21IS71 SIMP with Answers – TIE SIMP 2025

Module- 01 SIMP Questions with Answers

1. Definitions/Explanations:

(i) Caesar Cipher:

 A substitution cipher that shifts each letter in the plaintext by a fixed number of
positions in the alphabet.

 Example: For a shift of 3, "HELLO" becomes "KHOOR".

(ii) Cryptography:

 The science of securing information through encryption, ensuring confidentiality,

integrity, and authenticity.

(iii) Cryptology:

 The broader field that encompasses cryptography (creating secure systems)

and cryptanalysis (breaking them).

(iv) Cryptanalysis:

 The study and practice of breaking cryptographic systems and deciphering

encrypted data without access to the key.

2. Di erences:

(i) Stream vs. Block Ciphers:

 Stream Ciphers: Encrypt data one bit/byte at a time (e.g., RC4).

 Block Ciphers: Encrypt data in fixed-size blocks (e.g., AES with 128-bit blocks).

(ii) Di usion vs. Confusion:

 Di usion: Spreads plaintext bits throughout ciphertext to hide the structure

(e.g., shifting and mixing operations).

 Confusion: Obscures the relationship between plaintext, ciphertext, and the key
(e.g., substitution techniques).

(iii) Symmetric vs. Asymmetric Cipher Systems:

 Symmetric: Single key for encryption and decryption (e.g., AES, DES).
  Asymmetric: Uses a key pair (public and private) for encryption and decryption
(e.g., RSA, ECC).

3. Playfair Cipher:

 A digraph substitution cipher that encrypts pairs of letters.

 Rules:

1. Create a 5x5 matrix using a keyword, filling in remaining letters of the

alphabet.

2. Replace pairs of letters based on their position in the matrix.

 Same row: Replace with letters to the right.

 Same column: Replace with letters below.

 Rectangle: Replace with opposite corners.

3. Insert filler letters for repeated letters or odd-length plaintext.

Example:
Keyword: "MONARCHY"
Plaintext: "BALLOON" → "BA LX LO ON" → Ciphertext: "IB MN MT UN"

4. Hill Cipher Technique:

 Encryption: Use matrix multiplication.

1. Represent plaintext as numerical values (A=0, B=1, etc.).

2. Divide into blocks matching the key matrix size.

3. Multiply key matrix with plaintext blocks and take modulo 26.

 Decryption: Multiply ciphertext by the inverse of the key matrix modulo 26.

5. Feistel and Traditional Block Cipher Structures:

Feistel Structure:

 Divides plaintext into two halves.

 Applies encryption in multiple rounds using a round function, swapping halves

after each round.
  Decryption is symmetric, reusing the same structure.

Traditional Block Cipher:

 Uses non-Feistel designs with direct substitution-permutation networks for

encryption.

 Example: Advanced Encryption Standard (AES).

6. Symmetric Cipher Model:

 Components:

o Plaintext, Encryption Algorithm, Secret Key, Ciphertext, Decryption

Algorithm.

 Process:

1. Encrypt plaintext using a secret key.

2. Transmit ciphertext.

3. Decrypt using the same key to retrieve plaintext.

Diagram:

[ Plaintext ] --> [ Encryption Algorithm + Key ] --> [ Ciphertext ] --> [ Decryption Algorithm
+ Key ] --> [ Plaintext ]

7. Substitution and Transposition:

Substitution:

 Replaces elements of plaintext with other elements (e.g., Caesar,

Monoalphabetic).

 Focus: Confusion.

Transposition:

 Rearranges the positions of plaintext elements without changing their identity

(e.g., Rail Fence Cipher).

 Focus: Di usion.

Module- 03 SIMP Questions with Answers

1. Symmetric Key Distribution:

(i) Symmetric Encryption:

 A shared key is distributed securely between sender and receiver.

