VALLIAMMAI ENGINEERING COLLEGE

SRM Nagar, Kattankulathur – 603 203

DEPARTMENT OF
COMPUTER SCIENCE AND ENGINEERING

QUESTION BANK

II SEMESTER
NE7202 – Network and Information Security
Regulation – 2013
Academic Year 2016 – 17

Prepared by
Dr. V.Dhanakoti, Associate Professor / CSE

Prepared By: Dr.V.Dhanakoti

 VALLIAMMAI ENGNIEERING COLLEGE
SRM Nagar, Kattankulathur – 603203.
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Year and Semester : I / II

Section : ME CSE
Subject Code : NE7202
Subject Name : Network and Information security
Degree and Branch : ME - CSE
Staff Incharge : Dr.V.Dhanakoti

UNIT I - INTRODUCTION
An Overview of Computer Security-Security Services-Security Mechanisms-Security -Attacks-Access
Control Matrix, Policy-Security policies, Confidentiality policies, Integrity policies and Hybrid
policies.

UNIT –I (PART-A)

Q. No. Question Competence Level

1 Describe OSI Security architecture Remember BTL-1

2 Differentiate passive and active security threats Understand BTL-2

3 How would you classify passive and active security threats? Analyze BTL-4

4 How would you evaluate the types of security services? Evaluate BTL-5

5 Can you list the different types of security mechanism? Remember BTL-1

6 What elements would you use to relate in access control matrix? Apply BTL-3
Describe Bell-Lapadulla Model-Simple security condition preliminary
7 model Remember BTL-1

8 Define Bell-Lapadula Model star property Remember BTL-1

9 What you summarize make with Low-Water-Mark Policy? Evaluate BTL-5

10 Define Ring policy Remember BTL-1

11 Describe Bibas strict integrity model Understand BTL-2

12 Distinguish the Lipners uses of Bell-Lapadula model security levels Understand BTL-2

Prepared By: Dr.V.Dhanakoti

 13 How would you show your understanding of Lipners full model? Apply BTL-3

14 Formulate what conclusion you draw in Chinese wall model Create BTL-6

15 Explain Originator Access control Analyze BTL-4

16 Explain the features of Roll based call control Analyze BTL-4

17 Define Conditional Command Remember BTL-1

18 Discuss the ideas you justify in Attenuation of Privilege Understand BTL-2

19 How would you apply what you learned in Protection state transitions? Apply BTL-3
How would you compare and substitute the ideas of security policies and
20 types of access control? Create BTL-6

UNIT –I (PART-B)

Q. No Question Competence Level

1 (i) Describe in detail about the types of cryptanalytic attack (7)
Understand BTL-2
(ii) Describe and narrate what are the features of these attacks (6)

2 (i) Demonstrate in detail about active attacks (7)

Apply BTL-3
(ii) Demonstrate in detail about passive attacks (6)

3 Explain the function of security services in detail Analyze BTL-4

4 Describe in detail about Access control matrix with examples Remember BTL-1

5 Analyze the information needed to support

(i) Biba Integrity model (7) Analyze BTL-4

(ii) Lipner integrity model (6)

6 Develop in detail about Clinical information system security policy Create BTL-6

7 Describe how would you compare the ideas of

(i) Bell- Lalapadula (7) Understand BTL-2

(ii) Biba integrity model (6)

8 Describe in detail about how would you apply Clark Wilson integrity model
and lower water mark policy Remember BTL-1

9 How would you explain Confidentiality policies ? Evaluate BTL-5

10 How would you describe in detail about Hybrid policies ? Remember BTL-1

11 (i) List the different types of attacks and explain in detail. (7) Remember BTL-1

Prepared By: Dr.V.Dhanakoti

 (ii) Describe Chinese remainder theorem with example. (6)
12 (i) Discuss the following
a) Message Integrity (2)
b) Denial of Service (2)
c) Availability (2) Understand BTL-2
d) Authentication (1)
(ii) Estimate 1113 mod 53 using modular exponentiation. (6)

