Abstract image of a woman sitting on books and studying on a laptop

Cryptography and network security part a question and answers

U
uthayashangar1

CNS Important PART A Question and Answers

Engineering
1 of 22
Download to read offline
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
1 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA IT-T73 Cryptography and Network Security Part- A (Question and Answers) -2019-20 ODD SEM UNIT-1 1. Define security attack, security mechanism and security services. Security attack: any action that compromises the security of information owned by an organization. Security mechanism: a mechanism that is designed to detect, prevent or recover from a security attack. Security services: a service that enhances the security of the data processing systems and the information transfers of an organization. 2. Define Computer Security. Ans: Generic name for the collection of tools designed to protect and to thwart hackers. 3. Define Network Security. Ans: It measures to protect data during their transmission. 4. Define Internet Security. Ans: It measures to protect data during their transmission over a collection of interconnected networks. 5. Define Threat. A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. 6. Specify the four categories of security threats. Interruption Interception Modification Fabrication 7. Mention the different types of security services. Authentication Confidentiality Data integrity Non repudiation Access control Availability
2 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 8. Define passive attack and active attack. Passive attacks are in the nature of eavesdropping, or monitoring of transmissions. The types of passive attack are 1.Release of message content 2.Traffic analysis Active attacks involve some modification of data stream or creation of a false stream. The types of active attack are  Masquerade  Replay  Modification  Denial of service 9. Define integrity and non-repudiation. Integrity: Service that ensures that only authorized person able to modify the message. Non-repudiation: This service helps to prove that the person who denies the transaction is true or false. 10. Define confidentiality and authentication Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in a computer system and transmitted information are accessible only for reading by authorized person. Authentication: It helps to prove that the source entity only has involved the transaction 11. Define Attack. An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system. 12. Define Interruption. Ans: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. 13. Define Interception. Ans: An unauthorized party gains access to on asset. This is an attack on confidentiality. Unauthorized party could be a person, a program or a computer. 14. Define Modification. Ans: An unauthorized party not only gains access to but tampers with an assest. This is an attack on integrity. 15. Define Fabrication. Ans: An unauthorized party inserts counterfeit objects in to the system. This is an attack on authenticity.
3 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 16. Differentiate symmetric and asymmetric encryption? symmetric : It is a form of cryptosystem in which encryption and decryption performed using the same key. Eg: DES, AES. asymmetric : It is a form of cryptosystem in which encryption and decryption Performed using two keys. Eg:RSA,ECC 17. Define cryptography. It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography. 18. Define cryptanalysis and cryptology. Cryptanalysis: techniques used for deciphering or decrypting a message without the knowledge of the enciphering or encrypting details is said to be cryptanalysis. Cryptology: the study of cryptography and cryptanalysis together is called cryptology. 19. Define the following terms: Plaintext: the original message to be transmitted. Cipher text: the coded (encrypted) message or the scrambled message. Encryption / Enciphering : process of converting plain text to cipher text. Decryption/ Deciphering: process of converting cipher text to plain text. 20. What is Brute force attack? Trying out all the possible keys on a piece of cipher text until an intelligible translation to plain text is obtained. 21. Mention the various types of cryptanalytic attack.  Known plaintext  Cipher text only  Chosen plaintext  Chosen Cipher text 22. Define the two basic building blocks of encryption techniques. Substitution technique – it is one in which the letters of the plaintext are replaced by other letters or by numbers or symbols. Transposition technique – it is one which performs some sort of permutation on the plaintext letters. 23. Mention few mono-alphabetic and poly-alphabetic ciphers. Mono-alphabetic ciphers: - playfair cipher, hill cipher, Caesar cipher Poly-alphabetic ciphers: - vigenere cipher, one time pad cipher 24. What is Multiple-letter encryption Cipher? Ans: Play fair cipher is the best known multiple-letter encryption cipher-which treats diagrams in the plaintext as single units and translates these units in to cipher text diagrams.
4 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 25. What is auto key system? Ans: Vigenere cipher method proposed an auto key system, in which a key word is concatenated, the plaintext itself to provide a running key. 26. What is Rotor Machines? Ans: Rotor machines are sophisticated pre computer hardware services that use substitution techniques. 27. What are the two problems with the one time pad? Ans: i) Making use of large quantities of random keys. ii) Problem of key distribution and protection. 28. What is steganography? Mention few techniques in it. Steganography is a technique for hiding the original message. Some of the related techniques are  Character marking  Invisible ink  Pin punctures  Typewriter correction ribbon 29. Define stream cipher and block cipher. A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal block. 30. Why network need security? When systems are connected through the network, attacks are possible during transmission time. 31. What are the attacks that can be performed in the networks?  Disclosure  Traffic analysis  Masquerade  Content modification  Sequence modification  Timing modification  Source repudiation  Destination repudiation 32. Define Diffusion & confusion. Diffusion: It means each plaintext digits affect the values of many cipher text digits which is equivalent to each cipher text digit is affected by many plaintext digits. It can be achieved by performing permutation on the data. It is the relationship between the plaintext and cipher text. Confusion: It can be achieved by substitution algorithm. It is the relationship between cipher text and key.
5 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 33. Define Encryption The process of converting from plaintext to cipher text. 34. Specify the components of encryption algorithm. (a) Plaintext (b) Encryption algorithm (c) secret key (d) cipher text (e) Decryption algorithm 35. Differentiate symmetric or private key cryptography and public key or asymmetric cryptography. In symmetric key cryptography, only one key is used for encryption and decryption. In public key cryptography, two keys (public key and private key) are used. When one key is used for encryption, then the other must be used for decryption. The public key is known to all the participants but the private key is kept secret by the owner. 36. List the properties of congruence? Ans: 1) a == b(mod n) if n/(a - b). 2) a == b(mod n) implies b == a(mod n). 3) a == b(mod n) and b == c(mod n) imply a == c(mod n). 37. Write code for Euclidean algorithm? Ans: EUCLID (a, b) 1) A += a; B += b, 2) if B = 0 return A = gcd (a, b) 3) R =A modB 4) A += B 5) B += R 6) goto 2 38. Define Stream Cipher. Ans: A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. 39. Define Block Cipher. Ans: A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal block. 40.Define RC4. RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variablekey size stream cipher with byte-oriented operations.The algorithm is based onthe use of a random permutation. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software.RC4 is used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) standards that have been defined for communication between Web browsers and servers.
6 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 41.Why not keep the encryption algorithm secret? We assume that it is impractical to decrypt a message on the basis of the ciphertext plus knowledge of the encryption/decryption algorithm. This means we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption makes low-cost chip implementations of data encryption algorithms widely available and incorporated into a number of products. With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the key. CNS-UNIT-2 1. Explain conventional encryption? Conventional encryption 1. The same algorithm with the same key is used for encryption and decryption. 2. The sender and receiver must share the algorithm and the key. 3. The key must be secret 4. It must be impossible or at least impractical message if no other information is available 5. Knowledge of the algorithm plus samples of cipher text must insufficient to determine the key 2. Explain public key encryption? 1.One algorithm is used for encryption and decryption with a pair of keys, one for encryption and another for decryption. 2. The sender and receiver must each have one of the matched pair of keys. 3.One of two keys must be kept Secret . 4. It must be impossible or to at least impractical to decipher a message if no other information is available. 5. Knowledge of the algorithm plus one of key plus samples of ciphertext must be insufficient to determine the other key. 3. Define Symmetric key Cryptography. Ans: In symmetric key cryptography, only one key is used for encryption and decryption. 4. Define Public key Cryptography. Ans: In public key cryptography, two keys (public key and private key) are used. When one key is used for encryption, then the other must be used for decryption. The public key is known to all the participants but the private key is kept secret by the owner. 5. Mention the functions involved in simplified DES. Ans: i) Initial permutation. ii) A complex function Fk with a key KI. iii) Switching. iv) A complex function Fk with a key K2. v) Inverse permutation.
7 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 6. Define Multiple Encryption. It is a technique in which the encryption is used multiple times. Eg: Double DES, Triple DES 7. What is Triple Encryption? How many keys are used in triple encryption? Triple Encryption is a technique in which encryption algorithm is performed three times using three keys. 8. Give the five modes of operation of Block cipher.  Electronic Codebook(ECB)  Cipher Block Chaining(CBC)  Cipher Feedback(CFB)  Output Feedback(OFB)  Counter(CTR) 9. Explain Avalanche effect. A desirable property of any encryption algorithm is that a small change in either the plaintext or the key produce a significant change in the cipher text. In particular, a change in one bit of the plaintext or one bit of the key should produce a change in many bits of the cipher text. If the change is small, this might provider a way to reduce the size of the plaintext or key space to be searched. 10. What is AES? Ans: Advanced encryption standard is a block cipher intended to replace DES for commercial applications. It uses a 12~-bit block size and a key size of 128, 192 or 256 bits. 11. What are the characteristics of AES Cipher? • Resistance against all known attacks. • Speed and code compactness on a wide range of platform. • Design simplicity. 12. List four different stages of AES? 1) Substitute bytes 2) Shift rows 3) Mix columns 4) Add Round key. 13. List the evaluation criteria defined by NIST for AES? The evaluation criteria for AES is as follows:  Security  Cost  Algorithm and implementation characteristics 14. What is sub bytes? The forward substitute byte transformation, called Sub Bytes, is a simple table lookup. 15. What is Inv Shift Rows? The inverse shift row transformation, called Inv Shift Rows, performs the circular shifts in the opposite direction for each of the last three rows, with a one byte circular shift for the second row and so on.
