Showing posts with label Network Security. Show all posts
Showing posts with label Network Security. Show all posts

July 01, 2019

Network Security Assignment - SEM 7

assignment , Network Security
Network Security Assignment - SEM 7

Question
Identify the security principle: When data must arrive at receiver exactly as it was sent
Nonrepudiation
Integrity
Confidentiality
Authentication

Question
Identify the security principle: When a sender cannot deny sending a sent message
Nonrepudiation
Integrity
Confidentiality
Authentication

Question
When an attacker performs a capture of a data unit and its subsequent retransmission, which attack he is performing?
Denial of service
Disruption
Spoofing
Replay

Question
What is the block cipher structure in DES?
RSA
Feistel
Shannon
Diffie-Hellman

Question
What does it mean that a hash function H is “collision resistant”?
It is easy to compute h = H(M) for any message M
Given h, it is infeasible to find x such that H(x) = h
Given x, it is infeasible to find y such that H(x) = H(y)
It is infeasible to find any x, y such that H(y) = H(x)

Question
Company XYZ wants to elect their new president by electronic voting. Which security principle will be applicable if only employees are allowed to vote.
Authentication
Integrity
Non-repudiation
Confidentiality

Question
Company XYZ wants to elect their new president by electronic voting. Which security principle will be applicable if No one should be able to see who the other voted for.
Authentication
Integrity
Non-repudiation
Confidentiality

Question
Company XYZ wants to elect their new president by electronic voting. Which security principle will be applicable if An employee should be able to verify that his vote was not changed.
Authentication
Integrity
Non-repudiation
Confidentiality

Question
Company XYZ wants to elect their new president by electronic voting. Which security principle will be applicable if The employee cannot deny having voted
Authentication
Integrity
Non-repudiation
Confidentiality

Question
Alice and Bob share a common secret password, P. Using this, they want to authenticate each other. Which of the following is the correct way to do so?
Alice sends P to Bob. Bob verifies P to authenticate Alice.
Alice sends the message encrypted with P. If Bob is able to decrypt it successfully, Alice is authenticated.
Alice sends a random number encrypted with P. Bob decrypts the number and authenticates Alice.
Bob sends Alice a random challenge. Alice returns the challenge encrypted with P.
Bob sends Alice a random challenge encrypted with P. Alice returns the challenge+1 encrypted with P.

Question
In which algorithmic mode does the corresponding cipher text block repeat if a plain text block repeats in the original message? Select all correct options
ECB
CBC
CFB
OFB

Question
In which algorithmic mode can the ciphering operation be performed in parallel? Select all correct options
ECB
CBC
CFB
OFB

Question
Consider the following scenario.A and B both share a secret key with a Key Distribution Center (KDC). We call these keys Ka-kdc and Kb-kdc respectively. A wants to establish a shared symmetric key with B using the following steps:A sends a message to the KDC encrypted by Ka-kdc. Encrypt Ka-kdc(B)KDC responds by sending Encrypt Ka-kdc(Kb-kdc)A now corresponds with B using Kb-kdc. Is this solution correct or incorrect. Justify.
The solution is correct. The KDC first verifies A since Ka-kdc is known only to A. Only the KDC and B know Kb-kdc.
The solution is incorrect. The KDC first verifies A since Ka-kdc is known only to A. Only the KDC and B know Kb-kdc.

Question
Consider the following scenario.Alice wants to send assignment grades from her home computer to Bob at work. She wants to prevent anyone from modifying the grades. So Alice sends a message M to Bob along with H = Hash(M). Bob receives M and H, and calculates H’ = Hash(M). Only if H = H', Bob accepts the message. Is this solution foolproof?
Yes because if the message is changed, the hash will also change and Bob will be able to detect the modified
No because the intruder may replace M with M' and H with Hash(M').

