1

GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY LTPC

3 00 3
UNIT I INTRODUCTION & NUMBER THEORY 10
Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical
Encryption techniques (Symmetric cipher model, substitution techniques, transposition techniques,
steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields-Modular
arithmetic-Euclid‟s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers-Fermat‟s and
Euler‟s theorem-Testing for primality -The Chinese remainder theorem- Discrete logarithms.
UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY 10
Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced
Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography:
Principles of public key cryptosystems-The RSA algorithm-Key management - Diffie Hellman Key
exchange-Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES 8
Authentication requirement – Authentication function – MAC – Hash function – Security of hash
function and MAC –MD5 - SHA - HMAC – CMAC - Digital signature and authentication protocols –
DSS – EI Gamal – Schnorr.
UNIT IV SECURITY PRACTICE & SYSTEM SECURITY 8
Authentication applications – Kerberos – X.509 Authentication services - Internet Firewalls for
Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls - Firewall
designs - SET for E-Commerce Transactions. Intruder – Intrusion detection system – Virus and
related threats – Countermeasures – Firewalls design principles – Trusted systems – Practical
implementation of cryptography and security.
UNIT V E-MAIL, IP & WEB SECURITY 9
E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing keys
privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good
Privacy-S/MIME. IPSecurity: Overview of IPSec - IP and IPv6-Authentication Header-
Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE
Encoding). Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-PKI as
deployed by SSLAttacks fixed in v3- Exportability-Encoding-Secure Electronic Transaction (SET).
TOTAL: 45 PERIODS
TEXT BOOKS:
1. William Stallings, Cryptography and Network Security, 6th Edition, Pearson Education, March
2013. (UNIT I,II,III,IV).
2. Charlie Kaufman, Radia Perlman and Mike Speciner, “Network Security”, Prentice Hall of India,
2002. (UNIT V).
REFERENCES:
1. Behrouz A. Ferouzan, “Cryptography & Network Security”, Tata Mc Graw Hill, 2007.
2. Man Young Rhee, “Internet Security: Cryptographic Principles”, “Algorithms and Protocols”,
Wiley Publications, 2003.
3. Charles Pfleeger, “Security in Computing”, 4th Edition, Prentice Hall of India, 2006.
4. Ulysess Black, “Internet Security Protocols”, Pearson Education Asia, 2000.
5. Charlie Kaufman and Radia Perlman, Mike Speciner, “Network Security, Second Edition, Private
Communication in Public World”, PHI 2002.
6. Bruce Schneier and Neils Ferguson, “Practical Cryptography”, First Edition, Wiley Dreamtech
India Pvt Ltd, 2003.
7. Douglas R Simson “Cryptography – Theory and practice”, First Edition, CRC Press, 1995.
8. http://nptel.ac.in/

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 2
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

UNIT I – INTRODUCTION AND NUMBER THEORY

1. Specify the four categories of security threads?

n Interruption
n Interception
n Modification
n Fabrication

2. Explain active and passive attack with example?

Passive attack:
Monitoring the message during transmission.
Eg: Interception
Active attack:
It involves the modification of data stream or creation of false data stream.
E.g.: Fabrication, Modification, and Interruption

3. Define integrity and nonrepudiation?

Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person who denies the transaction is true or false.

4. Differentiate symmetric and asymmetric encryption?

Symmetric Asymmetric
It is a form of cryptosystem in which It is a form of cryptosystem in which
encryption and decryption performed encryption and decryption Performed
using the same key. using two keys.
Eg: DES, AES Eg: RSA, ECC

5. Define cryptanalysis? What is the role of cryptanalyst?

It is a process of attempting to discover the key or plaintext or both. In other words,
techniques used for deciphering a message without any knowledge of the enciphering
details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls
“breaking the code”. The area of cryptography and cryptanalyisi together are called
cryptology.

6. Compare stream cipher with block cipher with example.

Stream cipher:
Processes the input stream continuously and producing one element at a
time. Example: caeser cipher.
Block cipher:
Processes the input one block of elements at a time producing an output block
for each input block.
Example: DES.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 3
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

7. Define security mechanism

It is process that is designed to detect prevent, recover from a security attack.
Example: Encryption algorithm, Digital signature, Authentication protocols.

