UNIT-I

a) What is cryptography?
Cryptography is the science of
securing information by converting it
into a secure format so unauthorized
users cannot access it.

b) What is Steganography?
Steganography is the technique of
hiding secret data within an ordinary,
non-secret file or message to avoid
detection.

c) Write five security mechanisms.

1. Encryption
2.Digital Signature
3. Authentication Protocols
4. Access Control
5. Firewall
d) What is the difference between
Block and Stream cipher?
Block cipher encrypts data in fixed-
size blocks, whereas stream cipher
encrypts data one bit or byte at a time.
e) Differentiate between Active
attacks and Passive Attacks.
Active attacks alter the data or disrupt
communication; passive attacks only
monitor or eavesdrop without altering
data.
f) What is traffic padding?
Traffic padding is a technique used to
disguise the amount of data being
sent by adding extra, meaningless
data.
g) Illustrate the two basic functions
used in encryption algorithms.
1. Substitution: Replacing elements
with other elements.
2. Permutation (Transposition):
Rearranging elements in a sequence.
h) What is triple DES?
Triple DES (3DES) is an encryption
algorithm that applies the DES cipher
three times to each data block.
i) What is cryptanalysis?
Cryptanalysis is the study of analyzing
and breaking cryptographic systems
to gain unauthorized access.
j) Explain Substitution and
Transposition techniques.
• Substitution: Each element is
replaced with another.
• Transposition: The order of
elements is changed, but the elements
themselves remain the same.

UNIT-II

a) Differentiate between public key

and private key.
Public key is shared openly; private
key is kept secret. Public key
encrypts; private key decrypts (in
typical usage).

b) Differentiate public key and

conventional encryption.
Conventional encryption uses a single
shared key; public key encryption uses
a key pair (public and private).

c) What is Group?
A group is a set with an operation that
satisfies closure, associativity, identity,
and inverse properties.

d) What is field?
A field is a set with two operations
(addition and multiplication) satisfying
group properties and distributivity.

e) Define primitive root.

A primitive root of a prime number p is
a number g such that every number
modulo p is a power of g.

f) What are relative prime numbers?

Two numbers are relatively prime if
their greatest common divisor (GCD)
is 1.

g) Explain finite field of the form

GF(p).
GF(p) is a finite field with p elements,
where p is a prime number.

h) What is the full form of RSA in RSA

algorithm?
Rivest–Shamir–Adleman.

i) What is Data Integrity?

Data Integrity ensures that data has
not been altered or tampered with
during transmission or storage.

j) Name the principle elements of a

public key crypto system?
1. Plaintext
2. Encryption Algorithm
3.Public Key4. Private Key
5. Ciphertext
6. Decryption Algorithm

UNIT-III

a) What you meant by MAC?

MAC (Message Authentication Code)
is a short piece of information used to
authenticate a message.

b) What are the requirements for

message authentication?
• Message source
authentication
• Data integrity
• Protection against
replay attacks
c) Define the classes of
message authentication
function.
1. Hash
functions
2. MACs
3. Digital
signatures

d) What types of
attacks are
addressed by
message
authentication?
• Forgery
• Replay attacks
• Message
modification

e) Define one way

property in hash
function?
It’s easy to compute the
hash from the input, but
infeasible to generate the
original input from the
hash.

f) What is digital
signature?
A digital signature is a
 cryptographic technique
to validate the
authenticity and integrity
of a message or
document.

g) What are the two

approaches of digital
signature?
1. Direct
signature
2. Arbitrated
signature

h) What are the

security services
provided by digital
signature?
• Authentication
• Integrity
• Non-repudiation

i) What are the

requirements of hash
function?
• Pre-image
resistance
• Second pre-image
resistance
• Collision
resistance

j) Differentiate MAC and

hash function.
MAC uses a secret key
with the hash; a hash
function is keyless and
used mainly for integrity
checking.

⸻
UNIT-IV

a) Define term Key Management.

Key management refers to the
processes of handling cryptographic
keys, including generation, exchange,
storage, and destruction.

b) What is Symmetric key

distribution?
It’s the process of securely
distributing a shared secret key
between two parties for symmetric
encryption.

c) What is the purpose of Diffie

Hellman key exchange?
To allow two parties to securely
generate a shared secret over an
insecure channel.

d) What is PGP.
PGP (Pretty Good Privacy) is a data
encryption and decryption program for
secure communication.

e) What are the services provided by

PGP?
• Confidentiality
• Authentication
• Compression
• Email compatibility
• Segmentation

f) Why does PGP

generate a signature
before Apply
compression?
So that the signature
remains valid after
 decompression.

g) Why email
compatibility function in
PGP needed?
To ensure that binary data
can be sent over text-
based email systems.

h) Define S/MIME.
S/MIME (Secure/
Multipurpose Internet
Mail Extensions) is a
standard for public key
encryption and signing of
MIME data.

i) What are the elements

of S/ MIME?
• Enveloped data
• Signed data
• Clear-signed data
• Certification data

j) Define Kerberos.
Kerberos is a network
authentication protocol
that uses secret-key
cryptography to
authenticate clients and
servers.