8 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 16. What is Mix Columns? The forward "mix" column transformation, called Mix columns, operates on each column individual. 17. What is Add Round Key? In the forward add round key transformation, called Add Round Key, the 128 bits of state are bitwise XORed with the 128 bits of the round key. 18. Define Fermat Theorem? Fermat Theorem states the following: If p is prime and a is a positive integer not divisible by p, then Ap-1=1 mod p 19. Define Euler’s theorem and it’s application? Euler’s theorem states that for every a and n that are relatively prime: aΦ(n) =1 mod n 20. Define Euler’s totient function or phi function and their applications? The Euler’s totient function states that, it should be clear for a prime number p, Φ(p) =p-1 21. Describe in general terms an efficient procedure for picking a prime number? The procedure for picking a prime number is as follows: 1. Pick an odd integer n at random (eg., using a pseudorandom number generator). 2. Pick an integer a<n at random. 3. Perform the probabilistic primality test, such as Miller-Rabin. If n fails the test, reject the value n and go to step 1. 4. If n has passed a sufficient number of tests, accept n; otherwise , go to step 2. 22. Define the meaning of relatively prime (or) co-prime? Two integer a and b are relatively prime if gcd(a,b) = 1 Eg: gcd(20,7) = gcd(7,20 mod 7) = gcd(7,6) = gcd(6,7 mod 6) = gcd(1,6 mod 1) = gcd(1,0) = 1 23. Define prime number and Divisibility? Prime Number: An integer p>1 is a prime number if and only if its divisor are ±1 &± p Eg: p= 13 then divisors are ±1 and ±3 Any integer a>1 can be factored in a way as a = p1 a1,p2 a2,….pt at where p1<p2 … pt ,ai are prime numbers, a’ is a +ive integer then it can be written as a = Πp ap. P Є p ; whereap> 0 . p represents set of prime numbers.
9 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 24. Define Euler’s totient function The Euler’s totient function states that, it should be clear for a prime number p, Φ (p)= p-1 25. Determine Φ (27) using Euler’s totient function? Φ (p e)=p e-p e-1 Φ (3 3)=3 3- 3 2 =27-9 =18 Φ (27)=18 26. Find gcd (1970, 1066) using Euclid’s algorithm? gcd (1970,1066) = gcd(1066,1970 mod 1066) = gcd(1066,904) = 2 27. What is the primitive root of a number? We can define a primitive root of a number p as one whose powers generate all the integers from 1 to p-1. That is p, if a is a primitive root of the prime number p then the numbers. 28. Determine the gcd (24140,16762) using Euclid’s algorithm. Soln: We know, gcd(a, b) = gcd(b, a mod b) gcd(24140,16762) =gcd(16762,7378) gcd(7378,2006) =gcd(2006,1360) gcd(1360,646) =gcd(646,68) gcd(68,34) = 34 gcd(24140,16762) = 34. 29. Perform encryption and decryption using RSA Alg. for the following. P=7; q=11; e=17; M=8. Soln: n = pq n = 7*11=77 Φ(n)=(p-1) (q-1) =6*10 = 60 e =17 d =27 C = Me mod n C = 817 mod 77 = 57 M = Cd mod n = 5727 mod 77 = 8 30. What is the primitive root of a number? We can define a primitive root of a number p as one whose powers generate allthe integers from 1 to p-1. That is p, if a is a primitive root of the prime number p thenthe numbers.
10 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 31. Define Euler’s totient function (used in RSA algorithm). It is the number of positive integers that are less than ‘n’ and relatively prime to ‘n’. Where n is the product of two prime numbers (p & q) It is represented as F(n) and it is expressed as F(n) = F(pq) = (p-1)(q-1). 32. Define Factoring Problem. Ans: Mathematical approach takes 3 forms: • Factor n = p * q, hence find <j>(n) and then d. • Determine <j>(n) directly without determiningp and q and find d. • Find d directly, without first determination <j>(n). 33. Define RSA The Rivest-Shamir-Adleman (RSA) scheme has the most widely accepted and implemented general-purpose approach to public-key encryption. The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than 2 power 1024. 34. What are the various approaches to attacks the RSA algorithm? Ans: i) Brute force attack. ii) Mathematical attacks. iii) Timing attacks. 35. Define Timing Attacks. The opponent can determine a private key by keeping track of how long a computer takes to decipher messages. Although the timing attack is a serious threat, there are simple counter measures that can be used: • Constant Exponentiation Time • Random Delay • Blinding. 36. What are roles of public and private key? The two keys used for public-key encryption are referred to as the public key and the private key. The private key is kept secret and the public key is known publicly. Usually the public key is used for encryption purpose and the private key is used in the decryption side. 37. Specify the applications of the public key cryptosystem? The applications of the public-key cryptosystem can classified as follows Encryption/Decryption: The sender encrypts a message with the recipient’s public key. Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to a message or to a small block of data that is a function of the message. Key Exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties
11 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS-UNIT-3 1. What is Discrete Logarithms? Ans: For any integer b and a primitive root a of prime number p, the unique exponent. 'i' is referred as discrete logarithm of the number b for the base a(mod P). dlog (b) obtained from a,p b = d(modp) where 0 ~ i~ (p - 1). 2. What is a one way function? One way function is one that map the domain into a range such that every function value has a unique inverse with a condition that the calculation of the function is easy where as the calculations of the inverse is infeasible. 3. What is a trapdoor one way function? It is function which is easy to calculate in one direction and infeasible to calculate in other direction in the other direction unless certain additional information is known. With the additional information the inverse can be calculated in polynomial time. It can be summarized as: A trapdoor one way function is a family of invertible functions fk, such that Y= fk( X) easy, if k and X are known X=fk-1(Y) easy, if k and y are known X= fk-1(Y) infeasible, if Y is known but k is not known 4. Why do we need Diffie Hellman algorithm? It is used for exchanging the secret keys between the sender and the receiver. It allows two users to exchange a key securely. User A and B exchange the key using Diffie-Hellman algorithm. Assume α=5 q=11 XA=2 XB=3. Find the value of YA,YB and k? Soln: YA= αX A mod q = 25 mod 11 = 3 YB = αX B mod q = 125 mod 11 = 4 K = ( YA) X B mod q = 27 mod 11 = 5 K = ( YB) X A mod q = 16 mod 11 = 5
12 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 5. Mention the various ways of producing an authenticator. (Or) Define the classes of message authentication function. Message encryption: The entire cipher text would be used for authentication. Message Authentication Code: It is a function of message and secret key produce a fixed length value. Hash function: Some function that map a message of any length to fixed length which serves as authentication. 6. Define one way property, weak collision resistance and strong collisionresistance of hash function. For any given value h, it is computationally infeasible to find x such that H(x) = h – one way property. For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x) – weak collision resistance. It is computationally infeasible to find any pair (x, y) such that H(x) =H(y) – strong collision property. 7. What is message authentication? It is a procedure that verifies whether the received message comes from assigned source has not been altered. It uses message authentication codes, hash algorithms to authenticate the message. 8. What are the requirements for message authentication? The requirements for message authentication are i. Disclosure: Release of message contents to any person or process not processing the appropriate cryptographic key ii. Traffic Analysis: Discovery of the pattern of traffic between parties. In a connection oriented application, the frequency and duration of connections could be determined. In either a connection oriented or connectionless environment, the number and length of messages between parties could be determined. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgements of message receipt or no receipt by someone other than the message recipient. iv. Content modification: Changes to the contents of a message , including insertion, deletion, transposition, and modification. v. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and modification. vi. Timing modification: Delay or replay of messages. In a connection oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In connectionless application, an individual message could be delayed or replayed. vii. Source repudiation: Denial of transmission of message by source. viii. Destination repudiation: Denial of receipt of message by destination.
13 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 9. What you meant by hash function? Hash function accept a variable size message M as input and produces a fixed size hash code H(M) called as message digest as output. It is the variation on the message authentication code. 10. Differentiate MAC and Hash function? MAC: In Message Authentication Code, the secret key shared by sender and receiver. The MAC is appended to the message at the source at a time which the message is assumed or known to be correct. Hash Function: The hash value is appended to the message at the source at time when the message is assumed or known to be correct. The hash function itself not considered to be secret. 11. Any three hash algorithm. • MD5 (Message Digest version 5) algorithm. •SHA_1 (Secure Hash Algorithm). • RIPEMD_160 algorithm. 12. What are the requirements of the hash function? • H can be applied to a block of data of any size. • H produces a fixed length output. • H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 13. What you meant by MAC? MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed length value called as MAC. MAC = Ck(M) Where M = variable length message K = secret key shared by sender and receiver. CK(M) = fixed length authenticator. 14. What is weak collision resistance? Ans:For any given block x, it is computationally infeasible to find y # x such that H(y) = H(x).it is referred to as weak collision resistance. It is proportional to 2n 15. What is strong collision resistance? Ans: It is computation ally infeasible to find anypair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance. It is proportional to 2n/2 16. What are the three desirable properties of Hash functions? Ans: One-way Weak collision resistance Strong collision resistance.
14 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 17. List the steps of secure Hash algorithm? Ans: - Append padding bits. - Append length. - Initialize hash buffer . - Process message in l024-bit (128-word) blocks. - Output. 18. What are the two compression function used in secure hash algorithm? Ans: A function specifically designed for the hash function or a symmetric block cipher. 19. What are the two categories of message authentication codes? Ans: - Based on the use of secure hash algorithm. - Based on the use of symmetric block cipher. 20. Differentiate internal and external error control. Internal error control: an error detecting code also known as frame check sequence or checksum. External error control: error detecting codes are appended after encryption. 21. What is the meet in the middle attack? This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function-quite literally meeting in the middle of the composed function. 22. What is the role of compression function in hash function? The hash algorithm involves repeated use of a compression function f, that takes two inputs and produce a n-bit output. At the start of hashing the chaining variable has an initial value that is specified as part of the algorithm. The final value of the chaining variable is the hash value usually b>n; hence the term compression.
15 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 23. Define digital signature. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message Digital signatures are used in e-commerce, software distribution, financial transactions and other situations that rely on forgery or tampering detection techniques. A digital signature is also known as an electronic signature. 24. Distinguish between direct and arbitrated digital signature? Direct: 1.The direct digital signature involves only the communicating parties. 2.This may be formed by encrypting the entire message with the sender’s private key. Arbitrated digital signature: 1.The arbiter plays a sensitive and crucial role in this digital signature. 2. Every signed message from a sender x to a receiver y goes first to an arbiter A, who subjects the message and its signature to a number of tests to check its origin and content. 25. What are the properties a digital signature should have? It must verify the author and the data and time of signature. It must authenticate the contents at the time of signature. It must be verifiable by third parties to resolve disputes. 26. What requirements should a digital signature scheme should satisfy? The signature must be bit pattern that depends on the message being signed. The signature must use some information unique to the sender, to prevent both forgery and denial. It must be relatively easy to produce the digital signature. It must be relatively easy to recognize and verify the digital signature. It must be computationally infeasible to forge a digital signature, either by constructing new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. It must be practical to retain a copy of the digital signature in storage.
