1 | P a g e

Hall Ticket No
Question Paper Code : A1607



VARDHAMAN COLLEGE OF
ENGINEERING
(AUTONOMOUS)
(Affiliated to J NTUH,
Hyderabad
Four Year B. Tech VII Semester Tutorial Question Bank 2014 - 15
(Regulations: VCE-R11)
NETWORK SECURITY AND CRYPTOGRAPHY
(Information Technology)

PART - A (1 Marks Questions)
Unit-I
1. What is the OSI security architecture?
2. What is the difference between passive and active security threats?
3.
List and briefly define categories of security services.
4. What are the essential ingredients of a symmetric cipher?
5. What is the difference between a block cipher and a stream cipher?
6. How many keys are required for two People to communicate via a cipher?
7.
What is a transposition cipher?
8. What is steganography?

9. What is the difference between an unconditionally secure cipher and a computationally
secure cipher? 10. What are the two basic functions used in encryption algorithms?
Unit-II
1. Why is it important to study the Feistel cipher?
2. What is the purpose of the S-boxes in DES?
3. Explain the avalanche effect.
4.
What is the difference between diffusion and confusion?
5. What is the purpose of the State array?

6.
What is the difference between SubBytes and SubWord?
7.
How many bytes in State are affected by ShiftRows?
8. What is Eulers totient function?

9. What is a primitive root of a number?

10. What is a meet-in-the-middle attack?
Unit-III
1. What are the principal elements of a public-key cryptosystem?
2. What are the roles of the public and private key?
3. Describe in general terms an efficient procedure for picking a prime number
4. What are three broad categories of applications of public-key cryptosystems?
5. What is an elliptic curve?
6. What characteristics are needed in a secure hash function?
7. What basic arithmetical and logical functions are used in SHA?
8. What is the role of a compression function in a hash function?
9. What are the properties a digital signature should have?
10. What are some threats associated with a direct digital signature scheme?
2 | P a g e


Unit-IV
1. List three general approaches to dealing with replay attacks.
2. What four requirements were defined for Kerberos?
3. In the context of Kerberos, what is a realm?
4. What four requirements were defined for Kerberos?
5.
What problem was Kerberos designed to address?
6. In Kerberos, when Bob receives a Ticket from Alice, how does he know it came from Alice?
7. What is the difference between an SSL connection and an SSL session?
8. What steps are involved in the SSL Record Protocol transmission?
9. What are the five principal services provided by PGP?
10. Why does PGP generate a signature before applying compression?
Unit-V
1. List three design goals for a firewall.
2. What are some weaknesses of a packet filtering firewall?
3. List four techniques used by firewalls to control access and enforce a security policy
4. What is an application-level gateway?
5. What are the common characteristics of a bastion host?
6. What is the difference between an internal and an external firewall?
7. What services are provided by the SSL Record Protocol?
8. List and briefly define the SSH protocols.
9. List and briefly define three classes of intruders.
10. What is a honeypot?
PART - B (5 Marks Questions)
Unit-I
1. List and briefly define categories of passive and active security attacks.
2.
Write a program that can encrypt and decrypt using the general Caesar cipher, also
known as an additive cipher.
3. We have shown that the Hill cipher succumbs to a known plaintext attack if sufficient
plaintextciphertext pairs are provided. It is even easier to solve the Hill cipher if a
chosen plaintext attack can be mounted. Describe such an attack
4. A ciphertext has been generated with an affine cipher. The most frequent letter of the
ciphertext is B, and the second most frequent letter of the cipher text is U. Break this code

5. Briefly define the Caesar cipher
6. Encrypt and decrypt the given message MEET ME AFTER THE TOGA PARTY using
transposition technique
7. Encrypt and decrypt the given message HELLO WORLD using Hill Cipher.use the key
3 2
4 1
3 | P a g e


8. Briefly explain the type of attack on encrypted message and describe what must known by
cryptanalysis.
9. Briefly explain Symmetric cipher model for both encryption and decryption.
10. Using the Vigenre cipher, encrypt the word EXPLANATION using the key
LEG

Unit-II
1. Show that DES decryption is, in fact, the inverse of DES encryption.
2. Show that in DES the first 24 bits of each subkey come from the same subset of 28 bits of the
initial key and that the second 24 bits of each subkey come from a disjoint
subset of 28 bits of the initial key.

3. Briefly explain the Design criteria for DES
4. Compute the bits number 1, 16, 33, and 48 at the output of the first round of the DES
decryption, assuming that the ciphertext block is composed of all ones and the external key is
composed of all ones.
5. Using S-DES, decrypt the string (10100010) using the key (0111111101) by hand.Show
intermediate results after each function . Then decode the first 4 bits of the plaintext string to
a letter and the second 4 bits to another letter where we encode A through P in base 2 (i.e., A
= 0000, B = 0001,..., P = 1111).
Hint: As a mid-way check, after the application of SW, the string should be (00010011).

6. Carefully write up a complete decryption of the ciphertext 0000 0111 0011 1000 using the key
1010 0111 0011 1011 and the S-AES algorithm.
7.
Given the plaintext {000102030405060708090A0B0C0D0E0F} and the
key{01010101010101010101010101010101}:
a. Show the original contents of State, displayed as a 4 4 matrix.
b. Show the value of State after initial AddRoundKey.
c. Show the value of State after SubBytes.
d. Show the value of State after ShiftRows.
e. Show the value of State after MixColumns.
8.
Is it possible to perform encryption operations in parallel on multiple blocks of plain text in
CBC mode? How about decryption?

9. What is the difference between the AES decryption algorithm and the equivalent inverse
cipher?
10. Compare AES to DES. For each of the following elements of DES, indicate the comparable
element in AES or explain why it is not needed in AES.
a. XOR of subkey material with the input to the f function
b. XOR of the f function output with the left half of the block
C. F function
d. Permutation P
e. Swapping of halves of the block

Unit-III
1.
Perform encryption and decryption using the RSA algorithm, for the following
a. p = 3; q = 11, e = 7; M = 5
b. p = 5; q =11, e = 3; M = 9
c. p = 7; q = 11, e = 17; M = 8
2.
In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key
is e = 5, n = 35. What is the plaintext M?

3.
Suppose we have a set of blocks encoded with the RSA algorithm and we dont have the private key.
Assume n = pq, e is the public key. Suppose also someone tells us they know one of the plaintext
blocks has a common factor with n. Does this help us in any way?
4 | P a g e

4.
Users A and B use the Diffie-Hellman key exchange technique with a common prime and a
primitive root .a = 7q = 71
a. If user A has private key , what is As public key ?
b. If user B has private key , what is Bs public key ?
c. What is the shared secret key?

5.
DSA specifies that if the signature generation process results in a value of , a new value of
should be generated and the signature should be recalculated. Why?

6.
With DSS, because the value of is generated for each signature, even if the same message is
signed twice on different occasions, the signatures will differ. This is not true of RSA
signatures. What is the practical implication of this difference?
7.
What changes in HMAC are required in order to replace one underlying hash function with
another?
8.
Given CBC MAC of a one block message, say = MAC (,), the adversary immediately knows the
CBC MAC for the two-block message X || (X XOR T ) since this is once again T. Justify this
statement.
9.
What is the difference between a message authentication code and a one-way hash
function?
10.
In what order should the signature function and the confidentiality function be applied to a
message, and why?
Unit-IV
1.
Reference the suppress-replay attack described the following.
a. Give an example of an attack when a partys clock is ahead of that of the KDC.
b. Give an example of an attack when a partys clock is ahead of that of another
2.
Show that a random error in one block of cipher text is propagated to all subsequent blocks
of plaintext in PCBC mode
3.
In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than including a
change_cipher_spec message in the Handshake Protocol?
4.
For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the
packet encryption?
5.
In the PGP scheme, what is the expected number of session keys generated before a
previously created key is produced?
6.
The first 16 bits of the message digest in a PGP signature are translated in the clear.
a. To what extent does this compromise the security of the hash algorithm?
b. To what extent does it in fact perform its intended function, namely, to help determine if
the correct RSA key was used to decrypt the digest?

7.
What is the basic difference between X.509 and PGP in terms of key hierarchies and key
trust?
8.
Where does IPsec reside in a protocol stack?
9.
List the major security services provided by AH and ESP, respectively.

10.
In PGP, what is the probability that a user with public keys will have at least one duplicate
key ID?
5 | P a g e

Unit-V
1.
In an IPv4 packet, the size of the payload in the first fragment, in octets, is equal to Total
Length (4 IHL). If this value is less than the required minimum (8 octets for TCP), then this
fragment and the entire packet are rejected. Suggest an alternative method of achieving the
same result using only the Fragment Offset field.
2.
A common management requirement is that all external Web traffic must flow via the
organizations Web proxy. However, that requirement is easier stated than implemented.
Discuss the various problems and issues, possible solutions, and limitations with supporting
this requirement.
3.
A phonetic password generator picks two segments randomly for each six-letter password.
The form of each segment is CVC (consonant, vowel, consonant), where V=< a, e, I, o, u > and
C = V
a. What is the total password population?
b. What is the probability of an adversary guessing a password correctly?
4.
Suggest some methods of attacking the PWC worm defense that could be used by worm
creators and suggest countermeasures to these methods.
5.
What is the difference between a packet filtering firewall and a stateful inspection firewall?
6.
In an IPv4 packet, the size of the payload in the first fragment, in octets, is equal to Total
Length (4 IHL). If this value is less than the required minimum (8 octets for TCP), then this
fragment and the entire packet are rejected. Suggest an alternative method of achieving the
same result using only the Fragment Offset field.
7.
For each of the cybercrimes, indicate whether it falls into the category of computer as target,
Computer as storage device or computer as communications tool. In the first case, indicate
whether the crime is primarily an attack on data integrity, system integrity, data
confidentiality, privacy, or availability.

8.
What purpose does the MAC serve during the change cipher spec SSL exchange?

9.
Is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If
so, explain how it can be done. If not, why not?
10.
For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the
packet encryption?