UNIT – I Introduction
PART-A
1. What are the key principles of security?
Key properties of security:
To protect the data during transmission across the networks
• Authentication
• Confidentiality
• Integrity
• Access control
2. Why network need security?
When systems are connected through the network, attacks are possible during transmission time.
3. Define Encryption
The process of converting from plaintext to cipher text. Encryption is the science of changing data so that it is unrecognisable and useless to an unauthorised person.
4. Specify the components of encryption algorithm.
1. Plaintext
2. Encryption algorithm
3. secret key
4. cipher text
5. Decryption algorithm
5. Define confidentiality and authentication
Confidentiality:
It means how to maintain the secrecy of message. It ensures that the information in a computer system and transmitted information are accessible only for reading by authorized person.
Authentication:
It helps to prove that the source entity only has involved the transaction.
6. Define cryptography.
It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography.
7. Specify the basic task for defining a security service.
A service that enhances the security of the data processing systems and the information transfer of an organization. The services are intended to counter security attack, and they make use of one or more security mechanism to provide the service.
8. Explain active and passive attack with example?
Passive attack:
Monitoring the message during transmission.
Eg: Interception
Active attack:
It involves the modification of data stream or creation of false data stream.
E.g.: Fabrication, Modification, and Interruption
9. Define integrity and nonrepudiation?
Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person who denies the transaction is true or
This service helps to prove that the person who denies the transaction is true or false.
10. Differentiate symmetric and asymmetric encryption?
Symmetric
It is a form of cryptosystem in which encryption and decryption performed using the same key.
Eg: DES, AES
Asymmetric
It is a form of cryptosystem in which encryption and decryption Performed using two keys.
Eg: RSA, ECC
11. Define cryptanalysis?
It is a process of attempting to discover the key or plaintext or both.
12. Define security mechanism
It is process that is designed to detect prevent, recover from a security attack.
Example: Encryption algorithm, Digital signature, Authentication protocols.
13. Differentiate unconditionally secured and computationally secured
An Encryption algorithm is unconditionally secured means, the condition is if the
cipher text generated by the encryption scheme doesn’t contain enough information to determine corresponding plaintext.
Encryption is computationally secured means,
1. The cost of breaking the cipher exceed the value of enough information.
2. Time required to break the cipher exceed the useful lifetime of information.
14. Define steganography
Hiding the message into some cover media. It conceals the existence of a message.
15. What are the essential ingredients of a symmetric cipher?
A symmetric cipher encryption has five ingredients. They are:
• Plaintext
• Encryption algorithm
• Secret key
• Cipher text
• Decryption algorithm
16. What are the two basic functions used in encryption algorithms?
The two basic functions used in encryption algorithms are
• Substitution
• Transposition
.
17. Compare Substitution and Transposition techniques.
SUBSTITUTION
*A substitution techniques is one in which the letters of plaintext are replaced by other letter or by number or symbols.
*Eg: Caeser cipher.
TRANSPOSITION
* It means,different kind of mapping is achieved by performing some sort of permutation on the plaintext letters.
*Eg: DES, AES.
18. Define Diffusion & confusion
Diffusion:
It means each plaintext digits affect the values of many ciphertext digits which is equivalent to each ciphertext digit is affected by many plaintext digits. It can be achieved by performing permutation on the data. It is the relationship between the plaintext and ciphertext.
Confusion:
It can be achieved by substitution algorithm. It is the relationship between ciphertext and key.
19. How many keys are required for two people to communicate via a cipher?
If both sender and receiver use the same key, the system is referred to as symmetric, single key, secret key, or conventional encryption. If the sender and receiver each use a different key, the system is referred to as asymmetric, two-key, or public-key encryption.
20. Define Decryption
Decryption is the reverse operation of encryption. The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password.
