12 May 2024 16:48

1. Explain keyed and keyless transposition ciphers

Keyed and keyless transposition ciphers are techniques used in cryptography to rearrange the characters of a message to obscure
its meaning. Here's an explanation of both:
Keyed Transposition Cipher:
In a keyed transposition cipher, the arrangement of characters is determined by a secret key. The key specifies the order in which
the characters are rearranged. The most common example of a keyed transposition cipher is the Rail Fence Cipher.
Rail Fence Cipher Example:
- Encryption:
- In the Rail Fence Cipher, the plaintext is written diagonally upward and downward in zigzag lines on successive "rails" of an
imaginary fence.
- The ciphertext is then read off row by row.

For example, with a key of 3, the plaintext "HELLO WORLD" becomes:

```
H...O...R..
.E.L.W.L.D.
..L...O....
```
Reading row by row, the ciphertext is "HOR ELWL D".
- Decryption:
- To decrypt the message, the recipient needs to know the key.
- They recreate the zigzag pattern and fill in the ciphertext.
- Then, they read off the message diagonally.
Keyless Transposition Cipher:
In a keyless transposition cipher, the arrangement of characters is determined by fixed rules rather than a secret key. The most
common example of a keyless transposition cipher is the Columnar Transposition Cipher.
**Columnar Transposition Cipher Example:**
- Encryption:
- The plaintext is written out row by row into a grid, and then read off column by column.
- The columns are chosen in a fixed order agreed upon in advance.
For example, with the order of columns as 3, 1, 2, the plaintext "HELLO WORLD" becomes:
HEL
LOW
ORL
D
Reading off column by column, the ciphertext is "HLOL OERL WWD".
- Decryption:
- To decrypt the message, the recipient needs to know the order of columns.
- They recreate the grid and fill in the ciphertext.
- Then, they read off the message row by row.
Comparison:
- Keyed Transposition Cipher:
- Uses a secret key to determine the arrangement of characters.
- Requires both the sender and the recipient to know the key.
- Keyless Transposition Cipher:
- Uses fixed rules to determine the arrangement of characters.
- Does not require a secret key, but instead, both sender and recipient must know the fixed rules.

2. Explain the relationship between security services and mechanism in detail

Security services and mechanisms are closely related concepts in the realm of computer security. A security service refers to a
specific function or capability that is provided to ensure the confidentiality, integrity, and availability of data or systems. On the
other hand, a security mechanism is a technique or method used to implement a security service.
In other words, security services define what needs to be protected, while security mechanisms describe how that protection is
achieved. For instance, confidentiality is a security service that ensures that sensitive information is only accessible to
authorized parties. To achieve confidentiality, a security mechanism such as encryption can be used to scramble the data,
making it unreadable to unauthorized parties.
There are several types of security services, including:
○ Confidentiality: ensuring that sensitive information is only accessible to authorized parties
○ Integrity: ensuring that data is not modified or tampered with without authorization
○ Authentication: verifying the identity of users or systems
Authorization: controlling access to resources based on user identity and permissions

CSS Page 1
 ○ Authorization: controlling access to resources based on user identity and permissions
○ Non-repudiation: ensuring that a message or transaction cannot be denied by the sender
Correspondingly, there are various security mechanisms that can be used to implement these security services. Some common
security mechanisms include:
○ Encryption: scrambling data to ensure confidentiality
○ Digital signatures: verifying the authenticity and integrity of data
○ Access control lists (ACLs): controlling access to resources based on user identity and permissions
○ Firewalls: controlling network traffic and blocking unauthorized access
○ Intrusion detection and prevention systems (IDPS): monitoring and blocking malicious network traffic
The relationship between security services and mechanisms is that a security mechanism is used to implement a specific
security service. For example, a firewall is a security mechanism that is used to implement the security service of access
control. Similarly, encryption is a security mechanism that is used to implement the security service of confidentiality.
In summary, security services define what needs to be protected, while security mechanisms describe how that protection is
achieved. Understanding the relationship between security services and mechanisms is crucial for designing and implementing
effective security solutions that meet the specific needs of an organization or system.

