Academic Details of Course CS-7201 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Academic Details of Course
CS-7201
Network Security
1
(i)Course contents
CATEGORY OF COURSE
COURSE TITLE COURSE CODE CREDITS – 4C
THEORY PAPERS
Departmental Elective DCO(E):II
Network Security Network Security CS7201
L3
T1
P0
Max. Marks:100Min. Marks:35Duration – 3 Hrs
UNIT-1Conventional Encryption
Convention Encryption: Conventional Encryption Model, Stenography, Classical Encryption Techniques, Simplified DES, Block Cipher Principles, The Data Encryption Standard, The Strength of DES, Differential and Linear Cryptanalysis, Block Design Principles, Block Cipher of operation, Conventional Encryption algorithms
UNIT-IIPublic Key Encryption And Hash Functions
Public Key Crypgraphy , Principles of Public Key Crypsystems, The RSA Algorithm, Key Management, Diffie Hellman Key Exchange, Elliptic Curve Crypgraphy,Message Authenticain and Hash Functions Authenticain Requirements, Authenticain Functions, Message Authentication Codes, Hash Functions, Security of Hash Functions.
UNIT-IIIHash and Mac Algorithms
o MD5 Message Digest Algorithm, o Secure Hash Algorithm (SHA:I),o RIPEMD, HMACo Digital Signatures and Authentication Protocolso Digital Signatures, Authentication Protocols: Digital Signature Standard
2
UNIT-IV Authentication Applications, IP Security, Web Security
UNIT-V
Intruders, Viruses and Worms Intruders, Viruses and Related Threats Firewalls Firewall Design Principles, Trusted Systems
References
(i) William Stallings, “Crypgraphy and Network Security”, Third Edition, Prentice Hall,1999
(ii) Atul Kahate, Crypgraphy & Network Security, Tata McGraw Hill Pub. Co
(ii)Lecture Plan with references3
Department Computer Science & Engineering Session Jul-Dec 2012
Faculty Name Semester OddSubject Network Security Sub. Code CS-7201(B) TIME SCHEDULE: Total expected periods: 53, Extra periods (if required)…
Lecture No. Topics to be covered Date of
Completion Remarks
1 Introduction to Network Security
2 Services, Mechanism and attack R1 (1-7)R2 (5-8)
3 Introduction to cryptography R1 (7-12)R2 (59,73-80)
4 Steganography R3(377,755-757)
5 Conventional Encryption mode R1 (12-14)
6 Classical Encryption Model R1 (21-4 8)
7 Block cipher principles R1 (55-56)R2(60,66,71,93)
8 Simplified DES R1(56-71)
9 Designing Simplified DES R1(71-82)
10 Strength of DES, Differential & Linear Cryptanalysis R1(82-85)R2(65,69,658)
11 Block Cipher Design principles R1(85-89)
12 Block Cipher modes of operation R1(90-97)
13 Modular arithmetic, euclid’s algorithm R1(107-116)
Unit Test – I (25% of Syllabus) Lect. No. 01 to 13
15 Double & triple DES, meet-in-the middle attack R1(173-178)
16 Blowfish R1(179-184)
17 RC5 R1(185-191)
18 RC4 stream cipher R1(192-196)
19 Key distribution R1(211-219)20 Random Number Generation R1(220-226)
4
21 Testing of primality R1(243-245)
22 Principles of Public Key Cryptosystem R1(257-267)
23 The RSA Algorithm R1(268-278)R2(75,80,678)
24 Key management R1(286-292)R2(442,477,440,439,47,60)
25 Diffie-Hellman Key Exchange R1(293-296)R2(442)
26 Elliptic curve Cryptography R1(297-306)
27 Authentication Functions R1(313-323)R2(194)
Mid Semester (50% of Syllabus) Lect. No. 01 to 27
29 Message Authentication codes R1(324-328)
30 Hash functionsR1(328-334)R2(76,77,405)
31 Security of hash function R1(335-338)
32 MD 5 message Digest algorithm R1(347-356)
33 Secure Hash Algorithm (SHA-I) R1(357-365)R2(77,439)
34 RIPEMD-160 R1(365-372)
35 HMAC R1(372-377)
36 Digital signatureR1(379-384)R2(79,107,442,593,682)
37 Digital signature standard (DSS) R1(384-395)
38 Kerberos R1(401-418)
39 X.509 Authentication services R1(419-428)
40 PGP R1(435-454)
41 S/MIME R1(455-472)
42 IP Security R1(481-490)R2-440
43 Authentication Header R1(491-495)
Unit Test – II (75% of Syllabus) Lect. No. 01 to 43
5
45 Encapsulating Security Payload R1(496-503)
46 Key management R1(504-515)
47 Secure Socket Layer (SSL) R1(527-530)
48 Transport Layer Security R1(531-548)
49 Secure Electronic Transaction R1(540-560)
50 Intruders & Intrusion DetectionR1(563-580)R2(14,36,387-390)
51 Password management R1(581-590)
52 Virus and Related Threats
R1(597-608)R2(156,108,111,419,528)
53 Virus Countermeasures R1(609-613)
54 Firewalls R2(435,451,457
