cns final
-
Upload
anita-martin -
Category
Documents
-
view
456 -
download
2
Transcript of cns final
JERUSALEM COLLEGE OF ENGINEERING
DEPARTMENT OF INFORMATION TECHNOLOGY
QUESTION BANK- Unit – I
Subject : CS-2352 -Cryptography and Network Security
Year/Sem. : III/VI
Staff Name : X. Anita
Part – A
1. What is cryptanalysis and cryptography?(Dec-2009)
Cryptanalysis:
It is a process of attempting to discover the key or plaintext or both
Cryptography:
It is a science of writing Secret code using mathematical techniques. The many
schemes used for enciphering constitute the area of study known as cryptography
2. Define threat and attack.(Dec-2009)
Threat: Potential for violation of security.
Attack: Assault on system security that derives from an intelligent threat.
3. How will you perform attack on Hill Cipher?(Dec-2010)
4. What is the disadvantage of one time pad encryption algorithm?(April-2008)
There is a practical problem of making large quantities of random keys.
Key distribution and protection is major problem.
5. When an encryption algorithm is said to be computationally secure?(April-2007)
Encryption is computationally secured means,
1. The cost of breaking the cipher exceed the value of enough information.
2. Time required to break the cipher exceed the useful lifetime of information.
6. Give any four names of substitution techniques(April-2007)
Ceaser cipher, monoalphabetic cipher, playfair cipher, hill cipher
7. What are the services defined by x.800?(April-2007)
Authentication
Access control
Data confidentiality
Data integrity
Non repudiation.
8. What are the types of attacks on encrypted message.(Nov-2007)
Cipher text only
Known plain text
Chosen plain text
Chosen cipher text
Chosen text
9. Find gcd(56,86) using euclid’s algorithm.(Nov-2007)
q q1 q2 r
1 86 56 30
1 56 30 26
1 30 26 4
6 26 4 2
2 4 2 0
Gcd(56, 86) = 2
10. What are the key principles of security? (May-2009)
Security mechanism usually involve more than a particular algorithm or protocol.
11. How does simple columnar transposition work?(May-2009)
Key specifies the order in which the scrambling to be done.
12. Show that 3 is a primitive root of 7(May-2009)
All resultants of 3n mod 7 is a non zero value. So 3 is a primitive root of 7.
13. What for the Miller Rabin algorithm is used?(April-2008)
Test the primality of a large number.
14. Find the GCD of 2740 and 1760 using Euclidian algorithm.(May-2009)
q q1 q2 r
1 2740 1760 980
1 1760 980 780
1 980 780 200
3 780 200 180
1 200 180 20
9 180 20 0
Gcd(2740, 1760) = 20
15. Briefly define the Caesar cipher.
Each character in plain text is replaced by a letter that is 3 places down the alphabet to form
the cipher text.
16. What is the difference between a block cipher and a stream cipher?
Block cipher- Plain text is processed as a block of bits.
Stream cipher- Plain text is processed as a stream of bits.
17. What are the two approaches to attacking a cipher?
Cryptanalysis and Brute force attack.
18. Which parameters and design choices determine the actual algorithm of
a feistel cipher?
Block size, key size, number of rounds, subkey generation algorithm, round function, ease
of analysis.
19. Explain active and passive attack with example?
Passive attack:
Monitoring the message during transmission.
Eg: Interception
Active attack:
It involves the modification of data stream or creation of false data stream.
E.g.: Fabrication, Modification, and Interruption
20. Differentiate symmetric and asymmetric encryption?
Symmetric encryption – Same key is used for encryption and decryption.
Assymmetric encryption – Different keys for encryption and decryption.
20. Define Fermat Theorem.
If P is prime and a is a positive integer not divisible by P, then
a P-1 =1 mod P.
21. Write a note on modular exponentiation.
Exponentiation is performed by repeated multiplication as in ordinary arithmetic.
22. What for finite fields are used?
Finite fields is used in designing cryptographic algorithm.
23. Define Euler's theorem and its applications.
Euler’s theorem states that every a and n are relatively prime.
aΦ(n)=1(mod n)
Part – B
1. Explain the OSI security architecture along with the services available(16)(Dec-2009)
The OSI security architecture focuses on security attacks,mechanisms,and services. These
can be defined briefly as follows:
• Security attack: Any action that compromises the security of information owned by an
organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent,or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms
to provide the service
Security Attack
any action that compromises the security of information owned by an organization
often threat & attack used to mean same thing
generic types of attacks:
◦ Passive
◦ Active
Security Service
◦ enhance security of data processing systems and information transfers of an
organization
◦ intended to counter security attacks
◦ using one or more security mechanisms
◦ often replicates functions normally associated with physical documents
which, for example, have signatures, dates; need protection from disclosure,
tampering, or destruction; be notarized or witnessed; be recorded or licensed
◦ Authentication - assurance that the communicating entity is the one claimed
◦ Access Control - prevention of the unauthorized use of a resource
◦ Data Confidentiality –protection of data from unauthorized disclosure
◦ Data Integrity - assurance that data received is as sent by an authorized entity
◦ Non-Repudiation - protection against denial by one of the parties in a communication
Security Mechanism
feature designed to detect, prevent, or recover from a security attack
no single mechanism that will support all services required
however one particular element underlies many of the security mechanisms in use:
◦ cryptographic techniques
2. Given the key "MONARCHY" apply play fair to pain text "FACTIONALISM" to ensure
confidentially at the destination, decrypt the ciphertext and establish authenticity(8)(Dec-
2009)
Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Encrypting and Decrypting
plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X’
2. if both letters fall in the same row, replace each with letter to right(wrapping back to
start from end)
3. if both letters fall in the same column, replace each with the letter below it (again
wrapping to top from bottom)
4. otherwise each letter is replaced by the letter in the same row and in the column of
the other letter of the pair
Security of Playfair Cipher
security much improved over monoalphabetic
since have 26 x 26 = 676 digrams
would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic)
and correspondingly more ciphertext
was widely used for many years
◦ eg. by US & British military in WW1
it can be broken, given a few hundred letters
since still has much of plaintext structure
3. Explain the concept of monoalphabetic cipher and polyalphabetic
substitution ciphers with examples. (16)(Dec-2010)
Monoalphabetic Cipher
rather than just shifting the alphabet
could shuffle (jumble) the letters arbitrarily
each plaintext letter maps to a different random ciphertext letter
hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
now have a total of 26! = 4 x 1026 keys
problem is language characteristics
Polyalphabetic Ciphers
polyalphabetic substitution ciphers
improve security using multiple cipher alphabets
make cryptanalysis harder with more alphabets to guess and flatter frequency distribution
use a key to select which alphabet is used for each letter of the message
use each alphabet in turn
repeat from start after end of key is reached
4. Write in detail about LFSR sequence.(16)
A linear feedback shift register (LFSR) is a shift register whose input bit is a linear func-
tion of its previous state.
