lOMoARcPSD|12262444

CS8792– Cryptography and Security - Key

 lOMoARcPSD|12262444

R.M.D. ENGINEERING
COLLEGE (An Autonomous
Institution)
RSM Nagar, Kavaraipettai – 601 206

B.E./B.Tech -End Semester Theory Examinations – Nov/Dec 2022

QP Code: C22701

Seventh Semester
Information
Technology
CS8792– Cryptography and Network Security
(Regulations – 2017)
Answer Key

Part-A (10 x 2 = 20 Marks)

1. Passive attacks Active attack
1. Passive attacks do not affect system 1. Active attacks try to alter system
resources Ex. Eavesdropping, monitoring resources or affect their operation
2. Two types of passive attacks  Modification of data, or creation of
 Release of message false data
 Traffic analysis 2. Four categories
3. Passive attacks are very difficult to detect  Masquerade
 Replay
 Modification of messages
 Denial of service: Preventing normal
use
3. Difficult to prevent
2. 2260 ÷ 816 = 2 R 628 (2260 = 2 × 816 + 628)
816 ÷ 628 = 1 R 188 (816 = 1 × 628 + 188)
628 ÷ 188 = 3 R 64 (628 = 3 × 188 + 64)
188 ÷ 64 = 2 R 60 (188 = 2 × 64 + 60)
64 ÷ 60 = 1 R 4 (64 = 1 × 60 + 4)
60 ÷ 4 = 15 R 0 (60 = 15 × 4 + 0)
When remainder R = 0, the GCF is the divisor, b, in the last equation. GCF = 4
3. Euler’s Totient function Φ (n) for an input n is the count of numbers in {1, 2, 3, …, n-1} that are
relatively prime to n, i.e., the numbers whose GCD (Greatest Common Divisor) with n is 1.
4. 1. Plaintext
2. Encryption algorithm
3. Secret key
4. Cipher text
5.Decryption algorithm
5. If one wants to test whether p is prime, then we can pick random integers a not divisible by p and
see whether the equality holds. If the equality does not hold for a value of a, then p is composite.
This congruence is unlikely to hold for a random a if p is composite
6. Euler’s theorem states that for every a and n that are relatively prime
aϕ(n)≡1(mod n)
7. Hash function
Message encryption
Message authentication code
 lOMoARcPSD|12262444

8. Symmetric: It is a form of cryptosystem in which encryption and decryption performed using the
same key.
Asymmetric: It is a form of cryptosystem in which encryption and decryption performed using
two keys. Eg: DES, AES Eg: RSA, ECC
9. One-way function: The system stores only the value of a function based on the user's password.
When the user presents a password, the system transforms that password and compares it with the
stored value.
Access control: Access to the password file is limited to one or a very few accounts
10. At least 12 characters.
A mixture of both uppercase and lowercase
letters. A mixture of letters and numbers.
Inclusion of at least one special character, e.g., ! @ # ? ]

Part – B (5 x 13 = 65 Marks)
11.a. Security attack
Security mechanism
Security service
Active Attack
Passive Attack
(All 5 points with explanation – 7 Marks)
11. a.ii.

(Explanation of each part in the diagram– 6 Marks)

Or
11.b.
Assume “communication” is the plaintext and “computer” is the encryption key.
The key might be any word or phrase. Let’s figure out what was communicated.
1. First, create a digraph from the plaintext by applying rule 2, which is CO MX MU NI CA TE.
2. Make a key matrix that is 5 by 5. (by rule 3). The significant element in our circumstance
is COMPUTER.
 lOMoARcPSD|12262444

The first digraph is CO. The two are displayed together in a row. The CO and OM are encrypted
using Rule 4(i).
The second digraph is MX. Both of them are visible in the same column. The MX and RM are
encrypted using Rule 4(ii).
The third digraph is MU. The two are displayed together in a row. MU is encrypted into the PC
using Rule 4(i).
The fourth digraph is NI. The pair is visible in several rows and columns. NI is encrypted into SG
using Rule 4(iii).
The sixth digraph is CA. The pair is visible in several rows and columns. Rule 4(iii) states are
used by CA to encrypt data.
Therefore, the plaintext COMMUNICATE is encrypted using OMRMPCSGPTER.
(13 Marks)

12.a. DES Encryption

As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be
encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in
length.

DES Decryption As with any Feistel cipher, decryption uses the same algorithm as encryption,
except that the application of the subkeys is reversed. Additionally, the initial and final
permutations are reversed.
(DES Explanation with example – 13 Marks)
Or
 lOMoARcPSD|12262444

12.b. RC4
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variable key size
stream cipher with byte-oriented operations. The algorithm is based on the use of a random
permutation
The RC4 algorithm
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];

/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];
(7 Marks)
12.b.ii AES Encryption
AES general structure with diagram and AES Encryption and decryption and encryption
round with explanation
(6 Marks)
13.a. RSA Algorithm
Select two large prime numbers, p and q.
Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
Choose a number e less than n, n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x
(q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n),
gcd (e,d(n)) =1
If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key
<e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each
of which is encrypted separately.
To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To
calculate plain text m from the ciphertext c following formula is used to get plain text m.
m = cd mod n
(7 Marks)
Problem
As given data P = 13, q = 17, e = 35, d = ?; As per RSA Algorithm.
n = P × q = 13 × 17 = 221; By using RSA formula ,
φ(n) = (P – 1) (q – 1) = 12 × 16 = 192.
To find out the private key of A, then take Modulas operater for RSA formula.
(d × e) mod φ(n) = 1; (d × 35) mod (192) = 1
d = 11, Hence, answer is 11.
(6 Marks)
 lOMoARcPSD|12262444

Or
13.b. DIFFIE–HELLMAN KEY EXCHANGE

(6 Marks)
Here is an example. Key exchange is based on the use of the prime number
q = 353 and a primitive root of 353, in this case a = 3. A and B select private keys
XA = 97 and XB = 233, respectively. Each computes its public key:
A computes YA = 397 mod 353 = 40.
B computes YB = 3233 mod 353 = 248.
After they exchange public keys, each can compute the common secret key:
A computes K = (YB), XA mod 353 = 24897 mod 353 = 160. B computes K = (YA)
XB mod 353 = 40233 mod 353 = 160. We assume an attacker would have available the following
information: q = 353; a = 3; YA = 40; YB = 248
(Any example - 7 Marks)
14.a. SHA

(Diagram with explanation – 6 Marks)

Append padding bits.
Append length
 lOMoARcPSD|12262444

Initialize hash buffer.

Process message in 1024-bit (128-byte) blocks
Output
(Process Explanation – 7 Marks)
Or
14.b. KERBEROS
A user may gain access to a particular workstation and pretend to be another user operating from
that workstation.
A user may alter the network address of a workstation so that the requests sent from the altered
workstation appear to come from the impersonated workstation.
A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server or to
disrupt operations.
Simple Authentication

(7 Marks)
14.b.ii X.509 CERTIFICATES

(Diagram with Explanation – 6 Marks)

 lOMoARcPSD|12262444

15.a. PGP
Key Certification: S/MIME uses X.509 certificates that are issued by Certificate Authorities (or
local agencies that have been delegated authority by a CA to issue certificates). In openPGP, users
generate their own OpenPGP public and private keys and then solicit signatures for their public
keys from individuals or organizations to which they are known.
Whereas X.509 certificates are trusted if there is a valid PKIX chain to a trusted root, an
OpenPGP public key is trusted if it is signed by another OpenPGP public key that is trusted by the
recipient. This is called the Web-of-Trust.

Key Distribution: OpenPGP does not include the sender’s public key with each message, so it is
necessary for recipients of OpenPGP messages to separately obtain the sender’s public key in rder
to verify the message. Many organizations post OpenPGP keys on TLS-protected websites:
People who wish to verify digital signatures or send these organizations encrypted mail
19.6 / DNSSEC 639 need to manually download these keys and add them to their OpenPGP
clients. Keys may also be registered with the OpenPGP public key servers, which are servers that
maintain a database of PGP public keys organized by email address. Anyone may post a public
key to the OpenPGP key servers, and that public key may contain any email address. There is no
vetting of OpenPGP keys, so users must use the Web-of-Trust to decide whether to trust a given
public key
(Explanation – 7 Marks)
15.a.ii Various types of virus
File-infecting Virus
Macro Virus
Browser Hijacker
Web Scripting Virus
Boot Sector Virus
Polymorphic Virus
Resident Virus
Multipartite Virus.

(Any 6 Explanation – 6 Marks)

Or
15.b. Firewalls
A firewall is a security device — computer hardware or software — that can help protect your
network by filtering traffic and blocking outsiders from gaining unauthorized access to the private
data on your computer.
Types of firewalls
Packet-filtering firewalls
Proxy service firewalls
Stateful multi-layer inspection (SMLI)
firewalls Unified threat management (UTM)
firewalls Next-generation firewalls (NGFW)
(Explanation – 7 Marks)
15.b.ii S/MIME.
SMIME Explanation
Operational description
Confidentiality and authentication
Email Compatibility
(Explanation – 6 Marks)
Part – C (1 x 15 = 15 Marks)
16.a. ENCRYPTION
To encrypt a plaintext, follow these steps:

Turn the keyword to matrix

The first step is to convert the given keyword to a 3x3 matrix form. Next, convert the keyword
matrix into a key matrix by replacing the letters with corresponding numeric values.
 lOMoARcPSD|12262444

ATTFNW
(15 Marks)
Or
16.b. Key Management
Distribution of public keys.
Use of public-key encryption to distribute secrets.
(Explanation – 5 Marks)
Chinese reminder theorem
Step 0 Establish the basic notation. In this problem we have k = 3, a1 = 3, a2 = 2, a3 = 4,
m1 = 4, m2 = 3, m3 = 5, and m = 4 · 3 · 5 = 60.
Step 1 Implement step (1). z1 = m/m1 = 60/4=3 · 5 = 15, z2 = 20, and z3 = 12.
Step 2 Implement step (2). We solve ziyi ≡ 1 mod mi, i = 1, 2, 3. In this problem, we need to
solve
15y1 ≡ 1 mod 4
20y2 ≡ 1 mod 3
12y3 ≡ 1 mod 5.
x ≡ a1y1z1 + a2y2z2 + a3y3z3 (mod 60).
Substituting, we obtain
3 · 3 · 15 + 2 · 2 · 20 + 4 · 3 · 12 = 359 which reduces to x ≡ 59 (mod 60).
(10 Marks)