Top Banner
JERUSALEM COLLEGE OF ENGINEERING DEPARTMENT OF INFORMATION TECHNOLOGY QUESTION BANK- Unit – I Subject : CS-2352 -Cryptography and Network Security Year/Sem. : III/VI Staff Name : X. Anita Part – A 1. What is cryptanalysis and cryptography?(Dec-2009) Cryptanalysis: It is a process of attempting to discover the key or plaintext or both Cryptography: It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography 2. Define threat and attack.(Dec-2009) Threat: Potential for violation of security. Attack: Assault on system security that derives from an intelligent threat. 3. How will you perform attack on Hill Cipher?(Dec-2010) 4. What is the disadvantage of one time pad encryption algorithm?(April-2008) There is a practical problem of making large quantities of random keys. Key distribution and protection is major problem. 5. When an encryption algorithm is said to be computationally secure?(April-2007) Encryption is computationally secured means,
71
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: cns final

JERUSALEM COLLEGE OF ENGINEERING

DEPARTMENT OF INFORMATION TECHNOLOGY

QUESTION BANK- Unit – I

Subject : CS-2352 -Cryptography and Network Security

Year/Sem. : III/VI

Staff Name : X. Anita

Part – A

1. What is cryptanalysis and cryptography?(Dec-2009)

Cryptanalysis:

It is a process of attempting to discover the key or plaintext or both

Cryptography:

It is a science of writing Secret code using mathematical techniques. The many

schemes used for enciphering constitute the area of study known as cryptography

2. Define threat and attack.(Dec-2009)

Threat: Potential for violation of security.

Attack: Assault on system security that derives from an intelligent threat.

3. How will you perform attack on Hill Cipher?(Dec-2010)

4. What is the disadvantage of one time pad encryption algorithm?(April-2008)

There is a practical problem of making large quantities of random keys.

Key distribution and protection is major problem.

5. When an encryption algorithm is said to be computationally secure?(April-2007)

Encryption is computationally secured means,

1. The cost of breaking the cipher exceed the value of enough information.

2. Time required to break the cipher exceed the useful lifetime of information.

6. Give any four names of substitution techniques(April-2007)

Ceaser cipher, monoalphabetic cipher, playfair cipher, hill cipher

7. What are the services defined by x.800?(April-2007)

Authentication

Access control

Data confidentiality

Data integrity

Non repudiation.

8. What are the types of attacks on encrypted message.(Nov-2007)

Cipher text only

Known plain text

Page 2: cns final

Chosen plain text

Chosen cipher text

Chosen text

9. Find gcd(56,86) using euclid’s algorithm.(Nov-2007)

q q1 q2 r

1 86 56 30

1 56 30 26

1 30 26 4

6 26 4 2

2 4 2 0

Gcd(56, 86) = 2

10. What are the key principles of security? (May-2009)

Security mechanism usually involve more than a particular algorithm or protocol.

11. How does simple columnar transposition work?(May-2009)

Key specifies the order in which the scrambling to be done.

12. Show that 3 is a primitive root of 7(May-2009)

All resultants of 3n mod 7 is a non zero value. So 3 is a primitive root of 7.

13. What for the Miller Rabin algorithm is used?(April-2008)

Test the primality of a large number.

14. Find the GCD of 2740 and 1760 using Euclidian algorithm.(May-2009)

q q1 q2 r

1 2740 1760 980

1 1760 980 780

1 980 780 200

3 780 200 180

1 200 180 20

9 180 20 0

Gcd(2740, 1760) = 20

15. Briefly define the Caesar cipher.

Each character in plain text is replaced by a letter that is 3 places down the alphabet to form

the cipher text.

16. What is the difference between a block cipher and a stream cipher?

Block cipher- Plain text is processed as a block of bits.

Stream cipher- Plain text is processed as a stream of bits.

17. What are the two approaches to attacking a cipher?

Page 3: cns final

Cryptanalysis and Brute force attack.

18. Which parameters and design choices determine the actual algorithm of

a feistel cipher?

Block size, key size, number of rounds, subkey generation algorithm, round function, ease

of analysis.

19. Explain active and passive attack with example?

Passive attack:

Monitoring the message during transmission.

Eg: Interception

Active attack:

It involves the modification of data stream or creation of false data stream.

E.g.: Fabrication, Modification, and Interruption

20. Differentiate symmetric and asymmetric encryption?

Symmetric encryption – Same key is used for encryption and decryption.

Assymmetric encryption – Different keys for encryption and decryption.

20. Define Fermat Theorem.

If P is prime and a is a positive integer not divisible by P, then

a P-1 =1 mod P.

21. Write a note on modular exponentiation.

Exponentiation is performed by repeated multiplication as in ordinary arithmetic.

22. What for finite fields are used?

Finite fields is used in designing cryptographic algorithm.

23. Define Euler's theorem and its applications.

Euler’s theorem states that every a and n are relatively prime.

aΦ(n)=1(mod n)

Part – B

1. Explain the OSI security architecture along with the services available(16)(Dec-2009)

The OSI security architecture focuses on security attacks,mechanisms,and services. These

can be defined briefly as follows:

• Security attack: Any action that compromises the security of information owned by an

organization.

• Security mechanism: A process (or a device incorporating such a process) that is designed

to detect, prevent,or recover from a security attack.