UNIT-V

a) What are the protocols used to

provide IP security?
• AH (Authentication
Header)
• ESP
(Encapsulating Security
Payload)

b) Give the applications

of IP Security.
• Secure
communication over
VPNs
• Remote access
security
• Secure email
• Protection of
sensitive data over IP
networks

c) What is tunnel mode

in IP security?
Tunnel mode encrypts the
entire original IP packet
and adds a new header
for secure transmission.

d) What services are

provided by IPSec?
• Confidentiality
• Integrity
• Authentication
• Anti-replay
protection

e) What do you mean by

SET?
SET (Secure Electronic
Transaction) is a protocol
for securing credit card
transactions over the
Internet.

f) What are the features

of SET?
• Confidentiality
 • Integrity
• Authentication
• Interoperability

g) What are the steps

involved in SET
Transactions?
• Cardholder
registration
• Merchant
registration
• Purchase request
• Payment
authorization
• Payment capture

h) What is the purpose

of SSL alert protocol?
To convey SSL-related
alerts to the peer, such as
error notifications or
session termination.

i) Explain different types

of Viruses.
• File infector
• Boot sector virus
• Macro virus
• Polymorphic virus
• Metamorphic virus

j) Discuss Intrusion
Detection.
Intrusion Detection is the
process of monitoring
systems or networks for
signs of malicious activity
or policy violations.
Short question

UNIT-I

a) Explain public key cryptosystem

with a diagram.
A public key cryptosystem uses two
keys: public (shared) and private
(secret). The sender encrypts the
message using the receiver’s public
key, and the receiver decrypts it using
their private key.

Diagram:

Plaintext → [Encryption using Public

Key] → Ciphertext → [Decryption
using Private Key] → Plaintext
b) Explain the different security
mechanisms and security services.
Security Mechanisms:
• Encipherment
• Digital Signature
• Access Control
• Authentication
Exchange
• Traffic Padding

Security Services:
• Confidentiality
• Integrity
• Authentication
• Non-repudiation
• Access Control

c) Explain confusion and diffusion

properties of modern block cipher.
• Confusion: Makes
 the relationship between
the ciphertext and the key
as complex as possible.
• Diffusion: Spreads
out the influence of a
single plaintext bit over
many ciphertext bits.

d) Discuss Symmetric and

Asymmetric Key cryptography.
• Symmetric: Same
key for encryption and
decryption. Faster but
less secure.
• Asymmetric: Uses
key pairs (public and
private). More secure but
slower.

e) Discuss the process of encryption

in Caesar cipher of substitution
technique.
In Caesar cipher, each letter in
plaintext is shifted by a fixed number
(say 3) in the alphabet.
Example: HELLO → KHOOR (Shift of
+3)

f) Explain single Round of DES

algorithm.
A single round of DES includes:
1. Expansion (32 bits
→ 48 bits)
2. Key mixing (XOR
with round key)
 3. Substitution (using
S-boxes)
4. Permutation
The output is XORed with
the left half and swapped.

g) Describe the key discarding

process of DES.
DES uses a 64-bit key but discards 8
parity bits (one from each byte),
resulting in a 56-bit effective key.

h) Explain Triple DES and its

applications.
Triple DES (3DES) encrypts data three
times with DES:
Encrypt → Decrypt → Encrypt (with
different keys).
Applications: Secure email, SSL/TLS,
ATM PIN encryption.

i) Describe the strength of DES

algorithm.
DES is strong in design structure but
weak due to small key size (56 bits),
making it vulnerable to brute-force
attacks.

j) Discuss the process of encryption

in Playfair cipher of substitution
technique with an example.
• Create 5x5 matrix
with keyword (e.g.,
 MONARCHY)
• Divide plaintext
into digraphs
• Apply rules based
on matrix positions
Example: “HELLO” → HE LL OX →
Encoded using Playfair rules.

