unit short questions - utuutu.ac.in/bmiit/studentcorner/2016-17/sem5/060010504_qb.pdf · 12. find...

Babu Madhav Institute of Information Technology, UTU 2016

060010504 – Information Security

Unit – 1 Introduction of Information Security

SHORT QUESTIONS:

1. Suppose Akbar starts Online banking which name is AOB (Akbar’s Online Bank) .What kind of aspects are

needed for securing Alice’s information?

2. What is the process for breaking the secret code?

3. Why we need key in cryptography?

4. Which aspects are needed for security vulnerabilities?

5. How to generate cipher text?

6. When we can say that data is in encrypt data?

7. How to make and break the secret code?

8. In which technique of cryptography same key is used to encryption and decryption?

9. How to identify the type of cryptography?

10. When the simple substitution is known as Caesar’s cipher?

11. How many keys are possible for simple substitution cryptography?

12. How to prove that cryptosystem is secured?

13. Which logical gate is used in one time pad technique?

14. Why the one time pad can only be used once?

15. How to decide the binary code for the plaintext?

16. Which are the types of classic cryptography?

17. How a modern cipher is different from a classic cipher?

18. State one difference between block cipher and stream cipher.

19. Define the terms confusion and diffusion in the context of cryptology.

20. In the plaintext “sevenyearsagoandfourscore”, if the letters are shifted by three. What is cipher text?

21. Encrypt the following plaintext using simple substitution method use key K=12.

Agoodproofisonethatmakesuswiser

22. Encrypt plain text is “Booksaredown” using a double transposition cipher with 3 rows and 4 columns, using the row permutation(1,2,3)->(2,1,3) then apply column permutation (1,2,3,4)->(3,1,2,4)

23. Decrypt cipher text is “NADWTKCAATAT” using a double transposition cipher with 3 rows and 4 columns, using the row permutation(1,2,3)->(3,2,1) then apply column permutation (1,2,3,4)->(4,2,1,3)

24. Suppose a spy named Chandni wants to encrypt the plain text message “helihitler” using a one-time pad.(you can chose any random key)

LONG QUESTIONS:

1. Write a short note on key principles of security.

2. How does simple substitution cipher works explain with example?

3. Explain briefly the cryptanalysis of substitution cipher.

4. Why one time pad can only use once? Justify the statement with example.

5. How the cryptanalysis work and how to apply brute force attack on simple substitution cipher?

6. How substitution and transposition cipher work and how to differentiae both? Give example.

7. Write a short note on taxonomy of cryptanalysis.

8. How cryptography played an important role in major world event? Justify the statement.


9. How the cryptanalysis is apply on simple substitution cipher? Explain Brute force attack.

10. Using the letter encoding which given below, the following ciphertext message was encrypted with one time

pad

KHHLTK and KTHLLE

Find possible plaintexts for each message and corresponding one-time pad.

Letter E H I K L R S T

Binary 000 001 010 011 100 101 110 111

11. Using the letter encoding which given above, the following ciphertext message was encrypted with one-time

pad

KITLKE

If the plaintext is “thrill” what is the key? If the plain text is “tiller” then what is the key?

12. Find plaintext and key from the cipher text

CSYEVIXVQMREXIH Given that the cipher is simple substitution of the shift-by n variety. 13. Suppose that you have a message consisting of 1024 bits. Design a method that will extend a key that is 64 bits

long into a string of 1024 bits. Then this 1024 bits will be XORed with the message, just like a one-time pad. Is

the resulting cipher as secure as a one-time pad? Is it possible for any such cipher to be as secure as a one-time

pad?

14. Decrypt the ciphertext

IAUTMOCSMNIMREBOTNELSTRHEREOAEVMWIHTSEEATMAEOHWHSYCEELTTEOHMUOUFEHTRFT

This message was encrypted with a double transposition using a matrix of 7 rows and 10 columns. Hint: The

first word is “there.”

15. Given that the Caesar’s cipher is used, recover the plaintext that corresponds to the following ciphertext:

Sodlqwhaw wr eh hqfubswhg. Describe your approach to cryptanalysis of the ciphertext.

16. Encode the following plain text

“Welcome to the exciting world of encryption”

With a matrix of 7*7 and a key as 4235617. Also show the steps to convert the cipher text into plaintext

17. Suppose you have message “who has the money”. Where key is “key was not apply”. Decode the given message

using one time pad.

18. Decrypt the following ciphertext into plaintext .(Hint use brute force)

IUJKHXKGQKXY

19. Encrypt the below message using a double transposition cipher with 4 rows and 4 columns, Today is the D day

using the row permutation

(1, 2, 3, 4) → (2, 4, 1, 3)

and the column permutation

(1, 2, 3, 4) → (3, 1, 2, 4).

FILL IN THE BLANKS:


1. _____________________ aims to prevent unauthorized reading of information.

2. Information has integrity if_________________________________ is prohibited.

3. The full form of DoS is ________________________________.

4. CIA stands for _______________________________________.

5. __________________ attacks reduce the access to information.

