Professional Documents
Culture Documents
Instructions:
• Filling out Student-ID and Student-Name on exam header is mandatory.
• Do not remove or change any part of exam header or question paper.
• Write down your answers in given space or at the end of exam paper with proper title “Answer for
Question# _ _”.
• Answers should be formatted correctly (font size, alignment and etc.)
• If any question requires Handwritten text or image then it should be on A4 size page with clear visibility
of contents.
• Only PDF format is accepted (Student are advise to install necessary software)
• In case of CHEATING, COPIED material or any unfair means would result in negative marking or ZERO.
• A mandatory recorded viva session will be conducted to ascertain the quality of answer scripts where
deemed necessary.
• Caution: Extra 01 hour is given for paper formatting and PDF conversion and cater all kinds of odds in
submission of Answer-sheet. Therefore, if you failed to upload answer sheet on LMS and Google
Classroom (in PDF format) within 04 hours limit, you would be considered as ABSENT/FAILED.
Q1 Complete the given round using AES algorithm (10 Marks)
Q2- Suppose that Bob wants to send a message to Alice. Although it is not important
that the message be kept secret, he wants Alice to be certain that the message is indeed
from him. What need to be done in order to keep this conversation protected and both
can assure that the message is from genuine source (5 Marks)
ANSWER:
Alice and Bob should use Digital Signature to make sure the message comes from a real
source. In fact, what happens to Digital Signature is when you, the server, sign the document
digitally, inserting a one-way hash (encryption) message content using your public and private
key. Your client can still read it, but the process creates a "signature" which is the only server
community key that can remove the encryption. The client, using the public key of the server,
can verify the sender and the integrity of the message content.
A digital signature can be considered as a numerical value represented as a sequence of
letters. Digital signage is a complex mathematical process that can only be created by a
computer.
For example:
Imagine for a second you were transposed into the karmic driven world of Earl.
1. Bob types a message to be digitally signed or clicks on 'sign' in his messaging app
2. The message hash value is calculated by Bob's computer
3. This hash value is encrypted with Bob's Signing Key (Private Key) to create Digital
Signature.
Now, the first message and its Digital Signature are sent to Alice.
4. After Alice receives the signed message, the corresponding program (such as the
messaging system) indicates that the message has been signed.
5. Alice's computer then moves on to: Download Digital Signature using Bob's Public Key and
count the hash of the first message
Compare the hash 'A' listed in the received message with the 'B' encrypted message received
by Bob's message.
6. Any differences in hash values may result in message interruptions.
Q3- When tunnel mode is used, a new outer IP header is constructed. For both IPv4 and
IPv6, indicate the relationship of each outer IP header field and each extension header
in the outer packet to the corresponding field or extension header of the inner IP packet.
That is, indicate which outer values are derived from inner values and which are
constructed independently of the inner values. (5 Marks)
ANSWER:
IPv6 uses two different types of themes: Basic / Standard IPv6 Header and IPv6 Extension
Headers. The main IPv6 head is equal to one basic IPv4 although there are some field
differences that result from the lessons learned from IPv4 performance. introduces key topics
for IPv4 and IPv6. The options field in the IPv4 title is used to transfer additional information to
the package or the way it should be processed. Routers, unless otherwise instructed, should
consider options in the IPv4 topic. The processing of multiple header options pushes the
package to a cooler route that leads to the transmission of transfer functions.
IPv4 options play a very important role in the performance of the IP protocol and therefore
power must be stored in IPv6. On the other hand, the impact of IPv4 options on performance is
attributed to the development of IPv6. The functionality of the options is removed from the
main header and is done with a set of additional headers called extension headers. The main
header is always adjusted in size (40 bytes) while customized EHs can be added as needed.
Q4 (a) In the RSA public-key encryption scheme, each user has a public key, e, and a
private key, d. Suppose Bob leaks his private key. Rather than generating a new
modulus, he decides to generate a new public and a new private key. Is this safe. (2
Marks)
ANSWER:
No, it is not safe. When Bob leaks her private key, Alice can use this to enter her
modulus, N. Then Alice can crack any message Bob sends. Therefore, it is important for Bob
to change his modulus and create new keys.
Q4- (b) Perform encryption and decryption using the RSA algorithm. (4 Marks)
p = 7; q = 11, e = 17; M = 8
Q5- You are supposed to write a policy document with help of following document
regarding network security in your organization for the protection of the confidentiality,
integrity and availability of the network. (5 Marks)
You need to provide strategies intended for prevention and, failing that malicious
activity detection (5 Marks)
ANSWER:
Intrusion Detection System (IDS) is a combination of hardware / software or your combination
of both hardware and software that gets access to a system or network. IDS complements the
firewall by providing a complete overview of both package title and content and thus protects
against attack, which is otherwise seen by the firewall as a seemingly straightforward network.
Firefighters comply with regulatory requirements; package approved or opposed. The law
stipulates that a manager or network, or system must be approved for a trusted network. To
check the rules, the firewall should only check the TCP / IP protocol header such as FTP,
HTTP, or Telnet. However, it does not check the network packet data content. Even if the data
contains a malicious code, the firewall will allow the package to override as the packet header
complies with the rules set for the firewall. Therefore, you may still have a firewall but your
trusted network may be affected. IDSs scan the contents of each package across a network to
detect any malicious activity. The entire package is stripped down to the "data content" section
and the data content is checked for any malicious code and the package is compiled back to
its original form and the package shipped with it. As you can see, the whole package is
distributed and compiled back to layer 3, which makes IDS more efficient compared to a
firewall. A firewall is an essential element of a global network security topology but it is not
enough on its own. Most modern networks have IDS as an important part of security
construction.
Q7- Internet connectivity is no longer optional for organizations. The information and
services available are essential to the organization. Moreover, individual users within
the organization want and need Internet access, and if this is not provided via their LAN,
they will use dial-up capability from their PC to an Internet service provider (ISP).
However, while Internet access provides benefits to the organization, it enables the
outside world to reach and interact with local network assets. This creates a threat to
the organization. While it is possible to equip each workstation and server on the
premises network with strong security features, such as intrusion protection, this is not
a practical approach.
You are required to design a practical approach for such situation and what device
must be installed in order to provide better security. (Marks 4)
ANSWER:
It is possible to equip each workstation and server with a local network with strong security features,
such as intrusion protection, this may not be enough and in some cases less expensive. Think of a
network with hundreds or thousands of programs, running various operating systems, such as UNIX
and Windows versions. When a security error is detected, each potential system must be upgraded to
correct that error. This requires balanced configuration management and robust installation in order to
be effective. While difficult, this is possible and necessary if only host-based security is used. Another
widely accepted method or at least complements the security services designed for firewall hosting. A
firewall is installed between a local network and the Internet to establish a controlled connection and to
build a wall or external security area. The purpose of this cycle is to protect the local network from
Internet-based attacks and to provide a single congestion area for security and audit. A firewall can be
a single computer program or a set of two or more programs that work together to perform a firewall
function.
The firewall, therefore, provides an additional layer of protection, protecting internal systems from
external networks. This follows the old military doctrine of "deep defense," which also applies to IT
security.