(2½ hours) Total Marks: 75

Similar documents
Cryptography and Network Security

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Cryptography MIS

Cryptographic Concepts

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

CSC 774 Network Security

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Overview. SSL Cryptography Overview CHAPTER 1

14. Internet Security (J. Kurose)

KALASALINGAM UNIVERSITY

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Authentication. Chapter 2

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

CSC/ECE 774 Advanced Network Security

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

APNIC elearning: Cryptography Basics

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Cryptography (Overview)

10EC832: NETWORK SECURITY

Security. Communication security. System Security

Verteilte Systeme (Distributed Systems)

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

UNIT - IV Cryptographic Hash Function 31.1

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Chapter 19 Security. Chapter 19 Security

Transport Level Security

Computer Networks. Wenzhong Li. Nanjing University

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Most Common Security Threats (cont.)

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY 2 Mark Questions & Answers

Sample excerpt. Virtual Private Networks. Contents

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

2.1 Basic Cryptography Concepts

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Authentication CHAPTER 17

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Encryption. INST 346, Section 0201 April 3, 2018

Computers and Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

CS 356 Internet Security Protocols. Fall 2013

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Chapter 15: Security. Operating System Concepts 8 th Edition,

Distributed Systems. Lecture 14: Security. 5 March,

Information Security: Principles and Practice Second Edition. Mark Stamp

Cryptography Introduction

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Network Security and Cryptography. December Sample Exam Marking Scheme

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Internet and Intranet Protocols and Applications

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Classical Cryptography. Thierry Sans

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Cryptography and Network Security

Public-key Cryptography: Theory and Practice

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Security: Focus of Control. Authentication

CSC 8560 Computer Networks: Network Security

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

CRYPTOGRAPHY & DIGITAL SIGNATURE

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Firewalls, Tunnels, and Network Intrusion Detection

Network Security and Cryptography. 2 September Marking Scheme

CSCE 715: Network Systems Security

CS Computer Networks 1: Authentication

David Wetherall, with some slides from Radia Perlman s security lectures.

Syllabus: The syllabus is broadly structured as follows:

Session key establishment protocols

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Security: Focus of Control

CPSC 467b: Cryptography and Computer Security

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Session key establishment protocols

Lecture 1 Applied Cryptography (Part 1)

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Network Security Issues and Cryptography

Technological foundation

Cryptography and Network Security. Sixth Edition by William Stallings

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Radius, LDAP, Radius, Kerberos used in Authenticating Users

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Transport Layer Security

Computer Communication Networks Network Security

Transcription:

(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together. (4) Numbers to the right indicate marks. (5) Draw neat labeled diagrams wherever necessary. (6) Use of Non-programmable calculators is allowed. 1. Attempt any two of the following: 10 a. Describe the various security services. b. What are poly-alphabetic ciphers? Explaining one technique with suitable example c. What is cryptanalysis? Explain different cryptanalysis attacks d. What is DDOS attack? What are the ways in which DDOS attack can be classified? 2. Attempt any two of the following: 10 a. Explain the working of AES round in detail. b. Explain the encryption operation used inrc5 algorithm c. Explain the working of IDEA algorithm d. Write a note on Blowfish. 3. Attempt any two of the following: 10 a. What is message digest? Explain. b. Explain the working of the SHA algorithm c. What is digital signature? Explain the different categories of verification. d. Explain the Elgamal cryptosystems. 4. Attempt any two of the following: 10 a. Explain the Diffie Hellman s Key agreement algorithm and its vulnerability b. What is Key pre-distribution? Explain c. Write a note on station-to-station protocol. d. What is KDC? Explain its different implementations and significance. 5. Attempt any two of the following: 10 a. What are firewalls? What are its characteristics and limitations b. Write a note on IPSec Architecture c. What is SSL Record protocol? Explain its operations d. Explain the Handshake protocol action 6. Attempt any two of the following: 10 a. Explain the password based authentication system. What are the problems associated with passwords? b. Write a note on Kerberos c. Explain Biometric authentication technique. d. What is certificate based authentication and explain its working. 7. Attempt any three of the following: 15 a. What are the different goals of security? Explain the different attacks these security goals are vulnerable to b. Explain the working of DES function in details c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption d. Explain the concept of Digital Certificate and how it is created? e. What are the approaches used to detect intrusion? Give a brief description of each f. Write a note on Authentication token.

