introduction to database security, securitymodels, physical and logical security, security requirements, reliability and integrity,sensitive data, inference, multilevel databases and multilevel security, access control-mandatory and discretionary , security architecture, issues.

UNIT V SECURITY ISSUES: Application access, security and authorization,authorization in SQL, encryption and authentication, secure replication mechanisms,Audit- logon/logoff, sources, usage and errors, changes, external audit systemarchitecture, archive and secure auditing information.

TOTAL: 45 PERIODSREFERENCES:1. Abraham Silberschatz, Hanry F Korth, Sudarshan S, “Database Systems Concepts”,

McGraw Hill, 2007.2. Ron Ben Natan, “Implementing database security and auditing”, Elsevier

publications, 2005.3. Hassan A. Afyduni, “Database Security and Auditing”, Course Technology –

Cengage Learning, NewDelhi, 2009.4. Raghu Ramakrishnan, "Database Management Systems", McGraw Hill/ Third

Edition,20035. Ramez Elmasri, Shamkant B. Navathe , “Fundamentals of Database System” Addison

Wesley, New Delhi/Fourth Edition 20046. M. Gertz, and S. Jajodia, Handbook of Database Security- Application and Trends,

2008, Springer.

CY1506 DISTRIBUTED SYSTEMS SECURITY 3 0 0 3

UNIT I INTRODUCTION: Distributed Systems, Distributed Systems Security.Security in Engineering: Secure Development Lifecycle Processes - A Typical SecurityEngineering Process – Security Engineering Guidelines and Resources. CommonSecurity Issues and Technologies: Security Issues, Common Security Techniques.

UNIT II HOST-LEVEL THREATS AND VULNERABILITIES: Transientcode Vulnerabilities - Resident Code Vulnerabilities - Malware: Trojan Horse – Spyware- Worms/Viruses – Eavesdropping – Job Faults. Infrastructure-Level Threats andVulnerabilities: Network-Level Threats and Vulnerabilities - Grid Computing Threats

and Vulnerabilities – Storage Threats and Vulnerabilities – Overview of InfrastructureThreats and Vulnerabilities.

UNIT III APPLICATION-LEVEL THREATS AND VULNERABILITIES:Application-Layer Vulnerabilities –Injection Vulnerabilities - Cross-Site Scripting (XSS)- Improper Session Management - Improper Error Handling - Improper Use ofCryptography - Insecure Configuration Issues - Denial of Service - CanonicalRepresentation Flaws - Overflow Issues. Service-Level Threats and Vulnerabilities: SOAand Role of Standards - Service-Level Security Requirements - Service-Level Threatsand Vulnerabilities - Service-Level Attacks - Services Threat Profile.

UNIT IV. HOST-LEVEL SOLUTIONS: Sandboxing – Virtualization - ResourceManagement - Proof-Carrying Code -Memory Firewall – Antimalware. Infrastructure-Level Solutions: Network-Level Solutions - Grid-Level Solutions - Storage-LevelSolutions. Application-Level Solutions: Application-Level Security Solutions. CloudComputing- Security Threats.

UNIT V SERVICE-LEVEL SOLUTIONS: Services Security Policy - SOASecurity Standards Stack – Standards in Depth - Deployment Architectures for SOASecurity - Managing Service-Level Threats - Compliance in Financial Services - SOXCompliance - SOX Security Solutions – Multilevel Policy-Driven Solution Architecture -Case Study: Grid - The Financial Application – Security Requirements Analysis. FutureDirections - Cloud Computing Security – Security Appliances - User centric IdentityManagement - Identity-Based Encryption (IBE) - Virtualization in Host Security.

TOTAL: 45 PERIODSREFERENCES:1. Abhijit Belapurakar, Anirban Chakrabarti and et al., “Distributed Systems Security:

Issues. Processes and solutions”, Wiley, Ltd., Publication, 2009.2. Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, Niranjan

Varadarajan, Srinivas Padmanabhuni and Srikanth Sundarrajan, “DistributedSystems Security: Issues, Processes and Solutions”, Wiley publications, 2009.