6. The fundamental issue in information security is ________________________.

7. _________________ is the art of breaking secret codes.

8. The result of encryption is known as ____________________.

9. The ________________________ approach tries out all possible combination of keys to get the correct one.

10. ________________ is designed to obscure the relationship between the plaintext and cipher text.

MULTIPLE CHOICE QUESTION:

1. Which of the following aims to prevent unauthorized reading of information?

a. Confidentiality.

b. Integrity.

c. Security.

d. Availability.

2. Information has ____________ if unauthorized writing is prohibited.

a. Confidentiality.

b. Integrity.

c. Security.

d. Availability.

3. Data_______ has become a fundamental issue in information security.

a. Confidentiality.

b. Integrity.

c. Security.

d. Availability.

4. Which of the following is the art and science of making and breaking “secret codes”?

a. Cryptology.

b. Cryptography.

c. Cryptanalysis.

d. Crypto.

5. Which of the following is the making of “secret codes”?

a. Cryptography.

b. Cryptology.

c. Cryptanalysis.

d. Crypto.

6. Which of the following is the breaking of “secret codes”?

a. Cryptography.

b. Cryptology.

c. Cryptanalysis.

d. Crypto.


7. Which of the following is used to encrypt data?

a. Cipher.

b. Cryptosystem.

c. Plaintext.

d. Crypto.

8. Which of the following is a fundamental tenet of cryptography is that the inner workings of the cryptosystem are

completely known as?

a. Attacker.

b. Hacker.

c. Scanner.

d. Scheduler.

9. In symmetric key crypto, the key is known as a

a. Public key.

b. Private Key.

c. Symmetric key.

d. Asymmetric key.

10. In which of the following cryptography the encryption and decryption keys are different?

a. Public key.

b. Private key.

c. Symmetric key.

d. Asymmetric key.

12. Which of the following is used to configure a cryptosystem for encryption and decryption?

a. Key.

b. Lock.

c. Secret key.

d. Public key.

13. Which of the following value is true for n, where n acts as the substitution?

Plaintext: a b c d e f g h I j k l m n o p q r s t u v w x y z.

Ciphertext: d e f g h I j k l m n o p q r s t u v w x y z a b c.

a. 3.

b. 2.

c. 1.

d. 4.

14. Which of the following is the brute force approach of trying all possible keys until we stumble across the correct

one is known as?

a. Search key.

b. Exhaustive key search.

c. Caesar’s key.

d. Public Key.

15. The simple substitution with the shift of three is known as

a. Caesar’s cipher.


b. Public key cipher.

c. Substitution cipher.

d. Crypto cipher.

16. Which of the following uses the transpose of rows and columns to achieve the plaintext?

a. Single substitution.

b. Cryptanalysis of simple substitution.

c. Double transposition cipher.

d. One-time pad.

17. Which of the following uses the ASCII code and XOR the code to obtain the plaintext?

a. Single substitution.

b. Cryptanalysis of simple substitution.


d. One-time pad.

18. Which of the following is not a category of cipher?

a. Symmetric cipher.

b. Public key cryptosystems.

c. Hash functions.

d. Private Key cryptosystems.

19. Which of the following has the goal to recover the plaintext, the key, or both?

a. Cryptanalysis.

b. Cryptosystem.

c. Crypto.

d. Cryptology.

20. Which of the following uses a dictionary-like book containing words and their corresponding codes to obtain the

plaintext?

a. Single substitution cipher.

b. Modern cryptography.

c. Codebook cipher.

d. One-time pad.

Unit 2 : Symmetric key cryptography

SHORT QUESTIONS:

1. List out the two types of symmetric key cryptography.

2. Define the term stream cipher.

3. What is the difference between block cipher and stream cipher?

4. What is the use of A5/1 algorithm?

5. State the uses of RC4.

6. List the steps to produce a cipher text using a stream cipher.

7. What do you mean by an iterated block cipher?

8. What is the goal of a block cipher?


9. List the two basic stream cipher algorithms.

10. Write the simple function for Stream Cipher.

11. Which was the first stream cipher used by GSM cell phones for confidentiality?

12. Which stream cipher is used to optimize software implementation?

13. What is a round function?

14. Define Fiestel Cipher.

15. What do you mean be DES?

16. Write three basic points to summarize DES.

17. What do you mean by triple DES?

18. What is the most innovative feature of IDEA?

19. What is unique about S-boxes in a blowfish?

20. What is TEA?

21. Write the formula to encrypt and decrypt plaintext blocks in ECB mode.

22. What is CBC?

23. What is the use of initialization vector in context to block ciphers?

24. Define integrity.

LONG QUESTIONS:

1. Differentiate between block cipher and stream cipher in detail (atleast 4 points).

2. How is a Feistel cipher network designed?

3. List the five modes of operation of Block cipher. Explain any one with example.

4. Explain RC4 algorithm in brief giving an example.

5. List two block ciphers. Explain any one of them in brief.

6. Draw diagrams to illustrate encryption and decryption in CBC mode.

7. Explain Fiestel cipher in brief.

8. Explain DES in brief.

9. Explain in detail the process required to decrypt a ciphertext using Triple DES.

10. Explain AES algorithm in brief given an example.

11. What is block cipher mode? Explain in brief.

12. Explain in brief Cipher block chaining giving an example.

13. Explain in brief ECB giving example.

14. Explain in brief the difference between CBC and ECB with the help of an example.

15. Explain in brief the concept of integrity.

16. Justify the statement “Decryption using a Feistel Cipher is essentially the same as encryption “.

17. Explain how to do random access on data encrypted using CBC mode. What is the disadvantage of using CBC for

random access compared with CTR mode?

