Jit QP

REGULATION :2017 ACADEMIC YEAR : 2022-2023
CS8792 CRYPTOGRAPHY AND NETWORK SECURITY LTPC3003
OBJECTIVES:
 To understand Cryptography Theories, Algorithms and Systems.
 To understand necessary Approaches and Techniques to build protectionmechanisms

in order to secure computer networks.
UNIT I INTRODUCTION 9
Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at
Multiple levels, Security Policies - Model of network security – Security attacks, services and
mechanisms – OSI security architecture – Classical encryption techniques: substitution
techniques, transposition techniques, steganography).- Foundations of modern cryptography:
perfect security – information theory – product cryptosystem – cryptanalysis.
UNIT II SYMMETRIC CRYPTOGRAPHY 9

MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY: Algebraic structures -
Modular arithmetic-Euclid‟s algorithm- Congruence and matrices - Groups, Rings, Fields-
Finite fields- SYMMETRIC KEY CIPHERS: SDES – Block cipher Principles of DES –
Strength of DES – Differential and linear cryptanalysis - Block cipher design principles –
Block cipher mode of operation – Evaluation criteria for AES – Advanced Encryption
Standard - RC4 – Key distribution.
UNIT III PUBLIC KEY CRYPTOGRAPHY 9

MATHEMATICS OF ASYMMETRIC KEY CRYPTOGRAPHY: Primes – Primality Testing
– Factorization – Euler‘s totient function, Fermat‘s and Euler‘s Theorem - Chinese Remainder
Theorem – Exponentiation and logarithm - ASYMMETRIC KEY CIPHERS: RSA
cryptosystem – Key distribution – Key management – Diffie Hellman key exchange - ElGamal
cryptosystem – Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY 9

Authentication requirement – Authentication function – MAC – Hash function – Security of
hash function and MAC – SHA –Digital signature and authentication protocols – DSS- Entity
Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication
applications - Kerberos, X.509
UNIT V SECURITY PRACTICE AND SYSTEM SECURITY 9

Electronic Mail security – PGP, S/MIME – IP security – Web Security - SYSTEM
SECURITY: Intruders – Malicious software – viruses – Firewalls.
TOTAL 45 PERIODS
JIT-2106/CSE /Mr. A. SATHEESH /IV Year /SEM 07/CS8792/CRYPTOGRAPHY & NETWORK SECURITY/UNIT 1- 5/ QB+Keys
OUTCOMES:
At the end of the course, the student should be able to:
 Understand the fundamentals of networks security, security architecture, threats and

vulnerabilities
 Apply the different cryptographic operations of symmetric cryptographic algorithms
 Apply the different cryptographic operations of public key cryptography
 Apply the various Authentication schemes to simulate different applications.
 Understand various Security practices and System security standards
TEXT BOOK:
1. William Stallings, Cryptography and Network Security: Principles and Practice, PHI
3rd Edition, 2006.
REFERENCES:
1. C K Shyamala, N Harini and Dr. T R Padmanabhan: Cryptography and Network
Security, Wiley India Pvt.Ltd
2. BehrouzA.Foruzan, Cryptography and Network Security, Tata McGraw Hill 2007.
3. Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: PRIVATE
Communication in a PUBLIC World, Prentice Hall, ISBN 0-13-046019-2
Subject Code: CS8792 Year/Semester: IV/07

Subject Name: Cryptography & Network Subject Handler: Mr.A.SATHEESH
Security
UNIT I - INTRODUCTION
Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at Multiple levels,
Security Policies - Model of network security – Security attacks, services and mechanisms – OSI security
architecture – Classical encryption techniques: substitution techniques, transposition techniques,
steganography).- Foundations of modern cryptography: perfect security – information theory – product
cryptosystem – cryptanalysis.
PART* A
Q.N O QUESTIONS
1. Specify the four categories of security threats. BTL3
 Interruption
 Interception
 Modification
 Fabrication
2.
Define active and passive attack with example.BTL1
Passive attack:
 Monitoring the message during transmission.
 Difficult to detect
 Does not affect syatem
Eg: Interception
Active attack:
 It involves the modification of data stream or creation of false data stream
 Easy to detect
 Easily affects system
E.g.: Fabrication, Modification, and Interruption
3. Define integrity and non-repudiation.BTL1
Integrity: Service that ensures that only authorized person able to modify the message
Non repudiation: This service helps to prove that the person who denies the transaction is true or
false.
Differentiate symmetric and asymmetric encryption.BTL3

4.
Symmetric Asymmetric
It is a form of cryptosystem
in which encryption and It is a form of cryptosystem in
decryption performed using which encryption and
the same key. decryption performed using
Eg : DES,AES two keys. Eg : RDA, ECC
Define cryptanalysis. BTL1
5.
Cryptanalysis is a process of attempting to discover the key or plaintext or both.
6.
Define security mechanism. BTL1
It is process that is designed to detect prevent, recover from a security attack.
Example: Encryption algorithm, Digital signature, Authentication protocols
7. Define steganography. BTL1
Hide in plain sight .Hiding the message into some cover media. It conceals the existence of a
message
8. Why network needs security? BTL2
When systems are connected through the network, attacks are possible during transmission time.
9.
Define confidentiality and authentication.BTL1
Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in
a computer system and transmitted information are accessible only for reading by authorized person.
Authentication: It helps to prove that the source entity only has involved the transaction.
10. Define cryptography.BTL1
It is a science of writing Secret code using mathematical techniques. The many schemes used for
enciphering constitute the area of study known as cryptography.
11. Compare Substitution and Transposition techniques. BTL2
SUBSTITUTION TRANSPOSITION
A substitution technique is one It means, different kind of
in which the letters of plaintext mapping is achieved by
are replaced by other letter or performing some sort of
by number or symbols permutation on the plaintext
letters.
Eg: Caeser cipher Eg: DES, AES
12.
Define Diffusion & Confusion. BTL1
Diffusion
It means each plaintext digits affect the values of many ciphertext digits which is equivalent to each
ciphertext digit is affected by many plaintext digits. It can be achieved by performing permutation on
the data. It is the relationship between the plaintext and ciphertext
Confusion:
It can be achieved by substitution algorithm. It is the relationship between cipher text and key
13 Define Multiple Encryption. BTL2

It is a technique in which the encryption is used multiple times. Eg: Double DES, Triple DES
14 Specify the design criteria of block cipher. BTL3
Number of rounds
Design of the function F
Key scheduling
15
Define Reversible mapping. BTL1
Each plain text is maps with the unique cipher text. This transformation is called reversible mapping
16
Specify the basic task for defining a security serviceBTL3
A service that enhances the security of the data processing systems and the information transfer of an
organization. The services are intended to counter security attack, and they make use of one or more
security mechanism to provide the service
17 Define network security. BTL1
This area covers the use of cryptographic algorithms in network protocols and network applications.
18 Define computer security. BTL1

This term refers to the security of computers against intruders and malicious software.
19 What are hill cipher merits and demerits? BTL1

Completely hides single letter and 2 letter frequency information.
20. List-out the types of attack in ceaser cipher. BTL2

Brute force attack.
Just try all the 25 possible keys
21 Define integrity and nonrepudiation? BTL1
Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person who denies the transaction is true or false.
22 Write short notes Congruence. BTL3

Let a,b,n be integers with n≠0. We say that a ≡ b(mod n)
If a-b is a multiple of n.
What is Key? BTL1

23 A sequence of symbols that controls the operation of a cryptographic transformation. A key is normally
a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa.
The key should be the only part of the algorithm that it is necessary to keep secret.
24 What is Plain text &Ciphertext? BTL1
Plaintext:An original message is known as the plaintext(Readable format)

Ciphertext:coded message is called the Cipher Text.(Unreadable format)
25 List the different Types of Ciphers. BTL2
 Shift Ciphers.
 Affine Ciphers
 Vigenere Cipher
 Substitution Ciphers
 Sherlock Holmes
 Playfair and ADFGX Ciphers
 Block ciphers
 One-Time pads
PART *B
1. i) Explain about symmetric cipher models (May/June 2012) (13M) BTL 4

Answer:Pageno.:57 to 59 in William Stallings
 Symmetric cipher model (2M)

