(SEM VII) THEORY EXAMINATION 2024-25 CRYPTOGRAPHY AND NETWORK SECURITY

CRYPTOGRAPHY AND NETWORK SECURITY (KCS074)

Time: 3 Hours | Maximum Marks: 100

SECTION A (10 × 2 = 20 Marks)

(Attempt all questions in brief)

(a) Outline the key principles of security.

The key principles of security are:

Confidentiality: Protection from unauthorized access     Integrity: Protection from data modification

Availability: Ensuring services are accessible                   Authentication: Verifying identity

Non-repudiation: Preventing denial of actions

(b) Distinguish between active and passive attacks.

(c) Determine GCD of (1970, 1066) using Euclid’s algorithm.

1970 = 1066 × 1 + 904                                           1066 = 904 × 1 + 162
904 = 162 × 5 + 94                                                 162 = 94 × 1 + 68
94 = 68 × 1 + 26                                                     68 = 26 × 2 + 16
26 = 16 × 1 + 10                                                     16 = 10 × 1 + 6
10 = 6 × 1 + 4                                                          6 = 4 × 1 + 2
4 = 2 × 2 + 0                                                            GCD = 2

(d) Compute Φ(55).

55 = 5 × 11                                                               Φ(55) = 55 × (1 − 1/5) × (1 − 1/11)
Φ(55) = 55 × 4/5 × 10/11 = 40

(e) Discuss Public Key Infrastructure (PKI).

PKI is a framework that manages digital certificates and public-key encryption.
It provides authentication, confidentiality, integrity, and non-repudiation using certificates issued by Certificate Authorities (CA).

(f) Explain Birthday attack.

Birthday attack exploits probability theory to find hash collisions faster than brute force by matching two different messages with the same hash value.

(g) Explain E-mail security.

E-mail security ensures confidentiality, authentication, integrity, and non-repudiation using encryption, digital signatures, and secure protocols like PGP and S/MIME.

(h) List functions of PGP.

Encryption                                                                 Digital signature

Compression                                                             Key management

Authentication

(i) Differentiate transport and tunnel mode in IPsec.

(j) Distinguish Logic Bomb and Trojan Horse.

SECTION B (Attempt any THREE) (3 × 10 = 30 Marks)

2(a) Substitution and Transposition techniques

Substitution Cipher: Replaces letters (e.g., Caesar cipher)
Transposition Cipher: Rearranges letters (e.g., Rail fence cipher)

2(b) Advanced Encryption Standard (AES)

AES is a symmetric block cipher with:                    Block size: 128 bits

Key sizes: 128/192/256 bits

Steps:
SubBytes → ShiftRows → MixColumns → AddRoundKey

AES is secure, fast, and widely used.

2(c) Digital Signature & DSA

Digital signature ensures authentication and integrity.

Signing:                                                                  Hash message

Encrypt hash with private key

Verification:                                                           Decrypt using public key

Compare hash values                                              DSA uses modular exponentiation for secure signing.

2(d) Kerberos & differences (V4 vs V5)

Kerberos is a trusted authentication system using tickets.

2(e) IP Security (IPsec)                                         IPsec secures IP packets using:

AH: Authentication & integrity

ESP: Confidentiality & encryption

SECTION C (Attempt any ONE) (10 Marks)

3(a) DES Algorithm                                              DES is a 64-bit block cipher with 16 rounds.

Strengths:                                                              Simple structure

Fast hardware implementation

Need for Double & Triple DES:                           To overcome small key size (56-bit)

3(b) Vigenère Cipher

Message: “LIFE IS FULL OF SURPRISES”
Key: HEALTH

Encryption is performed by repeating key and shifting letters.

Cipher text obtained after applying Vigenère table.

SECTION D (Attempt any ONE) (10 Marks)

4(a) Multiplicative inverse of 11 mod 26

11x ≡ 1 (mod 26)

Using Extended Euclidean Algorithm:                     26 = 11×2 + 4
11 = 4×2 + 3                                                           4 = 3×1 + 1

Back-substitution gives:                                          1 = 26 − 11×7

Inverse of 11 mod 26 = 19

4(b) Miller-Rabin test for n = 37                          37 − 1 = 36 = 2² × 9

Choose base a = 2                                                   2⁹ mod 37 ≠ 1
2¹⁸ mod 37 ≠ −1                                                      37 is prime

SECTION E (Attempt any ONE) (10 Marks)

5(a) Message Authentication Code (MAC)

MAC ensures message integrity and authentication using a secret key and hash function.

5(b) SHA-512

SHA-512 produces a 512-bit hash using:                Message padding

80 rounds                                                                 Logical functions (Σ, Ch, Maj)

SECTION F (Attempt any ONE) (10 Marks)

6(a) X.509 Certificate

X.509 defines certificate structure for authentication.

Fields include:                                                          Version

Serial number                                                          Public key

CA signature

6(b) Services of S/MIME

S/MIME provides:                                                     Encryption

Digital signatures                                                     Authentication

Message integrity

SECTION G (Attempt any ONE) (10 Marks)

7(a) Dual Signature in SET

Dual signature links order info and payment info securely.

SET steps:
Customer → Merchant → Payment Gateway → Bank

7(b) SSL Connection vs Session