VL7002 Question Bank

1
M.E DEGREE EXAMINATION, DECEMBER 2015/JANUARY 2016

VLSI DESIGN
VL7002 SECURITY SOLUTIONS IN VLSI
(Regulation 2013)
Answer all questions.
PART A (10*2=20marks)
1. List out different types of threats to information security?

Answer:
Information Access Threat: Intercept or modify data on behalf of users who should not
have access to that data.
Service Threats: Exploit service flaws in computers to inhibit use by legitimate users
2. Draw the information flow of the information system.
Answer:
3. What are the conventional encryption techniques?

Answer:
i) Symmetric Cipher Model
ii) Substitutional Techniques
iii) Transposition Techniques
4. Define Directory authentication system
Answer:
It is an authenticated system which works like a file directory. Every file has a unique
owner who possesses control access rights and revoke access to any person at any time.
Each user has a file directory which list all the files to which that user has access. The
operating system must maintain all file directories under commands from the owners of
files.
5. Define firewall in a Network System
Answer:
A firewall is a device that filters all traffic between a protected or inside network and a
less trustworthy or outside network. It runs on a dedicated device since it is a single point
through which the traffic is channeled, it is executable code so non firewall functions
should not be done on the same machine.
6. When a system can be termed as the trusted system?
Answer:
The trusted system or secure operating system connotes one that meets the intended
security requirements, is of high quality and justifies the users confidence in that quality.
7. List out the prerequisites of data security system.
Answer
Data security means protecting data, such as a database, from destructive forces and
from the unwanted actions of unauthorized users.
8. Draw the block diagram of VLSI based network.
Answer
In the case of block cipher designs it may be useful to select an FPGA device that has embedded
Block RAMs (BRAMs) on it. As it was explained above, BRAMs are fast access memories and
might be excellent choices for a straightforward implementation of the characteristic S-box
blocks of symmetric ciphers. Alternatively, S-Boxes can be implemented using the
FPGA CLB fabric configured in memory mode.
9. Define Digital Signature
Answer
A digital signature is an authentication mechanism that enables the creator of a message
to attach a code that acts as a signature. Typically the signature is formed by taking the
hash of the message and encrypting the message with the creators private key. The
signature guarantees the source and integrity of the message. The digital signature
standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA)
10. Write the applications of AES algorithm.
Answer
Due to the broad range of applications that Rijndael algorithm can support, it is important
to have multiple versions of Rijndael-based products. AES solutions are currently
available in four different versions:
Standard
The Standard version provides data rates of up to 500 Mbits/sec and is appropriate for
applications such as VoIP.
Compact
The Compact AES products are perfect solutions for wireless applications, such as
PDAs and cell phones, where power and area minimization are crucial.
Fast
The Fast version goes up to 2000 Mbits/sec and is suitable for VPN security products
incorporated into broadband switches, routers, firewalls, and remote-access
concentrators.
Very Fast
Very Fast AES products target applications with data rates faster than 2000 Mbits/sec.
PART B (5 x 13 =65)
11)(a) Describe in detail with necessary illustrations the building blocks of security systems
in OS. And also specify the features of Biometric Systems
(13)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
254 259, 210 -211
(OR)
11)(b)(i) Explain in detail with neat block diagram of Data Communication Procedures (7)
Reference Book
Data Communication and
Networking, 4th Edition
Author
Behrouz A Forouzan
Page Number
4-7
(b) (ii) Explain in detail with neat block diagram Computer systems and Communication
Security
(6)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
9 - 19
12)(a)Enumerate in detail the basic synthesis procedure of Message Authentication and

Hash algorithm in Encryption technique
(13)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
393 -404
(OR)
(b)What is meant by DES Chaining? Explain in detail the NDS message digest algorithm
with appropriate example.
(13)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
352 354

Edition

Lawrence Pfleeger
7-9
13)(a) Describe with suitable principles the trusted systems of IT Act and the Cyber Laws
adapted for the security system
(13)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
568-572
(OR)
13) (b) (i) Enumerate in detail Virtual Private Network
Reference Book
Edition
Author
Lawrence Pfleeger
(7)
Page Number
434 -439
(b) (ii) Design Principles of Firewall