13 Illustrate the following in detail

(i) Modular Exponentiation (7) Understand BTL-3
(ii) Finite fields (6)
14 (i) With a neat block diagram, explain the network security model and the
important parameters associated with it.(7)
Analyse BTL-4
(ii) Differentiate active and passive security attacks. Categorize these attacks
and explain one examples of each (6)

UNIT –I (PART-C)

Q. No Question Competence Level

1 Compare Biba Integrity model with Lipner integrity model Analyze BTL-4
2 Design implanted medical devices that monitor and records data about a
patient’s health and stores the information locally. To access the data ,
authorized personnel must transmit a personal identification number to the
implanted device and once authorized electronically request specific portions Create BTL-6
of the data . Give examples of confidentiality ,integrity and availability
requirements associated with the system and, in each case, indicate the degree
of importance of the requirement

3 Summarize a database management system used in a department store

a. Give an example of a database for which confidentiality of the stored data is
the most important requirement (5)
b. Give an example of a database for which integrity of the stored data is the Analyze BTL-5
most important requirement(4)
c. Give an example in which system availability is the most important
requirement (4)

4 Create a matrix similar to the relationship between security services, attacks

and security mechanism Create BTL-6

Prepared By: Dr.V.Dhanakoti

 UNIT II - CRYPTOSYSTEMS & AUTHENTICATION
Classical Cryptography-Substitution Ciphers-permutation Ciphers-Block Ciphers- DES Modes of
Operation- AES-Linear Cryptanalysis, Differential Cryptanalysis- Hash Function - SHA 512- Message
Authentication Codes-HMAC - Authentication Protocols

UNIT –II (PART-A)

Q. No Question Competence Level
1 Can you list the ingredients of Symmetric ciphers? Remember BTL-1
2 How would you describe the two basic functions used in encryption
algorithms? Remember BTL-1

3 How would you explain What is happening when two peoples communicate
via ciphers? Analyze BTL-4

4 Compare block cipher with stream cipher Analyze BTL-4

5 What would you demonstrate about the results if ceaser cipher is used? Apply BTL-3
6 Summarize the approaches used in monoalphabetic cipher Understand BTL-2
7 Explain the theme of playfair cipher Analyze BTL-4
8 Examine monoalphabetic cipher with polyalbhabetic cipher Remember BTL-1
9 Illustrate What changes would you make to solve the problem in one time
pad BTL-3 Apply BTL-3

10 Discuss transposition cipher Understand BTL-2

11 How would you compare and classify the ideas of diffisuion and confusion? Apply BTL-3
12 Which parameter and design choices determine the actual algorithm of a
fiestel cipher ? Create BTL-6

13 Summarize to improve the purpose of S-boxes in DES Understand BTL-2

14 Define Avalanche effect Remember BTL-1
15 Explain the difference between differential and linear cryptanalysis Evaluate BTL-5
16 Generalize the function of state array Create BTL-6
17 Distinguish between SubBytes and SubWords Understand BTL-2
18 How would you explain the results for shiftRow and RotWord ? Evaluate BTL-5
19 Describe the information would you use to support the views of
compression function in a hash function Remember BTL-1

20 List out the approaches to produce message authentication ? Remember BTL-1

Prepared By: Dr.V.Dhanakoti

 UNIT –II (PART-B)

Q.No Question Competence Level

1 How would you explain in detail about Substitution cipher with examples ? Evaluate BTL-5
2 Compare in detail about linear cryptanalysis and differential cryptanalysis Analyze BTL-4
3 How would you show your understanding about data encryption standards ? Apply BTL-3
4 Discuss in detail about advanced encryption standards Understand BTL-2
5 Describe in detail about
(i) HMAC (7) Remember BTL-1
(ii) SHA-512 (6)

6 Explain the approaches would you use in

(i) Hash function and (7) Apply BTL-4
(ii) Message authentication code (6)

