Sie sind auf Seite 1von 59


y Year/Sem. : III/VI Staff Name : X. Anita Part A 1. What is cryptanalysis and cryptography?(Dec-2009) Cryptanalysis: It is a process of attempting to discover the key or plaintext or both Cryptography: It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography 2. Define threat and attack.(Dec-2009) Threat: Potential for violation of security. Attack: Assault on system security that derives from an intelligent threat. 3. How will you perform attack on Hill Cipher?(Dec-2010) 4. What is the disadvantage of one time pad encryption algorithm?(April-2008) There is a practical problem of making large quantities of random keys. Key distribution and protection is major problem. 5. When an encryption algorithm is said to be computationally secure?(April-2007) Encryption is computationally secured means, 1. The cost of breaking the cipher exceed the value of enough information. 2. Time required to break the cipher exceed the useful lifetime of information. 6. Give any four names of substitution techniques(April-2007) Ceaser cipher, monoalphabetic cipher, playfair cipher, hill cipher 7. What are the services defined by x.800?(April-2007) Authentication Access control Data confidentiality Data integrity Non repudiation. 8. What are the types of attacks on encrypted message.(Nov-2007) Cipher text only Known plain text

Chosen plain text Chosen cipher text Chosen text 9. Find gcd(56,86) using euclids algorithm.(Nov-2007) q 1 1 1 6 2 q1 86 56 30 26 4 q2 56 30 26 4 2 r 30 26 4 2 0

Gcd(56, 86) = 2 10. What are the key principles of security? (May-2009) Security mechanism usually involve more than a particular algorithm or protocol. 11. How does simple columnar transposition work?(May-2009) Key specifies the order in which the scrambling to be done. 12. Show that 3 is a primitive root of 7(May-2009) All resultants of 3n mod 7 is a non zero value. So 3 is a primitive root of 7. 13. What for the Miller Rabin algorithm is used?(April-2008) Test the primality of a large number. 14. Find the GCD of 2740 and 1760 using Euclidian algorithm.(May-2009) q 1 1 1 3 1 9 q1 q2 r 780 200 180 20 0 2740 1760 980 1760 980 980 780 200 180 780 200 180 20

Gcd(2740, 1760) = 20 15. Briefly define the Caesar cipher. Each character in plain text is replaced by a letter that is 3 places down the alphabet to form the cipher text. 16. What is the difference between a block cipher and a stream cipher? Block cipher- Plain text is processed as a block of bits. Stream cipher- Plain text is processed as a stream of bits. 17. What are the two approaches to attacking a cipher?

Cryptanalysis and Brute force attack. 18. Which parameters and design choices determine the actual algorithm of a feistel cipher? Block size, key size, number of rounds, subkey generation algorithm, round function, ease of analysis. 19. Explain active and passive attack with example? Passive attack: Monitoring the message during transmission. Eg: Interception Active attack: It involves the modification of data stream or creation of false data stream. E.g.: Fabrication, Modification, and Interruption 20. Differentiate symmetric and asymmetric encryption? Symmetric encryption Same key is used for encryption and decryption. Assymmetric encryption Different keys for encryption and decryption. 20. Define Fermat Theorem. If P is prime and a is a positive integer not divisible by P, then a P-1 =1 mod P. 21. Write a note on modular exponentiation. Exponentiation is performed by repeated multiplication as in ordinary arithmetic. 22. What for finite fields are used? Finite fields is used in designing cryptographic algorithm. 23. Define Euler's theorem and its applications. Eulers theorem states that every a and n are relatively prime. a(n)=1(mod n) Part B 1. Explain the OSI security architecture along with the services available(16)(Dec-2009) The OSI security architecture focuses on security attacks,mechanisms,and services. These can be defined briefly as follows: Security attack: Any action that compromises the security of information owned by an organization. Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent,or recover from a security attack. Security service: A processing or communication service that enhances the security of the

data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service Security Attack any action that compromises the security of information owned by an organization often threat & attack used to mean same thing generic types of attacks: Passive Active enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Security Mechanism feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques 2. Given the key "MONARCHY" apply play fair to pain text "FACTIONALISM" to ensure confidentially at the destination, decrypt the ciphertext and establish authenticity(8)(Dec2009) Playfair Key Matrix a 5X5 matrix of letters based on a keyword fill in letters of keyword (sans duplicates) fill rest of matrix with other letters

Security Service

eg. using the keyword MONARCHY M C E L U O H F P V N Y G Q W A B I/J S X R D K T Z

