(2 hours)

Total Marks: 75
N. B.: (1) All questions are compulsory.
(2) Make suitable assumptions wherever necessary and state the assumptions made.
(3) Answers to the same question must be written together.
(4) Numbers to the right indicate marks.
(5) Draw neat labeled diagrams wherever necessary.
(6) Use of Non-programmable calculators is allowed.
1.
a.
b.
c.
d.

Attempt any two of the following:

What is the principle behind One Time pads? Why is it highly secure?
Explain the various ways of attack, such as known plain-text attack etc.?
What are the two basic ways of transforming plain-text onto cipher-text?
Explain the following principles of security:
i) Non-Repudiation
ii) Integrity

10

2.
a.
b.

Attempt any two of the following:

Explain CFB (Cipher Feedback) mode of algorithms.
What are the features of blowfish algorithm? Explain the steps in encryption process
using blowfish algorithm.
Explain the principles/working of IDEA algorithm.
Explain in detail the steps in each round of DES.

10

Attempt any two of the following:

Compare symmetric and asymmetric key cryptography using their various
characteristics.
What are the key requirements of message digest?
What is the difference between MAC and message digest?
Explain the concept of Digital Envelope?

10

4.
a.
b.
c.
d.

Attempt any two of the following:

Write short note on private key management.
What is cross-certification? Why is it needed?
Describe the role of CA in creation/revocation of Digital Certificate.
Explain the steps in creation of Digital Certificate.

10

5.
a.
b.
c.
d.

Attempt any two of the following:

What is buffer overflow attack on SSL?
What are the objectives of SET, how are they achieved?
Write a detailed note on VPN (Virtual Private Network).
What are the attacks on packet filter firewall?

10

6.
a.
b.
c.
d.

Attempt any two of the following:

What is authentication token? Explain briefly, how it works?
Explain the password based authentication and the problems associated with it.
Explain the usage of smart cards in authentication.
Explain shared secret method of mutual authentication.

10

7.
a.
b.
c.
d.
e.
f.

Attempt any three of the following:

What are the different types of criminal attacks?

15

c.
d.
3.
a.
b.
c.
d.
3

Discuss how encryption happens in RC5?

Explain the working of SHA (Secure Hash Algorithm).
Explain PKCS#5 PBE (Password Based Encryption) standard.
Explain the concept of NAT(Network Address Translation).
Write a detailed note on biometric authentication.

Q1.A) What is the principle behind One Time pads? Why is it highly secure?
Ans: Explanation of how One Time Pad works, with the help of an example : 3 marks
The principle behind One Time Pad is
: 2 marks
1) The key length is same as input plaintext length. This is also a drawback as it can be
suitable only for short messages.
2) The key used for transforming plaintext to cipher text is discarded after its single use.
Therefore it is highly secure because for an attacker to guess/find the key is very difficult.
Q1.B) Explain the various ways of attack, such as known plain-text attack etc.?
Ans: Possible types of attacks
(1 mark each for the explanation of the attack)
1) Cipher Text only attack
2) Known Plaintext attack
3) Chosen Plaintext attack
4) Chosen cipher text attack
5) Chosen text attack
Q1.C) What are the two basic ways of transforming plain-text onto cipher-text?
Ans: The two basic ways of transforming plain-text into cipher-text are
1) Substitution Cipher : Explanation & example
2.5 marks
2) Transposition Cipher: Explanation & example
2.5 marks
Q1.D) Explain the following principles of security:
Ans: 1) Non-Repudiation:
Explanation & example
2) Integrity:
Explanation & example

2.5 marks
2.5 marks

Q2.A) Explain CFB (Cipher Feedback) mode of algorithms.

Ans: CFB mode encryption diagram
1 mark
Steps as follows:
(1 mark each for each step)
4 marks
1) 64 Bit Initialization Vector (IV) encrypted using key.
2) Leftmost j bits of IV are XORed with first j bits of plaintext to produce j bits of
cipher text.
3) Bits of IV are shifted left by j positions and the the rightmost j positions are filled
with j bits of cipher text. This creates a new IV for the next step.
4) Steps 1 through 3 continue until all the plain text units are encrypted.
Q2.B) What are the features of blowfish algorithm? Explain the steps in encryption process
using blowfish algorithm.
Ans: Features of Blowfish: Fast, Compact, Simple, Secure
1 mark
Steps in encryption process:
1) Subkey generation: a very brief explanation expected
1 mark
2) Data encryption: the 5 steps of the actual encryption algorithm 3 marks
If the students have written subkey generation step in detail and actual algorithm explanation
is not written, you can reverse the two steps marks and award the marks accordingly.
Q2.C) Explain the principles/working of IDEA algorithm.
Ans: Overall working of IDEA algorithm (section 3.5.2 How IDEA works on page 115-116
Atul Kahate, 2nd Edition book) along with the diagram of broad level steps.
Detailed explanation of each round or subkey generation process is not expected from
students.
Q2.D) Explain in detail the steps in each round of DES.
Ans: The steps in each round of DES (Brief explanation of each step, 1 mark each)

