Chapter 5

Network Security

LEARNING OBJECTIVES

 Network security basics  Substitution cipher

 Terminologies  Traditional cipher
 Cryptographic techniques  Symmetric key encryption
 Encryptions  Asymmetric key encryption
 Types of keys  Diffie-hellman
 Traditional cipher algorithms  Digital signatures and certificates

networK seCurity BasiCs or information. Access control is the determination of the level of
authorization to a system, network or information.
It is necessary to define some fundamental terms relating to net-
work security and are the elements used to measure the security of
a network. These terms are used to measure the security of a net- Availability
work. To be considered sufficiently advanced along the spectrum This refers to whether the network, system, hardware and software
of security, a system must adequately address identification, integ- are reliable and can recover quickly and completely in the event
rity, accountability, non-repudiation, authentication, availability, of an interruption in service. Ideally, these elements should not be
confidentiality each of which is defined in the following sections: susceptible to denial of service attacks.

Identification Confidentiality
Identification is simply the process of identifying one’s self to This is also be called privacy or secracy to the protection of infor-
another entity or determining the identity of the individual or mation from unauthorized disclosure. Usually achieved either by
entity, with whom you are communicating. restricting access to the information or by encrypting the information
so that it is not meaningful to unauthorized individuals or entities.
Authentication
Integrity
Authentication serves as proof that you are who you say you are
This can be thought of as accuracy, this refers to the ability to pro-
or what you claim to be. Authentication is critical if there is to be
tect information, data, or transmissions from unauthorized, uncon-
any trust between parties. Authentication is required when com-
trolled, or accidental alterations.
municating over a network or logging into a network. When com-
municating over a network you should ask yourself two questions.
1. With whom am I communicating? Accountability
2. Why do I believe this person or entity is who he claims to be? This refers to the ability to track or audit what an individual or
entity is doing on a network or system.
Access Control (Authorization)
This refers to the ability to control the level of access that individu- Non-repudiation
als or entities have to a network or system and how much informa- The ability to prevent individuals or entities from denying (repudi-
tion they can receive. Level of authorization basically determines ating) that information, data or files were sent or received or that
what you’re allowed to do once you are authenticated and allowed information or files were accessed or altered, when infact they were.
access to a network, system or some other resource such as data This capability is crucial in e-commerce, without if an individual or
 Chapter 5 • Network Security | 8.67

entity can deny that he, she or it is responsible for a transac- systems and to seek other systems via available networks.
tion and that he, she or it is, therefore, not financially liable. The difference between a virus and a Worm is that a virus is
not an independent program.
Threats
A threat is anything that can disrupt the operation, function- Trojan horses
ing, integrity, or availability of a network or system. This A trojan horse is a program or code fragment that hides
can take any form and can be malevolent, accidental, or inside a program and performs a disguised function. A tro-
simply an act of nature. jan horse program hides within another program or disguises
itself as a legitimate program. This can be accomplished by
Vulnerabilities modifying the existing program or by simply replacing the
existing program with a new one. The Trojan horse program
A vulnerability is an inherent weakness in the design, con- functions much the same way as the legitimate program, but
figuration, implementation, or management of a network or usually it also performs some other function, such a record-
system that renders it susceptible to a threat. Vulnerabilities ing sensitive information or providing a trap door. An exam-
are what make networks susceptible to information loss ple would be a ‘password grabber’.
and downtime. Every network and system has some kind
of vulnerability.
Logic bombs
Attacks A logic bomb is a program or subsection of a program
designed with malevolent intent. It is referred to as a logic
An attack is a specific technique used to exploit a vulner-
bomb, because the program is triggered when certain logi-
ability. For example, a threat could be a denial of service.
cal conditions are met. This type of attack is almost always
A vulnerability is in the design of the operating system, and
perpetrated by an insider with privileged access to the net-
an attack could be a ‘Ping of death’. There are two general
work. The perpetrator could be a programmer or a vendor
categories of attacks:
that supplies software.
1. Passive
2. Active Denial of service (DOS)
Passive attacks These are very difficult to detect because Denial of service attacks are designed to shut down or ren-
there is no overt activity that can be monitored or detected. der inoperable a system or network. The goal of the denial-
Examples of passive attacks would be packet sniffing or of-service attack is not to gain access or information but
traffic analysis. to make a network or system unavailable for use by other
These types of attacks are designed to monitor and record users. It is called denial-of-service attack, because the end
traffic on the network. They are usually employed for gath- result is to deny legitimate users access to network services.
ering information that can be used later in active attacks.