3. Rachid Guerraoui and Franck Petit, “Stabilization, Safety, and Security ofDistributed Systems”, Springer, 2010.

CY1507 ADVANCED NETWORK SECURITY 3 0 0 3

UNIT I IP & WEB SECURITY: IP security: Overview - Architecture –Authentication Header - Encapsulating Security Payload - Key management – Websecurity: Web security considerations – Secure Socket Layer and Transport LayerSecurity – Secure electronic transaction – Web issues

UNIT II ELECTRONIC MAIL SECURITY: Store and forward – Securityservices for e-mail – Establishing keys – Privacy – Authentication of the Source –Message Integrity – Non-repudiation – Proof of submission and delivery - Pretty GoodPrivacy – Secure/Multipurpose Internet Mail Extension.

UNIT III WIRELESS SECURITY: - Kinds of security breaches - Eavesdropping -Communication Jamming - RF interference - Covert wireless channels - DOS attack –Spoofing - Theft of services - Traffic Analysis - Cryptographic threats - Wireless securityStandards.

UNIT IV BLUETOOTH SECURITY: Basic specifications – Pico nets – Bluetoothsecurity architecture – Scatter nets – Security at the baseband layer and link layer –Frequency hopping – Security manager – Authentication – Encryption – Threats toBluetooth security.

UNIT V SYSTEM SECURITY: Intruders – Intrusion detection – Passwordmanagement – Malicious software: Viruses and related threats – virus countermeasures –Firewalls: Firewall design principles – Firewall configurations – Trusted systems

TOTAL: 45 PERIODSREFERENCES:1. Charles P. Fleeger, "Security in Computing", Prentice Hall, New Delhi, 20092. Behrouz A.Forouzan, “Cryptography & Network Security”, Tata McGraw Hill,

India, New Delhi, 2009.3. William Stallings, “Cryptography and Network Security, Prentice Hall, New Delhi,

2006.4. Chalie Kaufman, Radia Perlman, Mike Speciner, “Network Security: Private

Communication in a Public Network”, Pearson Education, New Delhi, 2004.5. Neal Krawetz, “Introduction to Network Security”, Thomson Learning, Boston,

2007.6. Nichols and Lekka, “Wireless Security-Models, Threats and Solutions”, Tata

McGraw – Hill, New Delhi, 2006.7. Merritt Maxim and David Pollino,”Wireless Security”, Osborne/McGraw Hill, New

Delhi, 2005.8. William Stallings, “Cryptography and Network Security - Principles and practices,

Prentice Hall, New Delhi, 2006.

CY1508 CYBER LAW AND SECURITY POLICIES 3 0 0 3

UNIT I INTRODUCTION TO COMPUTER SECURITY: Definition, Threatsto security, National Security policies, Information Protection and Access Controls,Computer security efforts, Standards, Computer Security mandates and legislation,Privacy considerations, International security activity.

UNIT II SECURE SYSTEM PLANNING: Administration, Introduction to theorange book, Security policy requirements, accountability, assurance and documentationrequirements, Network Security, The Red book and Government network evaluations.

UNIT III LAWS AND ETHICS: IT Act 2000, IT Act 2008(Amendment),Controller of Certifying Authorities, Digital Evidence Controls, Evidence HandlingProcedures, Basics of Indian Evidence Act, IPC and CrPC , Electronic CommunicationPrivacy ACT, Legal Policies.

UNIT IV INFORMATION SECURITY: Fundamentals-Responsibilities ofEmployer(s), /Employees- Information classification- Information handling- Tools ofInformation Security- Information processing-secure program administration.

UNIT V ORGANIZATIONAL AND HUMAN SECURITY: Adoption ofInformation Security Management Standards, Human Factors in Security- Role ofInformation Security professionals.

TOTAL: 45 PERIODS

REFERENCES:1. Pavan Duggal,” Cyber Laws”, “Mobile law”.2. Thomas R. Peltier, “Information Security policies and procedures: A Practitioner’s

Reference”, 2nd Edition Prentice Hall, 2004.3. Kenneth J. Knapp, “Cyber Security and Global Information Assurance: Threat

Analysis and Response Solutions”, IGI Global, 2009.4. Thomas R Peltier, Justin Peltier and John Blackley, ”Information Security

Fundamentals”, 2nd Edition, Prentice Hall, 19965. Jonathan Rosenoer, “Cyber law: the Law of the Internet”, Springer-verlag, 1997.6. S.V. Joga Rao, “Law of Cyber crimes and Information Technology Law”2007.7. Vivek Sood, “Cyber crimes Electronics Evidence and Investigations”2010.8. Vimlendu Tayal, “ Cyber Law Cyber crime Internet and E Commerce” 2011.9. M K Sharma, “Cyber Warfare and power of Unseen” 2011.10. Aparna Viswanathan, “Cyber Law Indian and International Perspective” 2012.