A symmetric key cipher (also called a secret-key cipher, or a one-key cipher, or a
private-key cipher, or a shared-key cipher) Shared_secretis one that uses the same
(necessarily secret) key to encrypt messages as it does to decrypt messages.
 Plain text (1M)
Original message or data
 Encryption Algorithm (2M)
Various substitutions and transformations
 Decryption Algorithm (2M)
Produces plaintext
 Cipher Text (1M)
Scrambled Message
 Principles of Security (2M)
 Diagram (3M)
2. Explain the various substitution techniques. (AU Nov/Dec 2011) (13M) BTL4
 Ceaser cipher : replacing each letter ofthe alphabet with the letter standing three places
further down the alphabet (1M)
 Formula :(1M)
C  E(3, p)  ( p  3) mod 26
 Example:(1M)
 Mono alphabetic Cipher: permutation of the 26 alphabetic characters (1M))

 Example:(1M)
 Hill Fair cipher:polygraphic substitution cipher based on linear algebra (1M)
 Formula:(1M)
C  E(K, P)  PK mod 26
P  D(K, C)  CK 1 mod 26  PKK 1  P
 Example:(1M)
 Play Fair cipher: treats digrams in the plaintext as single units and translates these units into
ciphertext
 Example:(1M)
 Poly alphabetic cipher : technique is to use different monoalphabetic substitutions asone
proceeds through the plaintext message (2M)
 One time pad (2M): Each new message requires a new key of the same length as thenew
message
3
Describe about transposition techniques.(10M) BTL2
 Rail fence technique: the plaintext is written down as a sequence of diagonals and then read
off as a sequence of rows (1M)
 Example: (2M)
 Coloumnar technique:It is a transposition cipher that follows a simple rule for mixing up the
characters in the plaintext to form the ciphertext. (1M)
 Example: (2M)
 Rotor machines: principle of multiple stages of encryption was a class of systems knownas
rotor machines. (2M)
 Stegnography: conceal the existence of the message (2M)
4 Explain Security Services.(10M)BTL4

 Authentication: assuring that a communication is authentic (2M)

 Access Control : the ability to limit and control the access to host systems and applications
via communications links. (2M)
 Data Confidentiality : protection of transmitted data from passive attacks (2M)
 Data Integrity:protecting information from being modified by unauthorized parties (2M)
 NonRepudation: prevents either sender or receiver from denying a transmitted message. (2M)
5 Explain various Security Mechanisms.(8M) BTL4

 Pervasive Security Mechanisms: Mechanisms that are not specific to any particular OSIsecurity
service or protocol layer. (2M)
(i) Trusted Functionality : perceived to be correct with respect to some criteria (1/2 M)
(ii) Security Label: marking bound to a resource(1/2 M)
(iii) Event Detection: Detection of security-relevant events. (1/2 M)
(iv) Security Audit Trail: facilitate a security audit(1/2 M)
 Specific Security Mechanism : incorporated into the appropriate protocol (2M)

(i) Encipherment : mathematical algorithms to transform data into a form that is not
readily intelligible (1/2 M)
(v) Digital Signature: allows a recipient of the data unit to prove the source and integrity
of the data unit and protect against forgery (1/2 M)
(vi) Access Control : enforce access rights to resources. (1/2 M)
(vii) Data Integrity : assure the integrity of a data unit or stream of data units. (1/2 M)
6 Explain various Security Attacks.(13M) BTL4

 Passive Attack:nature of eavesdropping on, or monitoring of, transmissions (1M)

(i) Release of Message Contents(1/2 M)
(ii) Traffic Analysis(1/2 M)
(iii) Diagram(2M)
 Active Attack :involve some modification of the data stream or the creation of a false stream
(i) Masquerade:when one entity pretends to be a different entity (1/2M)
(ii) Replay:involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect (1/2M)
(iii) Modification of message:some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect (1/2M)
(iv) Denial of service:prevents or inhibits the normal use or management of
communications facilities (1/2M)
Diagram: (2M)
 Man in Middle Attack :attack where the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with each
other. (2M)
Diagram(1M)
PART* C
1. Encrypt the following using play fair cipher using the keyword MONARCHY
“SWARAJ IS MY BIRTH RIGHT”. Use X for blank spaces.(15M) BTL 6
 Rules:(6M)
(i) If both the letters are in the same column, take the letter below each one (going back to the
top if at the bottom)
(ii) First, a plaintext message is split into pairs of two letters (digraphs)
(iii)If both the letters are in the same column, take the letter below each one
(iv)If both letters are in the same row, take the letter to the right of each one
(v) If neither of the preceding two rules are true, form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle
 Solution:(9M)
2. Apply Caesar cipher and k=5 decrypt the given Cipher text
“YMJTYMJWXNIJTKXNQJSHJ”. (15M)BTL5
 Defintion:(3M)
It is a type of substitution cipher where each letter in the original message (which in
cryptography is called the plaintext) is replaced with a letter corresponding to a certain number
of letters shifted up or down in the alphabet.
 Formula:(2M)
C = E(3, p) = (p + 3) mod 26(2)
 Solution(10M)
3. Encrypt the message “PAY” using hill cipher with the following key matrix
and show the decryption to formulate original plain text. (15M)BTL6
17 17 5
K= 21 18 21
2 2 19
|
 Encryption:(5M)
turn our keyword into a key matrix
plaintext into digraphs
into a column vector
perform matrix multiplication modulo the length of the alphabet (i.e. 26) on each vector
converted back into letters to produce the ciphertext.
 Decryption:(3M)
must find the inverse matrix
 Example:(7M)
4. Assess the following cipher Text using brute force attack. (15M) BTL6
CMTMROOEOORW (Hint: Algorithm-Rail fence)
Defintion:(3M)
The simplest such cipher is the rail fence technique, in which the plaintext is
written down as a sequence of diagonals and then read off as a sequence of rows
Encryption:(6M)
Decryption:(6M)
5. Explain Security Attacks.(15M) BTL4

 Security Attacks (3M)

 Passive attacks (3M)
 Active attacks (3M)

 Network security model (3M)
 Diagrams (3M)
6. Explain Network Security Services. (15M) BTL4

 Authentication (3M)
 Access control (3M)

 Data confidentiality (3M)
 Data integrity (2M)
 Non repudiation (2M)
 Availability services (2M)
UNIT 2- SYMMETRIC CRYPTOGRAPHY
MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY: Algebraic structures - Modular

arithmetic-Euclid’s algorithm- Congruence and matrices - Groups, Rings, Fields- Finite fields-
SYMMETRIC KEY CIPHERS: SDES – Block cipher Principles of DES – Strength of DES – Differential
and linear cryptanalysis - Block cipher design principles – Block cipher mode of operation – Evaluation
criteria for AES – Advanced Encryption Standard - RC4 – Key distribution.
PART* A
1 Compare stream cipher with block cipher with example.BTL1
Stream cipher: Processes the input stream continuously and producing one element at a time.
Example: caeser cipher.
Block cipher: Processes the input one block of elements at a time producing an output block for each
input block.
Example: DES
2 Differentiate unconditionally secured and computationally secured .BTL1
An Encryption algorithm is unconditionally secured means; the condition is if the cipher text generated
by the encryption scheme doesn’t contain enough information to determine corresponding plaintext.
Encryption is computationally secured means,
 The cost of breaking the cipher exceeds the value of enough information.
 Time required to break the cipher exceed the useful lifetime of information.
3 What are the design parameters of Feistel cipher network? BTL1

 Block size
 Key size
 Number of rounds
 Sub key generation algorithm
 Round function
 Fast software encryption / decryption
 Ease of analysis
4 Define Product cipher. BTL1