8. Differentiate unconditionally secured and computationally secured

An Encryption algorithm is unconditionally secured means, the condition is if the
cipher text generated by the encryption scheme doesn't contain enough information to
determine corresponding plaintext.
Encryption is computationally secured means,
1. The cost of breaking the cipher exceed the value of enough information.
2. Time required to break the cipher exceed the useful lifetime of information.

9. Define steganography
Hiding the message into some cover media. It conceals the existence of a message. this
is different from cryptography, which hides the meaning of a message but does not hide the
message itself.

10. List out the types of attacks on encrypted messages.

1. Ciphertext only
2. Known plaintext
3. Chosen Plaintext
4. Chosen Ciphertext
5. Chosen text

11. Define Encryption and Specify the components of encryption algorithm.

The process of converting from plaintext to cipher text.
1. Plaintext
2. Encryption algorithm
3. secret key
4. ciphertext
5. Decryption algorithm

12. Define confidentiality and authentication

Confidentiality:
It means how to maintain the secrecy of message. It ensures that the information
in a computer system and transmitted information are accessible only for reading by
authorized person.
Authentication
It helps to prove that the source entity only has involved the transaction.

13. Define cryptography.

It is a science of writing Secret code using mathematical techniques. The many
schemes used for enciphering constitute the area of study known as cryptography.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 4
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

14. Compare Substitution and Transposition techniques.

SUBSTITUTION TRANSPOSITION
*A substitution techniques is one in * It means, different kind of
which the letters of plaintext are replaced mapping is achieved by
by other letter or by number or symbols. performing some sort of
*Eg: Caeser cipher. permutation on the plaintext letters.
*Eg: DES, AES.

15. Define Diffusion & confusion.

Diffusion:
It means each plaintext digits affect the values of many ciphertext digits which is
equivalent to each ciphertext digit is affected by many plaintext digits. It can be achieved
by performing permutation on the data. It is the relationship between the plaintext and
ciphertext.
Confusion: It can be achieved by substitution algorithm is the relationship
between ciphertext and key.

16. Define Product cipher.

It means two or more basic cipher are combined and it produce the resultant
cipher is called the product cipher.

17. Define Avalanche effect.

A desirable property of any encryption algorithm is that a small change in either
the plaintext or the key produce a significant change in the ciphertext. In particular, a
change in one bit of the plaintext or one bit of the key should produce a change in many
bits of the ciphertext. If the change is small, this might provider a way to reduce the size
of the plaintext or key space to be searched.

18. What are the different Substitution Techniques are available?

1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Substitution
6. One Time Pad
7. Feistel Cipher

19. What are the design parameters of Feistal Cipher network?

*Block size
*Key size
*Number of Rounds
*Subkey generation algorithm
*Round function
*Fast software Encryption/Decryption
*Ease of analysis

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 5
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

20. Define Discrete Logarithms.

Discrete logarithms are fundamental to a number of public key algorithms,
including Diffie-Hellman key exchange and DSA.

21. Define Euler's theorem and it's application?

Euler's theorem states that for every a and n that qi-t relatively prime:

22. Define Euler's totient function or phi function and their applications?
The Euler's totient function states that it should be clear for a prime number p,
ɸ (p) = p-1

23. Describe in general terms an efficient procedure for picking a prime number?
The procedure for picking a prime number is as follows:
1.Pick an odd integer n at random (eg., using a pseudorandom number generator).
2.Pick an integer a<n at random.
3.Perform the probabilistic primality test, such as Miller-Rabin. If n fails the test,
reject the value n and go to step 1.
4.If n has passed a sufficient number of tests, accept n; otherwise , go to step 2.

24. Define Fermat Theorem?

Fermat Theorem states the following: If p is prime and a is a positive integer
not divisible by p, then
AP-1 = 1 mod p
25. Find gcd (1970, 1066) using Euclid's algorithm?
gcd (1970,1066) = gcd(1066,1970 irui 1)66)
= gcd(1066,904)
=2

UNIT II – BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY

1. Give the five modes of operation of Block cipher.

1. Electronic Codebook(ECB)
2. Cipher Block Chaining(CBC)
3. Cipher Feedback(CFB)
4. Output Feedback(OFB)
5. Counter(CTR)

2. State advantages of counter mode.

*Hardware Efficiency
*Software Efficiency
*Preprocessing
*Random Access
* Provable Security

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 6
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

*Simplicity.

