(2½ hours) Total Marks: 75

Transcription

1 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together. (4) Numbers to the right indicate marks. (5) Draw neat labeled diagrams wherever necessary. (6) Use of Non-programmable calculators is allowed. 1. Attempt any two of the following: 10 a. Describe the various security services. b. What are poly-alphabetic ciphers? Explaining one technique with suitable example c. What is cryptanalysis? Explain different cryptanalysis attacks d. What is DDOS attack? What are the ways in which DDOS attack can be classified? 2. Attempt any two of the following: 10 a. Explain the working of AES round in detail. b. Explain the encryption operation used inrc5 algorithm c. Explain the working of IDEA algorithm d. Write a note on Blowfish. 3. Attempt any two of the following: 10 a. What is message digest? Explain. b. Explain the working of the SHA algorithm c. What is digital signature? Explain the different categories of verification. d. Explain the Elgamal cryptosystems. 4. Attempt any two of the following: 10 a. Explain the Diffie Hellman s Key agreement algorithm and its vulnerability b. What is Key pre-distribution? Explain c. Write a note on station-to-station protocol. d. What is KDC? Explain its different implementations and significance. 5. Attempt any two of the following: 10 a. What are firewalls? What are its characteristics and limitations b. Write a note on IPSec Architecture c. What is SSL Record protocol? Explain its operations d. Explain the Handshake protocol action 6. Attempt any two of the following: 10 a. Explain the password based authentication system. What are the problems associated with passwords? b. Write a note on Kerberos c. Explain Biometric authentication technique. d. What is certificate based authentication and explain its working. 7. Attempt any three of the following: 15 a. What are the different goals of security? Explain the different attacks these security goals are vulnerable to b. Explain the working of DES function in details c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption d. Explain the concept of Digital Certificate and how it is created? e. What are the approaches used to detect intrusion? Give a brief description of each f. Write a note on Authentication token.

2 Solution Set 1 Attempt any two of the following: 10 a. Describe the various security services. Authentication - assurance that communicating entity is the one claimed have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality - protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability - resource accessible/usable 1 marks for any five services explanation b What are poly-alphabetic ciphers? Explaining one technique with suitable example A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. (1marks) The Vigenère cipher is probably the best-known example of apolyalphabetic cipher, though it is a simplified special case. (2 marks) One example for the same (2 marks) c. What is cryptanalysis? Explain different cryptanalysis attacks Cryptanalysi is the art or process of deciphering coded messages without being told the key. It is the technique of decoding message from a non-readable format back to a readable format without knowing how they were initially converted from readable format to a non-readable format. (2 marks) Ciphertext only, known plaintext, chosen plaintext and chosen ciphertext attack explanation along with diagrams (3marks) d What is DDOS attack? What are the ways in which DDOS attack can be classified? DDoS stands for Distributed Denial of Service. A DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. (2 marks) Diagram (1marks) Classification: SYN flood, DCN flood, UDP Flood etc (any one) (2marks) 2 Attempt any two of the following: 10 a. Explain the working of AES round in detail. Advance Encryption Standard has key size and the plain text block size decide how many rounds need to be excecuted. Min of rounds is 10 when key size is 128 bits and Max of rounds is 14 when the key size is 256 bits (1 marks) For each round the following is done (2 marks) i. Apply s box to each plain text bytes ii. Rotate row k of the plain text block (state) by k bytes iii. Perform a mix column operations iv. XOR the state with the key block Neat diagram expected for the above explanation of each step b Explain the encryption operation used inrc5 algorithm Explanation of the following diagram (4 marks) Diagram (1 marks)

3 c. Explain the working of IDEA algorithm The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit key. Rounds of IDEA (2 marks) Subkey generation of IDEA (2 marks) Output transformation (1 marks) d Write a note on Blowfish. Objectives of blowfish: fast, compact, simple and secure (1 marks) Operation: subkey generation and data encryption (2 marks) Diagrams : (2 marks)

4 3 Attempt any two of the following: 10 a. What is message digest? Explain. A message digest is a finger print or the summary of a message. A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. (1 marks) Idea of message digest (1 marks) Requirements of a message digest (2 marks) i. Given a message, it should be very easy to find its corresponding message digest ii. Given a message digest, it should be very difficult to find the original message for which the digest was created iii. Given any two messages, if we calculate their message digests, the two message digests must be different b Explain the working of the SHA algorithm Secure has algorithm works with any input message that is less than 2 64 bits in length. The output of SHA is a message digest which is 160 bits in length. (1 marks) Working:. (2 marks) Padding Append Length Divide the input into 512-bit block Initialize chaining variables Process block: Page 178 c. What is digital signature? Explain the different categories of verification It is a digital code (generated and authenticated by public key encryption) which is attached to an

5 electronically transmitted document to verify its contents and the sender's identity. (1 marks) Diagrams and explanation (4 marks) d Explain the Elgamal cryptosystems. ElGamal Key generation (2 marks) ElGamal Key encryption (1½ marks) ElGamal Key decryption (1½ marks) 4 Attempt any two of the following: 10 a. Explain the Diffie Hellman s Key agreement algorithm and its vulnerability Introduction and description of the algorithm (2 marks)

