CRYPTOGRAPHAY & NETWORK SECURITY

Faculty Name : Dr. Anu Rathee Student name : Aman Balhara

Roll No.: 01014803118

Semester: 7th

lass: 12
Group: 1

Maharaja Agrasen Institute of Technology, PSP Area,

Sector – 22, Rohini, New Delhi – 110086

 CNS Assignment- Unit 1
Q1. Explain the four categories of security threats ?

The following four categories are typically used.

 Unstructured threats
 Structured threats
 Internal threats
 External threats

Unstructured Threats
Unstructured threats often involve unfocused assaults on one or more network
systems, often by individuals with limited or developing skills. The systems being
attacked and infected are probably unknown to the perpetrator. These attacks
are often the result of people with limited integrity and too much time on their
hands. Malicious intent might or might not exist, but there is always indifference
to the resulting damage caused to others.
The Internet has many sites where the curious can select program codes, such as
a virus, worm, or Trojan horse, often with instructions that can be modified or
redistributed as is. In all cases, these items are small programs written by a
human being. They aren’t alive and they can’t evolve spontaneously from
nothing. Some common terms to be aware of include the following:
Virus A program capable of replicating with little or no user intervention,
and the replicated programs also replicate.
Worm A form of virus that spreads by creating duplicates of itself on other
drives, systems, or networks. A worm working with an e-mail system
can mail copies of itself to every address in the e-mail system address
book. Code Red and Nimda are examples of high-profile worms that
have caused significant damage in recent years.
Trojan An apparently useful or amusing program, possibly a game or
horse screensaver, but in the background it could be performing other
tasks, such as deleting or changing data, or capturing passwords or
keystrokes. A true Trojan horse isn’t technically a virus because it
doesn’t replicate itself.

Structured Threats
Structured threats are more focused by one or more individuals with higher-level
skills actively working to compromise a system. The targeted system could have
been detected through some random search process, or it might have been
selected specifically. The attackers are typically knowledgeable about network
designs, security, access procedures, and hacking tools, and they have the ability
to create scripts or applications to further their objectives.
Structured attacks are more likely to be motivated by something other than
curiosity or showing off to one’s peers. Greed, politics, racism (or any
intolerance), or law enforcement (ironic) could all be motives behind the efforts.
Crimes of all types where the payoff isn’t directly tied to the attack, such as
identity theft or credit card information theft, are also motivations.

Internal Threats
Internal threats originate from individuals who have or have had authorized
access to the network. This could be a disgruntled employee, an opportunistic
employee, or an unhappy past employee whose access is still active. In the case of
a past network employee, even if their account is gone, they could be using a
compromised account or one they set up before leaving for just this purpose.

External Threats
External threats are threats from individuals outside the organization, often using
the Internet or dial-up access. These attackers don’t have authorized access to the
systems.
In trying to categorize a specific threat, the result could possibly be a combination
of two or more threats. The attack might be structured from an external source,
but a serious crime might have one or more compromised employees on the
inside actively furthering the endeavor.
Q2. Explain active and passive attack with example?

Active and Passive Attacks are security attacks. In Active attack, an attacker tries to
modify the content of the messages. Whereas in Passive attack, an attacker
observes the messages, copy them and may use them for malicious purposes.
Following are the important differences between Active Attack and Passive Attack.

Sr. Key Active Attack Passive Attack

No.

Modification In Active Attack, information is In Passive Attack, information

1
modified. remain unchanged.

Dangerous Active Attack is dangerous for Passive Attack is dangerous

2
For Integrity as well as Availability. for Confidentiality.

Attention Attention is to be paid on Attention is to be paid on

3
detection. prevention.

Impact on In Active Attack, system is In Passive Attack, system has

4
System damaged. no impact.

Victim Victim gets informed in active Victim does not get informed
5
attack. in passive attack.

System System Resources can be System Resources are not

6
Resources changed in active attack. changed in passive attack.

Q3. Write short notes on

 a. Security attacks

An insecure application could expose users and systems to various types of

damage. When a malicious party uses vulnerabilities or lack of security features to
their advantage to cause damage, it is called an attack. We'll take a look at
different types of attacks in this guide so you know what to look for when
securing your application.

Active attacks vs passive attacks

Attacks can be divided into two different types: active and passive.

Active attacks

With an active attack, the attacker tries to break into the application directly.
There are a variety of ways this could be done, from using a false identity to
access sensitive data (masquerade attack) to flooding your server with massive
amounts of traffic to make your application unresponsive (denial of service
attack).

Active attacks can also be done to data in transit. An attacker could modify your
application data before it gets to a user's browser, showing modified information
on the site or direct the user to an unintended destination. This is sometimes
called modification of messages.
Passive attack

With a passive attack, the attacker tries to collect or learn information from the
application but does not affect the application itself.

Imagine someone is eavesdropping on your conversation with friends and family,

collecting information about your personal life, who your friends are, and where
you hang out. The same thing could be done on your web traffic. An attacker
could capture data between the browser and the server collecting usernames &
passwords, users' browsing history, and data exchanged.
Defense against attacks

Attackers can directly harm your application or perform a malicious operation on

your site without you or your users noticing it. You need mechanisms to detect
and protect against attacks.

Unfortunately, there is no single solution to make your application 100% secure.

In practice, many security features and techniques are used in layers to prevent or
further delay the attack (this is called defense in depth). If your application
contains a form, you might check inputs in the browser, then on the server, and
finally at the database; you would also use HTTPS to secure the data in transit.

Wrap up

Since many attacks can happen without ever hitting your server, it is sometimes
hard to detect if attacks are happening or not. The good news is that web
browsers have powerful security features already built in. Follow the next topic
"How browser mitigates against attacks" to learn more.

b. Security services provided by cryptography

A range of cryptographic and non-cryptographic tools may be used to support

these services. While a single cryptographic mechanism could provide more than
one service, it cannot provide all services.

Confidentiality
When preventing disclosure of information to unauthorized parties is needed, the
property of confidentiality is required. Cryptography is used to encrypt the
information to make it unintelligible to everyone but those who are authorized to
view it. To provide confidentiality, the cryptographic algorithm and mode of
operation needs to be designed and implemented in such a way that an
unauthorized party will be unable to determine the keys that have been
 associated with the encryption or have the ability to derive the information
without using the correct keys.

Data Integrity
Data integrity provides assurance that data has not been modified in an
unauthorized manner after it was created, transmitted or stored. This means that
there has been no insertion, deletion or substitution done with the data. Digital
signatures or message authentication codes are cryptographic mechanisms that
can be used to detect both accidental modifications that might occur because of
hardware failure or transmission issues and deliberate modifications that might
be performed by an adversary. While non-cryptographic mechanisms can be used
to detect accidental modifications, they are not reliable
for detecting deliberate modifications.

Authentication
Cryptography can provide two types of authentication services:
1. Integrity authentication can be used to verify that non-modification has occurred
to the data.
2. Source authentication can be used to verify the identity of who created the
information, such as the user or system.
Digital signatures or message authentication codes are used most often to
provide authentication services. Key-agreement techniques might also be used to
provide this service.

Authorization
Authorization provides permission to perform a security function or activity. This
security service is often supported by a cryptographic service. Authorization is
generally granted after the successful execution of a source authentication
service.

Non-Repudiation
In key management, the term non-repudiation refers to the binding of a
certificate subject through the use of digital signature keys and digital certificates
to a public key. When non-repudiation is required for a digital signature key, it
means that the signature that has been created by that key has the support of
both the integrity and source authentication services of a digital signature. The
digital signature may also indicate a commitment by way of the certificate subject
in the same manner that a document with a handwritten signature would.
However, here are many aspects to be considered in making a legal decision
regarding non-repudiation and this cryptographic mechanism is considered only
one element to be used in that decision.

Combining Services
Combination of the above six security services is strongly advised. When
designing a secure system, designers usually begin by determining which security
systems are required to protect the information that will be contained and
processed by the system. Once the services have been determined, the
mechanisms that will best provide these services are considered.
Some of the mechanisms chosen might not be cryptographic in nature. For
example, physical security measures, such as identification badges or biometric
identification devices may be used to limit access to certain data for
confidentiality purposes. However, cryptographic mechanisms that include
algorithms, keys or other key material are generally the most cost-effective
methods for keeping information secure.

Q4. What is public key encryption?

Public key encryption, or public key cryptography, is a method of encrypting data
with two different keys and making one of the keys, the public key, available for
anyone to use. The other key is known as the private key. Data encrypted with the
public key can only be decrypted with the private key, and data encrypted with
the private key can only be decrypted with the public key. Public key encryption is
also known as asymmetric encryption. It is widely used, especially for TLS/SSL,
which makes HTTPS possible.
What is a cryptographic key
In cryptography, a key is a piece of information used for scrambling data so that it
appears random; often it's a large number, or string of numbers and letters.
When unencrypted data, also called plaintext, is put into an encryption algorithm
using the key, the plaintext comes out the other side as random-looking data.
However, anyone with the right key for decrypting the data can put it back into
plaintext form.

