Information Assurance and Security :[BE: IT/Comp]

Information Assurance and Security is one of the most important, most interesting and an extremely useful subject you will come across in your Engineering Career. This subject is introduced as a regular subject for IT in the 7th Semester and as an elective subject for Computer Engineering in the 8th Semester with the name Network Information Security. The contents of the syllabus for both Computer and IT Engineering is almost the same with just a few minor changes.

 Never use any available local author books for this subject, I would suggest you to prefer only  References for this subject. The subject contains many security based algorithms, brief introduction to Digital Certificates, Digital Signatures and many other security related concepts. The subject is very interesting to learn and extremely easy. Scoring 65+ in this subject is an extremely easy task. Many students even score 70+ easily. Every year the question paper for this subject is a bit applicative and not that straight forward. But still students manage to score well as the subject is totally conceptual : no theory at all.

Let us have a brief analysis of the subject.

Unit 1:

Relatively simple unit. This unit includes the most important concept in Security : 'CIA' .You will find this principle applied whenever security comes into the picture in any subject. A very simple concept and extremely important. This unit includes basics of a few security implementation techniques and a few algorithms and theorems. Among the algorithms and theorems Modular Arithmetic, GCD, Euclid’s Algorithms  are extremely simple ,only the chinese remainder theorem is a bit confusing . We would be providing a detailed implementation of the Chinese Remainder theorem in the upcoming tutorials. Rest of the unit is very simple. Questions from this unit are easily predictable.

Unit 2:

Introduces to you cryptography and associated algorithms and its implementation techniques. This unit will be a little time consuming as it includes various new algorithms and not that easy to understand in the first go. AES , DES, RSA, Blowfish,SHA -1 and MD5 are a few algorithms in this unit. The first attempt to understand these algorithms will be a little time consuming process. But , we have provided animations for most of the tutorials in our website. You can easily understand these algorithms using our animations. But overall this unit is very intersting.

Unit 3:

Easier than 2nd unit. This unit introduces to you the basics of Key Management Techniques and a few protocols (easier ones, not like the previous ones).

Unit 4 :

A very important unit ,as it introduces to you to most widely used security implementations for the network : SSL , Transport layer security. IPSEC,  a few protocols and brief introduction to Intrusion Detection Systems. Easy to understand as there are huge examples and tutorials available over the net.

Unit 5:

Easiest unit. Most of you would not even require to read this unit as it includes all new technologies which are well known to the youth like Electronic Payment, Smart Cards, Payment over Internet, Mobile Payment, Electronic cash and related terms. Easy and extremely scoring unit.

Unit 6:

Again a very simple unit, gives you a short introduction to cyber crimes,forensics, IT Laws  and recovering electronic evidence etc. Very easy and most questions are easily predictable.

Verdict:

Very interesting, extremely important and easy to learn subject. Totally conceptual.

Difficulty Level : Easy to Learn

Scoring Pattern :  easy to score 65+

Books Recommended :


Local  Author : 
Only Technical Publications was available for 2012 Batch. This book should only be used for Question papers, few sums and a few important topics in the last unit. Rest should be referred from Reference Books.


References :


 From exam point of View :
 The most important books are

(For Units 1- 4)

Computer Security : Principles and Practices - William Stallings
or

Cryptography and Network Security - Behrouz Forouzan

(For Unit 5)

Network Security and Cryptography - Bernard Menzes
---------------------------------------------------------------------------------

Even though,  the university recommends Bruice Schneier's books, the language used in this book is not that lucid. William Stalling or Behrouz Forouzan would be the best choice for the first 4 units.

One book recommended for Information Security is  'Cryptography and Network Security - Atul Kahate'. this book even though not recommended by the university, this book has one of the most amazingly organized contents and easiest language used. The book is so easy to learn, that you would end up reading the entire book as a novel in no time. All concepts about security can be easily understood using this book. Users rating for the book by Atul Kahate is 5 star. Unfortunately, there are no PDF Ebooks of this book available for download . You can order one from Flipkart, it would cost RS 300 only. It is definitely worth spending 300 bucks for this book.

