RENGANAYAGI VARATHARAJ COLLEGE OF ENGINEERING

SALVARPATTI, SIVAKASI – 626 128

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

REGULATION 2021

YEAR: III

SEMESTER: V

QUESTION BANK

SUBJECT CODE: CB3491

SUBJECT NAME: CRYPTOGRAPHY AND CYBER SECURTIY

STAFF INCHARGE: R.RAMYA AP/CSE

 Unit- 1 introduction to Security
Two marks

1. Distinguish action and passive attack with

example? Ans:
Sr.No Passive attack Active attacks
1. Passive attacks are in the nature of Active attacks involve some modification of the
eavesdropping on, or monitoring of, data stream or the creation of a false stream.
transmissions.
2. Type: Release of message contents and Type: Masquerade, replay, modification of
traffic analysis. message and denial of service.
3. Very difficult to detect. Easy to detect.
4. It does not affect the system. It affects the system.

2. What are the key principle of security?

Ans:
Key principle of security is Confidentiality, integrity, and availability. Confidentiality means
protecting information from unofficial broadcasting and unauthorized access to people. Data integrity aims
to maintain the information’s consistency, accuracy, and authenticity. Availability is to provide data,
technological infrastructure, and applications when the organization needs them.

3. What is meant by denial of service attack? It Active Attack or Passive

Attack? Ans:
Fabrication causes Denial of service attacks. DOS prevents the normal use or management of
communication facilities. It is active attack.

4. Encrypt the plaintext tobeornottobe using the vigenere cipher for the key value
Now. Ans:
o Key Now Now Now Now
o Plaintext tob eor not tob e
o Ciphertext gcx rcn acp gcx r

5. Let message =”Anna”, and k=3, find the cipher text using Caesar.
Ans:
Message =”Anna”
Key = 3
Cipher text = Dqqd

6. Categorize passive and active

attack. Ans:
 Active attacks can be subdivided into four types:
 Masquerade
 Replay
 Modification of message
 Denial of service
 Passive attacks are of two types:
 Release of message contents
 Traffic analysis
7. List the classical encryption
techniques. Ans:
 Classical encryption techniques are:
 Caesar Cipher
 Monoalphabetic Cipher
 Playfair Cipher
 Hill Cipher
 Polyalphabetic Substitution
 One Time Pad
 Feistel Cipher

8. Define symmetric
encryption. Ans:
In symmetric encryption, sender and receiver use same key for encryption and decryption.

9. What are the two basic function used in the encryption

algorithm? Ans:
All the encryption algorithm are based on two generals:
 Substitution: In which each element in the plaintext is mapped into another element.
 Transposition: In which elements in the plaintext are rearranged. The fundamental
requirement is that no information be lost.

10. Why is asymmetric cryptography bad for huge data? Specify the
reason. Ans:
Asymmetric encryption limits the maximum size of the plaintext. In practice, block modes don’t get
used with asymmetric encryption, because encrypting many blocks with an asymmetric scheme would be
really slow.

11. What is the difference between a monoalphabetic cipher and a polyalphabetic

cipher? Ans:
In monoalphabetic cipher single alphabet is used per message. But in polyalphabetic cipher there are
multiple ciphertext letters for each plaintext letter, one for each unique letter of key word.

12. Define
steganography. Ans:
Steganography is the art and science of writing hidden messages in such a way that no one, apart from
the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

13. Why modular arithmetic has been used in

cryptography? Ans:
Application of modular are given to divisibility tests and to black ciphers in cryptography. Modular
arithmetic
Directly underpins key system such as RSA and Differ−Hell man as providing finite fields which underlie
elliptic curves and is used in a variety of symmetric key algorithms including AES, IDEA and RC4 .

14. List out the problem of one time

pad? Ans:
Problem with one time pad is that of making large quantities of random keys. It also makes the
problem of key distribution and protection.

2
15. Distinguish between attack and
Threat. Ans:
 The main difference between threat and attack is a threat can be either intentional or
unintentional Where as an attack is intentional.
 A Security threat is the expressed potential for the occurrence of an affack.
 A security affack is an action taken against a target with the intention of doing harm.

