modify or

the system but does not

oring of info rmation is example of passive
A passive attack makes atte , ve being tran smitted. The two types of
_—
s.
alter the sy
ve stem data or resource the information tha
attacks. The goal of opponent is to gain
passive attacks are :
1, Release of message contents
2. Traffic analysis

1. Release of message contents -

fro m lea rni ng sen sit ive and confidential information
opponent
We may want to prevent the s or ¢ mai l mes sages or files , transferredaNon
ugh telephon e call
through transmissions that take place
thro our aim 1s
le to unde rsta nd. Whe n we send a confidential email to our friend,
network .This is quite simp . If this mail is accessed by unauthonz
ed users then
nded pers on shou ld acce ss this mail
that only inte else. Such type of attack is called rele
ase of
sag e are rele ased agai nst som ewh ere
contents of mes
ents . Ther e are diff eren t secu rity mec han ism s are available to prevent such type of attacks.
message cont

Fig. 1.1 : Rele; ase of message contents

For example : Telephonic con versation betw .
ss
itive information if . cen two
, an electronic mail and a file m4Y
contents sens peo ple
ha 7
modification of these type of eanmi ss ly tran
io
as show
sfer it,
n innFig. 1.1
We woul d
like to prethir persnont
vd e from
: ple ol ——
Q > What are active attacks ?Cateporiae these attacks and explain one exam

cone
Scanned by CamScanner
 Active attacks involve modification of a data stream or creation of a false stream of messages.
Attacker aim in such type of attack is to corrupt or destroy the data as well as network itself.
Active attacks are divided into four categories :
1. Masquerade 2. Replay attack
3. Modification of messages 4. Denial of service
1. Masquerade :
A masquerade takes place when an attacker pretends to be an authentic user. It is generally done
to gain access to a system, or steal important data from system. It is generally done by stealing login id
and password of authentic user to gain access to a secure network. Once attacker gain access, they get
full access to the network for deletion or changing of data or network policies of organization as shown
in Fig. 1.2.

Fig. 1.2 : Masquerade

attack

Q.3 Distinguish between attack, vuinerability and access control.

Ans.:
Sr.No, | Attack
1. An assault on system
security through an
intelligent act that is
deliberate attempt to
| evade security services
and violate the security
policy of a system
2. Types of Attack :
Passive attack, Active
attack, Distributed attack, | Vulnerability, Software
phishing Attack,
Password Attack.
Gis i re a)eee
Voinerabitity Access control
An intended flaw in software Access control is a
code or a system that leaves it protective measure,
opens to potential exploitation in | technique device etc. that
the form of unauthoriz ed | remove
access or reducessthe
and or malicious behaviour. vulnerability.
Types of Vulnerability : Data Types of Access Control:
Vulnerability, Hardware Preventive, Corrective,
Recovery, Detective,
Vulnerability. © Deferent

Scanned by CamScanner
 ———— :
and System Security ( Mi ecess contr
—_— ocblockkey.d by
Attack eT meerabNs
No— | He rea l— ofthreavul is bl
t ti ner abilit
SNeNow|
Sr joo ee is without
ae ico
. Here _ —
3. Here a threat is in action mitigatio :
Example : Se er ck
Seal the cra
wall
: Water flow Example : Crack in the before water come
4. ee r crack
nitIn the
out 0!

wall and drips the man.

controls.
ent iat e bet wee n -vul nerability, threats and
Q.4 Dif fer

Ans. : Control
‘Threats
| Sr.No. g a control is an action,
A threat to a computin procedure, OF
1. A vulnerability is a software, set of device,
system is a ves or
hardware, procedural, or human that has technique that remo
weakness that may provide an circumstances threat
potential to cause reduces vulnerability,
attacker the open door to enter a the
is blocked by contro
l of
computer or network and have loss or harm.
vulnerability.
unauthorized access to resources
within the environment. or
A control
Vulnerability is a weakness in A threat is any potential
danger to information or countermeasure is a means
the security system.
systems. to counter threats.
Safeguard implemented to
| Paired with a credible attack, A threat agent could be
an intruder accessing the close vulnerabilities and
each of these vulnerabilities can
allow harm to confidentiality, network through a port mitigate threats in order to
or availability.
integrity, on the firewall, a process protect the confidentiality,
accessing data in a. way integrity and availability of
that violates the security system.
policy.

What are the system security goals ? Explain why the balance among different goals is needed
Dec. 2013, May 2014

Ans. :
Information security consists of methods used to protect data or information being transmitted for
preserving the integrity, availability and confidentiality of the information
1. Confidentiality :
The two important concepts :
Data confidentiality : Assures that private or confidential inf Ormation is not disclosed to
unauthorized individuals.
_ Privacy : Assures that individuals control information related to th em.
2. Integrity :
The two important concepts :
‘Data integrity : Assures information is chan ~*~ =
rized manner.

Scanned by CamScanner
 Cryptography and System$Security (MU) . 1-4

System integrity : Assures that the system performs its intended function properly and free from
unauthorized manipulation.
3. Availability :.
Assures that system works correctly and service is
_ available to authorized users. These three concepts are termed
as CIA triad and embody fundamental security objectives for
data and information services. tenn
Availability
Fig. 1.3 : CIA triad

Q.6 What are the key principles of security 7

Ans. :
There are five chief principles security they are : Confidentiality, integrity, availability,
authentication and authorization(access control) Other than this there are two more security
principles which links overall system as whole are :
Non-repudiation and notarization or signature :
Non-repudiation : It is an assurance that somebody cannot deny something. refers to the ability
to ensure that a party to.a contract or a communication cannot deny the authenticity of their signature on
a document or the sending of a message that they originated
Notarization : It is an act of authorizing legal document. The purpose of having a legal
document notarized is to ensure the authenticity of the signatures that appear on the document.

Q.7 Explain authentication and authorization.

Ans. :

Authentication :
Authentication provides a way of verifying the -identity of the user. In other words,
Authentication is the process of determining whether someone or something is, in fact, who or what it is
declared to be. The authentication of users prevents unauthorized users from gaining access to
information systems. ©
In connection oriented communication, both sender nA. receiver should be authenticated. In
connectionless communication only the user who is sending data should be authentic user.
Authorization:
Authorization means providing authority or permission of accessing the system, or privilege of
accessing data, directories, files etc of the system. Authorization is one of the most important security
aspects. It provides identification of the user as authorized user, It is a kind of permission given by the
network administrator for accessing the network.

Q.8 — Explain in detail different security mechanisms. PEM Oh ae itcmeeatn em sean

‘Ans.:
X.800 defines security mechanisms asfollows :
It is applied to ‘specific protocols in OSI layer or¢ to those which are not so specific to aly
"Particular protocol.
@s EM
Scanned by CamScanner
 1-5

c and System ity (MU)

.
Specific Security Mech an is m e some
into the app rop ria te prot ocol layer in order to provid
orated
These mechanisms are incorp
OSI security service.
Encipherment :
into a form that is not
readily intelligible. The
algorithms to transfo rm data
To use mathematical keys used.
and subsequent recovery depends on the algorithm and the number of
transformation
Lo
Digital signature : er of
ows the receiv
a is ap pe nd ed to, or cr yp to gr aphic transformation of data unit that all
The dat
ity of data unit against forgery.
the message to prove the source and integr
Access control :
used to enforce access rights to the resources.
Various mechanisms
Data integrity : |
Various mechanisms used to assure the integrity of the data.
Authentication exchange :
ation exchange.
used to ensure the identity of the entity by inform
The mechanism
Traffic padding :
pt.
in the data stream to frustrate traffic analysis attem
To insert bits into gaps
Routing control :
or can change the route if any attack is
To allow some selected routes in network for routing
ed
the netwo
in ct
dete rk.

Notarization :
exchange.
To use a trusted third party to assure certain properties in data
Pervasive Security Mechanisms
These mechanisms are not specific to any of the OSI security service or protocol layer.
Trusted functionality :
That which is perceived to be correct with respect to some criteria. (Ex.: as established by 4
security policy)
Security label :
The marking bond to a resource that designates the security attribute of the resource.
Event detection :
Detection of security related events.
Security audit trail :
Data collected and used to facilitate security audit.

Gs CRETETINIE
Scanned by CamScanner
 Pt

cnet and System Security (MU 1-6

Security recovery :
pted in
It deals with the recovery action and management functions for data that is lost or disru
the network during communication.

[email protected] Whatis computer criminal? What are different types of computer criminals?
Ans. :
Computer criminals are those who involved in computer crimes or who caught in doing computer
some kind
crime. Computer crime can be anything related to computer or computer network involving
criminal activity involving information technology infrastructure, including illegal access (unauthorized
access), illegal interception (by technical means of non-public transmissions of computer data to, from
or within a computer system), data interference (unauthorized damaging, deletion, deterioration,
alteration or suppression of computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing
computer data), misuse of devices, forgery (or identity theft) and electronic fraud.
Types of Computer Criminals
1. Script kiddies : They are not technically sound hacker. They hack only weak secured systems.
2. Scammers : They generally involved in email spoofing.
3. . Hackers group : They work anonymously, they create tools for hacking different kinds of
systems. These hacker groups are generally hired by companies to test their company’s security.
4, Phishers : They attempt to acquire password credit essential financial data by sending fake
email, messages, electronically.
5. Political/religious/commercial groups : The malware created by the computer criminals with
some political reason.
6. Imsiders : These attackers are the greatest threat for the organization. They are the persons who
reside inside the organization.
7, Advanced Persistent Threat (APT) Agents : These are highly skilled persons responsible for
highly targeted attacks carried out by extremely organized state-sponsored groups.

O00

Scanned by CamScanner
 2-4

C hy andSystem Security (MU)

Cryptography
Chapter 2: Basics of

Q.1 Define cryptography.

ret) and y,= 9,

Sreek wo! rds KPVLIT (hidden or sec
ov The word cryptography Comes fOr te ce of
at secret writing of information / message and
(writing). Cryptography is the art as well as scien
makes them non-readable. °

Q.2 Explain types of cryptography.

Ans.:
There are two types of cryptography i.e. symmetric key cryptography & asymmetric key
cryptography as shown in Fig. 2.1.

} Ciyptography

Simeetickay ovary
Fig. 2.1: Types of cryptography

(i) Symmetric Key Cryptography

Symmetric key cryptography is also called as secret key cryptography. In secret key
cryptography a single key is used for encryption as well as decryption. —
Encryption and decryption process uses same key as shown in Fig. 2.2.

Same key -

Fig. 2.2: Symmetric key cryptography

It is represented as P = D (K, E(P)).

For Example : Stream and block cipher, Data Encryption Standard (DES), Advance Encryption
Standard (AES) and BLOFISH.
Asymmetric key cryptography is also called as public key cryptography.
(ii) Asymmetric Key Cryptography
In mymmetric key cryptography two keys are used, one for encrypti d other for dec: tion
ryption and other for decryp
as thorwn in Fig. 2.3,
mere eeee ES

Scanned by CamScanner
 2-2
and System Security (MU

Plaintext —#} Encryption| : Deoryption |-—» Original

plaintext

Encryption key (ke) Decryption key (kd)

Fig. 23 : Asymmetric key cryptography

It is represented as P = D(Kd, E (Ke,P))

m.
) and Diffie Hellman key exchange algorith
For Example : Rivest Shamir Adiman (RSA
(eee
@.3 Explain substitution cipher.
Ans. : .
or bit of the plaintext is substituted or replaced
A substitution is a technique in which each letter
text.
by some other letter, number or symbol to produce cipher
Caesar Cipher
use of substitution cipher.
Julius Caesar introduced the easiest and the simplest
by the letter /alphabet which is three pl
ace next
In Caesar cipher technique each letter is replaced
to that letter which is to be substituted.
For example:
. : Sun rises in the East
Plaintext
Ciphertext : VXQULVHVLQWKHHDVW |
the letters 3 places down of each alphabet :
Following i is the list of possible combination showing
kl.mnopqrst uv wx yz
Wot labcdefghij
hertext|D EFGHIJKLMNOP QRSTUVWXYZABE
bet is given below:
The corresponding number equivalent to each alpha
abcdefghijk! mnopgqrstuvwxiy
20 21 22 23 24 25)
0123456789 10 ll 12 13 14 15 16 17 18 19
as
Mathematically the Caesar cipher algorithm can be expressed
C =. E(3,P)=(P+3)mod 26 ~
P = D(3,C)=(C-3)mod 26
Where ;
C ‘= Ciphertext/ or alphabet
P = Plaintext/alphabet
E = Encryption
D = Decryption
Mod 26 because in English there are total 26 alphabets . ,

Scanned by CamScanner
 = hl 4 ia i

will be having omy 25

tack: hec ause the attacker
Ce at t . >

Caesar cipher i amen) |

ypt the ciphertext. example of rail fence cipher.
possible keys to decr
7
ansposition Cipher
Q.4 What ie keyie9s Tr

bers occurs instead the; it

Ane. :
canst of
alphabets or num
there in no ba to produce ciphertext.
In transposition technique,
positions are changed or reordering of position of p
iques :
There are two types of transposition techn
(a) . Columnar transposition techniques
(b) Keyless transposition techniques
(a) Columnar transposition technique Is very simple to understand.
(1) Write plaintext message into a rectangle with some predefined size.
(2) Select the random key according to the size of rectangle also called columns.
(3) Read the text present in each selected random key columns.
(4) — Combine all text present in each column as per selected random key order.
(5) The resultant text called ciphertext as shown in Fig. 2.4.
Step 1: Plaintext
: Are you missing somebody.
123 4 § 6 ¢—Colurm size
alr |elyloju
Write plaintext lie}ejijn
row - by - row gis|o ®lb

Old sy¥

Fig. 2.4 : Cotumnar transposition technique

Step 2: Select random

key 5 423 16
Step 3: Read text present in each column according to key.
Step 4: Oieysmrisdesoyamgoumb
Step 5: Final ciphertext is
Ciphertext : Oieysmrisdesoyamgourmb
The ciphertext obtained in step 5 can be made more complicated by performing multi
‘< ‘
tip

of such permutations. Diffusion means permutation of bit or byte positions 2 Spe aes
: . .

(b) Keyless Transposition Techniques :

Keyless transposition technique also called Rail fence technique.
- Algorithm for keyless transposition technique is given below :
(1) White plaintext message into Zigzag order.
Gh RAS SOLOTIUES

Scanned by CamScanner
 2-4
cnptog raphy and System Security (MU)
(2) Read plaintext message of step 1 in order of row by row as shown in Fig. 2.5.
_ For example: Plaintext: be careful while chatting.

eee IMAI,
row 2—>b

Fig. 2.5 : Zigzag order of plaintext

Write plaintext obtained in row 1 and row 2. The resultant ciphertext is

. Ciphertext; eqeulhicatnbcrflwiehtig.
ttacker may. get clue to
This technique doesn’t want any key. Rows are also fixed (2) s so that a
break the ciphertext obtained using rail fence technique.
it inaactectangle, row by row, and
. A more complex way to encrypt the message woul d be to write
order of the columns. The order of the
then read off the message column by column, but to deci de the
column will be the key of the algorithm.
For example :
: The book is related to history.
Plaintext
Key : 4351267 | 7
Be BO Be AS BB
im: h se bo 0 k
oj s Tr. e ] a t

e d st o 6=U6h i s
“pte SF y
Ciphertext: BEOYOLHHSDOTIETERTROAIKTS
block ciphers in detail.
Q.5 _ Whatare the different types of ciphers? Describe
Ans.: ‘
algorithm is used for
(i) Cryptographic
transformation of plaintext into ciphertext.
-
(ii). The generation of plaintext into ciphertext in two
"basic ways Stream cipher and Block cipher.
This isi shown in Fig. 2.6

» Fig. 2.6 : Typesof Cipher

- BlockCipher
¢
atime. Generally a block sisize of
-@ A block ciotet operates’ on plaintext accepting 2 a block. of bit at
nah re 64 or 128 bits isused. es
generator: Block cipher are. aoa
(i) - Like in stream cipher block cipher also uses the concept of key
mantle, this is hecaute t samee cipher poe: alt be
for repeating text pattern, the.
oer 5 in mat

Scan ned by CamScant ner :

 25
stem Securi MU)
Cryptography and S' is the original plaintext hence
what
to cr yp ta na ly s t regarding
clu e apter.
generated which can
give
ph er s as we § hal l see later in this ch
block ci
chaining mode is used for k to avoid repeats iN pattebarns
d with current bloc er seq
y used in comput
vi ou s bl oc k is mi xe
(iii) As in chaining method, Pp re n stream Cl ph er so ge ne ra ll
consu ming the
Block cipher is little time
cryptographic algorithms.
Q,1
n and diffusion.
Q.6 Give difference between contusio Ane. :

Ans.:
Difference between Confusion and Diffusion
was ©

methe
‘Sr.No. | Confusion Diffusion Ciphe
plaintext statistics
1. Confusion obscures the _ relationship | Diffusion spreads the
between the plaintext and ciphertext. through the ciphertext.

2. | A one-time pad relies entirely on | A double transposition is the classic example

confusion while a simple substitution | of a diffusion-only cryptosystem. key |
cipher is another (weak) example of a
confusion-only cryptosystem.
3. Confusion alone is, apparently, “enough”, Diffusion alone is, perhaps, not enough, at
since the one-time pad is provably secure. least using relatively small blocks. A stream
cipher is simply a weaker version of a onc-
time pad.
The codebook aspects of such systems Well-designed block ciphers spread any
4.
provide confusion analogous to though on local statistics throughout the block, thus
a much grander scale a simple substitution. employing the principle of diffusion.

000

(we CEETERILTT
Scanned by CamScanner
 Chapter 3 : Secret Key Cryptography

Deze
1. © Explain any one af block ciphers with example. Also explain structure of DES.
Ans:
Standards and Technology (NIST). DES
DES is Nock cipher published by National Institute of
was originally developed by an IBM team formed in early 1970 in response to customer request for a
plaintext as a input and creates 64-bit
method to secure data. Data encryption standard takes 64-bit
Cighertext ie. it encrypts data in block of size 64-bits per block.
Divide plaintext message into 64-bit block each.
OR
block each and encrypted using 56-bit
The given plsintext message is divided into size 64-bits
key at che mitiallevel Fig. 3.1 shows conceptual view of DES.

64-bit 64 - bit . 64-bit -

plain text plain text
plaintext

56 - bit 56 - bit - bit

56 ——>
— OES key — » ODES key
kay

T 62 - bit 64-bit
apnertext ciphertext

Fig. 3.1 : Conceptual view of DES

key.
At the decryption side, DES takes 64-bit ciphertext and creates 64-bit plaintext and 56-bit
Steps
of DES
The principle of DES is very simple. Divide plaintext message into block of size 64-bits each,
into two
which is inital permutation. After initial permutation on 64-bit block, the block is divided
halves of 32-bit called left plaintext and right plaintext.
The leit plaintext and right plaintext goes through 16 rounds of encryption process along with 16
gets
different keys for each rounds. 16 rounds of encryption process left plaintext and right plaintext
combined and final permutation is performed on these combined blocks. The result of final permutation
pro duc
6{bit es
of cipherte in n
xt as show Fig 3.2.

fs}2239-seiaitons

Scanned by CamScanner
I

| menmmemmemenne
| — -
| and System SecunyS
Cryptography
|
Initial permutation —

Left plain | | Right plain

text (32-bit) | | text (32-bit)

a. 2 LLL:
8 : Encrypted data
| ny
| | . LLL:
Round 16 Round 16

Final permutation

64 - bit ciphertext

Fig. 3.2 : Detail Steps in DES

Q.2 Explain Initial permutation steps in DES.

Ans.:
Initial permutation is the process of rearranging or shuffling each bit of original plaintext block
with any other random bit of same plaintext message block.
: For example : First bit of original plaintext block replace with 48" bit of original plaintext block,
the 2" bit replaces with 57" bit of original plaintext message shown in Table 3.1.
Table. 3.1 : Initial permutation

48 | 57 | 59 64

1
2.43 7
Piaintext block (64 bits)

This process called jugglery off bitit positio ‘ xt block

positi n of plainte which is . .
. .
plaintext blocks in a sequence. After initial permutation the 64-bit jladetees ee aval ge
‘ac TET ETM ——
Scanned by CamScanner
 = ,
l ty (MU)
Securi
stem Secur
Cpeme Cryptography and System
ei as
envryptic H proceay were vornpleled on LAP
hal es LPT (32-bit) and RPT (32-bit), Now 16 rounds of
and RPT. .
Panne hae!
” *
a.3. What are advantages and disadvantagos of DES

Ans. :
Advantages of DES
2 ~The DES encryption technique ideally suiled for iinplementation of hardware Chit shifts,
lookups etc).
2. Dedicated hardware could run DES at 200 M byte/s, ey.
3. Technique well suited for voice, video encryption. .
combinuti in a “a
uses 56-bit keys so that there are 2° possible key y combinations which ix roughly equal to
4. DES
7.2x 10'° keys required to break DES tie
a thousand
_ A machine performing, one DES encryption per microsecond would take more than
_ the cipher.
year to break
markedly,
_ 6 Ifasmall change in either plaintext or the key, the ciphertext should change
:
_ Disadvantages in DES
that much hard theve days, fe
AL "Trying all possible combination of 2° possible keys is not
2, If you spend ~ $25 K you can build.
the solution after 2%
3, - . Inan exhaustive search known plaintext attack, the cryptanalyst will obtain
i.e. 3.6029 x 10° trials on an average.
in few hours,
4, ‘If you spend $25 K you can build DES password crackers that will successes
:
Q4- Write-short note on ; Multiple DES or double DES.
Ans.: ‘

Double performs the same operation as DES only difference is that double DES use two keys
ted using K1 obtains first ciphertext
K1 & K2. First it perform encryption on plaintext which is encryp
K2 & converted into final ciphertext.
again this ciphertext is encrypted by using another key called
2 ~ Mathematically double DES is represented as
ee
Pt = EK1(Pt) => TEMP = EK1(Pt) => EK2(E(K1())) => Cp= EKU( 1(Pt)))
E(K
Where. | Pt Plaintext

AE ERO Encrypted plaintext with Key K1

.
ie es
results ©
: TEMP EK1(Pt) = Temporary Variable to store
|
EKXE(KI(P))) Encrypted Results of first step using K2
Cp Final Ciphertext.
ever the ciphertext obtained after
Decryption of Double DES is reverse of ‘Encryption. What first ciphertext, the result of
= “ double DES encryption process get decry pted using K2 & obtain the
h yields the original plaintext.
=f PTEMOUS step (ciphertext) decrypted using K 1 whic
_ @.5 Write short note on : Multiple DE triple DES.
or S

‘Scanned by CamScanner
 and System Secu(MUri) ty oe
uses
perf orms the same oper: ation as doub le DES only difference is that triple DES
Triple DES h is
three keys K1, K2 & K3 while encrypting plain
text. First it perform encryption on plaintext whic
another key
encrypted using K1 obtains first ciphertext agal in
this ciphertext is encrypted by using
again éncrypted using K3 & converted into final
called K2 which obtains the second ciphertext which is
ciphertext Cp.
Mathematically, Double DES is represented as,
Pt => EK1(Pt) > TEMP = BK1(Pt)=> = EK2(E(K1(P))) => EK3 (EK2(EK1(Pt)))
=> Cp = EK3 (EK2(EK1(Pt)))
Where Pt = Pilaintext
EK1(Pt) = Encrypted plaintext with Key K1
TEMP = EK1(Pt)= Temporary Variable to store results
EK2(E(K1(P))) = Encrypted Results of first ciphertext using K2
EK3 (EK2(EK1(Pt))) = Encrypted Results of second step using K2
Cp = EK3(EK2(EK1(Pt))) Final ciphertext encrypted using K1, K2 & K3
Decryption of Triple DES is reverse of Encryption.
decrypted using K3 which
The final ciphertext obtained after Triple DES encryption process get
results first ciphertext, first
results second ciphertext, second ciphertext decrypted using K2 which
ciphertext again decrypted using K1which generate the original plaintext Pt.
ion process.
Q.6 Whatis International Data Encryption Algorithm (IDEA) ? Explain key generat
Ans.:
It is a block cipher algorithm designed by Xuejia Lai and James L. Massey of ETH-Zirich in
and
1991. It is a modified version of Data encryption Standard algorithm. It operates on 64-bit plaintext
ciphertext blocks and key used is of 128 bit. It was used in Pretty Good Privacy PGP v2.
Total 8 numbers of rounds are done using 6 keys in each round: Like this 48 keys are there and in
last round another 4 keys (6*8= 48 + 4=52) are used for both encryption and decryption. The operations
performed in this process are i) XOR ii) Addition iii) Multiplication

Key generation process :

The 128 bit keys are divided into 8 sub parts i.e. 16 bit in each subpart. Then this 128 bit key is
cyclic shifted to the left by 25 positions and generates a new 128 bit key. Similarly this 128 bit key is
divided into 8 sub blocks which will be used in next round. The same process is repeated from which 52
keys are generated, Table 3.2 show sub blocks of key generation,
Table 3.2 : Encryption of the key sub-blocks

Round 1 a) @) 0) a)
. Z, Z, Z, Z, Z, Z,
Round 2 @ 2 2 ~2 _@) _@)
Z, Z, Z, Z, 2. Z.
Round 3 3) @) 8) -@) _@) _@)
a 2, Z, zy Z., Ze

‘ns
Scanned by CamScanner
 Li a iS a

a Ronde 2 z: z; z z ze
b se Round 5 . 7” z +3 ca ee 2

Round 6° ’ oe Zs ‘ee Zs a

a6 7 Round 7 Z. 2 Z, L Ze
ine

i a oS . ml Round8 ~ z. Zs E. Z ra -

Output Transform Z. Z. Z Z.

~. Q.7 Whatare block cipher algorithmic modes ? Describe any two modes. Ea
;
" Ans. :
cipher rather that
. The block cipher is basic building block for providing data security. In block
encrypting one bit at a time, block of bits is encrypted at one go. ~
The Federal Information Processing Standard (FIPS) defines four modes of operation for block
algorithms
cipher that may be used in a wide variety of applications like symmetric key cryptographic
(DES, AES etc).. The modes apecaly how data will be encrypted and decrypted. The modes included in
this standard are:
7 Electronic Codebook (ECB) mode
Pm

Cipher Block Chaining (CBC) mode

Cipher Feedback (CFB) mode and ~
Pw

_Outpit Feedback (OFB) mode

Counter (CTR) Mode .