    

Books for Download

Cryptography and Network Security

William Stallings

------------------------------------------------------------------------

Applied Cryptography

Bruce Schneier

-------------------------------------------------------------------------

Read More

Advance Computer Networks : [BE-IT] Elective

Advance Computer Networks

Unit I Introduction

Requirements , Network architecture , Networking principles, Network services and Layered architecture , Network services and Layered architecture , Future networks ( Internet , ATM , Cable TV, Wireless – Bluetooth, Wi-Fi, WiMax, Cell phone )

Unit II Advanced Technologies

Virtual circuits, Fixed size packets, Small size packets, Integrated service, History, Challenges, ATM Network protocols, IP over ATM, Wireless networks : Wireless communication basics, architecture, mobility management, wireless network protocols. Ad-hoc networks Basic concepts, routing; Bluetooth

(802.15.1), Wi-Fi (802.11), WiMAX (802.16), Optical Network : links, WDM system, Optical LANs, Optical paths and networks.

Unit III Performance of Networks

Control of networks: objectives and methods of control, Circuit switched networks, Datagram and ATM networks. Mathematical background for control of networks like Circuit switched networks, Datagram and ATM networks

Unit IV Advanced Routing - I

Routing architecture , Routing between peers ( BGP) , IP switching and Multi- Protocol Label Switching (MPLS), MPLS Architecture and related protocols , Traffic Engineering (TE) and TE with MPLS , NAT and Virtual Private Networks (L2, L3, and Hybrid), CIDR –Introduction , CIDR addressing, CIDR

address blocks and Bit masks

Unit V Advanced Routing - II

Mobile IP- characteristics, Mobile IP operation, Security related issues. Mobility in networks. Voice and Video over IP (RTP, RSVP, QoS) IPv6: Why IPv6, basic protocol, extensions and options, support for QoS, security, etc., neighbor discovery, auto-configuration, routing. Changes to other protocols. Application

Programming Interface for IPv6.

Unit VI Ad Hoc Networking

An Introduction, A DoD Perspective on Mobile Ad Hoc Networks, DSDV: Routing over a Multihop Wireless Network of Mobile Computers, Cluster-Based Networks, DSR: The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks

Download Books

Computer Networks: A Systems Approach

Larry L. Peterson, Bruce S

Download Now

File Type :PDF

----------------------------------------------------------

Internetworking with TCP/IP

Douglas E. Comer

Download Now

File Type :PDF

--------------------------------------------------------------------------------------------

Read More

Geo Informatics System : GIS [Elective] - BE- IT

New Update : 19 May 2012

-------------------------------------------------------------------------------

GIS : UNIT 6

 Download Now

Type : PDF

       Size : 2.5 MB

       Comments : Scanned Copy  

------------------------------------------------------------------------------

Geo Informatics System (GIS) is an elective  subject introduced into the final year, final semester of Information Technology Engineering og Pune University. The subject is vast and was introduced for the first time in  2012 for the 2008 pattern. 

The Syllabus for the subject is as follows:

Unit I: Digital Image Processing Fundamentals

Basic character of digital images, preprocessing, registration, enhancement, spatial filtering, transformations, classification, Visual Image Interpretation: Types of pictorial data products, image interpretation strategy, image interpretation process, basic elements of image interpretation.

Unit II: Foundations of Remote Sensing

Basic Principles of remote sensing, Electromagnetic remote sensing process,     Microwave Remote Sensing:

The radar Principle, factors affecting microwave measurements, radar wavebands, SLAR Systems , SAR, Interpreting SAR images, geometrical Remote Sensing platform and Sensors: Satellite system parameters, sensor parameters, imaging sensor systems, Earth recourses satellite series.

Unit III: GIS Fundamentals

GIS: Definition, evolution, components, approaches, Geospatial data, GIS operations.

