CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be made to: Understand OSI security architecture and classical encryption techniques. Acquire fundamental knowledge on the concepts of finite fields and number theory. Understand various block cipher and stream cipher models. Describe the principles of public key cryptosystems, hash functions and digital signature. UNIT I INTRODUCTION & NUMBER THEORY 10 Services, Mechanisms and attacks-the OSI security architecture-Network security model- Classical Encryption techniques (Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields- Modular arithmetic- Euclid‟s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers- Fermat‟s and Euler‟s theorem- Testing for primality -The Chinese remainder theorem- Discrete logarithms. \ UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY 10 Data Encryption Standard-Block cipher principles-block cipher modes of operation- Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The RSA algorithm-Key management – Diffie HellmanKeyexchange-Elliptic curve arithmetic-Elliptic curve cryptography. UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES 8 Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication protocols – DSS – EI Gamal – Schnorr.
41
Embed
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY · CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P C 3 0 0 3 OBJECTIVES: The student should be
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY L T P
C
3 0 0
3
OBJECTIVES:
The student should be made to:
Understand OSI security architecture and classical encryption techniques.
Acquire fundamental knowledge on the concepts of finite fields and number theory.
Understand various block cipher and stream cipher models.
Describe the principles of public key cryptosystems, hash functions and digital signature.
UNIT I INTRODUCTION & NUMBER
THEORY 10
Services, Mechanisms and attacks-the OSI security architecture-Network security model-
39. Give the significance of hierarchical key control. (AN) ( Nov/Dec 2017)
Hierarchies of KDC‟s (Key Distribution Control) required for large networks. A single KDC may be responsible for a small number of users since it shares the master keys of all the
entities attached to it . If two entities in different domains want to communicate, local KDCs
communicate through a global KDC.
40. Perform encryption and decryption using RSA algorithm for the following:
p = 7; q = 11; e = 17; M= 8 (A) (April/May 2018)
n = p * q = 7 * 11 = 77
f(n) = (p-1) * (q-1) = 6 * 10 = 60
Now, we need to compute d = e-1
mod f(n) by using backward substitution of GCD
algorithm:
According to GCD:
60 = 17 * 3 + 9
17 = 9 * 1 + 8
9 = 8 * 1 + 1
8 = 1 * 8 + 0
Therefore, we have:
1 = 9 – 8
= 9 – (17 – 9)
= 9 – (17 – (60 – 17 * 3))
= 60 – 17*3 – (17 – 60 + 17*3)
= 60 – 17 *3 + 60 – 17*4
= 60*2 – 17*7
Hence, we get d = e-1
mod f(n) = e-1
mod 60 = -7 mod 60 = (53-60) mod 60 = 53
So, the public key is {17, 77} and the private key is {53, 77}, RSA encryption and
decryption is following:
PART-B
1. Discuss in detail the different ways of distribution of public keys. (U) (Nov/Dec 2007)
2. Describe the block cipher modes of operation in detail. (U)
3. Discuss the block cipher modes of operation and give the advantages and disadvantages. (U)
(May/June 2009, May/June 2010)
4. Explain AES algorithm with all its round functions in detail. (16) (U) (Nov/Dec 2016)
(April/May 2018)
5. Explain in detail the transformation takes place in AES encryption procedure. (E)
(Nov/Dec 2009)
6. Discuss about AES Cipher. (U) (May/June 2010)
7. (i) Describe in detail the key generation in AES algorithm and its expansion format. (7) (U)
(ii) Describe triple DSE and its applications. (6) (U) (April/May 2019)
8. Explain in detail about DES. (U) (June 2013) (Dec 2012) (April / May 2016)
(April / May 2017)
9. Explain about the single round DES algorithm. (10) (U) (May 2011) (June – 2014)
817
Mod 77= 57
Encryption
5753
Mod 77 = 8
Decryption
Plaintext
PU= (17, 77)
ciphertext
Plaintext
8
PR= (53, 77)
10. Describe key discarding process of DES. (6) (U) (May 2011)
11. Draw the general structure of DES and explain the encryption decryption process. (U)
(May/June 2009)
12. Mention the strengths and weakness of DES algorithm. (AN) ( May/June 2009)
13. For each of the following elements of DES, indicate the comparable element in AES if
available. (A) (Nov/Dec 2017)
(i) XOR of subkey material with the input to the function.