 Methods:

1. Physical Delivery: Exchange keys in person or via a trusted courier.

2. Pre-shared Keys: Keys are distributed before communication begins.

(ii) Asymmetric Encryption:

 A public key encrypts the symmetric key, which is sent to the receiver.

 The receiver decrypts it using their private key.

 Example: RSA-based key exchange.

2. Analog of Di ie-Hellman Key Exchange:

 Allows two parties to compute a shared secret over an insecure channel without
transmitting the secret itself.

Diffie-Hellman: A Short Analogy

Imagine mixing paints with a friend across a crowded room:

1. Public Color: You both agree on a common color (like yellow).

2. Secret Colors: You each secretly choose a different color.
3. Mix and Exchange: Mix your secret color with the public color and tell each
other the result.
4. Mix Again: Mix the color you received with your original secret color.
Surprise! You both end up with the same final color, even though you never
revealed your secret colors directly. This is your shared secret.

Diffie-Hellman uses math to do something similar with numbers, allowing you to

create a shared secret key without actually sending it over an insecure channel.

3. Notes:

(i) Abelian Groups and Elliptic Curve Cryptography (ECC):

  Abelian Group: A set with an associative binary operation, an identity element,
and inverses, where the operation is commutative.

 ECC: Uses points on elliptic curves for cryptography. O ers strong security with
smaller keys compared to RSA.

(ii) Key Distribution Scenario:

 Keys can be distributed using centralized Key Distribution Centers (KDCs), Public
Key Infrastructure (PKI), or peer-to-peer methods.

(iii) Issues with KDC:

 Single point of failure.

 Scalability challenges with large networks.

 Potential security breaches compromising all keys.

4. Techniques of Public Key Distribution:

1. Public Key Infrastructure (PKI): Uses digital certificates issued by trusted

Certificate Authorities (CAs).

2. Public Announcement: Publish keys in a directory or broadcast them publicly

(less secure).

3. Key Servers: Centralized servers store and distribute public keys.

4. Web of Trust: Decentralized trust model (used in PGP).

5. Pseudo-Random Number Generation (PRNG) based on RSA:

 Process:

1. Select two large primes pp and qq, compute n=p×qn = p \times q.

2. Choose an initial seed x0x_0.

3. Generate a sequence: xi+1=(xi2)mod nx_{i+1} = (x_i^2) \mod n.

 Diagram:

[ Seed (x0) ] --> [ Squaring + Mod n ] --> [ PRNG Output Sequence ]

6. Simple Problems on Elliptic Curve Arithmetic:

Problem 1: Point Addition

 Elliptic Curve: y² = x³ - 7x + 10

 Points: P = (1, 2) and Q = (3, 4)

Find: R = P + Q

Solution:

1. Find the slope (λ) of the line PQ: λ = (y₂ - y₁) / (x₂ - x₁) = (4 - 2) / (3 - 1) = 1

2. Calculate the coordinates of R (x₃, y₃): x₃ = λ² - x₁ - x₂ = 1² - 1 - 3 = -3 y₃ = λ(x₁ - x₃)

- y₁ = 1(1 - (-3)) - 2 = 2

3. Therefore, R = P + Q = (-3, 2)

Problem 2: Point Doubling

 Elliptic Curve: y² = x³ - 7x + 10

 Point: P = (1, 2)

Find: R = 2P

Solution:

1. Find the slope (λ) of the tangent line at P: λ = (3x₁² + a) / (2y₁) = (3(1)² - 7) / (2 * 2)
= -1

2. Calculate the coordinates of R (x₃, y₃): x₃ = λ² - 2x₁ = (-1)² - 2(1) = -1 y₃ = λ(x₁ - x₃) -
y₁ = -1(1 - (-1)) - 2 = -4

3. Therefore, R = 2P = (-1, -4)

Problem 3: Scalar Multiplication (using a smaller scalar for simplicity)

 Elliptic Curve: y² = x³ - 7x + 10

 Point: P = (1, 2)

 Scalar: k = 3

Find: Q = kP = 3P

Solution:

1. Calculate 2P: (We already did this in Problem 2: 2P = (-1, -4))

2. Calculate 3P = P + 2P:

o Find the slope (λ) of the line through P (1, 2) and 2P (-1, -4): λ = (-4 - 2) / (-1 -
1) = 3
 o Calculate the coordinates of 3P (x₃, y₃): x₃ = λ² - x₁ - x₂ = 3² - 1 - (-1) = 9 y₃ =
λ(x₁ - x₃) - y₁ = 3(1 - 9) - 2 = -26

3. Therefore, Q = 3P = (9, -26)

Important Notes:

 These examples use a simple elliptic curve over real numbers.

 In real-world cryptography, elliptic curves are defined over finite fields for
security and e iciency reasons.

 The formulas for point addition and doubling can be more complex depending on
the specific curve and field.

 E icient algorithms exist for scalar multiplication (like the "double-and-add"

method) to avoid repeated addition.

7. Elliptic Curve over Real Numbers:

 Elliptic Curves Over Real Numbers: A Visual and Conceptual Guide

 Imagine a curve gracefully flowing on a graph, symmetrically balanced about the

x-axis. This could be an elliptic curve over real numbers.

 Equation:

 These curves are defined by a simple-looking yet powerful equation:

 y² = x³ + ax + b

 where:

 x and y are real numbers (any point on the x-y plane)

 a and b are real constants that determine the curve's shape.

 4a³ + 27b² ≠ 0 This condition ensures the curve is smooth and doesn't have any
sharp points or self-intersections.

 Visualizing the Curve:

 Symmetry: The curve is symmetric about the x-axis. If the point (x, y) lies on the
curve, so does (x, -y).

 Components: Typically, the curve has two distinct parts:

 A closed loop, like an oval or a stretched circle.

 An open-ended branch that extends to infinity in both directions.

 Why are they important in cryptography?

 Group Structure: The points on an elliptic curve, together with a special "point
at infinity" (think of it as a point infinitely far away), form a mathematical
structure called an Abelian group. This means you can "add" points together in a
specific way that follows certain rules.

 Discrete Logarithm Problem: One of the fundamental security properties of

elliptic curves is the di iculty of the "discrete logarithm problem." In simple
terms, if you have two points P and Q on the curve, it's computationally hard to
find an integer k such that Q = kP (where kP means adding P to itself k times).
This di iculty is the foundation of many cryptographic applications.

 Example:

 The curve y² = x³ - 4x is an elliptic curve over real numbers. You can plot it to see
its shape.

Module- 02 SIMP Questions with Answers

1. Public Key Cryptosystems

Public key cryptosystems, also known as asymmetric cryptography, use a pair of

keys: a public key and a private key. The public key can be freely distributed,
while the private key must be kept secret.1 This system enables:

 Encryption: Anyone can encrypt a message using the recipient's public key, but
only the recipient with the corresponding private key can decrypt2 it.

 Digital Signatures: A sender can create a digital signature using their private key,
and anyone can verify the signature using the sender's public key. This ensures
authenticity and non-repudiation.

Key Advantages:

 Key Distribution: Solves the key distribution problem of symmetric cryptography

by eliminating the need for a secure channel to share secret keys.

 Scalability: Suitable for securing communication in large networks as each user

only needs to manage one key pair.

 Authentication and Non-repudiation: Digital signatures provide strong

authentication and prevent senders from denying their actions.

2. Examples
 i) RSA

 Key Generation:

o Choose two large prime numbers, p and q.

o Calculate n = p * q and φ(n) = (p-1) * (q-1).

o Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1.

o Calculate d3 such that d * e ≡ 1 (mod φ(n)).

o Public key: (n, e)

o Private key: d

 Encryption: Ciphertext (C) = M^e mod n (where M is the message)

 Decryption: Message (M) = C^d mod n

Example:

Let p = 11, q = 13. Then n = 143, φ(n) = 120. Choose e = 7, then d = 103.