3. Specify the design criteria of block cipher.

Number of rounds
Design of the function F
Key scheduling

4. Define Reversible mapping.

Each plain text is maps with the unique cipher text. This transformation is called
reversible mapping.

5. Specify the basic task for defining a security service.

A service that enhances the security of the data processing systems and the
information transfer of an organization. The services are intended to counter security
attack, and they make use of one or more security mechanism to provide the service.

6. What is traffic Padding? What is its purpose?

Traffic padding produces ciphertext output continuously, even in the
absence of the plain text. A continuous random data stream is generated. When plain text
is available, it is encrypted and transmitted. When input plaintext is not present, random
data are encrypted and transmitted. This makes it impossible to for an attacker to
distinguish between true dataflow and padding and therefore impossible :o deduce the
amount of traffic.

7. List the evaluation criteria defined by NIST for AES? The

Evaluation criteria for AES is as follows:
1.Security
2. Cost
3.Algorithm and implementation characteristics

8. What is Triple Encryption? How many keys are used in triple encryption?
Triple Encryption is a technique in which encryption algorithm is performed
three times using three keys.

9. Differentiate public key and conventional encryption?

Conventional Encryption
1. The same algorithm with the same Key is used for encryption and decryption
2. The sender and receiver must share The algorithm and the key
3. The key must be secret
4. It must be impossible or atleast impractical decipher a message if no other information is
available
Public key Encryption
1.One algorithm is used for encryption and decryption with a pair of keys, one for
encryption and another for decryption
2.The sender and receiver must each have one of the Matched pair of keys
3.One of two keys must be kept Secret
4. It must be impossible or to at least impractical to decipher a message if no other
information is available.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 7
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

5. Knowledge of the algorithm plus one of key plus samples of ciphertext must be
insufficient to determine the other key.
10. What are the principle elements of a public key cryptosystem?
The principle elements of a cryptosystem are:
1.plain text
2.Encryptionalgoritm
3.Public and private key
4.Cipher text
5.Decryption algorithm

11. What are roles of public and private key?

The two keys used for public-key encryption are referred to as the public key and the
private key. Invariably, the private key is kept secret and the public key is known
publicly. Usually the public key is used for encryption purpose and the private key is
used in the decryption side.

12. Specify the applications of the public key cryptosystem?

The applications of the public-key cryptosystem can classified as follows
1. Encryption/Decryption: The sender encrypts a message with the recipient's public
key.
2. Digital signature: The sender "signs" a message with its private key. Signing is
achieved by a cryptographic algorithm applied to a message or to a small block of
data that is a function of the message.
3. Key Exchange: Two sides cooperate to exchange a session key. Several different
approaches are possible, involving the private key(s) of one or both parties.

13. What requirements must a public key cryptosystem to fulfill to a secured

algorithm?
The requirements of public-key cryptosystem are as follows:
1. It is computationally easy for a party B to generate a pair(Public key KUb, Private
key KRb)
2. It is computationally easy for a sender A, knowing the public key and the message
to be encrypted , M, to generate the corresponding ciphertext:
C=EKUb(M)
3. It is computationally easy for the receiver B to decrypt the resulting
ciphertextusing the private key to recover the original message :
M=DKRb(C)=Dium[Exub(M)]
4. It is computationally infeasible for an opponent , knowing the public
key,KUb,todetermine the private key,KRb.
5.It is computationally infeasible for an opponent , knowing the public key,KUb, and
a ciphertext, C, to recover the original message,M.
6.The encryption and decryption functions can be applied in either order:
M=EKub [DxRb(M)]=Dxub [ExRb(M)]

14. What is a one way function?

One way function is one that map the domain into a range such that every
function value has a unique inverse with a condition that the calculation of the function is
easy where as the calculations of the inverse is infeasible.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 8
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

15. What is a trapdoor one way function?

It is function which is easy to calculate in one direction and infeasible to calculate
in other direction in the other direction unless certain additional information is known.
With the additional information the inverse can be calculated in polynomial time. It can
be summarized as: A trapdoor one way function is a family of invertible functions fk,
such that
Y= fk( X) easy, if k and X are known
-1
X=fk (Y) easy, if k and y are known
X= fk-1(Y) infeasible, if Y is known but. k is not known

16. List four general characteristics of schema for the distribution of the public key?
The four general characteristics for the distribution of the public key are
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificate

17. What is a public key certificate?

The public key certificate is that used by participants to exchange keys without contacting
a public key authority, in a way that is as reliable as if the keys were obtained directly
from the public-key authority. Each certificate contains a public key and other
information, is created by a certificate authority, and is given to a participant with the
matching private key.

