VALLIAMMAI ENGINEERING COLLEGE Semester/NE7202...1 Construct and Measure playfair matrix with the...

Prepared By: Dr.V.Dhanakoti

VALLIAMMAI ENGINEERING COLLEGE

SRM Nagar, Kattankulathur – 603 203

DEPARTMENT OF

COMPUTER SCIENCE AND ENGINEERING

QUESTION BANK

II SEMESTER

NE7202 – Network and Information Security

Regulation – 2013

Academic Year 2016 – 17

Prepared by

Dr. V.Dhanakoti, Associate Professor / CSE


VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur – 603203.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Year and Semester : I / II

Section : ME CSE

Subject Code : NE7202

Subject Name : Network and Information security

Degree and Branch : ME - CSE

Staff Incharge : Dr.V.Dhanakoti

UNIT I - INTRODUCTION

An Overview of Computer Security-Security Services-Security Mechanisms-Security -Attacks-Access

Control Matrix, Policy-Security policies, Confidentiality policies, Integrity policies and Hybrid

policies.

UNIT –I (PART-A)

Q. No. Question Competence Level

1 Describe OSI Security architecture Remember BTL-1

2 Differentiate passive and active security threats Understand BTL-2

3 How would you classify passive and active security threats? Analyze BTL-4

4 How would you evaluate the types of security services? Evaluate BTL-5

5 Can you list the different types of security mechanism? Remember BTL-1

6 What elements would you use to relate in access control matrix? Apply BTL-3

7 Describe Bell-Lapadulla Model-Simple security condition preliminary

model Remember BTL-1

8 Define Bell-Lapadula Model star property Remember BTL-1

9 What you summarize make with Low-Water-Mark Policy? Evaluate BTL-5

10 Define Ring policy Remember BTL-1

11 Describe Bibas strict integrity model Understand BTL-2

12 Distinguish the Lipners uses of Bell-Lapadula model security levels Understand BTL-2


13 How would you show your understanding of Lipners full model? Apply BTL-3

14 Formulate what conclusion you draw in Chinese wall model Create BTL-6

15 Explain Originator Access control Analyze BTL-4

16 Explain the features of Roll based call control Analyze BTL-4

17 Define Conditional Command Remember BTL-1

18 Discuss the ideas you justify in Attenuation of Privilege Understand BTL-2

19 How would you apply what you learned in Protection state transitions? Apply BTL-3

20 How would you compare and substitute the ideas of security policies and

types of access control? Create BTL-6

UNIT –I (PART-B)

Q. No Question Competence Level

1 (i) Describe in detail about the types of cryptanalytic attack (7)

(ii) Describe and narrate what are the features of these attacks (6) Understand BTL-2

2 (i) Demonstrate in detail about active attacks (7)

(ii) Demonstrate in detail about passive attacks (6) Apply BTL-3

3 Explain the function of security services in detail Analyze BTL-4

4 Describe in detail about Access control matrix with examples Remember BTL-1

5 Analyze the information needed to support

(i) Biba Integrity model (7)

(ii) Lipner integrity model (6)

Analyze BTL-4

6 Develop in detail about Clinical information system security policy Create BTL-6

7 Describe how would you compare the ideas of

(i) Bell- Lalapadula (7)

(ii) Biba integrity model (6)

Understand BTL-2

8 Describe in detail about how would you apply Clark Wilson integrity model

and lower water mark policy Remember BTL-1

9 How would you explain Confidentiality policies ? Evaluate BTL-5

10 How would you describe in detail about Hybrid policies ? Remember BTL-1

11 (i) List the different types of attacks and explain in detail. (7) Remember BTL-1


(ii) Describe Chinese remainder theorem with example. (6)

12 (i) Discuss the following

a) Message Integrity (2)

b) Denial of Service (2)

c) Availability (2)

d) Authentication (1)

(ii) Estimate 1113 mod 53 using modular exponentiation. (6)

Understand BTL-2

13 Illustrate the following in detail

(i) Modular Exponentiation (7)

(ii) Finite fields (6)

Understand BTL-3

14 (i) With a neat block diagram, explain the network security model and the

important parameters associated with it.(7)

(ii) Differentiate active and passive security attacks. Categorize these attacks

and explain one examples of each (6)

Analyse BTL-4

UNIT –I (PART-C)