UNIT-II

a) Explain Group and Field with

properties.
• Group: A set G
with an operation .
satisfying closure,
associativity, identity, and
invertibility.
• Field: A set with
two operations (addition
& multiplication) where:
• (F, +) is an
abelian group
• (F{0}, *) is an
abelian group
• Multiplication
is distributive over
addition

b) Explain in detail, the key

generation in AES algorithm and its
expansion format.
AES key expansion involves generating
multiple round keys from the original
key using:
• SubWord: Byte
substitution using S-box
• RotWord: Byte
rotation
• Rcon: Round
 constants
For AES-128: 10 rounds →
11 round keys generated
(each 128 bits)

c) Write the steps of Extended

Euclidean’s Algorithm.
Used to find GCD and multiplicative
inverse:
1. Apply Euclidean
algorithm
2. Work backward
using the equation:
gcd = ax + by
3. Solve for
coefficients x and y

d) Find the GCD of a = 1970 and b =

1066.
Using Euclidean Algorithm:
1970 mod 1066 = 904
1066 mod 904 = 162
904 mod 162 = 134
162 mod 134 = 28
134 mod 28 = 22
28 mod 22 = 6
22 mod 6 = 4
6 mod 4 = 2
4 mod 2 = 0
GCD = 2

e) Discuss the process of AES

encryption & decryption techniques.
AES Steps:
• Initial Round:
 AddRoundKey
• Rounds: SubBytes
→ ShiftRows →
MixColumns →
AddRoundKey
• Final Round (no
MixColumns)
Decryption reverses all
steps using inverse
functions.

f) Explain the steps of Chinese

Remainder Theorem.
For pairwise coprime integers n₁, n₂, …,
nₖ:
1. Compute N = n₁ ×
n₂ × … × nₖ
2. For each i: Nᵢ = N/
nᵢ
3. Find inverse of Nᵢ
mod nᵢ
4. Compute solution:
x = Ʃ(aᵢ × Nᵢ × inverse of
Nᵢ mod nᵢ) mod N

g) State and derive Fermat’s &

Euler’s theorem.
• Fermat’s: If p is
prime, and a not divisible
by p, then
a^(p-1) ≡ 1 mod p
• Euler’s: For a and
n coprime,
a^φ(n) ≡ 1 mod n
Where φ(n) is Euler’s totient function.

⸻
h) Explain RSA Algorithm. Also
discuss the security of RSA
algorithm.
Steps:
1. Choose primes p,
q
2. Compute n = p ×
q, φ(n) = (p-1)(q-1)
3. Choose e such
that 1 < e < φ(n) and
gcd(e, φ(n)) = 1
4. Compute d ≡ e⁻¹
mod φ(n)
Encryption: C = M^e mod
n
Decryption: M = C^d mod
n
Security: Based on difficulty of
factoring large integers

i) What are the primarily testing in

AES technique?
• Statistical tests
(randomness, avalanche
effect)
• Key sensitivity
• Differential and
linear cryptanalysis
resistance
• Throughput and
performance tests

j) Explain Key Distribution Center

(KDC).
KDC is a trusted third party in
symmetric encryption that facilitates
secure key exchange between users
by issuing session keys.

UNIT-III

a) Explain in detail message

authentication code and its
requirements.
A Message Authentication Code
(MAC) ensures data integrity and
authenticity by using a secret key.
MAC = MAC(K, M)
Requirements:
• Knowing the key is
required to generate/
verify MAC
• MAC should be
resistant to forgery
• Efficient to
compute and verify

b) Define hash algorithm.

A hash algorithm takes input of
arbitrary length and produces a fixed-
size output (hash value).
Example: SHA-256 produces a 256-bit
output.
Used in data integrity, digital
signatures, etc.

c) Write about the security of hash

functions and MACs.
Security depends on resistance to:
• Pre-image attack:
Hard to find M given H(M)
• Second pre-
image attack: Hard to
 find M2 ≠ M1 such that
H(M1) = H(M2)
• Collision: Hard to
find any two messages
M1, M2 with H(M1) =
H(M2)
MACs add security with a
secret key to resist
forgery.

d) Explain Birthday attacks in detail.

Birthday attacks exploit the probability
of collisions in hash functions.
For a hash of n bits, a collision can be
found in about 2^(n/2) operations.
Used to break weak hash functions
like MD5.

e) Describe digital signature

algorithm and show how signing and
verification is done using DSS.
DSS (Digital Signature Standard):
• Signing:
• Generate
random k
• Compute r =
(g^k mod p) mod q
• Compute s =
k⁻¹(H(m) + x·r) mod
q
• Verification:
• Compute w =
s⁻¹ mod q
• Compute u1 =
H(m)·w, u2 = r·w
mod q
• Verify: (g^u1 ·
 y^u2 mod p) mod q
=r

f) Explain Secure Hash Algorithm.