Active attacks These employ more overt actions on the net-

Protection against network threats
work or system. As a result, they can be easier to detect, but at Network threats may cause a massive harm to the system,
the same time they can be much more devastating to a network. as the network users are increasing, there is a good chance
Examples of this type of attack would be a denial-of- to attack a system protection against threats should be done.
service attack or active probing of systems and networks. To protect system form virus and worms, a security suite
should be installed.
Similarly, to protect a system from Trojan horse, internet
Viruses
security suite prevents from downloading Trojan horse.
A virus, a parasitic program that cannot function inde- SPAM filters should be used to stop SPAM, this is avail-
pendently, is a program or code fragment that is self able within the mail servers by default.
propagating. It is called a virus, because like its biological A strong encryption should be used to protect against
counterpart, it requires a ‘host’ to function. In the case of a packet sniffers, so that packets become unreadable making
computer virus the host is some other program to which the packet sniffers useless.
virus attaches itself. A virus is usually spread by executing
an infected program or by sending an infected file to some-
one else, usually in the form of an e-mail attachment. Cryptographic Techniques
For the exchange of information and commerce to be secure
Worm on any network, a system or process must be put in place
A worm is a self-contained and independent program that that satisfies requirements for confidentiality, access con-
is usually designed to propagate or spawn itself on infected trol, authentication, integrity, and non-repudiation. The key
8.68 | Unit 8 • Networks, Information Systems, Software Engineering and Web Technology

to the securing information on a network is cryptography. A cryptosystem or algorithm is the process or procedure
Cryptography can be used as a tool to provide privacy. to turn plain text into crypto text. A crypto algorithm is also
Traditionally, cryptography conjures up thoughts of spies known as a ‘cipher’. Theoretically, all algorithms can be
and secret codes. In reality, cryptography and encryption broken by one method or another. However, an algorithm
have found broad applications in society. Every time you should not contain an inherent weakness that an attacker
use an ATM machine to get cash or a point-of-sale machine can easily exploit
to make a purchase, you are using encryption.
Example: Below is an example of a cipher, to scramble
a message with this cipher, simply match each letter in a
Encryption message to the first row and convert it into the number or
letter in the second row. To unscramble a message, match
Encryption is the process of scrambling the contents of a
each letter or number in a message to the corresponding
file or message to make it unintelligible to anyone not in
number or letter in the second row and convert it into the
possession of the ‘key’ required to unscramble it.
letter in the first row.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 2 3 4 5 6 A B C D E F G H I J K L M N O P Q R S T

To illustrate how this works see the following where the encrypting and decrypting each letter or word individually.
cipher is used to scramble the message: A block cipher passes a block of data or plaintext through
‘Little green apples’ its algorithm to generate a block of cipher text. Another
Cipher text: FCNNF5 AL55H   1JJF5M requirement of block cipher is that the cipher texts should
Clear text:   LITTLE GREEN APPLES contain no detectable pattern.

This cipher would not be effective at keeping a message

secret for long. It does not comply with one of the qualities Types of keys
of a truly effective cipher. Ciphers usually fall into one to We deal with three types of keys in cryptography:
two categories: 1. Secret key
1. Block Ciphers 2. Public key
2. Stream Cipher 3. Private Key
•• The secret key, is the shared key used in symmetric-key
Stream ciphers
cryptography.
Steam cipher algorithms process plaintext to produce a •• Public and Private keys are used in asymmetric-key
stream of cipher text. The cipher inputs the plaintext in a cryptography.
stream and outputs a steam of cipher text. •• In symmetric-key cryptography, the same key locks and
Example: unlocks the box.
Plaintext: LET US TALK ONE TO ONE •• In asymmetric-key cryptography, one key locks the box,
Cipher text: F5N OM NLFE ITS NI ITS but another key is needed to unlock it.
Stream cipher have several weaknesses. The most crucial
short coming of stream ciphers is the fact that patterns in
the plain text can be reflected in the cipher text. Knowing
Traditional Cipher Algorithms
that certain words repeat makes breaking the code easier. In Traditional ciphers are character oriented, these ciphers can
addition, certain words in the English language appear with be divided into two broad categories:
predictable regularity. Letters of the alphabet also appear 1. Substitution ciphers
in predictable regularity. The most commonly used letters 2. Transposition ciphers.
of the alphabet in the English language are E, T, A, O, N
and I. The least commonly used letters are J, K, X, Q and Traditional
ciphers
Z. The most common combination of letters in the English
language is ‘th’, As a result, if a code breaker is able to find
a ‘t’ in a code, it doesn’t take long to find an ‘h’. Substitution Transposition
ciphers ciphers
Block ciphers
Block ciphers differ from stream ciphers in that they encrypt Mono Poly
and decrypt information in fixed size blocks rather than alphabetic alphabetic
 Chapter 5 • Network Security | 8.69

