Model Question Paper

QP CODE: PAGES: ___

Reg No:_______________
Name:_________________
APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY
EIGHTH SEMESTER B.TECH DEGREE EXAMINATION, MONTH & YEAR
Course Code: CST434
Course Name: NETWORK SECURITY PROTOCOLS
Max Marks: 100 Duration: 3 Hours
PART A

(Answer All Questions. Each question carries 3 marks)

1. List any three requirements of Kerberos.

Ans: Kerberos Requirements

• Secure – no masquerading.
• Reliable – distributed server architecture.
• Transparent – user unaware authentication is taking place.
• Scalable – support large number of clients and servers.

2. Specify the significance of key pair recovery. When is the key pair updated?

Ans: Key pairs can be used to support digital signature creation and verification, encryption
and decryption, or both. When a key pair is used for encryption/decryption, it is important to
provide a mechanism to recover the necessary decryption keys when normal access to the
keying material is no longer possible, otherwise it will not be possible to recover the encrypted
data. Loss of access to the decryption key can result from forgotten passwords/PINs, corrupted
disk drives, damage to hardware tokens, and so on. Key pair recovery allows end entities to
restore their encryption/decryption key pair from an authorized key backup facility

3. Why does PGP generate signature before applying compression?

Ans: The signature is generated before compression for two reasons:

(a) It is preferable to sign an uncompressed message so it is free of the need for a

compression algorithm for later verification.

(b) Compression is non deterministic : Different version of PGP produce different

compressed forms.

4. List the four principal services provided by S/MIME.

Ans:
1. Enveloped data: This consists of encrypted content of any type and encrypted-content
encryption keys for one or more recipients.
 2. Signed data: A digital signature is formed by taking the message digest of the content to
be signed and then encrypting that with the private key of the signer. The content plus
signature are then encoded using base64 encoding. A signed data message can only be
viewed by a recipient with S/MIME capability.
3. Clear-signed data: As with signed data, a digital signature of the content is formed.
However, in this case, only the digital signature is encoded using base64. As a result,
recipients without S/MIME capability can view the message content, although they
cannot verify the signature.
4. Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so
that encrypted data may be signed and signed data or clear-signed data may be
encrypted.

5. Explain the significance of Alert protocol in SSL and list out any three Alert messages with
their uses.

Ans: The Alert Protocol is used to convey SSL-related alerts to the peer entity.
Each message in this protocol consists of two bytes.

The first byte takes the value warning(1) or fatal(2) to convey the severity of the message. If the
level is fatal, SSL immediately terminates the connection. Other connections on the same
session may continue, but no new connections on this session may be established. The second
byte contains a code that indicates the specific alert.

Examples (Any 3):

Fatal Alerts
● unexpected_message: An inappropriate message was received.
● bad_record_mac: An incorrect MAC was received.
● decompression_failure: The decompression function received improper input
● handshake_failure: Sender was unable to negotiate an acceptable set of security parameters
given the options available.
● illegal_parameter: A field in a handshake message was out of range or inconsistent with
other fields.

Warning Alerts
● close_notify: Notifies the recipient that the sender will not send any more messages on this
connection. Each party is required to send a close_notify alert before closing the write side of a
connection.
● no_certificate: May be sent in response to a certificate request if no appropriate certificate is
available.
● bad_certificate: A received certificate was corrupt (e.g., contained a signature that did not
verify).
● unsupported_certificate: The type of the received certificate is not supported.
● certificate_revoked: A certificate has been revoked by its signer.
● certificate_expired: A certificate has expired.
● certificate_unknown: Some other unspecified issue arose in processing the certificate,
rendering it unacceptable.

6. Specify the purpose of MAC during the change cipher spec TLS exchange.

Ans: The “Change Cipher Spec” message lets the other party know that it has generated the
session key and is going to switch to encrypted communication. The “Finished” message is then
sent to indicate that the handshake is complete on the client side.

