Professional Documents
Culture Documents
Course book of
Information Security
4th Year CSM
Lecturers name:
Sufyan Al-Janabi
Academic year:
2015-2016
Contents:
Contents: ................................................................................................................................................. 2
Course book outline ................................................................................................................................ 3
Course overview ...................................................................................................................................... 4
Course objective ...................................................................................................................................... 5
Students obligation ................................................................................................................................ 6
Forms of teaching .................................................................................................................................... 7
Assessment of scheme ............................................................................................................................ 8
Student learning outcome:...................................................................................................................... 9
Course Reading List and References: .................................................................................................... 10
The topics .............................................................................................................................................. 11
Chapter One: Introduction to Information Security.............................................................................. 12
Chapter Two: Conventional Cryptography ............................................................................................ 12
Chapter Three: Classical Encryption Techniques .................................................................................. 12
Chapter Four: Block Ciphers and DES .................................................................................................... 12
Chapter Five: Mathematical Background .............................................................................................. 12
Chapter Six: Public-key Cryptography ................................................................................................... 12
Chapter Seven: Malware ....................................................................................................................... 12
Chapter Eight: Trusted Systems ............................................................................................................ 12
Coursework and exams ......................................................................................................................... 20
Rules and instructions to be followed by students for exams .............................................................. 21
Type of exams questions ....................................................................................................................... 22
Typical answers for above exam questions........................................................................................... 23
Extra notes............................................................................................................................................. 26
Peer review............................................................................................................................................ 27
1. Course name
2. Lecturer in charge
3. Department/ College
4. Contact
Information Security
Prof. Dr. Sufyan Al-Janabi
Computer Science/ Science and Technology
e-mail: sufyan.aljanabi@uhd.edu.iq
Tel: 07710094100
5. Time (in hours) per week Theory: 2
Practice : 2
6. Office hours
Sunday- Thursday (11:30- 2:30)
7. Course code
8. Teacher's academic
https://sites.google.com/site/sufyantaih/
profile
9. Keywords
Computer security, internet security,
cryptography, block ciphers, public-key
systems
Page 3
Course overview
Security is the sum of all measures taken to prevent loss of any kind. Loss can
occur because of user error, defects in code, malicious acts, hardware failure,
and acts of nature. With holistic computer security, a number of methods are
used to prevent these events, but its primarily focused on Preventing user
error and malicious acts. Information Security is a comprehensive study of the
principles and practices of computer system security including operating
system security, network security, software security and web security.
This is an introductory undergraduate course on cryptography and
informationsecurity. It delivered for 4th year students in computer science
department. Cryptography, broadly speaking, is about communicating in the
presence of an adversary, with goals like preservation of privacy and integrity
of communicated data. In the first semester, we will focus on classical and
symmetric key cryptography, including block ciphers and their modes of
operation. The course will emphasize rigorous mathematical formulations of
security goals and aim to train students in spotting weaknesses in designs. In
the second semester, our focus will mainly be directed to public key
cryptography. We will cover topics like hash functions, digital signatures,
asymmetric encryption, RSA, public-key infrastructure, key distribution, and
various applications.
This is generally regarded by undergraduates as a challenging course. It is
mainly theoretical and mathematical in nature, and calls for ability to
understand abstract concepts. Students would be asked to do assignments,
solve home works, and implement programming projects in order to develop
their skills.
Page 4
Course objective
Page 5
Students obligation
Page 6
Forms of teaching
The course will be based on the following teaching and learning activities:
Page 7
Assessment of scheme
Page 8
issues relating to
Page 9
Key references:
Textbook :
Cryptography and Network Security: Principles and Practice, 6/E
by William Stallings
Publisher: Pearson Education, Inc.
Copyright: 2014
Useful references:
Page 10
The topics
No.
Title of the subject
1- Chapter One: Introduction to
Information Security
2- Chapter Two: Conventional
Cryptography
3- Chapter Three: Classical
Encryption Techniques
4- Chapter Four: Block Ciphers and
DES
5- Chapter Five: Mathematical
Background
6- Chapter Six: Public-key
cryptography
7- Chapter Seven: Malware
8- Chapter Eight: Trusted Systems
weeks
2
Tutors name
Sufyan Al-Janabi
Sufyan Al-Janabi
Sufyan Al-Janabi
Sufyan Al-Janabi
Sufyan Al-Janabi
Sufyan Al-Janabi
3
3
Sufyan Al-Janabi
Sufyan Al-Janabi
Page 11
Topics:
Computer security
Network security
Model for network security
Model for system access security
History of information security
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 12
Topics
The student should know the systematic method and way for applying
cryptography techniques for securing information. The scientific contents
include :
Cryptographic systems
Terminology of cryptography
Simplified model of conventional cryptography
Formal model of conventional cryptography
Key space and brute-force attack
Cryptanalysis
Steganography
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Java Cryptography
Investigating main related Java classes
Math classes
Large Integer classes
Page 13
Topics
Substitution Ciphers
Caesar cipher
Monoalphabetic cipher
Playfair cipher
Ployalphabetic ciphers
Hill cipher
Vigenere cipher
Transposition Ciphers
Encryption Machines
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 14
Topics
The aim of this chapter is to investigate some basic techniques for designing
block ciphers and to study one important example of them which is the Data
Encryption Standard (DES). The scientific contents include :
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 15
Topics
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 16
Topics
General Concepts
RSA System
RSA Security
Exchanging Secret Session Keys
Diffie-Hellman System
Constructing Digital Signatures
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 17
Topics
The objective is to give the student a basic knowledge about the major types of
dangerous malware (viruses, etc) and the best methods to quarantine them.