Substitution Cipher Transposition Ciphers

A substitution cipher substitutes one symbol with another. Substitution ciphers preserve the order of the plaintext sym-
If the symbols in the plain text are alphabetic characters, we bols but disguise them.
replace one character with another. Substitution ciphers can Transposition ciphers, in contrast, reorder the letters but
be categorized as either mono-alphabetic or poly-alphabetic do not disguise them. Following figure depicts a common
ciphers. transposition cipher, the columnar transposition.
•• In a mono-alphabetic cipher, a character or symbol in the •• The cipher is keyed by a word or phrase not containing
plaintext is always changed to the same character or sym- any repeated letters.
bol in the cipher text regardless of its position in the text.
Example: ‘NETWORKS’ is the key.
For example if the algorithm says that character ‘A’ in the
Plaintext: Transfer ten million dollars to my account.
plain text is changed to character ‘E’, every character ‘A’
What is the cipher text using transposition cipher?
is changed to character ‘E’.
•• The relationship between characters in the plain text and Solution: Key: NETWORKS
the cipher text is a one-to-one relationship.
•• In a poly-alphabetic cipher, each occurrence of a char- N E T W O R K S
acter can have a different substitute. The relationship 3 1 7 8 4 5 2 6
between a character in the plain text to a character in the T r a n s f e r
cipher text is a one-to-many relationship.
•• To achieve this goal, we need to divide the text into groups t e n m i l l i
of characters and use a set of keys. o n d o l l a r
•• In substitution cipher, if ‘a’ becomes D, ‘b’ becomes ‘E’ s t o m y a c c
then the word ‘corrupt’ becomes ETUUXSW, plain text
will be given in lower case, and cipher text in upper case. o u n t a b c d
•• A slight generalization of the ceasar cipher allows the
cipher text alphabet to be shifted by ‘K’ letters, instead The purpose of key is to number the columns, column 1
of always ‘3’. being under the key letter closest to the start of the alphabet,
•• The next improvement is to have each of the symbols in and so on.
the plain text, say, the 26 letter for simplicity, map onto The plain text is written horizontally in rows, padding is
some other letter. required to fill the matrix, if it is not complete’. The cipher
text is read out by columns, starting with the column whose
Example: key letter is the lowest.
Plain Text a b c d e f g h i j
Plain text: Transfer ten million dollars to my account
Cipher Text L N O B R M S U V Z Cipher Text: rentue laccttososilyafllabrircdandonnmomt.

Plain text k l m n o p q r s t u
Cipher Text P A K C L H W Q X Y J
Symmetric Key Encryption
Symmetric key, also referred to as private key or secret key,
Plain Text v w x y z is based on a single key and algorithm being shared between
Cipher Text E F D G J the parties who are exchanging encrypted information. The
same key both encrypts and decrypts messages.
Plain Text corrupt
Cipher Text OIQQJHY
Encrypt Decrypt
•• In this method, if a small cipher is given it can be broken
easily. The basic attack takes advantage of the statistical Plain text Cipher text Plain text
properties of natural languages. For example, In English, Figure 1 Symmetric key encryption
‘e’ is the most common letter followed by t, o, a, n, i etc.
•• The most common 2 letter combinations, are th, in, er, The strength of the scheme is largely dependent on
re and an. the size of the key and on keeping it secret. Generally
•• The most common three-letter combinations are are, the, the larger the key, the more secure the scheme. In addi-
ing, and, and ion. tion, symmetric key encryption is relatively fast. Private
•• By making guesses at common letters, digrams and tri- key cryptosystems are not well suited for spontane-
grams and knowing about likely patterns of vowels and ous communication over open and unsecured networks.
consonants, the cryptanalyst builds up a tentative plain- Symmetric key provides on process for authentication or
text, letter by letter. non-repudiation.
8.70 | Unit 8 • Networks, Information Systems, Software Engineering and Web Technology