• Security service: A processing or communication service that enhances the security of the

Page 4: cns final

data processing systems and the information transfers of an organization. The services are

intended to counter security attacks, and they make use of one or more security mechanisms

to provide the service

Security Attack

any action that compromises the security of information owned by an organization

often threat & attack used to mean same thing

generic types of attacks:

◦ Passive

◦ Active

Security Service

◦ enhance security of data processing systems and information transfers of an

organization

◦ intended to counter security attacks

◦ using one or more security mechanisms

◦ often replicates functions normally associated with physical documents

which, for example, have signatures, dates; need protection from disclosure,

tampering, or destruction; be notarized or witnessed; be recorded or licensed

◦ Authentication - assurance that the communicating entity is the one claimed

◦ Access Control - prevention of the unauthorized use of a resource

◦ Data Confidentiality –protection of data from unauthorized disclosure

◦ Data Integrity - assurance that data received is as sent by an authorized entity

◦ Non-Repudiation - protection against denial by one of the parties in a communication

Security Mechanism

feature designed to detect, prevent, or recover from a security attack

no single mechanism that will support all services required

however one particular element underlies many of the security mechanisms in use:

◦ cryptographic techniques

2. Given the key "MONARCHY" apply play fair to pain text "FACTIONALISM" to ensure

confidentially at the destination, decrypt the ciphertext and establish authenticity(8)(Dec-

2009)

Playfair Key Matrix

a 5X5 matrix of letters based on a keyword

fill in letters of keyword (sans duplicates)

fill rest of matrix with other letters

eg. using the keyword MONARCHY

Page 5: cns final

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

Encrypting and Decrypting

plaintext is encrypted two letters at a time

1. if a pair is a repeated letter, insert filler like 'X’

2. if both letters fall in the same row, replace each with letter to right(wrapping back to

start from end)

3. if both letters fall in the same column, replace each with the letter below it (again

wrapping to top from bottom)

4. otherwise each letter is replaced by the letter in the same row and in the column of

the other letter of the pair

Security of Playfair Cipher

security much improved over monoalphabetic

since have 26 x 26 = 676 digrams

would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic)

and correspondingly more ciphertext

was widely used for many years

◦ eg. by US & British military in WW1

it can be broken, given a few hundred letters

since still has much of plaintext structure

3. Explain the concept of monoalphabetic cipher and polyalphabetic

substitution ciphers with examples. (16)(Dec-2010)

Monoalphabetic Cipher

rather than just shifting the alphabet

could shuffle (jumble) the letters arbitrarily

each plaintext letter maps to a different random ciphertext letter

hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Page 6: cns final

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security

now have a total of 26! = 4 x 1026 keys

problem is language characteristics

Polyalphabetic Ciphers

polyalphabetic substitution ciphers

improve security using multiple cipher alphabets

make cryptanalysis harder with more alphabets to guess and flatter frequency distribution

use a key to select which alphabet is used for each letter of the message

use each alphabet in turn

repeat from start after end of key is reached

4. Write in detail about LFSR sequence.(16)

A linear feedback shift register (LFSR) is a shift register whose input bit is a linear func-

tion of its previous state.

The only linear function of single bits is xor, thus it is a shift register whose input bit is

driven by the exclusive-or (xor) of some bits of the overall shift register value.

The initial value of the LFSR is called the seed, and because the operation of the register is

deterministic, the stream of values produced by the register is completely determined by its

current (or previous) state. Likewise, because the register has a finite number of possible

states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen

feedback function can produce a sequence of bits which appears random and which has a

very long cycle.

Applications of LFSRs include generating pseudo-random numbers, pseudo-noise se-

quences, fast digital counters, and whitening sequences. Both hardware and software imple-

mentations of LFSRs are common.

 intercept and recover a stretch of LFSR output stream used in the system described, and from that

stretch of the output stream can construct an LFSR of minimal size that simulates the intended re-

ceiver by using the Berlekamp-Massey algorithm. This LFSR can then be fed the intercepted stretch

of output stream to recover the remaining plaintext.

Page 7: cns final

Three general methods are employed to reduce this problem in LFSR-based stream ciphers:

Non-linear  combination of several bits from the LFSR state;

Non-linear combination of the output bits of two or more LFSRs (see also: shrinking gener-

ator); or

Irregular clocking of the LFSR, as in the alternating step generator.

5. When do you say an algorithm in computationally secure ? Can you suggest an encryption

scheme which is unconditionally secure? Explain(8)(Dec-2010)

6. How are arithmetic operations on integers carried out from their residues modulo a set of

pair wise relatively prime moduli? Give the procedure to reconstruct the integers from the

residues.(8)

7. Explain classical cryptographic techniques in detail.(16)

Classical Substitution Ciphers

letters of plaintext are replaced by other letters or by numbers or symbols

plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit

patterns with cipher text bit patterns

Caesar Cipher

earliest known substitution cipher

first attested use in military affairs

replaces each letter by 3rd letter on

example:

meet me after the toga party

Page 8: cns final

PHHW PH DIWHU WKH WRJD SDUWB

can define transformation as:

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar cipher as:

c = E(p) = (p + k) mod (26)

p = D(c) = (c – k) mod (26)

Vigenère Cipher

simplest polyalphabetic substitution cipher

effectively multiple caesar ciphers

key is multiple letters long K = k1 k2 ... kd

ith letter specifies ith alphabet to use

use each alphabet in turn

repeat from start after d letters in message

decryption simply works in reverse

Autokey Cipher

ideally want a key as long as the message

Vigenère proposed the autokey cipher

with keyword is prefixed to message as key

knowing keyword can recover the first few letters

use these in turn on the rest of the message

but still have frequency characteristics to attack

eg. given key deceptive

key: deceptivewearediscoveredsav

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

One-Time Pad

if a truly random key as long as the message is used, the cipher will be secure

called a One-Time pad

is unbreakable since ciphertext bears no statistical relationship to the plaintext

since for any plaintext & any ciphertext there exists a key mapping one to other

can only use the key once though

Page 9: cns final

problems in generation & safe distribution of key

8. Write short notes on security services. (8)

Security Service

◦ enhance security of data processing systems and information transfers of an

organization

◦ intended to counter security attacks

◦ using one or more security mechanisms

◦ often replicates functions normally associated with physical documents

which, for example, have signatures, dates; need protection from disclosure,

tampering, or destruction; be notarized or witnessed; be recorded or licensed

◦ Authentication - assurance that the communicating entity is the one claimed

◦ Access Control - prevention of the unauthorized use of a resource

◦ Data Confidentiality –protection of data from unauthorized disclosure

◦ Data Integrity - assurance that data received is as sent by an authorized entity

◦ Non-Repudiation - protection against denial by one of the parties in a communication

Jerusalem College of Engineering

Department of Information Technology

Page 10: cns final

Subject : IT2352-Cryptography and Network Security

Year/Sem :III/VI Name of the Faculty: X.Anita

Unit – II

Part – A

1. When the number of rounds in DES is less, what kind of cryptanalysis is easier?(Nov-2010)

Differential cryptanalysis is easier.

