TIET/AI&DS/CCS354/III/VI

TAGORE INSTITUTE OF ENGINEERING AND TECHNOLOGY

Deviyakurichi-636112, Thalaivasal (TK), Salem (DT)

COURSE PLAN

Designation/Department AP/ECE
Course Code/Name CCS354/ NETWORK SECURITY
Year/Section/Department III/AI&DS
Credits Details L:3 T: 0 P: 2 C:3
Total Contact Hours Required 60
Syllabus:

UNIT-I INTRODUCTION 8+9

Basics of cryptography, conventional and public-key cryptography, hash functions, authentication,

and digital signatures.

UNIT-II KEY MANAGEMENT AND AUTHENTICATION 7

Key Management and Distribution: Symmetric Key Distribution, Distribution of Public Keys,
X.509
Certificates, Public-Key Infrastructure. User Authentication: Remote User-Authentication Principles,
Remote User-Authentication Using Symmetric Encryption, Kerberos Systems, Remote User
Authentication Using Asymmetric Encryption.
UNIT-III ACCESS CONTROL AND SECURITY 4+6

Network Access Control: Network Access Control, Extensible Authentication Protocol, IEEE 802.1X
Port-Based Network Access Control - IP Security - Internet Key Exchange (IKE). Transport-Level
Security: Web Security Considerations, Secure Sockets Layer, Transport Layer Security, HTTPS
standard, Secure Shell (SSH) application.
UNIT-IV APPLICATION LAYER SECURITY 5+6

Electronic Mail Security: Pretty Good Privacy, S/MIME, DomainKeys Identified Mail. Wireless
Network Security: Mobile Device Security.
UNIT-V SECURITY PRACTICES 6+9

Firewalls and Intrusion Detection Systems: Intrusion Detection Password Management, Firewall
Characteristics Types of Firewalls, Firewall Basing, Firewall Location and Configurations.
Blockchains, Cloud Security and IoT security.

Practical Exercise:
1. Implement symmetric key algorithms.
2. Implement asymmetric key algorithms and key exchange algorithms.
3. Implement digital signature schemes.
1
 TIET/AI&DS/CCS354/III/VI

4. Installation of Wire shark, tcp dump and observe data transferred in client-server
communication using UDP/TCP and identify the UDP/TCP datagram.
5. Check message integrity and confidentiality using SSL.
6. Experiment Eavesdropping, Dictionary attacks, MITM attacks .
7. Experiment with Sniff Traffic using ARP Poisoning .
8. Demonstrate intrusion detection system using any tool.
9. Explore network monitoring tools.
10. Study to configure Firewall, VPN.
Objective:

 To learn the fundamentals of cryptography.

 To learn the key management techniques and authentication approaches.
 To explore the network and transport layer security techniques.
 To understand the application layer security standards.
 To learn the real time security practices.
Text Book:

T1. Cryptography and Network Security: Principles and Practice, 6th Edition, William
Stallings,2014, Pearson, ISBN 13:9780133354690.
Reference Book:

R1.Network Security: Private Communications in a Public World, M. Speciner, R. Perlman, C.

Kaufman, Prentice Hall, 2002.
R2. Linux iptables Pocket Reference, Gregor N. Purdy, O'Reilly, 2004, ISBN-13: 978-
0596005696.
R3. Linux Firewalls, by Michael Rash, No Starch Press, October 2007, ISBN: 978-1-59327-141-
1.
R4. Network Security, Firewalls And VPNs, J. Michael Stewart, Jones & Bartlett Learning, 2013,
ISBN-10: 1284031675, ISBN-13: 978-1284031676.
R5. The Network Security Test Lab: A Step-By-Step Guide, Michael Gregg, Dreamtech Press,
2015, ISBN-10:8126558148, ISBN-13: 978-8126558148.
Website:

W1. https://youtu.be/2YGUvopGkQc?si=Zfti9YyRikJ11tYB
W2. https://youtu.be/Yhwj1iVfMLc
W3. https://youtu.be/ZHCtVZ6cjdg?si=z-lmsvhiF5SjV2aR
W4. https://youtu.be/-8IYmkHFTDc?si=c79A-sHsX9UNwkY9
Online Mode of Study (if Any):

 https://youtu.be/RhS1PB3gDgU?si=Q5D2ibSFjryLDPXe
Course Plan:

Topic Topic Books for Page No. Teaching No. of Cumulative

No. Reference methodology periods No. of.