 To encrypt M = 9, C = 9⁷ mod 143 = 48.

 To decrypt C = 48, M = 48¹⁰³ mod 143 = 9.

ii) Di ie-Hellman Key Exchange

 Steps: (As explained in the previous response with the paint analogy)

Example:

1. p = 23, g = 5 (publicly agreed)

2. Alice's private key (a) = 6, Bob's private key (b) = 15

3. Alice computes A = 5⁶ mod 23 = 8 Bob computes B =

5¹⁵ mod 23 = 19

4. They exchange A and B.

5. Alice computes S = 19⁶ mod 23 = 2 Bob computes S =

8¹⁵ mod 23 = 2

Now both have the shared secret key S = 2.

3. Man-in-the-Middle Attack

A man-in-the-middle (MITM) attack occurs when an attacker intercepts

communication between two parties and impersonates each party to the other.
 In Di ie-Hellman: The attacker can establish separate shared keys with both
parties, e ectively controlling the communication and potentially stealing
information.

 Mitigation: Using authentication mechanisms like digital signatures or

certificates to verify the identities of the parties involved.

4. ElGamal Cryptosystem

ElGamal is a public key cryptosystem based on the discrete logarithm problem.

 Key Generation:

o Choose a large prime p and a generator g of the cyclic group

o Choose a random integer x (private key).

o Calculate y = g^x mod p (public key).

 Encryption:

o Choose a random integer k.

o Compute c₁ = g^k mod p and c₂ = M * y^k mod p

(where M is the message).

o Ciphertext: (c₁, c₂)

 Decryption:

o Compute M = c₂ * (c₁^x)^-1 mod p

5. Problems on RSA and Di ie-Hellman

 RSA:

o Given n = 35, e = 5, and ciphertext C = 10, find the plaintext message M.

o Choose two prime numbers and demonstrate the RSA encryption and
decryption process.

 Di ie-Hellman:

o Given p = 17, g = 3, Alice's public key A = 10, and Bob's public key B = 13,
calculate the shared secret key.

6. Secure Communication with Symmetric Cipher

1. Encryption (Alice):

o Use the shared secret key to encrypt the message using the agreed-upon
symmetric cipher (e.g., AES).
 o Send the encrypted message to Bob.

2. Decryption (Bob):

o Receive the encrypted message from Alice.

o Use the same shared secret key to decrypt the message using the same
symmetric cipher.

Important: The security relies on the secrecy of the shared key. If Eve obtains the
key, she can decrypt the message.

Module- 04 SIMP Questions with Answers

1. Email Security Concepts

(i) Email Threats

Email is susceptible to various threats, including:

 Spam: Unsolicited bulk emails.

 Phishing: Deceptive emails aiming to steal sensitive information.

 Malware: Emails carrying malicious attachments or links.

 Spoofing: Forging sender addresses to mislead recipients.

 Eavesdropping: Interception of emails to gain unauthorized access to

information.

(ii) S/MIME Certificate Processing

S/MIME (Secure/Multipurpose Internet Mail Extensions) uses X.509 certificates

for encryption and digital signatures.

 Certificate Retrieval: When receiving a signed or encrypted email, the

recipient's email client retrieves the sender's certificate.

 Certificate Validation: The client verifies the certificate's validity, including:

o Trust Chain: Ensuring the certificate is issued by a trusted Certificate

Authority (CA).

o Revocation Status: Checking if the certificate has been revoked.

o Validity Period: Confirming the certificate is within its valid date range.

 Key Extraction: If valid, the sender's public key is extracted from the certificate
for encryption or signature verification.
 (iii) DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method that allows the sender to digitally sign
their emails.

 Purpose: To verify that the email originated from the claimed sender and hasn't
been tampered with in transit.

 Mechanism: A public key is published in the sender's DNS records. The recipient
verifies the signature using this key.