Data Encryption Standard: (DES) •• These numbers may be public, so either one of them can
DES consists of an algorithm and a key. The key is a just pick ‘n’ and ‘g’ and tell the other openly.
sequence of eight bytes, each containing eight bits for a 64 •• Now Ana picks a large number (suppose 512-bit) ‘x’, and
bit key. Since each byte contains one parity bit, the key is keeps it secret. Similarly Brat picks a large secret number,
actually 56 bits in length. DES is widely used in automated ‘y’.
teller machine (ATM) and point-of-sale (POS) networks, so •• Ana initiates the key exchange protocol by sending Brat a
if you use an ATM or debit card you are using DES. message containing (n, g, gx mod n)
•• Brat responds by sending Ana a message containing (gy
mod n)
Asymmetric Key Encryption •• Now Ana raises the number Brat sent her to the xth power
Asymmetric cryptography is also known as public key cryp- modulo ‘n’ to get [(gy mod n)x mod n]
tography, public key cryptography uses two keys one is pub- •• Brat performs a similar operation to get [(gx mod n)y mod
lic key and the other is private key. The key names describe n], Both the calculations yield (gxy mod n).
their function. One key is kept private, and the other key is
made public. Knowing the public key doesn’t reveal the pri- ‘x ’ ‘y’
vate key. A message encrypted by the private key can only
n, g, g x mod n
be decrypted by the corresponding public key. Conversely, a 1
message encrypted by the public key can only be decrypted
g y mod n
by the private key. 2

Public key Private key Ana Brat

Encrypt Decrypt

Plain text Cipher text Plain text

Figure 2 Asymmetric key encryption

With the aid of public key cryptography, it is possible Ana Computes Bob computes
to establish secure communications with any individual or [(g y mod n)x mod n] [(g x mod n) y mod n]
entity when using a compatible software or hardware device. = g xy mod n = g xy mod n

There are three public key algorithms in wide use today: Figure 3 Diffie-Hellman key exchange
1. Diffie–Hellman
2. RSA RSA (Rivest, Shamir, Adelman)
3. Digital Signature Algorithm (DSA) RSA multiplies large prime numbers together to generate
keys. It’s strength lies in the fact that it is extremely difficult
Diffie–Hellman to factor the product of large prime numbers. This algorithm
It was the first usable public key algorithm. Diffie–Hellman is the one, most often associated with public key encryp-
is based on the difficulty of computing discrete logarithms. It tion. The RSA algorithm also provides digital signature
can be used to establish a shared secret key that can be used capabilities.
by two parties for symmetric encryption. Diffie–Hellman is
Example:
often used for IPsec key management protocols. For sponta-
neous communications with Diffie–Hellman, two commu- •• Select two large primes = p, q p = 17, q = 11
nicating entities would each generate a random number that •• n = p × q = 17 × 11 = 187
is used as their private keys. They exchange public keys they •• calculate f = (p – 1) (q – 1) = 16 × 10 = 160
each apply their private keys to the other’s. public key to •• select e, such that LCD (f, e) = 1, 0 < e < f say, e = 7
compute identical values (shared secret key). They then use •• calculate d such that d mod f = 1
the shared secret key to encrypt and exchange information. •• 160 k + 1 = 161, 321, 481, 641,
•• Check which of these is divisible by 7
Diffie–Hellman key exchange •• 161 is divisible by 7 giving d = 161/7 = 23
•• Key 1 = {7, 187}, key 2 = {23, 187}
The protocol that allows strangers to establish a shared
secret key is called the Diffie–Hellman key exchange and
works as follows: Digital Signatures
•• Ana and Brat have to agree on 2 large numbers, ‘n’ and A digital signature allows a receiver to authenticate (to a
‘g’, where ‘n’ is a prime. limited extent) the identity of the sender and to verify the
•• (n – 1)/2 is also a prime and certain conditions apply to ‘g’. integrity of the message for the authentication process, you
 Chapter 5 • Network Security | 8.71

must already know the senders public key, either from prior of the message being sent to create a message digest. The
knowledge or from some trusted third party. Digital signa- recipient uses the sender’s public key to verity the integrity
tures are used to ensure message integrity and authentica- of the message by recreating the message digest. By this
tion. In its simplest from, a digital signature is created by process you ensure the integrity of the message and authen-
using the senders private key to hash the entire contents ticate the sender.
Sender’s
Sender’s public key
private key
Message Plain text
Encrypt Decrypt
digest message

Plain text
message

Figure 4 Digital signature

To sign a message, senders usually append their digital 3. Circuit level gateways
signature to the end of a message and encrypt it using the 4. Bastion host
recipient’s public key. Recipients decrypt the message using
their own private key and verify the sender’s identity and Packet filtering router
the message integrity by decrypting the sender’s digital sig- It filters packets with incoming and outgoing interfaces, and
nature using the sender’s pubic key. The strength of digital permits or denies certain services. It uses the information of
signatures are that they are almost impossible to counterfeit transport layer like IP sources, ICMP message etc.
and they are easily verified. The drawbacks are IP address spoofing, tiny fragment
attack and source routing attacks.
Digital certificate
Digital signatures can be used to verify that a message has
Internet Private
been delivered unaltered and to verify the identify of the network
sender by public key. The problem with authenticating a
digital signature, however, is that you must be able to verify
that a public key does in fact belong to the individual or Application level gateway
entity that claims to have sent it and that the individual or
It provides proxies for each service, when user requests ser-
entity is in fact who or what it claims to be.
vice, it validates the request as legal one and return results
A digital certificate issued by a certification authority (CA)
to the user.
utilizing a hierarchical public key infrastructure (PKI) can be
Application level gateway is more secure than the packet
used to authenticate a sender’s identify for spontaneous, first–
filter.
time contacts. Digital certificates provide a means for secure
The drawback of this gateway is processing overhead at
first time spontaneous communication. A digital certificate pro-
each connection.
vides a high level of confidence in the identify of the individual.
A digital certificate is issued by a trusted/unknown third Circuit-level gateway
party (CA) to bind an individual or entity to a public key.
The digital certificate is digitally signed by the CA with the It is application level gateway functionality for certain appli-
CA’s private key. This provides independent confirmation cations. It does not allow end-end TCP connection, rather it
that an individual or entity is in fact who it claims to be. The maintains two connections, one with the inner host and the
CA issued digital certificates that certify for the identities of other with the outer host. Once the connections are estab-
those to whom the certificates were issued. lished TCP segment is allowed without examining contents.
It only checks the incoming data.
Firewalls
Bastion host
Firewall is a control link between internet and organization
It provides a platform for the application gateway (or) cir-
intranet. It protects network premises from internet based
cuit level gateway, it is a critical strong point in network
attacks by providing single choke point. All the network
security.
traffic is forced to travel through this fire wall. Firewall
An additional authentication is required for the user who
allows only authorized traffic to pass through.
want access to proxy services. Even proxy service authenti-
The different types of firewalls are: cates itself before granting the access to user.
1. Packet – filtering router Only essential services are installed in the Bastion host
2. Application level gateways which are decided by admin.
8.72 | Unit 8 • Networks, Information Systems, Software Engineering and Web Technology