MAC protects the integrity of the first set of messages where the cookies and crypto suite
information is exchanged. This will prevent a man in the middle (MITM) attack in step 1 for
instance, where someone can suppress the original message and send a weaker set of crypto
suites.

7. What is the advantage, if any, of not including the MAC in the scope of packet encryption
in SSH packets?

Ans: The advantage of not including the MAC in the scope of the packet encryption is that it
allows for faster detection of packet tampering or corruption.

8. Give the significance of dual signature in SET.

Ans: The purpose of the dual signature is to link two messages that are intended for two
different recipients. In SET, the customer wants to send the order information (OI) to the
merchant and the payment information (PI) to the bank. The merchant does not need to know
the customer's credit card number, and the bank does not need to know the details of the
customer's order. The customer is afforded extra protection in terms of privacy by keeping
these two items separate. However, the two items must be linked in a way that can be used to
resolve disputes if necessary. The link is needed so that the customer can prove that this
payment is intended for this order and not for some other goods or service.

Figure shows the construction of Dual Signature in SET.

9. List the IEEE 802.11i services.

Ans: The 802.11i RSN security specification defines the following services.

1. Authentication: A protocol is used to define an exchange between a user and an AS that

provides mutual authentication and generates temporary keys to be used between the
client and the AP over the wireless link.
2. Access control: This function enforces the use of the authentication function, routes the
messages properly, and facilitates key exchange. It can work with a variety of
authentication protocols.
3. Privacy with message integrity: MAC-level data are encrypted along with a message
integrity code that ensures that the data have not been altered.

10. How is the concept of association related to that of mobility in wireless networks?

Ans: Association is to agree on a set of security capabilities to be used. It allows a mobile node
that has made a transition to identify itself to the access point (AP) within a basic service set
(BSS) so that the node can participate in data exchanges with other mobile nodes.

(10x3=30)

Part B

(Answer any one question from each module. Each question carries 14 Marks)

11. (a) Describe the requirements for a public-key certificate scheme. (8)

Ans: A public key certificate is a digitally signed document that serves to validate the sender's
authorization and name. It uses a cryptographic structure that binds a public key to an entity,
such as a user or organization. The digital document is generated and issued by a trusted third
party called a certification authority.

Public key certificates, which are also known as digital certificates, include the public key,
identity information about the owner and the name of the issuing certificate authority (CA). The
CA, a trusted third party, issues digital certificates that verify the identity of parties in an
exchange of information over the internet. A digital certificate provides assurance of a person's
identity, and the CA establishes that assurance by validating the identity of the person who
requests the certificate.

Following are the requirements for a public-key certificate scheme:

• Any participant can read a certificate to determine the name and public key of the
certificate’s owner.
• Any participant can verify that the certificate originated from the certificate authority
and is not counterfeit.
• Only the certificate authority can create and update certificates.
• Any participant can verify the currency of the certificate.

(b) Explain the significance of chain of certificates. (6)

Ans: If all users subscribe to the same CA, then there is a common trust of that CA. All user
certificates can be placed in the directory for access by all users. In addition, a user can transmit
his or her certificate directly to other users. In either case, once B is in possession of A's
certificate, B has confidence that messages it encrypts with A's public key will be secure from
eavesdropping and that messages signed with A's private key are unforgeable.

If there is a large community of users, it may not be practical for all users to subscribe to the
same CA. Because it is the CA that signs certificates, each participating user must have a copy of
the CA's own public key to verify signatures. This public key must be provided to each user in an
absolutely secure (with respect to integrity and authenticity) way so that the user has
confidence in the associated certificates. Thus, with many users, it may be more practical for
there to be a number of CAs, each of which securely provides its public key to some fraction of
the users.

