s stem security

cryptc,graphY and Y
Ch8P!9' 1:1ntr0ductton
vn.1sun one example of each.
theS8 attackS and "+' -"
8
. 8
1
a. 1 What are passive attack& Categc>rlZ
from the system
. but does not modify or
. . . . . .
Ana. : to collect infonnallOD n 1s exa mp le of p~ s1ve
A passive attack makes attempt . or monitoring of infc,nnallo
es. Ea v~ tn g . that is being transmitted. The two types of
alter the system data or resourc
the inform,a.llOO
attacks. The goal of oppo~nt is to gain
passive attacks are:
I. Release of message contents
2. rraffic analyais
1. ReleaN of me su ge contents : tion
t pre ven t the opp one nt from lear ning sensitive and con fid ent ial infonna
We may wan to "ferrcd on
ns that take plac e thro ugh tele pbo oe calls or cmaiJ messages or fLles tran
through transmisaio d confidential email lO our friend.,
our aim is
te sim ple to und erst and . Wh en we sen
network .This is qui mail is accessed b)' u.ruwthori.zed use
rs then
pers on sho uld acc ess this ma il If this
that only intended c~ of
e are rele ase d aga inst som ewh ere else . Such type of attack i1; called rel
contents of messag are available to prevent uch type of atta
cks.
re are differen t sec urit y mc cba ni ms
message contents. The

of
trom Bob

1ess e COlllents
F1a- LI : leb1eot11-~ aa
Fo r ex• mp le: Telephonic convcnati00 . .
tion if we have between two people, .80 c
contents sensitive informa
of traD smi suonalready ~f er it We Would likelcctronic mail .and a fi lo ma Il
modification of these typ e
as shown m fig . l. l. ·• to prevent third person f:rO(
. ..
Catevonze tt\8se . . . .
Q. 2 .. Whal are actiV9 att acb ? -
. . attacka and explain -~ exa rrp e.o t each.
. - ..

--
. .
'

Scanned by CamScanner
 czeeraphy and System Security (MU? 1-2

Alie.:
Active attacks involve modification of a data stream or creation of a false stream of messages.
Attacker aim in such type of attack is to corrupt or destroy the data as well as network itself.
Active attacks are divided into four categories:
1. Masque.rade 2. Replay attack
3. Modification of messages 4. Denial of savice
1. Masquerade :
A masquerade takes place when an attacker pretaxb to be an authentic user. It is generally done
to gain access to a system, or steal important data from system. It is generally dooe by stealing IQgin id
and password of authentic user to gain access to a se.cme networt.. Dore attacker gain access, they get
full access to the network for deletion or changing of data or network policies of organization as shown
in Fig. 1.2.

from0af1h
rs1o be

Alce

Fis- 1.2 : Malquende auac:t

Q. 3 Distinguish between attack, wJnefabiity and aa:ess contJOl

ADI.: , - - .. . - C
. -

$'. •_ . .. ~tall$ . Vlllllenhlity Acaacoabvl ,• -

I. An assault OD system An intavled flaw in software Access control is a

security through an
intelligent act that is
deh"berate attempt to
evade security services
and violate the security
policy of a system
2. . TypesalAUad:
Passive auact. Active
attact, Distributed attack,
.. pbishing Attact,
Password Attack.
tiWlitNiiiiPIMW
Scanned by CamScanner
code or a system that leaves it
opens to ir-c,,tial ap.loitation in
the form of UDaDtborized access
and or malicious behaviour.
Typa of Valae.iiblity ; Data
Vuloerability, Hardware
Vulnerability, Software
Vuloerability• .
procective measure,
technique device de. that -
removes or roouces the
vulmnbility.
Tn,a _. Aaas Caotrol:
Preventive. Corrective.
Recovery, Detective,
Defm:ot
 l ~

(MU)
Cryptography and System ecu
S rity
•Ac ~~ ~nt rol - - . .

\1: ::£U.cl( /.? :

';;_;' .,:{? '- ;".? /:: ._· ·· -';, ~ ,' -? •, . .. vu1nerabµJty
. ...
Here a threat is blocked by
.,$~ -Ntl.-,,,,:-~·-, .... .;.•,..... ,
,....,,! .. ·~ " ' ,, • '
Here a threat is without. control of vul.nerability.
3. Here 8 threat ls in action.
mitigation Example : Seal the crack
Example : Crack in the wall before water comeH out
4. Example : Water flow
out of the crack in the
wall and drips the man.
controls.
Q. 4 Differentiate between -vulnerability, threats and

Ana.: .
is an action,
A threat to a computing a control procedure, or
A vulnerability is a software,
system is a set of device,
hardware, procedural, or human t:echnique that removes or
. \\'.eakness that- may provide an circumstances that has
reduces vulnerability, threat
attacker the open door to enter a the potential to cause
is blocked by control of
computer or network and have loss or harm~
vulnerability.
unauthori7.Cd access to resources
within the environment or
controlA
2. Vulnerability is a weakness in A threat is any potential
a me ~s
the security system. danger to information or countermeasure ~s
·systems. to counter threats.
d be Safeguard implemented to
3. Paired with a credible attack, A threat agent coul
g the close vulnerabilities and
each of these vulnei:abilities can an intruder accessin
threats in order to
allow harm to confidentiality, network through a port mitigate
integrity, or availability. on the firewall, a process protect the confidentiality,
accessing data in a .way integrity and availability of
that _violates the security system.
· poli_cy.
.
_the.balance am~>ng different goals is needed
Q.5 What ·are the .system security goals ? Explain why
Dec. 201 3, Ma 2014
Ana.:
protect data · · · . .
· Information secµrity consists of methods used to of the . fi or _mformatmn bemg transmitted for
preserving the in¢grity, availability and confidentiality 1n ormation.
_
·
1. Confidentiality :
The two important concepts :
. .
Data confldcmtiallty : Assures that private or confidential mfotmation is not disclosed to
unauthoriz.ed individuals.
rma. ti• · ·:
Privacy : Assures tllat ~dividuals control info on related to the .
. · ·· · ~.
· 2. . .· Integrity :
.. . The two in:tJ>ortant concepts :
·. · · ·
'
'
g... ~ . · . · ·. ·
'

-~ integrity : Assures information·is cha,n .~ only m autho · ,.

. . · qzec tma nne r.
- --· · - · '
t
..

eas v-so lut1 11n s

Scanned by CamScanner
 cryptography and System Security (MU) 1-4

System integrity : Assures that the system performs its intended function properly and free from
· unauthorized manipulation.
3. · Avallablllty : .
Assures that system works correctly and service is
available to authorized users. These three concepts are termed
~ CIA triad .and embody fundamental security objectives for
data and information services.
Availability
Fig. 1.3 : CIA triad

Q.6 What are the key principles of security ? UW1di1

Ana.:
There are five chief principles security they are : Confidentiality, integrity, availability,
autbendcatlon and . autborbation(access control) Other than this there are two more- security
principles which links overall system as whole are :
~on-repudiation and notarization or signature :
Non-repudiatlon : It is an assurance that somebody cannot deny something. refers to the ability
to ensure that a party t<;> a contract or a communication cannot ~ny the authenticity of their signature on
a document or the sending of a message that they originated
Notar17.ation .: It is an act of authorizing legal document. The purpose of having a legal
document notarized is to ensure the·authenticity of the signatures that appear on the document.

. Q. 7 Explain authentication and authorization.

Ans.:
Authentication :
Authentication provides a way of verifying the -identity of. the user. In other words,
Authentication is die process of detennining whether someone or something is, in fact, who or what it is
declared to ~- · The authentication of users prevents unauthorized users from gaining access to
information systems.
In connection oriented communication, both· sender and receiver should be authenticated. In
connectionless communication only the user who is sending data should be authentic user.
Authorization·:
. · Authorizati<?n means providing authority or permission of accessing the system, or privilege of
accessing data,. directories, files etc of the system. Authorization is one of th~ most important security
aspects. It pro\'.ides identification·of the user as authorized -user. It is a kind of permission given by the
· network administrator for·accessing the network. , .

·o.'a Explain in detail different security·mechanisms. Dec. 2012, Dec. 2014 , June 2015

•, Ana.:_ ,,

-X.800 defines security mechanisms as follows :

_-· - _.~ It _is . ~plied ·to ·:.specific protocols in OSt layer or to those which are not so spec~c to. ariy
· Particul.- protocol. .· :. . . . ·· . . : '•'

: lit' f: :r ~ II - ~. ll I II I i II II S
. -

Scanned by CamScanner
 1-5

en ;= ·and System Security (MU)

Spe cific Securtty Mechanism

te protocol layer in order to provide some
These mechanisms are incorporated into the appropria
OSI security service.
Endphermeot :
a form that is not readily intelligible. The
To use mathematical algorithms to transform data into
algorithm and the number of keys used.
transformation and subsequent recovery depends on the
Dlaital l'lpature :
ation of ~ unit that allows the receiver of
The data is appended to, or cryptographic transform
the message to prove the soun:e and integrity of
data unit ·against forgery.

Accea control :
the resources.
Various mechanisms used to enforce access rights to
Data lDtepity :
Various mechanisms used to assure the integrity of the
data.

Autbendcadon excl ulqe :

The mechanism used to ensure the identity of the
entity by information exchange.

Trame paddfn1 :
traffic analysis attempt.
To inse rt bits into gaps in the data stream to frustrate
Routing control :
ng or can change the route if any attack is
To allow some selected routes in network for routi
dete cted in the network.
Notarizadoa :
s in data exchange.
To use JJ trusted third party to assure certain propertie
Pervulve Security Mechanl8ma
security service or protocol layer.
These mechanisms are not specific ~ any of the OSI
Trusted fundionalJty :
That which is pen:eivcd to be correct with respect
to some criteria. (EL : as establilbed by a
security policy) .

Security label :
rity attnl>ute of the resource.
_The marting bond to a resource that designates the secu
Event detection :
'Detection of security ~at ed events.
~ audit trail :

Data ~ -and used to facilitate securi~ audi~

f! ,I :, 'J \ It I II I I t, II '.
-
Scanned by CamScanner
 _· 1-6
_cryptography and System Security (MU)
Secur:l'Y recovery :
It deals with the recovery action and management functions for data that is l_ost or disrupted in
the network during communication.

Q. 9 What Is computer criminal? What are different types of computer criminals?

Anl.:
.Computer criminals arc those who involved in computer crimes or who caught in doing computer
crime. Computer crime can be anything related to computer or computer network involving some kind
criminal activity involving information technology infrastructure, including illegal·access (unauthoriud
access), illegal interception (by technical means of non-public transmissions of computer data to, from
or ·within a ·computer system), data interference (unauthorized damaging, deletion, deterioration,
alteration or supp~on· of computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing
computer data}, misuse of devices, forgery (or identity theft) and electronic fraud.
Types of Computer Crlmlnala
1. Script kiddies : They are not technically sound hacker. They hack only weak secured systems.
2. Scammen : They generally involved in email spoofing.
3. Hacken group : They work anonymously, they create tools for hacking different kinds of
systems. niese hacker groups are generally hired by companies to test their company's security.
4. Pblsben : They attempt to acquire password credit essential financial data by sending fake
email, messages, electronicallf, .
5. Political/religious.lcommercial groups : The malware created by the computer criminals with
some political reason.
6. lnstden : These attackers are the greatest threat for the organization. They are the persons who
reside inside the organization:
7. Advanced Persistent Threat (APf) Agents : These arehighly skilled persons responsible for
highly targeted attacks carried out by extremely organiud state-sponsored groups.

□□□

I! ,I !, V :, II I II 1 I 1, It ~
. .. , ',

Scanned by CamScanner
 .·crypk>graphY.anct System SecUrio/ (MU) -
2-1

Chapter 2.: Basics of Cryptography

-
Q. 1 Define cryptography.

An•.: · Yp oc ~"
ds K.PVIIT (hidden or secret) and
The. word cryptography comes from the G~k w;r ret writing of information / message and
(writing). Cryptography is the art as well as science o sec
makes them non-,readable. - ·

Q. 2 Explain types of cryptography.

Ana. : Tbere are two types of cryptography i.e. symmetric key cryptography .& asymmetric key
cryptography as shown in Fig. 2.1.

Fig. 2.1: Types of cryptogJ;apby .,;

(I) Symmetric Key Cryptography

. .
Symmetric · key cryptography is also called as secret· key cryptography. In secret key
c.rypto$1'8PhY a single key is used for encryption as well as decryption.
·Encryption and deccyption process uses same key as s~own in Fig. 2._2.

Same key - - ~ - - - - - - - .

~il------+
,___...,. ~ !Yt.,~_
Plalntext MW"'"'""........ 1p e 8 . Original plaintext

Fig. 2.2 : Symmetric key cryptography

It is represented as J> =·D (K, E(P)).
For Eumple : Stream and block cipher, Data Encryption Standard (DES), Advance Encryption
Staodard (AES) and B~FISH. . .
.Asymmetric key cryptography is also called as public key cryptography.
!UJ Aaym~ Key Cryptography
. .
. flJ a.)'JJlJJldt.ie .b y ~ryptoa,aphy two keys are used. one for encryption and other for decryption
• dlowJJ 1n Ai z~ . . .. · ·

Scanned by CamScanner
- 2-2
r.?'E'°ff'8P'7 and System secumr (MU)

Plaln text- --.(~ehC·ryptk/J1 n :1-I ------{lhorypti.qt-1 ~ plalnt

Original
-· m f' · • - . f 1
' ext

Enctyptlon key (ke) Decryption key (kd) "•

;,1,1
i!:i:f:::
~t;:'!:;
Fig. 2.3 : Asymmetric key cryp togra phy ;:~ ::~;:
•l!;::1 :1
!li:;;:
~
~.....
· ,.:::;;:
It is represented as P = D(Kd, E (Ke,P)) 1:11,r..
:::;:~ii
an key exchange algorithm.
For Example : Rivest Shamir Adlman (RSA) and·Diffie Hellm

l
'
.

Q. 3 ~ i n substitution cipher.
•fiN4dil .

Ana.: ii!!::

I
text is substituted or rep~aced
A substitution is· a technique in which each letter or bit of the plain .
.

by some other letter, number or s~b ol to produce ciphertext. .

I
Cae Nr Cipher
of substitution cipher.
· Julius Caesar introduced the easiest and the simplest use
/alphabet which is three place next
In Caesar cipher technique each.letter is replaced by the letter ',,;
i'°
to that lette r which is to be substituted. '!::

For eum ple :

Plalntext : Sun rises in the East
Clpbertext : VXQULVHVLQWKIIlIDVW
Following is the list of possible combination sh~wing the
letters 3 places down of each alphabet :

-•• f);' a b c d e f g h · i j k I . m n o p q r s t _u v w x y
1•.... z
'l
:~ ~:~.'!t~:,:JDE F G H I J K L M N O P Q R S T U V
W X Y Z A B C
is given below :
The co~ din g number equivalent to each alphabet
t u v w x y z
a b c d e· f g h i j k - I m • n o p q r s
0 1 2 3 4 5 6 1 8 9 10 t"l 12 13 14 15' 16 17 18
~9 20 21 22 23 24 25
.
essed as
Matlk,matically the Caesar cipher algorithm can be expr
C ·= . E(3,P) = (P+l)mod 26
P = D(3,C) =(C-3)mod 26
Where
C = Ciphertext/ or ·alphabet
p = Plaintext/ alphabet
B = Encryption
D = Deceyption
Mod 26 because in B~glish there .are total 26 alphabets . :

I! :i '., \J :, fl I II I I O II t,
• ... -•

Scanned by CamScanner
 II I .
·: . ;~: ,,11 • 1:rti:1~; :_.. :
•·r

1
J. -Cr

fJl'C /01 ♦ M,, lf11 \

I .
I .

An•. : . . ,nent of aJphabeb or nu~ben occurs instead their

Jn tr11nannaition teehnique, ~ llf no replaa ·
--r- · , CftMition of plainte~t 1• done to produce clptiertext.
po1itiona are changed or reordenn1 o. ,,.,..,
There are two type, of tn111potltlon t,chJIJqUII :
(a) Columnar transposition technique11
1
(b) Keyleas tranaposition techniquet1
(•) Columnar tranapoeltlon technique 11 very elmple to uncte,9l8ncl.
(1) Write plaint.ext me111age into a rectanale with some predefined siu.
(2) Select the random key according to the size of rectangle abo called columns.
(3) Read the text preaent in each aelected random key colunw.
(4) Combine all text present in each column as per sele.cted random key order.
(S) The resultant text caJled cipbertext u shown in Fig. 2.4.
Step 1: Plalntnt : Are you miuing somebody.
1 2 3 4 5 e +--Cokw nn aae
a r e V o u
Wrtte plalntext m I • • I n
row •b'/ • row oaom eb
o d Y

Fla- 2.4 : Columnar transposition tedmJque

Step2: Select random key S 4 2 3 1 6
Step3: Read text present in each column according to key.
Step4: Oieysmrisdesoyamgoumb
· Step 5: Final ciphertext is
Clpbertext : Oieysmrisdesoyamgourmb
The ciphertext obtained in step S can be made more complicated by performing mul · ~ d
·
of sueh permutations. Diffus' • f b' tlp1e roun s
100 means pcnnutation o 1t or byte positions

(b) Keyt~ Trlnaposltlon Techniques :

Key.less transposition technique also called Rail fence ted,nique.
Algorithm .for key~ transposition technique is given below :
(1) Write plairitcxt me&age into Zigug order.
~ :1 'I V S I! I II I I ll II ,

Scanned by CamScanner
 2-4
. .·· czgfography and System Security (MU)
as shown in Fig. 2.5.
(2) . .Read .plain text message of step 1 in order of row by row I
;:;...
For example : Plain~xt : be careful ~bile chatting.
e u I h l c a t n
row1 -+ e a
: .. /\ /\ /\ /\ /\w/\I/\e/\h/\
. t
/\I/\g
row 2-+ .b o · r · · f . I

Fig. 2.5 : Zlgi.ag order of plalntext

.,:~~

rtext is
. Write plaintext obta i~ in row 1 and row 2. The resultant ciphe
.· •
. Cl~r text : eqeulhlcatnbcrflwiehtig.
so that attacker may. get clue to
· .This technique ·doesn't want any key. Rows are als~ fixed (2)
·break the ciphertext obtained using rail fence technique.
A more complex way to encrypt the message would be to
write it in a rectangle, row by row, and ti~:1t.~~)i:::!
..
order of the columns. The order of the
.. then read off the message column by column, but to decide the .
. col_umn wiU be the key of the algorithm. . ..
'·
For example : r.:;\~{il:,
-;:
Plalntext: The book is related to history.
. Key : 4351267 ,.

4 3 5 1 2 6 7
.h ·e b. 0 0 k
t
j s .r e l a t
e d t 0 h i s
:.t ·o · r y
. ·Cfpbertext: BEOYOLHHSDOTIETERTROAIKTS
rs In detail ..
· a.·5 · . What are the different types of ciphers? Describe block ciphe
,
• .Ana.:· . . c: ,
· (i) · ·· ciyptographic . algorithm is used for
·· transformation of plaintext into ciphertext
. (ii) · : The generation of plaintext into ciphertext in two ·
basic · ways · Stream dpb~r and Block cipher. ·
I Es}
is
This shown in Fig. 2.6 . .

. ,-

. ,,
.. : .

_.._. ___ • •
.-

•..' :
.

i '

.
' Fig. 2.6 : Types of Cipher I~,...,,1:
m
·:.. ··a1ockc1pher ·•
:;: (i) .. ·. A block cipher opeiates.onplai11text accepting
a block,ofbit :at a·time.:Generally.a block siu. of
.. . . . . .. .
-· 1·
•
. 64 or 128 bits ·is used. .. . . .. . . . .

i i\: -:·(~) •· ·.··: iii~ in stream cipher block cipher also uses the :con~ pt of key gen~iaUJr~Bfock ciph er~ used
will_l>e
: :_ i.· :
5

ii
se for . re · · · · · · ·.., · , ·. ·•· · ·
· · ·;':,: · > : · · · · · : is becau

. ; . ... ' ..··. i> ·: :- ... - . :_

' ~ ..·..
Scanned by CamScanner
 . .
', '
., .
, ,. .
'~;,,r.- / ·:~-:,. '-.

~0
, .. , . _ -..
cgptographyand·Syatem Security (MU)
. aJ st regarding what 1s the original plmnte l he,1e
generated which .can give clue ~ cryptan y hall see later in this chapter. . .
chainin mode is used for block ciphers .as we s .
. _g . . ed 'th urrent block to av01d repeat in pa11 rn.1i.
As in chaining method, previous b!pck oux wi , ~ so generally used in compu
18 ler h~
(iii)
Block cipher is little time consunung thc n stream cip er
cryptographic algorithms.
0. 1
Q. I Glve·dlfference between confusion and diffusion.
Ana.:
WiVI n
Difference between Confusion and Diffusion ,11ett1<
Diffusion
Sr. No. Conftulon iph<
plaintext statisticN
the relationship Diffusion spreads the
I. Confusion obscures
through the ciphertcxt.
between the plaintext and ciphertext
A double transposition is the classic example
2. A one-time pad relies entirely on
confusion while a simple substitution of a diffusion-only cryptosystem.
cipher is another (weak) example of a
confusion-only ~yst em.
3. Confusion alone is, apparently, "enough", Diffusion alone is, perhaps. not enough, at
since the one-time pad is provably secure. least u ing relatively smaU blocks. A stream
cipher is simply a weaker version of a one-
time pad.
4. The codebook aspects of such systems Well-designed block ciphers spread
any
provide confusion analogous to though on local statistics throughout the block, thu1t
a much grander soalc a simple substitution. employing the principle of diffusion.

□□□

1: :1 -. V - -; o I 11 I I t1 11 -.

Scanned by CamScanner
 ~.fllh i:8"l d~Se curi tf MU},
~~f,_
a .

Chap ter 3 : Secret Key Cryptography

Q. 1 £1?'a"n Sl'fll <One oC block qJhefS Yittl example. Also explain structure of DES.

cipla: published by National Institute of Standards and Technology (NIST).

DES
DES -_
nis - · ;i ~ ~~ by an IBAi team formed in early 1970
in response to customer request for a
~ · su daD. nm ena}Jmon standard takes 64-bit plaintext as a input and creates 64-bit ..
,,.
~ u ..
CDC}p ts data mblock of size 64-bits per block.

Di\i~ - message into 64-bit block each.

OR
JiJb-jme;n message is divided into size 64-bits block each and encrypted using 56-bit
- rel Fig. 3.1 shows coo.ceptual view of DFS.
I ..
'

64--t.1 64-bit .: 64-bif ~

._plain text >: plain ~a~,;
~

' 58- ---t

'.
I

[)ES,
.
56- bi:I
key
---t ·
i
•
DES
56 - bit
key ---t DES
keyi
-
,.
• ' 64:..blt }
. 64-tn 64-bit
cipherte xt cipherta xt c1pttertext,l

Fig.11 : Conceptual view of DES

_.\l dJi! ~ side, DES takes 64-bit ciphenext and creates 64-bit plaintext and
56-bit key.

SIQS ofDE S
~ ~ -of DES is ,-ery simple. Divide plaintext message into block of size 64-bits each,
1lmch · ~ .initial pmnutition. After initial permutation on 64-bit block, the block is divided
into two
bah-a of32-b .. ca&d .left plamte..u and right plaintext
with 16
1k left ~te._' tt and rigJit plaintext goes through 16 rounds of encryption pl;'OCCSS along
xt gets
- __,
difh~='" - ~"5 for ea:b rounds. 16 rounds of encryption process left plaintext and right plainte
- -m
final permutation
aulwiaed ™ final pemwr ation is performed on these combined blocks. The result of
PtGiCU ~ of cipbertext as shown in Fig 3.2.

. '. - . . . .

Scanned by CamScanner
 Cryptography and System Securio/ (MU)

l
:I
64. • bit plainteXt .

'. 1 Initial permutation ..