6 Explanation of man-in-middle attack(2 marks) b What is Key pre-distribution? Explain Key pre-distribution is the method of distribution of keys onto nodes before deployment (1 mark) Distribution can be done using KDC, Kerberos etc overall idea of the sheme (4 marks) c. Write a note on station-to-station protocol. The Station-to-Station (STS) protocol is a three-pass variation of the basic Diffie-Hellman protocol. It enables you to establish a shared secret key between two nodes with mutual entity authentication. Nodes are authenticated using digital signatures that sign and verify messages. When you use the STS protocol, you are responsible for generating and managing authentication and signature public keys and exchanging these keys with your trading partners. (1 marks) Explanation with diagram (4 marks)

7 d What is KDC? Explain its different implementations and significance. Key Distribution Center is the central authority dealing with keys for individual computers in a network. It is similar to authentication servers and Ticket Granting server in Kerberos. A typical operation with a KDC involves a request from a user to use some service. The KDC will use cryptographic techniques to authenticate requesting users as themselves. It will also check whether an individual user has the right to access the service requested. If the authenticated user meets all prescribed conditions, the KDC can issue a ticket permitting access. (3 marks) Implementation : Flat and Hierarchal (2 marks) 5 Attempt any two of the following: 10 a. What are firewalls? What are its characteristics and limitations A firewall acts like a guard, which can guard a corporate network by standing between the network and the outside world. A firewall is a network security system designed to prevent unauthorized access to a private network from any other network. It works closely with a router program to determine if a packet should be forwarded to its destination. It also provides a proxy service that makes network requests on behalf of the users on a network.

8 The characteristics of a good firewall can be described as follows: (1) All traffic from inside to outside, and vice versa must pass through the firewall. To achieve this, all the access to the local network must first be physically blocked, and access only via the firewall should be permitted. (2) Only the traffic authorized as per the local security policy should be allowed to pass through. (3) The firewall itself must be strong enough, so as to render attacks on it useless. The main limitations of a firewall can be listed as follows: (1) Insider s intrusion (2) Direct Internet traffic (3) Virus attacks (4) It needs specialized skills to configure, and many attacks occur because of badly configured policies on a firewall. b Write a note on IPSec Architecture Explanation on each above stated protocol (2½ marks) c. What is SSL Record protocol? Explain its operations The SSL Record Protocol provides two services for SSL connections: Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC). Figure indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment. Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level users.

9 d Explain the Handshake protocol action SSL Handshake protocol allows following between client and Server. The handshake is done before any data is transmitted (1 marks) 1. to authenticate each other 2. to negotiate encryption and MAC algorithms 3. to create cryptographic keys to be used 4. to establish a session and then a connection There are four phases in SSL handshake protocol. Following series of messages are used in these 4 phases. Phase-1: Establish Security Capabilities Phase-2: Server Authentication and Key Exchange Phase-3: Client Authentication and Key Exchange Phase-4: Finish Each phase explanation (1 marks) 6 Attempt any two of the following: 10 a. Explain the password based authentication system. What are the problems associated with passwords? Any two explained in detail (4 marks) i. Clear text password ii. Something derived from password iii. Adding randomness in password iv. Password encryption Problems: maintenance, password policies etc (1 marks) b Write a note on Kerberos Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. (1 marks) Kerberos acts as a third party authenticator (1 marks) - Helps the user to prove its identity to the various services and vice versa -Uses symmetrical cryptographic algorithms (private key cryptosystems) Same key is used for encryption as well as decryption Uses DES (Data Encryption Standard) Explanation of working (AS and TGS)along with diagram (3 marks)

10 c. Explain Biometric authentication technique. Introduction (1 marks) Working (1 marks) Techniques (3 marks) Physiological (face, voice fingerprint) Behavioral (keystroke, signature) d What is certificate based authentication and explain its working Introduction (1 marks) Working (4 marks) i. Creation, storage and distribution of digital certificates ii. Login request iii. Server creates a random challenge iv. User signs using random challenge v. Server returns an appropriate message back to the user 7 Attempt any three of the following: 15 a. What are the different goals of security? Explain the different attacks these security goals are vulnerable to. Security Goals: Confidentiality, integrity and availability (2 marks) Attacks on Confidentiality: interception, modification etc Integrity: Masquerade, alterations and replay Availability: DOS and DDOS (3 marks) b Explain the working of DES function in details Diagram (1 mark) Expansion permutation, XOR with key, S-box substitution and P-box permutation (4 marks)

11 c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption Public key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. (1 mark) RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. d Explain the concept of Digital Certificate and how it is created? Digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for adigital certificate from a Certificate Authority (CA). (1 mark) Digital Certificate contents (2 marks) Certificate creation steps (2 marks) Key generation Registration verification Certificate creation e. What are the approaches used to detect intrusion? Give a brief description of each The following approaches to intrusion detection: 1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users

12 over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. Threshold detection: This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events. Profile based: A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts. 2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder. Anomaly detection: Rules are developed to detect deviation from previous usage patterns. Penetration identification: An expert system approach that searches for suspicious behavior. f. Write a note on Authentication token. Authentication token is an extremely useful alternative to password. Authentication token is a small device that generates a new random value every time it is used. This random value becomes the basis for authentication. (1 mark) Creation of token, Use of token, Token types (4 marks)