21. What are the essential ingredients of a symmetric cipher?
A symmetric cipher encryption has five ingredients. They are:
• Plaintext
• Encryption algorithm
• Secret key
• Cipher text
• Decryption algorithm
PART-B
1. Describe categories of Security Services in detail
2. Briefly explain the categories of Security mechanisms
3. List the categories of active security attack and explain any one active security attack
4. List the categories of passive security attack and explain any one passive security attack
5. Distinguish between active and passive security attacks and name possible active and passive security attacks
6. List and describe security goals
7. Write short notes on symmetric encryption.
8. Write short notes on asymmetric encryption.
9. Tabulate and explain the relationship between Security services and Mechanisms
10. Write short notes on Substitution & Transposition cipher
UNIT II Symmetric Ciphers
PART A
1. Differentiate symmetric and asymmetric encryption?
Symmetric It is a form of cryptosystem in which encryption and decryption performed using the same key.
E.g.: DES, AES
Asymmetric It is a form of cryptosystem in which encryption and decryption performed using two keys.
Eg: RSA, ECC
2. What is a transposition cipher?
Transposition cipher is a cipher, which is achieved by performing some sort of permutation on the plaintext letters.
3. Compare Substitution and Transposition techniques
SUBSTITUTION *A substitution techniques is one in which the letters of plaintext are replaced by other letter or by number or symbols.
*Eg: Caeser cipher.
TRANSPOSITION * It means, different kind of mapping is
achieved by performing some sort of permutation on the plaintext letters.
*Eg: DES, AES.
4. Define Diffusion & confusion.
Diffusion:It means each plaintext digits affect the values of many cipher text digits which is equivalent to each cipher text digit is affected by many plaintext digits. It can be achieved by performing permutation on the data. It is the relationship between the plaintext and cipher text.
Confusion:It can be achieved by substitution algorithm. It is the relationship between cipher text and key.
5. Why is it not practical to use an arbitrary reversible substitution cipher?
An arbitrary reversible cipher for a large block size is not practical, however, from an
implementation and performance point of view. Here the mapping itself is the key.
6. What is the difference between diffusion and confusion?
In diffusion, the statistical structure of the plain text is dissipated into long-range statistics of the cipher text. This is achieved by permutation.
In confusion, the relationship between the statistics of the cipher text and the value of the encryption key is made complex. It is achieved by substitution.
7. What are the two approaches to attacking a cipher?
The two approaches to attack a cipher are:
• Cryptanalysis
• Brute-force attack
8. Define the Caesar cipher
The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. For example:
Plain: meet me after the toga party
Cipher: PHHW PH DIWHU WKH WRJD SDUWB
9. Define the monoalphabetic cipher?
A monoalphabetic cipher maps from a plain alphabet to cipher alphabet. Here a single cipher alphabet is used per message.
10. Define the playfair cipher.
The best-known multiple-letter encryption cipher is the playfair, which treats diagrams in the plain text as single units and translates these units into cipher text diagrams. The Playfair algorithm is based on the use of a 5x5 matrix of letters constructed using a keyword. In the case of keyword monarchy, matrix is as follows:
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
11. What are the two problems with one-time pad?
• It makes the problem of making large quantities of random keys.
• It also makes the problem of key distribution and protection.
12. What are the design parameters of Feistel cipher network?
*Block size
*Key size
*Number of Rounds
*Sub key generation algorithm
*Round function
*Fast software Encryption/Decryption
*Ease of analysis
13. Define Product cipher.
It means two or more basic cipher are combined and it produce the resultant cipher is called the product cipher.
14. Explain Avalanche effect.
A desirable property of any encryption algorithm is that a small change in either the plaintext or the key produce a significant change in the ciphertext. In particular, a change in one bit of the plaintext or one bit of the key should produce a change in many bits of the ciphertext. If the change is small, this might provider a way to reduce the size of the plaintext or key space to be searched.
15. Give the five modes of operation of Block cipher.
1. Electronic Codebook(ECB)
2. Ciph er Block Chaining(CBC)
3. Cipher Feedback(CFB)
4. Output Feedback(OFB)
5. Counter(CTR)
16. State advantages of counter mode.
*Hardware Efficiency
*Software Efficiency
*Preprocessing
*Random Access
* Provable Security
*Simplicity.
17. Define Multiple Encryption.
It is a technique in which the encryption is used multiple times.
