1. Define message authentication.
A
process used to verify the integrity of a message. It is a procedure that verifies
whether the received message comes from assigned source has not been altered.
2.
What is hash function?
A
function that maps a variable-length data block or message into a fixed-length
value called a hash code. The function is designed in such a way that, when
protected, it provides an authenticator to the data or message. Also referred
to as a message digest.
3. Differentiate public key encryption and
conventional encryption.
Conventional Encryption Public key
Encryption
• Same algorithm with 1.Same
algorithm is used for same key used for encryption & decryption with
encryption and decryption. a pair of keys.
• Sender & receiver
must 2.Sender & receivers have one of share the algorithm and key. the
matched pair keys.
• Key must be kept secret.
3. Any one of the keys must be kept secret.
4. Specify the application of public key
cryptography.
• Encryption/Decryption.
• Digital signature.
• Key exchange.
5. Determine the gcd(24140,16762)
using Euclid’s algorithm.
Soln:
We know, gcd(a,b)=gcd(b,a mod b)
gcd(24140,16762)=gcd(16762,7378)
gcd(7378,2006)=gcd(2006,1360)
gcd(1360,646)=gcd(646,68)
gcd(68,34)=34
gcd(24140,16762) = 34.
6. Perform encryption and decryption using
RSA alg. For the following.
P=7; q=11; e=17; M=8.
Soln:
n=pq
n=7*11=77
ö(n)=(p-1) (q-1) =6*10 = 60
e=17
d =27
C= Me mod n
C = 817 mod 77 = 57
M = Cd mod n = 5727 mod 77 = 8
7. User A & B exchange the key using
Diffie Hellman alg.
Assume
á=5 q=11 XA=2 XB=3. Find YA, YB, K.
Soln:
YA = áXA mod q =52 mod 11 = 3
YB = áXB mod q = 53 mod 11 = 4
KA = YBXA mod q = 42 mod 11 = 5
KB = YAXB mod q = 33 mod 11 = 5
8. Define the classes of message
authentication function.
• Message encryption: The
entire cipher text would be used for authentication.
• Message Authentication Code: It is
a function of message and secret key produce a fixed length value.
• Hash function: Some function that
map a message of any length to fixed length which serves as authentication.
9. What you meant by MAC?
MAC is
Message Authentication Code. It is a function of message and secret key which
produce a fixed length value called as MAC.
10. Specify the techniques for distribution
of public key.
•
Public announcement.
• Publicly available directory.
• Public key authority.
• Public key certificate.
11. Specify the requirements for message
authentication.
• Disclosure.
• Traffic analysis.
• Masquerade.
• Content Modification.
• Sequence Modification.
• Timing modification.
• Repudiation.
12. Differentiate internal and external
error control.
- Internal error control: In internal error control, an error detecting code also known as frame check sequence or checksum.
- External error control: In external error control, error detecting codes are appended after encryption.
13. Define Kerberos.
Kerberos is an authentication service
developed as part of project Athena at MIT.The problem that Kerberos address
is, assume an open distributed environment in which users at work stations wish
to access services on servers distributed throughout the network.
14. Differentiate MAC and Hash function?
[[[
|
MAC
|
Hash
|
|
Message
Authentication Code (MAC)
Cryptographic
checksum.
|
A
function that maps a variable-length data block or message into a
fixed-length value called a hash code. The function is designed in such a way
that, when protected, it provides an authenticator to the data or message.
Also referred to as a message digest.
|
|
In MAC,
the secret key shared by sender and receiver. The MAC is appended to the
message at the source at a time which the message is assumed or known to be
correct.
|
The
hash value is appended to the message at the source at time when the message
is assumed or known to be correct. The hash function itself not considered to
be secret.
|
15. In the content of Kerberos, what is
realm?
A full service Kerberos environment
consisting of a Kerberos server, a no. of clients, no.of application server
requires the following:
·
The Kerberos server must have user ID and hashed
password of all participating users in its database.
·
The Kerberos server must share a secret key with
each server. Such an environment is referred to as “Realm”.
16. Assume the client C wants to communicate server S using Kerberos
procedure.How can it be achieved?
a) C ® AS: [IDC|| PC || IDV]
b) AS ® C: Ticket
c) C ® V: [IDC || ADC || IDV]
Ticket = EKV [IDC ||ADC || IDV]
17. List any three hash algorithm.
• MD5 (Message Digest version 5)
algorithm.
• SHA_1 (Secure Hash Algorithm).
• RIPEMD_160 algorithm.
18. Specify the four categories of security threats.
• Interruption
• Interception
• Modification
• Fabrication
19. Differentiate symmetric and Asymmetric Encryption.
Symmetric Encryption Sender and
receiver use the same key.
Asymmetric Sender and receiver uses different key.
20.What are the services provided by
PGP services?
• Digital signature
• Message encryption
• Compression
• E-mail compatibility
• Segmentation
21. Explain the reasons for using PGP?
• It is available free worldwide in versions that run on a
variety of platforms, including DOS/windows, UNIX, Macintosh and many more.
• It is based on algorithms that have survived extensive public review
and are considered extremely secure. E.g.) RSA, DSS and Diffie-Hellman for
public key encryption, CAST-128, IDEA, 3DES for conventional encryption,
SHA-1for hash coding.
• It has a wide range of applicability from corporations that wish to
select and enforce a standardized scheme for encrypting files and
communication.
• It was not developed by nor is it controlled by any governmental or
standards organization.
22. Why E-mail compatibility function in
PGP needed?
Electronic mail systems only permit
the use of blocks consisting of ASCII text. To accommodate this restriction PGP
provides the service converting the row 8- bit binary stream to a stream of
printable ASCII characters. The scheme used for this purpose is Radix-64
conversion.
