DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

NETWORK SECURITY

IMPORTANT QUESTIONS WITH ANSWER :

UNIT-1
Q.1 What are the key principle of security?
Ans. Key principle of security is Confidentiality, integrity, and available Confidentiality
means protecting information from unofficial broadcasting and unauthorised access to
people. Data integrity aims to maintain the information consistency, accuracy, and
authenticity. Availability is to provide data, technological infrastructure, and applications
when the organisation needs them.
Q.2 What is meant by denial of service attack? It Active Attack or Passive Attack?
Ans. Fabrication causes Denial of service attacks. DOS prevents the normal use or
management of communication facilities. It is active attack.
Q.3 Define an attack.
Ans. An attack on system security that derives from an intelligent threat: that is at intelligent
act that is a deliberate attempt to evade security services and violate the security policy of a
system.
Q.4 List some examples of security attacks.
Ans. 1) Gain unauthorized access to information.
2) Disallow responsibility or liability for information the cheater did original
3) Enlarge cheater's legitimate license.
4) Prevent the function of software, typically by adding a convert function.
5) Cause others to violate a protocol by means of introducing incorrect information.
Q.5 What is a passive attack?
Ans.: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
Two types of passive attacks are release of message contents and traffic analysis.
Q.7 What is an active attack?
Ans.: An active attack involves some modification of the data stream or the creation of a
false.

Q.8 Categorize passive and active attack.

