TEQIP - II Sponsered Faculty Development Program On Advances in Information Security
18th - 22nd January, 2016
A Five Days Faculty Development Program sponsored by TEQIP - II on Advances in Information Security was organized by Delhi Technological University from 18th - 22nd January , 2016. Faculty members from various colleges and universities participated in the program. Mr. Manoj Kumar Yadav, Department of Computer Science & Engineering fromDronacharya Group of Institutions, Greater Noida participated in the programme.
The objective of the FDP was to enhance knowledge and skill of the participants to secure the Digital Information from various Security Attacks and awarenes of Mobile Device forensic in an effective way.
The conference inaugurated with the welcome of Chief Guest was Dr. Gautam Bose, Former Deputy Director General, NIC, Delhi. The other Dignitaries of the FDP were Dr. S. K. Garg Vice Chancler, DTU Delhi, Dr. O.P. Verma HOD of Computer Science of Engineering from DTU Delhi, Prof. Manoj Kumar from DTU, Delhi, Dr. S. Indu from departmrnt of ECE DTU,Delhi.
18 - 01 - 2016
The first day of the FDP started with Mr. Rahul Johri, Assistant Professor at School of Information Technology, G.G.S. Indraprastha University, Delhi. He began with technical session on various security attacks, symmetric and asymmetric crptography, hackers and crackers, script Kiddie, Hactivist. He said that there are two basic techniques for encrypting information: symmetric encryption and asymmetric encryption. Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key. He further discussed that asymmetric encryption, is in which there are two related keys - a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.
He concluded his session by discussing Hactivist. He explained the concept. A hacktivist uses the same tools and techniques as a hacker, but does so in order to disrupt services and bring attention to a political or social cause. HE cited example that one might leave a highly visible message on the home page of a Web site that gets a lot of traffic or which embodies a point - of - view that is being opposed. Or one might launch a denial - of - service attack to disrupt traffic to a particular site.
The next session was delivered by Mr. Jaspal Sharma & Mr. Sadanand Sahoo from Radware India Pvt Ltd. Delhi on Distributed Denial Of Service, Web Application and importance of Firewall in security.
Mr.Sharma started his session by explaining about Distributed Denial of Service. He said that a distributed denial - of - service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
Mr. Sahoo next explained Firewall. He said firewall is a software or hardware device that protects computer from being attacked over the internet by hackers, viruses, and worms. This may occur either at a large corporate network, or simply at a small home network; both have the same security issues. Having a firewall in each companyâ€™s internet connection allows the business to setup online rules for the users. He further explained the different ways of how a firewall controls the online activities:
1. Packet filtering : small amount of data is analyzed and distributed according to the filter's standards.
2. Proxy service : online Information is saved by the firewall and then sent to the requesting system.
3. Stateful inspection : matches specific details of a data packet to a database of reliable information.
Firewalls allow to either add or remove filters based on certain circumstances such as :
1. IP addresses : If a certain IP address, not belonging to the company's network is accessing too many files from the server, this IP can get blocked by the firewall.
2. Domain names : with the firewall, a company is able to block or allow access to certain domains.
3. Specific words and phrases : The firewall will scan each packet of information to match the filter content. You may select any word or sentence to be blocked.
19 - 01 - 2016
Mr. Yogesh Chandra ISSA, DRDO delivered his lecture on Design of Cyber Warfare Testbed. He explained the concept of Cyber Warfare. He defined Cyber warfare as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruptionâ€.
Mr. Pallav Kumar Mishra, ISISA, DRDO explained about Attack Graphs for defending Cyber Assets. He explained that Attack graphs have been used to model the exposures of the systems and their potential exploits. The successful exploits leading to the partial / total failure of the systems are subject of keen security interest. He added that Attack graph toolkit generates scenario graphs from a network attack model and a security property.
Mr. Rohit Srivastava and Mr. Devendra Singh, Sr. Infosec Consultant AKS ITS. Noida delivered the next session onmobile device forensics. The duo stated that Mobile devices are an evolving form of computing, used widely for personal and organizational purposes. Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. He said that Mobile device forensics is best known for its application to law enforcement investigations, but it is also useful for military intelligence, corporate investigations, private investigations, criminal and civil defense, and electronic discovery.
20 - 01 - 2016
Dr. D. Chang, Assistant Professor, IIITD delivered his lecture on Authentication. He said that authentication means the process of identifying an individual, message, file, and other data. The two major roles for authentication are:
1. confirming that the user is who he or she claims to be
2. identifying that the message is authentic and not altered or forged.
He further stated that the term authentication should not be confused with a closely related term, authorization, which means determining what a user is allowed to do or see. In recent years, a number of products have been developed to assist in the authentication process, including biometrics (assessing users' signatures, facial features, and other biological identifiers); smart cards (having microprocessor chips that run cryptographic algorithms and store a private key); digital certificates containing public or private keys; and SecureID, a commercialized product using a key and the current time to generate a random numbers stream that is verifiable by a server - thus ensuring that a potential user puts in the number on the card within a set amount of time.
Mr. Bappa Mandal, Samsung Electronic India Ltd., Noida delivered his lecture on Mobile Security. He said that Mobile security has become increasingly important in mobile computing. Mainly the security of personal and business information. Smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. There are attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users.
The last session of the day carried out by Mr. Chhavi Deo Shukla, Samsung Electronics India Ltd., Noida on the issues in Wireless Security. The speaker said that various wireless security protocols were developed to protect home wireless networks. These wireless security protocols include WEP, WPA, and WPA2. He added that Wireless networks are inherently insecure.
Following are descriptions of the WEP, WPA, and WPA2 wireless security protocols :
1. Wired Equivalent Privacy (WEP) : The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well - known security flaws, is difficult to configure, and is easily broken.
2. Wi - Fi Protected Access (WPA) : Introduced as an interim security enhancement over WEP while the 802.11i wirelesssecurity standard was being developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP, pronounced tee - kip) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.
3. Wi - Fi Protected Access version 2 (WPA2) : Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption.
21 - 01 - 2016
Ms. Kokila Gupta, IGDTUW delivered her lecture on Cyber Laws and Social Media by taking real case studies. She said that Cyber law (is a term used to describe the legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet. Cyber law is an attempt to integrate the challenges presented by human activity on the Internet with legacy system of laws applicable to the physical world. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.
Dr. Daya Gupta, Professor, Delhi Technical University conducted the session on Engineering Security in System Development. The speaker discussed that many software organizations today are confronted with challenge of building secure software systems. Software systems have a wide reach, security so there is an imperative necessity to incorporative security into software engineering. Incorporating security into software engineering necessitates modification of existing software engineering principles, as these have to be tailored to take into account the security aspect. All phases of software engineering are likely to be impacted.
22 - 01 - 2016
The last day's session was conducted by Dr. Puneet Goyal, and AV Subramanyam, IIIT Delhi. The topic of the lecture was "Image Manipulation Detection and Camera Identification". The duo explained the Techniques and methodologies for validating the authenticity of digital images and testing. There are three categories of forensic features and discuss the design of classifiers between treated and original images. The performance of classifiers with respect to selected controlled manipulations as well as to uncontrolled manipulations is analyzed. The tools for image manipulation detection are treated under feature fusion and decision fusion scenarios.
The FDP was highly informative and quite beneficial as it created awareness of the benefits of Information Security and Cyber Laws integrated into instruction for effective pedagogical practice in awareness of Cyber Crimes. The program ended with Valedictory Ceremony and distributions of certificates.