CY1572 DATABASE AND CYBER SECURITY LAB

1. Creating a database for an application using DDL.

2. Setting up of integrity constraints.

3. Data manipulation using DML queries.

4. Use Rollback, commit, save point, grant and revoke commands.

5. Creation, deletion and modification of users and implementing authentication

mechanisms for different users.

6. Designing and implementing password policies.

7. Implementation of Substitution and Transposition ciphers

8. Implementation of Data Encryption Standard

9. Implementation of International Data Encryption Algorithm

10. Implementation of Advanced Encryption Standard

11. Implementation of RSA Algorithm

12. Implementation of Diffie-Hellman Key Exchange

13. Implementation of Message Authentication Codes

14. Implementation of Hash functions

15. Implementation of Digital Signature Standard

16. Hiding of confidential information within Image

TOTAL: 45 PERIODS

NOORUL ISLAM CENTRE FOR HIGHER EDUCATION

NOORUL ISLAM UNIVERSITY, KUMARACOIL

M.E. CYBER SECURITY

CURRICULUM & SYLLABI

SEMESTER – III

SL.

NO.

SUBJECT

CODESUBJECT L T P C

THEORY

1. XX15E3 Elective III 3 0 0 3

2. XX15E4 Elective IV 3 0 0 3

3. XX15E5 Elective V 3 0 0 3

PRACTICAL

4. CY1573 Cyber Crime Investigations Lab 0 1 2 2

5. CY15P1 Project Work Phase - I 0 0 12 6

Total 9 1 14 17

NOORUL ISLAM CENTRE FOR HIGHER EDUCATION

NOORUL ISLAM UNIVERSITY, KUMARACOIL

M.E. CYBER SECURITY

CURRICULUM & SYLLABI

SEMESTER – IV

SL.No.

SUBJECT

CODESUBJECT L T P C

PRACTICAL

1 CY15P5 Project Work Phase-II 0 0 36 18

TOTAL 0 0 36 18

NOORUL ISLAM CENTRE FOR HIGHER EDUCATION

NOORUL ISLAM UNIVERSITY, KUMARACOIL

M.E. CYBER SECURITY

LIST OF ELECTIVES

1. CY15A1 Ethical Hacking 3 0 0 3

2. CY15A2 Digital Watermarking and Steganography 3 0 0 3

3. CY15A3 Biometric Security 3 0 0 3

4. CY15A4 Intrusion Detection and Prevention System 3 0 0 3

5. CY15A5 Forensics and Incident Response 3 0 0 3

6. CY15A6 Pattern Recognition 3 0 0 3

7. CY15A7 Biometric Image Processing 3 0 0 3

CY15A1 ETHICAL HACKING 3 0 0 3

UNIT I ETHICAL HACKING OVERVIEW: Introduction - Certified EthicalHackers – Network and Computer Attacks – Ethical Hacking Plan – HackingMethodology. Legal Issues and Law Enforcement.

UNIT II FOOTPRINTING AND SOCIAL ENGINEERING: Foot printingTools – Conducting Competitive Intelligence - DNS Zone Transfers – Introduction toSocial Engineering – Performing Social Engineering Attacks - Social EngineeringCountermeasures.

UNIT III SERVICE SCANNING: Introduction to Port Scanning – Types of PortScan – Port Scanning Tools - Conducting Ping Sweeps - Shell Scripting. Enumeration:Introduction - Enumerating Windows, Symbian, Java OS, Android and NetWareOperating Systems.

UNIT IV HACKING NETWORKS: Hacking Web Servers: Web Application –Web Application Vulnerabilities – Tools for Web Attackers and Security Testers.Hacking Wireless Network- Wireless Technology – Wireless Network Standards –Authentication – War driving – Wireless Hacking – Protecting Networks with SecurityDevices.

UNIT V HACKING OPERATING SYSTEMS: Windows: Vulnerabilities –Choosing Tools – Information Gathering – RPC – Null Sessions – Share Permissions –Hardcore Vulnerability Exploitation. Linux: Vulnerabilities – Information Gathering –Unconnected Services - .rhosts and hosts.equiv Files – NFS – File Permissions – BufferOverflow. Hacking Applications: Messaging Systems – Web Applications – MobileApplications - Databases - Reporting Results.