Product Cipher means two or more basic cipher are combined together and produces the resultant
cipher which is called the ‘product cipher’.
5 Explain Avalanche effect. BTL1
A desirable property of any encryption algorithm is that a small change in either the plaintext or the
key produce a significant change in the ciphertext
6 Define Diffusion & Confusion. BTL1
Diffusion:
 In diffusion, the statistical structure of the plaintext is dissipated into long-range statistics of
the ciphertext.
 This is achieved by having each plaintext digit affect the value of manyciphertext digits;
generally, this is equivalent to having each ciphertext digit beaffected by many plaintext digits
Confusion:
It can be achieved by substitution algorithm. It is the relationship between cipher text and key.
7 Give the five modes of operation of Block cipher. BTL2
 Electronic Codebook(ECB)
 Cipher Block Chaining(CBC)
 Cipher Feedback(CFB)
 Output Feedback(OFB)
 Counter(CTR)
State advantages of counter mode. BTL2
8  Hardware efficiency
 Software efficiency
 Preprocessing
 Random access
 Provable security
 Simplicity
9 Define Multiple Encryption BTL2
Multiple Encryption is a technique in which the encryption is used multiple times. Eg: Double DES,
Triple DES
10 Specify the design criteria of block cipher. BTL4
 Number of rounds
 Design of the function F
 Key scheduling
11 Define Reversible mapping. BTL5

Each plain text is maps with the unique cipher text. This transformation is called reversible mapping
12 Specify the basic task for defining a security service. BTL6

A service that enhances the security of the data processing systems and the information transfer of
an organization. The services are intended to counter security attack, and they make use of one or
more security mechanism to provide the service.
13 What is the difference between link and end to end encryption? BTL2
Link
Encryption End to End Encryption
 With link encryption,
each vulnerable
communication link is
equipped on both ends
with an encryption  With end to end ncryption, encryption process is
device carried out at the two end systems
 Message exposed in
sending host and in  Message encrypted in sending and intermediate
intermediate nodes nodes
 Transperant to user  User applies encryption
 Host maintains
encryption facility  Users must determine algorithm
 One facility for all
users  Users selects encryption scheme
14 What is traffic Padding? What is its purpose? BTL2
Traffic padding produces ciphertext output continuously, the purpose of padding is that even in the
absence of the plain text, a continuous random data stream is generated.
15 List the evaluation criteria defined by NIST for AES? BTL5

The evaluation criteria for AES is as follows:
 Security
 Cost
 Algorithm and implementation characteristics
16
What is Triple Encryption? How many keys are used in triple encryption? BTL4
Triple Encryption is a technique in which encryption algorithm is performed three times using three
keys.
17 List the schemes for the distribution of public keys. BTL3
 Public announcement
 Publicly available directory
 Public key authority
 Public key certificates
18 Drawback of 3-DES. BTL3

 Algorithm is sluggish in software
 The number of rounds in thrice as that of DES
 3DES uses 64 bit block size
 To have higher efficiency and security a larger block size is needed.
19 List out an evaluation criteria for round 2. BTL1

 General security
 Software implementation
 Hardware implementation
 Attacks
 Encryption Vs Decryption
 Key ability-Ability to change keys quickly with minimum of resources.
20 Define RC4. BTL2
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. RC4 is used in the SSL/TLS
(Secure Sockets Layer/Transport Layer Security) standards that have been defined for communication
between Web browsers and servers. It is also used in the WEP (Wired Equivalent Privacy) protocol
and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN
standard.
PART * B
Explain Block cipher design principles and modes of operation. (Apr/May2014)
(13M) BTL4
 DES Design criteria (2M)

 Criteria for permutation(2M)
 Number of rounds(2M)
 S-Box design Diagram(2M)
 Key schedule algorithm(2M)

 Electronic code book(2M)
 Cipher block chaining(1M)
2 Explain about Advance Encryption Standard. (13M) BTL4

Answer:Page no.:174 to 176 in William Stallings
 Evaluation criteria for AES (2M)
 Security(1M)
 Cost(1M)
 Implementation(1M)
 AES cipher(2M)
 AES Encryption and decryption(2M)
JIT-2106/CSE/Mr.A.SATHEESH/IV Yr/SEM 07/CS8792/CRYPTOGRAPHY & NETWORK SECURITY/UNIT 1- 5/QB+Keys

 Inverse substitution bytes(1M)

 Mix column(1M)
 Key expansion in AES 192 and AES 256 (2M)
3 Explain Triple DES. (13M)BTL4

 Triple DES with 2 keys(3M)
 Diagram with formulas(4M)
C  E( K 1 , D( K 2 , E( K 1 , P)))
P  D( K 1 , E( K 2 , D( K 1 , C)))
 Triple DES with 3 keys(4M)
 Diagram with operation formulas(2M)
C  E( K 3 , D( K 2 , E( K 1, P)))
4 Explain about RC4 algorithm. (13M) BTL4 (May/June/2012)

Answer:Page no.PPT given covering all topics

 Explain RC4 algorithm (2M)

 Parameters (2M)
 Primitive operators(1M)
 Characteristics(1M)
 Key expansion(2M)
 Encryption(1M)
 Decryption(1M)
 RC4 modes (3M)
5 Explain public key algorithm. (13M) BTL4

 Public key algorithm(2M)
 Characteristics of public key cryptography(2M)
 Six ingredients(3M)
 Decryption algorithm diagram(2M)
 Steps to create public key(2M)
 Diagrammatical representation(2M)
6 Explain about finite fields.(13M) BTL4

 Groups, Rings, Fields (2M)

A group G, sometimes denoted by {G, ~}, is a set of elements with a binary
operation
denoted by ~ that associates to each ordered pair (a, b) of elements in G an element
(a ~ b) in G
Properties(1/2M)
 Rings:Aring R, sometimes denoted by {R, +, *}, is a set of elements with two binary
operations, called addition and multiplication,6 such that for all a, b, c in R the
following
axioms are obeyed.(1/2M)
 Fields(1/2M)
A field F, sometimes denoted by {F, +, *}, is a set of elements with two binary
operations,
called addition and multiplication, such that for all a, b, c in F the following
axioms are obeyed.(1/2M)
 Modular Arithmetic :(2M)
If a is an integer and n is a positive integer, we define a mod n to be the remainder
whena is divided by n. The integer n is called the modulus.
Formula(1M)

a  qn  r 0  r  n; q  [a / n]
a  [a / n] n  (a mod n)
11mod 7 4;  11mod 7  3
 Euclidean algorithm :(2M)

One of the basic techniques of number theory is the Euclidean algorithm, which
is a simple procedure for determining the greatest common divisor of two positive
integers.
Formula(1M)
gcd(a, b)  gcd(b, a mod b)
gcd(55,22)  gcd(22,55 mod 22)  gcd(22,11) 11
 Finite fields of form GF(P) :(2M)
For a given prime, p, we define the finite field of order p, GF(p), as the set Zpof
integers {0, 1, c, p - 1} together with the arithmetic operations modulo p.
 Polynomial arithmetic :(1M)
Polynomial arithmetic in which the arithmetic on the coefficients is performed
modulop; that is, the coefficients are in GF(p).
PART * C
1 Explain block cipher principles and modes of operation. (15M) BTL4
 DES design (3M)
 CBC mode (3M)
 AES (3M)
 Triple DES (3M)
 RC 5 Algorithm(3M)
2 Explain Public Key cryptography. (15M) BTL4

 Public Key Cryptography (2M)
Public-key cryptography, or asymmetric cryptography, is any cryptographic

system that uses pairs of keys:public keys which may be disseminated widely, and
private keys which are known only to the owner
 Characteristics (3M)
 Six ingredients with explanation (5M)

 Diagrams (2M)
 Steps (3M)
3 Explain DES in detail . (15M) BTL4

 Definition (3M)
DES key length and brute-force attacks. The Data Encryption Standard is a
block cipher, meaning a cryptographic key and algorithm are applied to a block
of data simultaneously rather than one bit at a time
 Structure (6M)
 Diagrams (6M)
 Function (3M)
 Key generation (3M)

UNIT 3- PUBLIC KEY CRYPTOGRAPHY
MATHEMATICS OF ASYMMETRIC KEY CRYPTOGRAPHY: Primes – Primality Testing –

Factorization – Euler‘s totient function, Fermat‘s and Euler‘s Theorem - Chinese Remainder
Theorem – Exponentiation and logarithm - ASYMMETRIC KEY CIPHERS: RSA cryptosystem
– Key distribution – Key management – Diffie Hellman key exchange - ElGamal cryptosystem –
Elliptic curve arithmetic-Elliptic curve cryptography
PART * A
1. List out the attacks to RSA. BTL2
 Brute force - Trying all possible private keys.
 Mathematical attacks - The approaches to factor the product of two prime numbers.
 Timing attack - Depends on the running time of the decryption algorithm
2. What is Primality Test? List the types of Primality Testing. BTL1

A primality test is an algorithm for determining whether an input number is prime or not.
Types of Primality Test:
Fermat Primality Test.

