CSS

1. Introduction: attacks, services, mechanisms, security attacks, security services, a model for internetwork
security, encryption model, steganography, classical encryption techniques, modern techniques - simplified
DES, block cipher principles, data encryption standard, strength of DES.

1. What are the key differences between security attacks, services, and mechanisms?

2. Explain the various types of security attacks. How do passive and active attacks differ?

3. What are the main security services, and how do they help in ensuring data integrity and confidentiality?

4. Describe the components of a model for internetwork security. What role do security policies play in this
model?

5. What is the encryption model in cryptography, and how does it ensure secure communication between sender
and receiver?

6. How does steganography differ from encryption, and what are its typical use cases?

7. What are the classical encryption techniques, and why are they considered insufficient in modern-day
security?

8. Explain the simplified Data Encryption Standard (DES). What are the main steps involved in this encryption
method?

9. What are block cipher principles, and how do they contribute to secure data transmission?

10. What factors contribute to the strength of the Data Encryption Standard (DES), and why has it been replaced
by newer encryption methods like AES?

2. Confidentiality using conventional encryption: placement of encryption function, traffic confidentiality, key
distribution. Public key cryptography: principles, RSA algorithm, key management, Diffie-Hellman key
exchange, elliptic curve cryptography, Chinese remainder theorem.

1. What is confidentiality in the context of conventional encryption, and how does encryption ensure data
privacy?
2. Explain the placement of the encryption function in a communication system. How does it impact the security
of transmitted data?
3. What is traffic confidentiality, and how can encryption be used to protect against traffic analysis attacks?
4. Describe the key distribution problem in conventional encryption. What are some common methods for
secure key distribution?
5. What are the fundamental principles of public key cryptography, and how does it differ from conventional
encryption?
6. Explain the RSA algorithm. How are public and private keys generated in RSA, and what is the role of modular
arithmetic in the process?
7. What are the challenges of key management in public key cryptography, and how can they be addressed?
8. How does the Diffie-Hellman key exchange protocol work, and what is its significance in secure
communication?
9. What are the advantages of elliptic curve cryptography (ECC) compared to traditional public key algorithms
like RSA?
10. What is the Chinese Remainder Theorem, and how is it applied in cryptographic systems, particularly RSA?
3. Message Authentication & hash functions: Authentication requirements, functions, codes,
hash functions, security of hash function & MACs. Hash & Mac algorithms: MD5 message-
digest algorithm, authentication protocols, digital signature standard.

1. What are the key requirements for message authentication, and why is it essential for data
integrity and security?
2. Explain the different types of authentication functions. How do they ensure the authenticity
of a message?
3. What are message authentication codes (MACs), and how do they differ from hash functions
in terms of security?
4. Describe the characteristics of a secure hash function. What properties should a hash
function possess to be considered secure?
5. What are the main vulnerabilities associated with hash functions, and how can these
vulnerabilities affect message authentication?
6. Explain the MD5 message-digest algorithm. What are its strengths and weaknesses in terms
of security?
7. What role do authentication protocols play in ensuring secure communications, and how do
they utilize hash functions and MACs?
8. Describe the Digital Signature Standard (DSS). How does it use hash functions to create a
secure digital signature?
9. What are the differences between cryptographic hash functions and non-cryptographic hash
functions, and in what contexts are each used?
10. How can collision resistance in hash functions impact message authentication, and what are
some examples of known attacks on hash functions like MD5?

4. Cryptanalysis, Generic attacks, Linear cryptanalysis, Differential cryptanalysis, Integral

cryptanalysis on reduced AES. IoT Security, Computer Security testing:Cryptanalysis,
Generic attacks, Linear cryptanalysis, Differential cryptanalysis, Integral cryptanalysis on
reduced AES. IoT Security, Computer Security testing:

1. What is cryptanalysis, and what are its primary goals in the context of cryptographic
systems?
2. Describe generic attacks in cryptanalysis. What strategies are commonly employed in these
types of attacks?
3. What is linear cryptanalysis, and how does it differ from other forms of cryptanalysis?
Provide an example of its application.
4. Explain differential cryptanalysis. How does it exploit the differences in input pairs to derive
information about the secret key?
5. What is integral cryptanalysis, and how can it be applied to reduce the complexity of attacks
on block ciphers like AES?
6. What unique security challenges does the Internet of Things (IoT) face, and what strategies
can be employed to mitigate these risks?
7. What is penetration testing, and what are its key phases? How does it help organizations
identify vulnerabilities?
8. Describe some popular security penetration testing tools like Netsparker and Wireshark.
What specific functionalities do they offer for security testing?
9. In the context of secure inter-branch payment transactions, what cryptographic techniques
can be used to ensure the confidentiality and integrity of financial data?
10. Discuss the implications of cross-site scripting (XSS) vulnerabilities in web applications. How
can developers mitigate these risks? Provide an example of how XSS can be exploited.

5. Web security: Requirements, secure electronic transaction, networks management

security. System Security: Intruders, viruses and worms, Firewalls: design principles, trusted
systems. Privacy rules: Access, data backup, test security systems and processes.
Mobile/Cloud security issues and challenges in futuristic web security application.

1) What are the key requirements for web security, and why are they essential for protecting
user data and transactions?
2) Explain the concept of secure electronic transactions (SET). What measures are taken to
ensure the security and integrity of online transactions?
3) What is network management security, and what role does it play in maintaining the overall
security posture of an organization?
4) Describe the different types of intruders that can compromise system security. What methods
do they commonly use to gain unauthorized access?
5) What are the differences between viruses and worms, and how do each of these malware
types propagate and affect systems?
6) Discuss the design principles of firewalls. How do these principles contribute to effective
network security?
7) What are trusted systems, and how do they differ from traditional security measures? What
are their key components?
8) Explain the importance of privacy rules in the context of data access and user privacy. What
are some common privacy regulations organizations must follow?
9) What strategies can be implemented for effective data backup, and how do they contribute to
overall system security?
10) What are the current issues and challenges in mobile and cloud security, and how do these
challenges impact the development of futuristic web security applications?