CRYPTOGRAPHY AND NETWORK SECURITY

TWO MARKS

Unit-1 Network Security

1. Specify the four categories of security threads?

Interception Interruption Fabrication Modification
2. Explain active and passive attack with example?
Passive attack
Monitoring the message during transmission. Eg. Interception
Active attack
Involves modification of data stream or creation of false data stream. Eg. Interruption
Fabrication Modification.

3. Compare block cipher with stream cipher with an example.

Stream cipher process the input stream continuously and produces one element at a time.
Eg. Ceaser cipher.
Block Cipher processes the input one block of elements at a time producing an output block for each
input block. Eg. DES.
Direct signature Arbitrated Signature
 Transport mode Tunnel Mode

4. What is meant by cryptography and cryptanalysis?

Cryptography is an art of writing hidden messages. It is a historical (or) forensic approach.
Cryptanalysis is the process of analyzing hidden messages. It is a statistical (or) approach.
5. Differentiate conventional (symmetric) from public key (asymmetric)
encryption.

Conventional Encryption Public-Key Encryption

Needed to Work: Needed to work:
1. The same algorithm with the same 1. One algorithm is used for encryption
key is used for encryption and and decryption with a pair of keys,
decryption. one for encryption and one for
2. The sender and receiver must share decryption.
the algorithm and the key. 2. The sender and receiver must each
have one of the matched pair of keys
(not of the same one).
Needed for Security: Needed for security:
1. The key must be kept secret. 1. One of the two keys must be kept
2. It must be impossible or atleast secret.
impractical to decipher a message 2. It must be impossible or at least
if no other information is available. impractical to decipher a message if
3. Knowledge of the algorithm plus no other information is available.
samples of ciphertext must be 3. Knowledge of the algorithm plus one
insufficient to determine the key. of the keys plus samples of the
ciphertext must be insufficient to
determine the other key.

1. Distinguish between passive attack and active attack with reference to X.800.
Passive attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. It includes release of message contents and Traffic analysis. Passive attacks are
very difficult to detect because they do not involve any alteration of data. However, it is feasible
to prevent the success of these attacks, usually by means of encryption.
Active attacks: Active attack involves some modification of the data stream or the creation of a
false data stream and can be subdivided into four categories namely as a masquerade, replay,
modification of messages and the denial of service attack.

6. What is encipherment?
The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm and
zero or more encryption keys.
8. What is a passive attack?
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.

9. What is the difference between a monoalphabet cipher and a polyalphabetic

cipher?
Monoalphabetic cipher is a monoalphabetic cipher is a substitution cipher in which the
cipher alphabet is fixed through the encryption process. All of the substitution ciphers we have
seen prior to this handout are monoalphabetic; these ciphers are highly susceptible to frequency
analysis. Polyalphabetic Cipher is a polyalphabetic cipher is a substitution cipher in which the
cipher alphabet changes during the encryption process.
10. What is the avalanche effect?
In cryptography, the avalanche effect refers to a desirable property of
cryptographic algorithms, typically block ciphers and cryptographic hash functions. The
avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit)
the output changes significantly (e.g., half the output bits flip). In the case of high-quality block
ciphers, such a small change in either the key or the plaintext should cause a drastic change
in the ciphertext.

6. What are the different modes of operation in DES?

1. Double DES
2. Triple DES
3. Electronic Code Book
4. Counter mode
5. Cipher block chaining mode
6. Cipher Feedback mode

7. What is DES?
Data Encryption Standard (DES) is a widely-used method of data encryption using a
private (secret) key. DES applies a 56-bit key to each 64-bit block of data. The process can run
in several modes and involves 16 rounds or operations.

8. Compare the symmetric and asymmetric key cryptography.

Symmetric Encryption uses a single secret key that needs to be shared among the people
who needs to receive the message while Asymmetric encryption uses a pair of public
key, and a private key to encrypt and decrypt messages when communicating.
1. Symmetric Encryption is an age old technique while asymmetric Encryption is
relatively new.
2. Asymmetric Encryption was introduced to complement the inherent problem of the
need to share the key in symmetric encryption model eliminating the need to share the key by
using a pair of public-private keys.
2. How does Diffie-Hellman key exchange achieve security?
Diffie–Hellman key exchange is a specific method of exchanging cryptographic keys. It
is one of the earliest practical examples of key exchange implemented within the field
of cryptography. The Diffie–Hellman key exchange method allows two parties that have no
prior knowledge of each other to jointly establish a shared secret key over an
insecure communications channel. This key can then be used to encrypt subsequent
communications using a symmetric key cipher.

8. What is a hash function?

A hash function H is a transformation that takes a variable-size input m and returns a
fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just
this property have a variety of general computational uses, but when employed in cryptography
the hash functions are usually chosen to have some additional properties.

9. What are the types of attacks addressed by message authentication?

There are four types of message authentication:
 1. Masquerade: Insertion of messages into the network from a fraudulent source. This
includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgments of message receipt or no
receipt by someone other than the message recipient.
2. Content modification: Changes to the contents of a message, including insertion,
deletion, transposition, and modification.
3. Sequence modification: Any modification to a sequence of messages between parties,
including insertion, deletion, and reordering.
4. Timing modification: Delay or replay of messages. In a connection-oriented
application, an entire session or sequence of messages could be a replay of some previous
valid session, or individual messages in the sequence could be delayed or replayed. In a
connectionless application, an individual message (e.g., datagram) could be delayed or
replayed.

Why does PGP generate a signature before applying compression?

The signature is generated before compression due to 2 reasons:
It is preferable to sign an uncompressed message so that one can store only the
uncompressed message together with the signature for future.