Miller-Rabin Primality Test.
Solovay-strassenPrimality Test.
3. What is Factoring ?BTL1

Factoring is the decomposition of an object into a product of other objects, or factors, which
when multiplied together give the original.
4. What is the meet in the middle attack? BTL1

This is the cryptanalytic attack that attempts to find the value in each of
the range and domain of the composition of two functions such that the forward mapping of one
through the first function is the same as the inverse image of the other through the second function-
quite literally meeting in the middle of the composed function.
5. List Four possible approaches to attack the RSA Algorithm. BTL2

Brute Force
Mathematical Attacks
Timing attacks
Chosen Cipher text attacks
6. Differentiate internal and external error control. BTL3

Internal error control:
In internal error control, an error detecting code also known as frame check sequence or
checksum.
External error control:

In external error control, error detecting codes are appended after encryption.
7. What is the meet in the middle attack? BTL2

This is the cryptanalytic attack that attempts to find the value in each of the range and domain of
the composition of two functions such that the forward mapping of one through the first function
is the same as the inverse image of the other through the second function-quite literally meeting
in the middle of the composed function.
8. What are the applications in RC4 algorithm? BTL1

 WEP Protocol
 LAN Networks
9. What are the uses of RC4? BTL1

 Remarkably Simple And Quite Easy To Explain
 RC4 Is Used In The Wifi Protected Access (WPA)
Protocol That Are Part Of The Ieee 802.11 Wireless Lan Standard
 RC4 Was Kept As A Trade Secret By RSA Security.
PART *B
1. Explain in detail about EL-GAMAL Algorithm. (13M) BTL4 (AU Nov/Dec 2013,
May/June 2015)
Answer:Page no.:424to 426 in William Stallings
 Public key crypto system based on concept of Diffie-Hellman key management(1M)
 Components(2M)
 El Gamal Key generation and steps to generate private and public keys(3M)
 El Gamal Encryption(3M)
 El Gamal Decryption(3M)
 Proof of Decryption(1M)
2. Explain Fermat Theorem. (10M) BTL4

 Fermat’s Theorem: (2M)

Fermat’s theorem states the following: If p is prime and a is a positive integer not
divisible by p, then
 Formulas :(2M)

n 1
a  1(mod p)
 Proof :(3M)
 Example :(3M)
3. Explain about Euler’s theorem. (13M) BTL4

 Euler Theorem : (2M)
Euler’s theorem states that for every a and n that are relatively prime:
 Formula :(3M)
 (n )
a  1(mod n)
 Proof :true if n is prime, because in that case, f(n) = (n - 1)

and Fermat’s theorem holds. However, it also holds for any integer n. Recall that
f(n) is the number of positive integers less than n that are relatively prime to n. (4M)
Consider the set of such integers, labeled as
 Euler’s Totient Function : (4M)
Before presenting Euler’s theorem, we need to introduce an important quantity in

number theory, referred to as Euler’s totient function, written f(n), and defined as
the number of positive integers less than n and relatively prime to n. By convention,
 (1) = 1.
4. I )Explain Chinese Remainder Theorem. (10M) BTL4

 Chinese Remainder Theorem :(3M)

The Chinese remainder theorem is a theorem which gives a unique solution to
simultaneous linear congruences with coprime moduli

 Statements: (2M)
 Example :(5M)
5.
Explain Modular and Discrete Algorithm.(10M) BTL4
 Modular algorithm :(2M)

If a is an integer and n is a positive integer, we define a mod n to be the remainder
whena is divided by n. The integer n is called the modulus.
 Modular arithmetic formula :(1M) a  qn  r 0  r  n; q  [a / n]

a  [a / n]  n  (a mod n)
11mod 7 4;  11mod 7  3
 discrete algorithm(2M)
 Fundamental to public key algorithm(2M)
 Formula(3M)
6. i) Explain RSA algorithm. (6M) BTL4 (Apr/May 2011,Nov/Dec 2011,2012)

 Explain the process in mathematical fact(2M)
 Choose, select, encrypt, transfer cipher text, decrypt.(3M)
 Discuss with an example(1M)
ii) Explain blowfish encryption algorithm. (7M) BTL4

 Algorithm(1M)
 Feistel network(3M)
 Working methodology(2M)
 Example with diagram(1M)
7. Explain Diffie Hellman key exchange. (13M) BTL4

 Key management techniques(3M)

 Explain Diffie Hellman algorithm with steps (3M)
 Provide diagrammatical explanation with example(4M)
 Process explanation with steps and diagram(3M)

8. Explain Elliptical Curve cryptography. (13M) BTL4

 Elliptical curve over Zp(4M)
 Equation of elliptical curve over Zp(3M)
 Elliptic curves over GF(2m) (3M)
Elliptic curve cryptography(3M)
PART * C
1. a) Find 321 and 11 using Fermat’s Theorem(7M) BTL5
b) Find 117 and 13 using fermat’s theorem(8M) BTL5
 Formula:(4M)
 Steps:(3M)
 Formula:(4M)
Steps:(4M)
2. Illustrate how to solve x2≡1(mod 35) using Chinese remainder theorem.(15M)BTL6
A    a c  mod M
k
 i 1 i i  (2M)
C  M  M m  for1  i  k (3M)
1
mod
i i i i
Encryption :(5M)
Decryption:(5M)
3. Estimate 1113 mod 53 using modular exponentiation.(15M) BTL5
 Zn = {0, 1, . . . , (n – 1)} (2M)

 a+b mod n = [a mod n + b mod n] mod n (3M)
Encryption:(5M)
Decryption:(5M)

4. State the CRT and find X for the given set of congruent equations using CRT.
X  2(mod 3)
X  3(mod 5)
X  2(mod 7) (15M) BTL5
(2M)
A    a c  mod M
k
 i 1 i i 
C  M  M  for 1  i  k
1
mod m
i i i i
(3M)
Encryption :(5M)
Decryption:(5M)
5. Solve the following system of congruence’s:

X  12(mod 25)
X  9(mod 26)
X  23(mod 27) (15M) BTL5
A    a c  mod M
k
 i i
(2M)
i 1 
C  M  M m  for1  i  k (3M)
1
mod
i i i i
Encryption :(5M)
Decryption:(5M)
6. Explain Fermats and Euler Theorem.(15M) BTL4

 Explanation (5M)
 Theorem (10M)
7. Evaluate encryption and decryption using RSA algorithm for the following. p=7, q=11;
e=17; m=8. (15M) BTL6
 computing their system modulus N=p.q (2M)

 note ø(N)=(p-1)(q-1)
 STEPS(3M)
 to encrypt a message M the sender:

 obtains public key of recipient KU={e,N}

 computes: C=Me mod N, where 0≤M<N
 to decrypt the ciphertext C the owner:
 uses their private key KR={d,p,q}
 computes: M=Cd mod N
 Encryption(5M)
 Decryption(5M)
8. Evaluate using Diffie-Hellman key exchange technique.Users A and B use a

common prime q=11 and a primitive root alpha=7.
(i) If user A has private key XA=3.What is A’s public key YA?
(ii)If user B has private key XB=6. What is B’s public key YB?
(iii) What is the shared secret key? Also write the algorithm. (15M) BTL6
Answer:Page no.:208 to 211in William Stallings
 prime p, element gZp* (5M)

hA = gx mod p
hB = gy mod p
 Encryption(5M)
 Decryption(5M)
9. Estimate the encryption and decryption values for the RSA algorithm parameters.
P=3, Q=11, E=7, d=?, M=5. (15M) BTL6
 note ø(N)=(p-1)(q-1)
 STEPS(3M)
 Encryption(5M)
 Decryption(5M)
10. Implement RSA Algorithm for the given values, trace the sequence of calculations in RSA.
P=7,q=13,e=5 and M=10. (15M) BTL5
 note ø(N)=(p-1)(q-1)
 STEPS(3M)