Reference Book
Edition
(6)
Author
Lawrence Pfleeger
Page Number
457 - 465
14)(a) With appropriate example, explain in detail the recent types of attacks in the
Network System
(13)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
387 - 418
(OR)
(b) Discuss in detail the procedure involved in the VLSI based Network Security System
with a suitable case study
(13)
Reference Book
Cryptographic algorithms
on Reconfigurable
Hardware
Author
Francisco
Rodriguz,N.A.Saquib,
Arturo Diaz,Cetin Kayo
Page Number
238-240
15) (a) Discuss in detail with neat block diagram the principles of Asynchronous circuit
design according to Jens Sparso and also distinguish this principle with that of Steve Fuber
(13)
Most digital circuits designed and fabricated today are synchronous. In essence, they are based
on two fundamental assumptions that greatly simplify their design: (1) all signals are binary, and
(2) all components share a common and discrete notion of time, as defined by a clock signal
distributed throughoutthe circuit. Asynchronous circuits are fundamentally different; they also
assume binary signals, but there is no common and discrete time. Instead the circuits use
handshaking between their components in order to perform the necessary synchronization,
communication, and sequencing of operations. Expressed in synchronous terms this results in a
behaviour that is similar to systematic fine-grain clock gating and local clocks that are not in
phase and whose period is determined by actual circuit delays registers are only clocked where
and when needed.
Clocking versus handshaking
Figure 1.1(a) shows a synchronous circuit. For simplicity the figure shows a pipeline, but it is
intended to represent any synchronous circuit. When designing ASICs using hardware
description languages and synthesis tools, designers focus mostly on the data processing and
assume the existence of a global clock. For example, a designer would express the fact that data
clocked into register R3 is a function CL3 of the data clocked into R2 at the previous clock as the
following assignment of variables: R3 := CL3(R2). Figure 1.1(a) represents this high-level view
with a universal clock. When it comes to physical design, reality is different. Todays ASICs use a
structure of clock buffers resulting in a large number of (possibly gated) clock signals as shown
in figure 1.1(b). It is well known that it takes CAD tools
and engineering effort to design the clock gating circuitry and to minimize and control the skew
between the many different clock signals. Guaranteeing the two-sided timing constraints the
setup to hold time window around the clock edge in a world that is dominated by wire delays is
not an easy task. The buffer-insertion-and-resynthesis process that is used in current commercial
CAD tools may not converge and, even if it does, it relies on delay models that
are often of questionable accuracy. Asynchronous design represents an alternative to this. In an
asynchronous circuit the clock signal is replaced by some form of handshaking between
neighbouring registers; for example the simple request-acknowledge based hand shake protocol
shown in figure 1.1(c). In the following chapter we look at alternative handshake protocols and
data encodings, but before departing into these implementation details it is useful to take a more
abstract view as illustrated in figure 1.1(d): think of the data and handshake signals connecting
one register to the next in figure 1.1(c) as a handshake channel or link,
think of the data stored in the registers as tokens tagged with data values (that may be changed
along the way as tokens flow through combinational circuits), and think of the combinational
circuits as being transparent to the handshaking between registers; a combinatorial circuit simply
absorbs a token on each of its input links, performs its computation, and then emits a token on
each of its output links.
Intuitively, correct operation requires that data tokens flowing in the circuit do not disappear, that
one token does not overtake another, and that new tokens do not appear out of nowhere. Asimple
rule that can ensure this is the following: A register may input and store a new data token from
its predecessor if its successor has input and stored the data token that the register was previously
holding. The states of the predecessor and successor registers are signaled by the incoming
request and acknowledge signals respectively. Following this rule data is copied from one
register to the next along the path through the circuit. In this process subsequent registers will
often be holding copies of the same data value but the old duplicate data values will later be
overwritten by new data values in a carefully ordered manner, and a handshake cycle on a link
will always enclose the transfer of exactly one data token. Understanding this token flow game
is crucial to the design of efficient circuits, and we will address these issues later, extending the
token-flow view to cover structures other than pipelines. Our aim here is just to give the reader
an intuitive feel for the fundamentally different nature of asynchronous circuits.
An important message is that the handshake-channel and data-token view represents a very
useful abstraction that is equivalent to the register transfer level (RTL) used in the design of
synchronous circuits. This data-flow abstraction, as we will call it, separates the structure and
function of the circuit from the implementation details of its components.
Another important message is that it is the handshaking between the registers that controls the
flow of tokens, whereas the combinational circuit blocks must be fully transparent to this
handshaking. Ensuring this transparency is not always trivial; it takes more than a traditional
combinational circuit, so we will
Figure 1.1. (a) A synchronous circuit, (b) a synchronous circuit with clock drivers and clock
gating, (c) an equivalent asynchronous circuit, and (d) an abstract data-flow view of the asynchronous
circuit. (The figure shows a pipeline, but it is intended to represent any circuit topology).
(OR)
(b) Explain in detail with neat block diagram

(i) Implementation of DES algorithm
(6)
(ii) Development of Digital Signature chip using RSA Algorithm
(7)
Reference Book
Pearson Education
Author
William Stallings
Page Number
101 109
PART C (1*15 = 15 Marks)

16. (a) Design and explain in detail the crypto chip design for a real time application using
AES Algorithm
(15)
Reference Book
Pearson Education
Author
William Stallings
Page Number
172 - 198
(OR)
(b) Design a LAN environment for a corporate office considering all the threats and attacks
that can happen in the network design.
(15)
Reference Book
Pearson Education
Author
William Stallings
**********
Page Number
387 -414
M.E DEGREE EXAMINATION, JANUARY 2015