GIS architecture, models of GIS, framework for GIS, GIS categories, level / scales of measurement. Map projections, Map as a model, classification of maps, map scale, cartographic symbolization, types of map, spatial referencing system, map projections, grid systems, computer in map production, digital database in a GIS, linkage of GIS to remote sensing

Unit IV: Spatial Data Management

Existing GIS data, Metadata, conversion of existing data, creating new data, geometric transformations, Describing data quality and errors, Sources of errors in GIS, Finding and modeling errors in GIS, Managing GIS error, types of errors- RMS error, location error, topological error, spatial data accuracy. Attribute data in GIS, Spatial data processing.

Unit V Data Modeling and Analysis

Data Exploration, types of data queries, Vector data analysis- buffering, overlay, distance measurement, pattern analysis, Raster Data analysisdifferent types of operations, comparison of vector and raster based data analysis. Basic elements of GIS modeling- Binary models, Index models, Process

models

Unit VI: Applications and development

Urban and Municipal Applications- introduction and methodology. GIS implementation and Project Management – Software Engg. as applied to GIS, GIS project planning, System Analysis and user requirements studies, geospatial database design methodology, GIS application software design methodology, system implementation and maintenance, Geospatial Information Domain, issues and trends in GIS development.

Books for Download:

Remote Sensing and Geographical Information Systems

M. Anji Reddi
(Syllabus Recommended)

Download Now

Alternative Download 
TYPE  :DJVU
SIZE  : 7.5 MB


(The Above File is in DJVU format)
(Download WinDJView to open DJVU File)


-------------------------------------------


The Design and Implementation of
Geographic Information Systems 
John Harmon, Stephen Anderson

Download Now

Alternative Download

TYPE : PDF

SIZe : 2.6 MB

-----------------------------------------------

Managing Geographic Information Systems

Nancy Obermeyer, Jeffrey Pinto

Download Now

Alternative Download Now

TYPE : PDF

SIZE : 2MB

----------------------------------------------- 

------------------------------------------------

Read More

Software Architecture : BE - [ Comp : Sem 1] [IT Sem 2]

Software Architecture is a very important subject introduced in the final year for Computer and IT Engineering Students. Both the branches have introduced the subject as an elective subject. Elective 1 for Computer Engineering and Elective 3 for IT Engineering. The crux of the subject is introduce the different models, design patterns, architecture of software development, The subject is a very important subject for an engineer aiming to move towards development field.

 The subject, even though is important it is really boring to study. Extremely vast, very boring concepts and  totally theoretical subject. Too many concepts to mug up in this subject, this makes learning this subject joyless. Computer Syllabus differs a bit from the IT syllabus, though not much big differences in both, the need to mention this point is the stress required to find out notes and study material for this subject. The paper of this subject is however very easy (as per history). Students find it really easy to appear for the exam than to prepare for the exam . Scoring is also not a difficult task in this subject, this is the most important and vital reason for Engineers to choose this subject as their elective subject.

 Books for Download :

Software Architecture in Practice 

Bass, Clements,  Kazman 

Download Now 
Size : 12.8 MB
Type :  PDF


--------------------------------------------------------------

Design Patterns : 
Elements of Reusable Object Oriented Software
Gamma, Helm, Johnson,Vlissides

Download Now
Size : 4.06 MB
Type : PDF




---------------------------------------------------------------------


Head First Design Patterns

Download Now

Size : 16.9 MB
Type : PDF


========================================
Video Lectures


Software Architecture Concepts

ABC - Architecture Business Cycle

Design Patterns

Read More

Encryption & Decryption : Information Security

Download this guide as PDF

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.

The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions. Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital signals.

In order to easily recover the contents of an encrypted signal, the correct decryption key is required. The key is an algorithm that undoes the work of the encryption algorithm. Alternatively, a computer can be used in an attempt to break the cipher. The more complex the encryption algorithm, the more difficult it becomes to eavesdrop on the communications without access to the key.

Encryption/decryption is especially important in wireless communications. This is because wireless circuits are easier to tap than their hard-wired counterparts. Nevertheless, encryption/decryption is a good idea when carrying out any kind of sensitive transaction, such as a credit-card purchase online, or the discussion of a company secret between different departments in the organization. The stronger the cipher -- that is, the harder it is for unauthorized people to break it -- the better, in general. However, as the strength of encryption/decryption increases, so does the cost.

