om ‘Time: NB. 6 KHULNA UNIVERSITY OF ENGINEERING & TECIINOLOGY B.Sc. Engineering 4" Year 1* Term Examination, 2021 Department of Computer Science and Engineering CSE 4115 Computer and Network Security ILL MARKS: 210 hours Answer ANY THREE questions from each section in separate seripts. Figures in the right margin indicate full marks. Section A (Answer ANY THREE questions from this section in Script A) . a) Explain the terms: ‘Security services’, ‘Cryptosystem’, ‘Cryptoanalysis’ along with the major (13) goals of security, Also explain a conventional eryptosystem by using a proper diagram. ’) Specify Shannon characteristics to explain good ciphers along with ‘confusion’ and (14) ‘diffusion’, Using a block diagram depict the symmetric eryptosystem along with the ways of the key distribution. ©) Discuss the benefits of an asymmetric cryptosystem. For RSA algorithm from (08) ed = 1 mod gn) show that fora single value of , there may exist many values of d, where symbols have their usual meanings. . a) Define chosen-plaintext attack. Show how RSA elgorithm suffers with tis attack. 08) 'b) Explain the working procedure of Caesar cipher. How itis an example of substitution ciphers. (07) ©) Discuss the properties of digital signatures. RSA algorithm can be used to implement product (10) cipher. How? Show it? 4) Discuss the techniques, pros and cons of block and stream ciphers. What are the trends of (10) maintaining security? Explain them. 8) Explain the working procedure of ElGamal encryption algorithm. Why it is said to be a (13) probabilistic encryption algorithm? Explain. b) Explain ElGamal digital signature algorithm in detail. Also give a working example oft. (13) ©) Discuss the major characteristics of cryptographic hash function? Why itis one-way? (09) ©) Discuss the characteristics of good viruses. (5) Section (Answer ANY THREE questions from this section in Seript B) . a) What is segmentation fault? Explain Buffer Overflow attack with proper code and stack (15) diagram. ) Show how Integer Overflow attack compromises a program’ reliability and security. as) ©) Explain document virus using Microsoft’s Dynamic Data Exchange (DDE) protocol. (05) 4) What are the problems associated with Segmentation and Paging? Explain how Paged (15) ty EsBinn some countrmessies tht are ued aginst Buller Overflow atack as) ©) What is format string? 3) . a) Explain attacks on format string vulnerability. as b) Write short notes on the followin, a i) DHCP Spoofing Attack, Gi). Rainbow Table Attack. Gi) Polymorphic Viruses. (iv) Dictionary Attack. ©) What are covert channels? Differentiate between errors and faults. (08) 8) How does viruses attach with original programs? a0) ») Explain the working principle of Elliptic Curve Cryptography (ECC). What are the reasons to (10) prefer ECC over RSA? ©) What is salt? How does it help against Rainbow Table attack and make password hashing (10) ‘more secure? 4) Explain SQL injection and web bug. (03) Page: 1 of 1ae A Universiry ‘OF ENGINEERING & TECHNOLOGY ” ne ‘ngineeriag 4 Year * Term Examination, 2019 partment of Computer Science and Engineering CSE 4115 Computer and Network Security NB. i) Answer ANY THREE questions from each section in separate scripts. ii) Figures in the right margin indicate full marks. ‘Secmioy A (Answer ANY THREE questions from ths seetion in Script A) 1. 8) Define the terms: ‘confusion’, ‘diffusion’, ‘eryptography" and ‘cryptanalysis’. Discuss Shannon characteristics of good cipher. ) ‘RSA isa commutative lke crypiosystem’ — how? Explain deliberately. «¢) Define exypiosystem. Discuss about the ingredients of eryptosystem. 6) Define “kzown- plaintext’ attack. How this attack ean mount over RSA‘ amal digital signature algorithm with 2. a) Discuss characteristics of digital signature, Explain EIG: mexample. ; in +) Digital signarere and public key cryptography can be combined why and bow? Explain, ) Using an example explain ElGamal exyptosystem. How does it relate with discrete logan problem? 6) Discuss threats to e-mail. 13) Discuss ‘stream cipher" and “block cipher’. Explain a specific Key exchange protocol 10 isribute akey. » ©) Define sx sensitive. 4, 3) What is meant by bomomorphic encryption? Show that RSA ard ElGamal eryptosystems are omomorphic. ) What are the param D ¢) Discuss the dimensions of reliability and integri database security? Explain them. eters that make a computer network vulnerable? Discuss them briefly. ity of database. What are the requirements for Seeri (Answer ANY THREE questions from this section in Seript B) ‘5, a) What is salt and how does it make password hashing more secure? Also explain rainbow table ttack and how salt can help against rainbow table attack. ) How does the attacker know what algorithm and salt to use in a dictionary attack? ¢) Explain Buffer Overflow attack with proper code and stack diagram. Also discuss about the countermeasures that are used against Buffer Overflow attack. 