Top Banner
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be made to: Understand OSI security architecture and classical encryption techniques. Acquire fundamental knowledge on the concepts of finite fields and number theory. Understand various block cipher and stream cipher models. Describe the principles of public key cryptosystems, hash functions and digital signature. UNIT I INTRODUCTION & NUMBER THEORY 10 Services, Mechanisms and attacks-the OSI security architecture-Network security model- Classical Encryption techniques (Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields- Modular arithmetic- Euclid‟s algorithm-Finite fields- Polynomial Arithmetic Prime numbers- Fermat‟s and Euler‟s theorem- Testing for primality -The Chinese remainder theorem- Discrete logarithms. \ UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY 10 Data Encryption Standard-Block cipher principles-block cipher modes of operation- Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The RSA algorithm-Key management Diffie HellmanKeyexchange-Elliptic curve arithmetic-Elliptic curve cryptography. UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES 8 Authentication requirement Authentication function MAC Hash function Security of hash function and MAC MD5 SHA HMAC CMAC Digital signature and authentication protocols DSS EI Gamal Schnorr.
41

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Jul 11, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P

C

3 0 0

3

OBJECTIVES:

The student should be made to:

Understand OSI security architecture and classical encryption techniques.

Acquire fundamental knowledge on the concepts of finite fields and number theory.

Understand various block cipher and stream cipher models.

Describe the principles of public key cryptosystems, hash functions and digital signature.

UNIT I INTRODUCTION & NUMBER

THEORY 10

Services, Mechanisms and attacks-the OSI security architecture-Network security model-

Classical Encryption techniques (Symmetric cipher model, substitution techniques, transposition

techniques, steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields-

Modular arithmetic- Euclid‟s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers-

Fermat‟s and Euler‟s theorem- Testing for primality -The Chinese remainder theorem- Discrete

logarithms.

\

UNIT II BLOCK CIPHERS & PUBLIC KEY

CRYPTOGRAPHY 10

Data Encryption Standard-Block cipher principles-block cipher modes of operation-

Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key

cryptography: Principles of public key cryptosystems-The RSA algorithm-Key management –

Diffie HellmanKeyexchange-Elliptic curve arithmetic-Elliptic curve cryptography.

UNIT III HASH FUNCTIONS AND DIGITAL

SIGNATURES 8

Authentication requirement – Authentication function – MAC – Hash function – Security of

hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication

protocols – DSS – EI Gamal – Schnorr.

Page 2: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

UNIT IV SECURITY PRACTICE & SYSTEM

SECURITY 8

Authentication applications – Kerberos – X.509 Authentication services – Internet Firewalls for

Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall

designs – SET for E-Commerce Transactions. Intruder – Intrusion detection system – Virus and

related threats – Countermeasures – Firewalls design principles – Trusted systems – Practical

implementation of

cryptography and security.

UNIT V E-MAIL, IP & WEB

SECURITY 9

E-mail Security: Security Services for E-mail-attacks possible through E-mail – establishing

keys privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good

Privacy-S/MIME. IPSecurity: Overview of IPSec – IP and IPv6-Authentication Header-

Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE

Encoding). Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-

PKI as deployed by SSLAttacks fixed in v3- Exportability-Encoding-Secure Electronic

Transaction (SET).

TOTAL: 45

PERIODS

OUTCOMES:

Upon Completion of the course, the students should be able to:

Compare various Cryptographic Techniques

Design Secure applications

Inject secure coding in the developed applications

TEXT BOOKS:

1. William Stallings, Cryptography and Network Security, 6th Edition, Pearson Education,

March 2013. (UNIT I,II,III,IV).

2. Charlie Kaufman, Radia Perlman and Mike Speciner, “Network Security”, Prentice Hall

of India, 2002. (UNIT V).

REFERENCES:

1. Behrouz A. Ferouzan, “Cryptography & Network Security”, Tata Mc Graw Hill, 2007.

Page 3: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

2. Man Young Rhee, “Internet Security: Cryptographic Principles”, “Algorithms and

Protocols”, Wiley Publications, 2003.

3. Charles Pfleeger, “Security in Computing”, 4th Edition, Prentice Hall of India, 2006.

4. Ulysess Black, “Internet Security Protocols”, Pearson Education Asia, 2000.

5. Charlie Kaufman and Radia Perlman, Mike Speciner, “Network Security, Second

Edition, Private Communication in Public World”, PHI 2002.

6. Bruce Schneier and Neils Ferguson, “Practical Cryptography”, First Edition, Wiley

Dreamtech India Pvt Ltd, 2003.

7. Douglas R Simson “Cryptography – Theory and practice”, First Edition, CRC Press,

1995.

8. http://nptel.ac.in/.

COURSE OUTCOMES

At the end of course, students will have,

Course Outcome Statement

CO1 An ability to explain the basics of number theory and to compare various encryption

techniques.

CO2 An ability to summarize the functionality of public key cryptography.

CO3 An ability to apply various message authentication functions and secure algorithms.

CO4 An ability to demonstrate different types of security systems and applications.

CO5 An ability to analyze and compare different security mechanisms and services

UNIT I -INTRODUCTION & NUMBER THEORY

Services, Mechanisms and attacks-the OSI security architecture-Network security model-

Classical Encryption techniques (Symmetric cipher model, substitution techniques,

transposition techniques, steganography).FINITE FIELDS AND NUMBER THEORY:

Page 4: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Groups, Rings, Fields-Modular arithmetic- Euclid’s algorithm-Finite fields- Polynomial

Arithmetic –Prime numbers-Fermat’s and Euler’s theorem- Testing for primarily -The

Chinese remainder theorem- Discrete logarithms.

PART-A

1. What is Cryptology? (R)

Cryptology is the study of secure communications, which encompasses both

cryptography and cryptanalysis.

2. Define Cryptography. (R)

The branch of cryptology dealing with the design of algorithms for encryption and

decryption,

intended to ensure the secrecy and/or authenticity of messages.

3. Define Cryptanalysis. (R)

The branch of cryptology dealing with the breaking of a cipher to recover information, or

forging encrypted information that will be accepted as authentic.

4. What is Plain text? (U)

An original message is known as the plaintext (Readable format)

5. What is Cipher Text? (U)

Coded message is called the Cipher Text.(Unreadable format)

6. What is Key? (U)

A sequence of symbols that controls the operation of a cryptographic transformation. A

key is normally a string of bits used by a cryptographic algorithm to transform plain text into

cipher text or vice versa. The key should be the only part of the algorithm that it is necessary

to keep secret.

7. What is Symmetric Cryptography? (U)

Symmetric cryptography uses a single private key to both encrypt and decrypt data.

Examples:

AES/Rijndael ,Blowfish,CAST5,DES,IDEA,RC2,RC4,RC6,Serpent,Triple DES, Two

fish

8. What is Asymmetric Cryptography? (U)

Asymmetric cryptography or public-key cryptography is cryptography in which a pair of

keys is used to encrypt and decrypt a message .The keys used are public and private key.

Examples: RSA,DSA, PGP

Page 5: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

9. Define Stream cipher. (R)

Processes the input stream continuously and producing one element at a time.

Example: caeser cipher.

10. Define Block cipher. (R)

Processes the input one block of elements at a time producing an output block for each

input block.

Example: DES.

11. What is Passive attack? (U)

Monitoring the message during transmission.

Example: Interception

12. What is Active attack? (U)

Modification of data stream or creation of false data stream.

Example: Fabrication, Modification, and Interruption

13. Differentiate active and passive attacks. (AN) (April / May 2019)

Basis for

Comparison

Active Attack Passive Attack

Basic Active attack tries to change

the system resources or affect

their operation.

Passive attack tries to read or make use of

information from the system but does not

influence system resources.

Modification in

the information

Occurs does not take place

Harm to the

system

Always causes damage to the

system.

Do not cause any harm.

Threat to Integrity and availability Confidentiality

Attack awareness The entity (victim) gets

informed about the attack.

The entity is unaware of the attack.

Task performed

by the attacker

The transmission is captured

by physically controlling the

portion of a link.

Just need to observe the transmission.

Emphasis is on Detection Prevention

14. List the different Types of Ciphers. (R)

Shift Ciphers.

Affine Ciphers

Vigenere Cipher

Substitution Ciphers

Page 6: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Sherlock Holmes

Playfair and ADFGX Ciphers

Block ciphers

15. Write short notes Congruence. (R)

Let a, b, n be integers with n≠0. We say that a ≡ b (mod n), if a-b is a multiple of n.

16. Write short notes Chinese Remainder Theorem. (R)

Suppose gcd(m,n)=1.Given integers a and b, there exists exactly one solution x(mod mn)

to the simultaneous congruence x ≡ a(mod n) , x ≡ b(mod n).

17. Write short notes Modular Exponentiation. (R)

Modular exponentiation is of the form xa (mod n).

