PART - A

Answer ALL the Questions

(10 × 2 = 20)

1. Mention the principle of OSI layer security architecture. (CO1)

2. Write the difference between active and passive attacks. (CO1)
3. State the benefits of symmetric encryption. (CO2)
4. List down the limitations of encryption. (CO2)
5. What are weak and semi-weak keys? (CO3)
6. Is RSA a zero knowledge proof system? Why? (CO3)
7. Mention the difference between Digital signature and Digital Certificates. (CO4)
8. List the security issues in MAC. (CO4)
9. What is meant by malware? (CO5)
10. Mention the various problems in web security. (CO5)

PART - B
Answer ALL the Questions
(5 × 16 = 80)

11. Narrate the framework of OSI security architecture with neat diagram. (CO1)
(or)
12. Elucidate the symmetric cipher model with neat diagram. (CO1)
13. Describe the principle of simplified DES algorithm. State its strength and weakness.
(CO2)
(or)
14. Elucidate the concept of traffic confidentiality. Discuss the techniques of key
distribution and its benefits briefly. (CO2)
15. Explain how efficient RSA operations? Illustrate the generation of RSA key in detail.
(CO3)
(or)
16. Elucidate the working of Diffe-Hellman key exchange with suitable example. (CO3)
17. Discuss about message authentication codes briefly. Illustrate the issues and
challenges in Security of hash functions and MACs briefly. (CO4)
(or)
18. Assume Client C machine wants to communicate with Server S. Explain in detail,
how can it be achieved through Kerberos services? (CO4)
19. Illustrate how privacy, authentication of the source, message integrity and non-
repudiation are achieved in Electronic mail. List the various services of E-mail. (CO5)
(or)
20. State the characteristics and types of intruders. Describe the framework to prevent and
protect the network from the intruders in detail. (CO5)
 SCSA1602: Network Security

PART - A (10 × 2 = 20)

1. Mention the principle of OSI layer security architecture. (CO1)

The OSI security architecture defines a systematic approach to secure communication

by identifying security services (e.g., confidentiality, integrity, authentication) and
mechanisms (e.g., encryption, digital signatures) applicable at each OSI layer.

2. Write the difference between active and passive attacks. (CO1)

 Active Attack: Modifies data during transmission (e.g., man-in-the-middle,

spoofing).
 Passive Attack: Only monitors or eavesdrops on data without altering it (e.g.,
traffic analysis).

3. State the benefits of symmetric encryption. (CO2)

 Faster and efficient for large data volumes.

 Requires less computational power.
 Simple to implement.

4. List down the limitations of encryption. (CO2)

 Key management complexity.

 Vulnerability if the key is compromised.
 Doesn't protect against traffic analysis.

5. What are weak and semi-weak keys? (CO3)

 Weak keys produce repeated encryption cycles (e.g., DES with identical
subkeys).
 Semi-weak keys exist in pairs and can encrypt/decrypt each other’s
ciphertext.

6. Is RSA a Zero-Knowledge Proof System? Why?

No, RSA is not inherently a zero-knowledge proof system. It provides encryption and
digital signature services but does not allow one party to prove knowledge without
revealing it.

7. Mention the difference between Digital signature and Digital Certificates. (CO4)

 Digital Signature: Ensures message integrity and sender authenticity.

 Digital Certificate: Issued by a CA to bind public keys with identity.

8. List the security issues in MAC. (Security Issues in MAC (CO4)

 Key management problems.

 Vulnerability to brute-force or replay attacks.
  Integrity-only assurance (no non-repudiation).

9. What is meant by Malware? (CO5)

Malware is malicious software (e.g., virus, worm, trojan) designed to damage, disrupt,
or gain unauthorized access to systems.

10. Mention the various problems in web security. (CO5)

 Cross-site scripting (XSS)

 SQL injection
 Phishing attacks
 Session hijacking

 Insecure cookies or HTTP headers

PART - B
Answer ALL the Questions (5 × 16 = 80)

11. Narrate the framework of OSI security architecture with neat diagram. (CO1)
Answer:
The OSI Security Architecture provides a structured approach to securing data across
different network layers. It defines:

 Security Services such as:

o Authentication
o Access Control
o Data Confidentiality
o Data Integrity
o Non-repudiation
 Security Mechanisms like:
o Encryption
o Digital signatures
o Firewalls
o Secure protocols (e.g., SSL/TLS)

Each layer in OSI can implement specific security mechanisms to support security services.

12. Elucidate the symmetric cipher model with neat diagram. (CO1)
Answer:
The symmetric cipher model involves a single key used for both encryption and decryption.

