CB3491 – Cryptography And Cyber security

Part – A (2marks each )

UNIT-I
1. What is Cryptography and Cybersecurity?
2. Define the following terms
(i) Cipher
(ii) Key
(iii) Encipher
(iv) Decipher
3. Differentiate active and passive attack.
4. What is steganography?
5. What is denial of service attack?

Unit -2
1. Using Euclid's Algorithm, find the GCD of (21,300)
2. Define the following terms in number theory
(i) Fields
(ii) Ring
(iii) Groups
3.What is avalanche effect?
4.Differentiate DES and AES
5.Differentiate linear and differential cryptanalysis.

UNIT -3
1. State Fermat's Little Theorem. Check whether 7 is prime or not? Consider a= 3.
2. State Euler's Totient function. Calculate Euler's Totient function for the number 12.
3. What is an elliptic curve?
4. What is prime and relative prime number?
5. State Miller's Primality test. Is 17 prime ?

UNIT —4
1.Differentiate MAC and Hash function
2.What is digital signature?
3.What are the types and requirements of authentication protocol?
4. Differentiate MD4 and SHA
5.Explain biometric and password protection authentication entity.

UNIT-5
1. What is spyware?
2. What is password sniffing?
3. Differentiate hardware and software keyloggers
4. What is NAC?
5. Write a short note on handshake protocol.

PART – B (13 marks each )

Unit— 1
1. (A) Explain OSI architecture model with neat diagram. (7)
(B) Explain the various security attacks (6)
(or)
2. Explain the classical Encryption techniques with suitable examples. (13)

Unit -2
1. Draw and Explain the function of DES and 1010000010 to cipher text using DES.(13)
(Or)
2. (A) Explain the various Block cipher modes of
operations. (6)
(B) What is pseudorandom number generators?
How is it used to find key distribution in RC4
Algorithm? (7)

Unit-3
1. (A) State Chinese Remainder Theorem. Using Chinese Remainder theorem find X for
the given
set of congruent equations X = 2 (mod 3) , X = 3(mod 5) and X = 2 (mod 7) (7 Marks)
(B) Explain Diffie Hellman Key Exchange algorithm with example.(6Marks)
(or)
2. (A) Explain RSA algorithm. Perform Encryption and Decryption using RSA
algorithm for p=7,
q=ll , and M=9. (7marks)
(B) Discuss Elliptic curve cryptography (6 marks)

Unit —4
1. (A) Explain the format of the X.509 certificate (7)
(B) What is Kerberos? Explain how it provides
authenticated service? (6)
or
2. (A) Write down the steps involved in Schnorr
digital signature scheme used for authentication. (7)
(B) Discuss Elgamal digital signature scheme (6)

Unit-5
1. (A) Explain the classification of cyber crimes. (7)
(B) Detail the methods used to prevent SQL injection attack.(6)
(or)
2.(A) Write a short note on NAC (Network Access
Protocol) (7)
(B) What is keylogger? Explain its types.(6)
 ANSWERS FOR PART A (2 marks )
Unit 1: Introduction to Cryptography and Cyber Security
1. What is Cryptography and Cybersecurity?
o Cryptography is the practice of securing communication and information by
encoding it in such a way that only authorized parties can access it. For
example, using a Caesar cipher, the word "HELLO" can be encrypted as
"IFMMP" by shifting each letter by one position.
o Cybersecurity involves protecting systems, networks, and data from cyber
threats like hacking, malware, or data breaches. For instance, implementing
firewalls and antivirus software helps secure a system from unauthorized
access.
2. Define the following terms:
o Cipher: A mathematical algorithm used for encrypting and decrypting
messages. For instance, in a substitution cipher, each letter in the plaintext is
replaced with another letter.
o Key: A secret value used in encryption and decryption to ensure secure
communication. For example, a 128-bit key in AES encryption determines
how the data is scrambled.
o Encipher: The process of converting plaintext into ciphertext. For instance,
encoding "HELLO" into "KHOOR" using a Caesar cipher with a shift of 3.
o Decipher: The process of converting ciphertext back into plaintext. For
example, decoding "KHOOR" back to "HELLO" using the same Caesar
cipher.
3. Differentiate active and passive attacks.
o Active Attack: These attacks involve modification of data or creating false
data during transmission. For example, a man-in-the-middle attack intercepts
and alters the content of communication between two parties.
o Passive Attack: These involve monitoring and eavesdropping on
communication without altering the data. For instance, an attacker silently
intercepting an email to gather sensitive information.
4. What is steganography?
o Steganography is the technique of hiding secret information within non-secret
data, such as images, audio, or video files. For example, embedding a hidden
message inside an image by altering the least significant bits of the image
pixels.
5. What is a denial-of-service attack?
o A denial-of-service (DoS) attack aims to overwhelm a system, network, or
server with excessive requests, rendering it unavailable to legitimate users. For
 instance, flooding a web server with so many requests that it crashes or slows
down significantly.

