K. J.

Somaiya College of Engineering, Mumbai-77

(Autonomous College Affiliated to University of Mumbai)

End Semester Exam

MAY-JUNE 2021
Max. Marks: 50
Duration: 1 Hr. 45 Min. Class: TY B.Tech
Semester: VI
Name of the Course: Cryptography and System Security Branch:COMP.
Course Code: 2UCC602
Instructions:
(1) All questions are compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

Question Questions Max

No. Marks
Q1 (A) Objective / MCQ type 10

1) _______ is a standard defining the format of public key certificates.

2) A secure N bit symmetric key algorithm requires _______ work to

“break” while secure N bit hash algorithm requires _______ work to
“break” using brute-force attack.
a) 2N+1, 2N/2 c) 2N-1, 2N/2
b) 2N/2, 2N+1 d) 2N/2 , 2N-1

3) In PGP operation the session key is encrypted using ________ public key
algorithm.

4) Identify the odd one from the following

a) Buffer overflow c) Malware
b) Format string attack d) Race condition

5) Match the following

1) Virus A) exhaust system resources

2) Worm B) unexpected functionality
3) Trojan C) active propagation
4) Rabbit D) passive propagation
6) Select the appropriate option

Virus pseudocode

infect( );
if ________( )
then _______( );

a) trigger( ), payload( ) c) trigger( ), infect( )

b) payload( ), trigger ( ) d) payload( ), infect( )
 7) Arrange the following layers in proper order ___________

1 TLS / SSL
2 APPLICATION
3 IP
4 TCP

8) IPSec operates in one of two different modes: __________ or ________

9) Give the full form of OWASP

10) Kerberos protocol uses ______ number of servers

a) 1 c) 3
b) 2 d) 4

Q1 (B) Attempt any FIVE questions out of the following (attempt any 5 out of 7) 10

1) Name different types of cryptanalysis attacks.

2) What is Kerckhoff’s Principle? What is its relevance to Cryptography?
3) Discuss the use of Zero knowledge protocols.
4) What is principle of least privilege? Illustrate with an example.
5) What is sniffing, spoofing and phishing?
6) List different security services which can be implemented using public
key cryptography.
7) What are DOS and DDOS attacks? List some of its preventive measures.

Q. 2 Discuss any digital signature mechanism for achieving authentication, 10

signing, integrity and non-repudiation services.
OR
Discuss working of Rabin Cryptosystem. Discuss what security services can
be implemented using it.

Q. 3 What are secure software development principles? Discuss applications of 10

these principles against the non-malicious programme flaws.

Q. 4 Discuss security issues at transport layer and various mechanisms for 10

solutions of security related issues.
OR
Discuss security issues at Network layer and various mechanisms for
solutions of security related issues.
 K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)
Semester: January – May 2021
In-Semester Examination

Class: TY B. Tech
Branch: Comp. Engg. Semester : VI
Full name of the course: Cryptography and System Security Course Code: 2UCC602
Duration: 1hr.15 min (attempting questions) +15 min (uploading) Max. Marks: 30

Q. Questions Marks
No
Q1 1.1 A security ___________ makes use of one or more security
___________

a. Service, Mechanisms
b.Goal, mechanisms
c. Mechanism, services
d.Mechanism, goals

1.2 A student steals test question paper from a professor’s office. It is

an attack on which of the following
a. Confidentiality
b. Integrity
c. Availability
d. Authentication

1.3 An attacker modifies the transaction amount in banking system. It

is an attack on which of the following 10 marks
a. Confidentiality (1 MARK
b. Integrity EACH)
c. Availability
d. Authentication

1.4 State whether the following is true or false

Masquerade is a passive threat.

1.5 Confusion is hiding the relationship between _______ and

_________

1.6 Diffusion is hiding the relationship between ______ and ________

1.7 In DES algorithm the block size = ____ and key size = _____
 1.8 In AES algorithm the block size = _____ and key size = ______
(all variants)

1.9 In DES algorithm, what is the probability of randomly selecting a

weak, a semi-weak, or a possible weak key?

1.10 Name the modes of operation of block ciphers which allow a

block cipher to be used as stream cipher

Q2 Discuss various methods of defense giving at least one example for 10 marks
each method.

OR

A) Discuss DES algorithm analysis with respect to its strengths and 5 marks
weaknesses.

