I

For Office Use Only Set 1

No. of CODE NO.

Copies

Remarks on Scrutin

o*'

No. ofpages:5 Page No. 1

CODE NO.:

FOURTH SEMESTER BCA DEGREE EXAMINATIONS

CAREER RELATED FDP UNDER CBCSS

Group 2(b)-COMPUTER APPLICATIONS

Core Course- CP 1441

INTRODUCTION TO INFORMATION SECURITY
(2014 ADMISSION ONWARDS)
✓

Time: 3 Hrs. Max. Marks: 80

ANSWER KEY

SECTION A [Very Short Answer type]

(One word to maximum ofone sentence. Answer ALL questions. Each question carries\ONE mark) y-

1. An active attack is the one in which the intruder may transmit messages, replay old
messages, modify messages in transit.
2. What you are allowed to do.
3. Digital Signature Standard
4. The software which intends to damage the computer system.
■ 5. Who you are. ,
 4
%

i
 CONTINUATION SHEET Code
Set 1 Page No. 2 Number

CP 1441 INTRODUCTION TO INFORMATION SECURITY i

ANSWER KEY {2014 ADMISSION ONWARDS)

6. A monoalphabetic cipher maps from a plain alphabet to cipher alphabet. Here a single
cipher alphabet is used per message.
7. Internet protocol
8. Cryptology is the study of cryptography and cryptanalysis.
9. Data Encryption Standards
10. 128 bits

SECTION Ti [Short Answer type]

(Not to exceed one paragraph. Answer any EIGHT questions. Each question carries TWO marks)

11. Information security is concerned with the control and treats related to the use of
information. The security to the information system can be provided by using external
and internal approach.
12. If both sender and receiver use the same key, the system is referred to as symmetric,
single key, secret key, or conventional encryption. If the sender and receiver each use a
different key, the system is referred to as asymmetric, two-key, or public-key
encryption.
13. Confidentiality using encryption, authentication, integrity using message digest, replay
attack protection, limited traffic flow confidentially
14. Trojan horses are a class of malware that take their name from the way they infect
computers. Just like the classical story of the Trojan horse, Trojans hide themselves
within seemingly harmless programs or try to trick you into installing them.
15. The Caesar cipher involves replacing each letter of the alphabet with the letter standing
three places further down the alphabet.
For example : Plain : meet me after the toga party
Cipher : PHHW PH DIWHU WKH WRJD SDUWB
16. In asymmetric encryption, two different keys are used, one for encryption and another
for decryption. Public key is publically available so that not only sender; and recipient
but anybody may know the key. Private key which is a secret key known to the owner of
the key.
17. S/MIME is useful for transmitting the data securely through e-mail. Companies use it for
securely exchange their data. In software companies part of code is securely transmitted
through this. Government organizations and stock market data can be securely
transmitted. Hospital also uses this.
18. Spyware is software that aims to gather information about a person or organization
without their knowledge and that may send such information to another entity without
I

4
I
 CONTINUATION SHEET Code
Set! Page No. 3 Number

CP 1441 INTRODUCTION TO INFORMATION SECURITY

ANSWERKEY (2014 ADMISSION ONWARDS) j
the consumer's consent, or that asserts control over a computer without the consumer's
knowledge.
19. Electronic code book mode, Cipher block chaining mode, Feedback mode, Counter
mode
20. Signature or pattern based approach, behavior based approach, other approaches for
detecting viruses, sand box method.
21. IPv6 (Internet Protocol version 6) is a set of specifications from the Internet Engineering
Task Force (IETF) that’s essentially an upgrade of IP version 4 (IPv4). The most obvious
improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128
bits. A
22. It cannot protect those attacks that bypass the firewall, It cannot protect the network
against the internal attacks. It cannot protect wireless communication etc.

