0% found this document useful (0 votes)
59 views11 pages

cb3491 Cryptography and Cyber Security B C

The document is a question bank for the CB3491 Cryptography and Cyber Security course at Anna University, covering various topics such as asymmetric cryptography, integrity, and authentication algorithms. It includes definitions, differences between cryptographic systems, explanations of attacks, and details on key exchange methods, digital signatures, and hash functions. Additionally, it contains questions for evaluation and understanding, alongside practical applications of cryptographic principles.

Uploaded by

nncecse 2017
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
59 views11 pages

cb3491 Cryptography and Cyber Security B C

The document is a question bank for the CB3491 Cryptography and Cyber Security course at Anna University, covering various topics such as asymmetric cryptography, integrity, and authentication algorithms. It includes definitions, differences between cryptographic systems, explanations of attacks, and details on key exchange methods, digital signatures, and hash functions. Additionally, it contains questions for evaluation and understanding, alongside practical applications of cryptographic principles.

Uploaded by

nncecse 2017
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

lOMoARcPSD|30021711

CB3491 Cryptography and Cyber Security B & C

Cryptography and cybersecurity (Anna University)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university


Downloaded by nncecse 2017 ([email protected])
lOMoARcPSD|30021711

Department of Computer Science Engineering


Question Bank (Category B & C)
CB3491 Cryptography and Cyber Security
UNIT III - Asymmetric Cryptography
1. Define replay attack (NOV/DEC 2011) (Remember)
A replay attack is one in which an attacker obtains a copy of an authenticated packet and later
transmits it to the intended destination. The receipt of duplicate authenticated IP packets may disrupt
service in some way or may have some other undesired consequence. The Sequence Number field is
designed to thwart such attacks.

2. Write the difference between public key and private key crypto systems? (APR/MAY 2012 &
APR/MAY 2017) (Analysis)
Private Key encryption uses a single key to both encrypt and decrypt messages. It must be present at
both the source and destination of transmission to allow the message to be transmitted securely and
recovered upon receipt at the correct destination.

Public key systems use a pair of keys, each of which can decrypt the messages encrypted by the other.
Provided one of these keys is kept secret (the private key), any communication encrypted using the
corresponding public key can be considered secure as the only person able to decrypt it holds the
corresponding private key.

3. State whether symmetric and asymmetric cryptographic algorithms need key exchange?
(APR/MAY 2014)(Analysis)
Key exchange is a method in cryptography by which cryptographic keys are exchanged between two
parties, allowing use of a cryptographic algorithm.

Symmetric encryption requires the sender and receiver to share a secret key. Asymmetric encryption
requires the sender and receiver to share a public key. If the cipher is a symmetric key cipher, both will
need a copy of the same key. If an asymmetric key cipher with the public/private key property, both
will need the other's public key.

4. List the Authentication requirements? (APR/MAY 2014) (NOV/DEC 2016)(Understand)


The authentication is provided for the following attacks
⮚ Disclosure
⮚ Traffic analysis
⮚ Masquerade
⮚ Content modification
⮚ Sequence modification
⮚ Timing Modification
⮚ Source repudiation
⮚ Destination Repudiation

5. What is Man in the Middle attack? (Remember)


This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the
composition of two functions such that the forward mapping of one through the first function is the
same as the inverse image of the other through the second function-quite literally meeting in the middle
of the composed function.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

6. What is the Fermat’s theorem? (Nov/Dec 2017)? (Remember)


Fermat’s theorem states the following: If p is prime and a is a positive integer not divisible by

p, then

7. What is the use of Fermat’s theorem? (Remember)


⮚ This theorem is central to the calculus method of determining maxima and minima: in one
dimension, one can find extreme by simply computing the stationary points (by computing the zeros of
the derivative), the non- differentiable points, and the boundary points, and then investigating this set to
determine the extreme.
⮚ One can do this either by evaluating the function at each point and taking the maximum, or
by analyzing the derivatives further, using the first derivative test, the second derivative test, or the
higher-order derivative test.
⮚ In dimension above 1, one cannot use the first derivative test any longer, but the second derivative
test and higher-order derivative test generalize.

8. What is an elliptic curve? (NOV/DEC 2016) (Remember)


The principle attraction of ECC compared to RSA, is that it appears to offer equal security for a far
smaller key size, thereby reducing processing overhead.

