COURSEPACK (Fall Summer 2024-25)

1. THE SCHEME
Course Title Cryptography and Cyber Security Course Type Comprehensive

Course Code R1UC505C Class [Link]-CSE(Cyber

Security,CSDF& CNCS) -
V Sem
Activity Credits Credit Hours Total Number of Assessment in
Classes per Semester Weightage
Lecture 3 3
Instruction
delivery Tutorial 0 0 Self-
study
Practical 1 2

Self-study 0 5

Total 4 10
45 0 30 75 50% 50%
Course Lead Dr. Vinay Kumar Pandey Course Dr. Abhishek Srivastava
Coordinator
Names Theory Practical
Course
Instructor Dr. Vinay Kumar Pandey Dr. Vinay Kumar Pandey
Dr. Vimal Kumar Dr. Vimal Kumar
Dr. Arvind Panwar Dr. Arvind Panwar.
Dr. Ajeet Singh Dr. Ajeet Singh
Dr. Abhishek Srivastava Dr. Abhishek Srivastava

2. COURSE OVERVIEW
Cryptography is base for providing different security services like confidentiality, integrity and ensuring availability. Network
Security encompasses various security measures, such as, file encryption and firewalls, to safeguard digital assets. This course
presupposes that student possesses a strong foundation in computing and aims to elucidate the dynamic realm of network
security. By delivering into the critical aspects of building resilience against cyber threats, this course equips students with the
knowledge needed to navigate this evolving landscape effectively.

3. COURSE OBJECTIVES
This course is designed to introduce students to classical encryption techniques, including DES, RSA encryption and decryption.
It also aims to clarify authentication requirements and the utilization of various cryptographic methods such as MAC, MD5,
RIPEMD, HMAC, digital signatures, with a specific focus on their applications in the realms of communication and e-commerce.
Additionally, students will gain hands-on experience by developing programs for encryption and decryption techniques.

1
4. PREREQUISITE COURSE
Prerequisite Course Required YES
If Yes, please fill in the details Prerequisite Course Code Prerequisite Course Name
BCSE-2370 Data Communication and Networking

5. PROGRAM OUTCOMES (POs):

PO No. Description of the Program Outcome

PO1 Engineering Knowledge: Apply the knowledge of mathematics, science, engineering fundamentals, and an
engineering specialization to the solution of complex Computer Science and engineering problems.
PO2 Problem Analysis: Identify, formulate, review research literature, and analyze complex Computer Science and
engineering problems reaching substantiated conclusions using first principles of mathematics, natural sciences,
and engineering sciences.
PO3 Design/Development of Solutions: Design solutions for complex Computer Science and engineering problems
and design system components or processes that meet the specified needs with appropriate consideration for
the public health and safety, and the cultural, societal, and environmental considerations.
PO4 Conduct Investigations of Complex Problems: Use research-based knowledge and research methods including
design of experiments, analysis and interpretation of data, and synthesis of the information to provide valid
conclusions.
PO5 Modern Tool Usage: Create, select, and apply appropriate techniques, resources, and modern engineering and
IT tools including prediction and modelling to complex computer science and engineering activities with an
understanding of the limitations.
The Engineer and Society: Apply reasoning informed by the contextual knowledge to assess societal, health,
PO6
safety, legal and cultural issues and the consequent responsibilities relevant to the professional engineering
practice.
Environment and Sustainability: Understand the impact of the professional engineering solutions in societal
PO7
and environmental contexts, and demonstrate the knowledge of, and need for sustainable development.
Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of the
PO8
engineering practice.
Individual and Team Work: Function effectively as an individual, and as a member or leader in diverse teams,
PO9
and in multidisciplinary settings.
Communication: Communicate effectively on complex Computer Science and engineering activities with the
PO10
engineering community and with society at large, such as, being able to comprehend and write effective
reports and design documentation, make effective presentations, and give and receive clear instructions.
Project Management and Finance: Demonstrate knowledge and understanding of the engineering and
PO11
management principles and apply these to one’s own work, as a member and leader in a team, to manage
projects and in multidisciplinary environments.
Life-Long Learning: Recognize the need for, and have the preparation and ability to engage in independent
PO12
and life-long learning in the broadest context of technological changes in the field of Computer Science.

6. PROGRAM SPECIFIC OUTCOMES (PSOs):

Program Specific Outcomes (PSO) are statements that describe what the graduates of a discipline-specific program should be
able to do. Two to Three PSOs per program should be designed.

2
 PO No. Description of the Program-Specific Outcome

Have the ability to work with emerging technologies in computing requisite to

PSO1
Industry 4.0.
Demonstrate Engineering Practice learned through industry internship and research project to solve live
PSO2
problems in various domains.