1)
2)
3)
4)
5)

Key Transformation
Expansion Permutation
S-Box Substitution
P-Box Permutation
XOR and Swap

Q3.A) Compare symmetric and asymmetric key cryptography using their various
characteristics.
Ans: Comparison of both on following characteristics (Table 4.2 on page 161 Atul Kahate
2nd edition book)
(1 mark each for any 5 characteristic)
1. Key used
2. Speed of encryption/decryption
3. Size of resulting cipher text
4. Key agreement/exchange
5. Number of keys required
6. Usage
Q3.B) What are the key requirements of message digest?
Ans: The key requirement of message digest are as follows: (1.5 marks each for each point
and its explanation)
1. Given a message, it should be very easy to find its corresponding message digest.
2. Given a message digest, it should be very difficult to find the original message for
which the digest was created.
3. Given any two messages, if we calculate their message digests, the two message
digests must be different.
Q3.C) What is the difference between MAC and message digest?
Ans: The concept of MAC is similar to that of message digest. However, there is one
difference, a message digest is simply a fingerprint of a message. There is no cryptographic
function involved in case of message digest. In contrast, a MAC requires that the sender and
the receiver should know a shared symmetric key, which is used in the preparation of the
MAC. Thus MAC involves cryptographic processing.
Interestingly, the calculation of MAC seems to be quite similar to encryption process,
however it is not. As we know that in symmetric key cryptography the cryptographic process
must be reversible, i.e. the encryption and decryption are mirror images of each other.
However, in case of MAC both the sender and receiver are performing encryption process
only. Thus a MAC algorithm need not be reversible. It is sufficient to be one-way function
only.
Q3.D) Explain the concept of Digital Envelope?
Ans: Digital Envelope employs both symmetric key and asymmetric key cryptography. It
combines the best features of both and avoids the associated problems of both. It works as
follows:
Step 1: Plaintext PT converted to cipher text CT using symmetric key cryptography with
symmetric key K1.
Step 2: Symmetric key K1 is encrypted using receivers public key K2. (key wrapping)
Step 3: Digital envelope = CT + encrypted K1
Step 4: Digital envelope is transmitted to receiver
Step 5: Receiver opens the envelope and decrypts the encrypted K1 using its own private key
K3. After decryption, it gets symmetric key K1 back.
Step 6: using K1, the receiver decrypts the CT in order to get original plaintext PT.
Q4. A) Write short note on private key management.
Ans: Brief explanation of following points

1. Protecting Private keys

2. Multiple key pairs
3. Key update

2 marks
1.5 marks
1.5 marks

Q4.B) What is cross-certification? Why is it needed?

Ans: The mechanism used by the sender and receiver to verify each others digital
certificates, when their certificates are issued by the different root CAs is called crosscertification. Because the senders and receivers digital certificates are issued by different
root CAs, it is not possible to establish the certificate authority hierarchy or chain of trust.
Cross certification allows to establish the non-hierarchical trust path.
2 marks
Explanation with example and diagram
3 marks
Q4.C) Describe the role of CA in creation/revocation of Digital Certificate.
Ans: 1) Duties and role played by CA in creation of digital certificates
2) Duties and role played by CA in revocation of digital certificates
Q4.D) Explain the steps in creation of Digital Certificate.
Ans: Brief explanation of each of the following steps
1. Key generation
2. Registration
3. Verification
4. Certificate Creation

3 marks
2 marks

1.25 marks each step

Q5.A) What is buffer overflow attack on SSL?