FILL IN THE BLANKS:

1. ___________ is based on the basic concept of codebook.

2. __________ ciphers are like one-time pad.


3. _________ algorithm is employed in GSM cell phones.

4. ________ algorithm is used in SSL.

5. A stream cipher takes a key K of n bits in length and stretches it into a long ___________.

6. ____________________ is the function of a stream cipher.

7. _________ algorithm is designed for hardware and produces a single Keystream bit.

8. The ______ is obtained from plaintext by iterating a function F over some number of rounds.

9. The goal of block ciphers are security and ________.

10. The most innovative feature of IDEA is its use of_________________.

11. TEA uses a 64-bit block length and a ______bit key.

13. _______ mode is often selected when random access is required.

14. In CBC mode, the sender and receiver must share a ______key k and a non Secret IV.

15. A ______MAC is a standard approach to provide data integrity.

MULTIPLE CHOICE QUESTIONS:

1. Stream ciphers are like_______, except that we trade provable security for a relatively small key.

a. Simple substitution cipher.

b. Codebook cipher.


d. One-time pad.

2. A stream cipher takes a key K of n bits in length and stretches it into along ___________.

a. Keystream.

b. Search key.

c. Key length.

d. Public key.

3. Which of the following function is true for stream cipher?

a. StreamCipher (K) =S.

b. Streamcipher (K) =S.

c. Streamcipher(S) =K.

d. StreamCipher(S) =K.

4. For StremCipher (K) = S , k is the

a. Key.

b. Keystream.

c. Public key.

d. Private Key.

5. For StreamCipher (K) = S, S is the

a. Key.

b. Keystream.

c. Public key.

d. Private Key.

6. The first Stream cipher which is used by GSM cell phones for confidentiality is

a. A5/1.


*b. RC4.

c. DES.

d. A6/1.

7. Which of the following is optimized for software implementation?

a. RC4.

b. A5/1.

c. DES.

d. Fiestel cipher.

8. Which of the following is designed for hardware?

a. Block cipher.

b. RC4.

c. A5/1.

d. DES.

9. Which of the following algorithm is byte based?

a. Fiestel cipher.

b. DES.

c. A5/1.

d. RC4.

10. Which of the following algorithm includes SSL?

a. Stream cipher.

b. Block cipher.

c. RC4.

d. A5/1.

11. Which of the following’s output can also be used as a pseudo-random number generator for applications that

require cryptographic pseudorandom numbers?

a. RC4.

b. A5/1.

c. RC5.

d. A4/1.

12. Which of the following algorithm is not optimized for 32-bit processor?

a. RC4.

b. A5/1.

c. Stream cipher.

d. Block cipher.

13. In a block cipher, the function F which depends on the output of the previous round and the key K is known as a

a. Round function.

b. Merry-go-round.

c. Ring function.

d. Round algorithm.

14. Which DES boxes are most important for the security measures?

a. S-boxes.


b. P-boxes.

c. Q-boxes.

d. M-boxes.

15. What will be the decryption key if the notation for encryption of P withthe key k is C = E (P, K)?

a. P = D (C, K).

b. C = D (P, K).

c. P = D (K, C).

d. C = D (K, C).

16. DES stands for.

a. Default Encryption System.

b. Default Encryption Standard

c. Data Encryption Standard.

d. Data Encryption System.

17. Which of the following’s has the innovative feature of the use of mixed

mode arithmetic?

a. Stream cipher.

b. Block cipher.

c. IDEA.

d. DES.

18. The initialization vector in block cipher mode is

a. Secret.

b. Non-secret.

c. Public key.

d. Private Key.

19. CBC stands for

a. Cipher Block chaining.

b. Code Block chaining.

c. Cipher block chain.

d. Code block chain.

20. Which of the following is not a block cipher modes?

a. CBC.

b. ECB.

c. MCB.

d. Electronic codebook.

Unit 3 Public Key Cryptography

SHORT QUESTIONS:

1. Give the other name of public key crypto.

2. Differentiate public key and conventional encryption (atleast three points).

3. What are the principle elements of a public key cryptosystem?

4. What are roles of public and private key?


5. What is a one way function?

6. In which key cryptography same key is used to encrypt and decrypt?

7. Which cryptosystem is based on “trap door one way function?

8. Write the name of the scientists after whom RSA was developed.

9. Write the general private and public key pair for RSA.

10. What is the Euler’s theorem for RSA?

11. What is the general formula to encrypt with RSA?

12. Write down the general formula to decrypt using RSA.

13. On what computational problem the security of DH relies?

14. What are the possible steps to prevent MiM attack when using DH?

15. What are the two major advantages of public key cryptography over symmetric key crypto?

16. What is the primary advantage of symmetric key cryptography?

17. What do you mean by non-repudiation?

18. Draw the diagram of pitfall of sign and encrypt for confidentiality and nonrepudiation.

19. What do you mean by digital certificated?

LONG QUESTIONS:

1. Explain in brief the general form of RSA algorithm.

2. Solve the problem for RSA. Take p=11 and q=3 find the encryption exponent and construct a private and public

key.

