N. B.: (1) All questions are compulsory state the ...muresults.net/itacademic/TYIT5/April17/NSSS.pdfExplain the encryption operation used inRC5 algorithm c. Explain the working of

(2½ hours)

Total Marks: 75

N. B.: (1) All questions are compulsory.

(2) Makesuitable assumptions wherever necessary and state the assumptions made.

(3) Answers to the same question must be written together.

(4) Numbers to the right indicate marks.

(5) Draw neat labeled diagrams wherever necessary.

(6) Use of Non-programmable calculators is allowed.

1. Attempt any two of the following: 10

a. Describe the various security services.

b. What are poly-alphabetic ciphers? Explaining one technique with suitable example

c. What is cryptanalysis? Explain different cryptanalysis attacks

d. What is DDOS attack? What are the ways in which DDOS attack can be classified?

2. Attempt any two of the following: 10

a. Explain the working of AES round in detail.

b. Explain the encryption operation used inRC5 algorithm

c. Explain the working of IDEA algorithm

d. Write a note on Blowfish.

3. Attempt any two of the following: 10

a. What is message digest? Explain.

b. Explain the working of the SHA algorithm

c. What is digital signature? Explain the different categories of verification.

d. Explain the Elgamal cryptosystems.

4. Attempt any two of the following: 10

a. Explain the Diffie Hellman’s Key agreement algorithm and its vulnerability

b. What is Key pre-distribution? Explain

c. Write a note on station-to-station protocol.

d. What is KDC? Explain its different implementations and significance.

5. Attempt any two of the following: 10

a. What are firewalls? What are its characteristics and limitations

b. Write a note on IPSec Architecture

c. What is SSL Record protocol? Explain its operations

d. Explain the Handshake protocol action

6. Attempt any two of the following: 10

a. Explain the password based authentication system. What are the problems associated

with passwords?

b. Write a note on Kerberos

c. Explain Biometric authentication technique.

d. What is certificate based authentication and explain its working.

7. Attempt any three of the following: 15

a. What are the different goals of security? Explain the different attacks these security goals are

vulnerable to

b. Explain the working of DES function in details

c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption

d. Explain the concept of Digital Certificate and how it is created?

e. What are the approaches used to detect intrusion? Give a brief description of each

f. Write a note on Authentication token.

Solution Set

1. Attempt any two of the following: 10

a. Describe the various security services.

Authentication - assurance that communicating entity is the one claimed – have both peer-entity & data

origin authentication

Access Control - prevention of the unauthorized use of a resource

Data Confidentiality - protection of data from unauthorized disclosure

Data Integrity - assurance that data received is as sent by an authorized entity

Non-Repudiation - protection against denial by one of the parties in a communication

Availability - resource accessible/usable

1 marks for any five services explanation

b. What are poly-alphabetic ciphers? Explaining one technique with suitable example

A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets.

(1marks)

The Vigenère cipher is probably the best-known example of apolyalphabetic cipher, though it is a

simplified special case. (2 marks)

One example for the same (2 marks)

c. What is cryptanalysis? Explain different cryptanalysis attacks

Cryptanalysi is the art or process of deciphering coded messages without being told the key. It is

the technique of decoding message from a non-readable format back to a readable format without

knowing how they were initially converted from readable format to a non-readable format. (2

marks)

Ciphertext only, known plaintext , chosen plaintext and chosen ciphertext attack explanation

along with diagrams (3marks)

d. What is DDOS attack? What are the ways in which DDOS attack can be classified?

DDoS stands for “Distributed Denial of Service.” A DDoS attack is a malicious attempt to make

an online service unavailable to users, usually by temporarily interrupting or suspending the

services of its hosting server. (2 marks)

Diagram (1marks)

Classification: SYN flood, DCN flood, UDP Flood etc (any one) (2marks)

2. Attempt any two of the following: 10

a. Explain the working of AES round in detail.

Advance Encryption Standard has key size and the plain text block size decide how many rounds need to

be excecuted. Min of rounds is 10 when key size is 128 bits and Max of rounds is 14 when the key size is

256 bits (1 marks)

For each round the following is done (2 marks)

i. Apply s box to each plain text bytes

ii. Rotate row k of the plain text block (state) by k bytes

iii. Perform a mix column operations

iv. XOR the state with the key block

Neat diagram expected for the above explanation of each step

b. Explain the encryption operation used inRC5 algorithm

Explanation of the following diagram (4 marks)

Diagram (1 marks)

c. Explain the working of IDEA algorithm

The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit

key.