18. What are essential ingredients of the public key directory?

The essential ingredient of the public key are as follows:
1.The authority maintains a directory with a {name, public key} entry for each
participant
2.Each participant registers a public key with the directory authority. Registration
would have to be in person or by some form of secure authenticated communication.
3.A participant may replace the existing key with a new one at a time ,either because
of the desire to replace a public key that has already been used for a large amount of
data, or because the corresponding private key has been comprised in some way.
4.Periodically, the authority publishes the entire directory or updates to the directory.
For example, a hard-copy version much like a telephone book could be published, or
updates could be listed in a widely circulated newspaper.
5.Participants could also access the directory electronically. Fui- this purpose, secure,
authenticated communication from the authority to the participant is mandatory.

19. What is the primitive root of a number?

We can define a primitive root of a number p as one whose powers generate all
the integers from 1 to p-1. That is p, if a is a primitive root of the prime number p then
the numbers.

20. Perform encryption and decryption using RSA Alg. for the following.
P=7; q=11; e=17; M=8.
Soln:
n = pq
n = 7*11=77

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 9
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

ii)(n)=(p-1) (q-1)
=6*10 = 60
e =17
d =27
C= Me mod n
C = 817 mod 77
= 57
M = Cd mod n
= 5727 mod 77
=8

21.What is an elliptic curve?

The principle attraction of ECC compared to RSA, is that it appears to offer equal
security for a far smaller key size, thereby reducing processing overhead.

22. Give features and weakness of Diffie Hellman?

FEATURES:
 Secret keys created only when needed.
 Exchange requires no preexisting infrastructure.
WEAKNESS:
nProvide no information about identities.
nIt is subjected to man in middle attack.

UNIT III – HASH FUNCTIONS AND DIGITAL SIGNATURES

1. What is message authentication?

It is a procedure that verifies whether the received message comes from assigned
source has not been altered. It uses message authentication codes, hash algorithms to
authenticate the message.

2. Define the classes of message authentication function.

Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a
fixed length value.
Hash function: Some function that map a message of any length to fixed lengthwhich
serves as authentication.

3. What are the requirements for message authentication?

The requirements for message authentication are
1. Disclosure: Release of message contents to any person or process not processing
the appropriate cryptographic key
2.Traffic Analysis: Discovery of the pattern of traffic between parties. In a
connection oriented application, the frequency and duration of connections could be
determined. In either a connection oriented or connectionless environment, the
number and length of messages between parties could be determined.
3.Masquerade: Insertion of messages into the network from a fraudulent source.
This includes the creation of messages by an opponent that are purported to come
from an authorized entity. Also included are fraudulent acknowledgements of
message receipt or no receipt by someone other than the message recipient.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 10
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

4.Content modification: Changes to the contents of a message , including

insertion, deletion, transposition, and modification.
5.Sequence modification: Any modification to a sequence of messages between
parties, including insertion, deletion, and modification.
6.Timing modification: Delay or replay of messages. In a connection oriented
application, an entire session or sequence of messages could be a replay of some
previous valid session, or individual messages in the sequence could be delayed or
replayed. In connectionless application, an individual message could be delayed or
replayed.
7.Source repudiation: Denial of transmission of message by source.
8.Destination repudiation: Denial of receipt of message by destination.

4. What you meant by hash function?

Hash function accept a variable size message M as input and produces a fixed size
hash code H(M) called as message digest as output. It the variation on the message
authentication code.

5. Differentiate MAC and Hash function?

MAC: In Message Authentication Code, the secret key shared by sender
and receiver. The MAC is appended to the message at the source
at a time which the message is assumed or known to be correct.
Hash Function: The hash value is appended to the message at the source
at time when the message is assumed or known to be correct. The
hash function itself not considered to be secret.
6. Any three hash algorithms.
MD5 (Message. Digest version 5) algorithm.
SHA _1 (Sec ire Hash Algorithm).
RIPEMD_160 algorithm.

7. What are the requirements of the hash function?

H can be applied to a block of data of any size.
H produces a fixed length output.
H(x) is relatively easy to compute for any given x, making both hardware and
software implementations practical.