·I

Left plain . . R!ght plain

text (32-blt) , text (32-bit-}

K1

56- bit
key
'-e°1'
,...
··c
.

'

G) se.
E. i"
Q-'l:

K16 ·

Final permutation

64 - bit cipher1ext

Fig. 3.2 : Detail Steps in DES

Q. 2 Explain Initial permutation steps in DES.

Ana.:
bit of origi nal plaintext block
Initial pennutation is the process of rearranging or shuffling each
with any other random bit of same plaintext message block.
111 bit of original plaint.ext block.
For example : Firstthbit of original plaintext block replace with 48
n in Table 3.1.
the ~ bit replaces with 57 bit of original plaintext message show
nd

Table. 3.1 ·: Initial pennutation

48 57 59 64

1
2 3 7·
Plaintext block (64 bits)
• ...;..-21
· · . .. . This proce ss called jugglery of• •bit position of pi~'"te X1· b1,,ock WWY
i..:.-L • • · . .
:J lS applied to all OOp -
~
bl . I,., • . . nce. After lllltlal permuta.;on· the i:..1.-b·· · •
• .
. plamtext oc~ ma ·..seque -. ·. ui ·. v-t 11 P1amtext block get divide.cl mto.r
w0
· .: , _ · ·
-

~ I as · SUIU IIOII S
Scanned by CamScanner
 .. .

. ~·,\'
~
l1npJc111c11wt1 ,,11 !Jr lw/J 11111Jt, (l,ll :il1i fi 1-; ,
The DES encryption technique ideally sui ted f~,r
lookups etc).
2. Dedicate.d hardware could run DES at 200 M bytc/n,
· 3. · · __ Tec.hniq.ue well suited for voice, video encry
ptiun .
lJly cq•wl Il l
there arc 2 poK11 ibJe key c:01r1bhwtl un/J wl1ich lti ,·uug
56
4. DES uses 56-b it keys so that . ""
7.2 x 10 keys required to break DES cipher.
16

11econd would utkc lfllJrc llwn a lhou!ialUJ

5. A machine performing one DES encryption per micru
• ·__year to break the cipher.
or the key,. the ciphcrtex t H ltoult.l chani.c mar~.cdly ,
6.' If a smalJ,change in.either plain text . '
' .

_· Disadvantages in DES
. I. . ·Trying all possible combination of z5
possible key11 iHnot that much hard thel>C <lay,;,
6

. _2. ·Jf you spend ~ $25 K you can build .

5
fu an exha ustive searc h know n plaintext attac k, the crypuinalyst wilJ obtain the ,mlution aft.er 2'
· .· 3. .. 16 . ,
_ .. . . j.e. 3.6029 x ·10 trials on an average.
.ord crackern that will 8UCCCHHe_H in few hours.
·... _4; ·· . · If you sp~nd $25 K you can build DES passw

a. 4 - ·.· Write ·short note on ; Multiple DES or double

DES. D.UiiWlt• .,.
........
.

Ans.: · '%:J;:7-;~:.~
only difference is that double DES use two keys ~~=~f~j
: ·-. . Double performs the same operation as DES t
Kl & Jci.: First it perform encryption on -pJaintext which is encrypted uHing Kl obtains first ciphertex
, t.
er key called K2 & converted into final ciphertex
.. again this ciphertext is encrypted ·by using anoth .
·•· Mathematically double_DES is represented as
Cp = EK2(E(Kl (Pt)))
. . Pt ⇒ EKl(Pt) ⇒ TEMP= EKl(Pt) ⇒ EK2(E(Kl (P))) ⇒
.I.
-Where . _· .- Pt · = ·. Plain text
. EKl(Pt) . = Encrypted plllintext with .Key Kl
ts
TEMP. = EKI(Pt) = Temporary Variable to store resul
u~i.ng K2·
EK2(E(Kl(P))) . = Encrypted Results of first st~p
Cp . = ·Final Ciphert~~~: : . . . · · .. .
~ed afte r
' : ;
. .. - Decryption 'or Dou ~le DES i~ reve~ se-o f ~ncryption.· Wh a~e r _t,he ciphertext obta
:' lt of_
d using K2 §z, obtain _the t}rst 9pherte~t. the resu
,.. : _. double -DES encryption process get decrypte plainte;d• ..· . . .
ypt~. u~ing Kl which yields·.the original
. . :<-:: -p~yiqus step (ciphertex
' ,,
' --
t) decr . . . .
. . . .

•..
:. : .:-'-O. 5 : - ·\rYrite' short note
. . .
on -: Mult.iple.
' •
DES or,
' ,. .
triple
.
.QES
:-· ,.
~.·. . . ,•

Scanned by CamScanner
 3-4
Cryptography and System Security (MU) a

Ans.:
that ~pie D~ us~s
Triple DES performs the same operation as double DES only differen~e is
three keys Kl. K2 & K3 while encrypting plaintext. First it perform
encryption on pl:iintext which 1s
encryp ted using K.l obtains first ciphertext again this ciphertext
is encrypted _by usmg an~ther key
K3 & converted mto final
called K2 which obtains the second ciphertext which is again encrypted using
cipbeltcxt Cp.
Mathematically. Doub)~ DES is represented as,
Pt ⇒ EKl(Pt) ⇒ TEMP= EKl(Pt) ⇒ EK2(E(Kl(P))) ⇒EK3 (EK2(EK1(Pt)))
I
I
⇒ Cp = EKJ (EK2(EKl(Pt)))
Where Pt = Plaintext
Ii EKl(Pt) = Encrypted plaintext with Key Kl
j
';
!
TEMP = EKl(Pt) = Temporary Variable to store results
!

EK2(E{Kl(P))) = Encrypted Results of first ciphertext using K2

E.K3 (EK2(EKl(Pt))) = Encrypted Results of secqnd step using K2
Cp = EKJ (EK2(EK1(Pt))) Final ciphertext encrypted using Kl. K2 &
K3
Decryption of Triple DES is reverse of Encryption.
ted using K3 which
The final ciphertext obtained after Triple DES encryption process get decryp
results first ciphertext. first
results second ciphertext, second ciphertext decrypted using K2 which
ciphertext again decrypted using Klwbich·generate the original plaintext Pt.
tion process.
a. 6 What is lntemational Data Encryption Algorithm (IDEA) ? Explain key genera
Ana.:
y of ETH-Zurich in
It is a block cipher algorithm designed by Xuejia Lai and James L. Masse
es on 64-bit plaintext and
1991. It is a modified version of Data encryption Standard algorithm. It operat
y PGP v2.
ciphertext blocks and key used is of 128 bit. It was used in Pretty Good Privac
48 keys are there and in
Total 8 numbers of rounds are done using 6 keys in each round: Like this
last round another 4 keys (6*8= 48 + 4=52) are used for both encryption
and decryption. The operations
performed in this process are i) XOR ii) Addition iii) Multiplication
Key generation process :
. The 128 bit keys are ~ivided into 8 sub parts i.e. 16 bit in each subpart.
Then this
128 bit key is
rly this 128 bit key is
c~~lic s~~ to the left by :5 po~itions and _gen~rates a new 128 bit key. Simila
'is repeated from which 52
d1v1ded into _8 sub blocks which will be used 10 next round. The same process
..
keys are generated. Table 3.2 show sub bl~ks of key generation.
. Table 3.2 : Encryption of the key sub-blocks
Round 1 z0>z0>zc1> · 0>· en en
1 · 2 3 z4 Zs z6
·Round 2 z<2> z<2> .z<2> z<2> z<2) c2>
· 1 ,2 3 4 . 5 Z6
<3> <3> ~3>_
Round3 2<3>1· 2c3>2 2c3>3 z, 2 s ~6 .

t :, S 'I - ~; 0 I II f I fl II S

Scanned by CamScanner
 ::Cryptography and System 5 ecurlty (MU)
z;
. , .. _ c4> (4> (4)_ (4> c4) c4> .
.' Round4 z1 z2 z3 z4
2s 26
. .'• ! ..
.. - (S) · (5) . (5) · (S) z(S) z(S)
..
,
Round 5 Z I Z 2 Z 3 Z4 5 6

. .-.
'.

Round 6 · · ·W
zl
~
z2
W W
z3 z4
Wt~
Zs 6
:
.. (7) (7) (7) (7) (7) (7)
. ,
Round 7 . z1 z2 z3 z4 Zs z6
., .. (8) (8) · (8) (8) (8) z'8)
•, Round 8 Zl z2 z3 z4 Zs 6
..
-. (9) (9) (9) Z(9)
Output Transfonn _z1 z2 z3 4
' .
, ..
·a. 7 · What are block cipher algorithmic modes ? Describe any two modes.
·. · Ans.!
The .block cipher is 'basic 'building block for providing data security. In blockcipher rather that
.encrypting one bit at a time, block of bits is encrypted at one go .
block
.· :· ··· .- ·_· The Federai Information .Pr~essing Standard (FIPS) .defines four modes_of operation for
s
cipher that mafbe used in a wide·yariety of applications ~ike symmetric key cryptographic algorithm
in
(DES,.AES etc).-The modes specify how data \Vill be encrypted and decrypted. The modes included
.this staQd.ard are :
.L · Electronic Codebook (ECB) mode .
2. · . Cipher BlockCh.ai~ing (CB9 mode
3'.. · _·._ Cipher Feedback (CF_B) mode and
4. - Output Feed~ack (OFB) mo.de
·5. Counter (CTR) Mode -..
· 1. · . · Electronl(? Co,debook (ECB) .Mode
into blocks of 64 bits
. . :. Jn Electronic Codebook (ECB) mode the given plaintext message is dividedproduce
.·eru;h an~ each 64~bits blocks get encrypted independently. The plaintext block s ciphertext of
:same size (64.;bhs each).- The given plaintext is encrypted using san:ie key .and transfers the encrypted
· data (ciphertext) to receiver. . · ·
produce
_ ... ·. . At-the receiver end each block i~ decrypted· independently using same key in order to
-' --• origin~ plain text message of _same size i ~:·~Joe~ _· of.64-bits each. The Electronic Codebo
ok (ECB)
tjt~ _en~ryption and:decryption process is show11 in Fig. 3.3 and Fig. 3.4~ _ . · • . ·. _ .
· Plaintext · Plalntext . · Plaintext · ·
· ... ·- block 1 -block 2 block N

1, . _ . ...•

/ . ~ey ·-
-""'T-'.......,
. ;. .

.. -.. ·-·
,,.

Scanned by CamScanner
 C
5
Cryptography and System Security (MU)
the occurrence of more than one plainte.xt bloctana k in the
. . ker or cryp ly t.
mode ts th at for output wh'1c h give
. Jue to the attac I
The drawback of ECB s c
. •h bl k ·m the · f . h re the chances of repeatino0 the
mput generates the same ctp ertext ocusing ECB mode o operauon w e
Only small messages can be encrypted
same plaintext message are quite less. Ciph ertex t
Ciph ertex t
Ciphertext block N
block 1 block 2

Key

Plaintext Plain text

Plaintext block N
block 1 block 2

e decr ypti on proc ess

Fig. 3.4 : The Electronic Code Book (ECB) mod

2. Cipher Block Chaining (CBC) Mode

r ·independence in ECB even for repeated
To overcome the problem of repetition and orde each
e is used. In the cipher-block chaining mod e,
plaintext the Cipher Block Chaining (CBC) mod
ertext block before being encrypted.
block of plaintext is XORed with the previous ciph
ntext bolc kl) is XORed. with an initialization
In CBC mode the first block of the message (plai sage
ial meaning it is simply used to make inpu t mes
vector (IV). Initialization Vector doesn't have spec
more complicated or unique.
e it should be random or pseu dora ndom . A good
Different criteria for IV are fixed-size input valu are
lizat ion vect or shou ld be unique and unpr edictable. In all modes of operation plain text bloc ks
initia using
sponding ciphertext blocks are repr esen ted by
represented by using Pl, P2, P3, ....... ... Pn and corre in the
chaining mode even if plaintext bloc k repe ats
Cl, C2, C3, ............ Cn. In case of cipher block
ciphertext blocks as shown in Fig. 3.5.
input, output of CBC mode yields totally different

Plalntext Plaintext Plain text

block 1 block 2 block N
P2 PN
Initialization (IV)
vecto r

K K

C1 C2 CN
Ciphertext Ciphertext Ciphertext
block 1 block2 block N

. .
Fig. 3.5 : Cipher Block Chaining (CBC) mode encryption process
·
CBC mode is applicable whenever large amounts Of data need to be sent securely , provided that
all data is available in advance (e.g. email FTP ,
b
d using same key used during enc; ptio n' we etc.) . In CBC decryption, ciphertext block 1 get
decrypte process for all plaintext biocks.
_ , --- --
--:-/-1~-:-'i,~,e~.tf! 4~ &ii ;ri ,iin rrN iilr lift ,im ,t~ -II-
--- --- --- --- ~-- --= -== =~ ---
Scanned by CamScanner
 h and S stem Securll (MU) - , . -
·1,.l
. ' !'lt1 1•tc 11I Y)ll11 .tiJ1, 1dlll' '1:!jll,11tll 1 11,1
Ira
withi1!itli 1li1: II ii...' I ., <H~ 111! •·it ll ,,. f IJf, '
1. ~ I hld1
ThcoUtput of thi sslcp lfllh rt XOR I I
k . d ··y I J ,,,1rl it c.i ,11 1111, I f1l, J +
Ill ' id•, 1, 1 I,, .lit ' ', .g lhl
rtcxt blo" l!-l c~r P, r' ,11 ,111Ii II
In next step• the ciphc
ll k 2·. Repe at the p 111c qs 11 r l ~
result s plwntext , uc .
n F,g. 3.6. •
s as show in
I . text block h I r;lt hc!t lc:Hd
pa.in Olp ~HI 1.J l, J•,I• N
Ctphertexl
block 1 bl k~
c,

K K

N-1

P1 P2
Plalntext Plalnt ext
block 1 block 2

Fig. 3.6: Cipher Block Chaining (CDC J mod\! decryptio

n l)tc,ce3~

Q. 8 Write short note on BLOWFISH .

An■.:
by Bt11ce Sch11 d¢r and ' an b cff'e 1J cl
1
Blowfish is a symmetric block cipher, designed in 199 "Yftlfll~tti ' hlcx..;.k
theft. Blow 11,h l!j a 64.. hll
used for encryption and protecting data from unwanted
14 byteli ).
cipher that uses a variable-length key from 32 to 448-bit.'i (
of plai ntcx.t anJ C()t1V e f1 ~ l Ole)
The algorithm was de~eloped for encrypting 64~bilr,
64-bits of ciphertext efficiently and securely, The oper
ation s selected for th~ algo nthm ere
table lookup, modulus, addition and bitwise exclu sive- or
to minimize the uine requiriW for cnayp1 ns
and decrypting data on 32-bit processors.
BLOWFISH Encryption Algorithm
g encryption, the 64-bit~ plaintcxl as
Let us start with the BLOWFISH encryption proce ss, durin
(xR) 32 bjt each.
divided into left plaintext LPT (xL) aQd right plaintext RPT
In the first round, left plaintext (32-bits) XOR with first
subkeys of P-am1y (consists of 18 :32-hil
32-bits which is again inserted through a
sub.keys) called Pal which generates new output of
the right plaintcxt 32 bit'! of the rness ag to
transformati9n function called F, which then XORed with·
produce a new value as shown in Fig. 3.7,
RPT (xR) was done which und~rsoe."
Now swapping between newly generated LPT (XL) and
t S-boxcit The dctaiJ step of BLO WF(SH
through 16-round Feistel cipher and uses large key-dependen
algorithm is shown below.
1. The input is a 64-bit data element, x.
2. Divide x into two 32-bit halves: xL, xR.
3. Then, for i = 1 to 16:
4. XL= xLXORPi
~ 111 '1·4i•hi ■ili■ ii
-
Scanned by CamScanner
 ·czptgyraphy-and System Security (MU)
5. xR = F(xL) XOR xR
-
3-8

6. · Swap xL and xR
7. · After the sixteenth round, swap xL and xR again to undo the last swap.
8, Then, .xR =xR XOR Pa17 and xL =xL XOR Pa18.
9. Finally, recombine xL and xR to get the ciphertext_.
each). The
The F function takes the 32-bit input and separates it . into 4 bytes (8-bits
S-boxes accept 8-bit input and produce 32-bit output.
t:~ -J?i~J
ftPtAi_NT~~ (;
~2 bits · 32 bits

13 More Iterations

P18- ~i--t ~~- P17

---- .--- ...-- -- 32 bits
64 bits
-C.J.Prt~R -TEij;;.i;
Fig. 3.7 : BLOWFISH Encryption process
and finally
The 32-bit output of the · S-boxes is then added, XORed and then added ag~
produces 32-bits output ciphertext as shown in Fig. 3.8. . ·-

. · ··.'

Scanned by CamScanner
--
 · 3-9

". • r 1

e_•bite $• box t 32 - bits

e ~ bite ·$ ~box 2..,__ __,

- - - 32-b lts
Input

--.. - -
8 -blts ...S ~-box.31;1--32___b_lts_ _....,

r:i:i~ 1, -♦ ADDITION operation

.
Gi1

ADDITION operation
8 - bits :' ~:- bo>cJJ.1 -- -- -- -- -
.. · · · 32 - bits

Fig. 3.8 : Bl9wfish F function

DES uses 56-bit key, blowfish can
The major difference between DES and BLOWFISH is that
·
have a key that ranges from 32 to 448-bits.
part also called sub key generation
Blowfish algorithm consists of two parts: a key-expansion
as encryption, except that Pal, Pa2, ... , Pa18
and a data.encryption part. Decryption is exactly the same
arc used in the reverse order.

Q. 9 Explain In detail subkey generation technique.

Ana.:
al subkey arrays totalling 4168 bytes.
This process converts a key of at most 448 bits into sever
· Blowfish uses a large number of subkeys.
· These keys must be pre-computed before any data
encryption or decryption. The·P-array consists
· ·
of 18 32-bit subkeys :
es each:
Pal, Pa2, ... , Pa18.There are four 32-bit S-boxes with 256 entri
s·1,o, Sl,l,.... Sl,255;
S2,0, S2,J,;.,, S2,255;
S3,0, S3, I, ... , S3,255;
S4,0, S4,1,.. ,, S4,255.
Subkey generation steps :
fish algorithm :
Following are the _steps of subkey generation using th~ Blow
lni ti~ first the P-array and then the four S-boxes, in.
o~der, with a fixed string. This string
1. · • .
consists of the hexadecimal digits of pi. · .
For ~xampJe : · ·
Pal= Ox254f6aal
'· . Pa2 = Ox45b307d4
• !
.,.,,,.

·:'-G1i¥Ui1tid1iid
. .' . .\ '

..· ' . ,,

Scanned by CamScanner
 3-10
:a
Cryptogr:@y and System -Security (MU)
Pa3 = Ox l 2298a2f
Pa4 = Ox02506355 . d JZ-bits of the key, and so on
.
. f th ke XOR Pa2 with the secon the key bits until. the entire
2. XOR Pal with the first 32 bits o e Y,4). Repeated1 y eye1e through
for aJI bits of the key (possibly up to Pal_
P-array has been XORed with key bits. "bed . te l
. . th bkeys descn m s ps
3. Encrypt the all-zero string with the Blowfish ~gonthm, usmg e su
and 2.
4. Replace Pal and Pa2 with the output" of step 3.
'thm w1"th the modified subkeys.
5. Encrypt the output of step 3 using the Blowfish algon
6. Replace Pa3 and Pa4 with the output of step 5.
. of the P- array, and th. en all four S-boxes in order, with
7. Continue the process, replacing all entries
the output. Total 521 iterations are required to generate all req~1red subkeys.

Q. _10 Write short note on CAST 128.

Ans.:
CAST 128:
(I) It is a symmetric encryption algorithm.
(2) Developed by Carlisle Adams and Stafford Tavares.
(3) It belongs to Fiestel cipher structure. -
(4) It is similar to Data encryption standard.
(5) Input : plaintext ml...m64; key K = kl. .. k128.
(6) Output: ciphertext cl...c64.
(7) Key size can vary from 40 bit to 128 bit key.
a. 11 Write working of AES algorithm in detai!,
Ans.: ·
• The Advanced Encryption . Standard (AES Algorithm) is a Symmetric key cryptographic
ber
algorithm published by National Institute for Standards and Technology (NIST) in Decem
2001.
• The plaintext given is divided into 128 - bit block as consisting of a 4 x 4 matrix of bytes.
in the
• Therefore, the first four bytes of a 128-bit input block occupy the first column
4 x 4 matrix.of bytes. The next four bytes occupy the second column, and so on. AES operate
s on
a 4 x 4 column-major order matrix of bytes; called as state ·array shown in Fig. 3.11. AES also
has the notion of a word. A word consists of four bytes that is 32 bits. The overall
structure of
AES encryption and decryption process is shown in Fig. 3.9.
128 bit long.
• · _· The number of rounds are· 10, is for the case when the encryption key is
· · (The number of rounds is 12 when the key is ·192 bits and 14 when the key is 256.)
Before any
ed
~und-based .processing for encryption cari begin each byte of the state (plaintext) is combin
. WJ.th th~ round ~ey using bitwise XO~ operation. Nr stands for number of rounds.
x 4 State arraY ~
• . · .~S divide p]aintextinto 16 byte (128-bit) blocks, and treats each block as ·a 4
·
: shown in Fi . l9. .It Ulen . rforms four o rations in each round ~onsists of severa1 ·~r-n:,JJl
· .ta, ea s v-s o I u r 11111 s
Scanned by CamScanner
' .
'•

.:m, b
,
n step a row-wise pe
't ti
. .
rmutati·on step a column-wise m1xmg step, and the
' • I
~tepij Uke ~u sli u -~ . - ~ . - t i th last round in each case, all other rounds are ident1ca .
addltion of the r<'.> und key. Gxcep or e . . ShiftRows and
final Round doeiln't have (MixColumns) it includes only SubBytes,
AddRoundKey. .
ocess of transforming the cipher text back into the original plaint.ext using same encry
. dptton
• - · pr
The · . d f ocess the set of roun s are
key is called WI decryption process _of AES, durmg ecryp 10n pr
reverlJCd.
Plalntext(128-blt)
. Plalntext(128•blt)

,, .. key;
_.......-,.,.'.•.."'. round Final Round
Add round key: 1 Round , ·,, , ,.
Round key 7'-JrayS,ubeyJes · •

SubB~s .
rtnvshlftRO:~ i
ShlftRowe Repeat
Nr • 1
Bound
:Add Repeat
.. . . . -mun
. .
Nr -1
t lnvsubE¥,e~:
, : ·. . ..
, , Bound
i tnv'.ShiftRo~$ ·.
. SubBytes . , } Round key
. ShlftRows . · Final roun~
.Add round ke.y .
Round key ' '

Cipher text (128-blt) Cipher text (128-blt)

Fig. 3.9 : AES Encryption and Decryption pr~

Detail Steps for AES Encryption

For encryption, each round ·consists of the following four steps :
(J) Sub Bytes (2) Shift Rows
(3) Mix Columns, and (4) . Add Round Key

1. The SubByte step/Substitute byte :

SubBy~() consists of replacement of each byte using a fixed S-box lookup table as shown in
Fig. 3.10 to achieve non-linearity into the 4 x 4-state array (16 byte). It performs roughly the same
function as the S- BOX in DES.
• · · It operates on each byte in the state and performs a non-linear substitution in the Galios Ftled GF
(2~ field, which is what makes AES a non-linear cryptographic system.
-
y ' '

0 1 2 3 4 5 6 7 8 9· a b C d e F
..

