COMSATS University Islamabad,

Lahore Campus

□ Sessional-1 □ Sessional-II  Terminal Examination – SPRING 2021

Course Title: Information Security Course Code: CSC432 Credit Hours: 3(3,0)
Programme BS Software Engineering
Course Instructor/s: Dr. Amjad Ali
Name: BS Computer Science
Semester: Batch: Section: Date: 09-07-2021

Time Allowed: 3 Hour Maximum Marks: 100

Student’s Name: Reg. No.
Important Instructions / Guidelines:
 Answer all questions.
 Do not give multiple answers for a question. Clearly cross out what you do not want me to read.
 Do not use lead pencil.

Question 1: [(5+5) = 10 Marks]

Perform the Encryption and Decryption using the Rail Fence Cipher.
Plaintext: This is information security terminal exam
Key: 3
Note: Ignore the spaces between the text and also show the grids for both encryption and decryption

Question 2: [10 Marks]

Identify any legal values for the RSA Public and Private keys where P = 7 and Q = 3.
Note: You need to compute both the public and the private keys

Question 3: [5 Marks]
Compute the shared private keys (Ka and Kb) using the Diffie-Hellman key exchange algorithm based on the
following provided information.
P= 13 G= 7 a= 5 b= 7

Question 4: [5 Marks]
Discuss the SSL record protocol operations required for both the sender and the receiver.

Question 5: [10 Marks]

Show the initial exchanges required to establish a logical connection between the client and the server using SSL
handshake protocol.

Question 6: [10 Marks]

Bob wants to buy a shirt from Alice using his credit via an online shopping. He wants to keep the entire
transactions private. Suggest a solution to Bob and Alice to keep entire transactions private using the Public and
the Session Keys.

Question 7: Answer the following questions: [20 Marks]

1- How to generate and verify a digital signature?
2- How to secure transmission using digital signature?
3- Write all the necessary steps of SHA-1 algorithm to compute a message digest.
4- Write all necessary steps to perform one round of encryption using DES.

Page 1 of 2
Question 8: Kerberos involves three two-message exchanges: [(10+10+10) =30 Marks]
1. One between the client and the Key Distribution Center (KDC)
2. One between the client and the Ticket Granting Service (TGS)
3. One between the client and the server (S) chosen by the client.
In Kerberos v4, the initial communication between the client C and the KDC D goes like this:
1. C sends a ticket request containing C’s name and a TGS’s name T.
2. The KDC checks that both C and T are known to the system.
3. The KDC creates a ticket containing C’s and T’s names, C’s network address, the current time,
the lifetime of the ticket, and a session key KCT. This ticket is encrypted with T’s secret key
KDT known to both the key-distribution center D and the ticket-granting service T.
4. The reply to C consists of the ticket just described, T’s name, the current time, the lifetime of the
ticket, and the session key, all encrypted with C’s secret key KC. To keep messages that are
intended for one purpose from being mistakenly used for another, the plaintext of the encrypted
reply contains a constant string “krbtgt” identifying this as a ticket-granting ticket.
5. The client decrypts the reply and saves the ticket for use.

Answer the following questions:

a) Explain briefly, in general terms, the purpose of the each of the three exchanges (between the
client and KDC, client and TGS, and client and S).
b) Assume that the user’s password is not stored on the client machine, and the client’s key KC is
computed from the user’s password by a known function. Why is Kerberos more convenient, for
the human user, than a system in which the TGS is eliminated, and the client makes a Kerberos-
style request to the KDC for each server connection?
c) A Kerberos realm consists of a KDC, a TGS, a number of clients sharing keys with the KDC,
and a number of application servers sharing keys with the TGS. In cross-realm authentication, a
client.

Page 2 of 2