2. State how timing attack in RSA can be avoided.(Nov-2010)

Constant exponentiation time, random delay, blinding.

3. If a bit error occurs in plain text block p1,how far does the error propagate in CBC mode of

DES?(May-2008)

In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and

that will be used along with P2 and hence a bit error in P1 will cause the error to propagate

through out the process but it is not so in CBS mode.

4. What is the role of a primitive root in Diffie-Hellman Key exchange?(Nov-2010)

In key generation.

5. Identify any two applications where one way authentication is necessary.

E-mail, Kerberos protocol, X.509 protocol

6. If a bit error occurs in plain text block P1, how far does the error propagate in CBS mode of

DES and 8-bit CFB mode of DES?(Nov-2008)

In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and

that will be used along with P2 and hence a bit error in P1 will cause the error to propagate

through out the process but it is not so in CBS mode.

10. Define Diffusion & confusion.

Diffusion: Statistical structure of the plaintext is dissipated into long-range statistics of cipher

text.

Confusion: Relationship between cipher text and key is made complex.

Page 11: cns final

11. How is the S-box constructed?(Nov-2007)

S-box is initialized with nibble value. Treat each nibble as an element of finite field GF

(24)modulo x4+x+1.

12. Briefly describe the Key Expansion Algorithm.

AES key expansion algorithm takes as input a 4 word key and produce a linear array of 44

words. Key is copied into first 4 words of the encrypted key. Remaining key is filled in 4

words at a time.

13. List the evaluation criteria defined by NIST for AES?

Security, cost, algorithm and implementation characteristics.

14. What is a one way function?

Used to test the primality of larger prime number.

15. What for the Miller Rabin algorithm is used?(May-2008)

General security, Software implementation, Restricted space environment, hardware imple-

mentation, attacks on implementation.

Part – B

1. Given 10bit key k=1010000010. determine K1,K2 where

P10= 3 5 2 7 4 10 1 9 8 6 p8 = 6 3 7 4 8 5 10 9

by using SDES key generation method.(10)(Nov-2009)

2. Apply public key encryption to establish confidentiality in the message from A to B. you are

given m=67. KU={7,187}, KR={23,187}.(8)(Nov-2009)

3. In AES,explain how the encryption key is expanded to produce keys for the10 rounds.(May-

2008)

AES Key Expansion

takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words

start by copying key into first 4 words

Page 12: cns final

then loop creating words that depend on values in previous & 4 places back

◦ in 3 of 4 cases just XOR these together

◦ 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th

back

Key Expansion Rationale

designed to resist known attacks

design criteria included

◦ knowing part key insufficient to find many more

◦ invertible transformation

◦ fast on wide range of CPU’s

◦ use round constants to break symmetry

◦ diffuse key bits into round keys

◦ enough non-linearity to hinder analysis

◦ simplicity of description

4. What are the relative merits and demerits of block cipher modes of operations ? (8) (Nov-

2010)

Modes of Operation

Electronic Codebook Book (ECB):

message is broken into independent blocks which are encrypted

each block is a value which is substituted, like a codebook, hence name

each block is encoded independently of the other blocks

Ci = DESK1(Pi)

uses: secure transmission of single values

Page 13: cns final

Advantages and Limitations of ECB

message repetitions may show in ciphertext

◦ if aligned with message block

◦ particularly with data such graphics

◦ or with messages that change very little, which become a code-book analysis

problem

weakness is due to the encrypted message blocks being independent

main use is sending a few blocks of data

Cipher Block Chaining (CBC):

message is broken into blocks

linked together in encryption operation

each previous cipher blocks is chained with current plaintext block, hence name

use Initial Vector (IV) to start process

Ci = DESK1(Pi XOR Ci-1)

C-1 = IV

uses: bulk data encryption, authentication

Page 14: cns final

Advantages and Limitations of CBC

a ciphertext block depends on all blocks before it

any change to a block affects all following ciphertext blocks

need Initialization Vector (IV)

◦ which must be known to sender & receiver

◦ if sent in clear, attacker can change bits of first block, and change IV to compensate

◦ hence IV must either be a fixed value (as in EFTPOS)

◦ or must be sent encrypted in ECB mode before rest of message

Cipher FeedBack (CFB):

message is treated as a stream of bits

added to the output of the block cipher

result is feed back for next stage (hence name)

standard allows any number of bit (1,8, 64 or 128 etc) to be feed back

◦ denoted CFB-1, CFB-8, CFB-64, CFB-128 etc

most efficient to use all bits in block (64 or 128)

Ci = Pi XOR DESK1(Ci-1)

C-1 = IV

uses: stream data encryption, authentication

Page 15: cns final

Advantages and Limitations of CFB

appropriate when data arrives in bits/bytes

most common stream mode

limitation is need to stall while do block encryption after every n-bits

note that the block cipher is used in encryption mode at both ends

errors propogate for several blocks after the error

Output FeedBack (OFB):

message is treated as a stream of bits

output of cipher is added to message

output is then feed back (hence name)

feedback is independent of message

can be computed in advance

Ci = Pi XOR Oi

Oi = DESK1(Oi-1)

O-1 = IV

uses: stream encryption on noisy channels

Advantages and Limitations of OFB

bit errors do not propagate

more vulnerable to message stream modification

a variation of a Vernam cipher

◦ hence must never reuse the same sequence (key+IV)

sender & receiver must remain in sync

originally specified with m-bit feedback

subsequent research has shown that only full block feedback (ie CFB-64 or CFB-128)

Page 16: cns final

should ever be used

Counter (CTR):

a “new” mode, though proposed early on

similar to OFB but encrypts counter value rather than any feedback value

must have a different key & counter value for every plaintext block (never reused)