3. Explain RSA algorithm giving an example.

4. Explain in brief DIFFIE-HELLMAN algorithm.

5. Explain ELLIPTIC CURVE CRYTOGRAPHY in brief.

6. Explain ECC Diffie-Hellman in brief.

7. What do you mean by public key notation? Write uses for public key crypto.

8. Explain Signatures and Non-repudiation in brief. Also draw the diagram for hybrid cryptosystem.

9. Explain in brief confidentiality and non-repudiation.

10. Explain public key infrastructure in brief.

11. Distinguish between DES and AES.

12. What are the steps in key generation algorithm in RSA algorithm.

13. What are the steps involved in encryption process in RSA algorithm

14. Perform encryption and decryption using RSA alg. For the following. P=7; q=11; e=17; M=8.

FILL IN THE BLANKS:

1. Public key cryptography is sometimes known as____________. 2. In Symmetric key cryptography the encryption and decryption key are_______. 3. In C=M emod N for RSA, e is known as ___________. 4. To decrypt C given in blank 7, modular exponentiation with the decryption exponent d is used, the formula

is____________. 5. Euler’s Theorem is__________________. 6. If p=11 and q=3, the public key for RSA is _____________. 7. In context to blank 10, the private key: d=___________. 8. The Ciphertext for p=11 and q=3 is____________. 9. If Alice sends ga mod p to bob and bob send gb mod p to Alice, then Alice computes________. 10. For the same message as in blank 13 the bob computes__________.


11. The ________ attack is a major concern when using DH. 12. _____________ is not a particular cryptosystem. 13. Public key crypto can be used for__________. 14. Public key signatures provide integrity but they also provide_________. 15. The most obvious trust model is_____________.


1. In which of the following the encryption and decryption key are same?

a. Symmetric key cryptography.

b. Asymmetric key cryptography.

c. Public key cryptography.

d. Non secret key.

2. Which of the following is based on”trap door one way” function?

a. Public key cryptosystem.

b. Public key.

c. Symmetric key.

d. Secret key.

3. To arrange the weights from least o greatest in knapsack is

a. Increasing knapsack.

b. Decreasing knapsack.

c. Super increasing knapsack.

d. Super decreasing knapsack.

4. The general knapsack is computed from the super increasing knapsack by a. Modulus.

b. Modular addition.

c. Modular multiplication.

d. Modular subtraction.

5. In which of the following algorithm two large prime numbers must be selected?

a. RSA.

b. DES.

c. DH.

d. ECC.

6. Which of the following Ciphertext is true for RSA?

a. C=M e mod N.

b. C=e M mod N.

c. C=N mod Me.

d. C=N mod eM.

7. Which of the following is also known as key exchange algorithm?

a. RSA.

b. DES.

c. DH.

d. ECC.

8. In which of the following algorithm MiM attack occurs?


a. DES.

b. Triple DES.

c. DH.

d. RSA.

9. Which of the following is true for an elliptic curve Efor graph function?

a. Y2 = x3+ ax + b.

b. Y3= x2+ b + ax.

c. X2 =y3+ b + ax.

d. X3=y2+ b + ax.

10. On which of the following the security of DH relies on the computational difficulty?

a. Discrete log problem.

b. Discrete modular problem.

c. Distributed log problem.

d. Distributed modular problem.

11. Which of the following is not a particular cryptosystem?

a. Elliptic curve.

b. RSA.

c. DES.

d. DH.

12. Monopoly model is

a. Trust model.

b. Fraud model.

c. Error rate model.

d. Dependent model.

13. Which of the following is one step away from the monopoly model?

a. Oligarchy model.

b. Anarchy model.

c. Hierarchy model.

d. Trust model.

14. Anarchy model is the opposite of a. Oligarchy model.

b. Hierarchy model.

c. Trust model.

d. Dependent model.