The only linear function of single bits is xor, thus it is a shift register whose input bit is
driven by the exclusive-or (xor) of some bits of the overall shift register value.
The initial value of the LFSR is called the seed, and because the operation of the register is
deterministic, the stream of values produced by the register is completely determined by its
current (or previous) state. Likewise, because the register has a finite number of possible
states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen
feedback function can produce a sequence of bits which appears random and which has a
very long cycle.
Applications of LFSRs include generating pseudo-random numbers, pseudo-noise se-
quences, fast digital counters, and whitening sequences. Both hardware and software imple-
mentations of LFSRs are common.
intercept and recover a stretch of LFSR output stream used in the system described, and from that
stretch of the output stream can construct an LFSR of minimal size that simulates the intended re-
ceiver by using the Berlekamp-Massey algorithm. This LFSR can then be fed the intercepted stretch
of output stream to recover the remaining plaintext.
Three general methods are employed to reduce this problem in LFSR-based stream ciphers:
Non-linear combination of several bits from the LFSR state;
Non-linear combination of the output bits of two or more LFSRs (see also: shrinking gener-
ator); or
Irregular clocking of the LFSR, as in the alternating step generator.
5. When do you say an algorithm in computationally secure ? Can you suggest an encryption
scheme which is unconditionally secure? Explain(8)(Dec-2010)
6. How are arithmetic operations on integers carried out from their residues modulo a set of
pair wise relatively prime moduli? Give the procedure to reconstruct the integers from the
residues.(8)
7. Explain classical cryptographic techniques in detail.(16)
Classical Substitution Ciphers
letters of plaintext are replaced by other letters or by numbers or symbols
plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit
patterns with cipher text bit patterns
Caesar Cipher
earliest known substitution cipher
first attested use in military affairs
replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)
Vigenère Cipher
simplest polyalphabetic substitution cipher
effectively multiple caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith letter specifies ith alphabet to use
use each alphabet in turn
repeat from start after d letters in message
decryption simply works in reverse
Autokey Cipher
ideally want a key as long as the message
Vigenère proposed the autokey cipher
with keyword is prefixed to message as key
knowing keyword can recover the first few letters
use these in turn on the rest of the message
but still have frequency characteristics to attack
eg. given key deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
One-Time Pad
if a truly random key as long as the message is used, the cipher will be secure
called a One-Time pad
is unbreakable since ciphertext bears no statistical relationship to the plaintext
since for any plaintext & any ciphertext there exists a key mapping one to other
can only use the key once though
problems in generation & safe distribution of key
8. Write short notes on security services. (8)
Security Service
◦ enhance security of data processing systems and information transfers of an
organization
◦ intended to counter security attacks
◦ using one or more security mechanisms
◦ often replicates functions normally associated with physical documents
which, for example, have signatures, dates; need protection from disclosure,
tampering, or destruction; be notarized or witnessed; be recorded or licensed
◦ Authentication - assurance that the communicating entity is the one claimed
◦ Access Control - prevention of the unauthorized use of a resource
◦ Data Confidentiality –protection of data from unauthorized disclosure
◦ Data Integrity - assurance that data received is as sent by an authorized entity
◦ Non-Repudiation - protection against denial by one of the parties in a communication
Jerusalem College of Engineering
Department of Information Technology
Subject : IT2352-Cryptography and Network Security
Year/Sem :III/VI Name of the Faculty: X.Anita
Unit – II
Part – A
1. When the number of rounds in DES is less, what kind of cryptanalysis is easier?(Nov-2010)
Differential cryptanalysis is easier.
2. State how timing attack in RSA can be avoided.(Nov-2010)
Constant exponentiation time, random delay, blinding.
3. If a bit error occurs in plain text block p1,how far does the error propagate in CBC mode of
DES?(May-2008)
In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and
that will be used along with P2 and hence a bit error in P1 will cause the error to propagate
through out the process but it is not so in CBS mode.
4. What is the role of a primitive root in Diffie-Hellman Key exchange?(Nov-2010)
In key generation.
