CUSTOMER_CODE SMUDE
DIVISION_CODE
EVENT_CODE
SMUDE
SMUAPR15
ASSESSMENT_CODE MIT4022_SMUAPR15
QUESTION_TYPE DESCRIPTIVE_QUESTION
QUESTION_ID 12785
QUESTION_TEXT Discuss overview of Rijndael Algorithm.
SCHEME OF
EVALUATION
Rijndael is a fast algorithm with strong mathematical foundation but require simple processors for implementation. It primarily uses substitution, transposition, and the shift, exclusive OR, and addition operations. Algorithm also uses repeated cycles. There are 9, 11, or
13 cycles for keys of 128, 192, and 256 bits, respectively.
(2 marks)
Each cycle consists of four steps:
*Byte substitution: This step uses a substitution box structure similar to the DES, substituting each byte of a 128-bit block according to a substitution table. This is straight confusion operation.
*Shift row: A transposition step for 128- and 192-bit block sizes, row n is shifted left circular (n-1) bytes; for 256-bit blocks, row 2 is shifted I byte and rows 3 and 4 are shifted 3 and 4 bytes, respectively.
This is straight confusion operation.
*Mix Column: This step involves shifting left and exclusive-ORing bits with themselves. These operations provide both confusion and diffusion.
*Add subkey: here, a portion of the key unique to this cycle is exclusive-ORed with the cycle result. This operation provides confusion and incorporates the key. (2 marks each)
QUESTION_TYPE DESCRIPTIVE_QUESTION
QUESTION_ID 12786
QUESTION_TEXT Write a note on Security Parameter Index (SPI)
SCHEME OF
EVALUATION
The SPI is very important element in the Security Association (SA).
An SPI is 32-bit entity that is used to uniquely identify an SA at the receiver. The source identifies the SA by using the selectors.
However, the destination does not have access to all the fields in the selectors as some of the fields in the selectors belong to the transport layer.(2 marks)
To solve the problem of identifying the SA on the destination, the SPI that uniquely identifies the SA on the destination is sent with every packet. The destination uses this value to index into the receiving
SADB and fetch the SA. The IPSec architecture specifies that the SPI destination address in the packet should uniquely identify an SA.(2 marks)

The receiver allocates the SPI that is stored as part of the SA on the sender. The sender includes this in every packet under the assumption that the receiver can use this to uniquely identify the SA. If the receiver does not guarantee uniqueness, packets will fail security checks.(2 marks)
The sending host uses the selectors to uniquely index into the sending
SADB. The output of this lookup is an SA that has all the security parameters negotiated, including the SPI. The host that allocates the
SPI guarantees uniqueness. The SPI is reused once the SA expires but one is guaranteed at any point the mapping between SPI, destination, and SA is one to one. (2 marks)
The SPI is passed as part of AH and ESP headers. The receiving host uses the tuple SPI, destination, protocol to uniquely identify the SA.
It is possible to use the source address in addition to SPI, destination, protocol to uniquely identify an SA to converse the SPI space.
(2 marks)
QUESTION_TYPE DESCRIPTIVE_QUESTION
QUESTION_ID 72789
QUESTION_TEXT
SCHEME OF
EVALUATION
Explain the characteristics of following malicious codes: a. Virus b. Worm c. Trojan Horse d. Trap door e. Logic bomb a. Virus: A virus is a program that can spread the malicious code to other non malicious programs by modifying them. A virus can be either transient or resident. A transient virus has a life that depends on the life of its host; A resident virus locates itself in memory.
b. Worm: A worm is a program that spreads copies of itself through a network. The worm spreads copies of itself as a standalone program. c. Trojan horse: It is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect. Contains unexpected, additional functionality. d. Trap door: it is feature in a program by which some one can access the program other than by the obvious, direct call perhaps with special privileges. The trapdoor could be intentional, for maintenance purposes, or it could be an illicit way for the implementer to wipe out any record of a crime. e. Logic bomb: it is a class of malicious code that detonates or goes off when a specified condition occurs. (2 marks each)
QUESTION_TYPE DESCRIPTIVE_QUESTION

QUESTION_ID
QUESTION_TEXT
SCHEME OF
EVALUATION
72791
Explain how cryptanalyst uses different information to break the cipher?
a. Ciphertext only: The cryptanalyst decrypt messages based on probabilities, distributions, and characteristics of the available ciphertext, plus publicly available knowledge. b. Full or partial plaintext: the analyst may be fortunate to have a sample message and its decipherment. In these cases, the analyst can use what is called a probable plaintext analysis. After doing part of the decryption, the analyst may find places where the known message fits with the deciphered parts, thereby giving more clues about the total translation.
c. Ciphertext of any plaintext: the analyst might have infiltrated the sender’s transmission process so as to be able to cause messages to be encrypted and sent at will. This attack is called a chosen plaintext attack. For instance, the analyst may be able to insert records into a database and observe the change in statistics after the insertions. Linear programming some times enables such an analyst to infer data that should be kept confidential in the database. This attack is very favorable to the analyst.
d. Algorithm and Ciphertext: the analyst may have both the encryption algorithm and the ciphertext. In a chosen plaintext attack, the analyst can run the algorithm on massive amounts of plaintext to find one plaintext message that encrypt as the ciphertext. This approach fails if two or more distinct keys can produce the same ciphertext as the result of encrypting meaningful plaintext.
e. Ciphertext and Plaintext: the cryptanalyst may lucky enough to have some pairs of plaintext and matching ciphertext. Then, the game is to deduce the key by which those pairs were encrypted so that the same key can be used in cases in which the analyst has only the ciphertext. (2 marks each)
QUESTION_TYPE
QUESTION_ID
QUESTION_TEXT
SCHEME OF
EVALUATION
DESCRIPTIVE_QUESTION
118693
Give the advantages and disadvantages of different types of
Encryption System.
Ans:
Stream Encryption system:
Advantages:
1. Speed of transformation–1M

2. Low error propagation–1M
Disadvantages:
1. Susceptibility to malicious insertions and modifications–
2M
2. Low diffusion–2M
Block Encryption Algorithms advantages:
1. High diffusion–1M
2. Immunity to insertion of symbols–1M
Disadvantages:
1. Slowness of encryption–1M
2. Error Propagation–1M
QUESTION_TYPE
QUESTION_ID
QUESTION_TEXT
DESCRIPTIVE_QUESTION
118695
Explain the different fields of AH and ESP.
Ans:
The fields of AH are–5M
1. Next header
2. Payload length
3. Reserved Field
SCHEME OF EVALUATION 4. SPI field
5. Sequence number
6. The authentication data
The field of ESP are–5M
1. Security Association Identifier
2. Sequence number

3. Payload data
4. Padding
5. Pad length
6. Next header
7. Authentication data