Now suppose that A has obtained a certificate from certification authority X1 and B has
obtained a certificate from CA X2. If A does not securely know the public key of X2, then B's
certificate, issued by X2, is useless to A. A can read B's certificate, but A cannot verify the
signature. However, if the two CAs have securely exchanged their own public keys, the
following procedure will enable A to obtain B's public key:

1. A obtains, from the directory, the certificate of X2 signed by X1. Because A securely
knows X1's public key, A can obtain X2's public key from its certificate and verify it by
means of X1's signature on the certificate.
 2. A then goes back to the directory and obtains the certificate of B signed by X2 Because A
now has a trusted copy of X2's public key, A can verify the signature and securely obtain
B's public key.

A has used a chain of certificates to obtain B's public key. In the notation of X.509, this chain
isexpressed as

X1<<X2>> X2 <<B>>

In the same fashion, B can obtain A's public key with the reverse chain:

X2<<X1>> X1 <<A>>

This scheme need not be limited to a chain of two certificates. An arbitrarily long path of CAs
can be followed to produce a chain. A chain with N elements would be expressed as

X1<<X2>> X2 <<X3>>... XN<<B>>

In this case, each pair of CAs in the chain (Xi, Xi+1) must have created certificates for each
other.

All these certificates of CAs by CAs need to appear in the directory, and the user needs to know
how they are linked to follow a path to another user's public-key certificate. X.509 suggests that
CAs be arranged in a hierarchy so that navigation is straightforward.
 OR

12. (a) Specify the purpose of the X.509 standard. How is an X.509 certificate revoked? (8)

Ans:

Purpose of the X.509 standard

X.509 is part of the X.500 series of recommendations that define a directory service. The
directory is, in effect, a server or distributed set of servers that maintains a database of
information about users. The information includes a mapping from user name to network
address, as well as other attributes and information about the users.

X.509 defines a framework for the provision of authentication services by the X.500 directory to
its users. The directory may serve as a repository of public-key certificates. Each certificate
contains the public key of a user and is signed with the private key of a trusted certification
authority. In addition, X.509 defines alternative authentication protocols based on the use of
public-key certificates.

Fig: Public key certificate use

X.509 certificate revocation

X.509 certificates includes a period of validity, much like a credit card. Typically, a new
certificate is issued just before the expiration of the old one. In addition, it may be desirable on
occasion to revoke a certificate before it expires, for one of the following reasons:
 1. The user's private key is assumed to be compromised.
2. The user is no longer certified by this CA.
3. The CA's certificate is assumed to be compromised.

Each CA must maintain a list consisting of all revoked but not expired certificates issued by that
CA, including both those issued to users and to other CAs. These lists should also be posted on
the directory.

Each certificate revocation list (CRL) posted to the directory is signed by the issuer and includes
the issuer's name, the date the list was created, the date the next CRL is scheduled to be issued,
and an entry for each revoked certificate. Each entry consists of the serial number of a
certificate and revocation date for that certificate. Because serial numbers are unique within a
CA, the serial number is sufficient to identify the certificate.

When a user receives a certificate in a message, the user must determine whether the
certificate has been revoked. The user could check the directory each time a certificate is
received. To avoid the delays (and possible costs) associated with directory searches, it is likely
that the user would maintain a local cache of certificates and lists of revoked certificates.

(b) Describe the management functions of a PKI. What is a cross certificate? (6)

Ans: PKIX identifies a number of management functions that potentially need to be supported
by management protocols.
The management functions include the following:

1. Registration: This is the process whereby a user first makes itself known to a CA
(directly, or through an RA), prior to that CA issuing a certificate or certificates for that
user. Registration begins the process of enrolling in a PKI. Registration usually involves
some offline or online procedure for mutual authentication. Typically, the end entity is
issued one or more shared secret keys used for subsequent authentication.
2. Initialization: Before a client system can operate securely, it is necessary to install key
materials that have the appropriate relationship with keys stored elsewhere in the
infrastructure. For example, the client needs to be securely initialized with the public
key and other assured information of the trusted CA(s), to be used in validating
certificate paths.
3. Certification: This is the process in which a CA issues a certificate for a user's public key,
and returns that certificate to the user's client system and/or posts that certificate in a
repository.
4. Key pair recovery: Key pairs can be used to support digital signature creation and
verification, encryption and decryption, or both. When a key pair is used for
encryption/decryption, it is important to provide a mechanism to recover the necessary
decryption keys when normal access to the keying material is no longer possible,
otherwise it will not be possible to recover the encrypted data. Loss of access to the
decryption key can result from forgotten passwords/PINs, corrupted disk drives, damage
to hardware tokens, and so on. Key pair recovery allows end entities to restore their
encryption/decryption key pair from an authorized key backup facility (typically, the CA
that issued the End Entity's certificate).
5. Key pair update: All key pairs need to be updated regularly (i.e., replaced with a new
key pair) and new certificates issued. Update is required when the certificate lifetime
expires and as a result of certificate revocation.
6. Revocation request: An authorized person advises a CA of an abnormal situation
requiring certificate revocation. Reasons for revocation include private key compromise,
change in affiliation, and name change.
7. Cross certification: Two CAs exchange information used in establishing a cross-
certificate. A cross-certificate is a certificate issued by one CA to another CA that
contains a CA signature key used for issuing certificates.

13. (a) List the services provided by PGP and explain how authentication and confidentiality
are provided. (8)

Ans:

PGP services:

1. authentication through digital signature

2. confidentiality through symmetric block encryption
3. compression using the ZIP algorithm
 4. e-mail compatibility using the radix-64 encoding scheme
5. segmentation and reassembly to accommodate long e-mails.

PGP authentication

The sequence is as follows:

1. The sender creates a message.

2. SHA-1 is used to generate a 160-bit hash code of the message.
3. The hash code is encrypted with RSA using the sender's private key, and the result is
prepended to the message.
4. The receiver uses RSA with the sender's public key to decrypt and recover the hash
code.
5. The receiver generates a new hash code for the message and compares it with the
decrypted hash code. If the two match, the message is accepted as authentic.

The combination of SHA-1 and RSA provides an effective digital signature scheme. Because of
the strength of RSA, the recipient is assured that only the possessor of the matching private key
can generate the signature. Because of the strength of SHA-1, the recipient is assured that no
one else could generate a new message that matches the hash code and, hence, the signature
of the original message.

PGP confidentiality
Confidentiality is provided by encrypting messages to be transmitted or to be stored locally as
files. In both cases, the symmetric encryption algorithm CAST-128 may be used. Alternatively,
IDEA or 3DES may be used. The 64-bit cipher feedback (CFB) mode is used.

The sequence follows:

1. The sender generates a message and a random 128-bit number to be used as a session
key for this message only.
2. The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA, using the recipient's public key, and is prepended
to the message.
 4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.

(b) Explain the functionalities provided by S/MIME. (6)

Ans: S/MIME provides the following functions:

1. Enveloped data: This consists of encrypted content of any type and encrypted-content
encryption keys for one or more recipients.
2. Signed data: A digital signature is formed by taking the message digest of the content to
be signed and then encrypting that with the private key of the signer. The content plus
signature are then encoded using base64 encoding. A signed data message can only be
viewed by a recipient with S/MIME capability.
3. Clear-signed data: As with signed data, a digital signature of the content is formed.
However, in this case, only the digital signature is encoded using base64. As a result,
recipients without S/MIME capability can view the message content, although they
cannot verify the signature.
4. Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so
that encrypted data may be signed and signed data or clear-signed data may be
encrypted.

OR

14. (a) Give the format of a PGP message and specify the significance of each field in the
message. (8)

Ans:
The message component includes the actual data to be stored or transmitted, as well as a
filename and a timestamp that specifies the time of creation.

The signature component includes the following:

• Timestamp: The time at which the signature was made.