5. Identify any two applications where one way authentication is necessary.
E-mail, Kerberos protocol, X.509 protocol
6. If a bit error occurs in plain text block P1, how far does the error propagate in CBS mode of
DES and 8-bit CFB mode of DES?(Nov-2008)
In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and
that will be used along with P2 and hence a bit error in P1 will cause the error to propagate
through out the process but it is not so in CBS mode.
10. Define Diffusion & confusion.
Diffusion: Statistical structure of the plaintext is dissipated into long-range statistics of cipher
text.
Confusion: Relationship between cipher text and key is made complex.
11. How is the S-box constructed?(Nov-2007)
S-box is initialized with nibble value. Treat each nibble as an element of finite field GF
(24)modulo x4+x+1.
12. Briefly describe the Key Expansion Algorithm.
AES key expansion algorithm takes as input a 4 word key and produce a linear array of 44
words. Key is copied into first 4 words of the encrypted key. Remaining key is filled in 4
words at a time.
13. List the evaluation criteria defined by NIST for AES?
Security, cost, algorithm and implementation characteristics.
14. What is a one way function?
Used to test the primality of larger prime number.
15. What for the Miller Rabin algorithm is used?(May-2008)
General security, Software implementation, Restricted space environment, hardware imple-
mentation, attacks on implementation.
Part – B
1. Given 10bit key k=1010000010. determine K1,K2 where
P10= 3 5 2 7 4 10 1 9 8 6 p8 = 6 3 7 4 8 5 10 9
by using SDES key generation method.(10)(Nov-2009)
2. Apply public key encryption to establish confidentiality in the message from A to B. you are
given m=67. KU={7,187}, KR={23,187}.(8)(Nov-2009)
3. In AES,explain how the encryption key is expanded to produce keys for the10 rounds.(May-
2008)
AES Key Expansion
takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words
start by copying key into first 4 words
then loop creating words that depend on values in previous & 4 places back
◦ in 3 of 4 cases just XOR these together
◦ 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th
back
Key Expansion Rationale
designed to resist known attacks
design criteria included
◦ knowing part key insufficient to find many more
◦ invertible transformation
◦ fast on wide range of CPU’s
◦ use round constants to break symmetry
◦ diffuse key bits into round keys
◦ enough non-linearity to hinder analysis
◦ simplicity of description
4. What are the relative merits and demerits of block cipher modes of operations ? (8) (Nov-
2010)
Modes of Operation
Electronic Codebook Book (ECB):
message is broken into independent blocks which are encrypted
each block is a value which is substituted, like a codebook, hence name
each block is encoded independently of the other blocks
Ci = DESK1(Pi)
uses: secure transmission of single values
Advantages and Limitations of ECB
message repetitions may show in ciphertext
◦ if aligned with message block
◦ particularly with data such graphics
◦ or with messages that change very little, which become a code-book analysis
problem
weakness is due to the encrypted message blocks being independent
main use is sending a few blocks of data
Cipher Block Chaining (CBC):
message is broken into blocks
linked together in encryption operation
each previous cipher blocks is chained with current plaintext block, hence name
use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
uses: bulk data encryption, authentication
Advantages and Limitations of CBC
a ciphertext block depends on all blocks before it
any change to a block affects all following ciphertext blocks
need Initialization Vector (IV)
◦ which must be known to sender & receiver
◦ if sent in clear, attacker can change bits of first block, and change IV to compensate
◦ hence IV must either be a fixed value (as in EFTPOS)
◦ or must be sent encrypted in ECB mode before rest of message
Cipher FeedBack (CFB):
message is treated as a stream of bits
added to the output of the block cipher
result is feed back for next stage (hence name)
standard allows any number of bit (1,8, 64 or 128 etc) to be feed back
◦ denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
most efficient to use all bits in block (64 or 128)
Ci = Pi XOR DESK1(Ci-1)
C-1 = IV
uses: stream data encryption, authentication
Advantages and Limitations of CFB
appropriate when data arrives in bits/bytes
most common stream mode
limitation is need to stall while do block encryption after every n-bits
note that the block cipher is used in encryption mode at both ends
errors propogate for several blocks after the error
Output FeedBack (OFB):
message is treated as a stream of bits
output of cipher is added to message
output is then feed back (hence name)
feedback is independent of message
can be computed in advance
Ci = Pi XOR Oi
Oi = DESK1(Oi-1)
O-1 = IV
uses: stream encryption on noisy channels
Advantages and Limitations of OFB
bit errors do not propagate
more vulnerable to message stream modification
a variation of a Vernam cipher
◦ hence must never reuse the same sequence (key+IV)
sender & receiver must remain in sync
originally specified with m-bit feedback
subsequent research has shown that only full block feedback (ie CFB-64 or CFB-128)
should ever be used
Counter (CTR):
a “new” mode, though proposed early on
similar to OFB but encrypts counter value rather than any feedback value
must have a different key & counter value for every plaintext block (never reused)
Ci = Pi XOR Oi
Oi = DESK1(i)
uses: high-speed network encryptions
Advantages and Limitations of CTR:
efficiency
◦ can do parallel encryptions in h/w or s/w
◦ can preprocess in advance of need
◦ good for bursty high speed links
random access to encrypted data blocks
provable security (good as other modes)
but must ensure never reuse key/counter values, otherwise could break (cf OFB)