SHA (e.g., SHA-1, SHA-256):
• Processes input in
blocks
• Uses padding and
length appending
• Involves multiple
rounds of logical
functions and bitwise
operations
Used for digital
signatures and integrity
checks.

g) Explain the classification of

Authentication function in detail.
Types:
1. MAC-based: Uses
secret key (e.g., HMAC)
2. Hash-based: One-
way hash functions
3. Digital Signature:
Uses public/private key
pairs
Each offers different
levels of security for
integrity/authentication.

h) Explain in detail ElGamal Public

Key Cryptosystem with an example.
ElGamal Steps:
1. Choose p, g,
 private key x
2. Public key y = g^x
mod p
3. Encrypt M using
random k: C1 = g^k mod
p, C2 = M·y^k mod p
4. Decrypt: M = C2 /
(C1^x mod p)

Example:
p=23, g=5, x=6 → y=8
Encrypt M=10 with k=7
C1 = 17, C2 = 13
M = C2 / C1^x mod p = 10

i) Examine Digital Signature with

ElGamal public key cryptosystem.
• Sign: Choose
random k, compute r =
g^k mod p
Compute s = k⁻¹(H(m) –
xr) mod (p-1)
• Verify: Check if
y^r·r^s ≡ g^H(m) mod p
Provides authenticity and
integrity.

j) Explain how Digital Signature is

created at the sender end and
retrieved at receiver end?
Sender:
• Hash the message
• Encrypt the hash
with private key →
Signature
• Send message +
signature
Receiver:
• Hash received
message
• Decrypt signature
using sender’s public key
• Compare both
hashes for verification

UNIT-IV

a) Why key management is important

in IP security?
Key management ensures secure
generation, distribution, and storage
of cryptographic keys. In IPsec, it is
essential for maintaining
confidentiality, integrity, and
authentication between parties.

b) What is the role of the public key

authority in key distribution system?
The Public Key Authority (PKA) verifies
and distributes public keys securely. It
ensures users receive authentic keys,
preventing impersonation or man-in-
the-middle attacks.

c) What do you mean by email

security?
Email security involves mechanisms to
protect email content and attachments
from unauthorized access, ensuring
confidentiality, integrity, authenticity,
and non-repudiation.

⸻
d) What is Diffie-Hellman Key
Exchange in key management?
Diffie-Hellman allows two parties to
securely share a secret key over an
insecure channel without prior key
exchange, using mathematical
computations based on discrete
logarithms.

e) Differentiate between Kerberos V4

and Kerberos V5.

Feature Ker- Ker-

beros beros
V4 V5
Encryp- Only
Sup-
tion DES
ports
multiple
algo-
rithms
Ticket Fixed Flexible
format
Ad- IPv4
dress- only
and
ing IPv6
Interop- Im-
Limited
erability proved
(across
plat-
forms)

f) Discuss X.509 Certificates in

detail. What is the role of X.509
Certificates in cryptography?
X.509 is a standard for public key
certificates. It includes:
• Subject, Issuer
• Public Key
• Serial Number
• Signature
Algorithm
• Validity Period
Role: Authenticates public keys in PKI,
enabling secure communication over
networks.

g) Find the secret key shared

between user A and user B using
Diffie-Hellman algorithm for: q = 23,
α = 5, X_A = 6, X_B = 15.
Step 1:
Y_A = 5^6 mod 23 = 8
Y_B = 5^15 mod 23 = 2
Step 2:
Shared key = Y_B^X_A mod 23 = 2^6
mod 23 = 64 mod 23 = 18

h) Explain X.509 certificate and its

elements?
X.509 Certificate Elements:
• Version
• Serial number
• Signature
algorithm
• Issuer
• Validity (from–to)
• Subject
• Subject public key
info
• Extensions
 (optional)
Used to bind identities
with public keys in PKI.

i) What are the two important

components of a Public Key
Infrastructure (PKI) used in network
security?
1. Certificate
Authority (CA): Issues
and signs certificates
2. Registration
Authority (RA): Verifies
users before issuing
certificates

j) Which certificates are used as the

base of the Public Key
Infrastructure?
X.509 Certificates form the
foundation of PKI by providing trusted,
verifiable public key identity bindings.

UNIT-V

a) Explain the authentication header

of IP security.
The Authentication Header (AH)
provides connectionless integrity, data
origin authentication, and optional
anti-replay protection. It authenticates
IP packet data but does not encrypt
it.
Key fields:
• Next Header
• Payload Length
• Security
 Parameters Index (SPI)
• Sequence Number
• Authentication
Data

b) Explain Internet Protocol Security

in detail.
IPSec is a suite of protocols providing
security at the IP layer.
• Operates in
Transport Mode and
Tunnel Mode
• Uses AH and ESP
(Encapsulating Security
Payload)
• Offers
Confidentiality, Integrity,
Authentication, Anti-
replay

c) Explain the Firewall design

principles.
Key design principles include:
• All traffic must
pass through the firewall
• Only authorized
traffic is allowed
• The firewall itself
is secure
Types include packet
filters, stateful inspection,
application-level
gateways, etc.