Exercises
Practice Problems 1 (A) (i), (ii) (B) (ii), (iii)
(C) (i), (iii) (D) (i), (ii), (iii)
Directions for questions 1 to 15: Select the correct alterna-
tive from the given choices. 7. What is meant by non-repudiation in the area of digital
signatures?
1. In an encryption scheme that uses RSA, values, for p
(A) Receiver verifying the signature of the sender.
and q are selected to be 5 and 7 respectively what could
(B) Receiver concocting the message.
be the value of d?
(C) Sender denying having signed digitally.
(A) 12  (B) 3  (C) 11  (D) 9
(D) Receiver changing the contents after receiving the
2. A person x is supposed to send a document with digi- signed document.
tized signature to another person y using public key
8. Which of the following statements about DES is/are
Cryptography. p is the message. Dx, Dy are private keys
true?
of x and y respectively. Ex, Ey are public keys of x, y
(i) DES is public key algorithm.
respectively. Select the best possible sequence of events
(ii) DES has 19 distinct stages.
from below:
(iii) In the 16 iterations of DES, different keys are used.
(i) Dx (p)
(A) (i), (ii) (B) (ii), (iii)
(ii) Dy (p)
(C) (i), (iii) (D) (i), (ii), (iii)
(iii) Ey (Dx(p))
9. Which of the below represents Triple encryption using
(iv) Dy (Dx(p))
DES? (P is the unencrypted input, ‘C’ is encrypted out-
(v) Dy(Ey(p))
put, k1, k2, k3 are keys used in encryption and decryption,
(vi) Dy(Ey(Dx(p)) E stands for encryption and D stands for decryption).
(vii) Ex(Dx(p))
(A) K1 K2 K3
(viii) Ey(p)
(ix) Ex(Dy(p)) P E E E C
(x) Dx(Ey(p))
(B) K1 K2 K1
(A) (ii), (ix), (viii), (v) (B) (viii), (x), (v), (i)
(C) (i), (iii), (v), (vii) (D) (vii), (v), (iii), (i) P E E D C
3. Select correct statements about PGP:
(i) Uses existing cryptographic algorithms that have (C) K1 K2 K1
been quite successful. P E D E C
(ii) Support text compression, digital ignatures.
(iii) Takes plaintext as feed and generates base-64 text. (D) K1 K2 K1
(iv) No key management capability is rovided.
(A) (i), (ii), (iii) (B) (ii), (iii), (iv) P E D D C
(C) (i), (iii), (iv) (D) (i), (ii), (iv)
10. Which of the below statements are applied for cipher
Linked answer questions 4 and 5: block chaining?
4. Using mono alphabetic substitution a string a b b a c a a (i)  Each plaintext block is XOR’ed with previous
b c d is transformed to one of the below strings. Select block before encryption.
the most appropriate option: (ii) Encryption is a mono alphabetic substitution ci-
(A) p q q p r p p s r s (B) j t t x j j i t x t x pher.
(C) u s s u a u u s a b (D) d c c d b b b c b a (iii) Cipher block chaining can result in same plaintext
5. Using the mapping obtained above, encrypt the phrase ‘bad blocks encrypted to different cipher text blocks.
cab’ using same method: Assume space is not encrypted. (A) (i), (ii) (B) (ii), (iii)
(A) q p s r p q (B) t j z x j t (C) (i), (iii) (D) (i), (ii), (iii)
(C) s u b a u s (D) c d a b d c 11. Which of the below statements are applied to RSA
6. Select the correct statements with regard to packet fil- algorithm?
ters of a firewall: (i) RSA is a relatively slow algorithm when encrypt-
(i) They are usually driven by a table with information ing large data.
in regards to acceptable sources and destinations. (ii) Mainly used where key is to be distributed.
(ii) Default rules about what needs to be done in regards (iii) The strength of the algorithm lies in the fact that
to packets coming from or going to other machines. determining the key can take exceedingly long
(iii) Can block TCP ports. time by brute force.
 Chapter 5 • Network Security | 8.73

(A) (i), (ii) (B) (ii), (iii) (A) Plain text = DK1 ( EK2 ( Dk1 (ciper text )))
(C) (i), (iii) (D) (i), (ii), (iii)
12. The security and usefulness of a digital signature (B) Plain text = DK1 ( EK2 ( Dk3 (ciper text )))
depends on (C) Plain text = EK1 ( DK2 ( Ek1 (ciper text )))
(A) A public hash function
(B) A two-way hash function (D) Plain text = EK1 ( DK2 ( Ek1 (ciper text )))
(C) Protection of user’s private key
(D) Protection of user’s public key 15. In which cipher mode, all cipher blocks will be chained
13. Let ‘M’ be the message to be encrypted, E be Encryption so that if one is modified the cipher text cannot be
key and N be the product of two random prime num- decrypted correctly?
bers, then what is the cipher text using RSA algorithm? (A) Electronic Code Book
(A) C = Em mod N (B) C = ME mod N (B) Cipher Block Chaining
(C) C = NE mod M (D) C = EN mod M (C) Cipher Feedback Mode
(D) Counter Mode
14. Which of the following best describes the decryption in
Triple DES?