(ii) F function.
(iii)Permutation p.
(iv) Swapping of halves of the block.
14. Explain in detail about TRIPLE DES. (16) (U) (June 2012) (Dec - 2013)
15. Explain in detail about RC5 algorithm. (U) (June 2012)
16. Explain how encryption and decryption are done using RSA crypto system. (U)
(May/June 2009) (June – 2014)
17. (i) Describe RSA algorithm. (8)
(ii) Perform encryption and decryption using RSA algorithm for the following:
p = 7, q = 11, e = 7, M = 9 (5) (April/May 2019)
18. Explain the RSA Algorithm with example as p =11, q=5, e=3 and PT = 9. (16) (A) (Dec -
2013)
19. Perform encryption/decryption using RSA algorithm for the following: (A)
p=3, q=11, e=7, m=5 (Nov/Dec 2009) (June –
2014)
20. Explain the RSA algorithm in detail. For the given values, trace the sequence of calculation
Virtual Private Networking (VPN) and Remote Access Services (RAS)
25. What is the role of compression function in hash function? (U) (April/May 2017)
A compression function takes a fixed length input and returns a shorter, fixed-
length output. Then a hash function can be defined by means of repeated applications of
the compression function until the entire message has been processed. In this process, a
message of arbitrary length is broken into blocks of a certain length which depends on the
compression function, and "padded" (for security reasons) so that the size of the message
is a multiple of the block size. The blocks are then processed sequentially, taking as input
the result of the hash so far and the current message block, with the final output being the
hash value for the message.
26. How is the security of a MAC function expressed? (U) (Nov/Dec 2017)
A MAC is an authentication technique involves the use of a secret key to generate a
small fixed-size block of data, known as a cryptographic checksum or MAC. The
MAC is then appended to the message.
Here, sender and receiver share a secret key.
When A has to send a message to B, it calculates the MAC as a function of the
message and the key:
MAC = MAC(K, M)
where M is
plaintext C is
the MAC
function
K is the
secret key
and
MAC is the message authentication code.
The message plus MAC are transmitted to the intended recipient.
The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated
MAC.
27. Mention the significance of signature function in Digital Signature Standard approach.
(R) (Nov/Dec 2017)
The Signature function assures the recipient that only the sender, with the knowledge of
the private key, could have produce the valid signature.
28. How digital signatures differ from authentication protocols? (AN) (April/May 2018)
A message authentication code (MAC) protects against message forgery by anyone who
doesn't know the secret key (shared by sender and receiver).This means that the receiver
can forge any message – thus we have both integrity and authentication , but not non-
repudiation.
Also an attacker could replay earlier messages authenticated with the same key, so a
protocol should take measures against this (e.g. by including message numbers or
timestamps). (Also, in case of a two-sided conversation, make sure that either both sides
have different keys, or by another way make sure that messages from one side can't sent
back by an attacker to this side.)
MACs can be created from unkeyed hashes (e.g. with the HMAC construction), or
created directly as MAC algorithms.
A (digital) signature is created with a private key, and verified with the corresponding
public key of an asymmetric key-pair. Only the holder of the private key can create this
signature, and normally anyone knowing the public key can verify it. Digital signatures
don't prevent the replay attack mentioned previously.
PART-B
1. Compare the features of SHA-1 and MD-5 algorithm. (AN) (May/June 2007)
2. Describe the MD5 message digest algorithm with necessary block diagrams. (U)
(April/May 2019)
3. Describe MD5 algorithm in detail. Compare its performance with SHA-1.(16)(U) (Nov/Dec
2016)
4. Discuss the objectives of HMAC and its security features. (U) (May/June 2007)
5. Discuss briefly about Digital Signature Algorithm. (U)
21. Discuss digital Signature with Elgamal and Schnorr public key cryptosystem. (8) (U)
(Dec 2013) (April / May2016)(Nov/Dec
2017)
22. Explain Elgamal digital signature scheme. (U) (Nov/Dec 2018)
23. Compare the performance of RIPEMD-160 algorithm and SHA-1 algorithm.
(AN)(April/May 2017)
24. With a neat diagram, explain the steps involved in SHA algorithm for encrypting a message
with maximum length of less than 2128
bits and produces as output a 512-bit message digest.