Eg: Double DES, Triple DES
18. Specify the design criteria of block cipher.
Number of rounds
Design of the function F
Key scheduling
19. Define Reversible mapping.
Each plain text is maps with the unique cipher text. This transformation is called reversible mapping.
20. Specify the basic task for defining a security service.
A service that enhances the security of the data processing systems and the information transfer of an organization. The services are intended to counter security attack, and they make use of one or more security mechanism to provide the service.
21. What is the difference between link and end to end encryption?
Link Encryption End to End Encryption
1. With link encryption, each vulnerable 1.With end to end encryption, the Communications link is equipped on encryption process is carried out at Both ends with an encryption device the two end systems
2. Message exposed in sending host 2.Message encrypted in sending and and in intermediate nodes intermediate nodes
3. Transparent to user 3.User applies encryption
4 .Host maintains encryption facility 4.Users must determine algorithm
5. One facility for all users 5.Users selects encryption scheme
6. Can be done in hardware 6.Software implementations
7. Provides host authentication 7.Provides user authentication
8. Requires one key per(host-intermediate) 8.Requires one key per user pair Pair and (intermediate-intermediate)pair
22. Why is the middle portion of 3DES a decryption rather than an encryption?
Decryption requires that the keys be applied in reverse order: P=Dk1[Ek1[P]] This results in a dramatic increase in cryptographic strength.The use of DES results in a mapping that is not equivalent to a single DES encryption.
23. What is the difference between the AES decryption algorithm and the equivalent inverse cipher?
In AES decryption, we use inverse shift rows inverse sub bytes, add round key, inverse mix columns. But in equivalent inverse cipher, we interchange inverse shift rows and inverse sub bytes.
24. What is traffic Padding? What is its purpose?
Traffic padding produces ciphertext output continuously, even in the absence of the plain text. A continuous random data stream is generated. When plain text is available, it is encrypted and transmitted. When input plaintext is not present, random data are encrypted and transmitted. This makes it impossible to for an attacker to distinguish between true dataflow and padding and therefore impossible to deduce the amount of traffic.
25. What was the original set of criteria used by NIST to evaluate candidate AES cipher?
The original set of criteria used by NIST to evaluate candidate AES cipher was:
• Security
• Actual Security
• Randomness
• Soundness
• Other security factors
• Cost
• Licensing Requirements
• Computational Efficiency
• Memory Requirements
• Algorithm And Implementation Characteristics
• Flexibility
• Hardware and software suitability
• Simplicity
26. What was the final set of criteria used by NIST to evaluate candidate AES ciphers?
The final set of criteria used by NIST to evaluate candidate AES ciphers was:
• General Security
• Software Implementations
• Restricted-Space Environments
• Hardware Implementations
• Attacks On Implementations
• Encryption vs. Decryption
• Key Agility
Other Versatility And Flexibility
• Potential for Instruction-Level Parallelism
27. What is power analysis?
Power analysis is the power consumed by the smart card at any particular time during the
cryptographic operation is related to the instruction being executed and to the data being processed.
28. What is the purpose of the State array?
A single 128-bit block is depicted as a square matrix of bytes. This block is copied into the State array, which is modified at each stage of encryption or decryption. After the final stage, State is copied to an output matrix.
29. How is the S-box constructed?
The S-box is constructed in the following fashion:
Initialize the S-box with the byte values in ascending sequence row by row. The first row contains {00}, {01}, {02}, ……….., {0F}; the second row contains {10},{11},etc; and so on. Thus, the value of the byte at row x, column y is {x y}. Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the value {00} is mapped to itself. Consider that each byte in the S-box consists of 8 bits labeled (b7,b6,b5,b4,b3,b2,b1,b0).Apply the following transformation to each bit of each byte in the S-box.
30. Define Sub Bytes.
Sub byte uses an S-box to perform a byte-by-byte substitution of the block. The left most
4 bits of the byte are used as row value and the rightmost 4 bits are used as a column
value. These row and column values serve as indexes into the S-box to select a unique 8-
bit value.