7. COURSE CONTENT (THEORY + PRACTICAL)

CONTENT (Syllabus)

Introduction: Computer Security Concepts, Security Attacks, Security Services, Security Mechanism, OSI Security
Architecture, A Model for Network Security, Introduction to Cryptography, Basic Concepts of Number Theory-
Divisibility and Division Algorithm, Euclidean Algorithm, Modular Arithmetic, Steganography.
Classical Encryption Techniques: Symmetric Cipher Model, Substitution Techniques Transposition Techniques,
Traditional Block Cipher Structure,
Symmetric Key Cryptography: SDES, DES, Key generation, DES Encryption, DES Decryption S-Boxes, Strength of
DES, AES, Block Cipher Design Principles.
Public Key Cryptography: Public Key Cryptography, Principles of Public Key Cryptosystems, Fermat’s and Euler’s
Theorems, The RSA Algorithm, ECC, Key Management, Diffie-Hellman Key Exchange,
MAC and Hash Algorithms: Message Authentication and Hash Functions, Authentication Requirements,
Authentication Functions, Message Authentication Codes, Hash Functions, Security of Hash Functions. SHA-3,
MD5 Message Digest Algorithm, Secure Hash Algorithms, RIPEMD, HMAC Digital Signatures, Authentication
Protocols -Digital Signature Standard.
CYBER CRIMES AND CYBER SECURITY: Cyber Crime and Information Security – classifications of Cyber Crimes –
Tools and Methods –Password Cracking, Keyloggers, Spywares, SQL Injection – Network Access Control – Cloud
Security – Web Security – Wireless Security

Content (Practical)
To develop a program to implement encryption and decryption using rail fence transportation technique.
To develop a program to implement Data Encryption Standard for encryption and decryption.
To develop a program to implement Advanced Encryption Standard for encryption and decryption.
Develop a program to implement RSA algorithm for encryption and decryption.
Develop a program to implement Diffie Hellman Exchange Algorithm for encryption and decryption.
Develop a program to implement Secure Hash Algorithm.
To write a program to implement the digital signature scheme in C++/Python.
To demonstrate intrusion detection system(ids) using the tool snort.
To explore automated and penetration tools on network (KF Sensor).
To write a detail step to configure snort tools.
To Identify vulnerabilities in a given network and assess their potential impact.
To Configure a firewall to protect a network and test its effectiveness against various types of attacks.
To Deploy an IDS to monitor network traffic and detect potential intrusion attempts.
To Set up a secure wireless network and understand various security protocols.
To Identify and exploit vulnerabilities in a web application to understand common web security issues.

3
8. COURSE OUTCOMES (COs)
After the completion of the course, the student will be able to:

CO No. Course Outcomes

R1UC505C.1 Select and apply appropriate classical encryption techniques like substitution and
transposition for encryption and decryption of messages.
R1UC505C.2 Apply SDES, DES, RSA Encryption and Decryption Techniques for Network Security.
R1UC505C.3 Implement Hash Algorithms viz., MAC, MD5, RIPEMD and HMAC.
R1UC505C.4 Develop Programs for Encryption and Decryption Techniques, viz., DES, AES, RSA, Diffie
Hellman Key Exchange, Secure Hash Algorithm, and Digital Signature in cyber security.

9. TAXONOMY LEVEL OF THE COURSE OUTCOMES

Mapping of COs with Bloom’s Level

Remember Understand Apply KL 3 Analyze KL 4 Evaluate KL 5 Create KL 6

CO No.
KL1 KL 2
R1UC505C.1 √ √
R1UC505C.2 √
R1UC505C.3 √
R1UC505C.4 √

10. COURSE ARTICULATION MATRIX

COs#/ POs

- - - - - - - - - - - -
R1UC505C.1 2 2
- - - - - - - - - - -
R1UC505C.2 2 2 -

- -
- -
- -
- -
-
2
2
R1UC505C.3 2 2

- - - - - - - - - - 2
2
R1UC505C.4 2 2

Note: 1-Low, 2-Medium, 3-High \ *first semester first course and first Course Outcome

4
11. TYPICAL EXAMPLE OF COURSES, CREDIT HOURS AND TEACHING HOURS
Credits Hours Hours of engagement/ Week 15 weeks/
semester

Type of Course Remarks

Total no. of
classes

Comprehensive 45 classes for theory &

Course 3 0 1 1 5 3 0 2 3 5+3* 75 30 hours of lab sessions
*1 credit = 3 self-learning hours (Not to mention in the lesson plan)

[Link]. Topic for Delivery Tutorial/ Skills Competency

Practical/ Plan
1. Computer Security Concepts, Theory Use Classical
Security Attacks, encryption and R1UC505C.1
2. Security Services, Security Theory decryption
Mechanism, OSI Security technique like
Architecture, A Model for transposition
Network Security for securing R1UC505C.1
3. Basic Concepts of Number Theory messages in a
Theory: Divisibility and network.
Division Algorithm R1UC505C.1
4-5 To develop a program to Practical
implement encryption and
decryption using rail fence
transportation technique R1UC505C.1
5. Practical R1UC505C.1
6. Euclidean Algorithm Theory R1UC505C.1
7. Modular Arithmetic Theory Apply Classical R1UC505C.2
8 Steganography Theory encryption and R1UC505C.2
9 -10 To develop a program to Practical decryption R1UC505C.2
implement Data Encryption technique like
Standard for encryption and substitution for
decryption. securing
11 Symmetric Cipher Model, SDES Theory messages in a R1UC505C.2
12 DES, Strength of DES Theory network. R1UC505C.2

13 3-DES, Theory Use Classical R1UC505C.2

14 -15 To develop a program to Practical encryption and R1UC505C.2
implement Advanced decryption
Encryption Standard for technique of
encryption and decryption. both
16 Block Cipher Design Principles. Theory substitution and R1UC505C.2
17 S-boxes, Key generation Theory transposition for R1UC505C.2
18 AES Theory securing R1UC505C.2
messages in a
network.

