Information Security & Cryptography -

Questions and Answers

1. 1) Give an example of a situation in which a compromise of confidentiality leads to a
compromise in integrity.

If an attacker gains unauthorized access to confidential medical records (compromising

confidentiality), they could alter diagnosis details or prescriptions (compromising
integrity), leading to harmful medical decisions.

2. 2) Explain how Botnets can be used as a fuel to cybercrime.

Botnets, networks of compromised computers, can be remotely controlled by attackers to

launch coordinated cybercrimes like Distributed Denial of Service (DDoS) attacks,
spamming, phishing, and spreading malware.

3. 3) How do laws protecting privacy impact the ability of system administrators to

monitor user activity?

Privacy laws limit how much and what kind of user data system administrators can
monitor. Admins must balance security with user privacy rights, often requiring consent or
legal compliance before surveillance.

4. 4) Explain information security objectives with diagram.

The core objectives are Confidentiality (restrict access to data), Integrity (ensure accuracy
and trustworthiness of data), and Availability (ensure data is accessible when needed). This
is represented as the CIA triad.

5. 5) Write a note on objectives of Information Technology Act, 2000 in India.

The IT Act 2000 aims to provide legal recognition to electronic transactions, prevent
cybercrimes, facilitate e-governance, and establish a legal framework for digital signatures
and cybersecurity in India.

6. 6) Classify each of the following as a violation of confidentiality, integrity, availability, or

a combination:
a. John copies Mary’s homework.
b. Paul crashes Linda’s system.
c. Carol changes the amount of Angelo’s check from $100 to $1,000.
d. Gina forges Roger’s signature on a deed.
e. Rhonda registers the domain name “AddisonWesley.com” and refuses to let the
publishing house use it.
a. Confidentiality
b. Availability
c. Integrity
d. Integrity
e. Availability

7. 7) Differentiate between active attack and passive attack.

Passive attack involves monitoring communication without altering it (e.g., eavesdropping).

Active attack involves modifying the communication or data (e.g., man-in-the-middle,
denial-of-service).

8. 8) Write a short note on Cyberstalking.

Cyberstalking involves using the internet or digital means to stalk, harass, or threaten an
individual, often causing emotional distress or fear.

9. 9) Users often bring in or download programs from the Internet. Give:

- A site where the benefits outweigh the risks.
- A site where the risks outweigh the benefits.

Benefits outweigh risks: Open-source repositories like GitHub for development tools.
Risks outweigh benefits: Torrent or warez sites which may distribute pirated or malware-
infected software.

10. 10) How does multi-factor authentication (MFA) contribute to the CIA Triad?

MFA enhances Confidentiality by preventing unauthorized access, maintains Integrity by

ensuring only verified users can modify data, and supports Availability by enabling secure
system access even in risky environments.

11. 11) Alice uses Bob’s RSA public key (e = 7, n = 143) to send the plaintext P = 8 encrypted
as ciphertext C = 57. Show how Eve can use the chosen-ciphertext attack if she has
access to Bob’s computer to find the plaintext.

Eve performs a chosen-ciphertext attack by modifying the ciphertext.

Step 1: Eve chooses a value s such that gcd(s, n)=1. Let s=2.
Step 2: Compute modified ciphertext: C' = (s^e * C) mod n = (2^7 * 57) mod 143 = (128 *
57) % 143 = 7296 % 143 = 9
Step 3: Send C' = 9 to Bob. Bob decrypts it using his private key and returns P' = (C')^d mod
n = M' = s * M mod n.
Step 4: Eve receives M' = (2 * 8) mod 143 = 16. So, original M = M' / s = 16 / 2 = 8.
Hence, Eve discovers the plaintext.

12. 12) How message authentication codes (MACs) and digital signatures contribute to
integrity and authenticity.
MACs use a secret key to generate a tag for a message, ensuring both integrity (data hasn't
changed) and authenticity (sender is genuine). Digital signatures use private keys to sign a
message, allowing anyone with the public key to verify that the message is unaltered and
truly from the claimed sender.