1 Compare Biba Integrity model with Lipner integrity model Analyze BTL-4

2 Design implanted medical devices that monitor and records data about a

patient’s health and stores the information locally. To access the data ,

authorized personnel must transmit a personal identification number to the

implanted device and once authorized electronically request specific portions

of the data . Give examples of confidentiality ,integrity and availability

requirements associated with the system and, in each case, indicate the degree

of importance of the requirement

Create BTL-6

3 Summarize a database management system used in a department store

a. Give an example of a database for which confidentiality of the stored data is

the most important requirement (5)

b. Give an example of a database for which integrity of the stored data is the

most important requirement(4)

c. Give an example in which system availability is the most important

requirement (4)

Analyze BTL-5

4 Create a matrix similar to the relationship between security services, attacks

and security mechanism Create BTL-6


UNIT II - CRYPTOSYSTEMS & AUTHENTICATION

Classical Cryptography-Substitution Ciphers-permutation Ciphers-Block Ciphers- DES Modes of

Operation- AES-Linear Cryptanalysis, Differential Cryptanalysis- Hash Function - SHA 512- Message

Authentication Codes-HMAC - Authentication Protocols

UNIT –II (PART-A)


1 Can you list the ingredients of Symmetric ciphers? Remember BTL-1

2 How would you describe the two basic functions used in encryption

algorithms? Remember BTL-1

3 How would you explain What is happening when two peoples communicate

via ciphers? Analyze BTL-4

4 Compare block cipher with stream cipher Analyze BTL-4

5 What would you demonstrate about the results if ceaser cipher is used? Apply BTL-3

6 Summarize the approaches used in monoalphabetic cipher Understand BTL-2

7 Explain the theme of playfair cipher Analyze BTL-4

8 Examine monoalphabetic cipher with polyalbhabetic cipher Remember BTL-1

9 Illustrate What changes would you make to solve the problem in one time

pad BTL-3 Apply BTL-3

10 Discuss transposition cipher Understand BTL-2

11 How would you compare and classify the ideas of diffisuion and confusion? Apply BTL-3

12 Which parameter and design choices determine the actual algorithm of a

fiestel cipher ? Create BTL-6

13 Summarize to improve the purpose of S-boxes in DES Understand BTL-2

14 Define Avalanche effect Remember BTL-1

15 Explain the difference between differential and linear cryptanalysis Evaluate BTL-5

16 Generalize the function of state array Create BTL-6

17 Distinguish between SubBytes and SubWords Understand BTL-2

18 How would you explain the results for shiftRow and RotWord ? Evaluate BTL-5

19 Describe the information would you use to support the views of

compression function in a hash function Remember BTL-1

20 List out the approaches to produce message authentication ? Remember BTL-1


UNIT –II (PART-B)

Q.No Question Competence Level

1 How would you explain in detail about Substitution cipher with examples ? Evaluate BTL-5

2 Compare in detail about linear cryptanalysis and differential cryptanalysis Analyze BTL-4

3 How would you show your understanding about data encryption standards ? Apply BTL-3

4 Discuss in detail about advanced encryption standards Understand BTL-2

5 Describe in detail about

(i) HMAC (7)

(ii) SHA-512 (6)

Remember BTL-1

6 Explain the approaches would you use in

(i) Hash function and (7)

(ii) Message authentication code (6)

Apply BTL-4

7 Discuss in detail about various ciphers with examples

(i) Ceaser Cipher (4)

(ii) Polyalphabetic Cipher (3)

(iii) Play fair cipher (3)

(iv) Vernam Cipher (3)

Understand BTL-2

8 Describe in detail about

(i) MAC (7)

(ii) Hash function (6)

Remember BTL-1

9 Examine in detail about various authentication protocols Remember BTL-1

10 Compose in detail about message authentication function Create BTL-6

11 (i) Apply Caesar cipher and k=5 decrypt the given Cipher text

“YMJTYMJWXNIJTKXNQJSHJ”. (7)

(ii) Apply Vigenere cipher, encrypt the word “explanation” using the key “leg”.

(6)

Apply BTL-3

12 (i) Describe in detail, the key generation in AES algorithm and its expansion

format. (7)

(ii) Describe Triple DES and its applications.(6)

Remember BTL-1

13 Explain using Diffie-Hellman key exchange technique. Users A and B use a

common prime q=11 and a primitive root alpha=7.