Question
A class has n students. How many symmetric secret keys are needed if each students wants to send secret messages to another?
1
n
n*n
n(n-1)/2

Question
A class has n students. If they all trust the classteacher, how many symmetric secret keys are needed?
1
n
n*n
n(n-1)/2

Question
If the class teacher distributes a temporary one-time session key for a communicating pair, how many keys are needed? The temporary key is encrypted and sent to both members.
1
n
n*n
n(n-1)/2

Question
If public key cryptography is used, how many keys are needed in all?
1
2
n
2n

Question
An attack on a cipher text message where the attacker attempts to use all possible permutations and combinations is called:
Brute force attack
Man-in-the-middle
Chosen plaintext
Chosen ciphertext

Question
Which of the following is most efficient to achieve confidentiality and digital signature for message M
Use public key cryptography to hide message M by applying Encrypt-with-Kreceiverpublic(M) and sign message M applying Encrypt-with-Ksenderprivate(M)
Use public key cryptography to hide message M by applying Encrypt-with-Kreceiverpublic(M) and sign message by applying Encrypt-with-Ksenderprivate(Hash(M))
Use public key cryptography to share key by applying Encrypt-with-Kreceiverpublic(Kshared), hide message by applying Encrypt-with-Kshared(M) and sign message by applying Encrypt-with-Ksenderprivate(Hash(M))
Use private key cryptography to hide message M by applying Encrypt-with-Kshared(M) and sign message by applying Encrypt-with-Kshared(Hash(M))

Question
Key distribution often involves the use of _________ which are generated and distributed for temporary use between two parties.
Session keys
Public keys
private keys
Certificates
Read More
1 comment:
Labels: ,

June 24, 2019

Network Security - Comprehensive Paper Solution

Comprehensive , Network Security
Network Security - Comprehensive Paper Solution

Note: This is a previous year comprehensive solutions for your reference, feel free to provide solutions by navigating Submit Question/Answer tab in case you have latest solutions.


1) Jira's password is made of up 6 alphanumeric characters only. One password attempt takes 1 millisecond, What is the time to crack it in days?
i)  If password is case-sensitive.
ii) If password is case- insensitive.

Answer:
i) Case sensitive
 total chars = 26 + 26 + 10 = 62
 possible combinations = 62 ^ 6 passwords
 total time taken = 62 ^ 6 . 1 ms
 approx. 62.62 =~ 3600 sec = 1 hour
 Total time taken = 62. 62. 62. 62 / 1000 hours
 =~ 360. 36 hours = 360.36/24 days
 =~ 360.3/2= 180.3 = 540 days
 Note: 62^4/1000/24 =~ 615 days
 So an approx. answer between 520 to 620 days is good enough.

ii) Case insensitive
 total chars = 26 + 10 = 36
 possible combinations = 36 ^ 6 passwords
 total time taken = 36 ^ 6 . 1 ms
 = 36.36.36./ 1000 . 36 ^3
 =~ 36. 36 ^ 3 seconds
 = 36. 36. 36. 36 / 3600 hours
  = 466 hours
 =~ 19 days
 So an approx. answer between 18 to 20 days is good enough.

2) What is a self-signed SSL certificate ?  Detail on the security perspective when a website is using a self-signed SSL certificate.

Answer:
A certificate not-signed by a Publicly trusted CA, but signed by a locally setup CA server is a self-signed certificate. Any entity/website/server using a self-signed SSL certificate cannot be trusted and very commonly used in phising attacks. I can setup a server to act as gmail.com fradulently by creating a self-signed certificate for www.gmail.com and deploying it in the server.

Most standard browsers – Firefox, Google Chrome, Safari, etc. throw errors when trying to browse to websites having self-signed certificates.

3) How to avoid man-in-the-middle attack in SSH sessions? Show passwordless SSH logins at work.

Answer:
Man-in-the-middle attack is at-work when a client C logs in to a server M thinking it is server S and the client C is unable to detect it. In this case, the server M has successfully duped the client C and has forged a man-in-the-middle attack. So it can be a passive two-way data forwarder between client C and the actual server S, or an active data-mangler.
Every host server in SSH have their public keys sent to the client in the Key Exchange., which gets stored in client’s .ssh/known_hosts file. So the next time, client connects to the host, the server sent public key is matched with the client’s .ssh/known_hosts file and if there is a mismatch, SSH does not connect. So this SSH behavior effectively thwarts a middle server M trying to pose as actual server S.
Password less SSH logins happen via public keys.
Consider Client C connecting to Server S. In server S side, in file .ssh/authorized_keys, there should be entry containing client C’s public key. Then the server S will use it to exchange - encrypting/signing initial key exchange material with the client C. Because of the property that any data encrypted with public key can only be decrypted using the matching private key, this mechanism automatically authenticates the client C as only client C holds the private key. Client’s private key file are usually stored in file .ssh/id_rsa or .ssh/id_dsa depending on the public key algorithm chosen.
Read More
1 comment:
Labels: ,

