(2½ hours)
Total Marks: 75
N. B.: (1) All questions are compulsory.
(2) Makesuitable assumptions wherever necessary and state the assumptions made.
(3) Answers to the same question must be written together.
(4) Numbers to the right indicate marks.
(5) Draw neat labeled diagrams wherever necessary.
(6) Use of Non-programmable calculators is allowed.
1. Attempt any two of the following: 10
a. Describe the various security services.
b. What are poly-alphabetic ciphers? Explaining one technique with suitable example
c. What is cryptanalysis? Explain different cryptanalysis attacks
d. What is DDOS attack? What are the ways in which DDOS attack can be classified?
2. Attempt any two of the following: 10
a. Explain the working of AES round in detail.
b. Explain the encryption operation used inRC5 algorithm
c. Explain the working of IDEA algorithm
d. Write a note on Blowfish.
3. Attempt any two of the following: 10
a. What is message digest? Explain.
b. Explain the working of the SHA algorithm
c. What is digital signature? Explain the different categories of verification.
d. Explain the Elgamal cryptosystems.
4. Attempt any two of the following: 10
a. Explain the Diffie Hellman’s Key agreement algorithm and its vulnerability
b. What is Key pre-distribution? Explain
c. Write a note on station-to-station protocol.
d. What is KDC? Explain its different implementations and significance.
5. Attempt any two of the following: 10
a. What are firewalls? What are its characteristics and limitations
b. Write a note on IPSec Architecture
c. What is SSL Record protocol? Explain its operations
d. Explain the Handshake protocol action
6. Attempt any two of the following: 10
a. Explain the password based authentication system. What are the problems associated
with passwords?
b. Write a note on Kerberos
c. Explain Biometric authentication technique.
d. What is certificate based authentication and explain its working.
7. Attempt any three of the following: 15
a. What are the different goals of security? Explain the different attacks these security goals are
vulnerable to
b. Explain the working of DES function in details
c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption
d. Explain the concept of Digital Certificate and how it is created?
e. What are the approaches used to detect intrusion? Give a brief description of each
f. Write a note on Authentication token.
Solution Set
1. Attempt any two of the following: 10
a. Describe the various security services.
Authentication - assurance that communicating entity is the one claimed – have both peer-entity & data
origin authentication
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality - protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication
Availability - resource accessible/usable
1 marks for any five services explanation
b. What are poly-alphabetic ciphers? Explaining one technique with suitable example
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets.
(1marks)
The Vigenère cipher is probably the best-known example of apolyalphabetic cipher, though it is a
simplified special case. (2 marks)
One example for the same (2 marks)
c. What is cryptanalysis? Explain different cryptanalysis attacks
Cryptanalysi is the art or process of deciphering coded messages without being told the key. It is
the technique of decoding message from a non-readable format back to a readable format without
knowing how they were initially converted from readable format to a non-readable format. (2
marks)
Ciphertext only, known plaintext , chosen plaintext and chosen ciphertext attack explanation
along with diagrams (3marks)
d. What is DDOS attack? What are the ways in which DDOS attack can be classified?
DDoS stands for “Distributed Denial of Service.” A DDoS attack is a malicious attempt to make
an online service unavailable to users, usually by temporarily interrupting or suspending the
services of its hosting server. (2 marks)
Diagram (1marks)
Classification: SYN flood, DCN flood, UDP Flood etc (any one) (2marks)
2. Attempt any two of the following: 10
a. Explain the working of AES round in detail.
Advance Encryption Standard has key size and the plain text block size decide how many rounds need to
be excecuted. Min of rounds is 10 when key size is 128 bits and Max of rounds is 14 when the key size is
256 bits (1 marks)
For each round the following is done (2 marks)
i. Apply s box to each plain text bytes
ii. Rotate row k of the plain text block (state) by k bytes
iii. Perform a mix column operations
iv. XOR the state with the key block
Neat diagram expected for the above explanation of each step
b. Explain the encryption operation used inRC5 algorithm
Explanation of the following diagram (4 marks)
Diagram (1 marks)
c. Explain the working of IDEA algorithm
The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit
key.