5
19-20 Develop a program to Practical Apply Symmetric R1UC505C.2
implement RSA algorithm for Cryptographic
encryption and decryption. algorithms like
21 Public Key Cryptography, Theory SDES, DES etc. for R1UC505C.2
22 Principles of Public Key Theory network security. R1UC505C.2
Cryptosystems,
23 Fermat’s and Euler’s Theorems, Theory R1UC505C.2
24 Develop a program to Practical R1UC505C.2
implement Diffie
Hellman Exchange Algorithm
for encryption and
decryption.
25 Practical R1UC505C.2
26 The RSA Algorithm, Theory R1UC505C.2
27 ECC, Theory R1UC505C.2
28 Key Management, Theory Apply Asymmetric R1UC505C.2
cryptographic
algorithms like
RSA for network
security.
29 Develop a program to Practical Implement Hash R1UC505C.3
implement Secure Hash Algorithm like MAC
Algorithm. for authentication
in network
30 Practical R1UC505C.3
security.
31 Diffie-Hellman Key Exchange Theory R1UC505C.3
32 Message Theory R1UC505C.3
Authentication
33 Message Theory R1UC505C.3
Authentication Codes
34 To write a program to Practical R1UC505C.3
implement the digital
signature scheme in Java.
35 Authentication Requirements Practical R1UC505C.3
36 Authentication Functions Theory R1UC505C.3
37 Hash Functions Theory R1UC505C.3
38 Security of Hash Functions Theory R1UC505C.3
39 To demonstrate intrusion Practical Implement Hash R1UC505C.3
detection system(ids) using Algorithms like
the tool snort. MAC for IP
40 Practical Security in R1UC505C.3
network
41 Secure Hash Algorithm (SHA- Theory R1UC505C.3
security.
3)
42 MD5 Message Digest Algorithm, Theory R1UC505C.3
43 Network management Theory R1UC505C.3
security: RIPMED

6
44 -45 To explore automated Practical R1UC505C.3
and penetration tools on
network (KF Sensor).
46 Digital Signatures Theory Implement other R1UC505C.3
47 Electronic mail security Theory public key R1UC505C.3
48 Authentication Protocols -Digital Theory Algorithm like R1UC505C.3
Signature Standard. Diffie Hellman Key
Exchange for
49 To write a detail step to Practical R1UC505C.3
network security.
configure snort tools.
50 Practical R1UC505C.3
51 Security for electronic Theory Implement Hash R1UC505C.3
commerce Algorithm like MD5
52 Kerberos Theory for detecting R1UC505C.4
Intrusion and
53 X.509 Authentication Service, Theory R1UC505C.4
prevention of
54 Identify vulnerabilities in a Practical attacks in network R1UC505C.4
given network and assess security.
their potential impact.
55 Practical R1UC505C.4
56 Pretty Good Privacy Theory Implement Hash R1UC505C.4
57 S/MIME. Theory Algorithms like R1UC505C.4
58 IP security Theory RIPEMD, HMAC for R1UC505C.4
network security.
59 Configure a firewall to Practical R1UC505C.4
protect a network
and test its effectiveness
against various types of
attacks.
60 Practical R1UC505C.4
61 Network management security Theory R1UC505C.4
62 SSL Theory R1UC505C.4
63 SET Theory R1UC505C.4
64 Deploy an IDS to monitor Practical Implement R1UC505C.4
network traffic and detect Programs for
potential intrusion attempts. Encryption and
Decryption
Techniques, viz.,
DES,
AES, RSA, Diffie
Hellman Key
Exchange in
network security.
65 Practical R1UC505C.4
66 Firewalls Theory Implement R1UC505C.4
67 Intrusion Detection Systems Theory Programs for R1UC505C.4
68 Different Types of IDS Theory Encryption and R1UC505C.4
69 Set up a secure wireless Practical Decryption R1UC505C.4
network and understand Techniques, viz.,
Secure Hash
various security protocols.
Algorithm in
network security.

7
 70 Practical R1UC505C.4
71 Cyber Crime and Information Theory R1UC505C.4
Security
72 classifications of Cyber Crimes
Theory Implement R1UC505C.4
73 Password Cracking, Keyloggers
Theory Programs for R1UC505C.4
74 Identify and exploit Practical Encryption and R1UC505C.4
Decryption
vulnerabilities in a web
Techniques, viz,
application to understand Digital Signature,
common web security issues. MD5 etc. in network
security.
75 Spywares, SQL Injection – Theory R1UC505C.4
Network Access Control

12. BIBLIOGRAPHY
Text Books
1) Stallings, W. Cryptography and Network Security: Principles and Practice, 4th ed., Prentice Hall
PTR.,2006
Reference books:
1) Kaufman, c., Perlman, R., and Speciner, M., Network Security, Private Communication in a public world,
2nded., Prentice Hall PTR., 2002.
2) Cryptography and Network Security; McGraw Hill; Behrouz A Forouzan.
3) Atul Kahate, Cryptography and Network Security, McGraw Hill.
4) Johannes A. Buchmann, “Introduction to Cryptography”, Springer-Verlag.
Journals/Magazines/Govt. Reports/Gazatte/Industry Trends
Journals:
1. Journal of Network and Computer Applications
2. IEEE Transactions on Dependable and Secure Computing
Magazines:
1. SC Magazine
2. Dark Reading
3. CSO Online
Webliography
1. [Link]
2. [Link]
3. [Link]
SWAYAM/NPTEL/MOOCs Certification /Industry Courses
[Link] [Link]
[Link]
Beacon