55 Firewall Design Principles & Trusted SystemR1(615-634)R2(169,229,215,273)
PUT (100% of Syllabus) 9 Lect. No. 01 to 55
References:
Cryptography and Network Security, William Stallings PrenticeHall, 1999(R1)R1
Security in computing Shari Charles p. pfleeger, Low price Edison (R2) R2
Introduction to computer security,Mattbishop sathyanarayana s. vencatramanayya, Pearson Education R3
6
(iii) Unit Wise blow up
UNIT 1
INTRODUCTION NETWORKING
A basic understanding of computer networks is requisite in order understand the principles of network security. In this section, we'll cover some of the foundations of computer networking, then move on an overview of some popular networks. Following that, we'll take a more in: depth look at TCP/IP, the network protocol suite that is used run the Internet and many intranets.
.
7
TYPES AND SOURCES OF NETWORK THREATS
1. Denial:of:Service
2. Unauthorized Access
3. Executing Commands Illicitly
4. Confidentiality Breaches
5. Destructive Behavior
6. Data Diddling
7. Data Destruction
SECURE NETWORK DEVICES
1. Secure Modems; Dial:Back Systems
2. Cryp:Capable Routers
3. Virtual Private Networks
4. Encryption Options Beyond DES
CRYPTANALYSIS
If brute force is the only form of attack that can be made on an encryption algorithm, then the way counter such attacks is obvious: use longer keys. For example, for a 128:bit key, which is common, it would take over 10 19 years break the code using the EFF cracker. Even if we managed speed up the cracker by a facr of 1 trillion, it would still take over 10 million years break the code. So a 128:bit key is guaranteed result in an algorithm that is unbreakable by brute force. Structure of an encryption algorithm The exact realization of a Feistel network depends on the choice of the following parameters and design features:
Block size.o Key size .
o Number of rounds.
Subkey generation algorithm.
o Round function:
Fast software encryption/decryption.
Ease of analysis
Triple DES 8
The most widely:used alternative DES is a variant of DES known as triple DES. DES is highly resistant the known forms of cryptanalysis, so it makes sense use DES as a building block for longer:key algorithms. Triple DES preserves the existing investment in software and equipment, and operates by passing the data be encrypted through three stages of DES The data is first encrypted with one key by passing it through the DES encryption algorithm.
Then, the data is passed through the DES decryption algorithm using a second key. Finally, the output of the second stage is passed through DES encryption again using either a third key or a repetition of the first key.
In the former case, the key length is 168 bits, and in the latter, the key length is 112 bits.
Idea
The International Data Encryption Algorithm (IDEA) is a symmetric block cipher developed by Xuejia Lai and James Massey of the Swiss Federal Institute of Technology in 1991. IDEA uses a 128:bit key and differs markedly from DES both in the round function and in the subkey generation function. For the round function, IDEA does not use S:boxes. Rather, IDEA relies on three different mathematical operations: XOR, binary addition of 16:bit integers, and binary multiplication of 16:bit integers. These functions are combined produce a complex transformation that is very difficult analyze and hence very difficult cryptanalyze. The subkey generation algorithm relies solely on the use of circular shifts, but uses these in a complex way generate a tal of six subkeys for each of the eight rounds of IDEA. Because IDEA was one of the earliest of the proposed 128:bit replacements for DES, it has undergone considerable scrutiny and, so far, appears be highly resistant cryptanalysis. IDEA is used in PGP (as one alternative) and is also used in a number of commercial products.
Blowfish
Blowfish was developed in 1993 by Bruce Schneier, an independent consultant and crypgrapher, and quickly became one of the most popular alternatives DES. Blow:fish was designed be easy implement and have a high execution speed. It is also a very compact algorithm that can run in less than 5k bytes of memory. An interesting feature of Blowfish is that the key length is variable and can be as long as 448 bits. Blowfish uses 128:bit keys and sixteen rounds.
