MU Information Technology (Semester 6)
System & Web Security
December 2013
Total marks: --
Total time: --
INSTRUCTIONS
(1) Assume appropriate data and state your reasons
(2) Marks are given to the right of every question
(3) Draw neat diagrams wherever necessary


1 (a) Explain substitution cipher and transposition cipher.
5 M
1 (b) Does a Public Key Infrastructure use symmetric or asymmetric encryption? Explain your answer
5 M
1 (c) What are the system security goals? Explain why a balance between the various goals is needed?
5 M
1 (d) What are the different types of malicious codes
5 M

2 (a) (2) Use the Playfair Cipher to encipher the message, ? Attack Cancelled on Monday . Wait for next message?. The Secret key can be made by filling the first and part of the second row by ?MORNING?. Filling of rest of the matrix can be done with remaining alphabets. Consider Alphabets ?Y? and ?Z? in one cell of the matrix.
10 M
2 (b) Write a note on Kerberos Systems that support authentication in distributed systems.
10 M
2(a)(1) Explain Advanced Encryption Standard Algorithm in detail.
10 M

3(a) Explain control of access to general objects in operating systems.
10 M
3(b) Explain Non-malicious program errors with examples
10 M

4 (a) If generator g=2 and n or P =11, using Diffie-Hellman algorithm solve the following
1) Show that 2 is a primitive root of 11.
2) If A has a public key =9 , what is A?s private key?
3) If B has a public key =3 what is B?s private key?
4) Calculate the shared secret key.
10 M
4 (b) Explain different Denial of Service attacks.
10 M

5 (a) List explain and compare different kinds of firewalls used for network security.
10 M
5 (b) Explain multiple levels security model. Also explain multilateral security.
10 M

Write a detailed note on (Any 2)
6 (a) E-mail Security
10 M
6 (b) RSA Algorithm
10 M
6 (c) SSL Protocol
10 M
6 (d) Covert Channel
10 M

7 (b) Explain packet sniffing and packet spoofing. Explain the session hijacking attack.
10 M
7(a) Explain the process of digital certificate generation and the process of evaluation of authenticity of a digital certificate.
10 M



More question papers from System & Web Security
SPONSORED ADVERTISEMENTS