16 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS- UNIT-4 1. List out the different techniques of distributing the public key.  Public announcement  Publicly available directory  Public key authority  Public key certificate 2. What is the purpose of X.509 standard? X.509 defines framework for authentication services by the X.500 directory to its users.X.509 defines authentication protocols based on public key certificates. 3. What you mean by Verisign certificate? Mostly used issue X.509 certificate with the product name” Verisign digital id”. Each digital id contains owner’s public key, owner’s name and serial number of the digital id. 4. How E-mail compatibility is performed? Radix-64 is the technique which is used for E-mail compatibility. InRadix-64, each group of 3 octets of binary data is mapped into 4 ASCII characters. 5. Mention the services provided by the Pretty Good Privacy (PGP). a. Authentication b. Confidentiality c. Compression d. E-mail compatibility e. Segmentation and reassembly 7. Signature is generated before compression in PGP. Why? There are two reasons behind it. 1. It is preferable to sign an uncompressed message so that one can storeonly the uncompressed message together with the signature for futureverification. If one signed a compressed document, then it would benecessary either to store a compressed version of the message for laterverification or to recompress the message when verification is required. 2. Even if one were willing to generate dynamically a recompressed message for verification, PGP’s compression algorithm presents a difficulty. Thealgorithm is not deterministic. 8. Why E-mail compatibility function in PGP needed? Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this restriction PGP provides the service converting the row 8-bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is Radix-64 conversion. 9. Name any cryptographic keys used in PGP?  One-time session conventional keys.  Public keys.  Private keys.  Pass phrase based conventional keys.
17 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 10. Define key Identifier? PGP assigns a key ID to each public key that is very high probability unique with a user ID. It is also required for the PGP digital signature. The key ID associated with each public key consists of its least significant 64bits. 11. Explain the reasons for using PGP? It is available free worldwide versions that run on a variety of platforms, including DOS/Windows, UNIX, macintosh and many more. It is based on algorithm that have survived extensive public review and are considered extremely secure (eg.) RSA, DSS. It has a wide range of applicability from corporations that wish to select and enforce a standardized scheme for encrypting files and communication. It was not developed by nor is it controlled by any government or standards organization. 12. What is the need of public key ring and private key ring? Public key ring is one of the data structures which is used to store thepublic keys of the other participants. Private Key ring is a data structure which is used to store the public andthe private keys of the owner alone. 13. Mention the benefits of IPSec. a. It provides strong security that can be applied to all traffic crossing theperimeter. b. IPSec in a firewall is resistant to bypass. c. IPSec is below the transport layer and so is transparent to applications. d. IPSec is transparent to users. 13. List out the services provided by the IPSec.  Access control  Connectionless integrity  Data origin authentication  Rejection of replayed packets  Confidentiality  Limited traffic flow confidentiality 14. What are the function areas of IP security? • Authentication • Confidentiality • Key management. 15. Give the application of IP security? • Provide secure communication across private & public LAN. • Secure remote access over the Internet. • Secure communication to other organization. 16. What are the protocols used to provide IP security? • Authentication header (AH) protocol. • Encapsulating Security Payload (ESP) protocol.
18 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 17. General format of IPsec ESP Format? Security Parameter Index(SPI) Sequence Number(SN) Payload Data (Variable) Padding(0-255 bytes) Authentication Data (variable) 18. What is Authentication Header? Give the format of the IPsec Authentication Header? It provides the authentication of IP Packet, so authentication is based on the use of MAC. List the steps involved in SSL record protocol? 1. SSL record protocol takes application data as input and fragments it. 2. Apply lossless Compression algorithm. 3. Compute MAC for compressed data. 4. MAC and compression message is encrypted using conventional alg 19. Define transport and tunnel mode. i. Transport mode provides protection primarily for upper layerprotocols. Transport mode protection extends to the payload of anIP packet. Transport mode is used for end-to-end communicationbetween two hosts. ii. Tunnel mode provides protection to the entire packet. The entire packet (original packet) plus security fields is treated as thepayload of new outer IP packet with a new outer IP header. Herethe packet travels through a tunnel from one point of an IP networkto another. 19. Why do we need an anti replay service? Anti replay service is required in order to avoid the duplicatepackets (created by the opponent) which may cause disruption inthe service. 21. What is the need pf padding in Encapsulating Security Payload (ESP)? a. If an encryption algorithm requires the plaintext to be a multiple of somenumber of bytes, the padding field is used to expand the plaintext to therequired length. b. ESP format requires that the pad length and the next header fields be rightaligned within a 32-bit word. The padding field is used to assure thisalignment. c. Additional padding may be added to provide partial traffic flowconfidentiality by concealing the actual length of the payload. 22. How the security associations be combined? It can be done in two ways: 1.Transport adjacency 2. Iterated tunneling 23. What are the headers fields define in MIME? • MIME version. • Content type. • Content transfer encoding. • Content id. • Content description.
19 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 24. What are the key algorithms used in S/MIME? • Digital signature standards. • Diffi Hellman. • RSA algorithm. 25. What are the different between SSL version 3 and TLS? • In SSL the minor version is 0 and * In TLS, the major version is 3 and thethe major version is 3 minor version is 1. * SSL use HMAC alg., except that * TLS makes use of the same alg.the padding bytesconcatenation. * SSL supports 12 various alert * TLS supports all of the alert codes. Codesdefined in SSL3 with the exception of• no _ certificate. 27. List the step involved in SSL required protocol? Ans: - It takes application data as input and fragments it. - Apply loss less compression algorithm. - Compute MAC for compound data. - MAC and compression message is encrypted using conventional algorithm.
20 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS- Unit-5 1. What are the 802.11 RSN Security Specification? Authentication: A protocol is used to define an exchange between a user and an AS that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link. Access control:1 This function enforces the use of the authentication function, routes the messages properly, and facilitates key exchange. It can work with a variety of authentication protocols. Privacy with message integrity: MAC-level data (e.g., an LLC PDU) are encrypted along with a message integrity code that ensures that the data have not been altered. 2. What are the five 802.11 phase of operation.  Discovery,  Authentication,  Key generation and distribution  Protected data transfer,  Connection termination. 3. Define PSK and MSK. PAIRWISE KEYS Pairwise keys are used for communication between a pair of devices, typically between an STA and an AP. These keys form a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time. At the top level of the hierarchy are two possibilities. A pre-shared key (PSK) is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i. The other alternative is the master session key (MSK), also known as the AAAK, which is generated using the IEEE 802.1X protocol during the authentication phase. 4. Explain group key distribution. GROUP KEY DISTRIBUTION:For group key distribution, the AP generates a GTK and distributes it to each STA in a multicast group.The two-message exchange with each STA consists of the following: AP STA: This message includes the GTK, encrypted either with RC4 or with AES.The key used for encryption is KEK. A MIC value is appended. STA AP: The STA acknowledges receipt of the GTK. This message includes a MIC value.
21 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 5. What are two service provided by TKIP? TKIP is designed to require only software changes to devices that are implemented with the older wireless LAN security approach called Wired Equivalent Privacy (WEP). TKIP provides two services: Message integrity: TKIP adds a message integrity code (MIC) to the 802.11 MAC frame after the data field. The MIC is generated by an algorithm, called Michael, that computes a 64-bit value using as input the source and destination MAC address values and the Data field, plus key material. Data confidentiality: Data confidentiality is provided by encrypting the MPDU plus MIC value using RC4. 6. Define WAP. The Wireless Application Protocol (WAP) is a universal, open standard developed by the WAP Forum to provide mobile users of wireless phones and other wireless terminals such as pagers and personal digital assistants (PDAs) access to telephony and information services, including the Internet and the Web. WAP is designed to work with all wireless network technologies (e.g., GSM, CDMA, and TDMA). WAP is based on existing Internet standards, such as IP, XML, HTML, and HTTP, as much as possible. It also includes security facilities. At the time of this writing, the current release of the WAP specification is version 2.0. 7. List the WAP specification. The WAP specification includes: • A programming model based on the WWW Programming Model • A markup language, the Wireless Markup Language, adhering to XML • A specification of a small browser suitable for a mobile, wireless terminal • A lightweight communications protocol stack • A framework for wireless telephony applications (WTAs) 8. Define wireless markup language. WML was designed to describe content and format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability. It is designed to work with telephone keypads, styluses, and other input devices common to mobile, wireless communication. WML permits the scaling of displays for use on two-line screens found in some small devices, as well as the larger screens found on smart phones. 9. List the important feature of WML. Important features of WML include: • Text and image support: Formatting and layout commands are provided for text and limited image capability. • Deck/card organizational metaphor: WML documents are subdivided into small, well- defined units of user interaction called cards. Users navigate by moving back and forth between cards. A card specifies one or more units of interaction (a menu, a screen of text,
22 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA or a text-entry field). A WML deck is similar to an HTML page in that it is identified by a Web address (URL) and is the unit of content transmission. • Support for navigation among cards and decks: WML includes provisions for event handling, which is used for navigation or executing scripts. 10. Explain WTA. Wireless telephony applications (WTA): A collection of telephony-specific extensions for call and feature control mechanisms that provide authors advanced mobile network services. Using WTA, applications developers can use the micro browser to originate telephone calls and to respond to events from the telephone network. 11. Define WTLS. WTLS provides security services between the mobile device (client) and the WAP gateway. WTLS is based on the industry-standard Transport Layer Security (TLS) Protocol, 3 which is a refinement of the Secure Sockets Layer (SSL) protocol. TLS is the standard security protocol used between Web browsers and Web servers. WTLS is more efficient that TLS, requiring fewer message exchanges. 12. List the Features of WTLS. WTLS provides the following features. • Data integrity: Uses message authentication to ensure that data sent between the client and the gateway are not modified. • Privacy: Uses encryption to ensure that the data cannot be read by a third party. • Authentication: Uses digital certificates to authenticate the two parties. • Denial-of-service protection: Detects and rejects messages that are replayed or not successfully verified. 13. Define three transaction classes of WTP. WTP provides three transaction classes that may be invoked by WSP or another higher layer protocol: • Class 0: Unreliable invoke message with no result message • Class 1: Reliable invoke message with no result message • Class 2: Unreliable invoke message with one reliable result message 14. Mention the phases of the Handshake protocol. a. Phase 1 – establish security capabilities b. Phase 2 – server authentication and key exchange c. Phase 3 – client authentication and key exchange d. Phase 4 – finish 15. Draw the WTLS protocol stack.