Practice Problems 2 (A) Authentication (B) fabrication

(C) Cryptography (D) availability
Directions for questions 1 to 15: Select the correct alterna-
tive from the given choices. 9. In which of the following techniques, letters are
1. ‘All algorithms must be public only the keys are secret’ arranged in a different order?
is (A) Transposition
(A) Rijndael Principle (B) Substitution
(B) Kerckhoff’s principle (C) Private key Encryption
(C) Rivest shamir Adleman principle (D) None of the above
(D) None of these 10. In which type of attack, Algorithm, cipher text, chosen
2. Pretty Good Privacy encrypts data by using a block plaintext and cipher text are known?
cipher called (A) Cipher text only
(A) RSA (B) MD5 (B) Known plain text
(C) IDEA (D) DES (C) Chosen cipher text
3. E-mail security package is related to (D) Chosen text
(A) Pretty Good Privacy 11. In which type of ciphers the encryption depends on
(B) DNS spoofing current state?
(C) Secure Socket Layer (A) Link cipher
(D) Transport Layer Security (B) Block cipher
4. Which of the following protocols will be proxy, on an (C) Stream cipher
application firewall? (D) Current cipher
(A) IPX (B) FTP 12. Traffic Analysis can be counted using
(C) POP (D) SMS (A) Encryption (B) Decryption
5. A good recommendation is that if a private key is ____ (C) Replay (D) Data padding
or longer, the key is thought to be secure. 13. DES Algorithm is vulnerable to
(A) 40 bits (B) 60 bits (A) Masquerade attack
(C) 70 bits (D) 80 bits (B) Replay attack
6. Which issue is related to server side security? (C) Denial of service
(A) Protection of the server from legitimate web access (D) Brute Force attack
(B) Security of the information stored on server 14. What is the size of key in Triple DES?
(C) Security of the customer’s physical credit card (A) 168 bits (B) 112 bits
(D) Security of the customer’s computer (C) 56 bits (D) Either (A) or (B) or (C)
7. Which of the following is not an active attack? 15. Direct digital signature involves
(A) Denial of service (B) Traffic Analysis (A) Source only
(C) Replay (D) Masquerade (B) Destination only
8. Verifying the true identity of the sender of a message (C) Communicating parties, sender and receiver.
recipient is known as _____. (D) Everyone including communicating parties.
8.74 | Unit 8 • Networks, Information Systems, Software Engineering and Web Technology

Previous Years’ Questions

1. Suppose that everyone in a group of N people wants (A) Anarkali’s public key.
to communicate secretly with the N – 1 others, using (B) Salim’s public key.
symmetric key cryptographic system. The communi- (C) Salim’s private key.
cation between any two persons should not be decod- (D) Anarkali’s private key.
able by the others in the group. The number of keys 4. A sender S sends a message m to receiver R, which is
required in the system as a whole to satisfy the confi- digitally signed by S with its private key. In this sce-
dentiality requirement is  [2015] nario, one or more of the following security violations
(A) 2N (B) N(N - 1) can take place.
(C) N(N - 1)/2 (D) (N - 1)2 (I) S can launch a birthday attack to replace m with
2. Consider that B wants to send a message m that is a fraudulent message.
digitally signed to A. Let the pair of private and public (II) A third party attacker can launch a birthday at-
keys for A and B be denoted by K x− and K x+ for x = tack to replace m with a fraudulent message.
A, B, respectively. Let Kx(m) represent the operation (III) R can launch a birthday attack to replace m with
of encrypting m with a key Kx and H(m) represent the a fraudulent message.
message digest. Which one of the following indicates Which of the following are possible security viola-
the CORRECT way of sending the message m along tions?[2017]
with the digital signature to A? [2016] (A) (I) and (II) only (B) (I) only
(A) {m, K B+ (H(m))} (B) {m, K B− (H(m))} (C) (II) only (D) (II) and (III) only
(C) {m, K A− (H(m))} (D) {m, K A+ (m)} 5. In a RSA cryptosystem, a participant A uses two
3. Anarkali digitally signs a message and sends it to prime numbers p = 13 and q = 17 to generate her pub-
Salim. Verification of the signature by Salim requires lic and private keys. If the public key of A is 35, then
[2016] the private key of A is _________.[2017]

Answer Keys
Exercises
Practice Problems 1
1. C 2. C 3. A 4. C 5. C 6. D 7. C 8. B 9. C 10. C
11. D 12. C 13. B 14. B 15. B

Practice Problems 2
1. B 2. C 3. A 4. B 5. C 6. B 7. B 8. A 9. A 10. D
11. C 12. D 13. D 14. D 15. C

Previous Years’ Questions

1. C 2. B 3. A 4. B 5. 11