7 Discuss in detail about various ciphers with examples

(i) Ceaser Cipher (4)
(ii) Polyalphabetic Cipher (3) Understand BTL-2
(iii) Play fair cipher (3)
(iv) Vernam Cipher (3)

8 Describe in detail about

(i) MAC (7) Remember BTL-1
(ii) Hash function (6)

9 Examine in detail about various authentication protocols Remember BTL-1

10 Compose in detail about message authentication function Create BTL-6
11 (i) Apply Caesar cipher and k=5 decrypt the given Cipher text
“YMJTYMJWXNIJTKXNQJSHJ”. (7)
Apply BTL-3
(ii) Apply Vigenere cipher, encrypt the word “explanation” using the key “leg”.
(6)
12 (i) Describe in detail, the key generation in AES algorithm and its expansion
format. (7) Remember BTL-1
(ii) Describe Triple DES and its applications.(6)
13 Explain using Diffie-Hellman key exchange technique. Users A and B use a
common prime q=11 and a primitive root alpha=7.
(i) If user A has private key XA=3.What is A’s public key YA? (5) Evaluate BTL-4
(ii)If user B has private key XB=6. What is B’s public key YB? (4)
(iii) What is the shared secret key? Also write the algorithm. (4)

Prepared By: Dr.V.Dhanakoti

 14 (i) Express the RC5 method used for encryption and decryption(7)
Remember BTL-2
(ii) Express Triple DES and its applications.(6)

UNIT –II (PART-C)

Q. No Question Competence Level

1 Construct and Measure playfair matrix with the key largest and construct a
playfair matrix with the key occurance. Make a reasonable assumption about Evaluate BTL-5
how to treat redundant letters in the key

2 Analyze the vignere cipher to encrypt the word cryptography using key
house and decrypt it. Apply BTL-4

3 Develop and Show the DES descrption is,in fact , the inverse of DES
encryption Understand BTL-6

4 Modify and Show that in DES the first 24 bits of each subkey come from the
same subset of 28 bits of the initial key and that the second 24 bits of each Understand BTL-6
subkey come from a disjoint subset of 28 bits of the initial key

UNIT III - PUBLIC KEY CRYPTOSYSTEMS

Introduction to Public key Cryptography- Number theory- The RSA Cryptosystem and Factoring
Integer- Attacks on RSA-The ELGamal Cryptosystem- Digital Signature Algorithm-Finite Fields-
Elliptic Curves Cryptography- Key management – Session and Interchange keys, Key exchange and
generation-PKI

UNIT –III (PART-A)

Q.No Question Competence Level

1 Define Elliptic curve Remember BTL-1
2 Define the zero point in elliptic curve Remember BTL-1
3 List the ways in which secret keys can be distributed to two communicating
parties Remember BTL-1

4 Compare a session key and a master key Analyze BTL-4

5 Describe what is Nonce Understand BTL-2
6 How would you illustrate key distribution centre ? Apply BTL-3
7 Analyze public key cryptography related to key distribution Analyze BTL-4

Prepared By: Dr.V.Dhanakoti

 8 List four general categories of schemes for the distribution of public keys Remember BTL-1
9 List what are the essential ingridients of a public key directory Remember BTL-1
10 Evaluate the parts of public key certificate Evaluate BTL-5
11 Discuss how would you categorize the requirements for the use of a public
key certificate scheme Understand BTL-2

12 Classify a group, ring and a field Apply BTL-3

13 Distinguish between modular arithmetic and ordinary arithmetic Understand BTL-2
14 Explain the principle elements of public key cryptosystems Analyze BTL-4
15 Discuss the roles of public and private keys in a cryptosystem Analyze BTL-2
16 Can you develop the three broad categories of applications of public key
cryptosystems ? Create BTL-6

17 Show how the public key cryptosystem fulfill the requirements of secure
algorithm? Apply BTL-3

18 Evaluate when to use a one way fuction in cryptosystems Evaluate BTL-5

19 Formulate Trap door one way function Create BTL-6
20 Define an efficient procedure for picking a prime number in general terms Remember BTL-1