.,c
0-· '63 .. 7c 77 7b F2 6h 6f CS, 30 l 67 2b Fe 07 . Ab.- 76
.' ·t. ' ca _· 82 C9 711 Fa . 59 47 PO · Ad D4 A2 . Af 9c A4 72 co
' ... . . '

-fft.JIB!lilitdt,Niii
Scanned by CamScanner
.,
·1';
. Cryptography,and System cun
y
---
3- 12

p
--.,

0 1 2 3 4 5 6 7 8 9
AS BS
a b
Fl
C

71
d
D8
C

31 -
15
2 b7 Fd 93 26 36 3f 'F7 Cc 34
Eb 27 B2 75
-
7 12 80 E2
C7 23 C3 18 96· 5 9a
3 4
B3 · 29 E3 2f 84
AO S2 3b 06
4· 9 83 2c lb la 6c 5a
Be 39 4a 4c 58 Cf
_Ed 20 Fe Bl 5b 6a Cb
5 53 01 0 3c 9f A8
85 45 F9 2 7f 50
6 DO Bf Aa Fb· 43 4d 33
.,
B6 Da 21 10 Ff F3 02
,. ,
7 51 A3 40 Sf 92 9d 38 FS Be
'i 19 73
17 C4 A7 7e 3d . 64 5d
8 Cd 0c . 13 Ee 5f 97 44
Ee B8 14 Be Se Ob Db
9 60 81 4f De 22 2a 90 88 46
Sc C2 D3 Ac 62 91 95 E4 79
a BO 32 3a 0a 49 6 24
b - E7 cs 37 6d Sb 05 4e A9 6c 56 F4 Ea 65 7a Ac 8
C Ba 78 25 2e le A6 B4 C6 ES 0d 74 lf 4b · Bd 8b 8a
d 70 3e B5 66 48 3 F6 Oe 61 35 57 B9 86 Cl ld 9e
e El PS 98 11 69 09 Se 94 9b le 87 E9 Ce 55 28 Of
f ·sc Al 89 0d bf E6 42 68 41 99 ·2d Of BO 54 bb 16
Fig. 3.10 : S-Box Lookup table for SubBytes

I SubByte )
l
10 21 . CO 81 CA FD BA OC

05 07 01 25 68 CS 7C 3F
60 byte(128-blt)
State Array
blocks
27 12 19 21 CC C9 04 FD

15 27 30 35 59 CC 04 96

t lrnvSubByte~

Fig. 3.11: SubByte transformation

Fig. 3.11 shows the state transfonnation using SubBytes techniques and if apply reverse called as
InvSubBytes transformation which will create original values. For every same two byte value the
resulting transformation is also same. It also shows that the lnvSubBytes transformation creates the
original one. Note that if the two bytes have the same values, their transformation is also the same. The
corresponding substitution step used during decrypti~n is called lnvSubBytes.
2. ShlftAows :
_ ·The output of the SubByte transformation is input to the ShiftRows transformation which
CQnsists of rotation of each byte of the state array in the order of a row of data matrix (rotation of row
by~ _positions are dooe in this step). Eacb _. byte of the first row remains unchanged. Each by~ of the
tM C3SV·SOIU(IOIIS
Scanned by CamScanner
 3-13
. c,vptegraphy and System Securlo/ (MU)
a .
· rotate over one byte to the left position. Similarly the third .and fourth rows. ared also
.
second row as . f
rotatect"left by two and thre.e position .us shown in Fig. ~.12. The ~orrespondmg trans ormatton urmg
decryption process is called Inverso shift row transformatton (InvShtftRows).
1 1
ShlftRow I
I.
l
'cs
.,
30 FF 64
..
-09 ao Ff! 84 "
'(:/i!./!J
.... 11,,·.,1,-
t

.. F2 FE
12 15
80
7E E4,
25: FE 60 25 F2
7E E4 12 15 l :::i::J:;
'

.AA FE .84 -07

T jy '-I
· rn.vShlftRQ. _.1
v
07 AA FE___84..
J it~
Fig. 3.12 : ShlftRows transformation

3. MlxColumns : ~&:!\
·1
Mix Columns performs operation on the state array obtained from ShiftRows column-by-column
and each column is multiplied with row of a fixed matrix. This step takes four bytes as an input and ,1:;,4:/
j.:'

produces outputs of four bytes (each input byte affects the output bytes). The four numbers of state V:~-:;:~.-:
arrays of first column are modulo multiplied in Rijandeal's Gallo~ Filed (GF) by a given matrix as :
•·r;~ft:.
1
shown in Fig. 3.13. In AES MixColumn step along with ShiftRows are primary source for providing ..
complete diffusion to the cipher produced. .
'

~o~::,t:,oiJ. ,<of
' ' ,,, t' ~
.of·
~. ,, . .
04 .EO' :88 t'€'
. .
1
.· .. .,,,.,
~ '
-h,~::
,t,,:,,
::?!~'
:W
~:OJ\, ·02,· .~3 _;;01; lh :~F. .B4 4-1 •27< ,;
.,... .. . ~ ' . .•.,t;
ot: .or cfa ;QS;:
W
¾· i • ,' . . . , ·s -.,.. • . ,,.
:~O
,.- ,, •
52.
..
1_t. ;•: ·,;S$.:
. ~<

io3::of ,of·;02-
!,··- :.,:·: --~:~. ,'-,:,,,);.>',., .,..
~so -:Ae .Ft :t:s:
1~. :·../ >';!'_;, .. ,.'. · , ;,._,

Predefined matrix State array New state

Fig. 3.13 : MixColumns transformation

. From· Fig. 3.13 on the left hand side, the row of the leftmost matrix is multiply with column of
state array (~OR operations) which produces the new state. Perform the same operation on all columns
which provides diffusion (mixing data within columns). The 4 bytes of each column in the State are
treated as a 4~byte ·number and transfonned to another 4-byte number via finite field mathematics
(modulo multiplied in Rijndael's Galois Filed by a given matrix) as shown. MixColumns step is primary
source of diffusion in A.ES.
4. AddRoundKey :

· ·1o the AddRoundKey step, the Round key one generated usi~g .Rijndael's key schedule is
copibined with the new state obtained from MixColumns transformation state.
_· _ ·The round ·key is added by combining each byte of the state an-ay using -bitwise XOR
Qperations. The act1:)al 'encryption' is performed in .the AddRoundKey0 function, when each byte of
state an:ayis_XORed with the round key as shown iti•-Fig. 3.14. ·

Scanned by CamScanner
 t
.i s;:.:e:.: .- w.:-.:-ei ..

- M 6~ _,. -~ii - -
AO ----
i_:_
..._. .
-
88 23
2A _;.._ ~~ - ·--
-04 so 28
-
,
48

06
, i--
FA
~
..
54
......:..-

-
A3
·-·
6C --
66 CB F8
-
. - -PB ..

2C ~9 76
81 19 D3 26
17 Bl 39 o,
E5 9A 7A 4C
Fl 314: AddRoundt(ey .
I• ' 1 . tt n ·af Su~~tft: ;. rf:Pr,; i .
· _ dt hit'le rounc1s ,,e " ,.. ·
·s of AddRoundKey i11 upplie or
The same proccs . d k y 9 more times. - -1 d !i.,,,_ .. , t · ·
. C .l mns step and XOR with Roun e
M,x J . . id htit il. f tmtl f(oHtJo (#'1''·' " ,-f~
ou all other rounas ure e
. Except for the last round in each case, hiftRows nnd Roundk.ey,
Mix.Columns step it includes only Sub~ytes, s. - - 'n deh1H steps of AB . A ~ (1( , ll ~ f.f~
Finally an output cipher text will obtain after perfortfiidiey utid lhvMl.Ktotu.uili~! "; ffttf'. ..J~-.ffl
rounds are applied (i.e.lnvShiftRows., InvSub~yte~, A:::~ryf)tiQf1 key cidled D&tfYP-1#,, prt~~ d
cipher text back in~ the original plamtext usmg t e s -
AES.
AES Decryption ,
· · d-v ( ) t'iJ'1!i tht Ai f~,1('11"~
Decryption occurs through the _function -AddR~un -Ae'j - , Y l " . IHVUK fi ulrt Ml trVtfi.tt
InvShiftRows (), InvSubBytes (), lnvMixColumns Oand A_ddRourrdKey O docsli: ~ .. atuJ ~p.t>
function, as it simply XORs the state with the subkey (XOR cncrypt.g whe-n 81'1' · (Jf.lt:e,
when applied again).

Q. 12 Compare AES and DES. aNc•

Ana.:
Comparison of AED and DES :
'
Sr. N~ , DES
1. Data encryption standard takes 64-bit It allows the data len&th ( plain text iu) of.
plaintext as a input and creates 64-bit 128, 192 and 256 bi.~.
Cipbertext i.e. it encrypts data in block of
·size 64-bits per block.
2. In DES plaintext message is divided into AES divide pla.inttxt into 16 by~ (l ~ J
size 64-bits block each and encrypted blocks, and treats each block a.~ a 4 4 State
using 56-bit key at the initial level. array and "upporting thru diffetent key
lengths, .128, 192! and 2,6 bwi.
3. The left plaintext and right plaintext goes The number of rounds are JO. ~ for: the caw
through 16 rounds of encryption process when the encrypta011 key is 128 bit long, {A• .
' aJoni with .16 different keys for ench mentioned eorlier, the number' of round~ ti .
:
rounds. 12 when the .kty ii; 192 bit" and 14 wbeff the
'
I· kiy l~ 256.)
4, DES use1 56--bit keys &o that there ate 2~6 A~S f8 ~tloliitf thuo
' DllS ~ of key .
' · possible·-_ key combinations Which is size vary trom round
to r und.
,.
,· rouddv equal to 1.1 x 1()1li ~eys _teguired

Scanned by CamScanner
 1ft.

CQ'ptography anq System Securlo/ (MU) -1 5

,•• ·,, •,
~ . ' :
to break DES cipher.
·s. Different versions of DES are double DES AES doesn't have any fu ure , -eIS •
and triple DES is added.
DES doesn't use Mix Column, Shift Rows AES uses Mix Column.. Shift Ro"'-s me
method during encryption and decryption during encryption and decryption precess
process .
7. DES, double DES and Triple DES (168-bit AES also are vulnerahl'\'! m h.r.u:e fufce
key) arc vulnerable to brute force attacks. attacks.

QQQ

.,
• ,·,'

. .. ..

•' ··.· ...,_·

. .. '. : ~. . .,.
.-
..... _ . . .
.-
• • I •
. ·~ ·.. \ ' ' .,
' :-
,:...
.'
... . '• .
·-,•
' . ... .. ' .
. t ·. . • .
. , · '·
-. •, ... . ', ·. ," ,1 . · -·. -,. • , -. . ' . ,'
: '
., < ~~ - -\. · ·..:..". '· :_\ >_.:--. .- ---. _; :~ ·/ ' . . ·, ... .
- .
' ' .

'}-' ·-.'·.. <'. -: :- :- ....

Scanned by CamScanner
 !\•1J
a'. :e !ii _:hiJ!W
· Qyptograph}' and System S~corify
(MU) . _ · g· ]!i

I,
Cf)'ptogrophy ?
Q.1 · What is principle of pu~ic key . 2.
An s.: 3,'
as asynm1etdc koy ttlgol'ilh11111,
Public key algorithms also called (cj no_ key ror • enG f'/Pli o11 4.
· nn d decryp ti on 111v •'tcN11 _ _

· ent keys arc used dur ing encryption 111 tric kt y

1nr.
· fer
Two dif
e of decryp tion). RS A nJgorlthm Is tho l>cst oxttnlplo or ,wy s,
. and second key use d at the
ti~
in Fig. 4.1.
~o gr ap hy as sho wn
owner).
Pri vat e key (on ly kno wn to
ryone).
Public key (po ssib ly known to eve
toxl
I Plalntext
__e_n_cryp~ll_on_ _ Clphor
public key e
I
!
j
Private key d
~ - • Plalntoxt
Cipher text - - - - ptio
Decry n

Fig. 4.1

ret key.
It is easily configurable than sec
o~thm (Public key algorithm).
1-JMMII
O. 2 Write a detail note on : RSA alg
An s.: ir-
Len Ald em an hav e dev elo ped this algorithm (Rivest-Sham 6.
·.·.. Ron Rivest, Adi Shamir and algorithm . It is a ·block-cipher which conver
ts plain text
lic-~ey encryp tion 7.
.Aldeman) in 1978..It is a pub
vice versa at receiver side.
into cipher text at sender side and
flows :
· . Tf!e algorithm works as f<:>
where a~ b.
1. Select two prime numbers a and b
2. · Calculate n = a * b
- J) * (b- ))~ ·
, ·' ', · · 3. . · · Calc~ate ~(n) = (a
atively prime to ~(o ) i.e. gcd (e, $(n)) = I and I < e <$(n).
~
· 4: . . Select e such that, e is rel 1 .f
ed :mod. ~(n) = 1. ·
· ·... . 5. · . . Calcu iate of su£h that d = e- mod ~(n) or .
.
. .

e key = {d,n} .
· 6.. .· -~ bli c key= {e,n}, p~vat
.:" ,.•. .• · . ·. 7: , •- Find ou_t.ciphertext using the fomula, ..
, -- .C=fmodnwbere,P~nand
(: C
1:, ip~~itex~ P =t l;t ex ~ e = En cryJitioOlcePnd n = Bloc~ size.·
.· ·.. ., ) . . · · the · · .·
mo d Pl · ·· ·
8 ' P- , :,.. :.·n. . amtext P can be ob~n using
c1 given fonriula . . ·
. ·- · :·:~- '. ' ... 7: ' . ,
• ..
, .
', . , .
I· ', , · ,•· •
, . . · '.
'

·-' . :.:
. -.-~,·-,·. .
-:~~~;\ .

Scanned by CamScanner
 4-2
c~roar¥hY and System Security (MU)
~ .

Where, d = decryption key.

sender must know encryption key
Both sender and receiver know the value of n. In addition, the
'e' and receiver must know decryption key 'd'. · .

EumPle:
1. Select two prime numbers a= 13, b = 11.
2. n=a* b= 13 * 11 = 143.
3. q,(n) = (13 - 1) * (11 - 1) = 12 * 10 = 120.
4. Select e = 13, gcd (13, 120) = 1.
5. Finding d :
e*d mod ~(n) = 1
13 • d mod 120 = 1·
Do the following procedure till you are not getting a intege
r numbers

d = (cp(n) * i) + 1
e
(120 + 1) 121 .
d = =13= 9.30 (1.= 1) where, i•= 1 to 9
13
240+ 1 1
18.53 (i = 2)
d = 13 ·= ~ =
360+ 1 36 1
d - 13 = 13 = 27.76
(i = 3)

480+ 1 481
d = 13 =13 =37
Hen ced= 37
6. Hence public key= {13, 143} and Private key= {37, 143}
7. Enc~ tion :
Consider any integer.as a plaintext (P)
Such that P < n
Example: 13 ·: (13 < 143)
Now, C = P~modn
13
C = 13 mod 143
13
Here to find out 13 mod 143, use the following procedure ·
13mod 143 = lJ
ti mod 143 = 169 mod 143 = 26
4
··13
. ·. ·mod 143 =
8 2
13 mod -143 104 mod 143 = 91
8 4
:. C = . U13 mod 143) *(13 mod 143)*{13 .mod 143)) mod 143

. lit&11)¥iWtJll\ili1•iii .
Scanned by CamScanner
 4-
a
Cryptography and System Security (MU)
= (91 * 104 •l3) mod 143
= 52
8. Decr yptio n :
P = ctm odn
37
= 52 mod 143
37
mod 143. As
Again use above mentioned proc ed~ to ftnd out 52
52 mod 143 = 52
2
52 - mod 143 = 130
52''mod 143 = (130)2 mod 143 =26
8
52 mod 143 = cu,l moo 143 =104
16
52 mod 143 = (104)2 mod 143 =91
5i32 mod 143 = (91>2 mod 143 = 130
Hence,
37
p = 52 mod 143
143
= ((5232 mod 143) * (52 mod 143) * (52 mod 143)) mod
4

= (130 * 26 * 52) mod 143

= 13

a. 3 Using the RSA algorithm encrypt the following :

(I) p=3 , q=1 1, e=7 , M=1 2
(ii) P:= 7, q_=11, e=1 7, M=2 5
(iii) Find the corresponding ds for (i) and (ii) and decry
pt the ciphertexts. EM,ti4•if.i
Ans.:
Use RSA Algorithm
bers.
(I) Co~ider p as a and q as b as per our notations for prime num
Step 1 : Prime numbers a =3, b =11
Step 2 : n = a • b = 33
Step 3:
~n) = (a-1 ) * (b-1 )
= (3-1 ) * (11 - 1)
= 2 * 10
= 20
.
· Step 4 : Select e.such that it is relatively nri:nwa to . (
• n) Le. gcd( e. ♦ (n)) = l
. . ,--~
gcd-(e, 20) = l
gcd (7. 20) = I

P.:lSV · SOIU IIOII S

Scanned by CamScanner
-------=-------__,;.___:_---------- .
 ..cryptography and System Security (MU, _ 3 %T!ifJP Jl.r? TT . WW M1iiZE

e == 7 is given,
Step 5 : Calculate d such that
· d = c- ' mod ❖ (n}

ed mod~ (n) = 1
7 * dmod 20 = 1
_};<\{-~-- $!£n}°1it+l • Wht'l'tl I • 0 IO tJ
;_·:..:- . .- .. :· ;, 't ' ...

Find d such that it is divisible by e.

Consider i = 1 you can continue till d will get int>ger ,,,,tue. \Jtn) 10 und c
d= ((20 *l) +1)/7 = 21n = 3
:<:·. ,· F ~-H... I
[_~ii::~:-_:: :::·.-:r :_
Step 6: Public key = {e, n} ={7, 33}
Private key = {d, n} = (3, 33 }
Step 7 : Calculate cipher text message for given plain te_,t mes -age.
Plain text message given is M= 12 we consider M tlS Lo. P = l-
e = pc mod n where. p < t\
= 127 mod33
C = 12
Step_8 : Calculate pl~n text message.
· P = cdmodn
= 123 mod 33
P = 12
[:P:"*·/iif
When we convert plain text message into cipher text tJ1 corrosp nding cipher text yields the
same plain text
~) p= 7 ,- q = 11, e = 17, M = 25

· By using RSA Algorithm,

Step·i : Prime numbers are 7 and -11 as per our notations a = 7, b = 1 I
Step 2 : n = a * b = 7 * 11 = 77.
Step3:
q,(n) = (a - I) * (b - 1)
= (7-1)*(11-1)
= 6 * 10
= 60

~ ~llih#iiittli■iiiii

Scanned by CamScanner
 4.5
a

ely prime to ~ (n) i.e. gc

d(e, q,(n)) = 1
l 1t I~ re lativ
~bi • t ~ ·1ct such lhn
· h1ylvet11Js17
rttust be 1)
f','.d (11160) = I (gcd
that
~ t tlcuhu-e d Mllch
1

I
d = t ntod cj, (n)
d n,od +(ft) = J
I 7 ._ J "'tld
:1 t

tt ,h~ M.SA algorithm

1
nere i = 1 to 100
d • Ct{n) •e + wh

• (60"'1 +l / 17)
• 3.58 .
visible by 'e' . ·
d umgt be .:ompletely di into above_formula we got value of d
= 15
= After putting value of
.i

= (60*15 + 1/ 17) = 53
{-~:.-d-..·.-_ .~s~f
e., n J = { 17, 77}
~ 6 : Public key = {
3, 77J
Private key= {d, n} = (5
es sage for given plain text message M-= 2S.
text m
8h p 7 : Calculate cipher
25 (m denoted as p)
Plain text denoted as P·=
C = Pemodn
17
. = 25 mod 77
It can be rep.resented as
c · =9
of de cryption. Once sender sends 9 to the
at the time
ep 8 : N ow caJc uJate plain text P required text p. ·
St rece iver can calculate plain
receiver then
P = C'mod ·n
53
= 9 mod77
P = 25
elds original plain text message ..
.
.[ .... ;...... j
Decryption proc. . .
. . ·-, p . - 2·
-. ·,
es ,
s alw
.,
ays yi
· · ·
· · r• -~ :. .- ,-.. :. ~--~ · ·i

and (il) and decrypt th

e clphertexts
Spondlng ck for (I) 1111
· · •(W) · Find the COffi ill deet1P'
and fot ·ciuestion (ii) is d= 53 which w
ecry
· . · .DSU pteSio.sfnullke y fo· r question (i) is .d =3
~ Cc y. .

Scanned by CamScanner
 1
t0lI~J::!J>\' , \ .·../ ... ...
:<•:. ' : :;~-i'.N,h~Md·Syst~m Seeurlty~MU)
_
.._ .
.' .
· · 1 ·:· · 111 1 ,-•1
.
""

-,:';/) :~ ~~·,.art..:r _r ·'. · ·.·· . · · . .·• . . ' u ' ' '

' ' ''
' '·.; :{;~~,. ~f~ t•,t~ lble nttnc~s on RSA l\S follows,· '' ''
- - . .•· ·. . . . . ·.
('.. \i/r ;"i(\lh\ foi~ lttacktllacker tri~s all possibl~ privute keys. . .. . .. . . .
Oil ' i.e. tries ' to factorize tho prt>d u:ct of
twb pthtie '' n
·.:\i \ : '~ 'th~ tnatt tAr nttncks : ~Ack
.
ers nttacks
.,,, ··~\ll\tbe1~ ; ·
ithm. ·
i :, .
, ,. i :,:: :;,lh:\lfig11ttacks ·:it totally d~pends 011 running time of decry' ption algor
' '
~-.': ,:·, -~i:/ ''l1t.~¢b Clph,i text attack : ' '
,U~k~t trle:s to _attack on .tti~ prope1ties of RSA algorith~ . .
. . _:.'_·~.- ·_·:--~w ···~·;.,.:·· · . . : .
' ·-/ ... ·Q. ti:.:· · Oeffr i~key ganeratlon
.
1
~ .. . - . .
. ,_ . . . ': .

·•·",'tJ.'•~~•'.
•, ' ·,; ' JJI\,-
symmetric or asymmetric key cryptography.
• •' I • I

·.·. ' Rey gtheratlon is the process ge~erating keys using

key bit·generator which uses the functions of
. , ,· The key eirurbe generated using random or pseudo-random ndom DES keys.
a' . .'. : ~~,x~otds~nd PlNs: It is standard (ANSI X9.17)way to generate pseudora
,.
> .· ,' • • '
'Q:g
' •
> -'.lllU$trat,( Diffi~ Hellman .key exchange algorithm with suitable example,
•~
~ • .' • ";" •' I > ·•
•

...
n as Key exchange algorithm or key agreeipent
... - . . ., ,' ,-.· . ' . ~ .