13. COURSE ASSESSMENT

Assessment forms an integral part of curriculum design. A learning-teaching system can only be effective if the student’s
learning is measured at various stages which means while the student processes learning (Assessment for Learning) a given

8
content and after completely learning a defined content (Assessment of Learning). Assessment for learning is referred to as
formative assessment, that is, an assessment designed to inform instruction.
The ability to use and apply the knowledge in different ways may not be the focus of the assessment. With regard to designing
assessments, the faculty members must be willing to put in the time required to create a valid, reliable assessment, that ideally
would allow students to demonstrate their understanding of the information while remaining. The following are the five main
areas that assessment reporting should cover.
1. Learning Outcomes: At the completion of a program, students are expected to know their knowledge, skills, and attitude.
Depending on whether it is a UG or PG program, the level of sophistication may be different. There should be no strict rule
on the number of outcomes to be achieved, but the list should be reasonable, and well-organized.
2. Assessable Outcomes: After a given learning activity, the statements should specify what students can do to demonstrate.
Criteria for demonstration are usually addressed in rubrics and there should be specific examples of work that doesn’t
meet expectations, meets expectations, and exceeds expectations. One of the main challenges is faculty communication
whether all faculty agreed on explicit criteria for assessing each outcome. This can be a difficult accomplishment when
multiple sections of a course are taught or different faculty members. Hence there is a need for common understanding
among the faculty on what is assessed and how it is assessed.
3. Assessment Alignment: This design of an assessment is sometimes in the form of a curriculum map, which can be created
in something as easy as an Excel spreadsheet. Courses should be examined to see which program outcomes they support,
and if the outcome is assessed within the course. After completion, program outcomes should be mapped to multiple
courses within the program.
4. Assessment Planning: Faculty members need to have a specific plan in place for assessing each outcome. Outcomes don’t
need to be assessed every year, but faculty should plan to review the assessment data over a reasonable period of time
and develop a course of action if the outcome is not being met.
5. Student Experience: Students in a program should be fully aware of the expectations of the program. The program
outcomes are aligned on the syllabus so that students are aware of what course outcomes they are required to meet, and
how the program outcomes are supported. Assessment documents should clearly communicate what is being done with
the data results and how it is contributing to the improvement of the program and curriculum.
Designing quality assessment tools or tasks involves multiple considerations if it is to be fit for purpose. The set of assessments
in a course should be planned to provide students with the opportunity to learn as they engage with formative tasks as
well as the opportunity to demonstrate their learning through summative tasks. Encouraging the student through the use
of realistic, authentic experiences is an exciting challenge for the course faculty team, who are responsible for the review
and quality enhancements to assessment practices.

14. FORMATIVE AND SUMMATIVE ASSESSMENT

Assessment Pattern for Comprehensive Course:
CIE Total Marks
Final Marks
Type of Course (C) LAB@ (Work+ Course-based CIE*0.5+SEE*0.5
Record) MTE Project^ CIE SEE

COMPREHENSIVE 25 50 25 100 100 100

@ Lab Work-15 marks + Lab Record-10 marks

^Typical Rubric for the Course-based project

Technical Seminar
Type of Assessment Tools Preliminary Project Plan TRL-1 Viva-voce

Course-based Project Work 05 05 10 05

9
 PPP (Preliminary Project Plan): The preliminary project plan (PPP) provides an initial, overview of the project and all of its
known parameters. It outlines the project’s objectives, relevance to the program, merit, and conformity to current industry/
government policy, proposed methodology, and expected outcomes. It should also include any known constraints related to
the time frame (Gantt Chart), budget, etc.

TRL (Technology Readiness Level)-1: Basic Research: Initial scientific research has been conducted. Principles are qualitatively
postulated and observed. Focus is on new discovery rather than applications.

15. PASSING STANDARDS

Passing Criteria for Different Course Types Effective from AY 2022-23 Onwards
[Link]. Course Type Passing Criterion

1. Comprehensive Course (C) A student shall secure a minimum of 30% of the maximum marks in the
semester-end examination (SEE/ETE) and 40% of aggregate marks in the
course Continuous internal examination (CIE) and SEE/ETE marks i.e.,
minimum Passing Grade in a course is “P”.

Note: Students unable to meet the overall passing criteria as mentioned shall be eligible for the
following options to clear the course:
▪ Appear in the Back Paper Examinations and have to meet the criteria to score 40% in marks overall
▪ Appear in summer examinations (Internal +External) to meet the criteria as mentioned.

16. PROBLEM-BASED LEARNING/CASE STUDIES/CLINICS

Exercises in Problem-based Learning (Assignments) (Min 54 Problems)
[Link] Problems KL
1. Use the one-time pad method with key “XMCKL” to encipher the message “HELLO”. K3
2. A ciphertext has been generated with an affine cipher. The most frequent letter of the ciphertext is 'B', and
K6
the second most frequent letter of the ciphertext is 'U'. Break this code.
One way to solve the key distribution problem is to use a line from a book that both the sender and the
receiver possess. Typically, at least in spy novels, the first sentence of a book serves as the key. The particular
scheme discussed in this problem is from one of the best suspense novels involving secret codes, Talking to
Strange Men, by Ruth Rendell. Work this problem without consulting that book!
Consider the following message:
SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILA
This ciphertext was produced using the first sentence of The Other Side of Silence (a book about the spy Kim
K6
Philby): The snow lay thick on the steps and the snowflakes driven by the wind looked black in the headlights
of the cars. A simple substitution cipher was used. a. What is the encryption algorithm?
b. How secure is it?
c. To make the key distribution problem simple, both parties can agree to use the first or last sentence
of a book as the key. To change the key, they simply need to agree on a new book. The use of the first
sentence would be preferable to the use of the last. Why?