Ans.: Active attacks can be subdivided into four types:
1. Masquerade
2. Replay
3. Modification of message
4. Denial of service
Passive attacks are of two types:
1. Release of message contents
2. Traffic analysis
Q.9 What are the aspects of information security ?
Ans. There are three aspects of the information security, ie. security attack, security
mechanism, security service.
Q.10 What is a threat ? List their types.
Ans. A potential for violation of security, which exists when there is a circumstance,
capability, action or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit vulnerability.
Q.11 What is encipherment?
Ans. The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm
and zero or more encryption keys.
Q.12 Define symmetric encryption.
Ans.: In symmetric encryption, sender and receiver use same key for encryption and
decryption.
Q.13 What are the essential ingradients of a symmetric cipher ?
Ans.: A symmetric encryption scheme has five ingradients: Plaintext, Encryption algorithm,
Secret key, Ciphertext, Decryption algorithm.
Q.14 What are the two basic functions used in the encryption algorithm?
Ans. All the encryption algorithms are based on two general principles Substitution: In which
each element in the plaintext is mapped into another element
Transposition In which elements in the plaintext are rearranged. The fundamental
requirement is that no information be lost.
Q.15 How many keys are required for two people to communicate via a cipher?
Ans. If both sender and receiver use the same key, the system is referred symmetric, single-
key, secret-key or conventional encryption. If both sender and receiver use a different key,
the system is referred as asymmetric, two-key or pub key encryption.
Q.16 Why is asymmetric cryptography bad for huge data? Specify the reason.
Ans. Asymmetric encryption limits the maximum size of the plaintext. In practices, block
modes don't get used with asymmetric encryption, because encrypting, many blocks with an
asymmetric scheme would be really slow.
Q.17 What are the two general approaches to attacking a cipher?
Ans. The two general approaches for attacking a cipher.
1. Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plaintext perhaps
some knowledge of the general characteristics of the plaintext or even some samples
plaintext-cipher text pairs
2. Brute-force attack: The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained.
Q.18 Distinguish between attack and Threat.
Ans. The main difference between threat and attack is a threat can be either intentional or
unintentional where as an attack is intentional.
Threat is a circumstance that has potential to cause loss or damage whereas attack is
attempted to cause damage
Threat to the information system doesn't mean information was altered damaged but attack on
the information system means there might be chance alter, damage, or obtain information
when attack was successful.
A security threat is the expressed potential for the occurrence of an attack.
A security attack is an action taken against a target with the intention of den harm
Q.19 Differentiate MAC and Hash function
Ans. At The major difference between hash and MAC is that MAC uses key return MAC, a
hash code does not we a key but infection only of the input message.
Q.20 What is MAC? Mention the requirement of MAC.
Ant. An alternative authentication technique involves the use of a n hock of data, known as a
cryptographic checksum de MAC that appended to the message
Q.21 What is a Hash in cryptography?
Ans: A hash function H is a transformation that takes a variable-size input in and warns a
fixed-size string, which is called the hash value h(that is, h Him)) Hash functions with just
this property have a variety of general computational uses, but when employed in
cryptography the hash functions are usually chosen to have some additional properties
Q.22 What is a message authentication code ?
Ans. An alternative authentication technique involves the use of a small fixed size block of
data, known as a cryptographic checksum or MAC that is appended to the message
Q.23 What is the difference between a message authentication code and a one-way hash
function?
Ans. The difference between a MAC and a one-way hash function is that unlike a MAC, a
hash code does not use a key but is a function only of the input message
Q.24 is it necessary to recover the secret key in order to attack a MAC algorithm ?
Ans. A number of keys will produce the correct MAC and the opponent has no way of
knowing which the correct key is. On an average 2 keys produce a match. Therefore attacks
do not require the discovery of the key.
Q.25 What is the function of a compression function in a hash function ?
Ans. The hash function involves repeated use of a compression function. The motivation is
that if the compression function is collision resistant, then the hash function is also collision
resistant function. So a secure hash function can be produced.
Q.26 What is the use of digital signature ?
Ans: Data appended to, or a data unit that allows a recipient of the data unit to prove the
source and integrity of the data unit and protect against forgery
Q.27 What is a birthday attack?
Ans. A birthday attack is a name used to refer to class of brute-force attacks. It gets assume
from the surprising result that the probability that two or more people in a
group of 23 share the same birthday is greater than 1/2 such a result is called birthday
paradox.
Q.28 What is the utility of a detached signature ?
Ans. A detached signature may be stored and transmitted separately from message it signs.
This is useful in several contexts. A user may wish to maintain separate signature log of all
messages sent or received. A detached signature of a executable program can detect
subsequent virus infection. Finally detached signature can be used when more than one party
must sign a document, such as legal contract
Q.29 What is digital signature ?
Ans. Digital signature is an authentication mechanism that enables the creator of message to
attach a code that acts as a signature.
Q.30 What is one-way property ?
Ans. A function that maps an arbitrary length message to a fixed length mesa digest is a one-
way hash function if it is a one-way function.
Q.31 What are the two approaches of digital signature ?
Ans. Two approaches of digital signature are RSA approach and DSS approaches.