Encrypting and Decrypting plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) 3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom) 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair Security of Playfair Cipher security much improved over monoalphabetic since have 26 x 26 = 676 digrams would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) and correspondingly more ciphertext was widely used for many years eg. by US & British military in WW1

it can be broken, given a few hundred letters since still has much of plaintext structure 3. Explain the concept of monoalphabetic cipher and polyalphabetic substitution ciphers with examples. (16)(Dec-2010) Monoalphabetic Cipher rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA Monoalphabetic Cipher Security now have a total of 26! = 4 x 1026 keys problem is language characteristics Polyalphabetic Ciphers polyalphabetic substitution ciphers

improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached 4. Write in detail about LFSR sequence.(16) A linear feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state. The only linear function of single bits is xor, thus it is a shift register whose input bit is driven by the exclusive-or (xor) of some bits of the overall shift register value. The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle. Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common. intercept and recover a stretch of LFSR output stream used in the system described, and from that stretch of the output stream can construct an LFSR of minimal size that simulates the intended receiv-

er by using the Berlekamp-Massey algorithm. This LFSR can then be fed the intercepted stretch of output stream to recover the remaining plaintext. Three general methods are employed to reduce this problem in LFSR-based stream ciphers:

Non-linear combination of several bits from the LFSR state; Non-linear combination of the output bits of two or more LFSRs (see also: shrinking genera-

tor); or

Irregular clocking of the LFSR, as in the alternating step generator.

5. When do you say an algorithm in computationally secure ? Can you suggest an encryption scheme which is unconditionally secure? Explain(8)(Dec-2010) 6. How are arithmetic operations on integers carried out from their residues modulo a set of pair wise relatively prime moduli? Give the procedure to reconstruct the integers from the residues.(8) 7. Explain classical cryptographic techniques in detail.(16) Classical Substitution Ciphers letters of plaintext are replaced by other letters or by numbers or symbols plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns Caesar Cipher earliest known substitution cipher first attested use in military affairs

replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB can define transformation as: abcdefghijklmnopqrstuvwxyz D E F G H I J K LM N O PQ R STUVWXYZAB C mathematically give each letter a number abcdefghij k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c k) mod (26) Vigenre Cipher simplest polyalphabetic substitution cipher effectively multiple caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverse Autokey Cipher ideally want a key as long as the message Vigenre proposed the autokey cipher with keyword is prefixed to message as key knowing keyword can recover the first few letters use these in turn on the rest of the message but still have frequency characteristics to attack eg. given key deceptive key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA One-Time Pad

if a truly random key as long as the message is used, the cipher will be secure called a One-Time pad is unbreakable since ciphertext bears no statistical relationship to the plaintext since for any plaintext & any ciphertext there exists a key mapping one to other can only use the key once though problems in generation & safe distribution of key 8. Write short notes on security services. (8) Security Service enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication

Jerusalem College of Engineering Department of Information Technology Subject : IT2352-Cryptography and Network Security Name of the Faculty: X.Anita Unit II Part A 1. When the number of rounds in DES is less, what kind of cryptanalysis is easier?(Nov-2010) Differential cryptanalysis is easier. 2. State how timing attack in RSA can be avoided.(Nov-2010) Constant exponentiation time, random delay, blinding. 3. If a bit error occurs in plain text block p1,how far does the error propagate in CBC mode of DES?(May-2008) In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and that will be used along with P2 and hence a bit error in P1 will cause the error to propagate through out the process but it is not so in CBS mode. 4. What is the role of a primitive root in Diffie-Hellman Key exchange?(Nov-2010) In key generation.

Year/Sem :III/VI

5. Identify any two applications where one way authentication is necessary. E-mail, Kerberos protocol, X.509 protocol

6. If a bit error occurs in plain text block P1, how far does the error propagate in CBS mode of DES and 8-bit CFB mode of DES?(Nov-2008) In CFB mode of DES, the plaintext P1 will be used for the key generation of cipher text and that will be used along with P2 and hence a bit error in P1 will cause the error to propagate through out the process but it is not so in CBS mode.

10. Define Diffusion & confusion. Diffusion: Statistical structure of the plaintext is dissipated into long-range statistics of cipher text. Confusion: Relationship between cipher text and key is made complex. 11.

How is the S-box constructed?(Nov-2007)

S-box is initialized with nibble value. Treat each nibble as an element of finite field GF (24)modulo x4+x+1.

12. Briefly describe the Key Expansion Algorithm. AES key expansion algorithm takes as input a 4 word key and produce a linear array of 44 words. Key is copied into first 4 words of the encrypted key. Remaining key is filled in 4 words at a time.