4. In one of his cases, Sherlock Holmes was confronted with the following message.
K3
534 C2 13 127 36 31 4 17 21 41

10
 DOUGLAS 109 293 5 37 BIRLSTONE

26 BIRLSTONE 9 127 171

Although Watson was puzzled, Holmes was able immediately to deduce the type of cipher. Can you?
5. A disadvantage of the general monoalphabetic cipher is that both sender and receiver must commit
the permuted cipher sequence to memory. A common technique for avoiding this is to use a keyword
from which the cipher sequence can be generated. For example, using the keyword CIPHER, write out
the keyword followed by unused letters in normal order and match this against the plaintext letters:

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: C I P H E R A B D F G J K L M N O Q S T U V W X Y Z
If it is felt that this process does not produce sufficient mixing, write the remaining letters on K
successive lines and then generate the sequence by reading down the columns: 5
C I P H E R
A B D F G J
K L M N O Q
S T U V
W X Y Z

This yields the sequence

C A K S Y I B L T Z P D M U H F N V E G O W R J Q X Determine the keyword.
6. When the PT-109 American patrol boat, under the command of Lieutenant John F. Kennedy, was sunk by a
Japanese destroyer, a message was received at an Australian wireless station in Playfair code:

KXJEY UREBE ZWEHE WRYTU HEYFS KREHE GOYFI WTTTU OLKSY CAJPO BOTEI ZONTX BYBNT GONEY CUZWR K4
GDSON SXBOU YWRHE BAAHY USEDQ
The key used was royal New Zealand navy. Decrypt the message. Translate TT into tt.

7. a. Construct a Playfair matrix with the key largest.

b. Construct a Playfair matrix with the key occurrence. Make a reasonable assumption about how to
K4
treat redundant letters in the key.

8. Consider a Feistel cipher composed of 16 rounds with block length 128 bits and key length 128 bits.
Suppose that, for a given k, the key scheduling algorithm determines values for the first 8 round
keys, k1, k2, ..., k8, and then sets
k9 = k8, k10 = k7, k11 = k6, ..., k16 = k1
Suppose you have a ciphertext c. Explain how, with access to an encryption oracle, you can
K3
decrypt c and determine m using just a single oracle query. This shows that such a cipher is
vulnerable to a chosen plaintext attack. (An encryption oracle can be thought of as a device that,
when given a plaintext, returns the corresponding ciphertext. The internal details of the device are
not known to you and you cannot break open the device. You can only gain information from the
oracle by making queries to it and observing its responses.)
9. Let be a permutation of the integers 0, 1, 2, ... (2n - 1) such that (m) gives the permuted value of m,
0 m 2n. Put another way, maps the set of n-bit integers into itself and no two integers
map into the same integer. DES is such a permutation for 64-bit integers. We say that has a fixed K2
point at m if (m) = m. That is, if is an encryption mapping, then a fixed point corresponds to a
message that encrypts to itself. We are interested in the probability that has no fixed points. Show
the somewhat unexpected result that over 60% of mappings will have at least one fixed point.
10 Develop a program that can encrypt and decrypt using a general substitution block cipher. K3