16. What is a threat? List their

types? Ans:
A potential for violation of security, which exists when there is a circumstance, capability, action or
eventthat could bareach security and canuse harm. That is, a threat is a possible danger that might exploit
vulnerability.

17. Specify the components of encryption algorithm or What are the ingredients of a symmetric
cipher? Ans:
 Components of encryption algorithm:
 Plaintext – original message
 Ciphertext – coded message
 Cipher – algorithm for transforming plaintext to ciphertext
 Key – info used in cipher known only to sender / receiver
 Enciphering (encryption) – converting plaintext to ciphertext
 Deciphering (decryption) – recovering ciphertext form plaintext

18. List the entities that are to be kept secret in conventional encryption
techniques. Ans: Secret key and an encryption algorithm.
 Unit- 2 Symmetric Ciphers
Two marks

1. If a bit error occurs in plain text block b1, how far does the error propagate in CBC mode of
DES? Ans:
If a bit of a plain text block b1 is in error the entire cipher text block will effected and will be
erroneous. All subsequent cipher blocks will also be effected each cipher text block is fed to next stage and
XOR with next plain text block. However, at the receiver, only the block b1 of plain text recovered
reproduces the same bit error. All the subsequent plain text blocks are reproduced correctly.

2. Give the five notes of operation of block

cipher. Ans:
Five modes of operation are:
 Electric Code Book (ECB)
 Cipher Block Chaining (CBC)
 Cipher feedback (CFB)
 Output Feedback (OFB)
 Counter Mode (CTR)

3. Find gcd (2740, 1760) using Euclidean

algorithm. Ans:
q r1 r2 r
1 2740 1760 980
1 1760 980 780
1 980 780 200
3 780 200 180
1 200 180 20
9 180 20 0
20 0
GCD=20

4. Find gcd (56, 86) using Euclid’s algorithm.

Ans:
q r1 r2 r
1 86 56 30
1 56 30 26
1 30 26 4
6 26 4 2
2 0

5. Define field and ring in number

theory. Ans:
 A ring R, sometimes denoted by {R, +, *}, is a set of elements with two binary
operations, called addition and multiplication, such that for all a, b, c in R the following
axioms are obeyed.

4
  A field F, sometimes denoted by {F, +, ×}, is a set of elements with two binary
operations, called addition and multiplication, such that for all a, b, c n F the following
axioms are obeyed.

6. What is the different between statistical randomness and

unpredictability? Ans:
In applications such as reciprocal authenticated and key generated the requirement is not so much
that the sequence of numbers be statically random but that the successive numbers of the sequence are
unpredictable. With true random sequences each number is statistically independent of other numbers in the
sequence and therefore unpredictable.

7. What are the different modes of operation in

DES? Ans:
DES modes of operation:
 Electronic Code Book (ECB): Message is broken into independent blocks of 64 bits.
 Cipher Block Chaining (CBC): Message is broken in independent blocks of 64 bits,
but next input depends on previous output.
 Cipher FeedBack (CFB): The message is XORed with the feedback of encrypting
the previous block.
 Output Feedback: The feedback is independent of the message.

8. What is the disadvantages with ECB mode of

operation? Ans:
Disadvantages:
 Synchronization error is unrecoverable.
 Not suitable for length messages.

9. What are the modes of

DES? Ans:
Five standard modes of operation:
 Electronic Code Book (ECB)
 Cipher Block Chaining (CBC)
 Cipher Feedback (CFB)
 Output Feed (OFB)
 Counter (CTR)

10. List the uses of

RC4. Ans:
RC4 has become part of some commonly used encryption protocols and standards such as WEP,
WPA, TLS, Kerberos and SAAL mechanism Digest MD5.

11. Why random numbers are used in network

security? Ans:
Most encryption algorithms required source of random data. Random numbers are necessary not
only for generating cryptographic keys but are also needed in steps of cryptographic algorithms or protocols.
12. State few applications of RC4
algorithm. Ans:
RC4 is used in SSL/TLS. It is also used in WEP, the JEEE 802.11 networking security standard. It can
also be found in a number of other applications including email encryption products.