6. 8) Explain how Format String attack works with appropriate activation record diagrams. Also explain different uses of Format String attack with proper example(s) and stack diagrams, ») Demonstrate Integer Overflow attack using suitable example(s). ©) Explain SQL Injection attack with practical example. Also discuss about the prevention techniques used against SOL Injection attack. 7. a) Explain Persistent, Reflected and DOM-based Cross-Site Scripting (XSS) attacks with examplets). +b) Explain the methods of preventing XSS attacks, ©) What are web bugs? Explain how attackers bypass CAPTCHA protection. 8, 2) Explain how combining Paging with Segmentation provides better performance for protection in general purpose operating system compared to using them separately. 'b) What is a Covert Channel? How to create Covert Channels? ) Briefly explain the following attacks: (i) Ransomware, (ii) Salami Attack, (i (iv) Document virus using Microsoft's Dynamic Data Exchange. 4) What is Access Control Directory? ‘Tepjacking, ‘TOE: 3 hours FULL MARKS: 210 (12) (08) (08) ) «a2 (08) (0) (05) a3) (3) (09) ao) (10) cc) (05) as) (06) aa) (as) 07) a3) as) (10) (10) (09) (06) (16) (04) Page: 1 of 1KHULNA UNIVERSITY OF ENGINEERING & TECHNOLOGY BSc. Engineering 4° Year 1* Term Examination, 2018 De t Science and Engineering 1s Computer and Nework Security ‘Tine: 3 hours Fun Marxs: 210 NB. i) Answer ANY THREE questions from each section in separate scripts ii) Figures in the right margin indicate full marks. SecTiow A (Answer ANY THREE questions from this section i teristics of good cipher. Define the terms: (10) ‘pt AY 1, a) Through Shannon characteristics, discuss the cl “confusion” and“iffsion' : . won ') Define known plaintext atack, How it canbe associate with RSA eryptosystems? ue 6) On sane modults using RSA, bow multiple paris an encrypt ata? > € Show that “RSA eryptosystem is omomomphis". 2 a) Diseuss propenties of dig signature, Explain EIGamal digital signature algorithm witha 2) example . » 1) aad the working procedure of EIGamal eyposytem spesihing tht itisbasedondscste (10) Mal 2 f wo 3. a) Define cryptographic hash function. Discuss properties oft _ " 2 Pears arehyiyeu combine digital signaure and pubic hey crgptogranhy? Explain. es 2} Discus the parameters that make a computer network wulaerable. uo 18) Define sensitive data, Discuss the factors that ean make data sen 44 8) How documents can be signed using public hey ergptogranhy and one way hash function? (07) Discuss. 3 by Discuss ‘stream cipher’ and “block cipher’, Explain a specific Key exchange protosel 19 (13) distribute a key. os ) How ‘primitive element” relates with ElGamal? (@s) {d) What are the requirements of database security? Explain them. on) SecTioN B (Answer ANY THREE questions from this section in Script B) 5, a) Given intuitive explanation of the working principle of Elliptic Curve Cryprography (ECC), (13) ‘Also explain how encryption and decryption work in ECC. by Explain ECC based digital signature with mathematical proof, 1) ©) What are the reasons to prefer ECC over RSA? (3) What is tapjacking? Explain the prevention mechanism used against tapjacking in context of (07) ‘Android operating system. 6. a) Write short notes on following attacks: a6) age-in-the-Middle. ii, Program Download Substitution, iii, SQL Inject iv, Man-in-the-Browser. 'b) Explain how attackers use User-in-the-Middle attack to bypass CAPTCHA protection. (08) ©) What are web bugs? Explain how websites can be protected against unwanted change both (13) from administrator's and users" perspect 7. a) With appropriate code and stack diagram explain how Buffer Overflow can be exploited to (18) execute attacker's provided code. Also explain some common counter measures that are used against Buffer Overflow attack, +b) Explain the uses of Format String attack with appropriate example(s) and stack diagrams, (11) ) Explain Integer Overflow attack using suitable example(s). (06) 8. a) Write short notes on the followings: 5) i, Salami Attack. ii, Cover Channel. Document Virus using Microsoft's Dynamie Data Exchange (DDE). ') Explain the problems associated with Acc rectory. (06) °) us)