Unit 2: Symmetric Key Cryptography

1. Using Euclid's Algorithm, find GCD of (21, 300):
o Euclid's Algorithm works as follows:
1. Divide 300 by 21, the remainder is 6.
2. Divide 21 by 6, the remainder is 3.
3. Divide 6 by 3, the remainder is 0.
 The last non-zero remainder is the GCD, which is 3 in this case.
2. Define terms in number theory:
o Field: A mathematical set where addition, subtraction, multiplication, and
division are defined. Example: Real numbers.
o Ring: A set equipped with two operations, addition and multiplication.
Example: Integers form a ring.
o Group: A set with one operation satisfying closure, associativity, identity, and
inversibility. Example: Integers under addition.
3. What is avalanche effect?
o The avalanche effect ensures that a small change in the input (e.g., flipping a
single bit) results in a significant change in the output ciphertext. For example,
in DES encryption, changing one bit of the plaintext can completely alter the
ciphertext.
4. Differentiate DES and AES.
o DES (Data Encryption Standard): Uses a 56-bit key and operates on 64-bit
blocks. It is slower and less secure against brute-force attacks.
o AES (Advanced Encryption Standard): Supports 128, 192, and 256-bit keys
and operates on 128-bit blocks. It is faster and more secure than DES.
5. Differentiate linear and differential cryptanalysis.
o Linear Cryptanalysis: Involves finding linear relationships between plaintext
and ciphertext to break encryption.
o Differential Cryptanalysis: Focuses on studying the effect of specific plaintext
differences on the ciphertext.

Unit 3: Public Key Cryptography

 1. State Fermat's Little Theorem:
o Fermat's Little Theorem states that if ppp is a prime number, then
apequivapmodpa^p \\equiv a \\pmod{p}apequivapmodp. For example, if a=3a
= 3a=3 and p=7p = 7p=7, then 37equiv3pmod73^7 \\equiv 3 \\
pmod{7}37equiv3pmod7.
2. Euler's Totient Function:
o Euler's Totient Function ϕ(n)\phi(n)ϕ(n) counts the number of integers less
than nnn that are coprime to nnn. For example, ϕ(12)=4\phi(12) = 4ϕ(12)=4
because 1, 5, 7, and 11 are coprime to 12.
3. Elliptic Curve Cryptography:
o Elliptic Curve Cryptography (ECC) uses the properties of elliptic curves for
secure key exchange. For example, an elliptic curve equation is
y2=x3+ax+by^2 = x^3 + ax + by2=x3+ax+b.
4. Prime and Relative Prime Numbers:
o Prime: A number divisible only by 1 and itself. Example: 7.
o Relative Prime: Two numbers with no common factors other than 1. Example:
8 and 15.
5. Miller's Primality Test:
o A probabilistic algorithm to test if a number is prime. For example, testing if
17 is prime by checking it with randomly chosen bases.

Unit 4: Authentication and Integrity

1. Differentiate MAC and Hash Function:
o MAC (Message Authentication Code): Ensures data authenticity and integrity
using a secret key. Example: HMAC.
o Hash Function: Converts data into a fixed-length hash value. Example: SHA-
256.
2. What is digital signature?
o A digital signature ensures the authenticity and integrity of a message, using
public key cryptography. For example, an RSA-based signature verifies the
sender's identity.
3. Authentication Protocol Requirements:
o An authentication protocol must ensure security, mutual authentication, and
resistance to replay attacks. Example: Using OTPs along with passwords.
4. Differentiate MD4 and SHA:
 o MD4: Produces a 128-bit hash, but is considered insecure.
o SHA: Produces larger hash values (160-bit for SHA-1, 256-bit for SHA-256)
and is more secure.
5. Biometric and Password Protection:
o Biometric: Uses unique traits like fingerprints for authentication. Example:
Fingerprint scanner.
o Password Protection: Uses alphanumeric credentials. Example:
"MySecure@123".

Unit 5: Cybersecurity
1. What is spyware?
o Spyware is malicious software that secretly collects user information.
Example: A keylogger records keystrokes to steal passwords.
2. What is password sniffing?
o Password sniffing is intercepting passwords during transmission. Example:
Using network monitoring tools like Wireshark.
3. Differentiate hardware and software keyloggers:
o Hardware Keylogger: A physical device attached to a computer. Example: A
USB keylogger.
o Software Keylogger: A program installed on the system. Example: Malware
that logs keystrokes.
4. What is NAC?
o Network Access Control ensures that only authorized devices can access the
network. Example: Restricting guest devices on an enterprise network.
5. Handshake Protocol:
o A handshake protocol is used to establish secure communication between
devices. Example: SSL handshake ensures both parties authenticate each other.