2
 TIET/AI&DS/CCS354/III/VI

Required Periods

UNIT I INTRODUCTION

1 Basics of cryptography W4 - Black Board 1 1

Conventional and public-key Black Board

2 T1 253 2 3
cryptography

3 Hash functions T1 313 Black Board 1 4

4 Authentication and T1 355 Black Board 2 6

5 digital signatures. T1 393 Black Board 2 8

Implement symmetric key

6 P - Experimental 3 11
algorithms Setup
Implement asymmetric key
7 algorithms and key exchange P - Experimental 3 14
algorithms Setup

Implement digital signature

8 P - Experimental 3 17
schemes Setup
Outcome of Unit I

 CO1 – Classify the encryption techniques

UNIT II KEY MANAGEMENT AND AUTHENTICATION

Key Management and

9 T1 417 Black Board 1 18
Distribution: Symmetric
Key Distribution
10 T1 430 Black Board 1 19
Distribution of Public Keys
11 X.509 Certificates, Public- T1 435,443 Black Board 1 20
Key Infrastructure
User Authentication: Remote
12 User-Authentication T1 451 Black Board 1 21
Principles

Remote User-Authentication
13 T1 454 Black Board 1 22
Using Symmetric Encryption

14 Kerberos Systems T1 458 Black Board 1 23

Remote User Authentication

15 T1 476 Black Board 1 24
Using Asymmetric
Encryption.
3
 TIET/AI&DS/CCS354/III/VI

Outcome of Unit II

 CO2 – Illustrate the key management technique and authentication.

UNIT III ACCESS CONTROL AND SECURITY

Network Access Control:

Network Access Control,
16 Extensible Authentication 496,499
Protocol T1
503 Black Board 1 25
IEEE 802.1X Port- Based
Network Access Control

IP Security, Internet Key

17 Exchange (IKE).Transport- 626,649
Level Security: Web Security T1 522 Black Board 1 26
Considerations

18 Secure Sockets Layer 525

Transport Layer Security,
HTTPS standard T1 539,543 Black Board 1 27

Secure Shell (SSH)

19 T1 544 Black Board 1 28
application.

Installation of Wire shark,

tcpdump and observe data
transferred in client-server Experimental
20 P - 3 31
communication using Setup
UDP/TCP and identify the
UDP/TCP datagram.

Check message integrity and Experimental

21 P - 3 34
confidentiality using SSL Setup
Outcome of Unit III

 CO3- Evaluate the security techniques applied to network and transport layer
UNIT IV APPLICATION LAYER SECURITY

Electronic Mail Security:

26 T1 590 Black Board 1 35
Pretty Good Privacy

27 S/MIME T1 599 Black Board 2 37

4
 TIET/AI&DS/CCS354/III/VI

Domain Keys Identified

28 T1 615 Black Board 1 38
Mail

Wireless Network Security:

29 T1 558-566 PPT 1 39
Mobile Device Security

Experiment Eavesdropping, P
Experimental
30 Dictionary attacks, MITM - 3 42
attacks Setup

Experiment with Sniff Traffic P Experimental

31 - 3 45
using ARP Poisoning Setup

Outcome of Unit IV

 CO4- Discuss the application layer security standards.

UNIT V SECURITY PRACTICES

Firewalls and Intrusion

Detection Systems: Intrusion
32 W1 - Black Board 1 46
Detection Password
Management

33 Firewall Characteristics W1 - Black Board 1 47

Types of Firewalls
34 Firewall Basing W1 - Black Board 1 48

Firewall Location and

35 W1 - Black Board 1 49
Configurations

36 Block chains W2 - PPT 1 50

Cloud Security and IoT

37 W3 - Black Board 1 51
security

Demonstrate intrusion P
Experimental
38 detection system using any - 3 54
Setup
tool.

Explore network monitoring P Experimental

39 - 3 57
tools Setup

Study to configure Firewall, P Experimental

40 - 3 60
VPN Setup

Outcome of Unit V

CO5- Apply security practices for real time applications

5
 TIET/AI&DS/CCS354/III/VI

Course Outcome:

At the end of course, Students should be able to do:

 Classify the encryption techniques
 Illustrate the key management technique and authentication.
 Evaluate the security techniques applied to network and transport layer
 Discuss the application layer security standards.
 Apply security practices for real time applications.
Course Outcome Vs Program Outcome Mapping:

CO/PO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12
CO 1 3 3 2 2 2 - - - 2 1 2 1
CO 2 1 1 3 2 2 - - - 2 2 1 1
CO 3 1 2 1 1 2 - - - 3 3 1 3
CO 4 2 2 3 2 3 - - - 3 3 2 1
CO 5 2 1 3 2 2 - - - 2 1 1 3

Content beyond Syllabus:

 To learn about Artificial Intelligence and Machine Learning

 To Learn about Cyber Security

Assignment:

Mode of
Assignment
Assign Batch Total
Register Number Written/ Topics
ment Details Number
Seminar/
PPT
623022243001- Secure Hash Algorithm
Batch - I 16 Written
623022243021
623022243022- Public key cryptography
I Batch - II 16 Written
623022243041
623022243042- 16 Authentication techniques
Batch - III Written
623022243302
623022243001- X.509 certificates
Batch - I 16 Seminar
623022243021
623022243022- Kerberos system
II Batch - II 16 Seminar
623022243041
623022243042- 16 Remote user Authentication
Batch - III Seminar
623022243302

623022243001- Network Access Control

Batch - I 16 PPT
623022243021
III
623022243022- Internet key Exchange
Batch - II 16 PPT
623022243041

6
 TIET/AI&DS/CCS354/III/VI

623022243042- 16 Secure shell applications

Batch - III PPT
623022243302

University Questions:

1. Discuss how digital signatures can enhance the security of online transactions.
2.Describe how hash functions can be utilized to store and verify passwords securely.
3.Describe how an attack could be analyzed to determine the type of cryptographic vulnerabilities
that occurred.
UNIT-1 4.Compare and contrast the effectiveness of conventional and public-key cryptography in securing
a network. Discuss the strengths and weaknesses of each approach.
5.Demonstrate how a user would use their private key to authenticate to a remote server in an
asymmetric encryption scenario.
6. Evaluate the effectiveness of using multi-factor authentication (MFA) in combination with
cryptographic techniques to enhance system security. What potential weaknesses might still exist?
UNIT-2 1. Analyze the implications of key compromise in symmetric key distribution and propose a
mitigation strategy.
2.Design a step-by-step process for securely distributing public keys in a corporate environment.
3. Assess the potential risks and benefits of using public keys for user authentication compared to
symmetric keys.
4. Examine the principles of remote user authentication and illustrate how they can be
implemented in a mobile application.
5. Develop a hypothetical scenario involving a company utilizing symmetric encryption for
remote authentication.
6. Discuss ethical concerns, such as privacy issues and data protection, along with challenges like
false acceptance rates.
UNIT-3 1.Explain how Network Access Control improves network security.
2.Describe the role of Internet Key Exchange (IKE) in IP Security.
3.Apply the principles of Transport-Level Security to assess the security of a web application
using HTTPS.
4.Compare and contrast the security mechanisms offered by SSH and TLS in the context of
network communication.
5.Design a secure network access control policy that incorporates NAC principles and 802.1X
authentication.
6.Demonstrate how IEEE 802.1X can be implemented in a wireless network.
UNIT-4 1. Discuss the importance of digital signatures in S/MIME for verifying the authenticity of emails.
2. Implement a basic mobile security strategy for employees who use their personal devices for
work purposes.
3. Assess the role of cyber security policies in mitigating threats to wireless networks and mobile
devices in an organizational context.
4. Examine how various mobile device threats exploit vulnerabilities in outdated operating
7
 TIET/AI&DS/CCS354/III/VI

systems.
5. Evaluate the effectiveness of using two-factor authentication alongside S/MIME in
strengthening email security.
6. Evaluate the effectiveness of public awareness training programs in reducing the incidence of
phishing attacks targeting mobile users.
UNIT-5 1.Discuss the importance of logging and monitoring in Intrusion Detection Systems.
2.Develop a basic plan for implementing a firewall in a small business network.
3. Examine the impact of cloud security breaches on business operations and reputational risk.
4.Assess the relevance of real-time monitoring in Intrusion Detection Systems and its impact on
breach mitigation.
5. Summarize the fundamental principles of block chain technology.
6. Investigate how block chain technology can enhance the security of IoT devices.

Submission Details:

Phase 1(Before AT 1) Phase 2 (Before AT 2) Phase 3 (Before AT 3)

Assignment 1 UNIT-1&2 Assignment 2 UNIT-3&4 Assignment 3 UNIT-5

Prepared By (subject in charge) Verified By(HOD)

Recommended By (IQAC) Approved By(Principal)