23. Name any cryptographic keys used in
PGP?
• One-time session conventional keys.
• Public keys.
• Private keys.
• Pass phrase based conventional keys.
24. Define key Identifier?
PGP assigns a key ID to each public
key that is very high probability unique with a user ID. It is also required
for the PGP digital signature. The key ID associated with each public key
consists of its least significant 64bits.
25. List the limitations of SMTP/RFC 822?
• SMTP cannot transmit executable
files or binary objects.
• It cannot transmit text data
containing national language characters.
• SMTP servers may reject mail
message over certain size.
• SMTP gateways cause problems while
transmitting ASCII and EBCDIC.
• SMTP gateways to X.400 E-mail
network cannot handle non textual data included in X.400 messages.
26. Define S/MIME?
Secure/Multipurpose Internet Mail
Extension(S/MIME) is a security enhancement to the MIME Internet E-mail format
standard, based on technology from RSA Data Security.
27. What are the elements of MIME?
•
Five new message header fields are defined which may be included in an RFC 822
header.
• A number of content formats are defined.
• Transfer encodings are defined
that enable the conversion of any content format into a form that is protected
from alteration by the mail system.
28. What are the headers fields define in
MME?
• MIME version.
• Content type.
• Content transfer encoding.
• Content id.
• Content description.
29. What is MIME content type
&explain?
It is used to declare general type of
data. Subtype define particular format for that type of the data. It has 7
content type & 15 subtypes. They are,
1. Text type: Plain text and
Enriched.
2. Multipart type:
• Multipart/mixed.
• Multipart/parallel.
• Multipart/alternative.
• Multipart/digest.
3. Message type:
• Message/RFC822.
• Message/partial.
• Message/external.
4. Image type:JPEG and CIF.
5. Video type.
6. Audio type.
7. Application type:
• Post script and
• Octet stream.
30. What are the key algorithms used
in S/MIME?
• Digital signature standards.
• Diffi Hellman.
• RSA algorithm.
31. Give the steps for preparing envelope
data MIME?
• Generate Ks.
• Encrypt Ks using recipient’s
public key.
• RSA algorithm used for encryption.
• Prepare the ‘recipient info
block’.
• Encrypt the message using Ks.
32. What you mean by versioned certificate?
Mostly used issue X.509 certificate
with the product name” versioned digital id”. Each digital id contains owner’s
public key, owner’s name and serial number of the digital id.
33. What are the function areas of IP
security?
• Authentication
• Confidentiality
• Key management.
34. Give the application of IP
security?
• Provide secure communication across
private & public LAN.
• Secure remote access over the
Internet.
• Secure communication to other
organization.
35. Give the benefits of IP security?
• Provide security when IP security
implement in router or firewall.
• IP security is below the transport
layer is transparent to the application.
• IP security transparent to
end-user.
• IP security can provide security
for individual user.
36. What are the protocols used to provide
IP security?
• Authentication header (AH)
protocol.
• Encapsulating Security
Payload(ESP).
37. Specify the IP security services?
• Access control.
• Connectionless interpretty.
• Data origin authentication
• Rejection of replayed packet.
• Confidentiality.
• Limited traffic for
Confidentiality.
38. What do you mean by Security
Association? Specify the parameters that identifies the Security Association?
• An association is a one-way
relationship between a sender and receiver that affords security services to
the traffic carried on.
• A key concept that appears in both
the authentication and confidentiality mechanism for ip is the security
association (SA).
A security Association is uniquely
identified by 3 parameters:
• Security Parameter
Index (SPI).
• IP Destination
Address.
• Security Protocol
Identifier.
39. What do you mean by Reply Attack?
• A replay attack is one in which an
attacker obtains a copy of an authenticated packet and later transmits it to
the intended destination.
• Each time a packet is sending the
sequence number is incremented .
40. Explain man in the middle attack?
If
A and B exchange message, means E intercept the message and receive the B’s
public key and b’s userId,E sends its own message with its own public key and
b’s userID based on the private key and Y.B compute the secret key and A
compute k2 based on private key of A and Y
41. Steps involved in SSL required
protocol?
• SSL record protocol takes
application data as input and fragments it.
• Apply lossless Compression
algorithm.
• Compute MAC for compressed data.
• MAC and compression message is
encrypted using conventional algorithm.
42. What is mean by SET? What are the
features of SET?
Secure Electronic Transaction (SET)
is an open encryption and security specification designed to protect credit
card transaction on the Internet. Features are:
1. Confidentiality of information
2. Integrity of data
3. Cardholder account authentication
4. Merchant authentication
43. What are the steps involved in
SET Transaction?
1. The customer opens an account
2. The customer receives a
certificate
3. Merchants have their own
certificate
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant requests payment
authorization.
8. The merchant confirms the order.
9. The merchant provides the goods
or services.
10. The merchant requests payment.
44. List the 3 classes of intruder?
Classes of Intruders
1) Masquerader
2) Misfeasor
3) Clandestine user
45. Define virus. Specify the types of
viruses?
A virus is a program that can infect
other program by modifying them the modification includes a copy of the virus
program, which can then go on to infect other program.
Types:
1) Parasitic virus
2) Memory-resident virus
3) Boot sector virus
4) Stealth virus
5) Polymorphic virus
46. What is application level gateway?
An application level gateway also
called a proxy server; act as a relay of application-level traffic. The user
contacts the gateway using a TCP\\IP application, such as Telnet or FTP, and
the gateway asks the user for the name of the remote host to be accessed.
47. List the design goals of firewalls?
• All traffic from inside to outside,
and vise versa, must pass through the firewall.
• Only authorized traffic, as
defined by the local security policy, will be allowed to pass.
• The firewall itself is immune to
penetration.
No comments:
Post a Comment