SECTION C [Short Essay]

(Not to exceed 120 words. Answer any SIX questions. Each question carries FOUR marks)

23. Key generation, Signature generation, Signature verification, Correctness

24. Record protocol, ChangeCipher SpecProtocol, Alert Protocol, Handshake protocol
25. Cryptography, Hacking, Encryption, Decryption, Cryptanalysis
26.
IPv4 IPv6

IPv4 addresses are 32 bit length.
IPv4 addresses are binary numbers
represented in decimals. . .
IPSec support is only optional.
Fragmentation is done by sender and
forwarding routers.
No packet flow identification.
Checksum field is available in IPv4 header
IPv6 addresses are 128 bit length.
IPv6. addresses are binary numbers
represented in hexadecimals.
Inbuilt IPSec support, i ________
Fragmentation is done only by sender. .
Packet flow identification is available
within the IPv6 header using the Flow
Label field.
No checksum field in IPy6 header.

27. E-mail worm. Instant messaging worm, Internet worm, Internet Relay Chat(IRC) worm,
file-sharing networks worm, Payloads, Worms with good intent.
I

k
:
i

:
!
I
I

I
>v 'l

CONTINUATION SHEET Code

Set 1 Page No. 4 Number

CP 1441 INTRODUCTION TO INFORMATION SECURITY

ANSWER KEY (2014 ADMISSION ONWARDS) i
28.
Class PGP S/MIME

Authentication Distributed Authentication Hierarchical

Authentication

Key storage Key ring Key certificate .

Standard IETF

Commercialization No compatibility test, compatibility test, many

small products commercial products

Applications Personal Company, enterprise

29. In transposition cipher, the letters are written in a row under the key and then arrange the
column as per alphabetical order. ^
Single columnar and double columnar transposition ciphers j
30. Adjudicating officer. Digital signature, Affixing digital signature,; Appropriate
Government, Certifying Authority, Cyber Appellate Tribunal, Electronic; form, Secure
system, Electronic Gazette
31. Convergence has been defined as the ability of one or different networks to carry
different services. Or the bringing together of industries in the communications area,
which were previously viewed as separate and distinct in both the commercial and-the
technological sense.
Examples are the provision of Internet access and TV to mobiles and triple or quad play
services offered by ISPs or Cable TV Operators.

SECTION D [Short Essay]

(Answer any TWO questions. Each question carries 15 marks)
32. Block Ciphers: when encryption algorithms process a block of data at a time and
generate a block of data as ciphertext
Block cipher modes of operation : Electronic code book mode, Cipher block chaining
mode, Feedback mode, Counter mode ’
DES:
The algorithm, which is parameterized by a 56-bit key, has 19 distinct stages.
The first stage is a key-independent transposition on the 64-bit plaintext.
The last stage is the exact inverse of this transposition.
I

[
t

CONTINUATION SHEET Code

Set 1 Page No. 5 Number

CP 1441 INTRODUCTION TO INFORMATION SECURITY

ANSWER KEY (2014 ADMISSION ONWARDS)
The stage prior to the last one exchanges the leftmost 32 bits with|the rightmost
32 bits. , ,
The remaining 16 stages are functionally identical but are parameterized by
different functions of the key.
The algorithm has been designed to allow decryption to be done with the same
key as encryption, a property needed in any symmetric-key algorithm.
The steps are just run in the reverse order.

Triple DES
33. Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication
session.
IP security architecture : - strengths of IPsec, Applications of IPsec, Benefits of IPsec,
Overview of IPsec, Working of IPsec
IPv4, IPv6
34. A public encryption method that relies on a public encryption algorithm, a public
decryption algorithm, and a public encryption key.
Using the public key and encryption algorithm, everyone can encrypt a message.
The decryption key is known only to authorized parties. ' |
The RSA (1978) method is based on some principles from number theory.:
The use of Rivest-Shamir-Adleman(RSA) method is as follows
1. Choose two large primes, p and q (typically 1024 bits).
2. Compute n = p x q and z = (p -1) x (q -1).
3. Choose a number relatively prime to z and call it d.
4. Find e such that e x d =1 mod z. ,
Its major disadvantage is that it requires keys of at least 1024 bits for good security.
Example
35. Email security refers to the collective measures used to secure the access and: content of
an email account or service. It allows an individual or organization to protect the overall
access to one or more email addresses/accounts.
Pretty Good Privacy:- need of PGP, working of PGP, PGP encryption applications
MIME:- MIME headers, MIME transfer -encoding header field
S/MIME History of S/MIME, working of S/MIME, Applications of S/MIME
r