 Encryption(5M)
Decryption(5M)
11. Users Alice and Bob use the Diffie Hellman Key exchange technique with a common prime
q=83 and primitive root   5 .
i) if Alice has a private key XA=6,what is the Alice’s public key YA?
ii) If Bob has a private key XB=10, what is Bob’s public key YB?
iii) what is the shared secret key? (15M) BTL6
 prime p, element gZp* (5M)
hA = gx mod p
hB = gy mod p
 Encryption(5M)
 Decryption(5M)

UNIT-4 MESSAGE AUTHENTICATION AND INTEGRITY
Authentication requirement – Authentication function – MAC – Hash function – Security of hash

function and MAC – SHA –Digital signature and authentication protocols – DSS- Entity
Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication applications
- Kerberos, X.509
PART * A
1 Define Kerberos. BTL1

Kerberos is an authentication service developed as part of project Athena at MIT. The problem
that Kerberos address is, assume an open distributed environment in which users at work stations
wish to access services on servers distributed throughout the network.
2 What is Kerberos? Write its uses. BTL2
Kerberos is an authentication service developed as a part of project Athena at MIT. Kerberos
provides a centralized authentication server whose functions are to authenticate servers.
3 What are the requirements defined by Kerberos? BTL1
 Secure
 Reliable
 Transparent
 Scalable
4 In the content of Kerberos, What is realm? BTL1
 A full service Kerberos environment consisting of a Kerberos server, a no. of
clients, no.of application server requires the following
 The Kerberos server must have user ID and hashed password of all participating
users in its database.
 The Kerberos server must share a secret key with each server. Such an
environment is referred to as “Realm”.
5 What is the purpose of X.509 standard? BTL1
X.509 defines framework for authentication services by the X.500 directory to its users.X.509
defines authentication protocols based on public key certificates.
6 What is dual signature? Write its purpose. BTL2
The purpose of the dual signature is to link two messages that intended for two different
recipients. To avoid misplacement of orders.
7 What is the need for authentication applications? BTL1
 Security for E-mail
 Internet protocol security
IP address security.
8 Differentiate public key encryption and conventional encryption. BTL3

Conventional encryption Public key encryption

Same algorithm with same key used for Same algorithm Is used for encryption and
encryption and decryption decryption with a pair of keys
Sender and receiver must share the algorithm Sender and receiver have one of the matched
and key pair key
Key must be kept secret. Any one of the key must be kept secretly.
9
What is message authentication? BTL2
Message authentication is a process that verifies whether the recived message comes from
assigned source has not been altered.
10 Specify the requirements for message authentication. BTL3
 Disclosure
 Traffic analysis
 Masquerade
 Content modification
 Sequence modification
 Timing modification
Repudiation.
11 Specify the four categories of security threats. BTL3

 Interruption
 Interception
 Modification
Fabrication
12 What is message authentication? BTL1

It is a procedure that verifies whether the received message comes from assigned source has not
been altered. It uses message authentication codes, hash algorithms to authenticate the message
13 Define the classes of message authentication function. BTL1

Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a fixed length
value
Hash function: Some function that map a message of any length to fixed length which serves as
authentication
14 What are the requirements for message authentication? BTL1

The requirements for message authentication are
 Disclosure
 Traffic analaysis
 Content modification
 Sequence modification

 Masquerade
 Timing modification
 Source repudiation
 Destination repudiation
15 What do you mean by hash function? BTL4
Hash function accept a variable size message M as input and produces a fixed size hash code
H(M) called as message digest as output. It is the variation on the message authentication code
16 Differentiate MAC and Hash function. BTL3

MAC:
In Message Authentication Code, the secret key shared by sender and receiver. The MAC is
appended to the message at the source at atime which the message is assumed or known to be
correct.
Hash Function:
The hash value is appended to the message at the source at time when the message is assumed or
known to be correct. The hash function itself not considered to be secret
17
Give any three hash algorithm. BTL4
 MD5 (Message Digest version 5) algorithm.
 SHA_1 (Secure Hash Algorithm).
 RIPEMD_160 algorithm.
18 What are the requirements of the hash function? BTL3

 H can be applied to a block of data of any size.
 H produces a fixed length output.
H(x) is relatively easy to compute for any given x, making both hardware and software
implementations practical.
19 What do you mean by MAC? BTL3
MAC is Message Authentication Code. It is a function of message and secret key which produce
a fixed length value called as MAC. MAC = Ck(M)
Where M = variable length message
K = secret key shared by sender and receiver.
CK(M) = fixed length authenticator.

20 Differentiate internal and external error control. BTL3
Internal error control:
In internal error control, an error detecting code also known as frame check sequence or
checksum.
External error control:
In external error control, error detecting codes are appended after encryption.

21 What is the meet in the middle attack? BTL2

This is the cryptanalytic attack that attempts to find the value in each of the range and domain of
the composition of two functions such that the forward mapping of one through the first function
is the same as the inverse image of the other through the second function-quite literally meeting
in the middle of the composed function.
22 What is the role of compression function in hash function? BTL2

The hash algorithm involves repeated use of a compression function f, that takes two inputs and
produce a n-bit output. At the start of hashing the chaining variable has an initial value that is
specified as part of the algorithm. The final value of the chaining variable is the hash value usually
b>n; hence the term compression.
23 What is the difference between weak and strong collision resistance? BTL2
Weak
collision resistance Strong resistance collision
For any given block x, it is It is computationally infeasible to

computationally infeasible to fine find any pair (x,y) such that
y≠x wit H(y)=H(x). H(x)=H(y).
It is proportional to 2n It is proportional to 2 n/2
24 Compare MD5, SHA1 and RIPEMD-160 algorithm.BTL4
MD5 SHA-1 RIPEMD160
Digest length 128 bits 160 bits 160 bits
Basic unit of 512 bits 512 bits 512 bits

proce
ssing
64(4
rounds of 80(4 rounds
No of steps 16) of 20) 160(5 pairs rounds of
16)
Maximum
message infinity 264-1 bits 264-1 bits
size
Primitive
logical 4 4 5
function

Additive
constants 64 4 9
Used
Little
Endianess end ian Big endian Little endian
25 Distinguish between direct and arbitrated digital signature. BTL 3

Direct digital signature Arbitrated Digital Signature
 The arbiter plays a sensitive and

 The direct digital signature
crucial role in this digital signature
involves only the communicating
parties
 Every signed message from a

sender x to a receiver y goes first to
 This may be formed by an arbiter A, who subjects the message and
encrypting the entire message its signature to a number of test to check
with the sender’s private key its origin and content
26. What are the properties a digital signature should have? BTL1
 It must verify the author and the data and time of signature.
 It must authenticate the contents at the time of signature.
 It must be verifiable by third parties to resolve disputes.
27. Mention the significance of Signature function in DSS. BTL4

The signature function also depends on the sender’s private
key (PRa) and a set of parameters known to a group ofcommunicating principals.
The signature function is such that only the sender, with knowledge of the private
key, could have produced the valid signature.
28. What is Elliptic curve? BTL1

An elliptic curveis defined by an equation in two variables with coefficients.
For cryptography, the variables and coefficients are restricted to elements in a finite
field, which results in the definition of a finite abelian group.
29. What are the two approaches of digital signatures? BTL1

 It must verify the author and the date and time of the signature.
 It must authenticate the contents at the time of the signature.
 It must be verifiable by third parties, to resolve disputes.