Solution Set 1 Attempt any two of the following: 10 a. Describe the various security services. Authentication - assurance that communicating entity is the one claimed have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality - protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability - resource accessible/usable 1 marks for any five services explanation b What are poly-alphabetic ciphers? Explaining one technique with suitable example A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. (1marks) The Vigenère cipher is probably the best-known example of apolyalphabetic cipher, though it is a simplified special case. (2 marks) One example for the same (2 marks) c. What is cryptanalysis? Explain different cryptanalysis attacks Cryptanalysi is the art or process of deciphering coded messages without being told the key. It is the technique of decoding message from a non-readable format back to a readable format without knowing how they were initially converted from readable format to a non-readable format. (2 marks) Ciphertext only, known plaintext, chosen plaintext and chosen ciphertext attack explanation along with diagrams (3marks) d What is DDOS attack? What are the ways in which DDOS attack can be classified? DDoS stands for Distributed Denial of Service. A DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. (2 marks) Diagram (1marks) Classification: SYN flood, DCN flood, UDP Flood etc (any one) (2marks) 2 Attempt any two of the following: 10 a. Explain the working of AES round in detail. Advance Encryption Standard has key size and the plain text block size decide how many rounds need to be excecuted. Min of rounds is 10 when key size is 128 bits and Max of rounds is 14 when the key size is 256 bits (1 marks) For each round the following is done (2 marks) i. Apply s box to each plain text bytes ii. Rotate row k of the plain text block (state) by k bytes iii. Perform a mix column operations iv. XOR the state with the key block Neat diagram expected for the above explanation of each step b Explain the encryption operation used inrc5 algorithm Explanation of the following diagram (4 marks) Diagram (1 marks)

c. Explain the working of IDEA algorithm The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit key. Rounds of IDEA (2 marks) Subkey generation of IDEA (2 marks) Output transformation (1 marks) d Write a note on Blowfish. Objectives of blowfish: fast, compact, simple and secure (1 marks) Operation: subkey generation and data encryption (2 marks) Diagrams : (2 marks)

3 Attempt any two of the following: 10 a. What is message digest? Explain. A message digest is a finger print or the summary of a message. A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. (1 marks) Idea of message digest (1 marks) Requirements of a message digest (2 marks) i. Given a message, it should be very easy to find its corresponding message digest ii. Given a message digest, it should be very difficult to find the original message for which the digest was created iii. Given any two messages, if we calculate their message digests, the two message digests must be different b Explain the working of the SHA algorithm Secure has algorithm works with any input message that is less than 2 64 bits in length. The output of SHA is a message digest which is 160 bits in length. (1 marks) Working:. (2 marks) Padding Append Length Divide the input into 512-bit block Initialize chaining variables Process block: Page 178 c. What is digital signature? Explain the different categories of verification It is a digital code (generated and authenticated by public key encryption) which is attached to an

electronically transmitted document to verify its contents and the sender's identity. (1 marks) Diagrams and explanation (4 marks) d Explain the Elgamal cryptosystems. ElGamal Key generation (2 marks) ElGamal Key encryption (1½ marks) ElGamal Key decryption (1½ marks) 4 Attempt any two of the following: 10 a. Explain the Diffie Hellman s Key agreement algorithm and its vulnerability Introduction and description of the algorithm (2 marks)

Explanation of man-in-middle attack(2 marks) b What is Key pre-distribution? Explain Key pre-distribution is the method of distribution of keys onto nodes before deployment (1 mark) Distribution can be done using KDC, Kerberos etc overall idea of the sheme (4 marks) c. Write a note on station-to-station protocol. The Station-to-Station (STS) protocol is a three-pass variation of the basic Diffie-Hellman protocol. It enables you to establish a shared secret key between two nodes with mutual entity authentication. Nodes are authenticated using digital signatures that sign and verify messages. When you use the STS protocol, you are responsible for generating and managing authentication and signature public keys and exchanging these keys with your trading partners. (1 marks) Explanation with diagram (4 marks)

d What is KDC? Explain its different implementations and significance. Key Distribution Center is the central authority dealing with keys for individual computers in a network. It is similar to authentication servers and Ticket Granting server in Kerberos. A typical operation with a KDC involves a request from a user to use some service. The KDC will use cryptographic techniques to authenticate requesting users as themselves. It will also check whether an individual user has the right to access the service requested. If the authenticated user meets all prescribed conditions, the KDC can issue a ticket permitting access. (3 marks) Implementation : Flat and Hierarchal (2 marks) 5 Attempt any two of the following: 10 a. What are firewalls? What are its characteristics and limitations A firewall acts like a guard, which can guard a corporate network by standing between the network and the outside world. A firewall is a network security system designed to prevent unauthorized access to a private network from any other network. It works closely with a router program to determine if a packet should be forwarded to its destination. It also provides a proxy service that makes network requests on behalf of the users on a network.