13. What is AES

cipher? Ans:
Advanced Encryption Standard (AES) is a symmetric key block cipher. AES is a non−Feistel cipher
that encrypts and decrypts a data block of 128 bits. The key size can be 128, 192, or 256 bits. It depends on
number of rounds. The number of rounds: 10 rounds for 128 bits, 12 rounds for 192 bits, and 14 rounds for
256 bits.

14. Brief the strength of triple

DES. Ans:
a) Strength for triple DES is actually 168 bits.
b) Brute force search impossible on triple DES.
c) It uses 2 or 3 keys.

15. Give the five modes of operation of block

cipher. Ans:
Block cipher modes of operations are electronic code book, cipher block chaining mode, cipher
feedback mode, counter mode and output feedback mode.

16. Compare DES and

AES.
Ans:
AES DES
AES stands for Advanced Encryption DES stands for Data Encryption Standard.
Standard.
Key length can be of 128−bits, 192−bits Key length is 56 bits in DES.
and 256−bits.
Number of rounds depends on key length: DES involves 16 rounds of identical
10(128−bits), 12(192−bits) or operations.
14(256−bits).
The structure is based on substitution The structure is based in feistal network.
permutation network.
The round in AES are: Byte Substitution, The round in DES are: Expansion, XOR
Shift Row, Mix Column and key addition. operation with round key.

17. Define field and ring in number

theory. Ans:
 Field – A field, denoted by F = < {…}, o, > is a commutative ring in which the second operation
satisfies all five properties defined for the first operation except that the identity of the first operation
has no inverse.
 A Field supports two pairs of operations: addition/subtraction andmultiplication/division, except
that the division by zero is not allowed.
 Ring – A ring, R = < {…}, o, >, is an algebraic structure with two operations. The second operation
must be distributed over the second.

−−−−−−−−−−−
 UNIT III - Asymmetric Cryptography
1. Define replay attack (NOV/DEC 2011)
A replay attack is one in which an attacker obtains a copy of an authenticated packet and
later transmits it to the intended destination. The receipt of duplicate authenticated IP packets
may disrupt service in some way or may have some other undesired consequence. The
Sequence Number field is designed to thwart such attacks.

2. Write the difference between public key and private key crypto systems? (APR/MAY 2012
& APR/MAY 2017)
Private Key encryption uses a single key to both encrypt and decrypt messages. It must be
present at both the source and destination of transmission to allow the message to be
transmitted securely and recovered upon receipt at the correct destination.

Public key systems use a pair of keys, each of which can decrypt the messages encrypted by
the other. Provided one of these keys is kept secret (the private key), any communication
encrypted using the corresponding public key can be considered secure as the only person able
to decrypt it holds the corresponding private key.

3. State whether symmetric and asymmetric cryptographic algorithms need key exchange?
(APR/MAY 2014)
Key exchange is a method in cryptography by which cryptographic keys are exchanged
between two parties, allowing use of a cryptographic algorithm.

Symmetric encryption requires the sender and receiver to share a secret key. Asymmetric
encryption requires the sender and receiver to share a public key. If the cipher is a symmetric
key cipher, both will need a copy of the same key. If an asymmetric key cipher with the
public/private key property, both will need the other's public key.

4. List the Authentication requirements? (APR/MAY 2014) (NOV/DEC 2016)(Understand)

The authentication is provided for the following attacks
Disclosure
Traffic analysis
Masquerade
Content modification
Sequence modification
Timing Modification
Source repudiation
Destination Repudiation

5. What is Man in the Middle attack?

This is the cryptanalytic attack that attempts to find the value in each of the range and domain
of the composition of two functions such that the forward mapping of one through the first
function is the same as the inverse image of the other through the second function-quite
literally meeting in the middle of the composed function.
6. What is the Fermat’s theorem? (Nov/Dec 2017)?
Fermat’s theorem states the following: If p is prime and a is a positive integer not
divisible by

p, then

7. What is the use of Fermat’s theorem?

 This theorem is central to the calculus method of determining maxima and minima: in
one dimension, one can find extreme by simply computing the stationary points (by
computing the zeros of
the derivative), the non- differentiable points, and the boundary points, and then investigating
this set to determine the extreme.
 One can do this either by evaluating the function at each point and taking the maximum,
or by analyzing the derivatives further, using the first derivative test, the second derivative
test, or the higher-order derivative test.
 In dimension above 1, one cannot use the first derivative test any longer, but the second
derivative test and higher-order derivative test generalize.