13. List the evaluation criteria defined by NIST for AES? Security, cost, algorithm and implementation characteristics.

14. What is a one way function? Used to test the primality of larger prime number.

15. What for the Miller Rabin algorithm is used?(May-2008) General security, Software implementation, Restricted space environment, hardware implementation, attacks on implementation.

Part B 1. Given 10bit key k=1010000010. determine K1,K2 where P10= 3 5 2 7 4 10 1 9 8 6 p8 = 6 3 7 4 8 5 10 9 by using SDES key generation method.(10)(Nov-2009)

2. Apply public key encryption to establish confidentiality in the message from A to B. you are given m=67. KU={7,187}, KR={23,187}.(8)(Nov-2009) 3. In AES,explain how the encryption key is expanded to produce keys for the10 rounds.(May2008) AES Key Expansion takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words start by copying key into first 4 words then loop creating words that depend on values in previous & 4 places back in 3 of 4 cases just XOR these together 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back

Key Expansion Rationale designed to resist known attacks design criteria included knowing part key insufficient to find many more invertible transformation fast on wide range of CPUs use round constants to break symmetry diffuse key bits into round keys enough non-linearity to hinder analysis simplicity of description

4. What are the relative merits and demerits of block cipher modes of operations ? (8) (Nov2010) Modes of Operation Electronic Codebook Book (ECB): message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks Ci = DESK1(Pi) uses: secure transmission of single values

Advantages and Limitations of ECB message repetitions may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem

weakness is due to the encrypted message blocks being independent main use is sending a few blocks of data Cipher Block Chaining (CBC): message is broken into blocks linked together in encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process Ci = DESK1(Pi XOR Ci-1)

C-1 = IV uses: bulk data encryption, authentication

Advantages and Limitations of CBC a ciphertext block depends on all blocks before it any change to a block affects all following ciphertext blocks need Initialization Vector (IV) which must be known to sender & receiver if sent in clear, attacker can change bits of first block, and change IV to compensate hence IV must either be a fixed value (as in EFTPOS) or must be sent encrypted in ECB mode before rest of message

Cipher FeedBack (CFB): message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc

most efficient to use all bits in block (64 or 128) Ci = Pi XOR DESK1(Ci-1) C-1 = IV uses: stream data encryption, authentication

Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error Output FeedBack (OFB): message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance Ci = Pi XOR Oi Oi = DESK1(Oi-1) O-1 = IV uses: stream encryption on noisy channels Advantages and Limitations of OFB bit errors do not propagate more vulnerable to message stream modification a variation of a Vernam cipher hence must never reuse the same sequence (key+IV)

sender & receiver must remain in sync originally specified with m-bit feedback

subsequent research has shown that only full block feedback (ie CFB-64 or CFB-128) should ever be used Counter (CTR): a new mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) Ci = Pi XOR Oi Oi = DESK1(i) uses: high-speed network encryptions

Advantages and Limitations of CTR: efficiency can do parallel encryptions in h/w or s/w can preprocess in advance of need good for bursty high speed links

random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (cf OFB) 5. Explain types of attacks on double DES and triple DES. Double-DES could use 2 DES encrypts on each block C = EK2(EK1(P))

issue of reduction to single stage

and have meet-in-the-middle attack works whenever use a cipher twice since X = EK1(P) = DK2(C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(256) steps

Triple-DES with Three-Keys although are no practical attacks on two-key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = EK3(DK2(EK1(P)))

has been adopted by some Internet applications, eg PGP, S/MIME 6. Explain briefly about public key cryptography (8 )(May-2007) Public-Key Cryptography public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures

Public-Key Characteristics:

Public-Key algorithms rely on two keys where: it is computationally infeasible to find decryption key knowing only algorithm & encryption key it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known either of the two related keys can be used for encryption, with the other used for decryption (for some algorithms)

7. Discuss in detail RSA algorithm , highlighting its computational aspect and security.(Nov2007) RSA Key Setup each user generates a public/private key pair by: selecting two large primes at random - p, q computing their system modulus n=p.q note (n)=(p-1)(q-1)

selecting at random the encryption key e where 1<e<(n), gcd(e,(n))=1 solve following equation to find decryption key d e.d=1 mod (n) and 0dn

publish their public encryption key: PU={e,n} keep secret private decryption key: PR={d,n} RSA Key Generation users of RSA must: determine two primes at random - p, q

select either e or d and compute the other

primes p,q must not be easily derived from modulus n=p.q means must be sufficiently large typically guess and use probabilistic test

exponents e, d are inverses, so use Inverse algorithm to compute the other RSA Security possible approaches to attacking RSA are: brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing (n), by factoring modulus n) timing attacks (on running of decryption) chosen ciphertext attacks (given properties of RSA)