31. Define Shift Rows.
In shift row, a row shift moves an individual byte from one column to another, which is a linear distance of a multiple of 4 bytes. In Forward Shift Row, each row perform circular left shift. Second Row a 1-byte circular left shift is performed. Third Row a 2-byte circular left shift is performed. For the Fourth Row a 3-byte circular left shift is performed. In Inverse Shift Row, each row perform circular right shift.
32. How many bytes in State are affected by Shift Rows?
Totally 6-bytes in state are affected by Shift Rows.
33. Define Mix Columns.
Mix Column is substitution that makes use of arithmetic over GF(28).Mix Column operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in the column. The Mix Column Transformation combined with the shift row transformation ensures that after a few rounds, all output bits depend on all input bits.
34. Define Add Round Key.
In Add Round Key, the 128 bits of State are bit wise XORed with the 128 bits of the round key. The operation is viewed as a column wise operation between the 4 bytes of a State column and one word of the round key; it can also be viewed as a byte-level operation. The Add Round Key transformation is as simple as possible and affects every bit of State.
35. Define Key Expansion Algorithm.
The AES key expansion algorithm takes as input a 4-word(16-byte) key and produces a linear array of 44 words(156 bytes). This is sufficient to provide a 4-word round key for
the initial Add Round Key stage and each of the 10 rounds of the cipher.
.
36. What is the difference between Sub Bytes and Sub Word?
Sub Bytes: Sub Bytes uses an S-box to perform a byte-by-byte substitution of the block.
Sub Word: Sub Word performs a byte substitution on each byte of its input word,using the Sbox.
37. What is the difference between Shift Rows and Rot Word?
Shift Rows: Shift Row is simple permutation. It shifts the rows circularly left or right.
Rot Word:Rot word performs a one-byte circular left shift on a word. This means that an
input word [b0,b1,b2,b3] is transformed into [b1,b2,b3,b0].
38. Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?
Some block cipher modes of operation only use encryption because the input is set to some initialization vector and the leftmost bits of the output of the encryption function are XORed with the first segment of plain text p1 to produce the first unit of cipher text C1 and it is transmitted. While in decryption, the cipher text is XORed with the output of the encryption function to produce the plain text.
39. What is triple encryption?
Tuchman proposed a triple encryption method that uses only two keys [TUCH79].
The function follows an encrypt – decrypt – encrypt (EDE) sequence. C=Ek1[Dk2[Ek1[P]]] There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES: C=Ek1[Dk2[Ek1[P]]] = Ek1[P]
40. What is a meet-in-the-middle attack?
Meet-in-the-middle attack, was first described in [DIFF77]. It is based on the observation that, if we have C=Ek2[Ek1[P]] Then X=Ek1[P]=Dk2[C] Given a known pair, (P,C), the attack proceeds as follows. First, encrypt P for all 256 possible values of K1. Store these results in a table and then sort the table by the values of X. Next, decrypt C using all 256 possible values of K2. As each decryption is produced, check the result against the table for a match. If a match occurs, then test the two resulting keys against a new known plaintext-ciphertext pair. If the two keys produce the correct ciphertext, accept them as the correct keys.
41. How many keys are used in triple encryption?
Tuchman proposed a triple encryption method that uses only two keys
PART-B
1. Explain (a) Playfair cipher (b) Vernam cipher in detail.
2. 2. Convert “MEET ME” using Hill cipher with the key matrix Convert the cipher
text back to plaintext.
3. Explain simplified DES with example.
4. Write short notes on i) Steganography
5. Explain classical Encryption techniques in detail.
6. Write short notes on
(a) Security services
(b) Feistel cipher structure
7. Explain Data Encryption Standard (DES) in detail.
8. Briefly explain about DES design criteria?
9. Briefly describe about the Strength of DES?
10. Briefly explain Block Cipher modes of Operation
11. Briefly explain about AES design criteria?
12. Explain Triple DES with neat diagram
13. How AES is used for encryption/decryption? Discuss with example.
14. .List the evaluation criteria defined by NIST for AES
UNIT III ASYMMETRIC CIPHERS
1. Differentiate public key and conventional encryption?
Conventional Encryption Public key Encryption
1. Same algorithm with the same used for encryption and decryption
One algorithm is used for encryption Key is and decryption with a pair of keys
2. The sender and receiver must share and the key 2.The sender and receiver The algorithm must each have one of the Matched pair of keys
3. The key must be secret 3.One of two keys must be kept Secret
4. It must be impossible or atleast impractical decipher a message if no other information is available 4. It must be impossible or to at least impractical to decipher a message if no other information is available
5.Knowledge of the algorithm plus samples must insufficient to determine the key. 5. Knowledge of the algorithm of cipher text plus one of key plus samples of ciphertext must be insufficient to determine the other key.