VLSI DESIGN
(Regulation 2013)
1. Define the terms LAN and WAN and list their specification?
Answer:
A Local Area Network (LAN) is usually privately owned and links the devices in a
single office, building or campus. Depending on the needs of an organization and the type
of technology used, a LAN can be as simple as two PCs and a printer in someones home
office. LAN size is limited to a few kilometers.
A Wide Area Network (WAN) provides long distance transmission of data, image, audio
and video information over large geographic areas, which comprise a country, a continent
or even the whole world.
2. How biometric system is used in the security solutions?.
Answer:
Biometrics refers to metrics related to human characteristics. Biometrics authentication
(or realistic authentication) is used in computer science as a form of identification and
access control. It is also used to identify individuals in groups that are under surveillance.
Biometric identifiers are the distinctive, measurable characteristics used to label and
describe individuals. Biometric identifiers are often categorized as physiological versus
behavioral characteristics. Physiological characteristics are related to the shape of the
body. Examples include, but are not limited to fingerprint, palm veins, face recognition,
DNA, palm print, hand geometry, iris recognition, retina and odour/scent.
3. What is meant by directory authentication service?
Answer:
It is an authenticated system which works like a file directory. Every file has a unique
owner who possesses control access rights and revoke access to any person at any time.
Each user has a file directory which list all the files to which that user has access. The
operating system must maintain all file directories under commands from the owners of
files.
4. Give short notes on NDS message digest algorithm
Answer:
10
A hash function maps a variable length message into a fixed length hash value or
message digest. It is used to verify the integrity of the message and assures that purported
identity of the sender is valid. It is used to provide message authentication, the hash
function often referred to as message digest.
5. Write a short note on cyber laws
Answer:
Cyber law (also referred to as cyberlaw) is a term used to describe the legal issues related
to use of communications technology, particularly "cyberspace", i.e. the Internet. It is less
a distinct field of law in the way that property or contract are as it is an intersection of
many legal fields, including intellectual property, privacy, freedom of expression, and
jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by
human activity on the Internet with legacy system of laws applicable to the physical
world.
6. What is the importance of Information Technology Act?
Answer:
The Act provides legal framework for electronic governance by giving recognition to
electronic records and digital signatures. The formations of Controller of Certifying
Authorities was directed by the Act, to regulation issuing of digital signatures. It also
defined cyber crimes and prescribed penalties for them. It also established a Cyber
Appellate Tribunal to resolve disputes rising from this new law
7. How does a virus attack a network?
Answer
A Virus is a program that is activated by attaching copies of itself to executable objects.
Viruses can reach your computer from other infected computers, via data medium (CD,
DVD, etc.) or through a network (local or Internet). Worm: A worm is an independent
program that copies itself across a network. Unlike a virus (which needs the infected file
to be copied in order to replicate itself), the worm spreads actively by sending copies of
itself via LAN or Internet, email communication, or through operating system security
bug.
8. How does MAC address filtering help to secure a wireless network?

Answer
Every internet device has a network interface card that it uses to connect to a network.
Each manufacturer of network interface card adds a unique number called a Media
Access Control number or MAC address to identify the device. If you enable MAC
address filtering for a wireless router or access point, then it will only accept connections
11
from the devices with the MAC addresses you entered. Other wireless devices might
detect your network but they wont be able to connect, because their MAC addresses are
not specifies for access. It does not allow unknown devices to make connections.
9. Give the importance of crypto chip design
Answer
Tamper-detecting and tamper-evident containment.
Conductive shield layers in the chip that prevent reading of internal signals.
Controlled execution to prevent timing delays from revealing any secret information.
Automatic zeroization of secrets in the event of tampering.
Chain of trust boot-loader which authenticates the operating system before loading it.
Chain of trust operating system which authenticates application software before loading
it.
Hardware-based capability registers, implementing a one-way privilege separation

model.
10. List out the advantages of the implementation of DES crypto chip.
Answer
a). The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A
brute
force
attack
on
such
number
of
keys
is
impractical.
b). The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the
characteristic of DES algorithm but no one has succeeded in finding out the weakness.
PART B (5 x 13 =65)
11)(a) Discuss in detail about the hardware, software and data communication procedures
of security mechanism in operating system
(16)
Reference Book
Pearson Education
Author
William Stallings
(OR)
Page Number
38-49
12
11)b) Explain the following terms in network security implementation

i) Physical Security ii) Monitoring Controls iii) Data Security iv) Communication Security
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
i)538 548
iii)545 -547
ii) a choke point of control and monitoring

interconnects networks with differing trust
imposes restrictions on network services
only authorized traffic is allowed
auditing and controlling access
can implement alarms for abnormal behavior
provide NAT & usage monitoring
implement VPNs using IPSec
must be immune to penetration
iv) Communication Security:
Communications security is the discipline of preventing unauthorized interceptors from
accessing telecommunications in an intelligible form, while still delivering content to the
intended recipients. Secure communication is when two entities are communicating and do not
want a third party to listen in. For that they need to communicate in a way not susceptible to
eavesdropping or interception. Secure communication includes means by which people can share
information with varying degrees of certainty that third parties cannot intercept what was said.
Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe
to say that no communication is guaranteed secure in this sense, although practical obstacles such
as legislation, resources, technical issues (interception and encryption), and the sheer volume of
communication serve to limit surveillance.
12)(a)Explain in detail about the triple DES encryption algorithm with practical example
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
65-69
13
(OR)
(b)Describe in detail about the message authentication requirements and functions of the
secure hash algorithm.
(16)
Reference Book
Pearson Education
Author
William Stallings
Page Number
388-398
13)(a) Explain in detail about the design principles of the firewall system with suitable
practical examples
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
457-465
(OR)
13) (b) Discuss in detail about the trusted systems and virtual private network with suitable
examples
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
14)(a) (i) Explain in detail about the static security.
Page Number
251-252, 434-439
(8)
Static validation techniques look at configurations and network topologies in order to identify
security configuration errors, while dynamic verification supplements that with actual traffic
logs. These techniques are commonly used to verify firewall configurations. Static validation has
the advantage of being performed offline, and it can be completed prior to deploying a security
configuration. It can detect errors such as shadowed rules (these are rules that will never be
triggered because an earlier rule covers all of the traffic that would be covered by the shadowed
rule.)
Dynamic analysis provides deeper insight into a rulebase. For example, only dynamic analysis
can detect orphaned rules -- rules that are syntactically correct but will never be triggered due to
changes in the way the network operates. For example, static analysis will never reveal that a
database server has been decommissioned, while dynamic analysis will identify that the rule has
not been triggered in a long time, allowing you to proactively clean up the rulebase.
Computer security is the process of preventing and detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized users (also known as "intruders") from
14
accessing any part of your computer system. Detection helps you to determine whether or not
someone attempted to break into your system, if they were successful, and what they may have
done.
14)(a) (ii) Describe in detail about the Broadband Gateway and its functionalities
Reference Book
Author
Behrouz A Forouzan
(8)
Page Number
680
In telecommunications networking, a residential gateway allows the connection of a local area