Rounds of IDEA (2 marks)
Subkey generation of IDEA (2 marks)
Output transformation (1 marks)
d. Write a note on Blowfish.
Objectives of blowfish: fast, compact, simple and secure (1 marks)
Operation: subkey generation and data encryption (2 marks)
Diagrams : (2 marks)
3. Attempt any two of the following: 10
a. What is message digest? Explain.
A message digest is a finger print or the summary of a message. A message digest is a cryptographic hash
function containing a string of digits created by a one-way hashing formula. Message digests are designed
to protect the integrity of a piece of data or media to detect changes and alterations to any part of
a message. (1 marks)
Idea of message digest (1 marks)
Requirements of a message digest (2 marks)
i. Given a message , it should be very easy to find its corresponding message digest
ii. Given a message digest, it should be very difficult to find the original message for which the digest
was created
iii. Given any two messages, if we calculate their message digests, the two message digests must be
different
b. Explain the working of the SHA algorithm
Secure has algorithm works with any input message that is less than 264 bits in length. The output of SHA
is a message digest which is 160 bits in length. (1 marks)
Working: . (2 marks)
• Padding
• Append Length
• Divide the input into 512-bit block
• Initialize chaining variables
• Process block: Page 178
c. What is digital signature? Explain the different categories of verification
It is a digital code (generated and authenticated by public key encryption) which is attached to an
electronically transmitted document to verify its contents and the sender's identity. (1 marks)
Diagrams and explanation (4 marks)
d. Explain the Elgamal cryptosystems.
ElGamal Key generation (2 marks)
ElGamal Key encryption (1½ marks)
ElGamal Key decryption (1½ marks)
4. Attempt any two of the following: 10
a. Explain the Diffie Hellman’s Key agreement algorithm and its vulnerability
Introduction and description of the algorithm (2 marks)
Explanation of man-in-middle attack(2 marks)
b. What is Key pre-distribution? Explain Key pre-distribution is the method of distribution of keys onto nodes before deployment (1 mark)
Distribution can be done using KDC, Kerberos etc overall idea of the sheme (4 marks)
c. Write a note on station-to-station protocol.
The Station-to-Station (STS) protocol is a three-pass variation of the basic Diffie-Hellman protocol. It
enables you to establish a shared secret key between two nodes with mutual entity authentication. Nodes
are authenticated using digital signatures that sign and verify messages. When you use the STS protocol,
you are responsible for generating and managing authentication and signature public keys and exchanging
these keys with your trading partners. (1 marks)
Explanation with diagram (4 marks)
d. What is KDC? Explain its different implementations and significance.
Key Distribution Center is the central authority dealing with keys for individual computers in a
network. It is similar to authentication servers and Ticket Granting server in Kerberos. A typical
operation with a KDC involves a request from a user to use some service. The KDC will use
cryptographic techniques to authenticate requesting users as themselves. It will also check
whether an individual user has the right to access the service requested. If the authenticated user
meets all prescribed conditions, the KDC can issue a ticket permitting access. (3 marks)
Implementation : Flat and Hierarchal (2 marks)
5. Attempt any two of the following: 10
a. What are firewalls? What are its characteristics and limitations
A firewall acts like a guard, which can guard a corporate network by standing between the
network and the outside world. A firewall is a network security system designed to prevent
unauthorized access to a private network from any other network. It works closely with a router
program to determine if a packet should be forwarded to its destination. It also provides a proxy
service that makes network requests on behalf of the users on a network.
The characteristics of a good firewall can be described as follows:
(1) All traffic from inside to outside, and vice versa must pass through the firewall. To achieve
this, all the access to the local network must first be physically blocked, and access only via the
firewall should be permitted.
(2) Only the traffic authorized as per the local security policy should be allowed to pass through.
(3) The firewall itself must be strong enough, so as to render attacks on it useless.
The main limitations of a firewall can be listed as follows:
(1) Insider’s intrusion
(2) Direct Internet traffic
(3) Virus attacks
(4) It needs specialized skills to configure, and many attacks occur because of badly configured
policies on a firewall.
b. Write a note on IPSec Architecture
Explanation on each above stated protocol (2½ marks)
c. What is SSL Record protocol? Explain its operations The SSL Record Protocol provides two services for SSL connections:
• Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional
encryption of SSL payloads.
• Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a
message authentication code (MAC).
Figure indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an
application message to be transmitted, fragments the data into manageable blocks, optionally compresses
the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.
Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level
users.
d. Explain the Handshake protocol action
SSL Handshake protocol allows following between client and Server. The handshake is done
before any data is transmitted (1 marks)
1. to authenticate each other
2. to negotiate encryption and MAC algorithms
3. to create cryptographic keys to be used
4. to establish a session and then a connection
There are four phases in SSL handshake protocol. Following series of messages are used in these
4 phases.
• Phase-1: Establish Security Capabilities
• Phase-2: Server Authentication and Key Exchange
• Phase-3: Client Authentication and Key Exchange
• Phase-4: Finish Each phase explanation (1 marks)
6. Attempt any two of the following: 10
a. Explain the password based authentication system. What are the problems associated with
passwords?
Any two explained in detail (4 marks)
i. Clear text password
ii. Something derived from password
iii. Adding randomness in password
iv. Password encryption
Problems: maintenance, password policies etc (1 marks)
b. Write a note on Kerberos
Kerberos is a network authentication protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography. (1 marks)
Kerberos acts as a third party authenticator (1 marks)
- Helps the user to prove its identity to the various services and vice versa
-Uses symmetrical cryptographic algorithms (private key cryptosystems)
–Same key is used for encryption as well as decryption
–Uses DES (Data Encryption Standard)
Explanation of working (AS and TGS)along with diagram (3 marks)
c. Explain Biometric authentication technique.
Introduction (1 marks)
Working (1 marks)
Techniques (3 marks)
• Physiological (face, voice fingerprint)
• Behavioral (keystroke, signature)
d. What is certificate based authentication and explain its working
Introduction (1 marks)
Working (4 marks)
i. Creation, storage and distribution of digital certificates
ii. Login request
iii. Server creates a random challenge
iv. User signs using random challenge
v. Server returns an appropriate message back to the user
7. Attempt any three of the following: 15
a. What are the different goals of security? Explain the different attacks these security goals are
vulnerable to.
Security Goals: Confidentiality, integrity and availability (2 marks)
Attacks on Confidentiality: interception, modification etc Integrity: Masquerade, alterations and replay
Availability: DOS and DDOS (3 marks)
b. Explain the working of DES function in details
Diagram (1 mark)
Expansion permutation, XOR with key, S-box substitution and P-box permutation (4 marks)
c. What is Asymmetric encryption? Explain the RSA algorithm used for asymmetric encryption
Public key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of
keys: public keys which may be disseminated widely, and private keys which are known only to the
owner. (1 mark)
RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric
cryptographic algorithm. Asymmetric means that there are two different keys.
d. Explain the concept of Digital Certificate and how it is created?
Digital certificate is to verify that a user sending a message is who he or she claims to be, and to
provide the receiver with the means to encode a reply. An individual wishing to send an
encrypted message applies for adigital certificate from a Certificate Authority (CA). (1 mark)
Digital Certificate contents (2 marks)
Certificate creation steps (2 marks)
Key generation
Registration verification
Certificate creation
e. What are the approaches used to detect intrusion? Give a brief description of each The following approaches to intrusion detection:
1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users
over a period of time. Then statistical tests are applied to observed behavior to determine with a high level
of confidence whether that behavior is not legitimate user behavior.
• Threshold detection: This approach involves defining thresholds, independent of user, for the
frequency of occurrence of various events.
• Profile based: A profile of the activity of each user is developed and used to detect changes in the
behavior of individual accounts.
2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given
behavior is that of an intruder.
• Anomaly detection: Rules are developed to detect deviation from previous usage patterns.
• Penetration identification: An expert system approach that searches for suspicious behavior.
f. Write a note on Authentication token.
Authentication token is an extremely useful alternative to password. Authentication token is a
small device that generates a new random value every time it is used. This random value
becomes the basis for authentication. (1 mark)
Creation of token, Use of token, Token types (4 marks)