COMPUTER SCIENCE AND ENGINEERING

YEAR OF
NETWORK SECURITY CATEGORY L T P CREDIT INTRODUCTION
CST434
PROTOCOLS
PEC 2 1 0 3 2019

Preamble: This course helps the learners to explore various network and system security
protocols. This course covers authentication protocols, firewalls and security protocols from
different layers such as data link, network, transport and application. The concepts covered in
this course enable the learners in effective use of security protocols for securing network
applications.

Prerequisite: A fundamental knowledge in the concepts of Security in Computing.

Course Outcomes: After the completion of the course, the student will be able to

CO1 Explain authentication protocols, X.509 authentication service and Public

Key Infrastructure (PKI).(Cognitive Knowledge Level: Understand)
CO2 Identify the security mechanisms in E mail security services. (Cognitive
Knowledge Level: Understand)
CO3 Summarize the network and transport layer security services provided in a
secure communication scenario. (Cognitive Knowledge Level: Apply)
CO4 Describe real time communication security and application layer security
protocols. (Cognitive Knowledge Level: Apply)
CO5 Explain the concepts of firewalls and wireless network security. (Cognitive
Knowledge Level: Understand)

Mapping of course outcomes with program outcomes

PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

CO1

CO2

CO3

CO4

CO5
 COMPUTER SCIENCE AND ENGINEERING

Abstract POs defined by National Board of Accreditation

PO# Broad PO PO# Broad PO

PO1 Engineering Knowledge PO7 Environment and Sustainability

PO2 Problem Analysis PO8 Ethics

PO3 Design/Development of solutions PO9 Individual and team work

PO4 Conduct investigations of complex problems PO10 Communication

PO5 Modern tool usage PO11 Project Management and Finance

PO6 The Engineer and Society PO12 Life long learning

Assessment Pattern

End Semester
Bloom’s Category Test 1 (%) Test 2 (%)
Examination (%)
Remember 20 20 20
Understand 50 50 50
Apply 30 30 30
Analyse
Evaluate
Create

Mark Distribution

Total Marks CIE Marks ESE Marks ESE Duration

150 50 100 3

Continuous Internal Evaluation Pattern:

Attendance : 10 marks
Continuous Assessment Test : 25 marks
Continuous Assessment Assignment : 15 marks
 COMPUTER SCIENCE AND ENGINEERING

Internal Examination Pattern:

Each of the two internal examinations has to be conducted out of 50 marks. First series test
shall be preferably conducted after completing the first half of the syllabus and the second
series test shall be preferably conducted after completing remaining part of the syllabus. There
will be two parts: Part A and Part B. Part A contains 5 questions (preferably, 2 questions each
from the completed modules and 1 question from the partly completed module), having 3
marks for each question adding up to 15 marks for part A. Students should answer all
questions from Part A. Part B contains 7 questions (preferably, 3 questions each from the
completed modules and 1 question from the partly completed module), each with 7 marks. Out
of the 7 questions, a student should answer any 5.

End Semester Examination Pattern:

There will be two parts; Part A and Part B. Part A contains 10 questions with 2 questions from
each module, having 3 marks for each question. Students should answer all questions. Part B
contains 2 questions from each module of which a student should answer any one. Each
question can have maximum 2 sub-divisions and carries 14 marks.

Syllabus

Module-1 (Authentication Protocols)

Authentication Protocols – Mutual authentication, One way authentication. Kerberos –
Kerberos Version 4, Kerberos Version 5. X.509 Authentication service. Public Key
Infrastructure (PKI) – Trust models, Revocation.

Module-2 (E-mail Security)

Pretty Good Privacy (PGP) – Operational Description, Cryptographic keys and key rings,
Message format, PGP message generation, PGP message reception, Public key management.
S/MIME – Functionality, Messages, Certificate processing, Enhanced security services.

Module-3 (Network Layer Security and Web Security)

Internet Protocol Security (IPSec) – Overview, IP security architecture, Authentication
Header (AH), Encapsulating Security Payload (ESP), Combining Security Associations, Key
management. Internet Key Exchange (IKE) - Phases. Web Security – Web security
considerations. Secure Socket Layer and Transport Layer Security (SSL/TLS) – SSL
Architecture, SSL protocols, Cryptographic computations, Transport layer security.
 COMPUTER SCIENCE AND ENGINEERING

Module-4 (Real-time Security and Application Layer Security)

Real-time communication security – Perfect Forward Secrecy (PFS), Denial-of-Service
protection, Endpoint identifier hiding, Live partner reassurance. Hypertext Transfer Protocol
Secure (HTTPS) – Connection initiation, Closure. Secure Shell (SSH) – Transport layer
protocol, User authentication protocol, Connection protocol. Secure Electronic Transaction
(SET) – Overview, Features, Participants, Dual signature, Payment processing.