Encryption is mainly of two types :

•  Asymmetric Key Encryption (Public-Key Encryption)
•  Symmetric Key Encryption

Symmetric-Key Encryption

   With symmetric-key encryption, the encryption key can be calculated from the decryption key, and vice versa. With most symmetric algorithms, the same key is used for both encryption and decryption. 

The following figure shows a symmetric-key encryption.

Symmetric-Key Encryption

Implementations of symmetric-key encryption can be highly efficient, so that users do not experience any significant time delay as a result of the encryption and decryption. Symmetric-key encryption also provides a degree of authentication, since information encrypted with one symmetric key cannot be decrypted with any other symmetric key. Thus, as long as the symmetric key is kept secret by the two parties using it to encrypt communications, each party can be sure that it is communicating with the other as long as the decrypted messages continue to make sense.

   Symmetric-key encryption is effective only if the symmetric key is kept secret by the two parties involved. If anyone else discovers the key, it affects both confidentiality and authentication. A person with an unauthorized symmetric key not only can decrypt messages sent with that key, but can encrypt new messages and send them as if they came from one of the two parties who were originally using the key.

    Symmetric-key encryption plays an important role in the SSL protocol, which is widely used for authentication, tamper detection, and encryption over TCP/IP networks. SSL also uses techniques of public-key encryption, which is described in the next section.

 Asymmetric Key Encryption :

Public-Key Encryption

The most commonly used implementations of public-key encryption are based on algorithms patented by RSA Data Security. Therefore, this section describes the RSA approach to public-key encryption.

   Public-key encryption (also called asymmetric encryption) involves a pair of keys—a public key and a private key—associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published, and the corresponding private key is kept secret. 

The following figure shows a simplified view of the way public-key encryption works.

Public-Key Encryption

    Public—key encryption lets you distribute a public key, and only you can read data encrypted by this key. In general, to send encrypted data to someone, you encrypt the data with that person’s public key, and the person receiving the encrypted data decrypts it with the corresponding private key.

   Compared with symmetric-key encryption, public-key encryption requires more computation and is therefore not always appropriate for large amounts of data. However, it’s possible to use public-key encryption to send a symmetric key, which can then be used to encrypt additional data. This is the approach used by the SSL protocol.

     As it happens, the reverse of the scheme shown in Figure also works: data encrypted with your private key can be decrypted with your public key only. This would not be a desirable way to encrypt sensitive data, however, because it means that anyone with your public key, which is by definition published, could decrypt the data. Nevertheless, private-key encryption is useful, because it means you can use your private key to sign data with your digital signature—an important requirement for electronic commerce and other commercial applications of cryptography. Client software can then use your public key to confirm that the message was signed with your private key and that it hasn’t been tampered with since being signed. Digital Signatures on Digital Signatures and subsequent sections describe how this confirmation process works.

========================

Video Lectures

Symmetric Key Cryptography : part 1

Symmetric Key Cryptography : part 2

Symmetric Key Cryptography : Block Ciphers & DES

Block Ciphers, DES, Triple DES

Integrity & message Authentication

Symmetric & Asymmetric Encryption

Asymmetric Encryption

============================================

Read More

Waterfall Model - Software Engineering TE[Comp&IT] - Sem 5/ Sem 6

                                 ( Download as PDF )

Waterfall Model

     Waterfall approach was first Process Model to be introduced and followed widely in Software Engineering to ensure success of the project. In "The Waterfall" approach, the whole process of software development is divided into separate process phases.

Overview

Waterfall development isn't new -- it's been around since 1970 -- but most developers still only have a vague idea of what it means. Essentially, it's a framework for software development in which development proceeds sequentially through a series of phases, starting with system requirements analysis and leading up to product release and maintenance . Feedback loops exist between each phase, so that as new information is uncovered or problems are discovered, it is possible to "go back" aphase and make appropriate modification. Progress "flows" from onestage to the next, much like the waterfall that gives the model its name.

The phases in Waterfall model are: 

Requirement Specifications phase

Software Design
Implementation
Testing

Deployment

Maintenance.