2. Write the four SSL Protocols.

1. SSL Handshake protocol
2. SSL Change cipher spec. protocol
3. SSL Alert Protocol
4. SSL Record Protocol

3. What is meant by S/MIME?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public
key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a
number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally
developed by RSA Data Security Inc. The original specification used the IETF MIME specification with
the de facto industry standard PKCS secure message format. Change control

to S/MIME has since been vested in the IETF and the specification is now layered
on cryptographic message syntax.

Give the benefits of IP security?

Mention the application of IP security?

Network level peer authentication
Data origin authentication
Replay protection

4. What are the services provided by IPSec?

The services provided by IPSec are authentication, confidentiality and key management
authentication. It ensures the identity of an entity. Confidentiality is protection of data from
unauthorized disclosure. Key management is generation, exchange, storage, safeguarding, etc.
of keys in a public key cryptography.

5. What is meant by replay attack?

A replay attack (also known as playback attack) is a form of network attack in which a
valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out
either by the originator or by an adversary who intercepts the data and retransmits it, possibly
as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

6. What is the difference between an SSL connection and SSL session?

Connection is a transport that provides a suitable type of service. For SSL, such
connections are peer-topeer relationships. The connections are transient. Every connection is
associated with one session. Session: An SSL session is an association between a client and a
server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic
security parameters, which can be shared among multiple connections. Sessions are used to
avoid the expensive negotiation of new security parameters for each connection.
7. Why does ESP include a padding field?
The ciphertext needs to end on an eight octet boundary because the Authentication data
field is properly aligned in the packet. This is what the protocol expects and if it doesn't follow
the rules, it's considered to contain an error in the packet. It's like English or other languages.
We expect sentences to end with a period so we know where one sentence ends and the other
begins.

11. What are the services provided by IPSec?

1. Access control
2. Connectionless integrity
3. Data origin authentication
4. Rejection of replayed packets

1. Define –Virus
Computer Viruses is defined as the malicious software programs that damage computer
program entering into the computer without the permission of the users, and also run against the
wishes of the users. They are replicated by themselves. Viruses are so dangerous and malicious
that they can be automatically copied and pasted from memory to memory over and over.
Types of virus:
Boot sector Virus
Macro virus
Multipartite Virus
Stealth virus

2. What is application level gateway?

An application gateway or application level gateway (ALG) is a firewall proxy which
provides network security. It filters incoming node traffic to certain specifications which mean
that only transmitted network application data is filtered. Such network applications include File
Transfer Protocol (FTP), Telnet, Real Time Streaming Protocol (RTSP) and BitTorrent.

3. List out the design goals of firewalls.

 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This
is achieved by physically blocking all access to the local network except via the
firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3. The firewall itself is immune to penetration. This implies the use of a hardened system
with a secured operating system.

4. What is meant by intrusion detection system?

An intrusion detection system (IDS) is a type of security software designed to
automatically alert administrators when someone or something is trying to compromise
information system through malicious activities or through security policy violations. An IDS
works by monitoring system activity through examining vulnerabilities in the system, the
integrity of files and conducting an analysis of patterns based on already known attacks. It also
automatically monitors the Internet to search for any of the latest threats which could result in a
future attack.
5. What are audit reports? Writ its two forms.
An information security audit is an audit on the level of information security in an

organization. Within the broad scope of auditing information security there are multiple types of
audits, multiple objectives for different audits, etc. Most commonly the controls being audited
can be categorized to technical, physical and administrative. Auditing information security
covers topics from auditing the physical security of data centers to auditing the logical security
of databases and highlights key components to look for and different methods for auditing these
areas.

6. Define Password Protection

Password protection is defined as a security process that protects information accessible
via computers that needs to be protected from certain users. Password protection allows only
those with an authorized password to gain access to certain information.

7. What is meant by intruder?

A network is accessed by unauthorized user is called intrusion and the user is called as
intruder.
Classes of intruders:
Masquerader
Misfeasor
Clandestine user

8. What is meant by worm?

A computer worm is a self-replicating computer program that penetrates an operating
system with the intent of spreading malicious code. Worms utilize networks to send copies of
the original code to other computers, causing harm by consuming bandwidth or possibly
deleting files or sending documents via email. Worms can also install backdoors on computers.
What is honey pot?
A honeypot is a network attached system set up as a decoy to lure cyber attackers and to
detect, deflect or study hacking attempts in order to gain unauthorized access to information
systems.
9. What is meant by Trojan horse?
In computers, a Trojan horse is a program in which malicious or harmful code is
contained inside apparently harmless programming or data in such a way that it can get control
and do its chosen form of damage, such as ruining the file allocation table on your hard disk.
Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan
horse may be widely redistributed as part of a computer virus.
10. What is meant by logic bomb?
A logic bomb is a malicious program timed to cause harm at a certain point in
time, but is inactive up until that point. A set trigger, such as a preprogrammed date
and time, activates a logic bomb. Once activated, a logic bomb implements a
malicious code that causes harm to a computer. A logic bomb, also called slag code.

11. What are the steps in virus removal process?

Virus should be removed form the system by scanning process. The steps
include in this process are,
1. Backup your data
2. Check to ensure that other factors aren't causing your problem
3. Gather your antivirus tools
4. Reboot in Safe Mode
5. Run your scans
6. Test your computer

12. What is meant by generic decryption technology?

A generic decryption technology can detect most complex polymorphic viruses
with fast scanning speed.

13. What is meant by denial of service?

A denial of service is an attempt to prevent a genuine user of service from
using it. A "denial-of-service" attack is characterized by an explicit attempt by
attackers to prevent legitimate users of a service from using that service. Examples
include,
 Attempts to "flood" a network, thereby preventing legitimate network traffic.
Attempts
to disrupt connections between two machines, thereby preventing
access to a service.
 Attempts to prevent a particular individual from accessing a service.
 Attempts to disrupt service to a specific system or person.