Ci = Pi XOR Oi

Oi = DESK1(i)

uses: high-speed network encryptions

Advantages and Limitations of CTR:

efficiency

◦ can do parallel encryptions in h/w or s/w

◦ can preprocess in advance of need

◦ good for bursty high speed links

random access to encrypted data blocks

provable security (good as other modes)

but must ensure never reuse key/counter values, otherwise could break (cf OFB)

5. Explain types of attacks on double DES and triple DES.

Double-DES

could use 2 DES encrypts on each block

◦ C = EK2(EK1(P))

issue of reduction to single stage

and have “meet-in-the-middle” attack

◦ works whenever use a cipher twice

Page 17: cns final

◦ since X = EK1(P) = DK2(C)

◦ attack by encrypting P with all keys and store

◦ then decrypt C with keys and match X value

◦ can show takes O(256) steps

Triple-DES with Three-Keys

although are no practical attacks on two-key Triple-DES have some indications

can use Triple-DES with Three-Keys to avoid even these

◦ C = EK3(DK2(EK1(P)))

has been adopted by some Internet applications, eg PGP, S/MIME

6. Explain briefly about public key cryptography (8 )(May-2007)

Public-Key Cryptography

public-key/two-key/asymmetric cryptography involves the use of two keys:

◦ a public-key, which may be known by anybody, and can be used to encrypt

messages, and verify signatures

◦ a private-key, known only to the recipient, used to decrypt messages, and sign

(create) signatures

is asymmetric because

◦ those who encrypt messages or verify signatures cannot decrypt messages or create

signatures

Public-Key Characteristics:

Public-Key algorithms rely on two keys where:

◦ it is computationally infeasible to find decryption key knowing only algorithm &

encryption key

Page 18: cns final

◦ it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key

is known

◦ either of the two related keys can be used for encryption, with the other used for

decryption (for some algorithms)

7. Discuss in detail RSA algorithm , highlighting its computational aspect and security.(Nov-

2007)

RSA Key Setup

each user generates a public/private key pair by:

selecting two large primes at random - p, q

computing their system modulus n=p.q

◦ note ø(n)=(p-1)(q-1)

selecting at random the encryption key e

where 1<e<ø(n), gcd(e,ø(n))=1

solve following equation to find decryption key d

◦ e.d=1 mod ø(n) and 0≤d≤n

publish their public encryption key: PU={e,n}

keep secret private decryption key: PR={d,n}

RSA Key Generation

users of RSA must:

◦ determine two primes at random - p, q

◦ select either e or d and compute the other

primes p,q must not be easily derived from modulus n=p.q

◦ means must be sufficiently large

◦ typically guess and use probabilistic test

Page 19: cns final

exponents e, d are inverses, so use Inverse algorithm to compute the other

RSA Security

possible approaches to attacking RSA are:

◦ brute force key search (infeasible given size of numbers)

◦ mathematical attacks (based on difficulty of computing ø(n), by factoring modulus n)

◦ timing attacks (on running of decryption)

◦ chosen ciphertext attacks (given properties of RSA)

Factoring Problem

mathematical approach takes 3 forms:

◦ factor n=p.q, hence compute ø(n) and then d

◦ determine ø(n) directly and compute d

◦ find d directly

currently believe all equivalent to factoring

◦ have seen slow improvements over the years

as of May-05 best is 200 decimal digits (663) bit with LS

◦ biggest improvement comes from improved algorithm

cf QS to GHFS to LS

◦ currently assume 1024-2048 bit RSA is secure

ensure p, q of similar size and matching other constraints

Timing Attacks

exploit timing variations in operations

◦ eg. multiplying by small vs large number

◦ or IF's varying which instructions executed

infer operand size based on time taken

RSA exploits time taken in exponentiation

countermeasures

◦ use constant exponentiation time

◦ add random delays

◦ blind values used in calculations

8. Perform decryption and encryption using RSA algorithm with p=3 q=11 e=7 and N=5.(Nov-

2007)

Phi(n)=(p-1)(q-1)

=2(10)=20

E=7

Page 20: cns final

D=3

PU={7,33}

C=57 mod 33=14

M=143 mod 33=5

9. Draw the general structure of DES and explain the encryption decryption process(10).(May-

2009)

DES Encryption Overview

10. Mention the strengths and weakness of DES algorithm. (6)(May-2009)

Strength of DES – Key Size

56-bit keys have 256 = 7.2 x 1016 values

brute force search looks hard

recent advances have shown is possible

◦ in 1997 on Internet in a few months

◦ in 1998 on dedicated h/w (EFF) in a few days

◦ in 1999 above combined in 22hrs!

still must be able to recognize plaintext

must now consider alternatives to DES

Strength of DES – Analytic Attacks

now have several analytic attacks on DES

these utilise some deep structure of the cipher

Page 21: cns final

◦ by gathering information about encryptions

◦ can eventually recover some/all of the sub-key bits

◦ if necessary then exhaustively search for the rest

generally these are statistical attacks

include

◦ differential cryptanalysis

◦ linear cryptanalysis

◦ related key attacks

Weakness of DES

Prone to cryptanalysis attack.

Jerusalem College of Engineering

Department of Information Technology

Subject : IT2352-Cryptography and Network Security

Year/Sem :III/VI Name of the Faculty: X.Anita

UNIT-III

Part-A

1. List the properties a digital signature should possess?(Nov-2009)

It must verify the author , the date and time of the signature.

Page 22: cns final

It must authenticate the contents of time of the signature.

It must be verifiable by third parties to resolve disputes.

2. what are the functions used to produce an authenticator?(Nov-2009)

Messge authentication code, encryption algorithm, hash function.

3. Why the leading two octets of message digest are stored in PGP message along with

encrypted message digest?(May-2008)

Leading 2 octets of message digest is stored in PGP message is to enable the recipient to de-

termine if the correct public key was used to decrypt the message digest for authenticate.

4. State any two advantages of Oakley key determination protocol over Diffie Hellman key

exchange protocol.(May-2008)

It employs a mechanism known as to thwart logging attacks.

It authenticates the Diffie Hellman exchange to thwart man in the middle attck.

5. Define the one way property to be possessed by any hash function.(Nov-2008)

For any given h1, it is computational, infeasibility to find x such that H(x)= h. This is some-

times referred to in the literature as the one way property.