18. Write short notes Fermat’s Little Theorem. (R) (April/May 2017, Nov/Dec 2017)

If p is a prime and p does not divide a, then ap-1

≡ 1 (mod p)

19. Write short notes Euler’s Theorem. (R) (April/May 2018)

If gcd(a,n)=1, then aΦ(n)

≡ 1(mod n)

20. Define integrity and nonrepudiation. (R)

Integrity:

Service that ensures that only authorized person able to modify the message.

Nonrepudiation:

This service helps to prove that the person who denies the transaction is true or false.

21. Define confidentiality and authentication. (R)

Confidentiality:

It means how to maintain the secrecy of message. It ensures that the information in a

computer system and transmitted information are accessible only for reading by

authorized person.

Authentication:

It helps to prove that the source entity only has involved the transaction.

22. What is Discrete Logarithms? (R)

Discrete logarithms are fundamental to a number of public-key algorithms, including

Diffie Hellman key exchange and the digital signature algorithm.

Page 7: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

23. List the approaches of Computing Discrete Logarithms. (R)

Pohlig Hellman Algorithm

Baby-step Giant-step

Index calculus algorithm

24. Define security mechanism. (U)

It is process that is designed to detect prevent, recover from a security attack.

Example: Encryption algorithm, Digital signature, Authentication protocols.

25. Specify the four categories of security threads. (R)

Interruption

Interception

Modification

Fabrication

26. Differentiate active and passive attacks. (AN) (April / May 2016) (Nov/Dec 2016)

Passive Attack:

Monitoring the message during transmission.

Eg: Interception

Active attack:

It involves the modification of data stream or creation of false data stream.

E.g.: Fabrication, Modification, and Interruption

27. Differentiate symmetric and asymmetric encryption. (AN)

Symmetric Encryption:

It is a form of cryptosystem in which encryption and decryption performed using

the same key. Eg: DES, AES

Asymmetric Encryption:

It is a form of cryptosystem in which encryption and decryption performed using

two keys. Eg: RSA, ECC

28. Compare stream cipher with block cipher with example. (AN) (April/May 2016)

Stream Cipher:

Processes the input stream continuously and producing one element at a time.

Example: caeser cipher.

Block cipher:

Processes the input one block of elements at a time producing an output block for

each input block.

Example: DES.

29. Differentiate unconditionally secured and computationally secured. (AN)

Page 8: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

An Encryption Algorithm is unconditionally secured means that the condition is if the

cipher text generated by the encryption scheme doesn‟t contain enough information to

determine corresponding plaintext.

Encryption is computationally secured means,

1. The cost of breaking the cipher exceed the value of enough information.

2. Time required to break the cipher exceed the useful lifetime of information.

30. Define steganography. (R)

Hiding the message into some cover media. It conceals the existence of a message.

31. Why network need security? (U)

When systems are connected through the network, attacks are possible during

Transmission time.

32. Define Encryption. (R)

The process of converting from plaintext to cipher text.

33. Specify the components of encryption algorithm. (R) (April/May 2019)

1. Plaintext

2. Encryption algorithm

3. Secret key

4. Cipher text

5. Decryption algorithm

34. What are the design parameters of Feistel cipher network? (R)

Block size

Key size

Number of Rounds

Subkey generation algorithm

Round function

Fast software Encryption/Decryption

Ease of analysis

35. Define Product cipher. (R)

It means two or more basic cipher are combined and it produce the resultant cipher is

called the product cipher.

36. Explain Avalanche effect. (U)

A desirable property of any encryption algorithm is that a small change in either the

plaintext or the key produces a significant change in the ciphertext. In particular, a change in

one bit of the plaintext or one bit of the key should produce a change in many bits of the

Page 9: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

ciphertext. If the change is small, this might provider a way to reduce the size of the plaintext

or key space to be searched.

37. Give the five modes of operation of Block cipher. (R)

1. Electronic Codebook(ECB)

2. Cipher Block Chaining(CBC)

3. Cipher Feedback(CFB)

4. Output Feedback(OFB)

5. Counter(CTR)

38. State advantages of counter mode. (U)

1. Hardware Efficiency

2. Software Efficiency

3. Preprocessing

4. Random Access

5. Provable Security

6. Simplicity.

39. Define Diffusion & confusion. (R)

Diffusion:

It means each plaintext digits affect the values of many ciphertext digits which is

equivalent to each ciphertext digit is affected by many plaintext digits. It can be achieved by

performing permutation on the data. It is the relationship between the plaintext and ciphertext.

Confusion:

It can be achieved by substitution algorithm. It is the relationship between ciphertext and

key.

40. Define Multiple Encryption. (R)

It is a technique in which the encryption is used multiple times.

Example: Double DES, Triple DES

41. Specify the design criteria of block cipher. (U)

Number of rounds

Design of the function F

Key scheduling

42. Find gcd (1970, 1066) using Euclid's algorithm. (A) (Nov/Dec 2016)

Euclid’s Algorithm to find gcd(a,b):

GCD(a,b) = GCD(b, a mod b)

Euclid's Algorithm to compute GCD (a, b):

A=a, B=b

Page 10: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

while B>0

R = A mod B

A = B, B = R

return A

Therefore, gcd(1970, 1066) = gcd(1066, 1970 mod 1066) = gcd(1066, 904) = 904.

43. Determine GCD of (24140,16762) using Euclid's algorithm. (A) (April/May 2017)

Step 1. Divide the larger number by the smaller one:24,140 ÷ 16,762 = 1 + 7,378;

Step 2. Divide the smaller number by the above operation's remainder:16,762 ÷ 7,378 = 2

+ 2,006;

Step 3. Divide the remainder from the step 1 by the remainder from the step 2:7,378 ÷

2,006 = 3 + 1,360;

Step 4. Divide the remainder from the step 2 by the remainder from the step 3:2,006 ÷

1,360 = 1 + 646; Step 5. Divide the remainder from the step 3 by the remainder from the

step 4:1,360 ÷ 646 = 2 + 68; Step 6. Divide the remainder from the step 4 by the

remainder from the step 5:646 ÷ 68 = 9 + 34;

Step 7. Divide the remainder from the step 5 by the remainder from the step 6:68 ÷ 34 = 2

+ 0; At this step, the remainder is zero, so we stop:

34 is the number we were looking for, the last remainder that is not zero.

This is the greatest common factor (divisor).

Greatest (highest) common factor (divisor)

gcf, gcd (24,140; 16,762) = 34 = 2 × 17;

44. Why is asymmetric cryptography bad for huge data? Specify the reason.

(U) (April/May 2018)

There are two main reasons why asymmetric cryptography is practically never used to

directly

encrypt significant amount of data:

1) Size of cryptogram

2) Performance

45. Calculate the cipher test for the following using one time pad cipher. (A) (Nov/Dec

2018)

Plain Text: ROCK Keyword: BOTS

17 (R) 14 (O) 2 (C) 10 (K) -> Plain Text

1 (B) 14 (O) 19 (T) 18 (S) -> Key

18 28 21 28 -> Plain Text + Key

18 (S) 2 (C) 21 (V) 2 (C) -> (Plain Text+Key) mod 26

Cipher Text: SCVC

Page 11: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

PART-B

1. What are the different types of attacks? Explain. (8) (U) (Dec - 2013)

2. Explain the OSI security architecture along with the services available. (R) (Nov/Dec 2009)

3. (i) Explain OSI Security Architecture model with neat diagram.(8) (R)

(ii) Describe the various security mechanisms. (8)(U) (Nov/Dec 2016)

4. Explain the network security model and its important parameters with a neat block diagram.

(April/May 2019)

5. With a neat structure of classical Feistel network, indicate the parameters and design features

which are essential for the exact realization of the network. (U) (May/June 2007)

6. Discuss any four substitution cipher encryption methods and list their merits and demerits.

(U)

(May/June 2008) (May/June 2014)(April/May

2016)

7. Explain any all types of cipher techniques in detail. (U) (June 2012) (Dec 2012)

8. Discuss the classical cryptosystem and its types. (U) (May 2011) (June 2013)

9. Explain the play fair cipher with an example. (U) (Nov/Dec 2009)

10. Solve using playfair cipher method. Encrypt the word “Semester Result” with the keyword

“Examination”. Discuss the rules to be followed. (A) (April/May 2019)

11. Discuss briefly about differential and linear cryptanalysis. (U) (May/June 2010)

12. Explain placement of encryption function. (U)

13. Discuss briefly about traffic confidentiality. (U)

14. Perform Encryption and Decryption using Hill Cipher for the following Message: PEN and

Key: ACTIVATED (A) (Nov/Dec 2018)

15. Explain classical encryption techniques with symmetric cipher and Hill cipher model.

(U) (April/May 2018)

16. (i) Whatis steganography? Describe the various techniques used in steganography. (7)

(ii) What is monoalphabetic cipher? Examine how it differs from Caesar cipher. (6)

(April/May 2019)

17. Solve gcd(98,56) using Extended Euclidean Algorithm. Write the algorithm also. (A)

(Nov/Dec 2018)

18. Explain Fermat‟s & Euler‟s theorem. (U)

(Dec 2012) (June 2013) (Dec - 2013) (April/May 2016)

19. Find 3 21

mod 11 using fermat‟s theorem.(6) (A) (Dec - 2013)

20. Describe LFSR & finite field with their application in cryptography. (16) (U) (June – 2014)

21. Explain Discrete logarithms in detail. (U)

Page 12: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

22. Explain Euler‟s & Chinese Remainder theorem. (U) (May 2011)(June 2012) (Dec - 2013)

23. How is discrete logarithm evaluated for a number? What is the role of discrete logarithms in

the Diffie Hellman key exchange in exchanging the secret key among two users? (E)

(May/June

2008)

24. (a) State Chinese Remainder theorem and find X for the given set of congruent

equations

using CRT. (8) (A)

X = 2(mod 3)

X = 3(mod 5)

X = 2(mod 7).