15. Which of the following is not an issue for PKI?

a. Key generation and management.

b. CAs.

c. CRLs.

d. Certificate revocation

Unit 4 : Hash Functions and Other Topics


SHORT QUESTIONS:

1. What do you mean by hash function?

2. What is referred as the birthday paradox?

3. What is the use of hash function?

4. Write down the probability formula that at least one person has the same birthday as you.

5. Give one example of non-cryptographic hash that is widely used.

6. Which algorithm is very similar to MD5?

7. Which are the two major hash functions that are popular today?

8. What is the practical difference between the SHA-1 and MD5?

9. What is avalanche effect?

10. What do you mean by CBC residue?

11. What is the block size used for MD5, SHA-1 and Tiger?

12. What can be used in place of a MAC for message integrity?

13. Write any three standard applications that employ hash functions.

14. Define spam.

15. Write one concern with respect to key escrow.

16. What do you mean by invisible watermarks?

17. What are the two different categories in which watermarks can be identified?

18. What so you mean by robust watermarks?

19. Define visible watermarks.

20. Define fragile watermarks.

LONG QUESTIONS:

1. Explain hash function in brief.

2. Explain the birthday problem in brief.

3. What do you mean by non-cryptographic hashes? Explain it in brief.

4. Explain tiger hash in brief.

5. Explain in brief HMAC.

6. Explain in brief spam reduction.

7. Explain in brief the two main uses of hash function.

8. What do you mean by key escrow? Explain Secret sharing in brief.

9. Explain ransom numbers in brief.

10. Explain in brief how random bits should be generated.

11. Define digital watermark. What are the different flavors of it? What are the categories of watermarks?

12. Explain information hiding in brief.

13. Explain in brief Texas Hold’em Poker.

FILL IN THE BLANKS:


1. Hash functions are extremely useful in_______.

2. The ___________ resistance property requires that all of the collisions hard to find.

3. The probability that none of N people have the same birthday as you is__________.

4. Cyclic redundancy is an example of non-cryptographic _________.

5. CRCs are sometimes used in applications where cryptographic __________ is required.

6. __________ and similar checksum methods are only designed to detect transmission errors, not to detect

intentional tampering with the data.

7. In MD5, “MD” is for__________.

8. _______ is the successor of MD4.

9. The SHA-1 algorithm is very similar to_______.

10. Cryptographic hash functions SHA-1 and MD5 consist of a number of________.

11. In SHA-1 SHA stands for_________.

12. All MDs were invented by crypto guru_________.

13. A desirable property f any cryptographic hash function is so-called effect.

14. Tiger also employs a _________ algorithm, which since there is no key applied to the input block.

15. Tiger borrows many ideas from_____, including S-boxes, multiple rounds, mixed mode arithmetic, a key

schedule and so on.

16. The MAC is the final encrypted block, which is known as the __________.

17. ______ is defined as unwanted and unsolicited bulk e-mail.

18. Secret sharing would be useful in ____problem.

19. ______ can be used to measure the uncertainty or, conversely the predictability of sequence of bits.

20. ______ Watermarks are not supposed to be predictable in the media.

TRUE OR FALSE:

1. A cryptographic hash function must provide the inefficiency.

2. For compression of hash function h(x) =y.

3. Hash functions are not used in the computation of digital signature.

4. The birthday problem is a fundamental issue in many areas of cryptography.

5. The probability that at least one person has the same birthday as you is 1- (364/365)N.

6. The probability that none of N people have the same birthday as you is (364/35)1/N.

7. CRC is an example of non-cryptographic hash.

8. CRC do not maintain the integrity for cryptographic.

9. MD4 is the successor of MD3.

10. MD5 is the successor of MD4.

11. MD3 produces 128-bit output.

12. SHA-1 generates a 180-bit output, which provides a significant margin of safety over MD5.

13. Cryptographic hash functions do not consists of rounds.

14. Tiger was designed for optimal performance on 64-bit processors.

15. An HMAC can be used in place of a MAC for message integrity.

16. Random numbers can be used in simulators but not in statistics.


17. PRNG stands Pascal pseudo random number generator.

18. Cryptographic random numbers are predictable.

19. Fragile watermarks are designed to be destroyed or damaged if any tampering occurs.

20. Many modern currencies include digital watermark.


1. Which of the following is not provide by hash function?

a. Efficiency.

b. Two-way.

c. Compression.

d. Weak collision resistance.

2. In which of the following application hash function is not useful?

a. Security.

b. Digital signature.

c. Resistance.

d. Integrity.

3. Which of the following is a fundamental issue in many areas of cryptography?

a. The birthday problem.

b. Hash function.

c. Tiger hash.

d. Information hiding.

4. Which of the following is true for the probability that at least one person has the same birthday as you?

a. 1-364/365.

b. 1-(364/365).

c. 1-(364/365)N.

d. 1-(34/365)1/N.

5. Which of the following is sometimes used in applications where cryptographic integrity is required?

a. CRC.

b. WEP.

c. Checksum.

d. Hash.

6. For MD5, MD stands for

a. Message digest.

b. Messenger digest.

c. Message dependent.

d. Message decryption.

7. Which of the following is used to detect transmission errors, and not to detect intentional tampering with data?

a. CRC.

b. Similar checksum.

c. WEP.


d. Hash function.

8. Which of the following is very similar to SHA-1?

a. MD3.

b. MD4.

c. MD5.

d. MD1.

9. MD5 is the successor of a. MD4.

b. MD3.

c. MD2.

d. SHA.

10. MD5 produces _______ bits-output.

a. 128.

b. 64.

c. 256

d. 512.

11. How many bit-output is generated by SHA-1?

a. 128.

b. 180.

c. 256.

d. 512.