5. Explain types of attacks on double DES and triple DES.
Double-DES
could use 2 DES encrypts on each block
◦ C = EK2(EK1(P))
issue of reduction to single stage
and have “meet-in-the-middle” attack
◦ works whenever use a cipher twice
◦ since X = EK1(P) = DK2(C)
◦ attack by encrypting P with all keys and store
◦ then decrypt C with keys and match X value
◦ can show takes O(256) steps
Triple-DES with Three-Keys
although are no practical attacks on two-key Triple-DES have some indications
can use Triple-DES with Three-Keys to avoid even these
◦ C = EK3(DK2(EK1(P)))
has been adopted by some Internet applications, eg PGP, S/MIME
6. Explain briefly about public key cryptography (8 )(May-2007)
Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use of two keys:
◦ a public-key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
◦ a private-key, known only to the recipient, used to decrypt messages, and sign
(create) signatures
is asymmetric because
◦ those who encrypt messages or verify signatures cannot decrypt messages or create
signatures
Public-Key Characteristics:
Public-Key algorithms rely on two keys where:
◦ it is computationally infeasible to find decryption key knowing only algorithm &
encryption key
◦ it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key
is known
◦ either of the two related keys can be used for encryption, with the other used for
decryption (for some algorithms)
7. Discuss in detail RSA algorithm , highlighting its computational aspect and security.(Nov-
2007)
RSA Key Setup
each user generates a public/private key pair by:
selecting two large primes at random - p, q
computing their system modulus n=p.q
◦ note ø(n)=(p-1)(q-1)
selecting at random the encryption key e
where 1<e<ø(n), gcd(e,ø(n))=1
solve following equation to find decryption key d
◦ e.d=1 mod ø(n) and 0≤d≤n
publish their public encryption key: PU={e,n}
keep secret private decryption key: PR={d,n}
RSA Key Generation
users of RSA must:
◦ determine two primes at random - p, q
◦ select either e or d and compute the other
primes p,q must not be easily derived from modulus n=p.q
◦ means must be sufficiently large
◦ typically guess and use probabilistic test
exponents e, d are inverses, so use Inverse algorithm to compute the other
RSA Security
possible approaches to attacking RSA are:
◦ brute force key search (infeasible given size of numbers)
◦ mathematical attacks (based on difficulty of computing ø(n), by factoring modulus n)
◦ timing attacks (on running of decryption)
◦ chosen ciphertext attacks (given properties of RSA)
Factoring Problem
mathematical approach takes 3 forms:
◦ factor n=p.q, hence compute ø(n) and then d
◦ determine ø(n) directly and compute d
◦ find d directly
currently believe all equivalent to factoring
◦ have seen slow improvements over the years
as of May-05 best is 200 decimal digits (663) bit with LS
◦ biggest improvement comes from improved algorithm
cf QS to GHFS to LS
◦ currently assume 1024-2048 bit RSA is secure
ensure p, q of similar size and matching other constraints
Timing Attacks
exploit timing variations in operations
◦ eg. multiplying by small vs large number
◦ or IF's varying which instructions executed
infer operand size based on time taken
RSA exploits time taken in exponentiation
countermeasures
◦ use constant exponentiation time
◦ add random delays
◦ blind values used in calculations
8. Perform decryption and encryption using RSA algorithm with p=3 q=11 e=7 and N=5.(Nov-
2007)
Phi(n)=(p-1)(q-1)
=2(10)=20
E=7
D=3
PU={7,33}
C=57 mod 33=14
M=143 mod 33=5
9. Draw the general structure of DES and explain the encryption decryption process(10).(May-
2009)
DES Encryption Overview
10. Mention the strengths and weakness of DES algorithm. (6)(May-2009)
Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values
brute force search looks hard
recent advances have shown is possible
◦ in 1997 on Internet in a few months
◦ in 1998 on dedicated h/w (EFF) in a few days
◦ in 1999 above combined in 22hrs!
still must be able to recognize plaintext
must now consider alternatives to DES
Strength of DES – Analytic Attacks
now have several analytic attacks on DES
these utilise some deep structure of the cipher
◦ by gathering information about encryptions
◦ can eventually recover some/all of the sub-key bits
◦ if necessary then exhaustively search for the rest
generally these are statistical attacks
include
◦ differential cryptanalysis
◦ linear cryptanalysis
◦ related key attacks
Weakness of DES
Prone to cryptanalysis attack.
Jerusalem College of Engineering
Department of Information Technology
Subject : IT2352-Cryptography and Network Security
Year/Sem :III/VI Name of the Faculty: X.Anita
UNIT-III
Part-A
1. List the properties a digital signature should possess?(Nov-2009)
It must verify the author , the date and time of the signature.
It must authenticate the contents of time of the signature.
It must be verifiable by third parties to resolve disputes.
2. what are the functions used to produce an authenticator?(Nov-2009)
Messge authentication code, encryption algorithm, hash function.
3. Why the leading two octets of message digest are stored in PGP message along with
encrypted message digest?(May-2008)
Leading 2 octets of message digest is stored in PGP message is to enable the recipient to de-
termine if the correct public key was used to decrypt the message digest for authenticate.
4. State any two advantages of Oakley key determination protocol over Diffie Hellman key
exchange protocol.(May-2008)
It employs a mechanism known as to thwart logging attacks.
It authenticates the Diffie Hellman exchange to thwart man in the middle attck.
5. Define the one way property to be possessed by any hash function.(Nov-2008)
For any given h1, it is computational, infeasibility to find x such that H(x)= h. This is some-
times referred to in the literature as the one way property.
6. What is the purpose of Diffie-Hellman algorithm?(May-2007)
Purpose of Diffie Hellman is to enable two users to securely exchange a key that can be
used for subsequent encryption of message. The algorithm itself is limited to the exchange
of secret values.
7. Define man in the middle attack(May-2007)
Advercery intercept messages and then send its own fabricated message.
10. List design objectives for HMAC(May-2007)
To allow easy replaceability of the embedded hash function.