(i) If user A has private key XA=3.What is A’s public key YA? (5)

(ii)If user B has private key XB=6. What is B’s public key YB? (4)

(iii) What is the shared secret key? Also write the algorithm. (4)

Evaluate BTL-4


14 (i) Express the RC5 method used for encryption and decryption(7)

(ii) Express Triple DES and its applications.(6) Remember BTL-2

UNIT –II (PART-C)


1 Construct and Measure playfair matrix with the key largest and construct a

playfair matrix with the key occurance. Make a reasonable assumption about

how to treat redundant letters in the key Evaluate BTL-5

2 Analyze the vignere cipher to encrypt the word cryptography using key

house and decrypt it. Apply BTL-4

3 Develop and Show the DES descrption is,in fact , the inverse of DES

encryption Understand BTL-6

4 Modify and Show that in DES the first 24 bits of each subkey come from the

same subset of 28 bits of the initial key and that the second 24 bits of each

subkey come from a disjoint subset of 28 bits of the initial key Understand BTL-6

UNIT III - PUBLIC KEY CRYPTOSYSTEMS

Introduction to Public key Cryptography- Number theory- The RSA Cryptosystem and Factoring

Integer- Attacks on RSA-The ELGamal Cryptosystem- Digital Signature Algorithm-Finite Fields-

Elliptic Curves Cryptography- Key management – Session and Interchange keys, Key exchange and

generation-PKI

UNIT –III (PART-A)


1 Define Elliptic curve Remember BTL-1

2 Define the zero point in elliptic curve Remember BTL-1

3 List the ways in which secret keys can be distributed to two communicating

parties Remember BTL-1

4 Compare a session key and a master key Analyze BTL-4

5 Describe what is Nonce Understand BTL-2

6 How would you illustrate key distribution centre ? Apply BTL-3

7 Analyze public key cryptography related to key distribution Analyze BTL-4


8 List four general categories of schemes for the distribution of public keys Remember BTL-1

9 List what are the essential ingridients of a public key directory Remember BTL-1

10 Evaluate the parts of public key certificate Evaluate BTL-5

11 Discuss how would you categorize the requirements for the use of a public

key certificate scheme Understand BTL-2

12 Classify a group, ring and a field Apply BTL-3

13 Distinguish between modular arithmetic and ordinary arithmetic Understand BTL-2

14 Explain the principle elements of public key cryptosystems Analyze BTL-4

15 Discuss the roles of public and private keys in a cryptosystem Analyze BTL-2

16 Can you develop the three broad categories of applications of public key

cryptosystems ? Create BTL-6

17 Show how the public key cryptosystem fulfill the requirements of secure

algorithm? Apply BTL-3

18 Evaluate when to use a one way fuction in cryptosystems Evaluate BTL-5

19 Formulate Trap door one way function Create BTL-6

20 Define an efficient procedure for picking a prime number in general terms Remember BTL-1

UNIT –III (PART-B)


1 Demonstrate in detail about public key encryption with neat diagram Apply BTL-3

2 Explain in detail about RSA cryptosystems and its attacks Evaluate BTL-5

3

(i) What approach would you designed to use in EL-Gammal

cryptosystem ? (7)

(ii) Develop an El-Gammal scheme with a common prime q=71 and

primitive root =7. If B has public key YB = 3 and A choose the random

integer k=2 What is the cipher text of M=30? (6)

Create BTL-6

4

Distinguish El-Gammal scheme with a common prime q=11 and common

primitive root = 2, k= 2.

i. If A has public key Xa =5 What is A’ s private key Ya ? (5)

ii. If user B has private key Xb=12 what is B’s public key Yb (4)

iii. What is the cipher text of M=30? (4)

Understand BTL-2

5 Explain in detail about digital signature with suitable diagrams ? Analyze BTL-4


6

Explain in detail about

(i) elliptical curve cryptography and (7)

(ii) symmetric key distribution? (6)

Apply BTL-4

7 Describe in detail about distribution of public key Remember BTL-1

8

(i) Describe encryption and decryption using RSA p=11, q=13,e=11 and

m=7 (7)

(ii) Explain in detail about privte key distribution (6)

Remember BTL-1

9 Describe in detail about various encryption and decryption algorithms Remember BTL-1

10

(i) Discuss in detail about various public key cryptosystems secrecy (7)

(ii) Discuss in detail about various authentications (6) Understand BTL-2

11 (i) What is Digital Signature?Explain how it is created at the sender end and

retrieved at receiver end. (7)

(ii) Differentiate digital signature from digital certificate. (6)

Analyse BTL-4

12 Describe in detail ElGamal Public key cryptosystems with an example. Remember BTL-1

13

(i) User A and B use Diffie-Hellman key exchange a common prime q=71 and

a primitive root a=7.Calculate the following. If user A has private key

XA=5, what is A’s public key YA. If user A has private key XB=12, what is

B’s public key YB and what is shared secret key? (7)

(ii) Consider the elliptic curve E11 (1, 6); that is the curve is defined by

y2=x3+x+6 with a modules of P=11. Calculate all the points in E11 (1, 6).