Blowfish uses S:boxes and the XOR function, as does DES, but also uses binary addition. Unlike DES, which uses fixed S:boxes, Blowfish uses dynamic S:boxes that are generated as a function of the key. The subkeys and the S:boxes are generated by repeated application of the Blowfish algorithm itself the key. A tal of 521 executions of the Blowfish encryption algorithm are required produce the subkeys and S:boxes. Accordingly, Blowfish is not suitable for applications in which the secret key changes frequently.
RC5
9
RC5 was developed in 1994 by Ron Rivest, one of the invenrs of the public:key algorithm RSA. RC5 was designed have the following characteristics:
• Suitable for hardware or software. RC5 only uses primitive computational operations commonly found on microprocessors.
• Speed. achieve this, RC5 is a simple algorithm and is word oriented. The basic operations work on full words of data at a time.
• Adaptable processors of different word lengths . The number of bits in a word is a parameter of RC5. Diff:erent word lengths yield different algorithms.
• Variable number of rounds. The number of rounds is a second parameter of RC5. This parameter allows a trade:off between higher speed and higher security.
• Variable:length key. The key length is a third parameter of RC5. Again, this flexibility allows a trade:off between speed and security.
• Data:dependent rotations. RC5 incorporates rotations (circular bit shifts) whose amount is data dependent. This appears strengthen the algorithm against cryptanalysis.
CAST:128 CAST is a design procedure for symmetric encryption algorithms developed in 1997 by Carlisle Adams and Stafford Tavares of Entrust Technologies. One specific algorithm developed as part of the CAST project is CAST:128, which makes use of a key size that varies from 40 bits 128 bits in 8:bit increments. CAST is the result of a long process of research and development and has benefited from extensive review by cryplogists. It is beginning be used in a number of products, including PGP.
STEGANOGRAPHY
Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.
Special software is needed for steganography, and there are freeware versions available at any good download site.
10
UNIT 2
PUBLIC:KEY ENCRYPTION
INTRODUCTION A crypgraphic system that uses two keys :: a public key known everyone and a private or secret key known only the recipient of the message. When John wants send a secure message Jane, he uses Jane's public key encrypt the message. Jane then uses her private key decrypt it. An important element the public key system is that the public and private keys are related in such a way that only the public key can be used encrypt messages and only the corresponding private key can be used decrypt them. Moreover, it is virtually impossible deduce the private key if you know the public key.
Public key crypgraphy, also known as asymmetric crypgraphy, is a form of crypgraphy in which a user has a pair of crypgraphic keys : a public key and a private key. The private key is kept secret, while the public key may be widely distributed. The keys are related mathematically, but the private key cannot be practically derived from the public key. A message encrypted with the public key can be decrypted only with the corresponding private key.
The two main branches of public key crypgraphy are:
public key encryption — a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This is used ensure confidentiality.
digital signatures — a message signed with a sender's private key can be verified by anyone who has access the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. This is used ensure authenticity.
INTRODUCTION PUBLIC:KEY CRYPGRAPHY
Public:key crypgraphy and related standards and techniques underlie security features of many Netscape products, including signed and encrypted email, form signing, object signing, single sign:on, and the Secure Sockets Layer (SSL) protocol. This document introduces the basic concepts of public:key crypgraphy.
Symmetric: Key Encryption
With symmetric:key encryption, the encryption key can be calculated from the decryption key and vice versa. With most symmetric algorithms, the same key is used for both encryption and decryption, as shown in Figure 1.
Figure 1 Symmetric: key encryption
11
Implementations of symmetric:key encryption can be highly efficient, so that users do not experience any significant time delay as a result of the encryption and decryption.
Symmetric:key encryption also provides a degree of authentication, since information encrypted with one symmetric key cannot be decrypted with any other symmetric key. Thus, as long as the symmetric key is kept secret by the two parties using it encrypt communications, each party can be sure that it is communicating with the other as long as the decrypted messages continue make sense.
RSA ALGORITHMThe RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks(part of the British GCHQ) but this was a secret until 1997. RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of facring large integers.
Key Generation Algorithm Generate two large random primes, p and q, of approximately equal size such
that their product n = pq is of the required bit length, e.g. 1024 bits. [See note 1]. Compute n = pq and (φ) phi = (p:1)(q:1). Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. [See note 2]. Compute the secret exponent d, 1 < d < phi, such that
ed ≡ 1 (mod phi). [See note 3]. The public key is (n, e) and the private key is (n, d). The values of p, q, and phi
should also be kept secret. n is known as the modulus. e is known as the public exponent or encryption exponent. d is known as the secret exponent or decryption exponent.
