Roll No.

: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Amrita Vishwa Vidyapeetham
Amrita School of Engineering, Bengaluru
B.Tech. Degree Examinations – May/June 2022
Sixth Semester
Computer Science and Engineering
19CSE311 Computer Security
Duration: Three hours Maximum: 100 Marks

CO Course Outcome
CO1 Understand the fundamental concepts of computer security and apply to different
components of computing systems.
CO2 Understand basic cryptographic techniques
CO3 Understand how malicious attacks, threats, security and protocol vulnerabilities
impact a system’s Infrastructure.
CO4 Demonstrate knowledge in terms of relevance and potential of computer security for a
given application.

PART – A: (5 X 8 = 40 marks) Answer all questions

1. Apply the Playfair cipher to encipher the message “the key is hidden under the door pad”. The
secret key can be made by filling the word “GUIDANCE” and filling the rest of the matrix with the
rest of the alphabets. [8]
[CO2] [BTL 3]

2. What is 2DES? What kind of an attack on 2DES makes it useless? Explain with a suitable example.
[8] [CO3] [BTL
4]

3. Elucidate the two security protocols defined by IPSec to provide authentication and encryption for
packets at the IP level. [8] [CO4] [BTL 2]

4. (a) What is the principle of least privilege? Why is it important? [4] [CO4] [BTL 2]
(b) In comparison with access control lists, what are the advantages and disadvantages of
capabilities? List one advantage and one disadvantage. [4] [CO4]
[BTL 2]

5. Discuss in detail the SSL protocol stack. Also, list the parameters which are defining the session
state and connection state. [8] [CO4]
[BTL 3]

PART – B: (5 X 12 = 60 marks) Answer all questions

R Page 1 of 3
6. (i) Suppose we have a set of blocks encoded with the RSA algorithm and we don't have the private
key. Assume n = pq, e is the public key. Suppose also someone tells us they know one of the
plaintext blocks has a common factor with n. Does this help us in any way? [6] [CO4]
[BTL 3]
(ii) Differentiate between Conventional Encryption and Public-Key Encryption. How will you
classify the use of Public-Key Cryptosystems? [6] [CO4] [BTL 3]

7. Consider a Feistel cipher composed of 16 rounds with a block length of 128 bits and a key length of
128 bits. Suppose that, for a given k, the key scheduling algorithm determines values for the first 8
round keys, k1, k2, ..., k8, and then sets k9 = k8, k10 = k7, k11 = k6, ..., k16 = k1
Suppose you have a ciphertext c. Explain how, with access to an encryption oracle, you can decrypt
c and determine ‘m’ using just a single oracle query. [12] [CO2] [BTL 4]

8. Needham and Schroeder suggest the following variant of their protocol:

a. Alice  Bob: Alice
b. Bob  Alice: {Alice, rand3} kBob
c. Alice  Cathy: {Alice, Bob, rand1, {Alice, rand3} kBob}
d. Cathy  Alice: {Alice, Bob, rand1, ksession, {Alice, rand3, ksession} kBob}
kAlice
e. Alice  Bob: {Alice, rand3, ksession} kBob
f. Bob  Alice: {rand2} ksession
g. Alice  Bob: {rand2 – 1} ksession
Show that this protocol solves the problem of replay as a result of stolen session keys.
[12] [CO2] [BTL 5]

9. (i) Phil Zimmermann chose IDEA, three-key triple DES, and CAST-128 as symmetric encryption
algorithms for PGP. Give reasons why each of the following symmetric encryption algorithms is
suitable or unsuitable for PGP: DES, two-key triple DES, and AES. List the purpose of 3 types of
PGP messages. [8] [CO3] [BTL 3]
(ii) How confidentiality and authentication could be achieved in Pretty Good Privacy?
[4] [CO3] [BTL 3]

*****

Course Outcome / Bloom’s Taxonomy Level (BTL) Mark Distribution Table

R Page 2 of 3
 CO Marks BTL . . Marks

CO01 15 BTL 1 0

CO02 15 BTL 2 0

CO03 30 BTL 3 65

CO04 40 BTL 4 35

CO05 BTL 5

CO06 BTL 6

R Page 3 of 3