TOTAL: 45 PERIODSREFERENCES:1. Michael T. Simpson, “Ethical Hacking and Network Defense”, Cengage Learning,

New Delhi, 2010.2. Kevin Beaver, “Hacking for Dummies”, Wiley Publication, India, 2007.3. Ankit Fadia, “Unofficial Guide to Ethical Hacking”, Macmillan Company, New

Delhi, 2001.

CY15A2 DIGITAL WATERMARKING AND STEGANOGRAPHY 3 0 0 3

UNIT I WATERMARKING MODELS & MESSAGE CODING: Introduction-Information Hiding, Steganography and Watermarking – History of watermarking –Importance of digital watermarking – Applications – Properties – Evaluatingwatermarking systems. Notation – Communications – Communication based models –

Geometric models – Mapping messages into message vectors – Error correction coding –Detecting multi-symbol watermarks

UNIT II WATERMARKING WITH SIDE INFORMATION & ANALYZINGERRORS: Informed Embedding – Informed Coding – Structured dirty-paper codes -Message errors – False positive errors – False negative errors – ROC curves – Effect ofwhitening on error rates.

UNIT III PERCEPTUAL MODELS: Evaluating perceptual impact – Generalform of a perceptual model – Examples of perceptual models – Robust watermarkingapproaches - Redundant Embedding, Spread Spectrum Coding, Embedding inPerceptually significant coefficients. Watermark Security & Authentication: Securityrequirements – Watermark security and cryptography – Attacks – Exact authentication –Selective authentication – Localization – Restoration.

UNIT IV INTRODUCTION TO DIGITAL STEGANOGRAPHY:Types ofSteganography, Technical Steganography, Linguistic Steganography, DigitalSteganography, Applications of Steganography, Cover Communication, One-Time PadCommunication, Embedding Security and Imperceptibility, Examples of SteganographicSoftware, S-Tools, StegoDos, EzStego, Jsteg-Jpeg.

UNIT V STEGANOGRAPHY COMMUNICATION: Notation and terminology– Information-theoretic foundations of steganography – Practical steganographic methods– Minimizing the embedding impact – Steganalysis

TOTAL: 45 PERIODSREFERENCES:1. Ingemar J. Cox, Matthew L. Miller, Jeffrey A. Bloom, Jessica Fridrich, Ton Kalker,

“Digital Watermarking and Steganography”, Margan Kaufmann Publishers, NewYork, 2008.

2. Ingemar J. Cox, Matthew L. Miller, Jeffrey A. Bloom, “Digital Watermarking”,Margan Kaufmann Publishers, New York, 2003.

3. Michael Arnold, Martin Schmucker, Stephen D. Wolthusen, “Techniques andApplications of Digital Watermarking and Contest Protection”, Artech House,London, 2003.

4. Juergen Seits, “Digital Watermarking for Digital Media”, IDEA Group Publisher,New York, 2005.

5. Peter Wayner, “Disappearing Cryptography – Information Hiding: Steganography &Watermarking”, Morgan Kaufmann Publishers, New York, 2002.

CY15A3 BIOMETRIC SECURITY 3 0 0 3

UNIT I INTRODUCTION: Biometric fundamentals – Biometric technologies –Biometrics Vs traditional techniques – Characteristics of a good biometric system –Benefits of biometrics – Key biometric processes: verification, identification andbiometric matching – Performance measures in biometric systems: FAR, FRR, FTErate, EER and ATV rate.

UNIT II PHYSIOLOGICAL BIOMETRICS : Leading technologies : Finger-scan – Facial-scan – Iris-scan – Voice-scan – components, working principles, competingtechnologies, strengths and weaknesses – Other physiological biometrics : Hand-scan,Retina-scan – components, working principles, competing technologies, strengthsand weaknesses – Automated fingerprint identification systems.

UNIT III BEHAVIOURAL BIOMETRICS: Leading technologies: Signature-scan– Keystroke scan – components, working principles, strengths and weaknesses.

UNIT IV BIOMETRIC APPLICATIONS: Categorizing biometric applications –application areas: criminal and citizen identification, surveillance, PC/network access, e-commerce and retail/ATM – costs to deploy – other issues in deployment

UNIT V PRIVACY AND STANDARDS IN BIOMETRICS: Assessing thePrivacy Risks of Biometrics – Designing Privacy-Sympathetic Biometric Systems – Needfor standards – different biometric standards.

