Consider a system having users U1, U2, U3 & files F1, F2 and F3 as F4. User U1 can read and write files F2 and F3. User U2 can read all the files but can perform write operation on F2. The user U3 can perform read operation on F3 and append on file F4. Now prepare access control matrix, access control list and capability list. [10]
IT Security Management, Risk Assessment and Security Auditing
1.
Describe security auditing architecture. [5]
2.
What is risk? How security risk analysis is done? [5]
Legal and Ethical Issues
1.
Discuss about different trust frameworks. [5]
2.
How copyright is different from patent? [5]
Malicious Software
1.
What is attack tree? Construct an attack tree for internet banking authentication. [5]
2.
Define zombies, bots and rootkits. [5]
Message Authentication
1.
What are properties of hash function? In a hash function SHA-1, how padded message is computed before hash function computation? Using elongated message blocks from $w_0$ to $w_{79}$ how can you compute the final hash value? For the 160 bit hash value represented by 5 words A, B, C, D, E, write the expressions for $A_{79}$, $B_{79}$, $C_{79}$ after the last pass of the algorithm? [10]
2.
What is digital signature? How it can be used for message authentication? [5]
Symmetric and Asymmetric Encryption Algorithms
1.
How encryption decryption is done in RSA? In RSA system, consider the public key of a given user is (3, 55). What is the private key d? What is the cipher text C, if message M= hi? [10]
2.
Write an algorithm for Extended Euclidean Algorithm. Illustrate the algorithm for a=84 and b=320. [5]
User Authentication
1.
Define authentication system with its components. How challenge-response system can be used as an authentication system? [5]