2. What are the principle elements of a public key cryptosystem?
The principle elements of a cryptosystem are:
1.plain text
2.Encryption algorithm
3.Public and private key
4.Cipher text
5.Decryption algorithm
3. What are roles of public and private key?
The two keys used for public-key encryption are referred to as the public key and the private key. Invariably, the private key is kept secret and the public key is known publicly. Usually the public key is used for encryption purpose and the private key is used in the decryption side.
4. Specify the applications of the public key cryptosystem?
The applications of the public-key cryptosystem can classified as follows
1. Encryption/Decryption: The sender encrypts a message with the recipient’s public key.
2. Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to a message or to a small block of data that is a function of the message.
3. Key Exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.
5. What is the primitive root of a number?
We can define a primitive root of a number p as one whose powers generate all the integers from 1 to p-1. That is p, if a is a primitive root of the prime number p then the numbers.
6. . What is a one way function?
One way function is one that map the domain into a range such that every function value has a unique inverse with a condition that the calculation of the function is easy where as the calculations of the inverse is infeasible.
7. What is a trapdoor one way function?
It is function which is easy to calculate in one direction and infeasible to calculate in other direction in the other direction unless certain additional information is known. With the additional information the inverse can be calculated in polynomial time.
8. Describe in general terms an efficient procedure for picking a prime number?
The procedure for picking a prime number is as follows:
1. Pick an odd integer n at random (eg., using a pseudorandom number generator).
2. Pick an integer a<n at random.
3. Perform the probabilistic primality test, such as Miller-Rabin.
If n fails the test, reject the value n and go to step 1. 4. If n has passed a sufficient number of tests, accept n; otherwise , go to step 2.
9. Determine the gcd(24140,16762) using Euclid’s algorithm.
We know, gcd(a,b)=gcd(b,a mod b)
gcd(24140,16762)=gcd(16762,7378)
gcd(7378,2006)=gcd(2006,1360)
gcd(1360,646)=gcd(646,68)
gcd(68,34)=34
gcd(24140,16762) = 34.
10. Find gcd (1970, 1066) using Euclid’s algorithm?
gcd (1970,1066) = gcd(1066,1970 mod 1066) = gcd(1066,904) = 2
= 2
11. Perform encryption and decryption using RSA alg. For the following. P=7; q=11; e=17; M=8.
n=pq
n=7*11=77
ö(n)=(p-1) (q-1) =6*10 = 60
e=17
d =27
C= Me mod n
C = 817 mod 77 = 57
M = Cd mod n = 5727 mod 77 = 8
12. What common mathematical constants are used in RC5?
W :Word size in bits. RC5 encrypts 2-word blocks. 16,32,64
r: Number of rounds. 0,1,….,255 B Number of 8-bit bytes (octets) in the secret
key K. 0,1,….,255
13. What are the steps in key generation algorithm in RSA algorithm.
1. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits.
2. Compute n = pq and (φ) phi = (p-1)(q-1).
3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1.
4. Compute the secret exponent d, 1 < d < phi, such that ed ≡ 1 (mod phi). The public key is (n, e) and the private key is (n, d).
5. Keep all the values d, p, q and phi secret.
• n is known as the modulus.
• e is known as the public exponent or encryption exponent or just the exponent.
• d is known as the secret exponent or decryption exponent.
14. What are the steps involved in encryption process in RSA algorithm.
Obtains the recipient B's public key (n, e).
Represents the plaintext message as a positive integer m
Computes the ciphertext c = me mod n. Sends the ciphertext c to B.
