Embed Size (px)
Citation preview
1
Chettinad College of Engineering and technology, Karur
Department of Information Technology
Cryptography and Network Security
Two Mark Questions
UNIT I
1. What is OSI security architecture?
The OSI security architecture is useful to managers as a way of organizing the task of providing
security. The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as
• Security attack: Any action that compromises the security of information owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service.
2. Define Threat.
A potential for violation of security, which exists when there is a circumstance, capability, action, or
event that could breach security and cause harm. That is, a threat is a possible danger that might
exploit vulnerability.
3.Define Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a
deliberate attempt (especially in the sense of a method or technique) to evade security services and
violate the security policy of a system.
4. Specify the four categories of security threats
Interruption Interception Modification Fabrication
5. Explain active and passive attack with example?
(i) Passive attack: A passive attack attempts to learn or make use of information from the system
but does not affect system resources.
Eg: release of message contents, traffic analysis
(ii) Active attack: An active attack attempts to alter system resources or affect their operation.
DEPARTMENT OF ECE
2
Eg:
A masquerade takes place when one entity pretends to be a different entity
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect.
Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect.
The denial of service prevents or inhibits the normal use or management of communications
facilities.
6. Compare active and passive attacks.
Passive attacks Active attacks
A passive attack attempts to learn or make
use of information from the system but does
not affect system resources
An active attack attempts to alter system
resources or affect their operation
Eg: release of message contents, traffic
analysis
Eg: masquerade, Replay, Modification of
messages, denial of service
Difficult to detect Easy to detect
7. What are the various security services?
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
8. Define Authentication
The assurance that the communicating entity is the one that it claims to be.
Types are:
Peer Entity Authentication
Data-Origin Authentication
3
9. Define Access control
The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a
resource, under what conditions access can occur and what those accessing the resource are allowed
to do).
10. Define Data confidentiality
The protection of data from unauthorized disclosure.
Types are:
Connection Confidentiality
Connectionless Confidentiality
Selective-Field Confidentiality
Traffic-Flow Confidentiality
11. Define Data integrity
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no
modification, insertion, deletion, or replay).
Types are:
Connection Integrity with Recovery
Connection Integrity without Recovery
Selective-Field Connection Integrity
Connectionless Integrity
Selective-Field Connectionless Integrity
12. Define Nonrepudiation
It provides protection against denial by one of the entities involved in a communication of having
participated in all or part of the communication.
Types are:
Nonrepudiation, Origin
Nonrepudiation, Destination
13. What are the security mechanisms are there?
SPECIFIC SECURITY MECHANISMS
o Encipherment
o Digital Signature
o Access Control
4
o Data Integrity
o Authentication Exchange
o Traffic Padding
o Routing Control
o Notarization
PERVASIVE SECURITY MECHANISMS
o Trusted Functionality
o Security Label
o Event Detection
o Security Audit Trail
o Security Recovery
14. What is the relationship Between Security Services and Mechanisms?
15. Draw a model for network security.
5
16. What is cryptology?
Cryptology is the study of cryptography and cryptanalysis.
17. Define cryptanalysis?
It is a process of attempting to discover the key or plaintext or both.
18. Define cryptography.
The many schemes used for encryption constitute the area of study known as cryptography.
19. Define Steganography
Steganography is a technique for hiding a secret message within a larger one in such a way that
others cannot discern the presence or contents of the hidden message.
20. Define plaintext.
An original message is known as the plaintext.
21. Define cipher text.
An original message is known as the plaintext, while the coded message is called the cipher text.
22. Define encryption.
The process of converting from plaintext to cipher text is known as enciphering or encryption;
23. Define decryption.
The process of restoring the plaintext from the cipher text is deciphering or decryption.
24. Differentiate symmetric and asymmetric encryption
Symmetric encryption asymmetric encryption
It is a form of cryptosystem in which encryption
and decryption performed using the same key.
It is also known as conventional encryption.
It is a form of cryptosystem in which encryption
and decryption Performed using two keys. It is
also known as two-key, or public-key encryption
Eg: DES, AES Eg: RSA, ECC
25. What are the ingredients of symmetric encryption?
Plaintext
Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
6
26. What are the requirements of conventional encryption?
strong encryption algorithm
Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure.
27. Draw a simplified Model of Symmetric Encryption.
28. Draw a model of Symmetric Cryptosystem.
29. What are the characteristics of cryptographic system?
The type of operations used for transforming plaintext to cipher text
The number of keys used
The way in which the plaintext is processed
7
30. What are the types of encryption algorithm?
Substitution technique
Transposition technique
31. Compare Substitution and Transposition techniques.
Substitution techniques Transposition techniques
A substitution techniques is one in which
the letters of plaintext are replaced by
other letter or by number or symbols.
It means, different kind of mapping is
achieved by performing some sort of
permutation on the plaintext letters.
Eg: Caser cipher, Monoalphabetic Ciphers,
Playfair Cipher, Hill Cipher, Polyalphabetic
Ciphers, One-Time Pad
Eg: rail fence, DES, AES.
32. Define block cipher.
A block cipher processes the input one block of elements at a time, producing an output block for
each input block.