12. Which one of the following was designed for optimal performance on 4-bit processors and to be a drop in the

replacement for MD5?

a. Tiger hash.

b. Hash function.

c. Information hiding.

d. Cryptographic hashes.

13. Which of the following is not included in hash function?

a. Authentication.

b. Message integrity.

c. Fingerprinting.

d. Inefficiency.

14. Which of the following is defined as unwanted and unsolicited bulk e-mail?

a. Spam.

b. Virus.

c. Worm.

d. Hackers.

15. Which of the following has the goal to hide information in other data, such as embedding secret information in

a JPEG image?

a. Information hiding.

b. Spam reduction.


c. Hash function.

d. Online bids.

16. Which of the following is a particular application where secret sharing would be useful?

a. Key escrow.

b. Key error.

c. Key arrow.

d. Key ecru.

17. Which of the following can be used to measure the uncertainty, or conversely, the predictability of sequence of

bits?

a. Entropy.

b. Key escrow.

c. Tiger hash.

d. Hash function.

Unit 5 : Authentication

SHORT QUESTIONS:

1. Define access control.

2. List the three different methods of authentication.

3. Give an example of authorization.

4. What do you mean by an ideal password?

5. Give an example of authentication.

6. Which are the three groups in which users were divided for the experiment of password?

7. What provides the best option for password selection, resulting to password cracking more difficult?

8. What is the common attack path for attacking the systems?

9. Give one example of password verification.

10. Biometrics is the example of which type of authentication method?

11. What is the goal of identification in biometrics?

12. List the two phases of biometric system.

13. What is enrolment phase?

14. What is recognition phase?

15. What do you mean by fraud rate?

16. Give two examples of biometrics.

17. What is the advantage of hand geometry?

18. What is the formula for iris scan?

19. Give two examples of something you have.

20. What do you mean by two-factor authentication?

21. Define single sign-on.

22. What are web cookies?


LONG QUESTIONS:

1. Explain in brief any one authentication method.

2. Explain password verification in brief.

3. Explain any two cases for math of password cracking.

4. Explain biometrics in brief.

5. Explain fingerprints in brief.

6. Explain in brief how hand geometry can be used as a popular form of biometrics.

7. Explain Iris scan giving one mathematical example.

8. Explain something you have authentication in brief.

9. Derive two passwords from the passphrase “Gentleman do not read other Gentlemen’s mail’.

10. List two passphrases and for each of these give three passwords derived from the passphrase.

11. Describe a simple attack on the web cookie authentication method.

FILL IN THE BLANKS:

1. _______________ refers to issues concerning access of system resources.

2. Access control is a synonym of _________________.

3. Password is an example of _____________.

4. ____________is an example of ‘something you have’.

1. ___________ are free, while smartcards and biometric devices cost money.

2. Outsider-> ____________ -> administrator is the common path of attacking Systems via passwords.

3. Storing passwords in ________________ is more secure compared to storing Passwords in a raw file.

4. Biometrics is the ______________________ method of authentication.

5. Biometrics can be used for identification or _______________.

6. The rate at which the misauthentication occurs is known as __________.

7. The _________rate is the rate at which the fraud and insult rates are same.

8. A form of biometric particularly for entry into secure facilities is__________.

9. Iris codes are compared based on the ________ distance between the codes.

10. ___________ can be used for authentication based on something you have.

11. Requiring two out of three authentication methods is known as __________.

12. __________ are often used as a weak form of authentication.

TRUE OR FALSE:

1. Authorization says are you allowed to do that.

2. Authentication tells who goes there.

3. Password is an example of something you are.

4. ATM and smartcard is an example of something you have.

5. Passwords are free of cost.

6. The common path for attacking a system is user->outsider->admin.


7. Storing password in hash is more secure than storing it in a raw file.

8. Passwords based on passphrases can be considered as secure passwords.

9. Biometrics is something you are method of authentication.

10. Recognition phase is the phase in which subjects have their biometric Information entered in the database.

11. Facial recognition system can be used for identification.

12. Fingerprints were first used in ancient china as a form of signature.

13. Disadvantage of hand geometry is that they are slow, taking more time in the enrolment phase.

14. Hand geometry has an equal error rate of about 10-3.

15. MAC address of laptop computers can be considered as example of something you have.

16. A password generator is a device, about the size of a calculator, that the User must process in order to log in to

a system.

17. Password generator scheme only requires something you have.

18. Credit card together with a signature is an example of two factor authentication.

19. Cookies can act as a single sigh on method of a website.

20. Single sign on are a weak form of authentication.


1. Which of the following is often used as a synonym for authorization?

a. Access control.

b. Authentication.

c. Limited access.

d. Controlled access.

2. Which of the following is not a method of authentication?

a. Something you know.

b. Something you have.

c. Something you are.

d. Something you want.

3. ATM or Smart card is an example of





4. A password is an example of





5. Biometrics is an example of






6. The PIN number for an ATM card is equivalent to

a. Password.

b. Authentication.

c. Authorization.

d. Key.

7. Something you know is more popular them

a. Something you have.

b. Something you are.

c. Something you want.

d. Something you can.