6. What is the purpose of Diffie-Hellman algorithm?(May-2007)

Purpose of Diffie Hellman is to enable two users to securely exchange a key that can be

used for subsequent encryption of message. The algorithm itself is limited to the exchange

of secret values.

7. Define man in the middle attack(May-2007)

Advercery intercept messages and then send its own fabricated message.

10. List design objectives for HMAC(May-2007)

To allow easy replaceability of the embedded hash function.

To preserve the original performance of the hash function without incoming a significant

Page 23: cns final

degradation.

11. What is MAC? (May-2007)

MAC is an alternate authentication technique that involves the use of a secret key to

generate a small fixed size block of data known as checksum or MAC that is appended

to the message.

12. What are the requirements for digital signature? (May-2007)

The signature must be a bit pattern that depends on the message being signed.

The signature must use information unique to the sender to prevent both forgery denial.

Must be relatively easy to produce the digital signature.

13. Define weak collision property of a hash function.

It must be computationally infeasible to find y not equal to x such that H(y)=H(x). This is re-

ferred to as weak collision property.

14. What is meant by message digest give example.

Hash function accepts a variable size message M as input and produces a fixed size output

called hash code. This hash is also called message digest or hash value.

Part-B

1. Apply the MAC on the cryptographic checksum method to authendicate build

confidentiality of the message where the authentication is tied to message M=8376,

K1=4892, K2=53624071. (10)(Nov-2009)

2. What are the properties a hash function must satisfy? (6) (Nov-2009)

can be applied to any sized message M

produces fixed-length output h

is easy to compute h=H(M) for any message M

given h is infeasible to find x s.t. H(x)=h

one-way property

Page 24: cns final

given x is infeasible to find y s.t. H(y)=H(x)

weak collision resistance

is infeasible to find any x,y s.t. H(y)=H(x)

strong collision resistance

3. Explain MD5 message digest algorithm, with its logic and compression function.(16) (Nov-

2009)

4. Explain the SHA-1 hashing function with an example. (8) (Nov-2010) (May-2009)

5. Consider any message M of length 4120 bits ending with “ABCDEF” in hexadecimal form.

Construct the last block of message to be given as input for the MD5 (May-2008)

6. Describe Digital Signature Algorithm and show how signing and verification is done using

DSS. (May-2008)

7. Explain the processing of message block of 512 bits using SHA1(8) (May-2008)

SHA-512 Overview

SHA-512 Compression Function

heart of the algorithm

processing message in 1024-bit blocks

consists of 80 rounds

Page 25: cns final

updating a 512-bit buffer

using a 64-bit value Wt derived from the current message block

and a round constant based on cube root of first 80 prime numbers

SHA-512 Round Function

64-bit word values Wt are derived from the 1024-bit message. The first 16 values of Wt are

taken directly from the 16 words of the current block. The remaining values are defined as a

function of the earlier values using ROTates, SHIFTs and XORs as shown. The function

elements are:

Page 26: cns final

∂0(x) = ROTR(x,1) XOR ROTR(x,8) XOR SHR(x,7)

∂1(x) = ROTR(x,19) XOR ROTR(x,61) XOR SHR(x,6).

8. What is the role of discrete logarithms in the Diffie-Hellman key exchange in exchanging

the secret key among two users? (8) (Nov-2008)

Discrete logarithms is used in key generation.

Diffie-Hellman Key Exchange:

a public-key distribution scheme

cannot be used to exchange an arbitrary message

rather it can establish a common key

known only to the two participants

value of key depends on the participants (and their private and public key information)

based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy

security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

Diffie-Hellman Key Setup:

all users agree on global parameters:

large prime integer or polynomial q

a being a primitive root mod q

each user (eg. A) generates their key

chooses a secret key (number): xA < q

compute their public key: yA = axA mod q

each user makes public that key yA

Page 27: cns final

Key Exchange:

9. What are Digital Signature Algorithms and show how signing and verification is done using

DSS. (8) (Nov-2008)

Digital Signature Algorithm (DSA)

creates a 320 bit signature

with 512-1024 bit security

smaller and faster than RSA

a digital signature scheme only

security depends on difficulty of computing discrete logarithms

Page 28: cns final

variant of ElGamal & Schnorr schemes

Key Generation

10. Explain how birthday attack is done. (8) (Nov-2008)

might think a 64-bit hash is secure

but by Birthday Paradox is not

birthday attack works thus:

o opponent generates 2m/2 variations of a valid message all with essentially the

same meaning

o opponent also generates 2m/2 variations of a desired fraudulent message

Page 29: cns final

o two sets of messages are compared to find pair with same hash (probability >

0.5 by birthday paradox)

o have user sign the valid message, then substitute the forgery which will have

a valid signature

conclusion is that need to use larger MAC/hash

11. What is the use of authentication protocols? (4) (May-2007)

Authentication protocols are used mainly in digital signature

Mutual authentication:

Such protocols enable communication parties to satisfy themselves mutually

about each, this identity V to exchange session keys.

One way authentication:

One application for which encryption is grouping in popularity is email.

12. Users A and B use the Diffie Hellman key exchange technique a common prime q=11 and a

primitive root alpha=7. (May-2009)

(i) If user A has private key XA =3 what is A’s public key YA?

(ii) If user B has private key XB =6 what is B’s public key YB?

(ii) What is the shared secret key? Also write the algorithm.(4)

(iv)How man in middle attack can be performed in Diffie Hellman algorithm

XA=3

YA=73 mod 11

YA=2

XB=6

YB=76 mod 11

YB=4

Jerusalem College of Engineering

Department of Information Technology

Subject : IT2352-Cryptography and Network Security

Page 30: cns final

Year/Sem :III/VI Name of the Faculty: X.Anita

Unit-IV

Part-A

1. Mention the scenario where kerberos scheme is prefered(Nov-2009)

Kerberos is an authentication service designed for use in a distributed. Kerberos makes use

of a trusted third party authentication service that enables clients and servers to establish

authenticated communication.