(iv) MIME (Multipurpose Internet Mail Extensions)

MIME is an internet standard that extends the format of email to support:

 Text in character sets other than ASCII.

 Non-text attachments:1 Images, audio, video, etc.

 Message bodies with multiple parts.

2. Public Key Infrastructure (PKI)

[Image of a diagram showing the key components of a PKI system, including:

 Certificate Authority (CA): Issues and manages digital certificates.

 Registration Authority (RA): Verifies the identity of certificate applicants.

 Certificate Repository: Stores and distributes certificates.

 End User: Obtains and uses certificates for secure communication.]

3. DKIM Functional Flow

1. Sender-Side:

o The sender's email server generates a hash of the email content.

o The hash is encrypted with the sender's private key (associated with their
domain).

o The encrypted hash (signature) is added to the email header.

2. Recipient-Side:

o The recipient's email server retrieves the sender's public key from the
DNS record.

o The server decrypts the signature using the public key.

o The server generates its own hash of the received email content.
 o The two hashes are compared. If they match, the email is authenticated.

Justification:

 Authenticity: Ensures the email truly came from the claimed sender.

 Integrity: Verifies that the email content hasn't been modified.

 Non-repudiation: The sender cannot deny sending the email.

4. Kerberos

Kerberos is a network authentication protocol that allows users to securely

access services on a network.

Overview:

 Key Distribution Center (KDC): A trusted server that issues tickets for
authentication.

 Authentication Server (AS): Authenticates users and issues Ticket Granting

Tickets (TGTs).

 Ticket Granting Server (TGS): Issues service tickets based on TGTs.

Di erences between Kerberos 4 and 5:

Feature Kerberos 4 Kerberos 5

More flexible, supports

Encryption DES other encryption
algorithms

Ticket Lifetime Limited Renewable tickets

Supports other
Password-
Authentication authentication
based only
mechanisms

5. X.509 Certificate Format

 :

 Version: Version of the X.509 standard.

 Serial Number: Unique identifier of the certificate.

 Issuer: Name of the CA that issued the certificate.

 Validity: Start and end dates of the certificate's validity.

 Subject: Entity to which the certificate is issued.

 Subject Public Key Info: Public key and algorithm information.

 Issuer Unique Identifier (optional): Unique identifier of the issuer.

 Subject Unique Identifier (optional): Unique identifier of the subject.

 Extensions (optional): Additional information about the certificate.

 Signature Algorithm: Algorithm used to sign the certificate.

 Signature: Digital signature of the CA.]

6. Internet Mail Architecture

[Image of a diagram showing the key components of the internet mail

architecture, including:

 Mail User Agent (MUA): Email client used to compose, send, and receive emails.

 Mail Submission Agent (MSA): Sends emails from the MUA to the MTA.
 Mail Transfer Agent (MTA): Relays emails between servers using SMTP.

 Mail Delivery Agent (MDA): Delivers emails to the recipient's mailbox.

 Mailbox: Stores emails for the recipient.]

7. PGP Confidentiality and Authentication

PGP (Pretty Good Privacy) provides:

 Confidentiality:

o Uses symmetric encryption (e.g., AES) to encrypt the message.

o Uses public key encryption to encrypt the symmetric key, which is then
sent with the message.

 Authentication:

o Creates a digital signature of the message using the sender's private key.

o The recipient verifies the signature using the sender's public key.

8. Remote User Authentication Principles

Remote user authentication verifies the identity of a user attempting to access a

system from a remote location. Key principles include:

 Something you know: Passwords, PINs, security questions.

 Something you have: Tokens, smart cards, mobile devices.

 Something you are: Biometric authentication (fingerprint, facial recognition).

 Multi-factor authentication (MFA): Combining two or more factors for stronger

security.

 Strong password policies: Enforcing complex and unique passwords.