Factoring Problem mathematical approach takes 3 forms: factor n=p.q, hence compute (n) and then d determine (n) directly and compute d find d directly

currently believe all equivalent to factoring have seen slow improvements over the years as of May-05 best is 200 decimal digits (663) bit with LS biggest improvement comes from improved algorithm cf QS to GHFS to LS currently assume 1024-2048 bit RSA is secure ensure p, q of similar size and matching other constraints Timing Attacks exploit timing variations in operations eg. multiplying by small vs large number or IF's varying which instructions executed

infer operand size based on time taken RSA exploits time taken in exponentiation countermeasures use constant exponentiation time add random delays blind values used in calculations

8. Perform decryption and encryption using RSA algorithm with p=3 q=11 e=7 and N=5.(Nov2007) Phi(n)=(p-1)(q-1) =2(10)=20 E=7 D=3 PU={7,33} C=57 mod 33=14 M=143 mod 33=5 9. Draw the general structure of DES and explain the encryption decryption process(10).(May2009) DES Encryption Overview

10. Mention the strengths and weakness of DES algorithm. (6)(May-2009) Strength of DES Key Size 56-bit keys have 256 = 7.2 x 1016 values brute force search looks hard recent advances have shown is possible in 1997 on Internet in a few months

in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs!

still must be able to recognize plaintext must now consider alternatives to DES Strength of DES Analytic Attacks now have several analytic attacks on DES these utilise some deep structure of the cipher by gathering information about encryptions can eventually recover some/all of the sub-key bits if necessary then exhaustively search for the rest

generally these are statistical attacks include differential cryptanalysis linear cryptanalysis related key attacks

Weakness of DES Prone to cryptanalysis attack.

Jerusalem College of Engineering Department of Information Technology Subject : IT2352-Cryptography and Network Security

Year/Sem :III/VI

Name of the Faculty: X.Anita

UNIT-III Part-A 1. List the properties a digital signature should possess?(Nov-2009) It must verify the author , the date and time of the signature. It must authenticate the contents of time of the signature. It must be verifiable by third parties to resolve disputes. 2. what are the functions used to produce an authenticator?(Nov-2009) Messge authentication code, encryption algorithm, hash function.

3. Why the leading two octets of message digest are stored in PGP message along with encrypted message digest?(May-2008) Leading 2 octets of message digest is stored in PGP message is to enable the recipient to determine if the correct public key was used to decrypt the message digest for authenticate.

4. State any two advantages of Oakley key determination protocol over Diffie Hellman key exchange protocol.(May-2008) It employs a mechanism known as to thwart logging attacks. It authenticates the Diffie Hellman exchange to thwart man in the middle attck. 5. Define the one way property to be possessed by any hash function.(Nov-2008) For any given h1, it is computational, infeasibility to find x such that H(x)= h. This is sometimes referred to in the literature as the one way property.

6. What is the purpose of Diffie-Hellman algorithm?(May-2007)

Purpose of Diffie Hellman is to enable two users to securely exchange a key that can be used for subsequent encryption of message. The algorithm itself is limited to the exchange of secret values.

7. Define man in the middle attack(May-2007) Advercery intercept messages and then send its own fabricated message.

10. List design objectives for HMAC(May-2007) To allow easy replaceability of the embedded hash function. To preserve the original performance of the hash function without incoming a significant degradation. 11. What is MAC? (May-2007) MAC is an alternate authentication technique that involves the use of a secret key to generate a small fixed size block of data known as checksum or MAC that is appended to the message.

12. What are the requirements for digital signature? (May-2007) The signature must be a bit pattern that depends on the message being signed. The signature must use information unique to the sender to prevent both forgery denial. Must be relatively easy to produce the digital signature. 13. Define weak collision property of a hash function. It must be computationally infeasible to find y not equal to x such that H(y)=H(x). This is referred to as weak collision property.

14. What is meant by message digest give example. Hash function accepts a variable size message M as input and produces a fixed size output called hash code. This hash is also called message digest or hash value.


