CS.com

Important RGPV Question, AL-604, (B) Information Security & Management, VI Sem, AIML

Important RGPV Question

AL-604 (B), Information Security & Management

VI Sem, AIML

UNIT-I: Introduction and Mathematical Foundation

  1. Define the need for information security in modern organizations. Why is it critical in today’s digital world?
  2. Explain the difference between a threat, vulnerability, and exploit with suitable examples.
  3. What is the CIA triad? Describe each component and its significance in information security.
  4. Discuss the principle of non-repudiation. How does it enhance security in digital transactions?
  5. Classify security attacks into active and passive attacks. Provide two examples of each.
  6. What is a prime number? Explain its role in cryptographic algorithms.
  7. Solve the following using modular arithmetic: Find the value of 15 mod 7 and 20 mod 3.
  8. State Fermat’s Theorem. How is it applied in cryptographic systems?
  9. Explain Euler’s Theorem with an example. Why is it important in cryptography?
  10. Describe the Euclidean Algorithm. Demonstrate its use to find the GCD of 48 and 18.
  11. What is the Chinese Remainder Theorem? Solve: x ≡ 2 (mod 3), x ≡ 3 (mod 5).
  12. Explain the concept of discrete logarithms and their significance in public-key cryptography.
  13. Compare authentication and authorization. How do they contribute to security principles?
  14. What are the challenges in achieving perfect security? Discuss with reference to security principles.
  15. Analyze a real-world security attack (e.g., phishing) and classify it based on its type and impact.

UNIT-II: Symmetric Key Cryptography

  1. What is classical cryptography? Differentiate between substitution and transposition ciphers.
  2. Explain the substitution cipher with an example. How can it be cryptanalyzed?
  3. Describe the transposition cipher. Demonstrate its working with a simple example.
  4. What is the Data Encryption Standard (DES)? Discuss its structure and key size.
  5. Compare DES and 3DES. Why was 3DES introduced?
  6. Explain the Advanced Encryption Standard (AES). How does it differ from DES in terms of security?
  7. What are modes of operation in symmetric cryptography? Describe ECB and CBC modes.
  8. Discuss the advantages and disadvantages of the Electronic Codebook (ECB) mode.
  9. Explain how Cipher Block Chaining (CBC) mode enhances security compared to ECB.
  10. What is linear cryptanalysis? How can it be used to attack symmetric ciphers?
  11. Describe differential cryptanalysis. Provide an example of its application on DES.
  12. Why is cryptanalysis important in evaluating symmetric key ciphers? Discuss with examples.
  13. Compare the security strengths of DES, 3DES, and AES against modern computational power.
  14. Design a simple substitution cipher and demonstrate its encryption and decryption process.
  15. Analyze the impact of weak key management on the security of symmetric key cryptography.

UNIT-III: Asymmetric Key Cryptography

  1. What is asymmetric key cryptography? How does it differ from symmetric key cryptography?
  2. Explain the importance of key distribution in cryptographic systems. Discuss its challenges.
  3. Describe the Diffie-Hellman Key Exchange algorithm with a step-by-step example.
  4. What is the RSA algorithm? Explain its encryption and decryption process.
  5. Discuss the role of prime numbers in the RSA algorithm. Why are large primes preferred?
  6. Explain the Elliptic Curve Cryptography (ECC). How does it compare to RSA in terms of efficiency?
  7. What are the advantages of ECC over traditional asymmetric algorithms like RSA?
  8. Describe a man-in-the-middle attack on the Diffie-Hellman Key Exchange. How can it be prevented?
  9. What is a brute-force attack on a cryptosystem? Discuss its feasibility against RSA.
  10. Explain a chosen-ciphertext attack. How can asymmetric systems defend against it?
  11. Discuss the role of key management in asymmetric cryptography. Why is it critical?
  12. Compare the computational complexity of RSA and ECC for equivalent security levels.
  13. How does the key size impact the security of asymmetric algorithms? Provide examples.
  14. Analyze the impact of quantum computing on asymmetric key cryptography algorithms.
  15. Design a simple scenario where Diffie-Hellman is used to establish a shared secret key.

UNIT-IV: Authentication & Integrity

  1. What is a Message Authentication Code (MAC)? Explain its role in ensuring integrity.
  2. Describe the properties of a good hash function. Why are they important for security?
  3. Compare SHA-1 and SHA-256 in terms of security and performance.
  4. Explain the MD5 algorithm. Why is it considered insecure for modern applications?
  5. What is HMAC? How does it combine hash functions and secret keys for authentication?
  6. Discuss the concept of digital signatures. How do they ensure authenticity and integrity?
  7. Explain the role of authentication protocols in secure communication. Provide an example.
  8. What is authorization? How does it differ from authentication in access control?
  9. Describe the components of the X.509 Digital Certificate. Why is it widely used?
  10. Explain how access control mechanisms protect sensitive data in an organization.
  11. Discuss the vulnerabilities of weak hash functions like MD5 in real-world applications.
  12. How does a digital signature prevent repudiation in electronic transactions? Explain.
  13. Compare the security features of MAC and digital signatures in ensuring message integrity.
  14. Design a simple authentication protocol using HMAC for secure client-server communication.
  15. Analyze the role of X.509 certificates in establishing trust in e-commerce platforms.

UNIT-V: E-mail, IP, and Web Security

  1. What is Pretty Good Privacy (PGP)? Explain its role in securing e-mail communication.
  2. Compare PGP and S/MIME in terms of functionality and use cases.
  3. What is MIME? How does it enhance e-mail security when combined with S/MIME?
  4. Explain the IP Security (IPSec) protocol. Discuss its key components.
  5. What is the difference between Transport and Tunnel modes in IPSec?
  6. Describe the Secure Sockets Layer (SSL). How does it secure web communication?
  7. Explain the Transport Layer Security (TLS) protocol. How does it differ from SSL?
  8. What is Secure Electronic Transaction (SET)? Discuss its advantages and limitations.
  9. Define a firewall. Compare packet-filtering and application-level firewalls.
  10. What is an Intrusion Detection and Prevention System (IDPS)? Explain its types.
  11. Discuss the role of risk management in developing an information security strategy.
  12. Explain the components of a security plan for an organization’s IT infrastructure.
  13. Analyze the vulnerabilities exploited in a real-world web security attack (e.g., SQL injection).
  14. Design a simple e-mail security setup using PGP for a small organization.
  15. Discuss the challenges of implementing TLS in legacy web applications and their solutions.

— Best of Luck for Exam —