To preserve the original performance of the hash function without incoming a significant
degradation.
11. What is MAC? (May-2007)
MAC is an alternate authentication technique that involves the use of a secret key to
generate a small fixed size block of data known as checksum or MAC that is appended
to the message.
12. What are the requirements for digital signature? (May-2007)
The signature must be a bit pattern that depends on the message being signed.
The signature must use information unique to the sender to prevent both forgery denial.
Must be relatively easy to produce the digital signature.
13. Define weak collision property of a hash function.
It must be computationally infeasible to find y not equal to x such that H(y)=H(x). This is re-
ferred to as weak collision property.
14. What is meant by message digest give example.
Hash function accepts a variable size message M as input and produces a fixed size output
called hash code. This hash is also called message digest or hash value.
Part-B
1. Apply the MAC on the cryptographic checksum method to authendicate build
confidentiality of the message where the authentication is tied to message M=8376,
K1=4892, K2=53624071. (10)(Nov-2009)
2. What are the properties a hash function must satisfy? (6) (Nov-2009)
can be applied to any sized message M
produces fixed-length output h
is easy to compute h=H(M) for any message M
given h is infeasible to find x s.t. H(x)=h
one-way property
given x is infeasible to find y s.t. H(y)=H(x)
weak collision resistance
is infeasible to find any x,y s.t. H(y)=H(x)
strong collision resistance
3. Explain MD5 message digest algorithm, with its logic and compression function.(16) (Nov-
2009)
4. Explain the SHA-1 hashing function with an example. (8) (Nov-2010) (May-2009)
5. Consider any message M of length 4120 bits ending with “ABCDEF” in hexadecimal form.
Construct the last block of message to be given as input for the MD5 (May-2008)
6. Describe Digital Signature Algorithm and show how signing and verification is done using
DSS. (May-2008)
7. Explain the processing of message block of 512 bits using SHA1(8) (May-2008)
SHA-512 Overview
SHA-512 Compression Function
heart of the algorithm
processing message in 1024-bit blocks
consists of 80 rounds
updating a 512-bit buffer
using a 64-bit value Wt derived from the current message block
and a round constant based on cube root of first 80 prime numbers
SHA-512 Round Function
64-bit word values Wt are derived from the 1024-bit message. The first 16 values of Wt are
taken directly from the 16 words of the current block. The remaining values are defined as a
function of the earlier values using ROTates, SHIFTs and XORs as shown. The function
elements are:
∂0(x) = ROTR(x,1) XOR ROTR(x,8) XOR SHR(x,7)
∂1(x) = ROTR(x,19) XOR ROTR(x,61) XOR SHR(x,6).
8. What is the role of discrete logarithms in the Diffie-Hellman key exchange in exchanging
the secret key among two users? (8) (Nov-2008)
Discrete logarithms is used in key generation.
Diffie-Hellman Key Exchange:
a public-key distribution scheme
cannot be used to exchange an arbitrary message
rather it can establish a common key
known only to the two participants
value of key depends on the participants (and their private and public key information)
based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Diffie-Hellman Key Setup:
all users agree on global parameters:
large prime integer or polynomial q
a being a primitive root mod q
each user (eg. A) generates their key
chooses a secret key (number): xA < q
compute their public key: yA = axA mod q
each user makes public that key yA
Key Exchange:
9. What are Digital Signature Algorithms and show how signing and verification is done using
DSS. (8) (Nov-2008)
Digital Signature Algorithm (DSA)
creates a 320 bit signature
with 512-1024 bit security
smaller and faster than RSA
a digital signature scheme only
security depends on difficulty of computing discrete logarithms
variant of ElGamal & Schnorr schemes
Key Generation
10. Explain how birthday attack is done. (8) (Nov-2008)
might think a 64-bit hash is secure
but by Birthday Paradox is not
birthday attack works thus:
o opponent generates 2m/2 variations of a valid message all with essentially the
same meaning
o opponent also generates 2m/2 variations of a desired fraudulent message
o two sets of messages are compared to find pair with same hash (probability >
0.5 by birthday paradox)
o have user sign the valid message, then substitute the forgery which will have
a valid signature
conclusion is that need to use larger MAC/hash
11. What is the use of authentication protocols? (4) (May-2007)
Authentication protocols are used mainly in digital signature
Mutual authentication:
Such protocols enable communication parties to satisfy themselves mutually
about each, this identity V to exchange session keys.
One way authentication:
One application for which encryption is grouping in popularity is email.
12. Users A and B use the Diffie Hellman key exchange technique a common prime q=11 and a
primitive root alpha=7. (May-2009)
(i) If user A has private key XA =3 what is A’s public key YA?
(ii) If user B has private key XB =6 what is B’s public key YB?
(ii) What is the shared secret key? Also write the algorithm.(4)
(iv)How man in middle attack can be performed in Diffie Hellman algorithm
XA=3
YA=73 mod 11
YA=2
XB=6
YB=76 mod 11
YB=4
Jerusalem College of Engineering
Department of Information Technology
Subject : IT2352-Cryptography and Network Security
Year/Sem :III/VI Name of the Faculty: X.Anita
Unit-IV
Part-A
1. Mention the scenario where kerberos scheme is prefered(Nov-2009)
Kerberos is an authentication service designed for use in a distributed. Kerberos makes use
of a trusted third party authentication service that enables clients and servers to establish
authenticated communication.
A user may gain access to a particular workstation and pretend to be another user operating
from that workstation. A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the impersonated
workstation.