1. Apply the MAC on the cryptographic checksum method to authendicate build confidentiality of the message where the authentication is tied to message M=8376, K1=4892, K2=53624071. (10)(Nov-2009) 2. What are the properties a hash function must satisfy? (6) (Nov-2009)

can be applied to any sized message M produces fixed-length output h is easy to compute h=H(M) for any message M given h is infeasible to find x s.t. H(x)=h one-way property given x is infeasible to find y s.t. H(y)=H(x) weak collision resistance is infeasible to find any x,y s.t. H(y)=H(x) strong collision resistance

3. Explain MD5 message digest algorithm, with its logic and compression function.(16) (Nov2009) 4. Explain the SHA-1 hashing function with an example. (8) (Nov-2010) (May-2009) 5. Consider any message M of length 4120 bits ending with ABCDEF in hexadecimal form. Construct the last block of message to be given as input for the MD5 (May-2008) 6. Describe Digital Signature Algorithm and show how signing and verification is done using DSS. (May-2008) 7. Explain the processing of message block of 512 bits using SHA1(8) (May-2008) SHA-512 Overview

SHA-512 Compression Function heart of the algorithm processing message in 1024-bit blocks consists of 80 rounds updating a 512-bit buffer using a 64-bit value Wt derived from the current message block and a round constant based on cube root of first 80 prime numbers SHA-512 Round Function

64-bit word values Wt are derived from the 1024-bit message. The first 16 values of Wt are taken directly from the 16 words of the current block. The remaining values are defined as a function of the earlier values using ROTates, SHIFTs and XORs as shown. The function elements are: 0(x) = ROTR(x,1) XOR ROTR(x,8) XOR SHR(x,7) 1(x) = ROTR(x,19) XOR ROTR(x,61) XOR SHR(x,6). 8. What is the role of discrete logarithms in the Diffie-Hellman key exchange in exchanging the

secret key among two users? (8) (Nov-2008) Discrete logarithms is used in key generation. Diffie-Hellman Key Exchange: a public-key distribution scheme cannot be used to exchange an arbitrary message rather it can establish a common key known only to the two participants value of key depends on the participants (and their private and public key information) based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy security relies on the difficulty of computing discrete logarithms (similar to factoring) hard Diffie-Hellman Key Setup: all users agree on global parameters: large prime integer or polynomial q a being a primitive root mod q each user (eg. A) generates their key chooses a secret key (number): xA < q compute their public key: yA = axA mod q each user makes public that key yA

Key Exchange:

9. What are Digital Signature Algorithms and show how signing and verification is done using DSS. (8) (Nov-2008) Digital Signature Algorithm (DSA) creates a 320 bit signature with 512-1024 bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms variant of ElGamal & Schnorr schemes

Key Generation

10. Explain how birthday attack is done. (8) (Nov-2008) might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: o opponent generates 2m/2 variations of a valid message all with essentially the same meaning o opponent also generates 2m/2 variations of a desired fraudulent message o two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) o have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash 11. What is the use of authentication protocols? (4) (May-2007) Authentication protocols are used mainly in digital signature Mutual authentication: Such protocols enable communication parties to satisfy themselves mutually about each, this identity V to exchange session keys. One way authentication: One application for which encryption is grouping in popularity is email. 12. Users A and B use the Diffie Hellman key exchange technique a common prime q=11 and a

primitive root alpha=7. (May-2009) (i) If user A has private key XA =3 what is As public key YA? (ii) If user B has private key XB =6 what is Bs public key YB? (ii) What is the shared secret key? Also write the algorithm.(4) (iv)How man in middle attack can be performed in Diffie Hellman algorithm XA=3 YA=73 mod 11 YA=2 XB=6 YB=76 mod 11 YB=4

Jerusalem College of Engineering Department of Information Technology Subject : IT2352-Cryptography and Network Security Name of the Faculty: X.Anita Unit-IV Part-A 1. Mention the scenario where kerberos scheme is prefered(Nov-2009) Kerberos is an authentication service designed for use in a distributed. Kerberos makes use of a trusted third party authentication service that enables clients and servers to establish authenticated communication. A user may gain access to a particular workstation and pretend to be another user operating from that workstation. A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation. 2. What are the technical deficiencies in the kerberos version 4 protocol? (Nov-2009) Double encryption, PCBC encryption, Session keys, Password attcaks Year/Sem :III/VI

3. State the services provided by IPSec. (Nov-2010) Access control, connectionless integrity, data origin authentication, rejection of replayed packets, confidentiality, limited traffic flow confidentiality. 4. Differentiate SSL connection from SSL session(Nov-2010) 5. What is the role of Ticket Granting Server in inter realm operations of Kerberos? (May-2007) To solve additional problems we introduce a scheme for avoiding plaintext password and a new server known as the ticket granting server. The new service TGS issues tickets to users who have been authenticated to AS. Thus the user first requests a ticket-granting ticket from the AS. 6. Why the leading two octets of message digest are stored in PGP message along with the encrypted message digest? (May-2008) PGP uses existing cryptographic algorithms. PGP is based on RSA, MD5 and IDEA. PGP also support text compression , secrecy and digital signatures and also provide efficiency key management. 7. Give the Kerberos simple dialogue(May-2007) The problem that Kerberos addresses is an open distributed environment in which users at workstations work to access services on servers distributed throughout network. 8. Give IPSEC ESP FORMAT. (Nov-2007) Padding field is added to the ESP to provide partial traffic flow confidentiality by concealing the actual length of the payload.