(b) State and prove Fermat's theorem. (8) (U) (Nov/Dec 2016)

25. State Chinese Remainder theorem and find X for the given set of congruent equations

using CRT. (8) (A) (April/May 2017)

X = 1(mod 5)

X = 2(mod 7)

X = 3(mod 9)

X = 4(mod 11)

26. Describe (U) (April/May 2017)

i. Play Fair Cipher

ii. Railfence Cipher

iii. Vignere Cipher

Encrypt the following using play fair cipher using the keyword MONARCHY.”SWARAJ

IS MY BIRTH RIGHT”. Use X for blank spaces. (A) (Nov/Dec 2017)

27. Discuss the properties that are to be satisfied by Groups, Rings and Fields. (U)

(Nov/Dec

2017)

28. State and prove the Chinese remainder Theorem. What are the last two digits of 4919

?

(A)

(April/May 2018)

UNIT II - BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY

Data Encryption Standard-Block cipher principles-block cipher modes of operation-

Advanced Encryption Standard (AES)- Triple DES-Blowfish-RC5 algorithm. Public key

cryptography: Principles of public key cryptosystems-The RSA algorithm-Key

management - Diffie Hellman Key exchange- Elliptic curve arithmetic-Elliptic curve

cryptography.

Page 13: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

PART A

1. What is the difference between differential and linear cryptanalysis? (A)

In differential cryptanalysis, it breaks the DES in less 255 complexities. In cryptanalysis,

it

finds the DES key given 247 plaintexts.

2. Define product cipher. (R)

Product cipher performs two or more basic ciphers in sequence in such a way that the

final result or product is crypto logically stronger than any of the component ciphers.

3. What was the original set of criteria used by NIST to evaluate candidate AES cipher?

(R)

The original set of criteria used by NIST to evaluate candidate AES cipher was:

Security

Actual Security

Randomness

Soundness

Other security factors

Cost

Licensing Requirements

Computational Efficiency

Memory Requirements

Algorithm And Implementation Characteristics

Flexibility

Hardware and software suitability

Simplicity

4. What was the final set of criteria used by NIST to evaluate candidate AES ciphers? (R)

The final set of criteria used by NIST to evaluate candidate AES ciphers are:

General Security

Software Implementations

Restricted-Space Environments

Hardware Implementations

Attacks On Implementations

Encryption vs. Decryption

Key Agility

Other Versatility and Flexibility

Potential for Instruction-Level Parallelism

Page 14: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

5. What is Power Analysis? (R)

Power Analysis is the power consumed by the smart card at any particular time during

the cryptographic operation is related to the instruction being executed and to the data being

processed. Example: Multiplication consumes more power than addition and writing 1s

consumes more power than writing 0s.

6. What is the purpose of the State Array? (U)

A single 128-bit block is depicted as a square matrix of bytes. This block is copied into

the State array, which is modified at each stage of encryption or decryption. After the final stage,

State is copied to an output matrix.

7. How is the S-box constructed? (U)

The S-box is constructed in the following fashion:

Initialize the S-box with the byte values in ascending sequence row by row.

The first row contains {00}, {01}, {02}, ……….., {0F};

The second row contains {10},{11},etc; and so on. Thus, the value of the byte at row x,

column y is {x y}.

Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the

value {00} is mapped to itself.

Consider that each byte in the S-box consists of 8 bits labeled (b7, b6, b5, b4, b3, b2, b1,

b0).

Apply the transformation to each bit of each byte in the S-box.

8. Briefly describe Sub Bytes. (U)

Sub byte uses an S-box to perform a byte-by-byte substitution of the block. The left most

4 bits of the byte are used as row value and the rightmost 4 bits are used as a column value.

These row and column values serve as indexes into the S-box to select a unique 8-bit value.

9. Briefly describe Shift Rows. (U)

In shift row, a row shift moves an individual byte from one column to another, which is a

linear distance of a multiple of 4 bytes. In Forward Shift Row, each row perform circular left

shift. Second Row a 1-byte circular left shift is performed. Third Row a 2-byte circular left shift

is performed. For the Fourth Row a 3-byte circular left shift is performed. In Inverse Shift Row,

each row perform circular right shift.

10. How many bytes in State are affected by Shift Rows?(R)

Totally 6-bytes in state are affected by Shift Rows.

11. Briefly describe Mix Columns. (U)

Page 15: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Mix Column is substitution that makes use of arithmetic over GF(28).Mix Column

operates on each column individually. Each byte of a column is mapped into a new value that is

a function of all four bytes in the column. The Mix Column Transformation combined with the

shift row transformation ensures that after a few rounds, all output bits depend on all input bits.

12. Briefly describe Add Round Key. (U)

In Add Round Key, the 128 bits of State are bit wise XORed with the 128 bits of the

round key. The operation is viewed as a column wise operation between the 4 bytes of a State

column and one word of the round key; it can also be viewed as a byte-level operation. The Add

Round Key transformation is as simple as possible and affects every bit of State.

13. Briefly describe the Key Expansion Algorithm. (U)

The AES key expansion algorithm takes as input a 4-word (16-byte) key and produces a

linear array of 44 words(156 bytes). This is sufficient to provide a 4-word round key for the

initial Add Round Key stage and each of the 10 rounds of the cipher.

14. What is the difference between Sub Bytes and Sub Word? (AN)

Sub Bytes:

Sub Bytes uses an S-box to perform a byte-by-byte substitution of the block.

Sub Word:

Sub Word performs a byte substitution on each byte of its input word, using the S-

box.

15. What is the difference between Shift Rows and Rot Word? (AN)

Shift Rows: Shift Row is simple permutation. It shifts the rows circularly left or right.

Rot Word: Rot word performs a one-byte circular left shift on a word. This means that

an input word [b0,b1,b2,b3] is transformed into [b1,b2,b3,b0].

16. Why do some block cipher modes of operation only use encryption while others use

both

encryption and decryption? (AN)

Some block cipher modes of operation only use encryption because the input is set to

some initialization vector and the leftmost bits of the output of the encryption function are

„XOR‟ed with the first segment of plain text p1 to produce the first unit of cipher text C1 and it

is transmitted. While in decryption, the cipher text is XORed with the output of the encryption

function to produce the plain text.

17. What is triple encryption? (U)

Tuchman proposed a triple encryption method that uses only two keys [TUCH79]. The

function follows an encrypt – decrypt – encrypt (EDE) sequence. C=Ek1 [Dk2[Ek1[P]]] There is

no cryptographic significance to the use of decryption for the second stage. Its only advantage is

Page 16: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

that it allows users of 3DES to decrypt data encrypted by users of the older single DES:

C=Ek1[Dk2[Ek1[P]]] = Ek1[P].

18. What is a meet-in-the-middle attack? (U)

Meet-in-the-middle attack, was first described in [DIFF77]. It is based on the observation

that, if we have C=Ek2[Ek1[P]] Then X=Ek1[P]=Dk2[C].

Given a known pair, (P,C), the attack proceeds as follows. First, encrypt P for all 256

possible values of K1. Store these results in a table and then sort the table by the values of X.

Next, decrypt C using all 256 possible values of K2. As each decryption is produced, check the

result against the table for a match. If a match occurs, then test the two resulting keys against a

new known plaintext-ciphertext pair. If the two keys produce the correct ciphertext, accept them

as the correct keys.

19. How many keys are used in triple encryption? (R)

Tuchman proposed a triple encryption method that uses only two keys [TUCH79].

