Home Work 3

CSE404 : INFORMATION SECURITY & PRIVACY

Part A
Q:-1 Write the differences between trusted and un-trusted networks with suitable examples.
Sol. Trusted networks:
Such Networks allow data to be transferred transparently. The machines using a trusted
network are usually administered by an Administrator to ensure that private and secured data
is not leaked. Access to this network is limited. Computers using trusted networks are more
secured and confidential because of strong firewalls.

Untrusted networks:
Such networks are usually administered by the owners. They can allow improper access to
sensitive or personal data. These machines are usually separate. Such machines could me
more prone to attacks.

Trusted network is an open architecture for Network Access Control. The aim is to
enable operators of network for providing endpoint integrity at each every network
connection, which provides interoperability.
Untrusted Networks are controlled and configured by their owners. It could cause
improper access to sensitive data. For this reason the systems are isolated on a
separate sub-net and not allowed a direct access too many computer services.

Q:-2 Give real life examples to demonstrate the applications of cryptography.

Sol. Cryptography is best known as a way of keeping the contents of a message secret.
Confidentiality of network communications, for example, is of great importance for e-
commerce and other network applications. However, the applications of cryptography go far
beyond simple confidentiality. In particular, cryptography allows the network business and
customer to verify the authenticity and integrity of their transactions. If the trend to a global
electronic marketplace continues, better cryptographic techniques will have to be developed
to protect business transactions.
Sensitive information sent over an open network may be scrambled into a form that cannot be
understood by a hacker or eavesdropper. This is done using a mathematical formula, known
as an encryption algorithm, which transforms the bits of the message into an unintelligible
form. The intended recipient has a decryption algorithm for extracting the original message.
There are many examples of information on open networks, which need to be protected in
this way, for instance, bank account details, credit card transactions, or confidential health or
tax records. Cryptography is no longer the province of a specialized elite of mathematicians
and military operatives. Its potential cost-effective applications to modern
computer/communications systems .

Q:-3 Explain the concept of network security in detail.

Q:-4 Explain the concept of digital signatures with suitable example.
Sol. q4Hash value of a message when encrypted with the private key of a
person is his digital signature on that e-Document.Digital Signature of a
person therefore varies from document to document thus ensuring
authenticity of each word of that document. As the public key of the
signer is known, anybody can verify the message and the digital signature
provide Authenticity, Integrity and Non-repudiation to electronic
documents. To use the Internet as the safe and secure medium for e-
Commerce and e-Governance Each individual generates his own key pair
Public key known to everyone & Private key only to the owner.
Public Key – Used to verify the digital signature.
Private Key – Used for making digital signature.

Q:-5 Give the difference between symmetric and asymmetric cryptography with suitable
examples.
Sol. Symmetric-Crypto used techniques are DES, 3DES, AES
smaller keys / faster encryption because of simpler operations (e.g.
discrete log) Key agreement problem, Online, Efficient. same key used for
encryption and decryption.

Symmetric ciphers
• Main problem: key distribution
• Symmetric ciphers can be devided into
stream ciphers and block ciphers

Asymmetric-Crypto used techniques are RSA, ECC

1000x slower than DES, more complicated operations (e.g. modular

exponentiation)

RSA different key is used for encryption and decryption. Decryption key cannot be derived
from encryption key.

Asymmetric ciphers
• Said to be the most significant new development in cryptography in the last 300-400 years
– first described publicly by Hellman and Diffie in 1976
• The encryption key is public, decryption key secret
– anyone can encrypt a message but only the one who bknows the corresponding private key
can decrypt it.
• In practise asymmetric and symmetric algorithms are often used together, called hybrid
encryption
Q:-6 What is the role of cryptography in information security?
Sol. The protection of information in potentially hostile environments – is a crucial factor in
the growth of information-based processes in industry, business, and administration.
Cryptography is a key technology for achieving information security in communications,
computer systems, electronic commerce, and, more generally, in the emerging information
society. means protecting information and information systems from unauthorized access,
use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Computer security can focus on ensuring the availability and correct operation of a computer
system without concern for the information stored or processed by the computer.
Cryptography provides information security with other useful applications as well including
improved authentication methods, message digests, digital signatures, non-repudiation, and
encrypted network communications. Information security uses cryptography to transform
usable information into a form that renders it unusable by anyone other than an authorized
user; this process is called encryption. Information that has been encrypted (rendered
unusable) can be transformed back into its original usable form by an authorized user, who
possesses the cryptographic key, through the process of decryption. Cryptography is used in
information security to protect information from unauthorized or accidental disclosure while
the information is in transit (either electronically or physically) and while information is in
storage .