Electronic Codebook (ECB) Mode

5sIn Electronic Codebook (ECB) mode the given plaintext mnmessage is divided into blocks of 64 bits
: cme and each 64-bits blocks get encrypted independently. The plaintext block produces ciphertext of
_ ‘same size (64-bits each). The given piginiens is encrypted using same key. and transfers the encrypted
data (ciphertext) to receiver.
At the receiver end each block is deciypted independently using same key iin order to produce
original plaintext message of same size i.e. blocks of 64-bits each. The Electronic Codebook (ECB)
mode eenenipion and decryption process is shown in Fig. 3.3 and Fig. 3.4.
Plaintext >= Plaintext. * ; Plaintext
block 4 “<> .plock2 0 blockN -

Key—»} Encrypt] Key—+| Encrypt] -- Key —s[ Ener

Ciphertext ~ Ciphertoxt eg itices - Ciphertext. re a
block1 =. block
2 Blok
Me 33: ‘The Electronic Code Book ee ) modele encryEtion Pprocess See

=,
Scanned by CamScanner
 3-6

lo
stem Security (MU)
‘ Cryptography and Sy block in the
C of mo re . than one plaaintext
acker or Cry ptanalyst.
occurren ce
B mode is that for the gives clue to the att
The drawback of EC put, which the
gen era tes the sam e cip hertext bloc k in the out rat ion wh er e the chances of repeating
input m ode of ope
be encrypted using ECB
Only small messages can
quite less.
same plaintext message are text air
Ciphertext Cipher
block 2 bloc
block 1
| _
Decrypt
Decrypt] -- Key—>
Key ——» Decrypt Key

Plaintext
Plaintext Plaintext
block 2 block N
block 1
(ECB) mode decryption process
Fig. 3.4 : The Electronic Code Book

2. Cipher Block Chaining (CBC) Mode

for repeated
the prob lem of repet ition and order inde penden ce in ECB even
To overcome , each
) mode is used. In the ciphe r- block chaining mode
plaintext the Cipher Block Chai ning (CBC
ciphertext block before being encrypted.
block of plaintext is XORed with the previous
an initialization
mode the first block of the mess age (plaintext bolck1) is XORed. with
In CBC input message
r (IV). Initi aliza tion Vecto r doesn ’t have special meaning it is simply used to make
vecto
more complicated or unique. good
crite ria for IV are fixe d-si ze input valu e it should be random or pseudorandom. A
Different ation plaintext blocks are
unpredictable. In all modes of oper
initialization vector should be unique and using
esponding ciphertext blocks are represented by
represented by using P1, P2, P3........... Pn and corr
if plaintext block repeats in the
Cl, C2, C3, Cn. In case of cipher block chaining mode even
rtext blocks as shown in Fig. 3.5.
input, output of CBC mode yields totally different ciphe

" Plaintext Plaintext Plaintext

block 1 block 2 block N
Po Py
Initialization (jy)
vector |

, Ly Bb Cues —b
:
1
¥

K — I Encrypt K ——» Encrypt] ----- K Encrypt

} |
Cy Cy Cn
Ciphertext Ciphertext Ciphertext
block 1 block 2 block N

Fig. 3.5 : Cipher Block Chaining (CBC) mode encryption process

is : applicable whenever ‘ large amounts ts of of data need t | erat

CBC mode eat securely, prov 4
(e.g. email, FTP, web etc.). In CBC ae
“ ;
all data is available in advance
ke ciphertent Bios’
decrypted using same key used during encryption process for all plainte Xt tok DIOCKs.
An OTST Inne
Scanned by CamScanner —
beste
i Re aoe
Bs ue

4-7
rity ( MU)
Cryptograph and System secu pilaivite sf block
|
or VY ried prdiees
witih h initializsation y yect block | whieh
M with eipherte at
{ R
is step is then XO ou tp ut ts KO
d ita
k 2 is decrypted an pireretite e original
eip the ciapheratatenxt bloc ess for al} ci ph er te xt tlew hin order ts
ai nt block 2. _ReRe peapeat the proc
ot
nresult s
shown 19 Fig. 3.6.
plaintext blocks as Ciphertaxt
( iphertent
Ciphertext block N
black 2
block 1 Oy
Gy
C,

Ko Decrypt]
Decrypt _K ptal
K —+

Cuar—— 0k j
4
IV

Pa Pry
Py Plaintext
Plaintext
Plaintext block N
block 1 block 2

mode decryption process

Fig. 3.6 : Cipher Block Chaining (CBC)
rg

Qa.8 Write short note on BLOWFISH.

Ans. :
Blowfish is a symmetric block cipher, designed in
1993 by Bruce Schneier and can be effectively
k
ted theft. Blowfish is a 64-bit symmetric bloc
used for encryption and protecting data from unwan
ts (14 bytes),
cipher that uses a variable-length key from 32 to 448-bi
for encrypting 64-bits of plaintext and converts it into
The algorithm was developed
the algorithm were
64-bits of ciphertext efficiently and securely. The operations selected for
required for encrypting
table lookup, modulus, addition and bitwise exclusive-or to minimize the time
and decrypting data on 32-bit processors.
BLOWFISH Encryption Algorithm
7 Let us start with the BLOWFISH encryption process, during encryption, the 64-bits plaintext is
divided into left plaintext LPT (xL) and right plaintext RPT (xR) 32 bit each,
In the first round, left plaintext (32-bits) XOR with first subkeys of P-array (consists of 18 32-bit
aie dart Pal which generates new output of 32-bits which is again inserted through a
ansformation function called F, which then XORed with the right plaintext 32 bits sage (
produce a new value as shown in Fig. 3.7. an *2 ts of the message
undergoes
thro
Now swappiFng eybetween newly generated LPT (xL) and RPT (xR) was done which
p se: s large key dependent
5 l = S-boxes.
3 The detail step of 5 :
FISH
, 5

1. The input is a 64-bit data element, x.

2. Divide x into two 32-bit halves: xL, xR.
3. Then, for i= 1 to 16:
4, xXL=xL XOR Pi

Scanned by CamScanner
 5 xR = F(xL) XOR xR
6. Swap xL and xR
undo the last swap.
7, "After the sixteenth round, swap xL and xR again to
8 Then, xR = xR XOR Pal7 and xL = xL XOR Pal8.
9 Finally, recombine xL and xR to get the ciphertext.
each). The
The F function takes the 32-bit input and separates it. into 4 bytes (8
-bits

S-boxes accept 8-bit input and produce 32-bit output.

84 - bits.
; PLAIN TEXT|
32 bits 82 bits

p1—aefy Lert) RPTOR]

32 bits
32 bits p= 32 bits 5

p2—
ED)
32 bits

—
13 More iterations

P1e—>€ 5
32 bits?
= ty
*D

PIEB—-€D so bits . 32 bits & On Ss PI7

64 bits
CIPHER TEXT.
Fig. 3.7: BLOWFISH Encryption process

The 32-bit output of the S-boxes is then added, XORed and then added again and finally
produces 32-bits output ciphertext as shown in Fig. 3.8.

Scanned by CamScanner
 @ - bite re” 32 - bits

ADDITION operation

8 - bite Ts box2 32 - bits

Input . XOR operation
+

8 - bits
S$ - box 3:
32 - bits

je ADDITION operation
ADDITION operation
8 - bits IE borg
32 - bits

Fig. 3.8 : Blowfish F function

key, blowfish can -
DES uses 56-bit
The major difference between DES and BLOWFISH is that
have a key that ranges from 32 to 448-bits.
part also called sub key ‘generation
Blowfish algorithm consists of two parts: a key-expansion Pal8
data encry ption part. Decry ption is exactl y the same as encryption, except that Pal, Pa2,...,
and a
are used in the reverse order.

[email protected] Explain in detail subkey generation technique.

Ans. : ;
arrays totalling 4168 bytes.
This process converts a key of at most 448 bits into several subkey
Blowfish uses a large number of subkeys.
tion. The P-array consists
These keys must be pre-computed before any data encryption or decryp
of 18 32-bit subkeys :
s each :
Pal, Pa2,..., Pal8.There are four 32-bit S-boxes with 256 entrie
§1,0, S1,1,..., $1,255;
§2,0, S2,1,..,, $2,255;
$3,0, $3,1,..., $3,255;
$4,0, S4,1,..,, $4,255.
Subkey generation steps :
Following are the steps of subkey generation using the Blowfish algorithm :
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string
consists of the hexadecimal digits of pi.
Forexample:
Pal = 0x254f6aal
Pa2 = 0x45b307d4

Gr
Scanned by CamScanner
 ty (MU)_
ptography and System Security (0°
Pa3 = 0x12298a2f
Pad = 0x02506355 key, and so on
of the key, XOR Pa2 wit h the second 32-bits of the
XOR Pal with the first 32 bits the entire
sibly up to Pa14). Repeated ly cyc
le through the key bits until
for all bits of the key (pos
P-array has been XORed with key bits. s 1
the Blowf is h algo rith m, usin g the subkeys described in step
Encrypt the all-zero string with
»

and 2.
Replace Pal and Pa2 with the output of step 3.
algorithm with the modified subkeys.
NAN as

Encrypt the output of step 3 using the Blowfish

Replace Pa3 and Pa4 with the output of step 5.
then all four S-boxes in order, with
Continue the process, replacing all entries of the P- array, and
d subkeys.
the output. Total 521 iterations are required to generate all require

Q.10 Write short note on CAST 128.

Ans. :
CAST 128 :
(1) _ It is a symmetric encryption algorithm.
(2) | Developed by Carlisle Adams and Stafford Tavares.
(3) It belongs to Fiestel cipher structure. ~
(4) It is similar to Data encryption standard.
(5) Input: plaintext m1...m64; key K = k1...k128.
(6) Output : ciphertext cl...c64.
(7) Key size can vary from 40 bit to 128 bit key.

Q.11 Write working of AES algorithm in detail. .

Ans. :
The Advanced Encryption Standard (AES Algorithm) is a Symmetric key cryptographic
algorithm published by National Institute for Standards and Technology (NIST) in December
2001.
The plaintext given is divided into 128 - bit block as consisting of a 4 x 4 matrix of bytes.
Therefore, the first four bytes of a 128-bit input block occupy the first column in the
4 x 4 matrix of bytes. The next four bytes occupy the second column, and so on. AES operates on
a 4 x 4 column-major order matrix of bytes; called as state array shown in Fig. 3.11. AES also
has the notion of a word. A word consists of four bytes that is 32 bits. The overall structure of
AES encryption and decryption process is shown in Fig. 3.9.
The number of rounds are 10, is for the case when the encryption key is 128 bit long:
- (The number of rounds is 12 when the key is 192 bits and 14 when the key is 256.) Before ay
round-based processing for encryption can begin each byte of the state (plaintext) is combi ined
with the round key using bitwise XOR operation. Nr stands for number
of rounds.
AES divide plaintext into 16 byte (128-bit) blocks, and treats each block as a4 x 4 State array ®

Ga shown in Fig. 3.9, It then performs four operations in each round consists of several iD

Scanned by CamScanner
 umn-wise mixing step, and the
sub sti tut ion step , a fow -wise permutation step, a col tical.
steps like
Exc ept for the last rou nd in eac! h case, all other rounds are iden
d key.
addition of the roun ns) it inc lud es only Su bBytes, ShiftRows
and
t have (Mi xCo lum
Final Round doesn’
AddRoundKey.
ntext using same encryption
oc es s of tr an sf or mi ng th e ci ph er text back into the original plai
e The pr cryption process the set of rounds
are
on process of AES, during de
key is called as decrypti
reversed.
“ Plaintext(1 28-bit)
Plaintext(1 28-bit)

1" Round tk ‘fdd round key] Final Round

Add round key]
| mote Sey InvSubBytes
aie =
SubBytes
~ ShittRowe | | Repeat
Nr-1
Mixcolumns Bound
Add round key Repeat
—# Add round key 4 > Nr-1
Round key ' Bound
InvsubBytes :

—+ InvShiffRows
isthe Round key
ShiftRows Final round i
Add round key}Yii 4% Round
Add round k
Round —_—T

‘ Cipher text (128-bit) Cipher text (128-bit)

Fig. 3.9 : AES Encryption and Decryption process

Detall Steps for AES Encryption

For encryption, each round consists of the following four steps :
(1) Sub Bytes (2) Shift Rows

(3) - Mix Columns, and (4) _Add Round Key

1. The SubByte step/Substitute byte :

SubBytes() consists of replacement of each byte using a fixed S-box lookup table as shown in
Fig. 3.10 to achieve non-linearity into the 4 x 4 state array (16 byte). It performs roughly the same
function as the S- BOX in DES.
It operates on each byte in the state and performs a non-linear substitution in the Galios Filed GF
(2) field, which is what makes AES a non-linear cryptographic system.
Y
oO ]1 12 13 |4 15 |6 17 18 |9 Ja |b.
bp 3 |
a.

fa]
Qa

x (2 ] 63 | 7 | 77 | 7 | F2 | 6b | 6f | C5.| 30 | 1 67 | 2b | Fe
ca | 82 | C9 | 7d | Fa | 59 | 47 | FO | Ad | D4 | A2 | Af 9c | A4 | 72 | CO

Qn
Scanned by CamScanner
 ro

o 11 12 13 {4 [5 [6
b7 | Fd | 93 | 26 | 36 | 3f 27 | B2 | 75
2 | 96 |5 | 17 12 | 80 = > b | aCe
; 3 ta |o7}23 |c3|18
scr
i 4 19 |83 | 2c | 1a | Ib | 6e | Sa _| AO | 52 3b | D6
Be | 39 | 4a | 4 f
| 5 |53 |p1 lo | Ed | 20 | Fc | BI | Sb | 6a _| ©
> |7£ | 50 | 3c | 9F | AB
6 |po| ef | Aa | Fb-| 43 | 4a | 33 | 85 | 45 | F9
21 | 10 | Ff | F3 | D2
7 |51 |A3 140 | sf | 92 | 9d | 38 | FS | Bc | B6 | Da
[Ee [sr [97 [44 [17 [ca | a7 | 7e | 3d | | SA 1 73
3 lca loc 113
|4f | Dc | 22 | 2a | 90 | 88 | 46 | Ee | B8 | 14 | Be | Se Ob | Db
9 |e 181
| la [eo 132 13a loa 49 lo. | 24 | 5c | c2 | D3 | Ac | 62 | 91 | 95 _| B4 | 79
i b| E718 | 37 | 64 | 8 | Ds | 4e | A9 | 6c | 56 | F4 | Ba | 65 | 7a | Ac | 8
i c | Ba |78 125 | 2e | 1c | A6 | B4 | C6 | B8 | Dd | 74 | If | 4b | Bd | 8b | 8a
| ad |70 |3e |B5 66 |48 1/3 |F6 | Oe | 61 |35 | 57 | B9 | 86 | CI | Id | 9
e |E1]F8 {98 | 11 | 69 | D9 | 8e | 94 | 9b | le | 87 | E9 | Ce | 55 | 28 | Df
f | 8c | Al | 89 | Od | bf | E6 | 42 | 68 | 41 | 99 | 2d | Of | BO | 54 | bb | 16
Fig. 3.10 : S-Box Lookup table for SubBytes

TT SubByte 1

10 21.CO 81 CA FD BA 0C

60 byte(1 28-bit) 6B C5 7C 3F
State Arra 08 07 01 28
" 27 12 19 21 blocks CC C9
D4 FD
a
15 27 30 35

Fig. 3.11 : SubByte transformation

Fig. 3.11 shows the state transformation using SubBytes techniques and if apply reverse called as
InvSubBytes transformation which will create original values. For every same two byte value the
resulting transformation is also same. It also shows that the InvSubBytes transformation creates the
original one. Note that if the two bytes have the same values, their transformation is also the same. The
corresponding substitution step used during decryption is called InvSubBytes. .
2. = ShiftRows:
The output of the SubByte transformation is input to the ShiftRows transformation which
consists of rotation of each byte of the state array in the order of a row of data matrix (rotation of row
byte positions are done in this step). Each byte of the first row remains unchanged. Each byte of the
‘as GITHTI
Scanned by CamScanner
 _ 3-13

n. Similarly the third and fourthrows are also .

sec ond row rotate over on © byte to the left positio
is to in Fig. 3.12. The corresponding transformation during
stated left by and three position as shown
decryption process is called Inverse shift row transformation (InvShiftRows).

©9} 30] FF| 64 o9| 30 | FF] 64

F2| FE} 60 | 25 FE | 60 | 25 | F2
12) 16) 7E| E4 . 7E| G4] 12] 15
AA| FE|.84 | D7 07| AA| FE| 84
nvShiftRow!

Fig. 3.12 : ShiftRows transformation

3. MixColumns :
Mix Columns performs operation on the state array obtained from ShiftRows column-by-column
and each column is multiplied with row of a fixed matrix. This step takes four bytes as an input and
produces outputs of four bytes (each input byte affects the output bytes). The four numbers of state
arrays of first column are modulo multiplied in Rijandeal’s Galios Filed (GF) by a given matrix as
shown in Fig. 3.13. In AES MixColumn step along with ShiftRows are primary source for providing
complete diffusion to the cipher produced.

02/03] o1]ot) | D4} Eo] Be} 1E 041 E0| 48 | 28

01/02] 03] 01 BF] B4| 41] 27' 68 | CBI FS} 08
01] 01] 02/03] ~ |sD] 52] 111 98. 81| 19] D3] 26
03] 01] 0i{02] | 90|AE| F1] FS /E5| 5A} 7A| 40.
Predefined matrix State array . New state
Fig. 3.13 : MixColumns transformation

From Fig. 3.13 on the left hand side, the row of the leftmost matrix is multiply with column of
state array (XOR operations) which produces the new state. Perform the same operation on all columns
' which provides diffusion (mixing data within columns). The 4 bytes of each column in the State are
treated as a 4-byte number and transformed to another 4-byte number via finite field mathematics
(modulo multiplied in Rijndael’s Galois Filed by a given matrix) as shown. MixColumns step is primary
source of diffusion in AES.
4. AddRoundKey :
_In the AddRoundKey step, the Round key one generated using Rijndael's key schedule is
combined with the new state obtained from MixColumns transformation state.
The round key is added by combining each byte of the state array using bitwise XOR
Operations. The actual ‘encryption’ is performed in the AddRoundKey( function, when each byte of
State array is XORed with the round key as shown in Fig. 3.14.
G@s ETI
Scanned by CamScanner
 4
———TOETA4
oundKey
Fig, 3.14 : AddR
d for nine rounds i.e Repeat Subbltyte, Sbiftierws
AddRoundKey 18 applie
The same proces:
OR Ro und key 9 more times. Hound doesn’t tere
MixColumns step and XOR with ds are ide nti cal . Fin al
h case, all other roun
Except for the last round in eac tRows and RoundKey.
it inc lud es onl y Su bB yt es , Sh if reverse
MixColumns step ail steps of ABS. A set Of
r perfo rming det
i t cipher text will obtain afte an d Incalled ) to transtornof
lurnnsption
vMixcoDecry
es, Add Rou ndK ey
ae encryption key process
rounds a plied d (h(i.e.J
are applie dnvS tR ows, InvSubByt
e nvShif
the
cipher text back into the original plaintext using
AES.
AES Decryption
Decryption occurs through the function AddR oundKey
( ), plus the inverse AES functions
undKey () does not require as intense
InvShiftRows (), InvSubBytes (), InvMixColumns () and AddRo
applied once, and decrypts
function, as it simply XORs the state with the subkey (XOR encrypts when
when applied again).

[email protected] Compare AES and DES.

Ans. :

Comparison of AED and DES :

"Sr. No. DES
1. Data encryption standard takes 64-bit
plaintext as a input and creates 64-bit
Ciphertext i.e. it encrypts data in block of
size 64-bits per block.
In DES plaintext message is divided into
size 64-bits block each and encrypted
using 56-bit key at the initial level.
The left plaintext and right plaintext goes
through 16 rounds of encryption process
along with 16 different keys for each
rounds.
4, DES uses 56-bit keys so that there are e
possible key combinations which is
Lipa roughly equal to 7.2 x 10' keys required
(@oGIIETINUITT
AES
It allows the data length (plain text size) of
128, 192 and 256 bits.
AES divide plaintext into 16 byte (128-bis)
blocks, and treats each block as a 4 x 4 State
array and supporting three different key
lengths, 128, 192, and 256 bits.
The number of rounds are 10, is for the case
when the encryption key is 128 bit long. (As
mentioned earlier, the number of rounds is
12 when the key is 192 bits and 14 when the
key is 256.)
AES is stronger than DES because of key
size vary from round to round.
.
: SS Sh ates
a: Ee
ae eR e oes

Scanned by CamScanner
 ae RSS OS a ccc
isanntay SHS ge TUTININS ‘1 i FLINT Bir fSS eT

- Cryptography and System Security (MU) : 25,

_| to break DES cipher.

5, Different versions of DES are double DES | AES doesn’t have any future version.
and triple DES is added.
6, DES doesn’t use Mix Column, Shift Rows | AES uses Mix Column, Shift Rows method
method during encryption and decryption | during encryption and decryptton process
. process — ;
7. DES, double DES and Triple DES (168-bit | AES also are vulnerable to trate force
j key) are vulnerable to brute force attacks. | attacks.

000

Scanned by CamScanner
 ;
me Chapter 4 : Public Key Cryptography

Q.1 - What is principle of public key cryptography ?

Ans. :
algorittins,
Public key algorithms also called as asymmetric key proc oxy (one key
for encryption
encry ption and decryption nuy mmetric key
Two different keys are used during bestexamp! co of
ithm {s the
and second key used at the time of decryption). RSA algor
ctyptography as shown in Fig. 4.1.
Private key (only known to owner).
Public key(possibly known to everyone).
Encryption Cipher text
Plaintoxt public key @

crente 99 Plaintoxt
Cipher text n
Decryptio
:

Fig. 4.1
:
ret key. .
It is easily configurable than sec
orithm (Public key algorithm).
- @.2 Write a detail note on: RSA alg

y Ans.: de man have developed this algori

thm (Rivest-Shamir-
est , Adi Sha mir and Len Al
Ron Riv cipher which converts plain text
. encryption algori thm. It is a block-
Aldeman) in 1978. It is a public -key .
d vice versa at receiver side
into cipher text at sender side an
s:
-. The algorithm works as follow
b.
1 Select two prime numbers a and b where a#
2 Calculate n ==a*b
Calculate $(n)= (a- 1) *(b-1).
3:
<o(n).
40 Select e such that, e is relatively prime to $(n) ie. gcd (e, (n))= 1 and 1 <e
53
Calculate of such that d=e mod o(n) or ed mod. mS iy
i) Public key= {e, n}, private key= (d, n}.
7. Find out ciphertext using the formula,,
‘c= : P’mod n where, P<nand
one 4 : 2 Ce Ciphertext, P= Plaintext, e= Encryption key and n = Block size.-
“t s , Ps Ct mod n, Plaintext P can be obtain using thee given formula |

——,,
Scanned by CamScanner
 Where, d= decryption key.
n key
Both sender and receiver know the value of n. In addition, the sender must know encryptio
tion key ‘d’.
te’ and receiver must know decryp

Example:
1. Select two prime numbers a= 13, b= 11.
9 neatb=13* 11 = 143.
3. = (13-1)
on) * (11 - 1) = 12* 10= 120.
4, e = 13, ged (13, 120) = 1.
Select
d:
5. - Finding .
e*d mod $(n) = 1
13 *d mod 120=1°
Do the following procedure till you are not getting a integer numbers
, q = G@*pel
e

d = 2041) 121 -930G=1) i= 1 to 9

where,

d = 204128) 18.53 (i= 2)

d = sort = 36h = 27.16 (i= 3)

; Henced = 37
6. Hence public key = {13, 143} and Private key = {37, 143}
7. Encryption:
Consider any integer as a plaintext (P)
Such thatP<n
Example:13 < 143)
*." (13
Now, C = P’modn
C = 13” mod 143
Here to find out 13" mod 143, use the following procedure
13 mod 143 = 13
13’ mod 143 = 169 mod 143
= 26
~13* mod 143 = 26” mod 143
= 104
13° mod 143 = 104? mod 143 = 91
et “ € = [(13° mod 143) *(13* mod 143)*(13 mod 143)] mod 143

@s TEM

Scanned by CamScanner
 = 91 * 104 *13] mod 143
= 52

P= C’ modn
= 52° mod 143
Again use above mentioned procedure to
find out 52°” mod 143. As
52 mod 143 = 52
527 mod 143 = 130
52° mod 143 = (1mod 30 143)= 26
52° mod 143 = (26) mo 143d= 104
52° mod 143 = (1mod 04 143)=91
52°? mod 143 = (91) mod 143 = 130
Hence,
ip = 52” mod 143
(52 mod 143)] mod 143
= {(52 mod 143) * (52° mod 143) *
= [130 * 26 * 52] mod 143
= 13
Q.3 Using the ASA algo ri
encry th
pt the ing :
followm
(i) p=3, q=11, e=7, M=12
(ji) p=7,q=11, e=17, M=25

(iii) Find the corresponding ds for (i) and (ji) and decrypt the ciphertexts.
Ans.:
Use RSA Algorithm
(i) ‘Consider p as a and q as b as per our notations for prime numbers.
Step 1: Prime numbers a=3, b=11

Step 2: n=a*
b= 33
Step 3:
oa) = (a-1)*-1)
= (3-1)* (11-1)
= 2*10
= 20
Step4 : Select
e such that it is relatively Y prime
prj to >; (n) ie. -
ged(e,20) = 1 ante Gt
gcd (7, 20) = 1

Scanned by CamScanner
 e = 7is given.

Step 5: Calculate d such that

d = e 'maddin
edmod(n) = 1
7*dmod20 = 1 _

Ode ep t I = 0 to 9
Where
Find d such that it is divisible by e.
Consideri = 1 you can continue till d will get integer value, Q(n) & 20 and eo 7
d= ((20*1I) +17 =2177=3

Step6: Publickey = {e,n} = {7,33}

Private key = {d,n} = (3, 33}
Step 7 : Calculate cipher text message for given plain text message.
Plain text message given is M= 12 we consider M as i.e, P= 12
C = p modn where p<n
= 12’ mod 33
Cc = 12
Step 8 : Calculate plain text message.
- P = cimodn
= 12? mod 33
P = 12

Ps 12
When we convert plain text message into cipher text the corresponding cipher text yields the
same plain text. .

fi) 3 p=7,q=11, e=17, M=25

By using RSA Algorithm,

Step 1: Prime numbers are 7 and-11 as per our notations a=7, b= 11
Step 2:n=a*b=7* 11=77.
Step 3:

o(n) = (a-1)*(b-1)
= (7-1)*(11-1)
= 6* 10
= 60 .