Main components:

 Plaintext: Original message

 Encryption Algorithm: Transforms plaintext into ciphertext using a secret key
 Secret Key: Shared between sender and receiver
 Decryption Algorithm: Converts ciphertext back to plaintext using the same key
Diagram:

Examples: AES, DES, RC4

Challenges: Key distribution and management

13. Describe the principle of simplified DES algorithm. State its strength and weakness.
(CO2)
Answer:
Simplified DES (S-DES) is a reduced version of DES used for teaching cryptography:
Strengths:

 Simple structure for understanding symmetric encryption

 Introduces concepts of confusion and diffusion
Weaknesses:

 Extremely weak in practice

 Small key and block sizes are easily brute-forced

14. Elucidate the concept of traffic confidentiality. Discuss the techniques of key
distribution and its benefits briefly. (CO2)
Answer:

Traffic Confidentiality refers to protecting information about message flow (e.g., sender,
receiver, volume) from being disclosed.

Techniques:

 Encryption of headers and payloads

 Padding messages to uniform sizes
 Traffic padding (sending dummy traffic)
 Routing obfuscation

Key Distribution Techniques:

 Manual key exchange

 Key Distribution Center (KDC)
 Public Key Infrastructure (PKI)
 Diffie-Hellman Key Exchange

Benefits:

 Ensures secure communication

 Prevents eavesdropping and traffic analysis
 Supports confidentiality and integrity

15. Explain how efficient RSA operations? Illustrate the generation of RSA key in
detail. (CO3)
Answer:

RSA Efficiency:
While secure, RSA is slower compared to symmetric encryption due to large integer
computations. Its efficiency can be improved with optimizations like the Chinese Remainder
Theorem.

Key Generation Steps:

1. Choose two large prime numbers, p and q

2. Compute n = p × q
3. Compute φ(n) = (p − 1)(q − 1)
4. Choose e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1
5. Compute d, the modular inverse of e mod φ(n)
 6. Public Key = (e, n), Private Key = (d, n)

Used for:

 Encryption
 Digital signatures

16. Elucidate the working of Diffie-Hellman key exchange with suitable example. (CO3)
Answer:

Diffie-Hellman is a key exchange algorithm used to establish a shared secret between two
parties over an insecure channel.

Steps:

1. Publicly agree on a prime p and base g

2. Alice selects private key a, computes A = g^a mod p
3. Bob selects private key b, computes B = g^b mod p
4. Alice and Bob exchange A and B
5. Shared secret:
o Alice computes: K = B^a mod p
o Bob computes: K = A^b mod p

Example:

 p = 23, g = 5
 Alice picks a = 6 → A = 5^6 mod 23 = 8
 Bob picks b = 15 → B = 5^15 mod 23 = 2
 Shared secret = 2^6 mod 23 = 64 mod 23 = 18

Limitation: Vulnerable to man-in-the-middle attacks without authentication.

17. Discuss about message authentication codes briefly. Illustrate the issues and
challenges in Security of hash functions and MACs. (CO4)
Answer:

Message Authentication Code (MAC):

A small tag generated using a secret key and the message, ensuring:

 Message integrity
 Authenticity

Types:

 HMAC (Hash-based MAC)

 CMAC (Cipher-based MAC)

Challenges:
  Weakness in hash functions (e.g., MD5, SHA-1)
 Key management
 Replay attacks
 Tag forgery

Security depends on both the underlying hash function and the secrecy of the key.

18. Assume Client C wants to communicate with Server S. Explain in detail how it can
be achieved through Kerberos services. (CO4)
Answer:

Kerberos is a secure authentication protocol using a trusted third party (Key Distribution
Center - KDC).

Steps:

1. Client Authentication: C requests a Ticket Granting Ticket (TGT) from the

Authentication Server (AS)
2. Ticket Granting Service (TGS): C uses TGT to request access to Server S
3. Service Ticket: TGS issues a service ticket for Server S
4. Authentication to Server: C sends the ticket to Server S for access

Benefits:

 Password never sent in plaintext

 Tickets are time-stamped
 Supports mutual authentication

Limitation: Relies on synchronized clocks and availability of KDC

19. Illustrate how privacy, authentication of the source, message integrity and non-
repudiation are achieved in Electronic mail. List the various services of E-mail. (CO5)
Answer:

Security Features in Email:

 Privacy: Achieved using encryption (e.g., PGP, S/MIME)

 Authentication: Ensures sender identity (digital signatures)
 Integrity: Hashing and digital signatures
 Non-repudiation: Digital signatures provide proof of origin

E-mail Security Services:

 Message confidentiality
 Message integrity
 Message authentication
 Non-repudiation
 Proof of delivery and submission

Technologies used include SSL/TLS, PGP, S/MIME, SPF, DKIM, and DMARC.
20. State the characteristics and types of intruders. Describe the framework to prevent
and protect the network from the intruders in detail. (CO5)
Answer:

Characteristics of Intruders:

 Unauthorized access
 Data theft or modification
 Disruption of services
 Evade detection

Types of Intruders:

1. Masquerader – External unauthorized user

2. Misfeasor – Internal user with malicious intent
3. Clandestine User – Gains control and hides actions

Framework to Prevent Intrusion:

 Intrusion Detection Systems (IDS)

 Firewalls
 Multi-factor Authentication
 Security Policies
 Antivirus and Antimalware Tools
 Regular Audits and Monitoring

Intrusion Prevention Systems (IPS) block attacks in real-time.