9. What are the security options PGP allows when sending an email message? (May-2009)

E-mail compatibility-Radix 64 conversion To provide transparency for email application-an encrypted message may be converted to an ASCII string using radix 64 conversion. 10. How IPSec does offers the authentication and confidentiality services? (May-2009) Reserved, SPI, Sequence number, Authentication data. 11. Define S/MIME? S/MIME is a security enhancement to the MIME internet format based on technology from RS data security. It is ability to sign and/or encrypt meaasges. 12. Draw the diagram for PGP message transmission reception?

13. What is the general format for PGP message?

Give the application of IP security? Provide secure communication across private and public LAN. Secure remote access ovet theInternet. 13. List the steps involved in SSL record protocol? Fragmentation, compression, MAC, encryption, appending SSL record header. 14. What is X.509 standard?(Nov-2007) Defines a framework for the provision of authentication services by the X.500 directory to its users. Based on the use of public-key cryptiography and digital signature.

Part-B 1. Explain X.509 authentication servise and its certificates(16) (Nov-2009) X.509 Authentication Service: part of CCITT X.500 directory service standards distributed servers maintaining user info database defines framework for authentication services directory may store public-key certificates with public key of user signed by certification authority also defines authentication protocols uses public-key crypto & digital signatures algorithms not standardised, but RSA recommended X.509 certificates are widely used X.509 Certificates: issued by a Certification Authority (CA), containing: version (1, 2, or 3) serial number (unique within CA) identifying certificate signature algorithm identifier issuer X.500 name (CA) period of validity (from - to dates) subject X.500 name (name of owner) subject public-key info (algorithm, parameters, key) issuer unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) signature (of hash of all fields in certificate) notation CA<<A>> denotes certificate for A signed by CA

X.509 Format:

CA Hierarchy:

2. Explain the services of PGP(12) (Nov-2009) (Nov-2010) Pretty Good Privacy (PGP): Operation Authenticatoin: o sender creates message o use SHA-1 to generate 160-bit hash of message o signed hash with RSA using sender's private key, and is attached to message o receiver uses RSA with sender's public key to decrypt and recover hash code o receiver verifies received message using hash of it and compares with decrypted hash code Confidentiality: o sender generates message and 128-bit random number as session key for it o encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key o session key encrypted using RSA with recipient's public key, & attached to msg

o receiver uses RSA with private key to decrypt and recover session key o session key is used to decrypt message Confidentiality & Authentication: can use both services on same message create signature & attach to message encrypt both message & signature attach RSA/ElGamal encrypted session key Compression: by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification & because compression is non deterministic uses ZIP compression algorithm Email Compatibility: when using PGP will have binary data to send (encrypted message etc) however email was designed only for text hence PGP must encode raw binary data into printable ASCII characters uses radix-64 algorithm maps 3 bytes to 4 printable chars also appends a CRC PGP also segments messages if too big Summary:

3. Write down the functions provided by S/MIME(4) (Nov-2009) S/MIME (Secure/Multipurpose Internet Mail Extensions): security enhancement to MIME email original Internet RFC822 email was text only MIME provided support for varying content types and multi-part messages with encoding of binary data to textual form S/MIME added security enhancements have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc S/MIME Functions: enveloped data encrypted content and associated keys signed data encoded message + signed digest clear-signed data cleartext message + encoded signed digest signed & enveloped data nesting of signed & encrypted entities S/MIME Cryptographic Algorithms: digital signatures: DSS & RSA

hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSA message encryption: AES, Triple-DES, RC2/40 and others MAC: HMAC with SHA-1 have process to decide which algs to use S/MIME Messages: S/MIME secures a MIME entity with a signature, encryption, or both forming a MIME wrapped PKCS object have a range of content-types: enveloped data signed data clear-signed data registration request certificate only message S/MIME Certificate Processing: S/MIME uses X.509 v3 certificates managed using a hybrid of a strict X.509 CA hierarchy & PGPs web of trust each client has a list of trusted CAs certs and own public/private key pairs & certs certificates must be signed by trusted CAs 4. How does Kerberos authenticate services from any servers? (8) (Nov-2010) Kerberos Requirements: its first report identified requirements as: secure reliable transparent scalable implemented using an authentication protocol based on Needham-Schroeder Kerberos v4 Overview: a basic third-party authentication scheme have an Authentication Server (AS) users initially negotiate with AS to identify self

AS provides a non-corruptible authentication credential (ticket granting ticket TGT) have a Ticket Granting server (TGS) users subsequently request access to other services from TGS on basis of users TGT Kerberos v4 Dialogue: o obtain ticket granting ticket from AS once per session

o obtain service granting ticket from TGT for each distinct service required

o client/server exchange to obtain service on every service request

Kerberos Realms: a Kerberos environment consists of: a Kerberos server a number of clients, all registered with server application servers, sharing keys with server this is termed a realm typically a single administrative domain if have multiple realms, their Kerberos servers must share keys and trust

5. What are the basic requirements expexted from SET? What is the role of Dual signatures in meeting the requirements ? (8) (Nov-2010) Secure Electronic Transactions (SET): open encryption & security specification to protect Internet credit card transactions developed in 1996 by Mastercard, Visa etc not a payment system rather a set of security protocols & formats secure communications amongst parties trust from use of X.509v3 certificates privacy by restricted info to those who need it SET Components:

SET Transaction: o customer opens account o customer receives a certificate o merchants have their own certificates o customer places an order o merchant is verified o order and payment are sent o merchant requests payment authorization o merchant confirms order o merchant provides goods or service o merchant requests payment Dual Signature: customer creates dual messages order information (OI) for merchant payment information (PI) for bank neither party needs details of other but must know they are linked use a dual signature for this signed concatenated hashes of OI & PI DS=E(PRc, [H(H(PI)||H(OI))]) SET Purchase Request:

SET purchase request exchange consists of four messages o Initiate Request - get certificates o Initiate Response - signed response o Purchase Request - of OI & PI o Purchase Response - ack order

Purchase Request Customer:

Purchase Request Merchant:

Payment Gateway Authorization: o verifies all certificates o decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block o verifies merchant's signature on authorization block o decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block o verifies dual signature on payment block o verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer o requests & receives an authorization from issuer o sends authorization response back to merchant Payment Capture: merchant sends payment gateway a payment capture request gateway checks request then causes funds to be transferred to merchants account notifies merchant using capture response 6. Illustrate the implementations of IPSec(8) (Nov-2010)

o general IP Security mechanisms o provides o authentication o confidentiality o key management o applicable to use over LANs, across public & private WANs, & for the Internet IPSec Uses:

Benefits of IPSec: in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture IPSec Services: Access control Connectionless integrity Data origin authentication Rejection of replayed packets

a form of partial sequence integrity Confidentiality (encryption) Limited traffic flow confidentiality Security Associations: a one-way relationship between sender & receiver that affords security for traffic flow defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier has a number of other parameters seq no, AH & EH info, lifetime etc have a database of Security Associations Authentication Header (AH): provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers based on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret key

Transport & Tunnel Modes:

Encapsulating Security Payload (ESP): provides message content confidentiality & limited traffic flow confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC & other modes padding needed to fill blocksize, fields, for traffic flow Encapsulating Security Payload:

Transport vs Tunnel Mode ESP: transport mode is used to encrypt & optionally authenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic tunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security 7. Describe the SSL Specific protocol Handshake action in detail. (10) (May-2009) (Nov2007) SSL (Secure Socket Layer): Handshake Protocol: allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish Handshake Protocol action:

Jerusalem College of Engineering Department of Information Technology Subject : IT2352-Cryptography and Network Security Name of the Faculty: X.Anita

Year/Sem :III/VI

UNIT V Part-A 1. How are the passwords stored in password file in UNIX operating system? (May-2008)

2. List the classes of intruders(Nov-2009) Masquerader, Misfeasor, Cladestine user 3. Give the type of viruses. (Nov-2009)

Parasitic virus, boot sector virus, stealth virus, polymorphic virus 4. Explain the term Baston Host. (Nov-2010) It is a system identified by the firewall administrator as a critical strong point in the network security. Typically the baston host serves as a platform for an application level or circuit level gateway. 5. what is meant by polymorphic viruses? (May-2008) A virus that mutates with every infection making detection by the signature of the virus impossible. 6. What is firewall? (May-2007) Firewall is a barrier through which the traffic going in each direction must pass. It may be designed to operate as a filter at the level of IP packets or mayoperate at a higher protocol layer. 7. What are honey pots. (Nov-2007) Honey pots are designed to Divert an attacker from accessing critical systems Collect information about the attckers activity Encourage the attacker to stay on the system long enough for administrators to respond. 8. List down the four phases of virus. (Nov-2007) * Dormant phase * Propagation phase * Triggering phase * Execution phase 9. What is IP address spoofing? (May-2009) Pretending to have the identityof another computer. 11. What are the common technique used to protect a password file? (May-2009) One way function Access control 12. What is application level gateway?