The characteristics of a good firewall can be described as follows: (1) All traffic from inside to outside, and vice versa must pass through the firewall. To achieve this, all the access to the local network must first be physically blocked, and access only via the firewall should be permitted. (2) Only the traffic authorized as per the local security policy should be allowed to pass through. (3) The firewall itself must be strong enough, so as to render attacks on it useless. The main limitations of a firewall can be listed as follows: (1) Insider s intrusion (2) Direct Internet traffic (3) Virus attacks (4) It needs specialized skills to configure, and many attacks occur because of badly configured policies on a firewall. b Write a note on IPSec Architecture Explanation on each above stated protocol (2½ marks) c. What is SSL Record protocol? Explain its operations The SSL Record Protocol provides two services for SSL connections: Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC). Figure indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment. Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level users.

d Explain the Handshake protocol action SSL Handshake protocol allows following between client and Server. The handshake is done before any data is transmitted (1 marks) 1. to authenticate each other 2. to negotiate encryption and MAC algorithms 3. to create cryptographic keys to be used 4. to establish a session and then a connection There are four phases in SSL handshake protocol. Following series of messages are used in these 4 phases. Phase-1: Establish Security Capabilities Phase-2: Server Authentication and Key Exchange Phase-3: Client Authentication and Key Exchange Phase-4: Finish Each phase explanation (1 marks) 6 Attempt any two of the following: 10 a. Explain the password based authentication system. What are the problems associated with passwords? Any two explained in detail (4 marks) i. Clear text password ii. Something derived from password iii. Adding randomness in password iv. Password encryption Problems: maintenance, password policies etc (1 marks) b Write a note on Kerberos Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. (1 marks) Kerberos acts as a third party authenticator (1 marks) - Helps the user to prove its identity to the various services and vice versa -Uses symmetrical cryptographic algorithms (private key cryptosystems) Same key is used for encryption as well as decryption Uses DES (Data Encryption Standard) Explanation of working (AS and TGS)along with diagram (3 marks)

c. Explain Biometric authentication technique. Introduction (1 marks) Working (1 marks) Techniques (3 marks) Physiological (face, voice fingerprint) Behavioral (keystroke, signature) d What is certificate based authentication and explain its working Introduction (1 marks) Working (4 marks) i. Creation, storage and distribution of digital certificates ii. Login request iii. Server creates a random challenge iv. User signs using random challenge v. Server returns an appropriate message back to the user 7 Attempt any three of the following: 15 a. What are the different goals of security? Explain the different attacks these security goals are vulnerable to. Security Goals: Confidentiality, integrity and availability (2 marks) Attacks on Confidentiality: interception, modification etc Integrity: Masquerade, alterations and replay Availability: DOS and DDOS (3 marks) b Explain the working of DES function in details Diagram (1 mark) Expansion permutation, XOR with key, S-box substitution and P-box permutation (4 marks)

c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption Public key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. (1 mark) RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. d Explain the concept of Digital Certificate and how it is created? Digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for adigital certificate from a Certificate Authority (CA). (1 mark) Digital Certificate contents (2 marks) Certificate creation steps (2 marks) Key generation Registration verification Certificate creation e. What are the approaches used to detect intrusion? Give a brief description of each The following approaches to intrusion detection: 1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users

over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. Threshold detection: This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events. Profile based: A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts. 2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder. Anomaly detection: Rules are developed to detect deviation from previous usage patterns. Penetration identification: An expert system approach that searches for suspicious behavior. f. Write a note on Authentication token. Authentication token is an extremely useful alternative to password. Authentication token is a small device that generates a new random value every time it is used. This random value becomes the basis for authentication. (1 mark) Creation of token, Use of token, Token types (4 marks)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback