Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Answer:
A firewall is a device that filters all traffic between a protected or inside network and a
less trustworthy or outside network. It runs on a dedicated device since it is a single point
through which the traffic is channeled, it is executable code so non firewall functions
should not be done on the same machine.
6. When a system can be termed as the trusted system?
Answer:
The trusted system or secure operating system connotes one that meets the intended
security requirements, is of high quality and justifies the users confidence in that quality.
7. List out the prerequisites of data security system.
Answer
Data security means protecting data, such as a database, from destructive forces and
from the unwanted actions of unauthorized users.
8. Draw the block diagram of VLSI based network.
Answer
In the case of block cipher designs it may be useful to select an FPGA device that has embedded
Block RAMs (BRAMs) on it. As it was explained above, BRAMs are fast access memories and
might be excellent choices for a straightforward implementation of the characteristic S-box
blocks of symmetric ciphers. Alternatively, S-Boxes can be implemented using the
FPGA CLB fabric configured in memory mode.
Answer
A digital signature is an authentication mechanism that enables the creator of a message
to attach a code that acts as a signature. Typically the signature is formed by taking the
hash of the message and encrypting the message with the creators private key. The
signature guarantees the source and integrity of the message. The digital signature
standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA)
10. Write the applications of AES algorithm.
Answer
Due to the broad range of applications that Rijndael algorithm can support, it is important
to have multiple versions of Rijndael-based products. AES solutions are currently
available in four different versions:
Standard
The Standard version provides data rates of up to 500 Mbits/sec and is appropriate for
applications such as VoIP.
Compact
The Compact AES products are perfect solutions for wireless applications, such as
PDAs and cell phones, where power and area minimization are crucial.
Fast
The Fast version goes up to 2000 Mbits/sec and is suitable for VPN security products
incorporated into broadband switches, routers, firewalls, and remote-access
concentrators.
Very Fast
Very Fast AES products target applications with data rates faster than 2000 Mbits/sec.
PART B (5 x 13 =65)
11)(a) Describe in detail with necessary illustrations the building blocks of security systems
in OS. And also specify the features of Biometric Systems
(13)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
254 259, 210 -211
(OR)
11)(b)(i) Explain in detail with neat block diagram of Data Communication Procedures (7)
Reference Book
Data Communication and
Networking, 4th Edition
Author
Behrouz A Forouzan
Page Number
4-7
(b) (ii) Explain in detail with neat block diagram Computer systems and Communication
Security
(6)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
9 - 19
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
393 -404
(OR)
(b)What is meant by DES Chaining? Explain in detail the NDS message digest algorithm
with appropriate example.
(13)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
352 354
7-9
13)(a) Describe with suitable principles the trusted systems of IT Act and the Cyber Laws
adapted for the security system
(13)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
568-572
(OR)
13) (b) (i) Enumerate in detail Virtual Private Network
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
(7)
Page Number
434 -439
(6)
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
457 - 465
14)(a) With appropriate example, explain in detail the recent types of attacks in the
Network System
(13)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
387 - 418
(OR)
(b) Discuss in detail the procedure involved in the VLSI based Network Security System
with a suitable case study
(13)
Reference Book
Cryptographic algorithms
on Reconfigurable
Hardware
Author
Francisco
Rodriguz,N.A.Saquib,
Arturo Diaz,Cetin Kayo
Page Number
238-240
15) (a) Discuss in detail with neat block diagram the principles of Asynchronous circuit
design according to Jens Sparso and also distinguish this principle with that of Steve Fuber
(13)
Most digital circuits designed and fabricated today are synchronous. In essence, they are based
on two fundamental assumptions that greatly simplify their design: (1) all signals are binary, and
(2) all components share a common and discrete notion of time, as defined by a clock signal
distributed throughoutthe circuit. Asynchronous circuits are fundamentally different; they also
assume binary signals, but there is no common and discrete time. Instead the circuits use
handshaking between their components in order to perform the necessary synchronization,
communication, and sequencing of operations. Expressed in synchronous terms this results in a
behaviour that is similar to systematic fine-grain clock gating and local clocks that are not in
phase and whose period is determined by actual circuit delays registers are only clocked where
and when needed.
