CS7064 - Information Security (2022/23)
|Module specification||Module approved to run in 2022/23|
|Module title||Information Security|
|Module level||Masters (07)|
|Credit rating for module||20|
|School||School of Computing and Digital Media|
|Total study hours||200|
|Running in 2022/23(Please note that module timeslots are subject to change)||
The module is concerned with the study and application of tools and techniques that enable the protection of information and other resources of enterprise information systems. Increases in storage, manipulation, and transfer of data across computer networks requires effective encryption techniques. This module will provide insight into some of those techniques, algorithms and their development through history. Part of the course is dedicated to the mathematics (number theory, finite fields and elliptic curves) relevant to cryptography with techniques developed using software such as Maple. The focus will also be on the analysis, design and implementation of tools and techniques that achieve the three goals of confidentiality, integrity and authenticity in security computing. Particular focus will be on the management framework that facilitate the accomplishment of the above three goals. Importantly the module will address the ethical framework of information security, the issues around privacy and data protection and the rights of private citizens to access strong encryption. Throughout the module connections with other aspects of artificial intelligence and cybersecurity will be emphasised through the examples and case studies chosen.
Prior learning requirements
• Information security principles; confidentiality, authenticity and integrity. Framework standards for Information Security and taxonomies of threat; threat assessment and the identification of vulnerabilities. .
• Human factors in Information Security; vulnerabilities and possible defences; legal frameworks and responsibilities in respect of privacy and data protection. Security Administration.; e.g. integrating people, processes, technologies and policies.
• Frameworks to identify and evaluate risks. Qualitative and quantitative models; risk mitigation and controls. Business continuity planning frameworks.
• Introduction to cryptography, history and terminology. Basic principles of substitution and transposition.
• Symmetric cryptography systems including Advanced Encryption Standard and related techniques of block and stream ciphers.
• Asymmetric cryptography including RSA, Diffie Hellman key exchange, El Gamel, Elliptic Curve cryptography.
• Message authentication and non repudiation. Hash standards, message authentication codes and digital signatures based on public/private keys.
• Mathematics for cryptography: primes and prime factorisation techniques; quotient/remainders, gcds and inverses modulo n; finite fields and discrete logarithms; elliptic curves. Mathematics will be developed as required with emphasis on computational interpretation through Maple/Excel and other programming languages.
• Security processes and technologies for enterprise systems; e.g. access control, authentication, firewalls, filters, biometrics etc.
• E-commerce security and e-policy; e.g. digital signature, PKI, etc. Mobile and wireless security protocols.
• Ethical issues raised by questions of privacy and access to strong encryption.
Balance of independent study and scheduled teaching activity
The module learning hours are divided between lectures, covering background, theory and examples and workshops, which involve discussion of the issues raised and the development of mathematical techniques. The remaining hours of private study will allow students to complete background reading, work on exercises and prepare for assessment.
This module aims to enable students to:
LO1 Show appreciation of the concepts, mechanisms and processes involved in securing information in enterprise information systems;
LO2 Demonstrate an understanding of the mathematics that underpins modern (symmetric and asymmetric) systems for cryptography;
LO3 Acquire in-depth knowledge and training to analyse, design and implement dependable security infrastructure for enterprise applications;
LO4 Develop skills (including for teamwork) necessary for the development of organisational and managerial policies for effective security administration;
LO5 Appreciate and analyse the ethical, practical and human dimensions of information security and cryptography and apply the legal frameworks covering privacy and data protection.
Coursework : Implementation of an encryption algorithm and evaluation of its applicability. The small group assignment involves a presentation of the implementation of an asymmetric algorithm and a report summarising its strengths and weaknesses
Written Exam: A 2 hour exam consisting of short answer questions covering major areas of the module
Cryptography and network security: principles and practice
Book by William Stallings 2016
A course in number theory and cryptography
Book by Neal Koblitz 1994