VALLIAMMAI ENGINEERING COLLEGE

Transcription

1 VALLIAMMAI ENGINEERING COLLEGE (A member of SRM Institution) SRM Nagar, Kattankulathur DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year and Semester : I / II Section : 1 Subject Code : NE7202 Subject Name : NETWORK AND INFORMATION SECURITY Degree and Branch : ME - CSE Staff Incharge : Dr.V.Dhanakoti UNIT-1 1. What is the OSI security architecture? 2. What is the difference between passive and active security threats? 3. List and briefly define categories of passive and active security attacks. 4. List and briefly define categories of security services. 5. List and briefly define categories of security mechanisms 6. What is access control matrix? 7. Define thebell-lapadula Model - simple security condition preliminary version. 8. Define the Bell-Lapadula Model- Star property. 9. What is Low-Water mark policy? 10. Define Ring Policy. 11. What is Biba s Strict Integrity Model? 12. List the Lipners use of The Bell-Lapadula Model Security levels and categories. 13. Define Lipner s Full model 14. What is Chinese wall Model? 15. Define Originator access control 16. Define role based call control. 17. What is Conditional command? 18. Define the Principle of Attenuation of Privilege 19. How the protection state transitions are specified? 20.List the different security policies and types of access control. Prepared By : Dr.V.Dhanakoti Page 1

2 PART B 1. What is meant by cryptanalysis? What are the types of cryptanalytic attacks and the amount of information known to cryptanalyst? What are the features of these attacks?(16) 2. Explain in detail about Active attacks and passive Attacks.(16) 3. Describe in detail about security services.(16) 4. Explain in detail about access control matrix with example (16) 5. Write short notes on following models i) Biba Integrity model (6) ii) Lipner s integrity model (10) 6. Explain in detail about Clinical information systems security policy (8) 7. Write short notes on following models i) Bell la-padula model (10) ii) Biba integrity model (6) 8.i)Describe in detail about clark Wilson integrity model(12) ii) Describe the lower water mark policy (4) 9.Describe in detail about Confidentiality policies(16) 10.Explain in detail about Hybrid Policies (16) UNIT-II 1. What are the essential ingredients of a symmetric cipher? 2. What are the two basic functions used in encryption algorithms? 3. How many keys are required for two people to communicate via a cipher? 4. What is the difference between a block cipher and a stream cipher? 5. Briefly define the Caesar cipher. 6. Briefly define the monoalphabetic cipher. 7. Briefly define the Playfair cipher. 8. What is the difference between a monoalphabetic cipher and a polyalphabetic cipher? 9. What are two problems with the one-time pad? 10. What is a transposition cipher? 11. What is the difference between diffusion and confusion? 12. Which parameters and design choices determine the actual algorithm of a Feistel cipher? 13. What is the purpose of the S-boxes in DES? 14. Explain the avalanche effect. 15 What is the difference between differential and linear cryptanalysis? 16.What is the purpose of the State arr a y? 17. What is the difference between SubBytes and SubWord? 18. What is the difference between ShiftRows and RotWord? 19 What is the role of a compression function in a hash function? 20. What are some approaches to producing message authentication? Prepared By : Dr.V.Dhanakoti Page 2

3 PART-B 1. Describe in detail about Substitution ciphers with examples (16) 2. Explain in detail about linear cryptanalysis and differential cryptanalysis (16) 3. Explain in detail about Data Encryption Standard (16) 4. Describe in detail about Advanced Encryption standard (16) 5. Write short notes on the following i) HMAC (8) ii) SHA-512(8) 6. Describe in detail about hash function and Message authentication code (16) 7. Write short notes on the following i) Ceaser cipher (3) ii) polyalphabetic cipher (3) iv) Playfair cipher(3) iii) vernam cipher (3) v) Transposition method of encryption (4) 8. Write short notes on the following i) MAC (8) ii)hash function(8) 9. Describe in detail about authentication protocols (16) 10. Describe in detail about Message Authentication function.(16) UNIT-III 1. What is an elliptic curve? 2. What is the zero point of an elliptic curve? 3. List ways in which secret keys can be distributed to two communicating parties. 4. What is the difference between a session key and a master key? 5. What is a nonce? 6. What is a key distribution center? 7. What are two different uses of public-key cryptography related to key distribution? 8. List four general categories of schemes for the distribution of public keys. 9. What are the essential ingredients of a public-key directory? 10. What is a public-key certificate? 11. What are the requirements for the use of a public-key certificate scheme? 12. Briefly define a group, ring and field 13. What is the difference between modular arithmetic and ordinary arithmetic? 14. What are the principal elements of a public-key cryptosystem? 15. What are the roles of the public and private key? 16. What are three broad categories of applications of public-key cryptosystems? 17. What requirements must a public key cryptosystems fulfill to be a secure algorithm? 18. What is a one-way function? 19. What is a trap-door one-way function? 20. Describe in general terms an efficient procedure for picking a prime number. Prepared By : Dr.V.Dhanakoti Page 3