network (LAN) to a wide area network (WAN). The WAN can be a larger computer network
(such as a municipal WAN that provides connectivity to the residences within the municipality),
or the Internet. WAN connectivity may be provided through DSL, cable modem, a broadband
mobile phone network, or other connections.
The term "residential gateway" was originally used to distinguish the inexpensive networking
devices designated for use in the home from similar devices used in corporate LAN
environments (which generally offered a greater array of capabilities). In recent years, however,
the less expensive "residential gateways" have gained many of the capabilities of corporate
gateways and the distinctions are fewer. Many home LANs now are able to provide most of the
functions of small corporate LANs.
A residential gateway usually provides
configuration via a web interface
routing between the home network and the Internet,
connectivity within the home network like a network switch,
network address translation (NAT) for IPv4
DHCP for IPv4 and increasingly router advertisements for IPv6, and
firewall functions.
It may also provide other functions such as Dynamic DNS.[5]

Most routers are self-contained components, using internally stored firmware. They are generally
OS-independent, i.e., they can be accessed with any operating system.
Wireless routers perform the same functions as a router, but also allow connectivity for wireless
devices with the LAN, or between the wireless router and another wireless router. (The wireless
router-wireless router connection can be within the LAN or can be between the LAN and a
WAN.)
15
(OR)
(b) Discuss in detail about the VLSI implementation of end-to-end IP security architecture
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
440-443
15) (a) Discuss in detail about the VLSI implementation of RSA digital signature Algorithm
(16)
Reference Book
Pearson Education
Author
William Stallings
Page Number
427-430
(OR)
(b) Explain in detail about the design and development of IDEA AES algorithm in VLSI
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
**********
Page Number
69-71
16
M.E DEGREE EXAMINATION, JANUARY 2014

VLSI DESIGN
(Regulation 2013)
1. Distinguish between MAN and WAN?
Answer:
A Metropolitan Area Network (MAN) is a network with a size between a LAN and a WAN
normally covers the area inside a town or a city. It is designed for customers who need a high
speed connectivity normally to the internet, and have endpoints spread over a city or part of city.
A Wide Area Network (WAN) provides long distance transmission of data, image, audio and
video information over large geographic areas, which comprise a country, a continent or even the
whole world.
2. Define the term Communication Security.
Answer:
Communications security is the discipline of preventing unauthorized interceptors from

accessing telecommunications in an intelligible form, while still delivering content to the
intended recipients
3. Write a short note on Hash Functions?
Answer:
A hash function maps a variable length message into a fixed length hash value or message digest.
It is used to verify the integrity of the message and assures that purported identity of the sender is
17
valid. It is used to provide message authentication, the hash function often referred to as message
digest.
4. State the concept of PKI Certificates
Answer:
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital certificates and manage publickey encryption. The purpose of a PKI is to facilitate the secure electronic transfer of
information for a range of network activities such as e-commerce, internet banking and
confidential email. It is required for activities where simple passwords are an inadequate
authentication method and more rigorous proof is required to confirm the identity of the
parties involved in the communication and to validate the information being transferred
5. How do system become more vulnerable to malware?
Answer:
Malware, short for malicious software, is any software used to disrupt computer
operations, gather sensitive information, gain access to private computer systems, or
display unwanted advertising
6. Give the overview of Wireless Intrusion Prevention System?
Answer:
A wireless intrusion prevention system (WIPS) is a network device that monitors the
radio spectrum for the presence of unauthorized access points (intrusion detection), and
can automatically take countermeasures
An Wireless intrusion Prevention System is a device that is placed inside a protected network to
monitor what occurs within the network. If an attacker is able to pass through the router and pass
through the firewall. It offers the opportunity to detect the attack at the beginning , in progress or
after it has occurred.
7. Write a short note on TCP Layer Attacks?
Answer
TCP SYN Flooding

TCP Session Hijack
TCP Session Poisoning
8. Define the term Packet Filters

Answer
A packet filtering gateway or screening router is the simplest, and in some situations, the
most effective type of firewall. A packet filtering gateway control access to packets based
on packet address (source or destination) or specific transport protocol type such as
HTTP.
18
Another Definition:
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to
forward or discard the packet. Filtering rules are based on information contained in a
network packet such as src & dest IP addresses, ports, transport protocol & interface.
Some advantages are simplicity, transparency & speed.
If there is no match to any rule, then one of two default policies are applied:
that which is not expressly permitted is prohibited (default action is discard packet),
conservative policy
that which is not expressly prohibited is permitted (default action is forward packet),
permissive policy
9. List out the advantages of crypto chip
Answer
it

model.
10. What is meant by IDEA AES Algorithm?