For example, suppose we take a plaintext message, "hello," and encrypt it with a
key*; let's say the key is "2jd8932kd8." Encrypted with this key, our simple "hello"
now reads "X5xJCSycg14=", which seems like random garbage data. However, by
decrypting it with that same key, we get "hello" back.

Plaintext + key = ciphertext:

hello + 2jd8932kd8 = X5xJCSycg14=

Ciphertext + key = plaintext:

X5xJCSycg14= + 2jd8932kd8 = hello

Q5. What is Hash Function? What are its various applications?

Hash functions are extremely useful and appear in almost all information security
applications.
A hash function is a mathematical function that converts a numerical input value
into another compressed numerical value. The input to the hash function is of
arbitrary length but output is always of fixed length.
Values returned by a hash function are called message digest or simply hash
values. The following picture illustrated hash function −

Features of Hash Functions

The typical features of hash functions are −
 Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length. This
process is often referred to as hashing the data.
 o In general, the hash is much smaller than the input data, hence hash
functions are sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash
function. Popular hash functions generate values between 160 and
512 bits.
 Efficiency of Operation
o Generally for any hash function h with input x, computation of h(x) is
a fast operation.
o Computationally hash functions are much faster than a symmetric
encryption.
Applications of Hash Functions
There are two direct applications of hash function based on its cryptographic
properties.

Password Storage

Hash functions provide protection to password storage.

 Instead of storing password in clear, mostly all logon processes store the
hash values of passwords in the file.
 The Password file consists of a table of pairs which are in the form (user id,
h(P)).
 The process of logon is depicted in the following illustration −

 An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the password
from hash value since hash function possesses the property of pre-image
resistance.

Data Integrity Check

Data integrity check is a most common application of the hash functions. It is used
to generate the checksums on data files. This application provides assurance to
the user about correctness of the data.

Q6. What is finite field? Explain with example .

Finite Fields

Finite Fields, also known as Galois Fields, are cornerstones for understanding any
cryptography. A field can be defined as a set of numbers that we can add, subtract,
multiply and divide together and only ever end up with a result that exists in our
set of numbers. This is particularly useful for crypto as we can deal with a limited
set of extremely large numbers.To have a finite field you need the following
properties (the dot symbol · denotes the remainder after multiplying/adding two
elements):

 Closed — any operation performed with elements from the set returns an
element contained in the original set.

 Associative — if you have (a· b) ·c, it’s the same as a ·(b ·c)

 Identity — there exists a neutral element (usually 1) such that a · 1 = a

 Inverse — within the set there’s another element such that a · (a)^-1= 1

 Commutative — the order of operations doesn’t matter: a · b = b · a

The most crucial property of a finite field is that it has p^m elements where p is a
prime number and m is whatever you choose. A finite field with 11 elements can
be defined as GF(11^1). A finite field with 256 elements would be written
as GF(2^8). You can’t have a finite field with 12 elements since you’d have to write
it as 2^2 * 3 which breaks the convention of p^m.

With our notation of GF(p^m):

 If m = 1 then we get prime fields

 If m > 1 then we get extension fields. This is a key point as it links to what
we’re going to do with elliptic curves down the line. When m = 2 we get plenty
of super interesting results as well.

Prime Field Arithmetic

The notation GF(p) means we have a finite field with the integers {0, … , p-1}.
Suppose we have GF(5), our initial set will be {0, 1, 2, 3, 4}. Let’s put this into
practice by trying out different operations. Any operations we do below should
return 0, 1, 2, 3 or 4 (closure property).

Addition:
(3 + 4) mod 5 = 2
(1 + 4) mod 5 = 0
(1 + 2) mod 5 = 3

Subtraction:
(4 - 0) mod 5 = 4
(4 - 2) mod 5 = 2
(3 - 0) mod 5 = 1
Q7. Differentiate between
a. Cryptographer and Cryptanalyst

Cryptography Cryptanalysis

The art or science of

encrypting plain The art of obtaining
messages into cipher plain text from a
Defintion
text for security of the cipher text without
messages especially knowledge of key.
while transmission.

