Welcome to

Foundation of Information Security

Foundation of Information
Security
Lecture-1
Introduction
• Instructor : Sweta Mishra
• Room No. : 219B, Block-C
• Phone Number: 477 (internal)
• Email : sweta.mishra@snu.edu.in
• Web Link : https://cse.snu.edu.in/people/faculty/sweta-mishra

• Research Interests
• Cryptography, Password-based Cryptosystems, Biometric Security, Information
Security, Blockchain Technology…
• Google scholar link: https://scholar.google.co.in/citations?user=nqSP0nIAAAAJ&hl=en
Spring Semester 2023: Timetable
Lecture Time: 10:00 – 11:00 AM (Monday & Wednesday)
4:00 – 6:00 PM (Friday)
Credits: 3
Contact Hours (L:T:P): 2:0:2 instead 3:0:0
Lab (on requirement basis)

Teaching Assistant (TA): Shanu Poddar (sp179@snu.edu.in)

Ramya Karna (rk408@snu.edu.in)

Office hour: Wednesday (3:00 PM -4:00 PM) or email appointment.

Course logistics
• Lecture slides, assignments will be posted on ‘Blackboard’.
• For each assignment there will be a deadline for submission.
• Be sure that you complete the exercise well before the deadline and
submit your assignment in time, submitted after due date will not be
evaluated.
Course Grading Structure
• These weights are indicative, and may change as semester progresses

Evaluation Instrument Weightage

Mid Term 25%
Quiz 20%
Assignment 25%
End Term 30%
Evaluation Strategy

• Relative Grading

• Attendance requirement: 75% (minimum)

Course contents
• Security Overview, CIA model, Threats, Security Policies and Mechanisms

• Cryptography Basics: Stream Ciphers and Block Ciphers, Public Key Cryptography,
Hash Functions

• Authentication and Access Control

• Malicious Software: Trojan Horses, Viruses, Worms, Logic Bombs, Defenses.

• Denial-of-Service Attacks: DoS, DDoS, Defenses.

• Intrusion Detections, Firewalls and Intrusion Prevention Systems

• Protocols: TLS security, Authentication protocol

Recommended
Books

1. Matt Bishop, S.S.

Venkatramanayya, “Introduction
to Computer Security, 3/e”,
Pearson Education

2. W Stallings, “Cryptography and

Network Security: Principles and
Practice, 6/e”, Prentice Hall
What is Security?
What is Security?
- Protection of our assets
Physical Security

Image source: web

Logical Assets

• Data or Intellectual property

• Main focus on securing our logical assets
Computers are Ubiquitous!

Online
- work/ school
- Play games
- Buy goods from merchants
- track activities with sensors on our wrists.
- Connect IoTs

Access of information on a click!!!

Computers are Ubiquitous!

Online
- work/ school
- Play games
- Buy goods from merchants
- track activities with sensors on our wrists.
- Connect IoTs

Poses Major
Access of information on a click!!! Security Risks…
Authorized Access
Biometric
Authentication
Alternate
approach to
Fingerprint…
Secure?
Liveness
detection – Face
Recognition?
Blink your
Eyes…
Personal Identifying Information!
Database Breach!
Why this course is important ?

• In this era of ubiquitous computing where we are connected to each

other through so many computing devices, it is important to protect
our data.
Why this course is important ?

• In this era of ubiquitous computing where we are connected to each

other through so many computing devices, it is important to protect
our data.
• Technology changes at an increasingly rapid rate but theory about
keeping ourselves secure lags behind.
• Good understanding of the basics of information security helps to
cope with changes as they come.
Many Challenges…

• When securing an asset, system, or environment, we must consider

how the level of security relates to the value of the item being
secured.
• No single activity or action will make you secure in every situation.
• Always emerging new attacks to which, you are vulnerable.
• Conducting different level of awareness programs
• ……
Information Security
The term ‘information security’ means protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide
confidentiality, integrity and availability

— Federal Information Security Modernization Act of 2014.

Security Model
CIA triad