20. List the parameters (block size, key size, number of rounds)for three AES versions. (R)

(April/May 2018)

Version Number of

rounds

Number of

round keys

AES-128 10 11

AES-192 12 13

AES-256 14 15

21. Compare DES and AES. (AN) (Nov/Dec 2018)

AES DES

AES stands for Advanced Encryption Standard DES stands for Data Encryption

Standard

Key length can be of 128-bits, 192-bits and

256-bits.

Key length is 56 bits in DES.

Number of rounds depends on key length :

10(128-bits), 12(192-bits) or 14(256-bits)

DES involves 16 rounds of identical

operations

The structure is based on substitution-

permutation network.

The structure is based in feistal network.

AES is more secure than the DES cipher and is

the de facto world standard.

DES can be broken easily as it has

known vulnerabilities. 3DES(Triple

DES) is a variation of DES which is

secure than the usual DES.

The rounds in AES are : Byte Substitution,

Shift Row, Mix Column and Key Addition

The rounds in DES are : Expansion,

XOR operation with round key,

Page 17: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Substitution and Permutation

AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.

AES cipher is derived from square cipher. DES cipher is derived from Lucifer

cipher.

AES was designed by Vincent Rijmen and

Joan Daemen.

DES was designed by IBM.

No known crypt-analytical attacks against AES

but side channel attacks against AES

implementations possible. Biclique attack have

better complexity than brute-force but still

ineffective.

Known attacks against DES include :

Brute-force, Linear crypt-analysis and

Differential crypt-analysis.

22. Brief the strengths of triple DES. (U) (Nov/Dec 2016)

Triple DES provides a relatively simple method of increasing the key size of DES to

protect

against such attacks, without the need to design a completely new block cipher algorithm.

23. What is the key size for Blowfish? (R)

Blowfish makes use of a key that ranges from 32 bits to 448 bits (one to fourteen 32-bit

words). That key is used to generate 18 32-bit subkeys and four 8*32 S-boxes containing a total

of 1024 32-bit entries. The total is 1042 32-bit values, or 4168 bytes.

24. What are the primitive operations used in Blowfish? (R)

Blowfish uses two primitive operations:

Addition: Addition of words, denoted by +, is performed modulo 232.

Bit wise exclusive-OR:

25. What are the common mathematical constants used in RC5? (R)

W :Word size in bits. RC5 encrypts 2-word blocks. 16, 32,64 r: Number of rounds.

0,1,….,255 B Number of 8-bit bytes (octets) in the secret key K. 0,1,….,255

26. List out the primitive operations used in RC5. (R)

RC5 uses three primitive operations (and their inverse):

Addition: Addition of words, denoted by +, is performed modulo 2w. The inverse

operation, denoted by -, is subtraction modulo 2w.

Bitwise exclusive-OR:

Left cicular rotation: The cyclic rotation of word x left by y bits is denoted by

x<<<y. The inverse is the right circular rotation of word x by y bits, denoted by

x>>>y.

27. List the important design considerations for a stream cipher. (R)

The encryption sequence should have a large period. The key stream should approximate

the properties of a true random number stream as close as possible. The output of the

pseudorandom number generator is conditioned on the value of the input key.

Page 18: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

28. Why is it not desirable to reuse a stream cipher key? (AN)

If two plaintexts are encrypted with the same key using a stream cipher then cryptanalysis

is often quite simple. If the two cipher text streams are „XOR‟ed together the result is the XOR

of the original plaintexts. So it is not desirable to reuse a stream cipher key.

29. What is the primitive operation used in RC4? (R)

The primitive operation used in RC4 is bit wise Exclusive-OR (XOR) operation.

30. What are the primitive operations used in RC5? (R) (April/May 2019)

RC5 uses three primitive operations (and their inverse):

• Addition: Addition of words, denoted by +, is performed modulo 2w. The inverse operation,

denoted by -, is subtraction modulo 2w.

• Bitwise exclusive-OR: This operation is denoted by “⊕”.

• Left circular rotation: The cyclic rotation of word x left by y bits is denoted by x<<<y. The

inverse is the right circular rotation of word x by y bits, denoted by x>>>y.

31. Give the applications of the public key cryptosystem. (U) (April/May 2019)

Public Key Cryptography is used in a number of applications and systems software. Some

examples of application of cryptography are:

• Digitally signed document

• E-mail encryption software such as PGP and MIME

• RFC 3161 authenticated timestamps

• Digital signatures in the Operating System software such as Ubuntu, Red Hat Linux

packages distribution

• SSL protocol

• SSH protocol

32. Define RSA. (R)

RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an

algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing

as well as encryption, and was one of the first great advances in public key cryptography.

33. List the four possible approaches to attack the RSA Algorithm. (R)

1. Brute Force

2. Mathematical Attacks

3. Timing attacks

4. Chosen Cipher text attacks

34. Why is trap door one way function used? (AN) (Nov/Dec 2018)

A trapdoor one way function is a function that is easy to compute in one direction, yet

difficult to compute in the opposite direction (finding its inverse) without special information,

Page 19: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

called the "trapdoor". Trapdoor functions are widely used in cryptography.

35. What is an elliptic curve? (R) (Nov/Dec 2016)

An elliptic curve will simply be the set of points described by the equation: y2=x3+ax+b

36. State the difference between private key and public key algorithm. (R) (April/May

2017)

S.NO Private Key/ Symmetric Encryption Public Key/ Asymmetric Encryption

1 Symmetric encryption incorporates only

one key for encryption as well as

decryption.

Asymmetric Encryption consists of two

cryptographic keys. These keys are regarded as

Public Key and Private Key.

2 Symmetric encryption is a simple

technique compared to asymmetric

encryption as only one key is employed

to carry out both the operations.

Contribution from separate keys for encryption

and decryption makes it a rather complex

process.

37. Give the five modes of operation of block cipher. ( R ) (April/May 2017)

1. Electronic Code Book (ECB)

2. Cipher Block Chaining (CBC)

3. Cipher Feedback (CFB)

4. Output Feedback (OFB)

5. Counter (CTR)

38. Perform encryption for the plain text M=88 using the RSA algorithm p=17, q=11 and

the public component e=7.(A) (Nov/Dec 2017)

p = 17, q = 11, n=p * q = 187, Φ(n) = (p-1)(q-1)=160 e=7

Encryption:

C = 887mod 187 = 11

Decryption:

M = 1123

mod 187 = 88

39. Give the significance of hierarchical key control. (AN) ( Nov/Dec 2017)

Hierarchies of KDC‟s (Key Distribution Control) required for large networks. A single KDC may be responsible for a small number of users since it shares the master keys of all the

entities attached to it . If two entities in different domains want to communicate, local KDCs

communicate through a global KDC.

40. Perform encryption and decryption using RSA algorithm for the following:

p = 7; q = 11; e = 17; M= 8 (A) (April/May 2018)

n = p * q = 7 * 11 = 77

f(n) = (p-1) * (q-1) = 6 * 10 = 60

Now, we need to compute d = e-1

mod f(n) by using backward substitution of GCD

algorithm:

Page 20: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

According to GCD:

60 = 17 * 3 + 9

17 = 9 * 1 + 8

9 = 8 * 1 + 1

8 = 1 * 8 + 0

Therefore, we have:

1 = 9 – 8

= 9 – (17 – 9)

= 9 – (17 – (60 – 17 * 3))

= 60 – 17*3 – (17 – 60 + 17*3)

= 60 – 17 *3 + 60 – 17*4

= 60*2 – 17*7

Hence, we get d = e-1

mod f(n) = e-1

mod 60 = -7 mod 60 = (53-60) mod 60 = 53

So, the public key is {17, 77} and the private key is {53, 77}, RSA encryption and

decryption is following:

PART-B

1. Discuss in detail the different ways of distribution of public keys. (U) (Nov/Dec 2007)

2. Describe the block cipher modes of operation in detail. (U)

3. Discuss the block cipher modes of operation and give the advantages and disadvantages. (U)

(May/June 2009, May/June 2010)

4. Explain AES algorithm with all its round functions in detail. (16) (U) (Nov/Dec 2016)

(April/May 2018)

5. Explain in detail the transformation takes place in AES encryption procedure. (E)

(Nov/Dec 2009)

6. Discuss about AES Cipher. (U) (May/June 2010)

7. (i) Describe in detail the key generation in AES algorithm and its expansion format. (7) (U)

(ii) Describe triple DSE and its applications. (6) (U) (April/May 2019)

8. Explain in detail about DES. (U) (June 2013) (Dec 2012) (April / May 2016)

(April / May 2017)

9. Explain about the single round DES algorithm. (10) (U) (May 2011) (June – 2014)

817

Mod 77= 57

Encryption

5753

Mod 77 = 8

Decryption

Plaintext

PU= (17, 77)

ciphertext

Plaintext

8

PR= (53, 77)

Page 21: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

10. Describe key discarding process of DES. (6) (U) (May 2011)

11. Draw the general structure of DES and explain the encryption decryption process. (U)

(May/June 2009)

12. Mention the strengths and weakness of DES algorithm. (AN) ( May/June 2009)

13. For each of the following elements of DES, indicate the comparable element in AES if

available. (A) (Nov/Dec 2017)

(i) XOR of subkey material with the input to the function.