' ·,:: '.: ·. :.' ? The nun~ 'llelima:n algorithm was widely' know
in 1976.Diffie Hellman algorithm is used
:_;;~~ orjthfu ~evelopM b1 Whitfield Diffee and Martin .Hellman er as well as receiver end so that there is
· ' . ' :,) d. ~r~t~ (symmetric) private ~ryptographic key at send
.. •.
s~e
.
:~on~ l6 ti'ansfephiskeyfromsendertoreceiver. . ·
used· only for key agreement ·not for encryption Of >
· ··. :: -.·. :: · Rei11ettiber.that Diffie Hellman algorithm is
to ~ommunicate with each other they first agree on .·
··. ,- · ~ deceyption rif-tnessage:: If s~nder and receiv~r want
later on they can use this key for encryptio~ or
, · the ~ ne key~generated .by,Diffie Hellman Algorithm
..:·· ~~pti~µ~ Let us start \Vith the algorithm:· -... . . . -
;;
)''.: ~ ~i~t.'OJfff~Melfman:Argorithm ='- ' .. '

~;::,:}~,/"·~1~;2~~trt"!ll~hrf~t~ cr~~nicate \Vith Suresh they must on two IMgO agree ,;

ft)ttf
};~ ~;her ~.·.~d_c~cul~.Rs.~~h.that..
tit;r:[t;i: :e,: d:~~reg:i:~
. .·: ,: ..
·1 1f -::P.;
eshs ends this.:._R ," ,.~•
to sures...:,h.~:.,_~•• .;;":•:·_-.,: ~:,- ~=-.~-·,. ;•· . . : :· -· .· -· . , .·. ·.· ·. . . t ?!:;l
~f/ .·,:•.:·,;'·-:/:~:.·ltrun .
\ :• •,
·;·.·~-.>\ ~~-~-
·. ~_:_:.-.:·-.·~-· ·
-~:.·.:\:.,.>~ ~~.--'
.. ·
!· .-:f · \ ;
··· .__,... .,:·· :: .. : :..· :.:· ,_>·,:''. ~
~ :
·- _ ·
::_~.'.·:_._, ~.. .·_'.

sele~ts:~~he{se9ret:large r~ndom,.integer number b and calculate s

such -. ,,_ · ·' -.. . , . ..· ... .·. - · ,
; ...~i
/:?rf:~(>;. ~u~ h}ri,depeiiaently_

1 ,:1
i;tl:('§~(i}:}~·':i ~~,P:C'\:\::,,(/ ', •.';:',_'. )': i·.,:·•·..••· .•. , . . ...
7 .,
· ..-·. . '· .~;..
the numbers to Ramesh. ··.··:•. ·.: :,: •·-;.:_. ·, '. ... :- ,,•"·, .·' ,,
'
_;_·S ~_sJ,end~ t

~~
~. ,>·,,/1-(:.:-·-:,,:: ~\> , ·.:·, ,',· :..:'., .' .
.J_
<., _.,-.
b;·usi~i·R~'-~s4:'Jtidd-
• ' -' .~ •
~.-::..
.__' ;,· \ , .: , 1
-"""' ~ •1,:• .,.., ,• 1 · "-J r•- ••" , ,,:"..· 1

·hls s~c'riti~;~
\
.. ,
' ,'• ~' • · ~ ' .

.:·f;
• "
~ 1' •• ' ' {•

:-,:N9'~v.Rafue~h'J~icrucalatin~
J • •-

/-'.\/ _-._,-:
"' . · -. :• •

'~,:·,. ,_
r' • ••

i'.:..'-i:J<F:~
,._-._ ,:·,;,>-?~,~":·/::',;·_..·>>: ~-:·-·:-·-:, ·!_>.:~<
\?::/i _\:/~'::'.\:>;: ·'..;.1 -:· •. \ _ '.-._. ,~'. ':
~ 1.~-~~~ula~ng his-secret key-SK by·q~mg ,_--.. > . , .:·...-,. ,
·
> _· ,: .-,

:. -.
·:-_ __--: ~;: ;·:::2 }:-.~: ·,. _-1 :,::,,:,•· .Y.;· ._
,:
; i: :·t·~<·\ ·i;;;,/~~

Scanned by CamScanner
 4.7

C
.
h
an
d S stem securl
.
.
MU)
uresh can agree for
. ation called as key agreement
future cornmuntc -
C

1
If RK = SK then Ramesh and S
algorithm. . . . called symmetric key).
. R - S - K hence proved. (K u,
'
:,I
j .
We have K- K -
bcrs say p = 17 and q ~ ·
7
. For exampl~: .
t o large pnme num R h that
Ramesh and Suresh are agree 00 w . . _ 5 and calculate sue ·
l. dom number 5 1.e. a -
Ramesh selects another secret large ran
2. . • d 7.5 mod l 7 = 11
R = q mo p=
= (7 X 7 X 7 x7 X 7) mod 17 = 11

3. Ramesh sends number R to Suresh.

. 3 1. e b = 3 and calculate S such ~
4. Suresb selects another secret large rand0 m number · • • .

s =· qb mo~ p = ?3 mod 17 =- 3
_ = (7 x 7 x 7) mod 17 = 3
5. Suresh sends number S to Ramesh.
6. Ramesh now caJcuJates its secret key R" as follows :
5
. RK = Sa mod p = S mod 17
5
:. RK = 3 ,mod 17 = 5
= (3 X 3 X 3 X 3 X 3) mod 17 = 5.
. '' Suresb is calculating his secret key SK as follows :
7.
SK = Rb mod p = R3 mod 17 = 1 i3 mod 17 = 5
8. If RK = SK then Ramesh and Suresb can agree for future communication.
9. We know that if RK = SK =K =5. Hence proved.

f a. 6 If generator g = 2 and n or p = 11 using Diffie Hellman algQrithm solve the following :

. 1
.I (i) Show that 2 is primitive root of 11
(ii) If A has public key 9 what is A's private key ?
(iii) If.8 has public key 3 what is B's- private key ?
(iv) Calculate shared secret key, \-14♦4•5@
Ans.:
(i) To show that 2 ls primitive root of 11 :
In general terms, the highest po sible exponent to which a number can belong (mod n) is Q(n).
Where Q(n) is caJled as Euler totient functi on whkh states that how many numbers are between 1 and
n - l that are relativeJy prime ton.,
According Euler"s t.heorem :
Jt:states that for every a and n that are relatively prime.
If at(n} = 1 mod o
casv-solurrnns :..

Scanned by CamScanner
 . . ·. , ; ·
,>. •.··. :o&e!o/ and 5ystem ·Security (MU) ·
:· :;'1'..-ie, .. ·. ·. .
As·mentionin (i) :
a= 2 and n = 11
Cuc ulate ¢(n) i.e.. « 11) = { 1 to 10 } =
10

Acconlingto Euler's.theoren1 +(I\)

n - 1 mod n
2 Ill = 1 mod 11
. ,, _,.. _; ,'

1024 = 1 mod ll

. i c.' 1024 mod 11 = 1 and

lmo d.11 = 1.
Hence 2 is primitive root of 11.
. fd) - ~•A' 1w public key 9 p.rh'Bte key is : then
. I. . Say A as Ramesh and B as Suresh.
Representing g as a q (i.e. g = 2 = q)
.Using Diflie Hellman algorithm
2. . · Suresh now calculates R such that
·;. • :,.
R = ,t mod p [Here q =2 and p = 11]
9 .
= 2 mod 11 [a is.9 public key]
R = 6·
. Ramesh now sends R to Suresh.
3.
number) Suresh calculates S such that
.. [Iii) .· Suresh has public lrey 3 (it's random
S = qbm odp =[q =2, p=l l , b=3 ]
. b . ~

, .. : S . = q- mod_p_= 2_· mod 11 . ,.

S = 8
Buresh.now sending S to Ramesh .
· (iv) .No~,~e sh and .Suresh c~kulating their secr
et keys individually: .
. 1. . . R ~ calculates it's secret key RK as follows:
.[S = 8, p = 11, a= 9]
· ~ - = . s•moop
9
· ·:·\·· ,-
- 8 rnodl1=7
.. ' : .2 .. •·-~ h calculates it's secrete·key S~ as
follows:·: .
.. '
.· ·sx: ·.= Rbmodp ·
3 ' .
-• ... - 6 mod 11 = 7
• '·
' ., •

·. ~~-secret keys o( Ramesh arid Suresh ~ ). •., .·' .·

. .. .•: '. .. ~- . . . . . . ' . . .. ·.
. ·-
. . . . . :' . '. .

Hence;......:::....;;:;:.;;;..;;;;..;,;=;;;..;..~
'' . .·

,.:!'',j_• _:, :,.• '

;~ · - ~11, 1w,1m1 ■..,,t

... ·. .· .., ~ ~, ' . ,' ·.
>- .-- " .

Scanned by CamScanner
 --- i,9
~ -~ ~: - - - , -/e Hat/n.,_., _ ,
,__ -entione-d.In Dif e 8-a _
f ,,
p· S'""ll'lo
- io:'i.1'.1
1
U . ·-, not•
tlo ,; s-' m and p
q -
sam _
-18 _ - "-.''la czetc
M t e,
·s,..,,
~ ) 1 /fY - ~D
' ·
r : r1'1"tlnQ • u ·p de_ n-o·
. ·
= '
fiffl ·
.
=•otv~'1Jno'Yr,o -u _ C/in..
2, eaci, "V8e ,•<,, o-•..
11od .. . - -, ·; ; ;,".\l/@ f h , a - : :
- -
, t -
"" • -..i~".,..1,,1. . ..... .. - - - -
f
g e w here P
= 13 , g (i)
b
-
,n--- l• • --. ha n
- -- -·_ > •. - " k y exc _
& ~ -- .
- -,, I'"• H1,1,./m8 and 1 n • 1 1 ,
(ii)
.. 'U ' - ~
UnIg
"' b
I a. ,nmum
/4- o
t .. ,
IO,,. llii
I n d nII
o dltond
.1 . t k e y ? f a n~a r.,,
o. r lAf<f hit,, common , . o , umber, ?
l t 9o
if he sees P, ~ (iii)
W r e t n l ru n
their ,.c e f, 0m pro
to- co
Case
(I) now/ e
_ d 9
r m g a in any k
anhalnl Il!IWIH»
(Il(Il)I) C W how?
1 ,"YN,ahow
1 'th
m,
-
H e ll m a n algon
le
An&: ccording to Diff d B as S u
~h
A s h a n
ame
e t u s sa y A as R
and g =
L 2 q,
Als o p = 1 3
d en o ting g as
e are
o u r e x ample w
Here in 13, n.
. · . p _=
l lm a n aJ11on11u
e
q = 2
.
usin 1 1 Diffie H , 2.
b = 11 by 1 3 and q ,
=6 a nd p = beca
o ted as, a J ri m e numoo,. t
t n u m ~ ,. d e n
t w o la r g e J
te R s uch tha Sure
Ser: te -0n uJ a
a n d S u r esb 118i'ee . a = 6 and calc
1. Ramesh n o th er secret
IJO
: 6 , p : 13]
/ei : ts a =2 , a
2. Ramesh se q ' l l lodp[q
R = 6 od 13
= 2m
2
R = 1
to Suresh te S such that
ds R Ja
3.
Ramesh
sen
"' I J and calcu
b
4. m Dll11]ber
e,•la rg e raiido
" ' 11 , p " ' 13]
th b
!et;ts ano ad p [q
"2,
sllresh se S " q m
1
lOd 13
== i1 ll·
S :: 7
C
S to Ra11}esh.
5. n
SlJtesh se .
ds .
key R as fc .i1 . ·
t
6. R
Jc uJa~ it's Becro I(
Oi OWs . R
w ca
lllnesb IJO 0d [,S p ,. 13] R
:: s4111
RI( 7, a:: 6,
P . "' f
. 6
d 13 E
::: 7 lllO
-
.
. .·,
== 12
.7. .. .,._ · · Ric ting hi
S11 .. alcula s as £011 OWs: .
- ~ , , is C s Becr et k e y
· IC
b d p (R - 12 ,p:: 13
]
- S ::: R llllO ll0d13 b : : 1 1
{ . I(

~~::~~~~- 1
- '

iffiiP•ifli~~ :: 121
--- - . -
· .
·- ·llltJiifi1
~
Scanned
:
· ··. by CamScanner
 4-10

. ography_and System Security (MU)

_3lP1
SK = 12
csh and Suresh is
,Sh are d secret key of Rnm
RK = SK= l2 [Aa ndB =l2 ]

(ii) Secret numbers of Ramesh and Suresh are

R = 12 and S =7
en. [Here g = q]
(iii) If intruder m knows p, g and a, b then what will happ
Case I:
Value of p, q, a, bare known tom represented as
m Suresh
Ram~h
p=1 3,q =2 p = 13, q = 2
p=l 3,q =2
Use Diffie Hellman algorithm,
t random numbers a and b.
After selecting large prime numbers,Ws time to selec
Suresh are,
The secret random number sel~cted by Ramesh and
m Suresh
Ramesh
a = 8, b = 6 b = 11
a= 6
Case 2:
bers say a= 8 and b= 6 as his own -secret key,
Consider mas intruder selected two random num and
as he "intercepted conversion between Ramesh
because he wants to ·calculate value as R and S,
Suresh
Ramesh Intruder m . Suresh
13
R = qa mod p R =qa modp S =q modp
6 • 8 11
= 2 mod 13 = 2 mod 13 =2 mod 13
= 12 R=9 S=7
b
S = q mod 13
6
= 2 mod 13
= 12
Case 3:
Suresh and intruder"m
FoJJowing are the values available with Ramesh,
. Ramesh intruder m . Suresh S
. R'= 12 R= 9,S =12 S=7
Case4:
-
m sending his own R = 9 to Suresh instead of
Ramesh sending his R = 12 to Suresh but intruder
again intruder m sending his -own value· of S =
12 to
R = 12._Suresh sending his S = 7 to Ramesh, here iving
aware that which values they are sending and rece
Ramesh. In this case Ramesh and Suresh doesn't the riew values with
{Intruder m sending his own value·· Because of his interception]. Following are· · ·· ·
· · ··
· Ramesh, Suresh and intruder m.
Ramesh Intruder ni Suresh
R=. 12, S=7 s ·=7
. R= -12, S=l 2
. -R- 9
_
--: litB!JS:4iMid•riiii
Scanned by CamScanner
 ·. ·... ··. ,:.,··
..~ ·,. ·. :
·. ·,'
.,·· . ,• .
,, . :__ . .. . '
_

~ e n d ~ SecUrity (MU) t keys

- aJculating secre ·
resh and Jntroder m c f
Case S •• Based on abo\'e values Ramesh, Su Suresh . (
Ramesh 1nuuder m - 11
S 7, R = 12 R 9, b- = =
S =12, a =6, 13
p= 13 a 8, b 6, P == 13 P == = =
~ =S*mod p SK == Rb mod 11
= 1i6mod 13 RK=S*modp :911 mod 11
8
= 7 mod 13
SK= 3
=3
SK=Rbmodp
6
= 12 mod 13
=1
CMe S : Man-in-the-middle attack

Think: what is happening ·7 Ramesh is thinking that value of hi~ secret key is and Suresh
~so !
thinking that value of his se.cret key is 3. But actual communication is mtercepted by mtrude
m. Dunng
real communication between Ramesh and Suresh inttuder m sending his own secret keys
to Ramesh and -
Suresb. H Ramesh sending his se.cret key RK = 1 to Suresh because of man-in-the-mid
dle attack.
Intruder m sending his secret key Ric= 3 to Suresh. In return Suresh is sending his secret
key SK= 3 to
Ramesh, intruder m sending his se.cret key SK = 1 to Ramesh.
Both Ramesh and Suresh not aware that communication intercepted by intruder m such
type of
· -
anaa is called as man-in-the-middle attack.
Q. 8 State and Prove Fennars theorem.
Ana.:
to
Fermat theorem plays an important role in pu~lic key cryptography. For this theorem
~ d o n e has to have_ ~owledge of Prime number, Co-prime number. prime factoriza
tion and
GCD Le. greatest common diVISOr that bas already been explained in this chapter.
Theorem:
For any prime number p , a is the integer which is not divisible by p the~
aP- 1 = l(mod p)
: ... (1)
A variant of this theorem is

Hp is a prime and a is a co prime top (i.e gcd(a, p) = l) then,

aP = a(mod p)
...(2)
• .
Basically this theorem is useful in public key RSA and Prunartly testing.
Let us have a = 3 and p = 5 then as per the above theo • Eq · . ·
- rem m Uation (1)
3s-1 =3 • ~ 81 = l(mod 5). . we have

Since on dividing 81 with 5 will have remainder 1. ·

r.as'J-S UIUllll llS

Scanned by CamScanner
 • 4 • • - ' • • • ~ , ,.

.
.,. ~

···: w ~·,.:~&.1!: ,. .,·.lfm·.fllf!:;~:-\ lf'•:.li .''~, .,. ,- .

kt& z)· · ·dtfi -11,:i;,,.. · · ·
.
: • .:... • ~ r • " ,.•:.
~
,1,.;•: :,,. -·::~
{~>-.· ... . !•• 111•~>
. !:j ••

':. ·_.,.
'; ·_:;: .
4-12

-
cryptography and System Security (MU)
Hence proof above theorem.
Considering another form of theorem in Equation (2).
Let us have a = 3 and p = 5 then we have
5
aP = 3 : 243.

Now we calculate 243 mod 5, we will have result 3.

amo dp= 3mo d5= 3
5
Hence, 3 = 3 mod 5.

□□□

tit■ D1Mdiiiilliiii
Scanned by CamScanner
 Chapter 5 : Cryp tographIc H
18 h functions
.
. sig
51'
(3:

Q. 1 Explain etyptographlc hash functton as

Ana.: as has~ value _h) is
process of transfomung input message m into a fixed size stri~g (calle~
The
g funcuon applied on input
called as bash function and it is denoted by H. Here h is the output of bashin
mes.sagem...
h = H(m)
to modify the original
Hash function protects the integrity of the message. If attacker tries
identifies by applying Hashing
message ~ the contents of original message ·may changed it can be
algorithm. The ~ t popular bashing algorithms·are MOS &
SHA. Following sections gives details on
MD5 andSH A.
on : MOS.
O. 2 Explain cryptographic hash function criteria. Also write short note
Dec. 2012. fvla 2015

AnL:
ary length and 128 - bit
It w_as dc~o ped by Ron Ri~ t This algo ri~ takes an input of arbitr
~ digest is produced. The mput m~sage 1s
p~uc ed in 512 - bit blocks. Fig. 5.1 shows
ins ~e procedure of MOS.
processmg of a message-to produce mes~ e digest Followmg steps expla
Messa ge
Padding bits 4
(1 to 512) (nmo ctel )
L• 512 bits= N•32 bits

J ~•-- - - - - n bits --- --. .1• 1

I
1,
I'
Message . :· . -:

j.- 512 bits+ 512 bits -.j ft- 512 bits ~ t-- 512 bits~

IV
' .. ~ ' .. -
.,_
128 bits
massag,
I.· · digest
Fig. 5.1 : Detail steps of Messag
' I

Append padding bits : e Digest S Algorithm

' (1)
· . · .
. I' . ~ mes~ e is padded to _make the .length of .-
The .-
·.
.message 1s 64. bits less than an integer multi 1 ·r message is 448 mod s12
followed .bY O.bits. The length of padding bits
(Ja_ · . ,
is~~
512· The ·padding mess~ge - le~gtb.of ~e pad~
t~een 1 to 512. consists a single_I-bit
1: :J s V · S II 111 I I II II S
-
Scanned by CamScanner
pa .

~:, 't:Y and System Security (MU)

5-2
...
~
1"·--~\
(2) Append imllb : .

64 bits oforiginal message is appended to the .result of above step i. It is append

ed such that least
1'i-
·;;:,;',.
·
ge of integer multiple of
· significant bytes to most significant byte. The output of step 2 yields a messa
is L * 512 bits. '
512 bits. As Mo, M,, ... M.q ... ~- t· The total length of expanded message '

(3) 1aitia1b.e MD Buffer : ~,m

. :t::r ,.

,~••'> ··
~~!;~r
A buffer is represented
A 128 - bit buffer is used to store the intermediate as well as final result
~i.::::

~ four 32-bit registers as P, Q. R, S.

P = 67452301
j
Q = EFCDA1389
R =.98BADCFE
S = 10325476:
It used a little - endian ~ - Hence initial values (IV) are represented as,
P = 01 23 45 67 .
Q = 89AB CDE F
R = FED CBA 98
S = 76 54 32 10. ·
CVq
{4) Procea Message in 512-bit {16 word of 32 bit) blocks : Mq 128
It consists of four rounds of processing as
shown ~ Fig. 5.2. These four rounds have similar
strucmre but diffel" in primitive logical function
refen-ed as A, B. C, D.
Each round takes input 512-bit block,
processed it and produces 128 bit outpu t The output
of fourth round is added to the first round CVq to
32
produce CVq. 1 using addition modulo 2

. .
CVq+1

Fig~ 5.1 : Four rounds of MDS aJaorithm .

.

easy- so1u1 1011s

Scanned by CamScanner
 1:1111 :; 11·;. •

'
:;a1
' 1

~~ .\
,: 1
',• . I
l
I C1Yptography and Sy1tem Seour1!Y (MU)
·1
i
(5) Output : digest is produced as a output.
After proce111ing all L 512•bit blocks, the 128 bit message
The entire MD5 process can be summari
·ud 88 follows :

CVO • IV [ M CVq ] J ] ])
CVq+l • Sum32(CVq, Rfd [ Mq,Rfc [ Mq,,RFb [ Mq, Rfa q,
MDSSum • CVL
Where,
IV• the initial value of the PQRS .buffer, mentioned in ste P 3
Mq • the qth 512-bft block of the message
CVq • the chaining variable processed with the q-th block of message
RF • the round function using primitive logical function a, b, c, d.
MDSSum • the final hash result or .message digest
Sum32 • addition modulo 232

Q. 3 Explaln cryptographic hash function criteria. Also explain SHA-1 and different steps of working
of SHA-1. Dec. 2012. r,.la 201.;

Ana.:
The SHA was developed by NIST in 1993. It is referred as Seeure Hash Algorithm- I. SHA - 1
takes an input message of a maximum length less than 264 bit$ and produced an output of 160 bit
message digest. The overall processing of SHA-1 is much similar to MD5. The processing is explained
as follows.
(1) Append padding bits:
Padding means addition of bits to the original message. To make length of original massage to a
value 64 bits less than multiple of 512. The message is padded to make the length of message
448 mod 512. The length of the padded message is 64 bits less ~ an integer multiple of 512. The
padding message consists of a single I-bit, followed by many Obits as required. The length of padding
1- bits is in between 1 to 512.
,j
(2) Append length :
A block of 64-bit is appended to a message. 64 bits of original message is appended to the result
of above step 1 (Original message+ Padding). It is appended such that least significant bytes to most
significant byte.
(3) Imdalbe MD5 Bulfer :
· A 160-bit buffer is 11sed to store the intermediate as well as final result The buffer is represented
as five 32•bit registe.rs as P,.Q, R, S; T, as. .
P = 67452301
Q = EFCDAB89
R = 98BADCFE
S = 10325476
;. T = C3D2ElFO .
:~

.,; · . t,.i@Jt,►ii@N■Ni■ID
Scanned by CamScanner
 5-4
)
~r ap hy and System Security (MU

ian method. First four registers are same as MD5. These five registers P, Q, R, S,
Jt uses a big-end
Tare represent.ed as,
P = 67 45 23 01
Q= EF CD AB 89
R= 98 BA DC FE
S = 10 32 54 76
T= C3 D2 El FO
16 word) block:
(4) Process message In Sl~ blt s (32 bit rred as Fl. F2,
h as shown in Fig. 5.3. These rounds refe
It consists of four rounds of 20-step eac itive logical function. Each round take
s
ctur e. The se rou nds used diff erent prim
F3, F4 have similar stru output. The output off our th round is add
ed to the
ck proces sed it and pro duc ed 160 bit
input 512-bit blo
s an additive constant 1'i, where OS + S
79.
to produc e CV • Eac h rou nd also use
first round CVq q + 1

K1 = 5A 827999
~ = 6 ED9EBA1
Ka · = 8F1BBCDC
~ = CA62C1D6
. (5) Ou tpu t :
the
After processing all L 512 bit blocks, 32
J(j() bit message digest is pro
duced as output. The
forward ---_-._ . _1,K,W (0 ... 19] ·
SHA compre~ion function uses a feed
q input of r-- -wi: · . · 20 steps
operation where the chaining v~a ble CV
ained (last
the first round is add ed to the output obt P. a
step) after execution of 80 steps to
produce the next
. 5.3.
chaining variable CV q+l as shown in Fig

t , .... . .
. ·,-_ .

;-_;::::,·,·. ·_. 20 $p s . ·:,.

160

cvq+ 1
orithm ·
Fig. 5.3 : Four rounds of Secul'e Hash Alg
-
.. ~lliiiiUtl•tiiilltN
Scanned by CamScanner
 ~-('v,l
d . l 'th the first block in a chaining mode
• , ,tilt valUt m tM PQRST buffer, used to ea W1 .
. tht qt1' S1Mit block of the message ·
~- the ~ining variable processed with the q-th block of message
ft(:__ - ) • output of the first round consisting of 20 steps
___ l • outi,ut of the second round
BL __ ] • ooti,ut of the third round
-k (_ __ J• outi,ut o'f the fourth round
~,:.::;;;;~ - addition modulo 232
• the final hash :mutt or message digest

Q. 4 Con:pare and contrast SHA-1 and MD-5. Dec. 2012. Ma 2013

I
Bothve derived from MD4
SI-.. No.
1.
, . B0 th are QUl'te smu
,,
:>
. .-,--
· ·1 ar. They differ from each other
·._ s~:•··,·:_·- "I}> .:·<::·,.: -~. .
, .. ,
..
in design goals
. ...
,: ~~.