13. List the design goals of firewalls? All traffic must pass through it Only authorized traffic is allowed to pass Firewall itself is immune to penetration

Part-B 1. Explain firewall design principles, characteristics, and types of firewalls(12) (Nov-2009) Firewall Limitations:

cannot protect from attacks bypassing it eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) cannot protect against internal threats eg disgruntled or colluding employees cannot protect against transfer of all virus infected programs or files because of huge range of O/S & file types Packet Filters: simplest, fastest firewall component foundation of any firewall system examine each IP packet (no context) and permit or deny according to rules hence restrict access to services (ports) possible default policies that not expressly permitted is prohibited that not expressly prohibited is permitted

Attacks on Packet Filters: IP address spoofing fake source address to be trusted add filters on router to block source routing attacks attacker sets a route other than default block source routed packets tiny fragment attacks split header info over several tiny packets either discard or reassemble before check

Stateful Packet Filters: traditional packet filters do not examine higher layer context ie matching return packets with outgoing flow stateful packet filters address this need they examine each IP packet in context keep track of client-server sessions check each packet validly belongs to one hence are better able to detect bogus packets out of context Application Level Gateway (or Proxy): have application specific gateway / proxy has full access to protocol user requests service from proxy proxy validates request as legal then actions request and returns result to user can log / audit traffic at application level need separate proxies for each service some services naturally support proxying others are more problematic

Circuit Level Gateway: relays two TCP connections imposes security by limiting which such connections are allowed once created usually relays traffic without examining contents typically used when trust internal users by allowing general outbound connections

SOCKS is commonly used

Bastion Host: highly secure host system runs circuit / application level gateways or provides externally accessible services potentially exposed to "hostile" elements hence is secured to withstand this hardened O/S, essential services, extra auth proxies small, secure, independent, non-privileged may support 2 or more net connections may be trusted to enforce policy of trusted separation between these net connections Firewall Configurations:

Access Control: given system has identified a user determine what resources they can access general model is that of access matrix with subject - active entity (user, process) object - passive entity (file or resource) access right way object can be accessed can decompose by columns as access control lists rows as capability tickets 2. Give the basic techniques which are in use for the password selection strategies(8) (Nov-2009) Managing Passwords: Education: can use policies and good user education educate on importance of good passwords give guidelines for good passwords

minimum length (>6) require a mix of upper & lower case letters, numbers, punctuation not dictionary words but likely to be ignored by many users Computer Generated: let computer create passwords if random likely not memorisable, so will be written down (sticky label syndrome) even pronounceable not remembered have history of poor user acceptance FIPS PUB 181 one of best generators has both description & sample code generates words from concatenating random pronounceable syllables Reactive Checking: reactively run password guessing tools note that good dictionaries exist for almost any language/interest group cracked passwords are disabled but is resource intensive bad passwords are vulnerable till found Proactive Checking: most promising approach to improving password security allow users to select own password but have system verify it is acceptable simple rule enforcement (see earlier slide) compare against dictionary of bad passwords use algorithmic (markov model or bloom filter) to detect poor choices 3. Write down the four generations of antivirus software(8) (Nov-2009) first-generation scanner uses virus signature to identify virus or change in length of programs second-generation uses heuristic rules to spot viral infection or uses crypto hash of program to spot changes

third-generation memory-resident programs identify virus by actions fourth-generation packages with a variety of antivirus techniques eg scanning & activity traps, access-controls 4. How does a worm propagate? Illustrate with an example. (8) (Nov-2010) replicating but not infecting program typically spreads over a network o cf Morris Internet Worm in 1988 o led to creation of CERTs using users distributed privileges or by exploiting system vulnerabilities widely used by hackers to create zombie PC's, subsequently used for further attacks, esp DoS major issue is lack of security of permanently connected systems, esp PC's Worm Operation: worm phases like those of viruses: dormant propagation search for other systems to infect establish connection to target remote system replicate self onto remote system

triggering execution

5. Explain any two approaches for intrusion detection.(8) (May-2009) Approaches to Intrusion Detection: statistical anomaly detection threshold profile based rule-based detection anomaly

penetration identification 6. Describe packet filtering router in detail. (8) (May-2009) Packet Filters: simplest, fastest firewall component foundation of any firewall system examine each IP packet (no context) and permit or deny according to rules hence restrict access to services (ports) possible default policies that not expressly permitted is prohibited that not expressly prohibited is permitted

Attacks on Packet Filters: IP address spoofing fake source address to be trusted add filters on router to block source routing attacks attacker sets a route other than default block source routed packets tiny fragment attacks split header info over several tiny packets either discard or reassemble before check