Module 1
Introduction and Classical Cryptography:
Security Goals, Services, Mechanisms and attacks, Classical Encryption techniques (Symmetric cipher model, mono-alphabetic and poly-alphabetic substitution techniques: Vignere cipher, Playfair cipher, Affine cipher, Hill cipher, transposition techniques: keyed and keyless transposition ciphers, steganography).
Module 2
Block Ciphers and Public Key Cryptography:
Block cipher principles, block cipher modes of operation, DES, Double DES, Triple DES, Advanced Encryption Standard (AES), Blowfish
Public key cryptography: Principles of public key cryptosystems-The RSA algorithm, Diffie Hellman Key exchange algorithm, Man-in-the middle Attack in Diffie Hellman Algorithm
Module 3
Cryptographic Hashes and Digital Signatures:
Authentication requirement – Authentication function, Types of Authentication, MAC – Hash function – Security of hash function and MAC MD5 Message-Digest Algorithm, Secure Hash Algorithm, Digital signature, and authentication protocols: Needham Schroeder Authentication protocol, Digital Signature Schemes – RSA, Digital Certificate: X.509, PKI
Module 4
Protection of Computing Resources and Security Features:
Secure Programs Non-malicious Program Errors – Buffer Overflows, Incomplete Mediation; Viruses and Other Malicious Code – Methods of Control – Developmental Controls, Objects to be Protected; User Authentication – Use of Passwords, Additional Authentication Information, Attacks on Passwords, Exhaustive Attack, and Password Selection Criteria.
Module 5
Network Security:
Network Security basics: TCP/IP vulnerabilities (Layer wise), Packet Sniffing, ARP spoofing, port scanning, IP spoofing, TCP syn flood, DNS Spoofing. Denial of Service: Classic DOS attacks, Source Address spoofing, ICMP flood, SYN flood, UDP flood, Distributed Denial of Service, and Defenses against Denial of Service Attacks. Firewalls, Intrusion Detection Systems: Host-Based and Network
Based IDS, Honey pots.
Network Security applications:
Authentication Applications, Kerberos, Internet Security Protocols: SSL, TLS, IPSEC: AH, ESP, Secure Email: PGP and S/MIME, Key Management.
Module 6
OWASP top 10:
Open web application project OWASP Top 10 attacks : 2013, Transition from 2013 to 2017 and 2017 to 2021, SQL injection, Cross site scripting, Cross Site Request Forgery, Server Side Request Forgery