Scanned by CamScanner
 aie

@ muc h that it is rel ati vel y pri me to > (n) i.e. ged(e, O(n) = 1
Ring) 4 i Select
@ is piven as 17
be 1)
je (17,60) = 1 (ged must
Step & i: Caleutate d such that
$ (n)
d = e' mod
ed med g(n) = |
iw*edmod = 1
Using RSA algorithm
de oy * +t where i = 1 to 100

= (60*1 +1/ 17)

= 3.58
by ‘e’.
d must be completely divisible fo rm ul a we got value of d
i= 15 int o ab ov e
= After putting value of
= (60*15 + 1/17) =53
dd # 53
, 77}
6 : Public key = {e,n} = (17
Step
Private key = {d, 0} = {53,77} = 25.
cip her text mes sag e for given plain text message M
Step 7 : Calcul ate
(m denoted as p)
Plain text denoted as P= 25
C = Pmodn
= 25! mod 77
d
It can be representeas
Cc =9
8 : Now calc ulat e plai n text P requ ired at the time of decryption. Once sender sends 9 to the
Step
receiver then receiver can calculate plain text p.
P = C’modn
9° mod 77
P= 3
Decryption process always yields original plain text message.
jn P= 2
(tif Find the corresponding ds for (i) and (ii) and decrypt the ciphertexts
i} deo ™
Decryption. key for question (i) is d =3 and for question (ii) is d= 53 which W
message successfully, oe

Scanned by CamScanner
 us follows,
‘hore are four pone fattacks on RSA
all possible private keys.
1 » Brute force attack : Hacker tries the product of two prime
BO - Mat hem ati cal att ack s: Hackers attacks on 11 i.e, tries to factorize
Ree
EOE as jumnbess.
oo nds
Nning attacks 1 It totally depe on running time of decryption algorithm.
‘ fe “Chosen Cipher text attack: |

2 Hacker tries to attack on the properties of RSA algorithm.

a 4 ah “Batine key generation 2

eS Ane:
or asymmetric key cryptography.
wee “Rey genetation is the process ‘generating keys using symmetric ator which uses the functions of
The key can be gene rated using random or pseudo-random key bit gener
to generate pseudorandom DES keys.
-passwonts and PINs. iis standard (ANSI X9.17) way

a s. ‘Wustrate Di Hellman key eamBnee slgoihm with suitable example.

am eis :
t
n as Key exchange algorithm or key agreemen
Ls “The Diffie Hellman algorithm was widely know used
n. Hellman in 1976.Diffie Hellman algorithm is
; apenas developed. by Whitfield Diffie and Marti
ate same (sym metr ic) priva te cryp togr aphi c key at sender as well as receiver end so that there is
XO gener
me no need to transfer this key from sender to receiver.
agreement not for encryption or
- Remember that Diffie Hellman algorithm is used only for key on
communicate with each other they first agree
es decryption of message. If sender and receiver want to of
the same key generated by. Diffie Hellm an Algorithm later on they can use this key for encryption
Bee decryption. Let us start with the algorithm.
:
Steps of Diffie Hellman Algorithm:
Suresh they must ane on twoo large
“The first step is that if Ramesh wants to communicate with
:‘prime numbers p and q. “
late R such that
nS Ramesh s selects anotteg secret large random ine number a, and calcu

er
nned by CamScann
 ~~ 4-7

ang
n called as key agreemen,
mmunicate
resh can agree for future co
ed a
Yo, 8, If Ry = Sx
algorithm. cal ed § mme ric ke

é oOvec
henc
“9. Wehave Rx = OK =

For example : s say

re e on tw o large prime number that
Ramesh and Sure sh are ag
5 and calc
ulate R such
1. mber 5ie .a=
secret large random nu
2. Ramesh selects another
17= 1
R = q modp= 7 mod
=11
= (1x7 7x7 x7) mod 17

Ramesh sends number R to Suresh.

| 3. that
num ber 3. +e b =b= 3 and calcu jate S such
ie.
ran dom
4. Suresh selects another secret large
S = q’ mod p=7° mod 17 =3
= (1x77) mod 17 =3
5. Suresh sends number S to Ramesh.
ows :
Ramesh now calculates its secret key Ry a8 foll
Rx = s* mod p = S° mod 17
. Rx 3°.mod 17 = 5
(3x3x3x3 3) mod 17=5.

7. Suresh is calculating his secret key Sy as follows :

mod 17 = 11° mod 17=5
S, = R’modp=R’
. If Ry = Sy then Ramesh and Suresh can agree for future communication.
9. We know that if R, = Sy = K = 5. Hence proved.

Q.6 If generator g = 2 and n or p = 11 using Diffie Hellman algorithm solve the following :
(i) Show that 2 is primitive root of 11
(ii) If A has public key 9 what is A’s private key ?
if (iii) IB has public key 3 what is B's private key ?
i (iv) Calculate shared secret key.
Ans. :
(i) To show that 2 is primitive root of 11 :

In general terms, the highest possible exponent to which a number can belong (mod n) is Q{n)
Where Q(n) is called as Euler totient function which states that how many numbers are between 1and
n-— I that are relatively prime to n.
According Euler’s theorem :

It states that for every a and n that are relatively prime.

af a = I moda

Scanned by CamScanner
E lige? land nell
ulLe.
GaleHn) e = {Eto 10=]10
atHUD
"According to Buler’s theorem
eu aX = 1 modn
2°= 1mod 11
is 1024 = 1 mod 11
we 1024 mod 11 = land
; 1 mod 11 = i.
o 2 is primit
Hence of 11.
rootive ,
Gi) If ‘A* has public key 9 then private key is:
~~ 4. Say A as Ramesh and B as Suresh.
Represent aq (i.e. g=2=4q)
g as ing
Using Diffie Hellman algorithm
Surésh now calculates R such that
to

R q mod p [Here q=2 and p= 11)

"

2° mod 11 [a is 9 public key]

R = 6

3. Ramesh now sends R to Suresh.

‘Sah calculates S such that
Gif) Suresh has public key 3 (it’s random number)
S = q’ mod p= [q=2,p=11,b=3])
S = q’ mod p = 2° mod 11
pe S = 8
‘Suresh now sending S toRamesh.
t keys individually.
a) Now Ramesh and Suresh calculating their secre
“1. Ramesh calculates it’s secret key R, as follows : -
| Ry = S'modp | 8 8,p=lla=9)
ie = mod = 7 Met at,
ras
oi et "Suresh calculates it’s secrete key Sxas follows :
: me ee : (R=6,b=3,p= ll
ne Se = Remodp
| BE ge ct gee
* (= @ mod 11=7-
*_ Shred Seceey of Ramesh and Suresh are 7.
ae "Hence, a ;

Scanned by CamScanner_
 —
~ mentioned In Diffie Hellman a;

me notes 4 and P Is Same as p, sia” oe

Ole
apie oe HA gg, Beareml OT
ved BY in a (i)
hange where P = 13, 9 = 2, Bach choose ». oy,N
Pe: go here A we | Nis
UB Oe pattie Hellman KO ene
(ii
0.7 Rand B der change num
tig CO gecret key
/;
KeV8 bay Oe e
aro der thelt a
what intru “ne wledge from protocol run if he sees P, 9 of and two Cas
gain any
cit) rg show how

Hellman algorithm,
_ According to Diffie
B asSuresh
Let us say A as Ramesh and
= 13 andg=2
denoting B 4S 4
- i i aon we are
p= 1 Casi
. .
q =2 |
a= 6 and b= 11 by usin g Diffie Hellman algorithm.
Secret numbers denoted as, and q= 2. : eee
Ramesh and Suresh agree-on FW large prime numbers p = 1°that
1. = 6 and calculate R
such
secret no.
2. Ramesh selects another
R = qimodp[q=2,a=6p= 13]
= 2 mod 13
R = 12
Ramesh sends R to Suresh |
b = 11 and calculate S such that
4. Suresh selects another large random number
Ce
S = q’ mod p (q=2, b=11, p= 13]
= 2" mod 13
| S=7. Cc
5. Suresh sends S to Ramesh _
Ramesh now calculates it’s secret key Ry as follows :
OR
p= 13]
Ry = s modp [S=7,a=6 ,
= 7 mod13/
Ry = 12
Suresh is calculating
| uresh is calculating his secret key hi
S, as follows :
|
; . S, _= R pb mod p (R= 12,b=1
1, p= 13) t
'
a = 12" moda
~

Scanned by CamScanner
 (MU)
System Security
cryptography and
Sx = 12

and Suresh is
~@y— Shared sec ret key of Ramesh
B =d12]
R, = Sy=12 (A an
and Suresh are
(ii) Secret numbers of Ramesh
R = I2andS=7
then what will happen. [Here g = ql
(iii) ‘If intruder m knows p, g and a, b
Case I:
esented as ‘
Value of p, q, a, b are known to m repr
m Suresh
Ramesh
p=13,q=2 p=13,q=2
p=13,q=2
Use Diffie Hellman algorithm, b.
select random numbers a and
After selecting large prime numbers, ‘it’s time to
sh and Suresh are,
The secret random number selected by Rame
m Suresh
Ramesh
- " a=8,b=6 b=11
a=6
Case 2:
t key,
ers say a = 8 and b = 6 as his own secre
Consider m as intruder selec ted two random numb sh and
to calculate value as R and S, as he inte:
rcepted conversion between Rame
because he wants
Suresh
Ramesh Intruder m . Suresh
R=q'modp | R=q modp S=q’ modp
=2°mod13| =2%mod13| =2'' mod 13
=12 R=9 |8=7
S= q° mod 13
= 2° mod 13
=12

Case 3: .
Following are the values available with Ramesh, Suresh and intruder m
Ramesh intruder m_ . Suresh S
R=12 R=9,S=12 _ §=7
Case 4;
— Ramesh sending his R = 12 to Suresh but intruder m sending his own R = 9 to Suresh instead of -
Bac pees sending his S = 7 to Ramesh, here again intruder m sending his own value of S = 12 to
nade : . is rd eee and Suresh doesn’t aware that which values they are sending and receiving
Racal Siehsending ption]. F Following
his own value Because of his intercepti
age ieee i are the new values
’ with
i

Ramesh Intruder m ~ Suresh

R=12,8=12 R=12,S=7 S=7
R=9

‘Scanned by CamScanner
 , = aiculating secret keys.
,
uder m ¢ yeh
Ra me sh , Su resh and Intr
values ‘ati
§ :s
Ca sed; on above
Bae
Intruder m
Ramesh Re?
5=7,R=12
§=12,a=6, 13 p=!
a=8,b=6,p=
p=13

$,=_pR’? moe 11
sab12e8 mod
= 13 | Ry = S* modP
=9"' mod 11
= 7° mod 13
Ry=1 S.=3
=3
:
S,= R° mod p

= 12° mod 13
=1
he-m iddle attack
Case 5: Man-in-t

g is thi nki ng that val his secret key is 1 and Suresh also
ue por of ms
Think what is happ enin ? Ram esh ng
1s 1n! tercepted by intrude m. Duri
thithat nki of his secr
valueng is 3. But actual communication
keyet esh and
m sending his own secret keys to Ram
real communication between Ramesh and Suresh intruder idd le attack.
Suresh. If Ramesh sending his secret key Rx = 1 to Sure
sh because of man-in-the-m
Intruder m sending his secret key Rx = 3 to Suresh. In return
Suresh is sending his secret key S, = 3 to
Ramesh, intruder m sending his secret key Sy= 1 to Ramesh.
intruder m such type of
Both Ramesh and Suresh not aware that communication intercepted by
attack is called as man-in-the-middle attack.

Qa.8 State and Prove Fermat's theorem.

Ans.:
key cryptography. For this theorem to
Fermat theorem plays an important role in public
factorization and
understand one has to have knowledge of Prime number, Co-prime number, prime
chapter.
GCD i.e. greatest common divisor that has already been explained in this
Theorem :

For any prime number p , a is the integer which is not divisible by p _

a’! = I(modp) -
- (1)
A variant of this theorem is

aco prime to p (i.e god(a, p) = 1) then,

If p is a prime and a is a(mod °
a? = p)

Basically this theorem is useful in public key RSA and

primarily testing
Let us have a=3 and p= 5 then as per the above
theorem in Equation (1) we € h
3°! =34= = (mod
815).
w
Since on dividing 81 with 5 will have remainder 1,

Scanned by CamScanner
 Hence proof above theorem.
(2).
Considering another form of theorem in Equation
Let us have a = 3 and p= 5 then we have
; a = 3°=243.
Now we calculate 243 mod 5, we will have result 3.
amod p=3 mo5d=3
Hence, 3°= 3 mod 5.
000

2m
Scanned by CamScanner
 Le i ———

. ;
|

compet in 80S @
Cryptographic ash
Functions . ss
Chapte5 r: 51

[Dec. 2017 ne
on
@.1 Explain cryptographic hash functi as
i
i string alleded : asas
( call hash value eh)h) j is
size
input message m into a fixed of hashing function applied on input
‘mn process of transforming
it a neon by H. Here A is the output
called ates adios
Messagmm.
e -
h = H@) the Hos
ifylying
s to bymodapp inal
orighin
y of the mes sag e If att ack tries
keerae
integr grit
Hash functii on protects the inte .
ginal message may changed it can : : .
message gives details on
ons
we MDS5 & SHA. Following secti
Se teat pple bashing sleet
MDS and SHA.
:
write short note on MDS.
@.2 Explain cryptographic hash function criteria. Also
|
Ans. :
of arbitrary length and 128 - bit
It was developed by Ron Rivest. This algorithm takes an input
- bit blocks. Fig. 5.1 shows
message digest is produced. The input message is produced in 512
dure of MDS.
processing of a messageto produce message digest. Following steps explains the proce
Padding bits Message
(1 to 512) (n mode 2”)
f-———————_ L"S12bits=N"32 bits. ————
n bits al
fe

rT Message SSS 0Y
le siz bis fe st2bis | fe St2bts | le St2 bits +f
ee ee
7 512
5
;
q
128 bits [7 —— 4
i, }+—~< mos poets MDS 128 bits pF
I IV-~ MOS
Gv, LET oy L MOS. [> 128 bits
128 Cv, ” massage
L-1
bits digest
. Fig. 5.1 : Detail steps of Message Digest 5 Algorithm
‘(1) | Append padding bits :
The message is padded to make the length of m ;
a ae is 448 mod 512. The length of the padded
() ee

message is 64 bits less than an integer multiple of

aaa

followed by 0 bits. The length of padding bits is in between 1 ee message consists a single 1-bit
ee __ a
Got
ee

canned by CamScanner
 1. It is appended such that least
64 bits of original message is appended to the result of above step
yields a message of integer multiple of
"significant bytes to most significant byte. The output of step 2
ed message is L * 512 bits.
512 bits. AS Mo, Mj. .-- My --- My -1- The total length of expand
8 Initialize MD Buffer :
r is represented
A 128 - bit buffer is used to store the intermediate as well as final result. A buffe
as four 32-bit registers as P, Q, R, S. ,

P = 67452301
Q = EFCDAI389
R = 98BADCFE
S = 10325476.
It used a little - endian methods. Hence initial values (IV) are represented as,
P = 0123 45 67
Q = 89ABCDEF

R = FEDCBA98
S = 76543210.
(4) of 32 bit) blocks: My
Process Message in 512-bit (16 word CV,
128
It consists of four rounds of processingas
shown in Fig. 5.2. These four rounds have similar AL sq?
structure but differ in primitive logical function AT ie]
referr as A, B,edC, D. 16. steps
Each round takes input 512-bit block, Ry S
it and produces 128 bit output .
The output ~ By el
of fourth round is added to the first round CV, to ~ 16,. steps ©

produce CV, , , using addition modulo 2"

Olle.aa)
26. Roe

Ry S
= DM eal
16.. steps =

4 *

Fig. $2: Four rounds of MDS algorithm

Byx

ce =

&

QGUOaNETIMInNS
Scanned by CamScanner
 (5) Output: produced as a output.
bl oc ks , the 12 8 bit message digest is
After processing all L 5 12-b it
marized as follows : ——__
The entire MDS process can be sum
CVO = IV
CVqe1 = Sum32(CVq, RFd [ Mq,RFc [ Mq,,RFb [ Ma, RFa [ Mq, vq} 11)
MOSSum = CVL
Where, ;
IV = the initial value of the PORS buffer, mentioned in step 3
Mq =the qth 512-bit block of the message
CVq = the chaining variable processed with the q-th block of message
RF = the round function using primitive logical function a, b, c, d.
MD5Sum = the final hash result or message digest
Sum32 = addition modulo 232

Q.3 Explain cryptographic hash function criteria. Also explain SHA-1 and different steps of working
of SHA-1. Dec. 2012 . May 2014

Ans. :
The SHA was developed by NIST in 1993. It is referred as Secure Hash Algorithm-1. SHA - !
takes an input message of a maximum length less than 2™ bits and produced an output of 160 bit
message digest. The overall processing of SHA-1 is much similar to MDS. The processing is explained
as follows.

(1) Append padding bits :

Padding means addition of bits to the original message. To make length of original massage to a
value 64 bits less than multiple of 512. The message is padded to make the len gth of ‘
448 mod 512. The length of the padded message is 64 bits less than an integer multiple of 512. The
padding message consists of a single 1-bit, followed by many 0 bits as required. The | .
bits is in between 1 to 512. require eagth of padding
(2) Append length :
A block of 64-bit is appended to a message. 64 bits of original message is appended to the© result
§
l message + : . It is. appended such that least signific
Padding) ant bytes
of above step 1 (Origina most
significant byte.
(3) Initialize MDS Buffer :
A 160-bit buffer is used to store the intermediate as well as final result. The buffer is
as five 32-bit registers as P, Q, R, S, T, as. Tepresented
P = 67452801
Q = EFCDABS9
R = 98BADCFE
S = 10325476
T = C3D2E1FO-

Scanned by CamScanner
 S,
od. First four regi ster s are same as MD5. These five registers P, Q, R,
It uses a big-endian meth
T are represented as,
p=67 45 23 OI

Q=EF CD AB 89
R=98 BA DC FE
S=10 32 54 76
‘ T=C3 D2 El FO

(4) Process message in 512-bits (32 bit 16 word) block :

Fig. 5.3. These rounds referred as F1, F2,
It consists of four rounds of 20-step each as shown in
primitive logical function. Each round takes
F3, F4 have similar structure. These rounds used different of fourth round is added to the
t. The output
input 512-bit block processed it and produced 160 bit outpu ant k, where 0S +S 79.
to produce CV, , ,. Bach round also uses an additive const
first round CV,
K; = 5A 827999
K, = 6 ED9EBA1
K, = 8F1BBCDC
= CA62C1D6 M, CV,
K,
160
(5) Output:
After processing all L 512 bit blocks, the
Qi.R
160 bit message digest is produced as output. The
SHA compression function uses a feed forward F,,K,W [0...19]
operation where the chaining variable CVq input of
. 20steps

the first round is added to the output obtained (last T

step) after execution of 80 steps to produce the next Fo,K,W [20...39}
chaining variable CVq+1 as shown in Fig. 5.3. . 20steps

| RL st T
“ FaK,W [40...59]

Ry Sy T
Fy KW [60.78]
20 pants

CVa+1

Fig. 5.3 : Four rounds of Secure Hash Algorithm

Scanned by CamScanner
 —
llows:
pr oc es s ca n be summarized 88 fo
Twere SHA+I
...19,CVq, KO...19], K20. 39)20) |
: Cv » WV ; | m40...59, Fe [ M20,..39, F1 [MO...19,CVq 1|
leviged = Suins2 (CV, F4 (M60...79, F3 [
{,R4d...59)] ; K60...79]) |

isha = OV,
“where first block in a chaining mode |
the
ST buffer, used to deal with
iTV = initial value of the POR
= 2-bit block of the message
q-th block of message
x as unig verabin processed with the
sisting of 20 steps
AL __ _.] = output of the first round con
‘RRL _ ] = output of the second round
'FSL____ ] = output of the third round
IRL __ ] = output of the fourth round
Ss = addition modulo 232
iSNAr = the final hash result or message digest

Q@4 Compare and contrast SHA-1 and MD-5.

Ans.:
Both are derived from MD4. Both are quite similar. They differ from each other in design goals.

1. It uses a 160-bit message digest. Hence | It uses a 128 bit message digest. Hence it is
it is stronger against Brute - force | weaker than SHA-1 against Brute - force
attacks than MDS. attacks.
2 SHA-1 is not vulnerable against | MDS is vuinerable against cryptanalysis

SHA-1 is slower than MDS. MDS is faster than SHA-1.

4. It uses big - endian method to represent | It uses a little endian method to represent the
the message. message.
5. SHA has 20 rounds. MDS has 64 rounds.
6 Bit rotation counts for SHA-1 are the | In MDS each round has its own bit rotation
same for all rounds. counts. oo

Q5 Write short note on: Digital signature.

Ans. :
Digital signatures are essential in today’s modern world to verify the sender of a document’s
and
his identity. A digital signature is represented in a computer as a string of binary digits and computer is
using a set of rules and regulations (algorithm) to identify the person signing the document as well as the
originality of the data can be verified. A digital signature is defined the signature generated
ically from the digital computer to ensure the identity of the sender and contents
of the message

@atEeiins
Scanned by CamScanner
 at |
Digital signature techniques achieve the er
cannot be modified during transmission process.
Internet.
Saeprity and non-repudiation of the data over
a signing key (Private Key) to na
3 Concept of digital signature is that sender of a message uses nie A
ture to a receiver over insecure con
the message and send that message and its digital signa ee o
of the sender only to verify
channel. The receiver uses a verification key (Public Key)
e transit as shown in Fig
message and make sure that it has not been tampered with whil in
his digital signature
Hash value of a message when encrypted with the private key of a person is,
on that e-Document. Digital signature is an example of asymmetric key cryptography which uses three
different algorithms to complete the process.
onding public
1, _ First step iskey generation algorithm which generates private: key and a corresp
_ key.
ted in step 1,
2, ° Next step signing algorithm which selects ageing, messge and a private key genera
_ to produce a signature. i
3. Third step is signature verifying algorithm which verifies the authenticity of sending eee
and public key.

Sender private Sender public

key (signing Key) key (verification key)

Fig 5.4: Digital Signature block diagram

As iientioaed above the signature is penerated with the help of private key. The private key,
- which is never shared, is used in signature generation, known to sender only. Public keys, which are
known by everyone, can be used to verify the signature.of a sender. Every sender and receiver having a
| private and public key pair, the reason digital signature called public-key cryptography.

a Qs ‘5. Explain different authentication methods and protocols. . . 2.

Ae , Bs ti ‘te eae
‘Aipnenicion Shectianisin’ help ‘to “prove the identity “of ‘the sender. of the cheaulge:
oe ‘Authcstiestion mechanisms ensure that we pends the TOgeeage Le . origin: oF an electronic message’! is
& correctly identified, . . t= peony
‘One-way authentication
; refers to the autbentioation of only.one end ofc communication users. For)
, example, One-way: authentication follows the’ flow: If there are two users, user A and B wants to’
ae communicate: with each other user B authenticates user A, but user A cannot authenticate user B. This
Ne Process called one-way | authentication, Finally the inte and originality of message is confiemed, ah

Sa by CamScanner —
 ive strength for authenticnti
har’c,

Tae wee fi of mi eS gon te eal fn

mechanisms used to g!
aystem "
irst method is known a8
Any Teen seen if the pasnwords match, Thi,
a eeatien because it is something that we know.
‘ d
rd, It then looks up the name in a passwor ogin.
i known soa reusable password since the same password i use’ . ciedlen Withdrawing cush
Second method of authentication is known as two-factor au thentication present the ATM
from an’ ATM machine is an example of two-factor authentication. Se cuaticie passwords ~ « nev,
card (something we have) and enter PIN (something we know) or use
password must be used for each login.

[email protected] Explain mutual authentication.

Ans.:
Mutual authentication also called as two-factor authentication. Mutual Authentication is a
security mechanism used to authenticate sender with the receiver. Sender must prove its identity to a
receiver, and the receiver must prove its identity to the sender, before any unwanted threat sent between
the sender and receiver.
For example : If sender wants to communicate with the receiver over networks they must first
mutually authenticate each other.
Meaning is that when sender A sends confidential message which is intended to receiver B. If B
can decrypt the message using A’s public key, then B has verified that the message originated from A.
Both communicating users (sender and receiver) are verifying each other i.e. mutual
authentication
mechanisms helps to verify identity of the sender. The most important application
of mutual
authentication is that communication between client machine and server
machine over a network must
be secure before performing any data sending and receiving process,

Q.7 —_ Explain role of key distribution centre in symmetric system.

Ans. :
In order to achieve mutual authentication there must be certain ovisi
. which suppose to verify identity of the sender over some protocol
an insecure communication channel To ache thie
goal most of the protocols
depends on an authentication server also called Key Distribution
Con ‘
(KDC). If sender A wants to establish a secure
communication with receiver B, then A can
session key from Key Distribution Center for communicating request ha
with B. If group of people wants to
securely communicate with Key Distribution Center
called amaster key or secret key. Authentication then providing every group member a single key
servers are capable to delivers good quality
keys and distribute securely to client who requested it, session
Authentication serv’ er also maintains a table
containin g & name and a master
of each client. The secret key is used or secret
to authenticate client ‘to the authenticati
securely transmission of data between clien on sc and teat
t and the authentication server. There
are used to perform this task but . are differentprntocols
Protocol. among this the well known protocol called as Needham-Schroeder
a.8 Explain the NeedhanvSchroeder Protoc
ol for secret key distribution’
Ane:
|
Scanned by CamScanner
 der. This
is he d in 19 78 by Needham and Schr oe
s pu bl
authentication protocol wa d
The first mu tual es tha t in cl ud es se cr et -k ey and public key generation an
rpos
h was proposed for various pu and receiver.
ee n se nd er
those keys betw
distrib ution of a sec ret key known to the sender an
d also to an
Needham and- Schroeder protocol uses secu re communication with
Sender and receiver share a secret key and use it for
authentication server.
authentication server.
:
steps of Needham-Schroeder Secret-key Protocol
server for communication with receiver
Step 1: Sender A requests for a session key to authentication
ntication server includes A’s secret
B as shown in Fig. 5.5. The message sent by A to authe
Nb an d . A nonce is basically a
@ nonce
key Ka, A’s network address Na, B’s network address
a request denoted by N. The request sent
random number used to demonstrate the freshness of
by A to authentication server which is in encrypted format E denoted by,
E (Ka, [Na, Nb, NJ)
newly generated key Kab (used to
Step 2: Authentication server returns a message, containing a
nonce N (to match the response
encrypt communication between sender and receiver),
ticket (contains the same shared
received from authentication server with the request sent),
with B’s secret key Kb and
secret key Kab , as well as the name of the 'sender A) encrypted
key Ka to ensure that no
whole these message encrypted with senders private key or secret
back to A can be expressed
one else can read it. The message that authentication server sends
as:
E (Kab, N, {A, Kab} Kb, B, Ka
ticket and sends th
Step3: After receiving replay from authentication server, sender decrypt the
not in encrypted format
ticket {A, Kab} to the receiver B. A sends the ticket to B which is
Kb.
because it was previously encrypted by authentication server using B’s secret key
(A, Kab) Kb
identity.
Step 4: B decrypts the ticket received from A using the secret key Kb and compares sender
B is again encrypting the ticket using shared secret key Kab and generates nonce N1 and :
sends it back to receiver. This can be represented as
_ E(N1) Kab t
A. |
In this step:B got the session key (Kab) for communicating securely with
Step5: Sender is decrypting the nonce N1; using the shared secret key Kab this proved the senders
identity. The sender sends response N1+1 encrypted using the shared secret key Kab.
-E(N1+1) Kab.
Step 6: Now sender A and receiver B can securely communicate with each other using session key
generated, -
The main weakness of this protocol is that for large networks it is not possible for single
Authentication server to generate and distribute number of session key which is practically not possible.
: Another weakness is that if session key between sender A and receiver B is stolen, and the ticket
to B is recorded, attacker can easily copy the contents of a sender A by performing last 3 steps.