More Related Content

PDF
CNS_Solutions-Adi.pdf
AdiseshaK
 
PDF
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
PDF
CNS Solutions-Adi.pdf
AdiseshaK
 
DOCX
TWO MARK WITH ANSWERS for Computer network
vincysahana
 
DOCX
Unit 1 QB.docx
karthikaparthasarath
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
PPTX
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
abduganiyevbekzod011
 
CNS_Solutions-Adi.pdf
AdiseshaK
 
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
CNS Solutions-Adi.pdf
AdiseshaK
 
TWO MARK WITH ANSWERS for Computer network
vincysahana
 
Unit 1 QB.docx
karthikaparthasarath
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
abduganiyevbekzod011
 

Similar to Cryptography and network security part a question and answers (20)

PPTX
cns unit 1.pptx
Saranya Natarajan
 
PDF
chapter 1-4.pdf
zerihunnana
 
PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PPTX
chapter 7.pptx
MelkamtseganewTigabi1
 
PPTX
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
PPTX
IT235 POC - Unit I priciples of cryptography
ssuser000e54
 
PPTX
Introduction to cryptography part1-final
Taymoor Nazmy
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
PDF
50+ Frequently Asked Cryptography Interview Questions in 2022
Temok IT Services
 
PPTX
Cryptography Introduction Classical Encryption
RajarajanS15
 
PPTX
Network security and cryptography
Pavithra renu
 
PPTX
Cns 1
BhumikaPal1
 
PPTX
Unit - I cyber security fundamentals part -1.pptx
karthikaparthasarath
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY
AdityaShukla141
 
PDF
Network security & cryptography full notes
gangadhar9989166446
 
PDF
Vtu network security(10 ec832) unit 2 notes..
Jayanth Dwijesh H P
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
PPT
6. cryptography
7wounders
 
PPTX
groupWork.pptx
KennedyKiplangat1
 
DOC
Social Engg. Assignment it17 final (1)
rosu555
 
cns unit 1.pptx
Saranya Natarajan
 
chapter 1-4.pdf
zerihunnana
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
chapter 7.pptx
MelkamtseganewTigabi1
 
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
IT235 POC - Unit I priciples of cryptography
ssuser000e54
 
Introduction to cryptography part1-final
Taymoor Nazmy
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
50+ Frequently Asked Cryptography Interview Questions in 2022
Temok IT Services
 
Cryptography Introduction Classical Encryption
RajarajanS15
 
Network security and cryptography
Pavithra renu
 
Cns 1
BhumikaPal1
 
Unit - I cyber security fundamentals part -1.pptx
karthikaparthasarath
 
CRYPTOGRAPHY AND NETWORK SECURITY
AdityaShukla141
 
Network security & cryptography full notes
gangadhar9989166446
 
Vtu network security(10 ec832) unit 2 notes..
Jayanth Dwijesh H P
 
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
6. cryptography
7wounders
 
groupWork.pptx
KennedyKiplangat1
 
Social Engg. Assignment it17 final (1)
rosu555
 
Ad

More from uthayashangar1 (17)

PPT
INTEGRATION TESTING using combined testing.ppt
uthayashangar1
 
PPT
BLACK-BOX TESTING using boundart value analyse.ppt
uthayashangar1
 
PPT
Software Engineering -Software Reliability.ppt
uthayashangar1
 
PPT
Software Engineering - Software Quality.ppt
uthayashangar1
 
PPT
Software Maintenance.ppt in Software Engineering
uthayashangar1
 
PPT
Software reengineering.ppt in Software Engineering
uthayashangar1
 
PPT
SEI Capability Maturity Model.ppt Software Engineering
uthayashangar1
 
PPT
Computer Aided Software Engineering.ppt SE
uthayashangar1
 
PPT
5. HALSTEAD SOFTWARE SCIENCE.ppt software engineering
uthayashangar1
 
PPTX
4. COCOMO – HEURISTIC ESTIMATION TECHNIQUE.pptx
uthayashangar1
 
DOC
Web Technology List of html and CSS all the Experiments.doc
uthayashangar1
 
DOC
Web Technology all the Units Consolidated Syllabus.doc
uthayashangar1
 
DOC
Web TEchnology hackers Encryption VPN Firewall Unit 5.doc
uthayashangar1
 
DOC
Web Technology Web Technology Notes Streams Network Principles and SocketsUni...
uthayashangar1
 