Answer
The European counterpart to DES is the IDEA algorithm. IDEA is considerably
faster and more
secure than DES. Its enhanced speed is due to the fact the each round consists
of much simpler
operations than the Feistel cycle in DES.These operations (XOR, addition, and
multiplication) are
much simpler to implement in software than the substitution and permutation
operations of DES.
IDEA operates on 64-bit blocks with a 128-bit key, and the encryption/decryption
process uses eight rounds with six 16-bit subkeys per round.The IDEA algorithm
is patented both in the US and in Europe, but free non-commercial use is
permitted.
PART B (5 x 13 =65)
19
11)(a) Discuss in detail about the various issues and challenges in providing of security
mechanism in operating systems
(16)
Reference Book
Pearson Education
Author
William Stallings
Page Number
38 - 49
(OR)
11)b) Explain the following terms in network security implementation
i) Physical Security ii) Biometric Security iii) Data Security iv) Monitoring Controls
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
i) 538 548
ii)210 211
iii)545 547
iv) Monitoring Control:

a choke point of control and monitoring
interconnects networks with differing trust
imposes restrictions on network services
only authorized traffic is allowed
auditing and controlling access
can implement alarms for abnormal behavior
provide NAT & usage monitoring
implement VPNs using IPSec
must be immune to penetration
12)(a)Explain in detail about the X.509 certificate format and its authentication process
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
453-461
(OR)
(b)Describe in detail about the Diffie-Hellman key exchange with practical example
(16)
20
Reference Book
Pearson Education
Author
William Stallings
Page Number
325-329
13)(a) Discuss in detail about the types of firewall system and its design principles
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
458-465
(OR)
13) (b) Explain in detail about the Virtual private network with suitable examples
(16)
Reference Book
Author
Behrouz A Forouzan
Page Number
1004-1009
14)(a) (i) Explain in detail about the Intrusion detection system.

Reference Book
Edition
Author
Lawrence Pfleeger
(16)
Page Number
468-472
(OR)
(b) Describe about the VLSI implementation of end-to-end IP security architecture
(16)
Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
640-651
15) (a) Discuss about the VLSI implementation of RSA algorithm
(16)
21
Reference Book
Pearson Education
Author
William Stallings
Page Number
301-315
(OR)
(b) Discuss about the VLSI implementation of AES algorithm
Reference Book
Pearson Education
Author
William Stallings
(16)
Page Number
198-202
**********
UNIT 1 (2MARKS)
1. Define information Security?
It is a well-informed sense of assurance that the information risks and controls are in balance.
2. What is Security?
Security is the quality or state of being secure-to be free from danger.
3. What are the basic components of computer Security?
a. Confidentiality - Keeping data and resources hidden
b. Integrity - Data integrity (integrity)
- Origin integrity (authentication)
c. Availability - Enabling access to data and resources
4. What is confidentiality?
Confidentiality is the concealment of information or resources. The need for keeping information
secret arises from the use of computers in sensitive fields such as government and industry.
For example.
Military and civilian institutions in the government often restrict access to information
to those who need that information.
5. What is Integrity?
Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms
of preventing or unauthorized change.
Integrity includes data integrity (the content of the information) and origin integrity (the
22
Source of the data, often called Authentication).

For example
A newspaper The information is printed as received (preserving data integrity)
But its source is incorrect (corrupting origin integrity).
6. What is Availability?
Important aspect of reliability as well as of system design because an unavailable system is at
all.
For example.
Banks secondary system server
7. What is a threat?
A threat is a potential violation of security. The violation need not actually occur for there to be a
threat.
8. What is an attack?
The fact that the violation might occur means that those actions that could cause it to occur must
be guarded against. Those actions are called attacks.
9. What are the different broad classes of threats?
1. Disclosure - Snooping
2. Deception - Modification, spoofing, repudiation of origin, denial of receipt
3. Disruption - Modification
4. Usurpation - Modification, spoofing, delay, denial of service
10. What do mean by snooping?
Snooping, the unauthorized interception of information is a form of disclosure. It is a technique
used to gain unauthorized access to computers. It is passive, suggesting simply that some entity
is listening to communications.
PART B (16MARKS)
11) Describe in detail about LAN, MAN, WAN
Reference Book
Author
Behrouz A Forouzan
Page Number
13-16
12) Explain in detail with neat block diagram of Data Communication Procedures
Reference Book
Author
Page Number
Behrouz A Forouzan
3-7
th
Networking, 4 Edition
13) Discuss in detail about Security Planning and Physical Security
Reference Book
Author
Page Number
492 - 542
Edition
Lawrence Pfleeger
14) Explain in detail about OSI Security architecture and Security Attacks
Reference Book
Author
Page Number
23

Pearson Education
William Stallings
38 - 43
15) Describe in detail with neat Security Services and Security Mechanisms
Reference Book
Author
Page Number
Cryptography and Network William Stallings
43-49
th
Security, 5 Edition,
Pearson Education
UNIT 2
1. What is Cryptography?
Cryptography means Secret writing.
Definition:
A cryptosystem is a 5 tuple (E, D, M, K, and C)
M-> set of plain text.
C-> set of Enciphering functions.
K->set of Keys.
D : C*k -> M set of deciphering functions.
2. What is Classical Crypto system?
Also Called single key/ symmetric key
Is a Cryptosystem that use the same key for Decipherment Decipherment.
In this system Ek C and k K .
two types of classical cipher
i) Transposition cipher
ii) Substitution cipher
3. Explain Substitution cipher with example?
i) It changes character in the plain text to produce the cipher text.
ii) Is susceptible to a statistical cipher text only attack.
Example:
The Caesar cipher had a key 3 means, altering each letter in the plain text by mapping it into the
letter 3 characters later in the alphabet.
24
4. Explain Transposition cipher with example?