d) Explain about virus and related

threats in detail.
• Virus: Malicious
code that attaches to a
host file/program
• Worm: Self-
replicates and spreads
without a host
• Trojan Horse:
Disguised as legitimate
software
• Spyware: Collects
user data without consent
• Ransomware:
Encrypts files for ransom

e) Explain the handshake protocol in

SSL.
SSL Handshake Steps:
1. ClientHello: Offers
supported versions,
ciphers
2. ServerHello:
Chooses version, cipher,
sends certificate
3. Key Exchange:
Client verifies server,
generates session key
4. Finished: Secure
connection established
using session key

f) Illustrate the working of Secure

Electronic Transaction (SET) in
detail.
SET ensures secure credit card
transactions:
1. Customer and
 merchant exchange
certificates
2. Customer sends
dual signature (order info
+ payment info)
3. Payment gateway
processes payment
4. Merchant receives
order details, not card
info
SET uses encryption,
digital signatures, and
certificates.

g) Discuss on the significant types of

virus categories.
1. Boot Sector Virus:
Attacks boot sector (e.g.,
Michelangelo)
2. File Infector Virus:
Infects executable files
3. Macro Virus:
Targets documents (e.g.,
Word/Excel)
4. Polymorphic
Virus: Changes code to
avoid detection
5. Multipartite Virus:
Infects both boot and
files

h) Compare Packet Filter and

Application Level Gateways.

Feature Packet Appli-

Filter cation
Gate-
 way
Layer Net- Appli-
work cation
Perfor- High
Lower
mance (more
pro-
cessing
)
Proto- None
Full
col appli-
Aware- cation
ness aware-
ness
Securi- Basic
High
ty Level

i) What is Electronic mail security?

Provide the application of Pretty
Good Privacy (PGP) in transaction
authentication.
Email security protects message
content and attachments.
PGP offers:
• Confidentiality via
encryption
• Authentication via
digital signature
• Integrity via hash
functions
Used for secure email,
signing, and encrypting
data.

⸻
j) Explain Secure Electronic
Transaction (SET) protocol with their
components.
SET Components:
• Cardholder
• Merchant
• Payment Gateway
• Certificate
Authority
SET uses:
• Digital
Certificates
• Dual Signatures
• Public Key
Infrastructure (PKI)
to ensure secure credit
card transactions.

Long question
Unit 1

UNIT-I

a) Classical Transposition Encryption

Technique with Example
Transposition encryption rearranges
plaintext characters without altering
them. In a columnar transposition, the
message is written in rows under a
keyword. Columns are then reordered
based on the alphabetical order of the
keyword. For example, using the
keyword “ZEBRAS” and the message
“WE ARE DISCOVERED FLEE AT
ONCE,” the letters are written in rows
under the keyword. Columns are then
read in the order of the keyword
letters alphabetically to form the
ciphertext. This method hides
plaintext patterns by changing
character positions, enhancing
security.

b) Classical Encryption Techniques

and Substitution Cipher Categories
Classical encryption includes
substitution and transposition ciphers.
Substitution ciphers replace plaintext
elements with ciphertext elements.
Categories include:
1. Monoalphabetic
Cipher: Each plaintext
letter maps to a fixed
ciphertext letter.
2. Polyalphabetic
Cipher: Multiple cipher
alphabets are used, e.g.,
Vigenère cipher.
3. Homophonic
Cipher: Single plaintext
letters map to multiple
ciphertext symbols.
4. Polygraphic
Cipher: Encrypts groups
of letters, e.g., Playfair
cipher.
These methods vary in complexity and
resistance to frequency analysis.

c) Block Diagram and Functionality

of DES Algorithm
DES is a symmetric block cipher
encrypting 64-bit blocks using a 56-
bit key. The process includes:
1. Initial
Permutation: Reorders
bits.
2. 16 Rounds: Each
with expansion, key
mixing, substitution via S-
boxes, and permutation.
3. Final Permutation:
 Inverse of the initial
permutation.
Each round uses a unique 48-bit
subkey derived from the main key.
DES’s structure ensures confusion and
diffusion, making it resistant to simple
attacks.

d) Strength of DES and Explanation

of Triple DES
DES’s strengths include simplicity and
widespread adoption. However, its 56-
bit key is vulnerable to brute-force
attacks. Triple DES (3DES) enhances
security by applying DES encryption
three times: Encrypt-Decrypt-Encrypt
(EDE) with either two or three keys.
This increases the effective key length
to 112 or 168 bits, making it more
secure against brute-force attacks.
Despite improved security, 3DES is
slower and has been largely replaced
by AES in modern applications.

e) Shannon’s Theory of Confusion

and Diffusion in Information Security
Claude Shannon introduced confusion
and diffusion as principles for secure
ciphers.
• Confusion:
Obscures the relationship
between the ciphertext
and the key, making it
difficult to deduce the
key.
• Diffusion: Spreads
the influence of a single
plaintext bit over many
ciphertext bits, hiding
patterns.
Effective encryption algorithms
implement both to thwart statistical
and brute-force attacks, ensuring data
confidentiality.

f) Mono-alphabetic Cipher vs.