Scanned by CamScanner
 Sender A _ 2. Replay
Authentication server

4, Authentication response

5. Sender responds to receiver

Fig. 5.5 : Needham — Schroeder Secret-key Protocol

Q00

‘Scanned
by CamScanner
 ons
Chapter 6: Authentication Applicati

ty
on and the process of evaluation of authentici
Explain the process of Digital Certificate generati
Q.1 .
of Digital certificate.

Ans.:
in journey we need a
Kerberos is also called as authentication protocol. Like when to start ticket as a token
uses the concept of the
confirm ticket then only we can do our journey safely. Kerberos
as a default
2000 server
to prove the identity of the user. Microsoft introduced Kerberos in Windows identity of a
as a token that proves the
authentication protocol. Kerberos uses the concept of a ticket
user.
Tickets are digital documents that store session keys. Instead of password,
tickets are issued
phase
during login session and then can be used in any Kerberos services. For client authenti cation
requires two tickets : r
service ticket
Ticket Granting Ticket (TGT), which act an identifier for user and session key. A
to authenticate user to gain access to user for particular service.
The same concept of ticket is used likewise we use railway tickets it has time duration, expiration
dates after that ticket become invalid. In Kerberos these ticket includes different contents like time
stamps to indicate an, start and expiration time, after time expiration the ticket become invalid. The
timestamp is the time set by Kerberos administrator depending upon how much time service is required
to the client.
(i) | Kerberos Servers
To accomplish the task of secure authentication, Kerberos uses a trusted third party is called a
Key Distribution Center (KDC). The Key Distribution Center uses two techniques for authentication :
Authentication Server (AS), which performs user authentication.
Ticket- Granting Server (TGS), which permits/ grants tickets to users.
The role of an Authentication server is to store a database like secret key of the users and its
services, The secret key of a user is generated using one-way hash of user provide password. The main
aim of the Kerberos is provide centralize authentication of entire network rather than storing the
sensitive information at each user machine, the sensitive information will be maintained
secure location only. at particular

(il) Kerberos Authentication

This phase is called
ale as Authentication
: phase because during gthithis
phase only au icati
done between authentication server, ticket-granting server and service provider, mentee
As shown in Fig. 6.1 first client and authentication server authenticate themselves to
each other

-————
Scanned by CamScanner
 Authentication
server

Fig. 6.1 : .Kerbaros athentication process

Client and Ticket granting server authenticate themselves. Finally client and requested service
provider authenticate themselves to each other regarding which information/ service client wants.
(lil) Authentication Details
During authentication phase user has to provide username and password on the client machine
which cryptographically hashed to create a secret key for the client. After
client verification done with
authentication server, AS will replies the following details to client as shown in Fig. 6.1. The client
Ticket Granting Sever (TGS) session key Kt, encrypted using clients
secrets key Kc (which now stored
in authentication server). a
The ticket granting ticket (TGT) encrypted using the secret key of the Ticket granting server. The
ticket granting ticket includes the client ticket granting sever session key Kt and its
client now decrypt -the Ticket Granting validity period. The -
Server ‘session key Kt. using his secret
. key Kc. To request as service client sends following two message to ticket granting server (TGS). The
Ticket Granting Ticket and the name of the service Sr that client wants to request.
Authentication token which includes client ID and time stamp, encrypted using client ticket
granting server session key Kt. Upon receiving all the details from client Ticket Granting Servet
as .

Scanned by CamScanner
 and System Security (MU . 6-3

decrypts the Ticket Granting Ticket using Kt, thus retrieving the client Ticket granting server session
sends
key Kt and the validity of the ticket granting ticket. If it is valid then Ticket granting Server
following messages to the client.
New client server session key Ksc, encrypted using TGS session key Kt. Client to server ticket,
encrypted using specific services key Ks, known to Ticket Granting Server only. (Client to server ticket
key Ksc). Upon
contains the client ID, network address, validity period and the client server session
receiving all the details from Ticket Granting server client decrypt the client server session key Ksc, and
ticket
authenticate him to service Sr by sending following messages. The client server ticket sent by the
granting server in previous step. The client ID and the time stamp encrypted suing client server session
7
key Ksc.
The service provider decrypts the client to server ticket using secret key Ks and obtains the client
provider decrypt the
server session key Ksc. With the help of client server session key Ksc, service
client ID and time stamp information. To prove the final identity service providers iacrement the time
to
stamp by 1 and send it back to the client. The client decrypts and verifies this response using client
Kerberos
server session key Ksc. Once this verification get succeed, now client - server can start.’
protocol was specially design to check the authentication of the client over insecure network.
a public
Doe or asymmetr
skey infrastructure use symmetri lai
cic encryption ? Expyour n .
answer.
[email protected]
. : Doe
2013

Ans. : .
Public Key Infrastructure (PKI) is cryptographic technique used to secure electronic information
transmission of
with the help of certain techniques such as digital certificates and digital signature and
software’s, and
this information securely over internet. PKI consists of certain security policies,
keys, and :
techniques that are required for key generation, key management, secure storage of generated
distribution generated keys. A public key infrastructure is created by combining a number of services
and technologies. To complete this technology, there are various components of PKI are required.

Qa.3 List the certifying authorities in India and worldwide. Also list the steps to acquire the digital
certificate.
Ans,:
The certification authority (CA) is a trusted unit that helps to issue certificates. A CA takes the
certificate request from owner, verifies the requested information according to the terms and conditions
of the CA, and uses its private key to apply digital signature to the certificate. Responsibility of the CA
is to identify the correct identity of the person who asks for a certificate to be issued, and make sure that
the information contained within the certificate is legal and later digitally sign on certificate.
The CA may generate a public key and a private key (a key pair) or the person applying for a
certificate may have to generate their own key pair and send a signed request containing their public key
to the CA for validation. After the verification from CA it sends certificate for final verification to
registration authority (RA).

-Q.4 Explain the process of Digital Certificate generation and the process of evaluation of authenticity
of Digital certificate.

ren Digital certificate is an electronic file that is used to identify people and resources over an
_ insecure channel or a network called Internet. Digital: certificate also enable secure, confidential

Scanned by CamScanner
 ple when we travel to aNothe,
7 .
eivr ver using ©
our identi ; andFlot gain
neryption.
ty exa ent ty. Digital certificate PIOVide
Tah
ication between sender and recei
sony, ott passport provides a way (0 extublis 0 insu certificates i thautborized digita
‘ 4 .
l ‘ en
ital s . te
| CA)
similar identification in the electronic “iy
Y ’
cou :

if the CA is to validate
y

The role of Certification Authority

‘ t
.

fie the ro le
f the passport office, thoriz; ed user. Once a CA has signeg ‘
td “thc oh keann ot ‘ be tamp
to
er
peop.
a| web sites and network FESOUTCES tO prove
certificate, the owner can present their certificateinsec hannel.

for comfiontinl digital certificate. The Internationa)

somite a 4tructureNe inof 1998.
tc
ra ety
A standard sles eae defines Fig. 6.2 shows structure of X.509
‘elecommunica rmitted this standard 10 °°" ety of information pertaining to
digital certificate, A standard digital certificate typically includes 4 eS
that can issue digital certificate) such
as :
its owner and to the Certification Authority (a trusted agency is
tic ula r ve rs io
i n of the X.509. Curren t version n j
. : Identifies a par
Certificate version number
X.509 v3. rt aht ority.
Certificate serial number : Unique integer number generated by certification auth sethor
Algorithm for signature identifier : Identifies algorithm used by the ——Ea7?
.
sign the certificate.
ate.
Certificate issuer name : The name of the Certification Authority that issued the certific
Validity Details : The validity period (or lifetime) of the certificate (a start and an end date).
"Digital Certificate contents
Certificate version number
Certificate serial number
Algorithm for signature identifier
Certificate Issuer name
Validity Details
Name of the certificate owner
Public key of certificate owner
Issuer unique identifier
Owner unique identifier
Extensions to certificate
Certification Authority (CA) Digital Signature
‘ Fig. 6.2 : Structure of X.509 Digital cert
ificate
_-” Name of the certificate owner : The name
required for identifying the of the owner and other identification information
owner such as email id and contac
t details.

Scanned by CamScanner
 a8
(MU
Ci tography and System Security
encrypt
; Cortificate owner's public key, which is used to
Public key of certificate owner
confidential information of the certificate owner,

unique Identifier : Indentify the CA uniquely ic. whether single CA signed it or is any
Issuer
same details.
CA using
owner has used the same
Owner unique identifier : Indentify the owner uniquely if two or more
name over a time.
Extensions to certificate : This is an optional field which allows a CA to add additional private
additional fields are called as extensions of version 2 or 3,
information to a certificate. These
respectively.
Certification Authority (CA) Digital Signature : In creating the certificate, this information is
digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal
on packaging any tampering with the contents is easily detected.
your answer.
Q.5 Does a public key Infrastructure use symmetric or asymmetric encryption ? Explain

Ans.:
Basically PKI is the combinations of all techniques, policies and methods of securely
implementing public key encryption.
The name public key encryption indicates it is asymmetric key cryptography; hence PKI also
uses asymmetric key cryptography as a basis for encryption

Q.6 — Write.a detail note on : Email Security.

Ans. :
- We all are aware that most popular use of Internet is to send the email and chatting with the
_ friend’s, partner etc. But have you ever think that if we are sending mail to intended person is going in
his inbox only?: Security concerns have estimated that only about one in every 100 messages is secured
against interception and modification attacks. Are we aware that sending an email to business partner or
friends in clear text message is going through thousands of machines (between sender and receiver
before it reaches to intended recipients?) these machines might read and saved the contents of email for
future use?
Many people.think that name given in sender of the mail identifies who actually sends it. When
you send a message through email, we cannot guarantee that it will be deliver to correct destination or
received exactly what you sent. And even there is a no way of knowing that the message is received read
and forwarded by attacker.
Because of wide spared problem of email modifications, sending it to wrong destination by
intermediate parties, email spoofing, we need a competing solution to overcome and address the issues
of authentication, integrity and reliability of the messages between sender and receiver. The public key
cryptography play an important role because of two keys used, only intended sender can decrypt the
message using his public key as message encrypted using private key of the sender. The solution is
called as Pretty Good Privacy (PGP) program/ software which provide the secrecy and non-repudiation
of data sent over Internet especially by email.
eas Pretty Good Privacy (PGP) is a popular Open-source freely available software package/
miques used to encrypt and decrypt email messages over the Internet. PGP is an e-mail security.
@s REET
Scanned by CamScanner
 . 6B
Cryptography and System Security (MU)
TO
e facto standard for e-mail
program written by Phil Zimmermann in 1991, PGP program become & 4 intruders,
ecurity used (0 atore the encrypted filet so that it can be non-readable by other users OF
' ver verify the
This program also be used to send an encrypted digital signature, let the
sender's identity and know that the message was not changed or modified while
recel ion. Once7 he
transmission ¢
tent
file is encrypted using PGP program only the intended recipient can decrypt it. Once message con
digitally singed by sender, the sender guarantee to the recipients that message OF file comes from valid
sage or file
sonder und not by attacker. Digital signature functionality of PGP guarantees that the mes
come from the sender and not from an intruder.

O00

Scanned by CamScanner
 . 7-4
Cc raphy and System Security (MU

Chapter 7: Program Security

@.1 Explain non-malicious program errors with examples? Carne

Ans. :
Most of these errors are non
While programming, a programmer can make mistakes/errors, am may
intentionally done. Many such kind of errors do not have huge impact on security. Progr
Following are the three types of non-
produce wrong or incorrect results but it is non-malicious.
malicious program errors,
PIR Pn bead ZONS
Q.2 What is buffer overflow in software security 7
Ans. :
overflow space. Array bound
Attacker can insert malicious data values / instruction codes into
checking is not performed by C compiler, pointer limits cannot be defined as well.
Example: int B[15);
inserted after that bound then the
Here the array bound is (0 to 14). ie. B(0)......B{14]. If anything
adjacent data is overwritten.
ction, overwrite OS data, changes OS
Attacker can overwrite users data, changes users instru
or OS. This is also known as aliasing. As
instructions. Thus can get complete control of a program
can transfer the control of the program.
shown in Fig. 7.1 attacker changes the return address and thus
Running normal After attack

_ Program —» Program
iM _ _ Instructions Instructions

Data mal Data

‘ HEAP Ly HEAP
Dynamio Memory Malicious code!

ns

_ Procedure Call Procedure Call

Frame Frame
’ Buffer Butferoverflow
Modifled Retum
Address!

Fig. 7.1 :Buffer overflow attack

2014. May 20159

2013. Dec
Q.3 Whatis incomplete mediation in software security ? flay

Ans. :
to inco mple te medi atio n serio us secur ity threa ts can be introduced as sensitive data may get
Due
exposed and can result in uncontrolled condition.
Gas CEITEVINS

Scanned by CamScanner
 urch ase/total=935.
,.ontinesto ve.com/p : t to the server, URL :
Example: URL :http/Avww mit the reques nc are very dangerous. Proper
total cost and resu
User can edit the
“— nd of vulnerabiliti should not available
to the
http://www onlinestore.comypurchase/total=035. e di ti ng pe rm is si on s
care should be taken to avaid such vulnerabilities.
user.

Time-of-check to time-of-use errors (TOCTOU) : erable to

condition is very vuln
This is one of the best examples of RACE condition. RACE
attack, . Thread X’
Example : If two threads are sharing their root and current directories then, Let a
current working directory is /college.
Thread X calls open(“shadow");
Y calls chdir(”/department”)
system monitor permits both the calls
open(“shadow”) executes with /department as working directory
X's call now opens “/department/shadow”

Proper locking mechanism can prevent this kind of attack. Time lags should be considered. After
checking values it must be locked using digital signatures and certificates. Thus after check data cannot
be modified.

Q.4 — What are different types of malicious code ?

Ans. :
Malicious software is software where an attacker can get partial or full control of the program
Thus attacker is free to do anything that he / she want to do. Fig. 7.2 shows different types of malicious
software’s.
Types of malicious software :

Trapdoors
Trojan Horses

(as CERSEEY
Scanned by CamScanner
 : Trojan horse:
code
It is a computer program, Along with some usefl code or funetlon, some h idden malicious
ation can be
or function is there which may hamper performance of securlly mechanisms. Usefu | inform
stolen by attackers,
Bacterium :
Bacterium is a special kind of virus, Virus is getting attached with different files but bacterium
does not get attached to a specific file,
Logic bomb :
. Logic bomb is generally used in pos (Denial of service) attucks, When specified conditions are
met it activates malicious program logic. It may damage system resources greatly.
Time bomb:
_ This gets activated when specified time occurs.
Rabbit :
It is a kind of virus / worms that replicates itself without any limits. The intension is to exhaust
* Tesources.
Trapdoor / backdoor:
An intruder can enter into the system by bypassing all security services or mechanisms. Thus
- intruder knows the flaws or loopholes in the system and can get these loopholes to gain access to the
computer.
Virus:
- It.is a self replicated, hidden computer program. Virus cannot run on its own rather it requires
host program to run it and make it active. Malicious logic is written in the program which infects
another program. i.e. it becomes the part of another program.
Virus Countermeasures:
(a) Use commercial software from trustworthy sources.
(b) Open only safe attachments.
(© Keep recoverable system image in safe place.
@ — Use virus scanners often (daily).
(©) > Update virus detectors daily as Databases of virus signatures change very often.
- (f). Test new software on isolated computers.
(g) . Backup executable system files.
Worm:
: Worm iis also ag computer program which can run independently. By propagating: a complete
tructively.
working version of itself onto: other hosts on a network it can consume computer resources des

a8 _ What is Malware: ? pee aiforent iegoted map code - : "s Ene ‘

AS toe: ee
ee ae

Scanned by CamSoanner
 IIS © 6° 2* a a

7-4
urity (MU)
Cryptography and System Sec lication
tte n to att ack a par tic ul ar system, a particular app
is wri
This is a computer code which
and for a particular purpose.
Example: —
or
backd
Trap/do oor :
m by bypas sing all sec uri ty ser vic es OF mechanisms. Thus
An intruder can enter into the syste these loopholes to gain access
to the
flaws or looph oles in the syste m and can get
intruder knows the
computer.
the entry points which are notdocumented but still inserted during code
Trapdoors are access if software fails.
for future extensions or for an emergency
development for testing purpose,
These loopsholes are purposely kept in the system with good intension.
Major sources of Trapdoors / Backdoors :
: functions
are her temporary which then
During testing of the system stubs, drivers are created. The se ed into the
malicious code is intent onally inject
further replaced by actual functions. Sometimes some
system for testing purpose.
(i) Poor error checking conditions.
(ii) Undefined opcodes in hardware processors

Q.6é Explain Salami and linearization attacks?

Ans. : .
and roundoff" trick.
It is series of small attacks which results in large attack. It works on "collect
of rounding operation
It is a fraudulent practice of stealing money repeatedly. It takes an advantage
remained will be
infinancial transactions. It always rounds down and thus the fractions of amount
attacks can
transfered into some another account. Thus the transaction will go undetected. Such type of
be easily automated.

Write a short note on covert channel. Dec. 2013. May 2013, May 2015
Q.7

Ans. :
—_- Legitimate
In covert channel the processes which.are not Protected
---[Service Pgm) ----» User
allowed to communicate and transfer the information data
by security policy'can communicate and transfer data [w/Trojan.h.]
using current system objects. Such types of attacks are | convert channel
virtually no detectable by system or administrators. Spy
_ Fig. 7.3 shows channel creation. .

, Fig. 7.3 :Covert channel creation

|
Q.8 Write a short note on trojan.
Ans. :
It is a computer program. Alongwith some useful code or function ,
some hidden malicious code
i ;
or function is there which may harnper performance of securi
securit y mecha nisms. Useful information
can be stolen by attackers.
Rootkits:

Scanned by CamScanner
 , installed ry an Siiroder. Intruder installs it by avoiding
horse
¢ system, Basically it is a Kind of Trojan
very hand to
nis infected with a rootkit, then it becames
and boot that
«to shut down the infected system

automatically activated at system

Goatkis cam getadministrator privileges. They are
aedetectable rootkits and can be. easily removed.

y of complete OS.
are instal an OS hence can corrupt the functionalit
likeled
Kemelt ‘mode rootkits after some event or crash.
Rootkits are very hard to detect. It can be detected only

startup this
ode is created inside a firware. At system
~ Firmware's are dangerous amongst all. Malc
e.
“malware will be reinstalled. It is very hard to remov
- Man in the middle attack ( MITM/MIMA ):
cker relay s and some time s alters the comm unic ation between two parties without knowing to
: Atta
communicating parties.

It is explained as follows:
cker:
1. X sends a message to Y, which is intercepted by Atta
account number”
X “T want to deposit money in your account. Please send
really from X
“2, Attacker relays this message to Y; Y cannot tell itis not
nt number.
3... Y receives a message from X and responds it with accou
_-¥“My account number is 012345”
nt number with his own account
“4... Attacker again intercepts a message from Y replaces Y's accou
- number and relays this to X, claiming that itis Y's message.
Attacker "My account nuinber is 067891"
X talinees that it is Y's
‘Ll. “X receives message from Y and gets the account number of Y. Thus
account number and deposits money in that account.
ee » X and Y both think that itis a secure communication.

aaa

Scanned by Camscanner
 System Security
| Chapter 8: Operating

BTR eco ned

on.
ry and address translati
Qa.t Write a short note on: various way: s ofmemo
Ans. : located to iit only. It
i ss the memory whicich h isi al gs or malwares in
whi chh is isnonot allo cate dftoTit. Thus it pr events spreading of bu
cannot access the memory t all oca ted tection,
Se er emic ory and address pro
m. Following are the techniques fo: 1 mem
other areas of operating 7syste
Fixed and variable Fence 2. Base/Bound 3. Segmentation
1.
4. Paging 5. Paged Segmentation

1.‘ Fixed and variable Fence :

' Fixed Fence:
system. It prevents the faulty user program
This technique is used in single user operating
is created using a fixed and
spreading in different parts. Thus saves operating system. The fence
. predefined memory address.
d is fixed, if the
Fence separates user area and operating system area. As the memory allocate
if needed more memory
allocated memory is not utilized fully then there will be wastage of memory and
than allocated it cannot be increased. Fig. 8.1 shows fixed fence.

Addresses Memory

Hardware
Address ‘
Limitatio wr n

n+1

Addressing
Range

High

Fig. 8.1 ; Fixed fence

Scanned by CamScanner
 Address
Address Limit
Limit
Register
Register

Addresses
Addresses 0
0

p
e
p+
n+1

Addressing
Addressieng Range
Rang

Bee i Fig. 8.2 :Variable fence

.
Variable Fence :
As the name itself indicates the location of the fence can be changed. A fence register is used
address generated by a user program is
which contains the end address of the operating system. The
If the address is greater than fence
compared with the fence address. Fig. 8.2 shows variable fence.
approach cannot protect one user
address then program is executed. If it is less, error will be raised. This
Relocation technique is used
from another. It is useful for single user, single operating system only.
ng address all other addresses
where only starting address of the program is given and based on that starti
it ensures the security.
are automatically updated. Fence register provides the last address. Thus
‘2, Base/ Bound:
then with
Variable Fence register is also known as base register. All the addresses are derived
respect to this base register. But this base register can have only lower bound ie. only starting address.
8.3 & 8.4
"It cannot give information about the upper bound. Thus can produce overflow problems. Figs.
_ shows pair of base/bound registers.

Scanned by CamScanner
 rity (MU
Crypt and System Secu

Memory
Addresses

Operating 4
| » Syatem
=
Base register
—
pede User A
ne : Program Spac
e
$
Base
User
Program Space

User Program
and Data
Space

the program is kept in between upper and lower b

other programs, When execution changes from one ee Ties
switching then corresponding fence/base and bound,resisters wo a Users program i.e. contest
~ transferred from one user program address to another ySer program Paated so that control can

Scanned by CamScanner
 cypioghy (MU)
and Systom Socurty ee
As shown in above diagram a pair of base / bound registers can be used. One pair can be used to
store instructions while other can be used to store data. Thus interface of different users programs can be
identify access rights. In this
avoided to certain extent. Tagged Architecture is an alternative way to ns can
every machine memory word has one or more extra bits. Privileged operating system instructio
only set these bits. For every access these bits are tested. Fig. 8.5 shows targeted architecture.
Tag Memory Word
| oar

3. Segmentation:
Program is divided into separate pieces called as segments. These pieces are having relationship
with all code and data in the program. These pieces can have different access rights. Each segment has a
unique identity in the system. +.
<name, offset> pair is used to identify a code or data item within a segment. Name is the segment
hame and offset is the address within segment. Fig. 8.6 shows logical & physical representation of
segments. ,

iE
Scanned by CamScanner
 Operating
System

UsorA
Program Space
Data base aed
pn

User B
Da Space
ta
Data bounds
Teen
User Program
er
User A
Data Space and Data
en Space
a
bons ns em

UserC
- Program Space... |
om i ome at

Prog ram base

ae

Program bounds
Bee cA

representation of segments
Fig. 8..6 :Logical and physical
ment names and
be eas ily rel oca ted any whe re. The operating system stores seg
Segments can gram execution.
into seg men t addr ess tabl e. The se addresses are then translated for pro
their true address ment as shown in
ces ses can shar e a sam e seg men t addr ess table if they belong to the same seg
Two pro
Fig. 8.7.
Segment translation table
- Address

Logical program

FETCH<DATA_SEG,20>

Location 20 within segment

DATA - SEG

ts
Fig. 8.7 :Segment address tr

a : ansla on
Scanned by CamScanner
 al sized pieces
an alter nativ e to segm enta tion in which program is divided int © equ
Paging ‘is
© gall Pages-
as ed . Operating system
syst em and addr ess trans latio n is same as that of segmentation
Addressing
4 % maintains the pa ge translation table. ws Page address
no fragmentation problem. Fig. 8. 8 sho
All pages are of same size hence t here is
ranslation
Page translation table Memory
page address Address
Logical program
hte

[Page 0.»
0 Ae

«0
8 " =
¢ sob
et
as a fe

Page 0
f FETCH<4.37> ae | 38 location
; °
: . ehhh %
— 37.Page 4
d

e
Page 7
terete Te ephbareier hacneneinieen

i Page 1

g Page 5
h F- —

i
J
peoe r
om mangere
ROS ni
aicieiactai

Fig. 8.8 :Page address translation

2uptinrecnrias dp

:
-§.°- Paged Segmentation
.eas y and with segmentation logical security can be
‘With paging imp lementation becomes
their own a dvantages and disadvantages. In paged
improved. Both the techniques are having
niques are combined together.
.. Segmentation both paging and seg mentation tech
then each segment can be further
ao A prog rammer can divide the progra m into segments. and
divided into fixed size pages. 8
. As shown in Fig. 8.9 additional
Se Siats Thus paging can be implem ented on top of segmentation
Paged segmentation
- hardware is required for additional ad dress translation. Fig. 8.9 shows

GEES
Scanne d by CamScanner
 ate
Bey
(MU)
Cryptography and System Security
Segment translation table
Address,
Segment table 0
MAIN Page translation tables
a Ge

Logleal program SEG_A for segment main b PF DATA_SEG Page 1

page address
LMAIN......... SUB G MAIN Page 0
0 c a
EQ_A prone i DATA_SEG 1 f
8 SEG_A Page 1
| FETCH<DATA SEG20>] For segment SEG_A
page address .
f MAIN Page 1

SUB oj oon 9 SEG_A Page 2

1 6
h.
DATA_SEG ‘
\ 2 g SUB Page 0

\ \ For segment SUB j

_\\ pageaddress k
Wo] i Page 0
\ | PDATA_SEG
For sgment DATA_SEG m
page address
n o*
‘ ‘S| uy SEG_A Page 0
0

Segment DATA-SEG word 20

Fig. 8.9 ; Paged segmentation

O00 =

Scanned by CamScanner
 rity
Chapter 9 : Database Secu

Q.1 What are security requirements of database 7

Ans. :
User authentication :
itted data.
Only authenticated users should get pe: rmission to access perm
Availability :
horized users.
All the time the permitted data should be available to aut
Access control :
well as different access rights so that their data
Different users should have different accounts as
can be protected from each other.
Physical database integrity :
problems like power
In database systems the data is not affected or influenced by physical
failures. Database can be reconstructed after such failures.
Logical database integrity :
The logical structure of the database is fixed. Values manipulation in any field of the database
should not affect other fields.
Element integrity :
is important. Data should be accurate by all means. -
Accuracy
Auditability :
For auditing purpose it is very important to keep track of all the users and their activities.

Q.2 . Explain Multiple level security model. May 2013, Dec. 2013 §

Ans. :
Different elements may have. different security. The security of some element may be different —
from the other elements of the same row or column. Thus security is implemented for each individual
element. For implementing security two levels (i.e. sensitive and non sensitive data) are not good
enough. These levels must be increased as per the need of the application security.

-Q.3 . Explain multilateral security. | FE NVaPLO Cn OL som

Ans. :
Multilateral security considers different and possibly conflicting security requirements of
different parties and strives to balance these requirements.

