University of Human Development

College of Science and Technology

Department of Computer Science/Morning

Course book of

Information Security
4th Year CSM
Lecturers name:
Sufyan Al-Janabi
Academic year:
2015-2016

Contents:

Contents: ................................................................................................................................................. 2
Course book outline ................................................................................................................................ 3
Course overview ...................................................................................................................................... 4
Course objective ...................................................................................................................................... 5
Students obligation ................................................................................................................................ 6
Forms of teaching .................................................................................................................................... 7
Assessment of scheme ............................................................................................................................ 8
Student learning outcome:...................................................................................................................... 9
Course Reading List and References: .................................................................................................... 10
The topics .............................................................................................................................................. 11
Chapter One: Introduction to Information Security.............................................................................. 12
Chapter Two: Conventional Cryptography ............................................................................................ 12
Chapter Three: Classical Encryption Techniques .................................................................................. 12
Chapter Four: Block Ciphers and DES .................................................................................................... 12
Chapter Five: Mathematical Background .............................................................................................. 12
Chapter Six: Public-key Cryptography ................................................................................................... 12
Chapter Seven: Malware ....................................................................................................................... 12
Chapter Eight: Trusted Systems ............................................................................................................ 12
Coursework and exams ......................................................................................................................... 20
Rules and instructions to be followed by students for exams .............................................................. 21
Type of exams questions ....................................................................................................................... 22
Typical answers for above exam questions........................................................................................... 23
Extra notes............................................................................................................................................. 26
Peer review............................................................................................................................................ 27

Course book outline

1. Course name
2. Lecturer in charge
3. Department/ College
4. Contact

Information Security
Prof. Dr. Sufyan Al-Janabi
Computer Science/ Science and Technology
e-mail: sufyan.aljanabi@uhd.edu.iq
Tel: 07710094100
5. Time (in hours) per week Theory: 2
Practice : 2
6. Office hours
Sunday- Thursday (11:30- 2:30)
7. Course code
8. Teacher's academic
https://sites.google.com/site/sufyantaih/
profile
9. Keywords
Computer security, internet security,
cryptography, block ciphers, public-key
systems

Information Security Course book 2015-2016, University of Human Development

Page 3

Course overview
Security is the sum of all measures taken to prevent loss of any kind. Loss can
occur because of user error, defects in code, malicious acts, hardware failure,
and acts of nature. With holistic computer security, a number of methods are
used to prevent these events, but its primarily focused on Preventing user
error and malicious acts. Information Security is a comprehensive study of the
principles and practices of computer system security including operating
system security, network security, software security and web security.
This is an introductory undergraduate course on cryptography and
informationsecurity. It delivered for 4th year students in computer science
department. Cryptography, broadly speaking, is about communicating in the
presence of an adversary, with goals like preservation of privacy and integrity
of communicated data. In the first semester, we will focus on classical and
symmetric key cryptography, including block ciphers and their modes of
operation. The course will emphasize rigorous mathematical formulations of
security goals and aim to train students in spotting weaknesses in designs. In
the second semester, our focus will mainly be directed to public key
cryptography. We will cover topics like hash functions, digital signatures,
asymmetric encryption, RSA, public-key infrastructure, key distribution, and
various applications.
This is generally regarded by undergraduates as a challenging course. It is
mainly theoretical and mathematical in nature, and calls for ability to
understand abstract concepts. Students would be asked to do assignments,
solve home works, and implement programming projects in order to develop
their skills.

Information Security Course book 2015-2016, University of Human Development

Page 4

Course objective

The main aims of this course are:

To explore the concepts of information security attacks, services, and
mechanism.
To make students familiar with the basic concepts of applied
cryptography, including classical cryptography and modern secret key
cryptography.
To explain the mathematical foundation of modern cryptography,
especially number theory and finite fields.
To highlight the practical applications and modes of operation of block
ciphers.
To make students familiar with the entire algorithms that associated with
data security.
To make students know the basic theoretical and practical concepts
about ciphering and deciphering processes and requirements.
To enable students to write software codes to secure information via
one of the programming language.
To explain the basic applications of public key systems in key distribution
and digital signatures.
To highlight the technical and social issues related to viruses, worms, and
trusted systems.

Information Security Course book 2015-2016, University of Human Development

Page 5

Students obligation

Attendance Policy: Students are required to attend all lectures. More

than 10 - 15% absences implies a possible dismissal from course.
Please make sure that your cell phone is turned off in the class.
Avoid any distractions during the class.
Students should read the assigned chapters before class, complete
assignments on time, participate in class and do whatever it takes to
grasp this material.
You are responsible for all material covered in the class.
Please communicate any concerns or issues as soon as practical either in
class or by Email.
The list of problems which has been assigned in homeworks is only a
minimal list. You should do additional problems whenever possible,
especially in an area that you find challenging.
Cheating Policy: We will strictly follow the university policy on cheating
and plagiarism. If you have any questions regarding this issue, please
contact the instructor.
All assignments will be due at the beginning of the class on the due date.
No late submissions will be accepted unless a valid excuse is given to the
instructor by the day prior to the due date.