11
11 Compute the bits number 1, 16, 33, and 48 at the output of the first round of the DES
Decryption, assuming that the ciphertext block is composed of all ones and the external key is composed of K2
all ones.
12 Show that DES decryption is, in fact, the inverse of DES encryption. K3
13 Show that in DES the first 24 bits of each subkey come from the same subset of 28 bits of the initial key and
K2
that the second 24 bits of each subkey come from a disjoint subset of 28 bits of the initial key.
14 Compare AES to DES. K2
15 For the group Sn of all permutations of n distinct symbols, What is K
the number of elements in Sn? Show that Sn is not abelian for n > 2. 2
16 A modulus of 0 does not fit the definition, but is defined by convention as follows: a mod 0 = a. With this
K2
definition in mind, what does the following expression mean: a b (mod 0)?
17 Demonstrate that the set of polynomials whose coefficients form a field is a ring. K3
4
18 Write a simple four-function calculator in GF(2 ). You may use table lookups for the multiplicative inverses. K3
8
19 Write a simple four-function calculator in GF(2 ). You should compute the multiplicative inverses on the fly. K3
20 Illustrate the difference between Rijndael and AES. K3
1
21 In the discussion of MixColumns and Inverse MixColumns, it was stated that b(x) = a (x)
K
mod (x4 + 1)
3
where a(x) = {03}x3 + {01}x2 + {01}x + {02} and b(x) = {03}x3 + {0D}x2 + {09} x + {0E}. Show that this is true.
22 Compute the output of the MixColumns transformation for the following sequence of input bytes "67 89 AB
CD". Apply the InvMixColumns transformation to the obtained result to verify your calculations. Change the
first byte of the input from '67' to '77', perform the MixColumns transformation again for the new input, and
K3
determine how many bits have changed in the output. Note: You can perform all calculations by hand or
write a program supporting these computations. If you choose to write a program, it should be written
entirely by you; no use of libraries or public domain source code is allowed in this assignment.
23 Use the key 1010 0111 0011 1011 to encrypt the plaintext "ok" as expressed in ASCII, that is
K3
0110 1111 0110 1011. The designers of S-AES got the ciphertext 0000 0111 0011 1000. Do you?
24 Write a program that can encrypt and decrypt using S-AES. Test data: a binary plaintext of 0110 1111 0110
1011 encrypted with a binary key of 1010 0111 0011 1011 should give a binary ciphertext of 0000 0111 0011 K3
1000 less ecb $$$). Decryption should work correspondingly.
25 CBC-Pad is a block cipher mode of operation used in the RC5 block cipher, but it could be used in any block
cipher. CBC-Pad handles plaintext of any length. The ciphertext is longer then the plaintext by at most the
size of a single block. Padding is used to assure that the plaintext input is a multiple of the block length. It is
assumed that the original plaintext is an integer number of bytes. This plaintext is padded at the end by from
K4
1 to bb bytes, where bb equals the block size in bytes. The pad bytes are all the same and set to a byte that
represents the number of bytes of padding. For example, if there are 8 bytes of padding, each byte has the
bit pattern 00001000. Why not allow zero bytes of padding? That is, if the original plaintext is an integer
multiple of the block size, why not refrain from padding?
26 Create software that can encrypt and decrypt in Cipher Block Chaining mode using one of the following
ciphers: affine modulo 256, Hill modulo 256, S-DES, DES. Test data for S-DES: using a binary initialization
K3
vector of 1010 1010, a binary plaintext of 0000 0001 0010 0011 encrypted with a binary key of 01111 11101
should give a binary plaintext of 1111 0100 0000 1011. Decryption should work correspondingly.
27 Electronic mail systems differ in the manner in which multiple recipients are handled. In some systems, the
originating mail-handler makes all the necessary copies, and these are sent out independently. An
alternative approach is to determine the route for each destination first. Then a single message is sent out K4
on a common portion of the route, and copies are made only when the routes diverge; this process is
referred to as mail bagging.

12
 a. Leaving aside considerations of security, discuss the relative advantages and disadvantages of the
two methods.
Discuss the security requirements and implications of the two methods.
28 The Miller-Rabin test can determine if a number is not prime but cannot determine if a number is prime.
K4
How ca .n such an algorithm be used to test for primality?
29 Write a computer program that implements the Miller-Rabin algorithm for a user- specified n.
The program should allow the user two choices: (1) specify a possible witness a to test using the Witness K3
procedure, or (2) specify a number s of random witnesses for the Miller-Rabin test to check.
30 In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5,
K2
n = 35. What is the plaintext M?
31 In the RSA public-key encryption scheme, each user has a public key, e, and a private key, d. Suppose Bob
leaks his private key. Rather than generating a new modulus, he decides to generate a new public and a new K3
private key. Is this safe?
32 Assume that you generate an authenticated and encrypted message by first applying the RSA transformation
determined by your private key, and then enciphering the message using recipient's public key (note that
you do NOT use hash function before the first transformation). Will this scheme work correctly [i.e., give the
K3
possibility to reconstruct the original message at the recipient's side, for all possible relations between the
sender's modulus ns and the recipient's modulus n R (nS > nR, nS < nR, nS = nR)]? Explain your answer. In case
your answer is "no," how would you correct this scheme?
33. Users A and B use the Diffie-Hellman key exchange technique with a common prime q= 71 and a primitive
root x = 7.
a. If user A has private key XA = 5, what is A's public key YA? K4
b. If user B has private key XB = 12, what is B's public key YB?
c. What is the shared secret key?
34. The following is a first attempt at an Elliptic Curve signature scheme. We have a global elliptic curve, prime
p, and "generator" G. Alice picks a private signing key XA and forms the public verifying key YA = XAG. To sign
a message M:
Alice picks a value k.
Alice sends Bob M, k and the signature S = M kXAG.
K4
Bob verifies that M = S + kYA
Show that this scheme works. That is, show that the verification process produces an equality if the signature
is valid.
Show that the scheme is unacceptable by describing a simple technique for forging a user's signature on an
arbitrary message.
35. When a combination of symmetric encryption and an error control code is used for message authentication,
K3
in what order must the two functions be performed?
36. It is possible to use a hash function to construct a block cipher with a structure similar to DES. Because a
K3
hash function is one way and a block cipher must be reversible (to decrypt), how is it possible?
37. Now consider the opposite problem: using an encryption algorithm to construct a one- way hash function.
Consider using RSA with a known key. Then process a message consisting of a sequence of blocks as follows:
Encrypt the first block, XOR the result with the second block and encrypt again, etc. Show that this scheme is
not secure by solving the following problem. Given a two-block message B1, B2, and its hash
K3
RSAH(B1, B2) = RSA(RSA (B1) B2)
Given an arbitrary block C1, choose C2 so that RSAH(C1, C2) = RSAH(B1, B2). Thus, the hash function does
not satisfy weak collision resistance.
38.
Whirlpool makes use of the construction Hi = E(Hi -1,Mi) H i-1 M i-1 Another K3
construction that was shown by Preneel to be secure is Hi = E(Hi-1,Mi) Mi . Now notice that the key