The stages of "The Waterfall Model" are:

Requirement Analysis & Definition:

    All possible requirements of the system to be developed are captured in this phase. Requirements are set of functionalities and constraints that the end-user (who will be using the system) expects from the system. The requirements are gathered from the end-user by consultation, these requirements are analyzed for their validity and the possibility of incorporating the requirements in the system to be development is also studied. Finally, a Requirement Specification document is created which serves the purpose of guideline for the next phase of the model.

System & Software Design:

Before a starting for actual coding, it is highly important to understand what we are going to create and what it should look like? The requirement specifications from first phase are studied in this phase and system design is prepared. System Design helps in specifying hardware and system requirements and also helps in defining overall system architecture. The system design specifications serve as input for the next phase of the model.

Implementation & Unit Testing: 

On receiving system design documents, the work is divided in modules/units and actual coding is started. The system is first developed in small programs called units, which are integrated in the next phase. Each unit is developed and tested for its functionality; this is referred to as Unit Testing. Unit testing mainly verifies if the modules/units meet their specifications.

Integration & System Testing: 

As specified above, the system is first divided in units which are developed and tested for their functionalities. These units are integrated into a complete system during Integration phase and tested to check if all modules/units coordinate between each other and the system as a whole behaves as per the specifications. After successfully testing the software, it is delivered to the customer.

Operations & Maintenance: 

This phase of "The Waterfall Model" is virtually never ending phase (Very long). Generally, problems with the system developed (which are not found during the development life cycle) come up after its practical use starts, so the issues related to the system are solved after deployment of the system. Not all the problems come in picture directly but they arise time to time and needs to be solved; hence this process is referred as Maintenance.

Advantages and Disadvantages

Advantages

The waterfall model, as described above, offers numerousadvantages for software developers. First, the staged development cycleenforces discipline: every phase has a defined start and end point, andprogress can be conclusively identified (through the use of milestones) by bothvendor and client. The emphasis on requirements and design before writing asingle line of code ensures minimal wastage of time and effort and reduces therisk of schedule slippage, or of customer expectations not being met.

Getting the requirements and design out of the way firstalso improves quality; it's much easier to catch and correct possible flaws atthe design stage than at the testing stage, after all the components have beenintegrated and tracking down specific errors is more complex. Finally, becausethe first two phases end in the production of a formal specification, thewaterfall model can aid efficient knowledge transfer when team members aredispersed in different locations.

Disadvantages

Despite the seemingly obvious advantages, the waterfallmodel has come in for a fair share of criticism in recent times. The most prominent criticism revolves around the fact that very often, customers don'treally know what they want up-front; rather, what they want emerges out ofrepeated two-way interactions over the course of the project. In thissituation, the waterfall model, with its emphasis on up-front requirementscapture and design, is seen as somewhat unrealistic and unsuitable for thevagaries of the real world. Further, given the uncertain nature of customer needs, estimating time and costs with any degree of accuracy (as the model suggests) is often extremely difficult. In general, therefore, the model is recommended for use only in projects which are relatively stable and wherecustomer needs can be clearly identified at an early stage.

Another criticism revolves around the model's implicitassumption that designs can be feasibly translated into real products; this sometimes runs into roadblocks when developers actually begin implementation.Often, designs that look feasible on paper turn out to be expensive ordifficult in practice, requiring a re-design and hence destroying the clear distinctions between phases of the traditional waterfall model. Some criticism salso center on the fact that the waterfall model implies a clear division of labor between, say, "designers", "programmers" and"testers"; in reality, such a division of labor in most software firms is neither realistic nor efficient.

Customer needs

While the model does have critics, it still remains usefulfor certain types of projects and can, when properly implemented, produce significant cost and time savings. Whether you should use it or not dependslargely on how well you believe you understand your customer's needs, and howmuch volatility you expect in those needs as the project progresses. It's worth nothing that for more volatile projects, other frameworks exists for thinking about project management, notably the so-called spiral model...but that's a story for another day!

=======================================

Video Lectures

Overview of Different Models

Waterfall vs Agile

========================================

Read More