EncryptionSender A does the following::
Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m [see note 4]. Computes the ciphertext c = m^e mod n. Sends the ciphertext c B.
12
DecryptionRecipient B does the following::
Uses his private key (n, d) compute m = c^d mod n. Extracts the plaintext from the integer representative m.
Digital signingSender A does the following::
Creates a message digest of the information be sent. Represents this digest as an integer m between 0 and n:1. [See note 5]. Uses her private key (n, d) compute the signature s = m^d mod n. Sends this signature s the recipient, B.
Signature verificationRecipient B does the following::
Uses sender A's public key (n, e) compute integer v = s^e mod n. Extracts the message digest from this integer.
ELLIPTIC CURVE
(1) What is an elliptic curve?
Well for a start, it is not the same as an ellipse! But be more positive: from school mathematics, you probably know the equation for a circle centred on the (a,b) of radius r, which is (x:a)^2 + (y:b)^2 = r^2, where x, y, a, b and r are real numbers. An elliptic curve is also defined by an equation, but it has the slightly more complicated form:
y^2 [ + x·y ] = x^3 + a·x^2 + b
(2) What is a field?
The familiar examples of fields are real numbers, complex numbers, rational numbers (fractions) and integers modulo a prime number. The latter is an example of a "finite field". The requirements of a field are normal addition and multiplication, plus the existence of both additive and multiplicative inverses (except that 0 doesn't have a multiplicative inverse). put it another way, a field has addition, subtraction, multiplication and division : and these operations always produce a result that is in the field, with the exception of division by zero, which is undefined.It turns out that this construction works for other "reduction rules" involving higher powers of i.This construction works for all p and m, as long as p is prime; in fact every finite field can be constructed in this way; moreover two finite fields with the same number of elements are always isomorphic : that is there is a 1:1 map between them which preserves the addition and multiplication rules.
(3) How are elliptic curves used?
The crucial property of an elliptic curve is that we can define a rule for "adding" two points which are on the curve, obtain a 3rd point which is also on the curve. This addition rule
13
satisfies the normal properties of addition. In math jargon, the points and the addition law form a finite Abelian group.The equations for the addition rule are given in (7) and (8).For addition be well defined for any two points, we need include an extra 'zero' point O, which does not satisfy the elliptic curve equation. This 'zero' point is taken be a fully paid up point of the curve. The order of the curve is the number of distinct points on the curve, including the zero point.Having defined addition of two points, we can also define multiplication k*P where k is a positive integer and P is a point as the sum of k copies of P.
Thus 2*P = P+P3*P = P+P+Petc.This is analagous how we define "powers" in normal arithmetic, wherex^2 = x.xx^3 = x.x.xetc.
(4) WHAT IS A HASH FUNCTION?
A hash function H is a transformation that takes a variable:size input m and returns a fixed:size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in crypgraphy the hash functions are usually chosen have some additional properties.
The basic requirements for a crypgraphic hash function are:
1. the input can be of any length, 2. the output has a fixed length, 3. H(x) is relatively easy compute for any given x , 4. H(x) is one:way, 5. H(x) is collision:free.
A hash function H is said be one:way if it is hard invert, where "hard invert" means that given a hash value h, it is computationally infeasible find some input x such that H(x) = h.
If, given a message x, it is computationally infeasible find a message y not equal x such that H(x) = H(y) then H is said be a weakly collision:free hash function.
A strongly collision:free hash function H is one for which it is computationally infeasible find any two messages x and y such that H(x) = H(y).
UNIT 3
14
DIGITAL SIGNATURE ALGORITHM
DIFINITION A digital signature (not be confused with a digital certificate) is an electronic signature that can be used authenticate the identity of the sender of a message or the signer of a document, and possibly ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time:stamped. The ability ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
HOW IT WORKSAssume you were going send the draft of a contract your lawyer in another way. You want give your lawyer the assurance that it was unchanged from what you sentand that it is really from you.
You copy:and:paste the contract (it's a short one!) in an e:mail note. Using special software, you obtain a message hash (mathematical summary)
of the contract. You then use a private key that you have previously obtained from a
public:private key authority encrypt the hash. The encrypted hash becomes your digital signature of the message. (Note
that it will be different each time you send a message.)
AUTHENTICATION PROCOLS
Various authentication protocols are listed and described below.