Ans: A buffer overflow occurs when a program or process tries to store more data in a buffer
( a temporary data storage area ) than what it was designed to hold. Because buffers are
created to contain a fixed amount of data, the extra information which has go to somewhere
can overflow in to adjacent buffers, corrupting or overwriting the valid data held in them.
Although this may happen accidentally through programming error, buffer overflow is an
increasingly common type of security attack on data integrity. In buffer overflow attacks, the
extra data may contain codes designed to cause specific actions, thus sending new
instructions to the attacked computer. This could damage the users files, change data or
compromise confidential information.
OpenSSL is an open source implementation of the SSL. OpenSSL is subject to four remotely
exploitable buffer overflows. As follows:
1) In the first vulnerability, the client can be used to send an oversized master key to
SSL server, enabling denial of service or malicious code execution on the server.
2) In the second vulnerability, a malicious server can execute code on an OpenSSL
client by sending a malformed session ID.
3) In the third vulnerability, a malicious client can send an oversized master key to a
Kerberos enabled SSL server.
4) The fourth vulnerability exists only on 64-bit O.S. Several buffers used to store
ASCII representation of integers are smaller than required.
Q5.B) What are the objectives of SET, how are they achieved?
Ans: SET is not a payment system, instead it is a set of security protocols and formats that
enable the users to employ the existing credit card payment infrastructure on the Internet in a
secure manner. When the customer makes purchase online, using his/her credit card, the
objectives of SET are
1) The entire communication must be secure and in an encrypted manner
2)The merchant should not be seeing the credit card details of the customers, it should be
made available only to payment gateways and the order details should only be seen by the
merchant.
2 marks

SET relies on a concept of digital envelope to hide the credit-card details from the merchant.
Explanation of how PI(Payment Information) is hidden from Merchant using Digital
Enevlope.
3 marks
Q5.C) Write a detailed note on VPN (Virtual Private Network).
Ans: VPN offers to connect two or more private networks to each other using public network
such as Internet. Thus VPN combines the advantage of a public network(cheap and easily
available) with those of a private network (secure and reliable).
1 mark
VPN architecture: explanation and diagram
Q5.D) What are the attacks on packet filter firewall?
Ans: Explanation of packet filter firewall
There are following attacks:
1) IP address spoofing- explanation
2) Source routing attacks- explanation
3) Tiny fragment attacks- explanation

4 marks

1 mark
1 mark
1 mark
2 marks

Q6.A) What is authentication token? Explain briefly, how it works?

Ans: Authentication token is an extremely useful alternative to a password. It is a small
device that generates a new random value every time it is used, this random value becomes
the basis for authentication. It generally has following features:
Processor
LCD for displaying output
Battery
A small keypad for entering information (optional)
A real-time clock (Optional)
Each authentication token is pre-programmed with a unique number, called as a random seed
or just a seed. The seed forms the basis for ensuring the uniqueness of the output produced by
the token.
2 marks
The token works as follows:
(1 mark for each step)
3 marks
Creation of a token
Use of a token
Server returns an appropriate message back to user.
Q6.B) Explain the password based authentication and the problems associated with it.
Ans: A brief explanation of password based authentication from 7.3.2 to 7.3.3 ( page 341 to
353 Atul Kahate book)
Problems associated with it (7.3.4 on page 354 Atul Kahate book)
Q6.C) Explain the usage of smart cards in authentication.
Ans: Use of smart cards (7.5.3 on page 370 Atul Kahate book)
Q6. D) Explain shared secret method of mutual authentication.
Ans: In mutual authentication, A and B both authenticate each other, hence the name. In
shared secret method it is assumed that A and B both have shared symmetric key KAB. The
protocol works as follows: (explanation of each point)
A sends her user name to B.
B sends a random challenge R1 to A.
A encrypts R1 with KAB and sends it to B.
A sends a different random challenge R2 to B.
B encrypts R2 with KAB and sends it to A.

Q7.A) What are the different types of criminal attacks?

Ans: Types of criminal attacks (Table 1.1 on page 13 Atul Kahate book)
Q7.B) Discuss how encryption happens in RC5?
Ans: How RC5 works (3.7.2 on page 126 Atul Kahate book)
Q7.C) Explain the working of SHA (Secure Hash Algorithm).
Ans: There are five steps in working of SHA. ( 1 mark each for explanation of each step )
Padding
Append length
Divide the input into 512-bit blocks
Initialize chaining variables
Process the blocks
Q7. D) Explain PKCS#5 PBE (Password Based Encryption) standard.
Ans: PKCS#5 PBE (Password Based Encryption) standard (5.5.2 on pages 242-244 Atul
Kahate book)
Q7.E) Explain the concept of NAT(Network Address Translation).
Ans: One of the interesting job done by proxy server or a firewall is to perform the Network
Address Translation. NAT attempts to solve the problem of the shortage of IP addresses.
NAT allows a user to have a large number of IP addresses internally but only a single IP
address externally. Only the external traffic needs the external address. The internal traffic
can work with the internal addresses.
2 marks
A brief explanation of NAT implementation

3 marks

Q7.F) Write a detailed note on biometric authentication.

Ans: Biometric authentication (7.6 Biometric Authentication on pages 371-372 Atul Kahate
book)