Clocking versus handshaking
Figure 1.1(a) shows a synchronous circuit. For simplicity the figure shows a pipeline, but it is
intended to represent any synchronous circuit. When designing ASICs using hardware
description languages and synthesis tools, designers focus mostly on the data processing and
assume the existence of a global clock. For example, a designer would express the fact that data
clocked into register R3 is a function CL3 of the data clocked into R2 at the previous clock as the
following assignment of variables: R3 := CL3(R2). Figure 1.1(a) represents this high-level view
with a universal clock. When it comes to physical design, reality is different. Todays ASICs use a
structure of clock buffers resulting in a large number of (possibly gated) clock signals as shown
in figure 1.1(b). It is well known that it takes CAD tools
and engineering effort to design the clock gating circuitry and to minimize and control the skew
between the many different clock signals. Guaranteeing the two-sided timing constraints the
setup to hold time window around the clock edge in a world that is dominated by wire delays is
not an easy task. The buffer-insertion-and-resynthesis process that is used in current commercial
CAD tools may not converge and, even if it does, it relies on delay models that
are often of questionable accuracy. Asynchronous design represents an alternative to this. In an
asynchronous circuit the clock signal is replaced by some form of handshaking between
neighbouring registers; for example the simple request-acknowledge based hand shake protocol
shown in figure 1.1(c). In the following chapter we look at alternative handshake protocols and
data encodings, but before departing into these implementation details it is useful to take a more
abstract view as illustrated in figure 1.1(d): think of the data and handshake signals connecting
one register to the next in figure 1.1(c) as a handshake channel or link,
think of the data stored in the registers as tokens tagged with data values (that may be changed
along the way as tokens flow through combinational circuits), and think of the combinational
circuits as being transparent to the handshaking between registers; a combinatorial circuit simply
absorbs a token on each of its input links, performs its computation, and then emits a token on
each of its output links.
Intuitively, correct operation requires that data tokens flowing in the circuit do not disappear, that
one token does not overtake another, and that new tokens do not appear out of nowhere. Asimple
rule that can ensure this is the following: A register may input and store a new data token from
its predecessor if its successor has input and stored the data token that the register was previously
holding. The states of the predecessor and successor registers are signaled by the incoming
request and acknowledge signals respectively. Following this rule data is copied from one
register to the next along the path through the circuit. In this process subsequent registers will
often be holding copies of the same data value but the old duplicate data values will later be
overwritten by new data values in a carefully ordered manner, and a handshake cycle on a link
will always enclose the transfer of exactly one data token. Understanding this token flow game
is crucial to the design of efficient circuits, and we will address these issues later, extending the
token-flow view to cover structures other than pipelines. Our aim here is just to give the reader
an intuitive feel for the fundamentally different nature of asynchronous circuits.
An important message is that the handshake-channel and data-token view represents a very
useful abstraction that is equivalent to the register transfer level (RTL) used in the design of
synchronous circuits. This data-flow abstraction, as we will call it, separates the structure and
function of the circuit from the implementation details of its components.
Another important message is that it is the handshaking between the registers that controls the
flow of tokens, whereas the combinational circuit blocks must be fully transparent to this
handshaking. Ensuring this transparency is not always trivial; it takes more than a traditional
combinational circuit, so we will
Figure 1.1. (a) A synchronous circuit, (b) a synchronous circuit with clock drivers and clock
gating, (c) an equivalent asynchronous circuit, and (d) an abstract data-flow view of the asynchronous
circuit. (The figure shows a pipeline, but it is intended to represent any circuit topology).
(OR)
(6)
(7)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
101 109
Author
William Stallings
Page Number
172 - 198
(OR)
(b) Design a LAN environment for a corporate office considering all the threats and attacks
that can happen in the network design.
(15)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
**********
Page Number
387 -414
1. Define the terms LAN and WAN and list their specification?
Answer:
A Local Area Network (LAN) is usually privately owned and links the devices in a
single office, building or campus. Depending on the needs of an organization and the type
of technology used, a LAN can be as simple as two PCs and a printer in someones home
office. LAN size is limited to a few kilometers.
A Wide Area Network (WAN) provides long distance transmission of data, image, audio
and video information over large geographic areas, which comprise a country, a continent
or even the whole world.
2. How biometric system is used in the security solutions?.
Answer:
Biometrics refers to metrics related to human characteristics. Biometrics authentication
(or realistic authentication) is used in computer science as a form of identification and
access control. It is also used to identify individuals in groups that are under surveillance.