Information Security Course book 2015-2016, University of Human Development

Page 6

Forms of teaching

The course will be based on the following teaching and learning activities:

Lectures using PowerPoint presentations

Practical work by writing software codes
Student Presentation selected topics
Class lectures, lecture notes, and quizzes are designed to achieve the
course objectives.
Case studies
Review questions
The UHD EBoard online course management system is a primary
communication vehicle. Lecture notes and syllabus are available on the
EBoard.

Information Security Course book 2015-2016, University of Human Development

Page 7

Assessment of scheme

Students will be evaluated in this course using a combination of assessment

methods, including:
Written exams (55% of the total grade): There will be two 1.5-hour term
exams and the final. Each term exam will cover a specified amount of
material, while the final will be cumulative. The grading for First Term
exam is 10%, Second Term exam 10%, and Final Exam 35%.
Programming exams (35% of the total grade): There will be two 1-hour
term exams and the final. Each term exam will cover a specified amount
of material, while the final will be cumulative. The grading for First Term
exam is 10%, Second Term exam 10%, and Final Exam 15%.
Participation (included quizzes and assignments): 10% of the total grades
divided as 5% in the first semester and 5% in the second one.

Information Security Course book 2015-2016, University of Human Development

Page 8

Student learning outcome:

After completing the course, the student should be able to:

Identify the threats to information security

Show how to protect information recourses

Describe the basic mathematical and technical
information security.

issues relating to

Interpret how technology affects the design of symmetrical systems,

especially block ciphers.
Use rigorous mathematical formulations of symmetric cryptography to
spot weaknesses in designs.
Demonstrate skills in using classical ciphers for encryption and
decryption.
Demonstrate skills in using some basic cryptanalysis techniques related
to classical cryptography.
Write software programs for basic cryptographic applications.

Information Security Course book 2015-2016, University of Human Development

Page 9

Course reading list and references

Key references:

Textbook :
Cryptography and Network Security: Principles and Practice, 6/E
by William Stallings
Publisher: Pearson Education, Inc.
Copyright: 2014

Useful references:

Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing,

John Wiley & Sons, Inc., 2007.
Mark Stamp, Information Security Principles and Practice, John Wiley &
Sons, 2006.
Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source
Code in C, Second Edition, John Wiley & Sons, Inc., 1996.

Information Security Course book 2015-2016, University of Human Development

Page 10

The topics

No.
Title of the subject
1- Chapter One: Introduction to
Information Security
2- Chapter Two: Conventional
Cryptography
3- Chapter Three: Classical
Encryption Techniques
4- Chapter Four: Block Ciphers and
DES
5- Chapter Five: Mathematical
Background
6- Chapter Six: Public-key
cryptography
7- Chapter Seven: Malware
8- Chapter Eight: Trusted Systems

weeks
2

Tutors name
Sufyan Al-Janabi

Sufyan Al-Janabi

Sufyan Al-Janabi

Sufyan Al-Janabi

Sufyan Al-Janabi

Sufyan Al-Janabi

3
3

Sufyan Al-Janabi
Sufyan Al-Janabi

Information Security Course book 2015-2016, University of Human Development

Page 11

Chapter One: Introduction to Information Security

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics:

Students need to be familiar with some concepts of security such as trust,

knowledge of a secret to prove authenticity, possession of a key to open locks,
and legal accountability. The scientific contents include :

Computer security
Network security
Model for network security
Model for system access security
History of information security

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Review of Java programming language

OOP in Java
Practicing in NetBeans
GUI

Information Security Course book 2015-2016, University of Human Development

Page 12

Chapter Two: Conventional Cryptography

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

The student should know the systematic method and way for applying
cryptography techniques for securing information. The scientific contents
include :

Cryptographic systems
Terminology of cryptography
Simplified model of conventional cryptography
Formal model of conventional cryptography
Key space and brute-force attack
Cryptanalysis
Steganography

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Java Cryptography
Investigating main related Java classes
Math classes
Large Integer classes

Information Security Course book 2015-2016, University of Human Development

Page 13

Chapter Three: Classical Encryption Techniques

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

The main objective of this chapter is to introduce the student to different

classical encryption techniques emphasizing substitution and transposition
processes. The scientific contents include :