& ,

Scanned by CamScanner
 (MU)y
Cryptography and system Securt
Padula model works?
Q.4 _ Whatis Bell-La Padula ? How Bell-La |
Ans. :
mis sio ns mus befana
t be granted to individuals pot they # cansee seee
ore ion
Appropriai te acc ess righ ts and per i s
who
information. Confidential information can be seen by those
have
. . .
.

classif ied from lower levels to

information. Data flow operates
They are not trusted to see Secret or Top Secret
higher levels. It will never’be the reverse as shown in Fig. 9.1.

Write only

Read/Write

Read only

Read only

Fig. 9.1

o00

Scanned by CamScanner
 10-1

t
‘
:
tF
}
Chapter 10 : IDS and Firewalls

Q.1 Define intruder.

confidentiality and data integrity.

Ans. :

An Intruder is a person who intercepts system availability,

al intension s. Intruder may damage that
Intruder’s gains unauthorized access to a system with crimin
system or disturbs data.
Detection System ? Describe the different
Q.2 What are the strengths and limitations of intrusion
types of IDS. |
Ans. :
has becomes an essential issue
With the rapid expansion of Internet during recent years, security
for computer networks and computer systems.
assets (data/secret information)
The main aim of a security system is to protect the most valuable
others, because these organizations
of an organizations like banks, companies, universities and many
policies are kee! n for protecting the
have data or secret information in some form, and their security
data.
privacy, integrity, and availability of these valuable information or
requirements depending on their
As these organizations will have different security policies and
this task are security policies,
vision and missions. Many efforts have been carried out to accomplish
to configure different services in
firewalls, anti-virus software even Intrusion Detection Systems (IDSs)
operating systems and computer networks.
ping of death,
‘But still detecting different attacks (like denial service attacks, IP spoofing,
solve in the field of
network scanning etc) against computer networks is becoming a crucial problem to
of computer
cryptography and network security. To overcome all above problems researcher in the field
(IDS). Before
security came with existing but different solution called Intrusion Detection System
detection
discussing on IDS let us understand some key points like what is intrusion? What is intrusion
and then what is intrusion detection system? .

When an attacker or intruder attempts to break into an information system or performs an illegal
t for
action such as denial of service attacks, scanning a networks, ping scan, sending many reques
connection setup using fake IP address, etc which is legally not allowed, that is called as an intrusion.
Intrusion detection is an important technology that monitors network traffic, events and identifies
network intrusions such as abnormal network behaviours, unauthorized network access and malicious
attacks to computer systems.
4 The general example of intrusion detection is when we suffer from some disease and asking
ian what happen to me. Doctor suggests for blood checking and sends blood sample to laboratory for
: tection. The blood report given by pathologies is just detection of disease (number of platelets count,
aemoglobin, etc.) then after checking the entire history of blood report doctor suggests medicine to
cure the disease.
“blood. = blood report is intrusion detection where as medicine given by the doctor after checking -
~00G report is called intrusion detection system. Finally how fast patient get relief depends upon the
Gs ETN

Scanned by CamScanner
 : - 10-2
u)
yp to gr ap hy an d System Security (M wa rd s te chnical definiti
on of
Cr move to
kn ow le dg e, Jioke apart let us
rience an d
doctor's education, ©x pe ems from
ms to pr o te : uler syst
ct comp to
is reases the need
IDS.
em has 5 om e po li c jes or mechan th e in te rn et of
Intrusion Detection
sy st
mi ss io n an d receiving over ha ve di ff er e definition
data tra ns ntis ts
many attacks. As the use ofnnected systems also increases. Many scie ser eystems
se co t.
protect the data of the of view IDS can be defined as below poin y
IDS but as per our poi
nt
the ev en ts oc cur 1n a compu t the
ect ion Sys te + e sof tware that monitors tries to find out indications tha
“An Intrusion Det and source Or
ana lyz ing wha t hap pen duiin g an exe tion integrity and avail ability of a re
s,e dur
or net wor ks, de ntiali ty ,
r to achieve confi
¢
computer has been misused in o rde
e alalert ert |when
data.” an d only generate th
e b: kg ro un d, to it and
ature present in
ac
will con tin uou sly run on our § stem in th n or at ta ck si gn
The IDS regul atio
its own rules and a
it detects something suspicious as per t damage.
to preven to find
taking some immediate action rs sys tem or network activity
rd
An Intrusion detection : System examines or monito sys tem security policies, standa
ion of
possible attacks on the system or
network. Signs ©: f violat
s of detecting int
ruders and preventing
ces
ion Prevention is the pro
security practices are an alyzed . Intrus
them from intrusive effort to system.
into three different types :
Intruders can be broadly classified the system’s
ori zed use r typ ica lly outsider,try to penetrate
1. Masquerader ‘These are unauth
protection.
or unauthorized person typic ally the insiders of the
2. Misfeasor : These may be authorized
data.
organization, who tries to misuse the
intruders gain
user : They can be both inside and outside. These types of
3. Clandestine
administrative access to the system.
But mostly it is classified as Active and
Intrusion detection can be classified into different ways.
Passive IDS and Host and Network IDS.

Active and Passive IDS :

and Intrusion
‘An active Intrusion Detection Systems (IDS) is also known as Intrusion Detection
Prevention System (IDPS).
configured to automatically block al
Intrusion Detection and Prevention System (IDPS) is :
i
suspected attacks without any interference required by any monit
m odctace Han and Prevesine
System (IDPS) response real time corrective and response 7 the‘etsa
A passive IDS is a system that alerts the operator about the
vulnerabilities and anal: lyze netwo
twork
traffic . activity. As Passive IDS only analyz es t
yzes the networ k, i t cann tion °
its own. Ork, It cannot perform any correc
protecti the network on
inon
Types of IDS technologies :
The types of IDS technologies are differentiated maint , y | of°
by the ’
types of event the y monitor
i
scrutinize .There are four types of IDS Technologies,
Network baswagsed :The IDSae monitors netw ork traffi
’
nm the network activities
protocol activities to identify suspicious activity ofthe note or
1.

Wireless :The IDS monitors

Z. the wireless network traffi
Cc, It analyze the network activities
aod
work,
protocol activities of wireless net
Gis ———

‘Scanned by CamScanner
 ie
cryp raphy and System Security (MU).
BehaviourAnalyse :These network behaviour analyze identify the treats that create
4, Network policy
Denial of Service) attacks, malwares, and
unusual traffic overflow, DDOS(Distributed
violations.
within that host.
4, Host Based :These IDS monitors the host and the event occurs
—_—
@.3 Explain Intrusion Detection Techniques.
Ans.:
Based, anomaly based, stateful
The categorization of Detection methodologies are : Signature
or make network error free. —
protocol analysis. Most of the IDPS uses these techniques to reduce

(1) Signature Based Detection

threat with the events that are been
It is a process of comparing the signatures of known entry of the signatures in the network.
observed. Here the current packet is been matched with log
a data packet. The data packet may
Signature is defined as the pattern (structure) that we search inside
contain source address, destination address, protocol, port number etc.
attack pattern or
If an attacker adds any malicious code into these data packet he is generating
detecting the known or
signature. Signature based IDS create databases of such attack pattern for
which are present in
documented attacks. Single signature is used to detect one or more types of attacks
d in the network
different parts of a data packet. Signature - based IDS used to monitored events occurre
also uses a rule set
and match those events against a database of attack signatures to detect intrusions. It
attacks.
to identify intrusions by watching for patterns of events specific to known and documented
For example, we may get signatures in the IP header, transport layer header (TCP or UDP
s
header) and application layer header or payload. Signature based intrusion detection system sometime
also called misuse detection techniques. It checks for the attack pattern with the existing stored database
pattern and if match is found then generates the alert.
Signature based IDSs are unable to detect unknown and newly generated attacks because it
requires manual updating of each new type of attacks into to the existing database. The most well known
example of signature - based IDS is SNORT IDS freely available for attack detection and study purpose.
(2) Anomaly Based Detection
It is the process of comparing activities which are supposed to be normal against observed events
to identify deviation. An IDPS uses Anomaly based detection techniques, which has profiles that
represent normal activities of user, host, connections or applications.
For example :
Web activities is a normal activity done in a network. Anomaly based IDS works on the
notation that “attack behavior” enough differ from “normal behavior’ (IDS developer may define
normal behavior). Normal or acceptable behaviours of the system (e.g. CPU usage, job execution time
etc) if the system behavior looks abnormal i.e. increasing CPU speed, too many job execution at a time
then it is assumed that the systems is out of normal activity. Anomaly based detection is based on the
abnormal behavior of a host or network. .
_ Database for such type of IDS is the events generated by user, host and network, and the-
“normal” behavior of the systems. These events (historical data) are collected from the research
laboratories which continuously work on normal and abnormal behavior systems over a period of time.
Anomaly based IDS checks ongoing traffic, host activities, transactions and behavior in order to identify
;
aan by detecting anomalies. Host - based IDS generally uses anomaly based techniques. _-

Scanned by CamScanner
 all
oup and frequency of
Thisi can be done inin two ways y - for all users for all et
: Th re sh ol d are defined ~
Threshold detection th threshold. the
1.
d comparing wi
an d th ey ar e matched against
are created
d det ect n?
ion
et : Pro fil es of individ wals
2. O file Base
ProO egu lar patterns. ——
ch ec ki ng the irr
collected statistics for iy Nay 2013. Dec.
yA)
.
Q.4. Write a short note on firewall.
h
Ans.: tr an et . Al l the traffic runs throug
and ext ent. For
all traffic between intranet protected environm
A firewall device filters outside ; the
we can
firewall. The main purpose of the tofiredeci wall is to keep @ ttackers what i not al : lowed. Moreover
is all owe d and t
that policies are set in the fire
wall de what ac ce ss rights to differen
allowe d sites, can provide differen
decide the allowed places, allowed users,
rnet and
category of the users.
l sit es are al lo we d through college inte
Ex. : Cyberoam through which only educationa
er can be blocked.
non-educational sites like facebook, twitt

Q.5 What are firewall design principles ?

Ans. :
That’s why
All network traffic passes through firewall.
A firewall is a kind of reference monitor. other
isolated and can not be modified by anybody
it is always in invoked condition. A firewall is kept
a separate computer through which intranet and
than administrator. Generally it is implemented on
extranets are connected.

.
Q.6 List, explain and compare different kinds of firewalls used for network security
Dec. 2013. Dec. 2014. May 2015

Ans. :

Following are the types of Firewalls, 5 .

(ii)
(i) Packet filtering gateways or screening routers Guards pection firewalls
Gn)
(iii) Application proxies
(v) _ Personal firewalls
(i) Packet Filtering Gateway :
It is the most simple and easy to imple
packets source OF destination address or ewe okt filtering is done on the basis of
firewall is placed just behind the router then the traffic can be Ol type like HTTP or HTTPs. If the
shown that how packet filtering gateway can block traffic hae ssia easily. In the Fig. 10.1 it is
network 2. Also the traffic using telnet protocol is blocked, Pack yee work 1 and allow traffic from
the packet rather they just check IP address of the packets <5‘hewn filters do not analyze the contents of
ring gntoway is nae 10. 1.
st The biggest disadvantage of the packet filte
detaili g to set
It requires lot of detailin
poncies. .
3 rt 80 i
oti slit deals of thene oe atio ns essentially need use of
case 2 se Ons for Which . port 80 then in this
Port 80
: 1s needed.
@s Inns
Scanned by CamScanner
 Local (Protected) Network

ng Addresses and Protocols

Fig. 10, 1 :Packet Filter Blocki

:
(Il) | Stateful Inspection Firewall ir
me ti me s att ack er may use this technique for the
ti So
Packet filtering is done one packet at me. so tha t the comp: lete script of
attack
k into dif fer ent pac ket s
attack. Attacker can split the script of attac
wall .
cannot be identified by packet filtering fire et to
on firew all keep s reco rd of states of the packets from one pack
To avoid this stateful inspecti ed easily.
sequ ence of pack ets and cond itio ns within the packets can be identifi
another. Thus
Application Proxy :
the pack ets. Fro m the pack et headers they just get IP addresses
Packet filters cannot see insi de
proxies.
g. Appl icat ion prox y is also kno wn as a bastion host. Fig. 10.2 shows firewall
for filterin
just want students to
mpl e : A coll ege want s to publ ish a list of sel ected students. Then they
Exa data than the list.
list. No stud ent can chan ge that list. Moreover students can not access more
read that d on the screen
icat ion prox y helps us in this regar d. Here it helps us to check only list is displaye
Appl can be
more than that. That list shou ld not have any modified contents. Proxies on the firewall
and not
customized as per the requirements.
Logging
—>
ee be

he
ee
Lt

Remote
access
Remote
file (etohon

Fig. 10.2 : Firewall Proxies

ATW ACRE OREO SY ATE CA. ie

Gs easy salurinns] . e SES OS SEA
'
.

Scanned by CamScanner
 (ill) Guard : f
“tar to proxy firewall. Only difference js that 3.

A guard is kind of complex firewall. It work ing availabl e knowledge. It can use knowledge of
DY blocked list etc. pre
guard can decide what to do on behalf of the erauser
int ctions,
outside users identity, can refer previo us
the the ininternet a SC hool
c an set download limit for th,
the speed 0f
Example : In order to increase etc.
students, A student can download only 20mb data ee hae
Q.7 —_ Whatis personal firewalls?
Ans. : machine is quite difficult and costly
all on a separate
For a personal use to keep separate
t. An app lic ogram which can have
ation prgoi
So personal users need a firewall capabil ity
ty on an
low er cos
scr een inc omi ng and out ng traffic on a single
capabilities of a firewall can solve this problem. Itc Jes of personal firewalls. Personal firewalls can be
host. Symantec, McAfee, Zone alarm are the examp.
combined with antivirus systems. a,

a.8 Explain design, configuration and limitations of firewall ? CS2R

Ans. : .
1. Firewall with screening router :

Screening router

The screening router is placed in between intranet and extranet It i it :

. ‘ * S
screening of the router. The disadvantage of this configuration is ae ee
successfully attacked then intranet is directly visible. that if the screening router is
2. Firewall on Separate LAN :
LAN To overcome the probl| em of the exposure of LAN
» 4 proxy firewall can be insta| lled on
its ow0

Proxy gateway —

BT
Scanned by CamScanner
 ter :
a 3 Firewall with Proxy and Screening Rou
correct address to
- iS creening router is installed behind
the proxy firewall, th en it ensures the
fails LAN is not exposed.
proxy firew: all,other words it is a double guard protection. If any 0 ne
In
nes
Ai genni
eraeteecen: Feith

Proxy firewall
Pe

Screening router

7 | - gaa
|
pee oa Nee

Scanned by CamScanner _
 piography and System

k layer.
Q.1 ‘IPSec offers securi ty at networ IETF. It is a collectiion of Protoc},
Ans. :
<.- ig ineering task force au thenticated and confidentiy
design
IPSec ' is designed
by the Internet Engin Sec creates
. . by ket at ni etwork level. IP toco! | layer). IP
Sec provides node to NOde

which provides security for a pac’ ternet Pro also which are used fo,
mackets fot network layer also known- j as IP ides security to other protocols
‘ protocols; it provi
communication in routing _
.
client-server communication intransport layer
TP security Architectare

- ’ Encapsulating secu COB

Enoape(ESP) Protocol
-
Authentication Header (AP?)
roteco ‘ | be

Authentication Algorithms: | Eneryption Algor

(MD5,SHA) ~ "| ‘|. (QES,CBC) (AES)

Intemet security domain of interpretatior :

OPS OOP

Sie te
{key management Key management
framework) and key management pi

Fig.11.1: IPSec architecture

IPSec defines two protocols as they are backbone of IPSec
and Encapsulating Security Payload (ESP) protocol, » are Authentication Header (AB)
e.

1. Authentication Header (AH):

It defines the AH packet format for processing ; :
ensures that authentication and integrity of the data/packketsincoming and outgoing packets. AH helps ”
EA Rt

is protec
2. Encapsulating Security Payload (ESP); ted.

ESP helps to ensure that confidentiality, authenti ackets in encrypted and unreadable form”
3, Authentication algorithms: Ty of the data is protected.
Use of MD-5 and SHA with Enc
apsulatin S Secu; .
dat a. Has h is
.
att ach ed to the Ip §
and protection of d to a chieve Authentication, inte)
|H header aS’ anPayloa
Integrity chec ksum,

| (EES
‘Scanned by CamScanner
 ography and System Securty(MU) 11-2
4 Encryption algorithms:
Few standard encryption algorithms are implemented in IPSec are DES, AES and CBC because
of large key size to secure data.
5, _ Internet security Domain of Interpretation (DOD:
_ It contains the supporting database of all IP Security protocols, their parameters, all defined
algorithms, key size with lifetime and identity of all approved encryption and decryption algorithms.
6. Key management:
As defined earlier key management is used to generate and distribute the keys required for IPSec
protocols.

Q.2 What are different modes of IPSec 7

Ans. :
IPSec operates in two different modes :
(1) Transport Mode (2) Tunnel Mode
(1) Transport Mode
In Transport mode IPSec protects the data that is delivered from transport layer to network layer
or in other words, we can say that, transport mode protects the payload (a packet consist of controlled
information and user data) of network layer. It encapsulates the transport layer payload by adding IPSec
header and IP Sec trailer and sends this encapsulated packet to network layer.
After that the IP headers of network layer is added to that encapsulated payload. IPSec transport
mode is responsible for complete delivery of packet (traffic) from one host to another host or from host
to gateways called as end-to-end communications.
For example : Communications between client machine and a server machine, communications
between two routers and from router to gateway is also considered as end-to-end communication.
IPSec transport mode is responsible for secure communications between all these devices.

Application layer

Transport layer

IP header | Payload(data) Original packet

IPsec ZZ.
layer oe”
IP header] Foe fPayload(encrypted)e— Transport mode

i
Network layer

Fig. 11.2 : Transport mode -

Scanned by CamScanner
 Server machine
rt mode
Client machine IPSec Transpo e data exchange
11.3 :[PSec transport an AHbut the IP
throughtrailers or Esp
fe: a a Y joad
aders and
data, also known as ns
Transport mode helps to protect user the ayload of an IP packet is
header. In transport mode load of IP packet is encrypted inbyFig. 11.2. The pay
sch ieis remainreal unchang' ed as shown
: which
header 5 information,
11.2. Fig. 11.3 shows how the data
i Fig.
y'
i
e after encryP
exchange (end to end security) take plac
(2) Tunnel Mode
takes whole IP
mode, the IPSec protec ts the entire IP Packet of Network Layer. It
In tunnel and adds
IPSec method to the whole packet
packet including the header of that IP Packet and appli es the rypt the
heade r. IPSec tunnel mode is respo nsibl e for netwo rk-t o-network communications, it enc
new IP
o- t communications over the Internet
traffic between routers, gateways or host-to-network and host-t hos
and creates a secure tunnel.
rk
IPSec tunnel mode encrypts complete IP packet including IP header and transfer it over netwo
layer (entire original IP packet is encrypted). Tunnel mode binds the original IP packet, encrypts it, adds
a new IP header and IPSec header sends it to the other end of IPSec shown in Fig.11.4. Fig. 11.5 shows
IPSec tunnel mode during data exchange process.
Application layer. |

Transport layer

4
Network layer

|
IP header Payload da
ta)}e— Original pack
et
IPsec
layer
~ IP New
header Tunnel mode
Packet

Fig. 11,4 ‘Tunnel Mode

@s GENES
ee
Scanned by CamScanner
 and
is used on most of the IPSe c gate way devices such as firewalls, routers,
Tun net mode tions, and universities securely through a
remote locations such as branch offices, organiza
connecting
Virtual Private Network (VPN).
network ca Hed
Seoured Communication

ee

(rat Router/ Router/

a Host/Server machine
Gateways Gateways
Client machine IPSec tunnel

Fig. 11.5 : IPSec tunnel mode data exchange

n different from the original IP that was

The IP header after tunnel mode will consist informatio
secure communication between two routers, a
received previously. Tunnel mode is generally used for
host and a router or vice versa.
tunnel mode ?
[email protected]. How AH and ESP are differs while working under transport and
Ans. :
secure communication, to avail this
Encryption of data and its authenticity is prime concern for
:
two features, IPSec provides two protocols at network layer
1. Authentication Header 2. Encapsulating Security Payload

(1) | Authentication Header

is carried in IP packet. It is first
It is designed for authentication, integrity of payload which
ed to provide data authentication
protocol of IPSec called Authentication Header (AH) protocol design
in transit) and non-repudiation but
(to identify source host), data integrity (if data get modified while
access the contents of a message) because
doesn’t provide data confidentiality (if attacker able to
IP packet.
Authentication header does not encrypt the data/
attacks (sending same data to
The main functionality of this protocol is protection against replay
over a network. Authentication
receiver again and again) and protection against tampering of data
IP packet, with the help of message
header is also used to protect the upper-layer or the entire
message and secret key to provide
authentication code (MAC - used to generate fixed length value from
or SHA1.
authentication) using well known hashing algorithms like MDS
is calculated and inserted
By using Hash function and symmetric key algorithm, message digest
es data authentication and
in authentication data as shown in Fig. 11.6 because of this AH protocol provid
of authentication header format are
data integrity, but not confidentiality or privacy. The internal fields
function or
shown in Fig. 11. 6. This protocol uses cryptographic checksum which is similar to hash
in location cased on which
message digest, the checksum is inserted in authentication header and placed
mode it is using (tunnel mode or transport mode).

Scanned by CamScanner
 Step -
- bita) "
number (32
: Sequence Step:
D
Y
cation datalen (gee
STTTITITT
cece?
YY mT in step
DIL
A
Step

—_ o
A brief description of each field: used to identify the type of
(8 bits) ‘The next heade r is an 8 - bit field which is
Next header
. .
payload/ data carried by IP packet. ,
is also an 8 - bit field whic h defines length of the
ad heade r
Payload length (8 bits):The paylo
authentication header. set
: AH contains 16-bit field which is reserved for future use and always
Reserved (16 bits)
to zero. .
ation with source
bits): SPI is a 32-bit field used in combin
Security Parameter Index (SPI) (32 y association
security protocol to uniquely identify a securit
IP address, destination IP address and AH SA in next bit. This field also defining
discuss
(SA) for the traffic to which IP packet belongs, we will
calculate the message authentication code
which different security algorithms and keys were used to
(MAC). .
nsmission of datagram
Sequence number (32 bits) : It is also a 32 bit field. It prevents the retra
which is also known as replay attack.
‘Authentication data : This is variable length field whose length depends upon encryption
algorithm used. Authentication data field-of AH protocol is the output of hashing algorithm or message
digest algorithm. AH protocol performs the integrity check value (ICV) on packet header or MAC is
computed over the complete IP packet including the outer IP header to ensure that the data has not been
changed during transmission process. As mentioned earlier AH doesn’t encrypt the data the reason it
doesn’t provide confidentiality during transmission. ‘

(2) Encapsulating Security Payload :

One of the most important feature that Authentication H leader called data
ide
. ae. 7s
confidentiality (if attacker able to access the contents of a message) tect eae vewie ener as on
data/ IP packet. As defined earlier ESP is used to encrypt i of an IPSec packet the
ae Bayon
reason ESP alone can provide data authentication, elena
adding ESP header, ESP trailer and MAC to the packet, replay attacks and data integrity Y
of
ESP has the same fields as defined in AH, but it inte
grates these fields in a diffe way instead
having just a header, it divides these fields into thrée c Omponents: An ESP header, rent ESP trailer and
ESP authentication block as shown in Fig. 11.7,

ESP header and trailer. -

Scanned by CamScanner
 h and S} stem Security (MU) _

In the initial step, ESP trailer is added to IP payload.

Then both Trailer and ESP are encrypted.
After the encryption ESP header is added to the encrypted packet.
Step 4: Then all encrypted Peake ESP trailer and ESP header are combine used to form
authentication data.
Step 5: This authentication data is added to the End of Trailer.
Step 6: Lastly the IP header is added.
Obits 16 bits 24 bits 31 bits
Seo rity parameter index (See. TL esp
"Sequence number., :a header

ESP
encryption
IPSec 8 =bits ESP
says Ss ic Pad length |! trailer

IP header |. ~ Network layer | ae rable fen ah)

Fig. 11.7: ESP header, ftrailer ‘and encryption

The main functionality of ESP is to provide the confidentiality to IP packet by encrypting them.
Encryption algorithms (Triple DES, Blowfish, and IDEA etc.) used to combines the data in the packet
with a key and transform it into an encrypted form. The encrypted packet now then transmitted to the
destination, and decrypts it using the same algorithm.
The detail description of Bocapauleting Seoumly Payload (ESP) fields is given below:
1. ESP header:
Itis also a 32 bit field. It prevents the retransmission of datagram which is also known as replay
attack as defined earlier. This field is not encrypted but it’s authenticated to perform anti-replay
checking before decryption.
2. Encrypted data:
This is variable length filed contains transport layer segment or IP packet which is protected by
performing ESP encryption.
3. ESP trailer :
ESP trailer field contains padding (0-255 bytes), pad length 8-bits and next header 8 - bits.
4, Padding (0-255 bytes): ,
_ Padding filed used to expand plain text message to required size or to align the encrypted data
by adding. padding bits tothe actual data which provides confidentiality to traffic flow. tte
5. Pad length (8 bits):
| This is mandatory field in ESP protocol which used. to indicate the number of f pad (protection
- - Dytes added into the packet,
ea
Scanned by CamScanner
 es the type of encrypted data In the p
YI
4

Data field. nds . up on encryption

’ alpo.;
Sorith
cation data‘
7, ESPauthentl field whose length wer hashing algorithm or megg, ’ Mea
‘ or MAC, is COmputeg Oy,
This . is variable length P ‘protocol is e* ACY) on packet ’ header
Authentication data field “ne ints rity ae der to ensure data has not been Changeg dug
perfor ms *
algorithm, tewhicpahcket including the outer t
ic comple
a y for packet payload?
integritit
transmission process. integr y
iden tiality and
w do es ES P he ad er 9 guarantee conf
der
Qa.4 Ho
3
to provide Called 4,
Ans. : tic ation Header was unable
feat ure that Authen use ESP provide ;
One of the most important contents of a message) beca P ENCTYPLion oy
to access the
confidentiality (if attacker able
data/ IP packet.
payload ofan Teason By
eee ee theby add
a defined earlier ESP isatiuse d to encrypt the entire lay attacks an grity ing Ep
tion agains t rep
alone can provide data authentic on, protec .
header, ESP trailer and MAC to the packet.
egrates these fields in a different way . ing, x
ESP has the same fields as defined in A H, but it int
of having just a header, it divides these fields into three components: An ESP header, ESP trailer and
ESP authentication block as shown in Fig. 11.8.
It is designed for confidentiality and integrity of messages. ESP can be used alone or wih
combination of AH.ESP adds a header and a trailer to the payload. Following are the steps for adding
ESP header and trailer.”
Step 1: In the initial step, ESP trailer is added to IP payload.
Step 2: Then both Trailer and ESP are encrypted.
Step 3: After the encryption ESP header is added to the encryp
ted packet

Step 5: This authentication data is add

ed to the End of Trail
Step 6: Lastly the IP header is added.
~
Application layerlayer
_Application *0 bitss = re bitsPeas 24 bits 31 bits
r - | a ourily parameter index (SP) "J Esp
ta “ if a ’ fae
nsport layer : . > . Sequence number meee header

e Ss |3 OOTTTTTIIP
IPSec { [7 “ ge ESP
layer 1 -ESP header e ial. | ES
| SS 5 S| Padding |_8-bits og be Esp
IP header}. N a . po | Pa — ;
work layer J ‘ aon d length Next header] { trailer
‘\ : sv ettication es

Scanned by CamScanner
 twee
SST

encrypting them.
et by
mai n fun cti onali ty of ESP is to provide the confidentiality to IP pack the packet
The I DEA etc.) used to combines the data in
e DES , Blo wfi sh, and
cryption algorithms (Tripl rypted packet now then transmitted
to the
.

rypted form. The enc

with a key and transform it into an enc algorithm.
destination, and decrypts it using the same
ea

n below:
y tees pea

rity Payload (ESP) fields is give:

The detail description of Encapsulating Secu

1 ESP header:
oe aftr

ansmission of datagram which is also known as replay

It is also a 32 bit field. It prevents the retr
attack as defined earlier. before
to perform anti-replay checking
This field is not encrypted but it’s authenticated
decryption.
2. Encrypted data:
js

tected by
segment or IP packet which is pro
This is variable length filed contain: s transport layer
Peron

performing ESP encryption.