15. What are the steps involved in decryption process in RSA algorithm
Uses his private key (n, d) to compute m = cd mod n.
Extracts the plaintext from the message representative m.
16. What are the steps involved in digital signing in RSA algorithm.
1. Creates a message digest of the information to be sent.
2. Represents this digest as an integer m between 0 and n-1.
3. Uses her private key (n, d) to compute the signature s = md mod n.
4. Sends this signature s to the recipient, B.
17. What are the steps involved in Signature verification in RSA algorithm.
1. Uses sender A's public key (n, e) to compute integer v = se mod n.
2. Extracts the message digest from this integer.
3. Independently computes the message digest of the information that has been signed.
4. If both message digests are identical, the signature is valid.
18. Perform encryption and decryption using RSA alg. For the following. P=7; q=11; e=17; M=8.
n=pq
n=7*11=77
ö(n)=(p-1) (q-1) =6*10 = 60
e=17
d =27
C= Me mod n
C = 817 mod 77 = 57
M = Cd mod n = 5727 mod 77 = 8
19. Define RC5.
RC5 is a block cipher notable for its simplicity. RC 5 is fast, symmetric block cipher suitable for hardware or software implementations.
20. What common mathematical constants are used in RC5?
W :Word size in bits. RC5 encrypts 2-word blocks. 16,32,64
r: Number of rounds. 0,1,….,255 B Number of 8-bit bytes (octets) in the secret
key K. 0,1,….,255
21. What primitive operations are used in RC5?
RC5 uses three primitive operations (and their inverse):
• Addition: Addition of words, denoted by +, is performed modulo 2w. The inverse
operation, denoted by -, is subtraction modulo 2w.
• Bitwise exclusive-OR: This operation is denoted by “Å”.
• Left cicular rotation: The cyclic rotation of word x left by y bits is denoted by x<<<y. The inverse is the right circular rotation of word x by y bits, denoted by x>>>y.
PART-B
1. Define Fermat theorem and explain its application.
2. Define Euler’s theorem and explain its application.
3. Define Chinese remainder theorem and explain its application.
4. Explain RSA algorithm in detail with an example.
5. Briefly explain the idea behind Elliptic Curve Cryptosystem.
6. Briefly explain Rabin cryptosystem.
7. Explain Elgamal cryptosystem.
8. Explain RC5 in detail.
9. Compare Elliptic Curve Cryptosystem, Rabin cryptosystem and Elgamal cryptosystem.
10. Explain primality testing algorithm?
UNIT IV MESSAGE INTEGRITY AND MESSAGE AUTHENTICATION
1. What is message authentication?
It is a procedure that verifies whether the received message comes from assigned source has not been altered. It uses message authentication codes, hash algorithms to authenticate the message.
2. Define the classes of message authentication function.
Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a fixed length value.
Hash function: Some function that map a message of any length to fixed length which serves as authentication.
3. Specify the requirements for message authentication.
• Disclosure.
• Traffic analysis.
• Masquerade.
• Content Modification.
• Sequence Modification.
• Timing modification.
• Repudiation.
4. What you meant by hash function?
Hash function accept a variable size message M as input and produces a fixed size hash code H(M) called as message digest as output. It is the variation on the message authentication code.
5. Differentiate MAC and Hash function?
MAC: In Message Authentication Code, the secret key shared by sender and receiver. The MAC is appended to the message at the source at a time which the message is assumed or known to be correct.
Hash Function: The hash value is appended to the message at the source at time when the message is assumed or known to be correct. The hash function itself not considered to be secret.
6. Any three hash algorithm.
MD5 (Message Digest version 5) algorithm.
SHA_1 (Secure Hash Algorithm).
RIPEMD_160 algorithm.
7. What are the requirements of the hash function?
H can be applied to a block of data of any size.
H produces a fixed length output.
H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.
8. What you meant by MAC?
MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed length value called as MAC. MAC = Ck(M)
Where M = variable length message
K = secret key shared by sender and receiver.
CK(M) = fixed length authenticator.