 Secure communication channels: Using protocols like SSL/TLS to protect

authentication data during transmission.
 Module- 05 SIMP Questions with Answers

1. IPsec Overview

 IPsec (Internet Protocol Security) is a suite of protocols that secure

communication at the network layer (IP layer) by providing:

 Confidentiality: Encrypts IP packets to prevent eavesdropping.

 Integrity: Ensures data hasn't been tampered with during transmission.

 Authentication: Verifies the sender's identity.

 Benefits:

 Strong Security: Provides robust protection for data in transit.

 Widely Applicable: Can be used to secure various types of IP tra ic, including
VPNs.

 Flexible: Supports di erent encryption and authentication algorithms.

 Transparent to Applications: No changes are required to applications to use

IPsec.

 Categories of IPsec Documents:

 IPsec is defined in a series of RFCs (Request for Comments). The main
categories include:

 Architecture: Overall framework and concepts (e.g., RFC 4301).

 Authentication Header (AH): Provides integrity and authentication (e.g., RFC

4302).

 Encapsulating Security Payload (ESP): Provides confidentiality, integrity, and

authentication (e.g., RFC 4303).

 Internet Key Exchange (IKE): Establishes security associations (SAs) (e.g., RFC
7296).

2. IPsec Processing Model

 Outbound:

 Identify Security Policy: Determine if IPsec needs to be applied based on policy

rules.

 Acquire Security Association (SA): Retrieve the relevant SA (which contains

security parameters like encryption keys and algorithms).

 Apply IPsec Processing: Encrypt, authenticate, or both, based on the SA.

 Transmit Packet: Send the processed packet.

 Inbound:

 Receive Packet: Receive the IPsec-protected packet.

 Identify SA: Determine the corresponding SA based on the packet header.

 Apply IPsec Processing: Decrypt, verify authentication, or both.

 Deliver Packet: Deliver the processed packet to the upper layer.

 3. ESP Packet Format

 Security Parameters Index (SPI): Identifies the SA.

 Sequence Number: Provides anti-replay protection.

 Payload Data: The encrypted data.

 Padding (optional): Used for alignment or to hide the actual data length.

 Pad Length: Indicates the length of the padding.

 Next Header: Specifies the type of the next header after ESP.

 Authentication Data (optional): Contains the Integrity Check Value (ICV).

 4. & 7. Basic Combinations of Security Associations

 Transport Mode AH: AH protects the original IP header and payload.

 Transport Mode ESP: ESP protects the original IP payload.

 Tunnel Mode AH: AH protects the entire original IP packet, which is

encapsulated in a new IP header.

 Tunnel Mode ESP: ESP protects the entire original IP packet, which is
encapsulated in a new IP header.

5. IPsec Usage Scenario

 6. Tunnel Mode vs. Transport Mode ESP

 Transport Mode: ESP encrypts and authenticates only the IP payload, leaving
the original IP header unchanged. Used for end-to-end security between two
hosts.

 Tunnel Mode: ESP encrypts and authenticates the entire original IP packet,
which is then encapsulated in a new IP header. Used for securing
communication between networks (e.g., VPNs).

8. IKE Header and Payload Format

 IKE (Internet Key Exchange) is used to establish security associations.

 IKE Header:

 Initiator SPI: Identifies the IKE SA at the initiator.

 Responder SPI: Identifies the IKE SA at the responder.

 Next Payload: Indicates the type of the next payload.

 Version: Version of the IKE protocol.

 Exchange Type: Type of IKE exchange (e.g., Identity Protection, Authentication).

 Flags: Control bits for various options.

 Message ID: Uniquely identifies the IKE message.

 Length: Length of the entire IKE message.

IKE Payloads:

 IKE uses various payloads to exchange information during SA negotiation. Some

common payloads include:

 Security Association (SA): Proposes or accepts SA parameters.

 Key Exchange (KE): Exchanges key material for encryption.

 Nonce: Random values used for anti-replay protection.

 Identification (ID): Identifies the communicating peers.

 Certificate: Exchanges certificates for authentication.

 Authentication: Provides authentication data.