8. What is an elliptic curve? (NOV/DEC 2016)

The principle attraction of ECC compared to RSA, is that it appears to offer equal security
for a far smaller key size, thereby reducing processing overhead.

9. Define Euler’s phi function.

Euler’s phi function φ(n) returns the number of integers from GCD 1 to n that are relatively
prime to n. The phi function is computed φ(n) using various methods. They are
⮚ If n is a prime number, then φ(n)=n-1.
⮚ If n is a composite number, then
• Find the prime factors of that number and compute the phi function value as used in
Step 1. otherwise,
• Find prime powers (Pa) of the given number n, for computing the phi value of prime
powers we have to use (Pa-Pa-1)
10. Mention any three Primality Testing Methods.
 Naïve Algorithm
 Fermat’s Primality Test
 Miller-Rabin Primality Test

11. Write the formula for Encryption and Decryption in RSA.

For Decryption C = Me
mod n For Encryption M =
Cd mod n

12. Consider the RSA encryption method with p=11 and q=17 as the two primes. Find n and
φ(n). (Evaluate) [NOV/DEC 19]
n = p x q = 17 x 11 = 187
φ(n) = (p-1)(q-1) = (17-1)(11-1)
= 16 (10)
= 160.

13. Describe Chinese remainder theorem.

The Chinese remainder theorem is a result about congruences in number theory and its
generalizations in abstract algebra. In its basic form, the Chinese remainder theorem will
determine a number n that when divided by some given divisors leave given remainders.

14. Define Euler’s theorem and it’s application? (APRIL/MAY 18) (Remember)
Euler’s theorem states that for every a and n that is relatively prime:
aΦ(n)≡ 1 mod n

15. Define Euler’s totient function or phi function and their applications? (Remember)
The Euler’s totient function states that, it should be clear for a prime number p, Φ(p) = p-1

Part B & C Questions

1. Write short notes on Fermat’s theorem, Euler’s theorem and Chinese remainder theorem?
(NOV/DEC 2016)

2. State Chinese Remainder theorem and find X for the given set of congruent
equations Using CRT. (NOV/DEC 2016)
X=2(mod 3)
X=3(mod 5)
X=2(mod 7)

3. Demonstrate Encryption and Decryption for the RSA algorithm parameters p=3, q=11,
e=7, d=?, M=5. (MAY/JUNE 2014)/ (NOV/DEC 2012) (APR/MAY 2019)

4. Users A and B use the Diffie-Hellman key exchange technique with a common prime q=71
and a primitive root a=7. If user A has private key X A=5, what is A’s public key YA?.
(MAY/JUNE 2014)/ (MAY/JUNE 2013)

5. With a neat sketch explain the Elliptic curve cryptography with an example.
(APRIL/MAY 18) (Understand)

6. Explain ElGamal public key cryptosystems with an example

7. Explain Diffie-Hellman Key exchange algorithm in detail [NOV/DEC 19]

8. Users Alice and Bob use the Diffie-Hellman key exchange technique with a common
prime q = 83 and a primitive root α= 5. (Analyze) Refer Notes.
• If Alice has a private key Xa = 6, what is Alice's public key?
• If Bob has a private key Xs = 10, what is Bob's public key?
• What is the shared secret key?

9. State Chinese Remainder theorem and find X for the given set of congruent equations using
CRT.
(APR/MAY 2017)
X=2(mod 3)
X=1(mod 5)
X=1(mod 5)
X=3(mod 9)
X=4(mod 11)
 UNIT IV - Integrity and Authentication Algorithms

1. What are the functions used to produce an authenticator? (APR/MAY 2019)

(NOV/DEC 2009) (Remember)
The functions that are used to produce the message authenticator includes,
 Message Encryption function
 Message Authentication code
 Hash Function

2. List the properties a digital signature should possess? (NOV/DEC 2009)

The digital signature must have the following properties:
 It must verify the author and the date and time of the signature.
 It must authenticate the contents at the time of the signature.
 It must be verifiable by third parties, to resolve disputes

3. What do you mean by MAC? (Remember)

MAC is Message Authentication Code. It is a function of message and secret key which
produce a fixed length value called as MAC.
MAC = Ck(M)
Where M = variable length message K = secret key shared by sender and receiver. CK (M)
= fixed length authenticator.