Substitution Ciphers
Caesar cipher
Monoalphabetic cipher
Playfair cipher
Ployalphabetic ciphers
Hill cipher
Vigenere cipher
Transposition Ciphers
Encryption Machines

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Writing encryption/decryption codes for :

Caesar cipher
Playfair cipher
Hill cipher
Vigenere cipher
Columnar Transposition Cipher

Information Security Course book 2015-2016, University of Human Development

Page 14

Chapter Four: Block Ciphers and DES

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

The aim of this chapter is to investigate some basic techniques for designing
block ciphers and to study one important example of them which is the Data
Encryption Standard (DES). The scientific contents include :

Block Ciphers Design

Fiestel Network
The Data Encryption Standard
DES Cryptanalysis
Modes of Operation

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Practicing with encryption/decryption of:

Simple Fiestel cipher
Mini DES
Standard DES

Information Security Course book 2015-2016, University of Human Development

Page 15

Chapter Five: Mathematical Background

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

This chapter main objective is to supply students with basic mathematical

background required to understand modern crypto-systems. The scientific
contents include :

Groups, Rings, and Fields

Modular Arithmetic
Set of residues
Polynomial Arithmetic
Finite Fields of the Form GF(2n)

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Writing codes for:

Euclid algorithm for calculating GCD
Extended Euclid algorithm for calculating MI

Information Security Course book 2015-2016, University of Human Development

Page 16

Chapter Six: Public-key Cryptography

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

As student should be now familiar with the fundamental problem of

conventional cryptography which is key distribution, this chapter aims to
present public key systems as a solution for this problem. The scientific
contents include :

General Concepts
RSA System
RSA Security
Exchanging Secret Session Keys
Diffie-Hellman System
Constructing Digital Signatures

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Writing encryption/decryption RSA code for small numbers

Practicing with encryption/decryption RSA code for moderate/large
numbers

Information Security Course book 2015-2016, University of Human Development

Page 17

Chapter Seven: Malware

Lecturer/tutors name: Sufyan Al-Janabi
Date:
2 hours

Topics

The objective is to give the student a basic knowledge about the major types of
dangerous malware (viruses, etc) and the best methods to quarantine them.
To combat viruses effectively, you need to understand how they propagate and
what defenses are available. The scientific contents include :

Viruses terminology
Virus types
Virus propagation and life-cycle
Worms
Worm propagation
Anti-Virus/Anti-Malware systems
Ethical issues

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Practicing with anti-virus/ anti-malware softwares

Information Security Course book 2015-2016, University of Human Development

Page 18

Chapter Eight: Trusted Systems

Lecturer/tutors name:
Date:
2 hours

Topics

One important issue for all security aspects is to have a trusted system. Hackers
are one reason you need to implement computer security, and an in-depth
defense against any adversary requires an in-depth understanding of that
adversary. The scientific contents include :

Hacking techniques
Hacker types
Trusted systems
Mounting Targeted Attacks with Trojans and Social Engineering

Practical topics
Lecturer/tutors name: Sufyan Al-Janabi/ TA: Mr. Dana
Date:
2 hours

Investigating:
Some aspects of OS security
Best practices to avoid hacking and malware

Information Security Course book 2015-2016, University of Human Development

Page 19

Coursework and exams

The most obvious function of exams and quizzes is to enable instructors to make
judgments about the quality of student learning and hence assign grade. The
method of assessment can have a direct impact on the quality of student learning.
Students can assume that the focus of exams and assignments reflects the
educational goals most valued by an instructor, and they direct their learning and
studying accordingly. Exams and assignments will focus on the most important
content and behaviors emphasized during the course (or particular section of the
course).
Many exam questions will be based on mathematical problem solving and essay
types. Students should provide complet step-by-step solution in a systematic and
clear manner. Essay questions can tap complex thinking by requiring students to
organize and integrate information, interpret information, construct arguments,
give explanations, evaluate the merit of ideas, and carry out other types of
reasoning. Alternatively, restricted responseessay questions can be usesed. These
are good for assessing basic knowledge and understanding and generally require a
brief written response.
Other question types should also be expexted by students such as multiple-choice
questions (MCQs) and true-false questions. MCQs have a number of advantages.
They can measure various kinds of knowledge, including students' understanding of
terminology, facts, principles, methods, and procedures, as well as their ability to
apply, interpret, and justify. True-false questions main advantage is that many items
can be administered in a relatively short time.
Term and final exams can be of 1.5 3 hours duration while quizzes can be from 15
minutes to 1 hour. Usually equal-weight questions are used in exams and quizzes.
Otherwise, the weight for each question will be mentioned. In exams, students can
expect 5- 7 questions on average. Some sample exam questions are mentioned
later.