CHAP : Challenge Handshake Authentication Protocol is a three way handshake protocol which is considered more secure than PAP. Authentication Protocol.
EAP : Extensible Authentication Protocol is used between a dial:in client and server determine what authentication protocol will be used.
PAP : Password Authentication Protocol is a two way handshake protocol designed for use with PPP. Authentication Protocol Password Authentication Protocol is a plain text password used on older SLIP systems. It is not secure.
SPAP : Shiva PAP. Only NT RAS server supports this for clients dialing in. DES : Data Encryption Standard for older clients and servers. RADIUS : Remote Authentication Dial:In User Service used authenticate
users dialing in remotely servers in a organization's network.
SNA NETWORKING PROCOLS
System Network Architecture (SNA) by IBM is a suite of protocols mainly used with IBM mainframe and AS/400 computers.
(1) APPC : Advanced Peer::Peer Communications provides peer peer services at the transport and session layer. Part of the System Network Architecture (SNA) suite of protocols.
15
(2) APPN : Advanced Peer::Peer Networking supports the computer connections at the network and transport layers. Part of the System Network Architecture (SNA) suite of protocols.
ENCRYPTION PROCOLS
Various encryption protocols are listed and described below.
CIPE : Cryp IP Encapsulation. An encryption protocol. SSL : Secure sockets layer. An encryption protocol.
UNIT 4
IP SECURITYIn 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the Internet Architecture" (RFC 1636). The report stated the general consensus that the Internet needs more and better security, and it identified key areas for security mechanisms. Among these were the need secure the network infrastructure from unauthorized monitoring and
16
control of network traffic and the need secure end:user::end:user traffic using authentication and encryption mechanisms.
BENEFITS OF IPSEC
The benefits of IPSec include:
When IPSec is implemented in a firewall or router, it provides strong security that can be applied all traffic crossing the perimeter. Traffic within a company or workgroup does not incur the overhead of security:related processing.
IPSec is below the transport layer (TCP, UDP), so is transparent applications. There is no need change software on a user or server system when IPSec is implemented in the firewall or router. Even if IPSec is implemented in end systems, upper layer software, including applications, is not affected.
Authentication Header
The authentication header provides support for data integrity and authentication of IP packets. The data integrity feature ensures that undetected modification the content of a packet in transit is not possible. The authentication feature enables an end system or network device authenticate the user or application and filter traffic accordingly; it also prevents the address spoofing attacks observed in day's Internet. The AH also guards against the replay attack described later.
17
Authentication is based on the use of a Message Authentication Code (MAC); hence the two parties must share a secret key. The authentication header consists of the following fields (Figure 2):
Next Header (8 bits): This field identifies the type of header immediately following this header.
Payload Length (8 bits): This field gives the length of the authentication header in 32:bit words, minus 2. For example, the default length of the authentication data field is 96 bits, or three 32:bit words. With a three:word fixed header, there are a tal of six words in the header, and the Payload Length field has a value of 4.
Reserved (16 bits): This field is reserved for future use.
WEB SECURITY
The Security Landscape Continues Evolve
The use of the web launch attacks, and the variety of methods used launch attacks has increased in recent years. The number of malicious websites and the amount of malicious code being released with criminal intent (crimeware) has continued rise. The phishing landscape has also changed considerably, with significant differences in types of targets and attacks. Browser and operating system exploits are being used more frequently, including zero:day exploits used for spyware, crimeware, phishing, and key logger installations.
New Threats Demand New Technologies
Perimeter defenses, like firewalls, are designed prevent web security threats from outside, but perimeter defenses can be bypassed. Endpoint defenses, like antivirus software on the deskp, are designed prevent threats from the inside, but antivirus software can only protect against threats when the threat is already known. Clearly, organizations need a more comprehensive, defense:in:depth solution.
18
ensure the needed protection, organizations need incorporate content:level protection in their overall security strategies. A critical component of any defense:in:depth strategy, Web sense provides an additional layer of protection against web security and endpoint security threats.
UNIT 5
INTRUDERS, VIRUSES AND WORMS
19
INTRODUCTION :
A program or piece of code that is loaded on your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.WORMS
A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
When used in all capital letters, WORM is an acronym for write once, read many, an optical disk technology that allows you write data on a disk just once. After that, the data is permanent and can be read any number of times.