April 22, 2019

Network Security - MCQS

Network Security , quiz
Network Security - MCQS
Question
Consider these statements and state which are true.
i)   Encoding and encryption change the data format.
ii)  Encoding is a reversible process, while encryption is not.
iii) Both Encoding and Encryption are reversible processes.
iv)  Any third party will be able to reverse an encoded data,but not an encrypted data.

Select one:
i), iii) and iv)
ii) and iv)
i) and iv)
i), ii) and iv)

The correct answer is: i), iii) and iv)

Question
Which of the following attacks is not an attack on Integrity?

Select one:
Modification
Replay
Denial Of Service
Masquerading

The correct answer is:: Denial Of Service

Question
I sent a data set {A,B,C,D} to a recipient which got received as {B,A,D,C}.

Select one:
Data security is compromised
Data integrity is lost
Confidentiality is lost
Data availability is compromised

The correct answer is:: Data integrity is lost

Question
A website login mechanim employs both password and verifying a PIN number sent via SMS to registered mobile.

This scenario provides ______
Select one:
High convenience but low security
High convenience and good security
Low convenience and low security
Low convenience but good security

The correct answer is:: Low convenience but good security

Question
A fake email posing as a legitimate email from bank is 

Select one:
Attack on Availability
Masquerading attack
Denial of Service (DOS) attack
Attack on Confidentiality

The correct answer is:: Masquerading attack

Question
Which of these mechanims provide data integrity ?
i) DES Encryption
ii) Asymmetric encryption
iii) SHA Hashing
iv) Hashed-MAC

Select one:
i and iv
i and iii
ii and iii
iii and iv

The correct answer is:: iii and iv

Question
Email attachments typically employ

Select one:
Base64 encoding
Base16 encoding
UTF-8 encoding
URL encoding

The correct answer is:: Base64 encoding

Question
The combination of key exchange, hash and encryption algorithms is termed as _______ in SSL/TLS.     

Select one:
TLS Handshake
Protocol suite
Cipher suite
TLS Records

The correct answer is:: Cipher suite

Question
The protocol ‘POP’ stands for-

Select one:
Personal Office Protocol
Post Office Protocol
Privacy Overall Protocol
Privacy Over Protocol

The correct answer is:: Post Office Protocol

Question
Which is the most secure way to remote login?

Select one:
SSH with public keys
Telnet with password
SSH with password
Telnet with public keys

The correct answer is:: SSH with public keys


Question
The Application layer protocol required for Electronic Mail is:

Select one:
SMTP
HTTP
FTP
SIP

The correct answer is: SMTP

Question
Which of these statements regarding HTTP is true.

Select one:
HTTPS adds security to HTTP POST and PUT messages as this is where password exchange is done.
HTTPS uses the same HTTP message format but  adds a handshake+encryption mechanism.
HTTPS introduces new messages HANDSHAKE and ALERT for bringing in security in HTTP.
HTTPS does not add security to HTTP GET and HEAD messages

The correct answer is: HTTPS uses the same HTTP message format but  adds a handshake + encryption mechanism.

Question
Which of these statements is true?

Select one:
a. IMAP provides security, but is optional in email
b. SMTP has a mechanism to enable TLS mode to enforce security.
c. Email mandates use of IMAP so that security is enforced
d. If TLS mode in SMTP is set forwarding will fail

The correct answer is:  SMTP has a mechanism to enable TLS mode to enforce security.

Question
For SSL which is the advised cryptographic algorithm?

Select one:
twofish 128
aes 192
aes 128
blowfish

The correct answer is:: aes 128

Question
In SSL handshake, Server Hello message typically contains

Select one:
List of ciphers for the session and extensions list
Selected cipher for the session and random bytes
Selected cipher for the session and public key of server
Random bytes and public key of server

The correct answer is: Selected cipher for the session and random bytes

Question
Pretty Good Privacy (PGP) is employed in

Select one:
FTP and WWW Security
Email and FTP Security
Email security
Email and WWW Security

The correct answer is:: Email security

Question
What is the common term present in HTTP request and status line?

