[<ii, Code: \ 1191020702 7 _______....l_~eg: No.

Sona College of Technology (Autonomous), Salem -5.

SET-1 Department of CSE ,,.--
C ontinuous Internal Evaluation Test - ID ..,.,.-
.,,,-- U19CS702 - CRYPTOGRAPHY
Common to All sections (IV Year/ VII Semester)
.,,,-
Date 23.10.2024 Duration : 1 ½ hours

Time slot 9.15am T o 10.45 am Marks 50

PART-A Answer All Questions (6 x 2 = 12 Marks)

1. State the requirements of digital signatures. LOTS 4 1,2,4,
9,10.
12
2. What are the design objectives of HMAC? LOTS 4 1,2.4,
9.10.
12
3. Imagine a secure online banking system where customers perform transactions and access HOTS 4 1,2,3,
4,9,1
their accounts via a web application. To ensure the integrity and security of 0,12
communications, it is crucial to protect against replay attacks during the message
authentication process. What methods can the bank implement to effectively mitigate replay
attacks in this scenario?
4. Imagine a company is setting up a secure network infrastructure to protect its internal LOTS 5 1,2,3,
4,9.1
systems from external threats. The IT team decides to use a specialized server to act as a 0,12
fortified entry point for accessing the internal network. What is the role of this specialized
server. often referred to as a bastion host, and how does it enhance network security in this
scenario?
5. Imagine a corporation is conducting a comprehensive assessment of its email HOTS 5 1,2 ,3,
4,9,1
communication system to ensure it is secure against various threats. What security 0,12
parameters should the corporation consider when analyzing email security in this scenario?

6. A company is experiencing frequent network intrusions and is considering different HOTS 5 1,2,3,
4,9,1
strategies for intrusion detection. They have two main options: a proactive approach, which 0,12
involves anticipating and preventing attacks before they happen, and a reactive approach.
which focuses on detecting and responding to attacks as they occur. Why might the
company prefer the reactive approach over the proactive approach in this real-time problem
scenario?
PART- B Answer All questions (2 x 5 = 10 Marks)
7. Your task is to evaluate the authentication mechanisms available for implementing Single II OTS 4 1,2.3.
4,9, t
Sign-On (SSO) for a new web application that allows users to log in using their Google 0,12
accounts. One option under consideration is Kerberos v4. Analyze why Kerberos v4 might
not be the preferred choice for this SSO authentication process, considering the
requirements and modem security standards of integrating with Google accounts.

8. Describe how PGP provides confidentiality and authentication services for email r.ors 5 1.2,3.
4,9, 1
application 0,12
PART-C Answer All questions (2 x 14 = 28 Marks)
9. (a) (i) A financial institution is tasked with securing its online banking platform 7 IOTS 4 1.:!,4,
9,10,
against potential cyber threats. As part of its security measures the 12
institution must implement effective password management techniqu,es in
its cryptographic practices. What specific techniques should the institution
adopt to ensure robust password security, and how do these techniques
mitigate different types of attacks?
 ,I

(ii) Goog]e sen.er authenticates users using Kaberos sc:rvcr. Evay user 15 7 HOTS • 1.2.3.
authcnbcatcd to the Google server before bo'sbe a c ~ the Google 4,9,l
0.12
SCl"\icc to the authentication server. In this scenario, user A wants to access
YouTubc server. Explain the authenricati<JO process that ii carried out
between user A and Google authentication saver with message dialogues
(OR)
(b) (1) What lllC the ,·arious ways of using bash fimctions in message 7 LOTS 4 1,2.4,
authentication? Explain them with neat diagram. 9,10,
12

(ii) User A and use. B perform mutual authentication by themselves directly. In 7 HOTS 4 1,2,3,
this scensrio user A and user B may deny the sending of the message and 4,9,1
0,12
reception of the message. Design a new user authentication mechanism
winch prevents this problem.

10 (a) (i) Explain the different kinds of malicious software that are harmful for 7 LOTS s 1.2,4.
information systems. 9,10,
12
(ii) A device with 192.168.1.147 tries to connect to a device with IP 7 HOTS s 1.2,3,
(192.0.9.40) ,then the connection is 6m verified by firewall that completes 4,9.1
0,12
the TCP three way handshaking p ~ and if there is a consequent traffic
arises then how will it be detected using packet filtering method?
(OR)
(b) (i) Explain the functions ofS~fiME. 7 LOTS s 1.2,4.
9,10,
12
{!.:~ ~~--'¾JI logs ?!I the fr,,-:,-,.j~g-eM eirtg~m!!-~ffit•,: '),il7 A_n
(),lr MJl ..g~ 7 HOTS 'i -1.2 'l
attacker launched a DoS attack to our Jetwork on 31-10-2023 from 8:00 am 4,9.1
0,12
to 8:30 am. During this time our college network was slowed down
gradually and shut down completely at 8:20 am. Design an algorithm to
detect tlns DoS anack and explain the working principle of this algorithm

