CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE

advertisement

CUSTOMER_CODE SMUDE

DIVISION_CODE

EVENT_CODE

SMUDE

SMUAPR15

ASSESSMENT_CODE MIT4022_SMUAPR15

QUESTION_TYPE DESCRIPTIVE_QUESTION

QUESTION_ID 12785

QUESTION_TEXT Discuss overview of Rijndael Algorithm.

SCHEME OF

EVALUATION

Rijndael is a fast algorithm with strong mathematical foundation but require simple processors for implementation. It primarily uses substitution, transposition, and the shift, exclusive OR, and addition operations. Algorithm also uses repeated cycles. There are 9, 11, or

13 cycles for keys of 128, 192, and 256 bits, respectively.

(2 marks)

Each cycle consists of four steps:

*Byte substitution: This step uses a substitution box structure similar to the DES, substituting each byte of a 128-bit block according to a substitution table. This is straight confusion operation.

*Shift row: A transposition step for 128- and 192-bit block sizes, row n is shifted left circular (n-1) bytes; for 256-bit blocks, row 2 is shifted I byte and rows 3 and 4 are shifted 3 and 4 bytes, respectively.

This is straight confusion operation.

*Mix Column: This step involves shifting left and exclusive-ORing bits with themselves. These operations provide both confusion and diffusion.

*Add subkey: here, a portion of the key unique to this cycle is exclusive-ORed with the cycle result. This operation provides confusion and incorporates the key. (2 marks each)

QUESTION_TYPE DESCRIPTIVE_QUESTION

QUESTION_ID 12786

QUESTION_TEXT Write a note on Security Parameter Index (SPI)

SCHEME OF

EVALUATION

The SPI is very important element in the Security Association (SA).

An SPI is 32-bit entity that is used to uniquely identify an SA at the receiver. The source identifies the SA by using the selectors.

However, the destination does not have access to all the fields in the selectors as some of the fields in the selectors belong to the transport layer.(2 marks)

To solve the problem of identifying the SA on the destination, the SPI that uniquely identifies the SA on the destination is sent with every packet. The destination uses this value to index into the receiving

SADB and fetch the SA. The IPSec architecture specifies that the SPI destination address in the packet should uniquely identify an SA.(2 marks)

The receiver allocates the SPI that is stored as part of the SA on the sender. The sender includes this in every packet under the assumption that the receiver can use this to uniquely identify the SA. If the receiver does not guarantee uniqueness, packets will fail security checks.(2 marks)

The sending host uses the selectors to uniquely index into the sending

SADB. The output of this lookup is an SA that has all the security parameters negotiated, including the SPI. The host that allocates the

SPI guarantees uniqueness. The SPI is reused once the SA expires but one is guaranteed at any point the mapping between SPI, destination, and SA is one to one. (2 marks)

The SPI is passed as part of AH and ESP headers. The receiving host uses the tuple SPI, destination, protocol to uniquely identify the SA.

It is possible to use the source address in addition to SPI, destination, protocol to uniquely identify an SA to converse the SPI space.

(2 marks)

QUESTION_TYPE DESCRIPTIVE_QUESTION

QUESTION_ID 72789

QUESTION_TEXT

SCHEME OF

EVALUATION

Explain the characteristics of following malicious codes: a. Virus b. Worm c. Trojan Horse d. Trap door e. Logic bomb a. Virus: A virus is a program that can spread the malicious code to other non malicious programs by modifying them. A virus can be either transient or resident. A transient virus has a life that depends on the life of its host; A resident virus locates itself in memory.

b. Worm: A worm is a program that spreads copies of itself through a network. The worm spreads copies of itself as a standalone program. c. Trojan horse: It is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect. Contains unexpected, additional functionality. d. Trap door: it is feature in a program by which some one can access the program other than by the obvious, direct call perhaps with special privileges. The trapdoor could be intentional, for maintenance purposes, or it could be an illicit way for the implementer to wipe out any record of a crime. e. Logic bomb: it is a class of malicious code that detonates or goes off when a specified condition occurs. (2 marks each)

QUESTION_TYPE DESCRIPTIVE_QUESTION

QUESTION_ID

QUESTION_TEXT

SCHEME OF

EVALUATION

72791

Explain how cryptanalyst uses different information to break the cipher?

a. Ciphertext only: The cryptanalyst decrypt messages based on probabilities, distributions, and characteristics of the available ciphertext, plus publicly available knowledge. b. Full or partial plaintext: the analyst may be fortunate to have a sample message and its decipherment. In these cases, the analyst can use what is called a probable plaintext analysis. After doing part of the decryption, the analyst may find places where the known message fits with the deciphered parts, thereby giving more clues about the total translation.

c. Ciphertext of any plaintext: the analyst might have infiltrated the sender’s transmission process so as to be able to cause messages to be encrypted and sent at will. This attack is called a chosen plaintext attack. For instance, the analyst may be able to insert records into a database and observe the change in statistics after the insertions. Linear programming some times enables such an analyst to infer data that should be kept confidential in the database. This attack is very favorable to the analyst.

d. Algorithm and Ciphertext: the analyst may have both the encryption algorithm and the ciphertext. In a chosen plaintext attack, the analyst can run the algorithm on massive amounts of plaintext to find one plaintext message that encrypt as the ciphertext. This approach fails if two or more distinct keys can produce the same ciphertext as the result of encrypting meaningful plaintext.

e. Ciphertext and Plaintext: the cryptanalyst may lucky enough to have some pairs of plaintext and matching ciphertext. Then, the game is to deduce the key by which those pairs were encrypted so that the same key can be used in cases in which the analyst has only the ciphertext. (2 marks each)

QUESTION_TYPE

QUESTION_ID

QUESTION_TEXT

SCHEME OF

EVALUATION

DESCRIPTIVE_QUESTION

118693

Give the advantages and disadvantages of different types of

Encryption System.

Ans:

Stream Encryption system:

Advantages:

1. Speed of transformation–1M

2. Low error propagation–1M

Disadvantages:

1. Susceptibility to malicious insertions and modifications–

2M

2. Low diffusion–2M

Block Encryption Algorithms advantages:

1. High diffusion–1M

2. Immunity to insertion of symbols–1M

Disadvantages:

1. Slowness of encryption–1M

2. Error Propagation–1M

QUESTION_TYPE

QUESTION_ID

QUESTION_TEXT

DESCRIPTIVE_QUESTION

118695

Explain the different fields of AH and ESP.

Ans:

The fields of AH are–5M

1. Next header

2. Payload length

3. Reserved Field

SCHEME OF EVALUATION 4. SPI field

5. Sequence number

6. The authentication data

The field of ESP are–5M

1. Security Association Identifier

2. Sequence number

3. Payload data

4. Padding

5. Pad length

6. Next header

7. Authentication data

Download