FIREWALLS
Firewalls create a secure barrier (in theory) between your internal network and the outside world. Common in large corporate environments for years, the growth of broadband internet access has expanded the need for firewalls on any network with a full time internet connection. But not all firewalls are created equal, and even a great firewall is only as good as it's configuration. In fact, they're not really walls, but doors that allow trusted traffic flow in and out of your network. Unfortunately, firewalls can give network administrars a false sense of security resulting in weak security policies and unsecured servers. Never assume a firewall is completely secure, perform regular audits, and never let up on the security on the other side of the wall.
TRUSTED SYSTEM
In the security engineering subspecialty of computer science, a trusted system is a system that is relied upon a specified extent enforce a specified security policy. As such, a trusted system is one which failure may break a specified security policy.
The highest levels of assurance were guaranteed by significant system engineering directed ward minimization of the size of the trusted computing base, or TCB, defined as that combination of hardware, software, and firmware that is responsible for enforcing the system's security policy.'Trust is that which is essential a communication channel but cannot be transferred from a source a destination using that channe
(iv) RGPV Exam Paper
CS/IT-7201
20
B. E. (Seventh Semester) examination, June,2009
(Common for CS & IT Engg.)
NETWORK SECURITY
Time : Three Hours
Maximum Marks : 100
Minimum Pass Marks ; 35
Note: Attempt any one question from each unit, all question carry equal marks.
Unit-I
1. (a) Describe conventional encryption model. What are the requirements for secure use of conventional encryption ? (b) Give an overview of simplified DES.
OR2. (a) What is Stenography ? What are various drawbacks and advantage of Stenography. (b) What is triple DES ? How we can differentiate two key and three key triple DES ?
Unit-II
3. (a) What are the principles of the public key cryptosystems ? Differentiate conventional encryption and public key encryption. (b) What do you mean by RSA algorithms ? In the public key system using RSA, you intercept the ciphertext C = 11 sent to a user whose public key is e = 7, h = 37. What is the plaintext M ?
OR4.(a) What do you mean by birthday attack ? (b) Explain Diffe-Hellman key exchange, if Alice has chosen a common pair h= 13, y=7 shared with his friend Bob having sincere random nos.x =3 and y = 9 respectively for Alice and Bob but unfortunately woman-in-middle-attack is there by mona having x =8, y = 6. Then calculate secret shared key and also verify the attack.
Unit- III
5.(a) What do you mean by Kerberos ? Compare it with digital signature. (b) What do you understand by strength of ND5 ? Compare MD4 and MD5.
OR
1. (a) Why are massage authentication codes derived from a cryptographic hash function being preferred over authentication code derived from symmetric cipher ?
21
(b) What do you understand by security of HMAC ?
Unit-IV
2. (a) What do you mean by IP security ?
(b) What is Honey-pot ? Explain Secure Electronic Transaction (SET).
OR
3. (a) Differentiate Kerberos version 4 and 5.
(b) Compare the types of security threats faced in using the web.
Unit-V
4. (a) Explain any four among below :(i) E-mail viruses(ii) Trojan horses(iii) Zombie(iv) Logic bomb(v) Trap doors(vi) Morris worm
(b)what do you mean by Firewall Design principles ? Also explain its characteristics.
OR
10. (a) What are the weaknesses of a packet filtering router ? What do you mean by application
(b) What do you mean by multilevel security ?Also explain trusted systems.
(v) Model Test Paper
22
CS:7201NETWORK SECURITY
Time : Three Hours
Maximum Marks : 100Minimum Pass Marks : 35
Note: Attempt any five questions. All questions carry equal marks.
Que : 1 (a) Define conventional Encryption Model with Example.a. Define types and different sources of network threats.
Que 2 (a) Explain RSA algorithm.with example.1. Define principal elements of public key crypsystem. What are the roles of the public
key and private key.
Que 3 (a) Write the conventional Encryption Algorithm.(b) Define symmetric key encryption with example.
Que 4 (a) What is an Elliptic curve.? How are elliptic curve used.?(b) What is hash function.? Write the basic requirements for a crypgraphic hash
function.?
Que 5. (a) What are the block cipher modes of operation. Explain each function of block chipper model.
(b) Define term Digital Signature. How it works.
Que 6 (a) Explain Encryption Protocol, SNA network protocol. (b) Define term IP security, Write the benefits of IP security.
Que 7 (a) What is firewall. Give design principles for a firewall. (b) Define trusted System in detail.
Que 8 Write short notes on any Four of the following : i) Authentication procedureii) Intruders iii)IDEA iv) Steganographyv) MDSvi) Brute:force attack
23
Related Documents