B) You have video file with size 100 MB, Illustrate how will you send
it securely using DES algorithm. 5 marks

Q3 A) Find the multiplicative inverse of 13 in Z100 using extended

05 marks
Euclidean method.

B) With respect to below figure, prove that

05 marks
L6 = L1 and R6 = R1
Figure for Q3B
 S-St7 Ce).
K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)

End Semester Exam

MAY — June 221+
Max. Marks: 100 Duration: 3 hours
Class: TE Semester: Vi
Name of the Course: Information and Network Security Branch: IT
Course Code: R - 200
Instructions:
(1) Question 1 is Compulsory
(2) Attempt any 4 out of remaining six questions.
(3) Draw neat diagrams
(4) Assume suitable data if necessary

Question Max.
No. Marks
Q 1 (a) What are the key principles of security. Explain with example? 10

Q1(b) Explain Digital Signature. 10

Q2 Explain DES in detail. What is Triple DES 10

OK
Explain Secure E-mail system with example

Q3 (a) What is a Firewall? Describe any two types of firewall in 10

detail.
Q3 (b) Explain RSA algorithm with the help of suitable example. 10

Q4 Explain Kerberos in detail. 10

OK
Explain Risk analysis in detail.

Q5 Explain Software Reverse Engineering. 10

OK
Discuss Intrusion Detection System.

Q6 (a) Explain non malicious programming errors with examples. 10

Q6 (b) Explain Access control list and capability list. 10

Q7 Explain covert channel and mention its types. 10

Discuss Honeypots
 K. J. Somaiya College of Engineering, Mumbai-77

End Semester Exam

December 2020
Max. Marks: 30
Duration: 1 Hr. 15 Min. (For attempting questions) + 15 min. (uploading)
Class: TY Semester: V
Name of the Course: Information and Network Security Branch: IT
Course Code: 2UIC503
Instructions:
(1) All questions are compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

Question No. Max.

Marks

Q1 (a)Explain basic principle of DES. (02) 10

(b)Explain the avalanche effect on DES with example.(02)
(c)Why do round key generator need a parity drop permutation.(02)
(d)Name the two attacks which are possible on DES.(01)
(f)Find the output of the initial permutation box when the input is given in
hexadecimal as 0x0002 0000 0000 0001. Show all the steps in detail.(03)
The Initial permutation table and final permutation tables are given below:

Initial Permutation Final Permutation

OR
(a)Explain with diagram the process of using message authentication
code.(03)
(b)Can attacker alter the MAC? Yes or No? Give justification.(01)
(c)Is Mac algorithm similar to encryption and decryption process?
Justify.(02)
 (d)Is it possible to use MD5 and SHA1 algorithms for calculating a MAC?
Justify.(02)
(e) List two limitations of MAC. Also state solution to the limitation.(02)

Q2 (a)What are the features of authentication tokens?(02) 10

(b)How authentication token is created and used? (03)
(c)Explain time based token in detail(03)
(d)What is the difference between challenge/response tokens and time- based
tokens.(02)

Q3 (a)Explain how DDOS work on the system.(03) 10

(b)Explain any two DDOS attack with example.(03)
(c)If you were a system administrator looking for whether your network is
under DDOS attack, What would you look for?(02)
(d)How to prevent DDOS attack on system?(02)

OR
(a)Explain salami attack with example(05)
(b)Explain Incomplete mediation with example.(05)
 24|95|2022(E) ,
(Autonomous College Affiliated to University of Mumbai)
|

End Semester Examinations

May-June 2022
Max. Marks: 100 Duration: 3hrs
Class: TYBTech Semester: V1
Name of the Course: Vulnerability Analysis and Penetration Testing Branch: 11
Course Code: 2UIE602 : peer
Instructions:
(1) All Questions are Compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

. Marks
~ Question
No 7 tan eli ic tt ae
Q1(a) | Describe Threats, Vulnerabilities and Attack with examples. |

~Q1(b)_ | Define Ethical Hacking and Explain different types of Hackers. 10

OR

What are the different channels as mentioned by open source securily

testing methodology manual which are affected by penetration testing.

Q2 (a) Explain Vulnerability Scanning and write steps for vulnerability scanning | 10
of an E-commerce website application assuming any scanning tool.

Q2 (b) Explain the importance of Authentication mechanism in an Internet 10

Banking application. Write in detail the different mechanism to secure
the authentication process for the above application.

Q3 (a) What are the different flaws possible ~ while “implementation 10

Authentication mechanism in a government website such as Passport
application?

