Q1. Define attack and explain the types of threats.

Ans. An action that compromises information security is called security attack. Network security attacks can be in the hardware, software, and data. A threat to a computing system is a set of circumstances with potential to cause loss or harm. The threats would be either human-initiated or computer-initiated. Though huge amounts of money are spent on network security measures, no one can guarantee it. The success depends upon the careful monitoring of network and quick isolation of the attack.

Attacks launched by trusted (inside) users: In this type of attack the user already has access to a lot of network resources and network policies are not very strict. Attacks launched by external individuals: In this type of attack the attacker generally has to put greater efforts, as most network security policies have stringent measures against external attackers. The attacker may be attacking just for fun or a highly experienced hacker. Some hackers can gain access to sensitive information which could be used to fuel identity theft. Hackers have the ability to gain access to personal e-mail accounts. Usually the hackers simply destroy data and leave the websites in an inoperable state. There are many methods used to accomplish these unscrupulous objectives. Hence the damage caused by a network may vary from little to severe. Some of the damages caused are as under: Damage or destruction of computer systems. Damage or destruction of internal data. Loss of sensitive information to hostile parties. Use of sensitive information to steal elements of monitory value. Use of sensitive information against the customers which may result in legal action by customers against the organization and loss of customers. Damage to the reputation of an organization. Monitory damage, due to loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the reputation of the organization.

Q2. What is security attack? Explain with examples.

Security is a basic element of every network design. Sometimes a system's security can malfunction and diminish the value of its assets. The network security system identifies weaknesses of a system and ensures that no data is disclosed to unauthorised parties or modified in illegitimate ways. Information systems and networks should be resistant to attack from threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.

Passive attack
Passive attacks may relate to traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

Active attack
In an active attack, the attacker tries to bypass or break into secured systems by introducing malicious code. Active attacks result in the disclosure of data files or modification of data.

Distributed attack
A distributed attack requires that the adversary introduce code to a trusted component or software that will later be distributed at the factory or during distribution to gain unauthorised access to information or to a system function at a later date.

Close-in attack
A close-in attack takes place when someone trying to get physically close to network components for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.

Phishing attack
Phishing is done by creating a fake website that looks like the original and is used to record username and password of the users.

Hijack attack
In a hijack attack, a hacker takes over a session between two individuals and disconnects the communication. Sensitive information may be sent to the hacker by accident.

Spoof attack
This may be an attempt to bypass firewall rules by modifying the source address of the packets.

Buffer overflow
Excess data is sent to an application than it can handle and usually results in the attacker gaining administrative access.

Exploit attack
The attacker knows of a security problem within an operating system or a piece of software and leverages it.

Password attack
An attacker tries to crack the stored passwords. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack.

Q3. Explain different characteristics that identify a good encryption technique.

Ans. An algorithmic scheme that encodes plain text into non-readable form so that an unauthorised person cannot access the information is known as encryption. When the message reaches the actual receiver, the encrypted text is returned to its original plain text using the decrypt algorithm. Today, web browsers encrypt text automatically when connected to a secure server. The server decrypts the text upon its arrival, but as the information travels between computers, interception of the transmission will not be fruitful to anyone listening in. There are several encryption techniques, but not all of them are reliable. Initially, 64-bit encryption was considered quite strong. But today 128-bit is the standard.

Characteristics of a good encryption technique

It should be easy to install and use. The implementation of the algorithm in electronic devices should be cost-effective. The algorithm should be flexible, so it could be adapted to many different kinds of applications. It should have a strong encryption algorithm, shredding of original files after encryption, reliability of data after encryption/decryption and a password strength meter to ensure a strong password. The security of the algorithm should be completely in the key, and not in the algorithm itself. Errors in ciphering should not propagate and cause corruption of further information in the message. The enciphering algorithm and set of keys used should be less complex. This principle implies that we should restrict neither the choice of keys nor the types of plaintext on which the algorithm can work. Furthermore, the key must be transmitted, stored, and remembered, so it must be short. The amount of secrecy needed should determine the amount of labour necessary for encryption and decryption. Even a simple cipher may be strong enough to deter the casual interceptor for a short time. For secure data encryption the algorithm should have following characteristics. There should not be a plaintext attack that is better than a brute force attack. The algorithm should contain a no commutative combination of substitution and permutation, except for public key algorithms. The algorithm should include substitutions and permutations under the control of both the input data and the key. Redundant bit groups in the plaintext should be totally obscured in the ciphertext. Any possible key should produce a strong cipher. The size of the original message and that of enciphered text should be almost the same.