To combat viruses effectively, you need to understand how they propagate and
what defenses are available. The scientific contents include :
Viruses terminology
Virus types
Virus propagation and life-cycle
Worms
Worm propagation
Anti-Virus/Anti-Malware systems
Ethical issues
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Page 18
Topics
One important issue for all security aspects is to have a trusted system. Hackers
are one reason you need to implement computer security, and an in-depth
defense against any adversary requires an in-depth understanding of that
adversary. The scientific contents include :
Hacking techniques
Hacker types
Trusted systems
Mounting Targeted Attacks with Trojans and Social Engineering
Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours
Investigating:
Some aspects of OS security
Best practices to avoid hacking and malware
Page 19
Page 20
Students are expected to attend all classes. If you miss a class, you are
responsible for finding out the material covered in that class.
If you miss an exam, a grade of zero will be assigned, unless a valid
excuse is given.
Completing the required course work on weekly manner will make it
easy for you to pass all exams.
Be sure to solve all assignments problems because they represent exam
question samples.
In exam, before answering, try to read the questions twice
Think carefully before answering
Plan the answer on a separate paper if possible
Page 21
Q.1: What is a security attack? What are the most important types of attack?
Q.3: Use a diagram to describe the Conventional Cryptography Model and its
Requirements.
Q.4: Use the Playfair Cipher with key smythework to encrypt the plaintext:
are you ready
Q.5: Use Euclids Method for Finding the Greatest Common Divisor (gcd) of Two
Integers to evaluate the followings:
a) gcd( 8, 17 )
b) gcd( 40902, 24140 )
Q.6: What is an "integral domain"? State its formal definition and give two
examples of it.
Page 22
Answer of Question-1:
Security attack is any action that compromises the security of information
owned by an organization. There are two generic types of attacks: passive &
active. Passive attacks are very difficult to detect and involve no alteration of
data. Types of Passive Attacks are :
Answer of Question-2:
If we represent each letter of the alphabet by an integer that corresponds to its
position in the alphabet, the formula for replacing each character p of the
plaintext with a character C of the ciphertext can be expressed as:
C = E( 3, p ) = (p + 3) mod 26
Thus, each character of a message is replaced by a character three position
down in the alphabet. Hence, the ciphertext is:
DUH BRX UHDGB
Page 23
Answer of Question-3:
Requirements for secure use of symmetric encryption are:
Strong encryption algorithm
Secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
Assume encryption algorithm is known (Kerckhoffs Principle)
Implies a secure channel to distribute key
The model is shown below:
Answer of Question-4:
The Matrix for Pairwise Substitutions in Playfair Cipher based on this key
smythework is shown below:
ar ey ou re ad yX
DE OS WV KW BF TV
Page 24
Answer of Question-5:
a) gcd( 8, 17 ):
= gcd( 17, 8 )
= gcd( 8, 1 )
= gcd( 1, 0 )
Therefore, gcd( 8, 17 ) = 1
b) gcd( 40902, 24140 ):
= gcd( 24140, 16762 )
= gcd( 16762, 7378 )
= gcd( 7378, 2006 )
= gcd( 2006, 1360 )
= gcd( 1360, 646 ) = gcd( 646, 68 )
= gcd( 68, 34 ) = gcd( 34, 0 )
Therefore, gcd( 40902, 24140 ) = 34
Answer of Question-6:
An integral domain {R, +, } is a commutative ring that obeys the following two
additional properties:
1- ADDITIONAL PROPERTY 1: The set R must include an identity element for
the multiplicative operation. That is, it should be possible to symbolically
designate an element of the set R as '1' so that for every element a of the
set we can say: a . 1 = 1 . a = a
2- ADDITIONAL PROPERTY 2: Let 0 denote the identity element for the
addition operation. If a multiplication of any two elements a and b of R
results in 0, that is if a b = 0 then either a or b must be 0.
Examples of an integral domain can be:
The set of all integers under the operations of arithmetic addition and
multiplication.
The set of all real numbers under the operations of arithmetic addition
and multiplication.
Page 25
Extra notes
Page 26
Peer review
I certify that:
1- I read and verify all requirements of teaching quality assurance are respected
in this course book.
2- The scientific contents are new, convenient and well organized for this stage.
3- The order of chapters are well done.
4- References are new and available for students.
Thats why I signed on this course book. And I take all responsibilities.
Name:
Scientific title:
University:
College:
Department:
E-mail:
Mobile:
Date:
Signature:
Page 27