· •. .
-
,,

It u~ a 160-bit message digest. Hence It uses a 128 bit message digest. Hence it is
. :.·
.. .·· .
.,.. -.-•-

., .•.•~"i';-:; .
,

it is stronger against Brute -· force weaker than SHA-1 against Brute - .force
attacts than MD5. attacks.
' 2. SHA-1 is not vulnerable against MDS is vuinerable against cryptanalysis
' ayptamilysis.
' .
3. ! SHA-I is $lower than MD5. MD5 is faster than SHA-1.
4. h ~ big - endian method to represent It uses a little endian method to r e ~ t the
the message. message.
5. SHA. bas 20 rounds. MOS has 64 rounds.
.,

6. Bit rotation counts for SHA-1 are the In MOS each round has its own bit rotation
same for all rounds. counts.

Q. s Write short note on : Digital signature. - Dec. 2012

Ana.:
· o.gital signatures are essential in today's modem world to verify the sender of document's and a
bis idmtity.. A digital signature is represented.in a computer as a string of binary digits and computer is
using a set of rules and regulations (algorithm) to identify.the person signing the document as well as the
ooginaJity of .the data. ~an be v~ed. A digi~ si~ature -is defined the -sign~ture ge-nerated
dectrooically from the digital computer to ensure the identity of the send~r and contents of the mes.uge

r- P.a~y-sOIUIIOJIS

Scanned by CamScanner
:'r--
r:
r; ·, .&vptogr$hY and Syatem Security (MU)
' s-a:
f.-: · .:not be mo_dified du~in~ transmission process.·;Digital signature _techniques achieve_the a~then~icity, _
i · •· te · ·ty and non-repudiation of the data over Internet.
_ _ _ . . . ___
.-m gn Concept of digital signature is that sender of me.ssage uses ·a signing key (Private Key) ~o s~g!1 a
_the message and send that mes.s~ge a~d its digital ~ignature to a receiver over ins~ure com1?~01cation _
·channel. The receiver uses a·venfication key (Public Key) of the sender only to ve?fy _the ongm of the
• message and make sure that it has not been tampered with while in t_ransit as shown m Fig. 5.4. _.
Hash value of a message when encrypted with the private key of a person is, his digital signature
00
that e~Document. Dighal signature is an example of asymmetric_key ·cryptography which uses three
differenralgorithms to complete the process. _
. 1. _ First.st~p i~ key ge~eration algorithm which generates private ·key and a corresponding public
key. .
2. Next step signing algorithm which selects sending .message and a private key generated i;11 _step 1,
to produce a signature. ' .., ' . ' ~ ' '
3. _ Third step is signature.verifying algorithm which -verifies the authenticity of sending message ·
.and public key,. ·

Sendet . Receiver
• .• ,
, .

. . .. . .

• • ; \ p •

.
. ./
Sender private ·
key (signing key) .
.
' ··.·
'J . Sender public
key (verification. key)

. . ~ F'ig. S.4 : Diglµal Signature block diagrain - -

_. '. - -:· As· mention6d _above the signature is generated with the help of priyate key. - Toe - private -~ey,
which .is never shared, is ·used in signature generation, known.to sender only. Public _keys, whlch are
. known .by everyone, can be used to verify the signature of a sender. Every·sender and r~iver having a
private and public key pair1 the reason digital sig~atu·re called public-key'cryptography. • _- ' · _
.. . . '. .. , '

~ain_qiffere~t authe~tication methods and _protqcots: ·, .,

Exj,_
--._-._·~_-. Ana... ~·.__. J-_ ... _•.,_ •• •• , ~ :· _, : - - f. _. ; . ..· ___, . . _:_.-•,; ~. -. _ I ~ , • •

.' , ·.. :·· --.- .: ,-: _ , _. . - . .· . ,._.-·~:.:;:<t;::1\~:- . . . . •' - ·, _ · . : - - . · . . .,_ , ,

i.-::.-::,.•-:~uthentica~for( m~hanfs~•:;,;Ji·e_lp '·. tc{ "·pro~e the . identit}'~of ·the: sender : of : the message. .·
:· ·-·_Authe~tj:~atio,n. mechanisms ensure that who sends f.!l~-_m~sage Le. origin ·of an -electronic message·is
i ._ -_corr~tly1dentified. . ···- ·_- · . --.:- · · ··· ·- :'- •:- - --- . · - ·--- .. -,. -~ .·.. __ - - · ·- -- ·

·:._-•-·· ·.:·;•.-~--·00·~~w~r ~~th~~fi~a?6~_-·~eier~ 'to'th~~i~~h~~~~i,ion ~f ~J; ·ri~e·:~~d·,~f c6~uni~atio~ -~~ers. F~r -1

_:._~.:J~lllple;_ On7•';ay :~ut~-e~t~cationJollows __t~e: fl(l.w: -If there are two user A and_· B -wants t<>' :-· - · · · · u~ers.
':' ' . .mm:um~~~.WI$ eac~ oth~r user B authenticates .u~er A. but user .A cannot authenticate user B. This
·~.t ~rp~ess ~le_d one-way ·a_uthentication. Fin~ly the·integriiy and originality of message is co_nftrmed;__ .~t-
-:': ::'.- ~_liiih14iilkt!i■1•1ii- . ·- ;·.: ' · .
' ., :...':·-;_.:.< ::. ' ', ·:;_·_< .·- •~_:. >·-.·:.: . /,_ , : :.. :.:·
Scanned by CamScanner
 ,..
,. ' '. '. [
....
CryploQ:e'J and sr:11111 SICldY (MUI aed to pve .irenpli for ,w!hcn11t:•ll•111,
f authenticatlOO mechanl•ma u d i• the .,ample of (Int W;t,,r
There are different fac'=la ctor autbeftdcatlon, Pu1w~ atern fir•t uk (()r a UMcr mu™' •nd
First method ls kno~ni 81 methln1 that we tnow. Any operadn !.: _,, If the pd1word1 m~t.ch.
authentication because t 8 80 •n a password table ·
n,1,
then for a password. ·1t then looks ~ the name • sword 11 used for each 1011n.
is known as a nuable ,_word ••nee the same paa thendeation• Wlthdtawloa Ci&Ah
S d method of authentication is known 81 two-I = :r authentication pre8Cnt the A'l\1
from an·~ machine la an example of two-factor authe~~w) or, u,e of one-dme
card (something we have) and enter PIN (something we
,_..,orc1, - a new
·
password must be used for each loaift.

Q. I Explain mutua1 authentication,

AM. : . • Mutual Authenticatlon u a

Mutual authentication also called 81 tw~factor au~n uc:r mu,t prove ita identity to a
security mechanism used to authenticate sender with the receiver. ted threat ,ent betwun
receiver, and the receiver must prove its identity to the sender, before any unwan
the sender and receiver. ·
For example : If sender wants to communicate with the receiver over networkt they muat fir,t
mutually authenticate each other.
Meaning is that w~ sender A sends confidential meuage which is intended to receiver B. If B
can decrypt the message using A's public key, then B has verified that the meuage ~ginate d from A.
Both communicating users ·(sender and receiver) are verifying each other i.e. mutual authentication
mechanisms helps to verify identity of the .sender. The 11101t important application of mutual
authentication is that communication between client machine and server machine over a network nwst
be secure before performing any data sending and receiving process.

Q. 7 Explain role of key dlltrlbutlon centre In symmetric system.

Ana.:
In order to achieve mutual authentication there must be certain provision of some protocols
. which suppose to verify identity of the sender over an insecure communication channel To achieve this
goal most of the protocols depends on an authentication server also called Key Dlltrfbution Cater
~ - If sender A wants to establish a secure ~ o n with receiver B, then A can requat for
1e1don key from Key Distribution Center for communicating with B. If group of people ·wants to
securely communicate with Key Distr i~ ~ter then providing ~very group member a aingle key
. called ;a mut.er key or NCnt key. Authenucauon serven are capable to deliven good quality sesaion
keys and distribute securely to client who requested it.
Authentication server also maintains a table containing a name and a mNter key or aecret key
·of.each client The seciet key is used to authenticate client ·to the authentication server and then for
•urely transmission o~ data between client ~d the authentication server. There are different protocols
are ust<f to perform_this task but among this the well known protocol called u Nembam-Scbroeder
Protocol. .
Q, • Explairrthe NeecllanvScttroec1er Protocol tor eecret key distribution.
. , l ;·

Scanned by CamScanner
 5-8
,. . .~ y and srtem Security (MU)

;. ~ t mutual ~uthentication protocol was published in 1978 by Needham and Schroeder. This
s purposes that includes secret-key and public key generation and
· 1be ll'Sproposed for variou
approach was . .
.t. (iistrit,ution of those keys between sender and receiver.
N~a m and . Schroeder protocol uses a secret key known to the
sender and . als~ to _an
'
commurucatton with
authentication server. Sender and receiver share a secret key and use it for secure
authentication server.
Slept of Needham-SChroeder Secret-key Protocol :
ion with receiver
SteP 1 : . Sender A requests for a ~Ion key to authentication server for communicat
es A's secret
· Bas shown in Fig. S.S. The message sent by A to authentication server includ
is basically a
key Ka, A's network address Na, B;s network address Nb andanonce. A nonce
request sent
random number used to demonstrate the freshness of a request denoted by N. The
by A to authentication server which is in encrypted format E denoted by,
E (Ka, [Na, Nb, NJ) -
.

Step 2: Authentication server returns a messag e, containing a newly generated key Kab (used to
the response
encrypt communication between sender and receiver), nonce N (to match
same shared
received from authentication server with the request sent), ticket (contains the
key Kb and
secret key Kab, as well as the name of the ·sender A) encrypted with B's secret
that no
whole these message encrypted with senders private key or secret key Ka to ensure
be expressed
one else can read it. The message that authentication server sends back to A can
as:
E (Kah, N, {A, Kab} Kb, B1 Ka
ticket and sends the
Step3: After receiving replay from authentication ~rver, sender decrypt the ted fonnat
ticket {A, Kah} to the receiver B. A sends the ticket to B which is not in encryp
Kb . .
because it was previously encrypted by ~thentication server using B's secret key
(A, Kab) Kb .
compares sender identity.
Step4: B decryp.ts the ticket received from A using the secret key Kb and
B is again encrypting the ticket using shared secret key Kab and
generates nonce NI and
sends it back to receiver. This can be represented as
E(Nl) Kab
In this ~te,p :B got the seaion key (Kab) for communicating securely with A.
the senders
Step5: Sender is. deciypting the nonce NI; using the shared secret key Kah this proved
identity. The sender sends ~pon se N1+1 encrypted using the shared secret key
Kah.
·B(Nl +l) Kah.
other using session key
· Step 6 : Now sender A and receiver B can securely communicate with each
generated. ,. . .
not possible for single
- !he. main weakness of this p~~ l is that for larg~ networks it is
is practically not possible.
.autbentioatton server to generate and distribute number of session key ~hich
B is stolen, and the ticket
. · . Another weakness is that if session key between sendei: A·and receiver
to 1:t 1u·ecorded, attacker can:easily copy the contents of a sender A
by performing last 3 steps. .

.. :, . ~., .
I. ,l S I/ S 111111 I II II S .•·, .·.,·.
•' I
... :,,
.. '. .. j
Scanned by CamScanner
 MU

a. AuthenDoa tJon re~u99f

"-----
2. Replay

Authentication server

er
5. Sender responds to receiv

- Schroeder Secret-key Protoc ol

Ffg. 5.5 : Needham

□□□

:., ..

' ..~ ..... ;

-. .. .

' •' :, ..f ; ->_-! •

· ··.'.

•'· ' •

, ~- \i .. ·
-,.~ ....,· '-~ ··-·~.
~ ·• 7 ., , "';
·- . .
Scanned by CamScanner
 -
c~toaraphY and system security (MU)

Chapter 6 : Authentication Appllcatlons

-
Explain the process of Digital Certificate generation and the process of evaluation of authenticity
of Digital certificate. DfMl•
Ana.:
Kert,eros is also called as authentication protocol. Like when to start in j ~ y we need a
confirm ticket then only we can do our journey safely. Kerberos uses the concept of the ticket as a token
to prove the identity of the user. Microsoft introduced Kerberos in Windows 2000 server. as .a. default
authentication protocol. Kerberos uses the concept of a ticket as a token that proves the 1dent1.ty of a
user. .
Tickets are digital documents that store session keys. Instead of password, tickets are issued
during login session and then can be used in any Kerberos services. For client authentication phase
requires two tickets :
".
Tic~et Granting Ticket (TGT), which act an identifier for user and session key. A service ticket
t.o authenticate user to gain access to user for particular service.
The same concept of ticket is used likewise we use railway tickets it has time duration, expiration
dates after that ticket become invalid. In Kerberos these ticket includes different contents like time
stamps to indicate an, start and expiration time, after time expiration the ticket become invalid. The
timestamp is the time set by Kerberos administrator depending upon how much time service is required
to the clienl
(f) Kerberoa Servers
To accomplish the task of secure authentication, Kerberos uses a trusted third party is called a
Key Distribution Center (KOC). The Key Distribution Center uses two techniques for authentication :
Authentication Server (AS); which performs user authentication.
Ticket- Granting Server (TGS), which permits/ grants tickets to users.
The role of an Authentication server is to store a database like ~ret key of the users and its
~ces. The secret k~y of a. ~ser is gen~rated using. on~-way hash of user provide pauword. The main
-aun of the Kerberos 1s provide centrabze authentication of entire network rather than storing the
sensitive ~onnatio n at each user machine, the sensitive information will be maintained at particular
secure location only. · ·

(II) .Kerberoa Authentication

This phase·is called as Authenti ~on phase because during this phase only authenti ati00 be
done between authentication server, ticket-granting server and service provider. c can

As sho~ in Pig. 6.1 first client and_authentication server authenticate themselves to ~b other.

Scanned by CamScanner
 ~(
~(MU) ~ ~
ene:r:e,anctse:" Authentication
server dee
ke)
foll

en•
co
fCj

all
gt
kc

C
s
s
I

Service

Fig. 6.1 : .Kerbaros athentlcatlon p ~

CJie~t and Ticket granting server authenticate themselves. Finally client and requested service
provider authenticate themselves to each other regarding which information/ service client wants.
(Ill) Authentication Details
During authentication phase user has to provide usemame and password on the client machine
which cryptographically bas)ie4 to create a secret key for the client After client verification done with
authentication server, AS will replies the following details to client as shown in Fig. 6.1. The client
Ticket Granting Sever (TGS) session key Kt, encrypted using clients secrets key .Kc (which now stored
in authentication server). · ,
The ticket _granting ticket (TOT) e~crypted using the secret key of the Ticket granting server. The .
ticket granting ticket includes the client ticket granting sever ·session key Kt and its validity period; 1'be ,
client · now decrypt · the Ticket Granting · Server · session key Kt . using his secret
key Kc..To req~t as service client sends foll~wing two m~age to ticket granting server (TGS). 'fbe
Ticket Granting Ticket and the name of the semce Sr that client wants to request. • ·
· Authentication token which includes. c~cnt ID and ~me stamp, encryp~ using client ticket
granting· server ~on· ~ey Kt Upon r:ecetvmg all the details from ~ent .Ticket Granting S~!!,
V ~ ti I II I I
tlJ t! ii :,, II II S

Scanned by CamScanner
 ~ and System Security (MU) 6-3

decrYPCS the Ticket Granting Ticket using Kt, thus retrieving the client Ticket granting server session
teY Kt and tbc validity of the ticket granting ticket If it is valid then Ticket granting Server sends
follow ing~ to the client
. New client server session key Ksc, encrypted using TGS session key Kt. Client to server ticket,
enayptcd using specific services key Ks, known to Ticket Granting Server only. (Client to server ticket
c:ontaim the client ID. network address, validity period and the client server session key Ksc). Upon
receiving all the details from Ticket Granting server-client decrypt the client server session key Ksc,.an~
authenticate him to service Sr by sending following messages. The client server ticket sent by the ticket
granting server in previous step. The client ID and the time stamp encrypted suing client server session
key Ksc.
1be service provider decrypts the client to server ticket using secret key Ks and obtains the client
SCl'Yel' se§ion key Ksc. With the help of client server session key Ksc, service provider
decrypt the
cliellt ID and time stamp information. To prove the final identity service providers i:.1crement the time
&1lmp by 1 and send it bact to the client The client decrypts and verifies this response using
client to
sena- session key Ksc. Once this verification get succeed, now client - server can start. · Kerberos

,,,•.,.
protocol was specially design to check the authentication of the client over insecure.network.

Q. I Does a public key Infrastructure use synvnetrlc or uymmebic encryption ? Explain your answer..
- . . ' . . .

Ana.:
Public Key Infrutruc ture (PKI) is cryptographic technique used to secure electronic information
with the help of certain techniques such as digital _certificates and digital signature and transmission of
this information securely over internet. PKI consists of certain security policies, software's,
and
eechniqum that are required for key generation, key management, secure storage of generated keys, and
di.mibution generated -keys. A public key infrastructure is created by combining a number of services
and llcdmologies. To complete this technology, there are various components of PIO arc required.

-Q. 3 Lisi the certifying authorities In ·1nc1a and worldwide. Allo list the steps to acquire the digital
certificate.

The certification authority (CA) is a ttusted unit that helps to issue certificates. A CA takes the
cer1ificaie request from owner, verifies the requested information according to the terms and conditions
of the CA.·and uses its private key to apply digital signature to the certificate. Responsibility of the CA
is ID identify the correct identity of the person who asks for a catificate to be issued, and make sure that
the infonnalioa contained within the certificate is legal and later digitally sign on certificate.
· 1be CA may generate a public key and a private key ·(a by pair) or the person applying for a
·certmoaJe may have to genenae their own by pair and send a signed request containing their public key ·
• to the CA for validation. After lbe· verification from CA it ·sends certificate for final verificati
on to
-~ authority (RA).

··G.4 &pla the proceaa of'l)lgltal Cerllble generation and the PfOC888 of evaluation of authenticity
Dec 201 J [kc 701 l
d Digllal ceftlflcate.
.Ania:
.·. .· .·. · Digital certificate is ~ electronic file that is usod to identify people and ,.ICS()Ul'CCS over ~
: •nsiean channel or .•. netwolt called Internet. Digital celtificate also. enable secure, ~nfidential
.·•~ ',_ ~ lJlldiA1AiffilN!iiW . - . ·- .
. . ..
: · . ' .

Scanned by CamScanner
 C
_ . .- -- _ _ tiur ~xampfo when we traveJ to anothe •
1 u1Jn1 ern:rYP'·1on. r- 01 · 1 ·fi _ - t
conununicalion between sender and roce v:,li•h our Jderttit)' f11Jd gain enlf'Y· tg.ita certi 1eate provide
country, our passport provides a woy to C8 -
similar identification in tho electronic worl d, . _ etetiftcatet witb authorii.td digital signature.
'°
. The role of Certification Autbo~ity (CA) • ~ ~~ J• to validate the certificate owner's ~dentity
1 8

Much like the role of the pas1port office, the role of t _ unautbOfju<J user. Once a CA has signed a
0 7
and to sign'' tho certificate 10 that it c11nnot. ~ tampered
certificate, tho owricr can present thoir cettaficate to peep e,
web sites and network resources to prove

their identity for confidential communicution• over ifl8CCure channel.

d' · I certificate The Intemat1ona1 .
A standard called 88 X.509 define• altUCWre . of Jgtta 8how~ structure of X ·
Telecommunication Union (ITU) permitted thil 8tandard m 1998, Fi~ 6.Z . _ • . . -509
digital certificate. A standard digital certificate typically includes a v~ety ~f _inform~on pertammg_to
its owner wid to the Certification Authority (a trusted agency that can issue digital certtficate) such as •
Certlftcate version number. : Identifies a particular version of the X.509. Current version is
X.509 v3.
Certlftcate serial number: Unique integer number generated by certification authority.
Algorithm for signature ldentlfter : Identifies algorithm used by the certification authority to
sign the certificate.
Certlftcate Issuer name : The name of the C.Crtification Authority that issued the certificate.
Valldlty Detalls : The validity period (or lifetime) of the certificate (a start and an end date).

Certificate version number

Certificate serial number
Algorithm for signature identifier
Certificate Issuer name
Validity Details
Name of the certificate owner
Public key of certificate owner
Issuer unique identifier
Owner unique identifier
Extensions to certificate
Certification Authority (CA) Digital Signature
. Fig. 6.2 : Structure of x.509 Digital certificate
-_,~ ·/ Name--0f th, certfflcate owner : The name f the - _ · - . ·. · ·
required fut identifying the owner such as email id ~ CODlact °'::;:,1 other identification information
Scanned by CamScanner
 .£2'.E'°SraghY and ay,t,m Seourto/ iMU) ~5

Public ktY of certldcate o~ncr : Cortlfioate owner'K pubHc key, which iH used to encrypt
confi denda.l
. inforn,aUon
. of the- corUhcatc owner.
Issuer unique ldentlfler :. lndent.ify the CA uniquely i.e. whether Hingle CA signed it or i11 any
CA usins same detnils.
owner unique klentlfter : lndontify the owner uniquely if two or more owner ha..-i used the same
namo over a time.
Extensions to certlflcate : This is an optional field which allows a CA to add additional private
infonnation to a certificate. These additional fields are called as extensions of version 2 or 3,
re,,;pectively. .
· . Certlftcatlon Authority (CA) Digital Signature : In creating the certificate, this information is .:,
digitally signed by the issuing CA. The CA's signature on the certificate is like a tamper-detection seal
on packaging any tampering with the contents is easily detected.

Q, 5 · Does a public key Infrastructure use symmetric or asymmetric encryption? Explain your answer.
I
Ana.:
Basically PKI is the combinations of all techniques, policies and methods of securely
implementing public key encryption.
I
Th~ name public key encryption indicates it is asymmetric key cryptography; hence PKI also
uses asymmetric key cryptography as a basis for encryption

a. & Write.a detail note on: Email Security. ••iM4di•

Ans.:
We all are aware that most popular use of Internet is to send the email and chatting with the
friend's, partner etc. B·ut have you ever think that if we are sending mail to intended person is going in
his inbox only? · Security concerns have estimated that only about one in every 100 messages is secured
against interception and modification attacks. Are we aware that sending an email to business partner or
friends in clear text message is going through thousands of machines (between sender and receiver
before it reaches to intended recipients?) these machines might read and saved the contents of email for
future use?
Many people.think that name given in send~r of the mail ide1:1tifi~ who actually sends it When
you send a message through email, we .cannot guarantee that it will be deliver to correct destination or
received exactly what you sent And even there is a no way of knowing that the message is received read
and forwarded by attacker.
. Because of wide spared problem of email modifications, sending it to wrong destination by
mtennediate parties, email spoofing, we need a competing solution to overcome and address the issues
of authentication, integrity and reliability of the ·messages between sender ·and receiver. The publi~ key
cryptograp~y play an important role because of two keys used, only intended sender can decrypt the
message using his public key as message encrypted using private key of the sender. The solution ~
called as Pretty Good Privacy (POP) program/ software which provide the secrecy and non-repudiation
.of data sent o_ver Internet especially by email. ·

·· · ·. Pretty ·Goo(l Privacy (POP) is a popular open-source freely a~ailable software pac~d
~hruq~~ used _to :encrypt and decrypt em_ail messages over the Inte~et. · POP is an e-niail securitY ·
. {ii t,1!;v-~u111 111111s

Scanned by CamScanner
 . . . _ facto tanc\ d for e. lt\uil
)ll'<PtfUn wrlllen hy Phil Zimm rm1111~ In 1991, POP rro ram t,ecom · 8 d nr or intnJdffl, · ··
.11court1y uHOO It) ~tore the encryr>t d 111 .N No that It c1111 be non-~ adablc by olb . .• . . . iv« v ri.fy the
.· . 1TblN rro •r111n 11IHQ bo uNed to 8cnd 1111 encrypted di ltul l n4tu • l~t : n mi •slon. One() the
114>nd 1' ~ ldcintlly 1111d know thnt th . Ill . .II e WW not chan ed or modlfle(lwh\ • One . ; . . con~ nt
tllo i~ ~norypt d ll ln POP pro 11m only th · intend d r ciplcnt c n d rypt t . fil e<>tl\ . from valid
di . it11lly sln d by N mt r, th nd t u1mmt to th . r clplcnt th t m . · ·.~ l the rov . or tu
~endcu· rmd not' by rttu k r. Di ihtl i n1.rure function ulty of PO .n. t _ut · .•
oom~ fn_,,m Ute s-Jtd t ,u1d no, ftom un intrud r.

tlC

Scanned by CamScanner
-
7-f
cryptography and System Security (MU)

Chapter 7: Program S~ourltX ..