Select one:
HTTP version number
URL
Method
None of the mentioned

The correct answer is:: HTTP version number

Question
A session symmetric key between two keys is used:

Select one:
Only once
Two times
Multiple times
Dependent on other conditions

The correct answer is:: Only once

Question
Which one of the following is a cryptographic protocol used to secure HTTP connection?

Select one:
Stream Control Transmission Protocol (SCTP)
Pretty Good Privacy (PGP)
Secure Mime(SMIME)
Transport Layer Security (TLS)

The correct answer is:: Transport Layer Security (TLS)

Question
The services provided by application layer are:

Select one:
Network virtual terminal
File transfer, access, and management
Mail service
All of the mentioned

The correct answer is:: All of the mentioned

 Question
A group having 30 members uses Symmetric Key Encryption for message transmission.   How many secret keys are needed if all the members need to send secret messages to each other?

Select one:
30
60
435
900

The correct answer is: 435

Question
DES is no longer a recommended cipher because...

Select one:
A. it produces reflexive keys in pairs which are weak
B. it requires more computing power
C. it can be brute forced as it is 56-bit
D. major flaws were found in the rounds of DES

The correct answer is: it can be brute forced as it is 56-bit

Question
I - me@gmail.com - tried to email a .jar file to Dinesh. dinesh@company.com . But it got blocked by gmail while attaching.Then I tried sending a .txt file to Dinesh which went through fine. What do you infer? .jar files cannot be sent as

Select one:
A. it is blocked by gmail as .jar files are bigger in size
B. Email uses SMTP which is a Text protocol
C. it is blocked by company.com
D. it is blocked by gmail as it could contain viruses.

The correct answer is: it is blocked by gmail as it could contain viruses.

Question
What is the protocol used between Message User Agent (MUA) and Message Transfer Agent (MTA) in email system.

Select one:
A. HTTP
B. SMTP
C. IMAP
D. POP3

The correct answer is: SMTP


Question
IPSec defines these two protocols:

Select one:
A. PGP; ESP
B. AH; ESP
C. AH; SSL
D. PGP: SSL

The correct answer is: AH; ESP

Question
HTTPS implicitly uses Server certificates. These Server certificates contain ______

Select one:
A. Server's public key, algorithm used and digital signature
B. Server's public key and private key
C. Server's private key, algorithm used and digital signature
D. Server's public key and digital signature

The correct answer is: Server's public key, algorithm used and digital signature

Question
Asymmetric encryption has

Select one:
A. one key for encryption and another key for decryption
B. two keys - one key for public encryption and another for private encryption
C. one public key for doing encryption and decryption and another private key only for decryption
D. only one public key which is shared

The correct answer is: one key for encryption and another key for decryption

Question
Instead of storing plaintext passwords, AES encrypted passwords are stored in database.

In such a system, Which of these statements is true ?

Select one:
a. if database admin knows the key, there is no security
b. Password Authentication becomes slow
c. Changing passwords will not be possible
d. even if database admin knows the key, original passwords cannot get revealed.


The correct answer is: if database admin knows the key, there is no security

Question
IP Header contains

Select one:
A. Source and destination IP addresses and priority numbers
B. Source and destination IP addresses and IP version number
C. Source and destination IP addresses and Port numbers
D. Source and destination IP addresses and sequence numbers

The correct answer is: Source and destination IP addresses and IP version number



Question
Pick the most relevant option. I sent a data set {J,K,L,M,N} to a recipient which got received as {J,K,N}.

Select one:
A. Data integrity is lost
B. Data availability is compromised
C. Both Confidentiality and integrity are compromised
D. Data Confidentiality is compromised

The correct answer is: Data integrity is lost

Question
A data center is secured with 3 outer gates - Og1, Og2, Og3    locked by separate keys - Kog1, Kog2, Kog3 - given to    three personnel - P1, P2, P3.
These 3 outer gates lead to 2 inner gates - Ig1, Ig2 - which provide main corridor access. The matching keys - Kig1, Kig2 are given to P2 and P4. The order of acessibility from most access to least access for the personnel is ____________

Select one:
A. P2, P1, P3, P4
B. P1, P2, P3, P4
C. P4, P3, P2, P1
D. P2, P4, P1, P3

The correct answer is: P2, P1, P3, P4

Question
Pick the closest in meaning to non-repudiation. Manu sends data to Naren. Paari is sniffing the data transfer.