(ii) F function.

(iii)Permutation p.

(iv) Swapping of halves of the block.

14. Explain in detail about TRIPLE DES. (16) (U) (June 2012) (Dec - 2013)

15. Explain in detail about RC5 algorithm. (U) (June 2012)

16. Explain how encryption and decryption are done using RSA crypto system. (U)

(May/June 2009) (June – 2014)

17. (i) Describe RSA algorithm. (8)

(ii) Perform encryption and decryption using RSA algorithm for the following:

p = 7, q = 11, e = 7, M = 9 (5) (April/May 2019)

18. Explain the RSA Algorithm with example as p =11, q=5, e=3 and PT = 9. (16) (A) (Dec -

2013)

19. Perform encryption/decryption using RSA algorithm for the following: (A)

p=3, q=11, e=7, m=5 (Nov/Dec 2009) (June –

2014)

20. Explain the RSA algorithm in detail. For the given values, trace the sequence of calculation

in

RSA. p=7, q=13, e= 5 and m=10. (16) (A) (April /May 2016)

21. Perform encryption and decryption using RSA algorithm for

p = 17, q = 11, e = 7 and M = 88 (A) (Nov/Dec 2018)

22. Explain RSA algorithm, perform encryption and decryption to the system with

p = 7; q = 11; e = 17; M= 8. (16) (A) (Nov/Dec 2016)

23. Describe about the attacks that are possible on RSA algorithm. (U) (Nov/Dec 2009)

24. State the requirements for the design of an elliptic curve crypto system. Using that, explain

how secret keys are exchanged and messages are encrypted. (U) (May/June 2008)

25. Identify the possible threats for RSA algorithm and list their counter measures. (AN)

(May/June 2008) (June 2013) (Dec 2012) (May

2011)

26. How do elliptic curves take part in Encryption and Decryption process? (U) (May/June

2009) . (U) (April/May 2018)

27. Why ECC is better than RSA? However, why is it not widely used? Defend it.

(AN) (Nov/Dec 2018)

28. Discuss discrete algorithm & explain Diffie-Hellman key exchange algorithm with merits &

demerits. (U) ( May 2011) (Dec 2012) (June 2013) (June – 2014)

Page 22: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

29. Users A and B use the Diffie Hellman key exchange technique a common prime q=11 and a

primitive root alpha=7. (A) (May/June 2009)

(i) If user A has private key XA =3 what is A‟s public key YA?

(ii) If user B has private key XB =6 what is B‟s public key YB?

30. What is the shared secret key? Also write the algorithm. (U)

31. How man in middle attack can be performed in Diffie Hellman algorithm? (U)(May/June

2009)

32. Explain Diffie-Hellman Key exchange algorithm in detail. (U) (April / May 2017)

33. User A & B use the Diffie-Hellman key exchange algorithm with a common prime

q=71,and a primitive root a=7. If user A has a private key Xa =5. What is A‟s public key Ya

(8)

(E) (June –

2014)

34. Users Alice and Bob use the Diffie Hellman key exchange technique a common prime q=83

and a primitive root alpha=5. (A) (Nov/Dec 2017)

(i) If Alice has private key XA =6 what is Alice‟s public key YA?

(ii) If Bob has private key XB =10 what is Bob‟s public key YB?

(iii) What is the shared secret key?

35. (i) Explain briefly about Diffie Hellman key exchange algorithm with its merits and demerits.

(10) (U)

(ii) Explain public key cryptography and when it is preferred? (5) (U) (April/May 2019)

36. Find the secret key shared between user A and user B using Diffie Hellman algorithm for the

following: (A) (Nov/Dec 2018)

q = 353; α (primitive root) = 3, XA = 45 and XB = 50

UNIT III- HASH FUNCTIONS AND DIGITAL SIGNATURES

Authentication requirement – Authentication function – MAC – Hash function – Security

of hash function and MAC –MD5 - SHA - HMAC – CMAC - Digital signature and

authentication protocols – DSS – EI Gamal – Schnorr.

PART A

1. What is message authentication? (R)

It is a procedure that verifies whether the received message comes from assigned source

has not been altered.

2. Define the classes of message authentication function. (R)

Message encryption: The entire cipher text would be used for authentication.

Message Authentication Code: It is a function of message and secret key produce a

fixed length value.

Page 23: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Hash function: Some function that map a message of any length to fixed length which

serves as authentication.

3. What you meant by MAC? (R)

MAC is Message Authentication Code. It is a function of message and secret key which

produce a fixed length value called as MAC.

4. Specify the techniques for distribution of public key. (R)

Public announcement.

Publicly available directory.

Public key authority.

Public key certificate.

5. Specify the requirements for message authentication. (R) (Nov/Dec 2016) (April/May

2019)

i. Disclosure.

ii. Traffic analysis.

iii. Masquerade.

iv. Content Modification.

v. Sequence Modification.

vi. Timing modification.

vii. Repudiation.

6. Differentiate internal and external error control. (AN)

Internal Error Control:

Internal error control, an error detecting code also known as frame check

sequence or checksum.

External Error Control:

In external error control, error detecting codes are appended after encryption.

7. Define the term message digest. (R) (Nov/Dec 2018)

A message digest is a fixed size numeric representation of the contents of a message,

computed by a hash function. i.e. A Message Digest is a cryptographic Hash of a message.

8. What you meant by hash function? (U) (April/May 2018)

Hash function accepts a variable size message M as input and produces a fixed size hash

code

H(M) called as message digest as output. It is the variation on the message authentication code.

9. Differentiate MAC and Hash function. (AN) (Nov/Dec 2016)

Page 24: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

MAC: In Message Authentication Code, the secret key shared by sender and receiver.

The MAC is appended to the message at the source at a time which the message is assumed or

known to be correct.

Hash Function: The hash value is appended to the message at the source at time when

the message is assumed or known to be correct. The hash function itself not considered to be

secret.

10. Define Hash Function. (R)

A function that maps a variable-length data block or message into a fixed-length value

called a hash code. The function is designed in such a way that, when protected, it provides an

authenticator to the data or message. Also referred to as a message digest (or) Hash code.

11. List the Hash Algorithms. (R)

SHA(Secure Hash Algorithm)

MD5(Message Digest Version5)

12. Write Short notes on MD5. (U)

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that

produces a 128-bit (16-byte) hash value. MD5 has been employed in a wide variety of security

applications, and is also commonly used to check data integrity. MD5 was designed by Ron

Rivest in 1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed as

a 32-digit hexadecimal number

13. Write Short notes on SHA (Secure Hash Algorithm). (U)

The Secure Hash Algorithm is one of a number of cryptographic hash functions

published by the National Institute of Standards and Technology (NIST) as a U.S. Federal

Information Processing Standard (FIPS).

14. Contrast various SHA algorithm. (AN) (Nov/Dec 2018)

SHA-0: A retronym applied to the original version of the 160-bit hash function published in

1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed

"significant flaw" and replaced by the slightly revised version SHA-1.

SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed

by the National Security Agency (NSA) to be part of the Digital Signature Algorithm.

Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved

for most cryptographic uses after 2010.

SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256

and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses

64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384,

SHA-512/224 and SHA-512/256. These were also designed by the NSA.

SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition

Page 25: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure

differs significantly from the rest of the SHA family.

15. What is Digital Signature? (U)

A digital signature is an authentication mechanism that enables the creator of a message

to attach a code that acts as a signature. The signature is formed by taking the hash of the

message and encrypting the message with the creator's private key. The signature guarantees the

source and integrity of the message.

16. List the Digital Signature Algorithms. (R)

RSA

El Gamal

DSA

17. List the Processes involved in Digital Signature. (R)

Signing Process

Verification Process

18. Define ElGamal Public Key Cryptosystem. (R)

ElGamal Public Key Cryptosystem is an asymmetric key encryption for public key

cryptography based on Diffie-Hellman Key Exchange.

19. Difference between MD5 and SHA-1. (AN)

S.No. Point of Discussion MD5 SHA-1

1. Message digest length in

bits 128 160

2. Speed Faster(64 iterations) Slower(80 iterations)

3.

Attack to try and find two

messages producing the

same message digest

Requires 264

operations to

break in.

Requires 280

operations to

break in.

20. Show how SHA is more secure than MD5. (AN) (April/May 2019)

SHA is structurally similar to MD5. It is slower than MD5 but more secure, because it

produces message digests that are 25% longer than those produced by the message digest

functions. Since SHA has a longer (160 bits) hash value it is more resistant to brute force

attacks than MD5.