30. What are the uses of RC4? BTL1

 Remarkably Simple And Quite Easy To Explain
 RC4 Is Used In The Wifi Protected Access (WPA)
Protocol That Are Part Of The Ieee 802.11 Wireless Lan Standard
 RC4 Was Kept As A Trade Secret By RSA Security.
31. What are the security services provided by Digital Signature? BTL1
 MD5
 SHA
32. What is Direct Digital Signature? BTL1
The term direct digital signature refers to a digital signature scheme that involves
only the communicating parties (source, destination). It is assumed that the destination
knows the public key of the source.
33. What are the requirements of Digital Signature? BTL1

 The signature must be a bit pattern
 The signature must use some information
 Signature must be relatively easy to produce the digital signature.
 Signature must be relatively easy to recognize and verify the digital signature.
 Signature must be computationally infeasible to forge a digital signature.
 Signature must be practical to retain a copy of the digital signature in storage.
34. What is Schnorr Digital Signature Scheme? BTL1

The Schnorr signature scheme isbased on discrete logarithms [SCHN89, SCHN91]. The Schnorr
scheme minimizesthe message-dependent amount of computation required to generate a
signature.The main work for signature generation does not depend on the message and can
be done during the idle time of the processor.
PART * B
1. Explain Hash function. (13M) BTL4 (AU Nov/Dec 2012 )

 Authentication function (2M)
is a short piece of information used to authenticate a message—in other words,
to confirm that the message came from the stated sender (its authenticity) and
has not been changed.
 Hash Function function (2M)
A hash function maps a variable-length data block or message into a fixed-length value called a
hashcode.A variation on the message authentication code is the one way hash function. As with
MAC, a hash function accepts a variable size message M as input and produces a fixed-size output,
referred to as hash code H(M).
 Write in detail about MAC(2M)
 Derive the steps(1 M)
 Diagrams and cases(2M)

 Derive the steps(2M)

 Diagrams and cases(2M)
2. Explain MD5 algorithm. (13M) BTL4 (AU May/June 2012, Apr/May 2011)
Answer:Pageno.:353 to 355in William Stallings
 Basic properties of MD5 algorithm(2M)

 Padding(2M)
 Append value(1M)
 Divide input into 512 bit blocks(1M)
 Initializing chaining variables(2M)
 Process blocks(2M)
 Processing of rounds (3M)
3. Explain Secure Hash algorithm. (13M) BTL4 (Nov/Dec 2014,April/May 2013)

 Elaboration of Secure Hash algorithm(3M)

 SHA was designed by NIST & NSA in 1993, revised 1995 as SHA-1
 US standard for use with DSA signature scheme
 standard is FIPS 180-1 1995, also Internet RFC3174
 note: the algorithm is SHA, the standard is SHS
 produces 160-bit hash values

 Obtain original message(2M)

 Find same message digest in SHA512(2M)
 Explain the algorithm with steps(3M)
 Example with structural diagram(3M)
4. Explain Hash Based Message Authentication Code and CMAC .(13M) BTL4
 Structural diagram of HMAC(2M)
 Expand all the functions(2M)

 Explain with steps(1M)
 Creating length of two phases(3M)
 Appending (1M)
 Producing b-bit block(2M)

Security of HMAC (2M)
5. Explain Digital Signatures.(13M) BTL3 (AU Nov/Dec 2011, May/June 2014)

 Digital signature mechanism (2M)
 Requirements of Digital signature (3M)

 Types of Approaches(2M)
 Digital signature types (3M)
 Direct digital signature(1M)
 Arbitrated digital signature (2M)
6. Explain Authentication protocol. (13M) BTL4
Answer: Page no.:386 to 389 in William Stallings
 Mutual authentication(3M)
 Examples of Replay attack(1M)
 Symmetric encryption Approach(3M)
 Time stamps(1M)
 One say authentication(2M)
 Public key encryption approach (3M)
7. Explain digital signature standard. (13M) BTL4 (AU May/June 2014)

Answer: Page no.:427 to 429 in William Stallings
 Digital signature algorithm designed to provide digital signature (3M)

 Diagrammatical expansion(3M)
 Digital signature algorithm(4M)

 Diagrammatical expansion of algorithm with various stages (3M)
8. Explain Authentication applications. (13M) BTL4 (May/June 2015, May/June 2014)

Answer : Page : 476 – William Stallings
 Kerberos
It is an authentication service developed as part of project Athena at MIT. The problem
that Kerberos address is, assume an open distributed environment in which users at work
stations wish to access services on servers distributed throughout the network. It is an
authentication protocol (2M)
 How Kerberos works
It differs from username authentication methods because instead of authenticating each
user to each network service, it uses symmetric encryption and a trusted third party to
authenticate users to a suite of network services (2M)
 Kerberos Message Exchanges (3M)

 Kerberos Overview (2M)
 Kerberos Realm- A full-service Kerberos environment consisting of a Kerberos server, a

number of clients, and a number of application servers. (2M)

 Difference between Kerberos 4 and 5 (1M)

 Kerberos Version 5 Message Exchanges (1M)
9. Explain in detail about X.509. (13M) BTL4 (May/June 2013)

 X 509Authentication service defines the structure of digital certificates
X.509 defines framework for authentication services by the X.500 directory to its
users.X.509 defines authentication protocols based on public key certificates. (2M)
 X.509 Framework- Was initially issued in 1988 with the latest revision in 2000 .Based
on the use of public-key cryptography and digital signatures .Does not dictate the useof
a specific algorithm but recommends RSA.Does not dictate a specific hash algorithm
(2M)
 Public Key Certificate Use

(3M)
 X.509 Format
(3M)
 Obtaining Certificate (2M)
 Certificate Revocation (1M)
PART * C
1 Explain Authentication applications. (15M) BTL4

 Kerberos
It is an authentication service developed as part of project Athena at MIT. The problem
that Kerberos address is, assume an open distributed environment in which users at work
stations wish to access services on servers distributed throughout the network. It is an
authentication protocol (3M)
 How Kerberos works

It differs from username authentication methods because instead of authenticating each

user to each network service, it uses symmetric encryption and a trusted third party to
authenticate users to a suite of network services (3M)
 Steps with protocol (5M)
User client logon
Client authentication
Client service authentication
Client service request
 Diagram
(2M)
 Explanation of working methodology with diagram
(2M)

UNIT 5 – SECURITY PRACTICE AND SYSTEM SECURITY
Electronic Mail security – PGP, S/MIME – IP security – Web Security - SYSTEM SECURITY:
Intruders – Malicious software – viruses – Firewalls.
PART * A
1 Define key Identifier - BTL1

PGP assigns a key ID to each public key that is very high probability unique with a
user ID. It is also required for the PGP digital signature. The key ID associated with
each public key consists of its least significant 64bits.
2 List the limitations of SMTP/RFC 822? – BTL1

 SMTP cannot transmit executable files or binary objects.
 It cannot transmit text data containing national language characters.
 SMTP servers may reject mail message over certain size.
 SMTP gateways cause problems while transmitting ASCII and EBCDIC.
 SMTP gateways to X.400 E-mail network cannot handle non textual data included in
X.400 messages.
3 Define S/MIME. BTL2
Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the MIME
Internet E-mail format standard, based on technology from RSA Data Security.
4 What are the different between SSL version 3 and TLS? BTL1
SSL TLS
In SSL the minor version is 0 and major In TLS, the major version is 3 and the
version is 3 minor version is 1
SSL use HMAC alg., except that the padding TLS makes use of the same alg
bytes concatenation
SSL supports 12 various alert codes TLS supports all of the alert codes
defined in SSL3 with the exception of no
certificate
5 What are the services provided by PGP services? BTL1
 Digital signature
 Message encryption
 Compression
 E-mail compatibility
 Segmentation
6 Why E-mail compatibility function in PGP needed? BTL2

Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate
this restriction PGP provides the service converting the row 8-bit binary stream to a stream of
printable ASCII characters. The scheme used for this purpose is Radix-64 conversion

7 Name any cryptographic keys used in PGP. BTL3

 One-time session conventional keys.
 Public keys.
 Private keys.
 Pass phrase based conventional keys.
8 Define S/MIME .BTL1
Secure / Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the
MIME internet E-mail format standard, based on technology from RSA Data security.
9 What are the services provided by PGP services? BTL2
 Digital signature
 Compression
 Segmentation
 Message encryption
 E-mail compatibility
10 Name any cryptographic keys used in PGP. BTL3
 One time session conventional keys
 Public keys
 Private keys
 Pass phrase based conventional keys.
11 What is security association? BTL2
A security association (SA) is the establishment of shared security attributes between two
network entities to support secure communication.
12 What does Internet key management in IPSec? BTL2
Internet key exchange (IKE) is a key management protocol standard used in conjunction with
the Internet Protocol Security (IPSec) standard protocol. It provides security for Virtual Private
Networks (VPNs) negotiations and network access to random hosts.
13 List out the IKE hybrid protocol dependence. BTL1
 ISAKMP - Internet Security Association and Key Management Protocols.
 Oakley
14
What does IKE hybrid protocol mean? BTL2
Internet Key Exchange (IKE) is a key management protocol standard used in conjunction with
the internet protocol security (IPSec) standard protocol. It provides security for Virtual Private
Networks (VPNs) negotiations and network access to random hosts.
15 What are the two security services provided by IPSec? BTL2
 Authentication Header (AH)
 Encapsulating Security Payload (ESP).
16 What are the fields available in AH header? BTL2
 Next header
 Payload length
 Reserved
 Security parameter
 Sequence number Integrity check value

17 What is virtual private network? BTL2

VPN means virtual private network, a secure tunnel between two devices.
18 What is ESP? BTL2
ESP-encapsulating security payload provides authentication, integrity and confidentiality,
which protect against data tempering and provide message content protection
19 What is Behavior-Blocking Software (BBS)? BTL2

BBS integrates with the OS of a host computer and monitors program behavior in real time for
malicious actions.
20
List password selection strategies. BTL1
 User education
 Reactive password checking
 Computer-generated password.
 Proactive password checking.
Part * B
1 Explain about Email Security. (13M) BTL4

 Modes of Operation
Authentication
Confidentiality
Compression
e-mail compatibility (2M)
 Tunnel mode
It provides the protection to the entire IP Packet (1M)
 Transport mode
It provides protection primarily for upper layer protocols (1M)
 Internet key exchange protocol
Manual
Automated (2M)
 Security Association
It provides a framework for internet key management and provides the specific protocol
support including formats (1M)
 Contents of SAD
 It represent a specification of security services offered to traffic carried through a in-
directional channel from one node to another (1M)

 Authentication Header
 It is used to provide connectionless integrity and data origin authentication for IP
datagrams (1M)
 Authentication Header fields (1M)
Access control
Connectionless integrity
Data origin authentication
Confidentiality
 Anti Replay Attacks
It is a sub protocol of IPsec that is part of Internet engineering task force. The
main goal is to avoid hackers injecting or making changes in packets that travel from a
source to destination (1M)
 Values in sliding window (2M)
2 Explain in detail about IPSEC. (13M) BTL4
 IP v4
Specifies an IPv4 address or range of addresses that are authorized senders for a domain
(2M)
 IP v6
Specifies an IPv6 address or range of addresses that are authorized senders for a domain.
(2M)
 AH tunnel modes
It authenticates the entire inner IP packet selected portion of outer IP header
(1M)
 IP header
An IP header is header information at the beginning of an IP packet which contains
information about IP version, source IP address, destination IP address, time-to-
live (2M)
 New IP header (1M)
 TCP header
TCP is the primary transport protocol used to provide reliable, full-duplex
connections. The most common use of TCP is to exchange TCP data encapsulated
in an IP datagram. (2M)

 Original data
It refers to any data object that hasn't undergone thorough processing, either
manually or through automated computer software. (2M)
 Original IP header (1M)
3 Explain Encapsulating security payload. (13M) BTL4
 ESP consists of an encapsulating header and trailer used to provide encryption or combined
encryption/ authentication. The current specification is RFC 4303, IP Encapsulating
Security Payload (ESP).The purpose is to provide confidentiality and integrity of messages
(3M)
 ESP Transport mode (1M)

Transport mode ESP is used to encrypt and optionally authenticate the data carried
by IP
 Operation of ESP Transport mode (4M)
 ESP tunnel mode

Tunnel mode ESP is used to encrypt an entire IP packet. For this mode, the ESP
header is prefixed to the packet and then the packet plus the ESP trailer is encrypted. This
method can be used to counter traffic analysis (1M)
 Operation of ESP tunnel mode (4M)

4 Explain Internet security Association and Key Management Protocol. (13M) BTL4
 Procedures and formats for establishing maintaining and deleting Security Association
information (1M)
 IP Seckey management (2M)
 Initiator cookie (1M)
 Responder cookie (1M)
 Major and minor version (3M)
 Message ID (1M)
 Length (1M)
 Payloads (2M)
 Exchange types (1M)

5 Explain about WEB security. (13M) BTL4 (Apr/May 2011, Nov/Dec 2011, Nov/Dec 13,
May/June 2015)
 Secure socket layer

It is the standard security technology for establishing an encrypted link between a
web server and a browser. This link ensures that all data passed between the web
server and browsers remain private and integral. (2M)
 How SSL works

After connection is made, the session key is used to encrypt all transmitted data.
Browser connecte to a web serer secured with SSL and request the server identity.
Server sends a copy of its SSL certificate (2M)
 Handshake protocol (2M)

 Change cipher spec protocol (1M)

 Record protocol (1M)
 Alert protocol (1M)
 Fatal alerts (2M)
 Transport layer security (2M)
Definition
Architecture
Parameter
Architecture Diagram
6 Explain public key infrastructure. (13M) BTL4 (Nov/Dec 2013)

 It is a model for creating, distributing and revoking certificates based on X.509. A

set of policies, processes, server platforms, software and workstations used for the
purpose of administering certificates and public-private key pairs, including the
ability to issue, maintain, and revoke public key certificates
(1M)
 End entity
A generic term used to denote end users, devices (e.g., servers, routers), or
any other entity that can be identified in the subject field of a public-key
certificate. End entities typically consume and/or support PKIrelated
services
(1M)
 Certification authority
The issuer of certificates and (usually) certificate revocation lists (CRLs). It
may also support a variety of administrative functions, although these are
JIT-2106/CSE/ Mr. A.SATHEESH /IV Yr/SEM 07/CS8792/CRYPTOGRAPHY & NETWORK SECURITY/UNIT 1- 5/QB+Keys
often delegated to one or more Registration Authorities. (2M)
 Registration authority
An optional component that can assume a number of administrative
functions from the CA. The RA is often associated with the end entity
registration process but can assist in a number of other areas as well. (2M)
 CRI issuer
An optional component that a CA can delegate to publish CRLs (1M)
 Repository
A generic term used to denote any method for storing certificates and
CRLs so that they can be retrieved by end entities. (1M)
 PKI Architecture – Diagram (2M)
 PKI management functions (2M)

Registration
Initialization
Certification
Key pair recovery
Key pair update
Revocation request
Cross certification
 PKI management protocols (1M)
PART * C
1 Explain E-mail security. (15M) BTL4

 Security Services for E-mail (2M)

 Possible Attacks through E-mail (2M)
 Establishing Keys privacy (2M)
 Authentication of source (2M)

 Message Integrity (2M)
 NonRepudiation (1M)
 PGP (2M)
 S/MIME (2M)
2 Explain IP Security. (15M) BTL4

 Security policy (3M)

Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
 Encapsulating security payload (3M)
Diagram
Format
Algorithm
 Internet key exchange (3M)
Manual
Automated
OKDP
ISAKMP
 Cryptographic suites (3M)
ESP encryption
ESP integrity
IKE encryption
IKE PRF
IKE Integrity
IKE DH group
 Diagrams (3M)
3 Explain Web Security. (15M) BTL4

 Secure socket layer (3M)
It is designed to make use of TCP to provide a reliable end-to-end secure service.