Caesar Cipher with Example
A mono-alphabetic cipher uses a fixed
substitution for each letter. The
Caesar cipher is a type of mono-
alphabetic cipher where each letter is
shifted by a fixed number. For
example, with a shift of 3, ‘A’ becomes
‘D’. While simple, the Caesar cipher
has only 25 possible keys, making it
easy to break. General mono-
alphabetic ciphers have 26! possible
keys, offering more security but still
vulnerable to frequency analysis.

g) Explanation of:
• Message
Integrity: Ensures data
has not been altered.
• Denial of Service
(DoS): Attack that
disrupts service
availability.
• Availability:
Ensures authorized users
have access to
information.
• Authentication:
Verifies the identity of
users or systems.

h) Differential Cryptanalysis and

Types of Cryptanalytic Attacks
Differential cryptanalysis studies how
differences in input affect output
differences, aiming to uncover the key.
Four types of cryptanalytic attacks
are:
1. Ciphertext-only
Attack: Only ciphertexts
are available.
2. Known-plaintext
Attack: Both plaintext
and corresponding
ciphertexts are known.
3. Chosen-plaintext
Attack: Attacker can
encrypt plaintexts of
choice.
4. Chosen-
ciphertext Attack:
Attacker can decrypt
chosen ciphertexts.
Understanding these attacks helps in
designing robust encryption systems.

i) Need for Various Modes of

Operation for Block Cipher with
Example
Block ciphers encrypt fixed-size
blocks, but messages vary in length.
Modes of operation define how to
handle this. For example, Cipher Block
Chaining (CBC) mode uses an
initialization vector (IV) and chains
blocks together, enhancing security.
Electronic Codebook (ECB) mode, by
contrast, encrypts each block
independently, which can reveal
patterns. Choosing the appropriate
mode ensures confidentiality and
integrity based on application needs.

j) Security Attacks and Services in

Network Security
Security attacks include:
• Passive Attacks:
Eavesdropping on
 communications.
• Active Attacks:
Altering or disrupting
communications.
Security services counter these
attacks:
• Confidentiality:
Protects data from
unauthorized access.
• Integrity: Ensures
data is unaltered.
• Authentication:
Verifies identities.
• Non-repudiation:
Prevents denial of
actions.
• Access Control:
Restricts access to
resources.
Implementing these services maintains
secure and reliable network
communications.

UNIT-II

a) RSA Algorithm with Encryption

and Decryption (P=3, q=11, c=7,
m=5)
RSA involves key generation,
encryption, and decryption:
1. Key Generation:
• n=p×q=3
× 11 = 33
• φ(n) = (p-1)
(q-1) = 2 × 10 = 20
• Choose e = 7
(1 < e < φ(n),
gcd(e, φ(n)) = 1)
• Compute d
 such that (d × e)
mod φ(n) = 1 d=
3
2. Encryption:
• Ciphertext c
= m^e mod n = 5^7
mod 33 = 14
3. Decryption:
• Plaintext m =
c^d mod n = 14^3
mod 33 = 5
Thus, the message 5 is encrypted to
14 and decrypted back to 5.

b) Prime and Relative Prime Numbers

in Cryptography with Example
In cryptography, prime numbers are
integers greater than 1 with no divisors
other than 1 and themselves. Relative
primes are pairs of numbers with no
common divisors other than 1. For
example, 8 and 15 are relative primes.
These concepts are crucial in
algorithms like RSA, where selecting
primes ensures the difficulty of
factoring large numbers, providing
security.

c) Chinese Remainder Theorem

(CRT) Statement and Proof
CRT states that for pairwise coprime
integers n₁, n₂,…, n_k and any integers
a₁, a₂,…, a_k, there exists an integer x
solving the system:
x ≡ a₁ mod n₁
x ≡ a₂ mod n₂
…
x ≡ a_k mod n_k
Moreover, this solution is unique
modulo N = n₁×n₂×…×n_k. The proof
constructs x using the formula:
x = Ʃ (a_i × M_i × y_i), where M_i = N/
n_i and y_i ≡ M_i⁻¹ mod n_i.

d) Advanced Encryption Standard

(AES) and Its Functioning
AES is a symmetric block cipher that
encrypts 128-bit blocks using 128,
192, or 256-bit keys. It replaces DES
and is highly secure.
AES operates on a 4×4 byte matrix
called the state. It includes several
rounds (10 for 128-bit keys) with the
following steps:
1. SubBytes: Byte
substitution using S-box.
2. ShiftRows: Row-
wise byte shifting.
3. MixColumns:
Column-wise mixing
using linear
transformation.
4. AddRoundKey:
XOR state with round key.
AES is efficient in both
hardware and software
and provides strong
confusion and diffusion
properties, making it
suitable for modern
encryption needs.