8. Which of the following is the strongest password?

a. Frank.

b. 10251960.

c. P0kemON.

d. FSa&Yago.

9. Which of the following is the common attacking path?

a. Outsider->administrator->normal user.

b. Normal user->administrator->outsider.

c. Administrator->normal user-> outsider.

d. Outsider->normal user->administrator.

10. Biometrics of Something you are can also be known as

a. You are your key.

b. You are you password.

c. You are your authentication proof.

d. You are what is believed to be.

11. Which of the following biometric shows physical characteristics which cannot be changed ever?

a. Universal.

b. Collectable.

c. Distinguishable.

d. Permanent.

12. Which of the following is the most severe real world security problem?

a. Password.

b. Key.

c. Authentication.

d. Authorization.

13. In which of the following the comparison is one-to-one?

a. Password.

b. Authentication.

c. Authorization.


d. Key.

14. Which of the following is the second phase in biometrics?

a. Enrollment phase.

b. Recognition phase.

c. Enhancement phase.

d. Reluctant phase.

15. In which of the following phase subjects have their biometric information entered into a database?

a. Enhancement phase.

b. Recognition phase.

c. Enhancement phase.

d. Reluctant phase.

16. Which of the following is the rate at which the fraud and the insult rate are the same?

a. Fraud rate.

b. Insult rate.

c. Equal error rate.

d. Error Equal rate.

17. The rate at which misauthentication occurs in the biometrics for recognition is known as?

a. Fraud rate.

b. Error rate.

c. Equal error rate.

d. Insult rate.

18. Which of the following is true for iris identification?

a. D(x, y) = no. of non-match bits/no.of bits compared.

b. D(Y, x) = no. of non-match bits/no. of bits compared.

c. D(x, y) = no. of bits compared/no. of non-match bits.

d. D(Y, x) = no. of bits compared/no. of non-match bits.

19. Which of the following looks like a credit card but includes a small memory and computing resources, so that it

is able to store cryptographic keys?

a. ATM card.

b. Smart card.

c. Credit card.

d. Debit card.

20. Which of the following is a weak form of authentication?

a. Two-factor authentication.

b. Single sign-on.

c. Web cookies.

d. One-factor authentication.

Unit 6: Authorization


SHORT QUESTIONS:

1. What do you mean by authorization?

2. What is access control lists?

3. What is a capabilities list?

4. Draw the diagram of confused deputy giving an example.

5. What do you mean by objects?

6. What refers as subjects?

7. Which are the four levels of classifications and clearances for multilevel security models?

8. What is the purpose of MLS system?

9. What is the simple security condition and the star property of Bell-LaPadula?

10. What is refereed as high water mark principle?

11. What is the write access rule for Biba’s model?

12. Give the condition for low water mark policy.

13. What is multilateral security?

14. Define covert channel.

15. Draw the diagram of covert channel using TCP sequence number.

16. What is query set size control?

17. What is randomization in context to inference control?

18. Define firewall.

19. List three classification of firewall.

20. When are the CAPTCHA being used?

21. Which are the two methods of intrusion detection?

22. List the two basic architectures for IDSs.

23. What is signature based IDS?

LONG QUESTIONS:

1. Explain in brief Access control Matrix giving an example.

2. Explain C-list in brief giving an example.

3. Explain the difference between C-list and ACLs with the help of example.

4. Explain confused deputy in brief.

5. Explain any one security model in brief.

6. Explain multilevel security model in brief.

7. Explain in brief Bell-LaPadula model.

8. Explain Biba’s model in brief.

9. Differentiate between BLP and Biba with the help of an example.

10. Explain giving an example multilateral security model.

11. Explain covert channel with the help of an example.

12. Explain any one firewall in brief.

13. Explain stateful packet filter in brief which uses TCP.


14. Explain intrusion detection in brief. What are the two basic architectures For IDSs.

15. Which are the two methods of intrusion detection? Explain signature

Based IDSs in brief.

16. Explain Anomaly based IDSs in brief with the help of an example.

FILL IN THE BLANKS:

1. _____________ Is the part of access control concerned with restrictions on the actions of authenticated users.

2. C-list are referred as __________.

3. _________and ____________ are the two fundamental concepts in the field of authorization.

4. In _______________ a compiler is used.

5. Security models are ______________, not proscriptive.

6. Classifications apply to ______________.

7. _____________ apply to subjects.

8. Top secret-> __________ ->confidential->_______________ is the order for four levels of classifications and

clearances.

9. _________Security is needed when subjects and objects at different levels use the same system resources.

10. Biba’s model deals with ____________.

11. For Biba’s model subject S can write object O if and only if ______________.

12. In low water mark policy if subject S reads object O, then I(S) = _________.

13. ________ Security uses compartments.

14. _______________ Is defined as a communication path not intended as such by system’s designers.

15. For a real world example covert channel consider the _________ protocol.

16. _____________ are designed to restrict access to human resources.

