Formatted: Strikethrough

SCHOOL OF COMPUTING AND ENGINEERING SCIENCES (SCES)

BBITICS

END OF SEMESTER EXAMINATION MARKING GUIDE

BBT 4201ICS 3201 CRYPTOGRAPHY AND NETWORK SECURITYCOMPUTER SECURITY

AND CRYPTOGRAPHY

DATE: 20th January 2022 Formatted: Superscript

Time: 2 Hours

Instructions
1. This examination consists of FIVE questions.
2. Answer Question ONE (COMPULSORY) and any other TWO questions.

Question 1 (20 Marks)

(a) Network security as indeed all information system security revolves around the 3 key
principles of Confidentiality, Integrity and Availability. Explain each of these principles.
Give ONE example of a possible attack against each. Explain a possible countermeasure
against the attack identified. (6 Marks)
Confidentiality: preventing the unauthorized disclosure of sensitive information.
Possible attacks:
Possible countermeasure: encryption
Integrity: preventing the modification of information by unauthorized users, preventing the unauthorized or
unintentional modification of information by authorized users, preserving the internal and external
consistency.
Possible attack:
Possible countermeasure: hashing
Availability: a system’s authorized users should have timely and uninterrupted access to the information in the
system and to the network.
Possible attack: DOS attack
Countermeasure: building redundancy
(b) Explain what makes ideal block ciphers impractical. (4 Marks)
Small block size: equivalent to classical substitution cipher; cryptanalysis based on statistical characteristics
feasible.
Large block size: key must be very large; performance/implementation problems.
(c) Diffusion and Confusion are the two cornerstones of block cipher design. Explain the
concepts of diffusion and confusion as used in DES. (4 Marks)
Diffusion: a change in any plaintext bit must propagate out to as many ciphertext bits as possible.
Confusion: the relationship between the encryption key and the ciphertext must be as complex as possible.
(d) Discuss the Feistel Structure for Block ciphers. (6 Marks)
The input block to each round is divided into two halves, L and R.
In each round, the right half of the block, R, goes through unchanged. But the left half, L, goes through an operation
that depends on R and the encryption key. The operation carried out on the left half L is referred to as the Feistel
Function.
The permutation step at the end of each round consists of swapping the modified L and R. Therefore, the L for the next
round would be R of the current round. And R for the next round be the output L of the current round.

Question 2 (20 Marks)

(a) There exist various types of cryptanalytic attacks based on the amount of information known
to the cryptanalyst, from least to most. Explain the attacks ciphertext only, known plaintext,
chosen plaintext and chosen ciphertext attacks, giving plausible examples. (8 Marks)
Cipher text only attack: attacker has access to only the cipher text
Known-plaintext attack: cipher text and the corresponding plaintext known for example if the participants
begin by sending hello.
Chosen plaintext attack: cipher text corresponding to plain text of attacker’s choice for example the attacker
typing at the terminal
Chosen ciphertext attack: get the parties to decrypt a cipher text attacker has chosen.
(b) Using a diagram, explain the FIVE ingredients of a symmetric cipher model (5 Marks)
Plaintext: original message
Encryption algorithm: performs substitutions/transformations on plaintext
Secret key: control exact substitutions/transformations used in encryption algorithm
Ciphertext: scrambled message
Decryption algorithm: inverse of encryption algorithm.
(c) Distinguish between the following: (4 Marks)
Substitution versus transposition:
Substitution: each element in the plaintext is mapped to another element.
Transposition: elements in the plaintext are re-arranged.
Block versus stream ciphers:
Block: produces output block for each input block
Stream: input elements are processed continuously, producing one output element at a time.
(d) The one-time pad offers complete security but, in practice, has two fundamental difficulties.
What is the one-time pad? Explain these difficulties. (3 Marks)
(e) There is the practical problem of making large quantities of random keys.
The problem of key distribution and protection, where for every message to be sent, a key of equal length is
needed by both sender and receiver.
Keys as long as the message and random. Key used once and discarded.
(d) Formatted: Outline numbered + Level: 1 +
Numbering Style: a, b, c, … + Start at: 1 +
Question 3 (20 Marks) Alignment: Left + Aligned at: 0.25" + Tab after:
(a) Using a diagram, explain the DES encryption and decryption algorithm. Details are not 0.5" + Indent at: 0.5"
necessary. (10 Marks)
(b) Explain the goals of message authentication. (3 Marks)
Protecting the integrity of a message
Validating identity of the originator
Non-repudiation of origin
(c) Differentiate between a MAC and a hash function. (4 Marks)
MAC
A cryptographic checksum
MAC = CK (M)
It condenses a variable-length message M using a secret key K to a fixed-size authenticator.
Hash Functions
Condenses arbitrary messages to fixed size h = H (M). Hash used to detect changes to message.
(d) Explain the birthday attack. (3 Marks)
Opponent generates 2 m/2 variations of a valid message all with essentially the same meaning. Opponent also
generates 2 m/2 variations of a desired fraudulent message. Two sets of messages are compared to find pair
with the same hash (probability > 0.5 by birthday paradox). Have user sign the valid message, then substitute
the forgery which will have a valid signature. Solve by using larger MAC/hash.