e) Discrete Logarithmic Problem

(DLP)
The discrete logarithm problem (DLP)
is: Given a prime p, a generator g, and
a value y = g^x mod p, find x.
This is computationally hard when p is
large.
Example: Let p=23, g=5, y=4. What is
x such that 5^x ≡ 4 mod 23?
Try values:
5^1 = 5,
5^2 = 2,
5^3 = 10,
5^4 = 4 x=4
DLP is the basis of cryptographic
algorithms like Diffie-Hellman and
ElGamal. Its difficulty ensures the
security of these public key schemes.

f) AES Encryption with Diagram

(Explanation)
AES encryption uses a 4×4 matrix of
bytes called the state and performs
several transformation rounds. Steps
include:
1. Initial
AddRoundKey – XOR
plaintext with key.
2. Rounds (9 times
for AES-128):
• SubBytes
(non-linear
substitution)
• ShiftRows
(row shifting)
• MixColumns
(column mixing)
• AddRoundKey
3. Final Round –
same as above but
without MixColumns.
AES key expansion
generates different round
keys. The process
provides security by
combining substitution,
permutation, and mixing.
 (A diagram typically
shows the state matrix
being transformed step-
by-step through these
rounds.)

g) Extended Euclidean Algorithm

with Example
The Extended Euclidean Algorithm
finds the GCD of two integers and also
expresses it as a linear combination:
Example: Find GCD(56, 15) and
coefficients x, y such that 56x + 15y =
gcd(56,15)
Steps:
56 = 3×15 + 11
15 = 1×11 + 4
11 = 2×4 + 3
4 = 1×3 + 1
3 = 3×1 + 0 gcd = 1
Back-substitute:
1 = 4 - 1×3
= 4 - 1×(11 - 2×4)
= 3×4 - 1×11
…
Eventually, 1 = 11×(-4) + 15×15
Used to compute modular inverses in
RSA.

h) Principles of Public Key

Cryptosystem
Public key cryptosystems rely on a key
pair: a public key for encryption and a
private key for decryption. Principles
include:
1. Infeasibility of
deriving private key from
 public key (e.g., factoring
large primes in RSA).
2. Asymmetric
encryption: one key
encrypts, the other
decrypts.
3. Secure key
distribution: public key is
openly shared; private
key is kept secret.
4. Digital signatures:
sender signs with private
key, receiver verifies with
public key.
These principles ensure
confidentiality, integrity,
and authenticity in
communication.

i) Discrete Logarithm Problem &

Algorithm Based on It
The Discrete Logarithm Problem (DLP)
underpins cryptographic security:
Given y = g^x mod p, finding x is hard.
This difficulty is used in the Diffie-
Hellman Key Exchange and ElGamal
encryption.
These systems rely on the infeasibility
of solving the DLP to prevent
unauthorized decryption or key
recovery.
Diffie-Hellman enables secure key
exchange over public channels, while
ElGamal provides encryption and
digital signatures.

j) Three Main Applications of Public

Key Cryptosystems
1. Confidentiality
(Encryption): A sender
encrypts data using the
receiver’s public key; only
the receiver can decrypt
with their private key.
2. Authentication:
Sender signs data with
their private key; receiver
verifies using sender’s
public key.
3. Key Exchange: Securely
exchanging symmetric keys using
public key mechanisms like Diffie-
Hellman.
These applications make public key
cryptography essential in secure
communications, digital signatures,
and SSL/TLS protocols.

Unit-III

a) Secure Hash Algorithm (SHA) to

Generate Message Digest
The Secure Hash Algorithm (SHA)
generates a fixed-size message digest
from variable-length input. SHA-1, for
instance, produces a 160-bit hash.
The process includes:
1. Preprocessing –
padding the message and
appending its length.
2. Initialization –
setting up initial hash
values.
3. Processing –
dividing the message into
512-bit blocks.
Each block goes through
multiple rounds of bitwise
 operations, logical
functions, and modular
additions to update the
hash values.
Final output is the
message digest. SHA
ensures data integrity by
detecting even small
changes. Modern
versions like SHA-256
and SHA-3 are used in
authentication and digital
signatures.

b) Role of Compression Function in

Hash Function
A compression function reduces large
data input into a fixed-size output. In
cryptographic hash functions, it
processes blocks of data iteratively,
combining them with previous outputs
to ensure uniqueness.
For example, in SHA, the message is
divided into blocks, and each block is
processed with a compression
function to update the hash value.
It ensures collision resistance (no two
inputs give same hash), and
avalanche effect (small change in
input alters output significantly).
Compression functions are crucial to
maintaining the efficiency, speed, and
cryptographic strength of hashing,
ensuring data integrity in applications
like digital signatures and MACs.