13
 schedule for Whirlpool resembles encryption of the cipher key under a pseudo-key defined by the round
constants, so that the core of the hashing process could be formally viewed as two interacting encryption
E(Hi-1,Mi)lines.
Consider the encryption We could write the final round key for this block as K10 = E (RC, H i-1). Now show
that the two hash constructions are essentially equivalent because of the way that the key schedule is
defined.
39. DSA specifies that if the signature generation process results in a value of s = 0, a new value of k should be
K3
generated and the signature should be recalculated. Why?
40. With DSS, because the value of k is generated for each signature, even if the same message is signed twice
on different occasions, the signatures will differ. This is not true of RSA signatures. What is the practical K3
implication of this difference?
41 Suppose that, in PCBC mode, blocks Ci and Ci+1 are interchanged during transmission. Show that this affects
K4
only the decrypted blocks Pi and Pi+1 but not subsequent blocks.
42 Consider radix-64 conversion as a form of encryption. In this case, there is no key. But suppose that an
opponent knew only that some form of substitution algorithm was being used to encrypt English text and K5
did not guess it was R64. How effective would this algorithm be against cryptanalysis?
43 In discussing AH processing, it was mentioned that not all of the fields in an IP header are included in MAC K4
calculation.
a. For each of the fields in the IPv4 header, indicate whether the field is immutable, mutable but
predictable, or mutable (zeroed prior to ICV calculation). b. Do the same for the IPv6 header. K5
c. Do the same for the IPv6 extension headers.
In each case, justify your decision for each field.
44. Consider the following threats to Web security and describe how each is countered by a particular feature of
SSL.
a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional
encryption algorithm.
b. Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the
HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-
plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the
encrypted known plaintext and looks up the ciphertext in the dictionary. The ciphertext should match against
an entry that was encrypted with the same secret key. If there are several matches, each of these can be
tried against the full ciphertext to determine the right one. This attack is especially effective against small key
sizes (e.g., 40-bit keys).
K4
C. Replay Attack: Earlier SSL handshake messages are replayed.
d. Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the
server and as the server to the client.
e. Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped.
f. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
g. IP Hijacking: An active, authenticated connection between two hosts is disrupted and the attacker
takes the place of one of the hosts.
SYN Flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the
final message to establish the connection fully. The attacked TCP module typically leaves the "half-open
connection" around for a few minutes. Repeated SYN messages can clog the TCP module.
45. One approach to defeating the tiny fragment attack is to enforce a minimum length of the transport header
that must be contained in the first fragment of an IP packet. If the first fragment is rejected, all subsequent
fragments can be rejected. However, the nature of IP is such that fragments may arrive out of order. Thus, K4
an intermediate fragment may pass through the filter before the initial fragment is rejected. How can this
situation be handled?

14
17. STUDENT-CENTERED LEARNING (SELF-LEARNING TOWARDS LIFE-LONG
LEARNING)
A list of 30-40 project statements can be offered to the students to choose or develop their own ideas (teamwork) to define a
problem statement, design and develop a product / process / service / application, and provide a suitable solution (design
thinking). They may also upload this Idea on the Yukti Portal (contact the University IIC Team) and also patent the same.

Typical Problem Statements for Course-based Projects (min. of 20)

[Link]. Typical Project/Problem KL

Design a Quantum-Resistant Cryptographic System: Develop and evaluate a cryptographic system

1 using quantum-resistant algorithms, such as lattice-based cryptography or code-based cryptography. KL6
Create an Advanced Homomorphic Encryption Scheme: Implement a fully homomorphic encryption KL6
2 (FHE) scheme and assess its practicality for real-world applications.
Develop a Post-Quantum Digital Signature Algorithm: Design and implement a digital signature
3 algorithm that is resistant to quantum computing attacks. KL6
Implement a Zero-Knowledge Proof System: Build a zero-knowledge proof (ZKP) system and KL6
4 demonstrate its application in secure authentication or blockchain privacy.
Design a Cryptographic Key Exchange Protocol with Perfect Forward Secrecy: Develop a key
5 exchange protocol that ensures perfect forward secrecy and analyze its security properties. KL6
Analyze and Enhance Elliptic Curve Cryptography (ECC): Implement ECC and propose KL6
6 enhancements to improve its performance or security, particularly in constrained environments.
Develop a Secure Multi-Party Computation Protocol: Create a protocol for secure multi-party
7 computation (SMPC) that allows parties to jointly compute a function without revealing their inputs. KL6
Implement a Cryptographic Library with Formal Verification: Develop a cryptographic library and KL6
8 use formal verification tools to prove the correctness and security of the implementations.
Build a Blockchain with Advanced Privacy Features: Create a blockchain system that incorporates
9 advanced privacy features such as zk-SNARKs or ring signatures to enhance transaction anonymity. KL6
Design a Secure Voting System Using Cryptography: Develop a cryptographic voting system that KL6
10 ensures ballot confidentiality, voter authentication, and election integrity.
Implement a Secure Cryptographic Hardware Module (HSM): Create a hardware security module
11 that performs cryptographic operations and protects key material against physical attacks. KL6
Evaluate the Security of Cryptographic Protocols in Cloud Environments: Assess the security of
KL6
12 cryptographic protocols used in cloud computing and propose improvements to address specific
vulnerabilities.
Develop a Secure Distributed Ledger System: Design and implement a distributed ledger system with
13 strong cryptographic guarantees for data integrity and access control. KL6
Create a Privacy-Preserving Data Sharing System: Build a system that allows secure and privacy- KL6
14 preserving data sharing using techniques such as secure enclaves or secure multiparty computation.
Analyze Cryptographic Attacks on Modern Protocols: Study and simulate known cryptographic
15 attacks (e.g., side-channel attacks, padding oracle attacks) on contemporary cryptographic protocols and KL6
propose mitigations.
Cybersecurity Problems KL6
16
Develop an Advanced Intrusion Detection System Using AI: Create an intrusion detection system
17 (IDS) that employs machine learning or artificial intelligence to detect sophisticated cyber threats. KL6