TOTAL: 45 PERIODSREFERENCES:1. Samir Nanavati, Michael Thieme, Raj Nanavati, “Biometrics – Identity Verification

in a Networked World”, Wiley-dreamtech India Pvt Ltd, New Delhi, 20032. Paul Reid, “Biometrics for Network Security”, Pearson Education, New Delhi, 2004.3. John R Vacca, “Biometric Technologies and Verification Systems”, Elsevier Inc,

2007.4. Anil K Jain, Patrick Flynn, Arun A Ross, “Handbook of Biometrics”, Springer, 2008.

CY15A4 INTRUSION DETECTION AND PREVENTION SYSTEM3 0 0 3

UNIT I INTRODUCTION: Understanding Intrusion Detection – IntrusionDetection and Prevention basics – IDS and IPS analysis schemes, Attacks, Detectionapproaches –Misuse detection – anomaly detection – specification based detection –hybrid detection

UNIT II THEORETICAL FOUNDATIONS OF DETECTION: Taxonomy ofanomaly detection system – fuzzy logic – Bayes theory – Artificial Neural networks –Support vector machine – Evolutionary computation – Association rules – Clustering

UNIT III ARCHITECTURE AND IMPLEMENTATION: Centralized –Distributed – Cooperative Intrusion Detection - Tiered architecture.

UNIT IV JUSTIFYING INTRUSION DETECTION: Intrusion detection insecurity – Threat Briefing – Quantifying risk – Return on Investment (ROI)

UNIT V APPLICATIONS AND TOOLS: Tool Selection and AcquisitionProcess - Bro Intrusion Detection – Prelude Intrusion Detection - Cisco Security IDS -Snorts Intrusion Detection – NFR security. Legal Issues and Organizations Standards:Law Enforcement / Criminal Prosecutions – Standard of Due Care – Evidentiary Issues,Organizations and Standardizations.

TOTAL: 45 PERIODSREFERENCES:1. Ali A. Ghorbani, Wei Lu, “Network Intrusion Detection and Prevention: Concepts

and Techniques”, Springer, 2010.2. Carl Enrolf, Eugene Schultz, Jim Mellander, “Intrusion detection and Prevention”,

McGraw Hill, 20043. Paul E. Proctor, “The Practical Intrusion Detection Handbook “, Prentice Hall,

2001.4. Ankit Fadia and Mnu Zacharia, “Intrusion Alert”, Vikas Publishing house Pvt., Ltd,

2007.5. Earl Carter, Jonathan Hogue, “Intrusion Prevention Fundamentals”, Pearson

Education, 2006.

CY15A5 FORENSICS AND INCIDENT RESPONSE 3 0 0 3

UNIT I INCIDENT AND INCIDENT RESPONSE: Introduction to Incident -Incident Response Methodology – Steps - Activities in Initial ResponsePhase after detection of an incident

UNIT II INITIAL RESPONSE AND FORENSIC DUPLICATION: InitialResponse & Volatile Data Collection from Windows system. Initial Response & VolatileData Collection from UNIX system. Forensic Duplication: Forensic duplication:Forensic Duplicates as Admissible Evidence, Forensic Duplication Tool Requirements,Creating a Forensic Duplicate/Qualified Forensic Duplicate of a Hard Drive

UNIT III STORAGE AND EVIDENCE HANDLING: File Systems: FAT, NTFS- Forensic Analysis of File Systems - Storage Fundamentals: Storage Layer, Hard DrivesEvidence Handling: Types of Evidence, Challenges in evidence handling, Overview ofevidence handling procedure

UNIT IV NETWORK FORENSICS: Collecting Network Based Evidence -Investigating Routers - Network Protocols - Email Tracing - Internet Fraud

UNIT V SYSTEMS INVESTIGATION AND ETHICAL ISSUES: DataAnalysis Techniques - Investigating Live Systems (Windows &Unix) -Investigating Hacker Tools - Ethical Issues - Cybercrime

TOTAL: 45 PERIODSREFERENCES:1. Kevin Mandia, Chris Prosise, “Incident Response and computer forensics”, Tata

McGrawHill, 2006.2. Peter Stephenson, "Investigating Computer Crime: A Handbook for Corporate

Investigations", Sept 19993. Eoghan Casey, "Handbook Computer Crime Investigation's Forensic Tools and

Technology", Academic Press, 1st Edition, 20014. Skoudis. E., Perlman. R. Counter Hack: A Step-by-Step Guide to Computer

Attacks and Effective Defenses. Prentice Hall Professional Technical Reference.2001.