• Message digest: The 160-bit SHA-1 digest, encrypted with the sender's private signature
key. The digest is calculated over the signature timestamp concatenated with the data
portion of the message component. The inclusion of the signature timestamp in the
digest assures against replay types of attacks. The exclusion of the filename and
timestamp portions of the message component ensures that detached signatures are
 exactly the same as attached signatures prefixed to the message. Detached signatures
are calculated on a separate file that has none of the message component header fields.
• Leading two octets of message digest: To enable the recipient to determine if the
correct public key was used to decrypt the message digest for authentication, by
comparing this plaintext copy of the first two octets with the first two octets of the
decrypted digest. These octets also serve as a 16-bit frame check sequence for the
message.
• Key ID of sender's public key: Identifies the public key that should be used to decrypt
the message digest and, hence, identifies the private key that was used to encrypt the
message digest.

The message component and optional signature component may be compressed using ZIP and
may be encrypted using a session key.

The session key component includes the session key and the identifier of the recipient's public
key that was used by the sender to encrypt the session key.

The entire block is usually encoded with radix-64 encoding.

(b) Explain the enhanced security services provided in S/MIME. (6)

Ans: The three enhanced security services provided in S/MIME are as follows:

1. Signed receipts: A signed receipt may be requested in a SignedData object. Returning a

signed receipt provides proof of delivery to the originator of a message and allows the
originator to demonstrate to a third party that the recipient received the message. In
essence, the recipient signs the entire original message plus original (sender's) signature
and appends the new signature to form a new S/MIME message.
2. Security labels: A security label may be included in the authenticated attributes of a
SignedData object. A security label is a set of security information regarding the
sensitivity of the content that is protected by S/MIME encapsulation. The labels may be
used for access control, by indicating which users are permitted access to an object.
Other uses include priority (secret, confidential, restricted, and so on) or role based,
describing which kind of people can see the information (e.g., patient's health-care
team, medical billing agents, etc.).
3. Secure mailing lists: When a user sends a message to multiple recipients, a certain
amount of per-recipient processing is required, including the use of each recipient's
public key. The user can be relieved of this work by employing the services of an
S/MIME Mail List Agent (MLA). An MLA can take a single incoming message, perform the
recipient-specific encryption for each recipient, and forward the message. The
originator of a message need only send the message to the MLA, with encryption
performed using the MLA's public key.

15. (a) Explain the parameters that identify an SSL session state. (8)
Ans: A session state is defined by the following parameters:

1. Session identifier: An arbitrary byte sequence chosen by the server to identify an active
or resumable session state.
2. Peer certificate: An X509.v3 certificate of the peer. This element of the state may be
null.
3. Compression method: The algorithm used to compress data prior to encryption.
4. Cipher spec: Specifies the bulk data encryption algorithm (such as null, AES, etc.) and a
hash algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines
cryptographic attributes such as the hash_size.
5. Master secret: 48-byte secret shared between the client and server.
6. Is resumable: A flag indicating whether the session can be used to initiate new
connections.

(b) Differentiate between transport mode and tunnel mode in IPSec. (6)

Ans:

Transport mode is used for end-to-end communication between two hosts

Tunnel mode is used when one or both ends of an SA are a security gateway, such as a firewall
or router that implements IPSec.

OR

16. (a) The IPsec architecture document states that when two transport mode SAs are
bundled to allow both AH and ESP protocols on the same end-to-end flow, only one ordering
of security protocols seems appropriate: performing the ESP protocol before performing the
AH protocol. Why is this approach recommended rather than authentication before
encryption? (8)
Ans: The AH protocol provides a mechanism for authentication only. AH provides data integrity,
data origin authentication, and an optional replay protection service. Data integrity is ensured
by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-SHA.
Data origin authentication is ensured by using a shared secret key to create the message digest.
Replay protection is provided by using a sequence number field with the AH header. AH
authenticates IP headers and their payloads, with the exception of certain header fields that
can be legitimately changed in transit, such as the Time To Live (TTL) field.