Q.1 Explain non•mallclous program errors with exampl&1? ii&ZdU

An1.:
While programming, a programmer can make mistukes/error8. M
o~t of t~g errm att Mt
intentionally done. Many such ·kind of errors do not have huge
lmpuc t on ~ urity. ProVam may
produce wrong or incorrect results but it is non-maJicious. Follow
malicious program errors,
ina are the thcu ty~J· of. noo,
-
r-: ~~~:

Q. 2
Ana.:
What Is buffer overflow In software security ?

ow t pau. Array bound

I
rl .... , .
.,;..,..,.,.

Attacker can insert malicious data values / instruction codes into overfl
d as well.
checking is not performed by C compiler, pointer limits cannot be define
Example: int B[15]; '": :"~
d after that bound then the
Here the array bound is (0 to 14). i.e. B[OJ ...... B(14). If anything inserte ' !
<, •

adjacent data is overwritten.

rite OS data. changa OS
Attacker can overwrite users data, changes users instruction, overw i}f=·
is also known u aliasing. ~ f~f-·
instructions. Thus can get complete control of a program or OS. This
er the control of the prog,am. .:: . ..z
shown in Fig. 7.1 attacker changes the.return address and thus can transf ;'"! ..
Running normal After attad<
•'

Program Program
➔ r+ Inatruotiona
lnatru
.~,
.
ctiona
'

Data f-+ ' Data

-....,. .
-

HEAP ~
HEAP
Oynamlo Memory Malloiou1 code!

-
' . Procedure Call Procedure Call
Frame Frame
~
·"
' Mer Buffe rov~ w
- :
"'
. Retum !ddreee
' - Modified Ptetum ·
Addr"81

' Q.3
Fig. 7.1 :Buffer overflow attack

What Is ·Incomplete mediation in software security ? mt♦Mhl•MMll36Pi4•i4

I-:-=::.
:E
~_._

Ana.:
. ·0ue tQ incomplete mediation serious security threats can be introduced
·exposed and can result in uncontrolled condition.
as sensitive data may get
II
(' a S V - ~ 11 I II I I II II S

Scanned by CamScanner
 7-2
;z

.~
~
r :1md ..
ytltm ~rlW iMU)
- urcbMeltota1=935,
Enmpte:UR . . http://www,onHnestore.com/P , the request to the server. RL :
. st and resubmit u· . are very dangerous. Proper
U~-l' e~n tdit the toll\,1 '--o· ,. Such kJtid of vutnera~ J_lles not available to the
http·/ ·ww.oolmcst:ore. ornlpm-ohmsc/lutal.03 ' Such edjting penruss1ons shoU1d
ccare s.oould ~ lt\l-en to avoid suclt vulnerabilities.
Us;)f,

TltnHkheck to tlme-of-uae errort (TOCTOU) : .. · . ery vuJnerablc to

. d' . RACE conditmn is v .
Thi. ls one of tht best ellamplcs of RACE con iuon.
att~l. . . the Let Thread X' s
. . d urrent directones o,
Example : 1f two threads w-e. shanng thetr root an c
cumn1 working directory is /college.
Th~ad Xcalls open(•shadow"):
Ycalls chdirr/department")
system monitor permits both the calls
open{..shadow") executes with /department as working directory
X's call now opens "/department/shadow"
Proper locking mechanism can prevent this kind of attack. Time lags should be consi~. After
chedting values .it must be locked using digital signatures and certificates. Thus after check data cannot
be modified.

Q. 4 What are different types of mallcloua code ? Dec . 2013. f.la 2015
Ana.:
Malici~us software is so~ware where an attacker can get partial or full control of the program.
Thus attacker 1s free to do anything that he I she want to do. Fig. 7.2 shows different types of malic~
software's.
Types of mallclous software :

Trapdoors
Trojan Horses

Bacte11a

Logiobombe Worms
Viruaes
Fig.7.l : Different types of malidous ..__
&Ou.ware's
1: a s I/ • S fl I II I I II II S

Scanned by CamScanner
 .,
czetograJlhy aod system Securl~ (MUL ••,
• ·.. Trojan horse : ·
'
"ff$f72SPZ J Zil!!S S r

. · · It is a computer.progmm. AlonR wlth Sl'l\\t, uscl\11 t3o<lc 01· f\111otlo11; 11omo hidcJon malicious code
. or function is there which may hnmp¢r l~ l'f{Wl\ll\lh.:O or s~~lll'lty 111~uhn11ls1t1s, Useful information can be
· . stolen by attackers,
· Bacterium:
. Bacterium is a spedn\ kind of vims. Vlnis ls getting uu11chod with different flies but bacterium
does not get attached to a specific tilo.
Logic bomb:
: . · . Logic bomb isSenerally u:-e-d in DOS (Dcnlnl of service) nttucks: When specified conditions are
met it activates malicious program logia. Tl mny ct11111ago system resources greatly.
Time bomb ·:
.This gets actl\1nted when spooificd time occurs.
Rabbit·:
·Uis a kind of virus / worms thnt rcplicntos Itself without nny limits. Th~ intension is to exhaust.
· resources. .
~pdoc,r/b ackdoor.
. ··· .,. ·· · An mtruder can enter into the systom by bypassing n.11 security services or mechanisms. Thus
·.i·. intruder knows the flaws or loophole.c; in the systorn nnd can get these loopholes to gain access to the
· computer. ·
Vll"Us:
:-,··:. · · · : It.is a self replicated, hidden computer program. Virus cannot run on its own rather it requires.
host program to run it and niako it nctivo. Malicious logic is written in the program which infects
another program. .i.e. it becomes tho pnrt of nnothor program, ·
. .·. .. ', ' . .·
-.Virus Countermeasures:
: . . :' (a) ·. Use commercial software from trustworthy sources.
•.. . .·- .. (b) · :OP.en only safe ·attachments .
. • ; (c) . .-I(~p ~overablc system.imago in snfe pince . .
·. >(cl) ... Use virus scanners often (daily). ·
.:/.: (e) .. ·::·Update .virus dctect9rs daily as Dntnbuses of .virus si~·~~tures change very often.
; (f) Test new spftware on isolated coniputcrs. . . .
.>· (g) ·.. :Backup e~ecutable system files. · ·
i· :.. ,· \Vo~: .:- ·•: ·· ·

·.Et4¥4•itlrn
.. . . .
' . '
'
$Llll . :
. ' .

Scanned by CamScanner
 iJ,i,_ _ _ __

I' ,
,,
7-4

Ctyptography and System Security (MU) . .

. 1 8ystem a particular apphcation
k a Parti cu ar
This is a computer code which is written to attac ,

and for a particular purpose.

Example:
Trapdoor/ backdoor :
An intruder can enter into the system by bypassing all security services or
~hani sms. Th~
access to
intruder knows the flaws or loopholes in the system and can get these loopholes to gain
computer.
c~
Trapdoors are the entry points which are notdocumented but still inse~ during
e fails.
development for testing purpose, for future extensions or for an emergency access· if softwar
These loopsholes are purposely kept in the system with good intension.
~ r sources of Trapdoon / Backcloon :
then
During testing of the system stubs, drivers are created. These are•temporary func?~ns wlll:ch
d mto tbe
further replaced by actual functions.' Sometimes some malicious code is intentionally mJecte
system for testing purpose. ·
(i) Poor error checking conditions.
(ii) Undefined opcodes in hardware processors

Q.8 Explain Salami and llnearlzatlon attacks?

ID+4•1P
Ana.:
ff'' trick.
It is series of small attacks which results in large attac~. It works on "collect and roundo
It is a fraudulent practice of stealing money repeatedly. It takes an advantage
of rounding operation
ed will be
I infmancial transactions. It always rounds down and thus the fractions of amount remain
of attacks can
.l transfered into some another account Thus the transaction will go undetected. Such type
! be easily automated. ·

Dec . 2013. r1.1c1 2013 . Mri 2015

Q. 7 Write a short note on covert channel.
An•.:
In covert channel the processes which ·are not
Protected Legitimate
the informa tion data +---[Se rvice Pgm] --- ♦ Uaer
allowed to communicate and transfer n.h.]
[w/Troja
by security policy·can communicate and transfer data
using cWTent system objects. Such types of attacks are l
convert channel
virtually no detectable· by system or administrators. Spy
. Fig. 7.3 shows channel creation.
Fig. 7. ·3 :Covert c....:me. creation

Q. 8 Write a short note on trojan.

Ana.:·
It is a comput.er program. Alongw ith some useful code or function some hiddeD. . -
m •
ali

CIOUS code
• · ·

' ' .th which may h~

or ·t\mction 1s ere
.. ~....:,.
r performance of security mechanisms u ful . .
. can ·f:>e stolen by attackers. . · · · • se . mfonn auon

1. ,I ~ II !> il l

Scanned by CamScanner
 :rt
. ·-::_.,.
. ~ .· ;,.

.·:i~; A ·· llllllll ll!III.. . - - ~ 11•• :· ,-.lt\b\ ~1, tntn r . f ln~t3ll~ it h}~~,-xi·,\in.~

'
-.- · .
• •· · •- ~ttm. hk ~~• it is n kind · t' To.1_1,u, he™'
- /}lf'.).;\ ~ :oc,allO(:
· ·~ t \\ith ~ roi.~ t. ~n i.t \».."'\tll('S \'U)' hw
to
:.)'. >'. ..·~,~ : .: ·.' ··· · &vstlilU\
rum
·tQ ~\lt dow n~ in~ ttd ~~~\
b( that
'( '. -:.· _:,:,~ r~ . ..-,_. · ·. ... ·m,t: . .· .
:~t.-L· / ·\ ~-~ -- --- ·.. ··.
'it . . . :·,,-:~-··. ., ~·.. . .· . ·.:··.. . .... ' ', .· ' ..
: ~--J': ·. : ..._._,,~ . •. . . .
. . . ·~-- ... ·• . " -~ Q f~ t., ·: .
_· ~-,.-.{~f~•l ).~·:-~:·:-·• ...-... prl\'ilegts. The y~ iub."1.t\.'\tkally ~tin tted :it S)"'£tcn,
· ·: _._ . rootti~ ean pt idnunlstn\tox
be. ~Mily tcn\ O\~
; .•__~-'detcictahlo iootkits and tan
' ·-, ·, -~ • r. - • -
•

•'
·..·Mode:
e can oonupt the.fun,,,"'tiOMlity of ~-omplcte OS.
.•.~ :mode·wry
roo&kits ue wtalled like an OS henco.nl)'
hard to dotcct. It can be de.~ tcd after some c,~ t or crnsh.
• • ,
'·,·1toottib are
• • ' '\ • j • • • r •

'.' 1·,.<:.-. ltrmwan :

... . . ·,

amongst all. Makodc is crea ~ itk~dc a firwa re. At s~'tem stnnup this
.:\ ~\t:_..'. ···firmware's are dangerouissvery bard to remo,-c•
,· .'. ··:·.malw.are will be reinstalled. It
. · . / '. ~- . .
. '

: Man bathe middle aUack ( MIT M/M IMA ):

ication bctw·ccn two parties '"ith oot know ing to
· .· ,Attacker relays and sometimes alters the commun
Attacker V
communicating ~e s. X
. ·" ' :

· It is explained as follows :
X_scri~ a message to Y. which is intercepted by Attacker
:,
· 1. ..
account number'
•· .·:.f} ··•·.· X I want to depos.it money in your account: Ptcase send
0

it is not really from X:

·f J '. 2. ·.· · Attacfer relays this message to Y; Y cannot tell
number.
Yooi ves a message from X and responds it ·with account
. ' c. ''.
.
.
·.Y,••My.
account. number IS .0123
.
45'' ·
ces rs account number with his own account
-. . . ~ .

cker again intercepts a mess age from Y repla

. tf : 4. · · Atta
message. _ is
. /; _· .·.' ·number and i'clays this to X, claiming that it Y's
/{: · A~k er "My :account number is 067891"
:,::t:\_.-:;-:'1.' :x receives message.from i 'and ~ -~ ~u nt number of Y. Thus X believes that-it is Y's
unt ·. . : . ·
:',-·f'i < < ; ~u nt number and deposits money in that acco .
ail. ·
·2.: ..., X:and Y both think that it is a secure communfo~ti ..
f \ :. · · .
· . .{;.:< •.· '· . · . '.. . .

(;} . ·.•
J_ . ~ --~.. .'
□□ a ·
.- ·. •.

J\J[f~ .,'. >: . : ··•.·

··?'' ·:<1 t.iit111&m11m11111a . :.·...
Scanned by CamScanner
 Security (MU)
. Cryptography and System

System Security
Chapter 8 : operating

nslation. Dec. 2012. De c . 2014

: various ways of memory and address tra
Q. 1 Write a short note on
Ana.: . it on ly · _It
ac cess the m em oz y which is allocated to
tio n the process can m_alwares 10
Due to memozy pr o~ d to it. Th us it pr ev en ts spreading of bu gs or
ozy which is not allocate r memory and address
protection,
cannot access the mem ar e the tec hn ique s fo
system. Following
o~ er areas of operating ound 3. Segmentation
e 2. Ba se /B
l. Fixed and variable Fenc
.5. Paged Segmentation
4. Pagi ng
nce :
1. Fixed and variable Fe
Fixed Fence : m
ste m . It pr ev en ts th e faulty us er pr og ra
ng sy ed an d
in siJ;lgJe user operati is created us in g a fix
This technique is used system . Tp e fe nc e
g in diffe rent parts . Thus saves operating
spreadined dr ess.
predefin memory ad ed, if th e
ar ea . As th e m emory allocated 'is fix
pa ra te s us er area and operating sy ste m
m em ory an d if needed more memory
·Fe nc e se e will be wastag e of
ory is _not ut ilized fully then thersh nce.
allo ca te d m em
ca nn ot be in crea sed. Fig. 8.1 ows fixed fe
than allocated it

Hardware
Address
L im lt a tf o '

High

· Fig. 8.1: Fixed fence

ea sv -s u1 11 11 n1 1s

Scanned by CamScanner
 Address
Addr8SS
Umlt . ·um1t
Register
Register

·Addresses Memory
0

n
!
p

p +·1
n+1
t t .
Addressing
Addressing
Range
Range

l
.l
High High

Fig. 8.2 :Variable fence

:Varlable Fence :
A fence register is •used
As the name itself indicates the location of the fence can be changed.
generated by a user program is
which contains the end address of the operating system. The address
the .address is greater than fence ·
compared with the fence address. Fig. 8.2 shows variable fence. If
approach cannot protect one user
address then program is executed. If it is less, error will be raised. This
Relocation technique is used
from another. It is useful for .·single user, single operating system only.
starting address all other addresses
. where only starting address of the program is giten and based on that
it'ensures the security.
•·• are automatically updated: Fe~ce register proyides the last address. Thus
2. Base / Bound : .
All the addresses are derived then with
. :_: · ·. •. · · · Variable Fenclregistet is al~o known as base register.
lower bound i.e. only starting address.
·, . , .: respect to this base register. But this base register can have only
ce overflow problems. Figs. 8.3 & 8.4
·.. · · ·_. ·It--~ ot give information about the upper bound. Thus can produ ··
.· .· :.- s~ows. pair of base/b. ound .registers. . ··
. ' . '
. ' ........ : •·

,', I ', _ • .- •••, j

' .. .
. ... 1 ' •. . . . . . ( •

. ' .
.·
·.. : . ';-' •
...
~· t • !. -. -.., . ~ ;-·,,:, .... ~. j ·, ,

.. ·. -.. ; . .
1 ·• '\ - -•• ,,

··.·./ ,-:.·.~ -- ·. _. \ .·-

,.-,, ,,
-~· ·. -~-: :::"'.::·-_...~·; .
Scanned by CamScanner
 Secu rlty (MU)
. m
Cryptography and Syste
Addresses Memory
0

ln
OperaUng
.. .. system

Base
User
Program Sp11oe

Data base

Data bounds

User Program
and Data
Space

Program bounds

. Fig.·8.4 :Two pairs of base/bound registers

ter_ It stores the upper limit 'JbUS
· To avoid Ibis, an exlra register is used call ~ as bound regis
the program is kept in betw"':" upper and_lower boun ds. Thus it prevents the address modifications by
to another USers program i.e. cooteJl
oilier programs. When exec~lion changes from one USers Jll'Ogram
/base and bound registers are updated so that control can be
switching then corresponding fence
ira ns~ from one user Pl"Dsram _address to another user program address.

Scanned by CamScanner
 -
8-4
c~to9raphY and System Security (MU)'
As shown·in above diagram a pair of base / bound registers can be used. One pair can be used to
re instroctions while other can be used to store data. Thus interface of different users programs can be
s:idcd to certain extent. Tagged Architecture is an alternative way to identify access rights. In this
:very machine memory word has one or-more extra bits. Privileged operating system instructions can
only set these bits. For every access these bits are tested. Fig. 8.5 shows targeted architecture.
lag Mqnory.Word

blJrv
...... r'

.•.:;. ..t

4091

~::;=r~~\V~:~ ~-
Architecture
3. · Segmentation:
.Flg.. 8.5 :Tagged
_ Program is divided into separa~ pieces called as segments. The~ pieces are having _relationship
with all code and data in the program. These pieces can have different access rights. Each segment has a ·
unique identity in the system.
<name, offset> pair is used to identify a code or data item within·a segment Name is_the segment
name and offset is the address within segment. Fig. 8.6 shows logical & physical representation of
segments.

I! ;i S V· S II I II I I 11 11 s

Scanned by CamScanner
 8-5
14 er
cixptography and System Security (MU)
· Operatl~g
--
4.
System
C2

u~ rA ..
· Pro~ram Sp$(;$ · IT
Data base

users tr

Data bounds
.__ ____...,_ --- .. - i:>ataSpaoe

User A
Data Spaoe
Use r Pro gra m
and Data
. Space

. U~ rC. .·
Pro,gr.,-n -~~ -
1,/ ;~;·~,:~(-~\;;
-:~,

Program bounds

ation of segments
Fig. 8..6 :Logical and physical represent
es and
can be easily relocate d any whe re. The operating system stores segment nam
Segments m execution.
ress into ~gm ent add ress tabl e. These addresses are then translated for progra
their true add as shown in
ses can sha re a sam e.seg men t add ress table if ~hey belong to the same segment
Two pro ces
.
Fig. 8.7.
Segment translation table

d
8
f

· Looation 20 within segment g

DATA-SEG h

Scanned by CamScanner
5
;;;;;

· . paging: pieces
which program is divided into equal sized
Pagingiis an· alternative to segmentation in _ _
_
; _:· · · citlled as page.s. tcm
ng system and addr~ss translation is same us that of segmentation. Operating _11ys
,. . •. · Addressi _ ·
· _
·t·. ·maintains the page translation table. s Page address
All pages are of sam e size henc e there is no fragmentation problem. Fig. 8.8 show
{} ·
· ( . , uanslation
Page translation table Memory
r... Address
Logical program page ~ddress
,1,..·.,,•. · 0
f~\ .. ~·~ ·
. .f '.'/ ,_:b_. . •. a
!·._.,. i?,.' ~-'. ~
:.~
b
)
0 locatlon
37.Page 4 '
d
e
Page 7
Page 1
g
Page 5
h

.',:tr:z:~·;f/:.
·~:~!
,.
l • - ,

" /. '. __·.c

Fig. 8.8 :Page address translation

il\:::: ·5. :. Paged Segmentation: .

.eas y and with segmentation logical security can -be .
-rt · ._ : . ·With paging · imp lem enta tion ~cil _Jle s
O\Yn · advantages · and di_sadvantages. In paged
..%~~/-~-. i~proved •. ·Bot h -the
pag
tech
ing
niqu
and
es
segm
are •
enta
hav
tion
ing . thei r
techniques are combined together. · · ·
:;, ~i- · i:·se gnie ntation both
ent can be further
< ' .A prog ram mer can divi de the prog ram into segments . and then each segm · .. . ·
. t:,{t: ._< .
es. . . · . . · : · . _ . · . ·· . . _ ·
i( / . clivi cfed into fixe d size ·pag
segm entation. ·As shown in Fig. 8.9 additional
: :}/ ·_'· .. \0: Th~s paging can ·be imp le~e nted on top . of
shows Paged segmentation .
d{t: ..•·J,iar~w~e:is requir~ for ad~itionaJ address tra~slation. Fig. 8.9
:--i •,•.-· ~ .

..-.-~F~j .,, :~: ~: - • --:-

• ', •• '

. -'f. . .. ~ -

'ilfi· •. , ·'.:"' ..
;.;f~:>,- :·~•IIH1#ti1tt;o,■ iii -·.· •. ,·:,
. ' .; ,: .

Scanned by CamScanner
 $Q'.pt(>gtaph¥ and $ystem
Security (MU)

Segment translatlon
table
8-7
:z.:;
-
Cr

MAIN
Page
Segment table

Page translatlon tab

les
-
DA TA _S EG Page 1
for se gm en t main ,
. L~ loa f program SEG_A
page address C
MA IN Page 0
Ml\lN. ••••••••• SUB ·o C
C
d'
DATA_SEG 1
J
e SE G_ A Pa ge 1
For segment SE G_ A l
page address MA IN Pa ge 1

0 n g SE G_ A Pa ge 2
SUB
h.
DATA_SEG

word 20
Segment DATA·SEG
ion .
Fig. 8.9 : Paged segmentat

□□□

.- ..
.' , .
• ,• · :, r •

.-. _-_, . ·. ,'-'; : ' ,. '

. • ·· i,,_: ••

f.- .
.. ·-··. ·: : ·, -·
. .
~ ' .' .

Scanned by CamScanner
· i. ~ •

9-1
.I< .. · hy and system security (MU)

Chapter 9 : Database Security

-
. Q.1 .
What are security requirements of database ?

An••:
user authentication : .
Only authenticated users should get permission to ~cess permitted data.
Avallabillty :
All the time the permitted data should be available to authorized users.
Access control :
Different users should have different accounts as well as different access rights 80. that their data
can be protected from each other.
Physical database Integrity :
In ·database systems the ·data is not affected or influenced by physical problems like power
failures. Database can ~ reconstructed after such failures.
Logical datab• Integrity :
The logical structure of the database is fixed. Values manipulation in any field of the database
should not affect other fields.
Element integrity :
Accuracy is important Data sh~uld be accurate by all means . .
Audltabillty :
For auditing purpose it is very important to keep track of all the users and their activities.

Q, 2 · Explain Multiple level security model. fvl,1 2un . Dec 'l01.l

Ana.:
Different elements may have.different security. The security of some element may be different.
from the other,elements of the same row or column. Thus security is implemented for each individual ·
element. For implementing security two levels (i.e. sensitive and non sensitive . data) ·are not good
·enough. These levels must be increased as per the need of the application security .