4. What is meant by Hash function? (APRIL/MAY 18) (Remember)

A hash function H accepts a variable-length block of data M as input and produces a fixed-
size hash value h = H(M). The principal objective of a hash function is data integrity. A change
to any bit or bits in M results, with high probability, in a change to the hash code. The kind of
hash function needed for security applications is referred to as a cryptographic hash function.

5. Mention the fundamental idea of HMAC. (APR/MAY 2009) (Remember)

The fundamental idea behind HMAC is to reuse the existing message digest algorithm such
as MD5 and SHA – 1. It treats the message digest as a black box. Additionally it uses the
shared symmetric key to encrypt the message digest which produces the output MAC.

6. What do you mean by one way property in hash function? (APR/MAY 2011)(NOV/DEC
2012) (Remember)
The one way property of hash function indicates that it is easy to generate a code given a
message, but virtually impossible to generate a message given a code. This property is
important if the authentication technique involves the use of a secret value.
 For any given value h, it is computationally infeasible to find x such that H(x) = h – one
way property.
 For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x) –
weak collision resistance.
 It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) – strong
collision property

7. What is weak collision Resistance? (APR/MAY 2013) (Remember)

For a hash value, h=H(x) we say that x is the pre image of h. That is x is a data block whose
hash function, using the function H, is h. Because H is a many-to-one mapping, for any given
hash value h, there will in general be multiple pre images. A collision occurs if we have x≠y
and H(x) = H(y).The weak collision resistance states that for any given block x, it is
computationally infeasible to find y ≠ x with H(y) = H(x).
8. Mention the significance of signature function in Digital Signature Standard (DSS)
approach.
(NOV/DEC 2017) (Remember)
A digital signature is represented in a computer as a string of binary digits. A digital
signature is computed using a set of rules and a set of parameters such that the identity of the
signatory and integrity of the data can be verified.
An algorithm provides the capability to generate and verify signatures. Signature generation
makes use of a private key to generate a digital signature. Signature verification makes use of a
public key which corresponds to, but is not the same as, the private key.

9. How a digital signature differs from authentication protocols? (APRIL/MAY 18)

(Remember)
MACs can be created from unkeyed hashes (e.g. with the HMAC construction), or
created directly as MAC algorithms.
A (digital) signature is created with a private key, and verified with the corresponding
public key of an asymmetric key-pair. Only the holder of the private key can create this
signature, and normally anyone knowing the public key can verify it. Digital signatures don't
prevent the replay attack mentioned previously.

10. Define the term message digest.) (NOV/DEC 2018)

A message digest is a cryptographic hash function containing a string of digits created by a
one-way hashing formula

11. Contrast various SHA algorithms. (NOV/DEC 2018)

SHA-0: The original version of the 160-bit hash function published in 1993 under the name
"SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and
replaced by the slightly revised version SHA-1.

SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was
designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm.

SHA-2: A family of two similar hash functions, with different block sizes, known as SHA- 256
and SHA-512. SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.

SHA-3: It supports the same hash lengths as SHA-2, and its internal structure differs
significantly from the rest of the SHA family.

12. What is the purpose of X.509 standard?

X.509 defines framework for authentication services by the X.500 directory to its
users.X.509 defines authentication protocols based on public key certificates.

13. What you mean by VeriSign certificate?

Mostly used issue X.509 certificate with the product name “Verisign digital id”. Each digital
id contains owner’s public key,owners name and serial number of the digital id.

14. What is Kerberos? What are the uses?

Kerberos is an authentication service developed as a part of project Athena at MIT.Kerberos
provides a centralized authentication server whose functions is to authenticate servers.