21. Using ElGamal Scheme, let α = 5, p =11, XA= 2. Find the value of YA. (A)

α = 5, p =11, XA= 2

YA = α XA

mod p

Page 26: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

= 52 mod 11

22. What are the requirements of the hash function? (U)

H can be applied to a block of data of any size.

H produces a fixed length output.

H(x) is relatively easy to compute for any given x, making both hardware and software

implementations practical.

23. Define the classes of message authentication function. (R)

Message encryption: The entire cipher text would be used for authentication.

Message Authentication Code: It is a function of message and secret key produce a fixed

length value.

Hash function: Some function that map a message of any length to fixed length which

serves as authentication.

24. Specify the various types of authentication protocol. (R) (April/May 2017)

Kerberos authentication protocol

NT LAN Manager (NTLM) authentication protocol

Secure Sockets Layer/Transport Security Layer (SSL/TLS)

Digest authentication

Smart cards

Virtual Private Networking (VPN) and Remote Access Services (RAS)

25. What is the role of compression function in hash function? (U) (April/May 2017)

A compression function takes a fixed length input and returns a shorter, fixed-

length output. Then a hash function can be defined by means of repeated applications of

the compression function until the entire message has been processed. In this process, a

message of arbitrary length is broken into blocks of a certain length which depends on the

compression function, and "padded" (for security reasons) so that the size of the message

is a multiple of the block size. The blocks are then processed sequentially, taking as input

the result of the hash so far and the current message block, with the final output being the

hash value for the message.

26. How is the security of a MAC function expressed? (U) (Nov/Dec 2017)

A MAC is an authentication technique involves the use of a secret key to generate a

small fixed-size block of data, known as a cryptographic checksum or MAC. The

MAC is then appended to the message.

Here, sender and receiver share a secret key.

When A has to send a message to B, it calculates the MAC as a function of the

message and the key:

MAC = MAC(K, M)

where M is

plaintext C is

the MAC

Page 27: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

function

K is the

secret key

and

MAC is the message authentication code.

The message plus MAC are transmitted to the intended recipient.

The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated

MAC.

27. Mention the significance of signature function in Digital Signature Standard approach.

(R) (Nov/Dec 2017)

The Signature function assures the recipient that only the sender, with the knowledge of

the private key, could have produce the valid signature.

28. How digital signatures differ from authentication protocols? (AN) (April/May 2018)

A message authentication code (MAC) protects against message forgery by anyone who

doesn't know the secret key (shared by sender and receiver).This means that the receiver

can forge any message – thus we have both integrity and authentication , but not non-

repudiation.

Also an attacker could replay earlier messages authenticated with the same key, so a

protocol should take measures against this (e.g. by including message numbers or

timestamps). (Also, in case of a two-sided conversation, make sure that either both sides

have different keys, or by another way make sure that messages from one side can't sent

back by an attacker to this side.)

MACs can be created from unkeyed hashes (e.g. with the HMAC construction), or

created directly as MAC algorithms.

A (digital) signature is created with a private key, and verified with the corresponding

public key of an asymmetric key-pair. Only the holder of the private key can create this

signature, and normally anyone knowing the public key can verify it. Digital signatures

don't prevent the replay attack mentioned previously.

PART-B

1. Compare the features of SHA-1 and MD-5 algorithm. (AN) (May/June 2007)

2. Describe the MD5 message digest algorithm with necessary block diagrams. (U)

(April/May 2019)

3. Describe MD5 algorithm in detail. Compare its performance with SHA-1.(16)(U) (Nov/Dec

2016)

4. Discuss the objectives of HMAC and its security features. (U) (May/June 2007)

Page 28: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

5. Discuss briefly about Digital Signature Algorithm. (U)

(May/June 2007) (Nov/Dec 2007) (May/June 2009) (May/June 2010)(June –

2014)

6. Describe the block chaining technique. (U) (Nov/Dec 2007)

7. Discuss the security of HMAC. (U) (Nov/Dec 2007)

8. What is message authentication? Explain. (R) (May/June 2009)

9. How does SHA-1 logic produce message digest? (U) (May/June 2009)

10. Illustrate SHA2 in detail. (U) (Nov/Dec 2018)

11. Explain the challenges/ response approach in mutual authentication. (U) (May/June 2009)

12. Explain digital signature standard with necessary diagrams in detail.(16) (U) (Nov/Dec

2016)(April/May 2017)

13. Describe digital signature algorithm and show how signing and verification is done using

DSS.

(E) (May/June 2008) (April/May 2019)

14. Write about the symmetric encryption approach for digital signatures. (U) (May/June 2008)

15. Explain MD5 message digest algorithm, with its logic and compression function. (U)

(Nov/Dec 2009) (May 2011) (June 2012)

16. What are the properties a hash function must satisfy? Explain. (R)

(Nov/Dec 2009) (Dec 2012, 2013)

17. Explain about any two authentication protocols. (R) (May/June 2010)

18. Discuss briefly about Secure Hash Algorithm. (U) (May/June 2010) (June 2013)

(Dec - 2013)(April/May 2016)

19. Explain the types of Digital Signatures. (R)

20. Explain RIPEMD in detail. (U)

21. Discuss digital Signature with Elgamal and Schnorr public key cryptosystem. (8) (U)

(Dec 2013) (April / May2016)(Nov/Dec

2017)

22. Explain Elgamal digital signature scheme. (U) (Nov/Dec 2018)

23. Compare the performance of RIPEMD-160 algorithm and SHA-1 algorithm.

(AN)(April/May 2017)

24. With a neat diagram, explain the steps involved in SHA algorithm for encrypting a message

with maximum length of less than 2128

bits and produces as output a 512-bit message digest.

(A) ( Nov/Dec

2017)

25. How Hash Function algorithm is designed? Explain their feature and properties. (AN)

(April/May 2018)

26. With a neat diagram, explain the MD5 processing of a single 512 bit block. (U) (April/May

2018)

Page 29: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY

Authentication applications – Kerberos – X.509 Authentication services – Internet

Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of

Firewalls - Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion

detection system – Virus and related threats – Countermeasures – Firewalls design

principles – Trusted systems – Practical implementation of cryptography and security.

PART A

1. What is Kerberos? (R)

Kerberos is an authentication service developed as a part of project Athena at MIT.

Kerberos provide a centralized authentication server whose function is to authenticate servers.

2. What were the requirements defined by Kerberos? (R)

1. Secure

2. Reliable

3. Transparent

4. Scalable

3. Define X.509 Authentication Service. (R)

X.509 is part of the X.500 series. X.509 defines a directory service. X.509 is based on the

use of public-key cryptography and digital signatures. X.509 defines a framework for the

provision of authentication services by the X.500 directory to its users. For example, the X.509

certificate format is used in S/MIME, IP Security, and SSL/TLS and SET.

4. Define Intruder. (R)

An individual who gains, or attempts to gain, unauthorized access to a computer system

or to gain unauthorized privileges on that system.

5. List the three classes of Intruders. (R) (Nov/Dec 2016) (April/May 2019)

1. Masquerader

2. Misfeasor

3. Clandestine user

6. Write short notes on Intrusion detection system. (U)

A set of automated tools designed to detect unauthorized access to a host system.

7. Discriminate statistical anomaly detection and rule based detection. (AN) (Nov/ Dec

2018)

Statistical Anomaly Detection Rule Based Detection

Involves the collection of data relating to the

behavior of legitimate users over a period of

Involves an attempt to define a set of rules that

can be used

Page 30: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

time. Then statistical tests are applied

to observed behavior to determine with a high

level of confidence whether that

behavior is not legitimate user behavior

to decide that a given behavior is that of an

intruder.

a. Threshold detection

b. Profile based

a. Anomaly detection

b. Penetration identification

8. Write short notes on malicious software. (U)

Malicious software is software that is intentionally included or inserted in a system for a

harmful purpose.

9. Write short notes on Virus. (U)

A virus is a piece of software that can "infect" other programs by modifying them; the

modification includes a copy of the virus program, which can then go on to infect other

programs.

10. Write short notes on Worm. (U)

A worm is a program that can replicate itself and send copies from computer to computer

across network connections.

11. Define Botnets. (R) (Nov/Dec 2016) A botnet (also known as a zombie army) is a number of Internet computers that, although

their owners are unaware of it, have been set up to forward transmissions (including spam or

viruses) to other computers on the Internet.

12. Define Zombie. (R) (Nov/Dec 2016)

A Zombie is a program that secretly takes over another Internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the zombie‟s creator. Zombies are used in denial-of-service attacks, typically against targeted web sites.

13. Define Statistical anomaly detection. (R)

Involves the collection of data relating to the behavior of legitimate users over a period

of time. Then statistical tests are applied to observed behavior to determine with a high level of

confidence whether that behavior is not legitimate user behavior.

