10EC832: NETWORK SECURITY

Transcription

1 10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to electronic fraud? What are some of the safe computing/internet practices that we can follow to avoid attacks by hackers? How do we share private data over a public channel and be immune to eavesdropping or interceptions? How do we ensure information is sent to an authentic source and guard against repudiation? These are some of the many questions that a computer or information scientist and engineer ought to be aware of. From times immemorial, cryptography has captured the imagination of people. Though the discussions are largely qualitative and not mathematically involved, the course provides a broad overview of the challenges that face electronic storage and communication. Recognizing that it is as important in knowing what has been done to fortify against possible attacks over time, in the words of Dr. Bill Stallings (the author of the prescribed text), the course provides a survey of both the principles and practices of cryptography and network security.

2 06EC832: NETWORK SECURITY Faculty :Shivaraj Karki No # Of Hours: 52 Class# Chapter Title/ Reference Literature OVERVIEW Topics to be covered %of Portion Covered Reference Chapter Cumulative 1 UNIT-1 Services, Mechanisms and Attacks 2 The OSI Security architecture 3 A model for network security SYMMETRIC CIPHERS UNIT-2 4 Symmetric Cipher Model,Substitution Techniques 5 Transposition Techniques 6 Simplified DES 7 Data encryption standard (DES), The strength of DES UNIT-2 8 The strength of DES 9 Differential and Linear Cryptanalysis 10 Block Cipher Design Principles and Modes of Operation 11 Evaluation Criteria for Advanced Encryption Standard 12 The AES Cipher UNIT-3 PUBLIC KEY ENCRYPTION AND HASH FUNCTIONS 5.76% 5.76% 17.30% 17.30% 23.06% 15.38% 38.44% 13 Principles of Public-Key Cryptosystems 14 The RSA algorithm UNIT-3 15 Key Management 16 Diffie - Hellman Key Exchange 17 Elliptic Curve Arithmetic 18 Authentication functions 19 Authentication functions 20 Hash Functions WEB SECURITY 11.54% 50% UNIT-5 21 Web Security Consideration 22 UNIT-5 Web Security Consideration 23 Security socket layer (SSL) 24 Transport layer security 25 Secure Electronic Transaction 26 Secure Electronic Transaction INTRUDERS 11.54% 61.54% 27 Intruders 28 UNIT-6 Intruders 29 Intrusion Detection 30 Intrusion Detection 31 Password Management 32 Password Management MALICIOUS SOFTWARE 11.54% 73.08% UNIT-7 33 Viruses and Related Threats

3 34 Viruses and Related Threats 35 Viruses and Related Threats 36 Virus Countermeasures 37 Virus Countermeasures 38 Virus Countermeasures DIGITAL SIGNATURES AND AUTHENTICATION 13.46% 86.54% UNIT-4 PROTOCOLS 39 Digital signatures UNIT-4 40 Digital signatures 41 Authentication Protocols 42 Authentication Protocols 43 Authentication Protocols 44 Digital Signature Standard 45 Digital Signature Standard FIREWALLS 13.46% 100% UNIT-8 46 Firewalls Design Principles 47 Firewalls Design Principles 48 UNIT-8 Firewalls Design Principles 49 Trusted Systems 50 Trusted Systems 51 REVIEW-QUESTION PAPERS 52 REVIEW-QUESTION PAPERS LITERATURE: Book Type Code Title & Author Publication Info Edition Publisher Year Text Book T Cryptography and Network Security: Principles and Practices, William Stallings Third Edition Pearson Education 2003 Reference Book Reference Book R1 R2 SYLLABUS FOR INTERNALS Test # Syllabus T1 UNIT # 1,2,3 T2 UNIT # 5,6,7 T3 UNIT # 4,8 Cryptography and Network Security: Behrouz A Forouzon Atul Kahate, Cryptography and Network Security Second Edition First Edition Tata McGraw Hill Tata McGraw Hill