Rounds of IDEA (2 marks)

Subkey generation of IDEA (2 marks)

Output transformation (1 marks)

d. Write a note on Blowfish.

Objectives of blowfish: fast, compact, simple and secure (1 marks)

Operation: subkey generation and data encryption (2 marks)

Diagrams : (2 marks)

3. Attempt any two of the following: 10

a. What is message digest? Explain.

A message digest is a finger print or the summary of a message. A message digest is a cryptographic hash

function containing a string of digits created by a one-way hashing formula. Message digests are designed

to protect the integrity of a piece of data or media to detect changes and alterations to any part of

a message. (1 marks)

Idea of message digest (1 marks)

Requirements of a message digest (2 marks)

i. Given a message , it should be very easy to find its corresponding message digest

ii. Given a message digest, it should be very difficult to find the original message for which the digest

was created

iii. Given any two messages, if we calculate their message digests, the two message digests must be

different

b. Explain the working of the SHA algorithm

Secure has algorithm works with any input message that is less than 264 bits in length. The output of SHA

is a message digest which is 160 bits in length. (1 marks)

Working: . (2 marks)

• Padding

• Append Length

• Divide the input into 512-bit block

• Initialize chaining variables

• Process block: Page 178

c. What is digital signature? Explain the different categories of verification

It is a digital code (generated and authenticated by public key encryption) which is attached to an

electronically transmitted document to verify its contents and the sender's identity. (1 marks)

Diagrams and explanation (4 marks)

d. Explain the Elgamal cryptosystems.

ElGamal Key generation (2 marks)

ElGamal Key encryption (1½ marks)

ElGamal Key decryption (1½ marks)

4. Attempt any two of the following: 10

a. Explain the Diffie Hellman’s Key agreement algorithm and its vulnerability

Introduction and description of the algorithm (2 marks)

Explanation of man-in-middle attack(2 marks)

b. What is Key pre-distribution? Explain Key pre-distribution is the method of distribution of keys onto nodes before deployment (1 mark)

Distribution can be done using KDC, Kerberos etc overall idea of the sheme (4 marks)

c. Write a note on station-to-station protocol.

The Station-to-Station (STS) protocol is a three-pass variation of the basic Diffie-Hellman protocol. It

enables you to establish a shared secret key between two nodes with mutual entity authentication. Nodes

are authenticated using digital signatures that sign and verify messages. When you use the STS protocol,

you are responsible for generating and managing authentication and signature public keys and exchanging

these keys with your trading partners. (1 marks)

Explanation with diagram (4 marks)

d. What is KDC? Explain its different implementations and significance.

Key Distribution Center is the central authority dealing with keys for individual computers in a

network. It is similar to authentication servers and Ticket Granting server in Kerberos. A typical

operation with a KDC involves a request from a user to use some service. The KDC will use

cryptographic techniques to authenticate requesting users as themselves. It will also check

whether an individual user has the right to access the service requested. If the authenticated user

meets all prescribed conditions, the KDC can issue a ticket permitting access. (3 marks)

Implementation : Flat and Hierarchal (2 marks)

5. Attempt any two of the following: 10

a. What are firewalls? What are its characteristics and limitations

A firewall acts like a guard, which can guard a corporate network by standing between the

network and the outside world. A firewall is a network security system designed to prevent

unauthorized access to a private network from any other network. It works closely with a router

program to determine if a packet should be forwarded to its destination. It also provides a proxy

service that makes network requests on behalf of the users on a network.

The characteristics of a good firewall can be described as follows:

(1) All traffic from inside to outside, and vice versa must pass through the firewall. To achieve

this, all the access to the local network must first be physically blocked, and access only via the

firewall should be permitted.

(2) Only the traffic authorized as per the local security policy should be allowed to pass through.

(3) The firewall itself must be strong enough, so as to render attacks on it useless.