33. Define stream cipher.
A stream cipher processes the input elements continuously, producing output one element at a time,
as it goes along.
34. What is the difference between an unconditionally secure cipher and a computationally
secure cipher?
An unconditionally secure cipher is a scheme such that if the cipher text generated by the
scheme does not contain enough information to determine uniquely the corresponding plain
text, no matter how much cipher text is available.
A computationally secure scheme is such that the cost of breaking the cipher exceeds the
value of the encrypted information and the time required to break the cipher exceeds the
useful lifetime of the information.
35. What are the two approaches to attacking a cipher?
Cryptanalysis
Brute-force attack
8
36. Briefly define the Caesar cipher.
The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example:
Plain: meet me after the toga party
Cipher: PHHW PH DIWHU WKH WRJD SDUWB
37. Briefly define the monoalphabetic cipher?
A monoalphabetic cipher maps from a plain alphabet to cipher alphabet. Here a single cipher
alphabet is used per message.
38. Briefly define the playfair cipher.
The best-known multiple-letter encryption cipher is the playfair, which treats diagrams in the plain
text as single units and translates these units into cipher text diagrams.
39. What are the two problems with one-time pad?
1.It makes the problem of making large quantities of random keys.
2.It also makes the problem of key distribution and protection.
40. What is a transposition cipher?
Transposition cipher is a cipher, which is achieved by performing some sort of permutation on the
plaintext letters.
41. Why is it not practical to use an arbitrary reversible substitution cipher?
An arbitrary reversible cipher for a large block size is not practical, however, from an
implementation and performance point of view. Here the mapping itself is the key
42. What is the difference between a mono alphabetic cipher and a poly alphabetic cipher?
Mono alphabetic cipher: Here a single cipher alphabet is used.
Poly alphabetic cipher: Here a set of related mono alphabetic substitution rules is used.
43. List the types of cryptanalytic attacks.
Cipher text only Known plaintext Chosen plaintext
Chosen cipher text Chosen text
44. Why is it important to study feistel cipher?
This cipher can be used to approximate the simple substitution cipher by utilizing the concept of a
product cipher, which is the performing of two or more basic ciphers in sequence in such a way that
the final result or product is cryptographically stronger than any of the component ciphers.
9
45. Which parameters and design choices determine the actual algorithm of a feistel cipher?
Block size
Key size
Number of rounds
Sub key generation algorithm
Round functions
Fast software encryption or decryption
Ease of analysis
46. Define Diffusion & confusion.
Diffusion: It means each plaintext digits affect the values of many cipher text digits which is
equivalent to each cipher text digit is affected by many plaintext digits. It can be achieved by
performing permutation on the data. It is the relationship between the plaintext and cipher text.
Confusion: It can be achieved by substitution algorithm. It is the relationship between
Cipher text and key.
47. Define Reversible Mapping
Each plain text is maps with the unique cipher text. This transformation is called reversible mapping
or non-singular mapping.
48. Define Irreversible Mapping
Each plain text is maps with the cipher text (not unique). This transformation is called irreversible
mapping or singular mapping.
49. What are the features if feistel structure.
Block size Key size Number of rounds Subkey generation algorithm
Round function Fast software encryption/decryption Ease of analysis
10
50. Define Product cipher.
It means two or more basic cipher are combined and it produce the resultant cipher is called the
product cipher.
51. Define DES.
DES (Data Encryption Standard) is one of the encryption algorithm. It exhibits the classic Feistel
structure. The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DES, data
are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of
steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption.
52. Explain Avalanche effect.
A desirable property of any encryption algorithm is that a small change in either the plaintext or the
key produce a significant change in the ciphertext. In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in many bits of the ciphertext. If the change is small, this
might provider a way to reduce the size of the plaintext or key space to be searched.
Eg: Double DES, Triple DES
53. What is the purpose of the S-boxes in DES?
Each row of a S-box defines a general reversible substitution. It consists of a set of eight Sboxes,
each of which accepts 6 bits as input and produces 4 bits as output.
54. What are the features of AES?
Symmetric and parallel structure
Adapted to modern processors
Algorithm can work well with smart cards
55. List the evaluation criteria defined by NIST for AES?
The evaluation criteria for AES are as follows:
Security
Cost
Algorithm and implementation characteristics
56. Define Multiple Encryption.
Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the
first instance, plaintext is converted to ciphertext using the encryption algorithm. This ciphertext is
then used as input and the algorithm is applied again. This process may be repeated through any
number of stages.
11
57. Define double encryption.
The simplest form of multiple encryption has two encryption stages and two keys.
58. What is Triple Encryption? How many keys are used in triple encryption?
Triple Encryption is a technique in which encryption algorithm is performed three times using three
keys.
59. What is the key size for Blowfish?
Blowfish makes use of a key that ranges from 32 bits to 448 bits (one to fourteen 32-bit words). That
key is used to generate 18 32-bit subkeys and four 8*32 S-boxes containing a total of 1024 32-bit
entries. The total is 1042 32-bit values, or 4168 bytes.
60. Give the five modes of operation of Block cipher.
Electronic Codebook(ECB)
Cipher Block Chaining(CBC)
Cipher Feedback(CFB)
12
Output Feedback(OFB)
Counter (CTR)
61. State advantages of counter mode.
Hardware Efficiency
Software Efficiency
Preprocessing
Random Access
Provable Security
Simplicity.
62. Define covert channel.
A communication channel that enables the transfer of information in a away unintended by the
designers of the communications facility. It violates a security policy and communication to an
outsider is not detected by the management,
63. What are the approaches are used to reduce traffic analysis?
Link encryption
End to end encryption
64. What is traffic padding? What is its purpose?
Traffic padding produces cipher text output continuously, even in the absence of the plain text. A
continuous random data stream is generated. When plain text is available, it is encrypted and
transmitted. When input plaintext is not present, random data are encrypted and transmitted. This
makes it impossible to for an attacker to distinguish between true dataflow and padding and
therefore impossible to deduce the amount of traffic.
The advantages are:
It is impossible for an attacker to distinguish between true data flow and padding data flow
It is impossible to deduce amount of traffic
UNIT – II
1. What are the principle elements of a public key cryptosystem?
The principle elements of a cryptosystem are:
Plain text
Encryption algorithm
Public and private key
13
Cipher text
Decryption algorithm
2. What are roles of public and private key?
The two keys used for public-key encryption are referred to as the public key and the private key.
Invariably, the private key is kept secret and the public key is known publicly. Usually the public key
is used for encryption purpose and the private key is used in the decryption side.
3. Specify the applications of the public key cryptosystem?
The applications of the public-key cryptosystem can classified as follows
1. Encryption/Decryption: The sender encrypts a message with the recipient’s public key.
2. Digital signature: The sender “signs” a message with its private key. Signing is achieved by a
cryptographic algorithm applied to a message or to a small block of data that is a function of the
message.
3. Key Exchange: Two sides cooperate to exchange a session key. Several different approaches are
possible, involving the private key(s) of one or both parties.
4. What requirements must a public key cryptosystem to fulfill to a secured algorithm?
The requirements of public-key cryptosystem are as follows:
1. It is computationally easy for a party B to generate a pair (Public key KUb, Private key KRb)
2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted ,
M, to generate the corresponding cipher text: C=EKUb(M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private
key to recover the original message : M=DKRb(C)=DKRb[EKUb(M)]
4. It is computationally infeasible for an opponent , knowing the public key,KUb,to determine the
private key,KRb.
5. It is computationally infeasible for an opponent , knowing the public key,KUb, and a ciphertext, C,
to recover the original message,M.
6. The encryption and decryption functions can be applied in either order:
M=EKUb[DKRb(M)]=DKUb [EKRb(M)]
5. What is a one way function?
One way function is one that map the domain into a range such that every function value has a
unique inverse with a condition that the calculation of the function is easy where as the calculations
of the inverse is infeasible.
14
6. What is a trapdoor one way function?
It is function which is easy to calculate in one direction and infeasible to calculate in other direction
in the other direction unless certain additional information is known. With the additional
information the inverse can be calculated in polynomial time. It can be summarized as: A trapdoor
one way function is a family of invertible functions fk, such that
Y= fk( X) easy, if k and X are known X=fk-1(Y) easy, if k and y are known
X= fk-1(Y) infeasible, if Y is known but k is not known
7. Differentiate public key and conventional encryption?
conventional encryption public key encryption
The same algorithm with the same One algorithm is used for encryption Key is used for
encryption and decryption and decryption with a pair of keys,
one for encryption and another for Decryption
The sender and receiver must use
the same key
The algorithm and the key must each have one of the Matched
pair of keys
The key must be secret One of two keys must be kept Secret
It must be impossible or atleast
impractial
It must be impossible or to decipher a message if o other
information at least impractical to decipher a is available
message if no other information is available.
Knowledge of the algorithm plus
samples
Knowledge of the algorithm of cipher text must insufficient to
determine plus one of key plus samples of the key cipher text
must be insufficient to determine the other key.
8. Define prime number.
A prime number is an integer that can only be divided without remainder by positive and negative
values of itself and Prime numbers play a critical role both in number theory and in cryptography.
9. Define fermet’s theorem.
Fermat’s theorem states the following: If p is prime and is a positive integer not divisible by p, then
ap-1=1(mod p)
10. Define Euler’s Theorem
Euler’s theorem states that for every and that are relatively prime: aᶲ(n)=1(mod n)
15
11. Find gcd (1970, 1066) using Euclid’s algorithm?
gcd (1970,1066) = gcd(1066,1970 mod 1066)
= gcd(1066,904)
= 2
12. Write an algorithm for testing for primality.
TEST ( n)
1. Find integers k,q , with k>0, q odd, so that (n-1=2kq);
2. Select a random integer a, 1<a<n-1;
3. if aq mod n=1 then return( inconclusive );
4. for j=0 to k-1 do
5. if a2jq mod n =n-1 then return( inconclusive );
6. return("composite")
13. What is the primitive root of a number?
We can define a primitive root of a number p as one whose powers generate all the integers from 1 to
p-1. That is p, if a is a primitive root of the prime number p then the numbers.
14. Define Diffie-Hellman key exchange.
A simple public-key algorithm is Diffie-Hellman key exchange. This protocol enables two users to
establish a secret key using a public-key scheme based on discrete logarithms. The protocol is secure
only if the authenticity of the two participants can be established.
15. Define elliptic curve arithmetic.
Elliptic curve arithmetic can be used to develop a variety of elliptic curve cryptography (ECC)
schemes, including key exchange, encryption, and digital signature. For purposes of ECC, elliptic
curve arithmetic involves the use of an elliptic curve equation defined over a finite field.The
coefficients and variables in the equation are elements of a finite field.
16. What is an elliptic curve?
An elliptic curve is defined by an equation in two variables with coefficients. y2 = x3 + ax + b
17. What is key distribution center?
A key distribution center is responsible for distributing keys to pairs of users such as hosts,
processes, applications. Each user must share a unique key with the key distribution center for
purposes of key distribution.
16
18. What is nonce?
Consider A issues a request to the KDC for a session key to protect a logical connection to B. The
message includes the identity of A and B and a unique identifier, N1, for this transaction, which we
refer to as nonce. The nonce may be a timestamp, a counter, or a random number.
19. Define session key.
Communication between end systems is encrypted using a temporary key, often referred to as a
session key.
20. Define master key.
Session keys are transmitted in encrypted form, using a master key that is shared by the key
distribution center and an end system or user.
21. List ways in which secret keys can be distributed to two communicating parties.
A can select a key and physically deliver it to B.
A third party can select the key and physically deliver it o A and B
If A and B have previously and recently used a key, one party can transmit the
new key to the other, encrypted using the old key
If A and B each has an encrypted connection to a third party C, C can deliver a key on the
encrypted links to A and B
22. List four general characteristics of schema for the distribution of the public key?
The four general characteristics for the distribution of the public key are
Public announcement
Publicly available directory
Public-key authority
Public-key certificate
23. What is a public key certificate?
The public key certificate is that used by participants to exchange keys without contacting a public
key authority, in a way that is as reliable as if the keys were obtained directly from the public-key
authority. Each certificate contains a public key and other information, is created by a certificate
authority, and is given to a participant with the matching private key.
24. What are essential ingredient of the public key directory?
The essential ingredient of the public key are as follows:
1. The authority maintains a directory with a {name, public key} entry for each participant
17
2. Each participant registers a public key with the directory authority.
3. A participant may replace the existing key with a new one at a time
4. Periodically, the authority publishes the entire directory or updates to the directory.
5. Participants could also access the directory electronically. For this purpose, secure, authenticated
communication from the authority to the participant is mandatory.
UNIT – III
1. What is message authentication?
It is a procedure that verifies whether the received message comes from assigned source has
not been altered. It uses message authentication codes, hash algorithms to authenticate the message.
2. Define the classes of message authentication function.
Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a fixed length
value.
Hash function: Some function that map a message of any length to fixed length which serves as
authentication.
3. What are the requirements for message authentication?
The requirements for message authentication are
Disclosure:
Traffic Analysis
Masquerade
Content modification
Sequence modification
Timing modification
Source repudiation
Destination repudiation
4. What you meant by hash function?
Hash function accept a variable size message M as input and produces a fixed size hash code H(M)
called as message digest as output. It is the variation on the message authentication code.
5. What is birthday attack?
It means that the opponent would have to try about 2(hash code size-1) messages to find one that matches
the hash code of the intercepted message. To avoid birthday attack, use the large MACs.
18
6. What are the properties of hash functions?
One way hash function
Weak collision resistance
Strong collision resistance
7. Differentiate MAC and Hash function?
MAC: In Message Authentication Code, the secret key shared by sender and receiver. The MAC is
appended to the message at the source at a time which the message is assumed or known to be
correct.
Hash Function: The hash value is appended to the message at the source at time when the message
is assumed or known to be correct. The hash function itself not considered to be secret.
8. Mention any three hash algorithm.
MD5 (Message Digest version 5) algorithm.
SHA_1 (Secure Hash Algorithm).
RIPEMD_160 algorithm.
9. What are the requirements of the hash function?
H can be applied to a block of data of any size. H produces a fixed length output. H(x) is relatively
easy to compute for any given x, making both hardware and software implementations practical.
10. What you meant by MAC?
MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed
length value called as MAC.
MAC = Ck(M)
Where M = variable length message
K = secret key shared by sender and receiver.
CK(M) = fixed length authenticator.
11. Define HMAC
HMAC stands for Hash-based Message Authentication Code. It has been chosen as a mandatory to
implement MAC for IP security and also used in Secure Socket Layer(SSL) protocol widely used on
the Internet.
12. What are the design objectives of HMAC?
To reuse the existing message digest algorithm such as MD5 and SHA-1
19
To allow easy replaceability of the embedded hash function in case faster or more secure hash
functions are found.
To preserve the original performance of hash function without degradation
To use and handle key in a simple way
To use authentication mechanism, which is cryptographically more strong.
13. What are the disadvantages of HMAC?
The problem of symmetric key exchange between two parties.
HMAC cannot be used if the number of receivers is greater than one.
If multiple parties share the symmetric key, the receiver has no way to detect from
whom the message is coming.
It creates, denial of service attack.
14. Differentiate internal and external error control.
Internal error control: In internal error control, an error detecting code also known as frame check
sequence or checksum.
External error control: In external error control, error detecting codes are appended after
encryption.
15. What is the meet in the middle attack?
This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the
composition of two functions such that the forward mapping of one through the first function is the
same as the inverse image of the other through the second function-quite literally meeting in the
middle of the composed function.
16. What is the role of compression function in hash function?
The hash algorithm involves repeated use of a compression function f, that takes two inputs and
produce a n-bit output. At the start of hashing the chaining variable has an initial value that is
specified as part of the algorithm. The final value of the chaining variable is the hash value usually
b>n; hence the term compression.
17. What are the design goals of MD4?
Security
Speed
Simplicity and compactness
Favour little endian architecture
20
18. Compare MD4 and MD5.
Points MD4 MD5
Number of rounds of 16
steps each
3 4
Use of additive constant t No additive constant for first round. The
same additive constant is sued for each of
the steps of second round; Another
additive constant is used for each of the
steps if third round
A different additive
constant is used for each
of the 64 steps.
Use of primitive logical
functions
Three, one for each round. Four, one for each round
Inclusion of result of the
previous step in each
round.
MD4 did not include this final addition Each step adds in the
result of the preceding
step.
19. Compare MD5 and SHA-1
Points MD5 SHA-1
Message digest length in bits 128 160
Attack to try and find the original
message for given message digest
Requires 2128 operations to
break in
Requires 2160 operations
to break in
Attack to try to find two messages
producing the same message digest
Requires 264 operations to
break in.
Requires 280 operations to
break in.
Successful attacks so far Similar message digest for
different messages and
pseudo collision
No such claims so far
Speed Faster(64 iterations, 128 bit
buffer)
slower(80 iterations, 160
bit buffer)
Software implementation Simple, does not need any
large programs or complex
tables.
Simple, does not need any
large programs or
complex tables.
21
20. Compare MD5, SHA-1, RIPEMD-160
Points MD5 SHA-1 RIPEMD-160
Digest length 128 bits 160 bits 160 bits
Basic unit of processing 512 bits 512 bits 512 bits
Number of steps 64 80 160
Maximum message size ∞ 264-1 264-1
Primitive logical functions 4 4 5
Additive constants used 64 4 9
Endianness Little endian Big endian Little endian
21. Define authentication protocols.
It is sued to convince parties of each other’s and to exchange session key. It may be one way
authentication or mutual authentication.
22. Define replay attack
A replay attack is one in which an attacker obtains a copy of an authenticated packet and later
transmits it to the intended destination. The receipt of duplicate, authenticated IP packets may
disrupt service in some way or may have some other undesired consequence.
23. Give examples of replay attack.
Simple replay attack
Repetition that can be logged
Repetition than cannot be detected
Backward replay without modification
24. What are the countermeasures for replay attack?
Use of sequence number
Use of timestamps
Challenge/response’
25. Define digital signature.
A digital signature is an authentication mechanism that enables the creator of a message to attach a
code that acts as a signature. Typically the signature is formed by taking the hash of the message and
encrypting the message with the creator’s private key. The signature guarantees the source and
integrity of the message.
22
26. What are the requirements of digital signature?
• The signature must be a bit pattern that depends on the message being signed.
• The signature must use some information unique to the sender to prevent both forgery and denial.
• It must be relatively easy to produce the digital signature.
• It must be relatively easy to recognize and verify the digital signature.
• It must be computationally infeasible to forge a digital signature, either by constructing a new
message for an existing digital signature or by constructing a fraudulent digital signature for a given
message.
• It must be practical to retain a copy of the digital signature in storage.
27. What are the properties a digital signature should have?
It must verify the author and the data and time of signature.
It must authenticate the contents at the time of signature.
It must be verifiable by third parties to resolve disputes.
28. What are the approaches of digital signature?
Direct digital signature
Arbitrated digital signature
29. Distinguish between direct and arbitrated digital signature?
Direct digital signature Arbitrated Digital Signature The direct digital signature involves only the
communicating parties. The arbiter plays a sensitive and crucial role in this digital signature. This
may be formed by encrypting the entire message with the sender’s private key. Every signed message
from a sender x to a receiver y goes first to an arbiter A, who subjects the message and its signature
to a number of tests to check its origin and content.
30. What requirements should a digital signature scheme should satisfy?
The signature must be bit pattern that depends on the message being signed. The signature must use
some information unique to the sender, to prevent both forgery and denial. It must be relatively easy
to produce the digital signature. It must be relatively easy to recognize and verify the digital
signature. It must be computationally infeasible to forge a digital signature, either by constructing a
new message for an existing digital signature or by constructing a fraudulent digital signature for a
given message. It must be practical to retain a copy of the digital signature in storage.
23
UNIT – IV
1. Define Kerberos.
Kerberos is an authentication service developed in which users at work stations wish to access
services on servers distributed throughout the network.
2. What are the requirements of Kerberos?
Secure
Reliable
Transparent
Scalable
3. Differentiate Kerberos Version 4 and 5(0r) What is the disadvantages of Version 4
Kerberos?
Kerberos Version 5 is intended to address the limitations of Kerberos Version 4.
• Environmental shortcomings
– Encryption system dependence
– Internet protocol dependence
– Message byte ordering
– Ticket lifetime
– Authentication forwarding
– Inter realm authentication
• Technical deficiencies
– Double encryption
– PCBC encryption
– Session keys
– Password attacks
4. What is realm?
A full service Kerberos environment consisting of a Kerberos server, a no. of clients, no.of application
server requires the following:
The Kerberos server must have user ID and hashed password of all participating users in its
database.
The Kerberos server must share a secret key with each server. Such an environment is
referred to as “Realm”.
24
5. Draw an X.509 message format.
6. What are the approaches are used in email security?
PGP(Pretty Good Privacy)
S/MIME(Simple/Multipurpose Internet Mail Extension)
7. Define PGP.
It provides a confidentiality and authentication service that can be usef for emal and file storage
applications.
8. What are the features of PGP?
Runs on variety of platforms under different vendors.
Based on popular and secure algorithms such as RSA, DSS, Diffie hellman.
It has a wide range of applicability and standardized schemes.
It was not developed and not controlled by the government or standards organization.
It is a Internet Standard.
9. What are the services provided by PGP services?
Digital signature
Message encryption
Compression
25
E-mail compatibility
Segmentation
10. Explain the reasons for using PGP?
a) It is available free worldwide in versions that run on a variety of platforms, including
DOS/windows, UNIX, Macintosh and many more.
b) It is based on algorithms that have survived extensive public review and are considered extremely
secure. E.g.) RSA, DSS and Diffie-Hellman for public key encryption, CAST-128,
IDEA, 3DES for conventional encryption, SHA-1for hash coding.
c) It has a wide range of applicability from corporations that wish to select and enforce a
standardized scheme for encrypting files and communication.
d) It was not developed by nor is it controlled by any governmental or standards organization.
11. Define email compatibility.
The process of converting the raw 8-bit binary stream to a stream of printable ASCII characters is
called email compatibility.
12. Why E-mail compatibility function in PGP needed?
Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this
restriction PGP provides the service converting the row 8- bit binary stream to a stream of printable
ASCII characters. The scheme used for this purpose is Radix-64 conversion.
13. Name any cryptographic keys used in PGP?
a) One-time session conventional keys.
b) Public keys.
c) Private keys.
d) Pass phrase based conventional keys.
14. Define key Identifier?
PGP assigns a key ID to each public key that is very high probability unique with a user ID. It is also
required for the PGP digital signature. The key ID associated with each public key consists of its least
significant 64bits.
15. What are components of PGP message?
Message component
Signature component
Session key component
26
16. Define public key ring.
The data structure is used to store public keys of users is referred as public key ring. It has the
following fields:
Timestamp
Key D
Public key
User ID
Owner trust
Key legitimacy
Signature
17. Define passphrase key.
The passphrase is a key generated from the passwords and it has a very short life time. Using this
key, 160-bit hash code is generated. After the hash code generation, the passphrase key is discarded.
18. List the limitations of SMTP/RFC 822?
a) SMTP cannot transmit executable files or binary objects.
b) It cannot transmit text data containing national language characters.
c) SMTP servers may reject mail message over certain size.
d) SMTP gateways cause problems while transmitting ASCII and EBCDIC.
e) SMTP gateways to X.400 E-mail network cannot handle non textual data included in X.400
messages.
19. Define S/MIME?
Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the MIME
Internet E-mail format standard, based on technology from RSA Data Security.
20. What are the elements of MIME?
Five new message header fields are defined which may be included in an RFC 822 header.
A number of content formats are defined.
Transfer encodings are defined that enable the conversion of any content format into a form
that is protected from alteration by the mail system.
21. What are the headers fields define in MME?
MIME version.
Content type.
27
Content transfer encoding.
Content id.
Content description.
22. What are the various MIME content types?
Text
Multipart
Message
Image
Video
Audio
Application
23. What are the various MIME encoding techniques?
7-bit
8-bit
Binary
Quoted printable
Base64
x-token
24. What are the functions of S/MIME?
Enveloped data
Signed data
Clear-signed data
Signed and enveloped data
25. What are the key algorithms used in S/MIME?
Digital signature standards.
Diffi Hellman.
RSA algorithm.
26. Give the steps for preparing envelope data MIME?
Generate Ks.
Encrypt Ks using recipient’s public key.
28
RSA algorithm used for encryption.
Prepare the ‘recipient info block’.
Encrypt the message using Ks.
27. What are the function areas of IP security?
Authentication
Confidentiality
Key management.
28. Give the application of IP security?
Provide secure communication across private & public LAN.
Secure remote access over the Internet.
Secure communication to other organization.
29. Give the benefits of IP security?
It provides strong security that can be applied to all traffic crossing the perimeter.
IPsec in a firewall is resistant to bypass if all traffic from the outside must use IP and the
firewall is the only means of entrance from the Internet into the organization.
IPsec is below the transport layer (TCP, UDP) and so is transparent to applications.
IPsec can be transparent to end users.
IPsec can provide security for individual users if needed.
30. What are the protocols used to provide IP security?
Authentication header (AH) protocol.
Encapsulating Security Payload(ESP).
31. Specify the IP security services?
Access control.
Connectionless interpretty.
Data origin authentication
Rejection of replayed packet.
Confidentiality.
Limited traffic for Confidentiality.
29
32. What do you mean by Security Association? Specify the parameters that identifies the
Security Association?
An association is a one-way relationship between a sender and receiver that affords security services
to the traffic carried on. A key concept that appears in both the authentication and confidentiality
mechanism for ip is the security association (SA). A security Association is uniquely identified by 3
parameters:
Security Parameter Index (SPI).
IP Destination Address.
Security Protocol Identifier.
33. What do you mean by Reply Attack?
A replay attack is one in which an attacker obtains a copy of an authenticated packet and later
transmits it to the intended destination. Each time a packet is send the sequence number is
incremented.
34. Explain man in the middle attack?
If A and B exchange message, means E intercept the message and receive the B’s public key and b’s
userId,E sends its own message with its own public key and b’s userID based on the private key and
Y.B compute the secret key and A compute k2 based on private key of A and Y
35. Steps involved in SS L required protocol?
1. SSL record protocol takes application data as input and fragments it.
2. Apply lossless Compression algorithm.
3. Compute MAC for compressed data.
4. MAC and compression message is encrypted using conventional alg.
36. What is mean by SET? What are the features of SET?
Secure Electronic Transaction (SET) is an open encryption and security specification designed to
protect credit card transaction on the internet. Features are:
1. Confidentiality of information
2. Integrity of data
3. Cardholder account authentication
4. Merchant authentication
37. What are the steps involved in SET Transaction?
1. The customer opens an account
30
2. The customer receives a certificate
3. Merchants have their own certificate
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant requests payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or services.
10. The merchant requests payment.
38. What is dual signature? What it is purpose?
The purpose of the dual signature is to link two messages that intended for two different recipients.
39. Compare SET and SSL.
Issues SSL SET
Aim Exchange of data in an encrypted form e-commerce related payment
mechanism
Certification Two parties xexchange certificates All the involved parties must be
certifiesd bya a trusted third party
Authentication Mechanism in place, but not very
strong
Strong mechanisnm for
authenticating all the parties
inmvolved
Risk of merchant fraud Possible: since customer gives
financial data to merchant
Customer gives financial data to
payment gateway.
Risk of customer fraud Possible: no mechanisms exist if a
customer refuses to pya later
Customer has to sign paymet
instructions.
Action in case of
customer fraud
Merchant is liable Payment gateway is liable
Practical usage High Low at the moment. Expected to
grow
31
UNIT – V
1. Define intruders.
Intruder is an individual who gains or attempts to gain, unauthorized access to a computer system o
to gain unauthorized privileges on that system. It is also referred to as hacker or cracker.
2. List the 3 classes of intruder?
Masquerader
Misfeasor
Clandestine user
3. Name the intrusion techniques.
One way function
Access control
4. What are the merits of intrusion detection system(IDS)?
If an intrusion is detected quickly enough, the intruder can be identified and ejected from the
system before any damage is done or any data are compromised.
An effective intrusion detection system can serve as a deterrent, so acting to prevent
Intrusions.
Intrusion detection enables the collection of information about intrusion
5. What are the approaches of Intrusion detection techniques?
Statistical anomaly detection
o Threshold detection
o Profile based
Rule based detection
o Anomaly detection
o Penetration identification
6. Define audit records. What are the types?
A fundamental tool for intrusion detection is the audit record. Some record of ongoing activity by
users must be maintained as input to an intrusion detection system.
The types are:
Native audit records
Detection-specific audit records
32
7. Compare Native audit records, Detection-specific audit records
Native audit records Detection-specific audit records
Definition Virtually all multiuser operating
systems include accounting software
that collects information on user
activity
A collection facility can be implemented
that generates audit records containing
only that information required by the
intrusion detection system
Advantage no additional collection software is
needed
vendor independent and ported to a
variety of systems
Disadvantage native audit records may not contain
the needed information or may not
contain it in a convenient form
extra overhead
8. What are the field are there in audit records?
Subject
Action
Object
Exception-Condition
Resource-Usage
Time-Stamp
9. What are the components of distributed intrusion detection?
Host agent module
LAN monitor agent module
Central manager module
10. Define honeypot.
Honeypots are decoy systems that are designed to lure a potential attacker away from critical
systems. Honeypots are designed to
• divert an attacker from accessing critical systems
• collect information about the attacker’s activity
• encourage the attacker to stay on the system long enough for administrators
to respond
33
11. What are the techniques are used in password selection strategies?
• User education
• Computer-generated passwords
• Reactive password checking
• Proactive password checking
12. Define virus. Specify the types of viruses?
A virus is a program that can infect other program by modifying them the modification includes a
copy of the virus program, which can then go on to infect other program.
13. Define Malicious software (or) malware
Malicious software is software that is intentionally included or inserted in a system for a harmful
purpose.
14. Define worm.
A worm is a program that can replicate itself and send copies from computer to computer across
network connections. Upon arrival, the worm may be activated to replicate and propagate again. In
addition to propagation, the worm usually performs some unwanted function.
15. Give an example for worms.
• Morris worm
• Code red worm
• Nimda
16. Define Dos.
A denial of service (DoS) attack is an attempt to prevent legitimate users of a service from using that
service.
17. Define DDoS.
A distributed denial of service attack is launched from multiple coordinated sources.
18. Define Logic bomb
A program inserted into software by an intruder. A logic bomb lies dormant until a predefined
condition is met; the program then triggers an unauthorized act.
19. Define Trojan horse
A computer program that appears to have a useful function, but also has a hidden and potentially
malicious function that evades security mechanisms, sometimes by exploiting legitimate
authorizations of a system entity that invokes the Trojan horse program.
34
20. Define Backdoor (trapdoor)
Any mechanism that bypasses a normal security check; it may allow unauthorized access to
functionality.
21. Define Zombie
Program activated on an infected machine that is activated to launch attacks on other machines.
22. What are the types of virus?
1) Parasitic virus
2) Memory-resident virus
3) Boot sector virus
4) Stealth virus
5) Polymorphic virus
23. What are the parts of virus?
• Infection mechanism
• Trigger
• Payload
24. What are the various phases of virus?
• Dormant phase
• Propagation phase
• Triggering phase
• Execution phase
25. What are the methods are used in Antivirus Techniques?
• Generic decryption
• Digital immune system
• Behavior-blocking software
26. Define firewall.
A firewall forms a barrier through which the traffic going in each direction must pass. A firewall
security policy dictates which traffic is authorized to pass in each direction. A firewall may be
designed to operate as a filter at the level of IP packets, or may operate at a higher protocol layer.
27. What are the characteristics of firewall?
1. All traffic from inside to outside, and vice versa, must pass through the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
35
3. The firewall itself is immune to penetration.
28. What is the scope of firewalls?
1. A firewall defines a single choke point that keeps unauthorized users out of the protected network,
prohibits potentially vulnerable services from entering or leaving the network, and provides
protection from various kinds of IP spoofing and routing attacks.
2. A firewall provides a location for monitoring security-related events. Audits and alarms can be
implemented on the firewall system.
3. A firewall is a convenient platform for several Internet functions that are not security related.
4. A firewall can serve as the platform for IPsec.
29. What are the limitations of firewalls?
1. The firewall cannot protect against attacks that bypass the firewall.
2. The firewall may not protect fully against internal threats
3. It cannot protect against the transfer of virus infected programs or files
30. What are the types of firewall?
• Packet filtering firewall
• Application level gateways
• Circuit level gateways
31. What is application level gateway?
An application level gateway also called a proxy server; act as a relay of application-level traffic. The
user contacts the gateway using a TCP\IP application, such as Telnet or FTP, and the gateway asks
the user for the name of the remote host to be accessed.
32. Define bastion host.
A bastion host is a system identified by the firewall administrator as a critical strong point in the
network’s security.
33. What are the characteristics of bastion host?
• The bastion host hardware platform executes a secure version of its operating system, making it a
hardened system.
• Only the services that the network administrator considers essential are installed on the bastion
host. These could include proxy applications for DNS, FTP, HTTP, and SMTP.
36
• The bastion host may require additional authentication before a user is allowed access to the proxy
services. In addition, each proxy service may require its own authentication before granting user
access.
• Each proxy is configured to support only a subset of the standard application’s command set.
• Each proxy is configured to allow access only to specific host systems. This means that the limited
command/feature set may be applied only to a subset of systems on the protected network
• Each proxy maintains detailed audit information by logging all traffic, each connection, and the
duration of each connection.
• Each proxy module is a very small software package specifically designed for network security.
• Each proxy is independent of other proxies on the bastion host.
• A proxy generally performs no disk access other than to read its initial configuration file.
• Each proxy runs as a non-privileged user in a private and secured directory on the bastion host.
34. Define trusted system.
It is used to improve the ability of s system to protect against intruders and malicious programs or
software threats.
35. Define access matrix.
It is a general method of access control for both file and database managamenet system. The basic
elemenst are:
• Subject
• Object
• Access right
36. Compare access control list & capability list.
Access control list: For each object, an access control list, lists subjects and their permitted access
rights.
Capability list: It specifies authorized objects and operations for a user or object. Each subject has a
number of tickets and may be authorized to loan or give them to others.
37. Define reference monitor.
It is a controlling element in the hardware and operating system of a computer that regulates the
access of subjects to objects on the basis of security policies of the subject and object. It has access to
a file known as the security kernel database.
------------------------- ALL THE BEST ----------------------