4 PART-B 1. Explain in detail about public key encryption with neat diagram (16) 2. i)describe in dtail about RSA Cryptosystem (10) ii) Write Short Notes on RSA Attacks(6) 3.i)Explain in detail about El-Gamal Crypto system(10) ii) Consider an ElGamal scheme with a common (6) prime q=71 and primitive root ά=7.if B has public key Y B =3 and A chose the random integer k=2 what is the cipher text of M=30? 4. Consider an ElGamal scheme with a common prime q=11 and primitive root ά=2. k=2 i) If A has public key X A =5 What is A s private key Y A ii)if user B has private key X B =12 what is B s public key Y B iii) What is the cipher text of M=30? 5. Explain in detail about Digital signature with diagrams(16) 6. i)explain in detail about Elliptic curve Crptography (8) ii) Describe in detail about symmetric key distribution (8) 7. Explain in detail about distribution of public keys (16) 8.i)Perform encryption and Decryption using RSA P=11 q=13 e=11 M=7 (10) ii) Explain in detail about private key distribution (6) 9. i)explain in detail about Elliptic curve Cryptography (8) ii) Describe in about RSA Algorithm (8) 10. Explain in detail about following in detail with diagram i) Public key cryptosystem Secrecy (5)ii) Public key cryptosystem Authentication (5) iii)public key cryptosystem Secrecy &authentication (6) UNIT-IV 1. Define the principle of fail-safe defaults 2. What is principle of Complete mediation? 3. Define the principle of Psychological Acceptability. 4. What is Access control list? 5. What is lock and Key Technique? 6. How the Internet handles identity conflict? 7. Differentiate static and dynamic identifiers. 8. Define Confinement problem 9. What is the use of sandboxes? 10. Define virtual machine 11. What is Capability list? Give an example 12. List the top ten OWASP Vulnerabilities 13. Define the information flow of an Assignment statement with example. Prepared By : Dr.V.Dhanakoti Page 4

5 14. What is buffer overflow? 15. What is the use of Ring based Access control? 16. Define information flow of procedure calls 17. What is the use of covert channel? 18. Define the use of Fenton s data Mark machine. 19. What is command Injection? 20. Define state and cookies. PART-B 1. Describe in detail about Design principles with examples (16) 2. Explain in detail about Identity of the web (16) 3. Describe in detail about Access Control list with example (16) 4. Explain in detail about Compiler base information Mechanism of information flow (16) 5. Explain in detail about Representation of identity (16) 6. Describe in detail Capabilities and Access control list with example (16) 7. Explain in detail about confinement problem with example (16) 8. Describe the following OWASP Vulnerabilities i) Buffer overflows ii) AntiCross site Scripting Libraries iii) Command Injection iv)canonical data Format 9. Explain in detail about top ten OWASP Vulnerabilities (16) 10. Explain in detail about Entropy based Analysis and Nonlattice Information Flow Policies(16) UNIT-V 1. What was the problem addressed by Kerberos? 2. In the context of Kerberos, what is a realm? 3. List three approaches to secure user authentication in a distributed environment 4. Why is R64 conversion useful for an application? 5. Draw the Format of PGP Message 6. Why is the segmentation and reassembly function in PGP needed? 7. What is the utility of a detached signature? 8. What is the difference between an SSL Connection and SSL session? 9. What services are provided by the SSL Record Protocol? 10. What is the role of encryption in the operation of a virus? 11. List three design goals for a firewall. 12. What is circuit level gateway? 13. Differentiate rule-based anomaly detection and rule-based penetration identification? 14. Define honeypot. 15. What is the use of Trojan Horses? 16. List the three classes of Intruders. 17. What information is used by a typical packet-filtering route? 18. Define application gateway. Prepared By : Dr.V.Dhanakoti Page 5

6 19. List the types of Viruses. 20. What are the typical phases of operation of a virus or Worm? PART-B 1. Explain the version 4 of Kerberos with neat diagram (16) 2. i)compare Version 4 of Kerberos with Version 5 (6) ii) Explain in detail about Version 5 of Kerberos (10) 3. Explain in detail about Version 5 Kerberos with neat diagram (16) 4. Describe in detail about Pretty Good Privacy (16) 5. Explain in detail about Secure socket layer (16) 6. What is IDS? Explain in detail about Various Intrusion detection system. (16) 7. Explain in detail about HIDS and NIDS (16) 8. Explain in detail about Viruses and related threats (16) 9. Describe in detail about Firewall design principles. (16) 10. Explain in detail about Firewall with neat diagram and Examples. Prepared By : Dr.V.Dhanakoti Page 6