Professional Documents
Culture Documents
Ans:Cryptography is the art of hiding messages by converting them into hidden texts. It is generally
done in order to transmit a message over insecure channels. On the other hand, cryptanalysis is the art of
decrypting or obtaining plain text from hidden messages over an insecure channel. It is also known as
code cracking.
b)What is a ceasercipher?
Ans: It is one the cryptographic technique. Here every input character is added to a offset value to get
the cipher text.
Ans: It is a cryptographi8c technique in which encryption is done with one key and decryption is done
with a different key. One of the key is known to all . This is called public key,the other is private key.
Ans: Encrypt first with Key 1, then encrypt again with Key 2, and finally, encrypt again with Key 1
–
Ans: A message digest is a cryptographic hash function containing a string of digits created by a one-
way hashing formula.The length of the message digest is same irrespective of the size of the input.
Ans: A digital signature is a digital code (generated and authenticated by public key encryption) which
is attached to an electronically transmitted document to verify its contents and the sender's identity.
Ans: it is deterministic so the same message always results in the same hash
->it is quick to compute the hash value for any given message
->it is infeasible to generate a message from its hash value except by trying all possible messages
->a small change to a message should change the hash value so extensively that the new hash
value appears uncorrelated with the old hash value
->it is infeasible to find two different messages with the same hash value
h) What is a nonce?
->Secure
->Reliable
->Transparent
->Scalable
Ans: A Kerberos realm is a set of managed nodes that share the same Kerberos database.
Ans:
->Any traffic going outside the system and moving into the system must pass through the firewall.
->Only local security policy authorized traffic will be able to get into and out of the firewall.
->Internal threats are often at bay as the firewall provides alert of a possible malware threat.
l) What is the difference between statistical anomaly detection and rule-based intrusion detection?
Ans: Statistical anomaly detection uses statistics formed from audit logs to detect anomalies from
normal user behavior.Another approach is rule-based anomaly detection. In this approach, the system
analyzes data from audit logs and automatically develops a set of rules to describe normal behavior
Ans:
Model contains 3M
include the encryption of the message, which scrambles the message so that it is
unreadable by the opponent, and the addition of a code based on the contents
of the message, which can be used to verify the identity of the sender.
->Some secret information shared by the two principals and, it is hoped,
unscramble it on reception.
->A trusted third party may be needed to achieve secure transmission. For
example, a third party may be responsible for distributing the secret information to
the two principals while keeping it from any opponent. Or a third party may be
needed to arbitrate disputes between the two principals concerning the authenticity
of a message transmission.
This general model shows that there are four basic tasks in designing a particular
security service: 3M
The algorithm should be such that an opponent cannot defeat its purpose.
iii) Develop methods for the distribution and sharing of the secret information.
iv) Specify a protocol to be used by the two principals that makes use of the security
Ans;
• Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
• Secret key: The secret key is also input to the encryption algorithm.The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the
the plaintext and the secret key. For a given message, two different keys will
plaintext.
Ans:
A transposition, in which elements in the plaintext are rearranged is called transposition cipher.
2M
The simplest such cipher is the rail fence technique, in which the plaintext is 4M
written down as a sequence of diagonals and then read off as a sequence of rows. For
example, to encipher the message “meet me after the toga party” with a rail fence of
mematrhtgpry
etefeteoaat
to write the message in a rectangle, row by row, and read the message off, column (row)by
column(row), but permute the order of the columns(rows). The order of the rows then
becomes the key to the algorithm. For example, the following is a row transposition cipher.
Key: 3421
Plaintext: a t t a c k p
ostpone
duntilt
woamxyz
Ciphertext: DUNTILTWOAMXYZOSTPONEATTACKP
Ans:
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST). 2M
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is
64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of
the key are not used by the encryption algorithm (function as check bits only). General Structure of DES
is depicted in the following illustration −
DES Structure 4M
Since DES is based on the Feistel Cipher, all that is required to specify DES is –
-.Round function
->Key schedule
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each other.
They have no cryptography significance in DES. The initial and final permutations are shown as follows
−
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost 32
bits to produce a 32-bit output.