c) Message Authentication Codes

(MACs) and Authentication
Requirements
A Message Authentication Code
(MAC) ensures data integrity and
authenticity using a shared secret key.
It is generated by applying a hash or
block cipher to the message and the
key.
The receiver verifies the MAC by
recalculating it using the shared key
and comparing with the received MAC.
Authentication requirements include:
1. Data origin
authentication –
confirms sender identity.
2. Message integrity
– verifies the message
was not altered.
MACs ×re faster than
digital signatures and
used in secure data
transfer protocols like
IPSec and SSL/TLS.

d) Digital Signature Algorithm with

Key Generation and Verification
The Digital Signature Algorithm (DSA)
ensures message authenticity and
integrity.
Key Generation:
1. Choose primes p
and q, and generator g.
2. Select private key
x < q.
3. Compute public
key y = g^x mod p×
Signing:
4. Choose random k.
5. Compute r = (g^k
 mod p) mod q.
6. Compute s =
(k⁻¹(H(m) + x·r)) mod q.
Verification:
7. Compute w = s⁻¹
mod q.
8. Compute u1 =
H(m)·w, u2 = r·w.
9. Verify r ≡ (g^u1 ·
y^u2 mod p) mod q.
If true, signature is valid.
DSA provides strong
authentication.

e) Hash Functions and Working of

SHA in Authentication
Hash functions map data of any size to
a fixed-size hash. They are
deterministic and designed to be
collision-resistant and irreversible.
In authentication, SHA (e.g., SHA-256)
generates a digest of the message,
which is signed or combined with a
key (as in HMAC).
SHA works in steps:
1. Preprocessing
(padding and parsing),
2. Initialization with
fixed constants,
3. Iterative
processing of 512-bit
blocks through logical
operations, rotations, and
modular additions.
The result is a unique
digest used fo× verifying
data integrity and
authenticity, especial-y in
digital signatures and
 MACs.

f) Digital Signatures and ElGamal

Digital Signature Technique
Digital signatures verify the sender’s
identity and ensure message integrity.
The ElGamal digital signature works
as follows:
1. Key Generation:
Choose a prime p,
generator g, private key x,
and compute public key y
= g^x mod p×
2. Signature
Generation: Choose
random k (gcd(k, p-1)=1),
compute r = g^k mod p,
and s = (H(m) – x·r)·k⁻¹
mod (p–1).
3. Verification: Verify
y^r·r^s ≡ g^H(m) mod p.
If true, the signature is
valid. ElGamal relies on
the hardness of the
discrete log problem,
ensuring security.

g) Direct and Arbitrated Digital

Signatures
A Direct Digital Signature involves
only the sender and receiver. The
sender encrypts the hash of the
message using their private key, and
the receiver verifies it using the
sender’s public key. It’s fast but lacks
dispute resolution.
An Arbitrated Digital Signature
involves a trusted third party (arbiter)
who validates the signature and
message. The arbiter helps resolve
disputes and confirms authenticity.
While direct signatures are efficient,
arbitrated signatures provide better
non-repudiation and security in
sensitive environments where trust
needs to be enforced.

h) Steps in Message Digest

Generation in SHA
SHA message digest generation
involves:
1. Padding the
message so its length ≡
448 mod 512, and
appending the 64-bit
length.
2. Parsing the
padded message into
512-bit blocks.
3. Initialize hash
values (for SHA-1, five
32-bit registers).
4. Process each
block using a
compression function
with 80 rounds of
operations including
logical functions, modular
additions, and rotations.
5. Update hash
values after each block.
6. Final digest is the
concatenation of final
hash values.
This digest uniquely
represents the original
 message, ensuring data
integrity.

i) Digital Signature Scheme (DSS)

and Digital Signature Algorithm
(DSA)
Digital Signature Scheme (DSS) is a
standard by NIST for authenticating
digital documents. It ensures integrity,
authenticity, and non-repudiation.
DSS uses the Digital Signature
Algorithm (DSA) for signing and
verifying messages.
DSA involves:
• Key generation:
Private key x, public key y
= g^x mod p
• Signature
generation: (r, s) using
random k and hash of the
message
• Verification: Using
public key, check if
computed value matches
r
DSS ensures secure
digital communication
and is widely used in
government and legal
sectors.

j) Purpose, Properties, and

Requirements of Digital Signatures
Purpose: Digital signatures
authenticate the sender, ensure data
integrity, and prevent repudiation.
Properties:
 1. Authenticity –
proves sender identity.
2. Integrity –
ensures message is
unchanged.
3. Non-repudiation –
sender cannot deny
sending the message.
Requirements:

• Unique to the sender

• Infeasible to forge
• Efficient to compute and
verify
Digital signatures are vital in secure
communications, legal documents,
and software verification.