GOVERNMENT COLLEGE UNIVERSITY, FAISALABAD​

BSCS 8th Semester​

SESSION: Spring-2022​
COURSE CODE: CSI-619​
COURSE TITLE: Information Security​
MAX. MARKS: 80​
TIME ALLOWED: 01:40 Hours​
ROLL NO: ___________​
Credit Hours: 3(3-0)

Multiple-Choice Questions & Answers

1.​ Which of the following is defined as an attempt to steal, spy, damage, or

destroy computer systems, networks, or their associated information?
○​ a) Cyber-attack
○​ b) Computer security
○​ c) Cryptography
○​ d) Digital hacking​
Correct Answer: a) Cyber-attack
2.​ Which of the following is not a cybercrime?
○​ a) Denial of Service
○​ b) Man-in-the-Middle
○​ c) Malware
○​ d) AES​
Correct Answer: d) AES
3.​ Which of the following is a type of cyber-attack?
○​ a) Phishing
○​ b) SQL Injections
○​ c) Password Attack
○​ d) All of the above​
Correct Answer: d) All of the above
4.​ Which of the following is defined as an attempt to harm, damage, or
cause a threat to a system or network?
○​ a) Digital crime
○​ b) Threats
○​ c) System hijacking
○​ d) Cyber-attack​
Correct Answer: b) Threats
5.​ Which of the following online services' privacy cannot be protected
using Tor?
 ○​ a) Browsing data
○​ b) Instant messaging
○​ c) Login using ID
○​ d) Relay chats​
Correct Answer: c) Login using ID
6.​ Which of the following is the least strong security encryption standard?
○​ a) WPA3
○​ b) WPA2
○​ c) WPA
○​ d) WEP​
Correct Answer: c) WPA
7.​ Which of the following can diminish the chance of data leakage?
○​ a) Steganography
○​ b) Chorography
○​ c) Cryptography
○​ d) Authentication​
Correct Answer: a) Steganography
8.​ A ________ can gain access illegally to a system if the system is not
properly tested in the scanning and access-gaining phase.
○​ a) Security Officer
○​ b) Malicious Hacker
○​ c) Security Auditor
○​ d) Network Analyst​
Correct Answer: b) Malicious Hacker
9.​ In which phase do hackers install backdoors so they can maintain
access to the victim's system?
○​ a) Scanning
○​ b) Maintaining access
○​ c) Maintaining Access (Duplicate option)
○​ d) Gaining access​
Correct Answer: b) Maintaining access
10.​_________ is the tool used for this purpose.
○​ a) Powersploit
○​ b) Aircrack-ng
○​ c) Snort
○​ d) Nmap​
Correct Answer: b) Aircrack-ng
11.​_________ is the scrambled message produced as output.
○​ a) Plain Text
○​ b) Cipher Text
○​ c) Secret Key
○​ d) Cryptanalysis​
Correct Answer: b) Cipher Text
12.​The most important symmetric algorithm, all of which are block ciphers,
include DES, Triple DES, and ________.
○​ a) SHA
○​ b) RSA
○​ c) AES
○​ d) DSS​
Correct Answer: c) AES
13.​On average, ________ of all possible keys must be tried in order to
achieve success with a brute-force attack.
○​ a) One-fourth
○​ b) Half
○​ c) Two-thirds
○​ d) Three-fourths​
Correct Answer: b) Half
14.​The purpose of a ________ is to produce a "fingerprint" of a file,
message, or another block of data.
○​ a) Secret Key
○​ b) Digital Signature
○​ c) Key Stream
○​ d) Hash Function​
Correct Answer: d) Hash Function
15.​_________ is a block cipher in which the plaintext and ciphertext are
integers between 0 and n-1 for some n.
○​ a) SHA
○​ b) RSA
○​ c) AES
○​ d) DSS​
Correct Answer: b) RSA
16.​What data should be subject to a data classification scheme?
○​ a) Sensitive data
○​ b) Critical data
○​ c) Classified data
○​ d) All data​
Correct Answer: d) All data
17.​The original message or data that is fed into the algorithm is ________.
○​ a) Encryption Algorithm
○​ b) Public Key
○​ c) Decryption Algorithm
○​ d) Plain Text​
Correct Answer: d) Plain Text
18.​The ________ is the encryption algorithm run in reverse.
○​ a) Encryption Algorithm
○​ b) Public Key
○​ c) Decryption Algorithm
 ○​ d) Private Key​
Correct Answer: c) Decryption Algorithm
19.​Transmitted data stored locally are referred to as ________.
○​ a) Cipher Text
○​ b) DES
○​ c) Data at rest
○​ d) ECC​
Correct Answer: c) Data at rest
20.​Digital signatures and key management are the two most important
applications of ________ encryption.
○​ a) Private Key
○​ b) Public Key
○​ c) Preimage resistant
○​ d) Advanced​
Correct Answer: b) Public Key

SUBJECTIVE PART

Note: Attempt all questions.

