IIT Jammu Post Graduate Diploma in Cyber Security

About Course

With the increasing reliance on digital technologies across various sectors, there
is a growing demand for professionals who can effectively safeguard sensitive
information and systems from cyber threats. The Post Graduate Diploma in
Cyber Security from IIT Jammu is a comprehensive programme designed to
equip learners with the knowledge, skills, and expertise required to address the
complex challenges of cyber security in today’s digital world.

Get ready for an interactive journey where you’ll explore various symmetric and
asymmetric cipher schemes through practical assignments and gain invaluable
experience in applying these concepts in the real world.

IIT Jammu PGD in Cyber Security – Batch 02_Brochure

IIT Jammu Post Graduate Diploma in Cyber Security – Batch 02

Course Content

Semester 1

Module 1: Mathematical Foundations and Cryptography
Learning Outcomes: 1. Understand the mathematical concepts of number theory, abstract algebra, linear algebra, and probability. 2. Get a thorough understanding of various symmetric and asymmetric cipher schemes and a hands-on experience of applying them in the real world through practical assignments. 3. Understand the fundamental mathematical concepts of cryptography and will be able to implement and understand the commonly used symmetric and asymmetric cryptography schemes such as AES, DES, DH and EC and hashing schemes such as MD5, SHA256 etc. 4. Applied cryptography will help the learner develop new solutions that either test cryptographic protocols and their strength and architecture better confidentiality and integrity approaches and solutions.

Divisibility, Modular Arithmetic, Algorithms for Integer Operations
Prime Numbers, Congruence, Solving Congruences, Fermat’s Little Theorem
Sets, Relations and Mapping, Closure property, Monoied, Group
Rings and Fields, Operations on Finite Field, Polynomials over Finite Field
Random Variable and Sample Space, Expectation and Variance
Classical Encryption Scheme and their Cryptanalysis: Shift Cipher
Block Ciphers and Stream Ciphers: Substitution Permutation Networks, Linear Cryptanalysis
Asymmetric Cryptography: RSA, Diffie Hellman, Elliptic Curve
Hash Function, Message Authentication, and Digital Signature schemes

Module 2: Computer Networking
Learning Outcomes: 1. The learner will be able to set up a network, perform subnetting, configure switches and routers, and will be able to perform passing sniffing on TCP/IP networks. 2. The learner will be able to perform network programming. Learners will be able to configure VLAN and Wireless systems. 3. The learners will be able to learn IOT Architecture, SDN and NFV concepts and apply them.

History of Computer Networking, Packet and Circuit Switching, Delays, Protocol Layers
Application Layer, Network Application Architecture, Web and HTTP, FTP, SMTP, DNS
Transport Layer, Multiplexing and Demultiplexing, UDP, Reliable Data Delivery Principles, TCP
Network Layer, Virtual Circuit and Datagram Networks, IP, Routing and Forwarding, Router
Link Layer, Error Detection and Correction, Multiple Access Control, Ethernet 802
Switching, Switches, VLANs
Wireless Links, 802.11 Architecture and Protocols, Bluetooth and Zigbe
Physical Layer – Wireless Propagation and Performance Analysis
Practical: Wireshark and Packet Sniffing, Writing a Packet Sniffer in C and Python
Practical: Socket Programming in C
Practical: Networking Commands in Windows and Linux Environment
Practical: Setting up Networks, CISCO Packet Tracer, Switch, and Router Configurations
Practical: Setting up Web Servers, DNS, SMTP, POP, and IMAP and hands-on over other Application Layer Protocols
Practical: Understanding of Physical Layer and WIFI Communication Using SDR

Operating Systems Fundamental
1. This course on operating systems will give a deep and fundamental understanding of the variety of operating systems we use and how the operating systems work and provide a bridge between the software we see and the hardware we rely on. The objective of the course is to let the candidate understand the concepts of process, memory management, storage management, CPU scheduling, etc. for an overall understanding of the system's domain. 2. The course will help understand the program in execution and how call stacks function and the memory is managed. Details of security-specific implementations and policies will make the learner understand the ecosystem of defense in depth in the OS environment.

Introduction to Operating Systems: OS Evolution, Services, System Calls, Operating System Structure and Architecture, System Programme, OS Booting
Process Concepts and Scheduling, Inter-process Communication, Threads, and Multithreading Concepts
CPU Scheduling, Scheduling Algorithms, Multiprocessor Scheduling, Process Synchronization, Monitors, Semaphores, Deadlocks
Memory Management: Paging, Memory Allocation, Swapping, Virtual Memory, Thrashing
Storage Management: File Concepts, Directory Concepts, Allocation Methods, Free Space Management, Disk Management, and Scheduling
Access Control and Authentication, Memory Protection Concepts, Programme Threats, Malware Analysis
Practical: Basic Unix, Linux Administration and Commands
Practical: Linux System Calls and Understanding, Shell Programming
Practical: CPU Scheduling Algorithms, IPC Using Shared Memory, Deadlock Avoidance and Detection Algorithms, Semaphores
Practical: Multi-threading and Synchronization, Paging Algorithms, File Allocation

Module 4: Introduction to Cyber Security
The learner will be able to understand a specific topic of study chosen for a technical seminar in a greater depth and will be able to generate knowledge through a systematic process. The candidate will learn technical report writing, knowledge generation, and technical presentation skills. The candidates will submit the technical studies performed during the course as survey papers in Journals and/or conferences or host them as knowledge for others.