9. Define Euler’s phi function. (Remember)


Euler’s phi function φ(n) returns the number of integers from GCD 1 to n that are relatively prime to n.
The phi function is computed φ(n) using various methods. They are
⮚ If n is a prime number, then φ(n)=n-1.
⮚ If n is a composite number, then
• Find the prime factors of that number and compute the phi function value as used in Step 1.
otherwise,
• Find prime powers (Pa) of the given number n, for computing the phi value of prime powers we
have to use (Pa-Pa-1)
10. Mention any three Primality Testing Methods. (Remember)
 Naïve Algorithm
 Fermat’s Primality Test
 Miller-Rabin Primality Test

11. Write the formula for Encryption and Decryption in RSA. (Remember)
For Decryption C = Me mod n
For Encryption M = Cd mod n

12. Consider the RSA encryption method with p=11 and q=17 as the two primes. Find n and φ(n).
(Evaluate) [NOV/DEC 19]
n = p x q = 17 x 11 = 187
φ(n) = (p-1)(q-1) = (17-1)(11-1)
= 16 (10)
= 160.

13. Describe Chinese remainder theorem.(Understand)


The Chinese remainder theorem is a result about congruences in number theory and its
generalizations in abstract algebra. In its basic form, the Chinese remainder theorem will determine a
number n that when divided by some given divisors leave given remainders.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

14. Define Euler’s theorem and it’s application? (APRIL/MAY 18) (Remember)
Euler’s theorem states that for every a and n that is relatively prime:
Φ(n)
a ≡ 1 mod n

15. Define Euler’s totient function or phi function and their applications? (Remember)
The Euler’s totient function states that, it should be clear for a prime number p, Φ(p) = p-1

Part B & C Questions

1. Write short notes on Fermat’s theorem, Euler’s theorem and Chinese remainder theorem?
(NOV/DEC 2016) (Understand) Page No: 64

2. State Chinese Remainder theorem and find X for the given set of congruent equations Using
CRT. (NOV/DEC 2016)(Understand) Refer notes
X=2(mod 3)
X=3(mod 5)
X=2(mod 7)

3. Demonstrate Encryption and Decryption for the RSA algorithm parameters p=3, q=11, e=7, d=?,
M=5. (MAY/JUNE 2014)/ (NOV/DEC 2012) (APR/MAY 2019) (Analysis) Refer Notes.

4. Users A and B use the Diffie-Hellman key exchange technique with a common prime q=71 and a
primitive root a=7. If user A has private key XA=5, what is A’s public key YA?. (MAY/JUNE 2014)/
(MAY/JUNE 2013)( Analysis) Refer Notes.

5. With a neat sketch explain the Elliptic curve cryptography with an example. (APRIL/MAY 18)
(Understand) Page No: 330

6. Explain ElGamal public key cryptosystems with an example Page No: 319

7. Explain Diffie-Hellman Key exchange algorithm in detail (Remember) [NOV/DEC 19] Page No:
315

8. Users Alice and Bob use the Diffie-Hellman key exchange technique with a common prime q = 83
and a primitive root α= 5. (Analyze) Refer Notes.
• If Alice has a private key Xa = 6, what is Alice's public key?
• If Bob has a private key Xs = 10, what is Bob's public key?
• What is the shared secret key?

9. State Chinese Remainder theorem and find X for the given set of congruent equations using CRT.
(APR/MAY 2017) (Understand) Refer Notes.
X=2(mod 3)
X=1(mod 5)
X=1(mod 5)
X=3(mod 9)
X=4(mod 11)

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

UNIT IV - Integrity and Authentication Algorithms

1. What are the functions used to produce an authenticator? (APR/MAY 2019) (NOV/DEC
2009) (Remember)
The functions that are used to produce the message authenticator includes,
⮚ Message Encryption function
⮚ Message Authentication code
⮚ Hash Function

2. List the properties a digital signature should possess? (NOV/DEC 2009)


The digital signature must have the following properties:
⮚ It must verify the author and the date and time of the signature.
⮚ It must authenticate the contents at the time of the signature.
⮚ It must be verifiable by third parties, to resolve disputes

3. What do you mean by MAC? (Remember)


MAC is Message Authentication Code. It is a function of message and secret key which produce a
fixed length value called as MAC.
MAC = Ck(M)
Where M = variable length message K = secret key shared by sender and receiver. CK (M) = fixed
length authenticator.