The ESP protocol provides data confidentiality (encryption) and authentication (data integrity,
data origin authentication, and replay protection). ESP can be used with confidentiality only,
authentication only, or both confidentiality and authentication. When ESP provides
authentication functions, it uses the same algorithms as AH, but the coverage is different. AH-
style authentication authenticates the entire IP packet, including the outer IP header, while the
ESP authentication mechanism authenticates only the IP datagram portion of the IP packet.

When two transport mode Security Associations (SAs) are bundled in IPsec, the order of
operations is typically ESP (Encapsulating Security Payload) followed by AH (Authentication
Header). The reason ESP is performed before AH when bundling transport mode SAs is to
ensure the confidentiality of the payload before applying integrity protection.

ESP provides encryption and confidentiality: When ESP is applied first, it encrypts the payload
of the IP packet, ensuring that the actual data being transmitted is protected from
unauthorized access and interception. ESP encapsulates the payload, adding a new ESP header
and encrypting the payload using cryptographic algorithms.

AH provides integrity and authentication: After ESP has encrypted the payload, AH is applied.
AH calculates a hash value (authentication tag) over the entire IP packet, including the ESP
header and the encrypted payload. This hash value provides integrity protection, ensuring that
the packet has not been modified during transmission. AH also provides authentication by
verifying the source of the packet.

By performing ESP before AH, the integrity protection provided by AH encompasses the
entire IP packet, including the encrypted payload. If AH were applied before ESP, the integrity
protection would only cover the original IP packet, and the payload would remain
unencrypted and vulnerable to eavesdropping.

(b) List and explain the purpose each Alert Codes supported by SSL. (6)

Ans:

Fatal alerts

1. unexpected_message: An inappropriate message was received.

2. bad_record_mac: An incorrect MAC was received.

3. decompression_failure: The decompression function received improper input

4. handshake_failure: Sender was unable to negotiate an acceptable set of security

parameters given the options available.

5. illegal_parameter: A field in a handshake message was out of range or inconsistent with

other fields.

Warning alerts

1. close_notify: Notifies the recipient that the sender will not send any more messages on this
connection.

2. no_certificate: May be sent in response to a certificate request if no appropriate certificate

is available.

3. bad_certificate: A received certificate was corrupt

4. unsupported_certificate: The type of the received certificate is not supported.

5. certificate_revoked: A certificate has been revoked by its signer.

6. certificate_expired: A certificate has expired.

7. certificate_unknown: Some other unspecified issue arose in processing the certificate,

rendering it unacceptable.

17. (a) Illustrate the significance of perfect forward secrecy. (6)

Ans:

Perfect Forward Secrecy(PFS)

A protocol is said to have Perfect Forward Secrecy(PFS) if it is impossible for an eavesdropper

(Sam) to decrypt a conversation between Alice and Bob, even if Sam records the entire
encrypted session, and then subsequently breaks into both Alice and Bob and steals their long-
term secrets.

In short, it is impossible for attacker to decrypt a recorded conversation even after

subsequently stealing all parties’ long-term secrets.

To achieve PFS:

• Generate a temporary session key not derivable from information stored at the nodes
and

• Forget the key after the session concludes.

 • For long sessions, generate and forget keys periodically.

Implementation example: Protocol 16-2

Uses Diffie-Hellman key exchange

Step 1 : Each side identifies itself , and supplies a Diffie-Hellman value signed by its
private key. Signing is performed to prevent Man-in-the-Middle attack.

Step 2 : Each side proves knowledge of agreed-upon values by sending a hash of it.

Each side forgets hash value and Diffie-Hellman values a and b after this session.