UNIT-II
Q.1 Name the four requirements defined by Kerberos.
Ans. Kerberos requirements are secure, reliable, transparents and scalable.
Q.2 What types of attacks are addressed by message authentication 7
Ans.: Content modification: Changes to the contents of the message.
Sequence modification: Any modification to a sequence of messages between parties,
including insertion, deletion, and reordering.
* Timing modification: Delay or replay of messages.
Q.3 What is public-key certificate ?
Ans. The public key authority could be a bottleneck in the system, for a User must appeal to
the authority for a public key for every other user that it wishes to contact, As before the
directory of names and public keys maintained by the authority is vulnerable to tempering.
Q.4 What are the requirements for the use of a public-key certificate scheme 7
 Any participant can read a certificate to determine the name and public key of the
certificate's owner.
 Any participant can verify that the certificate originated from the certificate authority
and is not counterfeit
 Only the certificate authority can create and update certificates
 Any participant can verify the currency of the certificate
Q.5 What is the life cycle of a key?
Ans: Keys have limited lifetimes for a number of reasons. The most important non protection
against cryptanalysis. Each time the key is used, it generates a number of cipher texts. Ford
describes the life cycle of a kay as follows:
 Key generation and possibly registration for a public Key.
 key distribution
 key activation/deactivation
 key replacement or key update
 key revocation
 Key termination, involving destruction and possibly archival.
Q.6 Define password protection.
Ans: Password protection is the front line protection against intruder to the system. A
password authenticate the ID and provides security to the system.
Q.7 Name the authentication protocols.
Ans: Kerberos is an authentication protocol. It provides a way to authenticate clients
to services to each other through a trusted third party.
Q.8 List four requirements that were defined for kerberos.
Ans: Requirement of Kerberos: Security, Reliability, Transparency and Scalability.
Q.9List any four password selection strategies.
In order to eliminate gaussable passwords four basic techniques are suggested.
1. User education
2. Computer generated password
3. Reactive password checking
4. Proactive password checking
Q.10 Specify the various types of authentication protocol.
Ans: Authentication protocols are Mutual vs one-way authentications, symmetric vs
Public-key approaches, Needham Schroeder protocol.
Q.11 How digital signatures differ from authentication protocols ?
Ans: Digital signatures provide the ability to verify author date and the signature, authenticate
message contents and verified by third parties to resolve disputes. Authentication Protocols
used to convince parties of each others and identity and to establish session keys.
Q.12 What entities constitute a full-service Kerberos environment?
Ans.: A full service environment consists of a Kerberos server, a number of clients
and a number of application servers
Q.13 What are the principle differences between Kerberos version 4 and version $?
Ans:
i) Kerberos VA requires DES and V5 allows many encryption techniques,
ii)VA requires use of IP and V.5 allows other network protocols
iii) Version 5 has a longer ticket lifetime.
iv) Version 5 allows tickets to be renewed.
v) Version 5 can accept any symmetric-key algorithm.
vi) Version 5 uses a different protocol for describing data types,
vii) Version 5 has more overhead than version 4.
Q.14 When are the certificates revoked in X.5097
Ans. The certificate should be revoked before expiry because of following reasons:
1. User's private key is compromised.
2. User is not certified by CA.
3. CA's certificate is compromised.
Q.15 Show how SHA is more secure than MDS?
Ans: SHA is more secure than MDS due to a variety of reasons. First, it produces a larger
digest, 160-bit compared to 128-bit, so a brute force attack would be much more difficult to
carry out. Also, no known collisions have been found for SHA
Q.16 What is realm in Kerberos?
Ans: A Kerberos realm is the domain over which a Kerberos authentication server has the
authority to authenticate a user, host or service. A realm name is often, but not always the
upper case version of the name of the DNS domain over which it presides The Kerberos
server shares a secret key with other Kerberos servers. Therefore. A Kerberos realm is a set
of these managed "nodes" that share the same Kerberos database.
Q.17 What entities constitute a full service in Kerberos environment?
A full-service environment consists of a Kerberos server, a number of clients and a number of
application servers.
Q.18 What is key distribution center ?
Ans: A key distribution center is responsible for distributing keys to pairs such as hosts,
processes, applications. Each user must share a unique key distribution center for purposes of
key distribution.
Q.19 What are the advantages of key distribution 7
 It is easy to add and remove entities from the network.
 Each entity needs to store only one long-term secret key.
 The public file could reside with each entity.
 Prevent an active adversary from impersonation.
Q.20 What is key management?
Ans: Key management is the set of techniques and procedures supporting the establishment
and maintenance of keying relationships between authorized parties.
Q.21 What is master key?
Ans: Session keys are transmitted in encrypted form, using a master key that is shared by the
key distribution center and an end system or user.
Q.22 Define session key.
Ans. Communication between end systems is encrypted using a temporary key, often referred
to as a session key.
Q.23 What is PKI?
Ans: A Public-Key Infrastructure (PKI) is defined as the set of hardware, software, people,
policies, and procedures needed to create, manage, store, distribute, and revoke digital
certificates based on asymmetric cryptography.

Q.24 What is key distribution?