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first need to
expand right input to 48 bits. Permutation logic is graphically depicted in the following illustration –
XOR (Whitener). − After the expansion permutation, DES does XOR operation on the expanded right
section and the round key. The round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes, each with
a 6-bit input and a 4-bit output. Refer the following illustration –
There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32 bit
section.
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation with rule
shown in the following illustration:
Key Generation :The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The
process of key generation is depicted in the following illustration –
his cryptosystem is one the initial system. It remains most employed cryptosystem even today.
The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and hence, it is
termed as RSA cryptosystem. 2M
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and secondly encryption-
decryption algorithms.
Each person or a party who desires to participate in communication using encryption needs to generate a
pair of keys, namely public key and private key. The process followed in the generation of keys is
described below −
->Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of
512 bits.
There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e and
(p – 1)(q – 1) are coprime.
The pair of numbers (n, e) form the RSA public key and is made public.
Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that
attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.
Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q - 1)
such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
4 b) Perform encryption and decryption using the RSA algorithm for the following:
Ans: n=p*q
phi(n)=(p-1)*(q-1)=20 2M
ciphertext c=pow(M,e)%n 3M
plaintext p=pow(c,d)%n
e=pow(5,7)%33=14
p=pow(14,3)%33=5
Ans;
Diffie Hellman was the first public key algorithm ever invented, in 1976. Alice and Bob want to
be able to generate a key to use for subsequent message exchange. The key generating exchange can take
place over an unsecure channel that allows eavesdropping. The ingredients to the protocol are: p, a large
prime and g, a primitive element of Zn. This means that all numbers n=1, ... , p-1 can be represented as n
= gi. These two numbers do not need to be kept secret. For example, Alice could send them to Bob in the
open. 2M
X=pow(g,x) mod p
Bob choses a large random integer y and sends Alice
Y=pow(g,y) mod p
Alice computes
k=pow(Y,x) mod p
Bob computes
k=pow(X,y) mod p
k is the key. k is equal to gxy mod p. In order to attack this scheme, an eavesdropper would need to know
how to calculate x from X or y from Y. This problem seems to be computationally hard.
5.b) How to solve Man – in – the Middle attack using Diffie-Hellman Key Exchange? 6M
Ans;
Diffie-Hellman is an asymmetric key algorithm used for public key cryptography. As well as
IPSec it is also used for SSL, SSH, PGP and other PKI systems. 2M
The Diffie-Hellman algorithm was created to address the issue of secure encrypted keys from
being attacked over the internet when in transmission, though using the Diffie-Hellman algorithm in
distributing symmetric keys securely over the internet.
The process works by two peers generating a private and a public key. Peer A would send it’s
public key to peer B and peer B would send it’s public key to peer A. Peer A would then use the public
key sent from peer B and it’s own private key to generate a symmetric key using the Diffie-Hellman
algorithm. Peer B would also take the same process as peer A and in turn produce the exact same
symmetric key as peer A, though enabling them to communicate securely over the in-secure internet.
Both peers can now encrypt, transmit and decrypt data using their symmetric keys.
However some concerns were found later within the Diffie-Hellman algorithm such as Man-in-
the-middle attacks as there is no authentication in place before keys are exchanged. How would peer B
know that it is about to exchange keys with peer A? It could easily be a hacker spoofing peer A’s identity.
This led to the more advanced public key cryptography in RSA. However using authentication methods
such as pre-shared keys and digital certificates to authenticate VPN gateways have overcome this issue.
So using Diffie-Hellman along side authentication algorithms is a secure and approved solution. Diffie-
Hellman is based on calculating discrete logarithms in a finite field. 4M
Ans;
A hash function H accepts a variable-length block of data Mas input and produces
a fixed-size hash value H=h(M) 2M
Algorithms: 4M
XOR:
This operation produces a simple parity for each bit position and is known as
SHA1:
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case
following steps are followed:
-> Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
-. Sender then signs the hash with his RSA private key and sends both the plaintext message and the
signed hash to the receiver.
-> After receiving the message, the receiver computes the SHA-l hash himself and also applies the
sender's public key to the signed hash to obtain the original hash H.