(A) ( Nov/Dec
2017)
25. How Hash Function algorithm is designed? Explain their feature and properties. (AN)
(April/May 2018)
26. With a neat diagram, explain the MD5 processing of a single 512 bit block. (U) (April/May
2018)
UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY
Authentication applications – Kerberos – X.509 Authentication services – Internet
Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of
Firewalls - Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion
detection system – Virus and related threats – Countermeasures – Firewalls design
principles – Trusted systems – Practical implementation of cryptography and security.
PART A
1. What is Kerberos? (R)
Kerberos is an authentication service developed as a part of project Athena at MIT.
Kerberos provide a centralized authentication server whose function is to authenticate servers.
2. What were the requirements defined by Kerberos? (R)
1. Secure
2. Reliable
3. Transparent
4. Scalable
3. Define X.509 Authentication Service. (R)
X.509 is part of the X.500 series. X.509 defines a directory service. X.509 is based on the
use of public-key cryptography and digital signatures. X.509 defines a framework for the
provision of authentication services by the X.500 directory to its users. For example, the X.509
certificate format is used in S/MIME, IP Security, and SSL/TLS and SET.
4. Define Intruder. (R)
An individual who gains, or attempts to gain, unauthorized access to a computer system
or to gain unauthorized privileges on that system.
5. List the three classes of Intruders. (R) (Nov/Dec 2016) (April/May 2019)
1. Masquerader
2. Misfeasor
3. Clandestine user
6. Write short notes on Intrusion detection system. (U)
A set of automated tools designed to detect unauthorized access to a host system.
7. Discriminate statistical anomaly detection and rule based detection. (AN) (Nov/ Dec
2018)
Statistical Anomaly Detection Rule Based Detection
Involves the collection of data relating to the
behavior of legitimate users over a period of
Involves an attempt to define a set of rules that
can be used
time. Then statistical tests are applied
to observed behavior to determine with a high
level of confidence whether that
behavior is not legitimate user behavior
to decide that a given behavior is that of an
intruder.
a. Threshold detection
b. Profile based
a. Anomaly detection
b. Penetration identification
8. Write short notes on malicious software. (U)
Malicious software is software that is intentionally included or inserted in a system for a
harmful purpose.
9. Write short notes on Virus. (U)
A virus is a piece of software that can "infect" other programs by modifying them; the
modification includes a copy of the virus program, which can then go on to infect other
programs.
10. Write short notes on Worm. (U)
A worm is a program that can replicate itself and send copies from computer to computer
across network connections.
11. Define Botnets. (R) (Nov/Dec 2016) A botnet (also known as a zombie army) is a number of Internet computers that, although
their owners are unaware of it, have been set up to forward transmissions (including spam or
viruses) to other computers on the Internet.
12. Define Zombie. (R) (Nov/Dec 2016)
A Zombie is a program that secretly takes over another Internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the zombie‟s creator. Zombies are used in denial-of-service attacks, typically against targeted web sites.
13. Define Statistical anomaly detection. (R)
Involves the collection of data relating to the behavior of legitimate users over a period
of time. Then statistical tests are applied to observed behavior to determine with a high level of
confidence whether that behavior is not legitimate user behavior.
14. In the content of Kerberos, what is realm? (U)
A full service Kerberos environment consisting of a Kerberos server, a no. of clients,
no.of application server requires the following:
_ The Kerberos server must have user ID and hashed password of all participating users
in its database.
_ The Kerberos server must share a secret key with each server. Such an environment is
referred to as “Realm”.
15. Specify the four categories of security threats. (R)
Interruption
Interception
Modification
Fabrication
16. What you mean by versioned certificate? (U)
Mostly used issue X.509 certificate with the product name” versioned digital id”. Each
digital id contains owner‟s public key, owner‟s name and serial number of the digital id.
17. Define virus. Specify the types of viruses. (R)
A virus is a program that can infect other program by modifying them the modification
includes a copy of the virus program, which can then go on to infect other program.
Types:
1) Parasitic virus
2) Memory-resident virus
3) Boot sector virus
4) Stealth virus
5) Polymorphic virus
18. What is application level gateway? (U)
An application level gateway also called a proxy server; act as a relay of application-level
traffic. The user contacts the gateway using a TCP\IP application, such as Telnet or FTP, and the
gateway asks the user for the name of the remote host to be accessed.