A user may gain access to a particular workstation and pretend to be another user operating

from that workstation. A user may alter the network address of a workstation so that the

requests sent from the altered workstation appear to come from the impersonated

workstation.

2. What are the technical deficiencies in the kerberos version 4 protocol? (Nov-2009)

Double encryption, PCBC encryption, Session keys, Password attcaks

3. State the services provided by IPSec. (Nov-2010)

Access control, connectionless integrity, data origin authentication, rejection of replayed

packets, confidentiality, limited traffic flow confidentiality.

4. Differentiate SSL connection from SSL session(Nov-2010)

5. What is the role of Ticket Granting Server in inter realm operations of Kerberos? (May-

2007)

To solve additional problems we introduce a scheme for avoiding plaintext password and a

new server known as the ticket granting server. The new service TGS issues tickets to users

who have been authenticated to AS. Thus the user first requests a ticket-granting ticket from

the AS.

6. Why the leading two octets of message digest are stored in PGP message along with the

encrypted message digest? (May-2008)

PGP uses existing cryptographic algorithms. PGP is based on RSA, MD5 and IDEA. PGP

also support text compression , secrecy and digital signatures and also provide efficiency

key management.

7. Give the Kerberos simple dialogue(May-2007)

The problem that Kerberos addresses is an open distributed environment in which users at

workstations work to access services on servers distributed throughout network.

8. Give IPSEC ESP FORMAT. (Nov-2007)

Page 31: cns final

Padding field is added to the ESP to provide partial traffic flow confidentiality by concealing

the actual length of the payload.

9. What are the security options PGP allows when sending an email message? (May-2009)

E-mail compatibility-Radix 64 conversion

To provide transparency for email application-an encrypted message may be converted to

an ASCII string using radix 64 conversion.

10. How IPSec does offers the authentication and confidentiality

services? (May-2009)

Reserved, SPI, Sequence number, Authentication data.

11. Define S/MIME?

S/MIME is a security enhancement to the MIME internet format based on technology from

RS data security. It is ability to sign and/or encrypt meaasges.

12. Draw the diagram for PGP message transmission reception?

Page 32: cns final

13. What is the general format for PGP message?

Page 33: cns final

13. Give the application of IP security?

Provide secure communication across private and public LAN.

Secure remote access ovet theInternet.

14. List the steps involved in SSL record protocol?

Fragmentation, compression, MAC, encryption, appending SSL record header.

15. What is X.509 standard?(Nov-2007)

Defines a framework for the provision of authentication services by the X.500 directory to

its users. Based on the use of public-key cryptiography and digital signature.

Part-B

1. Explain X.509 authentication servise and its certificates(16) (Nov-2009)

X.509 Authentication Service:

part of CCITT X.500 directory service standards

distributed servers maintaining user info database

defines framework for authentication services

directory may store public-key certificates

with public key of user signed by certification authority

also defines authentication protocols

uses public-key crypto & digital signatures

algorithms not standardised, but RSA recommended

X.509 certificates are widely used

X.509 Certificates:

issued by a Certification Authority (CA), containing:

version (1, 2, or 3)

serial number (unique within CA) identifying certificate

signature algorithm identifier

Page 34: cns final

issuer X.500 name (CA)

period of validity (from - to dates)

subject X.500 name (name of owner)

subject public-key info (algorithm, parameters, key)

issuer unique identifier (v2+)

subject unique identifier (v2+)

extension fields (v3)

signature (of hash of all fields in certificate)

notation CA<<A>> denotes certificate for A signed by CA

X.509 Format:

CA Hierarchy:

Page 35: cns final

2. Explain the services of PGP(12) (Nov-2009) (Nov-2010)

Pretty Good Privacy (PGP):

Operation

Authenticatoin:

o sender creates message

o use SHA-1 to generate 160-bit hash of message

o signed hash with RSA using sender's private key, and is attached to message

o receiver uses RSA with sender's public key to decrypt and recover hash code

o receiver verifies received message using hash of it and compares with decrypted

hash code

Confidentiality:

o sender generates message and 128-bit random number as session key for it

o encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key

o session key encrypted using RSA with recipient's public key, & attached to msg

Page 36: cns final

o receiver uses RSA with private key to decrypt and recover session key

o session key is used to decrypt message

Confidentiality & Authentication:

can use both services on same message

create signature & attach to message

encrypt both message & signature

attach RSA/ElGamal encrypted session key

Compression:

by default PGP compresses message after signing but before encrypting

so can store uncompressed message & signature for later verification

& because compression is non deterministic

uses ZIP compression algorithm

Email Compatibility:

when using PGP will have binary data to send (encrypted message etc)

however email was designed only for text

hence PGP must encode raw binary data into printable ASCII characters

uses radix-64 algorithm

maps 3 bytes to 4 printable chars

also appends a CRC

PGP also segments messages if too big

Summary:

Page 37: cns final

3. Write down the functions provided by S/MIME(4) (Nov-2009)

S/MIME (Secure/Multipurpose Internet Mail Extensions):

security enhancement to MIME email

original Internet RFC822 email was text only

MIME provided support for varying content types and multi-part messages

with encoding of binary data to textual form

S/MIME added security enhancements

have S/MIME support in many mail agents

eg MS Outlook, Mozilla, Mac Mail etc

S/MIME Functions:

enveloped data

encrypted content and associated keys

signed data

encoded message + signed digest

clear-signed data

cleartext message + encoded signed digest

signed & enveloped data

nesting of signed & encrypted entities

S/MIME Cryptographic Algorithms:

digital signatures: DSS & RSA

hash functions: SHA-1 & MD5

session key encryption: ElGamal & RSA

message encryption: AES, Triple-DES, RC2/40 and others

MAC: HMAC with SHA-1

have process to decide which algs to use

S/MIME Messages:

S/MIME secures a MIME entity with a signature, encryption, or both

forming a MIME wrapped PKCS object

have a range of content-types:

enveloped data

signed data

clear-signed data

registration request

certificate only message

S/MIME Certificate Processing:

Page 38: cns final

S/MIME uses X.509 v3 certificates

managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust

each client has a list of trusted CA’s certs

and own public/private key pairs & certs

certificates must be signed by trusted CA’s

4. How does Kerberos authenticate services from any servers? (8) (Nov-2010)

Kerberos Requirements:

its first report identified requirements as:

secure

reliable

transparent

scalable

implemented using an authentication protocol based on Needham-Schroeder

Kerberos v4 Overview:

a basic third-party authentication scheme

have an Authentication Server (AS)

users initially negotiate with AS to identify self

AS provides a non-corruptible authentication credential (ticket granting ticket TGT)

have a Ticket Granting server (TGS)

users subsequently request access to other services from TGS on basis of users TGT

Kerberos v4 Dialogue:

o obtain ticket granting ticket from AS

• once per session

o obtain service granting ticket from TGT

• for each distinct service required

o client/server exchange to obtain service

• on every service request

Kerberos Realms:

a Kerberos environment consists of:

a Kerberos server

a number of clients, all registered with server

application servers, sharing keys with server

this is termed a realm

typically a single administrative domain

Page 39: cns final

if have multiple realms, their Kerberos servers must share keys and trust

5. What are the basic requirements expexted from SET? What is the role of Dual signatures

in meeting the requirements ? (8) (Nov-2010)

Secure Electronic Transactions (SET):

open encryption & security specification

to protect Internet credit card transactions

developed in 1996 by Mastercard, Visa etc

not a payment system

rather a set of security protocols & formats

secure communications amongst parties

trust from use of X.509v3 certificates

privacy by restricted info to those who need it

SET Components:

Page 40: cns final

SET Transaction:

o customer opens account

o customer receives a certificate

o merchants have their own certificates

o customer places an order

o merchant is verified

o order and payment are sent

o merchant requests payment authorization

o merchant confirms order

o merchant provides goods or service

o merchant requests payment

Dual Signature:

customer creates dual messages

order information (OI) for merchant

payment information (PI) for bank

neither party needs details of other

but must know they are linked

use a dual signature for this

signed concatenated hashes of OI & PI

DS=E(PRc, [H(H(PI)||H(OI))])

SET Purchase Request:

SET purchase request exchange consists of four messages

Page 41: cns final

o Initiate Request - get certificates

o Initiate Response - signed response

o Purchase Request - of OI & PI

o Purchase Response - ack order

Purchase Request – Customer:

Purchase Request – Merchant:

Page 42: cns final

Payment Gateway Authorization:

o verifies all certificates

o decrypts digital envelope of authorization block to obtain symmetric key & then decrypts

authorization block

o verifies merchant's signature on authorization block

o decrypts digital envelope of payment block to obtain symmetric key & then decrypts

payment block

o verifies dual signature on payment block

o verifies that transaction ID received from merchant matches that in PI received (indirectly)

from customer

o requests & receives an authorization from issuer

o sends authorization response back to merchant

Payment Capture:

merchant sends payment gateway a payment capture request

gateway checks request

then causes funds to be transferred to merchants account

notifies merchant using capture response

6. Illustrate the implementations of IPSec(8) (Nov-2010)

o general IP Security mechanisms

o provides

o authentication

o confidentiality

o key management

o applicable to use over LANs, across public & private WANs, & for the Internet

IPSec Uses:

Page 43: cns final

Benefits of IPSec:

in a firewall/router provides strong security to all traffic crossing the perimeter

in a firewall/router is resistant to bypass

is below transport layer, hence transparent to applications

can be transparent to end users

can provide security for individual users

secures routing architecture

IPSec Services:

Access control

Connectionless integrity

Data origin authentication

Rejection of replayed packets

a form of partial sequence integrity

Confidentiality (encryption)

Limited traffic flow confidentiality

Security Associations:

a one-way relationship between sender & receiver that affords security for traffic flow

defined by 3 parameters:

Security Parameters Index (SPI)

IP Destination Address

Page 44: cns final

Security Protocol Identifier

has a number of other parameters

seq no, AH & EH info, lifetime etc

have a database of Security Associations

Authentication Header (AH):

provides support for data integrity & authentication of IP packets

end system/router can authenticate user/app

prevents address spoofing attacks by tracking sequence numbers

based on use of a MAC

HMAC-MD5-96 or HMAC-SHA-1-96

parties must share a secret key

Transport & Tunnel Modes:

Page 45: cns final

Encapsulating Security Payload (ESP):

provides message content confidentiality & limited traffic flow confidentiality

can optionally provide the same authentication services as AH

supports range of ciphers, modes, padding

incl. DES, Triple-DES, RC5, IDEA, CAST etc

CBC & other modes

padding needed to fill blocksize, fields, for traffic flow

Encapsulating Security Payload:

Transport vs Tunnel Mode ESP:

transport mode is used to encrypt & optionally authenticate IP data

data protected but header left in clear

can do traffic analysis but is efficient

good for ESP host to host traffic

tunnel mode encrypts entire IP packet

add new header for next hop

good for VPNs, gateway to gateway security

7. Describe the SSL Specific protocol – Handshake action in detail. (10) (May-2009) (Nov-

2007)

SSL (Secure Socket Layer):

Handshake Protocol:

Page 46: cns final

allows server & client to:

authenticate each other

to negotiate encryption & MAC algorithms

to negotiate cryptographic keys to be used

comprises a series of messages in phases

Establish Security Capabilities

Server Authentication and Key Exchange

Client Authentication and Key Exchange

Finish

Handshake Protocol action:

Page 47: cns final

Jerusalem College of Engineering

Department of Information Technology

Subject : IT2352-Cryptography and Network Security

Year/Sem :III/VI Name of the Faculty: X.Anita

UNIT V

Part-A

1. How are the passwords stored in password file in UNIX operating system? (May-2008)

Page 48: cns final

2. List the classes of intruders(Nov-2009)

Masquerader, Misfeasor, Cladestine user

3. Give the type of viruses. (Nov-2009)

Parasitic virus, boot sector virus, stealth virus, polymorphic virus

4. Explain the term Baston Host. (Nov-2010)

It is a system identified by the firewall administrator as a critical strong point in the network

security. Typically the baston host serves as a platform for an application level or circuit

level gateway.

