Question

1:-

What

is

the

need

for

security?

Explain

types

of

security

attacks.

Answer: - Computer security is required because of following reasons: Damage or destruction of computer systems. Damage or destruction of internal data. Loss of sensitive information to hostile parties. Use of sensitive information to steal elements of monetary value. Use of sensitive information against the customers which may result in legal action by customers against the organization and loss of customers. Damage to the reputation of an organization. Monitory damage, due to loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the reputation of the organization.

Types of security attacks are listed below:

Interception: This type of threat occurs when an unauthorized party (outsider) has gained access. The outside party can be a person, a program, or a computing system. Examples of this type of failure are illicit copying of program or data files, or wiretapping to obtain data in a network. Interruption: This occurs when an asset of the system becomes lost, unavailable, or unusable. An example is the malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system. Passive attacks The goal of the opponent is to obtain information that is being transmitted. There are two types of attacks: The release of message content is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. Traffic analysis: Suppose a sender is masking the content by using encryption an attacker still be able to observe the pattern of these messages. The attacker could determine the location and identify the communicating hosts and could observe the frequency and length of messages being exchanged.

Active Attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:

A masquerade attack usually includes one of the other forms of active attack. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification of message simply means that some portion of a legitimate message is altered, or that message are delayed or recorded, to produce an unauthorized effect. The denial of service prevents or inhibits the normal use or management of communication facilities.

Question 2:- List substitution techniques. Explain Ceasers cipher. Answer:- Substitutions are the simple form of encryption in which one letter is exchanged for another. A substitution is an acceptable way of encrypting text. Some Substitution techniques are listed below: The Caesar Cipher One-Time Pads The Vernam Cipher Book Cipher

Ceasers cipher One of the simplest examples of a substitution cipher is the Caesar cipher, which is said to have been used by Julius Caesar to communicate with his army. Caesar is considered to be one of the first persons to have ever employed encryption for the sake of securing messages. Caesar decided that shifting each letter in the message would be his standard algorithm, and so he informed all of his generals of his decision, and was then able to send them secured messages. Caesar used a shift of 3, so that plaintext letter pi was enciphered as cipher text letter ci by the rule

A full translation chart of the Caesar cipher is shown here.

PLAIN TEXT CIPHER TEXT

A B C D E F G H I J d e f g h i j

K L M N O P Q R S T U V W X Y Z q r s t u v w x y z a b c

k l m n o p

Using this encryption, the message SIKKIM MANIPAL UNIVERSITY would be encoded as SIKKIMMANIPALUNIVERSITY vlnnlppdqlsdoxqlyhuvlwb Cryptanalysis of the Caesar Cipher

Let us take a closer look at the result of applying Caesar's encryption technique to "SIKKIM MANIPAL UNIVERSITY" If we did not know the plaintext and were trying to guess it, we would have many clues from the cipher text. For example, the break between the two words is preserved in the cipher text, and double letters are preserved: The SS is translated to vv. We might also notice that when a letter is repeated, it maps again to the same cipher text as it did previously. So the letter K always translates to n. These clues make this cipher easy to break.

Question 3:- Explain in brief types of encryption systems. Answer: - The two basic kinds of encryption systems are key based and block based. Key based encryption is based on either single key or multiple keys. Block based encryption is based on either stream or block of characters.

Key based encryption

Symmetric algorithms use one key, which works for both encryption and decryption. Usually, the decryption algorithm is closely related to the encryption one. The symmetric system means both encryption and the decryption are performed using the same key. They provide a two-way channel to their users: A and B share a secret key and they can both encrypt information to send to the other as well as decrypt information from the other. As long as the key remains secret, the system also provides authentication, proof that a message received was not fabricated by someone other than the declared sender. Public key systems, on the other hand, excel at key management. By the nature of the public key approach, you can send a public key in an e-mail message or post it in a public directory. Only the corresponding private key, which presumably is kept private, can decrypt what has been encrypted with the public key. But for both kinds of encryption, a key must be kept well secured. Once the symmetric or private key is known by an outsider, all messages written previously or in the future can be decrypted (and hence read or modified) by the outsider. So, for all encryption algorithms, key management is a major issue. It involves storing, safeguarding, and activating keys.

Block based encryption

Block based encryption system is classified as stream and block encryption system. Stream encryption algorithm convert one symbol of plaintext immediately into a symbol of cipher text. The transformation depends only on the symbol, the key, and the control information of the encipherment algorithm. Some kinds of errors, such as skipping a character in the key during encryption, affect the encryption of all future characters. However, such errors can sometimes be recognized during decryption because the plaintext will be properly recovered up to a point, and then all following characters will be wrong. If that is the case, the receiver may be able to recover from the error by dropping a character of the key on the receiving end. Once the receiver has successfully recalibrated the key with the cipher text, there will be no further effects from this error.

Question 4:-Explain authentication header with necessary diagrams. Answer: - Authentication Header (AH) is one of the two core security protocols in IPSec protocol suite. AH provides data integrity, data source authentication, and protection against replay attacks. It does not provide confidentiality. This makes AH header much simpler than ESP. It is merely a header and not a header plus trailer.