Biometric identifiers are the distinctive, measurable characteristics used to label and
describe individuals. Biometric identifiers are often categorized as physiological versus
behavioral characteristics. Physiological characteristics are related to the shape of the
body. Examples include, but are not limited to fingerprint, palm veins, face recognition,
DNA, palm print, hand geometry, iris recognition, retina and odour/scent.
3. What is meant by directory authentication service?
Answer:
It is an authenticated system which works like a file directory. Every file has a unique
owner who possesses control access rights and revoke access to any person at any time.
Each user has a file directory which list all the files to which that user has access. The
operating system must maintain all file directories under commands from the owners of
files.
4. Give short notes on NDS message digest algorithm
Answer:
10
A hash function maps a variable length message into a fixed length hash value or
message digest. It is used to verify the integrity of the message and assures that purported
identity of the sender is valid. It is used to provide message authentication, the hash
function often referred to as message digest.
5. Write a short note on cyber laws
Answer:
Cyber law (also referred to as cyberlaw) is a term used to describe the legal issues related
to use of communications technology, particularly "cyberspace", i.e. the Internet. It is less
a distinct field of law in the way that property or contract are as it is an intersection of
many legal fields, including intellectual property, privacy, freedom of expression, and
jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by
human activity on the Internet with legacy system of laws applicable to the physical
world.
6. What is the importance of Information Technology Act?
Answer:
The Act provides legal framework for electronic governance by giving recognition to
electronic records and digital signatures. The formations of Controller of Certifying
Authorities was directed by the Act, to regulation issuing of digital signatures. It also
defined cyber crimes and prescribed penalties for them. It also established a Cyber
Appellate Tribunal to resolve disputes rising from this new law
7. How does a virus attack a network?
Answer
A Virus is a program that is activated by attaching copies of itself to executable objects.
Viruses can reach your computer from other infected computers, via data medium (CD,
DVD, etc.) or through a network (local or Internet). Worm: A worm is an independent
program that copies itself across a network. Unlike a virus (which needs the infected file
to be copied in order to replicate itself), the worm spreads actively by sending copies of
itself via LAN or Internet, email communication, or through operating system security
bug.
11
from the devices with the MAC addresses you entered. Other wireless devices might
detect your network but they wont be able to connect, because their MAC addresses are
not specifies for access. It does not allow unknown devices to make connections.
9. Give the importance of crypto chip design
Answer
Conductive shield layers in the chip that prevent reading of internal signals.
Controlled execution to prevent timing delays from revealing any secret information.
Chain of trust boot-loader which authenticates the operating system before loading it.
Chain of trust operating system which authenticates application software before loading
it.
10. List out the advantages of the implementation of DES crypto chip.
Answer
a). The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A
brute
force
attack
on
such
number
of
keys
is
impractical.
b). The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the
characteristic of DES algorithm but no one has succeeded in finding out the weakness.
PART B (5 x 13 =65)
11)(a) Discuss in detail about the hardware, software and data communication procedures
of security mechanism in operating system
(16)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
(OR)
Page Number
38-49
12
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
i)538 548
iii)545 -547
12)(a)Explain in detail about the triple DES encryption algorithm with practical example
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
65-69
13
(OR)
(b)Describe in detail about the message authentication requirements and functions of the
secure hash algorithm.
(16)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
388-398
13)(a) Explain in detail about the design principles of the firewall system with suitable
practical examples
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
457-465
(OR)
13) (b) Discuss in detail about the trusted systems and virtual private network with suitable
examples
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
251-252, 434-439
(8)
Static validation techniques look at configurations and network topologies in order to identify
security configuration errors, while dynamic verification supplements that with actual traffic
logs. These techniques are commonly used to verify firewall configurations. Static validation has
the advantage of being performed offline, and it can be completed prior to deploying a security
configuration. It can detect errors such as shadowed rules (these are rules that will never be
triggered because an earlier rule covers all of the traffic that would be covered by the shadowed
rule.)
Dynamic analysis provides deeper insight into a rulebase. For example, only dynamic analysis
can detect orphaned rules -- rules that are syntactically correct but will never be triggered due to
changes in the way the network operates. For example, static analysis will never reveal that a
database server has been decommissioned, while dynamic analysis will identify that the rule has
not been triggered in a long time, allowing you to proactively clean up the rulebase.
