(SEM VII) THEORY EXAMINATION 2018-19 CRYPTOGRAPHY AND NETWORK SECURITY

CRYPTOGRAPHY AND NETWORK SECURITY (NIT-701)

B.Tech – Semester VII

SECTION A

(Attempt all questions)

(a) Block cipher

A block cipher is a type of encryption algorithm that operates on fixed-size blocks of plaintext and converts them into ciphertext using a secret key. Each block is processed independently according to a defined transformation. Common block sizes are 64 bits or 128 bits. Block ciphers provide strong security and are widely used in modern cryptographic systems. Examples include DES and AES. To encrypt large amounts of data, block ciphers are used with different modes of operation such as ECB, CBC, and CTR.

(b) Meaning of cryptography

Cryptography is the science and art of securing information by transforming it into an unreadable format so that only authorized users can access it. It ensures confidentiality, integrity, authentication, and non-repudiation of data. Cryptography plays a vital role in secure communication over insecure networks such as the internet and is the foundation of modern cybersecurity.

(c) Hash algorithm

A hash algorithm is a mathematical function that converts an input message of arbitrary length into a fixed-length output known as a hash value or message digest. Hash functions are one-way functions, meaning the original data cannot be retrieved from the hash. They are commonly used for data integrity verification, password storage, and digital signatures. Popular hash algorithms include MD5, SHA-1, and SHA-256.

(d) Stream cipher

A stream cipher is an encryption algorithm that encrypts plaintext one bit or one byte at a time by combining it with a pseudorandom keystream. The encryption and decryption processes are fast and suitable for real-time applications. Stream ciphers are commonly used in wireless communication and secure data transmission. RC4 is a well-known example of a stream cipher.

SECTION B / SECTION C (Long Answer)

(Attempt any one part)

(a) X.509 Certificates and their role in cryptography

X.509 certificates are digital certificates used to verify the identity of entities such as users, servers, and organizations in a public key infrastructure (PKI). An X.509 certificate contains information such as the subject’s identity, public key, issuer details, validity period, and digital signature of a trusted Certificate Authority (CA).
 

The role of X.509 certificates in cryptography is crucial because they establish trust between communicating parties. They enable secure key exchange, authentication, and encrypted communication in protocols like SSL/TLS. By verifying certificates issued by trusted CAs, systems ensure that communication is secure and protected against impersonation and man-in-the-middle attacks.

(b) Electronic mail security and application of PGP

Electronic mail security focuses on protecting email communication from unauthorized access, tampering, and forgery. Pretty Good Privacy (PGP) is a widely used email security system that provides confidentiality, authentication, and integrity. PGP uses a combination of symmetric encryption for message content and public key cryptography for key exchange. It also uses digital signatures to verify the sender’s identity. PGP is commonly applied in secure email communication and transaction authentication.

(a) Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET) is a protocol developed to secure payment card transactions over the internet. It ensures confidentiality of payment information, authentication of participants, and integrity of transaction data. SET uses digital certificates and encryption to protect sensitive information such as credit card numbers. The protocol involves the cardholder, merchant, and payment gateway, ensuring that each party’s identity is verified and financial data is protected from unauthorized access.

(b) System security and related threats

System security refers to the protection of computer systems and resources against unauthorized access, misuse, and damage. Threats to system security include viruses, worms, Trojan horses, spyware, and ransomware. These malicious programs can corrupt data, steal information, or disrupt system operations. Effective system security involves antivirus software, firewalls, access control, regular updates, and user awareness to prevent and mitigate security threats.