Name: Malik Omer UH ID: 2116701

CIS-6323
Applied Cryptography
F 2022 Test-2 Paper

TOTAL POINTS-100
I. Multiple choice questions (2 points each). 20*2=40 points.
1. DS (Digital Signature) provides ________.
a) authentication
b) nonrepudiation
c) both (a) and (b)
d) neither (a) nor (b)

2. Which of the following algorithm is NOT symmetric encryption?

a) 3DES
b) RSA
c) RC5
d) IDEA

3. Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

a) Encrypting the hash of the message with the sender's private key and thereafter encrypting the hash of
the message with the receiver's public key.
b) The sender digitally signing the message and thereafter encrypting the hash of the message with the
sender's private key.
c) Encrypting the hash of the message with the sender's private key and thereafter encrypting the
message with the receiver's public key.
d) Encrypting the message with the sender's private key and encrypting the message hash with the
receiver's public key.

4. In cryptography, the letters order in a message is rearranged by

a) transpositional ciphers
b) substitution ciphers
c) both (a) and (b)
d) none of the mentioned

5. Which of the following does NOT use a Cryptographical Technique to protect data? 
a) the use of digital signatures
b) data encryption
c) the use of stored encrypted password files
d) using asymmetric keys at 'sender' and 'receiver' nodes

6. Cryptanalysis is used
a) to find some insecurity in a cryptographic scheme
b) to increase the speed
c) to encrypt the data
d) none of the mentioned

7. SSH (Secure shell) network protocol is used for:

a) secure data communication
Name: Malik Omer UH ID: 2116701

b) remote command-line login

c) remote command execution
d) all of the mentioned

8. In order for a cipher to be considered secure, decryption without the key should be which of the one
following complexity classes:
a) Linear
b) Exponential
c) Transposition
d) Polynomial

9. Which of the following type/s are right attacks type/s?

a) Attacks against algorithm
b) Attacks against implementation
c) both (a) and (b)
d) none of the mentioned

10. What characteristic makes the current internet NOT safe? 

a) the 'secure' surroundings within which it is implemented
b) the truth of providing an open, easy-to-use network
c) it eliminates the need for firewalls
d) you don't require a fast computer to use the internet

11.Which of the following is the primary cause of INVISIBLE damage? (For example: damage is of
unknown extent) 
a) viruses
b) computer misuse
c) computer fraud
d) theft

12. Which of the following statement is INCORRECT?

a) MIME is an official standard format for extended Internet electronic mail.
b) E-mail messages consist of two parts header and the body.
c) MIME itself does not provide any security services. 
d) both (a) and (b)

13. A ________is a federal / state organization that binds a public key to an entity and issues a certificate.
a) KDC
b) Kerberos
c) CA
d) none of the above

14. Which of the following algorithm is NOT asymmetric-key cryptography?

a) RSA algorithm
b) Diffie-Hellman algorithm
c) Electronic code book algorithm
d) None of the mentioned

15. Which of the following is a form of DoS / DDoS attack?

a) Vulnerability attack
b) Bandwidth flooding
Name: Malik Omer UH ID: 2116701

c) Connection flooding
d) All of the mentioned
16. IPv6 does NOT use
a) Broadcast type of address
b) Multicast type of address
c) Anycast type of address
d) None of the mentioned

17. PGP (Pretty good privacy) is used in

a) browser security
b) email security
c) FTP security
d) none of the mentioned

18. Which of the following Model is INCORRECT CA Model？

a) Hierarchical Model
b) Peer-to-Peer Model
c) Bridged CA Model
d) Network CA Model

19. IPSec is designed to provide the security at the layer

a) transport
b) network
c) application
d) session

20. If DHCP snooping is configured on a LAN switch, then clients who have specific ______ can access
the network.
a) MAC address
b) IP address
c) both (a) and (b)
d) none of the mentioned

II. Definitions: 5 of the following 6 questions (4 points each. Only first five finished
answers will be graded and counted.). 5*4=20points.
1. Man-in-the-Middle Attack

A man in the middle (MITM) attack occurs when a perpetrator inserts himself into the
middle of a conversation between a user and an application, either to eavesdrop or to
impersonate one of the parties, giving the appearance of a regular flow of information.
Personal information such as login passwords, account information, and credit card numbers
are stolen during an attack. Targets include users of banking apps, SaaS firms, e-commerce
sites, and other websites that require logging Information obtained during an attack could be
used for a variety of purposes, including identity theft, unauthorized fund transfers, or
unauthorized password changes.
Name: Malik Omer UH ID: 2116701

2. S-boxes
An S-box (substitution-box) in cryptography is a fundamental component of symmetric key
algorithms that conducts substitution. They are commonly employed in block cyphers to hide the
link between the key and the cipher text, hence assuring Shannon's property of confusion. An S-
box is a sectorial Boolean function in mathematics. S-Box Substitution is a process that uses the
substitution technique to generate a 32-bit output from a 48-bit input from an XOR operation
comprising the compressed key and extended RPT. The eight substitution boxes are responsible
for carrying out the substitution (also known as the S-boxes). The eight S-boxes each have a 6-
bit input and a 4-bit output. The 48-bit input block is divided into eight sub-blocks (each with six
bits), and each sub-block is connected to an S-box.