4 QUESTION BANK CRYPTOGRAPHY-I Content Conventional Encryption: A detailed examination of conventional encryption algorithms and design principles, including a discussion of the use of conventional encryption for confidentiality. Chapter 1: Serves as an introduction to the rest of the chapters. Chapter 2: It provides a gentle and interesting introduction to cryptography and cryptanalysis and highlights important concepts. Chapter 3: Introduces the principles of modern symmetric cryptography, with an emphasis on the most widely used encryption technique, the Data Encryption Standard (DES). Chapter 6: Extends the discussion to include some of the most important contemporary block cipher algorithms such as triple DES and Blowfish. Chapter 7: Discusses the end-to-end versus link encryption, techniques for achieving traffic confidentiality and key distribution techniques. Random number generation is also discussed. Sl No Questions Marks 1. Explain the classification of Security Services Define the term information security. With examples discuss about various security violations during transmission of information 3. Describe the different Security attacks with figure 6 4. Explain briefly the four types of security attacks that are normally encountered. Also distinguish between active and passive attacks 5. Explain the model for network Security 6 6. With a neat diagram explain each component of Model of Conventional 6 Crypto System. 7. Explain briefly the four types of security attacks that are normally 10 encountered. Also distinguish between active and passive attacks 8. Discuss Briefly about cryptanalysis 5 9. Explain Caesar cipher & mono alphabetic ciphers method of encryption Explain simplified DES method of encryption 11. Explain what is meant by diffusion & confusion Explain the classical Feistel cipher structure Explain the differential Cryptanalysis mechanism 6*

5 14. Bring out the difference between the following pairs of terms: i) Diffusion and confusion ii) Steganography and Cryptography iii) Known and chosen plaintext Cryptanalysis 15. Write a brief note on Steganography What is the need for public key cryptography? Explain its principle and how it can be adopted for 1) encryption and 2) authentication 17. Explain in brief the schemes public key authority and public key certificates proposed for the distribution of public keys 18. With suitable diagrams show how public key encryption can be used in confidentiality, authentication and both 19. With schematic diagrams explain the single round of DES encryption algorithm 20. Explain the principle of Diffie- Hellman key exchange with a suitable example 21. Briefly explain the classical encryption techniques Briefly describe the two basic building blocks of all encryption techniques Briefly explain the Simplified DES scheme Describe stream ciphers and block ciphers Explain the motivation for Feistel cipher structure Explain Feistel Decryption algorithm Describe briefly the DES encryption Describe briefly the DES decryption Explain Single Round DES algorithm Write a short note on Strength of DES Write a short note on Differential and linear cryptanalysis What is meant by triple DES How does it over come the problem encountered in Double DES 33. How does triple DES differ from double DES? Discuss about the known plain text attack on triple DES 34. Explain the design principles of IDEA. 35. With the structure of IDEA explain the algorithm of IDEA 6* 36. With a detailed diagram explain the method of encryption and decryption 10 using Blowfish Algorithm 37. Define what is link and End-to-End encryption with advantages and 6* disadvantages of each. 38. State the steps followed in Key Distribution Scenario. With Diagram 6* 39. Explain Blum Blum Shub generator Explain a typical key distribution scenario. What are the tradeoffs involved 14* in determining the life of a particular session key. 41. Write a short note on Potential Locations for confidentiality Attacks Briefly explain Traffic Confidentiality Describe the different sources of Random numbers 15

6 Cryptography II Content Public Key Encryption and Hash Functions: A detailed examination of public key encryption algorithms and design principles. This part also examines the use of message authentication codes as well as digital signatures and public-key certificates. Chapter 8: This chapter gives an introduction to number theory and discusses Fermat s and Euler s theorems as well as testing for primality. Chapter 9: This chapter introduces public-key encryption and how it can be used to provide confidentiality. The RSA algorithm is discussed in detail. Chapter 10: We study the public-key schemes that are based on number theory. Chapter 11: This chapter analyzes the requirements of authentication and provides a systematic presentation of approaches to authentication. Chapter 12: Extends the discussion through the message digest algorithm Chapter 13: Digital signature is an important type of authentication. Various authentication techniques based on digital signatures are building blocks in putting together authentication algorithms. SlNo. Questions Marks 1. What are the important characteristics of that public key Cryptosystems 10 follow. Explain the public key encryption process 2. Differentiate between public key and conventional encryption 6* techniques. 3. State the requirements of public key cryptography Describe the different applications for Public-Key Cryptosystems Write a short note on Public-Key Cryptanalysis Describe RSA algorithm. 7. Explain the Security of RSA Explain the different methods of Distribution of Public Keys. 9. Briefly explain the Public-Key Distribution of Secret Keys Explain DIFFIE-HELLMAN key exchange method. 11. Why is gcd(n,n+1)=1 for two consecutive integers n and n+1? Using Ferments theorem find mod X=2(mod3); x=3(mod5); x=2(mod7); solve for x Explain the two theorems that play important roles in public-key 10 cryptography. 15. Explain Euclid s Algorithm Explain Chinese remainder theorem and Discrete Logarithms State and explain the requirements of message Authentication 10