8. What you meant by MAC?

MAC is Message Authentication Code. It is a function of message and secret key
which produce a fixed length value called as MAC.
MAC = Ck(M)
Where M = variable length message
K = secret key shared by sender and receiver.
CK(M) = fixed length authenticator.

9. Differentiate internal and external error control.

Internal error control:
In internal error control, an error detecting code also known as
frame check sequence or checksum.
External error control:

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 11
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

In external error control, error detecting codes are appended after

encryption.
10. What is the meet in the middle attack?
This is the cryptanalytic attack that attempts to find the value in each of
the range and domain of the composition of two functions such that the forward mapping
of one through the first function is the same as the inverse image of the other through the
second function-quite literally meeting in the middle of the composed function.

11. What is the role of compression function in hash function?

The hash algorithm involves repeated use of a compression function f, that
takes two inputs and produce a n-bit output. At the start of hashing the chaining variable
has an initial value that is specified as part of the algorithm. The final value of the
chaining variable is the hash value usually b>n; hence the term compression.

12. What is the difference between weak and strong cohision resistance?
Weak collision resistance Strong resistance collision
For any given block x, it is computationally It is computationally infeasible to find
infeasible to fine 34x with H(y)=H(x). any pair (x,y) such that H(x)=H(y)

It is proportional to 2n It is proportional to 211/2

13. Compare MD5, SHA1 And RIPEMD-160 algorithm.

MD5 SHA-1 RlPEMD160
Digest length 128 bits 160 bits 160 bits
Basic unit of
processing 512 bits 512 bits 512 bits
No of steps 64(4 rounds of 80 (4 rounds of 160 (5 paired rounds of 16)
16) 20)
Maximum ∞
message 264-1 bits 264-1 -1
Primitive logical
function 4 4 5
Additive 64 4 9
constants used
Endianess Little Endian Big Endian Little Endian

14. Distinguish between direct and arbitrated digital signature?

Direct digital signature
The direct digital signature involves
only the communicating parties.
This may be formed by encrypting the
entire message with the sender's private
key.
Arbitrated Digital Signature
The arbiter plays a sensitive and crucial
role in this digital signature.
Every signed message from a sender x to a
receiver y goes first to an arbiter A, who
subjects the message and its signature to a
number of tests to check its origin and
content.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 12
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

15. What are the properties a digital signature should have?

 It must verify the author and the data and time of signature.
 It must authenticate the contents at the time of signature.
 It must be verifiable by third parties to resolve disputes.

16. What requirements should a digital signature scheme should satisfy?

v The signature must be bit pattern that der ei:(Is on the message being signed.
v The signature must use some information unique to the sender, to prevent both
forgery and denial.
v It must be relatively easy to produce the digital signature.
v It must be relatively easy to recognize and verify the digital signature.
v It must be computationally infeasible to forge a digital signature, either by
constructing a new message for an existing digital signature or by constructing a
fraudulent digital signature for a given message.
v It must be practical to retain a copy of the digital signature in storage.

UNIT IV – SECURITY PRACTICE & SYSTEM SECURITY

1. Define Kerberos.
Kerberos is an authentication service developed as part of project Athena at MIT.
The problem that Kerberos address is, assume an open distributed environment in which
users at work stations wish to access services on servers distributed throughout the
network.

2. What is Kerberos? What are the uses?

Kerberos is an authentication service developed as a part of project Athena at
MIT.Kerberos provide a centralized authentication server whose functions is to
authenticate servers.

3. What 4 requirements were defined by Kerberos?

nSecure
nReliable
nTransparent
nScalable

4. In the content of Kerberos, what is realm?

A full service Kerberos environment consisting of a Kerberos server, a no. of
clients, no.of application server requires the following:
nThe Kerberos server must have user ID and hashed password of all participating
users in its database.
nThe Kerberos server must share a secret key with each server. Such an
environment is referred to as "Realm".

5. Assume the client C wants to communicate server S using Kerberos procedure. How can it
be achieved?
Dialogue between client 'C' , server 'S' and authentication server(AS) are given
below
a)C AS: [IDc || Pc || IDs]
b)A S C: Ticket

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 13
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

c) C S: [IDc || ADc || IDs]

Ticket = EKs [IDc || ADc || IDs]

Step 1: The user logon to workstation and request access to the server S. The
client module C in the workstation request user password and sends message to AS that
includes user ID(IDc), server ID(IDc) and its password.
Step 2: Now the AS verify users password against its password database, if it is valid. AS
sends the ticket to C that includes user ID(IDc), server ID(IDs) and the address of the
client workstation (ADc) are encrypted with key which is shared by both AS and
server(S).
Step 3: Now the client use the ticket to sere :.,' S, to send the message to S with DX to
access service.