The main limitations of a firewall can be listed as follows:

(1) Insider’s intrusion

(2) Direct Internet traffic

(3) Virus attacks

(4) It needs specialized skills to configure, and many attacks occur because of badly configured

policies on a firewall.

b. Write a note on IPSec Architecture

Explanation on each above stated protocol (2½ marks)

c. What is SSL Record protocol? Explain its operations The SSL Record Protocol provides two services for SSL connections:

• Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional

encryption of SSL payloads.

• Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a

message authentication code (MAC).

Figure indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an

application message to be transmitted, fragments the data into manageable blocks, optionally compresses

the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.

Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level

users.

d. Explain the Handshake protocol action

SSL Handshake protocol allows following between client and Server. The handshake is done

before any data is transmitted (1 marks)

1. to authenticate each other

2. to negotiate encryption and MAC algorithms

3. to create cryptographic keys to be used

4. to establish a session and then a connection

There are four phases in SSL handshake protocol. Following series of messages are used in these

4 phases.

• Phase-1: Establish Security Capabilities

• Phase-2: Server Authentication and Key Exchange

• Phase-3: Client Authentication and Key Exchange

• Phase-4: Finish Each phase explanation (1 marks)

6. Attempt any two of the following: 10

a. Explain the password based authentication system. What are the problems associated with

passwords?

Any two explained in detail (4 marks)

i. Clear text password

ii. Something derived from password

iii. Adding randomness in password

iv. Password encryption

Problems: maintenance, password policies etc (1 marks)

b. Write a note on Kerberos

Kerberos is a network authentication protocol. It is designed to provide strong authentication for

client/server applications by using secret-key cryptography. (1 marks)

Kerberos acts as a third party authenticator (1 marks)

- Helps the user to prove its identity to the various services and vice versa

-Uses symmetrical cryptographic algorithms (private key cryptosystems)

–Same key is used for encryption as well as decryption

–Uses DES (Data Encryption Standard)

Explanation of working (AS and TGS)along with diagram (3 marks)

c. Explain Biometric authentication technique.

Introduction (1 marks)

Working (1 marks)

Techniques (3 marks)

• Physiological (face, voice fingerprint)

• Behavioral (keystroke, signature)

d. What is certificate based authentication and explain its working

Introduction (1 marks)

Working (4 marks)

i. Creation, storage and distribution of digital certificates

ii. Login request

iii. Server creates a random challenge

iv. User signs using random challenge

v. Server returns an appropriate message back to the user

7. Attempt any three of the following: 15

a. What are the different goals of security? Explain the different attacks these security goals are

vulnerable to.

Security Goals: Confidentiality, integrity and availability (2 marks)

Attacks on Confidentiality: interception, modification etc Integrity: Masquerade, alterations and replay

Availability: DOS and DDOS (3 marks)

b. Explain the working of DES function in details

Diagram (1 mark)

Expansion permutation, XOR with key, S-box substitution and P-box permutation (4 marks)

c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption

Public key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of

keys: public keys which may be disseminated widely, and private keys which are known only to the

owner. (1 mark)

RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric

cryptographic algorithm. Asymmetric means that there are two different keys.

d. Explain the concept of Digital Certificate and how it is created?

Digital certificate is to verify that a user sending a message is who he or she claims to be, and to

provide the receiver with the means to encode a reply. An individual wishing to send an

encrypted message applies for adigital certificate from a Certificate Authority (CA). (1 mark)

Digital Certificate contents (2 marks)

Certificate creation steps (2 marks)

Key generation

Registration verification

Certificate creation

e. What are the approaches used to detect intrusion? Give a brief description of each The following approaches to intrusion detection:

1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users

over a period of time. Then statistical tests are applied to observed behavior to determine with a high level

of confidence whether that behavior is not legitimate user behavior.

• Threshold detection: This approach involves defining thresholds, independent of user, for the

frequency of occurrence of various events.

• Profile based: A profile of the activity of each user is developed and used to detect changes in the

behavior of individual accounts.

2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given

behavior is that of an intruder.

• Anomaly detection: Rules are developed to detect deviation from previous usage patterns.

• Penetration identification: An expert system approach that searches for suspicious behavior.

f. Write a note on Authentication token.

Authentication token is an extremely useful alternative to password. Authentication token is a

small device that generates a new random value every time it is used. This random value

becomes the basis for authentication. (1 mark)

Creation of token, Use of token, Token types (4 marks)