NETWORK SECURITY

SOLUTION KEY
Q.1 a. List and explain various principles of security.
1. Confidentiality
2. Autjentication
3. Integrity
4. Non-repudiation
5. Access Control
6. Availability
7. Ethical and legal issues

b. Encrypt the message ‘Come Home Tomorrow’ using Ceaser Cipher and Simple columner
transposition technique with four columns order 4,2,1,3

Ceaser Cipher : Frph krph wrpruurz

Simple columner transposition technique with four columns order 4,2,1,3 :
emoroh owc emomotr
c. Explain with example Rail-Fence transposition technique.
Rail fence technique involves writing plain text as sequence of diagonals and then reading it row-by-
row to produce cipher text.
Example
d. Write the Diffie-Hellman key exchange algorithm. Also give suitable example.
1. Firstly Alice and Bob agree on two large prime numbers n and g. These two integers need not be
kept secret. Alice and Bob can use an insecure channel to agree them.
2. Alice chooses another large random number x, and calculate A such the :
A = gx mod n
3. Alice sends the number to Bob.
4.Bob independently chooses another large random integer y and calculates B such that
B= gy mod n
5. Bob sends the number B to Alice.
6. A now computes the secret key K1 as
K1 = Bx mod n
7. B now computes the secret key K2 as
K2 = Ay mod n
2 a. Explain Electronic code block mode and Cipher Feedback algorithm mode.
Electronic code block mode : Incoming plaintext message is divided into blocks of 64 bits each. Each
such block is then encrypted independently of other blocks. For each block in a message, same key is
used for encryption.
At the receivers end the incoming data is divided into 64-bit blocks and by using the same key as was
used for encryption, each block is decrypted to produce the corresponding plain text,
Figure is expected.
Cipher Feedback algorithm mode : data is encrypted in units that are smaller than a defined block size.
1. a 64-bit initialization vector is used It is kept in a shift register.it is encrypted to produce 64-bit IV
cipher text.
2. leftmost j bits of encrypted IV are EORed with the first j bits of plain text. This is C.
3.The bits of IV are shifted left by j positions. Rightmost j bits are filled by C.
4. Steps 1 through 3 are continued until all plain text units are encrypted.
b. Explain with neat diagram working of DES algorithm.
1. the 64-bit plain text is handed over to an initial Permutation function.
2. Initial Permutation is performed on plain text.

1
 3. The IP produce two halves of the permuted block: say LPT and RPT
4.LPT and RPT are rejoined and a Final Permutation(FP) is performed on teh combined block.
6. The result of this process produce 64-bit cipher text.

c. Write the steps carried out for each round of IDEA.

1. multiply P1 and K1
2. Add P2 and K2
3. Add P3 and K3
4. Multiply P4 and K4
5. XOR the result of Steps 1 and Step3
6. XOR the result of step 2 and 4
7. Multiply result of step 5 with K5
8. Add result of Step 6 and 7.
9. Multiply result of step 8 with K6
10. Add result of Step 7 and 9
11. XOR the result of Steps 1 and Step 9
12. XOR the result of Steps 3 and Step 9
13. XOR the result of Steps 2 and Step 10
14. XOR the result of Steps 4 and Step 10
d. Explain the working of RC4 algorithm.
Two processes are involved in this algorithm
1. Initialization of S
a. Choose K of length between 1 and 256 bytes.
b. Set the value in th estate vector S equal to the values from 0 to 255 in an
ascending order.
c. Create a temporary array T. If length of K is 256 bytes copy K to T as is.
Otherwise after copying K to T remaining positions are filled with values of K
again.
2. Stream generation : loop for i=0 to 255
Swap S[i] with another byte in S as per the mechanism decided by the implementation of S
After this k is XORed with the next byte of plain text.
For decryption k is XORed with the next byte of cipher text.

3.a. Explain the concept of digital signature.

b. What is message diagest? Explain with suitable example.
Message Digest is a fingerprint or the summery of message.
Explaination with example.
c. Explain how Secure Hash Algorithm works?
1. padding
2.Append length
3. Divide input into 512-bit block
4. Initialize chaining variables
5. Process blocks
Explain each step in short.
d. Write the steps involved in RSA algorithm.
1. Choose two large prime numbers P and Q.
2. Calculate N = P * Q
3. Select public key E such that it is not a factor of (P-1) and (Q-1)
4. Select private key D such that the following equation is true
(D*E) mod(P-1) * (Q-1) =1