Q3(b) | Write how insecure session handling can lead to attack with an example. 10)
Write three different ways to manage insecure sessions?
OR
State any three weaknesses possible while implementing and handling
session token.

Q4 (a) Write the different types of XSS vulnerability in brief. Explain any one} 10
with an example.

Q4 (b) Describe any two ways to identify XSS exploitation and also write two 10
ways to mitigate them.

Pato
Q5 (a) What is SQL injection? Demonstrate with an example any one sql| 10
injection attack and its mitigating steps.
OR
Write down different ways in which network traffic/data can be analyzed
during penetration testing.

Q5 (b) Write short note on any two 10

(Footprinting
2Ethical Disclosure
ST ypes of SQL injection -
4Broken Access Control(OWASP)
 17-S- 2014 CE)
K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)

End Semester Exam

April - May 2019
Max. Marks:100 Duration: 3Hrs
Class: TY BTech Semester: V1
Name of the Course: Information and Network Security Branch: IT
Course Code: UITC60!
Instructions: y
(1) All Questions are Compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

Question Max.
No. Marks,
Qi What are different types of threats to security? Map each threat to a goal
of security. Justify the mapping with the help of an example.
Q2(a) | Explain the applications of public key cryptography and problems 10
associated.

Q2(b) | What is primitive root or generator. Consider a=10, b=12 as two secrets, 10
a prime p=17 in Diffie- Hellman key exchange protocol, find smallest
generator g of the given prime p and shared symmetric key.

Q2(c) | Explain DES in detail. State and justify the reason behind failure of DES. 10
OR
What is a stream cipher? Explain any hardware based stream cipher.
Q3 (a) | Explain Needham schroder protocol in detail. 10
OR
Explain the significance of the following terms in network security with
the help of an example.
i) CAPTCHA
ii) Covert Channel
Q3(b) | What is Access Control Matrix (ACM). Discuss problems and solutions 10
to ACM.

Q4 (a) | Explain the terms linearization attacks and trusting software. 10

Q4(b) | Explain software flaws with the help of a suitable example of each. 10
OR
What is the difference between malicious and non-malicious code.
Explain any two malicious code examples.
Q5 (a) | Explain Reconnaissance of network and web server vulnerabilities. 10
OR
IPSec provides security at network layer then what is the need of SSL.
Explain how client and server establish SSL connection.
Q5(b) | Explain DHCP and ARP attacks. 10
 17-05 201HE
K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)

End Semester Exam

April - May 2019
Max. Marks: 100 Duration:2 Hrs
Class: TY BTECH
Semester: VI
Name of the Course: Information and Network Security
Branch: IT
Course Code:UITC601
Instructions:
(1) All Questions are Compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

Question Max.
No. Marks
SECTION B
Q4 Attempt any four. 20
a. Explain packet sniffing with example.
b. Write down the steps of Needham schrodhar authentication protocol.
c What is linearization attack?Explain with example.
d. Explain any five web server vulnerabilities.
e. Explain the attacks on physical and data link layer of TCP/IP.
f. What is access control? What is the significance of ACL?
Q5 Attempt any four. 20
a. Explain password authentication.
b. Explain five malware in software security.
c. What is multilateral security?
d. Write a note on firewall.
e. Write a note on authentication method: single sign on .
f. What is the significance of honeypots.

Q6 Choose the correct answers 10

(1)In attacks, the attacker manages to get an application

to execute an SQL query created by the attacker.
a) SQL injection
b) SQL
c) Direct
d) Application

(2) A Web site that allows users to enter text, such as a comment or a name,
and then stores it and later display it to other users, is potentially vulnerable to
a kind of attack called a attack.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting

(3) A malicious code hidden inside a seemingly harmless piece of code.

My
a) Worm
b) Bomb
c) Trojan Horse
d) Virus

(4) An indirect form of surveillance.

a) Honey pot
b) Logical
c) Security
d) Intrusion

(5) Why would a hacker use a proxy server?

a) To create a stronger connection with the target.
b) To create a ghost server on the network.
c) To obtain a remote access connection.
d) To hide malicious activity on the network.