3. ESP trailer:
length 8-bits and next header 8 - bits.
ESP trailer field contains padding (0- 255 bytes), pad
4. Padding (0-255 bytes):
data by
to required size or to align the encrypted
Padding filed used to expand plain text message traffic flow. .
adding padding bits to the actual data which provides confidentiality to

5. Pad length (8 bits):

h used to indicate the number of pad (protectio
n)
This. is mandatory field in ESP protocol whic
bytes added into the packet.
6. Next header (8 bits):
ypted data in the Payload
The same bit length as of pad length used to identifies the type of encr
Data field.

7, ESP authentication data:

upon encryption algorithm used.
This is variable length field whose length depends
t of hashing algorithm or message digest
Authentication data field of ESP protocol is the outpu
or MAC, is computed over
algorithm, which performs the integrity check value (ICV) on packet header
not been changed during
the complete packet including the outer IP header to ensure data has
data confidentiality during
transmission process. ESP encrypts the data the reason it provide
transmission.

Q.5 What are benefits of IP security ?

Ans.:
IP Sec operates at the network layer where secure data transmission takes place. For secure
meres of remote computer over Internet IPSec is used. For securely connecting all branches of bank
tors over internet IPSec protocol is used. For secure communication between same organization
Which are located at different places.

Scanned by CamScanner
 11-9

ptography and System Se ocol is used. Most of the

a m any lo ca tion IPS ec prot ss
con nec tin g to col leg e server i
om ho me an d up date it to compe
For ed thei task fr y ed
corporate sector allowing emp
loyees to any se rv er at an y ti me. IPSec now-a
company secure data
on or secure access of cost connectivity,
at any time from any locati ks tha t all ow lo w
implemented
of Virtual Private Networ n channel. If IPSec is
as one of the standard
transmission between various locations over insecure communi palic ossing the networ
k.
in a firewall or router, can provide strong security to the ongoing traffic cr
: i
SSL provides ?7
needed ? What are the different features
@.6 Why Secure Socket Layer (SSL) is
Explain how SSL works ? Also explain the services of SSL protocol.
Ocenia Fan AAoLOas
TPIT he

Ans.: is an
Netscape communications in 1994, Secure Socket layer the
by andsali
Secure Socket layer invented n between clien t’s web browser
internet protocol used for securely exchanging the informatio data integrity and data confident ity
the authentication,
web server. Secure socket layer ensure The main
s a secure tunnel between client and server.
between web browser and web server ie. it create
role of SSL is to provide the security to web traffic in all the way.
IP protocol suite is shown in
The current version of SSL is 3.0. The position of SSL in TCP/ as
rt layer the reason SSL is also called
Fig. 11.9. SSL is works in between application layer and transpo
directly to transport layer instead it will
Transport Layer Security (TLS). The data will not be passed
tion to the data received by
‘ passed to secure socket layer. Secure Socket Layer will perform encryp
SSH i.e. Secure Socket Layer
application layer and add its own encryption information header called
ion layer.
Header. In the receiver’s end SSL will remove the SSH header and then pass data to applicat
=

tg 4 Client machine Server machine | 3

e (web browser) (web browser) &y

SSL
position [PVZSSL rrrY
layer protocol a

__ Transport layer. |
security} |. memet layer IP ff
inl sxtanty

) Data link layer

[Physical fayer |
SSL encrypted data
Fig. 11.9; Pos
| ition - of SSL i
Protocol sui

Scanned by CamScanner
 11-10.
tog raphy —— and System Securiae ty (MU)
Cc YP oY 2 : l
: protocol uses digita
L pr ot oc ol in TC P/ IP pro toc ol suite. SSL
The Fig- 11.9 shows posi
tion of SS machine and server machine.
cu rely communication between client
ificate and digital signature for mse application layer of client machine and add its own header (SSL
cel 1, encrypt the data received fro encrypted
data and send enc ryp ted data to the server side. Upon receiving lication
) into the encryp ted to app
rypted data
= decrypts the data and sends the dec
server Temoves the SSL header and
via,
11.9.
jayer aS shown in Fig. ri ty ta sk s th er e are two layers of sub-protoc wh
ols ich
pe rf or m se cu
SSL is not a single protocol to SSL Cha nge Cip 5 L Alert
her Specification, thhe e SS
dsh ake Prot ocol ,
support SSL there are the SSL Han SSL architecture Fig. 11.10. As shown
in Fig. 11.10.
ord Prot ocol sho wn in
protocol, and the SSL Rec nge Cipher
e basi c high er-l ayer prot ocol s namely: SSL Handshake, SSL Cha
SSL defines thre
Specification and SSL Alert protocol. ed
evel prot ocol s is the co nne cti on establishment, use of requir
The role of these three higher-l generation before starting act
ual
cipher techniques for data encr yption and alert (warning, error i f any)
r.
data transmission process between client and serve psulation of the
SSL Reco rd Prot ocol is resp onsi ble encrypted data trans mission and enca Services
The P) also to provide basic security
prot ocol s (han dsha ke, alert , HTT
data sent by the higher layer use of TCP protocol to provide a reli
able secure
ocol s. SSL was desi gned to make
to higher layer prot t machine securely
roce ss deli very of entir e mess age/ packets. We ‘will discuss how clien
process-t0-p .
unic ate with the serv er mach ine by using underlying network architecture
comm

Support for
SSL session
connection
establishment
SSL protocol
layer

| Transport and
layer internet

Fig. 11.10 : SSL protocols internal architecture

Working of SSL
and Record protocol.
SSL has three sub protocols: Handshake protocol, Alert protocol
| |
Handshake Protocol
when we meet to our friend/colleagues, we have habit to say
bitte As the name suggests
communication. SSL
a lo and do the shake-hands with each other before starting our actual
tres g agt 2
dshake protocol uses somewhat same ideology but in terms of client and server.
between _
a The first sub-protocol of SSL called handshake protocol used for secure communication
. a pS et
lent and the server using an SSL enabled connections.

Scanned by CamScanner
 11-14

stem Security (MU) a mo re immppoc rtant that

authentication
server
is SSL
ol cl ie nt au th entication ¢ 9
the se rv er
au th en ti ca tl o: n. The details steps of
In this pro toc for client
us e ser ver has di ffe ren t options availab Je
beca
shown in Fig. 11.11. enabl ed connecti
on.
handshake protocol are io n us in g SS L
ver to start co mmunicat
1. It is used by client and ser
phases :
2. The handshaking is done four
lities.
(a) Establishing security Capabi
key exchange.
(b) Server Authentication and
exchange.
(c) Client authentication and Key
(d) Finalizing and Finishing.
Server
machine
(web browser, io

Step2

Step 3

Step 4

Fig. 11.11 :SSL handshake protoc

ol
Phase 1 : Establishing security capabilities
In this phase logical connections and is
establi ished between client and server and establish
security capabilities associated with that connections,
It consis
the server hello. ts of two messages , the client hello aa
‘es Ce ee US) ss
ee

Scanned by CamScanner
> 11-12

graph System Security (MU)

client hello:
o message contains the following parameters -
The client hell
which the client can support.
(i) The highes t SSL version number two subfield
that will be used for mast er secr et generation. It contains byte
A 32 byte ran dom
number nt’ s system and a 28
) curr ent time and date of the clie
subfield for
that is a 32 bi t date time ran dom number generated in clie
nt’s system.
om numb er ge ne ra to r wh ic h sh ows
rand
Gi) A session id that defines the session. which supports
para mete r that cont ains the entire cryptographic algorithm
(iv) There is a cipher suit e
client’s system.
supported by client.
(v) A list of compression methods that can be
Server: l be
highest among both SSL number of clie: nt and server, wil
(i) | The SSL version number, the
by server.
supported by client and other will be supported ver this random
be used for master secret generation, howe
(ii) A 32 byte random number that will
dom number of client.
number is totally independent from the ran
(iii) A session id that defines the session. client from
ains the list of all cryp togr aphi c algorithms that is sent by the
(iv) A cipher suite cont
m
which the server will select the algorith
method.
client from which the server will sel ect the
(v) A list of compression methods sent by the
exchange
Phase 2 -Server authentication and key
e, its
if it is needed. The server sends its certificat
In this phase, the server authenticates itself
ficate) from the client.
public key, and also request certificate (digital certi
cate itself to the client. If the key
1. Certificate : The server sends a certificate message to authenti
entication.
exchange algorithm is Diffie Hellman than no need of auth
t send its digital
2, Server key exchange : This is optional. It is used only if the server doesn’
certificate to client.
3. Certificate request : The server can request for the digital certificate of client. The client’s
authentication is optional.
4, Server Hello done :The: server mess age hello done isi the last message ei in phase 2 .this indi
to the client that the client can now verify all the certificates received by the server After this
hello message done, the server waits for the client’s side response in phase 3. ‘
Phase 3 :Client authentication and key exchange
In this phase, ; the client authenticates ates itself
i ifif itit i is needed i i certificate,
i chien:
key exchange and certificate verify to the server. rhe cient
. sends is mes cient
if ‘ . _.
Certificate :Client the servaie
requiredcertifific TT toe the
client's dipital " certi icate is opti onal, it is only digi tal ate
gital certificate. If clie nt does n’t have clie nt’s
‘tin
Nd NO Cexitioatie
Be or an Alert messa: e to the server. Then it is upto server’s, decisi
is on whether to contin
Session or to
a aon the session,
8 We WAR tbe
bisid c Client key Exchange :The client se
. ms
nds a client key exchange, cont ents
4 .
in this WWSIALS ay
Gi a n key exc hange algorith betw een both the parti es, the

Scanned by CamScanner
 tication. The
authen
th e a “a * ked. for client has to
if ic at e ve ri fy :It is nece ss ar y on ly if
di ti on yn se
a rv
i t
er wants en the client
th
Ce rt
re ad y sen t its cer tif ica te to the server. But ad ¢ e me ssage with its public
client has al key .The server
ov e tha t it is au th or iz ed holder of the private
pr client.
that the certificate belongs to
key already sent to ensure
Phase 4 :Finish It contains
ha ndshaking protocol.
finished. The server
messages to fini
The client and server send 16. o a
¢ n
han ge cip her spe cs,
are from the client
oa

4 steps. The first two messages ish ed.

oh
ciph er spec and fin
responds back with change ut the current status of
cipher
telling abo
is @ client side message
Change cipher spec :It g state.
has been made active from pendin
protocols and parameters which .
ann oun ces the fini sh of the han dshaking protocol from client side
Finished :This message has made all the pendin
g
ver to show that it
s message is sent by ser
Change Cipher spec :Thi
s active state.
state of cipher protocols and parameter to y
the finis h of the han dsh aki ng pro tocol from server and finall
Finished :This message announces
handshaking is totally completed.
Alert Protocol
the party which
error that is detected by client or server,
SSL uses the Alert protocol for reporting terminate the
error sends an alert messa ge to other party. If error is serious then both parties
detects used
SL alert protocol is the last protocol of SSL
session. Table 11.1shows the types of alert messages.S
via SSL record protocol to the client or server.
transmit alerts (warnings, errors, fatal etc.) if any
Alert protocol uses two bytes to generate
The SSL alert protocol format is shown in Fig. 11.12.
warning and “2” value indicate a
alert. First 1 byte indicates two values either 1 or 2. “1” value indicate
fatal error (if fatal error terminate the session/ connection).
Level Alert
Whereas second 1 byte indicates predefined error
Me gp aE ae
code either the server or client detects any error it sends an -
the error (error occurred during - Fatale 2 _Erarcode |
alert containing
1 byte 1 byte
handshaking, error occurred during data processing at
server or client side, certificate defeats, etc.) Fig.11.12: SSL alert protocol format

Table 11.1 —

0 close_notify ” No more message from sender a

a
10 unexpected_message An incorrect message received
_—
20 bad_record_mac A wrong MAC received
_
30 decompression_failure Unable to decompress

40 handshake_failure | Unable to finalize handshakeby th —_

42 bad_certificate Received ye wearer
42 Chi ent has
a corrupted certificate, : |
. Nocertificate
; no certifi ==
42 Certificate expired Certifi Cate to sendtoserver.
Cate has expired. enn

Scanned by CamScanner
 eh _
ihe ii ABR 50 ssn

|
i aecord protocol starts now.
of successful SSL handshaking the keen role of SSL record protocol
After completion r level protocol. As defined earlier
sub-protocol of SSL also called lowe
L record protocol is second data
is resp onsi ble for encr ypte d data transmission and encapsulation of the
$8 sSL Record Protocol rity services to
'

high er laye r prot ocol s (han dsha ke, alert, HTTP) also to provide basic secu
at by the to build a data
ocol is basi cs for data transfer and specially used
. igher layer protocols. SSL record prot
server and encrypt the data path before communication.
paneth between client and tion; data confidentiality
ent service like data authentica
differ
SSL record protocol provides L enabled
ri th ms an d dat a int egr ity th ro ug h Message Authentication (MAC) to SS n
though encryption al go
ps in vo lv ed in SS L re co rd pr ot oc ol and SSL record header format as show
connections. The details ste tographic parameters are exchange
d
ssary authentication and cryp
in Fig. 11.13, At this stage all nece data tra nsm ission through SSL record protocol
.
time of secu re SSL
petween client and server now it’s ‘
As shown in Fig. 11.13.
‘Massage 7 data Tee
Application data

Data distribution/ Data Data 2’ Data 3

fragmentation

SSL record header

Data compression ‘Content |

type 2} © length
MAC addition

picoes 1SS
Encryption

Plaintext (compressed)

Data encryption

Appending SSL fF MAC (0,16,20 bytes)

record header (H) §
H_ SSL record
Fig.11.13: Record protocol

l data that client wants to send over server.

SSL record protocol takes application data i.e. actua
h should not exceed 16384 bytes this process is .
Divide this data into the different blocks for each lengt using lossless compression
compressed
called as data distribution or data fragmentation. Data .
ed 1024 bytes
techniques; compression size of data should not exce
MAC is computed over the data and MAC
After the data fragmentation and compression step the
is then appended to the compressed data (the data is now encapsulated) to form a new encrypted data /
data encryption process. As mentioned
payload, The compressed data and MAC again goes through
c techniques like DES, triple DES, AES,
earlier SSL record protocol uses ‘symmetric key cryptographi
rs.
and IDEA because these techniques specially designed to operate-on block ciphe
SSL reco rd head er is appe nded onto each encrypted blocks obtained from encryption
_. Finally whether
reco rd head er cons ist of 8-bit cont ent type to which identify nature of the message
Process. SSL r message. Next field is Major Version which
any application data or connection termination or any erro
Ss
Scanned by CamScanner
 _ 11-15

ch is 8-bit fiel
versiosnot
7 °
5is in use (e.g, 3). Minor Version whi tong tf ts
9
latest
is 8-bit field used to indicate use (€.8+ ai eet sail indicates sen
indica thete est version of SSL is in
lows
port and
Plaintext (compressed) / ally data to TCP and IP (Trans
laintext being compressed. Fin
comp sends SSLeslayervenacrye
ress the encryp
at end, data ted blocks are
integnity, easanble
ork. At the oe ee
inte et La at) for sine transmission over netw
ia'ty
data authentication, data confident
decrypted and then checked for
d to the application-layer protocol.
these data into single unit, and delivere
services in SSL connection :
The record protocol provides two
. .
(a) Confidentiality :
protocol.
can be achie ved by using secre t key, which is already defined by handshake
This
(b) Integrity: oategri
the message ee add
The handshake protocol defines a shared secret key that is used to assure 1s es
Following are the operations performed in Record protocol after connection
authentication is done of both client and server.

1. Fragmentation :
block is less than
The original message that is to be sent is broken into blocks The size of each
or equal to 2* bytes.
2. Compression :
The fragmented blocks are compressed which is optional. It should be noted that the compression
process must not result into loss of original data .
3. Additionof MAC: _
The Message authentication code (a short piece of information used to authenticate a message for
integrity and assurance of message) for each block is to be calculated using shared secret key.
4. Encryption :
The overall steps including message is encrypted using symmetric key but the encryption should
not increase the overall block size.
5. Append header :
After all the ab ,
fields : fter all the above operations, header is added in the encrypted block which contains following
Content type (8 bits) specifies which protocol is used for
i roce: : : .
. ; 7
specifies the major version of SSL used, for example if SSL ution Atos yn
:

contains
3.0 is in 3.useMinor Version (8 bits) specifies
than this field contains 0. Comprtheessed
minor version of SSL used. for example if‘SSL version
| i :
original plain text block. P Sngth (16 bit) specifies the length in bytes of the
Q.7 Solve TLS. | ED
Ans. : | .
It is an extension of secure socket ayer.
The main aim of TLS is to provide security and
the transport layer between two web applicati
‘att data #
TLS. It ensures no eavesdropping and texmert eal ow a w eb browsers and web servers supp"
Message,
Gs TERS __—
Scanned by CamScanner
 hy and System Security (MU) ee
The TLS protocol consists of two main components :Handshake protocol, to start session and
alata ae abe

shared keys.
hare private key, and Record protocol, to transmit data securely using the
Handshake protocol :In the Handshake protocol, both sending and receiving parties
on algorithms, optionally
wiedge their protocol versions, agree on cryptographic and compressi
techniques to generate shared
authenticate each other through certificates, and use public-key encryption
private keys.
following are the steps :
Step-1: Clients sends message publicly to containing version of TLS,32-byte random number fr
consisting of a 4-byte timestamp and a 28-byte random number.
A Cipher Suite list in decreasing order of preference for each of the following algorithm
families: Public-Key Algorithm (PKA), encryption algorithm used in the Cipher Block
Chaining, and compression algorithm (COMPRESS).
Step 2: Server informs the client about the decided algorithms (after examining the Cipher Suite lis
sent by the client) along with a 32-byte random number rp constructed similarly as Ta.
Step 3: Client replies with a number called pre-master secret sp, using the public key algorithm PKA
(CA).
with public keys retrieved from the server’s certificate signed by a Certifying Authority
Step 4: Both parties independently calculate the 48-byte long master secret, Sm, to further obtain the
keys to exchange data. The master secret is calculated using Pseudorandom Function
PRF:s,, = PRF(Spn, "master secret”, rallrg) It is worth mentioning that in the previous version
of TLS the master secret was computed as follows, before MDS proven to be insecure:
MDS(splISHA-1(Allspmllralitg)) Il MD45(spallSHA-1(BBllspmllralita)) ll MD5(Spm lISHA-
1(CCClispullralirg)) Where A, BB, and CCC are strings added for padding. ;

Step 5: At this stage, both parties know Sm, Spm, Ta, and rp. they independently compute the Key Block
(KB) that contains all needed private shared keys for this session: KB = P RF(sq, “key
expansion”, rallrz) KB is then broken into six pieces and labeled as K1, K2,... ,.and K6,
before terminating the Handshake phase ,
Record protocol:Now the client and the server are ready to communicate securely using the key
block as a set of security parameters obtained by the Handshake protocol. The Record protocol takes
data to be transmitted in one endpoint, fragments the data into manageable blocks, compresses the, data,
applies a MAC, encrypts by block cipher, and transmits the result. Received data is then decrypted,
verified, decompressed, reassembled, and then delivered to higher-level application on the other
endpoint. In short, Record protocol ensures that the connection is private via symmetric. encryption by
sessionunique keys and reliable via integrity check. Suppose the client wants to send data chunk, d.
The client:
1. Compresses the data using the agreed algorithm: d’ = COMPRESS(d)
2. Hashes the compressed data for data integrity using K: d”= {d’ , HMAC, (d’ )}
3. Encrypts the data along with its MAC using CBC mode block cipher BCA where the secret key
is K; and the initialization vector is K3: d’” = BCAx,(d”, K3)
4, Sends d’’’ over the public channel
And the server retrieves d from d ””’:
1. Decrypts the data along with its MAC using BCAxy.
___ Verifies data integrity by computing HMAC of data using Ky and comparing it with the HMAC
computed on the client side ae
GETS
Scanned by GamScanner
 Wao
.
es of
wh il e th e last three piec
to retrieve d ta to the cl i en t
Decompresses nt s to send da
wh en se rv er wa
process is reversed
The ro
* instead.
the key block is used
exchange protocol.
Q.8 Explain Intemet key |

IPSec netw ork. It allows for

in
Ans. :
i for managing keys protoco 1 based on three
:Key Exchange ing pro oo
IPSec peers. It is hybrid
| Internet 2 a
. keys between
ween IPsec ™. ment protocol.
automatic creation and managing Keys urity ass oc! iation and key manage
and ISAKMP (Intemet sec
protocols: Oakley, SKEME,
ISAKMP : de fines the
ge me nt p ro to co l is a framework that
The internet security association
and key mana ng e pr ot oc ol , and the exchange of
a
ati on of a key exc ! ha
of implement
formats of payload, the mechanics
security association between the parties. en ti ng a key exchange protocol, and
the mechanics of im pl em to
ISAKMP protocol defines whi ch are the dif fer ent fea tur es of IPSec protocol has
ies i.e.
part
agreement between communicating
of security association).
tc, and all (simply its negotiation
usee
es :
ISAKMP provides following featur ween communicating
cate of remo te entit y. It manages the secure session bet
to auth enti about key
niques. Exchanging required information
It is used
by appl ying diff eren t cryp togr aphi c tech
parties reasons ISAKMP
sion by applying security policies. The
sharing. Negotiation over all data transmis key
two parties and authenticate them for secure
establish secure communicating channel between
and condition.
exchange and negotiation on certain security terms
Oakley :
Key for exchange of
It is a key exchange protocol that defines how to obtain authenticated
message between parties. Oakley, within IKE, is used to determine AH and ESP key for each IPsec, by
default its uses an authenticated Diffie Hellman key exchange algorithm. Oakley protocol defines the
mechanism of key exchange or key agreement protocols in which two parties must agree on k Key
generated before data transmission. _
—
IKE uses different cryptographic techni ques and security
he policies fo
,
information between two entities-such as Diffie Hellman key exchan agin Banger
ge, DES, MDS, SHA, RSA
algorithm etc.
SKEME:

ts
It is another protocol for exchangi ging auth
: bea
key between ‘the parties, It uses public key
encryption for authentication in key éxchanae orotoeok

Q.9 Explain different phases of IKE protocol

a

Ans. :
ions .
IKE has two phases of operat

Phase I; : Agpreasive mode of exchange : Used be ne

Phase 2 : Quick mode of exchange : Uses to negotiuate

mieIPSecme
’s SA
yoieasy-solutions :
J . —
Scanned by CamScanner
 Head

Wi Suita atl

ate IKE SA
mode of exchange: Uses to negoti
| ixephase 1: Ago ressive IKE phase 1 negotiation

“DES, SHA, and RSA Sig

[EBEDs,S,\Cand FSA Signatures
fees. e

SHA, and pre-ehar3ed Keye

RS gee
Stet, or ; is “ila

Fig. 11.14

For instance :
common IKE
11.1 4 user A and user B want to talk IKE, They must agree on a
As shown in Fig.
and the responder (user B)
n suite . The initi ator (user A) proposes several protection suites
P rotectio g to the priorities and. the
one of the offered protection suite. The selection is made accordin
-chooses out of which
B.
responder. In the Fig.1 1.14, user A proposes three protection suites
7 configuration of the If they do not,
the second protection suite. Both must agree on the same protection suite.
f user B chooses
and the IKE session may be terminated.
{fo common policies may exist
ge : Uses to negotiate IPSec’s SA
IKE Phase 2: Quick mode of exchan
IKE phase 2 negotiation

DES and

x,
oe
eo Tee

a
Jins
ut

Fig. 11.14
ana

For instance |
the’ traffic with IPSec and the IKE SA is ‘i
: : As shown'in Fig.11.14 user A and user B-wish to protect chooses
security policies and user B
. already established between them. User A proposes various IPSec keying =
one of them.(with highest priority according to configuration). After successful negotiation,
‘ ‘material is exchanged and IPSec SAs are established to-protect network traffic.

Scanned by CamScanner —
 @.10 Explain SET Protocol. ‘ i spect ification
, . : tion & and security
Ans. : ‘¢ Transaction. It is an encryp _ SET is aid
channel such das Internet. S
visctons over an insecure nts of users,
rotocol se desi
setect c ai card . : payme
1996 by VISA
designed to er cred eolo ped ,
eet i i et of rules & regul ation s whic h inclu des
such as Inter net in a secur e way.
i g techn Oey ae ies, SET in 199 8 it
employee over an open network lea din
n from different g O setworks & made it
and MasterCard, with participatio , Terisa Systems and VeriSi
f gn.
oft , IBM , Net sca pe, RSA over ope
Micros
sta nda rd for saf egu ard ing credit card purchases made —
declares as a
fol low ing req uir eme nts .
available to users with par ties’ involved ina Se
os re
tio ns cha nne l amo ng all
SET create a secure communica is onl y available to sender, receiver
ae nd his
e the inf orm ati on veak
provides privacy becaus cti on. SET pro vid es confidentially, only sender
in tra nsa
communication parties’ involved con ten ts of a message. It assures to car
d holder is tha is
uld be able to acc ess the giv es
intended receiver sho
end ed reci pien t. SET pro vid es int egrity of the message. Integrity
safe and accessible only to the int d entity. (No alteration, no modifi
cation, no
y as sent by an authorize
assurance that data received exactl

teed
deletion and no intersection etc.).