moom's LOTS HOTS Total

Percentage 50 50 100
QP Code: 1191020702 / Reg. No.
Sona College of Technology (Autonomous), Salem -S.
SET - 2 Department of CSE /
Continuous Internal Evaluation Test - m ,,,,..-
/ U19CS702 - CRYPTOGRAPHY/
Common to All sections (IV Year / VD Semester)
Date 23.10.2024 Duration : 1 ½ boun 0
u
Time slot 9.15am To 10.45 am Marks : so
PART-A Answer All Questions (6 x 2 = 12 Marks)
1. List the requirements of Kerberos. LOT 4 1.2.4.9,I
s 0,12
2. Draw the SSL protocol stack. LOT 4 1,2,4.9,1
s 0,12
3. Users A sends email from his/her gmail account to user B's yahoo account. Gmail server HO 4 1.2,3,4,9
TS ,10,12
and yahoo mail server exchange mails using SMTP and POP. How does user A's gmail
server provide confidentiality and authentication to the mails?

4. Differentiate IDS from IPS LOT s 1,2,3,4,9

s .10,12

5. Imagine a small business network setup where the company wants to ensure that their HO s 1,2,3,4,9
TS ,10,12
internal network is protected from external threats. They are considering using their
existing network devices, specifically routers and bridges, to implement firewall
functionalities. How can routers and bridges be configured and utilized to serve as firewalls
in this scenario?
6. Our college is running Sofos firewall . How do you configure this firewall to filter only HO 5 1,2,3,4,9
10 12
services that are allowed to run and to filter the traffic according to the applications TS • •
running? Compare these two configurations according to the functionalities.
PART - B Answer All questions (2 x 5 = 10 Marks)
7. Consider secret keys Ka and Kb are shared between A & KOC and B & K.DC. Apply HO 4 1.V,4,9
12
Needhem Schroder protocol to distribute session key Ks to A and B. TS ,lo,

8. Apply the analysis method used for intrusion in rule based IDS and anomaly based IDS. LOT 5 1,2,3,4.9
S ,10,12

PART - C Answer All questions (2 x 14 = 28 Marks)

9. (a) (i) What are the requirements of digital signature? Discuss in detail about 7 LOT 4 1,2,4,9,1
direct and arbitrate digital signature. s O,l2

(ii) Google server authenticates users using Kerberos server. Every user is 7 HO 4 1,2,3,4,9
TS ,1 0,12
authenticated to the google server before he/she accesses the google
service to the authentication server. In this scenario, user A wants to
access Youtube server. Explain the authentication process that is carried
out between user A and Google authentication server with message
dialogues
(OR)
(b) (i) Explain the process of generating the message digest value using SHA- 1 7 LOT 4 1,2,4,9,1
S 0,12
algorithm with necessary diagrams and steps.

(ii) How hash functions are used in message authentication? User A wants to 7 HO 4 1.2,3,4,9
TS ,10,12
use DES algorithm to check message authentication.
 7 LOT 5 J,2,.4,9,1
10. (a) (i) faplrun the phases of SSL hnndshake protocol for 8 0,12
a. Establishing security cnpnbilitics
b. Sm·cr authentication and key exchange
C. Client authentication and key exchange

7 HO ., 1.2.3A,9
(ii) A firewall is to be configured to allow hosts in n private network to freely TS ,10,12
open TCP connections and send packets on open connections. However, it
ill only allow extemnl hosts to send packets on existing open TCP
connections or connections that are being opened (by intemnl hosts) but
not allow them to open TCP connections to hosts in the private network.
1n what way we can achieve the minimum capability of the firewall?
(OR)
(i) Describe how PGP provides confidentiality and authentication services 7 LOT s 1,2,4,9,1
(b) s 0,12
for email application.

(ii) An organization has four private networks interconnected across the 7 HO s 1,2,3,4,9
TS ,10,12
Internet. Hosts on the intemal networks ust: the internet for transport the
data and tunnels at the security gateway tc, each internal network. How
does Authentication Header (AH) work on this scenario for transport
mode and tunneling mode?

Bloom's ···--········-· i~!s::::::::~:::::::::::::::::::::::::::::::::::::::::::::::1:::::::::::::::::::::::::::::::::::::::::::::";;;;-:::::::::::::::::::::::::::::::::::::::::::::1::::::::-:~~(:::]

Percentage
--------------··--· ·-·-········••·•-···· ······················ ····..··-············.. ·········· ........................................................................................................ ............................1

..