2015-16

B-Tech
Semester - VI

Malaviya National Institute of Technology Jaipur

Department of Computer Science and Engineering
CST-308 : Computer and Networks Security

END EXAM

Name:

03/05/2016 (01:30-03:30 PM)

ID:

Problem 1: Answer each of the following. Two line sentences or three will suffice..
1 (2 marks) Completeness effect (CE)? How DES is secure against CE?

2 (3 Marks) OAEP

3 (3 Marks) Unconcealed attack

4 (3 Mark) Comparison between the modes in IP-SEC

5 (3 Mark) Integer overflow with example.

End-1

6 (3 Mark) In SSL, How many groups of encryption/decryption algorithms are classified?

What are they?.

7 (3 Mark) How many ways are there the program jump to the attacker code. Give one
statement on each.

Problem 2: Answer all of the following questions.(Your answers must be in a sequence

manner[ from 8 to 15]).
8 (10 Marks) Prove that RSA is a collection of strong one way trapdoor permutations,
Under the strong RSA assumption.
9 (10 Marks) Show that DESK ( M ) = DESK ( M ).
10 (10 Marks) Assume all preconditions are met whenever the following function is called.
You may also assume that the following code is executed on a 32-bit machine.
/* Copy every stepth character from src to dst */
/* Requires: src,dst are valid non-NULL pointers,
n <= sizeof(src), n <= sizeof(dst) */
void vulncopy(char* dst, char* src, int n, int step) {
for (int i = 0; i < n; i += step) {
dst[i] = src[i];
}
}
(a) This code has a memory-safety vulnerability. Describe it
(b) What parameters could an attacker provide to vulncopy() to trigger a memory- safety
violation? (Your input must comply with the preconditions for vulncopy().)
(c) If the vulnerable code was compiled using a compiler that inserts stack canaries,
would that prevent exploitation of this vulnerability? Answer yes or no and justify
your answer.

End-2

11 (10 Marks) Suppose you know that a particular web site uses a backend database to implement authentication. Given a login page with username and password fields, what
would you type into these fields to try to perform SQL injection to bypass proper authentication? Explain why your approach would work.
12 Describe two different protocols that three parties (e.g. Alice, Bob, Charlie) can use to
conduct authenticated, secure communication among them.
a [4 Marks] For one protocol describe how it can be done using SSL/TLS without
modification. How many keys will each party need? How many keys in total will
the protocol use? Count only MAC and symmetric encryption keys in both cases
and explain how you got your answer.
b [6 Marks] For the other protocol describe a handshake phase similar to that of
SSL/TLS with the appropriate modification. How many keys per party and in total
are needed in this case?
13 (10 Marks) State the following potential attacks and countermeasures, whether the countermeasure is ineffective, somewhat effective, or very effective, and justify your answer:
(a) Stolen cookies and session hijacking with respect to HTTPS.
(b) In XSS, reflected XSS with same-origin policy
(c) SQL injection : escaping user-supplied data when generating HTML
(d) Stored XSS : escaping user-supplied data when generating HTML
14 (10 Marks) Please answer the following questions based on SHA-512.
(a) How many pages occupied by a message of 2128 bits?
(b) What is the number of padding bits if the length of the original message is 2590
bits?
(c) Do we need padding it the length of the original message is already a multiple of
1024 bits?
(d) What is the minimum and maximum message number of padding bits that can be
added to a message?
15 (10 Marks) Consider an El-Gamal scheme with a common prime q = 71 and a primitive
root = 7.
(a) If B has public key YB =3 and A chose the random integer k = 7, what is the cipher
text of M = 30 ?
(b) If A now chooses a different value of k, so that the encoding of M = =30 is C= (59,C2 ),
what is the integer C2 .
Take up one idea. Make that one idea your life think of it, dream of it, live on that idea. Let the brain,
muscles, nerves, every part of your body, be full of that idea, and just leave every other idea alone. This
is the way to success - Swami Vivekananda
End-3