3. Explain the different modes of block cipher

Encryption algorithms are divided into two categories based on the input type, as a block cipher and stream cipher. Block
cipher is an encryption algorithm that takes a fixed size of input say b bits and produces a ciphertext of b bits again. If the input
is larger than b bits it can be divided further. For different applications and uses, there are several modes of operations for a
block cipher.
⚫ Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each block of
input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can
be broken down into a bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:

Advantages of using ECB –

• Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
• Simple way of the block cipher.
Disadvantages of using ECB –
• Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext.

⚫ Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In CBC, the
previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext block. In a nutshell
here, a cipher block is produced by encrypting an XOR output of the previous cipher block and present plaintext block.
The process is illustrated here:

Advantages of CBC –
• CBC works well for input greater than b bits.

CSS Page 2
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
• Parallel encryption is not possible since every encryption requires a previous cipher.

⚫ Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an initial vector
IV is used for first encryption and output bits are divided as a set of s and b-s bits.The left-hand side s bits are selected along
with plaintext bits to which an XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs,s bits
to rhs and the process continues. The encryption and decryption process for the same is shown below, both of them use
encryption algorithms.

Advantages of CFB –
• Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis.
Disadvantages of using CFB –
• The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several blocks are
not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.

⚫ Output Feedback Mode –

The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted
output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent
instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission
errors. It also decreases the dependency or relationship of the cipher on the plaintext.

Advantages of OFB –
• In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is free
from bit errors in the plaintext block.
Disadvantages of OFB-
• The drawback of OFB is that, because to its operational modes, it is more susceptible to a message stream modification attack
than CFB.

⚫ Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a counter-initiated value is
encrypted and given as input to XOR with plaintext which results in ciphertext block. The CTR mode is independent of feedback
use and thus can be implemented in parallel.
Its simple implementation is shown below:

CSS Page 3
 Advantages of Counter –
• Since there is a different counter value for each block, the direct plaintext and ciphertext relationship is avoided. This means
that the same plain text can map to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages are not chained as in the case of CBC.
Disadvantages of Counter-
• The fact that CTR mode requires a synchronous counter at both the transmitter and the receiver is a severe drawback. The
recovery of plaintext is erroneous when synchronisation is lost.

4. Explain AES Algorithm

The Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm. It is one of the most widely used
encryption algorithms and is considered secure against various types of attacks. Here's an explanation of how the AES
algorithm works:

Key Features:
Symmetric Key Algorithm: AES uses the same key for both encryption and decryption.
Block Cipher: AES operates on fixed-size blocks of data. The standard block size is 128 bits.
Variable Key Lengths: AES supports key lengths of 128, 192, and 256 bits.

• Encryption Process:
The original key is expanded into a set of round keys using the key schedule algorithm.

• Initial Round:
AddRoundKey: Each byte of the block is XORed with a byte of the round key.

• Main Rounds:
SubBytes: Each byte of the block is substituted with a corresponding byte from the S-box.
ShiftRows: The rows of the block are shifted cyclically a certain number of steps.
MixColumns: Each column of the block is multiplied with a fixed polynomial modulo 4+1x4+1.
AddRoundKey: Each byte of the block is XORed with a byte of the round key.

• Final Round:
SubBytes
ShiftRows
AddRoundKey

CSS Page 4
• Decryption Process:
The decryption process is the reverse of the encryption process:
• Initial Round:
AddRoundKey

• Main Rounds:
InvShiftRows: The rows of the block are shifted cyclically in the opposite direction.
InvSubBytes: Each byte of the block is substituted with a corresponding byte from the inverse S-box.
AddRoundKey: Each byte of the block is XORed with a byte of the round key.
InvMixColumns: Each column of the block is multiplied with a fixed polynomial modulo 4+1x4+1.