15
 Implement a Comprehensive Threat Intelligence Platform: Design a platform for aggregating, KL6
18 analyzing, and sharing threat intelligence data to improve an organization’s security posture.
Build a Next-Generation Security Information and Event Management (SIEM) System: Develop
19 an SIEM system that provides advanced analytics and automated response capabilities for security KL6
events.
Create a Secure Identity and Access Management System: Design and implement an IAM system KL6
20 with features such as adaptive authentication, role-based access control, and real-time access monitoring.
Develop a Cloud Security Posture Management Tool: Build a tool that continuously monitors and
21 assesses the security posture of cloud environments, identifying misconfigurations and vulnerabilities. KL6
Design an Advanced Secure Software Development Lifecycle (SDLC): Create an SDLC model
KL6
22 incorporating modern security practices, such as threat modeling, secure coding, and continuous security
testing.
Implement a Distributed Denial of Service (DDoS) Mitigation System: Develop a system that detects
23 and mitigates DDoS attacks using advanced techniques such as traffic shaping or anomaly detection. KL6
Create a Cybersecurity Simulation and Training Platform: Build a platform for simulating cyber KL6
24 attacks and conducting security training exercises for security professionals and students.
Develop a Real-Time Network Forensics Tool: Design a tool that performs real-time network forensics
25 to detect and analyze network-based attacks or suspicious activities. KL6
Implement a Secure API Gateway: Design and develop an API gateway that enforces robust security KL6
26 policies, including rate limiting, authentication, and traffic monitoring.
Build a Privacy-Aware Data Analytics Platform: Create a data analytics platform that ensures user
27 privacy through techniques like differential privacy or data anonymization. KL6
Design a Resilient Cybersecurity Incident Response Framework: Develop a comprehensive incident KL6
28 response framework that includes automated response mechanisms and post-incident analysis.
Implement a Secure Container Orchestration System: Build a container orchestration system with
29 enhanced security features, such as runtime protection and image vulnerability scanning. KL6
Develop an Advanced Endpoint Detection and Response (EDR) System: Create an EDR system that
KL6
30 provides deep visibility into endpoint activities and employs behavioral analysis to detect advanced
threats.
Create a Secure Communication Framework for IoT Devices: Design a communication framework
31 that secures data transmission between IoT devices using encryption and authentication techniques. KL6
Analyze the Security Implications of Emerging Technologies: Evaluate the security implications of
KL6
32 emerging technologies such as 5G, AI, or blockchain, and propose strategies for addressing associated
risks.
Design a Cybersecurity Risk Assessment Tool: Build a tool that helps organizations assess and
33 quantify cybersecurity risks, including vulnerabilities, threats, and potential impacts. KL6
Implement a Secure Data Deletion System: Create a system for securely deleting data from storage KL6
34 devices, ensuring that data cannot be recovered or reconstructed.
Develop a System for Secure Data Sharing in Distributed Networks: Design a system that enables
35 secure data sharing and access control across distributed networks, ensuring data integrity and KL6
confidentiality.
Build an Advanced Cyber Threat Hunting Framework: Develop a framework for proactive threat KL6
36 hunting that uses advanced techniques such as threat intelligence integration and anomaly detection.
Create a Security Awareness and Training Simulation: Design a simulation environment for security
37 awareness training that educates users on identifying and responding to various types of cyber threats. KL6
Implement a Privacy-Enhancing Technology (PET) Toolkit: Develop a toolkit that provides privacy-
KL6
38 enhancing technologies for secure data handling, including encryption, anonymization, and access
controls.
Design a Real-Time Behavioral Analytics System: Build a system that monitors and analyzes user
39 behavior in real-time to detect anomalous activities and potential security threats. KL6
Develop a Secure Software Supply Chain Management System: Create a system for managing and KL6
40 securing the software supply chain, including verifying the integrity of third-party components.

16
 Implement a Dynamic Access Control System for Cloud Resources: Design and develop a system
41 that dynamically manages access control for cloud resources based on real-time context and policies. KL6
Create a Next-Generation Firewall with Deep Packet Inspection: Develop a firewall that uses deep KL6
42 packet inspection (DPI) to provide advanced threat detection and filtering capabilities.
Build a Privacy-Preserving Machine Learning Model: Design a machine learning model that KL6
43 incorporates privacy-preserving techniques, such as federated learning or differential privacy.
Develop a Security Governance and Compliance Management Tool: Create a tool for managing
44 security governance and compliance with regulations and standards, including automated reporting and KL6
auditing.
Design a Secure Network Architecture for High-Risk Environments: Build a network architecture
KL6
45 tailored for high-risk environments, incorporating advanced security measures such as segmentation and
isolation.

Course Lead Program Chair Associate Dean Dean

17