4. What is meant by Hash function? (APRIL/MAY 18) (Remember)


A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash
value h = H(M). The principal objective of a hash function is data integrity. A change to any bit or bits
in M results, with high probability, in a change to the hash code. The kind of hash function needed for
security applications is referred to as a cryptographic hash function.

5. Mention the fundamental idea of HMAC. (APR/MAY 2009) (Remember)


The fundamental idea behind HMAC is to reuse the existing message digest algorithm such as MD5
and SHA – 1. It treats the message digest as a black box. Additionally it uses the shared symmetric key
to encrypt the message digest which produces the output MAC.

6. What do you mean by one way property in hash function? (APR/MAY 2011)(NOV/DEC
2012) (Remember)
The one way property of hash function indicates that it is easy to generate a code given a message,
but virtually impossible to generate a message given a code. This property is important if the
authentication technique involves the use of a secret value.
⮚ For any given value h, it is computationally infeasible to find x such that H(x) = h – one way
property.
⮚ For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x) – weak
collision resistance.
⮚ It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) – strong collision
property

7. What is weak collision Resistance? (APR/MAY 2013) (Remember)


For a hash value, h=H(x) we say that x is the pre image of h. That is x is a data block whose hash
function, using the function H, is h. Because H is a many-to-one mapping, for any given hash value h,
there will in general be multiple pre images. A collision occurs if we have x≠y and H(x) = H(y).The
weak collision resistance states that for any given block x, it is computationally infeasible to find y ≠ x
with H(y) = H(x).

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

8. Mention the significance of signature function in Digital Signature Standard (DSS) approach.
(NOV/DEC 2017) (Remember)
A digital signature is represented in a computer as a string of binary digits. A digital signature is
computed using a set of rules and a set of parameters such that the identity of the signatory and integrity
of the data can be verified.
An algorithm provides the capability to generate and verify signatures. Signature generation makes
use of a private key to generate a digital signature. Signature verification makes use of a public key
which corresponds to, but is not the same as, the private key.

9. How a digital signature differs from authentication protocols? (APRIL/MAY 18) (Remember)
MACs can be created from unkeyed hashes (e.g. with the HMAC construction), or created
directly as MAC algorithms.
A (digital) signature is created with a private key, and verified with the corresponding public key of
an asymmetric key-pair. Only the holder of the private key can create this signature, and normally
anyone knowing the public key can verify it. Digital signatures don't prevent the replay attack
mentioned previously.

10. Define the term message digest. (Understand) (NOV/DEC 2018)


A message digest is a cryptographic hash function containing a string of digits created by a one-way
hashing formula

11. Contrast various SHA algorithms. (Understand) (NOV/DEC 2018)

SHA-0: The original version of the 160-bit hash function published in 1993 under the name "SHA". It
was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the
slightly revised version SHA-1.

SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the
National Security Agency (NSA) to be part of the Digital Signature Algorithm.

SHA-2: A family of two similar hash functions, with different block sizes, known as SHA- 256 and
SHA-512. SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.

SHA-3: It supports the same hash lengths as SHA-2, and its internal structure differs significantly from
the rest of the SHA family.

12. What is the purpose of X.509 standard? (Remember)


X.509 defines framework for authentication services by the X.500 directory to its users.X.509
defines authentication protocols based on public key certificates.

13. What you mean by VeriSign certificate? (Understand)


Mostly used issue X.509 certificate with the product name “Verisign digital id”. Each digital id
contains owner’s public key,owners name and serial number of the digital id.

14. What is Kerberos? What are the uses? (Understand)


Kerberos is an authentication service developed as a part of project Athena at MIT.Kerberos provides a
centralized authentication server whose functions is to authenticate servers.