i)It rearranges the character in the plaintext to form the cipher text.
ii)The Letters are not changed.
Example:
The rail fence cipher is composed by writing the plaintext in 2 rows, proceeding down, then
across, and reading the cipher text across, then down.
HLOOL
ELWRD result of cipher text HLOOLELWRD
Result: HE
LL
OW
OR
LD
5. What is Data Encryption Standard (DES)?
-> It was designed to encipher sensitive but Non classified data. It is Bit Oriented.
-> Also called as Product cipher (use both Transposition and Substitution).
-> Input, Output, Key is each 64 bit Long. The set of 64 bit called BLOCK.
-> Cipher consists of 16 rounds.
-> Each round uses a separate key of 48 bits.
-> These rounds are generated from the key block by dropping the PARITY BITS (reducing key
size to 48 bits), permuting the bits, and extracting 48 bits.
6. Define the term of RSA?

i) RSA is an Internet encryption and authentication system that uses an algorithm developed by
Ron Rivest, Adi Shamir, and Leonard Adleman.
ii) The RSA algorithm is the most commonly used encryption and authentication algorithm.
iii) The encryption system is owned by RSA Security. The company licenses the algorithm
technologies and also sells development kits
iv) Is a type of Exponentiation cipher?
Formula:
i) To evaluate encrypted msg : c= me mod n where m=message
ii) To evaluate original msg : m=c d mod n
7. Explain the term of HMAC?
A)Is a generic term for algorithm that uses a key less hash function and cryptographic key to
produce a keyed hash function?
B) The need for HMAC arose because keyed hash funs are derived from cryptographic function.
C) HMAC builds on a keyless hash function using a cryptographic key to create a keyed hah
function.
8. What are the goals of Key exchange?
i) Enable the communication to takes place secret key using a shared cryptographic key.
ii) Solution: To this problem must meet following criteria
iii)The key that Alice and bob are to share cannot be transmitted in the clear either it must be in
enciphered form or key must not be derived by 3rd party.
iv) Decide to trust 3rd party.
v)The crypt system and protocols are publicly known.
25
9. Explain the terms of Kerberos?

Kerberos is designed to enable two parties to exchange private information across an otherwise
open network. It works by assigning a unique key, called a ticket, to each user that logs on to the
network. The ticket is then embedded in messages to identify the sender of the message.
10. What is Digital signature?
i)A Ds is construct that authenticates both the orgin and the contents of a message that is
provable to a dis interested 3rd party.
ii) A DS provides a service of non repudiation.
iii) A digital signature is an electronic equivalent of an individual's signature. It authenticates the
message to which it is attached and validates the authenticity of the sender. In addition, it also
provides confirmation that the contents of the message to which it is attached, have not be1en2
tampered with, en route from the sender to the receiver.
PART B (16MARKS)
11) Describe in detail with necessary illustrations about Classical Encryption Techniques
Reference Book
Pearson Education
Author
William Stallings
Page Number
55 - 79
12) Explain in detail about Data Encryption Standard (DES)

Reference Book
Author
Page Number
Cryptography and Network William Stallings
92-116
th
Security, 5 Edition,
Pearson Education
13) Discuss about i) AES Structure ii) AES Transformation function iii) AES
implementation
Reference Book
Pearson Education
Author
William Stallings
Page Number
174-198
14) Explain in detail about HMAC, DAA and CMAC

Reference Book
Pearson Education
Author
William Stallings
Page Number
399-404
26
15) Enumerate in detail about Digital Signature

Reference Book
Pearson Education
Author
William Stallings
Page Number
420-427
UNIT 3
1. List the design goals of Firewall
i) All traffic from inside to outside, and vice versa, must pass through the firewall. This is
achieved by physically blocking all access to the local network except via the firewall.
Various configurations are possible, as explained later in this section.
ii) Only authorized traffic, as defined by the local security policy, will be allowed to pass.
Various types of firewalls are used, which implement various types of security policies.
2. List four general techniques that firewall use to control access?
i) Service Control
ii) Direction Control
iii)User Control
iv) Behavior Control
3. What are the various limitations of Firewall?
a) . The firewall cannot protect against attacks that bypass the firewall. Internal systems may
have dial-out capability to connect to an ISP. An internal LAN may support a modem pool
that provides dial-in capability for traveling employees and telecommuters.
b). The firewall does not protect against internal threats, such as a disgruntled employee or
an employee who unwittingly cooperates with an external attacker.
27
c). The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the perimeter,
it would be impractical and perhaps impossible for the firewall to scan all incoming files, email, and messages for viruses.
4. List the types of Firewalls
i)
ii)
iii)
iv)
v)
Packet Filtering
Stateful Inspection
Application Proxy
Guard
Personal Firewall
5. Define Virtual Private Network

virtual private network Consists of a set of computers that interconnect by means of a
relatively unsecure network and that make use of encryption and special protocols to provide
security.
6. What is Trusted System?
The ability of a system to defend against intruders and malicious programs is to implement
trusted system technology.
7. What is an access control matrix model?