9. Differentiate internal and external error control.
Internal error control: In internal error control, an error detecting code also known as frame check sequence or checksum.
External error control: In external error control, error detecting codes are appended after encryption.
10. What is the meet in the middle attack?
This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function-quite literally meeting in the middle of the composed function.
11. What is the role of compression function in hash function?
The hash algorithm involves repeated use of a compression function f, that takes two inputs and produce a n-bit output. At the start of hashing the chaining variable has an initial value that is specified as part of the algorithm. The final value of the chaining variable is the hash value usually b>n; hence the term compression.
12. Distinguish between direct and arbitrated digital signature?
Direct digital signature
The direct digital signature involves only the communicating parties. This may be formed by encrypting the entire message with the sender’s private key.
Arbitrated Digital Signature
The arbiter plays a sensitive and crucial role in this digital signature. Every signed message from a sender x to a receiver y goes first to an arbiter A, who subjects the message and its signature to a number of tests to check its origin and content.
13. What are the properties a digital signature should have?
It must verify the author and the data and time of signature.
It must authenticate the contents at the time of signature.
It must be verifiable by third parties to resolve disputes.
14. What requirements should a digital signature scheme should satisfy?
The signature must be bit pattern that depends on the message being signed.
The signature must use some information unique to the sender, to prevent both forgery and denial.
It must be relatively easy to produce the digital signature.
It must be relatively easy to recognize and verify the digital signature.
It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message.
It must be practical to retain a copy of the digital signature in storage.
15. Define Kerberos.
Kerberos is an authentication service developed as part of project Athena at MIT. The problem that Kerberos address is, assume an open distributed environment in which users at work stations wish to access services on servers distributed throughout the network.
16. What is Kerberos? What are the uses?
Kerberos is an authentication service developed as a part of project Athena at MIT. Kerberos provide a centralized authentication server whose functions is to authenticate servers.
17. What 4 requirements were defined by Kerberos?
Secure
Reliable
Transparent
Scalable
18. In the content of Kerberos, what is realm?
A full service Kerberos environment consisting of a Kerberos server, a no. of clients, no. of application server requires the following:
The Kerberos server must have user ID and hashed password of all participating users in its database.
The Kerberos server must share a secret key with each server. Such an
environment is referred to as “Realm”.
19. What is the purpose of X.509 standard?
X.509 defines framework for authentication services by the X.500 directory to its users.X.509 defines authentication protocols based on public key certificates
20. What are the services provided by PGP services
Digital signature
Message encryption
Compression
E-mail compatibility
Segmentation
21. Why E-mail compatibility function in PGP needed?
Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this restriction PGP provides the service converting the row 8-bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is Radix-64 conversion.
22. Name any cryptographic keys used in PGP?
a) One-time session conventional keys.
b) Public keys.
c) Private keys.
d) Pass phrase based conventional keys.
23. Define key Identifier?
PGP assigns a key ID to each public key that is very high probability unique with a user ID. It is also required for the PGP digital signature. The key ID associated with each public key consists of its least significant 64bits.
24. Specify the techniques for distribution of public key.
• Public announcement.
• Publicly available directory.
• Public key authority.
• Public key certificate
25. Assume the client C wants to communicate server S using Kerberos procedure.
How can it be achieved?
a) C || AS: [IDC|| PC || IDV]
b) AS || C: Ticket
c) C || V: [IDC || ADC || IDV]
Ticket = EKV [IDC ||ADC || IDV]
26. Specify the four categories of security threats
• Interruption
• Interception
• Modification
• Fabrication
27. Define PGP
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route
28. Define Certification Authority
Certificate authority or Certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.
PART-B
1. Explain Authentication Functions.
2. Briefly Explain HMAC algorithm.
3. Describe RIPEMD-160.
4. Explain Hash Functions.
5. Explain Digital Signature Standard.
6. Briefly explain about MD5 algorithm?
7. Briefly describe about the Secure Hash Algorithm?
8. Explain authentication protocol
9. Explain the classification of authentication function in detail
10. Describe MD5 algorithm in detail. Compare its performance with SHA-1.
11. Describe SHA-1 algorithm in detail. Compare its performance with MD5 and
RIPEMD-160 and discuss its advantages.