13. 13) In the Diffie-Hellman protocol, g = 7, p = 23, x = 3, and y = 5. a) What is the value of
the symmetric key? b) What is the value of R1 and R2?

a) Symmetric key = (R2)^x mod p = (17)^3 mod 23 = 4913 % 23 = 6

b) R1 = g^x mod p = 7^3 % 23 = 343 % 23 = 21
R2 = g^y mod p = 7^5 % 23 = 16807 % 23 = 17

14. 14) Prove the fundamental laws of modular arithmetic: a. (a + b) mod n = (a mod n + b
mod n) mod n b. ab mod n = ((a mod n)(b mod n)) mod n

a. Let a = nq1 + r1 and b = nq2 + r2. Then, (a + b) mod n = (r1 + r2) mod n = (a mod n + b
mod n) mod n.
b. ab mod n = ((a mod n) * (b mod n)) mod n holds due to modular multiplication property.

15. 15) A message M = "HELLO" is given. Convert this message into its ASCII representation,
and then compute its MD5 hash. How the hash function ensures integrity.

ASCII of HELLO = [72, 69, 76, 76, 79]. The MD5 hash of "HELLO" is:
8b1a9953c4611296a827abf8c47804d7.
Hash functions ensure integrity by generating a unique digest. Any change in message leads
to a completely different hash.

16. 16) Is the sum program a good cryptographic checksum function that produces a one-
word result by excluding or combining all of the words in its input?

No, the sum program is not cryptographically secure. It can easily produce collisions (same
output for different inputs) and does not meet cryptographic properties such as pre-image
resistance.

17. 17) Differentiate Symmetric key encryption and Asymmetric key encryption.

Symmetric uses one secret key for encryption and decryption (e.g., AES). Asymmetric uses
public and private key pairs (e.g., RSA). Symmetric is faster but less scalable; asymmetric is
slower but provides better key management.

18. 18) Why is SHA-256 considered more secure than MD5?

SHA-256 produces a 256-bit hash and is resistant to collision, pre-image, and second pre-
image attacks. MD5 is outdated, produces only 128-bit hash and is vulnerable to collisions.

19. 19) Describe Certificate Authority (CA).

A Certificate Authority (CA) is a trusted entity that issues digital certificates to verify the
identity of individuals, websites, or organizations. It binds public keys with identities.

20. 20) Define access rights and pseudorandom numbers.

Access rights specify what actions a user can perform on system resources (e.g., read,
write). Pseudorandom numbers are numbers generated algorithmically that appear
random, used in encryption and key generation.

21. 21) Explain Cryptography

Cryptography is the science of securing information by transforming it into an unreadable

format (encryption) and converting it back (decryption) using algorithms and keys.

22. 22) Explain DES algorithm

DES (Data Encryption Standard) is a symmetric key algorithm that encrypts data in 64-bit
blocks using a 56-bit key. It uses 16 rounds of Feistel-based processing including
substitution and permutation.

23. 23) Use RSA algorithm to find d if you know e = 17 and n = 187.

First, find φ(n). n = 11 * 17 → φ(n) = (11-1)(17-1) = 160. Find d such that (d * 17) % 160 =
1. Using Extended Euclidean Algorithm, d = 113.

24. 24) Describe man in middle attack

A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts and

possibly alters communication between two parties without their knowledge.

25. 25) Diffie-Hellman protocol and its purpose.

The Diffie-Hellman protocol is used to securely exchange cryptographic keys over a public
channel, allowing two parties to agree on a shared secret used for encryption.

26. 26) Use the Playfair cipher to encipher the message “The key is hidden under the door
pad”. The secret key can be made by filling the first and part of the second row with the
word “GUIDANCE” and filling the rest of the matrix with the rest of the alphabet.

After constructing the 5x5 matrix with 'GUIDANCE' and removing duplicates, convert the
message to digraphs and apply Playfair cipher rules to encrypt. Final encrypted message
depends on the matrix and rules used.

27. 27) Explain Digital Signature.

A digital signature is a cryptographic mechanism used to verify the authenticity and

integrity of a message or document. It is created using a sender’s private key and verified
using the public key.
28. 28) Explain Vigenere cipher with example.

Vigenere cipher uses a keyword to perform polyalphabetic substitution. E.g., Plaintext:

HELLO, Key: KEY → Encrypted: RIJVS (H+K, E+E, L+Y, L+K, O+E).

29. 29) Explain the process of how a message is converted into a hash value using SHA-256.

SHA-256 processes the message in 512-bit blocks using compression functions and bitwise
operations. It produces a 256-bit hash ensuring integrity and uniqueness.

30. 30) Approaches to message authentication.

Approaches include: (1) Message Authentication Code (MAC), (2) Digital Signatures, (3)
Hash functions with shared keys. Each ensures integrity and sender authenticity.