CNS

Module I: Basic Security Concepts

1. What are the 3 aspects of security?

Confidentiality: Ensures that sensitive information is accessible only to

authorized users.

Integrity: Protects information from being altered by unauthorized users,

ensuring accuracy.

Availability: Ensures that information and resources are accessible to

authorized users when needed.

2. Define security mechanism.

A security mechanism is a process or tool that enforces security policies

to protect data.

Examples include encryption, firewalls, access controls, and intrusion

detection systems.

These mechanisms help prevent, detect, and respond to security threats.

3. What are the key principles of security?

Confidentiality: Prevents unauthorized access to data.

Integrity: Ensures data is accurate and unaltered by unauthorized actions.

Availability: Ensures resources are accessible to authorized users; it also

includes Authentication (verifying identity) and Authorization (granting
rights based on identity).

4. Define Non-repudiation.

Non-repudiation ensures that a user cannot deny performing an action,

such as sending a message.

Achieved through digital signatures or other authentication methods.

It provides proof of the origin and integrity of data in transactions.

CNS 1
 5. Define Security service.

A security service is a measure or protocol designed to protect

information systems and data.

It enforces security policies to ensure data integrity, confidentiality, and

availability.

Examples include data encryption, authentication, and access control

services.

6. Specify the four categories of security threats.

Interruption: Threats that make data or resources unavailable, such as

DoS attacks.

Interception: Unauthorized access to information, e.g., eavesdropping.

Modification: Altering data in an unauthorized manner, affecting data

integrity.

Fabrication: Generating fake information or impersonation, affecting

authenticity.

7. Define integrity and non-repudiation.

Integrity: Ensures that information is not altered by unauthorized means,

maintaining data accuracy.

Non-repudiation: Ensures that actions cannot be denied by their

originator, often using digital signatures for evidence.

8. Define confidentiality and authentication.

Confidentiality: Limits access to data only to authorized users, protecting

it from unauthorized access.

Authentication: Verifies the identity of a user or system, typically through

passwords, biometrics, or digital certificates.

9. Define Steganography.

Steganography is the technique of hiding information within other non-

suspicious data.

Often used to embed secret messages within images or audio files.

CNS 2
 The main goal is to conceal the existence of the message.

10. What are the two basic functions used in encryption algorithms?

Substitution: Replacing elements in the data with other elements,

changing its appearance.

Permutation: Reordering elements in the data, which helps in obscuring

the data patterns.

Both functions help enhance data security by making it hard to interpret

without decryption.

Module II: Advanced Cryptographic Concepts

1. Compare stream cipher with block cipher with example.

Stream Cipher: Encrypts data one bit or byte at a time (e.g., RC4), useful
for continuous data streams.

Block Cipher: Encrypts fixed-size data blocks (e.g., AES), commonly used
in secure storage and file encryption.

Stream ciphers are generally faster, but block ciphers offer better security
for bulk data encryption.

2. Explain Avalanche effect.

The Avalanche effect is a property where a small change in input (like a

bit flip) results in a large, unpredictable change in output.

This effect increases the security of encryption algorithms by making

patterns hard to detect.

It is a crucial characteristic for encryption algorithms to resist

cryptographic attacks.

3. What are the design parameters of Feistel cipher network?

Number of Rounds: More rounds make the cipher more secure but
increase processing time.

Round Function: A complex function that operates on half of the data to

enhance encryption strength.

CNS 3
 Key Scheduling: Determines how subkeys are derived for each round,
impacting encryption complexity.

4. How many keys are required for two people to communicate via a cipher?

Symmetric Encryption: Only one shared key is required between the two
parties.

Asymmetric Encryption: Requires each person to have two keys, a public

and a private key, totaling four keys. The public key is shared with others
and used for encryption. The private key is kept secret and used for
decryption.

5. Define Euler’s theorem and its application.

Euler's Theorem states that for any integer a that is coprime with a
positive integer m, the remainder of aϕ(m) divided by m is 1.

It is used in RSA encryption for generating keys and establishing secure

communication.

It helps in calculating modular inverses, essential in asymmetric

encryption.

6. Why is asymmetric cryptography bad for huge data?

Asymmetric encryption requires more computation power, making it

slower than symmetric encryption.

The complexity of algorithms like RSA makes it inefficient for large data,
often leading to performance issues.

It’s typically used for encrypting small amounts of data, such as keys,
rather than large files.

7. Mention any one technique of attacking RSA.

One technique used to attack RSA is called the chosen ciphertext attack.

CNS 4
 In this attack, the attacker can pick a ciphertext (an encrypted message),
get it decrypted using the public key, and then use the decrypted data to
figure out the private key.

This attack works by exploiting weaknesses in how RSA encryption is set

up, especially if the encryption method doesn't use good padding (extra
random data added to messages to make encryption safer).

8. Find gcd (1970, 1066) using Euclid’s algorithm.

GCD = 2 (Do it yourself)

9. What is the purpose of the S-boxes in DES?

S-boxes introduce non-linearity, making the cipher more resistant to linear

attacks.

They substitute bits in the data based on a predefined lookup table.

This transformation helps obscure data patterns, enhancing encryption

security.

10. If a bit error occurs in plaintext block b1, how far does the error propagate in
CBC mode of DES?

In CBC (Cipher Block Chaining) mode, a bit error in block b1 affects both
b1 and b2 during decryption.

b1b1
b1b1

b2b2

The error spreads only to the next block, making CBC mode relatively
error-tolerant.

This behavior is due to the chaining dependency between blocks.

Module III: Hash Functions and Digital Signatures

1. Why is SHA more secure than MD5?

SHA (e.g., SHA-256) has a larger hash output, making it harder to find
collisions.

CNS 5
 SHA was designed with a more complex structure, reducing vulnerabilities
compared to MD5.

MD5 is now considered insecure due to known vulnerabilities and easier

collision attacks.

2. Define Traffic analysis.

Traffic analysis is a technique for monitoring and analyzing

communication patterns.

Even if content is encrypted, traffic analysis can reveal sender, receiver,

frequency, and timing information.

It is often used in surveillance to deduce valuable information about

network behavior.

3. What are the functions used to produce an authenticator?

Message Authentication Code (MAC): Uses a secret key to verify data

integrity and authenticity.

Digital Signatures: Provide authenticity and integrity, using private and

public keys.

Hash Functions: Often used in generating MACs and signatures, ensuring

data hasn’t been altered.

4. List out some hash algorithms.

MD5: Produces a 128-bit hash, though it’s considered weak now.

SHA-1 and SHA-256: Part of the SHA family, offering stronger hash
outputs.

RIPEMD-160: A cryptographic hash with a 160-bit output, often used for

digital signatures.

5. What is the meet-in-the-middle attack?

This attack targets encryption schemes with double encryption (like

2DES).

It works by performing encryption and decryption operations in parallel

until a match is found.

CNS 6
 This approach reduces the time complexity of breaking double encryption
schemes.

6. List the properties a digital signature should possess.

Authenticity: Confirms the identity of the signer.

Integrity: Ensures that the message has not been tampered with.

Non-repudiation: Prevents the signer from denying the signature's

validity.

7. What are the requirements of hash functions?

Pre-image Resistance: Difficulty in finding the original input from the

hash.

Collision Resistance: Hard to find two inputs producing the same hash.

Avalanche Effect: Small changes in input cause significant changes in the

hash output.

8. Explain birthday attack.

A birthday attack exploits collision probabilities in hash functions, making

it easier to find two inputs with the same hash.

It relies on the birthday paradox, reducing the complexity of finding a

collision.

Often used to attack systems that rely on weak hash functions.

9. What are the advantages of a digital signature?

Authenticates the identity of the sender, adding trust to electronic

documents.

Ensures data integrity by verifying that the data has not been altered.

Provides non-repudiation, making it harder for the sender to deny

sending the message.

10. What is MAC?

Message Authentication Code (MAC) provides both data integrity and

authenticity.

CNS 7
 It combines a hash function with a secret key, ensuring that only parties
with the key can verify the MAC.

Commonly used in financial and secure transactions where data

authenticity is critical.

Module IV: Email and Network Security

1. Why is the Email compatibility function in PGP needed?

The Email compatibility function in PGP (Pretty Good Privacy) ensures

encrypted messages can be transmitted via email without data corruption.

It converts binary data to ASCII using techniques like radix-64 encoding,

making it email-compatible.

This function enables PGP-encrypted messages to work with standard

email systems, which often do not support binary data directly.

2. What is meant by SET? What are the features of SET?

SET (Secure Electronic Transaction) is a protocol designed to ensure

secure and reliable credit card transactions over the internet.

Features include confidentiality (by encrypting payment information),

authentication (through digital certificates), and integrity (ensuring data
isn’t tampered with).

It prevents eavesdropping, and each party involved in the transaction is

authenticated.

3. Define S/MIME.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol for

securing email messages.

It provides encryption for confidentiality, digital signatures for

authentication and integrity, and message encryption.

S/MIME is widely used in email clients and allows users to send and
receive secure emails.

4. What is the X.509 Standard?

CNS 8
 The X.509 standard defines a framework for public key infrastructure
(PKI), primarily for digital certificates.

It specifies certificate formats, authentication methods, and certificate

revocation lists (CRLs).

Widely used in securing internet communications, it supports protocols

like SSL/TLS for website security.

5. Draw the header format for an ISAKMP message.

The ISAKMP (Internet Security Association and Key Management

Protocol) message header typically includes fields for:

Initiator and responder cookie (for tracking sessions),

Next payload (indicating the type of payload to follow),

Message ID (for identifying requests/responses),

Exchange type, flags, and length.

This format facilitates secure key exchange over networks like the internet.

6. What does Internet Key Management in IPSec do?

Internet Key Management (IKMP) in IPSec manages the secure exchange

of encryption keys for secure IP communications.

It establishes, maintains, and updates keys dynamically for secure

communication channels.

Typically implemented via protocols like IKE (Internet Key Exchange), it

ensures secure data transmission across networks.

7. What security options does PGP allow when sending an email message?

Encryption: Protects the content of the message from being read by

unauthorized parties.

Digital Signatures: Verifies the sender's identity and ensures message

integrity.

Compression: Reduces the message size, saving bandwidth and

improving transmission speed.

CNS 9
 8. What is a Replay Attack?

A Replay Attack occurs when an attacker intercepts and retransmits a

valid data transmission to trick the receiver into granting access.

Often countered by using timestamps or unique session tokens to ensure

the authenticity of requests.

Common in network protocols, replay attacks exploit re-sent

authentication messages.

9. What is a Passive Attack?

A Passive Attack involves eavesdropping on or monitoring communication

without altering data.

It aims to gather information, such as capturing passwords or sensitive

data.

It is challenging to detect since it doesn’t modify or interfere with

communication.

10. Why are the leading two octets of the message digest stored in a PGP
message along with the encrypted message digest?

The leading two octets act as a verification for the encrypted message
digest, enhancing integrity.

It allows the recipient to detect if the message has been tampered with
before attempting to decrypt it.

This quick verification step can prevent unnecessary decryption attempts

if the data has been altered.

Module V: Malware and System Security

1. What is meant by polymorphic viruses?

Polymorphic viruses are viruses that change their code each time they
infect a new system, making detection difficult.

They evade signature-based antivirus detection by altering their structure

or behavior.

CNS 10
 This type of malware can mutate, making it more challenging to identify
and remove.

2. What do you mean by virus signature?

A virus signature is a unique pattern of bytes or code that identifies a

specific virus.

Antivirus programs use these signatures to detect and remove known

viruses from a system.

Signatures are regularly updated to recognize new strains of malware.

3. Define ZOMBIE.

A Zombie is a computer infected with malware that allows it to be

controlled remotely by an attacker.

Zombies are commonly used in botnets to carry out large-scale attacks,

like DDoS attacks.

The user is often unaware that their system has become a zombie.

4. The internal code of any software that will set off a malicious function when
specified conditions are met is called?

This is known as a Logic Bomb.

It remains dormant until triggered by specific conditions, like a date or

action.

Once triggered, it executes malicious activities, potentially causing data

loss or system damage.

5. What is IP address spoofing?

IP address spoofing involves altering the source IP address of a packet to

impersonate another device.

Attackers use it to bypass security controls, gain unauthorized access, or

disguise their identity.

It’s commonly employed in DDoS attacks and phishing schemes to mislead

target systems.

6. What is a logic bomb?

CNS 11
 A Logic Bomb is a piece of code inserted into software that triggers a
malicious action when specific conditions are met.

It can delete files, corrupt data, or perform other damaging activities upon
activation.

Logic bombs are often used by insiders as a form of sabotage.

7. Name the different threats to Operating System.

Malware: Viruses, worms, and Trojans that can infect and harm the OS.

Privilege Escalation: Exploits that allow unauthorized users to gain higher

privileges.

Unauthorized Access: Intruders gaining access to the system without

permission, often by bypassing login credentials.

8. List password selection strategies.

Use of Complex Passwords: Incorporating a mix of upper/lowercase

letters, numbers, and symbols.

Avoid Common Words: Refraining from using easily guessable words or

personal information.

Regular Updates: Frequently changing passwords to reduce the risk of

compromise.

9. Define virus. Specify the types of viruses.

A virus is a type of malware that attaches itself to files or programs,

spreading through systems and causing harm.

Types include:

Boot Sector Viruses: Infect the boot sector, spreading on startup.

Macro Viruses: Target applications like Word or Excel, using macros.

Polymorphic Viruses: Change their code to evade detection.

10. What is meant by a trusted system?

A trusted system is one that implements strict security policies to protect

sensitive data and prevent unauthorized access.

CNS 12
 It often includes access control mechanisms, data integrity checks, and
regular audits.

Trusted systems are widely used in environments requiring high security,

such as government and financial sectors.

CNS 13