The simplest framework for describing a protection system is the access control matrix model,
which describes the rights of users over files in a matrix.
8. What does Cyberlaw mean?
Cyberlaw is the area of law that deals with the Internet's relationship to technological and
electronic elements, including computers, software, hardware and information systems
9. What is security policy?
A security policy is a statement of the security we expect the system to enforce. An operating
system can be trusted only in relation to its security policy that is, to the security needs the
system is expected to satisfy.
10. What are the various security features of ordinary operating system?
i) Authentication of users
ii)Protection of memory
iii) File and I/O device access control
iv) Allocation and access control to general objects
v) Enforcement of Sharing
vi) Guarantee of fair service
PART B (16MARKS)
28
11) Enumarate i) Firewall ii) Design of Firewall

Reference Book
Edition
Author
Lawrence Pfleeger
Page Number
457 - 459
12) Explain in detail about the types of Firewalls

Reference Book
Author
rd
Security in Computing, 3
Edition
Lawrence Pfleeger
Page Number
458 - 465
13) Discuss in detail about Intrusion Detection Systems

Reference Book
Author
rd
Edition
Lawrence Pfleeger
Page Number
468-473
14)Briefly explain about Information and the law

Reference Book
Author
rd
Edition
Lawrence Pfleeger
Page Number
568-572
15) Discuss about Trusted Operating System Design

Reference Book
Author
Edition
Lawrence Pfleeger
Page Number
250 - 266
UNIT 4
1. Write short note on TCP layer attack?
TCP SYN Flooding
TCP Session Hijack
TCP Session Poisoning
2. Define the term Packet Filters
A packet filtering gateway or screening router is the simplest, and in some situations, the most
effective type of firewall. A packet filtering gateway control access to packets based on packet
address (source or destination) or specific transport protocol type such as HTTP.
Another Definition:
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to
forward or discard the packet. Filtering rules are based on information contained in a network
packet such as src & dest IP addresses, ports, transport protocol & interface. Some advantages
are simplicity, transparency & speed.
If there is no match to any rule, then one of two default policies are applied:
that which is not expressly permitted is prohibited (default action is discard packet),
conservative policy
29
that which is not expressly prohibited is permitted (default action is forward packet),
permissive policy
3. How does a virus attack a network?
A Virus is a program that is activated by attaching copies of itself to executable objects. Viruses
can reach your computer from other infected computers, via data medium (CD, DVD, etc.) or
through a network (local or Internet). Worm: A worm is an independent program that copies
itself across a network. Unlike a virus (which needs the infected file to be copied in order to
replicate itself), the worm spreads actively by sending copies of itself via LAN or Internet, email
communication, or through operating system security bug
4) How does MAC address filtering help to secure a wireless network?
Every internet device has a network interface card that it uses to connect to a network. Each
manufacturer of network interface card adds a unique number called a Media Access Control
number or MAC address to identify the device. If you enable MAC address filtering for a
wireless router or access point, then it will only accept connections from the devices with the
MAC addresses you entered. Other wireless devices might detect your network but they wont be
able to connect, because their MAC addresses are not specifies for access. It does not allow
unkown devices to make connections.
5) Define Data Security
Data security means protecting data, such as a database, from destructive forces and from the
unwanted actions of unauthorized users.
6) Draw the block diagram of VLSI based network.
30
In the case of block cipher designs it may be useful to select an FPGA device that has embedded
Block RAMs (BRAMs) on it. As it was explained above, BRAMs are fast access memories and
might be excellent choices for a straightforward implementation of the characteristic S-box
blocks of symmetric ciphers. Alternatively, S-Boxes can be implemented using the
FPGA CLB fabric configured in memory mode.
7) What makes a network Vulnerable?
i) Anonymity
ii) Sharing
iii) Complexity of System
iv)Unknown Path
8) Write short notes on Distributed System?
A distributed system is one in which computation is spread across two or more computers. In
security point of view we are most interested in the type of distributed system in which one
computer invokes a process on another computer without the direct participation of the user.
9) List the advantages of Computing Networks
Resource sharing
Distributing the workload
Increased Reliability
Expandability
10) What is network attack?

A human who exploits vulnerability perpetrates an attack on the system. An attack can also be
launched by another system, virtually shutting down the second systems ability to function.
PART B (16MARKS)
11) Explain in detail about Network Concepts
Reference Book
Edition
Author
Lawrence Pfleeger
12) Discuss in detail about threats in networks

Reference Book
Author
rd
Edition
Lawrence Pfleeger
Page Number
365 - 385
Page Number
387 - 407
13) Enumerate i)Message Confidentiality Threats ii) Distributed Denial of Service

Reference Book
Author
Page Number
411 - 424
31
Edition
Lawrence Pfleeger
14)Briefly explain about Network Security Controls

Reference Book
Author
rd
Edition
Lawrence Pfleeger
Page Number
425-440
15) Discuss about Physical Security

Reference Book
Author
rd
Edition
Lawrence Pfleeger
Page Number
538 - 548
UNIT - 5
1. Define Digital Signature
Answer
A digital signature is an authentication mechanism that enables the creator of a message
to attach a code that acts as a signature. Typically the signature is formed by taking the
hash of the message and encrypting the message with the creators private key. The
signature guarantees the source and integrity of the message. The digital signature
standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA)
2. Write the applications of AES algorithm.
Answer
Due to the broad range of applications that Rijndael algorithm can support, it is important
to have multiple versions of Rijndael-based products. AES solutions are currently
available in four different versions:
Standard
The Standard version provides data rates of up to 500 Mbits/sec and is appropriate for
applications such as VoIP.
32
Compact
The Compact AES products are perfect solutions for wireless applications, such as
PDAs and cell phones, where power and area minimization are crucial.
Fast
The Fast version goes up to 2000 Mbits/sec and is suitable for VPN security products
incorporated into broadband switches, routers, firewalls, and remote-access
concentrators.
Very Fast
Very Fast AES products target applications with data rates faster than 2000 Mbits/sec.
3. Give the importance of crypto chip design

Answer
it.

model.
4. List out the advantages of the implementation of DES crypto chip.