2. What are the technical deficiencies in the kerberos version 4 protocol? (Nov-2009)
Double encryption, PCBC encryption, Session keys, Password attcaks
3. State the services provided by IPSec. (Nov-2010)
Access control, connectionless integrity, data origin authentication, rejection of replayed
packets, confidentiality, limited traffic flow confidentiality.
4. Differentiate SSL connection from SSL session(Nov-2010)
5. What is the role of Ticket Granting Server in inter realm operations of Kerberos? (May-
2007)
To solve additional problems we introduce a scheme for avoiding plaintext password and a
new server known as the ticket granting server. The new service TGS issues tickets to users
who have been authenticated to AS. Thus the user first requests a ticket-granting ticket from
the AS.
6. Why the leading two octets of message digest are stored in PGP message along with the
encrypted message digest? (May-2008)
PGP uses existing cryptographic algorithms. PGP is based on RSA, MD5 and IDEA. PGP
also support text compression , secrecy and digital signatures and also provide efficiency
key management.
7. Give the Kerberos simple dialogue(May-2007)
The problem that Kerberos addresses is an open distributed environment in which users at
workstations work to access services on servers distributed throughout network.
8. Give IPSEC ESP FORMAT. (Nov-2007)
Padding field is added to the ESP to provide partial traffic flow confidentiality by concealing
the actual length of the payload.
9. What are the security options PGP allows when sending an email message? (May-2009)
E-mail compatibility-Radix 64 conversion
To provide transparency for email application-an encrypted message may be converted to
an ASCII string using radix 64 conversion.
10. How IPSec does offers the authentication and confidentiality
services? (May-2009)
Reserved, SPI, Sequence number, Authentication data.
11. Define S/MIME?
S/MIME is a security enhancement to the MIME internet format based on technology from
RS data security. It is ability to sign and/or encrypt meaasges.
12. Draw the diagram for PGP message transmission reception?
13. What is the general format for PGP message?
13. Give the application of IP security?
Provide secure communication across private and public LAN.
Secure remote access ovet theInternet.
14. List the steps involved in SSL record protocol?
Fragmentation, compression, MAC, encryption, appending SSL record header.
15. What is X.509 standard?(Nov-2007)
Defines a framework for the provision of authentication services by the X.500 directory to
its users. Based on the use of public-key cryptiography and digital signature.
Part-B
1. Explain X.509 authentication servise and its certificates(16) (Nov-2009)
X.509 Authentication Service:
part of CCITT X.500 directory service standards
distributed servers maintaining user info database
defines framework for authentication services
directory may store public-key certificates
with public key of user signed by certification authority
also defines authentication protocols
uses public-key crypto & digital signatures
algorithms not standardised, but RSA recommended
X.509 certificates are widely used
X.509 Certificates:
issued by a Certification Authority (CA), containing:
version (1, 2, or 3)
serial number (unique within CA) identifying certificate
signature algorithm identifier
issuer X.500 name (CA)
period of validity (from - to dates)
subject X.500 name (name of owner)
subject public-key info (algorithm, parameters, key)
issuer unique identifier (v2+)
subject unique identifier (v2+)
extension fields (v3)
signature (of hash of all fields in certificate)
notation CA<<A>> denotes certificate for A signed by CA
X.509 Format:
CA Hierarchy:
2. Explain the services of PGP(12) (Nov-2009) (Nov-2010)
Pretty Good Privacy (PGP):
Operation
Authenticatoin:
o sender creates message
o use SHA-1 to generate 160-bit hash of message
o signed hash with RSA using sender's private key, and is attached to message
o receiver uses RSA with sender's public key to decrypt and recover hash code
o receiver verifies received message using hash of it and compares with decrypted
hash code
Confidentiality:
o sender generates message and 128-bit random number as session key for it
o encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key
o session key encrypted using RSA with recipient's public key, & attached to msg
o receiver uses RSA with private key to decrypt and recover session key
o session key is used to decrypt message
Confidentiality & Authentication:
can use both services on same message
create signature & attach to message
encrypt both message & signature
attach RSA/ElGamal encrypted session key
Compression:
by default PGP compresses message after signing but before encrypting
so can store uncompressed message & signature for later verification
& because compression is non deterministic
uses ZIP compression algorithm
Email Compatibility:
when using PGP will have binary data to send (encrypted message etc)
however email was designed only for text
hence PGP must encode raw binary data into printable ASCII characters
uses radix-64 algorithm
maps 3 bytes to 4 printable chars
also appends a CRC
PGP also segments messages if too big
Summary:
3. Write down the functions provided by S/MIME(4) (Nov-2009)
S/MIME (Secure/Multipurpose Internet Mail Extensions):
security enhancement to MIME email
original Internet RFC822 email was text only
MIME provided support for varying content types and multi-part messages
with encoding of binary data to textual form
S/MIME added security enhancements
have S/MIME support in many mail agents
eg MS Outlook, Mozilla, Mac Mail etc
S/MIME Functions:
enveloped data
encrypted content and associated keys
signed data
encoded message + signed digest
clear-signed data
cleartext message + encoded signed digest
signed & enveloped data
nesting of signed & encrypted entities
S/MIME Cryptographic Algorithms:
digital signatures: DSS & RSA
hash functions: SHA-1 & MD5
session key encryption: ElGamal & RSA
message encryption: AES, Triple-DES, RC2/40 and others
MAC: HMAC with SHA-1
have process to decide which algs to use
S/MIME Messages:
S/MIME secures a MIME entity with a signature, encryption, or both
forming a MIME wrapped PKCS object
have a range of content-types:
enveloped data
signed data
clear-signed data
registration request
certificate only message
S/MIME Certificate Processing:
S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
each client has a list of trusted CA’s certs
and own public/private key pairs & certs
certificates must be signed by trusted CA’s
4. How does Kerberos authenticate services from any servers? (8) (Nov-2010)
Kerberos Requirements:
its first report identified requirements as:
secure
reliable
transparent
scalable
implemented using an authentication protocol based on Needham-Schroeder
Kerberos v4 Overview:
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT
Kerberos v4 Dialogue:
o obtain ticket granting ticket from AS
• once per session
o obtain service granting ticket from TGT
• for each distinct service required
o client/server exchange to obtain service
• on every service request
Kerberos Realms:
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
this is termed a realm
typically a single administrative domain
if have multiple realms, their Kerberos servers must share keys and trust
5. What are the basic requirements expexted from SET? What is the role of Dual signatures
in meeting the requirements ? (8) (Nov-2010)
Secure Electronic Transactions (SET):
open encryption & security specification
to protect Internet credit card transactions
developed in 1996 by Mastercard, Visa etc
not a payment system
rather a set of security protocols & formats
secure communications amongst parties
trust from use of X.509v3 certificates
privacy by restricted info to those who need it
SET Components:
SET Transaction:
o customer opens account
o customer receives a certificate
o merchants have their own certificates
o customer places an order
o merchant is verified
o order and payment are sent
o merchant requests payment authorization
o merchant confirms order
o merchant provides goods or service
o merchant requests payment
Dual Signature:
customer creates dual messages
order information (OI) for merchant
payment information (PI) for bank
neither party needs details of other
but must know they are linked
use a dual signature for this
signed concatenated hashes of OI & PI
DS=E(PRc, [H(H(PI)||H(OI))])
SET Purchase Request:
SET purchase request exchange consists of four messages
o Initiate Request - get certificates
o Initiate Response - signed response
o Purchase Request - of OI & PI
o Purchase Response - ack order
Purchase Request – Customer:
Purchase Request – Merchant:
Payment Gateway Authorization:
o verifies all certificates
o decrypts digital envelope of authorization block to obtain symmetric key & then decrypts
authorization block
o verifies merchant's signature on authorization block
o decrypts digital envelope of payment block to obtain symmetric key & then decrypts
payment block
o verifies dual signature on payment block
o verifies that transaction ID received from merchant matches that in PI received (indirectly)
from customer
o requests & receives an authorization from issuer
o sends authorization response back to merchant
Payment Capture:
merchant sends payment gateway a payment capture request
gateway checks request
then causes funds to be transferred to merchants account
notifies merchant using capture response
6. Illustrate the implementations of IPSec(8) (Nov-2010)
o general IP Security mechanisms
o provides
o authentication
o confidentiality
o key management
o applicable to use over LANs, across public & private WANs, & for the Internet
IPSec Uses:
Benefits of IPSec:
in a firewall/router provides strong security to all traffic crossing the perimeter
in a firewall/router is resistant to bypass
is below transport layer, hence transparent to applications
can be transparent to end users
can provide security for individual users
secures routing architecture
IPSec Services:
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
a form of partial sequence integrity
Confidentiality (encryption)
Limited traffic flow confidentiality
Security Associations:
a one-way relationship between sender & receiver that affords security for traffic flow
defined by 3 parameters:
Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
has a number of other parameters
seq no, AH & EH info, lifetime etc
have a database of Security Associations
Authentication Header (AH):
provides support for data integrity & authentication of IP packets
end system/router can authenticate user/app
prevents address spoofing attacks by tracking sequence numbers
based on use of a MAC
HMAC-MD5-96 or HMAC-SHA-1-96
parties must share a secret key
Transport & Tunnel Modes:
Encapsulating Security Payload (ESP):
provides message content confidentiality & limited traffic flow confidentiality
can optionally provide the same authentication services as AH
supports range of ciphers, modes, padding
incl. DES, Triple-DES, RC5, IDEA, CAST etc
CBC & other modes
padding needed to fill blocksize, fields, for traffic flow
Encapsulating Security Payload:
Transport vs Tunnel Mode ESP:
transport mode is used to encrypt & optionally authenticate IP data
data protected but header left in clear
can do traffic analysis but is efficient
good for ESP host to host traffic
tunnel mode encrypts entire IP packet
add new header for next hop
good for VPNs, gateway to gateway security
7. Describe the SSL Specific protocol – Handshake action in detail. (10) (May-2009) (Nov-
2007)
SSL (Secure Socket Layer):
Handshake Protocol:
allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish
Handshake Protocol action:
Jerusalem College of Engineering
Department of Information Technology
Subject : IT2352-Cryptography and Network Security
Year/Sem :III/VI Name of the Faculty: X.Anita
UNIT V
Part-A
1. How are the passwords stored in password file in UNIX operating system? (May-2008)
2. List the classes of intruders(Nov-2009)
Masquerader, Misfeasor, Cladestine user
3. Give the type of viruses. (Nov-2009)
Parasitic virus, boot sector virus, stealth virus, polymorphic virus
4. Explain the term Baston Host. (Nov-2010)
It is a system identified by the firewall administrator as a critical strong point in the network
security. Typically the baston host serves as a platform for an application level or circuit
level gateway.
5. what is meant by polymorphic viruses? (May-2008)
A virus that mutates with every infection making detection by the signature of the virus
impossible.
6. What is firewall? (May-2007)
Firewall is a barrier through which the traffic going in each direction must pass. It may be
designed to operate as a filter at the level of IP packets or mayoperate at a higher protocol
layer.