Computer security is the process of preventing and detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized users (also known as "intruders") from
14
accessing any part of your computer system. Detection helps you to determine whether or not
someone attempted to break into your system, if they were successful, and what they may have
done.
14)(a) (ii) Describe in detail about the Broadband Gateway and its functionalities
Reference Book
Data Communication and
Networking, 4th Edition
Author
Behrouz A Forouzan
(8)
Page Number
680
DHCP for IPv4 and increasingly router advertisements for IPv6, and
firewall functions.
15
(OR)
(b) Discuss in detail about the VLSI implementation of end-to-end IP security architecture
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
440-443
15) (a) Discuss in detail about the VLSI implementation of RSA digital signature Algorithm
(16)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
427-430
(OR)
(b) Explain in detail about the design and development of IDEA AES algorithm in VLSI
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
**********
Page Number
69-71
16
17
valid. It is used to provide message authentication, the hash function often referred to as message
digest.
4. State the concept of PKI Certificates
Answer:
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital certificates and manage publickey encryption. The purpose of a PKI is to facilitate the secure electronic transfer of
information for a range of network activities such as e-commerce, internet banking and
confidential email. It is required for activities where simple passwords are an inadequate
authentication method and more rigorous proof is required to confirm the identity of the
parties involved in the communication and to validate the information being transferred
5. How do system become more vulnerable to malware?
Answer:
Malware, short for malicious software, is any software used to disrupt computer
operations, gather sensitive information, gain access to private computer systems, or
display unwanted advertising
6. Give the overview of Wireless Intrusion Prevention System?
Answer:
A wireless intrusion prevention system (WIPS) is a network device that monitors the
radio spectrum for the presence of unauthorized access points (intrusion detection), and
can automatically take countermeasures
An Wireless intrusion Prevention System is a device that is placed inside a protected network to
monitor what occurs within the network. If an attacker is able to pass through the router and pass
through the firewall. It offers the opportunity to detect the attack at the beginning , in progress or
after it has occurred.
7. Write a short note on TCP Layer Attacks?
Answer
18
Another Definition:
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to
forward or discard the packet. Filtering rules are based on information contained in a
network packet such as src & dest IP addresses, ports, transport protocol & interface.
Some advantages are simplicity, transparency & speed.
If there is no match to any rule, then one of two default policies are applied:
that which is not expressly permitted is prohibited (default action is discard packet),
conservative policy
that which is not expressly prohibited is permitted (default action is forward packet),
permissive policy
9. List out the advantages of crypto chip
Answer
Conductive shield layers in the chip that prevent reading of internal signals.
Controlled execution to prevent timing delays from revealing any secret information.
Chain of trust boot-loader which authenticates the operating system before loading it.
Chain of trust operating system which authenticates application software before loading
it
PART B (5 x 13 =65)
19
11)(a) Discuss in detail about the various issues and challenges in providing of security
mechanism in operating systems
(16)
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
38 - 49
(OR)
11)b) Explain the following terms in network security implementation
i) Physical Security ii) Biometric Security iii) Data Security iv) Monitoring Controls
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
i) 538 548
ii)210 211
iii)545 547
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
453-461
(OR)
(b)Describe in detail about the Diffie-Hellman key exchange with practical example
(16)
20
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
325-329
13)(a) Discuss in detail about the types of firewall system and its design principles
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
458-465
(OR)
13) (b) Explain in detail about the Virtual private network with suitable examples
(16)
Reference Book
Data Communication and
Networking, 4th Edition
Author
Behrouz A Forouzan
Page Number
1004-1009
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
(16)
Page Number
468-472
(OR)
(b) Describe about the VLSI implementation of end-to-end IP security architecture
(16)
Reference Book
Security in Computing, 3rd
Edition
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
640-651
(16)
21
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
Page Number
301-315
(OR)
(b) Discuss about the VLSI implementation of AES algorithm
Reference Book
Cryptography and Network
Security, 5th Edition,
Pearson Education
Author
William Stallings
(16)
Page Number
198-202
**********
UNIT 1 (2MARKS)
1. Define information Security?
It is a well-informed sense of assurance that the information risks and controls are in balance.
2. What is Security?
Security is the quality or state of being secure-to be free from danger.