Module 5: Technical Seminar
The learner will be able to understand a specific topic of study chosen for a technical seminar in a greater depth and will be able to generate knowledge through a systematic process. The candidate will learn technical report writing, knowledge generation, and technical presentation skills. The candidates will submit the technical studies performed during the course as survey papers in Journals and/or conferences or host them as knowledge for others.

Semester 2

Module 1: Web Application and Network Security
The candidates will be able to perform basic network and web application penetration testing and will be able to develop new tools from the knowledge made available through network programming exercises that can do packet crafting and sniffing and scanning activities.

Introduction to Web Application Security: OWASP security risks, XSS, CSRF, SSRF Attacks and Countermeasures
Symmetric Key Distribution Techniques, Public Key Infrastructure and Applications, HTTPS, TLS, X.509
DNS and Email Security: Cache Poisoning, Reflection, Tunneling, Spoofing, DNSSEC
Attacks on Transport Layer, Network Layer and Data Link Layer and their countermeasures, Network Programming Concepts
Intrusion Detection Systems, Firewalls, Proxies, Caches, Honeypots, Case Studies
Practical: Web Application Penetration Testing and Hands On Exercises, Openssl and PKI Realisation
Practical: Packet Crafting via Popular Tools and Through Raw Socket Programming to realise network attacks
Practical: Email and DNS Security, ICMP and ARP based Attacks, Phishing
Introduction to Popular Packet Filtering Firewall, Intrusion Detection Systems, Web Application Firewalls

Module 2: Multimedia and Digital Forensics
After completion of this course, students will be able to understand: An overview of the major problems and recent developments in the field of multimedia security & forensics. Effective forensic tools to authenticate digital media and detect tampering operations, will be able to do mobile and disk forensics.

Module 3: Systems and Software Security
After the end of the course, the learner will be able to get a detailed understanding of attacks on operating systems security and counter measures that should be taken care of while designing an operating system or configuring an existing one. The learner will understand secure software development, threat modelling, software code flow analysis and best programming practices to avoid well known flaws.

Module 4: Special Topics in Cyber Security
After completion of this course, the learner will be able to understand attacks in the multi-tenancy architectures and configure security measures and defences in cloud environments, VMs, develop multi-factor authentication schemes, understand and apply side channel attacks.

Module 5: Applied Cyber Security Project
After completion of this course, it is expected that the learner will be able to take up bigger cyber security projects along the same lines in the industry. Learner will be able to prototype at least one usable and novel cyber security solution from his learnings of PGDCS.

Tools

Wireshark
TCPDUMP
BurpSuite
Zed Attack Proxy
BwApp
Nmap
hPing
Hashcat
Volatility
FTK Imager
IPTables Firewall
ProcDump

Assignments/Case-studies/Projects

Design and Development of Intrusion Detection Systems
Develop Security Related Protocols for Low Powered Device
Design and Development of Intrusion Prevention Systems and Honeypots
Develop Email Security and Anti Phishing SolutionsDigital Forensics Solutions
AI powered Cyber Offense/Defense
Homomorphic Encryption Applications
Design and Develop IAM solutions for Infrastructure
Develop Security solutions for Hypervisor and Virtualized Resources in CloudVPNS and Proxy Development
PKI and Applications Development

About Course

What Will You Learn?

Course Content

Semester 1

Divisibility, Modular Arithmetic, Algorithms for Integer Operations

Prime Numbers, Congruence, Solving Congruences, Fermat’s Little Theorem

Sets, Relations and Mapping, Closure property, Monoied, Group

Rings and Fields, Operations on Finite Field, Polynomials over Finite Field

Random Variable and Sample Space, Expectation and Variance

Classical Encryption Scheme and their Cryptanalysis: Shift Cipher

Block Ciphers and Stream Ciphers: Substitution Permutation Networks, Linear Cryptanalysis

Asymmetric Cryptography: RSA, Diffie Hellman, Elliptic Curve

Hash Function, Message Authentication, and Digital Signature schemes

History of Computer Networking, Packet and Circuit Switching, Delays, Protocol Layers

Application Layer, Network Application Architecture, Web and HTTP, FTP, SMTP, DNS

Transport Layer, Multiplexing and Demultiplexing, UDP, Reliable Data Delivery Principles, TCP

Network Layer, Virtual Circuit and Datagram Networks, IP, Routing and Forwarding, Router

Link Layer, Error Detection and Correction, Multiple Access Control, Ethernet 802