UNIT –III (PART-B)

Q.No Question Competence Level

1 Demonstrate in detail about public key encryption with neat diagram Apply BTL-3

2 Explain in detail about RSA cryptosystems and its attacks Evaluate BTL-5
(i) What approach would you designed to use in EL-Gammal
cryptosystem ? (7)
3 (ii) Develop an El-Gammal scheme with a common prime q=71 and Create BTL-6
primitive root =7. If B has public key YB = 3 and A choose the random
integer k=2 What is the cipher text of M=30? (6)
Distinguish El-Gammal scheme with a common prime q=11 and common
primitive root = 2, k= 2.
4 i. If A has public key Xa =5 What is A’ s private key Ya ? (5) Understand BTL-2
ii. If user B has private key Xb=12 what is B’s public key Yb (4)
iii. What is the cipher text of M=30? (4)
5 Explain in detail about digital signature with suitable diagrams ? Analyze BTL-4

Prepared By: Dr.V.Dhanakoti

 Explain in detail about

6 (i) elliptical curve cryptography and (7) Apply BTL-4

(ii) symmetric key distribution? (6)

7 Describe in detail about distribution of public key Remember BTL-1

(i) Describe encryption and decryption using RSA p=11, q=13,e=11 and
8 m=7 (7) Remember BTL-1
(ii) Explain in detail about privte key distribution (6)
9 Describe in detail about various encryption and decryption algorithms Remember BTL-1
(i) Discuss in detail about various public key cryptosystems secrecy (7)
10 Understand BTL-2
(ii) Discuss in detail about various authentications (6)
(i) What is Digital Signature?Explain how it is created at the sender end and
11 retrieved at receiver end. (7) Analyse BTL-4
(ii) Differentiate digital signature from digital certificate. (6)
12 Describe in detail ElGamal Public key cryptosystems with an example. Remember BTL-1
(i) User A and B use Diffie-Hellman key exchange a common prime q=71 and
a primitive root a=7.Calculate the following. If user A has private key
XA=5, what is A’s public key YA. If user A has private key XB=12, what is
B’s public key YB and what is shared secret key? (7)
13 Apply BTL-3
(ii) Consider the elliptic curve E11 (1, 6); that is the curve is defined by
y2=x3+x+6 with a modules of P=11. Calculate all the points in E11 (1, 6).
Start by calculation the right hand side of the equation of all the values of n?
(6)
(i) Briefly describe the idea behind Elliptic Curve Cryptosystem.(7)
14 Remember BTL-2
(ii) Describe the key management of public key encryption in detail.(6)

UNIT –III (PART-C)

Q. No Question Competence Level

1 Rewrite and make use of the following equation find an integer x that
satisfies the equation
a. 7x =5 (mod 3) ……(5) Apply BTL-6
b. x/20 = 7 (mod 5) ……(4)
c. 5x =6(mod 17) ……(4)

2 Explain the group Sn of all permutations of n distinct symbols,

a. What is the number o elements in Sn ? (7) Apply BTL-4
b. Show that Sn is not abelian for n>2 (6)

Prepared By: Dr.V.Dhanakoti

 3 Formulate and Prove the following
a. [(a mod n) – (b mod n)] mod n = (a-b) mod n (7) Create BTL-6
b. [(a mod n) * b mod n)] mod n = (a*b) mod n (6)

4 Judge the multiplicative inverse of each nonzero elements in Z11 Remember BTL-5

UNIT IV - SYSTEM IMPLEMENTATION

Design Principles, Representing Identity, Access Control Mechanisms, Information Flow and
Confinement Problem
Secure Software Development: Secured Coding - OWASP/SANS Top Vulnerabilities -Buffer
Overflows - Incomplete mediation - XSS - Anti Cross Site Scripting Libraries -Canonical Data Format
- Command Injection - Redirection - Inference – Application Controls