7. What are honey pots. (Nov-2007)
Honey pots are designed to
Divert an attacker from accessing critical systems
Collect information about the attcker’s activity
Encourage the attacker to stay on the system long enough for administrators
to respond.
8. List down the four phases of virus. (Nov-2007)
← * Dormant phase
← * Propagation phase
← * Triggering phase
← * Execution phase
←
9. What is IP address spoofing? (May-2009)
Pretending to have the identityof another computer.
11. What are the common technique used to protect a password file?
(May-2009)
← One way function
← Access control
12. What is application level gateway?
13. List the design goals of firewalls?
All traffic must pass through it
Only authorized traffic is allowed to pass
Firewall itself is immune to penetration
Part-B
1. Explain firewall design principles, characteristics, and types of firewalls(12) (Nov-2009)
Firewall Limitations:
cannot protect from attacks bypassing it
eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH)
cannot protect against internal threats
eg disgruntled or colluding employees
cannot protect against transfer of all virus infected programs or files
because of huge range of O/S & file types
Packet Filters:
simplest, fastest firewall component
foundation of any firewall system
examine each IP packet (no context) and permit or deny according to rules
hence restrict access to services (ports)
possible default policies
that not expressly permitted is prohibited
that not expressly prohibited is permitted
Attacks on Packet Filters:
IP address spoofing
fake source address to be trusted
add filters on router to block
source routing attacks
attacker sets a route other than default
block source routed packets
tiny fragment attacks
split header info over several tiny packets
either discard or reassemble before check
Stateful Packet Filters:
traditional packet filters do not examine higher layer context
ie matching return packets with outgoing flow
stateful packet filters address this need
they examine each IP packet in context
keep track of client-server sessions
check each packet validly belongs to one
hence are better able to detect bogus packets out of context
Application Level Gateway (or Proxy):
have application specific gateway / proxy
has full access to protocol
user requests service from proxy
proxy validates request as legal
then actions request and returns result to user
can log / audit traffic at application level
need separate proxies for each service
some services naturally support proxying
others are more problematic
Circuit Level Gateway:
relays two TCP connections
imposes security by limiting which such connections are allowed
once created usually relays traffic without examining contents
typically used when trust internal users by allowing general outbound connections
SOCKS is commonly used
Bastion Host:
highly secure host system
runs circuit / application level gateways
or provides externally accessible services
potentially exposed to "hostile" elements
hence is secured to withstand this
hardened O/S, essential services, extra auth
proxies small, secure, independent, non-privileged
may support 2 or more net connections
may be trusted to enforce policy of trusted separation between these net connections
Firewall Configurations:
Access Control:
given system has identified a user
determine what resources they can access
general model is that of access matrix with
subject - active entity (user, process)
object - passive entity (file or resource)
access right – way object can be accessed
can decompose by
columns as access control lists
rows as capability tickets
2. Give the basic techniques which are in use for the password selection strategies(8) (Nov-
2009)
Managing Passwords:
Education:
can use policies and good user education
educate on importance of good passwords
give guidelines for good passwords
minimum length (>6)
require a mix of upper & lower case letters, numbers, punctuation
not dictionary words
but likely to be ignored by many users
Computer Generated:
let computer create passwords
if random likely not memorisable, so will be written down (sticky label syndrome)
even pronounceable not remembered
have history of poor user acceptance
FIPS PUB 181 one of best generators
has both description & sample code
generates words from concatenating random pronounceable syllables
Reactive Checking:
reactively run password guessing tools
note that good dictionaries exist for almost any language/interest group
cracked passwords are disabled
but is resource intensive
bad passwords are vulnerable till found
Proactive Checking:
most promising approach to improving password security
allow users to select own password
but have system verify it is acceptable
simple rule enforcement (see earlier slide)
compare against dictionary of bad passwords
use algorithmic (markov model or bloom filter) to detect poor choices
3. Write down the four generations of antivirus software(8) (Nov-2009)
first-generation
scanner uses virus signature to identify virus
or change in length of programs
second-generation
uses heuristic rules to spot viral infection
or uses crypto hash of program to spot changes
third-generation
memory-resident programs identify virus by actions
fourth-generation
packages with a variety of antivirus techniques
eg scanning & activity traps, access-controls
4. How does a worm propagate? Illustrate with an example. (8) (Nov-2010)
replicating but not infecting program
typically spreads over a network
o cf Morris Internet Worm in 1988
o led to creation of CERTs
using users distributed privileges or by exploiting system vulnerabilities
widely used by hackers to create zombie PC's, subsequently used for further attacks,
esp DoS
major issue is lack of security of permanently connected systems, esp PC's
Worm Operation:
worm phases like those of viruses:
dormant
propagation
• search for other systems to infect
• establish connection to target remote system
• replicate self onto remote system
triggering
execution
5. Explain any two approaches for intrusion detection.(8) (May-2009)
Approaches to Intrusion Detection:
statistical anomaly detection
threshold
profile based
rule-based detection
anomaly
penetration identification
6. Describe packet filtering router in detail. (8) (May-2009)
Packet Filters:
simplest, fastest firewall component
foundation of any firewall system
examine each IP packet (no context) and permit or deny according to rules
hence restrict access to services (ports)
possible default policies
that not expressly permitted is prohibited
that not expressly prohibited is permitted
Attacks on Packet Filters:
IP address spoofing
fake source address to be trusted
add filters on router to block
source routing attacks
attacker sets a route other than default
block source routed packets
tiny fragment attacks
split header info over several tiny packets
either discard or reassemble before check