Ans: Key distribution is the function that delivers a key to two parties who wish to exchange
secure encrypted data. Some sort of mechanism or protocol is needed to provide for the
secure distribution of keys
Q.25 What is digital certificate?
Ans: Certificates are digital documents that are used for secure authentication of
communicating parties.
Q.26 What is Certification Authority?
Ans: The trusted party who issues certificates to the identified end entities is called a
Certification Authority.
Q.27 What is a nonce?
Ans.: A random value to be repeated in message to assure that the response is fresh and has
not been replayed by an opponent.
Q.28 What is ticket-granting server ?
Ans. A server that issues tickets for a desired service which are in turn given to users for
access to the service. The TGS usually runs on the same host as the KDC
Q.29 Define Kerberos.
Ans. Kerberos is an authentication protocol. It provides a way to authenticate clients to
services to each other through a trusted third party.
Q.30 Define Realm
Ans. A network that, uses Kerberos composed of one or more servers called KDC and a
potentially large number of clients.
Q.31 What is challenge/ response ?
Ans.: Party A, expecting a fresh message from B, first sends B a nonce (challenge) and
requires that the subsequent message (response) received from B contain the correct nonce
value.
Q.32 Define Kerberos realm.
Ans. Kerberos realm is a set of managed nodes that share the same Kerberos database.
UNIT – III
Q.1 What is SSH?
Ans: SSH is a protocol for secure remote login and other secure network services over an
insecure network

Q.2 What is SSL session?

Ans. Session: An SSL session is an association between a client and a server. Sessions are
created by the handshake protocol Sessions define a set of cryptographic security parameters
which can be shared among multiple connections.
Q.3 Which of two services provided by SSL record protocol tor SSL connections?
Ans. Confidentiality: The handshake protocol defines a shared secret key that is used for
conventional encryption of SSL payloads.
Message integrity: The handshake protocol also defines a shared secret key that is used to
form a MAC.
Q.4 What is the purpose of HTTPS?
Ans.: HTTPS refers to the combination of HTTP and SSL to implement secure
communication between a web browser and a web server.
Q.5 What is the difference between an SSL connection and an SSL session ?
Ans. A connection is a transport that provides a suitable type of service. For SSL, such
connections are peer-to-per relationships. The connections are transient. An SSL session is an
association between a client and a server. Sessions are created by the handshake protocol.
Sessions define a set of cryptographic security parameters, which can be shared among
multiple connections
Q.6 Define TLS.
Ans. Transport Layer Security (TLS) is a protocol that encrypts and delivers mail securely.
TLS encryption requires the use of a digital certificate, which contains identity information
about the certificate owner as well as a public key, used for encrypting communications.
Q.7 What is extensible authentication protocol?
Ans. Extensible Authentication Protocol (EAP) is an authentication framework, not a specific
authentication mechanism, frequently used in wireless networks and point-to-point
connections. It provides some common functions and negotiation of authentication methods
called EAP methods.
Q.8 What is network access control?
Ans.: Network Access Control (NAC), also known as network admission control, is the
process of restricting unauthorized users and devices from gaining access to a corporate or
private network. NAC ensures that only users who are authenticated, and devices that are
authorized and compliant with security policies can enter the network.
16 marks questions
1. Analyse the Principles of public key cryptography?
2. Explain DES and AES Algorithm? And differentiate?
3. Explain the basics of Cryptography?
4. Explain OSI security?
5. Explain Conventional Cryptography techniques?
6. Explain the architecture of IP security
7. Analyse the challenges and vulnerabilities associated with key management?
8. Explore the principles of key distribution in symmetric key cryptography?
9. Analyse the use of Public Key Infrastructure in key management and distribution?
10. Explain the role of X .509 certificate in public key infrastructure system?
11. Explain the network Access Control?
12. Explain IP security?
13. Comparison between Kerberos version 4 and version 5?
14. IEEE 802.1X port based network access control?
15. Explain the Remote user Authentication?