Q4. Compare Symmetric and Asymmetric Encryption Systems.

Ans. Symmetric encryption algorithm Symmetric encryption uses a key which can be any set of characters when that key is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the key, they can encrypt and decrypt all messages that use this key. A common key is used to both encrypt and decrypt data. Therefore, the encryption key can be calculated from the decryption key and the decryption key can be calculated from the encryption key. The disadvantage of using a single password system for encryption is that the password that encrypts the file needs to be stored in plain text on the server for the application to encrypt the data automatically. If the server is ever compromised, the encryption password and database may both fall into the hands of the attacker. Asymmetric encryption algorithm Two keys are used to encrypt and decrypt data: a public key known to everyone and a private key known only to the receiver or sender of the message. Only the public key can be used to encrypt messages and the corresponding private key can be used to decrypt them. Most websites processing financial information and other sensitive information are protected by SSL encryption and secure certificates which are part of an asymmetric encryption system.

Fundamental difference between Symmetric and Asymmetric Algorithms are as follows:

Symmetric Algorithms Speed is fast Size of cipher text is usually the same or less than that of the plain text Number of keys used is the square of the number of participants. Key exchange is a major problem (hence, algorithms like the Diffie-Hellman Key Exchange algorithm are used) More storage space required

Asymmetric Algorithms Slower in Speed Cipher text size is usually greater than that of the plain text Number of keys used is same as the number of participants. Key exchange is no problem

Less storage space required

Q5. Give the Overview of DES Algorithm.

Ans. The Data Encryption Standard (DES) specifies an algorithm used for cryptographic protection of computer data. The algorithm specifies both enciphering and deciphering operations based on a key. Data can be recovered from cipher only by using exactly the same key used to encipher it. The data encryption algorithm is a combination of both substitution as well as transposition technique. It uses both the technique repeatedly i.e., one on the top of other for a total of 16 cycles. The algorithm begins by encrypting the plaintext as blocks of 64 bits. The key is 64 bits long, but in fact it can be any 56-bit number. The extra 8 bits are often used as check. The least significant (right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.

Double DES
For greater secrecy double data encryption standard was implemented, which required larger computing power. The double encryption works in the following way. Taking two keys, k1 and k2, and performing two encryptions, one on top of the other. In theory, this approach should multiply the difficulty of breaking the encryption. This assumption is false. Double encryption only doubles the work for the attacker.

Triple DES
Triple DES uses the same two keys as double DES but applies them in three operations adding greater strength. Text is encrypted with one key, decrypted with the second, and encrypted with the first again. Triple DES doubles the effective key length. But a 112-bit effective key length is quite strong and effective against all known attacks.

Q6. Explain RSA Technique with an example.

Ans. Rivest, Shamir, and Adleman invented RSA in 1978. RSA is an Internet encryption and authentication system and uses two keys: a private key and a public key. The RSA technique provides authentication as well as encryption. With RSA, a key can be used as either the public or the private key. The RSA algorithm involves multiplying two large prime numbers and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key. Once the keys have been developed, the original prime numbers can be discarded. Both the public and the private keys are needed for encryption /decryption but only the owner of private key needs to know it. Using the RSA system, the private key is used to decrypt text that has been encrypted with the public key. Anyone can use the public key to encrypt a message. But if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message. Whether breaking RSA encryption is as hard as factoring is an open question known as the RSA problem. Example: Suppose Alice wishes to send Bob the message "HELLO WORLD" in such a way that Bob will be sure that Alice sent it. She enciphers the message with her private key and sends it to Bob. As indicated above, the plaintext is represented as 07 04 11 11 14 26 22 14 17 11 03. Using Alice's private key, the ciphertext is 0753 mod 77 = 35 0453 mod 77 = 09 1153 mod 77 = 44 ... 0353 mod 77 = 05 or 35 09 44 44 93 12 24 94 04 05. Besides origin authenticity, Bob can be sure that no letters were altered. Providing both confidentiality and authentication requires enciphering with the sender's private key and the recipient's public key.