Answer
a). The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A
brute
force
attack
on
such
number
of
keys
is
impractical.
b). The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the
characteristic of DES algorithm but no one has succeeded in finding out the weakness.
5. List out the advantages of crypto chip
Answer
33
it

model.
6. What is meant by IDEA AES Algorithm?

Answer
The European counterpart to DES is the IDEA algorithm. IDEA is
considerably faster and more secure than DES. Its enhanced speed is due
to the fact the each round consists of much simpler operations than the
Feistel cycle in DES.These operations (XOR, addition, and multiplication)
are much simpler to implement in software than the substitution and
permutation operations of DES. IDEA operates on 64-bit blocks with a 128bit key, and the encryption/decryption process uses eight rounds with six
16-bit subkeys per round.The IDEA algorithm is patented both in the US
and in Europe, but free non-commercial use is permitted.
7. What is Double DES?

The double encryption works in the following way. Take two keys, k1 and k2, and
perform two encryptions, one on top of the other: E(k2, E(k1am)). In theory, this
approach should multiply the difficulty of breaking the encryption, just as two locks are
harder to pick than one.
8. Write short notes on Trible DES?
A simple trick does indeed enhance the security of DES. Using three keys adds
significant strength .The so-called triple DES procedure is C = E(k3, E(k2, E(k1am))).
That is, you encrypt with one key, decrypt with the second, and encrypt with a third.
This process gives a strength equivalent to a 112-bit key (because the double DES
attack defeats the strength of one of the three keys).
9. What is Ciphertext only attack?
The decryption had to be based on probabilities, distributions and characteristics of the
available ciphertext plus publicly available knowledge. This method of attack is called a
ciphertext-only attack.
10. List the primary conditions of Digital Signature.
34
It must be unforgeable
It must be authentic
PART B (16MARKS)
11) Explain in detail about the development of Digital Signature Chip using RSA
algorithm
Reference Book
on Reconfigurable
Hardware
Author
Francisco
Page Number
15-23
12) Discuss in detail about the implementation of DES algorithm

Reference Book
Author
Page Number
Francisco
238-240
on Reconfigurable
Hardware
13) Discuss in detail about the implementation of DES algorithm
Reference Book
Author
Page Number
Francisco
268-278
on Reconfigurable
Hardware
14)Briefly explain about IDEA AES algorithm
Reference Book
Author
Francisco
on Reconfigurable
Hardware
Page Number
285-288
15) Discuss about the implementation of AES Round basic transformation on FPGA
Reference Book
Author
Page Number
Francisco
259-267
on Reconfigurable
Hardware

VL7002 Question Bank

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

VL7002 Question Bank

Caricato da

Copyright:

Formati disponibili

1

M.E DEGREE EXAMINATION, DECEMBER 2015/JANUARY 2016

1. List out different types of threats to information security?

3. What are the conventional encryption techniques?

5. Define firewall in a Network System

9. Define Digital Signature

12)(a)Enumerate in detail the basic synthesis procedure of Message Authentication and

Security in Computing, 3rd

Charles P. Pfleeger, Shari

(b) (ii) Design Principles of Firewall

(b) Explain in detail with neat block diagram

(ii) Development of Digital Signature chip using RSA Algorithm

PART C (1*15 = 15 Marks)

M.E DEGREE EXAMINATION, JANUARY 2015

8. How does MAC address filtering help to secure a wireless network?

Tamper-detecting and tamper-evident containment.

Automatic zeroization of secrets in the event of tampering.

Hardware-based capability registers, implementing a one-way privilege separation

11)b) Explain the following terms in network security implementation

ii) a choke point of control and monitoring

14)(a) (i) Explain in detail about the static security.

In telecommunications networking, a residential gateway allows the connection of a local area

configuration via a web interface

routing between the home network and the Internet,

connectivity within the home network like a network switch,

network address translation (NAT) for IPv4

It may also provide other functions such as Dynamic DNS.[5]

M.E DEGREE EXAMINATION, JANUARY 2014

Communications security is the discipline of preventing unauthorized interceptors from

TCP SYN Flooding

8. Define the term Packet Filters

Tamper-detecting and tamper-evident containment.

Automatic zeroization of secrets in the event of tampering.

Hardware-based capability registers, implementing a one-way privilege separation

10. What is meant by IDEA AES Algorithm?

iv) Monitoring Control:

14)(a) (i) Explain in detail about the Intrusion detection system.

15) (a) Discuss about the VLSI implementation of RSA algorithm

Source of the data, often called Authentication).

Cryptography and Network

4. Explain Transposition cipher with example?

6. Define the term of RSA?

9. Explain the terms of Kerberos?

12) Explain in detail about Data Encryption Standard (DES)

14) Explain in detail about HMAC, DAA and CMAC

15) Enumerate in detail about Digital Signature

5. Define Virtual Private Network

7. What is an access control matrix model?

11) Enumarate i) Firewall ii) Design of Firewall

12) Explain in detail about the types of Firewalls

13) Discuss in detail about Intrusion Detection Systems

14)Briefly explain about Information and the law

15) Discuss about Trusted Operating System Design

5) Define Data Security

6) Draw the block diagram of VLSI based network.

10) What is network attack?

12) Discuss in detail about threats in networks

13) Enumerate i)Message Confidentiality Threats ii) Distributed Denial of Service

14)Briefly explain about Network Security Controls

15) Discuss about Physical Security

3. Give the importance of crypto chip design

Tamper-detecting and tamper-evident containment.

Automatic zeroization of secrets in the event of tampering.