Answer ALL questions

PART A – (5*2=10 marks)

1. Categorize passive and active attacks.

Passive attacks have to do with eavesdropping on, or monitoring, transmissions.
Electronic mail, file transfers, and client/server exchanges are examples of transmissions
that can be monitored. Active attacks include the modification of transmitted data and
attempts to gain unauthorized access to computer systems.

2. State Fermat’s theorem.

Fermat's little theorem. Fermat's little theorem states that if p is a prime number, then for
any integer a, the number a p – a is an integer multiple of p. Special Case: If a is not
divisible by p, Fermat's little theorem is equivalent to the statement that a p-1-1 is an
integer multiple of p.

3. Perform encryption for the plain text M=88 using the RSA algorithm p=17, q=11 and
the public component e=7.
C=M^E MOD N
c=88^7 mod 187 = 11

4. Define cryptanalysis and cryptography.

Cryptanalysis is the study of analyzing information systems in order to study the hidden
aspects of the systems.
Cryptography is a method of protecting information and communications through the use
of codes so that only those for whom the information is intended can read and process it.

5. Find gcd(1970,1066) using Euclid’s algorithm.

Step 1. Divide the larger number by the smaller one:
1,970 ÷ 1,066 = 1 + 904;
Step 2. Divide the smaller number by the above operation's remainder:
1,066 ÷ 904 = 1 + 162;
Step 3. Divide the remainder from the step 1 by the remainder from the step 2:
904 ÷ 162 = 5 + 94;
Step 4. Divide the remainder from the step 2 by the remainder from the step 3:
162 ÷ 94 = 1 + 68;
Step 5. Divide the remainder from the step 3 by the remainder from the step 4:
94 ÷ 68 = 1 + 26;
Step 6. Divide the remainder from the step 4 by the remainder from the step 5:
68 ÷ 26 = 2 + 16;
Step 7. Divide the remainder from the step 5 by the remainder from the step 6:
 26 ÷ 16 = 1 + 10;
Step 8. Divide the remainder from the step 6 by the remainder from the step 7:
16 ÷ 10 = 1 + 6;
Step 9. Divide the remainder from the step 7 by the remainder from the step 8:
10 ÷ 6 = 1 + 4;
Step 10. Divide the remainder from the step 8 by the remainder from the step 9:
6 ÷ 4 = 1 + 2;
Step 11. Divide the remainder from the step 9 by the remainder from the step 10:
4 ÷ 2 = 2 + 0;
At this step, the remainder is zero, so we stop:
2 is the number we were looking for, the last remainder that is not zero.
This is the greatest common factor (divisor).
Greatest (highest) common factor (divisor):
gcf, gcd (1,970; 1,066) = 2
gcf, gcd (1,970; 1,066) = 2;

PART B (2*13 = 26 marks)

6.(a). (i) Explain OSI security architecture with neat diagram. (8)
(ii) Describe the various security mechanisms. (5)
THE OSI SECURITY ARCHITECTURE
 
To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs some systematic way
of defining the requirements for security and characterizing the approaches to satisfying those
requirements. The OSI security architecture was developed in the context of the OSI protocol
architecture, which is described in Appendix H. However, for our purposes in this chapter, an
understanding of the OSI protocol architecture is not required.
 
For our purposes, the OSI security architecture provides a useful, if abstract, overview of
many of the concepts.. The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as follows:
Threats and Attacks (RFC 2828)
Threat
A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible
danger that might exploit vulnerability.
 
 Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

Security Attacks, Services and Mechanisms

 
To assess the security needs of an organization effectively, the manager responsible for
security needs some systematic way of defining the requirements for security and
characterization of approaches to satisfy those requirements. One approach is to consider
three aspects of information security:
Security attack – Any action that compromises the security of information owned by an
organization.
Security mechanism – A mechanism that is designed to detect, prevent or recover from a
security attack.
Security service – A service that enhances the security of the data processing systems and
the information transfers of an organization. The services are intended to counter security
attacks and they make use of one or more security mechanisms to provide the service.
SECURITY MECHANISMS
One of the most specific security mechanisms in use is cryptographic techniques. Encryption
or encryption-like transformations of information are the most common means of providing
security. Some of the mechanisms are:
Encipherment is used either to protect the confidentiality of data units and traffic flow
information or to support or complement other security mechanisms.
Digital signature mechanisms are used to provide an electronic analog of handwritten
signatures for electronic documents.
Access control mechanisms use the authenticated identities of principals, information
about these principals, or capabilities to determine and enforce access rights.
 
(OR)
(b). Describe playfair cipher, rail fence cipher and vignere cipher in detail. (13)

7.(a). Explain RSA algorithm with neat diagram and explain the steps. (13)
RSA Algorithm in Cryptography

RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it works
on two different keys i.e. Public Key and Private Key. As the name describes that the Public
Key is given to everyone and Private key is kept private.
An example of asymmetric cryptography :
1. A client (for example browser) sends its public key to the server and requests for some
data.
2. The server encrypts the data using client’s public key and sends the encrypted data.
 3. Client receives this data and decrypts it.
Since this is asymmetric, nobody else except browser can decrypt the data even if a third party
has public key of browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The
public key consists of two numbers where one number is multiplication of two large prime
numbers. And private key is also derived from the same two prime numbers. So if somebody can
factorize the large number, the private key is compromised. Therefore encryption strength totally
lies on the key size and if we double or triple the key size, the strength of encryption increases
exponentially. RSA keys can be typically 1024 or 2048 bits long, but experts believe that 1024
bit keys could be broken in the near future. But till now it seems to be an infeasible task.
>> Generating Public Key :

 Select two prime no's. Suppose P = 53 and Q = 59.

 Now First part of the Public key : n = P*Q = 3127.

 We also need a small exponent say e :

 But e Must be

 An integer.

 Not be a factor of n.

 1 < e < Φ(n) [Φ(n) is discussed below],
 Let us now consider it to be equal to 3.

 Our Public Key is made of n and e

>> Generating Private Key :
 We need to calculate Φ(n) :
 Such that Φ(n) = (P-1)(Q-1)
 so, Φ(n) = 3016

 Now calculate Private Key, d :

 d = (k*Φ(n) + 1) / e for some integer k
 For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt “HI” :
 Convert letters to numbers : H = 8 and I = 9

 Thus Encrypted Data c = 89e mod n.

 Thus our Encrypted Data comes out to be 1394
Now we will decrypt 1394 :

 Decrypted Data = cd mod n.

 Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

(OR)
(b) Describe AES algorithm with neat diagram and explain the steps. (13)
The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than
triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was
designed to overcome this drawback but it was found slow.
The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’.
It comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four
rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of
four sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted
on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new bytes.
It should be noted that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128
bits are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they are
very closely related.
AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-
proofing’ against progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and
good key management is employed.
PART C (1*14 = 14 marks)
 8. (a) State Chinese remainder theorem and find X for given set of congruent equations
using CRT. X=2(mod3) X=(3mod5) X=(2mod7). (14)

(OR)
(b) Users Alice and Bob use the Diffie hellman key exchange technique with a common prime
q=83 and primitive root alpha=5
(i) If Alice has private key XA=6, What is Alice’s public key YA? (5)
(ii) If bob has private key XB=10 What is Bob’s public key YB? (5)
(iii) What is the shared secret key? (4)

(i) YA = 5^6mod83 = 21
(ii) YB=5^10mod83=11
(iii) K=11^6mod83=9

Steps and formula carry marks