Switching, Switches, VLANs

Wireless Links, 802.11 Architecture and Protocols, Bluetooth and Zigbe

Physical Layer – Wireless Propagation and Performance Analysis

Practical: Wireshark and Packet Sniffing, Writing a Packet Sniffer in C and Python

Practical: Socket Programming in C

Practical: Networking Commands in Windows and Linux Environment

Practical: Setting up Networks, CISCO Packet Tracer, Switch, and Router Configurations

Practical: Setting up Web Servers, DNS, SMTP, POP, and IMAP and hands-on over other Application Layer Protocols

Practical: Understanding of Physical Layer and WIFI Communication Using SDR

Introduction to Operating Systems: OS Evolution, Services, System Calls, Operating System Structure and Architecture, System Programme, OS Booting

Process Concepts and Scheduling, Inter-process Communication, Threads, and Multithreading Concepts

CPU Scheduling, Scheduling Algorithms, Multiprocessor Scheduling, Process Synchronization, Monitors, Semaphores, Deadlocks

Memory Management: Paging, Memory Allocation, Swapping, Virtual Memory, Thrashing

Storage Management: File Concepts, Directory Concepts, Allocation Methods, Free Space Management, Disk Management, and Scheduling

Access Control and Authentication, Memory Protection Concepts, Programme Threats, Malware Analysis

Practical: Basic Unix, Linux Administration and Commands

Practical: Linux System Calls and Understanding, Shell Programming

Practical: CPU Scheduling Algorithms, IPC Using Shared Memory, Deadlock Avoidance and Detection Algorithms, Semaphores

Practical: Multi-threading and Synchronization, Paging Algorithms, File Allocation

Introduction to Cyber Security- What is Cyber Security, Cyber Threats, CIA Principles, OSI Security Architecture

Cyber Kill Chain/Hacking methodologies, MITRE Attack Framework

Multilevel Security Models: Bell LaPadula Model and Biba Model

Security Design Concepts: Principle of Least Privilege, Defense in Depth, Compartmentalization

Cyber Attacks Case Study and Discussions, Cyber Security Resources and References

Identify and choose issues of practical importance in the area of security

Learn how to get systematic literature on a technical subject and perform critical thinking, aims and motivation

Learn components of a good technical presentation/report, soft skills

Learn comparative analysis, how to identify gaps, practical implementation, verification and validation of technical content

Final presentation, feedbacks and discussion

Semester 2

Introduction to Web Application Security: OWASP security risks, XSS, CSRF, SSRF Attacks and Countermeasures

Symmetric Key Distribution Techniques, Public Key Infrastructure and Applications, HTTPS, TLS, X.509

DNS and Email Security: Cache Poisoning, Reflection, Tunneling, Spoofing, DNSSEC

Attacks on Transport Layer, Network Layer and Data Link Layer and their countermeasures, Network Programming Concepts

Intrusion Detection Systems, Firewalls, Proxies, Caches, Honeypots, Case Studies

Practical: Web Application Penetration Testing and Hands On Exercises, Openssl and PKI Realisation

Practical: Packet Crafting via Popular Tools and Through Raw Socket Programming to realise network attacks

Practical: Email and DNS Security, ICMP and ARP based Attacks, Phishing

Introduction to Popular Packet Filtering Firewall, Intrusion Detection Systems, Web Application Firewalls

Fundamentals of Digital Forensics

Multimedia Forensics, Format Based Forensics, Pixel-based Forensics, Statistical Based Forensics, Camera Based Forensics, Homomorphic Encryption

Framework for Digital Forensics Evidence Collection and Processing, Incident Response

Disk and Mobile Forensic techniques, Mobile Device Security Analysis, Incident Response

Fundamentals of Linux and Windows OS

Programme Binary Formats, Libraries Linkers and Loaders, Process Layout, Stack Layout, Heap Layout and Customisation

Programming Language Weakness, Stack Smashing Heap Spray, Return Oriented Programming

Principles of Defences, Address Space Randomization, Stack Canaries, Data Execution Prevention

Vulnerability Analysis and Standardization, Scanners, Binary Diffing, Malwares and Analysis

Reverse Engineering, Use Cases and Examples

Software Security Issues and Best Practices

OWASP Cloud Security Risks, Virtualization and related setbacks, Co Residency Attacks and Countermeasures

Hyperjacking, Rootkits, Hypervisor Vulnerabilities, XEN, KVM and Related Case Studies, Defenses in Azure, AWS, Data Security

IoT and SDN Security Issues and Challenges

Machine Learning for Security- Application of Machine Learning in Solving Various Problems in The Domain of Security, Deep Fake Detection

Data Security and Privacy issues; Frameworks and Standards, Cyber Security Laws

Problem Statement Discussion and Literature Survey

Research Gaps Identification, Architecture The Solution

Experimentations and Analysis

Article or Publication Writing and Demonstrations

Tools

Wireshark

TCPDUMP