5. Norbert Zaenglein, "Disk Detective: Secret You Must Know to RecoverInformation From a Computer", Paladin Press, 2000

6. Bill Nelson,Amelia Philips and Christopher Steuart, “Guide to computer

forensics and investigations”, course technology,4thedition,ISBN: 1-435-49883-6

CY15A6 PATTERN RECOGNITION 3 0 0 3

UNIT I INTRODUCTION: Basic Concepts of Pattern Recognition- Fundamentalproblems in Pattern Recognition System Design- Design Concepts and Methodologies –Examples of Automatic Pattern Recognition Systems

UNIT II PATTERN CLASSIFICATION BY DISTANCE FUNCTIONS:Minimum Distance Pattern Classification – Cluster Seeking – Unsupervised PatternRecognition

UNIT III PATTERN CLASSIFICATION BY LIKELIHOOD FUNCTIONS:Introduction – Pattern Classification as a Statistical Decision Problem – Bayes Classifierfor Normal Patterns- Nonparametric decision making

UNIT IV PATTERN PREPROCESSING AND FEATURE SELECTION:Similarity and Distance – Clustering Transformations and Feature Ordering – Clusteringin Feature Selection – Feature selection through Divergence Maximization – BinaryFeature Selection

UNIT V CASE STUDIES IN PATTERN RECOGNITION: Clustering –Artificial Neural Networks – Image Analysis

TOTAL: 45 PERIODSREFERENCES:1. Earl Gose, Richard Johnsonbaugh and Steve Jost,”Pattern Recognition and Image

Analysis”, Prentice Hall, New Delhi, 2005.

2. Earl Gose Richard Johnsonbaugh Steve Jost, “Pattern Recognition and ImageAnalysis”, Prentice Hall, Inc, 2002.

3. Wolff D D Parsons M L, “Pattern Recognition Approach to Data Interpretation”,Plenum Press, 1983.

4. Julius T. Tou and Rafael C. Gonzalez, "Pattern Recognition Principles”, AddisonWesley, New Delhi

CY15A7 BIOMETRIC IMAGE PROCESSING 3 0 0 3

UNIT I FUNDAMENTALS: Digital Image representation - Fundamental steps inImage Processing - Elements of Digital Image Processing Systems - Sampling andQuantization - Basic relationships between pixels - Imaging Geometry - TransformationTechnology - The Fourier Transform, The Hadamard Transform, The Discrete CosineTransform.

UNIT II IMAGE PROCESSING METHODS: Image Enhancement: The SpatialDomain Methods, The Frequency Domain Methods - Image Segmentation: PixelClassification by Thresholding, Histogram Techniques, Smoothing and Thresholding -Gradient Based Segmentation: Gradient Image, Boundary Tracking, Laplacian EdgeDetection.

UNIT III FINGERPRINT BIOMETRICS: Fingerprint Patterns, FingerprintFeatures, Fingerprint Image, width between two ridges - Fingerprint Image Processing -Minutiae Determination - Fingerprint Matching: Fingerprint Classification, Matchingpolicies.

UNIT IV FACE RECOGNITION: Detection and Location of Faces: Statistics-Based method, Knowledge-Based method - Feature Extraction and Face Recognition:Gray value Based method, Geometry Feature Based method, Neural Networks method.

UNIT V IRIS BIOMETRICS: Iris System Architecture, Definitions and Notations- Iris Recognition: Iris location, Doubly Dimensionless Projection, Iris code, Comparison- Coordinate System: Head Tilting Problem, Basic Eye Model - Searching Algorithm -Texture Energy Feature. Fusion in Biometrics: Introduction to Multibiometrics -Information Fusion in Biometrics - Issues in Designing a Multibiometric System -Sources of Multiple Evidence - Levels of Fusion in Biometrics - Sensor level , Featurelevel, Rank level, Decision level fusion - Score level Fusion.

TOTAL: 45 PERIODSREFERENCES:1. David D. Zhang, “Automated Biometrics: Technologies and Systems”, Kluwer

Academic Publishers, New Delhi, 2000.2. Rafael C.Gonzalez, Richard E.Woods, Steven L.Eddins, “Digital Image

Processing”, Pearson Education, New Delhi, 2009.3. Arun A. Ross, Karthik Nandakumar, A.K.Jain, “Handbook of Multibiometrics”,

Springer, New Delhi, 2006.