Q.11 Whatare SET participants 7

bel
Ans. : .
(SET) which involves in the
Following are the components of the Secure Electronic Transaction
electronic payment as shown in Fig. 11.15. ,

=e

Issuer = 7 Acquirer
eh th ln

Fig. 11,15
————

‘Scanned by CamScanner
 The acquirer :Also known as bank or financial institution. The financial institution that
establishes an account with a merchant and processes payment card authorizations and payments.
The issuing bank:Bank that maintains the account of the buyer and issues a credit card to the
buyer and also sets limit on the amount of purchases.
Certification Authority (CA): Certification Authority (CA) is a trusted unit that helps to issue
certificates. A CA takes the certificate request from owner, verifies the requested information according
fo the terms and conditions of the CA, and uses its private key to apply digital signature to the
certificate.
Responsibility of the CA is to identify the correct identity of the person who asks for a certificate
to be issued, and make sure that the information contained within the certificate is legal and later
digitally sign on certificate, i
This is an entity that is trusted to issue X509v3 public-key certificates for cardholders,
merchants, and payment gateways.
Payment gateways: It is designated third party that processes merchant payment messages. The
merchant exchanges Secure Electronic Transaction messages with the payment gateway over the
Internet, while the payment gateway has some direct or network connection to the acquirer's financial
processing system.
Following are the steps of interactions used in SET protocol :
1, The customer opens the account :Once the customer obtains a credit card account, such as
Master Card or Visa, from the bank which supports electronic payment and Secure Electronic
Transaction then customer may proceed for future communication over network.
2. The customer receives a certificate :After suitable verification of identity, the customer
receives an X.509v3 digital certificate, which is signed by the bank which verifies the customers
RSA public key & its expiration date.
3. Merchants have their own certificates :A merchant have two public keys one for signing
message & another for key exchange The merchant also needs a copy of the payment gateway’s
public-key certificate.
4. The customer places an order : Here customer first browsing through the merchant’s Web site
to select items and determine the price. The customer now sends its list of items to be purchased
to the merchant. Upon. receiving list of. items from customer merchant returns an order from
containing the list of items, their price, a total price, and an order number to the customer.
5. The merchant is verified :Along with order number, the merchant sends a copy of its certificate,
so that the customer can verify that he or she is dealing with a valid merchant store.
6. The order and payment is verified :The customer sends both order and payment information to
the merchant, along with the customer’s certificate (approved by CA). Customer also confirms
the purchase of the items in the order form. The payment contains credit card details. The
payment information is encrypted in such a way that it cannot be read by the merchant. The
customer’s certificate enables the merchant to verify the customer.
1, The merchant requests payment authorization :The merchant sends the payment information
° tothe payment gateway for authentication as well as to check whether customer’s available credit
48 sufficient for this purchase. .
8. The merchant confirm the order :Upon receiving payment confirmation from customers. credit,
the merchant sends confirmation of the order to the customer. = he

Scanned by CamScanner
 11-21
Cryptography and Sys tem Security (MU) __ , the
all verification the merchant provides =~
er
the goods or service. Aft
9, The merchant provides "aad _
er.
oods or service to the custom hand
men t. Thi s req ues t is sen t to the payment gateway |
10. . 9 em erchant request pay
:
of the payment processing.
000 .

|
q

nner
bynCanmSecad
‘Sca
 12-1
ography and System Security (MU)

Chapter 12 : Non-Cryptographic Protocol Vulnerabilities Phishing

@.1 Write short note on phishing attack.

Ans.:
by sending fake email,
It is an attempt to acquire password credit essential financial data
confidential data by
messages, electronically. There are treated as spam mails. These mails ask for some
email. These are a usually
grabbing trust of the user. Phishing mail generally in form of trustworthy
carried out by e-mail spoofing. It is an example of social engineering.
Types of Phishing Attack
1. Deceptive phishing:
email such type of
Sending bulk of email messages, which make user to click any one of the bulk
attack called as deceptive phishing. .

2. Malware based phishing :

the email
Running malicious software on target’s or users machine. There malware comes from
attachments.
3. Key loggers’and screen loggers :
These malware track input from keyboard and send information of target through target’s
keyboard to hacker (attacker) via internet.
4. Session hijacking :
User activities are monitored to get login into the user’s system.
5. Web trojans:
They are a kind of pop-ups, when logging into some website. These pop ups usually asks for
user's credentials.
6. System reconfiguration attacks :
It is kind of phishing attack where user’s PC setting are modified or changed.
7. DNS based phishing :

In this type of phishing the URL requested return to some bogus or fake site which is actually
sent by hacker by changing the URL of the requested site of the user.
© Content injection phishing : |
tts an act of inserting some malicious content in the websites which can redirect to some other
website or may install malware. ,

Scanned by CamScanner
 12-9

$0
pwns
@.2 Explain the working
of phishing
Ans. :
ways :
Phishing work in following

a
<é ty tw gel through the targets mail. This is
an how
: a xd plan
, |
The first step is to decide the target
generally done using Mass mailing. |
2 «Setup: creating and
will start
phisher comes to know whom to spoof or attack using email, they
Once
target.
delivering message to collect data about the =
3s Attack :
organization.
starts sending messages, email, which appears to be from a reputed
The phisher
4 Collection :
in the web pages or emails or popup windows
Phishers collect the information, that victim enters
which are created by attacker.
5. Identity theft and forward
After gathering information they start misusing information for illegal use.
Dec. 2012, May 2013
Q.3 Whatis denial of service attack ?

Ans.:
Denial of service and distributed denial of services is a type of attack that causes legitimate users
unable to use services or the resource, or services become unavailable to the legitimate users.

Q.4 What are the way in which on attack can mount a DOS attack on the system?

Dec. 2012. May 2013

unavailable for other user. consumes bandwidth which let other service to fail of
A DOS attack do following actions : .
1. Flood Whole network with unnecessary traf;

smi = = —— | __
Scanned by CamScanner
 and System Secunty (MU 12-3

Damage connection between two systems so that communication cannot occur,

2
3, Disrupt services to legitimate users.
4, Prevents individuals to access network services.
classification of attacks :

Ww Bandwidth attack :

Every website is given particular amount of bandwidth to host (e.g. 50 GB) loading of any
websites takes certain amount of time to display whole webpage.
ee ae See

than
; if more visitors load particular websites page or consumes whole 50 GB bandwidth
be ban.
ites
particular webscan
See

opening 100 pages of site and keeps on loading and

‘The attacker does the same by
refreshing .Consuming all bandwidths to make the site out of services.
(2) Logic attack :
Attack on the network software to make it vulnerable.
For example : in TCP/IP stack.
(3) Protocol attacks :
on the
This attack, consumes more amount of resources in victims system. It is an attack
particular features of some protocol that are been installed in the victims systems.
(4) Unintentional Dos attack
end up.
Sometimes because of huge popularity among users the particular wets suddenly

Q.5 Wh types of DOS attacks7

areat
Ans. :
(1) Flood attack:
rs of ping packets
Attacker keeps on flooding or overloading victim’s system with ‘n’ numbe
simple to launch but
which result into huge traffic which the victim itself cannot handle. It is very
difficult handle.

(2) Ping of Death attack :

r or network layer for indicating
Sending huge ICMP packet (These packets are used in IP laye
to the victim’s system which causes
error message). The attacker sends this huge oversize packet
victim’s system to crash or freeze resulting in DOS.
(3) SYN attack :
handshaking of network
It is a TCP SYN flooding attack, a denial of service attack. In TCP
(SYN) and acknowledgement
connection is done between sender and receiver through synchronous message. The server in
with server with a SYN
(ACK) messages. An attacker initiates a TCP connection
reply sends an acknowledgement message. (SYN — ACK) message.
which causes server to wait
The client (attacker) does not respond back with acknowledgement message
space for SYN
Due to which it is unable to connect with other client. This fills up the buffer
. .
other for communicate.
Preventing
‘QI
Scanned by CamScanner
 12-4

—{

Fig. 12. 1: 3 way handshake

r.
Clients sends synchronize (SYN) packet to serve

CO
1,

HH
.
Servers send syn-ack (SYN — ACK) to client
ed client as shown in Fig. 12.1.
ad

st
connect is establish
3. Clients responds back with ACK packet and

SYN

SYN-ACK

Connection are all full

——
. Legitimate connection
is refused

Fig. 12. 2: Chaotic handshake

1. Client sends multiple SYN packets
to all with bad address.
> Server send SYN: ACK packe
ts to in correct address.
. Legit
Fg 122imate user is denied+ boca
Server Cannot accept additional connection as shows
°

Scanned by CamScanner
 and System Security (MU) —<——— 12-5
coping aphy eee
Teardrop attack : It is an attack when packets are overlapped with each other and the receiver is
not able to reassemble them, usually corrupted packets are send by attacker to hang or freeze the
system.

s, Nuke: It is an attack of sending invalid ICMP packet to the target which slow down the affected
computer till it is completely stop.
6. Smurf attack :Itis an attack in which IP address broad casting is done. A Smurf program is used
to make network inoperable. It builds a packet which seems to originate from another address.
This packet contains ICMP ping. The echo responses are sent back to victim. Maximum ping and
echo make network unusable.
The various tools used for DOS attack or Jolt2, Nemesy, Targa etc.

@.6 Whatare the way in which on attack can mount a DDOS attack on the system ?[ees
Ans. :
to attack on another
Distributed denial of service, it is where an attacker uses your own computer
to take control on for computer to
computer. It takes advantage of loopholes and security vulnerability
which are used for attacking
‘send vulnerability spam or send huge data to other computers. The systems Tribe
to launch DDOS attack are Trinoo,
victim computer are called as Zombie systems. Various tools
flood, shaft etc. ,
Measures to protect from DOS/DDOS attack are :
s. Examine the physical security
Implementing filters on routers. Disable unused network service
Maintain password policies. Using fault
routinely. Maintain regular backup schedules and policies.
attacks Zombie Zapper, find - DDOS,
tolerant network configuration. Tools for detecting DOS/DDOS
remote intrusion detector (RID).

Q.7 —° Explain methods used to commit session hijack. 7

Ans. :
session between two
In session hijacking, the hacker takes over the control over the TCP
icate user and gain access to other
machines whereas in spoofing the attacker pretends to be the authent
machine. _
Steps in session hijacking :
network.
(i) Sniff the network, by placing itself between victim and target’s
(ii) Monitor the packet flow between two machines.
(iii) Predict the SYN sequence number.
(iv) Kill the connection to the victim’s machine.
(vy) Take over the session.
(vi) Start injecting packets to the target server.
Types of Session Hijacking
1. Active : In active attack attacker finds the active session and takes over.
of Passive : With passive attack, an attacker hijacks a session observes and analyses the session.

Scanned by CamScanner
 ‘Hoag
ijt piRe

ke
een
Sess io n Hij ack ing Lev els
eec tet iy ts du ri ng transmission betw
ined as theinterception a atontractive to hacker
s providing
1 Network level : It can be def It is p ee iti adi
UDP session.
client and server in a TCP and
app level session.
acker which is used to attack
critical information to the att
Ex. :TCP/IP session hijacking
IP Spoofing
Packet Sniffer (Man-in middle attack)
on HTTP user sess ion by obtain
ing session’s id,
Application level :It is about gaining control
2.
|
after gaining control it creates a new unauthorized access.
Ex. :Sniffing —
Brute Force attack
Misdirect trust.
Various tools of session hijacking are :Wireshark, Juggernaut, IP watcher etc.
Session Hijacking : Detection
It can be detected in two ways:
1. Manual method :by using packet sniffing software.
2. Automatic method : Using IDS(Intrusion Detection system) and IPS(Intrusion Prevention
System)
Session Hijacking : Prevention
It can be prevented if proper encryption is done, antivirus software is used and proper secure
connection is established.

Qa.8s What is mean by buffer overflow ?

Ans. :
It is also known as buffer overrun. . It deviates fron
as tan ‘oces i
buffer overruns the buffer's boundary and overw
: . . rites adjac ent nner ‘ee u s.ime Buff
location # S Stores aia
triggered by inputs that are designed to execute code or. a Pul er w be overflo can
check can prevent buffer overflow, | © or-alter the way the program Operates. Bound
. The langupagages which : are commonly associ ated with
pve ob ton an igo no eI He: C and Cit,
: buffer overt]
. i
Process tries to store data in buffer then
it was intended tobe a —
old, -
Q.9 — What are types of butfer overflow
2
Ans.: —
1. Stack based buffer overflow -

2. NOP (No Operation) :it is an

as
nothing at all. NOP enables deve
]

;
"Scanned by CamScanner
 Meplaced bycide
activewhie
instk ructalow
ion e latereeon in Program development. NOP opcode can be used to
form
when exact value of inst ruct ion
S
poin.
ter is
.

indeterminate. Fig. 12.3 shows NOP operation

1
e

A Lt owe * In Buffer overflow ,the overflow occurs when an application copies

more data into buff then the buffer was designed to contain. The heap space is dynamically
er
allocated by new(),malloc(),calloc() dynamically allocated in runtime.

Shellcode

“nop |
nop

| relative jump
nopil
Retum address guess.
op ~ “nop ‘nop. il 1
Zp
t :
NOP-Sled
: [ op-| nop. | relative jump [-

Fig. 12.3 : NOP operation

mple.
[email protected] Whatis SQL injection ? Give exa
Ans.: rted into entry
e inje ctio n tec hni que in whi ch malicious SQL statements are inse
It is a source cod where
data base content. Attacker targets the database organization
i
field of database to dump
confidential data is stored. aa

fro m the dat aba se serv er stor ed in database table by sending

on
Its main focus is to get informati ible by query.
can be access
malicious query since database for m, the attacker sends its own
addi tion al dat aba se via web
When legitimate user enters an before proceeding always checks whe
ther
command through same web for m field. The attackers
is it vulnerable or not.
organization's database has any loop
Steps for SQL injection : lay HTML
s for logi n page s sear ch page s or feedback pages or pages that disp
(1) The attacker look
commands like POST or GET.
of the web pag e by righ t cli ck on web page and view source.
}% Attacker checks the source code

|
‘Scanned by CamScanner
 12-8

of getting
ng ins ide s <f or m> (ag </form >have potential
tag everythi
It checks term <form>
vulnerabilities. If response
tex t whi ch acc ept s us ername and password,
The attacker puts single quote
under the
mething like) then we psi
te is vulnerable.
‘a’ (so
is an error message such as “a” = d to add
LE CT to ret rie ve dat a or INS ERT comman
Attacker than uses SQL command suc
h as SE
(5)
information to database.
:
Benefits for attacker using SQL injection
ite or organization.
(1) Obtain basic information about webs
SELECT ommand FROM
ining username, password from
(2) May gain access to database by obta
command where command.
INSERT command.
(3) Can add new data to the database by executing
and.
(4) Can modify data in the database by UPDATE comm
Prevention against SQL injection : .
coding and poor administration of website.
SQL injection attacks happen because of poor website
Following steps help to prevent SQL injection attack :
(1) Replace all single quotes to two single quotes.
(2) Check the user input of any character and string that should not be malicious.
(3) Numeric value should also be checked.
(4) If there is SQL error it should be modified immediately but not be displayed to outsiders.
(5) SQL server 2000 which is a default server should never be used.
(6) Both database server and web server be reside in different machine

g00

Scanned by GamScanner
 Cryptography and System Security
Statistical Analysis

Chapter 1 05 Marks 10 Marks "

Chapter 2 11 Marks 05 Marks
Chapter 3 15 Marks -
Chapter 4 20 Marks 05 Marks
Chapter 5 05 Marks 15 Marks
Chapter 6 10 Marks =
Chapter 7 12 Marks 05 Marks
Chapter 8 05 Marks 05 Marks
Chapter 9 - 05 Marks
Chapter 10 05 Marks 05 Marks
Chapter 11 - 15 Marks 05 Marks
Chapter 12 22 Marks 10 Marks
Repeated Questions - 30 Marks

Dec. 2015

Chapter 1 : Introduction [Total Marks -05)

each goal. (5 Marks)
Q.1(c) Define the goals of security and specify mechanisms to achieve
Ans. : 1.
Please refer Q. 5 of Chapter
Chapter 2: Basics of Cryptography [Total Marks - 11}
(3 Marks)
Q. 1(a\()_ Define with examples : Substitution cipher. .
Ans.: Please refer Q. 3 of Chapter 2.
(3 Marks)
Q. 1(a\{Hl) Define with examples : Poly-alphabetic cipher.
. |
Ans.: Polyalphabetic cipher :
with any random letter from the
Monoalphabetic cipher substitutes one letter of the alphabet make the
easy to break or this can
alphabet, but draw back in monoalphabetic is that these are fairly break the
n. So to make it more harder to
cryptanalysis attacker straight forward to guess the patter switching
use more than one alphabet and
concept of polyalphabetic cipher arises it is a way to
between them systematically.
Procedure of polyaiphabetic cipher :
1. Pick a keyword (for our example, the keyword will be "MEC’).
to encipher, repeating it as many times as
2. Write your keyword across the top of the text you want
necessary.
you would go to the
2. For each letter, look at the letter of the keyword above it (if it was 'M’, then
row that starts with an 'M’), and find that row in the Vigenere table.

Scanned by CamScanner
 D (15)-2

VO
Cryptography and System Seourity (wu)

@
he
mw
i.
_ZB

'w', so the twenty-third col

umn).
I f your plaintext letter (for example,
and write down the
that cobcolumn until
downn that you reach the row you found before
5.: eylly, trac
Fina nacee dow
this case, you find an T' there).
letter in the cell where they intersect (in
Example : |

_ Keyword: — MECMECMECMECMECMECMECM
Plaintext: — weneedmoresuppliesfast
Ciphertext : TIPQIFYSTQWWBTNUIUREUF
Thus, the urgent message "We need more supplies fast!" comes out:
IIPQIFYSTQWWBTNUIUREUF

_ @.2(c) Encrypt "The key is hidden under the door" using Playfair cipher with keyword “domestic”.
: (5 Marks)
Ans. : Keyword-domestic :
Keyword1 is domestic."In the first step all letters are to be filled in that-matrix fr om left to right,
i
the letters which are already been placed is not be placed again in that matrix. After filling up of the
ee nt rest of the space in the matrix with the remaining letters alphabetically with 20
pe ons. etters I and J willi be considered
si as one letter: ‘Solfli
So If I is already placed then no need to
place J in rest of the matrix.
djo {mle |s
t |i _[c ja |b
fig [h [k {1 .
iP {q {riu
VIWix ly |z

| ETT : e se
‘Scanned by CamScanner
 aad 0 Sia tind
Ww

pyptegranhy and System Security (MU)

D (15-3
— By using Playfair cipher (Use followin
t i
: "
gnoryptThetheplai
plain text message “The key is hidden under the door” using g key Keyword
ntext reosived 1s to be broken in pair of two letters, if dupl me 4 —é
domestic.
Th,
icat e lette r Hes "
ek, ey, is, hi, dx, de, nu, nd, er, th, ed, ox, or
=

°
pe

If both letters are same or only one lette

r is left then put X with that alphabet.
If both pair alphabet appear in same row re place the
ye

letter with the immediate right alphabet

(wrapping around to the left side of the row i f a letter
in the original pair was on the right side of
the row).
If both letters appear in same column replace it with alphabet immediate below to that letter
yw

ert ne salen . the top side of the column if a letter in the original pair was on the bottom

66d none of the condition explained above meet, then replace them with the letters on the same row
respectively but at the other pair of corners of the rectangle defined by the original pair.
7. Refer above matrix for the same.
th Step
6 > cf
ek Step5 > ar
ey — Step
5 > ae
is + Step
6— bo
hi — Step
6 > gc
dx — Step
6 > mv
de — Step
4 > os
nu — Step
4 > pn
nd — Step
5 > vt
er — Step
5 — ay
th 6 > cf
> Step
ed 4 > so
— Step
6 > mw
ox — Step
or — Step 6 > ep
r the door” encrypted as :
The plain text message “The key is hidden unde
so, mW, ep.
cf, ar, ae, bo, gc, mv, Os, pn, vt, ay, cf,
Key Cryptogra
3 : Secret hy [Total Marks - 1
Chapter
structure. (10 Marks)
Q.4{(a) Explain working of DES detailing the Fiestel
Ans.: r
Please refer Q. 1 of Chapte3.
(5 Marks)
abo ut : Key gen era tio n in IDE A.
Qe Write in brief a
a Enc ryp tio n Alg ori thm (ID EA) :
Ana. : international Dat
a bloc k ciph er algo rith m desi gned by Xuej ia Lai and James L. Masseybylctercmeneie
It is ox ae
ion of Data encr ypti on Sta nda rd algorithm. It operates on a “
1991. it is a modified vers It was used in Pretty Good Privacy Ape
ciphertext blocks and key used is of 128 bit. round. Like this 48 keys are there and in
numbers of rounds are done using 6 keys in each ions performed
8= 48 + 4=5 2) are use d for both encryption and decryption. The operat
inthis process are i)XOR ii) Addition ii) Multiplication
Mother 4 keys (6*

Scanned by CamScanner
 D (15).4
————__

(MU)
Cryptography and System Security

Key generation process : 128 bit key is

Then this
bit in each su bpart.
1.
par ts i.e . 16
The 128 bit keys are divide
d int o 8 sub
key. Similarly this 128
bit key is
era tes a 0 ew 12 8 bit
25 positions and gen repeated from which 52
cyclic shifted to the left by e sa me pr oc es s is
l be used in next round. Th
divided into 8 sub blocks which wil
blocks of key generation.
keys are generated. Table 1 show sub
sub-blocks
Table 1 : Encryption of the key
2” z” z” z° z” z”
Round 1
2° 2° 2° 2° z° z°
Round 2
z 2° 2° 2° z° 2°
Round 3
2° z° z° z° z° z
Round 4
Zz z° Zz. Zz Z. Zz
Round 5

Zz z° z z° z° z°
Round 6
° Zz Zz Zz” Zz Zz
Round 7
Ze Z. Zz ze z° Zz
Round 8

Output Transform Z. Zz. z° z

2. Encryption:
The process consists of eight identical encryption steps (known as encryption rounds) followed —
by an output transformation. The structure of the first round is shown in Fig. 1-Q. 6(v).

ais The first four 16-bit key sub-blocks are combined with two of the 16-bit plaintext blocks usin
et, a 2 ned oh the other two plichaest blocks using multiplication modulo 2° + 1. Th
mls 2 penocssed, where iw more lei key sub-blocks enter the calculation and the third
group operator, the bit-by-bit exclusive OR, is used. At the end of the first encryption round
four 16-bit avalues are produced which are used as ini put to the second encryption
rvpti round in a partially

The process described above for r ound

eee one is repeated in
ii each of the subseq ion
rounds using “teen ei key sub-blocks for each combination. During
doe Rear Ubi . g th the subsequent
weg or ou
transformation, the 6-bit values produced at the end of the 8th encryption round
. nd are combined
with the last four of the ha52 k ey sub-blocks using addition modulo 216 ul
ir
ett
resulting four 16-bit ciphertext blocks ani.enailbeplication mows

eo
=

Sca nned by CamScanner

 cyyptoaraPhy and System Security (MU)
[a

D (15)-5
Plaintext 4 x 16 bit

Z,(1)
Z,(1)
mr. B

aD
ALS —
25(1) ©) H
q First
i Z,(1) round

PSot- +4 |
| a | J
\ ! 7 additional rounds 1 '
- ~

, Output
Z,(2) — 29) —-24() H an on ean
v v
oo. Gipher
text 4x 16 bit ‘= ad
@- Bit-by-bit exciusive OR of two 16-bit ubblocks:
- Addition module 2” - 1 of two 16-bit integers

- Multiplication module 2" + 1 of two 16-bit integers, where

sub blocks of all zeroes corresponds to 2"
Fig. 1-Q. 6(v) : The IDEA structure

3. Decryption :
Table 2 : Decryption of the bi sub-blocks
Round 1 2 2Zz 2° D 9- -178 °

Round 2 a z 2 7 T z 2°

Z" 'Z" Ze z°- I 2 2

Round 3
ze I 7 2 P T z° ry
| Round 4
z ‘Z° me z”. ‘2° 5
Round 5
Round 6 7 } z 2 7 T 2 z°
7 ara 2B 1 2 2
Round 7
2 1 2 2 7 1 2 rs
I Round 8
7 1 z z 2 1
Output Transform

CO
‘<
Scanned by CamScanner
 D(18)¢

t is‘ essentially
i the same a8 aingi, :
‘on of the ciphertex'ring tion. Each 5) | —
of the 32,
d for decryption © decryption. ©
are generated ty block ¥ysedrder during Encryption,
The computational prooti bit key gub blocks ‘ rseé of the key 8 ‘ tO TEVETSE the
;
‘ BS, Here only 16 br .
is *e inve ing dec tion in o
encryption PD ks used for decryption in the reverse order
during decryP
eas must be used ;
gagny ub-b joc
ati process as shown in Table 2. toaraph otal Marks - 20
4; Public Key Crypto fined as (7,1 19). Calculate on and privat,
Chapter
fuser Ais d : the publicic koy key ?
= 10, using
RSA system the public key (@,n) 0
veya aile the cipher text when you encryPt pecs (10 Marks)
om)

Ans. :
lect e &
By using RSA algorithm : n, me an s we don’t need to se
(7,119) is give
blic key (€.n) = shown below.
In the problem statement Pu results n = 119 as
num bers which
n. if we select following prime
- 17 a=7, b=17
Step 1: Prime numbers are 7
Step 2: n=a*b=7*17=119. 98 el
1) * = 1) =(7- 1) (17-1) = 6 * 16=
Step 3: g(a) =(a- $(n)) =
Step 4: Select e suchthat it is relatively prime to > (n) i.e. gcd(e,

0T >
. e=7 as per problem statement.
Step 5: Calculate d such that
d = e' mod (n)

Fe
edmod@(n) = 1 .
7*dmod96 = 1
Using RSA algorithm

oe
d = (O(n) ")+1)/7 wherei=1 to 100 =(96*1+1)/7 = 13.85

_
d must be completely divisible by ‘e’.
= ((96*2) + 1)/7 = 21.57 = ((96*3) + 1)/7 = 48.28 = ((96*4) + 1/7 = 55
d= 55
Step6: Publickey = {e,n}={7,119}
Privatekey = {d,n} = {55, 119}
Step7: Calculate cipher text message for given plain text message m = 10.
Plain text denoted as p = 10'(m denoted as i)
C = P* modn= 10’ mod 119= 10000000 mod 119
C= 73 :
Step 8: Now calculate plain text P required at the
receiver then receiver can calculate time of decryption. Once sender sends 40 to
plain text p
N P= C'mod n= 73" mod 119
OW represent 40° mod : ae
6 Tesults p as 10. -
Because decryption eeedien 8 non
yieldsabove it
original will
message / plain text
P= 73° mod 119= 10
P= 10

Scanned by CamScanner
 e

cryptography and System Security (MU)