Start by calculation the right hand side of the equation of all the values of n?

(6)

Apply BTL-3

14 (i) Briefly describe the idea behind Elliptic Curve Cryptosystem.(7)

(ii) Describe the key management of public key encryption in detail.(6) Remember BTL-2

UNIT –III (PART-C)


1 Rewrite and make use of the following equation find an integer x that

satisfies the equation

a. 7x =5 (mod 3) ……(5)

b. x/20 = 7 (mod 5) ……(4)

c. 5x =6(mod 17) ……(4)

Apply BTL-6

2 Explain the group Sn of all permutations of n distinct symbols,

a. What is the number o elements in Sn ? (7)

b. Show that Sn is not abelian for n>2 (6)

Apply BTL-4


3 Formulate and Prove the following

a. [(a mod n) – (b mod n)] mod n = (a-b) mod n (7)

b. [(a mod n) * b mod n)] mod n = (a*b) mod n (6)

Create BTL-6

4 Judge the multiplicative inverse of each nonzero elements in Z11 Remember BTL-5

UNIT IV - SYSTEM IMPLEMENTATION

Design Principles, Representing Identity, Access Control Mechanisms, Information Flow and

Confinement Problem

Secure Software Development: Secured Coding - OWASP/SANS Top Vulnerabilities -Buffer

Overflows - Incomplete mediation - XSS - Anti Cross Site Scripting Libraries -Canonical Data Format

- Command Injection - Redirection - Inference – Application Controls

UNIT –IV (PART-A)


1 Define the principle of fail safe defaults Remember BTL-1

2 Formulate the principle of complete mediation Create BTL-6

3 How would you explain the principle of psychological Acceptability? Evaluate BTL-5

4 Define Access control list Remember BTL-1

5 Compare lock and key techniques Analyze BTL-4

6 Explain how will you elaborate how internet handles identity conflicts Analyze BTL-4

7 Compare static and dynamic identifiers Analyze BTL-4

8 Discuss the uses of confinement problem Understand BTL-2

9 Describe the ues of sandboxes Understand BTL-2

10 Discuss the features of virtual machines Understand BTL-2

11 Can you evaluate the value of capability list give examples ? Evaluate BTL-5

12 List the top ten OWASP Vulnerabilities Remember BTL-1

13 Define the flow of assignment statement with examples Remember BTL-1

14 Illustrate what would happen if buffer overflow happens Apply BTL-3

15 How would you show your understanding about Ring based access control ? Apply BTL-3

16 Discuss the information flow of procedure calls Understand BTL-2


17 What inference can you formulate with the use of covert channel ? Create BTL-6

18 Demonstrate the uses of Fentons data mark machine Apply BTL-3

19 Define command injection Remember BTL-1

20 Describe cookies and state Remember BTL-1

UNIT –IV (PART-B)


1

(i) Can you explain in detail about design principles with examples ? (7)

(ii) Analyze the function of capabilities and access control list with examples

(6)

Analyze BTL-4

2 How would you summarize in detail about identity of the web Understand BTL-2

3 Describe in detail about what you learned to develop Access control list

with examples Remember BTL-1

4 What approach would you use to describe a compiler base information

mechanism of information flow? Remember BTL-1

5

(i) Explain in detail about representation of identity (7)

(ii) Explain Canonical Data Format (6) Evaluate BTL-5

6

(i) Analyze the function of capabilities and access control list with examples

(7)

(ii) Explain Anti Cross site scripting Libraries. (6)

Analyze BTL-4

7 Examine in detail about confinement problem with examples Remember BTL-1

8

Describe the following OWASP vulnerabilities

(i) Buffer overflow ii) Anti cross side scripting libraries (6)

iii)Command injection iv )Canonical data format (7)

Understand BTL-2

9 Demonstrate in detail about the vulnerabilities in OWASP Apply BTL-3

10 Can you formulate a theory for Entropy based analysis and No lattice

information flow policies Create BTL-6

11 (i) Demonstrate and explain in detail about web security (6)

(ii) Examine TLS (7) Remember BTL-3

12 (i) Describe importance of RADIX-64 coversion (6)

(ii) Describe IP security Architecture (7) Remember BTL-1

13 (i) Describe Secure Electronic Transaction for E-Commerce transaction with

neat diagram (7)

(ii) Describe Command Injection (6) Remember BTL-2

14 (i) Analyse the architecture of distributed intrusion detection system with the

necessary diagrams. (7)

(ii) How does a screened host architecture for firewalls differ from a screened

Analyse BTL-4


1. subnet firewall architecture ? Which offer more security for the

information (3)