DOC
Web Technology XML Attributes and elementsUnit 3.doc
uthayashangar1
 
DOC
web technology search engine optimization notes Unit 2.doc
uthayashangar1
 
DOC
web technology web concepts client server model Unit 1.doc
uthayashangar1
 
INTEGRATION TESTING using combined testing.ppt
uthayashangar1
 
BLACK-BOX TESTING using boundart value analyse.ppt
uthayashangar1
 
Software Engineering -Software Reliability.ppt
uthayashangar1
 
Software Engineering - Software Quality.ppt
uthayashangar1
 
Software Maintenance.ppt in Software Engineering
uthayashangar1
 
Software reengineering.ppt in Software Engineering
uthayashangar1
 
SEI Capability Maturity Model.ppt Software Engineering
uthayashangar1
 
Computer Aided Software Engineering.ppt SE
uthayashangar1
 
5. HALSTEAD SOFTWARE SCIENCE.ppt software engineering
uthayashangar1
 
4. COCOMO – HEURISTIC ESTIMATION TECHNIQUE.pptx
uthayashangar1
 
Web Technology List of html and CSS all the Experiments.doc
uthayashangar1
 
Web Technology all the Units Consolidated Syllabus.doc
uthayashangar1
 
Web TEchnology hackers Encryption VPN Firewall Unit 5.doc
uthayashangar1
 
Web Technology Web Technology Notes Streams Network Principles and SocketsUni...
uthayashangar1
 
Web Technology XML Attributes and elementsUnit 3.doc
uthayashangar1
 
web technology search engine optimization notes Unit 2.doc
uthayashangar1
 
web technology web concepts client server model Unit 1.doc
uthayashangar1
 
Ad

Recently uploaded (20)

PDF
distributed database system" (DDBS) is often used to refer to both the distri...
Hemlathadhevi Annadhurai
 
PPTX
PRASUNET_20240614003_231416_0000[1].pptx
singlagaurav1311
 
PPTX
A Brief Introduction to IoT- Smart Objects: The "Things" in IoT
KeerthanaSahadevan1
 
PPTX
Petroleum Refining & Petrochemicals.pptx
choksihimanshu
 
PDF
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
PDF
Java Basics-Introduction and program control
lohithsrikarb719
 
PPTX
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
PPTX
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
PPT
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
PPTX
Software Engineering and software moduleing
deepikame6
 
PDF
Design of Material Handling Equipment Lecture Note
Barsena
 
PDF
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
PDF
Accra-Kumasi Expressway - Prefeasibility Report Volume 1 of 7.11.2018.pdf
JeorgeWilsonKingson1
 
PPTX
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
PPTX
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PPTX
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
PPTX
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
PDF
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
distributed database system" (DDBS) is often used to refer to both the distri...
Hemlathadhevi Annadhurai
 
PRASUNET_20240614003_231416_0000[1].pptx
singlagaurav1311
 
A Brief Introduction to IoT- Smart Objects: The "Things" in IoT
KeerthanaSahadevan1
 
Petroleum Refining & Petrochemicals.pptx
choksihimanshu
 
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
Java Basics-Introduction and program control
lohithsrikarb719
 
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
Software Engineering and software moduleing
deepikame6
 
Design of Material Handling Equipment Lecture Note
Barsena
 
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
Accra-Kumasi Expressway - Prefeasibility Report Volume 1 of 7.11.2018.pdf
JeorgeWilsonKingson1
 
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 

Cryptography and network security part a question and answers

  • 1. 1 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA IT-T73 Cryptography and Network Security Part- A (Question and Answers) -2019-20 ODD SEM UNIT-1 1. Define security attack, security mechanism and security services. Security attack: any action that compromises the security of information owned by an organization. Security mechanism: a mechanism that is designed to detect, prevent or recover from a security attack. Security services: a service that enhances the security of the data processing systems and the information transfers of an organization. 2. Define Computer Security. Ans: Generic name for the collection of tools designed to protect and to thwart hackers. 3. Define Network Security. Ans: It measures to protect data during their transmission. 4. Define Internet Security. Ans: It measures to protect data during their transmission over a collection of interconnected networks. 5. Define Threat. A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. 6. Specify the four categories of security threats. Interruption Interception Modification Fabrication 7. Mention the different types of security services. Authentication Confidentiality Data integrity Non repudiation Access control Availability
  • 2. 2 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 8. Define passive attack and active attack. Passive attacks are in the nature of eavesdropping, or monitoring of transmissions. The types of passive attack are 1.Release of message content 2.Traffic analysis Active attacks involve some modification of data stream or creation of a false stream. The types of active attack are  Masquerade  Replay  Modification  Denial of service 9. Define integrity and non-repudiation. Integrity: Service that ensures that only authorized person able to modify the message. Non-repudiation: This service helps to prove that the person who denies the transaction is true or false. 10. Define confidentiality and authentication Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in a computer system and transmitted information are accessible only for reading by authorized person. Authentication: It helps to prove that the source entity only has involved the transaction 11. Define Attack. An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system. 12. Define Interruption. Ans: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. 13. Define Interception. Ans: An unauthorized party gains access to on asset. This is an attack on confidentiality. Unauthorized party could be a person, a program or a computer. 14. Define Modification. Ans: An unauthorized party not only gains access to but tampers with an assest. This is an attack on integrity. 15. Define Fabrication. Ans: An unauthorized party inserts counterfeit objects in to the system. This is an attack on authenticity.
  • 3. 3 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 16. Differentiate symmetric and asymmetric encryption? symmetric : It is a form of cryptosystem in which encryption and decryption performed using the same key. Eg: DES, AES. asymmetric : It is a form of cryptosystem in which encryption and decryption Performed using two keys. Eg:RSA,ECC 17. Define cryptography. It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography. 18. Define cryptanalysis and cryptology. Cryptanalysis: techniques used for deciphering or decrypting a message without the knowledge of the enciphering or encrypting details is said to be cryptanalysis. Cryptology: the study of cryptography and cryptanalysis together is called cryptology. 19. Define the following terms: Plaintext: the original message to be transmitted. Cipher text: the coded (encrypted) message or the scrambled message. Encryption / Enciphering : process of converting plain text to cipher text. Decryption/ Deciphering: process of converting cipher text to plain text. 20. What is Brute force attack? Trying out all the possible keys on a piece of cipher text until an intelligible translation to plain text is obtained. 21. Mention the various types of cryptanalytic attack.  Known plaintext  Cipher text only  Chosen plaintext  Chosen Cipher text 22. Define the two basic building blocks of encryption techniques. Substitution technique – it is one in which the letters of the plaintext are replaced by other letters or by numbers or symbols. Transposition technique – it is one which performs some sort of permutation on the plaintext letters. 23. Mention few mono-alphabetic and poly-alphabetic ciphers. Mono-alphabetic ciphers: - playfair cipher, hill cipher, Caesar cipher Poly-alphabetic ciphers: - vigenere cipher, one time pad cipher 24. What is Multiple-letter encryption Cipher? Ans: Play fair cipher is the best known multiple-letter encryption cipher-which treats diagrams in the plaintext as single units and translates these units in to cipher text diagrams.
  • 4. 4 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 25. What is auto key system? Ans: Vigenere cipher method proposed an auto key system, in which a key word is concatenated, the plaintext itself to provide a running key. 26. What is Rotor Machines? Ans: Rotor machines are sophisticated pre computer hardware services that use substitution techniques. 27. What are the two problems with the one time pad? Ans: i) Making use of large quantities of random keys. ii) Problem of key distribution and protection. 28. What is steganography? Mention few techniques in it. Steganography is a technique for hiding the original message. Some of the related techniques are  Character marking  Invisible ink  Pin punctures  Typewriter correction ribbon 29. Define stream cipher and block cipher. A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal block. 30. Why network need security? When systems are connected through the network, attacks are possible during transmission time. 31. What are the attacks that can be performed in the networks?  Disclosure  Traffic analysis  Masquerade  Content modification  Sequence modification  Timing modification  Source repudiation  Destination repudiation 32. Define Diffusion & confusion. Diffusion: It means each plaintext digits affect the values of many cipher text digits which is equivalent to each cipher text digit is affected by many plaintext digits. It can be achieved by performing permutation on the data. It is the relationship between the plaintext and cipher text. Confusion: It can be achieved by substitution algorithm. It is the relationship between cipher text and key.
  • 5. 5 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 33. Define Encryption The process of converting from plaintext to cipher text. 34. Specify the components of encryption algorithm. (a) Plaintext (b) Encryption algorithm (c) secret key (d) cipher text (e) Decryption algorithm 35. Differentiate symmetric or private key cryptography and public key or asymmetric cryptography. In symmetric key cryptography, only one key is used for encryption and decryption. In public key cryptography, two keys (public key and private key) are used. When one key is used for encryption, then the other must be used for decryption. The public key is known to all the participants but the private key is kept secret by the owner. 36. List the properties of congruence? Ans: 1) a == b(mod n) if n/(a - b). 2) a == b(mod n) implies b == a(mod n). 3) a == b(mod n) and b == c(mod n) imply a == c(mod n). 37. Write code for Euclidean algorithm? Ans: EUCLID (a, b) 1) A += a; B += b, 2) if B = 0 return A = gcd (a, b) 3) R =A modB 4) A += B 5) B += R 6) goto 2 38. Define Stream Cipher. Ans: A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. 39. Define Block Cipher. Ans: A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal block. 40.Define RC4. RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variablekey size stream cipher with byte-oriented operations.The algorithm is based onthe use of a random permutation. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software.RC4 is used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) standards that have been defined for communication between Web browsers and servers.
  • 6. 6 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 41.Why not keep the encryption algorithm secret? We assume that it is impractical to decrypt a message on the basis of the ciphertext plus knowledge of the encryption/decryption algorithm. This means we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption makes low-cost chip implementations of data encryption algorithms widely available and incorporated into a number of products. With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the key. CNS-UNIT-2 1. Explain conventional encryption? Conventional encryption 1. The same algorithm with the same key is used for encryption and decryption. 2. The sender and receiver must share the algorithm and the key. 3. The key must be secret 4. It must be impossible or at least impractical message if no other information is available 5. Knowledge of the algorithm plus samples of cipher text must insufficient to determine the key 2. Explain public key encryption? 1.One algorithm is used for encryption and decryption with a pair of keys, one for encryption and another for decryption. 2. The sender and receiver must each have one of the matched pair of keys. 3.One of two keys must be kept Secret . 4. It must be impossible or to at least impractical to decipher a message if no other information is available. 5. Knowledge of the algorithm plus one of key plus samples of ciphertext must be insufficient to determine the other key. 3. Define Symmetric key Cryptography. Ans: In symmetric key cryptography, only one key is used for encryption and decryption. 4. Define Public key Cryptography. Ans: In public key cryptography, two keys (public key and private key) are used. When one key is used for encryption, then the other must be used for decryption. The public key is known to all the participants but the private key is kept secret by the owner. 5. Mention the functions involved in simplified DES. Ans: i) Initial permutation. ii) A complex function Fk with a key KI. iii) Switching. iv) A complex function Fk with a key K2. v) Inverse permutation.
  • 7. 7 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 6. Define Multiple Encryption. It is a technique in which the encryption is used multiple times. Eg: Double DES, Triple DES 7. What is Triple Encryption? How many keys are used in triple encryption? Triple Encryption is a technique in which encryption algorithm is performed three times using three keys. 8. Give the five modes of operation of Block cipher.  Electronic Codebook(ECB)  Cipher Block Chaining(CBC)  Cipher Feedback(CFB)  Output Feedback(OFB)  Counter(CTR) 9. Explain Avalanche effect. A desirable property of any encryption algorithm is that a small change in either the plaintext or the key produce a significant change in the cipher text. In particular, a change in one bit of the plaintext or one bit of the key should produce a change in many bits of the cipher text. If the change is small, this might provider a way to reduce the size of the plaintext or key space to be searched. 10. What is AES? Ans: Advanced encryption standard is a block cipher intended to replace DES for commercial applications. It uses a 12~-bit block size and a key size of 128, 192 or 256 bits. 11. What are the characteristics of AES Cipher? • Resistance against all known attacks. • Speed and code compactness on a wide range of platform. • Design simplicity. 12. List four different stages of AES? 1) Substitute bytes 2) Shift rows 3) Mix columns 4) Add Round key. 13. List the evaluation criteria defined by NIST for AES? The evaluation criteria for AES is as follows:  Security  Cost  Algorithm and implementation characteristics 14. What is sub bytes? The forward substitute byte transformation, called Sub Bytes, is a simple table lookup. 15. What is Inv Shift Rows? The inverse shift row transformation, called Inv Shift Rows, performs the circular shifts in the opposite direction for each of the last three rows, with a one byte circular shift for the second row and so on.
  • 8. 8 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 16. What is Mix Columns? The forward "mix" column transformation, called Mix columns, operates on each column individual. 17. What is Add Round Key? In the forward add round key transformation, called Add Round Key, the 128 bits of state are bitwise XORed with the 128 bits of the round key. 18. Define Fermat Theorem? Fermat Theorem states the following: If p is prime and a is a positive integer not divisible by p, then Ap-1=1 mod p 19. Define Euler’s theorem and it’s application? Euler’s theorem states that for every a and n that are relatively prime: aΦ(n) =1 mod n 20. Define Euler’s totient function or phi function and their applications? The Euler’s totient function states that, it should be clear for a prime number p, Φ(p) =p-1 21. Describe in general terms an efficient procedure for picking a prime number? The procedure for picking a prime number is as follows: 1. Pick an odd integer n at random (eg., using a pseudorandom number generator). 2. Pick an integer a<n at random. 3. Perform the probabilistic primality test, such as Miller-Rabin. If n fails the test, reject the value n and go to step 1. 4. If n has passed a sufficient number of tests, accept n; otherwise , go to step 2. 22. Define the meaning of relatively prime (or) co-prime? Two integer a and b are relatively prime if gcd(a,b) = 1 Eg: gcd(20,7) = gcd(7,20 mod 7) = gcd(7,6) = gcd(6,7 mod 6) = gcd(1,6 mod 1) = gcd(1,0) = 1 23. Define prime number and Divisibility? Prime Number: An integer p>1 is a prime number if and only if its divisor are ±1 &± p Eg: p= 13 then divisors are ±1 and ±3 Any integer a>1 can be factored in a way as a = p1 a1,p2 a2,….pt at where p1<p2 … pt ,ai are prime numbers, a’ is a +ive integer then it can be written as a = Πp ap. P Є p ; whereap> 0 . p represents set of prime numbers.
  • 9. 9 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 24. Define Euler’s totient function The Euler’s totient function states that, it should be clear for a prime number p, Φ (p)= p-1 25. Determine Φ (27) using Euler’s totient function? Φ (p e)=p e-p e-1 Φ (3 3)=3 3- 3 2 =27-9 =18 Φ (27)=18 26. Find gcd (1970, 1066) using Euclid’s algorithm? gcd (1970,1066) = gcd(1066,1970 mod 1066) = gcd(1066,904) = 2 27. What is the primitive root of a number? We can define a primitive root of a number p as one whose powers generate all the integers from 1 to p-1. That is p, if a is a primitive root of the prime number p then the numbers. 28. Determine the gcd (24140,16762) using Euclid’s algorithm. Soln: We know, gcd(a, b) = gcd(b, a mod b) gcd(24140,16762) =gcd(16762,7378) gcd(7378,2006) =gcd(2006,1360) gcd(1360,646) =gcd(646,68) gcd(68,34) = 34 gcd(24140,16762) = 34. 29. Perform encryption and decryption using RSA Alg. for the following. P=7; q=11; e=17; M=8. Soln: n = pq n = 7*11=77 Φ(n)=(p-1) (q-1) =6*10 = 60 e =17 d =27 C = Me mod n C = 817 mod 77 = 57 M = Cd mod n = 5727 mod 77 = 8 30. What is the primitive root of a number? We can define a primitive root of a number p as one whose powers generate allthe integers from 1 to p-1. That is p, if a is a primitive root of the prime number p thenthe numbers.
  • 10. 10 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 31. Define Euler’s totient function (used in RSA algorithm). It is the number of positive integers that are less than ‘n’ and relatively prime to ‘n’. Where n is the product of two prime numbers (p & q) It is represented as F(n) and it is expressed as F(n) = F(pq) = (p-1)(q-1). 32. Define Factoring Problem. Ans: Mathematical approach takes 3 forms: • Factor n = p * q, hence find <j>(n) and then d. • Determine <j>(n) directly without determiningp and q and find d. • Find d directly, without first determination <j>(n). 33. Define RSA The Rivest-Shamir-Adleman (RSA) scheme has the most widely accepted and implemented general-purpose approach to public-key encryption. The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than 2 power 1024. 34. What are the various approaches to attacks the RSA algorithm? Ans: i) Brute force attack. ii) Mathematical attacks. iii) Timing attacks. 35. Define Timing Attacks. The opponent can determine a private key by keeping track of how long a computer takes to decipher messages. Although the timing attack is a serious threat, there are simple counter measures that can be used: • Constant Exponentiation Time • Random Delay • Blinding. 36. What are roles of public and private key? The two keys used for public-key encryption are referred to as the public key and the private key. The private key is kept secret and the public key is known publicly. Usually the public key is used for encryption purpose and the private key is used in the decryption side. 37. Specify the applications of the public key cryptosystem? The applications of the public-key cryptosystem can classified as follows Encryption/Decryption: The sender encrypts a message with the recipient’s public key. Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to a message or to a small block of data that is a function of the message. Key Exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties
  • 11. 11 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS-UNIT-3 1. What is Discrete Logarithms? Ans: For any integer b and a primitive root a of prime number p, the unique exponent. 'i' is referred as discrete logarithm of the number b for the base a(mod P). dlog (b) obtained from a,p b = d(modp) where 0 ~ i~ (p - 1). 2. What is a one way function? One way function is one that map the domain into a range such that every function value has a unique inverse with a condition that the calculation of the function is easy where as the calculations of the inverse is infeasible. 3. What is a trapdoor one way function? It is function which is easy to calculate in one direction and infeasible to calculate in other direction in the other direction unless certain additional information is known. With the additional information the inverse can be calculated in polynomial time. It can be summarized as: A trapdoor one way function is a family of invertible functions fk, such that Y= fk( X) easy, if k and X are known X=fk-1(Y) easy, if k and y are known X= fk-1(Y) infeasible, if Y is known but k is not known 4. Why do we need Diffie Hellman algorithm? It is used for exchanging the secret keys between the sender and the receiver. It allows two users to exchange a key securely. User A and B exchange the key using Diffie-Hellman algorithm. Assume α=5 q=11 XA=2 XB=3. Find the value of YA,YB and k? Soln: YA= αX A mod q = 25 mod 11 = 3 YB = αX B mod q = 125 mod 11 = 4 K = ( YA) X B mod q = 27 mod 11 = 5 K = ( YB) X A mod q = 16 mod 11 = 5
  • 12. 12 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 5. Mention the various ways of producing an authenticator. (Or) Define the classes of message authentication function. Message encryption: The entire cipher text would be used for authentication. Message Authentication Code: It is a function of message and secret key produce a fixed length value. Hash function: Some function that map a message of any length to fixed length which serves as authentication. 6. Define one way property, weak collision resistance and strong collisionresistance of hash function. For any given value h, it is computationally infeasible to find x such that H(x) = h – one way property. For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x) – weak collision resistance. It is computationally infeasible to find any pair (x, y) such that H(x) =H(y) – strong collision property. 7. What is message authentication? It is a procedure that verifies whether the received message comes from assigned source has not been altered. It uses message authentication codes, hash algorithms to authenticate the message. 8. What are the requirements for message authentication? The requirements for message authentication are i. Disclosure: Release of message contents to any person or process not processing the appropriate cryptographic key ii. Traffic Analysis: Discovery of the pattern of traffic between parties. In a connection oriented application, the frequency and duration of connections could be determined. In either a connection oriented or connectionless environment, the number and length of messages between parties could be determined. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgements of message receipt or no receipt by someone other than the message recipient. iv. Content modification: Changes to the contents of a message , including insertion, deletion, transposition, and modification. v. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and modification. vi. Timing modification: Delay or replay of messages. In a connection oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In connectionless application, an individual message could be delayed or replayed. vii. Source repudiation: Denial of transmission of message by source. viii. Destination repudiation: Denial of receipt of message by destination.
  • 13. 13 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 9. What you meant by hash function? Hash function accept a variable size message M as input and produces a fixed size hash code H(M) called as message digest as output. It is the variation on the message authentication code. 10. Differentiate MAC and Hash function? MAC: In Message Authentication Code, the secret key shared by sender and receiver. The MAC is appended to the message at the source at a time which the message is assumed or known to be correct. Hash Function: The hash value is appended to the message at the source at time when the message is assumed or known to be correct. The hash function itself not considered to be secret. 11. Any three hash algorithm. • MD5 (Message Digest version 5) algorithm. •SHA_1 (Secure Hash Algorithm). • RIPEMD_160 algorithm. 12. What are the requirements of the hash function? • H can be applied to a block of data of any size. • H produces a fixed length output. • H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 13. What you meant by MAC? MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed length value called as MAC. MAC = Ck(M) Where M = variable length message K = secret key shared by sender and receiver. CK(M) = fixed length authenticator. 14. What is weak collision resistance? Ans:For any given block x, it is computationally infeasible to find y # x such that H(y) = H(x).it is referred to as weak collision resistance. It is proportional to 2n 15. What is strong collision resistance? Ans: It is computation ally infeasible to find anypair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance. It is proportional to 2n/2 16. What are the three desirable properties of Hash functions? Ans: One-way Weak collision resistance Strong collision resistance.
  • 14. 14 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 17. List the steps of secure Hash algorithm? Ans: - Append padding bits. - Append length. - Initialize hash buffer . - Process message in l024-bit (128-word) blocks. - Output. 18. What are the two compression function used in secure hash algorithm? Ans: A function specifically designed for the hash function or a symmetric block cipher. 19. What are the two categories of message authentication codes? Ans: - Based on the use of secure hash algorithm. - Based on the use of symmetric block cipher. 20. Differentiate internal and external error control. Internal error control: an error detecting code also known as frame check sequence or checksum. External error control: error detecting codes are appended after encryption. 21. What is the meet in the middle attack? This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function-quite literally meeting in the middle of the composed function. 22. What is the role of compression function in hash function? The hash algorithm involves repeated use of a compression function f, that takes two inputs and produce a n-bit output. At the start of hashing the chaining variable has an initial value that is specified as part of the algorithm. The final value of the chaining variable is the hash value usually b>n; hence the term compression.
  • 15. 15 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 23. Define digital signature. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message Digital signatures are used in e-commerce, software distribution, financial transactions and other situations that rely on forgery or tampering detection techniques. A digital signature is also known as an electronic signature. 24. Distinguish between direct and arbitrated digital signature? Direct: 1.The direct digital signature involves only the communicating parties. 2.This may be formed by encrypting the entire message with the sender’s private key. Arbitrated digital signature: 1.The arbiter plays a sensitive and crucial role in this digital signature. 2. Every signed message from a sender x to a receiver y goes first to an arbiter A, who subjects the message and its signature to a number of tests to check its origin and content. 25. What are the properties a digital signature should have? It must verify the author and the data and time of signature. It must authenticate the contents at the time of signature. It must be verifiable by third parties to resolve disputes. 26. What requirements should a digital signature scheme should satisfy? The signature must be bit pattern that depends on the message being signed. The signature must use some information unique to the sender, to prevent both forgery and denial. It must be relatively easy to produce the digital signature. It must be relatively easy to recognize and verify the digital signature. It must be computationally infeasible to forge a digital signature, either by constructing new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. It must be practical to retain a copy of the digital signature in storage.
  • 16. 16 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS- UNIT-4 1. List out the different techniques of distributing the public key.  Public announcement  Publicly available directory  Public key authority  Public key certificate 2. What is the purpose of X.509 standard? X.509 defines framework for authentication services by the X.500 directory to its users.X.509 defines authentication protocols based on public key certificates. 3. What you mean by Verisign certificate? Mostly used issue X.509 certificate with the product name” Verisign digital id”. Each digital id contains owner’s public key, owner’s name and serial number of the digital id. 4. How E-mail compatibility is performed? Radix-64 is the technique which is used for E-mail compatibility. InRadix-64, each group of 3 octets of binary data is mapped into 4 ASCII characters. 5. Mention the services provided by the Pretty Good Privacy (PGP). a. Authentication b. Confidentiality c. Compression d. E-mail compatibility e. Segmentation and reassembly 7. Signature is generated before compression in PGP. Why? There are two reasons behind it. 1. It is preferable to sign an uncompressed message so that one can storeonly the uncompressed message together with the signature for futureverification. If one signed a compressed document, then it would benecessary either to store a compressed version of the message for laterverification or to recompress the message when verification is required. 2. Even if one were willing to generate dynamically a recompressed message for verification, PGP’s compression algorithm presents a difficulty. Thealgorithm is not deterministic. 8. Why E-mail compatibility function in PGP needed? Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this restriction PGP provides the service converting the row 8-bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is Radix-64 conversion. 9. Name any cryptographic keys used in PGP?  One-time session conventional keys.  Public keys.  Private keys.  Pass phrase based conventional keys.
  • 17. 17 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 10. Define key Identifier? PGP assigns a key ID to each public key that is very high probability unique with a user ID. It is also required for the PGP digital signature. The key ID associated with each public key consists of its least significant 64bits. 11. Explain the reasons for using PGP? It is available free worldwide versions that run on a variety of platforms, including DOS/Windows, UNIX, macintosh and many more. It is based on algorithm that have survived extensive public review and are considered extremely secure (eg.) RSA, DSS. It has a wide range of applicability from corporations that wish to select and enforce a standardized scheme for encrypting files and communication. It was not developed by nor is it controlled by any government or standards organization. 12. What is the need of public key ring and private key ring? Public key ring is one of the data structures which is used to store thepublic keys of the other participants. Private Key ring is a data structure which is used to store the public andthe private keys of the owner alone. 13. Mention the benefits of IPSec. a. It provides strong security that can be applied to all traffic crossing theperimeter. b. IPSec in a firewall is resistant to bypass. c. IPSec is below the transport layer and so is transparent to applications. d. IPSec is transparent to users. 13. List out the services provided by the IPSec.  Access control  Connectionless integrity  Data origin authentication  Rejection of replayed packets  Confidentiality  Limited traffic flow confidentiality 14. What are the function areas of IP security? • Authentication • Confidentiality • Key management. 15. Give the application of IP security? • Provide secure communication across private & public LAN. • Secure remote access over the Internet. • Secure communication to other organization. 16. What are the protocols used to provide IP security? • Authentication header (AH) protocol. • Encapsulating Security Payload (ESP) protocol.
  • 18. 18 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 17. General format of IPsec ESP Format? Security Parameter Index(SPI) Sequence Number(SN) Payload Data (Variable) Padding(0-255 bytes) Authentication Data (variable) 18. What is Authentication Header? Give the format of the IPsec Authentication Header? It provides the authentication of IP Packet, so authentication is based on the use of MAC. List the steps involved in SSL record protocol? 1. SSL record protocol takes application data as input and fragments it. 2. Apply lossless Compression algorithm. 3. Compute MAC for compressed data. 4. MAC and compression message is encrypted using conventional alg 19. Define transport and tunnel mode. i. Transport mode provides protection primarily for upper layerprotocols. Transport mode protection extends to the payload of anIP packet. Transport mode is used for end-to-end communicationbetween two hosts. ii. Tunnel mode provides protection to the entire packet. The entire packet (original packet) plus security fields is treated as thepayload of new outer IP packet with a new outer IP header. Herethe packet travels through a tunnel from one point of an IP networkto another. 19. Why do we need an anti replay service? Anti replay service is required in order to avoid the duplicatepackets (created by the opponent) which may cause disruption inthe service. 21. What is the need pf padding in Encapsulating Security Payload (ESP)? a. If an encryption algorithm requires the plaintext to be a multiple of somenumber of bytes, the padding field is used to expand the plaintext to therequired length. b. ESP format requires that the pad length and the next header fields be rightaligned within a 32-bit word. The padding field is used to assure thisalignment. c. Additional padding may be added to provide partial traffic flowconfidentiality by concealing the actual length of the payload. 22. How the security associations be combined? It can be done in two ways: 1.Transport adjacency 2. Iterated tunneling 23. What are the headers fields define in MIME? • MIME version. • Content type. • Content transfer encoding. • Content id. • Content description.
  • 19. 19 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 24. What are the key algorithms used in S/MIME? • Digital signature standards. • Diffi Hellman. • RSA algorithm. 25. What are the different between SSL version 3 and TLS? • In SSL the minor version is 0 and * In TLS, the major version is 3 and thethe major version is 3 minor version is 1. * SSL use HMAC alg., except that * TLS makes use of the same alg.the padding bytesconcatenation. * SSL supports 12 various alert * TLS supports all of the alert codes. Codesdefined in SSL3 with the exception of• no _ certificate. 27. List the step involved in SSL required protocol? Ans: - It takes application data as input and fragments it. - Apply loss less compression algorithm. - Compute MAC for compound data. - MAC and compression message is encrypted using conventional algorithm.
  • 20. 20 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA CNS- Unit-5 1. What are the 802.11 RSN Security Specification? Authentication: A protocol is used to define an exchange between a user and an AS that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link. Access control:1 This function enforces the use of the authentication function, routes the messages properly, and facilitates key exchange. It can work with a variety of authentication protocols. Privacy with message integrity: MAC-level data (e.g., an LLC PDU) are encrypted along with a message integrity code that ensures that the data have not been altered. 2. What are the five 802.11 phase of operation.  Discovery,  Authentication,  Key generation and distribution  Protected data transfer,  Connection termination. 3. Define PSK and MSK. PAIRWISE KEYS Pairwise keys are used for communication between a pair of devices, typically between an STA and an AP. These keys form a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time. At the top level of the hierarchy are two possibilities. A pre-shared key (PSK) is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i. The other alternative is the master session key (MSK), also known as the AAAK, which is generated using the IEEE 802.1X protocol during the authentication phase. 4. Explain group key distribution. GROUP KEY DISTRIBUTION:For group key distribution, the AP generates a GTK and distributes it to each STA in a multicast group.The two-message exchange with each STA consists of the following: AP STA: This message includes the GTK, encrypted either with RC4 or with AES.The key used for encryption is KEK. A MIC value is appended. STA AP: The STA acknowledges receipt of the GTK. This message includes a MIC value.
  • 21. 21 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA 5. What are two service provided by TKIP? TKIP is designed to require only software changes to devices that are implemented with the older wireless LAN security approach called Wired Equivalent Privacy (WEP). TKIP provides two services: Message integrity: TKIP adds a message integrity code (MIC) to the 802.11 MAC frame after the data field. The MIC is generated by an algorithm, called Michael, that computes a 64-bit value using as input the source and destination MAC address values and the Data field, plus key material. Data confidentiality: Data confidentiality is provided by encrypting the MPDU plus MIC value using RC4. 6. Define WAP. The Wireless Application Protocol (WAP) is a universal, open standard developed by the WAP Forum to provide mobile users of wireless phones and other wireless terminals such as pagers and personal digital assistants (PDAs) access to telephony and information services, including the Internet and the Web. WAP is designed to work with all wireless network technologies (e.g., GSM, CDMA, and TDMA). WAP is based on existing Internet standards, such as IP, XML, HTML, and HTTP, as much as possible. It also includes security facilities. At the time of this writing, the current release of the WAP specification is version 2.0. 7. List the WAP specification. The WAP specification includes: • A programming model based on the WWW Programming Model • A markup language, the Wireless Markup Language, adhering to XML • A specification of a small browser suitable for a mobile, wireless terminal • A lightweight communications protocol stack • A framework for wireless telephony applications (WTAs) 8. Define wireless markup language. WML was designed to describe content and format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability. It is designed to work with telephone keypads, styluses, and other input devices common to mobile, wireless communication. WML permits the scaling of displays for use on two-line screens found in some small devices, as well as the larger screens found on smart phones. 9. List the important feature of WML. Important features of WML include: • Text and image support: Formatting and layout commands are provided for text and limited image capability. • Deck/card organizational metaphor: WML documents are subdivided into small, well- defined units of user interaction called cards. Users navigate by moving back and forth between cards. A card specifies one or more units of interaction (a menu, a screen of text,
  • 22. 22 MVIT/ IT DEPT/2019-20-ODD SEM / CNS-PART-A -QA or a text-entry field). A WML deck is similar to an HTML page in that it is identified by a Web address (URL) and is the unit of content transmission. • Support for navigation among cards and decks: WML includes provisions for event handling, which is used for navigation or executing scripts. 10. Explain WTA. Wireless telephony applications (WTA): A collection of telephony-specific extensions for call and feature control mechanisms that provide authors advanced mobile network services. Using WTA, applications developers can use the micro browser to originate telephone calls and to respond to events from the telephone network. 11. Define WTLS. WTLS provides security services between the mobile device (client) and the WAP gateway. WTLS is based on the industry-standard Transport Layer Security (TLS) Protocol, 3 which is a refinement of the Secure Sockets Layer (SSL) protocol. TLS is the standard security protocol used between Web browsers and Web servers. WTLS is more efficient that TLS, requiring fewer message exchanges. 12. List the Features of WTLS. WTLS provides the following features. • Data integrity: Uses message authentication to ensure that data sent between the client and the gateway are not modified. • Privacy: Uses encryption to ensure that the data cannot be read by a third party. • Authentication: Uses digital certificates to authenticate the two parties. • Denial-of-service protection: Detects and rejects messages that are replayed or not successfully verified. 13. Define three transaction classes of WTP. WTP provides three transaction classes that may be invoked by WSP or another higher layer protocol: • Class 0: Unreliable invoke message with no result message • Class 1: Reliable invoke message with no result message • Class 2: Unreliable invoke message with one reliable result message 14. Mention the phases of the Handshake protocol. a. Phase 1 – establish security capabilities b. Phase 2 – server authentication and key exchange c. Phase 3 – client authentication and key exchange d. Phase 4 – finish 15. Draw the WTLS protocol stack.