5. what is meant by polymorphic viruses? (May-2008)

A virus that mutates with every infection making detection by the signature of the virus

impossible.

6. What is firewall? (May-2007)

Firewall is a barrier through which the traffic going in each direction must pass. It may be

designed to operate as a filter at the level of IP packets or mayoperate at a higher protocol

layer.

7. What are honey pots. (Nov-2007)

Honey pots are designed to

Divert an attacker from accessing critical systems

Collect information about the attcker’s activity

Encourage the attacker to stay on the system long enough for administrators

Page 49: cns final

to respond.

8. List down the four phases of virus. (Nov-2007)

← * Dormant phase

← * Propagation phase

← * Triggering phase

← * Execution phase

9. What is IP address spoofing? (May-2009)

Pretending to have the identityof another computer.

11. What are the common technique used to protect a password file?

(May-2009)

← One way function

← Access control

12. What is application level gateway?

13. List the design goals of firewalls?

All traffic must pass through it

Only authorized traffic is allowed to pass

Firewall itself is immune to penetration

Page 50: cns final

Part-B

1. Explain firewall design principles, characteristics, and types of firewalls(12) (Nov-2009)

Firewall Limitations:

cannot protect from attacks bypassing it

eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH)

cannot protect against internal threats

eg disgruntled or colluding employees

cannot protect against transfer of all virus infected programs or files

because of huge range of O/S & file types

Packet Filters:

simplest, fastest firewall component

foundation of any firewall system

examine each IP packet (no context) and permit or deny according to rules

hence restrict access to services (ports)

possible default policies

that not expressly permitted is prohibited

that not expressly prohibited is permitted

Page 51: cns final

Attacks on Packet Filters:

IP address spoofing

fake source address to be trusted

add filters on router to block

source routing attacks

attacker sets a route other than default

block source routed packets

tiny fragment attacks

split header info over several tiny packets

either discard or reassemble before check

Stateful Packet Filters:

traditional packet filters do not examine higher layer context

ie matching return packets with outgoing flow

stateful packet filters address this need

they examine each IP packet in context

keep track of client-server sessions

check each packet validly belongs to one

hence are better able to detect bogus packets out of context

Application Level Gateway (or Proxy):

have application specific gateway / proxy

has full access to protocol

user requests service from proxy

proxy validates request as legal

then actions request and returns result to user

can log / audit traffic at application level

need separate proxies for each service

Page 52: cns final

some services naturally support proxying

others are more problematic

Circuit Level Gateway:

relays two TCP connections

imposes security by limiting which such connections are allowed

once created usually relays traffic without examining contents

typically used when trust internal users by allowing general outbound connections

SOCKS is commonly used

Bastion Host:

highly secure host system

runs circuit / application level gateways

or provides externally accessible services

potentially exposed to "hostile" elements

hence is secured to withstand this

hardened O/S, essential services, extra auth

Page 53: cns final

proxies small, secure, independent, non-privileged

may support 2 or more net connections

may be trusted to enforce policy of trusted separation between these net connections

Firewall Configurations:

Access Control:

given system has identified a user

determine what resources they can access

general model is that of access matrix with

subject - active entity (user, process)

Page 54: cns final

object - passive entity (file or resource)

access right – way object can be accessed

can decompose by

columns as access control lists

rows as capability tickets

2. Give the basic techniques which are in use for the password selection strategies(8) (Nov-

2009)

Managing Passwords:

Education:

can use policies and good user education

educate on importance of good passwords

give guidelines for good passwords

minimum length (>6)

require a mix of upper & lower case letters, numbers, punctuation

not dictionary words

but likely to be ignored by many users

Computer Generated:

let computer create passwords

if random likely not memorisable, so will be written down (sticky label syndrome)

even pronounceable not remembered

have history of poor user acceptance

FIPS PUB 181 one of best generators

has both description & sample code

generates words from concatenating random pronounceable syllables

Reactive Checking:

reactively run password guessing tools

note that good dictionaries exist for almost any language/interest group

cracked passwords are disabled

but is resource intensive

bad passwords are vulnerable till found

Proactive Checking:

most promising approach to improving password security

allow users to select own password

but have system verify it is acceptable

Page 55: cns final

simple rule enforcement (see earlier slide)

compare against dictionary of bad passwords

use algorithmic (markov model or bloom filter) to detect poor choices

3. Write down the four generations of antivirus software(8) (Nov-2009)

first-generation

scanner uses virus signature to identify virus

or change in length of programs

second-generation

uses heuristic rules to spot viral infection

or uses crypto hash of program to spot changes

third-generation

memory-resident programs identify virus by actions

fourth-generation

packages with a variety of antivirus techniques

eg scanning & activity traps, access-controls

4. How does a worm propagate? Illustrate with an example. (8) (Nov-2010)

replicating but not infecting program

typically spreads over a network

o cf Morris Internet Worm in 1988

o led to creation of CERTs

using users distributed privileges or by exploiting system vulnerabilities

widely used by hackers to create zombie PC's, subsequently used for further attacks,

esp DoS

major issue is lack of security of permanently connected systems, esp PC's

Worm Operation:

worm phases like those of viruses:

dormant

propagation

• search for other systems to infect

• establish connection to target remote system

• replicate self onto remote system

triggering

execution

Page 56: cns final

5. Explain any two approaches for intrusion detection.(8) (May-2009)

Approaches to Intrusion Detection:

statistical anomaly detection

threshold

profile based

rule-based detection

anomaly

penetration identification

6. Describe packet filtering router in detail. (8) (May-2009)

Packet Filters:

simplest, fastest firewall component

foundation of any firewall system

examine each IP packet (no context) and permit or deny according to rules

hence restrict access to services (ports)

possible default policies

that not expressly permitted is prohibited

that not expressly prohibited is permitted

Attacks on Packet Filters:

IP address spoofing

fake source address to be trusted

add filters on router to block

source routing attacks

attacker sets a route other than default

block source routed packets

Page 57: cns final

tiny fragment attacks

split header info over several tiny packets

either discard or reassemble before check