. .Q, 3 . . Explain multilateral security. M,1 201 3 Dec 20 1J

Ana.:
·• • : · .Multilateral security considers different and possibly conflicting security requirements ·of
different parties and strives to balance these requirements.

I! aSV S n I II I I o II S
-
I ' '- - .. ' •

Scanned by CamScanner
 9-2
ity (MU) a
Cryptography and System Secur
ll-La Padula model works?
Q. 4 What is Bell-La Padula ? How Be
Ana.: can see
and pennissio ns mu st be granted to individuals before they
Appropriate access rights can be seen by those who have penniss
ion to see it.
nfiden tial informatio n
classified information. Co ret inform ation. Da ta flow operates from lower levels to
or. Top Sec
They are not trusted to see Secretreverse as shown in Fig. 9.1.
higher levels. It will never be the

Read only

Read only

Fig. 9.1

□□□

Scanned by CamScanner
 10-1
yand System Security (MU)
t.- c~ra ph
f Chapter 1o : IDS and Firewalls

-
a. 1 Define intruder.

Ant,:
An Intruder is a person who intercepts system availability, confid
entiality and data integrity·
er may damage that
InttUder's gains unauthoriud access to a system with criminal intensions. Intrud
system or disturbs data.·
Describe the different
Q, 2 What are the strengths and limitations of Intrusion Detection System ? Ma 2012. Ma 2013
types of 10S.
An•.:
es an essential issue
With the rapid expansion of Internet during recent years, security has becom
for computer networks and computer systems'.
The main aim of a security system is to protect the most valuable assets
(data/secret information)
e these organizations
of an organi:zations like banks, companies, universities and many others, becaus
keen for protecting the
have data or seci:et information in some form, and their security policies are
privacy, integrity, and availability of these valuable information or data.
As these organizations will have different security policies.and requir
ements depending on their.
task are security policies,
vision and missions. Many efforts have been carried out to accomplish this
ure different services in
firewalls, anti-virus software even Intrusion Detection Systems (IDSs) to config
operating systems and computer networks.
ng, ping of death,
· But still detecting different attacks (like denial service attacks, IP spoofi
m to solve in the field of
network scanning etc) against computer networks is becoming a crucial proble
in the field of computer
cryptography and network security. To overcome all above problems researcher
tion System (IDS) . Before
security came with existing but different solution called Intrusion Detec
What is intrusion detection
discussing on IDS let us understand some key points like what is intrusion?
and then what is intrusion detectjon system?
or performs an illegal
When an attacker or intruder attempts to break into an information system
g many request for
action such as denial of service attacks, scanning a networks, ping scan, sendin
is called as an intrusion.
connection setup using fake IP address, etc which is legally not allowed, that
, events and identifies
Intrusion detection is an important technology that monitors network traffic
rk access and malicious
network intrusions such as abnormal network behaviours, unauthorized netwo
attacks to computer systems.
disease and asking
The general ·example of intrusion detection is when we suffer from some
docto~ what happen to me. Doctor suggests for blood checking and sends
blood sample to laboratory for
e (number of platelets count, .
detection'. The blood report given by pathologies is just detection of diseas
doctor suggests medicine to ·
h~gl obin , etc.) then after checking .the entire· history of blood report ·
cure
. the-disease. ·
by the doctor after checking ..
_ '. b · . .Here blood report is intrusion detection· where as medicine given
.·. ·_.·.it~·lliS:#iiii•ll•■iii
report is called intrusion detection system. Finally how fast patient get
·
relief depends upon. the
·

Scanned by CamScanner
 1
.J.
'!
'
I Cryptography and sy:tem Security (MU) I
dge, j oke apart et us move
towards technical definition of
10-2
i;
-
C

doctor's education, experience and knowle 5te

com put er sy ms frorn
~~
IDS . or mechanisms to pro tect
Intrusion Dete~tlon system hos some policies s the to
ks. As the use of data tran smi ssio n and receiving over the internet increase defimtion of
many attac also increas~s. Many scientists have diff
erent
protect the data of these connected systems
IDS but as per our point of view IDS can
~ defined as below point. er systems
Intrusio n Det ectio n Sys tem is soft war e that monitors the events occur in a comput
"An ications that the
ng an execution and tries to find out ind
or networks, analyzing what happens duri of a re~ource or
r has been mis used in orde r to achi eve confidentiality, integrity and availability
compute
data." e the alert when
The IDS will con tinu ous ly run on our system in the background, and only generat it and
.
ng susp icio us as per its own rule s and regulation or attack signature present into
it d~tects somethi
age. ·
taking some immediate action to prevent dam to find
usio n dete ctio n : Sys tem exa min es or monitors system or network activity
. An Intr policies, standard
si~l e atta~ ks on the syst em or netw ork. 'Signs of violation of system security preventing
pos
tice s are ana lyze d . Intrusio n Prev enti on is the process of detecting intruders and
secunty prac
· ·
them from intrusiye effort to system.
e different types :
Intruders can be broadly classified into thre etrate the system's
sq~ era der :Th ese are una utho rized user typically outsider.try to pen
1• Ma
•
protection.
the insiders of the
Ml sl~ ~ : The se may be auth orized or unauthorized person typically
2.
.
orgaruzation, who tries to misuse the data
Clandestineveuse r : They syst can be both ms1 . .de and outside. These _type.s of intruders gain
3. administrati acce ss to the em.
. . . .
usio n dete ctio n can be clas sifie d into difti way s. But mo stly it is clas sifi ed as Active and
. Intr and Host and Network IDS. erent
Passive IDS

Active and Passive IDS :

.
S) 18 · ·
active Intrusion Det ection Sys tem s (ID n Det ect ion . Intrus1•on
and
An
. - . also kno wn as Intrusio
-Pre. vention System·(IDPS) .
. . .
Intrusion Detection and Prevention S te to aut o . .
rferenc e y~ m (IDPS) is con figu red
without any inte ~c all y bloc k _all
requdired by any monitor.Intrusion De tecon and Prevention
suspected atta cks
System (IDPS)·response real time corrective an response to the threa
th · ts and attacks.
A p~ ive IDS is a system that alerts rato r about the vul nerabili . .
onl . e ope
traffic activity. As Passive IDS
protection ~ the network on-its own y analy1.es the network, it
cannot perfitie orm any cor
e
s and analyzrection or
netw ork
. ·
Types of IDS technologlea : ·
. · · ·
. _The types of IDS technologies are diff
i
·
tre_n~ated mainly' by the · . .
scrutiruze .There are four types of IDS Tecbn ·
0
<>gtes. ·.. . types of event they monitor or
· 1. Net wor k bas ed :Th e IDS mon i
.
. ·a· 'de ntif.y suspi·c·tors network traffi c· .It ~y ;..1ze the
!:11 .. · ·
ac v1 es to vity
. tocol ti 10us acti . network activities and
pro I ·
IDS mo nito rs the wi of the network.
.2. Wh:ekss :Th e I . · .
eles s n~ o~ . ess .network traffic. It anal· .the uet rk activities and ··· ·
protoqol activiti es of wir
· . Y7.e wo
tis I! :l S I/ . S II I II ( I II II S
_J
. I·

' I

Scanned by CamScanner
 · ~Y and System Security (MU)
10-3 •
lj

I'{;
CrYPtop
- - · Network BehaviourAnalyse :These network behaviour analyre identify the treats that cre~te
'

J. unusual traffic overflow, DDOS(Distributed Denial of Service) attacks, maJwares , and pohcy '

( .
violations. fi,1
Bost Based :These IDS monitors the host ~d the event occurs within that host.
,,
a. 3
~-=
Explain Intrusion Detection Techniques.

The categorization of Detection ~thodologies are : Signat\lre Based, anomaly based, stateful
I
wi
,if/i1
1,,,.,.i
li!hJ:
protocol analys~s. Most of the IDPS uses these techniques to reduce or make network error free.

I
t l ~j

(1) Signature Based Detection

It is a process of comparing the signatures of known threat with the events that ~ been
observed. Here the current packet is been· matched with log entry of the signatures in the network.
a
Signature is defined as the pattern (structure) that we search inside data packet. The data packet may
I
::;;,,
l;:,t

contain source address, destination address, protocol, port number etc. g;J
{a;:
.,~,,
If an attacker adds any malicious code into these. data packet he is generating attack pattern ·or· ff;i:
;r:,•;
signature. Signature based IDS create databases of such attack pattern for detecting the known or !~':·,
documented attacks. Single signature is used to detect one or more types of attacks which are present in :Jif:
different parts of a data packet Signature - based IDS used to monitored events occurred in the network
and match those events against a database of attack sign~ to detect intrusions. It also uses a rule_set
to identify intrusions by watching for patterns of events specific to known and d<:>eumented attacks.
For example, we may get signatures in the JP header, transport layer header (TCP or UDP
header) and application layer header or payload. Signature based intrusion detection system sometimes
also called misuse detection ~hnique s. It checks for the attack pattern with the existing stored database
pattern and if match is found then generates the alert. ·
Signarure based IDSs are unable to detect unknown and newly generated attacks because it
requires manual updating of each new type of attacks into to the existing database. The most well known .
example of signature - based IDS is SNORT IDS freely available for attack detection and study purpose.
. '

(2) Anomaly Ba.-d Detection

It is the process of comparing activities which are supposed to be normal against observed events
to identify deviation : An IDPS uses Anomaly based detection techniques, which has
profiles that
represent normal activities of user, host, connec~ons or applications.
For example :
Web activities is a normal activity done iil a network. Anomaly ·based IDS works on the
notation that "attack behavior" .enough differ from "normal behavior'' (IDS developer may define
normal behavior). Normal or acceptable behaviours of the system (e.g. CPU u~age, job execution time
. etc) if the system behavior looks abnormal i.e. increasing CPU speed. too many job executio-:
i at a time
.. then ·it.i s ~ that the systems is out of normal actiyity. Anomaly based detection is based on the
. abnormal behavior·of a host or network.
. · .; D~a.s¢ for such type of IDS. is the events generated by user, host and network, and the -·
_-.~Ot'1llal" ~vior of the systems. These everi~ (historical data) are collected from the . n;searcll ·
_·.l a.bo~rie s wbic)) continuously work on normal and abnormal behavior systems _over a perit'.xl <?f time; ·
to
..~~maly based IDS checks ongoing .traffic_, host activities, transactions and behavior in order identlfy.·
-•. _!Ptrusions by detecting anomaljes. Host - based IDS generally uses anomaly based ~hruq ~. .

Scanned by CamScanner
 10-4

Cryptography and System security (MU)

This can be done in two ways : and frequency of all

1. Threshold detection : Tureshold are defme<f for all users for all group
events are measured comparing with threshold. are matched against the
2. Prollle Based deledlon : Profiles of individuals are created and they
collected statistics for checking the irregular patterns.

a. 4 . Write a short note on firewall.

Ana.: et. All the traffic runs throu gh

A firewall device filters all traffic between intra:net and extran For
e .the protected environment.
firewall. The main purpose of the firewall is to keep attackers outsid
is not allowed. Moreover we can
that policies are set in the firewall to decide what is allowed and what
ent access rights to different
decide the allowed places; allowed users, allowed sites, can provide differ
category of the users. · · ·
gh college internet and
Ex. .= Cyberoam through which only educational sites are allowed throu
non-educational sites like facebook, twitter can be blocked.
WNf.;.,.4
a. 5 What are firewall design principles ?
Ana.:
s through firewall. That 's why
it is al! f~w~ l is a kind o~ ~eference monitor. All network traffic passe
not be modified by anybody other
than amJrus~U:::ked conditi~n .. A _firewall is kept isolated and can
uter through which intranet and
extranets are conn ~:~er ally it ts llllplemented _on a separate comp

rk secun·ty .
Q.6 List, explain and compare different kinds of firewalls used for netwo
Dec. 2013. Dec. 2014 . Ma 2015

Ana.:
Following are the types of Firewalls;
(i) Packet filtering gateways or screerun·g routers (ii) Stateful inspection firewalls
Application proxies · (iv) Guards . .
(iii)
(v) Personal firewalls
(I) .Packet FIitering Gateway :
. .. It is the mosf simple and easy to im I t filterin .
packets ~ource or destination address or b p ement firewall. Packetype likeg is done on the basis of
firewall is placed ,just behind the router th:!e on some protocol
zed eas _HlTP or HTrPs. If the
shown that how packet filtering gateway can bl traffic can be analy
network 2. Also the traffic using telnet protocol 18. ock traffic from networ 1ily. In the Fig. 10.1 it is
blocked. Packet filte k and · allow traffic from
the packet rather they just check IP add.re ss of the packets h . rs do not anal
as• own in Fig. 10 1 Y7-C the contents of
. . . The biggest disadvantage of the pack fi . . req. · .
policies. et ltenng gateway fS that It
. . lllres lot of detailing 10 set
_ _ : ~p ie: !(port 80 is blocked. H some
essenti'al]y need
• · .case
. w~. have
to provide all the details of those applicatiattons
ap?hc .
.use of port 80 then in this
_(.is - ons for Which po
tt801s11Ceded.
r.asv-su111111111s

Scanned by CamScanner
-
 10-5

.c;yetogrsphy and System Security (MU)

--

Local (Protected) Network

es and Pro toc ols

Fig. 10. 1 :Pa cke t Filt er Blocking Address

(II} Stateful .Inspection Firewall :

nique for their
filtering is don e one pac ket at time . Sometimes attacker may ·use this tech
Packet plete script of attack
cke r can spli t the scri pt of atta ck into different packets so that the com
attack. Atta
firewall.
cannot be identified by packet filtering
from one pac ket to
avo id this stat eful insp ection firewal l keeps record of states of the packets
To tified easily.
. Thu s seq uen ce of pac kets and con ditions within the packets can be iden
another
Appllcatlon Proxy :
t get IP addresses
ket filte rs can not see insi de the pac kets. From the packet headers they jus
Pac firewall proxies.
ring . ~pp lica tion pro xy is also kno wn as a bastion host. Fig. 10.2 sho ~s
for filte
jus t wan t students to
mp le : A coll ege wan ts to pub lish a list of selected students. Then they
Exa re data tha n the list.
Jist. No stud ent can cha nge that list. Moreover students can not access mo
read that displayed on the scr een
in this rega rd. Here it helps us to check only list is
on the firewall can be
AppJica tion pro xy help s us
mo re than that . Tha t list sho uld not have any modified contents. Proxies
and not
customized as per the requirements.
Logging
www.Aooess

l
Remote
IIOOHI

,,~.
m Fl8ffl'1tf

ilia. 10,l : flr,w111 Ptoxle~

Scanned by CamScanner
 1

~
C I 01
'YP ography and System Security (MU)
(Ill) Guard : . ·1ar to proXY·firewall. Only difference
. is th
A guard is kind of complex .firewall. It works ~mu .1 bl knowledge: It can use knowled at
gll&M can decide what to do on behalf of the user by using avru. • e . · ge of pre
115t
outside users identity, can refer previous interactions, blocked·
• t etc.
school can set download limit f
Example: In order to increase the speed of.the intern• • or the
students. A student can download only 20mb data per day etc.

· . 0. 7 What is personal firewalls?

Ana.:
· For a personal use to keep separate firewall on a separate mac!1in~ is quite difficu!t and costly.
So I":~ users need a firewall capability on lower cost. An apphcauon pro~am which can have
capabihties of a firewall can solve this problem. It can screen incoming and outgomg traffic on a single
host. ~yman_tec, ~c~fee, Zone alarm are the examples of personal firewalls. Personal firewalls can be ·
combined with antivtrUs systems.

Q. 8

Ana.:
Explain design, configuration and limitations of firewall ? ..
1. Firewall with scrHnlng router :

Screening router

.The screening router is placed in between .. . .

~
screerung of the router. The disadvan . i~tranet and extranet. It is suitabl .
successfully attacked then intranet is
·
direci•
~f. this configuration is that if .th e only the address
Yv1s1ble. e screerung router is
2. Firewall on Separate LAN :
To overcome the problem of th .
LAN. . . e exposure of LAN, a proxY firrewall c .
· an ~ installed on its own

casv-s1111111u11s

Scanned by CamScanner
 10- 7
·_$]~gmehX and System Security (MU) ·_
Router
-Flrewall with Proxy·and Screening
s.. wall, then it ensures _the correct address to
inst alle~ behind the pro xy fire
_ If screening router is ion. If any one fails LAN is not expose
d.
ble guard protect
pro~ tire,vrul. In other words it is a dou

J,
. \· ..

Proxy firewall

Screening router·

□□□

r·

':. · .

·. , •

Scanned by CamScanner
 -
urity (MU)
. Cryptography and System sec
. 1 • IP se cu rit y
1
Chapter • of l
5.
..
layer.
IPSec offers security at network o
IETF. It is a collecbon of Profocontial
o.1 henticated and con fide
Engineering task force ates) aut
IPSec provides node to "Ode
Ana. : cre ec
IPSec is design.ed fiby thepacIntketernatet neIP(twolntrkernlevetel.PrIPS
o
. ols
tocol layer toc . h
also wh1c are Use(! f0r
pr
a
es securityeroralso er pro
which providnet
packet s for wo rk lay know~ as .des security to oth
communication in routing protoc ols; it prov1 Q
. . · transport layer. . . .- ...,
client-server commurucation m A
1P 'security Arohif(*.)~~~/;:'
I]

t1on Hea~r·<AH..f:
,Authe~ttoaPro (
· .·. · tocol

'f.Authentlaitlon Algorithms:
:(M05~SHA)

i ~ ~?l '~~:mke7inan~ ~
· Fig.11.1: IPSec architecture
ec ~ · A th ti
d (AH)
are bac kbo ne of IPS
' e u . en cation Re er
ols as the y a
IPSec defines two protocylo ad (F.SP ) pro tocol,
and Encapsulating Security Pa
1. Authendcadon Header (AH):
for processing in ..
It defines the AH packet format ~g and outgoing packets. AH helps
to
gri ty of the dat a/p ack ets ~o
ensures that authentication and inte 1s protected··
ad ng Sec urity Pa ylo ad (ES P):
2. Encapsul ~

which transmits .
It defines the ESP packet header, s in encrypted and unreadab
le fonnal-
iali ty, aut hen ticity aad . pac ~et
ESP helps to ensure that confident · ID !e~ ty of the data is Protected
.
cat ion algorflJu ns: . .
3. ·· Authenti
uri · · .· .
En cap sul atin g Sec
. use _of MD-5 and S ~ wit h
IP hea d ty Pa ylo a4 to achie.v. A. . ; . te..rin' . .
tion of data. Hash is attache d to the . · e Uthentication, 111 i,•··,
and protec . · .. · er as an integn .. ·
. ty.c~eclcsum.
.t'J,.
Scanned by CamScanner
 10araphY and System Security (MU) 11-2
f:1' -
t
,. Encrypdon algorithms:
. Few standard encryption algori_thms are implemented in IPSec are DES, AES and CBC because
t•'
of Jarge key size to secure data.
t· 5. Jntemet security Domain of Interpretation (DOI):
f-
r
It contains the supporting database of all IP Security protocols, their parameters, all defined
algorithms, key size with lifetime and identity of all approved encryption and decryption algorithms.

I
,. Key management:
As defined earlier key management is used to generate and distribute the keys required for IPSec
protoe0ls.·

a. 2 What are different mo.des of IPSec ?

An1.:
,,
r IPSec operates in two different modes :
t
f
l
I
(1) Transport Mode
(1) Transport Mode
(2) Tunnel Mode

In Transport mode IPSec protects the data that is delivered from transport layer to network layer
or in other words, we can say that, transport mod~ protects the payload (a packet consist of controlled
I
information and user data) of network layer. It encapsulates the transport layer payload by adding IPSec
header and IP Sec trailer and sends this encapsulated packet to network layer. ·1
After that the IP headers of network layer is added to that encapsulated payload. IPSec transport '·
mode is responsible for complete delivery of packet (traffic) from one host to another host or from host
to gateways called as end-to-end communications.
·For example: Communications between client machine and a server machine, communications
between two routers and from router to gateway is also considered as end-to-end communication.
IPSec transport mode is responsible for secure communications between all these devices.

Application layer

Transport layer

Original.packet

IPsec .
layer
JP header IPSec _ _ Transport mode
header · Packet

: Network layer
..
Fig.11.2: Tninsport·mode ·
.--,, ..

:.: <~cilttliJ!#i•Oiillillli ' .· . ·,.

·',. ·.·, .

Scanned by CamScanner
 ►
' .

Cryptogfaphy and System SecUrity (MU)

con
.

<··
net'

. .· ~ ~ L
. ~.-
,.
~ ~ .

·,.
.

Server machine
~ • .•
..

. :-
·.-
"'
,
.. .·

Clent machine IPSec Transport mmodode data exchange

Fig. 11. 3 :IPSec transport e ·
· IP payload through an AH or ESP
Transport mode helps to protect user data, also known: JpSec headers and trailers but the IP
header. In transport mode payload of IP packet is encrypt~10b~. e 11 2. The payload of an IP packet is
header information, which is remain unchanged as shown • ig_. · i 11 3 shows how the data
protected before it is bandied by the network layer as shown m Fig. 11.Z. F g. · .
re
exchange (end to end security) take place after encrypting payload. h<
(2) Tunnel Mode .
0
In tunnel mode, the IPSec protects the entire IP Packet of Network Layer. It takes whole IP
packet including the header of that IP Packet and applies the IPSec method to the whole packet and adds -A
new IP header. IPSec tunnel mode is responsible for network-to-network communications, it encrypt the
traffic between routers, gateways or host-to-network and host-to-host -communications over the Internet
and creates a secure tunnel.
1
IPSec tunnel mode encrypts complete IP packet including IP header and transfer it over network
layer (~tire original IP packet _is encrypted). Tunnel mode binds the original IP packet, encrypts it,
adds
a new IP header and IPSec header sends it to the other end of IPSec shown in Fig.11.4. Fig. 11.5 shows
IPSec tunnel mode during data exchange procesr.....s._____
•Application layer

Transport layer

Network-layer

IP header Payload(data)
. · Original packet
IPsec
layer

r.asv-so111111111s

Scanned by CamScanner
--------· -~- .
-
k· '.
h
;!
11 ·4
t-'
r'
r.
f;:l"°"''ftrr, and system Security (MU) .

suc_h as_ ~rewalls, routers, and

Tunnel mode is used on most of the IPSec gate~ay . devices
.;., remote locations such as branch offices,. organtzat1ons,
and umvers1t1es securely through a
connecuu8
network called Virtual Private Network (VPN).
Secured Communication

Router/ Router/
Gateways Host/Server machine
CUent machine Gateways
IPSec tunnel

Fig. 11.5 : IPSec tunnel mode data exchange

ent from the original IP that was
The IP header after.tunnel mode will consist information differ
communication between two routers, a
received previously. Tunnel mode is generally used for secure
host and a router or vice versa.
and tunnel mode ?
....,
a. 3 How AH and ESP are differs while working under transport
-Ana.:

1.
(1)
Encryption of data and its authenticity is prime concern for secur
two features, IPSec provides two protocols at network layer :
Authentication Header
Authentication Header
2.
e communication, to avail this

Encapsulating Security Payload

I-:,~i.
1
~
.

It is designed for authentication, integrity of payload which

is carried in IP _packet. It is first
,,.
designed to provide ~ authentication
protocol of IPSec called Authentication Header (AH) protocol
~?:
~,

(to identify source host), data integrity (if data get modi
fied while in transit) and non-repudiation but ~il
s the contents of a message) because \It!
doesn't provid.e data confidentiality (if attacker able to acces -,~f;
Authentication header does not encrypt the data/ IP packet.
~:

attacks (sending same data to

, The main functionality of this protocol is protection against replay !
of data over a network. Authentication I

receiver again and again) and protection against tampering

IP packet, with the help of ·message
header is also used to protect the upper-layer or the entire
~l:
l~l•

from message and-secret key to provide '~

authentication code (MAC - used to generate fixed length value

authentication) using well known hashing algorithms like MD5
or SHAl. I
5'
~
digest is calculated and inserted
By using Hash function and symmetric key algorithm, .message
col provides data authentication and
in authentication data as shown in Fig.11.6 because of this AH proto
of authentication header fonnat are ·
data integrity, but not confidentiality or privacy. The internal fields
sum which is similar to hash function or
. show~ in Fig. 11. 6. This protocol uses cryptographic check
placed in location cased on which
message digest, the checksum is inserted in authentication header and
mode"itjs using (tunnelmode or transport mode).