(6) What is the purpose of a Denial of Service attack?

a)Exploit a weakness in the TCP/IP stack
b)To execute a Trojan on a system
c)To overload a system so it is no longer operational
d)To shutdown services by turning them off

(7) What is the sequence of a TCP connection?

a) SYN-ACK-FIN
b) SYN-SYN ACK-ACK
c)SYN-ACK
d)SYN-SYN-ACK

(8) Sniffing is used to perform fingerprinting.

a) Passive stack
b)Active stack
c) Passive banner grabbing
d)Scanned

(9) Keyloggers are a form of f

a) Spyware
b) Shoulder surfing
c) Trojan
d) Social engineering

(10) Phishing is a form of :

a) Spamming
b) Identify Theft
c) Impersonation
d) Scanning

Vas
 2.) +2018 CE)
K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)

End Semester Examinations

Nov — Dec 2018
Max. Marks: 100 Duration: 3 hrs
Class: T.Y.B.Tech Semester: VI
Name of the Course: Information and Network Security
Branch; IT
Course Code: UITC601
Instructions:
(1) All Questions are Compulsory
(2) Draw neat diagrams
- (3) Assume suitable data if necessary

Question Marks
No.
Ql) What do you understand by vulnerability, threat and control? 10
Explain in detail the goals of security.

Q1() What do you understand by computer attacks. Explain different types of 10

attacks?
Q2 (a) 10
each. :
OR
Q2 (a) Compare block ciphers and stream ciphers. Give examples of each. 10
Q2 (b) Explain what you understand by confusion. and diffusion. Explain DES 10
cipher with the help of diagrams.

Q3 (a) Explain what is Access Control Matrix. Explain ACL (Access Control 10
List) in detail.
Q3 (b) Differentiate between authentication and authorization. Explain password 10-
authentication.
OR
Q3 (b) Explain Biometric authentication in detail. 10

Q4 (a) 10

Ly the help of suitable example. _

Q4 (b) Explain the following: 10
i) Buffer Overflow :
ii) Race Condition
OR ae
Q4 (b) Explain the following:
i) Salami attack 10
ii) Linearization attacks
Q5 (a) Explain IPSec protocol. Briefly define the working of SSL Protocol. 10

Q5 (b} What are the protocols used for Email security. Give an explanation of
any one.
OR 10
Q5 (b) What are Firewalls? Explain different types of Firewalls.

Pg j oF|
 K. J. Somaiya College of Engineering, Mumbai-77
_iutopomous College Affiliated to University of eae) a
“Semester: January—May 2022~
In-Semester Examination

Class: TY B. Tech
Branch: COMP Semester : VI
Full name of the course: Cryptography and.System Security... ....Course Code: 2UCC602
Duration: lhr.15 min Max. Marks: 30

Q. No Questions _ Ses Marks a

Qi Discuss various methods of defense and give examples. of all methods. ‘10 marks

Q2 A) Find all multiplicative inverse pairs in Z,), OS marks

B) Find the multiplicative inverse of 33 in Zioo =using extended OS marks

Euclidian algorithm.
ennai asttee iis iti Ba eg DE none ersten
SPR I

OR

Discuss and Justify how confusion and diffusion is introduced and 10 marks
increased in DES algorithm.

Q3 Discuss with neat diagram how asymmetric key cryptography can be 10 marks
used for confidentiality and authentication security services.
 K. J. Somaiya College of Engineering, Mumbai-77

wo)
ae College Affiliated to University of ie ab ae
“Semester: January-May 2022
In-Semester Examination

Class: TY B. Tech
Branch: COMP
Full name of the course: Cryptography and System Security... Course Code: 2UCC602
Duration: lhr.15 min Max. Marks: 30
(Pw 7) pee
Q. No Questions Marks
QI List six methods of defense used for system security. § +S marks
Give at least one example of each method of défense.

Q2 | A) Find all multiplicative inverse pairs in Z)) ec. ~ 05 marks

B) Find the multiplicative inverse of 33 in Zyoo using extended 05 marks
PuChidian GIGGCIHM. spe a

OR

Discuss: DES algorithm in steps.

5 +5 marks
At each step explain how confusion and dilfusion is introduced and
increased in DES algorithm.

Q3 | Draw aneat diagram for asymmetric key cryptography. 5 +5 marks

Discuss how asymmetric key cryptography can be used for

confidentiality and authentication securily services,
 BoSOMAIYA
VIDYAVIBAR UNIVERSITY

Semester: January 2023 —May 2023

Maximum Marks: 100 Examination: ESE Examination Duration:3 ci Mt
Programme
Pp.
code: 01
mme: B. Tech in Computer Engineering
Class: TY Semester: ‘ VI (SVU 2020)
iii
Name of the Constituent College:
Name of the department: COMP Hit i
K. J. Somaiya College of Engineering
Course Code: 116U01E628 | Name of the Course: Applied Cryptography
Instructions: 1)Draw neat diagrams 2) All questions are compulsory |
3) Assume suitable data wherever necessary LAMA
a

Que. Question Max.