From Greek κρυπτός,

From Greek
"hidden, secret";
kryptós, "hidden",
and γράφειν, graphein,
Origin and analýein, "to
"writing", or -λογία, -
loosen" or "to
logia, "study",
untie"
respectively

Practitioner Cryptographer Cryptanalyst

Focus Secret writing Breaking secrets

 Hash or cypher
 Obtaining an original needs to be
Concern for cipher or or completely new more
hash hash. conservative
 Efficient Hash or and therefore
cipher slower
 Less original
  It uses operations  Depends on the
like substitution, nature of the
transposition and algorithm and
product systems mostly at some
 The system may use knowledge of
Characteristics same key or the
different keys for characteristics
sender and receiver of plaintext
 Processing  It attempts to
techniques include find out the
block cipher and ciphertext or
stream cipher the key

b. Active attacks and Passive Attacks

Sr. Key Active Attack Passive Attack

No.

Modification In Active Attack, information is In Passive Attack, information

1
modified. remain unchanged.

Dangerous Active Attack is dangerous for Passive Attack is dangerous

2
For Integrity as well as Availability. for Confidentiality.

Attention Attention is to be paid on Attention is to be paid on

3
detection. prevention.

Impact on In Active Attack, system is In Passive Attack, system has

4
System damaged. no impact.
Sr. Key Active Attack Passive Attack
No.

Victim Victim gets informed in active Victim does not get informed
5
attack. in passive attack.

System System Resources can be System Resources are not

6
Resources changed in active attack. changed in passive attack.

c. Symmetric and Asymmetric encryption

SYMMETRIC KEY ENCRYPTION ASYMMETRIC KEY ENCRYPTION

It only requires a single key for both It requires two key one to encrypt

encryption and decryption. and the other one to decrypt.

The size of cipher text is same or smaller than The size of cipher text is same or

the original plain text. larger than the original plain text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is It is used to transfer small amount

required to transfer. of data.

It provides confidentiality,

It only provides confidentiality. authenticity and non-repudiation.

 SYMMETRIC KEY ENCRYPTION ASYMMETRIC KEY ENCRYPTION

Examples: Diffie-Hellman, ECC,

Examples: 3DES, AES, DES and RC4 El Gamal, DSA and RSA

In symmetric key encryption, resource

utilization is low as compared to asymmetric In asymmetric key encryption,

key encryption. resource utilization is high.

d. Block Cipher and Stream Cipher

Sr. Key Block Cipher Stream Cipher

No.

1 Definition Block Cipher is the type of On other hand Stream

encryption where the conversion Cipher is the type of
of plain text performed by taking encryption where the
its block at a time. conversion of plain text
performed by taking one
byte of the plain text at a
time.

2 Conversion As Block Cipher takes block at a On other hand in case of

of Bits time so comparatively more bits Stream Cipher at most 8 bits
get converted as compared to in could get converted at a
Stream Cipher specifically 64 bits time.
or more could get converted at a
time.
 Sr. Key Block Cipher Stream Cipher
No.

3 Principle Block Cipher uses both confusion On other hand Stream

and diffusion principle for the Cipher uses only confusion
conversion required for principle for the conversion.
encryption.

4 Algorithm For encryption of plain text Block On other hand Stream

Cipher uses Electronic Code Book Cipher uses CFB (Cipher
(ECB) and Cipher Block Chaining Feedback) and OFB (Output
(CBC) algorithm. Feedback) algorithm.

5 Decryption As combination of more bits get On other hand Stream

encrypted in case of Block Cipher Cipher uses XOR for the
so the reverse encryption or encryption which can be
decryption is comparatively easily reversed to the plain
complex as compared to that of text.
Stream Cipehr.

Q8. What is OSI Security Architecture ?

THE OSI SECURITY ARCHITECTURE

To assess effectively the security needs of an organization and to evaluate and

choose various security products and policies, the manager responsible for security
needs some systematic way of defining the requirements for security and
characterizing the approaches to satisfying those requirements. The OSI security
architecture was developed in the context of the OSI protocol architecture, which
is described in Appendix H. However, for our purposes in this chapter, an
understanding of the OSI protocol architecture is not required.

For our purposes, the OSI security architecture provides a useful, if abstract,
overview of many of the concepts.. The OSI security architecture focuses on
security attacks, mechanisms, and services. These can be defined briefly as
follows:
Threat

A potential for violation of security, which exists when there is a circumstance,

capability, action, or event that could breach security and cause harm. That is, a
threat is a possible danger that might exploit a vulnerability.

Attack

An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method
or technique) to evade security services and violate the security policy of a
system.