Q.1 List and briefly define categories of security mechanisms. (20 Marks)

Answer:​
Security mechanisms are employed to detect, prevent, or recover from security
attacks. The key categories are:

●​ Encipherment (Encryption): Transforming data into an unreadable format to

maintain confidentiality.
○​ Example: Using AES (Advanced Encryption Standard) to encrypt a file.
●​ Digital Signatures: Attaching a cryptographic signature to a message to
verify the sender’s identity and ensure integrity.
○​ Example: Using RSA to sign an email digitally.
●​ Access Control: Restricting access to resources based on user identity and
roles.
○​ Example: Implementing user accounts with passwords and
permissions.
●​ Data Integrity: Ensuring data accuracy and immutability during transmission
or storage.
○​ Example: Using hash functions like SHA-256.
●​ Authentication Exchange: Verifying the identity of communicating entities.
○​ Example: Implementing Kerberos authentication.
●​ Traffic Padding: Introducing dummy data to conceal actual transmission
patterns.
 ○​ Example: Sending dummy packets along with real data to confuse
attackers.
●​ Routing Control: Ensuring secure data transmission paths.
○​ Example: Using VPNs for encrypted network communication.
●​ Notarization: Employing a trusted third party to verify data authenticity.
○​ Example: Utilizing certificate authorities (CAs) for digital certificates.

Q.2 Briefly define the difference between hashing and digital signatures.
(20 Marks)

Answer:

Hashing:

●​ Purpose: Ensures data integrity by generating a fixed-size hash from a given

input.
●​ Key Feature: A one-way function that makes it infeasible to reverse-engineer
the original input.
●​ Security: Detects unauthorized data modifications.
●​ Example: SHA-256, MD5 (MD5 is now considered insecure).

Digital Signatures:

●​ Purpose: Provides authentication, integrity, and non-repudiation.

●​ Key Feature: Uses asymmetric cryptography (public and private keys) to sign
message hashes.
●​ Security: Ensures sender authenticity and prevents repudiation.
●​ Example: RSA digital signatures, DSA (Digital Signature Algorithm).

Key Difference:

●​ Hashing secures data integrity, while digital signatures ensure integrity,

authentication, and non-repudiation.

Q.3 Define cryptography and explain symmetric key cryptography. (20

Marks)

Answer:

Cryptography: Cryptography is the practice of secure communication through data

transformation techniques that ensure confidentiality, integrity, authentication, and
non-repudiation.
Symmetric Key Cryptography: Symmetric key cryptography, also known as secret
key cryptography, employs the same key for both encryption and decryption.

Process:

1.​ A secret key is generated and securely shared.

2.​ The sender encrypts plaintext using the shared key.
3.​ The ciphertext is transmitted over an insecure channel.
4.​ The receiver decrypts the ciphertext using the same key.

Advantages:

●​ Faster than asymmetric encryption.

●​ Simpler implementation.

Disadvantages:

●​ Secure key distribution is challenging.

●​ Scalability issues arise with multiple users.

Examples:

●​ AES (Advanced Encryption Standard)

●​ DES (Data Encryption Standard)
●​ 3DES (Triple DES)
●​ Blowfish

Q.4a) List and briefly define categories of passive and active security
attacks. (10*2=20 Marks)

Answer:

Passive Attacks: (Monitoring without modification)

●​ Eavesdropping: Unauthorized interception of communications.

○​ Example: Sniffing network traffic for passwords.
●​ Traffic Analysis: Inferring communication details through transmission
patterns.
○​ Example: Analyzing encrypted message frequencies.

Active Attacks: (Modification or creation of malicious data)

●​ Masquerade: Impersonating an entity for unauthorized access.

○​ Example: Using stolen credentials to access a system.
●​ Replay: Capturing and resending valid data packets.
 ○​ Example: Replaying login authentication requests.
●​ Message Modification: Altering message content during transmission.
○​ Example: Changing financial transaction details.
●​ Denial of Service (DoS): Disrupting service availability by overwhelming
resources.
○​ Example: Flooding a server with traffic.
●​ Denial of Repudiation: Falsely denying message transmission.
○​ Example: A user denying an email they sent.

Q.4b) What is the difference between differential and linear

cryptanalysis? (10 Marks)

Answer:

Differential Cryptanalysis:

●​ Focus: Examines how differences in plaintexts affect ciphertexts.

●​ Method: Analyzes statistical patterns between input-output differences.
●​ Goal: Identify key relationships to break encryption.
●​ Target: Primarily block ciphers.

Linear Cryptanalysis:

●​ Focus: Uses linear approximations of encryption behavior.

●​ Method: Finds statistical biases in plaintext, ciphertext, and key bit relations.
●​ Goal: Recover key bits by leveraging these approximations.
●​ Target: Primarily block ciphers.

Key Differences:

●​ Approach: Differential cryptanalysis examines differences between plaintexts

and ciphertexts, while linear cryptanalysis uses linear algebra techniques.
●​ Analysis: Differential cryptanalysis observes change propagation; linear
cryptanalysis identifies statistical biases.
●​ Mathematical Basis: Differential cryptanalysis employs XOR differences,
whereas linear cryptanalysis uses correlation-based equations.