15. What entities constitute a full service in Kerberos environment? (Remember) [NOV/DEC 19]
A full service environment consists of a
Kerberos server,
Number of clients, and
Number of application servers.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

Part B & C Questions

1. Explain Digest signature algorithm (DSA) in detail. (APR/MAY 2009) (APR/MAY 2017)
(Understand) Page No: 429

2. Explain breifly about the architecture and certification mechanisms in kerberos and X.509.
(APRIL/MAY 18) (Understand) Page No: 483

3. Illustrate about SHA algorithm and explain? (NOV/DEC 2011) (APR/MAY 2013)
(NOV/DEC 2013) (NOV/DEC 2017) (Remember) Page No: 357

4. Suggest and explain about an authentication scheme for mutual authentication between the user
and the server which relies on symmetric encryption. Page No: 383

5. How Hash function algorithm is designed? Explain their features and properties. Page
No: 341

6. Describe digital signature algorithm and show how signing and verification is done using DSS.
Page No: 421

7. Consider a banking application that is expected to provide cryptographic functionalities. Assume


that this application is running on top of another application wherein the end customers can perform a
single task of fund transfer. The application requires cryptographic requirements based on the amount
of transfer.

Transfer Amount Cryptography Functions Required


1 – 2000 Message Digest
2001 – 5000 Digital Signature
5000 and above Digital Signature and Encryption

Suggest the security scheme to be adopted in client and server side to accommodate the above
requirements and justify your recommendations

8. i) Compare the uses of MAC and Hash function. Represent them using appropriate diagrams.
(Understand) [NOV/DEC 19] Page No: 381
ii) List down the advantages of MD5 and SHA Algorithm (Remember) [NOV/DEC 19] Page No: 355

9. Explain ElGamal public key crypto system with example. Page No: 424

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

UNIT V - Cyber Crimes and Cyber Security

1 Define cyber-crime?
Cyber-crime is defined as a crime in which a computer is the object of the crime (hacking, phishing,
spamming) or is used as a tool to commit an offense(child pornography, hate crimes). Internet
connected activities are as vulnerable to crime. Computer crime is any illegal activity that is perpetrated
through the use of a computer.

2 Which are the elements of cyber-crime?


Location/Place: Where offender is in relation to crime.
Victim: Target of offense-Government, corporation, organization, individual Offender: Who the
offender is in terms of demographics, motivation, level of sophistication?Action: What is necessary to
eliminate threat?

3 What is cyber security?


Cyber security is a potential activity by which information and other communication systems are
protected from and/or defended against the unaurhorized us or modification or exploitationor even theft.
Cyber security is a well-designed technique to protect computers, networks, different programs,
personal data, etc. from unauthorized access.

4 What are the classifications of cybercrimes?


Classifications of cybercrimes are email spoofing, cyber stalking, unauthorized access orcontrol over
the computer system and indecent exposure.

5. What is password sniffing?


Password sniffing is a type of network attack in which an attacker intercepts data packets thatinclude
passwords. The attacker then uses a password-cracking program to obtain the actual passwords from the
intercepted data.

6 What is virtual crime.


The term is a general term that covers crimes like phishing, credit card frauds, bank robbery,illegal
downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams,
cyber terrorism, creation and/or distribution of viruses, Spam and so on.

7. Explain Spyware.
Spyware is malicious software that enters a user's computer, gathers data from the device and user, and
sends it to third parties without their consent. A commonly accepted spyware definition is a strand of
malware designed to access and damage adevice without the user's consent.

8. What is SQL injection?

SQL injection is a code injection technique that might destroy your database. SQLinjection is one
of the most common web hacking techniques.

9. What is network access control?


Network access control (NAC) is a security solution that enforces policy on devices thataccess
networks to increase network visibility and reduce risk.

10. Define cloud computing.


Cloud computing is the on-demand delivery of IT resources over the Internetwith pay-as-you-go
pricing. Instead of buying, owning and maintaining.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

11. Write short note on key loggers.

Keyloggers, or keystroke loggers, are tools that record what a person types on a device. Whilethere are
legitimate and legal uses for keyloggers, many uses for keyloggers are malicious. In a keylogger attack,
the keylogger software records every keystroke on the victim's device andsends it to the attacker.

12. What is hardware key loggers?


It is a device that is used for recording the keystrokes. It starts its applications when it is been plugged
in. Now the information gets stored in the device. So to retrieve the data hackers/attackers have to
physically access that. Now there might be an option to retrievethe data from the hardware keylogger
remotely.

13. What is software keyloggers?


A keylogger is a form of malware or hardware that keeps track of and records your keystrokes as you
type. It takes the information and sends it to a hacker using a command-and-control (C&C) server.