3. Security through Obscurity

Security by obscurity (STO) is a method of achieving security within a system by requiring the
secrecy and confidentiality of the system's internal architectural architecture. The goal of security
via obscurity is to safeguard a system by purposefully concealing or obscuring its security
weaknesses. STO is built on the premise that any information system is secure as long as security
weaknesses stay concealed, making it less likely that a malevolent attacker will exploit them.
Obscurity involves keeping the security gaps in the underlying system hidden from all except the
most significant stakeholders, such as key developers, designers, project managers, or owners.
Typically, a hacker's strategy to attacking a system begins with finding known flaws.

4. PKI
PKI for security management through encryption. The most popular type of encryption
used today consists of a public key, which anybody may use to encrypt a message, and a
private key (sometimes known as a secret key), which only one person should be able to
use to decrypt those communications. People, devices, and apps may all make use of
these keys. Cryptographic algorithms are sophisticated mathematical procedures that are
used to encrypt and decipher communications. They also serve as the foundation for PKI
authentication. These algorithms vary in complexity, and the earliest ones predate
modern technology.

5. Initialization Vector
Name: Malik Omer UH ID: 2116701

An initialization vector is a random integer that is used to encrypt data together with a secret
key. This number is known as a nonce, or "number occurring once," since an encryption
programme only uses it once each session. An initialization vector is used to eliminate
recurrence during the data encryption process, making it hard for hackers to decipher the
transferred encrypted information by detecting a pattern.

6. One Time Pad

III. Short Answer questions, 2 of the following 3 questions (10 points each. Only first
two finished answers will be graded and counted.) 2*10= 20
1. How is cryptography used in a typical IT enterprise – describe at least 3 different uses.

1. Transmission confidentiality: The fundamental goal of cryptography is to prevent

information from being accessed by anybody other than the intended receiver. The
great majority of transmission systems rely on a private-key cryptosystem. This
technique encrypts and decrypts data using a secret key shared by the sender and the
recipient. The private keys are distributed and erased on a regular basis. Because
every person who receives the key has the capacity to decipher the encrypted
information, it is vital to safeguard the key against unwanted access.

2. 2. Storage encryption: Storage encryption refers to the application of

cryptographic methods on data while it is in motion and on storage media in the
context of data security. Storage encryption is becoming more widespread in
organizations that employ storage area networks (SANs). By storing data in
encrypted form, the secrecy of data storage is maintained. To get access, the user
just has to supply the computer with the key at the start of a session; the machine
will then handle the encryption and decryption throughout normal operation.
Hardware components can also be used in conjunction with PCs to automatically
protect all data saved on the hard drive.

3. Integrity in transmission: Using cryptography, we may ensure that data is not

modified throughout the transfer, i.e., that its integrity is maintained. The integrity of
electronic financial transfers is crucial because it enables the seamless flow of funds.
A bank can lose millions of dollars if a transaction is unlawfully intercepted.
Cryptographic processes are used to prevent data from being mistakenly or
purposely manipulated during transmission, which might result in wrong actions
Name: Malik Omer UH ID: 2116701

being executed. One approach of assuring data integrity is to compute a checksum

on the data being sent and to send the checksum in an encrypted manner.
2. What are the objectives of proper cryptographic key management?
Management of cryptographic keys used in a cryptographic network for a variety of reasons. The
fundamental cryptographic key management concerns the production, exchange, storage, usage,
replacement, and destruction of keys. The process includes cryptography protocol design, key
servers, user processes, and other necessary protocols. Key management is required to keep
cryptosystems secure. It is one of the most diverse states of cryptography, encompassing
elements like as system policy, user training, and organizational and departmental relationships.

3. Explain how IPSec VPN’s work – what modes are present and how and what do they protect?

IV. Long Answer questions, 1 of the following 2 questions (20 points. Only first one
finished answer will be graded and counted)
1. Bob has received an order (digitally signed) for material from Alice, and Alice
claims she never sent one. How does Bob prove the order came from Alice? Explain
how the parties would enact this cryptographically and the basis for each step.
Answer
When researching digital signatures, I discovered that they provide non-repudation.
Assume Alice signs the message with her private key and sends it to Bob; Bob may use
Alice's public key to validate the signature, so Alice cannot deny delivering the message.
This only establishes Alice as the message's sender.

Assume Alice sends Bob a contract. To prevent legal issues, we would like this contract
communication to have the property of non-repudiation. Bob should be certain that Alice
will not be able to back out of the agreement by saying she never submitted the contract.
Similarly, we seek the quality of honesty. Alice should be certain that Bob will not be
able to change the contract and claim that the amended version is what she delivered him.
These assurances are provided by a handy technology known as a digital signature. Alice
simply generates a hash of the contract agreement, encrypts it with her private key, and
sends the result (the electronic signature) to Bob along with the contract.
Anyone may take the contract, hash it, and compare the result to what you receive when
you decrypt the electronic signature using Alice's public key. If it matches, the contract
must be precisely the same as what Alice sent, because: Alice must've sent it, since only
Alice can encrypt something that decrypts properly with Alice's public key.The contract
could not have been amended since the hash value would have changed.

2. You are a project manager on a project involving development of software to transfer large
quantities of secret material between parties in a secure fashion. Outline and describe the major
cryptographic elements you expect to see addressed.
Name: Malik Omer UH ID: 2116701