6. What is the purpose of X.509 standard?

X.509 defines framework for authentication services by the X.500 directory to its
users.X.509 defines authentication protocols based on public key certificates.

7. List the 3 classes of intruder?

Classes of Intruders
 Masquerader
 Misfeasor
 Clandestine user

8. Define virus. Specify the types of viruses?

A virus is a program that can infect other program by modifying them the
modification includes a copy of the virus program, which can then go on to infect other
program.
Types:
1) Parasitic virus
2) Memory-resident virus
3) Boot sector virus
4) Stealth virus
5) Polymorphic virus

9. What is application level gateway?

An application level gateway also called a proxy server; act as a relay of
application-level traffic. The user contacts the gateway using a TCP/IP application, such
as Telnet or FTP, and the gateway asks the user for the name of the remote host to be
accessed.

10. List the design goals of firewalls?

 All traffic from inside to outside, and vise versa, must pass through the firewall.
 Only authorized traffic, as defined by the local security policy, will be allowed to
pass.
 The firewall itself is immune to penetration.

11. What you mean by Verisign certificate?

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 14
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Mostly used issue X.509 certificate with the product name" Verisign digital
id". Each digital id contains owner's public key, owner's name and serial number of the
digital id.

12. What are the types of Firewall?

1. Packet filtering router
2. Application level gateways
3. Circuit level gateways

13. Define Worm.

Worm is a program that replicates itself by installing copies of itself on other
machines across a network. for example, an email virus has some of its characteristics of s
work because it propagates itself from system to system.

14. What are the ways we prevent the viruses?

1. Detection (determine and locate) virus
2. Identification of virus
3. Removal of traces of virus

15. Define Intrusion detection and Give the intrusion detection techniques.
It is the act of detecting unwanted traffic on a network or a device.
Intrusion detection techniques:
1. Threshold detection
2. Anomaly detection
3. Rule based detection

16. What is dual signature? What it is purpose?

The purpose of the dual signature is to link two messages that intended for two
different recipients. To avoid misplacement of orders.

17. What are the participant of SET system?

 Card holder
 Merchant
 Issuer
 Acquirer
 Payment gateway
 Certification authority

18. What is logic bomb?

Logic embedded in a computer program that checks for a certain set of conditions to
be present on the system. When these conditions are met, it executes some functioning that
result in unauthorized actions.

19. What are the effects of malicious software? Write any two.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 15
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

The generic term for threats is malicious software or malware. Malware is software
designed to cause damage to or use up the resource of a target computer.
Ex. Trap Door and Trojan Horse.

20. Give the characteristics of Macro Viruses.

 A macro virus is platform independent virtually all of the macro viruses infect MS
Word documents.
 Macro viruses infect documents, not executable portions of code.
 Macro viruses are easily spread. A very common method is by electronic mail.

21. Define Zombie.

A zombie is a computer connected to the Internet that has been

compromised by a hacker, computer virus or trojan horse program and can be
used to perform malicious tasks of one sort or another under remote direction.

UNIT V – E-MAIL, IP & WEB SECURITY

1.What are the services provided by PGP services

 Digital signature
 Message encryption
 Compression
 E-mail compatibility
 Segmentation

2. Explain the reasons for using PGP?

a) It is available free worldwide in versions that run on a variety of platforms, including
DOS/windows, UNIX, Macintosh and many more.
b) It is based on algorithms that have survived extensive public review and are considered
extremely secure.
E.g.) RSA, DSS and Diffie-Hellman for public key encryption, CAST-128,
IDEA, 3DES for conventional encryption, SHA-lfor hash coding.
c) It has a wide range of applicability from corporations that wish to select and enforce a
standardized scheme for encrypting files and communication.
d) It was not developed by nor is it controlled by any governmental or standards
organization.

3. Why E-mail compatibility function in PGP needed?

Electronic mail systems only permit the use of blocks consisting of ASCII text. To
accommodate this restriction PGP provides the service converting the row 8-bit binary
stream to a stream of printable ASCII characters. The scheme used for this purpose is
Radix-64 conversion.