Select one:
A. Naren can verify that data was indeed sent by Manu.
B. Paari is unable to get the original data.
C. Manu can verify if data reached Naren without any change.
D. Naren can verify if the data got changed by Paari

The correct answer is: Naren can verify that data was indeed sent by Manu.

Question
The modes  of IP-Sec are

Select one:
A. Padding mode and Non-padding mode.
B. Secure and Unsecure Mode
C. Tunnel Mode and Transport Mode
D. SPD and SAD mode

The correct answer is: Tunnel Mode and Transport Mode

Question
Of these, Which is the most secure way to remote login?

Select one:
A. SSH with public keys
B. Telnet with password
C. Telnet with public keys
D. SSH with password

The correct answer is: SSH with public keys

Question
Megha's uses a 4-digit bank ATM PIN. Guna peeped in,as Megha keyed-in and found the last two digits of her PIN. Knowing that Megha does not use 0 in her PIN, what is the maximum attempts for Guna to get her PIN correct ?

Select one:
A. 18
B. 81
C. 19
D. 90

The correct answer is: 81

Question
When using HTTPS, a sniffer in a local LAN will be able to

Select one:
A. sniff only the websites/domain but not the URLs
B. sniff only the websties/domain but not the IP addresses
C. sniff only the URLs in the data exchange but not the posted/downloaded data contents.
D. sniff only the HTTP headers in the requests and response

The correct answer is: sniff only the websites/domain but not the URLs


Question
Pick the statement which is true. A network application

Select one:
A. can use both TCP and UDP at the same time, but only maximum of 256 ports. Incorrect
B. cannot use both TCP and UDP at the same time.
C. can use both TCP and UDP at the same time
D. can use both TCP and UDP at the same time, but only maximum of 1024 ports.

The correct answer is: can use both TCP and UDP at the same time

Question
Find the modular inverse of a number in mod arithmetic using

Select one:
a. Extended Euclidean Algorithm
b. Diffie Hellmann Algorithm
c. El-Gamal Algorithm
d. Euclids Algorithm

The correct answer is: Extended Euclidean Algorithm

Question
Which is the generator for modulo base 11 ?

Select one:
A. 2
B. 5
C. 3
D. 1

The correct answer is: 2

Question
399915 ^ 505021 mod 9 = ?

Select one:
a. 1
b. 0
c. 3
d. 6

The correct answer is: 0

Question
210031 ^ X mod 19 = 1

Here the matching values for X are
Select one:
a. 6, 9, 18
b. 18, 9, 36
c. 8, 18, 27
d. 6, 12, 18

The correct answer is: 18, 9, 36

Question
Euler’s Totient Function Φ (10) is:

Select one:
2
5
4
8

The correct answer is: 4

Question
Which of the following algorithms do not make use of primitive roots in its computations?
Select one:
RC4
Diffie Hellman Key Exchange
Elgamal Cryptographic System
None of the above

The correct answer is: RC4

Question
BBS generator is used for generating:

Select one:
Symmetric keys
Asymmetric keys
Random Numbers
All of above

The correct answer is: Random Numbers

Question 4
-22 mod 11 equals

Select one:
0
5
2
3

The correct answer is: 0

Question 5
Which of the following is not a criteria for design in DES cipher?

Select one:
Varying the block size
Varying the number of rounds of the cipher
Varying the key size for each round of the cipher
Varying the algorithm for generation of the subkey

The correct answer is: Varying the key size for each round of the cipher

Question
Consider Hashed Message Authentication Code (HMAC) scheme.
Pick which statement is true.