• Final Round:
InvShiftRows
InvSubBytes
AddRoundKey

• Security:
AES is designed to be resistant to various cryptographic attacks such as linear and differential cryptanalysis.
The security of AES depends on the secrecy of the key. It is computationally infeasible to decrypt data without knowing the key.

• Usage:
AES is widely used to encrypt data in various applications such as securing communication over the internet, protecting
sensitive data in databases, and securing data stored on devices.

Example:
PlainText: 0x32 0x88 0x31 0xe0 0x43 0x5a 0x31 0x37
Key: 0x2b 0x7e 0x15 0x16 0x28 0xae 0xd2 0xa6
Encrypted: 0x39 0x25 0x84 0x1d 0x02 0xdc 0x09 0xfb

AES has become a widely accepted and widely used encryption standard. It is considered secure and efficient, making it
suitable for a wide range of applications that require data encryption.

5. Difference between AES and DES

AES DESDDESESDES
1. AES stands for Advanced Encryption Standard DES stands for Data Encryption Standard
2. The date of creation is 2001. The date of creation is 1977.
3. Byte-Oriented. Bit-Oriented.
4. Key length can be 128-bits, 192-bits, and 256-bits. The key length is 56 bits in DES.
5. Number of rounds depends on key length: 10(128-bits), 12(192-bits), DES involves 16 rounds of identical operations
or 14(256-bits)
6. The structure is based on a substitution-permutation network. The structure is based on a Feistel network.
7. The design rationale for AES is open. The design rationale for DES is closed.
8. The selection process for this is secret but accepted for open public The selection process for this is secret.
comment.
9. AES is more secure than the DES cipher and is the de facto world DES can be broken easily as it has known
standard. vulnerabilities. 3DES(Triple DES) is a variation of
DES which is secure than the usual DES.
10. The rounds in AES are: Byte Substitution, Shift Row, Mix Column and The rounds in DES are: Expansion, XOR
Key Addition operation with round key, Substitution and
Permutation
11. AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.
12. It can generate Ciphertext of 128, 192, 256 bits. It generates Ciphertext of 64 bits.
13. AES cipher is derived from an aside-channel square cipher. DES cipher is derived from Lucifer cipher.
14. AES was designed by Vincent Rijmen and Joan Daemen. DES was designed by IBM.
15. No known crypt-analytical attacks against AES but side channel Known attacks against DES include Brute-force,
attacks against AES implementations possible. Biclique attacks have Linear crypt-analysis, and Differential crypt-
better complexity than brute force but still ineffective. analysis.
16. It is faster than DES. It is slower than AES.
17. It is flexible. It is not flexible.
18. It is efficient with both hardware and software. It is efficient only with hardware.

CSS Page 5
 18. It is efficient with both hardware and software. It is efficient only with hardware.

6. Explain Kerberos as an authentication service

Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. In
Kerberos Authentication server and database is used for client authentication. Kerberos runs as a third-party trusted server known
as the Key Distribution Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:

Authentication Server (AS):

The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.

Database:
The Authentication Server verifies the access rights of users in the database.

Ticket Granting Server (TGS):

The Ticket Granting Server issues the ticket for the Server

Kerberos Overview:

Step-1:
User login and request services on the host. Thus user requests for ticket-granting service.

Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are
encrypted using the Password of the user.

Step-3:
The decryption of the message is done using the password then send the ticket to Ticket Granting Server. The Ticket contains
authenticators like user names and network addresses.

Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request then creates the ticket for requesting
services from the Server.

Step-5:
The user sends the Ticket and Authenticator to the Server.

Step-6:
The server verifies the Ticket and authenticators then generate access to the service. After this User can access the services.

Kerberos Limitations:
• Each network service must be modified individually for use with Kerberos
• It doesn’t work well in a timeshare environment
• Secured Kerberos Server
• Requires an always-on Kerberos server
• Stores all passwords are encrypted with a single key
• Assumes workstations are secure
• May result in cascading loss of trust.
• Scalability

Is Kerberos Infallible?