4. Name any cryptographic keys used in PGP?

a) One-time session conventional keys.
b) Public keys .

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 16
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

c) Private keys.
d) Pass phrase based conventional keys.

5. Define key Identifier?

PGP assigns a key ID to each public key that is very high probability unique with a
user ID. It is also required for the PGP digital signature. The key ID associated with
each public key consists of its least significant 64bits.

6. List the limitations of SMTP/RFC 822?

a) SMTP cannot transmit executable files or binary objects.
b) It cannot transmit text data containing national language characters.
c) SMTP servers may reject mail message over certain size.
d) SMTP gateways cause problems while transmitting ASCII and EBCDIC.
e) SMTP gateways to X.400 E-mail network cannot handle non textual data included in
X.400 messages.

7. Draw the diagram for PGP message transmission reception?

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 17
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

8. What is the general format for PGP message?

9. Define S/MIME?

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 18
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Secure/Multipurpose Internet Mail Extension(S/MIME) is a

security enhancement to the MIME Internet E-mail format standard,
based on technology from RSA Data Security.

10. What are the elements of MIME?

Five new message header fields are defined which may be
included in an RFC 822 header.
A number of content formats are defined.
Transfer encodings are defined that enable the conversion of
any content
format into a form that is protected from alteration by the
mail system.

11. What are the header's fields define in MIME?

 MIME version.
 Content type.
 Content transfer encoding.
 Content id.
 Content description.

12. Define Botnets.

A network of private computers infected with malicious

software and controlled as a group without the owners'
knowledge, e.g. to send spam.

13. What are the key algorithms used in S/MIME?

 Digital signature standards.
 Diffi Hellman.
 RSA algorithm.

14. Give the steps for preparing envelope data MIME?

 Generate K s .
 Encrypt K s using recipient's public key.
 RSA algorithm used for encryption.
 Prepare the 'recipient info block'.
 Encrypt the message using K s .

15.What are the function areas of IP security?

 Authentication
 Confidentiality
 Key management.

16. Give the application of IP security?

 Provide secure communication across private & public
LAN.
 Secure remote access over the Internet.
 Secure communication to other organization.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 19
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

17. What do you mean by Security Association? Specify Parameters

that identifies the Security Association?
 An association is a one-way relationship between a sender and
receiver that affords security services to the traffic carried
on.
 A key concept that appears in both the authentication and
confidentiality mechanism for IP is the security
association (SA).
A security Association is uniquely identified by 3 parameters:
 Security Parameter Index (SPI).
 IP Destination Address.
 Security Protocol Identifier.

18. What does you mean by Reply Attack?

 A replay attack is one in which an attacker obtains a
copy of an authenticated packet and later transmits it
to the intended destination.
 Each time a packet is send the sequence number is
incremented in the cc enter by the sender.

19. General format of IPsec ESP Format?

20. Differentiate Transport and Tunnel mode in IPsec?

Transport mode Tunnel Mode
1. Provide the protection for 1. Provide the protection for entire IP
upper layer protocol between two Packet.
hosts.
2. ESP in this mode encrypts and 2.ESP in this mode encrypt authenticate
optionally authenticates IP the entire IP packet.
Payload but not IP Header.
3.AH in this mode authenticate 3. AH in this mode authenticate the
the IP Payload and selected entire IP Packet plus selected portion of
portion of IP Header. outer IP Header.

21. What is Authentication Header? Give the format of the IPsec

Authentication Header?
It provides the authentication of IP Packet, so
authentication is based on the use of MAC.
Format of IPsec Authentication Header:

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 20
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

22. Define Transport Adjacency and Iterated Tunnel?

Transport Adjacency:
Apply authentication after encryption, two bundle
transport mode Security Association
o Inner SA (ESP_SA)
o Outer SA(AH_SA)
Iterated Tunnel:
Apply authentication before encryption, 2 SA are
combined,
o Inner Sa-AH transport mode.
o Outer Sa-ESP Tunnel mode.

23. Explain the format of ESP Transport Mode?

24. List the steps involved in SSL record protocol?

1.SSL record protocol takes application data as input
and fragments it.
2.Apply lossless Compression algorithm.
3.Compute MAC for compressed data.
4.MAC and compression message is encrypted using
conventional alg.