15. What entities constitute a full service in Kerberos environment? (Remember) [NOV/DEC
19]
A full service environment consists
of a Kerberos server,
Number of clients, and Number of application servers.
 Part B & C Questions

1. Explain Digest signature algorithm (DSA) in detail. (APR/MAY 2009)

(APR/MAY 2017) (Understand)

2. Explain breifly about the architecture and certification mechanisms in kerberos and X.509.
(APRIL/MAY 18) (Understand)

3. Illustrate about SHA algorithm and explain? (NOV/DEC 2011) (APR/MAY 2013)
(NOV/DEC 2013) (NOV/DEC 2017)

4. Suggest and explain about an authentication scheme for mutual authentication between
the user and the server which relies on symmetric encryption.

5. How Hash function algorithm is designed? Explain their features and properties.

6. Describe digital signature algorithm and show how signing and verification is done using
DSS.

7. Consider a banking application that is expected to provide cryptographic functionalities.

Assume that this application is running on top of another application wherein the end
customers can perform a single task of fund transfer. The application requires cryptographic
requirements based on the amount of transfer.

Transfer Amount Cryptography Functions

Required
1 – 2000 Message Digest
2001 – 5000 Digital Signature
5000 and above Digital Signature and Encryption

Suggest the security scheme to be adopted in client and server side to accommodate
the above requirements and justify your recommendations

8. i) Compare the uses of MAC and Hash function. Represent them using appropriate
diagrams.
(Understand) [NOV/DEC 19]
ii) List down the advantages of MD5 and SHA Algorithm

9. Explain ElGamal public key crypto system with example.

 UNIT V - Cyber Crimes and Cyber
Security

1 Define cyber-crime?
Cyber-crime is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offense(child pornography, hate crimes).
Internet connected activities are as vulnerable to crime. Computer crime is any illegalactivity
that is perpetrated through the use of a computer.

2 Which are the elements of cyber-crime?

Location/Place: Where offender is in relation to crime.
Victim: Target of offense-Government, corporation, organization, individual Offender: Who
the offender is in terms of demographics, motivation, level of sophistication?Action: What is
necessary to eliminate threat?

3 What is cyber security?

Cyber security is a potential activity by which information and other communication systems
are protected from and/or defended against the unaurhorized us or modification or
exploitationor even theft. Cyber security is a well-designed technique to protect computers,
networks, different programs, personal data, etc. from unauthorized access.

4 What are the classifications of cybercrimes?

Classifications of cybercrimes are email spoofing, cyber stalking, unauthorized access
orcontrol over the computer system and indecent exposure.

5. What is password sniffing?

Password sniffing is a type of network attack in which an attacker intercepts data packets
thatinclude passwords. The attacker then uses a password-cracking program to obtain the
actual passwords from the intercepted data.

6 What is virtual crime.

The term is a general term that covers crimes like phishing, credit card frauds, bank
robbery,illegal downloading, industrial espionage, child pornography, kidnapping
children via chat rooms, scams, cyber terrorism, creation and/or distribution of viruses,
Spam and so on.

7. Explain Spyware.
Spyware is malicious software that enters a user's computer, gathers data from the device and
user, and sends it to third parties without their consent. A commonly accepted spyware
definition is a strand of malware designed to access and damage adevice without the user's
consent.

8. What is SQL injection?

SQL injection is a code injection technique that might destroy your database.
SQLinjection is one of the most common web hacking techniques.

9. What is network access control?

Network access control (NAC) is a security solution that enforces policy on devices
thataccess networks to increase network visibility and reduce risk.
10. Define cloud computing.
Cloud computing is the on-demand delivery of IT resources over the Internetwith pay-as-
you-go pricing. Instead of buying, owning and maintaining.
11. Write short note on key loggers.

Keyloggers, or keystroke loggers, are tools that record what a person types on a device.
Whilethere are legitimate and legal uses for keyloggers, many uses for keyloggers are
malicious. In a keylogger attack, the keylogger software records every keystroke on the
victim's device andsends it to the attacker.

12. What is hardware key loggers?

It is a device that is used for recording the keystrokes. It starts its applications when it is been
plugged in. Now the information gets stored in the device. So to retrieve the data
hackers/attackers have to physically access that. Now there might be an option to retrievethe
data from the hardware keylogger remotely.

13. What is software keyloggers?

A keylogger is a form of malware or hardware that keeps track of and records your
keystrokes as you type. It takes the information and sends it to a hacker using a command-
and-control (C&C) server.