No. Marks
Q1_ | Solve any Four 20
i) State the relationship between Security Goals and Security attacks. Comment 5
on which one the attack(s) harm which one the security goals.
ii) | Encrypt the message “Night is dark and full of terrors” using: 5
a. Playfair cipher with key: Maharashtra
b. Rail fence cipher with fence height=3
iii) | Compute: 1+24+2
l. 13+29-in 223
2. Contents of the set Z;;
3. Contents of the set Zg
iv) | What is cryptanalysis? Discuss cryptanalysis of substitution ciphers with an 5
example.
v) What are primitive roots? Comment on challenges and issues with primitive 5
roots.
vi) | Give at least one application scenario for each of them: 1+1+142
a. Session key c. One Time Pad
b. PIN d, salt

Que. Question
No.
Q2 A | Solve the following
i) | What are initialization vectors? Comment onhow ipsdiagion and exclusion of
| initialization vectors affect security goals:-Give-asuitable example to support
your claims.
ii) | Design the following, assume suitable data. 14242
a. A P-Box with 8 inputs - 8 outputs
b. A P-Box with 8 inputs — 12 outputs
c. AS-Box with 8 inputs — 4 outputs (8 inputs can be represented
using binary code 000-111)
OR
Q2 A | Compare and contrast between stream ciphers and block ciphers on the basis of: 10
a. Security : consider cryptography and cryptanalysis, both
b. Speed and efficiency
c. Ease of implementation in hardware and software
d. Examples algorithms from both categories
e. At least two application scenarios
Page 1 of 2
 es

Solve any One 10

Discuss significance and relationship of the following concepts in asymmetric 10
key cryptography:
a. Prime number generation
b. Primality testing
c. Factorization
d. Exponentiation and
e. Logarithm algorithms
ii) _| Compare AES and DES based on security, Strength and weaknesses 10

Que. Question Max,

No. Marks
Q3__| Solve any Two 20
i) _| Discuss workingof HMAC for Message authentication and integrity 10
ii) | Explain Diffie-Hellman Key exchange algorithm with an example. Discuss the 10
man-in-middle attack possibility scenario too.
iii) | Discuss Digital signatures and their significance in the field of security. 10

Que. Question Max.

No. Marks
Q4 | Solve any Two 20
i) Discuss in brief working of Kerberos. [ Must include major steps from client 10
authentication to using a service.]
ii) Consider a scenario wherein you are required to give a program sourcecode to 10
other party as a part of transaction.
Discuss in brief various method(s) those could be used to achieve :
a. Confidentiality
b. Integrity
c. Non-repudiation on senders side
d. Non-repudiation on receiver’s side
iii) | For the above scenario i.e. you are required to send a program sourcecode to 10
other party as a part of transaction.
Discuss in brief various method(s) those could be used to achieve :
a. No modification/distribution/reverse engineering by the client party
b. No interruption/interception while you are transmitting code online
c. The client can prove their potential customers that they have certain
code that works for a particular application

Que. aT corner
|_No.
Q5_| (Write notes / Short question type) on any four
i) What are Discrete logarithms? Explain their significance in applied
cryptography.
ii) | Discuss Secure Multiparty Computation with strengths, weaknesses and 5
applications
iii) _| Cryptographic Hash function requirements 5
iv) | Discuss Asymmetric.encryption for Authentication 5
v)__| Weakness(s) of RSA; State solutions over the same. 5
vi) _| MDS: Strengths, weaknesses, applications 5

Page 2 of 2
 @
f: oe ae

“9S SOMATYA
a4

Suche?
ae vw YAVIAR UNIVERSITY
24-01" 2023(E)™”
Semester: January 2023 —May 2023
Maximum Marks: 100 Examination: ESE Examination Duration:3 Hrs.

Bieerscame enact]
Programme: B Tech Computer Engineering -
_ _. | Class: TY Semester: VI (SVU 2020)
Name of the Constituent College:
Name of the department: Computer
K. J. Somaiya College of Engineering
Course Code: 116U0iC602 | Name of the Course: Information Security
Instructions: 1)Draw neat diagrams 2) Ali questions are compulsory
3) Assume suitable data wherever necessary

Que. Question Max.