(b) Explain the key features provided by SET. (8)

Ans: SET incorporates the following features:

1. Confidentiality of information: Cardholder account and payment information is secured

as it travels across the network. An interesting and important feature of SET is that it
prevents the merchant from learning the cardholder's credit card number; this is only
provided to the issuing bank. Conventional encryption by DES is used to provide
confidentiality.
2. Integrity of data: Payment information sent from cardholders to merchants includes
order information, personal data, and payment instructions. SET guarantees that these
message contents are not altered in transit. RSA digital signatures, using SHA-1 hash
codes, provide message integrity. Certain messages are also protected by HMAC using
SHA-1.
3. Cardholder account authentication: SET enables merchants to verify that a cardholder
is a legitimate user of a valid card account number. SET uses X.509v3 digital certificates
with RSA signatures for this purpose.
4. Merchant authentication: SET enables cardholders to verify that a merchant has a
relationship with a financial institution allowing it to accept payment cards. SET uses
X.509v3 digital certificates with RSA signatures for this purpose.
 OR

18. (a) List and explain the SSH protocols. (8)

Ans:

SSH(Seure Shell)

SSH is organized as three protocols that typically run on top of TCP

➢ Transport Layer Protocol: Provides server authentication, data confidentiality, and data
integrity with forward secrecy. The transport layer may optionally provide compression.

➢ User Authentication Protocol: Authenticates the user to the server.

➢ Connection Protocol: Multiplexes multiple logical communications channels over a

single underlying SSH connection.

1.Transport Layer Protocol

Packet exchange begins after establishing a TCP connection

Data is exchanged in 5 steps

1. identification string exchange,
2. algorithm negotiation,
3. key exchange,
4. end of key exchange,
5. service request
2.User Authentication Protocol

The message exchange during authentication involves the following steps.

1. The client sends a REQUEST message.

2. The server checks if the user name is valid.

⚫ If not, the server returns FAILURE with the partial success value of false.

⚫ If the user name is valid, the server proceeds to step 3.

3. The server returns FAILURE with a list of one or more authentication methods to be
used.

4. The client selects one of the acceptable authentication methods and sends a REQUEST
message with selected method and its parameters.

5. Has 2 choice:

⚫ If the authentication succeeds and more authentication methods are required,

the server proceeds to step 3, using a partial success value of true.

⚫ If the authentication fails, the server proceeds to step 3, using a partial success
value of false.

6. When all required authentication methods succeed, the server sends a SUCCESS
message, and the Authentication Protocol is over.

3.Connection Protocol
 3 stages:

1. Opening a channel
2. Data transfer
3. Closing a channel

(b) “The HTTPS capability is built into all modern web browsers”. Justify. (6)

Ans: HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to imple- ment secure
communication between a Web browser and a Web server. The HTTPS capability is built into all
modern Web browsers. Its use depends on the Web server supporting HTTPS communication.
For example, search engines do not support HTTPS.

The principal difference seen by a user of a Web browser is that URL addresses begin with
http:// rather than http://. A normal HTTP connection uses port 80. If HTTPS is specified, port
443 is specified, which invokes SSL.

When HTTPS is used, the following elements of the communication are encrypted:

• URL of the requested document

• Contents of the document
• Contents of browser forms (filled in by browser user)
• Cookies sent from browser to server and from server to browser
• Contents of HTTP header
19. (a) Explain the phases of operations in IEEE 802.11i. (8)

Ans:

IEEE 802.11i operation can be broken down into five distinct phases of operation

1. Discovery: AP uses messages called Beacons and Probe Responses to advertise its
IEEE802.11i security policy. STA uses these to identify AP for a WLAN with which it
wishes to communicate. STA associates AP, which it uses to select the cipher suite and
authentication mechanism when Beacons and Probe Responses present a choice.
2. Authentication: STA and AS prove their identities to each other. AP blocks non-
authentication traffic between STA and AS until the authentication transaction is
successful. AP does not participate in the authentication transaction other than
forwarding traffic between STA & AS.
3. Key generation and distribution: AP and STA perform several operations that cause
cryptographic keys to be generated and placed on AP and STA. Frames are exchanged
between AP and STA only
4. Protected data transfer: Frames are exchanged between STA and end station through
AP. As denoted by the shading and the encryption module icon, secure data transfer
occurs between STA and AP only; security is not provided end-to-end.
5. Connection termination: AP and STA exchange frames. During this phase, the secure
connection is torn down and the connection is restored to the original state.

Discovery and Authentication Phases

The Discovery phase is for an STA and an AP to recognize each other, agree on a set of security
capabilities, and establish an association for future communication. It consists of three
exchanges: Network and security capability discovery, Open system authentication, and
Association.

The authentication phase enables mutual authentication between an STA and an

authentication server (AS) located in the DS. Authentication is designed to allow only
authorized stations to use the network and to provide the STA with assurance that it is
communicating with a legitimate network.
Key Management Phase

4-way handshake exchange MPDU for distributing pairwise keys. STA and SP confirm the
existence of the PMK, verify the selection of the cipher suite, and derive a fresh PTK for the
following data session. For group key distribution, the AP generates a GTK and distributes it to
each STA in a multicast group.
Protected Data Transfer Phase

Two schemes for protecting data :

1.Temporal Key Integrity Protocol (TKIP)

• s/w changes only to older WEP

• Adds 64-bit Michael message integrity code (MIC)
• Encrypts MPDU plus MIC value using RC4

2.Counter Mode-CBC MAC Protocol (CCMP)

• Uses the cipher block chaining message authentication code (CBC-MAC) for integrity
 • Uses the CRT block cipher mode of operation

(b) Give the significances of Encrypted Tunnels (6)

Ans: An Encrypted Tunnel provides endpoint-to-endpoint connections across a hybrid network

without opening firewall rules in an enterprise network. It allows access between different
networks through TCP over HTTPS technology.

The traffic through these connections is encrypted with HTTPS. An Encrypted Tunnel can
control access to resources between different networks, with more granular control, and collect
all the operations and traffic logins in audit records.

It is not necessary to modify any access rules and firewall configuration between existing
infrastructure if you use an Encrypted Tunnel. It is like a traditional VPN, bridging two networks
between the Encrypted Tunnel server and the Encrypted Tunnel Connector.

Architecture

OR

20. (a) Compare the features of three types of firewalls. (8)

Ans:
(b) Compare the Wireless LAN protocols WEP, WPA and WPA2 (6)
Ans:
WEP—The first Wi-Fi Security Protocol

WEP stands for Wired Equivalent Privacy, and it was the first Wi-Fi security protocol approved
in September 1999. It was initially expected to deliver the same security level as wired
networks. A secondary function of WEP is said to prevent unauthorized access to a wireless
network. However, it has been found that WEP is not as secure as desired. WEP is used at the
two lowest layers of the OSI model – the data link and physical layers; it therefore does not
offer end-to-end security. Nevertheless, at that time, cryptographic technology was restricted
and the Wi-Fi devices were limited to 64-bit encryption. Even though the limitation was broken
through and increased to 128-bit, there were also many security issues in WEP that made the
keys easy to crack. Therefore, WEP, as a highly vulnerable wireless security protocol that can
not bear its responsibility for protecting security, was finally replaced by WPA.

WPA—Temporary Enhancement for WEP

In 2003, as WEP gradually performed its weakness, WPA was adopted by the Wi-Fi Alliance as
an alternative for WEP. 256-bit encryption technology was introduced to WPA, which is an
obvious increase compared with the 64-bit and 128-bit encryption in the WEP system. In the
WPA standard, there is a diversity between the two modes: WPA-Enterprise and WPA-Personal,
which use different encryption methods. WPA-Personal is a common method to secure wireless
networks, and it is suitable for most home networks. WPA-Enterprise provides the security
needed for wireless networks in business environments where a RADIUS server is deployed.

WPA2—Improvement Based on WPA

WPA2 was ratified as the new Wi-Fi security standard in 2004. The most significant
improvement in the WPA2 security standard is the implementation of the Advanced Encryption
Standard (AES), which provides higher security and performance. There is still a vulnerability
that brings security problems because a hacker can get access to a secured WPA2 network and
get access to certain keys to attack other devices on the same network. It is a security issue that
matters for enterprise networks, instead of home network users.