14. In the content of Kerberos, what is realm? (U)

A full service Kerberos environment consisting of a Kerberos server, a no. of clients,

no.of application server requires the following:

_ The Kerberos server must have user ID and hashed password of all participating users

in its database.

_ The Kerberos server must share a secret key with each server. Such an environment is

referred to as “Realm”.

15. Specify the four categories of security threats. (R)

Interruption

Page 31: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Interception

Modification

Fabrication

16. What you mean by versioned certificate? (U)

Mostly used issue X.509 certificate with the product name” versioned digital id”. Each

digital id contains owner‟s public key, owner‟s name and serial number of the digital id.

17. Define virus. Specify the types of viruses. (R)

A virus is a program that can infect other program by modifying them the modification

includes a copy of the virus program, which can then go on to infect other program.

Types:

1) Parasitic virus

2) Memory-resident virus

3) Boot sector virus

4) Stealth virus

5) Polymorphic virus

18. What is application level gateway? (U)

An application level gateway also called a proxy server; act as a relay of application-level

traffic. The user contacts the gateway using a TCP\IP application, such as Telnet or FTP, and the

gateway asks the user for the name of the remote host to be accessed.

19. List the design goals of firewalls. (U) (April/May 2019)

1. All traffic from inside to outside, and vice versa, must pass through the firewall.

2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.

3. The firewall itself is immune to penetration

20. Define the roles of firewall. (R) (April/May 2017) (April/May 2018)

A firewall is responsible for bringing in only safe and relevant traffic to your private

network or computer system. It keeps a check on any unauthorized access to your computer and

automatically refuses and decrypt‟s unwanted information through the network.

21. List various types of firewall. (R) (Nov/Dec 2018)

There are 3 common types of firewalls.

Packet filters

Application-level gateways

Circuit-level gateways

22. Distinguish between Attack and Threat. (AN) (Apr/May 2017, Nov/Dec 2018)

Parameter Attack Threat

Page 32: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Meaning An attack is a deliberate act that

exploits vulnerability

Threat is anything potential that cause

harm to the system

Categories

Virus – Piece of software to steal

and damage computer

Spyware – Collects information

against user‟s own will

Phishing – Mostly done through

email like fraudulent system

Worms – Self-replicating from

one system to another

Spam – Spam emails are

computer security threat

Botnets – Bots used to target and

attack systems

DOS attacks – Bombarding

server with traffic to overwhelm

the system

Security threat – Data stealing,

exploitation of data, virus attack

etc.

Physical threat – Loss or physical

damage to the system

Internal – power supply,

hardware fault etc.

External – lighting, natural

disaster such as flood, earthquake

Human – theft, vandalism etc.

Non-physical threat – Loss of

information, data corruption,

cyber security breaches etc.

23. List any 2 applications of X.509 Certificates . (R) (Nov/Dec 2017)

Probably the most widely visible application of X.509 certificates today is in web

browsers (such as Mozilla Firefox and Microsoft Internet Explorer) that support the TLS

protocol. TLS (Transport Layer Security) is a security protocol that provides privacy and

authentication for your network traffic. These browsers can only use this protocol with web

servers that support TLS.

Other technologies that rely on X.509 certificates include:

Various code-signing schemes, such as signed Java ARchives, and Microsoft Authenticode.

Various secure E-Mail standards, such as PEM and S/MIME.

E-Commerce protocols, such as SET.

24. Write a simple authentication dialogue used in Kerberos. (U) (Nov/Dec 2017)

(1) C AS: IDC||PC||IDV

(2) AS C: Ticket

(3) C V: IDC||Ticket

Ticket = E(Kv, [IDC||ADC||IDV])

• where

• C= client , AS= authentication server ,V=server

• IDC= identifier of user on C ,IDV= identifier of V

• PC= password of user on C ,ADC= network address of C

• Kv= secret encryption key shared by AS and V

the user logs on to a workstation and requests access to server V.

Page 33: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

The client module C in the user's workstation requests the user's password and then sends a

message to the AS that includes the user's ID, the server's ID, and the user's password.

The AS checks its database to see if the user has supplied the proper password for this user ID

and whether this user is permitted access to server V.

• the AS creates a ticket that contains the user's ID and network address and the server's ID.

• This ticket is encrypted using the secret key shared by the AS and this server

• This ticket is then sent back to C.

• C sends a message to V containing C's ID and the ticket.

• V decrypts the ticket and verifies that the user ID in the ticket is the same as the

unencrypted user ID in the message.

25. What is a Threat? List their types. (R) (April/May 2018)

A computer threat is a possibility of danger that might harm the vulnerability of a

computer system and breach the security to cause damage. It can have an intentional cause like

hacking or an accidental cause of natural disaster or computer malfunction.

Types of security threats

A spyware threat

Hackers

Phishing scammers

PART B

1. How the encryption is key generated from password in Kerberos? (U) (May/June

2007)

2. Explain Kerberos Version 4 in detail. (16) (R) (April / May 2016)

3. Discuss Client Server Mutual authentication, with example flow diagram. (16) (U)

(Nov/Dec 2016)

4. Discuss the different types of authentication procedures? (U) (Nov/Dec 2007)

5. Describe the authentication dialogue used by Kerberos for obtaining services from another

realm.

(U) (May/June 2008)

6. Explain with the help of an example how a user‟s certificate is obtained from another

certification authority in x509 scheme. (E) (May/June 2008)

7. (i) What is Kerberos? Explain how it provides authenticated service. ( 7) (U)

(ii) Explain the format of the X.509 certificate. (6) (U) (April/May 2019)

8. Explain PKI. (8) (U) (DEC - 2013)

9. Explain Kerberos Authentication mechanism with suitable diagrams.(16) (U) (June – 2014)

10. (i) What is Kerberos? Explain how it provides authenticated service. (8) (U) (April/May

2018)

(ii) Explain the format of the X.509 certificate. (8) (R) (April/May 2018)

Page 34: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

11. Explain the technical details of firewall and describe any three types of firewall with neat

diagram. (16) (U) (Nov/Dec 2016)

12. Explain the characteristics and types of firewalls. (16) (U) (April / May 2016,April/May

2019)

13. Discuss how firewalls help in the establishing a security framework for an organization. (U)

(Nov/Dec 2017)

14. Define intrusion detection and the different types of detection mechanisms, in detail. (16)

(U) (April / May 2017)

15. How does screened host architecture for firewalls differ from screened subnet firewall

architecture? Which offers more security for information assets on trusted network? Explain

with neat sketch. (AN)(April/May 2018)

16. Illustrate the working principle of SET. Relate SET for E-Commerce applications.

(U) (Nov/Dec 2018)

17. (i)Explain any two approaches for intrusion detection. (8) (U)

(ii)Identify a few malicious programs that need a host program for their existence. (8) (E)

18. (i) Explain firewalls and how they prevent intrusions. (8) (U)

(ii) List and Brief, the different generation of antivirus software (8) (U)

19. Explain the types of Host based intrusion detection. List any two IDS software available. (R)

20. What are the positive and negative effects of firewall? (8) (AN)

21. Describe the familiar types of firewall configurations.(16) (U)

22. Write brief notes on the following: (U) (April /May 2016)

(i) Classification of viruses. (8)

(ii) Worm Counter Measures. (8)

23. Discuss the different types of virus in detail. Suggest scenarios for deploying these types in

network scenario. (U) (April / May 2017)

24. Analyze various types of virus and its counter measures. (AN) (Nov/Dec 2018)

UNIT V- E-MAIL, IP & WEB SECURITY

E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing

keys privacy-authentication of the source-Message Integrity-Nonrepudiation-Pretty Good

Privacy - S/MIME. IPSecurity: Overview of IPSec - IP and IPv6 - Authentication Header-

Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE,

ISAKMP/IKE Encoding). Web Security: SSL/TLS Basic Protocol computing the keys -

client authentication-PKI as deployed by SSL Attacks fixed in v3- Exportability-Encoding-

Secure Electronic Transaction (SET).

PART A

1. What are the services provided by PGP? (R) (April/May 2018, Nov/Dec 2018)

Page 35: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Digital signature

Message encryption

Compression

E-mail compatibility

Segmentation

2. Explain the reasons for using PGP. (U)

a) It is available free worldwide in versions that run on a variety of platforms, including

DOS/windows, UNIX, Macintosh and many more.

b) It is based on algorithms that have survived extensive public review and are considered

extremely secure.

E.g.) RSA, DSS and Diffie-Hellman for public key encryption, CAST-128, IDEA, 3DES

for conventional encryption, SHA-1for hash coding.

c) It has a wide range of applicability from corporations that wish to select and enforce a

standardized scheme for encrypting files and communication.

d) It was not developed by nor is it controlled by any governmental or standards

organization.