UNIT –IV (PART-A)

Q.No Question Competence Level
1 Define the principle of fail safe defaults Remember BTL-1
2 Formulate the principle of complete mediation Create BTL-6
3 How would you explain the principle of psychological Acceptability? Evaluate BTL-5
4 Define Access control list Remember BTL-1
5 Compare lock and key techniques Analyze BTL-4
6 Explain how will you elaborate how internet handles identity conflicts Analyze BTL-4
7 Compare static and dynamic identifiers Analyze BTL-4
8 Discuss the uses of confinement problem Understand BTL-2
9 Describe the ues of sandboxes Understand BTL-2
10 Discuss the features of virtual machines Understand BTL-2
11 Can you evaluate the value of capability list give examples ? Evaluate BTL-5
12 List the top ten OWASP Vulnerabilities Remember BTL-1
13 Define the flow of assignment statement with examples Remember BTL-1
14 Illustrate what would happen if buffer overflow happens Apply BTL-3
15 How would you show your understanding about Ring based access control ? Apply BTL-3
16 Discuss the information flow of procedure calls Understand BTL-2

Prepared By: Dr.V.Dhanakoti

 17 What inference can you formulate with the use of covert channel ? Create BTL-6
18 Demonstrate the uses of Fentons data mark machine Apply BTL-3
19 Define command injection Remember BTL-1
20 Describe cookies and state Remember BTL-1

UNIT –IV (PART-B)

Q.No Question Competence Level

(i) Can you explain in detail about design principles with examples ? (7)

1 (ii) Analyze the function of capabilities and access control list with examples Analyze BTL-4
(6)

2 How would you summarize in detail about identity of the web Understand BTL-2
Describe in detail about what you learned to develop Access control list
3 with examples Remember BTL-1

What approach would you use to describe a compiler base information

4 mechanism of information flow? Remember BTL-1

(i) Explain in detail about representation of identity (7)

5 Evaluate BTL-5
(ii) Explain Canonical Data Format (6)

(i) Analyze the function of capabilities and access control list with examples
(7)
6 Analyze BTL-4
(ii) Explain Anti Cross site scripting Libraries. (6)

7 Examine in detail about confinement problem with examples Remember BTL-1

Describe the following OWASP vulnerabilities
8 (i) Buffer overflow ii) Anti cross side scripting libraries (6) Understand BTL-2
iii)Command injection iv )Canonical data format (7)
9 Demonstrate in detail about the vulnerabilities in OWASP Apply BTL-3
Can you formulate a theory for Entropy based analysis and No lattice
10 information flow policies Create BTL-6

(i) Demonstrate and explain in detail about web security (6)

11 Remember BTL-3
(ii) Examine TLS (7)
(i) Describe importance of RADIX-64 coversion (6)
12 Remember BTL-1
(ii) Describe IP security Architecture (7)
(i) Describe Secure Electronic Transaction for E-Commerce transaction with
13 neat diagram (7) Remember BTL-2
(ii) Describe Command Injection (6)
(i) Analyse the architecture of distributed intrusion detection system with the
14 necessary diagrams. (7) Analyse BTL-4
(ii) How does a screened host architecture for firewalls differ from a screened

Prepared By: Dr.V.Dhanakoti

 1. subnet firewall architecture ? Which offer more security for the
information (3)
2. assets the remain on the trusted network? Explain with neat sketch?(3)

UNIT –IV (PART-C)

Q. No Question Competence Level

1 Explain three alternative approaches to providing WAP end-toend security Understand BTL-5
2 Develop and briefly define all of the keys used in WTLS Remember BTL-6
3 Explain in detail about what are the services provided by WSP Understand BTL-4
4 Prepare the difference between an HTML filter and WAP proxy Understand BTL-6

UNIT V - NETWORK SECURITY

Secret Sharing Schemes-Kerberos- Pretty Good Privacy (PGP)-Secure Socket Layer (SSL)-
Intruders – HIDS- NIDS - Firewalls - Viruses