2. assets the remain on the trusted network? Explain with neat sketch?(3)

UNIT –IV (PART-C)


1 Explain three alternative approaches to providing WAP end-toend security Understand BTL-5

2 Develop and briefly define all of the keys used in WTLS Remember BTL-6

3 Explain in detail about what are the services provided by WSP Understand BTL-4

4 Prepare the difference between an HTML filter and WAP proxy Understand BTL-6

UNIT V - NETWORK SECURITY

Secret Sharing Schemes-Kerberos- Pretty Good Privacy (PGP)-Secure Socket Layer (SSL)-

Intruders – HIDS- NIDS - Firewalls - Viruses

UNIT – V (PART-A)


1 Identify the difference between an HTML filter and WAP proxy Remember BTL-1

2 Define the theme of Relam in the context of Kerbroes Remember BTL-1

3 List three approaches to secure user authentication in a distributed

environment Remember BTL-1

4 Explain R64 conversion isusefull for a mail application Analyze BTL-4

5 Illustrate the format of PGP Message Apply BTL-3

6 How do you explain the segmentation and reassembly function in PGP

needed ? Evaluate BTL-5

7 Define Detached signature Remember BTL-1

8 How would you classify the difference between SSL connection and SSL

session Apply BTL-3

9 Classify what are the services provided by the SSL Protocol record Apply BTL-3


10 Formulate the role of encryption in the operation of virus Create BTL-6

11 Organize the design goals of firewall Create BTL-6

12 Analyze circuit level gateway Analyze BTL-4

13 Distinguish between rule based anomaly detection and rule based

penetration identification ? Understand BTL-2

14 Define honeypot Remember BTL-1

15 Discuss the uses of Trojan horse Understand BTL-2

16 Discuss the three classes of intruders Understand BTL-2

17 Evaluate what information is used by a typical packet filtering route Evaluate BTL-5

18 Describe application gateway Understand BTL-2

19 List the different types of viruses Remember BTL-1

20 Explain the typical phases of operation of a virus or worm Analyze BTL-4

UNIT – V (PART-B)


1 Based on what you know how will you explain the kerbroes version 4 with

neat diagram Analyze BTL-4

2

Describe in detail about

(i) Version 5 kerbroes (7)

(ii) Version 4 kerbroes (6)

Remember BTL-1

3 Can you access the value or importance of pretty good privacy and examine

in detail Remember BTL-1

4

(i) Explain in detail about secure socket layer (7)

(ii) Explain HIDS and NIDS (6) Analyze BTL-4

5 What is IDS and describe about various Intrusion detection system Remember BTL-1

6 Demonstrate in detail about HIDS Apply BTL-3

7 (i) Describe in detail about NIDS (6) Understand BTL-2


(ii) Describe various types of Viruses (7)

8 How would you show the security flaws caused by viruses and related

threats ? Understand BTL-2

9 Will you explain in detail about firewall design principles Evaluate BTL-5

10

(i) Design firewall with neat design and with examples (6)

(ii) Explain and Develop a Secret Sharing Schemes (7) Create BTL-6

11 (i) Explain the Firewall design principles. (6)

(ii) What are viruses? Explain the virus related threats andthe counter measures

applied. (7)

Analyse

BTL-4

12 (i) Describe the roles of the different serversin Kerberos protocol.How does the

user get authenticated to the different servers?(7)

(ii) Give briefly about trusted systems.(6) Understand BTL-2

13

(i) Estimate what is the role of intrusion detection system? What are the three

benefits that can be provided by the intrusion detection system? (7)

(ii) Differentiate between statistical anomaly detection and rule based intrusion

detection system? (6)

Understand BTL-2

14

(i) Describe the architecture of distributed intrusion detection system with the

necessary diagrams. (7)

(ii) List about virus and related threats in detail. (6)

Remember

BTL-1

UNIT –V (PART-C)


1 Develop why does PGP generate a signature before applying compression? Remember BTL-6

2 Analyze in the PGP scheme what is the expected number of session keys

generated before a previously created key is produced? Analyze BTL-4

3 Develop the basic difference between X.509 and PGP in terms of key

hierarchies and key trust ? Remember BTL-6

4 Consider Alice a user of PGP ,How many public keys (N) can Alice have

in order for her to have a duplicate key with probability less than (1-1/e) Evaluate BTL-5

VALLIAMMAI ENGINEERING COLLEGE Semester/NE7202...1 Construct and Measure playfair matrix with the...

Documents

Transcript of VALLIAMMAI ENGINEERING COLLEGE Semester/NE7202...1 Construct and Measure playfair matrix with the...