CSS Page 6
 Is Kerberos Infallible?
No security measure is 100% impregnable, and Kerberos is no exception. Because it’s been around for so long, hackers have had the
ability over the years to find ways around it, typically through forging tickets, repeated attempts at password guessing (brute
force/credential stuffing), and the use of malware, to downgrade the encryption.
Despite this, Kerberos remains the best access security protocol available today. The protocol is flexible enough to employ stronger
encryption algorithms to combat new threats, and if users employ good password-choice guidelines, you shouldn’t have a problem!

What is Kerberos Used For?

Although Kerberos can be found everywhere in the digital world, it is commonly used in secure systems that rely on robust
authentication and auditing capabilities. Kerberos is used for Posix, Active Directory, NFS, and Samba authentication. It is also an
alternative authentication system to SSH, POP, and SMTP.

7. Difference between SHA1 and MD5

S.NO MD5 SHA1
1. MD5 stands for Message Digest. While SHA1 stands for Secure Hash Algorithm.
2. MD5 can have 128 bits length of message digest. Whereas SHA1 can have 160 bits length of
message digest.
3. The speed of MD5 is fast in comparison of SHA1’s speed. While the speed of SHA1 is slow in comparison of
MD5’s speed.
4. To make out the initial message the aggressor would want 2^128 On the opposite hand, in SHA1 it’ll be 2^160 that
operations whereas exploitation the MD5 algorithmic program. makes it quite troublesome to seek out.
5. MD5 is simple than SHA1. While SHA1 is more complex than MD5.
6. MD5 provides indigent or poor security. While it provides balanced or tolerable security.
7. In MD5, if the assailant needs to seek out the 2 messages having identical Whereas in SHA1, assailant would need to
message digest then assailant would need to perform 2^64 operations. perform 2^80 operations which is greater than
MD5.
8. MD5 was presented in the year 1992. While SHA1 was presented in the year 1995.

8. What are properties of Hash function

A hash function is a mathematical function that takes an input of arbitrary size and returns a fixed-size output, known as a hash
value or digest. The properties of a hash function are crucial to its security and usability. Here are some of the key properties of a
hash function:

• Determinism: A hash function is deterministic, meaning that given a specific input, it always produces the same output hash
value.
• Collision resistance: It is computationally infeasible to find two distinct inputs that produce the same output hash value. This
property is also known as “collision-free” or “non-collision”.
• Preimage resistance: Given a hash value, it is computationally infeasible to find an input that produces that specific hash value.
This property is also known as “one-way” or “irreversible”.
• Second preimage resistance: Given a hash value, it is computationally infeasible to find another input that produces the same
hash value. This property is also known as “second preimage resistance”.
• Avalanche effect: A small change in the input should result in a significant change in the output hash value. This property helps
to ensure that the hash function is sensitive to changes in the input.
• Quick computation: The hash function should be computationally efficient and fast to compute.
• Uniformity: The hash function should produce uniformly distributed output hash values. This property helps to ensure that the
hash function is resistant to attacks.
• Non-invertibility: It is computationally infeasible to recover the original input from the output hash value.

9. Explain role of Hash function in security

• Hash Function is a function that has a huge role in making a System Secure as it converts normal data given to it as an irregular
value of fixed length. We can imagine it to be a Shaker in our homes.
• When we put data into this function it outputs an irregular value. The Irregular value it outputs is known as “Hash Value”.Hash
Values are simply numbers but are often written in Hexadecimal. Computers manage values as Binary. The hash value is also data
and is often managed in Binary.

CSS Page 7
• A hash function is basically performing some calculations in the computer. Data values that are its output are of fixed length. Length
always varies according to the hash function. Value doesn’t vary even if there is a large or small value.

• If given the same input, two hash functions will invariably produce the same output. Even if input data entered differs by a single
bit, huge change in their output values. Even if input data entered differs huge, there is a very minimal chance that the hash values
produced will be identical. If they are equal it is known as “Hash Collision”.

• Converting Hash Codes to their original value is an impossible task to perform. This is the main difference between Encryption as
Hash Function.

10.

CSS Page 8
CSS Page 9