7 18. Explain the Authentication Functions Explain the message authentication codes Explain MD5 message digest Algorithm. 21. What are the differences between MD5 and MD4 5* 22. Explain Digital Signature Algorithm. 5* 23. Explain the different requirements of digital signature Briefly describe the two approaches for the digital signature function Explain in detail the Mutual Authentication and One-Way authentication Explain the basic uses of Message Encryption With Example State the requirements of Hash Functions What is the need for public key cryptography? Explain it s principle and how it can be adopted for i) Encryption and ii) Authentication. 29. Enunciate and explain the digital signature algorithm Network Security Content: Network Security Practice: Covers important network security tools and applications including Kerberos, X.509v3 certificates, PGP, S/MIME, IP Security, SSL/TLS and SET. Chapter 14: We study the two most important authentication specifications in current use: Kerberos and X.509. Chapter 15: Different provisions of authentication and confidentiality services as part of electronic mail facility. Chapter 16: We look at IP security scheme that has been developed to operate with the current IP and the emerging next generation IP, known as IPv6. Chapter 17: The need for web-based security is discussed. Sl No Questions Marks 1. Explain Kerberos 4? 8* 2. Explain kerberos 5? 8* 3. State and explain the differences between Keberos 4 and Keberos Explain at least 7 elements of X.509 public key certificate. 5. Explain the different methods of X.509 strong Authentication Procedures What does the key and policy information(of X.509 version 3) area include State the different features of PGP which has made it very popular. 8* 8. Explain the four types of keys which the PGP makes use of What is meant by PGP? why ois it widely used? Expalin the general format of PGP

8 message. 10. Explain the method revoking public keys in PGP List out the limitations of SMTP/ What is the importance of IP security? Discuss about the applications and the benefits of IP security. 13. What is a security association? With neat diagrams discuss about basic combinations of security associations 14. Explain the different MIME content Types. 15. State and describe the functions of S/MIME Give the summary of web security threats, consequences and counter measures 17. What is meant by a fire wall? Discuss about various types of fire wall configuration 18. Explain the role of User Agent in S/MIME Certificate processing Briefly explain the arbitrated digital signature schemes using conventional and public key encryptions 20. Describe the IP security Architecture What are the different applications of IPSec? 5* 22. Explain Transport and Tunnel modes of AH and ESP Show the format of IPSec Authentication Header What are the needs of padding field in a ESP packet Describe the IPSec ESP format with help of a neat diagram Explain Oakley key determination protocol and state its features. 27. What is Kerboras? Discuss the motivation and requirements of Kerberos approach. 28. What are the key features of a X.509 certificate? How are they issued and revoked by the certificate authority? 29. What are the five basic services available for the users of Pretty Good 20* Privacy (PGP)? How are they provided? 30. What is ISAKMP? Briefly explain the ISAKMP header format Write short note on Ipv4 and Ipv State some of the web security considerations With a neat diagram explain SSL Protocol Stack Explain SSL Handshake Protocol and SSL record protocol. 35. State the requirements of SET With the help of an example explain the steps in a Transaction using SET. 37. Explain the key features of SET Explain the steps in Payment Processing using SET What is the need for dual signatures in SET? How are they constructed? 40. Explain the secure socket layer (SSL-V3) architecture, indicating how the session state and connection state are defined

9 System Security Content System Security: Looks at system level security issues, including threat of and countermeasures for intruders, viruses and the use of firewalls and trusted systems. Chapter 18, 19: Examines variety of information access and service threats presented by hackers and programs that exploit vulnerabilities in network based computing systems. Chapter 20: We discuss some of the principles of firewall design. Sl.No. Questions Marks 1. What are the different classes of Intruders? Explain each of them State the different methods of learning passwords Explain the different Password selection strategies Explain the Vulnerability of password system used in Unix 6* 5. Explain the techniques that can be used to eliminate guessable passwords. 6. Explain the different methods of Intrusion Detection State and explain the different methods of checking activities are genuine 5 or not. 8. Explain with suitable example, how to overload extraction and insertion 5 operator 9. Explain Distributed Intrusion detection. 10. Explain trap Doors and Trojan Horses Explain the Nature Of Viruses How does a virus work and propagate 6* 13. Explain the different types of Viruses What is Macro viruses and why are they Threatening? 6* 15. Explain the Digital Immune System. 16. Explain the Antivirus Approaches Write a short note on Macro viruses What are the four basic techniques of choosing passwords? Compare their relative merits. 19. What is a Virus? What are the typical stages it passes through in its lifetime? Suggest a suitable virus structure. 20. Explain the design principles of Firewall Describe the firewall characteristics Explain the different types of firewalls Explain the different Firewall configurations Explain the concept of Trusted systems Write a short note on trusted systems 8