14. What is web security?

Web security refers to protecting networks and computer systems from damage to or the
theftof software, hardware, or data. It includes protecting computer systems from misdirecting
or disrupting the services they are designed to provide.

15. Write about the fuel for cybercrimes?

A Botnet (also called as zombie network) is a network of computers infected with a malicious
program that allows cybercriminals to control the infected machines remotely without the
users'knowledge.

16. What if Cyber Offenses?

Any criminal activity that uses a computer either as an instrumentality, target or a means
for perpetuating further crimes comes within the ambit of cyber crimes. A generalized
definition ofthe cyber crime may be “unlawful acts wherein the computer is either a tool
or target or both”.

17. Discuss about legal perspectives of Cybercrimes?

In Simple way we can say that cybercrime is unlawful acts wherein the computer is either a
tool or a target or both. Cybercrimes can involve criminal activities that are traditional in
nature, suchas theft, fraud, forgery, defamation and mischief, all of which are subject to the
Indian Penal Code.

18. Discuss the strengthening WEP.

Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless
Fidelity(Wi-Fi) standard, 802.11b. That standard is designed to provide a wireless local area
network (WLAN) with a level of security and privacy comparable to what is usually expected
of a wired LAN.

19. Define Wireless Security.

Wireless network security is the process of designing, implementing and ensuring security on
awireless computer network. It is a subset of network security that adds protection for a
wirelesscomputer network. Wireless network security is also known as wireless.
20. Discuss Example of Cyber Crime.
Cybercrime refers to illegal activities conducted in cyberspace, targeting computer
systems,networks, and individuals for financial gain or disruption. These nefarious activities
include phishing, ransomware attacks, identity theft, hacking, and distributed denial-of-
service(DDoS) attacks, among others.

21. Define types of cyber-crime.

Cybercrime refers to illegal activities conducted in cyberspace, targeting computer
systems,networks, and individuals for financial gain or disruption. These nefarious activities
include phishing, ransomware attacks, identity theft, hacking, and distributed denial-of-
service(DDoS) attacks, among others.

24. Define salami attacks.

A salami attack is a cybercrime that attackers typically use to commit financial crimes.
Criminalssteal money or resources from financial accounts on a system one at a time. This
attack occurs when several minor attacks combine to form a powerful attack.

25. Define Internet time thefts.

Hacking the username and password of ISP of an individual and surfing the internet at his
cost is Internet Time Theft. It is a cyber attack in which the network is chocked and often
collapsed by flooding it with useless traffic and thus preventing the legitimate network
traffic

26. What is Email bomb.

An email bomb is a means to perform a denial-of-service (DoS) attack on an email
server. Email bombing occurs when threat actors send tons of emails to a specific inbox
to overwhelm it and its corresponding server. The result? The target’s inbox and server
cease to function.

27. What is web Jacking.

In simplest terms, when attackers illegally gain control of an organisation's or individual's
website is known as Web Jacking. The hackers implant a fake website, which, when you
open it,
takes you to another fraudulent website, where the attackers try to extract sensitive information.

28. What is Hacking.

A commonly used hacking definition is the act of compromising digital devices and networks
through unauthorized access to an account or computer system. Hacking is not always a
malicious act, but it is most commonly associated with illegal activity and data theft by
cybercriminals.

29. What are tool and methods in cyber crime.

Various types of Cyber crime attack modes are 1) Hacking 2) Denial Of Service Attack 3)
Software Piracy 4) Phishing 5) Spoofing. Some important tool use for preventing cyber attack
are1)Kali Linux, 2) Ophcrack, 3) EnCase, 4) SafeBack, 5) Data Dumber

30. What is meant by password cracking?

Password cracking is the process of using an application program to identify an unknown or
forgotten password to a computer or network resource.
 Part B & C Questions

1. What is SQL Injection & How to Prevent SQL INJECTION?

2. Describe Classification of cybercrimes in details.
3. Describe Cybercrime Tools and Examples
4. Explain in details about Password Cracking.
5. What is a keylogger? Is a keylogger a virus?
6. Explain in details about Network Access control in details.
7. Explain details about web security what are the considerations used in web security.
8. Explain cloud security? What are some cloud security challenges?
How to manage Wireless security in the cloud? Benefits of
Wireless Security Syste