12. Describe RIPEMD-160 algorithm in detail. Compare its performance with MD5 and SHA-1.
13. Describe HMAC algorithm in detail.
14. Write and explain the Digital Signature Algorithm.
15. Assume a client C wants to communicate with a server S using Kerberos protocol. How can it be achieved?
16. Define Kerberos Version 4.
17. Define Kerberos Version 5.
18. Explain briefly about X.509 Authentication Service.
19. Discuss about the concept of Electronic Mail Security.
20. Define S/MIME.
21. Discuss briefly about IP Security.
22. Explain with elaborate about the Web Security Considerations.
23. Explain briefly about the Secure Electronic Transaction.
24. Explain in detail about the IP Security Architecture
25. Explain in detail about the Authentication Header.
26. Discuss briefly about Pretty Good Privacy.
UNIT V ADVANCED NETWORK SECURITY
22. Define WAP
Wireless application protocol (WAP) is an application environment and a set of communication protocols for wireless devices designed to give manufacturer, vendor, and technology-independent access to the Internet and advanced telephony services.
23. Define WTLS
Wireless transport layer security (WTLS), an optional security layer, has encryption facilities that provide the secure transport service required by many applications, such as e-commerce.
WTLS is designed to support the security requirements of authentication, privacy, and integrity in the Wireless Application Protocol (WAP) defined by the WAP Forum.
24. Define GSM
Global System for Mobile Communications is voice technology widely used in Europe.
25. Define GPRS
General Packet Radio Service is an emerging wireless data service that offers a mobile data experience similar to current analog modems without wires and with access wherever GSM wireless is available
26. What are the key aspects to GSM Security?
Three key aspects to GSM Security
Subscriber identity authentication
Signaling data confidentiality
User data confidentiality
27. What are the services needed in GSM Security?
Authentication
Signaling and data confidentiality
Voice and data security
28. What are technologies used in java cryptography?
The technologies used in java cryptography are
Java Cryptography Architecture (JCA)
Java Cryptography Extension (JCE)
29. What are TCP/IP VULNERABILITIES?
Spoofing
Session hijacking
Sequence guessing
Lack of authentication and encryption
SYN flooding
30. What are security services in UNIX?
Access Control
User Authentication
31. What are the security features in Windows 2000?
Secure login with anti spoofing measures
Discretionary access controls
Privileged access controls
Address space protection
New page zeroing
Security auditing
32. Define firewall
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks.
33. What are the types of firewall?
Packet filters
Application Gateway
34. Define Packet filters
A Packet filter applies a set of rules to each packet and based on outcome, decides to either forward or discard the packet. Also called as Screening router or screening filter.
35. What are the techniques used in security of Packet filter?
IP address Spoofing
Source routing attacks
Tiny fragment attacks
36. Define Application Gateways
An Application gateways acts like a proxy and decides about the flow of application level traffic. Also called as a proxy server.
37. What are the Firewall configurations?
Screened host firewall, Single-homed bastion
Screened host firewall, Dual-homed bastion
Screened subnet firewall
38. What are the limitations of Firewall?
Insider’s intrusion
Direct Internet traffic
Virus attacks
39. Define VPN
Virtual Private Networks is a mechanism of employing encryption, authentication and integrity protection so that we can use a public network as if it is a private network.
40. What are the three main VPN protocols?
Point to point tunneling protocol
Layer 2 Tunneling protocol
IPSec
41. What is Single Sign On (SSO)?
SSO provides a single authentication interface to end users. Based on two broad level approaches.
Script approach
Agent approach
PART-B
11. Explain Wireless Application Protocol Security.
12. Explain security in GSM in detail.
13. Explain security in 3G in detail.
14. Explain security in java in detail.
15. Explain security in Operating System in detail.
16. Define firewall and explain its types.
17. Explain firewall configuration.
18. Define Virtual private network and explain its protocols.
19. Explain case studies on SSO.
20. Explain case studies on DOS.
21. Explain case studies on CSSV.
No comments:
Post a Comment