JNTU B.Tech II Semester INFORMATION SECURITY Examinations, Apr/May 2008
(Computer Science & Engineering)
Time: 3 hours Max Marks: 80
Answer any FIVE Questions
All Questions carry equal marks
1. (a) “Gaining control over the Routing tables at layer 3 is one of the attacks” -explain how Route tables modification is crucial.
(b) Explain how Buffer overflow is created for any known platforms (eg., WIN-DOWS NT / LINUX). [8+8]
2. (a) What is a cipher block mode of operation? Explain the use of these modes of operation for the block ciphers for encipherment,
(b) Describe the different methods of Message authentication. [8+8]
3. (a) Explain the procedure involved in RSA public-key encryption algorithm.
(b) Explain what Kerberos is and give its requirements. [8+8]
4. (a) What is Radix-64 format? Explain how both PGP and S/MIME perform the Radix-64 conversion is performed.
(b) Describe the five principal services that Pretty Good Privacy (PGP) provides. [8+8]
5. (a) Discuss the purpose of SA selectors?
(b) Enumerate on the five default ISAKMP exchange types? [8+8]
6. (a) Draw the diagrams showing the relative location of security facilities in TCP/IP
protocol stack? Discuss the advantages of each?
(b) What is SSL session? Can a session be shared among multiple connections?
What are the parameters that define a session state? [8+8]
7. (a) What is an access policy? On what factors does access determination depends?
(b) Discuss the two techniques for developing an effective an efficient proactive password checker? [8+8]
8. (a) What are two default policies that can be taken in a packet filter if there is no match to any rule? Which is more conservative? Explain with example rule sets both the policies?
(b) What are the advantages of decomposing a user operation into elementary actions?
(c) What are false negatives and false positives? [6+6+4]