Module-5 (System Security and Wireless Security)

Firewalls – Firewall characteristics, Types of Firewalls, Firewall configurations, Encrypted
Tunnels, Trusted systems – Data access control, The concept of Trusted Systems, Trojan
horse defense. IEEE 802.11i wireless LAN security - Services, Phases of operation, Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2.

Text Books
1. William Stallings, Cryptography and Network Security Principles and Practice, 4/e,
Pearson Ed.
2. C. Kaufman, R. Perlman and M. Speciner, “Network Security: Private Communication in a
Public World”, 2/e, PHI.

References
1. Behrouz A. Forouzan, DebdeepMukhopadhyay, “Cryptography and Network Security”, 3/e,
Tata McGraw Hill.
2. Tyler Wrightson, “Wireless Network Security A Beginner’s Guide”, 2012, Tata McGraw Hill.
3. William Stallings, “Network Security Essentials: Applications and Standards”, 4/e, Prentice
Hall.
4. Schiller J., Mobile Communications, 2/e, Pearson Education.
5. Roberta Bragg et. al., “Network Security: The Complete Reference”, Tata McGraw Hill

Sample Course Level Assessment Questions

Course Outcome 1 (CO1):
1. Identify the threats associated with user authentication over a network or Internet.
2. In the context of Kerberos, mention the significance of a realm.
Course Outcome 2 (CO2):
1. Mention the use of R64 conversion for an e-mail application.
2. Give the general structure of Private and Public Key rings in PGP.
Course Outcome 3 (CO3):
1. In AH protocol, identify the fields in an IP header which are included in MAC
calculation. For each of the fields in the IP header, indicate whether the field is
immutable, mutable but predictable, or mutable. Justify your decision for each
field.
 COMPUTER SCIENCE AND ENGINEERING

2. Is it possible for the receiver to reorder SSL record blocks that arrive out of order?
If so, explain how it can be done. If not, why?
Course Outcome 4 (CO4):
1. Devise a protocol based on a pre-shared secret key that hides identities and gives
Perfect Forward Secrecy (PFS) for identity hiding. Make two variants, one in
which an active attacker can learn only the initiator’s identity, and one in which an
active attacker can learn only the target’s identity.
2. Explain the tasks performed by the payment gateway during Payment
Authorization in SET.
Course Outcome 5 (CO5):
1. List the weaknesses of a packet-filtering router.
2. Give the relevance of pair wise keys and group keys in IEEE 802.11i.
3. State the design goals of firewalls.

Model Question Paper

QP CODE: PAGES: ___

Reg No:_______________
Name:_________________

APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY

EIGHTH SEMESTER B.TECH DEGREE EXAMINATION, MONTH & YEAR

Course Code: CST434

Course Name: NETWORK SECURITY PROTOCOLS

Max Marks: 100 Duration: 3 Hours

PART A
(Answer All Questions. Each question carries 3 marks)
1. List any three requirements of Kerberos.

2. Specify the significance of key pair recovery. When is the key pair updated?

3. Why does PGP generate signature before applying compression?

4. List the four principal services provided by S/MIME.

5. Explain the significance of Alert protocol in SSL and list out any three Alert
messages with their uses.

6. Specify the purpose of MAC during the change cipher spec TLS exchange.
 COMPUTER SCIENCE AND ENGINEERING

7. What is the advantage, if any, of not including the MAC in the scope of packet
encryption in SSH packets?

8. Givethe significance of dual signature in SET.

9. List the IEEE 802.11i services.

10. How is the concept of association related to that of mobility in wireless

networks? (10x3=30)

Part B
(Answer any one question from each module. Each question carries 14
Marks)

11. (a) Describe the requirements for a public-key certificate scheme. (8)

(b) Explain the significance of chain of certificates. (6)

OR
12. (a) Specify the purpose of the X.509 standard. How is an X.509 certificate
revoked? (8)

(b) Describe the management functions of a PKI. What is a cross certificate? (6)

13. (a) List the services provided by PGP and explain how authentication and (8)
confidentiality are provided.

