BIM 5th Sem-Model Question Solution 2024 – Information Security
Thank you for reading this post, don't forget to subscribe!bim 5th sem model question solution 2024
BIM/Fifth Semester/ IT 244 : Information Security
Group “A” Brief answer questions:
1.) What is the primary goal of computer security?
The primary goal of computer security is to protect the confidentiality, integrity, and availability of information and systems. This is commonly referred to as the CIA Triad. And also to to safeguard computer systems from unauthorized access, data breaches, cyberattacks, and other threats
2.) Define an attack surface in the context of security.
In the context of security, an attack surface refers to the total sum of all possible points or vectors through which an unauthorized user (or attacker) can attempt to gain access to a system, application, or network.
3.) What is the significance of prime numbers in cryptography?
Prime numbers play a crucial role in cryptography, particularly in public-key algorithms like RSA, due to their mathematical properties that make certain calculations easy in one direction but extremely difficult in the reverse.
4.) Differentiate between symmetric and asymmetric key cryptography.
| It uses a single secret key for both encryption and decryption. | It uses a pair of keys: a public key for encryption and a private key for decryption. |
| It is generally faster and more efficient for large volumes of data. | It is slower due to the complex mathematical operations involved. |
| If the secret key is compromised, the entire communication is at risk. | Even if the public key is known, the private key remains secure, enhancing security. |
5.) What is the primary purpose of a digital signature?
The primary purpose of a digital signature is to ensure the authenticity, integrity, and non-repudiation of a message or document. It verifies that the message was created by the claimed sender and has not been altered during transmission.
6.) What is the purpose of two-factor authentication?
The purpose of two-factor authentication (2FA) is to enhance security by requiring users to provide two different types of authentication factors—such as a password (something they know) and a one-time code or fingerprint (something they have or are)—before gaining access to a system.
7.) Define intrusion prevention system.
An Intrusion Prevention System (IPS) is a security mechanism that monitors network or system activities for malicious behavior and automatically blocks or prevents identified threats in real-time to protect against attacks.
8.) What is backdoor?
A backdoor is a hidden method of bypassing normal authentication or security controls in a computer system, application, or network. It is often used by attackers or malicious insiders to gain unauthorized access without being detected.
9.) What is the primary purpose of a firewall?
The primary purpose of a firewall is to control incoming and outgoing network traffic by applying security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access.
10.) Why security audit is essential?
A security audit is essential because it evaluates the effectiveness of an organization’s security policies, procedures, and controls. It helps identify vulnerabilities, ensures compliance with standards, and improves the overall security posture by recommending corrective measures.
Group “B” Short Answers Questions:
11.) Differentiate between threats, attacks, and assets in the context of computer security.
12.) Explain the difference between substitution and transposition ciphers with examples.
13.) Describe how biometric authentication works and its advantages over traditional authentication
methods.
14.) Compute whether 3 is primitive root of 7 or not.
15.) What are security audit trails, and how do they play a role in tracking and analyzing security-related activities within an information system?
16.) Explain the role of IT security management in an organization and its impact on overall security.
IT Security Management refers to the systematic approach of implementing policies, processes, and technologies to protect an organization’s information systems, networks, and data from unauthorized access, breaches, and other security threats.
Group “C” Long Answer Questions:
17.) Distinguish between stream cipher and block cipher. Encrypt the message “SECURITY IS IMPORTANT FOR EVERYONE” using rail fence cipher using 4 as number of rails.
18.) What is the Public Key Infrastructure X.509? Discuss its role in network security.
Public Key Infrastructure (PKI) X.509 is a widely adopted framework and standard used for managing digital certificates and public-key encryption. It is forms the backbone of secure communications on the internet.
- It refers to the use of digital certificates (X.509 certificates) to bind public keys to the identities of individuals, organizations, or systems.
- These certificates are issued and signed by trusted entities known as Certificate Authorities (CAs).
Role of PKI X.509 in Network Security:
a.) Authentication:
- X.509 certificates confirm the identity of users, devices, or servers, ensuring that communication takes place between trusted parties (e.g., HTTPS ensures a website is genuine).
b.) Data Integrity:
- Digital signatures based on X.509 ensure that data has not been altered during transmission, helping protect against tampering and MITM (Man-in-the-Middle) attacks.
c.) Confidentiality:
- By using public key encryption, PKI enables secure data transmission, so only the intended recipient (with the private key) can decrypt the information.
d.) Non-Repudiation:
- Since digital signatures are tied to an individual’s private key, PKI provides proof that a specific party sent a message, preventing denial of actions.
e.) Secure Email and File Sharing:
- PKI supports encrypted and signed email (via protocols like S/MIME), ensuring secure communication and document exchange.
f.) VPN and Secure Remote Access:
- X.509 certificates are often used in VPNs and secure network access tools to authenticate users and devices.
19. Compare host-based intrusion detection Systems and network-based intrusion detection systems.
20.) What is message digest? Differences between MD4 and MD5.
A message digest is a fixed-size numerical value generated from input data (a message) using a hash function. It acts like a digital fingerprint of the data.
- They are commonly used in digital signatures, data integrity verification, and password storage to ensure that the data has not been altered.
Differences between MD4 and MD5:
Group “D” Comprehensive Questions:
21.) Explain the process of encrypting and decrypting a message using the RSA algorithm. Given that the prime numbers chosen are p=11 and q=17, calculate the public and private keys, and then encrypt the message M=12. Show all steps in your calculations.
RSA Algorithm is a widely used asymmetric encryption algorithm used for secure data transmission.
- It is named after its inventors: Ron Rivest, Adi Shamir, and Leonard Adleman.
The process of encrypting and decrypting a message using RSA algorithm:
1.) Key Generation:
- Step 1: Choose two large prime numbers,
pandq.- These primes must be distinct and randomly selected.
- Step 2: Calculate the modulus:
n=p×q- This number n is used in both public and private keys.
- Step 3: Compute Euler’s Totient Function:
ϕ(n)=(p−1)×(q−1)- This represents the number of integers less than n that are coprime to n.
- Step 4: Choose a public exponent e: e must satisfy:
1<e<ϕ(n)gcd(e, ϕ(n)) = 1
- Step 5: Compute the private exponent d:
d×e ≡ 1 mod ϕ(n)- This means that d is the modular inverse of
e mod ϕ(n).
- This means that d is the modular inverse of
Final Keys:
- Public Key: (e,n)
- Private Key: (d,n)
2.) Encryption:
Given a plaintext m, where 0 ≤ m < n: To encrypt a message ‘m’.
- Calculate ciphertext (c):
c = me mod n
- Encrypt the message using the recipient’s public key.
3.) Decryption:
To recover the plaintext from the ciphertext c:
m = cd mod n
- Decrypt using your private key.
22.) What is hash-based message authentication code. Explain design and working mechanism of digital signature algorithm, and how it ensures message integrity and authenticity.
Hash-Based MAC (HMAC) is a keyed-hash message authentication code that combines a cryptographic hash function with a secret key to provide message integrity and authentication.
Digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message and to ensure that the original content of the message or document that has been sent is unchanged.
How Digital Signatures Work:
1.) Signing:
- The sender hashes the message to create a message digest.
- The digest is encrypted using the sender’s private key, creating the digital signature.
- The signature is appended to the message.
2.) Verification:
- The receiver decrypts the signature using the sender’s public key to retrieve the message digest.
- The receiver hashes the received message and compares it to the decrypted digest.
- If they match, the message is authentic and unaltered.
It ensures message integrity and authenticity:
- It ensures message integrity and authenticity by using cryptographic algorithms to prevent tampering and impersonation.
- It protects the message from being altered or modified during transmission by generating a unique hash of the original message using algorithms like SHA-256.
- The sender then encrypts this hash using their private key, creating the digital signature.
- When the recipient receives the message and the signature, they decrypt the signature using the sender’s public key and compare the result with a freshly computed hash of the received message. If both hashes match, it proves the message has not been altered — ensuring integrity.
- At the same time, the use of the sender’s private key confirms the identity of the sender, thus ensuring authenticity. This process guarantees that the message is both genuine and unmodified.