UNIT – V (PART-A)
Q.No Question Competence Level
1 Identify the difference between an HTML filter and WAP proxy Remember BTL-1
2 Define the theme of Relam in the context of Kerbroes Remember BTL-1
3 List three approaches to secure user authentication in a distributed
environment Remember BTL-1

4 Explain R64 conversion isusefull for a mail application Analyze BTL-4

5 Illustrate the format of PGP Message Apply BTL-3
6 How do you explain the segmentation and reassembly function in PGP
needed ? Evaluate BTL-5

7 Define Detached signature Remember BTL-1

8 How would you classify the difference between SSL connection and SSL
session Apply BTL-3

9 Classify what are the services provided by the SSL Protocol record Apply BTL-3

Prepared By: Dr.V.Dhanakoti

 10 Formulate the role of encryption in the operation of virus Create BTL-6
11 Organize the design goals of firewall Create BTL-6
12 Analyze circuit level gateway Analyze BTL-4
13 Distinguish between rule based anomaly detection and rule based
penetration identification ? Understand BTL-2

14 Define honeypot Remember BTL-1

15 Discuss the uses of Trojan horse Understand BTL-2
16 Discuss the three classes of intruders Understand BTL-2
17 Evaluate what information is used by a typical packet filtering route Evaluate BTL-5
18 Describe application gateway Understand BTL-2
19 List the different types of viruses Remember BTL-1
20 Explain the typical phases of operation of a virus or worm Analyze BTL-4

UNIT – V (PART-B)
Q. No Question Competence Level
Based on what you know how will you explain the kerbroes version 4 with
1 neat diagram Analyze BTL-4

Describe in detail about

2 (i) Version 5 kerbroes (7) Remember BTL-1

(ii) Version 4 kerbroes (6)

Can you access the value or importance of pretty good privacy and examine
3 in detail Remember BTL-1

(i) Explain in detail about secure socket layer (7)

4 Analyze BTL-4
(ii) Explain HIDS and NIDS (6)

5 What is IDS and describe about various Intrusion detection system Remember BTL-1

6 Demonstrate in detail about HIDS Apply BTL-3

7 (i) Describe in detail about NIDS (6) Understand BTL-2

Prepared By: Dr.V.Dhanakoti

 (ii) Describe various types of Viruses (7)

How would you show the security flaws caused by viruses and related
8 threats ? Understand BTL-2

9 Will you explain in detail about firewall design principles Evaluate BTL-5

(i) Design firewall with neat design and with examples (6)
10 Create BTL-6
(ii) Explain and Develop a Secret Sharing Schemes (7)
(i) Explain the Firewall design principles. (6)
Analyse
11 (ii) What are viruses? Explain the virus related threats andthe counter measures BTL-4
applied. (7)
(i) Describe the roles of the different serversin Kerberos protocol.How does the
12 user get authenticated to the different servers?(7) Understand BTL-2
(ii) Give briefly about trusted systems.(6)
(i) Estimate what is the role of intrusion detection system? What are the three
benefits that can be provided by the intrusion detection system? (7)
13 Understand BTL-2
(ii) Differentiate between statistical anomaly detection and rule based intrusion
detection system? (6)
(i) Describe the architecture of distributed intrusion detection system with the
necessary diagrams. (7) Remember
14 BTL-1
(ii) List about virus and related threats in detail. (6)

UNIT –V (PART-C)

Q. No Question Competence Level

1 Develop why does PGP generate a signature before applying compression? Remember BTL-6
2 Analyze in the PGP scheme what is the expected number of session keys
generated before a previously created key is produced? Analyze BTL-4

3 Develop the basic difference between X.509 and PGP in terms of key
hierarchies and key trust ? Remember BTL-6

4 Consider Alice a user of PGP ,How many public keys (N) can Alice have
in order for her to have a duplicate key with probability less than (1-1/e) Evaluate BTL-5

Prepared By: Dr.V.Dhanakoti