17. A __________ acts like a lot like secretary for your network.

18. A _________ is a firewall that lives at the network layer.

19. A ___________ is a firewall that operates at the transport layer.

20. A ____________ firewall is used to protect a single host or a small network Such as a home network.

TRUE OR FALSE:

1. Authentication is the access control concerned with restrictions on the Actions of authenticated users.

2. CAPTCHAs are designed to restrict access to humans.

3. In the confused deputy there are two system resources, a compiler,

1. A file and a user.

4. C-lists are preferable when user manage their own files and when

2. Protection is data oriented.

5. With ACLs it’s easy to change rights to a particular resource.

6. Classifications apply to subjects.

7. Object deals with clearances.

8. Security models are not descriptive.

9. Multilateral security is needed when subjects and objects at different levels use the same system resources.


10. The simple security condition can be summarized as “no read up” and while the star property implies “no write

down”.

11. Biba’s model deals with integrity.

12. Biba’s model is very restrictive.

13. Multilateral security systems enforce access control “up and down”

14. Where the security levels are ordered in a hierarchy.

15. Multilateral security system uses compartments.

16. MLS system are designed to restrict legitimate channels of communication.

17. Query set size control is a technique used in inference control.

18. CAPTCHA is a test that computers can pass but users can’t.

19. A stateful packet filter is a firewall that operates at the network layer.

20. The primary advantage of packet filter firewall is efficiency.

21. Anomaly based IDSs attempt to detect attacks based on signatures.

22. The goal of intrusion detection is to keep bad guys out of your system or network.


1. Which of the following access control is concerned with restriction on the actions of authenticated users?

a. Authentication.

b. Passwords.

c. Authorization.

d. Key.

2. Which of the following has the fundamental concept of C-list?

a. Authentication.

b. Access control.

c. Authorization.

d. C-list.

3. Whenever an object is accessed, its column of the access control matrix could be consulted to see whether the

operation is allowed. These columns are known as

a. Access control lists.

b. Access control matrix.

c. C-list.

d. C-list matrix.

4. Which of the following illustrates a classic security problem?

a. Confused deputy.

b. Confused attacker.

c. Hacker.

d. Access control list.

5. Which of the following is true for the four levels of classifications and clearances?

a. TOP SECRET > SECRET > CONFIDENTIAL > UNCLASSIFIED.


b. TOP SECRET > CONFIDENTIAL > SECRET > UNCLASSIFIED.

c. SECRET > TOP SECRET > UNCLASSIFIED > CONFIDENTIAL.

d. SECRET > CONFIDENTIAL >TOP SECRET > UNCLASSIFIED.

6. Security models are

a. Instructive.

b. Constructive.

c. Descriptive.

d. Proscriptive.

7. Which of the following is needed when subjects and objects at different levels use the same resources?

a. Confused deputy.

b. Authorization.

c. Multilevel security.

d. Multilayer security.

8. Simple security condition: Subject S can read object O if and only if L(O)<=L(S) is true for

a. Bell-LaPadula model.

b. Biba’s model.

c. Multilevel security.

d. Multilayer security.

9. Which of the following is used by multilayer security to restrict information flow across security levels?

a. Object.

b. Subjects.

c. Classifications.

d. Compartments.

10. Biba’s model is

a. Restrictive.

b. Constructive.

c. Destructive.

d. Prominent.

11. Subject S can write object O if and only if I(O) <+ I(S) is true for.

a. Star property.

b. Write access rule.

c. Read access rule

d. Low water mark policy.

12. If subject S reads object O, then I(S) = min(I(S),I(O)) is true for

a. Write access rule.

b. Read access rule.

c. Low water mark policy.

d. High water mark policy.

13. Which of the following notation is true for multilateral security?

a. SECURITY LEVEL {COMPARTMENT}.

b. SECURITY LEVEL [COMPARTMENT].


c. SECURITY LEVEL (COMPARTMENT).

d. SECURITY LEVEL <COMPARTMENT>.

14. Which of the following can be used as a communication path not intended as such by system’s designers?

a. Multilevel security.

b. Firewalls.

c. Multilateral security.

d. Covert channel.

15. Which of the following protocol is used by covert channel?

a. TCP.

b. UDP

c. TCP/IP.

d. HTTP.

16. Query set size control in which no response is returned if the size of the set is too small is used by

a. Inference control.

b. Covert channel.

c. CAPTCHA.

d. Multilateral security.

17. Which of the following is a test that human can pass but computers can’t?

a. Firewall.

b. Inference control.

c. CAPTCHA.

d. Multilevel security.

18. Which of the following acts like a secretary for your network?

a. Covert channel.

b. Inference control.

c. CAPTCHA.

d. Firewall.

19. Which of the following is a firewall that lives at network layer?

a. Packet filter.

b. Stateful packet filter.

c. Application proxy.

d. Stateful filter.

20. Which of the following attempts to detect attacks based on known signatures or patterns?

a. Signature based IDSs.

b. Anomaly based IDSs.

c. Host based IDSs.

d. Network based IDSs.

unit short questions - utuutu.ac.in/bmiit/studentcorner/2016-17/sem5/060010504_qb.pdf · 12. find...

Documents