19. List the design goals of firewalls. (U) (April/May 2019)
1. All traffic from inside to outside, and vice versa, must pass through the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3. The firewall itself is immune to penetration
20. Define the roles of firewall. (R) (April/May 2017) (April/May 2018)
A firewall is responsible for bringing in only safe and relevant traffic to your private
network or computer system. It keeps a check on any unauthorized access to your computer and
automatically refuses and decrypt‟s unwanted information through the network.
21. List various types of firewall. (R) (Nov/Dec 2018)
There are 3 common types of firewalls.
Packet filters
Application-level gateways
Circuit-level gateways
22. Distinguish between Attack and Threat. (AN) (Apr/May 2017, Nov/Dec 2018)
Parameter Attack Threat
Meaning An attack is a deliberate act that
exploits vulnerability
Threat is anything potential that cause
harm to the system
Categories
Virus – Piece of software to steal
and damage computer
Spyware – Collects information
against user‟s own will
Phishing – Mostly done through
email like fraudulent system
Worms – Self-replicating from
one system to another
Spam – Spam emails are
computer security threat
Botnets – Bots used to target and
attack systems
DOS attacks – Bombarding
server with traffic to overwhelm
the system
Security threat – Data stealing,
exploitation of data, virus attack
etc.
Physical threat – Loss or physical
damage to the system
Internal – power supply,
hardware fault etc.
External – lighting, natural
disaster such as flood, earthquake
Human – theft, vandalism etc.
Non-physical threat – Loss of
information, data corruption,
cyber security breaches etc.
23. List any 2 applications of X.509 Certificates . (R) (Nov/Dec 2017)
Probably the most widely visible application of X.509 certificates today is in web
browsers (such as Mozilla Firefox and Microsoft Internet Explorer) that support the TLS
protocol. TLS (Transport Layer Security) is a security protocol that provides privacy and
authentication for your network traffic. These browsers can only use this protocol with web
servers that support TLS.
Other technologies that rely on X.509 certificates include:
Various code-signing schemes, such as signed Java ARchives, and Microsoft Authenticode.
Various secure E-Mail standards, such as PEM and S/MIME.
E-Commerce protocols, such as SET.
24. Write a simple authentication dialogue used in Kerberos. (U) (Nov/Dec 2017)
(1) C AS: IDC||PC||IDV
(2) AS C: Ticket
(3) C V: IDC||Ticket
Ticket = E(Kv, [IDC||ADC||IDV])
• where
• C= client , AS= authentication server ,V=server
• IDC= identifier of user on C ,IDV= identifier of V
• PC= password of user on C ,ADC= network address of C
• Kv= secret encryption key shared by AS and V
the user logs on to a workstation and requests access to server V.
The client module C in the user's workstation requests the user's password and then sends a
message to the AS that includes the user's ID, the server's ID, and the user's password.
The AS checks its database to see if the user has supplied the proper password for this user ID
and whether this user is permitted access to server V.
• the AS creates a ticket that contains the user's ID and network address and the server's ID.
• This ticket is encrypted using the secret key shared by the AS and this server
• This ticket is then sent back to C.
• C sends a message to V containing C's ID and the ticket.
• V decrypts the ticket and verifies that the user ID in the ticket is the same as the
unencrypted user ID in the message.
25. What is a Threat? List their types. (R) (April/May 2018)
A computer threat is a possibility of danger that might harm the vulnerability of a
computer system and breach the security to cause damage. It can have an intentional cause like
hacking or an accidental cause of natural disaster or computer malfunction.
Types of security threats
A spyware threat
Hackers
Phishing scammers
PART B
1. How the encryption is key generated from password in Kerberos? (U) (May/June
2007)
2. Explain Kerberos Version 4 in detail. (16) (R) (April / May 2016)
3. Discuss Client Server Mutual authentication, with example flow diagram. (16) (U)
(Nov/Dec 2016)
4. Discuss the different types of authentication procedures? (U) (Nov/Dec 2007)
5. Describe the authentication dialogue used by Kerberos for obtaining services from another
realm.
(U) (May/June 2008)
6. Explain with the help of an example how a user‟s certificate is obtained from another
certification authority in x509 scheme. (E) (May/June 2008)
7. (i) What is Kerberos? Explain how it provides authenticated service. ( 7) (U)
(ii) Explain the format of the X.509 certificate. (6) (U) (April/May 2019)