Select one:
A. HMAC output depends on the size of the input message
B. HMAC output size is not fixed
C. HMAC output size is same as the input key size
D. HMAC output size depends on the hashing tool chosen

The correct answer is: HMAC output size depends on the hashing tool chosen

Question
Public key encryption/decryption is not preferred because

Select one:
it is slow
it is hardware/software intensive
it has a high computational load
all of the mentioned

The correct answer is: all of the mentioned

Question
A real number that cannot be represented as a ratio of two integers is known as:

Select one:
Whole Number
Prime Number
Irrational Number
Recurring decimal

The correct answer is: Irrational Number

Question
Which one of the following is not a legitimate entropy source for TRNG algorithm?

Select one:
Disk rotation in RPM
Clock speed
Key strokes
Screen size

The correct answer is: Screen size

Question
The first 8 bits for BBS bit generator when seed = 101355 and n=192649 is

Select one:
10101010
11100010
11001011
11001110

The correct answer is: 11001110

Question
Statistical relationship between the rule to encrypt and the ciphertext produce should be as complex as possible.  This principal is known as:

Select one:
Diffusion
Confusion
Complex encryption
None of the above

The correct answer is: Confusion

Question
What is the GCD (1701, 3768)?

Select one:
4
1
3
7

The correct answer is: 3

Question
Pick the valid MIME header, when sending an image in email.

Select one:
A. Content-type: image/gif
Content-Disposition: attachment; filename="star.gif"
B. Content-type: image/gif/jpeg/jpg; name="star.gif"
Content-Disposition: attachment; filename="star.gif"
C. Content-type: image/gif; name="star.gif"
Content-Disposition: base64; filename="star.gif"
D. Content-type: image/gif; name="star.gif"
Content-Disposition: image; filename="star.gif"

The correct answer is: Content-type: image/gif
Content-Disposition: attachment; filename="star.gif"

Question
Let m be a message consisting of 64 blocks which Anubhav transmits to Bani using block mode of encryption.  Due to a network error, the 12th block gets corrupted, but all other cipher text blocks are transmitted ly.  Once Bani decrypts the cipher text, how many plaintext blocks will be affected,
assuming CFB and ECB modes of operations?

Select one:
53 for CFB, 1 for ECB
1 for CFB, 53 for ECB
52 for CFB, 1 for ECB
52 for both CFB & ECB

The correct answer is: 53 for CFB, 1 for ECB

Question
Disadvnatge of Vernam Cipher over RC4 is:

Select one:
Can’t decrypt large size message
Key needs to be same as plain text size
Complex Encryption approach
All of the above

The correct answer is: Key needs to be same as plain text size

Question
An Asymmetric –key (public-key) cipher uses:

Select one:
1 Key
2 Key
3 Key
4 Key

The correct answer is: 2 Key

Question
3 and 19 are congruent in:

Select one:
Z10
Z7
Z8
Z11

The correct answer is: Z8

Question
What is multiplicative invers of 20 with arithmetic modulo 73

Select one:
11
17
37
21

The correct answer is: 11

Read More
51 comments:
Labels: ,

April 17, 2019

Network Security - Mid Sem Solution

mid sem , Network Security
Network Security - Mid Sem Solution
Mid-Sem Paper Solutions:


Question:
What are the different types of active security attack ?

Answer:
Security Attack: Any action that compromises the security of information owned by an organization. There are 2 types of attack as shown below.

Active Attack:
An Active attack attempts to alter system resources or effect their operations. The attacker changes the data or harms the system.

Passive Attacks:
The attacker’s goal is to just obtain the information. The attack does not harm the system.

Types of active attacks include:
  • Denial of service (DoS) - It prevents normal use of communication facilities. Slowing down or totally interrupt the service of the system. E.g. multiple requests to bring an exam result server down.
  • Session replay - Subsequent retransmission of a captured message to produce an unauthorized effect. E.g. Bill payment fake reminders.
  • Masquerade - Masquerade attack takes place when one entity pretends to be different entity. E.g. Hoax bank sites. 
  • Message modification - It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorized effect.
  • Repudiation - Sender denies that it sent the message or the receiver denies that it received the message.
  • Trojans - A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.
Types of passive attack include:
  • Snooping - Data is intercepted by an unauthorized person. E.g. Tapping
  • Traffic Analysis - May be the data is masked, so no information can be extracted but some patterns like - sender, receiver, message length, time of the message etc. can be extracted to make intelligent guesses.
Read More
4 comments:
Labels: ,