. D (18)-7
—
here are four possible attacks on RSA as follows
Brute force attack : Hacker tries all possible private keys
Mathematical attacks ‘: Hackers 8 attacks o: ‘ ,
numbers. on n 16. tries to factorize the product of two prime

a. (a) Explain how a key Is shared between tw ‘0 partles using Ditt

What Is the drawback of this algorithm? gone heimaney mn sani
Ans.: Please refer Q. 5 of Chapter 4.
Chapter 5 : Cryptographic Hash Functions [Total Marks - 05]_
Q. X(b){I) Differentiate between : MD-5 and SHA. (5 Marks)
Ans.: Please refer Q. 4 of Chapter 5.
Chapter 6 : Authentication Applications [Total Marks - 10]
a digital signature
Q.2(b) Give the format of X 509 digital certificate and explain the use of
(5 Marks)
in it.
Ans.:
_ Public key certificate/ digital certificate :
to identify people and resources over a insecure
Digital certificate is an electronic file that is used n
icate also enable secure, confidential communicatio
channel or a networks called Internet. Digital certif er count ry, our
ption. For example when we travel to anoth
between sender and receiver using encry icate provide similar
identity and gain entry. Digital certif
passport provides a way to establish our to issue certificates
the elect ronic world . The role of Certification Authority (CA) is
identification in role of the CA is to
autho rized digita l signa ture. Much like the role of the passport office, the red by
with
owner ’s identi ty and to “sign ” the certificate so that it cannot be tampe
validate the certificate their certificate to people,
user. Once a CA has signe d a certificate, the owner can present insecure
unauthorized
prove their identity for confidential communications over
web sites and network resources to .
channel. of digital certificate. The International
A called as X.509 defines structure
standard shows structure of
Union (ITU) permitted this standard in 1998. Fig. 1-Q. 2(b)
Telecommunication
digita l certif icate typica lly includes a variety of information
ard
X.509 digital certificate. A stand fication Authority (a trusted
agency that can issue digital
to ‘the Certi
pertaining to its owner and
certificate) such as : rent version is
: Ide nti fie s a par tic ular version of the X.509. Cur
1. sion number
Certificate ver a .
X.509 v3. ted by certification author ity.
int ege r nu mb er gen era a e . to
: Unique
2. Certificate serial n umber : Identifies algor ithm used by the certification authority
identifier
3. Algorithm for signature
te.
sign the certificate.
of the Cer tif ica tio n Aut hor: ity that issued the certifica
4. Certificate issuer name : The na me Ce and an end date).
petiod (orlifetime) of the certi ficate (a start
5. Validity Details : The validity

QM
Scanned by CamScanner
 D (15)-8

stem Security (MU)

Crypto gra phy and
yuan sent
S
igi Cente
number
Certificate serial
gnature identifier
Algorithm for si
name
Certificate Issuer |
Validity Details
icate owner
Name of the certif
icate owner
Public key of certif
fier
Issuer unique identi
fier
Owner unique identi
icate
Extensions to certif
gnature
ity (CA) Digital Si
Certification Author
ate
St ru ct ur e of X.509 Digital certific rmation
Fig, 1-Q. 2( b) :
ne r an d ot he r identification info
the ow
Name of the certificate owner - The name of
6. and contact details.
the owner such as email id key, which is used to
encrypt
required for identifying ica te ow ne r’ s pub lic
te owner : Certif
7. Public key of certifica
the certificate owner. ed it or is any
confidential informati of
on
un iq ue ly i.e. whether single CA sign
: Indentify the CA
8. Issuer unique identifier
CA using same details. uniq uely if two or more owner has used the same
y the own er
9. Owner unique identifier : Indentif
name over a time. private
: This is an 0 iona l fiel d whi ch allows a CA to add additional
Extensions to certificate version 2 or 3,
ds are called as extensions of
10.
a cert ific ate. Thes e addi tion al fiel
information to
respectively.
k n Aut hor ity (CA
(CA) Digi tal Si gn :
at ur
In creae i the certificate, this information i
ting
11. er ific
Cert atio
e on the certificate is like a tamper.
digitally signed by the issuing CA. The CA’s signatur
nts is easily detected.
detection seal on packaging any tampering with the conte
°. : ne, (5 Marks)
5(b) How does PGP achieve confidentiality and authentication in emails ?
Ans. : Electronic mail security : pretty good privacy :
L PGP Authentication: |
1. Ramesh has (private/public) key pai signed
(Rd/Re) and he wants to send a digitally
Suresh. ) key pair
az . Rames m to
sage, caer te teats using
i SHA-1 to obtain SHA(m).
Rames : encry using hs private key Rd to obtain ciphertext c given by
Ramesh sends the = encryptaa(SHA(m))
5. Suresh receives ( ‘m,c) and decrypts
and deg c using
i Ramesh’s public key Rd to obtain
signature 5

mena authenticated g SHA-1 and if this hash value is equal to S thea

¢ that |
the me: Sage 18‘ Correct and that is does come from Ramesh. Furthermot
,
‘
nivale
ess “bee
er
Ramesh cannot lat
sending the mes,
deny res
key Rd which works; ' wit h pectivepublic key ee only Ramesh n e
has acc eto his
a

Scanned by CamScanner
 . yptography and System Security (MU)
a D (15)-9
, PGP confidentiality :
1. Ramesh wishes to send Sur
esh a confidential message m
2. Ramesh generates a random Ses
sion ke y k for a symmetric cryptosys
3. Ramesh encrypts k using Suresh’s te
public key Be to get vem
4,
k= encryptg.(k)
Ramesh encrypts the message m with the session
key k to get ciphertext c
¢ = encrypt,(m)
Ramesh sends Suresh the values (k’,c)
wn

6. Suresh receives the values (k’,c) and decrypts k’ using his

private key B, to obtain k.
7 5 t k = decryptga(k’)
- Suresh uses the session key k to decrypt the ciphertext c and recover the message
m
publ m = decrypt,(c)
blic and symmetric key cryptosystems are combined in this way to provide security
key exchange and then efficiency
for
for encryption. The session key k is used only to encrypt
message m and is not stored for any length of time.
3. _ PGP authentication and confidentiality :
The schemes for authentication and confidentiality can be combined so that Ramesh can sign a
confidential message which is encrypted before transmission. The steps required are as follows :
1. Ramesh generates a signature c for his message m as in the Authentication scheme
c = encryptra(SHA(m)) .
2. Ramesh generates a random session key k and encrypts the message m and the signature c
using a symmetric cryptosystem to obtain ciphertext C
C = encrypt,(m,c)
3. He encrypts the session key k using Bob’s public key
; k’ = encrypts.(k)
Ramesh sends Suresh the values (k’,C)
we

Suresh recieves k’ and C and decrypts k’ using his private key Bd to obtain the session key k
k = decryptga(k’)
6. Suresh decrypts the ciphertext C using the session key k to obtain m and c
(m,c) = decrypt,(C)
7. Suresh now has the message m: In order to authenticate it he uses Ramesh public key Re to
decrypt the signature c and hashes the message m using SHA-1.
_ If SHA(m) = decrypte.(c)
Then the message is authenticated.
Chapter 7 : Program Security [Total Marks - 12] _
(2 Marks)
Q. 1(a{IIl) Define with examples : Salami attack.
" trick.
Ans. : It is series of small attacks which results in large attack. It works on "collect and roundoff
n in
It is a fraudulent practice of stealing money repeatedly. It takes advantage of rounding operatio
remained will be
financial transactions. It always rounds down and thus the fractions of amount
ction w: ill go undetected. Such type of attacks can
_ Wansfered into some another account. Thus the transa
be easily automated.

@.1(b) With the help of examples explain non-malicious programming errors. (5 Marks)
Ans.: Please refer Q. 1 ,Q. 2 and Q. 3 of Chapter 1.

orm
| Sca nned by CamScanner
 “ey

Te
enesung
(MU)
ra nd Sy stem security
hy
cryptogr hy)
cypeaent
ap —
s:
Viruses and thelr type
Wate in brief about :
ve di ves, All diMasksts eror Bohaotrd
not oarries
Ans.: Typessectofor vivirurus:ses like dislects ar
orage media
: It infects the st or while
(1) Boot
d the fir st se ct or is ca ll ed as Bo otem. oe e aiVitus s |infect itself sect
serves contain sector an to read and load operating syst other system.
dich is used pu te rs if sa me disk 18 shared 'to
is m ed
e we
Bo essector also spreads other co
ot ai ni ng th ese virus gets open
a
rebo ot in g sy st em
when prog ra m co nt
A pr og ram virus gets active her program.
Q) presra m vi ru s :
op en it sta rts co py in g itself and infect ot infects the
if gets d program virus. It
. (din, .exe, ove), ance id of bo ot se ct or an
It is combination/hybr after booting OF st
arting up
(3) Multipartite virus : will aff ect boot sector also
this virus is active it ;
program files. When
er also. es to disguise
it will affect other comput
st co mp ut er vir us wa s a stealth virus it tri ling
Stealth virus : “Dubbed Brain” the fir It alt ers the file size, concea
(4)
ivi rus so ft wa re ma y not able to recognize it.
itself, so that ant
file’s memory and so on. ually it
ter ns or sig nat ure to get undetected. Us
ps on changing i t pat us of the
) Polymorphic virus : It kee vir us, it is a vir us which hides actual vir
se are not actual
acts like a ‘chamleon’. The
system. language. These
such as MS word, excel sheets has macro supportive
(6) =“ Macro virus: Applications
once it get in to victims systems.
virus infects victim every documents X enable to function
All webbrowser n eed java control active
(7) ~~ Active X and Java control : r to check for
aging and controlling settings of browse
properly. Awareness is needed about man h
disa blin g popu ps, dow nlo adi ng files and sounds, since these can invite virus whic
enabling or
software.
can affect computer by downloading unwanted
Chapter 8 : Operating System Security [Total Marks - 05]
(5 Marks)
Q.6() — Write in brief about : Operatin g Sys' tem Securi
Age: ecurity.

Operating system security :

Memory and address protection :
h is allocated to it only. It
ee ee neh the process can access the memory whic
Due ssto i
cannot aoce
ober meas of cperting oe ci allocated to it. Thus it prevents spreading of bugs or malwares it

i n g blesyst em.
Fenc e Foll owin g 2.are. the tech
Base / Bou es for memory ry and and address protection,
niqund
. K Fixed and varia
LO * un
3. Se ;
4, Paging
5. Paged Segmentation
File protection mechariinism : In multiuser o perati i
other so that they will not be able to on systems users must be protected from each
modify each ; er’s files, Following are the ways for providing
security in multiuser operating system
s :
All-None System (AN! S) : In earli er IBM
So une; system all the files were by default public.
any user could have access to any other users t
and it must be locked with passwords b certain file:
les. But7ut certain files in the system are very impo go
, nistrat Or.- However to provide> access TEi
ee yeasy-sotutio a | y an _admi

Scanned by CamScanner
 gprs end System Security (MU) . , D (15)-11

.ictrator passwords are required which again limits access to that files. All none system thus
provides either full access or no access. But this approach is unacceptable due to following reasons,
users
Lack of trust : Every time it is not possible to trust other users. It is assumed that all the
ge using system with good intension. But this assumption is not justified anywhere.
Too course : It is hard to provide selective rights to selective users.
Rise of sharing : Due to time sharing concept users always interacts with each other.
Complexity : Every time human intervention is required.
also.
File listings : File lists are maintained for users. But interactive user may browse other files
new modified approach is
Group protection : Due to so many drawbacks of All None system a
to these authorized users
introduced where groups of authorized users are created. Then access is given
groups. This scheme also has following disadvantages,
one person one group.
Group affiliation : One member cannot be a member of two groups. i.e.
to get involved into two
Multiple personalities : A single person may have two accounts
different groups.
All groups :
to the world.
Limited sharing : Files can be shared to only within groups or
multiple files can be locked. But
Single access permissions : Using passwords the single or
to provide a correct password, leaked
again this scheme has drawbacks like forget password, attempts
password etc.
can be assigned to different users.
Per object and per user protection : In the groups different objects
are also specified also.
New users when created their access rights to different objects
for two different reasons :
User authentication : Authentication is basically performed
to perform an operation.
1. To check whether a requesting user is having permission
operation.
2. Toperform an audit trial i.e. who performed what
Authorization :
as a user or a server gets permission to
Authorization is the process by which an entity such
perform a restricted operation.
techniques :
Following are the commonly used authentication
em itself. Based on the type of the
L. Local user authentication : Verification by the operating syst
nistrator, Guest.
user different access permissions are given. Ex : Admi
r in order to check whether it is safe
2, Network host authentication : Verification of remote serve
websites.
to submit data or not. Ex : Digital certificates on the
remote servers.
3. Remote user authentication ; Verification of a user by some
Ex : User verification by sending username and password.
- 05)
Chapter 10 : IDS and Firewalls [Total Marks
(5 Marks)
IDS.
and ll
Q. 3{6\(11) Differentiate between: Firewa
|
{
i
!
CC—
Scanned by CamScanner
 D (15)-19 |
ne |
Cryptography and System Security (MU)
: usion Detec tion System
ion Detection System intr _ ‘
Ans. ; Difference Firewall and Intrus .
Sr. Firewall
:
; ork intru ion
sion detection syst em |
bs . On
ly onnetw
the insid e & outs ide network traffic,
ic between
1. | A firewall device filters all traff = |
moni
intranet and extranet.
i erent types OS are :
Diff
2. | Different types of firewalls are :
Network i
Packet filtering gateways
Hest based 1D: ps
Stateful inspection firewalls = Sal
Active & Passive
Application proxies
All netw tors ic thedoesn’t
amonitraff
Tt ork vnaligio uses activthr ities
pass
3. | All network traffic passes through fire’wall. DS.

inside the packet.

n
all block s the traffi c or packe t by using | IDS block the packet by using well know
4. | Firew
ies. signatures or using set of rules.
port numbers or using certain polic
ease in network traffic does not affects
5. | Traffic increases because of more number of | Incr
policies set in the firewall. on the speed of IDS.
Ultimately it affects on speed of a network.
2
6. | Well known firewalls are Sonicwall Symantec, | Well known IDS are SNORT & SAX
McAfee.

Chapter 11 : IP Security [Total Marks - 15]

Q. 5(a) - List the functions of the different protocols of SSL. Explain the handshake protocol. (5 Marks)
Ans.: Please refer Q. 6 of Chapter 11.

Q. 5(c) Differentiate between the transport |mode and tunnel mode of IPSec and explain how |
authentication and confidentiality are achieved using IPSec. (10 Marks)
Ans.: Please refer Q. 1 and Q. 2 of Chapter 11.
Chapter 12 : Non-Cryptographic Protocol Vulnerabilit
ies Phishing
_[Total Marks - 22]
Q. 1(a}{Iv) Define with examples : Session hijacking.
Ans.: Please refer Q.7 of Chapter 12,
e Marte
Q. 4(b) Whats a Denial of service attack, What are th : i. ——
a DOS attack on.a system? ° cert ways in which an attacker can moun
Ans. : Please refer Q. 3, Q. 4 and Q. 5 of Chapter 12 (0 ve
- Q. 6(li) Write in brief about : Buffer overflow attack en
_ Ans.: Please refer Q. 8, Q. 9 of Chapter 12, - ee 6 Mar
. Q. 6(lll) Write in brief about : IP spoofing = | —
| | (5 Mark?
oryeasy-solutions

Scanned by CamScanner
 3 cryptogr@Pely aie wyowen wouwny \iviv) ;

ren D (15)-13

_ pspoofing :
aoe hee. ee a large number of “half-open” connections using IP spoofing.
rhe a packets with the spoofed (faked) IP address to
the victim in order to
establish a connection. The victim creates a record ini a data structure and responds with SYN/ACK
message to the spoofed IP address, but it never receives the final acknowledgment message ACK for
establishing the connection, since the spoofed IP addresses are unreachable or unable to
respond to the
sYN/ACK messages. Although the record from the data structure is freed after a time out period, the
attacker attempts to generate sufficiently large number of “half-open” connections to overflow the data
structure that may lead to a segmentation fault or locking up the computer.
In session hijacking, the hacker takes over the control over the TCP session between two
machines whereas in spoofing the attacker pretends to be the authenticate user and gain access to other
machine.
Steps in session hijacking :
Sniff the network, by placing itself between victim and target’s network.
Monitor the packet flow between two machines.
Predict the SYN sequence number.
Kill the connection to the victim’s machine.
Take over the session.
Start injecting packets to the target server.
Types of session hijacking:
1. Active: In active attack , attacker finds the active session and takes over.
analyses the session.
2. Passive : With passive attack, an attacker hijacks a session observes and
Session hijacking levels:
ts during transmission between
1. Network level: It can be defined as the interception of the packe
cularly attractive to hackers providing
client and server in a TCP and UDP session. It is parti
attack application level session.
critical information to the attacker which is used to
Ex. : TCP/IP session hijacking
IP Spoofing
Packet Sniffer (Man-in middle attack)
on HTTP user session by obtaining session’s id,
2. Application level: It is about gaining control
ized access.
after gaining control it creates a new unauthor
Ex. : Sniffing
Brute Force attack —
Misdirect trust.
Juggernaut, [Pwatcher etc.
Various tools of session hijacking are : Wireshark,

‘ es ag es
Scanned by CamScanner
 D (15)-14
stem Security (MU)
“Cryptography and Sy

Session Hijacking : Detection

It can be detected in two ways :
software.
1. Manual method : by using packet sniffing Prevention
ction syste m) and IPS(Intrusion
2, Automatic method : Using IDS(Intrusion Dete
. System)
‘Session Hijacking : Prevention
It can be prevented if proper encryption is done, antivirus software is used and proper secure
connection is established.
Q00

Scanned by CamScan ner |

 NY
oypnsenyhy Seand System Security
yw)
(MU M (16)-1

- May 2016

Chapter 1 : Introduction [Total Marks - 10].

a. 1(0) List with examples the different mechanisms to achieve security. (5 Marks)
Ans. : Please refer Q. 5 of Chapter 1.
— .
0.3(a) | Whatis access control ? (5 Marks)

ans.: Access control :

Access Control is the ability to limit and control the access to the host systems. It prevents
use of a resources i.€.
unauthorized use of a resource. The service used to prevent unauthorized
ons access can occur and what are
complete control over who can access to resources, under what conditi
| different accessing methodology.
to be made available only to legitimate user.
For example : It controls the access of resources which is
ce or network and what is allowed tobe done
5 ns

Secondly it looks to the conditions of accessing the resour

. ai

to the resources.
‘ chenn

Chapter 2 : Basics of Cryptograph otal Marks - 05

position ciphers. (5 Marks)

| Explain with examples, keyed and keyless trans
rat

Q.1(b)

Ans.: Please refer Q. 4 of Chapter 2.

nig

Chapter 3 : Secret Key Cryptography [Total Marks - 15

(10 Marks)
Q.2(b) Explain working of DES.
Ans.: Please refer Q. 4(a) of Dec. 2015.
(5 Marks)
Q.6(v) Write in brief about : IDEA.
Ans.: Please refer Q. 6(v) of Dec. 2015.
Chapter 4: Public Key Cryptograph otal Marks - 05

g RSA algorithm. (5 Marks)

Q.1(c) Elaborate the steps of key generation usin
Ans.: Please refer Q. 2 of Chapter 4.
ons [Total Marks- 10]
Chapter 5 : Cryptographic Hash Functi
i
algorithm in detail. (10 Marks)
Q.3(b) What is a digital signature. Explain any digital signature
Ans.: Please refer Q. 5 of Chapter 5.
al Marks - 15]
Chapter 6 : Authentication Applications [Tot
(10 Marks)
; . 4() Explain working of Kerberos.
nt Please refer Q. 1 of Chapter 6. .

no Write in brief about : Email security. =«& Marks)

J -? Please refer Q. 6 of Chapter 6.

oS I —————
Scanned by CamScanner
 U) Mig, .
stem security (M oN ont
Cryptography and SY

(5 Mag clas'
Q. 1(a) Explain softw
,a.* 2nd Q. S stem Securl rks - - 05
Total Marks ‘oh
high
Ans.; Please referQ. porating
;
Cha ter 8: ry and address protectio. n. 5 Mery bem8g
na
@. 5(b) What are the various ways for memo ;
ase refer Q. 1 of Chap
ter 8. Ac
Ple
[Total Marks - 05
Chapter 9 ; Database Security
Mt
|

™ e

(5 Mar
l.
Bel l La Pa du la mo de l achi jave access contro
Q. 3(a) | How does the
_Ane.: ‘ The Bell-La
. Padula Model ( (BLP): .
x model with classified data, This mode °
i of the Access Mat™’ ri
-La Padula isi an extension l-La Padula model shows how ty ti
two capaci Classification and Set of categories. Bel
Mandatory Access Control to prevent the Trojan Horse.
Two main properties of this model for a secure system are «
1, Simple security means : A subject at a given security level may not read an object at a higher
security level (no read-up).
2. Star property means : A subject at a given security level must not write to any object at a lower
security level (no write-down).
This model guarantees secrecy by preventing unauthorized release of information.

Top Secret

|
Secret

|
Confidential

I |
Unclassified

File A .
Lable: Top Secret | @——Mteny, (oo

[aren ]—owm |
FileB
a
File c Read Process
Lable : Confidential only Label:Secret

< Fite :
(Ladle : Unctaseyt Read only

|
|
DA
Fig. 1.9.3 _
Scanned by CamScanner
 phy and System Security (MU)

1a io
we
M (16)-3

ri nr
7
ac
18), Yoo ate access rights and permissions
indivi
fe se info rmation. Confidential information can
| ssf =
be see ;
not trusted to see Secret or permission to see it.
Top Secret informati on. Data
rks) flow operates from lower levels
ney1g els. It will never be the reverse as‘ shown in Fig. 1-Q. 3(a). Even if som to
“har Lev! eone has all the
; ne bay official approvals (such as a security clearance)
y to access certain information they
should not
1 ven access to such information unless they have a need to
know tha t is, unless access to the spec
ific
ke)
a ation necessary for the conduct of one's official duties. Bell -LaPadula is a simple linear model.
ae jevels can be defined and thus information flow can be contro
lled as shown in figure 1-Q. 3(a).
Ae ecurity levels of objects are Static. Because
of this restrictions at different levels certain
{ erations are outside the context of protection system becomes very difficult to perform.

cs) Chapter 10 : IDS and Firewalls [Total Marks - 15]

las asic) Explain the significance of an intrusion detection system for securing a network. Compare
Se signature based and anomaly based IDS. (10 Marks)

| ang. Please refer Q. 3(b) of Dec. 2015.

qa a sia) _ What isa firewall? What are the firewall design principles ? (5 Marks)

“Ans. Please refer Q. 8 of Chapter 10.

Chapter 11 : IP Security [Total Marks - 10]
(5 Marks)
Q.at) Write in brief about’; SSL handshake protocol.
Ans.; Please refer Q. 5(a) of Dec. 2015.
Mar s
(5 5 Mark
i
: IP Sec protocols for security.
Write in brief about
Q.6(Il)
Ans.: Please refer Q. 1 of Chapter 11.
shing
r 12 : No n- Cr yp to gr ap hi c Protocol Vulnerabilities Phi
Chapte
ae (Total Marks - 15]
: packet spoofin g. Explain
ion hijacki ng attack, k.
session hijacki (10 (10 Marks)
Marks)
Q.4a) Compare packet sniffing and
“1 Ane,:
—= acket spoofing
Sr] packet sniffing /
ST —™” ‘ ; ue to get: the identity
‘ i 0f
l. + || Sniffing
Sniffing isj the ive
most effective technique | spoofing theuter tae privileges so
with the specialjal privileg
| Which is used to attack over the network another comp
e network
as to get over to th
_ | and gain over the network uriityty attack.
i seccur
Spoofing isi the active
wctirity stuck |
Sniffing iISs a Pp passivse e ———
eee
Spoofing does interrupt and alters the data.
3." | Sniffing does not interrupt and alters the
‘data...

eee

Scan ned by CamScanner

 |
M (16)-4
(MU) oe
Cryptography and System Security

|
TT packet spoofing

Sr. packet sniffing

,
No. term “masquerade”
ae

fo ll ow s th e
Spoofing
rd co me s from the word “sni
ff
me an s fo ol in g the other machines
4. | Sn if fi ng wo Masquerade
the ether’ where “ether
rnet
” is Ethe cepting the other user
on the network into ac
to re al or or ig inal network.
network in ae!

done with the help of sniffing

Spoofing is
be use d in the good and bad of sniffing it is more
5. | Sn if fi ng can
because with the help
manner.
effective.
(5 Marks)
of service attacks.
Q. 6{Ilv) Write in brief about : Denial
Ans. : Please refer Q. 4 of Chapter 12.

Qu0

Scanned by CamScanner
 ~ Gyptegraphy and System Security (MU) Q-4
me

Dec. 2015
% a Define the following with examples:
sad-cinlesinsion
wie”

a SubstRution cipher, if) — Poty-alphabetic cipher,

@) Salemi attack iv) _ Session hijacking (10 Marks)
sr

(2) With the help of exampiss explain non-malicious programming errors. (5 Marks)
J

(@ Define the goals of security and specify mechanisms to achieve each goal. (5 Marks)
ww

@ 2 é@) han RSA system the public key (e,n) of user A is defined as (7,119). Calculate
6, and private
key d. What is the cipher text when you encrypt message m = 10, using the public key ?
(10 Marks)
ok

ann is
(0) ‘Give the format of X 509 digital certificate and explain the use of a digital

ea .
(@). Encrypt “The key is hidden under the door" using Playfair cipher with Se

using Diffie Hellman key exchange algorithm,

Qs @ Expicin how 2 key is shared between two parties (10 Marks)
What is the drawback of this algorithm?
Firewall and IDS. (10 Marks)
©) Dittecentiate between : i) MD-5 and SHA it)
structure . (10 Marks)
Qa. @ Explain working of DES detailing the Fiestel
What are the different ways in which an attacker can mount
gD) What is 2 Denial of service attack. (10 Marks)
. @ DOS attack on a system?
protocol (5 Marks)
protocols of SSL. Explain the handshake
as @ List the functions of the different
(5 Marks)
and authentication in emails?
@) How does PGP achieve confidentiality
eased

explain how
mode and tunnel mode of I PSec and
yaDikernticn: te the transport (10 Marks)
dentalty ae achieved using IPSec
= SNS
(20 Marks)
Sono SOP aey Tian

6 Wile
|
in beef about (any Security,
four):
a msii) Buffer overflow
Viruses attack,
and their types,

¥) Key generation
in IDEA.

yee a | May 2016

Qi & Expiain software flaws with examples

8 ete il :
@) Explain with examples,
keyed and keyless T=nst Puc:
© att tm yoni PT

Scanned by CamScanner
 key. They chos e p = 23
man
- ;
algorithm to share @ 15 respectively and
6 and . Compute the
te keys are
(a) A-and5 Bas deci le 0 ae
rs:
heh pon (10 Marks)
Q.2 g = the public para mete (10 Marky
secret key that they share.

(b) Explain working of DES. la model achieve access control.

G3 (a) Whatis access control? How does the Bel La Padu (10 Marke)
(10 Marks)
is a digit al sign atur e. Expl ain any digit al signature algorithm in detall.
(b). What session hijacking attack. (10 Marks)
~ Q.4 (a) Compare packet sniffing and packet spoofing, Explain
: (10 Marks)
{b) Explain working of Kerberos.
principles? (5 Marks)
0.5 (a) What is a firewall? What are the firewall design (5 Marks)
the vari ous ways for mem ory and address protection
(b). What are
Compare
the sign ific ance of an intr usio n dete ction system for securing a network.
(c) Explain (10 Marks)
signature based and anomaly based IDS.
(20 Marks)
~ Q.6 Write in brief about (any four) :
i) Email security, fi) SSL handshake protocol,
ii) IP Sec protocols for security, iv) Denial of service attacks,
vy) IEA ‘
gg

Scanned by CamScanner