(b) Explain the functionalities provided by S/MIME. (6)

OR
14. (a) Give the format of a PGP message and specify the significance of each (8)
field in the message.

(b) Explain the enhanced security services provided in S/MIME. (6)

15. (a) Explain the parameters that identify an SSL session state. (8)

(b) Differentiate between transport mode and tunnel mode in IPSec. (6)

OR
16. (a) The IPsec architecture document states that when two transport mode SAs (8)
arebundled to allow both AH and ESP protocols on the same end-to-end
flow, only one ordering of security protocols seems appropriate: performing
the ESP protocol before performing the AH protocol. Why is this approach
 COMPUTER SCIENCE AND ENGINEERING

recommended rather than authentication before encryption?

(b) List and explain the purpose each Alert Codes supported by SSL. (6)

17. (a) Illustrate the significance ofperfect forward secrecy. (6)

(b) Explain the key features provided by SET. (8)

OR

18. (a) List and explain the SSH protocols. (8)

(b) “The HTTPS capability is built into all modern web browsers”. Justify. (6)

19. (a) Explain the phases of operations in IEEE 802.11i. (8)

(b) Give the significances of Encrypted Tunnels (6)

OR
20. (a) Compare the features of three types of firewalls. (8)

(b) Compare the Wireless LAN protocols WEP, WPA and WPA2 (6)

TEACHING PLAN

No Contents No.of
Lecture
Hours
(35 Hrs)

Module-1 (Authentication Protocols)(7hrs)

1.1 Authentication Protocols – Mutual authentication, One way 1
authentication
1.2 Kerberos –Version 4 1
1.4 Differences between Kerberos Version 4 and Version 5, Kerberos 1
Version 5
1.5 X.509 Authentication service – Certificates, Authentication 1
Procedures, X.509 Version 3
1.6 Public Key Infrastructure (PKI) – Trust models 1

1.7 Public Key Infrastructure (PKI) – Revocation 1

 COMPUTER SCIENCE AND ENGINEERING

Module-2 (E-mail Security) (6 hrs)

1
2.1 Pretty Good Privacy (PGP) – Operational Description

Cryptographic keys and key rings, Message format 1

2.2
2.3 PGP message generation, PGP message reception 1
2.4 PGP -Public key management 1
2.5 S/MIME – Overview of MIME, Functionality, Messages 1

2.6 S/MIME - Certificate processing, Enhanced security services 1

Module-3 (Network Layer Security and Web Security)(8 hrs)

3.1 Internet Protocol Security (IPSec) – Overview, IP security 1

architecture
3.2 Authentication Header (AH) 1
3.3 Encapsulating Security Payload (ESP) 1
3.4 Combining Security Associations, Key management 1
3.5 Internet Key Exchange (IKE) – Phases 1
3.6 Web Security – Web security considerations. Secure Socket 1
Layer and Transport Layer Security (SSL/TLS) – SSL
Architecture
3.7 SSL Protocols - Record Protocol, Change Cipher Spec Protocol, 1
Alert Protocol
3.8 SSL Handshake Protocol, Cryptographic computations, 1
Transport Layer Security

Module-4 (Real-time Security and Application Layer Security) (8hrs)

4.1 Real-time communication security – Perfect Forward Secrecy 1

(PFS)

4.2 Denial-of-Service protection, Endpoint identifier hiding, Live 1

partner reassurance
Hypertext Transfer Protocol Secure (HTTPS) – Connection 1
4.3
initiation, Closure
4.4 Secure Shell (SSH) – Transport layer protocol 1
4.5 User authentication protocol 1
 COMPUTER SCIENCE AND ENGINEERING

4.6 Connection protocol 1

4.7 Secure Electronic Transaction (SET) – Overview, Features, 1
Participants
4.8 Dual signature, Payment processing 1

Module-5 (System Security and Wireless Security) (6 hrs)

Firewalls – Firewall characteristics, Types of Firewalls 1

5.1

5.2 Firewalls – Firewall configurations, Encrypted Tunnels 1

5.3 Trusted systems – Data Access Control, The Concept of Trusted 1

Systems, Trojan Horse Defense
5.4 IEEE 802.11i wireless LAN security - Services, Phases of 1
operation
5.5 Wired Equivalent Privacy (WEP) 1
5.6 Wi-Fi Protected Access (WPA), WPA2 1