Beruflich Dokumente
Kultur Dokumente
SOLUTION KEY
Q.1 a. List and explain various principles of security.
1. Confidentiality
2. Autjentication
3. Integrity
4. Non-repudiation
5. Access Control
6. Availability
7. Ethical and legal issues
b. Encrypt the message ‘Come Home Tomorrow’ using Ceaser Cipher and Simple columner
transposition technique with four columns order 4,2,1,3
1
3. The IP produce two halves of the permuted block: say LPT and RPT
4.LPT and RPT are rejoined and a Final Permutation(FP) is performed on teh combined block.
6. The result of this process produce 64-bit cipher text.
2
5. For encryption calculate the cipher text CT from the plain text PT as
CT = PTE mod N
6. Send CT as a cipher text to the receiver
7. For decryption, calculate teh plain text PT from teh cipher text CT as follows
PT = CTD mod N
4.a. Write the steps to create a digital certificate.
1. Key Generation
2. Registration
3. Verification
4. Certification Creation
b. Explain the concept of roaming certificate.
1. User's digital certificate and private keys along with the user ids and passwords are stored in the
database of central secure server.
2. When a user moves around and then logs into her computer, she authenticates herself using the id and
password to the credential server over the Internet.
3. The credential server verifies the id and password, using its credential database. If the user is
successfully authenticated, the credential server sends the user her digital certificate and private key file.
c. Differentiate between Simple Certification Protocol and Online Certificate Status Protocol.
Point OCSP SCVP
Client Client send just certificate Client send entire certificate serial number to
Request serial number to server server. The server can perform many more checks.
Chain of Only the given certificate is Client can provide a collection of all the
trust checked intermediate certificates, which the server can
check.
Checks The only check is whether the Client can request for additional checks, type of
certificate is revoked or not. revocation information to be considered, etc.
Returned Only status of the certificate is Client can specify what additional information it is
information returned by the server interested in.
Additional None Client can request for a certificate to be checked for
features a backdated event.
d. List and explain different categories of certificates types.
1. Email
2. Server-Side SSL
3. Client-side SSL
4.Code-signing
5.a. List phases in Handshake protocol. Explain in short.
1. Establish security capabilities.
2. Server Athentication and key exchang
3. Client Athentication and key exchang
4. Finish
b. Differentiate between SSL and TLS.
Point SSL TLS
Version 3.0 1.0
Cipher Suit Supports an algorithm called as Does not support Fortezza
Fortezza
Cryptography Short explanation Uses a psudorandom function to create master
secret secret
Alert Short explanation The No certificate alert message is detected.Newly
protocol added Decryption failed, Record overflow,
Unknown CA, Access Denied, Decode error,
3
Export registration, protocol version, Insufficient
security, Internet error.
Handshake Short explanation Some details are changed
protocol
Record Use MAC Use HMAC
protocol
c. List various firewall Configurations. Explain any two.
Screened Host Firewall, Single-Homed Bastion
Screened Host Firewall, Dual-Homed Bastion
Screened subnet Firewall
d. Write a short note on Virtual Private Network.
A VPN is a mechanism of employing encryption, authentication and integrity protection so that we can
use a public network as if it is a private network.
Explaination
6.a. What do you mean by authentication Token? Explain how it works.
An authentication token is an extremely useful alternative to a password. It is a small device that
generates a new random value every time it is used.
Working steps
1. Creation of token
2. Use of token
3. Server returns an appropriate message back to the user
b. Explain how time based token works.
In time-based tokens the server need not send any random challenge to the user. The token need not
have a keypad for entry. The process works as follows
1. Password generationand login request
2. Server-side Verification
3. Server returns an appropriate message back to user.
c. How does certificate-based Authentication work?
In this authenticationuser is expected to have something (cetificate) and not know something
(password).At the time of login, the user is requested to send her certificate to the server over network
as a part of the login request. A copy of the certificate exists on the server, which can be used to verify
that the certificate is indeed valid one.
Steps:
1. Creation, storage and distribution of digital certificate
2. Login request
3. Server creates a random challenge
4. ?User signs the random challenge
d. Explain the working of Kerberos.
There are four parties in Kerberos protocol
1. The client workstation
2. Authentication Server
3. Ticket Granting Server
4. The server offering servics such as network printing, file sharing or an application program.
7.a. List and explain different types of criminal attacks.
1. Fraud
2. Scams
3. Destruction
4. Identiry theft
5. Intellectual property theft
6. Brand theft
4
b. Explain the subkey generation part of Blowfish.
1. Uses large number of subkeys. The key size ranges from 32 bits to 448 bits. These keys are
stored in an array as K1, K2, K3……Kn
2. P-array consisting 18 32-bit subkeys is created.
3. Four S-boxes are created
c. Explain Knapsack algorithm with suitable example.
Given a pile of items, each with different weights, is it possible to put some of them in a bag (knapsack)
in such a way that the knapsack has a certain weight?
That is if M1, M2,…..,Mn are given values and S is the sum, find out bi so that
S = b1M1 + b2M2 + ……….. +bnMn
Each bi can be 0 or 1.
A 1 indicates that the item is in the knapsack.
A 0 indicates that it is not.
A block of plain text equal in length to the number of items inth epile would select the items in the
knapsack.
The cipher text is the resulting sum.
Example.
d. Write and explain the PKIX services.
Registration
Initialization
Certification
Key pair recovery
Key genaration
Key update
Cross- certification
Revocation
e. Explain types of electronic money based on the tracking of money.
1. Identified electronic money
2. Anonymous electronic money