25. Give SSL record format?

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 21
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

26. What are the different between SSL version 3 and TLS?
SSL TLS
* In SSL the minor version is 0 and * In TLS, the major
version is 3 and the
the major version is 3 minor version is 1.
* SSL use HMAC alg., except that * TLS makes use of the
same alg.
the padding bytes concatenation.
* SSL supports 12 various alert codes. * TLS supports all of the
alert codes defined in
SSL3 with the exception
of no _ certificate.

27. What is mean by SET? What are the features of SET?

Secure Electronic Transaction (SET) is an open encryption
and security specification designed to protect credit card
transaction on the internet.
Features are:
1. Confidentiality of information
2. Integrity of data
3. Cardholder account authentication
4. Merchant authentication

28. What are the steps involved in SET

Transaction?
1 The customer
opens an account
2. The customer receives a certificate
3. Merchants have their own certificate
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant requests payment authorization.
8. The merchant confirm the order.
9. The merchant provides tte goods or services.
10. The merchant requeF is payment.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 22
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

PART – B
UNIT I – INTRODUCTION AND NUMBER THEORY

1. Explain OSI security architecture model with neat diagram.

2. Explain the Substitution encryption techniques in detail.
3. Write about any two classical crypto systems (substitution and
transposition) with suitable examples.
4. State and derive:
a. Fermat's theorem and find 321 mod 11
b. Euler's theorem to find gcd.
5. Explain any two classical ciphers and also describe their security
limitations.
6. Describe Linear Feedback Shift Registers Sequences and Finite
Fields with their application in cryptography.
7. State Chinese Remainder Theorem and find X for the given set of
congruent equations using CRT. X=2 (mod 3); X=3 (mod 5); X=2
(mod 7).
8. Define Euclid’s algorithm. Brief about the algorithm.

UNIT II – BLOCK CIPHERS & PUBLIC KEY

CRYPTOGRAPHY

1. Explain Data Encryption Standard (DES) in detail.

2. Write down the Triple DES algorithm and explain with neat
diagram.
3. Explain AES algorithm with all its round functions in detail.
4. Explain the RSA algorithm in detail. For the given values. trace
the sequence of calculations in RSA. P=7, q=13, e=5 and M=10.
5. Demonstrate encryption and decryption for the RSA algorithm
parameters: p = 3, q = 11, e = 7, d = ?, M 5.
6. Briefly explain Diffie-Hellman Key Exchange with one suitable
example.
7. Users A and B use the Diffie-Hellman key exchange technique
with a common prime q = 71 and a primitive root a=7. If user A
has private key XA = 5, what is A's public key YA?

UNIT III – HASH FUNCTIONS AND DIGITAL SIGNATURES

1. Explain ElGamal public key cryptosystems with an example.

2. Explain Secure Hash in detail.
3. Explain Digital Signature Standard with necessary diagrams in
detail.
4. Describe MD5 algorithm in detail. Compare its performance with
SHA-1.
5. Explain about secure hash algorithm (SHA) in detail.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 23
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

6. What are the properties of hashing function in cryptography?

7. Explain digital signaturing with ElGamal public key
cryptosystem.
8. Explain the following hash functions:
a. MAC
b. HMAC
c. CMAC

UNIT IV – SECURITY PRACTICE & SYSTEM SECURITY

1. Explain Kerberos Version 4 in detail.

2. Elaborately explain Kerberos authentication mechanism with
suitable diagrams.
3. Explain statistical anomaly detection and rule based intrusion
detection.
4. Describe any two advanced anti-virus techniques in detail.
5. Discuss about X.509 authentication service in detail.
6. Write about virus and related threats in detail.
7. Write brief notes on the following :
a. Classification of viruses
b. Worm Counter measures.
8. Explain briefly about trusted system.
9. Write short notes on Firewalls and Viruses.
10. Explain the characteristics and types of firewalls.
11. Explain how SET is use for E-commerce for secure transactions.

UNIT V – E-MAIL, IP & WEB SECURITY

1. Explain Pretty Good Privacy in detail.

2. Explain Secure Socket Layer (SSL) in detail.
3. Explain about S/MIME in detail.
4. Discuss in detail about the IP and IPv6 security standards.
5. Explain the various Internet Key Exchange schemes.
6. Write short notes about Web security and SET.
7. Explain about the PKI.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 24
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 25
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 26
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 27
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

10. What is the advantage of Intrusion detection system over firewall?

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 28
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 29
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 30
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 31
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

 32
GRT INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY