1. List and briefly define categories of security services.

Ans. ITU-T-provides some security services like Data Confidentiality, Data integrity,
Authentication, Nonrepudiation and Access control.
i. Data Confidentiality: -It refers to the protection of sensitive information from
unauthorized access or disclosure. It involves ensuring that only authorized
individuals or systems can access and view the data, and that the data is encrypted
or protected in some other way during transmission and storage. it is designed to
prevent snooping and traffic analysis attack.
ii. Data integrity: - Refers to the assurance that data has not been altered or
corrupted during transmission or storage means that data received are exactly as
sent by an authorized entity. It is designed to protect data from modification,
insertion, deletion, and replaying by an adversary. It may protect the whole
message or part of the message.
iii. Authentication: - It refers to the process of verifying the identity of a user or system
to ensure that they are who they claim to be. It involves confirming that a user or
system has the necessary credentials, such as a username and password, digital
certificate, or biometric data, to access a network or system. it provides
authentication like peer entity authentication & data origin authentication.
iv. Nonrepudiation: - Provides protection against denial by one of the entities
involved in a communication of having participated in all or part of the
communication. It ensures that the sender of a message cannot later deny having
sent it, and that the recipient cannot deny having received it. Nonrepudiation is
important in legal and regulatory contexts, where it may be necessary to provide
evidence of a transaction or communication.
v. Access control: - provides protection against unauthorized access to data. This
service controls who can have access to a resource, under what conditions access
can occur, and what those accessing the resource are allowed to do.
2. What are the different security goals?
Ans. Three main security goals: confidentiality, integrity, and availability
I. Confidentiality: - Ensuring that sensitive information is only accessible to
authorized individuals or systems, assures that private or confidential
information is not made available or disclosed to unauthorized individuals.
II. Integrity: - changes need to be done only by authorized entities and through
authorized mechanisms. Guarding against improper information modification
or destruction, including ensuring information nonrepudiation and
authenticity
III. Availability: - The information created and stored by an organization needs to
be available to authorized entities, Ensuring timely and reliable access to and
use of information
 3. List and briefly define categories of passive and active security attacks.
Ans. Our three goals of security confidentiality, integrity, and availability can be
threatened by security attacks. Security attacks divide into two broad categories based
on their effects on the system.
I. passive security attacks: - A passive attack attempts to learn or make use of
information from the system but does not affect system resources. The
attacker’s goal is just to obtain information. Attacks that threaten
confidentiality -snooping and traffic analysis are passive attacks.
II. Active security attacks: - An active attack attempts to alter system resources or
affect their operation, an active attack may change the data or harm the
system. Attacks that threaten the integrity and availability are active attacks.
Modification, Masquerading, Replaying, Repudiation and Denial of service are
Active attacks.
4. List and briefly define categories of security mechanisms.
Ans. Security mechanisms are divided into those that are implemented in a specific
protocol layer, such as TCP or an application-layer protocol, and those that are not
specific to any protocol layer or security service.
I. Encipherment: - hiding or covering data, to provide confidentiality via cryptography and
steganography. It is the use of mathematical algorithms to transform data into a form
that is not readily intelligible.
II. Data Integrity: - A variety of mechanisms used to assure the integrity of a data unit or
stream of data units. It is a mechanism appends to the data a short check value that has
been created by a specific process from the data itself. The receiver receives the data and
the check value.
III. Digital Signature: - The sender can electronically sign the data and the receiver can
electronically verify the signature. The digital signature is then encrypted using the
sender's private key, which can only be decrypted using their public key.
IV. Authentication Exchange: - A mechanism intended to ensure the identity of an entity by
means of information exchange.
V. Traffic Padding: - The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts. It is a technique used to add additional data to a network packet to
increase its size and make it more difficult for an attacker to analyze or intercept.
VI. Routing Control: -It is selecting and continuously changing different available routes
between the sender and the receiver to prevent the opponent from eavesdropping on a
particular route.
VII. Notarization: - It is selecting of a third trusted party to control the communication
between two entities to prevent repudiation
VIII. Access Control: - It is a method of proving that a user has access right to the data or
resources owned by a system like passwords and PINs.
5. What is the difference between a block cipher and a stream cipher?
Ans. The main difference between a block cipher and a stream cipher is the way they
encrypt data. Block ciphers encrypt data in fixed-size blocks, typically 64 or 128 bits at
a time. A stream cipher is one that encrypts a digital data stream one bit or one byte
at a time.
6. What is Steganography?
Ans. Steganography is the practice of concealing secret information within a
seemingly innocent message or file, such as an image, audio file, or text document.
Unlike encryption, which scrambles the original message to make it unreadable,
steganography hides the existence of the message itself. This can be done by altering
the least significant bits of a digital file or by using invisible ink on physical paper.
Steganography is often used in combination with encryption to provide an extra layer
of security for sensitive information.
7. What is the difference between diffusion and confusion?
Ans. Diffusion refers to the process of spreading the influence of each plaintext bit or
byte throughout the entire ciphertext. In other words, a small change in the plaintext
should result in a large change in the ciphertext. This makes it more difficult for an
attacker to identify patterns or relationships between the plaintext and ciphertext, as
any change in the plaintext will affect many bits or bytes in the ciphertext.

Confusion, on the other hand, refers to the process of making the relationship
between the plaintext and the ciphertext as complex and difficult to understand as
possible. This is achieved by using mathematical operations such as substitution and
permutation to scramble the plaintext before encryption. The goal is to make it
difficult for an attacker to determine the relationship between the plaintext and the
ciphertext, even if they have access to a large amount of encrypted data.

8. What is the purpose of the S-boxes in DES?

Ans. An S-box (substitution box) can be thought of as a miniature substitution cipher.

However, an S-box can have a different number of inputs and outputs. In other words,
the input to an S-box could be an n-bit word, but the output can be an m-bit word,
where m and n are not necessarily the same. Although an S-box can be keyed or
keyless, modern.
block ciphers normally use keyless S-boxes, where the mapping from the inputs to the
outputs is predetermined. The S-boxes (substitution boxes) in DES (Data Encryption
Standard) are used for confusion. They are a key component of the algorithm that
performs a substitution operation on each 6-bit block of the plaintext before
encryption. The S-boxes use a predefined table to map each 6-bit block to a 4-bit
output, which is then combined with other bits to produce the final ciphertext. The
purpose of the S-boxes is to make it difficult for an attacker to determine the
relationship between the plaintext and the ciphertext, even if they have access to a
large amount of encrypted data.
 9. What is the difference between modular arithmetic and ordinary arithmetic?
Ans. Modular arithmetic is a type of arithmetic that deals with integers and their
remainders when divided by a fixed positive integer, called the modulus. In modular
arithmetic, addition, subtraction, multiplication, and division are performed
differently than in ordinary arithmetic. For example, in modular arithmetic, if the sum
of two integers is greater than or equal to the modulus, the sum is reduced by the
modulus. In contrast, in ordinary arithmetic, there is no fixed modulus and there are
no restrictions on the size of the numbers used in calculations. Modular arithmetic is
often used in cryptography to perform operations on large numbers in a secure and
efficient manner.
10. What is the difference between symmetric and asymmetric cryptography?
Ans. Symmetric cryptography uses the same key for both encryption and decryption
of data. This means that both the sender and receiver need to have the same key,
which can pose a security risk if the key is compromised.
Asymmetric cryptography, on the other hand, uses two different keys for encryption and
decryption. The public key is used for encryption, while the private key is used for decryption.
This makes it more secure because the private key can be kept secret while the public key can be
shared freely.
11. Briefly describe Sub Bytes
Ans. Sub Bytes is a cryptographic operation that is used in network security to provide
confidentiality and integrity of data. It involves replacing each byte in a block of data
with a corresponding byte from a substitution table, also known as an S-box. This
process helps to obscure the original data and makes it more difficult for an attacker
to decipher the information. Sub Bytes are commonly used in symmetric-key
encryption algorithms such as Advanced Encryption Standard (AES) and are an
important component in securing network communications.
12. What is Euler's Totient function?
Ans. Euler's Totient function finds the number of integers that are both smaller than n
and relatively prime to n. Euler's Totient function, also known as Euler's phi function,
written as φ(n)
13. Using Fermat's theorem, find 3201 mod 11.
14. What are the roles of the public and private keys?
Ans. The public and private keys are essential components of network security,
particularly in encryption and digital signatures.
Public Key:
- The public key is used to encrypt data that is sent over the network.
- It is made available to anyone who wants to send encrypted data to the owner of the
key.
- It is called a public key because it can be shared publicly without compromising
security.
Private Key:
- The private key is used to decrypt the encrypted data that was sent using the public
key.
 - It is kept secret by the owner of the key and should never be shared with anyone
else.
- It is used for digital signatures, which ensure that a message or document has not
been tampered with during transmission.
15. What do you mean by cryptanalysis?
Ans. cryptanalysis is the science and art of breaking those codes. It involves breaking
codes and ciphers to uncover hidden messages and information. Cryptanalysts use
various techniques such as frequency analysis, statistical analysis, and brute force
attacks to decrypt encrypted messages.
Part B (Big Questions)

1. Draw a matrix that shows the relationship between security services and attacks.

2. Draw a matrix that shows the relationship between security mechanisms and attacks.

3. A cipher text has been generated with an affine cipher. The most frequent letter of the
cipher text is 'B', and the second most frequent letter of the cipher text is 'U'. Break this
code.

4. Decipher the message YITJP GWJOW FAQTQ XCSMA ETSQU SQAPU SQGKC PQTYJ using

the Hill cipher with the inverse key . Show your calculations and the result.

5. Show that DES decryption is, in fact, the inverse of DES encryption.

6. Find the multiplicative inverse of each nonzero element in Z5.

7. Determine gcd (4655, 12075).

Ans.
q r1 r2 r
0 4,655 12,075 4,655
2 12,075 4,655 2,765
1 4,655 2,765 1,890
1 2,765 1,890 875
2 1,890 875 140
6 875 140 35
4 140 35 0
35 0

gcd (4655, 12075) = 35.

8. Using the extended Euclidean algorithm, find the multiplicative inverse of a. 1234 mod
4321 b. 24140 mod 40902 c. 550 mod 1769.
a, Ans.
q r1 r2 r t1 t2 t
3 4321 1234 619 0 1 -3
1 1234 619 615 1 -3 4
1 619 615 4 -3 4 -7
153 615 4 3 4 -7 1075
1 4 3 1 -7 1075 -1082
3 3 1 0 1075 -1082 4321
1 0 -1082 4321

-1802 is MI but it is negative so -1082+4321=3239

b, Ans.
q r1 r2 r t1 t2 t
1 40902 24140 16762 0 1 -1
1 24140 16762 7378 1 -1 2
2 16762 7378 2006 -1 2 -5
3 7378 2006 1360 2 -5 17
1 2006 1360 646 -5 17 -22
2 1360 646 68 17 -22 61
9 646 68 34 -22 61 -571
2 68 34 0 61 -571 1203
34 0 -571 1203
Gcd(40902,24140)=34 ≠ 1 so have no MI
c. 550 mod 1769.
q r1 r2 r t1 t2 t
3 1769 550 119 0 1 -3
4 550 119 74 1 -3 13
1 119 74 45 -3 13 -16
1 74 45 29 13 -16 29
1 45 29 16 -16 29 -45
1 29 16 13 29 -45 74
1 16 13 3 -45 74 -119
4 13 3 1 74 -119 550
3 3 1 0 -119 550 -1769
1 0 550 -1769

Gcd(550,1769)=1 so have MI=550

9. Determine the multiplicative inverse of x3 + x + 1 in GF (24), with

M(x) = x4 + x + 1.
10. Briefly describe the key expansion algorithm in AES.

11. Given the plaintext {000102030405060708090A0B0C0D0E0F} and the key

{01010101010101010101010101010101}, and using AES algorithm,
a. Show the original contents of State, displayed as a 4 x 4 matrix.
b. Show the value of State after initial AddRoundKey.

12. Find all primitive roots of 25.

13. Perform encryption and decryption using the RSA algorithm, for the following:
1. p = 3; q = 11, e = 7; M = 5
2. p = 5; q = 11, e = 3; M = 9

14. In a public-key system using RSA, you intercept the cipher text C = 10 sent to a user whose
public key is e = 5, n = 35. What is the plaintext M?

15. Prove RSA Algorithm.