3. What are the basic components of computer Security?
a. Confidentiality - Keeping data and resources hidden
b. Integrity - Data integrity (integrity)
- Origin integrity (authentication)
c. Availability - Enabling access to data and resources
4. What is confidentiality?
Confidentiality is the concealment of information or resources. The need for keeping information
secret arises from the use of computers in sensitive fields such as government and industry.
For example.
Military and civilian institutions in the government often restrict access to information
to those who need that information.
5. What is Integrity?
Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms
of preventing or unauthorized change.
Integrity includes data integrity (the content of the information) and origin integrity (the
22
Author
Behrouz A Forouzan
Page Number
13-16
12) Explain in detail with neat block diagram of Data Communication Procedures
Reference Book
Author
Page Number
Data Communication and
Behrouz A Forouzan
3-7
th
Networking, 4 Edition
13) Discuss in detail about Security Planning and Physical Security
Reference Book
Author
Page Number
Security in Computing, 3rd
Charles P. Pfleeger, Shari
492 - 542
Edition
Lawrence Pfleeger
14) Explain in detail about OSI Security architecture and Security Attacks
Reference Book
Author
Page Number
23
William Stallings
38 - 43
15) Describe in detail with neat Security Services and Security Mechanisms
Reference Book
Author
Page Number
Cryptography and Network William Stallings
43-49
th
Security, 5 Edition,
Pearson Education
UNIT 2
1. What is Cryptography?
Cryptography means Secret writing.
Definition:
A cryptosystem is a 5 tuple (E, D, M, K, and C)
M-> set of plain text.
C-> set of Enciphering functions.
K->set of Keys.
D : C*k -> M set of deciphering functions.
2. What is Classical Crypto system?
Also Called single key/ symmetric key
Is a Cryptosystem that use the same key for Decipherment Decipherment.
In this system Ek C and k K .
two types of classical cipher
i) Transposition cipher
ii) Substitution cipher
3. Explain Substitution cipher with example?
i) It changes character in the plain text to produce the cipher text.
ii) Is susceptible to a statistical cipher text only attack.
Example:
The Caesar cipher had a key 3 means, altering each letter in the plain text by mapping it into the
letter 3 characters later in the alphabet.
24
25
Author
William Stallings
Page Number
55 - 79
Author
William Stallings
Page Number
174-198
Author
William Stallings
Page Number
399-404
26
Author
William Stallings
Page Number
420-427
UNIT 3
1. List the design goals of Firewall
i) All traffic from inside to outside, and vice versa, must pass through the firewall. This is
achieved by physically blocking all access to the local network except via the firewall.
Various configurations are possible, as explained later in this section.
ii) Only authorized traffic, as defined by the local security policy, will be allowed to pass.
Various types of firewalls are used, which implement various types of security policies.
2. List four general techniques that firewall use to control access?
i) Service Control
ii) Direction Control
iii)User Control
iv) Behavior Control
3. What are the various limitations of Firewall?
a) . The firewall cannot protect against attacks that bypass the firewall. Internal systems may
have dial-out capability to connect to an ISP. An internal LAN may support a modem pool
that provides dial-in capability for traveling employees and telecommuters.
b). The firewall does not protect against internal threats, such as a disgruntled employee or
an employee who unwittingly cooperates with an external attacker.
27
c). The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the perimeter,
it would be impractical and perhaps impossible for the firewall to scan all incoming files, email, and messages for viruses.
4. List the types of Firewalls
i)
ii)
iii)
iv)
v)
Packet Filtering
Stateful Inspection
Application Proxy
Guard
Personal Firewall
28
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
457 - 459
Page Number
458 - 465
Page Number
468-473
Page Number
568-572
Page Number
250 - 266
UNIT 4
1. Write short note on TCP layer attack?
TCP SYN Flooding
TCP Session Hijack
TCP Session Poisoning
2. Define the term Packet Filters
A packet filtering gateway or screening router is the simplest, and in some situations, the most
effective type of firewall. A packet filtering gateway control access to packets based on packet
address (source or destination) or specific transport protocol type such as HTTP.
Another Definition:
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to
forward or discard the packet. Filtering rules are based on information contained in a network
packet such as src & dest IP addresses, ports, transport protocol & interface. Some advantages
are simplicity, transparency & speed.