3. Why E-mail compatibility function in PGP needed? (U)

Electronic mail systems only permit the use of blocks consisting of ASCII text. To

accommodate this restriction PGP provides the service converting the row 8- bit binary stream to

a stream of printable ASCII characters. The scheme used for this purpose is Radix-64

conversion.

4. Name any cryptographic keys used in PGP. (R)

a) One-time session conventional keys.

b) Public keys.

c) Private keys.

d) Pass phrase based conventional keys.

5. Define key Identifier. (R)

PGP assigns a key ID to each public key that is very high probability unique with a user

ID. It is also required for the PGP digital signature. The key ID associated with each public key

consists of its least significant 64bits.

6. List the limitations of SMTP/RFC 822. (U) (Nov/Dec 2016)

a) SMTP cannot transmit executable files or binary objects.

b) It cannot transmit text data containing national language characters.

c) SMTP servers may reject mail message over certain size.

d) SMTP gateways cause problems while transmitting ASCII and EBCDIC.

e) SMTP gateways to X.400 E-mail network cannot handle non textual data included in

X.400 messages.

Page 36: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

7. Define S/MIME. (R)

Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the

MIME Internet E-mail format standard, based on technology from RSA Data Security.

8. What are the elements of MIME? (R)

Five new message header fields are defined which may be included in an RFC 822

header.

A number of content formats are defined.

Transfer encodings are defined that enable the conversion of any content format into a

form that is protected from alteration by the mail system.

9. Mention the five headers fields defined in MME? (R) (April/May 2019)

MIME version.

Content type.

Content transfer encoding.

Content id.

Content description.

10. What is MIME content type? Explain. (U)

It is used to declare general type of data. Subtype define particular format for that type of

the data. It has 7 content type & 15 subtypes. They are,

1. Text type

Plain text.

Enriched.

2. Multipart type

Multipart/mixed.

Multipart/parallel.

Multipart/alternative.

Multipart/digest.

3. Message type

Message/RFC822.

Message/partial.

Message/external.

4. Image type

JPEG.

CIF.

5. Video type.

6. Audio type.

7. Application type

Post script.

Page 37: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

Octet stream.

11. What are the key algorithms used in S/MIME? (R)

Digital Signature Standards.

Diffi-Hellman.

RSA Algorithm.

12. Give the steps for preparing envelope data MIME. (U)

1. Generate Ks.

2. Encrypt Ks using recipient‟s public key.

3. RSA algorithm used for encryption.

4. Prepare the „recipient info block‟.

5. Encrypt the message using Ks.

13. What are the function areas of IP security? (R)

Authentication

Confidentiality

Key management.

14. Give the application of IP security. (U)

Provide secure communication across private & public LAN.

Secure remote access over the Internet.

Secure communication to other organization.

15. What are the benefits of IP Security? (U) (April/May 2017, April/May 2019)

Provide security when IP security implement in router or firewall.

IP security is below the transport layer is transparent to the application.

IP security transparent to end-user.

IP security can provide security for individual user.

16. What are the protocols used to provide IP security? (R)

Authentication header (AH) protocol.

Encapsulating Security Payload (ESP).

17. Specify the IP security services. (R)

Access control.

Connectionless integrity.

Data origin authentication

Rejection of replayed packet.

Confidentiality.

Limited traffic for Confidentiality.

18. List out the steps involved in SSL record protocol. (U)

1. SSL record protocol takes application data as input and fragments it.

Page 38: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

2. Apply lossless Compression algorithm.

3. Compute MAC for compressed data.

4. MAC and compression message is encrypted using conventional algorithm.

19. Write short notes on Transport Layer Security (TLS). (U)

Transport Layer Security is defined as a Proposed Internet Standard in RFC 2246. RFC

2246 is very similar to SSLv3. The TLS Record Format is the same as that of the SSL Record

Format, and the fields in the header have the same meanings. The one difference is in version

number

20. Differentiate Transport and Tunnel mode in IPsec. (AN) (Nov/Dec 2018)

S.No. Transport mode Tunnel Mode

1 Provide the protection for upper layer protocol

between two hosts.

Provide the protection for entire IP Packet.

2 ESP in this mode encrypts and optionally

authenticates IP Payload but not IP Header.

ESP in this mode encrypt authenticate the

entire IP packet.

3 AH in this mode authenticate the IP Payload

and selected portion of IP Header.

AH in this mode authenticate the entire IP

Packet plus selected portion of outer IP

Header.

21. What is mean by SET? What are the features of SET? (U)

Secure Electronic Transaction (SET) is an open encryption and security specification

designed to protect credit card transaction on the internet.

Features are:

1. Confidentiality of information

2. Integrity of data

3. Cardholder account authentication

4. Merchant authentication

22. What are the steps involved in SET Transaction? (R)

1. The customer opens an account

2. The customer receives a certificate

3. Merchants have their own certificate

4. The customer places an order.

5. The merchant is verified.

6. The order and payment are sent.

7. The merchant requests payment authorization.

8. The merchant confirm the order.

9. The merchant provides the goods or services.

10. The merchant requests payment.

Page 39: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

23. Draw the ESP packet format. (R) (April/May 2017)

24. Specify the purpose of ID payload in phase I and Phase II inherent in ISAKMP/IKE

Encoding. (U) (April/May 2017)

ISAKMP defines payloads for exchanging key generation and authentication data. These

formats provide a consistent framework for transferring key and authentication data which is

independent of the key generation technique, encryption algorithm and authentication

mechanism.

25. Justify the following statement: (U) (Nov/Dec 2017)

“With a Network Address Translation(NAT) box, the computers on your internal network do

not need global IPV4 addresses in order to connect to the Internet .”

A NAT box located where the LAN meets the Internet makes all necessary IP address

translations. Hence, addresses allocated are locally unique but not globally unique.

26. What is the difference between TLS and SSL Security? (AN) (April/May 2018)

S.NO Concepts TLS SSL

1. Which is faster?

It is little slower due to the

two-step communication

process i.e. handshaking

and actual data transfer.

It is faster than TLS as

authentications are not

carried out intensively.

Page 40: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

2.

Which is complex to

manage on the server

side?

It is complex as it requires

certificate validations and

good authentications.

It is simpler than the TLS

as it lacks few features that

are present in the TLS.

PART -B

1. Illustrate the confidentiality service provided by PGP. (U) (May/June 2007)

2. Summarize the S/MIME in detail. (U) (May/June 2007) (June 2013) (Nov/Dec 2018)

3. What services are provided by IP sec? (R) (May/June 2007) (June 2012)

4. What are the key features of SET? Explain. (U) (Nov/Dec 2007)

5. What protocols comprise SSL? Explain any two of them. (U) (Nov/Dec 2007)

6. Explain the operational description of PGP.(16) (U) (Nov/Dec 2016)

7. Explain PGP cryptographic functions in detail with suitable block diagrams. (U)

(April/May 2019)

8. How does PGP provide confidentiality and authentication service for e-mail and file storage

applications? Draw the block diagram and explain its components. (U) (May/June 2009)

9. Evaluate the performance of PGP. Compare it with S/MIME. (AN) (Nov/Dec 2018)

10. Bring out the importance of security associations in IP. (AN) (May/June 2009)

11. Describe the SSL Specific protocol – Handshake action in detail. (U)

(May/June 2009) (Dec /2013)(April / May 2016)

12. What are the functions included in MIME in order to enhance security? How are they done?

(E) (May/June 2008)

13. Explain the services of PGP. (U) (Nov/Dec 2009) (Dec - 2012) (May 2011)

14. Discuss briefly about PGP used for Email security. (U) (May/June 2010) (June –

2014)(April/May 2018)

15. Discuss briefly about X.509 authentication service. (U) (May/June 2010) (June 2013)

16. Describe about SET. (U) (Dec - 2012) (June 2012) (Nov/Dec 2017)

17. Discuss the working of SET with neat diagram. (16) (U) (Nov/Dec 2016)

18. Differentiate SSL & SET. (8) (AN) (May - 2011)

19. Explain about the overview of IP Security documents. (8)(U) (May 2011)

20. Explain the architecture of IP security in detail with a neat block diagram. (U)

(April/May 2017, April/May 2019)

21. Discuss authentication header and ESP in detail with their packet format . (U) (April/May

2017)

22. Discuss the different methods involved in authentication of the source.(8) (U) (Nov/Dec

2017)

23. Write about how the integrity of message is endured without source authentication.(8)

(U) (Nov/Dec

2017)

24. Describe in detail about SSL/TLS. (U) (Nov/Dec 2018)

Page 41: CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be

25. Write the steps involved in the simplified form of the SSL/TLS protocol. (8) (U) (Nov/Dec

2017)

26. Write the methodology involved computing the keys in SSL/TLS protocol. (8) (U)

(Nov/Dec 2017)

27. Write short notes on the following: (U) (April/May 2018)

a) Public Key Infrastructure (8)

b) Secure Electronic Transaction. (8)