Security Attacks, Services And Mechanisms

To assess the security needs of an organization effectively, the manager

responsible for security needs some systematic way of defining the
requirements for security and characterization of approaches to satisfy those
requirements. One approach is to consider three aspects of information
security:
Security attack – Any action that compromises the security of information
owned by an organization.

Security mechanism – A mechanism that is designed to detect, prevent or

recover from a security attack.

Security service – A service that enhances the security of the data processing
systems and the information transfers of an organization. The services are
intended to counter security attacks and they make use of one or more security
mechanisms to provide the service.

1 SECURITY SERVICES

The classification of security services are as follows:

Confidentiality: Ensures that the information in a computer system and

transmitted information are accessible only for reading by authorized parties.
Eg., printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document
is correctly identified, with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer
system assets and transmitted information. Modification includes writing,
changing status, deleting, creating and delaying or replaying of transmitted
messages.
Non repudiation: Requires that neither the sender nor the receiver of a message
be able to deny the transmission.
Access control: Requires that access to information resources may be controlled
by or the target system.
Availability: Requires that computer system assets be available to authorized
parties when needed.
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.

Peer Entity Authentication

Used in association with a logical connection to provide confidence in the
identity of the entities connected.
Data Origin Authentication
In a connectionless transfer, provides assurance that the source of received data
is as claimed.
ACCESS CONTROL
The prevention of unauthorized use of a resource (i.e., this service controls who
can have access to a resource, under what conditions access can occur, and
what those accessing the resource are allowed to do).

DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
AUTHENTICATION
The confidentiality of selected fields within the user data on a connection or in
a single data block.
Traffic Flow Confidentiality
The protection of the information that might be derived from observation of traffic
flows.
Connection Integrity with Recovery
Provides for the integrity of all user data on a connection and detects any
modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.
Connection Integrity without Recovery
As above, but provides only detection without recovery.
Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user data of a data block
transferred over a connection and takes the form of determination of whether
the selected fields have been modified, inserted, deleted, or replayed.
Connectionless Integrity
Provides for the integrity of a single connectionless data block and may take the
form of detection of data modification. Additionally, a limited form of replay
detection may be provided.
Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single connectionless data
block; takes the form of determination of whether the selected fields have been
modified.
2 SECURITY MECHANISMS

One of the most specific security mechanisms in use is cryptographic

techniques. Encryption or encryption-like transformations of information
are the most common means of providing security. Some of the
mechanisms are:

3. SECURITY ATTACKS
There are four general categories of attack which are listed below.
Interruption
 An asset of the system is destroyed or becomes unavailable or unusable.
This is an attack on availability.
e.g., destruction of piece of hardware, cutting of a communication line or
disabling of file management system.

Interception
An unauthorized party gains access to an asset. This is an attack on
confidentiality. Unauthorized party could be a person, a program or a
computer.e.g., wire tapping to capture data in the network, illicit copying of files

Modification
An unauthorized party not only gains access to but tampers with an asset. This
is an attack on integrity.
Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an
attack on authenticity.

A useful categorization of these attacks is in terms of

Passive attack

Passive attacks are in the nature of eavesdropping on, or monitoring of,

transmissions. The goal of the opponent is to obtain information that is being
transmitted. Passive attacks are of two types:
elease of message contents: A telephone conversation, an e-mail message and
a transferred file may contain sensitive or confidential information. We would
like to prevent the opponent from learning the contents of these transmissions.

Traffic analysis: If we had encryption protection in place, an opponent might

still be able to observe the pattern of the message. The opponent could
determine the location and identity of communication hosts and could observe
the frequency and length of messages being exchanged. This information might
be useful in guessing the nature of

Passive attacks are very difficult to detect because they do not involve any
alteration of data. However, it is feasible to prevent the success of these attacks.
 Active attacks
These attacks involve some modification of the data stream or the creation of a
false stream.
These attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity
Replay – involves passive capture of a data unit and its subsequent transmission
to produce an unauthorized effect.
Modification of messages – Some portion of message is altered or the
messages are delayed or recorded, to produce an unauthorized effect.
Denial of service – Prevents or inhibits the normal use or management of
communication facilities. Another form of service denial is the disruption of an
entire network, either by disabling the network or overloading it with messages
so as to degrade performance.
It is quite difficult to prevent active attacks absolutely, because to do so
would require physical protection of all communication facilities and
paths at all times. Instead, the goal is to detect them and to recover from
any disruption or delays caused by them.

Q9 What is the GCD of

a. 8 and 12 = 4
b. 48, 18= 8
c. 1701, 3768= 3