An AH-protected IP packet

It provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram. What parts of the datagram are used for the calculation, and the placement of the header, depends on the mode (tunnel or transport) and the version of IP.

AH-Protocol Structure

The fields comprising the AH header are: Next Header: The next header field identifies the protocol type of the next packet header after the AH packet header. Payload Length: The length field states the length of the AH header information. Reserved field: It is for future extensions of the AH protocol. SPI field: shows to which SA the packet belongs. Sequence number: It is an incrementing value that prevents against replay attacks.

The authentication data: contains the information for authenticating the packet.

The operation of the AH protocol is simple especially for any protocol that has anything to do with network security. It can be considered analogous to the algorithms used to calculate checksums or perform CRC checks for error detection. This computed result is transmitted along with the original data to the destination, which repeats the calculation and discards the message if any discrepancy is found between its calculation and the one done by the source. This is the same idea behind AH, except that instead of using a simple algorithm known to everyone, it uses a special hashing algorithm and a specific key known only to the source and the destination. SA between two devices is set up that specifies these particulars so that the source and destination know how to perform the computation, but nobody else can. On the source device, AH performs the computation and puts the result into a special header with other fields for transmission. The destination device does the same calculation using the key the two devices share, which enables it to see immediately if any of the fields in the original datagram were modified either due to error or malice. Question 5:- Explain the processing of Encrypted E-Mail.

Answer:-

Overview of Encrypted E-Mail Processing

Encryption can potentially yield any string as output. Many e-mail handlers expect that message traffic will not contain characters other than the normal printable characters. Network e-mail handlers use unprintable characters as control signals in the traffic stream. To avoid problems in transmission, encrypted e-mail converts the entire ciphertext message to printable characters. An example of an encrypted e-mail message is shown in Figure.

Encrypted E-MailSecured Message

Notice the three portions: an external (plaintext) header, a section by which the message encryption key can be transferred, and the encrypted message itself. (The encryption is shown with shading.) The encrypted e-mail standard works most easily as just described, using both symmetric and asymmetric encryption. The standard is also defined for symmetric encryption only: To use symmetric encryption, the sender and receiver must have previously established a shared secret encryption key. The processing type ("Proc-Type") field tells what privacy enhancement services have been applied. In the data exchange key field ("DEK-Info"), the kind of key exchange (symmetric or asymmetric) is shown. The key exchange ("Key-Info") field contains the message encryption key, encrypted under this shared encryption key. The field also identifies the originator (sender) so that the receiver can determine which shared symmetric key was used. If the key exchange technique were to use asymmetric encryption, the key exchange field would contain the message encryption field, encrypted under the recipient's public key. Also included could be the sender's certificate (used for determining authenticity and for generating replies). The encrypted e-mail standard is designed to support multiple encryption algorithms, using popular algorithms such as DES, triple DES, and AES for message confidentiality, and RSA and Diffie Hellman for key exchange. Key management is the major problem with encrypted e-mail system. The certificate scheme is excellent for exchanging keys and for associating an identity with a public encryption key. The difficulty with certificates is building the hierarchy. Many organizations have hierarchical structures. The encrypted email dilemma is moving beyond the single organization to an inter-organizational hierarchy. Precisely because of the problem of imposing a hierarchy on a non-hierarchical world, PGP was developed as a simpler form of encrypted e-mail.

Question 6:- Explain the characteristics of good security policy.

Answer: - Characteristics of a good security policy are:

Coverage: A security policy must be comprehensive: It must either apply to or explicitly exclude all possible situations. Furthermore, a security policy may not be updated as each new situation arises, so it must be general enough to apply naturally to new cases that occur as the system is used in unusual or unexpected ways. Durability: A security policy must grow and adapt well. In large measure, it will survive the system's growth and expansion without change. If written in a flexible way, the existing policy will be applicable to new situations. However, there are times when the policy must change, so the policy must be changeable when it needs to be. An important key to durability is keeping the policy free from ties to specific data or protection mechanisms that almost certainly will change. For example, an initial version of a security policy might require a ten-character password for anyone needing access to data on the Sun workstation in room 110. But when that workstation is replaced or moved, the policy's guidance becomes useless. It is preferable to describe assets needing protection in terms of their function and characteristics, rather than in terms of specific implementation. For example, the policy on Sun workstations could be reworded to mandate strong authentication for access to sensitive student grades or customers' proprietary data. Better still, we can separate the elements of the policy, having one policy statement for student grades and another for customers' proprietary data. Similarly, we may want to define one policy that applies to preserving the confidentiality of relationships, and another protecting the use of system through strong authentication. Realism: The policy must be realistic. That is, it must be possible to implement the stated security requirements with existing technology. Moreover, the implementation must be beneficial in terms of time, cost, and convenience; the policy should not recommend a control that works but prevents the system or its users from performing their activities and functions. It is important to make economically worthwhile investments in security, just as for any other careful business investment. Usefulness: An obscure or incomplete security policy cannot be implemented properly, if at all. The policy must be written in a language that can be read, understood and followed by anyone who must implement it or is affected by it. For this reason, the policy should be succinct, clear, and direct.