6 b) Discuss different types of attacks addressed by message authentication/ 6m
Ans: List:2M
Explaination:4M
recipient.
The direct digital signature involves only the communicating parties (source, destination). It is assumed
that the destination knows the public key of the source. A digital signature may be formed by encrypting
the entire message with the sender's private key or by encrypting a hash code of the
The problems associated with direct digital signatures can be addressed by using an
arbiter.As with direct signature schemes, there is a variety of arbitrated signature schemes. In general
terms,they all operate as follows. Every signed message from a sender X to a receiver Y goes first to an
arbiter A, who subjects the message and its signature to a number of tests to check its origin and
content. The message is then dated and sent to Y with an indication that it has been verified to the
satisfaction of the arbiter. The presence of A solves the problem faced by direct signature schemes: that
X might disown the message. 4M
Ans:
The DSS uses an algorithm that is designed to provide only the digital signature function. Unlike
RSA, it cannot be used for encryption or key exchange. Nevertheless, it is a public-key technique. The
DSS approach makes use of a hash function. The hash code is provided as input to a signature function
along with a random number k generated for this particular signature. The signature function also depends
on the sender's private key (PRa)and a set of parameters known to a group of communicating principals.
We can consider this set to constitute a global public key (PUG).
The result is a signature consisting of two components, labeled s and r.At the receiving end, the
hash code of the incoming message is generated. This plus the signature isinput to a verification function.
The verification function also depends on the global public key as well as the sender's public key (PUa),
which is paired with the sender's private key. The output of the verification function is a value that is
equal to the signature component r if the signature is valid. The signature function is such that only the
sender, with knowledge of the private key, could have produced the valid signature. 3M
DSA Algorithm 3M
q =prime divisor of (p 1), where 2159 < q < 2160; i.e., bit length of 160 bits
g = h(p 1)/q mod p, where h is any integer with 1 < h < (p 1) such that h(p 1)/q mod p > 1
y = gx mod p
Signing
Signature = (r, s)
Verifying
w = (s')-1 mod q
u1 = [H(M')w] mod q
u2 =(r')w mod q
TEST: v = r'
M = message to be signed
Ans:
List;2M
Explaination:4M
Ans:
List: 2M
Explaination: 4M
One of the two most publicized threats to security is the intruder (the other is
which such access is not authorized, or who is authorized for such access but
and uses this control to evade auditing and access controls or to suppress audit
collection
9 b) What are different types of firewalls? 6M
Ans: List: 2M
Explaination: 4M
This, the original type of firewall, operates inline at junction points where devices such as routers and
switches do their work.
However, this firewall doesn't route packets, but instead compares each packet received to a set of
established criteria -- such as the allowed IP addresses, packet type, port number, etc. Packets that are
flagged as troublesome are, generally speaking, unceremoniously dropped -- that is, they are not
forwarded and, thus, cease to exist.
Circuit-level gateways
Using another relatively quick way to identify malicious content, these devices monitor the TCP
handshakes across the network as they are established between the local and remote hosts to determine
whether the session being initiated is legitimate -- whether the remote system is considered trusted. They
don't inspect the packets themselves, however.
State-aware devices, on the other hand, not only examine each packet, but also keep track of whether or
not that packet is part of an established TCP session. This offers more security than either packet
filtering or circuit monitoring alone, but exacts a greater toll on network performance.
A further variant of stateful inspection is the multilayer inspection firewall, which considers the flow of
transactions in process across multiple layers of the ISO Open Systems Interconnection seven-layer
model.
Application-level gateways
This kind of device, technically a proxy, and sometimes referred to as a proxy firewall, combines some of
the attributes of packet filtering firewalls with those of circuit-level gateways. They filter packets not only
according to the service for which they are intended -- as specified by the destination port -- but also by
certain other characteristics, such as the HTTP request string.
While gateways that filter at the application layer provide considerable data security, they can
dramatically affect network performance.
Next-gen firewalls
This looser category is the most recent -- and least-well delineated -- of the types of firewalls. A
typical next-gen product combines packet inspection with stateful inspection, but also includes some
variety of deep packet inspection