Information Security Course book 2015-2016, University of Human Development

Page 20

Rules and instructions to be followed by students for exams

Students are expected to attend all classes. If you miss a class, you are
responsible for finding out the material covered in that class.
If you miss an exam, a grade of zero will be assigned, unless a valid
excuse is given.
Completing the required course work on weekly manner will make it
easy for you to pass all exams.
Be sure to solve all assignments problems because they represent exam
question samples.
In exam, before answering, try to read the questions twice
Think carefully before answering
Plan the answer on a separate paper if possible

Information Security Course book 2015-2016, University of Human Development

Page 21

Type of exams questions

Q.1: What is a security attack? What are the most important types of attack?

Q.2: Use the traditional Caesar Cipher to encrypt the plaintext:

are you ready

Q.3: Use a diagram to describe the Conventional Cryptography Model and its
Requirements.

Q.4: Use the Playfair Cipher with key smythework to encrypt the plaintext:
are you ready

Q.5: Use Euclids Method for Finding the Greatest Common Divisor (gcd) of Two
Integers to evaluate the followings:
a) gcd( 8, 17 )
b) gcd( 40902, 24140 )
Q.6: What is an "integral domain"? State its formal definition and give two
examples of it.

Information Security Course book 2015-2016, University of Human Development

Page 22

Typical answers for above exam questions

Answer of Question-1:
Security attack is any action that compromises the security of information
owned by an organization. There are two generic types of attacks: passive &
active. Passive attacks are very difficult to detect and involve no alteration of
data. Types of Passive Attacks are :

Type 1: Release of message contents

Type 2: Traffic analysis

Active Attacks involve modification of transmitted data or creating false data,

such as :

Type 1- Masquerade: Pretend to be a different entity

Type 2- Replay: Capture data for subsequent retransmission

Type 3- Modification of message: Some portion of legitimate message

is altered

Type 4- Denial of service: Disruption of network by disabling or

overloading

Answer of Question-2:
If we represent each letter of the alphabet by an integer that corresponds to its
position in the alphabet, the formula for replacing each character p of the
plaintext with a character C of the ciphertext can be expressed as:
C = E( 3, p ) = (p + 3) mod 26
Thus, each character of a message is replaced by a character three position
down in the alphabet. Hence, the ciphertext is:
DUH BRX UHDGB

Information Security Course book 2015-2016, University of Human Development

Page 23

Answer of Question-3:
Requirements for secure use of symmetric encryption are:
Strong encryption algorithm
Secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
Assume encryption algorithm is known (Kerckhoffs Principle)
Implies a secure channel to distribute key
The model is shown below:

Answer of Question-4:
The Matrix for Pairwise Substitutions in Playfair Cipher based on this key
smythework is shown below:

The plaintext is:

ar ey ou re ad yX

Thus, the ciphertext is:

DE OS WV KW BF TV

Information Security Course book 2015-2016, University of Human Development

Page 24

Answer of Question-5:
a) gcd( 8, 17 ):
= gcd( 17, 8 )
= gcd( 8, 1 )
= gcd( 1, 0 )
Therefore, gcd( 8, 17 ) = 1
b) gcd( 40902, 24140 ):
= gcd( 24140, 16762 )
= gcd( 16762, 7378 )
= gcd( 7378, 2006 )
= gcd( 2006, 1360 )
= gcd( 1360, 646 ) = gcd( 646, 68 )
= gcd( 68, 34 ) = gcd( 34, 0 )
Therefore, gcd( 40902, 24140 ) = 34

Answer of Question-6:
An integral domain {R, +, } is a commutative ring that obeys the following two
additional properties:
1- ADDITIONAL PROPERTY 1: The set R must include an identity element for
the multiplicative operation. That is, it should be possible to symbolically
designate an element of the set R as '1' so that for every element a of the
set we can say: a . 1 = 1 . a = a
2- ADDITIONAL PROPERTY 2: Let 0 denote the identity element for the
addition operation. If a multiplication of any two elements a and b of R
results in 0, that is if a b = 0 then either a or b must be 0.
Examples of an integral domain can be:
The set of all integers under the operations of arithmetic addition and
multiplication.
The set of all real numbers under the operations of arithmetic addition
and multiplication.

Information Security Course book 2015-2016, University of Human Development

Page 25

Extra notes

Information Security Course book 2015-2016, University of Human Development

Page 26

Peer review

I certify that:
1- I read and verify all requirements of teaching quality assurance are respected
in this course book.
2- The scientific contents are new, convenient and well organized for this stage.
3- The order of chapters are well done.
4- References are new and available for students.
Thats why I signed on this course book. And I take all responsibilities.

Name:
Scientific title:
University:
College:
Department:
E-mail:
Mobile:
Date:
Signature:

Information Security Course book 2015-2016, University of Human Development

Page 27