14. What is web security?


Web security refers to protecting networks and computer systems from damage to or the theftof
software, hardware, or data. It includes protecting computer systems from misdirecting or disrupting the
services they are designed to provide.

15. Write about the fuel for cybercrimes?


A Botnet (also called as zombie network) is a network of computers infected with a malicious program
that allows cybercriminals to control the infected machines remotely without the users'knowledge.

16. What if Cyber Offenses?


Any criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cyber crimes. A generalized definition ofthe
cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”.

17. Discuss about legal perspectives of Cybercrimes?


In Simple way we can say that cybercrime is unlawful acts wherein the computer is either a tool or a
target or both. Cybercrimes can involve criminal activities that are traditional in nature, suchas theft,
fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

18. Discuss the strengthening WEP.


Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity(Wi-Fi)
standard, 802.11b. That standard is designed to provide a wireless local area network (WLAN) with a
level of security and privacy comparable to what is usually expected of a wired LAN.

19. Define Wireless Security.


Wireless network security is the process of designing, implementing and ensuring security on awireless
computer network. It is a subset of network security that adds protection for a wirelesscomputer
network. Wireless network security is also known as wireless.

20. Draw the security life cycle.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

21. Discuss Example of Cyber Crime.


Cybercrime refers to illegal activities conducted in cyberspace, targeting computer systems,networks,
and individuals for financial gain or disruption. These nefarious activities
include phishing, ransomware attacks, identity theft, hacking, and distributed denial-of-service(DDoS)
attacks, among others.

22. Define types of cyber-crime.


Cybercrime refers to illegal activities conducted in cyberspace, targeting computer systems,networks,
and individuals for financial gain or disruption. These nefarious activities
include phishing, ransomware attacks, identity theft, hacking, and distributed denial-of-service(DDoS)
attacks, among others.

24. Define salami attacks.


A salami attack is a cybercrime that attackers typically use to commit financial crimes. Criminalssteal
money or resources from financial accounts on a system one at a time. This attack occurs when several
minor attacks combine to form a powerful attack.

25. Define Internet time thefts.


Hacking the username and password of ISP of an individual and surfing the internet at his cost is
Internet Time Theft. It is a cyber attack in which the network is chocked and often collapsed by
flooding it with useless traffic and thus preventing the legitimate network traffic

26. What is Email bomb.


An email bomb is a means to perform a denial-of-service (DoS) attack on an email server. Email
bombing occurs when threat actors send tons of emails to a specific inbox to overwhelm it and its
corresponding server. The result? The target’s inbox and server cease to function.

27. What is web Jacking.


In simplest terms, when attackers illegally gain control of an organisation's or individual's website is
known as Web Jacking. The hackers implant a fake website, which, when you open it,
takes you to another fraudulent website, where the attackers try to extract sensitive information.

28. What is Hacking.


A commonly used hacking definition is the act of compromising digital devices and networks
through unauthorized access to an account or computer system. Hacking is not always a malicious act,
but it is most commonly associated with illegal activity and data theft by cybercriminals.

29. What are tool and methods in cyber crime.


Various types of Cyber crime attack modes are 1) Hacking 2) Denial Of Service Attack 3) Software
Piracy 4) Phishing 5) Spoofing. Some important tool use for preventing cyber attack are1)Kali Linux, 2)
Ophcrack, 3) EnCase, 4) SafeBack, 5) Data Dumber

30. What is meant by password cracking?


Password cracking is the process of using an application program to identify an unknown orforgotten
password to a computer or network resource.

Downloaded by nncecse 2017 ([email protected])


lOMoARcPSD|30021711

Part B & C Questions

1. What is SQL Injection & How to Prevent SQL INJECTION? Page No


2. Describe Classification of cybercrimes in details. (Page no: 5.8)
3. Describe Cybercrime Tools and Examples (Page no: 5.11)
4. Explain in details about Password Cracking. (Page no: 5.12)
5. What is a keylogger? Is a keylogger a virus? (Page no: 5.13)
6. Explain in details about Network Access control in details. (Page no: 5.17)
7. Explain details about web security what are the considerations used in web security.
(Page no: 5.12)
8. Explain cloud security? What are some cloud security challenges?
9. How to manage Wireless security in the cloud? Benefits of Wireless Security System.
(Page no: 5.26)

Downloaded by nncecse 2017 ([email protected])

You might also like