Question 4 (20 Marks)

 a) While the standard TCP/IP protocol simply sends unauthenticated, error-free stream of
information between 2 computers, SSL adds numerous features to that stream. Explain any
FOUR such additions. (8 Marks)
Authentication of the server using digital signatures
Authentication of the client
Data confidentiality through encryption
Data integrity using MACs
b) Using an illustration, sketch and explain the SSL Architecture. (8 Marks)
Include in the diagram:
1. SSL Handshake protocol
2. SSL change cipher spec protocol
3. SSL Alert protocol
4. SSL Record Protocol

The SSL Record Protocol provides basic security services to various higher-layer protocols. 3
higher-layer protocols are also defined as part of SSL: the handshake protocol, change cipher spec
protocol, and alert protocol. These SSL specific protocols are used in the management of SSL
exchanges.
c) Differentiate between a connection and a session as used in SSL. (4 Marks)
A connection is a transient, peer-to-peer, communications link associated with 1 SSL session.
A session is an association between client and server created by the handshake protocol. It defines a
set of cryptographic parameters. It may be shared by multiple SSL connections.

Question 5 (20 Marks)

a. What is the main purpose of Pretty Good Privacy (PGP)? (2 Marks)
The main purpose of Pretty Good Privacy (PGP) is an open source, freely available software package for
email security. It provides confidentiality and authentication in E-mail communication.
b. Describe the FIVE main services provided by PGP and mention the algorithms that are used
to implement each service. (8 Marks)
Authentication through the use of digital signatures
RSA
Diffie-Hellman
SHA
MD5
Confidentiality through the use of symmetric block encryption
CAST
Triple-DES
IDEA
Compression using the ZIP algorithm
E-mail compatibility using the radix-64 encoding scheme
Segmentation and reassembly to accommodate long e-mails
c. Alice has put up a request for tenders for a relatively expensive contract. Alice would like to
store the unencrypted versions of the responses together with their signatures, so that, if
required in future, she can always prove that the message actually originated from the
respective company. As a consequence, Alice has requested potential respondents to sign
their submissions using Pretty Good Privacy (PGP). Bob represents a company that has
prepared a confidential document as a response to the tender. Bob fears that her his
communication to Alice may be intercepted by Mallory--one of his competitors. Therefore,
he would like to encrypt the contents of his submission documents so that only Alice can read
 them. Describe how PGP would implement these requirements (authentication and
encryption).
(Illustrate your answer by numbering the steps that PGP follows at both sides: encryption at the
sender and decryption by the recipient.) (10 Marks)
1. Sender creates a message
2. Use SHA-1 to generate 160-bit hash of message
3. Hash of the message is encrypted with RSA using private Key of sender and is
prepended to message
4. The resultant is zipped
5. Sender generates a one-time session key
6. Sender encrypts message using 3DES/IDEA/CAST-128 with session key
7. Sender encrypts the session key with RSA using recipient’s public key and prepends
it to the encrypted message.
8. Receiver uses RSA with its private key to decrypt and recover session key
9. The session key is used to decrypt the message
10. Receiver uses RSA with sender’s public key to decrypt and recover hash code
11. Receiver generates a new hash code for the message and compares it with the
decrypted hash code