2
 5. For encryption calculate the cipher text CT from the plain text PT as
CT = PTE mod N
6. Send CT as a cipher text to the receiver
7. For decryption, calculate teh plain text PT from teh cipher text CT as follows
PT = CTD mod N
4.a. Write the steps to create a digital certificate.
1. Key Generation
2. Registration
3. Verification
4. Certification Creation
b. Explain the concept of roaming certificate.
1. User's digital certificate and private keys along with the user ids and passwords are stored in the
database of central secure server.
2. When a user moves around and then logs into her computer, she authenticates herself using the id and
password to the credential server over the Internet.
3. The credential server verifies the id and password, using its credential database. If the user is
successfully authenticated, the credential server sends the user her digital certificate and private key file.
c. Differentiate between Simple Certification Protocol and Online Certificate Status Protocol.
Point OCSP SCVP
Client Client send just certificate Client send entire certificate serial number to
Request serial number to server server. The server can perform many more checks.
Chain of Only the given certificate is Client can provide a collection of all the
trust checked intermediate certificates, which the server can
check.
Checks The only check is whether the Client can request for additional checks, type of
certificate is revoked or not. revocation information to be considered, etc.
Returned Only status of the certificate is Client can specify what additional information it is
information returned by the server interested in.
Additional None Client can request for a certificate to be checked for
features a backdated event.
d. List and explain different categories of certificates types.
1. Email
2. Server-Side SSL
3. Client-side SSL
4.Code-signing
5.a. List phases in Handshake protocol. Explain in short.
1. Establish security capabilities.
2. Server Athentication and key exchang
3. Client Athentication and key exchang
4. Finish
b. Differentiate between SSL and TLS.
Point SSL TLS
Version 3.0 1.0
Cipher Suit Supports an algorithm called as Does not support Fortezza
Fortezza
Cryptography Short explanation Uses a psudorandom function to create master
secret secret
Alert Short explanation The No certificate alert message is detected.Newly
protocol added Decryption failed, Record overflow,
Unknown CA, Access Denied, Decode error,

3
 Export registration, protocol version, Insufficient
security, Internet error.
Handshake Short explanation Some details are changed
protocol
Record Use MAC Use HMAC
protocol
c. List various firewall Configurations. Explain any two.
Screened Host Firewall, Single-Homed Bastion
Screened Host Firewall, Dual-Homed Bastion
Screened subnet Firewall
d. Write a short note on Virtual Private Network.
A VPN is a mechanism of employing encryption, authentication and integrity protection so that we can
use a public network as if it is a private network.
Explaination
6.a. What do you mean by authentication Token? Explain how it works.
An authentication token is an extremely useful alternative to a password. It is a small device that
generates a new random value every time it is used.
Working steps
1. Creation of token
2. Use of token
3. Server returns an appropriate message back to the user
b. Explain how time based token works.
In time-based tokens the server need not send any random challenge to the user. The token need not
have a keypad for entry. The process works as follows
1. Password generationand login request
2. Server-side Verification
3. Server returns an appropriate message back to user.
c. How does certificate-based Authentication work?
In this authenticationuser is expected to have something (cetificate) and not know something
(password).At the time of login, the user is requested to send her certificate to the server over network
as a part of the login request. A copy of the certificate exists on the server, which can be used to verify
that the certificate is indeed valid one.
Steps:
1. Creation, storage and distribution of digital certificate
2. Login request
3. Server creates a random challenge
4. ?User signs the random challenge
d. Explain the working of Kerberos.
There are four parties in Kerberos protocol
1. The client workstation
2. Authentication Server
3. Ticket Granting Server
4. The server offering servics such as network printing, file sharing or an application program.
7.a. List and explain different types of criminal attacks.
1. Fraud
2. Scams
3. Destruction
4. Identiry theft
5. Intellectual property theft
6. Brand theft

4
b. Explain the subkey generation part of Blowfish.
1. Uses large number of subkeys. The key size ranges from 32 bits to 448 bits. These keys are
stored in an array as K1, K2, K3……Kn
2. P-array consisting 18 32-bit subkeys is created.
3. Four S-boxes are created
c. Explain Knapsack algorithm with suitable example.
Given a pile of items, each with different weights, is it possible to put some of them in a bag (knapsack)
in such a way that the knapsack has a certain weight?
That is if M1, M2,…..,Mn are given values and S is the sum, find out bi so that
S = b1M1 + b2M2 + ……….. +bnMn
Each bi can be 0 or 1.
A 1 indicates that the item is in the knapsack.
A 0 indicates that it is not.
A block of plain text equal in length to the number of items inth epile would select the items in the
knapsack.
The cipher text is the resulting sum.
Example.
d. Write and explain the PKIX services.
Registration
Initialization
Certification
Key pair recovery
Key genaration
Key update
Cross- certification
Revocation
e. Explain types of electronic money based on the tracking of money.
1. Identified electronic money
2. Anonymous electronic money

f. What are the One-way authentication approaches? Explain any two.

1. Login only
2. Shared secret
3. One-way public key