Connection
Session
 Protocols and its working (3M)
Confidentiality
Message Integrity
fragmentation
compression
message authentication code
 differentiation of SSL and TSL (4M)
BASIS FOR
SSL TLS
COMPARISON
Cryptography Uses message digest of Uses a pseudorandom

secret the pre-master secret for function to create master
creating master secret. secret.
Record protocol Uses MAC (Message Uses HMAC (Hashed

Authentication Code) MAC)
Alert protocol The "No certificate" alert It eliminates alert

message is included. description (No certificate)
and adds a dozen other
values.
Message Ad hoc Standard

authentication
key material Ad hoc Pseudorandom function

authentication
Certificate verify Complex Simple
Finished Ad hoc Pseudorandom function
 Diagrams (5M)
SSH Protocol Exchange SSL Handshake Protocol
JIT-2106/IT/Mrs. Daya Mathew/IV Yr/SEM 07/CS8792/CRYPT OGRAPHY & NETWORK SECURITY/UNIT 1- 5/QB+Keys /Ver3.0
2.55
4. Explain about Firewall and types of Firewall and Design of Firewall. (13M) BTL4
(Apr/May 2011, Nov/Dec 2011, May/June 2012, Nov/Dec 2012, Nov/Dec 2013, May/June
2015)
 Firewall (1M)
A choke point of control and monitoring,interconnects networks with differing trust,imposes
restrictions on network services,only authorized traffic is allowed,auditing and controlling access
,can implement alarms for abnormal behavior
 Types of firewall
(i) Packet filtering router firewall
Protecting internal users from the external network threats is to implement this type of
security (1M)
 Diagram(2M)
 Advantages and Disadvantages(1M)

(ii) Application Level Gateway
Have application specific gateway / proxy,has full access to protocol,user
requests service from proxy ,proxy validates request as legal,then actions request and returns
result to user,can log / audit traffic at application level (1M)
2.56
 Diagram(2M)
(iii) Circuit Level Gateway- relays two TCP connections,imposes security bylimiting
which such connections are allowed ,once created usually relays traffic without
examining contents.(1M)
 Diagram(2M)
2.57
5. Explain in detail about Intrusion detection system. (13M) BTL4 (Nov/Dec 2011, May/June
2014)
 Intrusion Detection Systems look for attack signatures, which are specific patterns that
usually indicate malicious or suspicious intent.
(1M)
 Statistical anomaly detection
Involves the collection of data relating to the behavior of legitimate users over a period of
time (2M)
 Rule based detection
Involves as a set of rules can be used to decide given behavior of an intruder (2M)
 Distributed intrusion detection
System should detect a substantial percentage of intrusion while keeping the false alarm
rate at acceptable level. (2M)
 Rule based penetration identification (2M)
 Architecture for distribution intrusion detection – diagram (2M)
2.58
 LAN Monitor agent module

Operates same as a host agent module except that is analyzes LAN traffic and reports the
results to the central manager. (1M)
 Honey Pot
Relatively recent innovation in intrusion detection technology (1M)
6. Explain about Malicious software viruses. (13M) BTL4 (May/June 2012, Nov/Dec 2012,
May/June 2013, Nov/Dec 2013, May/June 2014, May/June 2015)
Answer : Page : 645 & 650 – William Stallings
 Malicious programs
Overall taxonomy of software threats (1M)
 Virus
It is a program that can infect other programs by modify them (1M)
 Four phases
Dormant phase
Propagation phase
Triggering phase
Execution phase (1M)
 Virus structure
Virus can be postpeneled to an executable program (1M)
 Types of virus
Macro virus
E mail virus
Morris virus
Worm (1M)
 Macro virus
Platform independent virus infect the documents and easily spread (2M)
 E mail virus
It spreads through mails, use of MS embedded in attachment (2M)
 Worm
It seeks out more machines to infect and every machine that is infected serves as a launch is
2.59
automatic padeling for attacks on other machines (2M)

Virus counter measures (2M)
7. Explain about Various types of Configurations or Firewall Designs in Firewall. (13M) BTL4
The three basic firewall designs are considered: a single-homed bastion host, a dual-homed bastion
host, and a screened subnet firewall.(1M)
(i) Screened Host Firewall (Single-Homed Bastion Host)
Uses a single-homed bastion host plus a packet-filtering router. Single-homed bastion
hosts can be configured as either circuit-level or application-level gateways. When
using either of these two gateways, each of which is called a proxy server, the bastion
host can hide the configuration of the internal network.(1M)
 Diagram(2M)

(ii) Screened Host Firewall (Dual-Homed Bastion Host)
The configuration of the screened host firewall using a dual-homed bastion host adds
significant security, compared with a single-homed bastion host. Dual-homed bastion host has two
network interfaces. (1M)
 Diagram(2M)
 Advantages and Disadvantages(1M)

(iii) Screened Subnet Firewall
The third implementation of a firewall is the screened subnet, which is also known as a
DMZ. This firewall is the most secure one among the three implementations, simply because it uses a
2.60
bastion host to support both circuit- and application-level gateways. All publicly accessible devices,
including modem and server, are placed inside the DMZ. (1M)
 Diagram(2M)
 Advantages and Disadvantages(1M)
8. Explain Internet Firewall and its related terminology. (15M) BTL4

Answer : Page : CHAPTER 22 – William Stallings
 Need for firewall
It is a mechanism that protects and isolates internal network (3M)
 Characteristics
Service control
Direction control
User control
Behavior control (3M)
 Types of firewall
Packet filter
Application level gateway
Circuit level gateway (3M)
 Firewall
The host is a system identified by the firewall administrator as a critical strong point in the
network security (3M)
 Firewall location and configuration
The first type of firewall is a screened host which uses a single homes bastion host plus a
packet filtering router. It uses two or more network interfaces
It is a network architecture that uses single firewall with 3 network interface.(3M)
2.61

Jit QP

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Jit QP

Uploaded by

Copyright:

Available Formats

REGULATION :2017 ACADEMIC YEAR : 2022-2023

CS8792 CRYPTOGRAPHY AND NETWORK SECURITY LTPC3003

 To understand Cryptography Theories, Algorithms and Systems.

 To understand necessary Approaches and Techniques to build protectionmechanisms

UNIT II SYMMETRIC CRYPTOGRAPHY 9

UNIT III PUBLIC KEY CRYPTOGRAPHY 9

UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY 9

UNIT V SECURITY PRACTICE AND SYSTEM SECURITY 9

At the end of the course, the student should be able to:

 Understand the fundamentals of networks security, security architecture, threats and

 Apply the different cryptographic operations of symmetric cryptographic algorithms

 Apply the different cryptographic operations of public key cryptography

 Apply the various Authentication schemes to simulate different applications.

 Understand various Security practices and System security standards

2. BehrouzA.Foruzan, Cryptography and Network Security, Tata McGraw Hill 2007.

Subject Code: CS8792 Year/Semester: IV/07

1. Specify the four categories of security threats. BTL3

3. Define integrity and non-repudiation.BTL1

Differentiate symmetric and asymmetric encryption.BTL3

Example: Encryption algorithm, Digital signature, Authentication protocols

7. Define steganography. BTL1

8. Why network needs security? BTL2

10. Define cryptography.BTL1

11. Compare Substitution and Transposition techniques. BTL2

13 Define Multiple Encryption. BTL2

14 Specify the design criteria of block cipher. BTL3

18 Define computer security. BTL1

19 What are hill cipher merits and demerits? BTL1

20. List-out the types of attack in ceaser cipher. BTL2

22 Write short notes Congruence. BTL3

What is Key? BTL1

24 What is Plain text &Ciphertext? BTL1

Plaintext:An original message is known as the plaintext(Readable format)

25 List the different Types of Ciphers. BTL2

1. i) Explain about symmetric cipher models (May/June 2012) (13M) BTL 4

 Symmetric cipher model (2M)

 Mono alphabetic Cipher: permutation of the 26 alphabetic characters (1M))

4 Explain Security Services.(10M)BTL4

 Authentication: assuring that a communication is authentic (2M)

5 Explain various Security Mechanisms.(8M) BTL4

 Specific Security Mechanism : incorporated into the appropriate protocol (2M)

6 Explain various Security Attacks.(13M) BTL4

 Passive Attack:nature of eavesdropping on, or monitoring of, transmissions (1M)

5. Explain Security Attacks.(15M) BTL4

 Security Attacks (3M)

 Active attacks (3M)

6. Explain Network Security Services. (15M) BTL4

 Access control (3M)

 Availability services (2M)

UNIT 2- SYMMETRIC CRYPTOGRAPHY

MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY: Algebraic structures - Modular

2 Differentiate unconditionally secured and computationally secured .BTL1

3 What are the design parameters of Feistel cipher network? BTL1

4 Define Product cipher. BTL1

5 Explain Avalanche effect. BTL1

6 Define Diffusion & Confusion. BTL1

7 Give the five modes of operation of Block cipher. BTL2

State advantages of counter mode. BTL2

9 Define Multiple Encryption BTL2

10 Specify the design criteria of block cipher. BTL4

11 Define Reversible mapping. BTL5

12 Specify the basic task for defining a security service. BTL6