If there is no match to any rule, then one of two default policies are applied:
that which is not expressly permitted is prohibited (default action is discard packet),
conservative policy
29
that which is not expressly prohibited is permitted (default action is forward packet),
permissive policy
3. How does a virus attack a network?
A Virus is a program that is activated by attaching copies of itself to executable objects. Viruses
can reach your computer from other infected computers, via data medium (CD, DVD, etc.) or
through a network (local or Internet). Worm: A worm is an independent program that copies
itself across a network. Unlike a virus (which needs the infected file to be copied in order to
replicate itself), the worm spreads actively by sending copies of itself via LAN or Internet, email
communication, or through operating system security bug
4) How does MAC address filtering help to secure a wireless network?
Every internet device has a network interface card that it uses to connect to a network. Each
manufacturer of network interface card adds a unique number called a Media Access Control
number or MAC address to identify the device. If you enable MAC address filtering for a
wireless router or access point, then it will only accept connections from the devices with the
MAC addresses you entered. Other wireless devices might detect your network but they wont be
able to connect, because their MAC addresses are not specifies for access. It does not allow
unkown devices to make connections.
Data security means protecting data, such as a database, from destructive forces and from the
unwanted actions of unauthorized users.
30
In the case of block cipher designs it may be useful to select an FPGA device that has embedded
Block RAMs (BRAMs) on it. As it was explained above, BRAMs are fast access memories and
might be excellent choices for a straightforward implementation of the characteristic S-box
blocks of symmetric ciphers. Alternatively, S-Boxes can be implemented using the
FPGA CLB fabric configured in memory mode.
7) What makes a network Vulnerable?
i) Anonymity
ii) Sharing
iii) Complexity of System
iv)Unknown Path
8) Write short notes on Distributed System?
A distributed system is one in which computation is spread across two or more computers. In
security point of view we are most interested in the type of distributed system in which one
computer invokes a process on another computer without the direct participation of the user.
9) List the advantages of Computing Networks
Resource sharing
Distributing the workload
Increased Reliability
Expandability
Author
Charles P. Pfleeger, Shari
Lawrence Pfleeger
Page Number
365 - 385
Page Number
387 - 407
31
Edition
Lawrence Pfleeger
Page Number
425-440
Page Number
538 - 548
UNIT - 5
1. Define Digital Signature
Answer
A digital signature is an authentication mechanism that enables the creator of a message
to attach a code that acts as a signature. Typically the signature is formed by taking the
hash of the message and encrypting the message with the creators private key. The
signature guarantees the source and integrity of the message. The digital signature
standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA)
2. Write the applications of AES algorithm.
Answer
Due to the broad range of applications that Rijndael algorithm can support, it is important
to have multiple versions of Rijndael-based products. AES solutions are currently
available in four different versions:
Standard
The Standard version provides data rates of up to 500 Mbits/sec and is appropriate for
applications such as VoIP.
32
Compact
The Compact AES products are perfect solutions for wireless applications, such as
PDAs and cell phones, where power and area minimization are crucial.
Fast
The Fast version goes up to 2000 Mbits/sec and is suitable for VPN security products
incorporated into broadband switches, routers, firewalls, and remote-access
concentrators.
Very Fast
Very Fast AES products target applications with data rates faster than 2000 Mbits/sec.
Conductive shield layers in the chip that prevent reading of internal signals.
Controlled execution to prevent timing delays from revealing any secret information.
Chain of trust boot-loader which authenticates the operating system before loading it.
Chain of trust operating system which authenticates application software before loading
it.
33
Conductive shield layers in the chip that prevent reading of internal signals.
Controlled execution to prevent timing delays from revealing any secret information.
Chain of trust boot-loader which authenticates the operating system before loading it.
Chain of trust operating system which authenticates application software before loading
it
34
It must be unforgeable
It must be authentic
PART B (16MARKS)
11) Explain in detail about the development of Digital Signature Chip using RSA
algorithm
Reference Book
Cryptographic algorithms
on Reconfigurable
Hardware
Author
Francisco
Rodriguz,N.A.Saquib,
Arturo Diaz,Cetin Kayo
Page Number
15-23
Page Number
285-288
15) Discuss about the implementation of AES Round basic transformation on FPGA
Reference Book
Author
Page Number
Cryptographic algorithms
Francisco
259-267
on Reconfigurable
Rodriguz,N.A.Saquib,
Hardware
Arturo Diaz,Cetin Kayo