No. Marks
Q1_ | Solve any Four 20
i) Assume a hacker hacks into a network, copies a few files, det'aces the Web 5
page, and steals credit card numbers, how many different threat categories does
@ this attack fall into?
ii) List the different layers of an organization where security must be implemented 5
to protect its operations?
ili) How does HTTPS provide security in comparison with http protocol? Which 5
all fields are get authenticated and encrypted in case of https protected
messages?’
iv) What is the difference between link and end-to-end encryption? 5
Vv) What’s the difference between a legal issue and an ethical issue? 5
vi) Is it possible to use the DES algorithm to generate message authentication 5
code? Justify. _ |
————4

Que. Question Max. |

No. Marks |
Q2B | Solve any One 10
i) Given p=19, q=23, and e=3 Use RSA algorithm to find n, o(n) and d. 10
ii) Define buffer overflows attacks. Give an example. What are its security 10
2 implications?
Que. Question Max.
No. Marks
Q3__| Solve any Two 20
i) A news headline reads “The website of a company A is hacked and their 10
homepage was replaced with an obscene message”. What really happened and
how can it be avoided?
ii) | Discuss the methodologies used for web application hacking? 10
iii) _| Write the steps to read Email Headers and identify them as SPAM. 10

Le} 22 Al Solve the follawing ae

i) [Compare and contrast AFS and DES ape di
li) [List best practices to stay safe from man-in- middle nae
attack
; < OR
Write short note on OWASP. 10
Q2A

Posey e_
 (a Question Max. ,
. : Marks
Q4_ | Solve any Two 20
i) What is a firewall? List the type of firewalls categorized by processing mode. 10
Draw a schematic diagram of a packet filtering router used as a firewall and
explain its function using a sample firewall rule.
ii) How does PGP provide authentication arid confidentiality for email services 10
: and for file transfer applications? Draw the block diagram and explain the
components.

iii) What are the important ethical issues in cybersecurity? Explain in detail. 410

Que. Question Max.

No. Marks
QS__| (Write notes / Short question type) on any four 20
i) What requirements must a public key cryptosystem to fulfill to a secured 5
algorithm? =
ii) Differentiate between trojan horse and denial-of-service attacks. 5
iii) How web security can be achieved? What are the different mechanisms? 5
iv) |IfI'm on my laptop, here inside my company, and I have just plugged in my 5
network cable. How many packets must leave my NIC in order to complete a
traceroute to twitter.com?
v) Explain laws and ethics in Information Security. 5
vi) | Explain how the DES algorithm can be strengthened by 3 DES. What is the 5
effective key length of 3 DES? Justify.
 a g:s-07 CE).
K. J. Somaiya College of Engineering, Mumbai-77
(Autonomous College Affiliated to University of Mumbai)

End Semester Examinations

April - May 2017
Max. Marks: 100 Duration: 3hr
Class: TY BTech Semester: VI
Name of the Course: Information and Network Security
Branch: IT
Course Code: UITC601
Instructions:
(1) All Questions are Compulsory
(2) Draw neat diagrams
(3) Assume suitable data if necessary

Question Marks
No.
Qi Explain Vulnerability, threats and attacks with respect to Software| 10
Application.
OR
What are the three basic Cyrptography techniques.
Q2(a) | Write difference between the following 10
1) AES and DES
2) Symmetric and Asymmetric Cryptography

Q2(b) | Explain how Crptography and Digital signature can help in maintaining | 10
Confidentiality and Non Repudiation.
OR
Explain Knapsack Cryptosystem with the help of an example

Q3 (a) | Explain how Covert Channel is different from Trojan Horse with| 10
example.

Q3(b) | Differentiate between Authorization and Authentication. Explain the use| 10

of CAPTCHA in Security.

Q4(a) | Describe Incomplete mediation and Race condition with respect to web| 10
security.

Q4(b) | Bufferoverflow is non-malicious type of flaw. Give your comment and| 10

Justification.
Q5 (a) | What is Firewall? Explain its different types. 10
OR
What is IDS? Explain various types of IDS
Q5(b) | Explain how the following spoofing techniques can lead to DOS attack. 10
1) IP Spoofing
2) ARP Spoofing
3) DNS Spoofing

Q5(c) | Explain any 5 Web Server Vulnerabilities. 10

OR
List and describe the flaws in TCP/IP protocol that can lead to security
breaks