Scanned by CamScanner
 ~
SteP 1
StePJ
SteP;
SteP ·

SteP
SteP

A brief description of each· field: sed t ·d tify th

· ·· g b·t1 field which is
u . 0 1- en e type of
Next header (8 bits) :The next header is an - · ·

payload/ data carried by IP packet · · .

· · ead. • also an 8 - bit field which defines length of the
Payload length (8 bits):The payload h er IS . .

authentication header.
Reserved (16 bits) : AH contains 16-bit field which is reserved for future use and always set
touro. .
Security Parameter Index (SPI) (32 bits): SPI is a 32-bit ~eld u~ in_~ombinati~n with~~
IP address destination IP ·address and AH security protocol to umquely identify a secunty association
(SA) for the traffic t~ which IP packet belongs, we will discuss SA in next bit. This field also defining
which different security algonthms and keys were used to calculate the message authentication code Ei
(MAC). w
Sequence number (32 bits) : It is also a 32 bit field. It prevents the retransmission of datagram d
which is also known as replay attack.
· Authentication data : This is variable length field whose length depends upon encryption .l
algorithm used. Authentication data field ·of AH protocol is the output of hashing algorithm or message
digest algorithm. AH protocol perfonns the integrity check value (ICY) on packet header or MAC is
computed over the complete IP packet including the outer IP header to ensure that the data has not been
· changed during ~missi on process. As mentioned earlier AH doesn't encrypt the data th reason it
doesn't provide confidentiality during transmission. e·

(2) Encapsulatlng.Security Payload :

One of the most important feature that Authentication Head . .
was
confidentiality (if attacker able to access the contents of a messa e)ebecr ~nable to p~ov1de call~ data
data/ IP packet As defined earlier ESP ·is used to . g ause ESP provide encryption on
encrypt the entire payl ad f an IPSec_ packet the
.reason ESP alone can provide data authentication, protection . o o . .
t mtegnty by
adding ESP header, ESP trailer and MAC to the packet. · agamS replay attacks and data
_ES~ has the same_fie1,~ as defined in AH, but it inte . . . . .
these fields m a different way mstead
of haVIDg Just a header, 1t divides these fields into three grates
ESP at1~entication block as shown in Fig. 11.7. components: An ESP header, ESP trailer and
' .
· . I! _is
_ designed for confidentiality and integrity of . .
combination_of AH.ESP adds a header and a trailer to the messages. ESP can be used alone or with
.ESP header and trailer. . . .· . payload. Follow ing~ the steps for addinl

t~ ;1 S V - S II 111 I I II II S

Scanned by CamScanner
 .,

S,;W!°PraphY and $ystem Security (MU) 11-6

· SteP 1: . In the -initial step, ESP-trailer is added to IP payload.

SteP 2 : Then both Trailer and ESP are encrypted.
Step 3: After tl_le encryption ESP header is added to the encrypted packet.
r scep4: Then all encrypted Trailer ESP · trailer and ESP header are combine used to form
authentication data.
f-
' This authentication data is added to the End of Trailer.
Step 5:
.i
/' Step6: Lastly the IP header is added.
1
I
..
'

Fig. 11.7: ESP header, trailer and encryption

The main functionality of ESP is to provide the confidentiality to IP packet by encrypting them.
Encryption algorithms (Triple DES, Blowfish, and IDEA etc.) used to combines the data in the packet
with a key and transform.it into an encrypted form. The encrypted packet now then trans~tted to the
destination, and decrypts it using the same algorithm.
The detail description of Encapsulating Security Payload (ESP) fields is given below :
. 1. ESP header : ·
It is also a 32 bit field. It prevents the retransmission of datagram which is also known as replay
attack as defined earlier. This field is . not encrypted but it's authenticated to perfonn anti-replay
checking before decryption.
· 2. Encrypted data :
This.is variable length filed contains transport layer segment or IP packet which is protected by
performing ESP encryption. · ·
- 3. F.SP trailer :
· ESP tr~er field con~ns padding (0-255 bytes), pad length 8-bits and next header 8 ·. bits.
4. Padding (0-255 bytes) :
· · · · ·Padding filed used to expand plain text message to required size or to ~go the encrypted data
_by adding.padding bits to the actual data which provides confidentiality to traffic tlO\y. . . · .·
.. s . ' .' .· . ' ·. ..
· ..Pad length .(8 bits) : _...
.: ' nus is ~<hltory fi~ld in ESP prot~ol whi~h u~d to indicate the number of pad (protection}
<-: bytes .adde<J into the packet.
- . . ' . .
· .
-. .
,· · . .
· . ...
.. :

Scanned by CamScanner
 ritY (MU)
er

6.
raph and s stern secu

Next i,,ad•• (8
bits) .
. ad length use
•fi the type of enc rypted d ata in th
d to idenU ie 5
e \)
•11~
--
·t length as of p
The same b1
Outa field. data : e nds upon encryption
7. ESP authentication ld algorith
th fie wh ose len gth d pe f has hin g alg
Tltls is variable Ieng SP protOCol . h output o ori thm or mess tn u~
,s t e CV) on packet header or M . age o· 1
-l Authentication data field of ll tegritY AC , " cornpu«i'~,
~
check value (I I ensure data has
algorithm, which perfonns tn the out not been change(\ d"'~
er IP header o
'l the complete packet including ,,,
~
!tr:an:s:nu~·s~s~io:n~pr:oc~e:s~s-----;--::-
:_::::;;.;;;;~;i;:;ii-i;,~dilinitt;egQlritityyfcfo
onfident1ahty an ;r:;p;a;c;k;etl!p;
.a~y;lo;.a~d~?:----1~,
Q.4 H
ow does ESP heade.r guarantee c -~

Step 5:
Step 6:

Scanned by CamScanner
 11-8
ra...hy and
System Security (MU)
.·o,voto9 ,.,._.
._y The main functionality of ESP is· to provide the confidentiality to IP ~acket by enc17pti
ng them.
ryption algorithms (Triple DES, Blowfish, and IDEA etc.) used to combmes the data m. the packet
to the
-~the key and transform it into an encrypted form. The encrypted packet now then transrrutted
8 ' . h al . h
Wl
destination, and decrypts 1t usmg t e same gont m.
The detail description of Encapsulating Security Payload (ESP) fields is given below:

I 1• ESP header:
It is also a 32 bit field. It prevents the retransmission of datagram which is also known as replay
attack as defined earlier.

I 2.
This field is not encrypted but it's authenticated to perform anti-replay checking before
decryption.
Encrypted data:
This is variable length filed contains transport layer segment or IP packet which is protected by
performing ESP encryption.
3. ESP trailer:

4.
ESP trailer field contains p!lrlding (0-255 bytes), pad length 8-bits and next header 8 - bits.
Padding (0-25S bytes):
Padding filed used to expand plain text message to required size or to align the encrypted data by
I
.,T!iff!f;:
~
adding padding bits to the actual data which provides confidentiality to traffic flow . .
S. Pad length (8 bits):
is
This mandatory field in ESP protocol which used to indicate the number of pad (protection)
·
~~,:,1~
·f::t!t=
bytes added into the packet. · ·

6. Next header (8 bits):

The same. bit length as of pad length used to identifies the type of encrypted data in the Payload
Data field.
7. ESP authentication data:
This is variable length field whose length ~pends upon encryption algorithm used.
digest
Authentication ·data field of ESP protocol is the output of hashing algorithm or message
ed over
algorithm, whico performs the integrity check value (ICY) on packet header or MAC, is comput
during
the complete packet including the outer IP header to ensure data has not been changed
during
transmission process. ESP encrypts the · data the . reason it provide data confidentiality
transmission.

Q, 5 What.are benefits of IP security ?

Ana.:
. IP Sec operates at the network layer where secure data transmission talces place. For secure
access of remote computer over Internet IPSec is used. For securely connecting all branche
s of bank
· sec~ors over internet IPSec protocol is used. For secure com,munication between same orpnii.
atian
_, which are located at different places. •

-· . t;iilliHAiiii•ii••iii
Scanned by CamScanner
 --- --- ···-

Cryptography and System Security (MU)

a1·100 IPSec protocol is used. Most
11-9

of
z
the
.
C

. time from. anyk1oc ·

For connecting to college server any f m home and update it to company server C
corporate sector allowing employe.es to perform
. . access
ed their tas ro
of c0mpan
th
y server
U
a
t any time IPSec now-a-days called
low
.
cost
.
connectivity, secure data
.
(

at any time from any location or secure

as one of the standard of Virtual Private Netw~r ks at a _ow_ hannel If IPSec is ·implemented
. . . · · ecure commu rucat1o n c ·
· th network
transnuss1on between vanous 1ocattons over ms .
in a.firewall or router, can provide strong security to the ongoin g traffic crosSm g e · ··
s SSL provides ?
0. 6 Why Secure Socket Layer (SSL) is needed ? What are the different feature
.
Explain how SSL works ? Also explain the services of SSL protocol.
Mel 2012. Dec. 2013. Ma 2014

Ans.:
layer is an
Secure Socket layer invented by Netscape communications in 1994. Secure Socket
browser an? ~e
internet protocol used for secureiy ·exchanging the information between client's web
confidentiah~y
web server. Secure socket layer ensure the authentication, data integrity and data
server. The mam
between web browser and web server i.e. it creates a secure tunnel between client and
role of SSL is to provide the security to web traffic -in all the way.
is shown in
The current version of SSL is 3.0. The_position of SSL in TCP/ IP protocol suite
is also called as
Fig. 11.9. SSL is works iri between application layer and transport layer the reason SSL
instead it will
Transport Layer Sec_urity (TLS). The data will not be passed directly to transport layer
the data received by
· passed to secure socket layer. Secure Socket · Layer will perfonn encryption to
Socket Layer
application layer and add its own encryption information header called SSH i.e. Secure
application layer.
Header. In the receiver's end SSL will remove the SSH header and then pass data to
Client machine Server machin e
(web browser) (web browser)

casv-s ol11t11 111s

Scanned by CamScanner -
 11-10
-G~~raphY .and System Security (MU)
l uses di~ital
ocol in TCP/ IP protocol suite. SSL protoco
.~ The Fig. 11.9 show s pos ition of SSL prot
er machine.
ate digi tal sign~tlJ!C for secu re)! c~m munication ~tw een c~ient machin~ and serv
· ... ·rtific and
nt machine and add Its o~n. header (SSL
SL encrypt the .data
the enc
rece
rypt ed
ived
data
from
and
app
send
hca tion
enc rypt
laye
ed
r of che
data to the -server side. Upon rece1vmg en~
ryp ~
~eadet) int9 tion
data and sends the decrypted data to applica
data, server removes the SSL header and decrypts the
. · ·
}ayer as shown in Fig. 11.9. ch
a sing le prot oco l to perf orm secu rity task s there are two layers of sub-protocols whi
_ SSL is not Alert
there are the SSL Han dsh ake Pro toco l, SSL Change Cipher Specification, ~e ~SL
support SSL m Fig. 11 .10.
n in SSL architecture Fig. 11.10. As shown
Protocol, and the SSL Record Protocol show SSL Handshake, SSL Change Cipher
basi c high er-l aye r prot oco ls nam ely:
SSL defines thre e
Specification ~d SSL Alert protocol. of required
The role of these three higher-level prot
ocols is the connection establishment, use
starting actual
t (warning, error if any) generatio_n before
cipher ~hn iqu es for .data encryption and aler
data transmiss~on process between client
and server.
of the
rypted data transmission and encapsulation
data
The
sent by
SSL
the
Rec
high
to higher layer.protoc
ord
er
ols.
Pro
laye r
SSL
toco
prot
l

was
is
oco
resp
ls
desi
ons
(han
gne d
ible

to
enc
dshake, alert, HTI'P) also to provide basic
mak e u~ of
security services
TCP protocol to provide a reliable secure
kets. We ·wm · discuss how client machine
securely
,,1: ...
process- to-p roce ss· deli very of
~m mu nica te with the server maclune by
enti re mes sage /pac
using underlying network architecture.
SSL architecture / SSL lnte mal prot
ocol structure
t1 '
~i/!t:~
~~ff:
.~ff;[;
:~~ ptlon,:al~~ ;::

t,:~II J!
::: :.~
Support for
SSL session

-
oonnection
esta blish men t
'*t
SSL prot oco l
.. _·· :._._</;·:;/ >· layer

· Transport and
·tayer Internet

Fig. 11.10 :·SSL protocols in te~ architecture

Working of SSL
tocol, Ale~ protocol- and Record protocol.
_ SSL has three sub protocols: H~ dsh ake pro
·
Handshake .Protocol
habit to say
nam e . sugges ts whe ? we mee t to our friend/colleagues, we have ·
. hi/he As the SSL · , · .
tile sha ke-h and s with e
; ach other ~fo re s~ g our actual communication.
hands~o and do gy but m tenns of cbent and server; . ·
· · - ·- . .
. _ake protocol uses somewhat same 1de.olo
l of ~SL called ha nd s~ pro tocol used for secure:communication betw~n . · ..- ··
ciie .t :The first sub -p~ toco
bled con nections: · - -. . · -- , - , -
.. _ n and the serv er_usm g an $SL ena

Scanned by CamScanner
 ..,,,,,.,. .

.Cryptography and System Security (MU)

In this protocol clie nt aut hen ticatio
ions ava
n to
ilab le
the ser
for
ver
cli
is more important that server
ent authenticatio
authentication
n,. The details steps of SSL
11-11
a...
-
C

C
1
because server has different opt
in Fig. 11.11. (
handshake protocol are shown nection.
munication using SSL enabled con
I

.I d by client and server to start com (

1. It is use
The handshaking is done fou
r phases :
2.
pabilities.
I
I
(a) Establishing security Ca
y exchange.
Server Authentication and ke
·I
(b)
d Key exchange.
(c) Client authentication an
.
(d) Finalizing and Finishing
Client Server
machine ma chi ne
(web browser) (we b bro ws er)

; I

I •

Fig. 11.11 :SSL handshake

. .
.
curity . Protocol
. . Phase 1 : Es tabllshln g se
. ·. .· . . · ·. · c•pabilltles . . ..
s
In thi i . phase log ical c . . _.
onnec uo ns and is establis tabli h . •.
sec.urity cap~b'lJ ties a.,sociated w· hed. between .client an·d s
nec tions It ver and ·es
-the serve,.r. hello. . itb that con . . · .. consists of tw0 . . ge. s ,ser the client hel lo and •·... ·_..
. · ·.- .
. . . messa
ti t· l!:JSV · ::iOIIIIIOIIS ·
'

Scanned by CamScanner
. ·--------- . .
 c,yptogrsphy and System Security (MU)

---c,1ent hello : g parameters :

'Jbe client hello message contains the followin
nt can support.
(i) The highest SSL version number which the clie
tains two subfield
(ii) A 32 byte random number that will
be used for master secret generatfon. It con
bit date time subfield for current time and date of the client's system and a 28 byte
that is a 32
om num ber gen erator which show s random number generated in client' s ~ystem.
rand
(iii) A session id that defines the sess
ion.
m which supports
(iv) There is a cipher suite parameter
that contains the entire cryptographic algorith
client's system.
(v) . A list of compression methods
that can be supported by client.

Server: will be
ng both SSL number of client and server,
The SSL version number, the highest amo

~I
{i)

,~
ed by server.
supported by client and other will be support om
· random num ber that will be used for master secret generation, however this rand
(ii) A 32 byte
om number of client.
·number is totally independent from the rand .

(iii) A session id that defines the session. nt from

tographic algorithms that is sent by the clie
(iv) A cipher suite contains the list of all cryp ~~'1
which the·server will select the algorithm
the method.
A list of com pres sion met hod s sent by the client from which the server will select
(v)
exchange
Phase 2 :Server authentication and key
ate, its
if it is needed. The server sends its certific
In this phase, the server authenticates itself
certificate) from the client
public key, and also request certificate (digital the key
sage to authenticate itself to the clie nt ff
1. Certificate : The server sends a certificate mes of authentication. ·
ge algo rithm is Diff ie Hel lma n than no need
exchan
2.

3.
Server key exc han
c.ertificate to client
Certfflc ate req ues t
authentication is optional.
ge

:_
:

The
Thi s

serv
is
·
er
opti

can
ona l.

requ
It

est
is used .only if the server doe sn't send its dig ital

for the digital certificate of client The c en s

·
li · t' '
o don e is the last message in phase 2 .this ind
icates
Server ~el lo don e :~e serv er mes sage hell .
4. .
all the certificates received b th
p
to the client that the clie nt can now
hello message done, the server waits for the clie
veri fy
nt's side response in piw: 3
_e server · After this
hange
haae 3 :Client authentication and key ex~
• .
k In this phase, the client authenticate s itself if it is needed The li sen ds its certificat.e.. ~
. c ent
ey exchange _and certificate verify to the server. ·
· · · - -
· · Certificate ·Cli is only requ ired if the server had
client's digi tal Cert iti cnt ceru ~ca te is op~ ona l, it
clie nt's digital certificate ·t ?eqUO$l«\ ~~ .
I can send oo - .. "'-. "
icat e. If clie nt doe sn t hav e
. . JDessage or an Al. mes The . . . .'' -
. .. .sess1o. n or tp. abort the .
ert sage to the serv e
r. . n it ts upto server's de.c
.
isio n
w
h·•a
~
..-
r t Q °'-'lntif\~~ w
. . . •. -. .. . session. .
E .
· Clie nt key 1. .. _
.
xc....age :The client sends a client k
- . . based on ke bet w~ n both the . ey exc ge, the content, iu tt\i~\\l !)>'""""""
han
-lillln: Yex ch~ ge algo rith
.
ms
Par ties. 'l"'l
. ~~- liNlliillil d
Scanned by CamScanner
 11-13
4
cm:,raphy and System security (MU) . .
The
. 'f the server had asked. for client authentication.
Certlfkate verify :It ~s necessary only 1 dd'ti
1 0
nail if server wants then the client has to
client has ~ady sent its c.eruficate to the setv er. But a y ·ty the message with its public ssL
prove that it is authorized bolder of the private key .The_server _can ven the s
key already sent to ensure that the certificate belongs to cbent. sent
tJigh(
Phase 4 :Finish . h th h d baking protocol. It contains path
The client and server send messages to firus e an s .
4 steps. The first two messages are· from the client i.e. change cipher specs, fimshed. The server
thOU
responds back with change·cipher spec and finished. conn
Change cipher spec :It is a client side message telling about the current status of cipher in F
protocols and parameters which has been.made active from pending state. bet\\
Flnbbed :This message announces the finish of the handshaking protocol from client side. Ass
. Change Cipher spec ·:This message is sent b; server to show that it has made all the pending
state of cipher protocols and parameters to active state.
Finished :This message announces the finish of the handshaking protocol from server and finally
handshaking is totally completed.
Alert Protocol
SSL uses the Alert protocol for reporting error that is detected by client or server, the party which
detects error sends an alert message to other party. If error is serious then both parties terminate the
sewon. Table 11. lshows the types of alert messages.SSL alert protocol is the last protocol of SSL used
transmit alerts (warnings, errors, fatal etc.) if any via SSL record protocoi to the client or server.
1

!he SSL ~ert. protocol fonnat is shown in Fig. 11.12. Alert protocol uses two bytes to generate
alert. Fust 1 byte indicates two values either 1 or 2. "l" value indicate warning and "2" value indicate a
fatal error (if fatal error tenninate the session/ connection).
Whereas second 1 byte indicates predefined error Level Alert
code either the server or client detects any error it sends an
alert ~ntaining . the error (error occurred during
handshaking, error occurred during data processing at
server or client side, certificate defeat$, etc.) ·
Table 11.1
.. - ,. ·, .. -- .•- . --
-~Code
' ·.
. Alert • ' .... . ·. . '
.J>esctt;~ ,:'. :z<;:'::-,-··- >,:,::. /\\: y: ;_;
0 close_notify .. No more message from sender .. . . , . , . ,. t
C
10 unexpected message An incorrect ·message received t,

20 bad record mac A wrong MAC received

.

i
30 deco~pression_failure Unable to decompress. . 1
40 ...
handshake failure.
Unable to finalize hand8hake by the sender..
42 bad certificate -
Received cl conupted certificate. ~

42 Nocertificate Client has no cerf1fl

42 Certificate expired
;
Cerufica~bas e~piJed.
. . .
cate to send to server.
-
(.is t! a~ V · SHI III IIIIIS
. ..
c__· . .-·._ .
Scanned by CamScanner
 .-re
.· . phy and Sy1tem Security (MU)
__, protocol
. _fV
ff,CO .
·
. After conwletion of successful SSL handshaking the
11-14

keen role of SSL record protocol starts no~•

. .

r lev~l protocol. As defined earher

. record protocol is second sub-protocol of SSL also called lowe psulati?n of ~e data
55\sL Record Protocol is resp~msible for encrypted data transmission and enca ces to
W:t by the higher layer protocols (handsha ~e, al~rt, H'IT P) also to provide ~asic secunty st:rv1
: her layer protocols. SSL record protocol 1s basic
s for data transfer and specially used to budd a data
communication. . .
~ between client and server and encrypt the data path before
data authen~ication; clata confidenttality
SSL record protocol provides different service like
Message Authentication (MAC) to SSL enabled
diougb encryption algorithms and data integrity through
protocol and SSL record header format as shown
connections. The details steps involved in SSL record
in fjg. 11.13. At this stage .all necessary authentic
ation and cryptographic parameters are exchanged
transmission through SSL record protocol.
t,etween client and server now it's time of secure SSL data
As shown in Fig. 11.-13.

Applioatlon data

Data distribution
fragmentation

SSL record header

Data oompresslon

.,I
I
I Plalntext (compressed)

Data encryption
I
I.
I
I
Appending SSL MAC (0, 16,20 bytes)
record header (1-f) ;:;, :
H SSL record
Ffg.11.13: Record protocol
that client wants to send over server.
SSL record .protocol talces application data i.e. actual d:ata
should not exceed 16384 bytes this process is .
Divide this data into the different blocks for each length
compressed using lossless compression
called as data distribution or _data fragmentation. Data
techniques; compression size of data should not exceed 1
_024 bytes.
is computed over the data and MAC
After the data fragmentation and compression step the MAC
encapsuiated) to .fonn a new encrypted data /
is then appended to the compressed data (the data is now
gh data encryption process. As mentioned
payload. The compressed data and ¥AC again goes throu
aphic techniques like DES, triple DES, AES,
. earlier SSL record protocol uses ·symmetric key cryptogr
. and IDEA because these techniques specially designed
to operate-on block ciphers.
encrypted blocks obtained from encryption .
. . · Finally SSL record header is appended onto each
to which ~dentify nature of the .message whe ~r _.
. Proceas. -~S~ record head~r consi~t of 8-bit con~nt type
_message. Next field _is. Major Version whi<;h ·
any _appUcation data: or connection termination or any :error
~-. ....... ~- ·.. ·.· .
.· -t.hllJil#iiiitJl ■iiiii . .
...... , ·: ··
.

Scanned by CamScanner
 11-15

C pt raph •
. . . f SSL is in use (e.g., J). Minor Version which is 8-bit field
°
is 8-bit field used to indicate latest version .
indicates the lowest version of SSL is in use (e.g., 0). which is 16-bit field i~dicates the length of the
Plaintext (compressed) / compressed length ted data to TCP and IP (Transport and
plaintext being compressed. Finall~ s~ds SSL lay::kenl(!e receiver end, the encrypted blocks are
Internet layer) for necessary transmission ov~r ~etw da . nfidentiality and data integrity' reassemble
decrypted and then checked for data authentication, .. ta co 1
these data into single unit, and delivered to the application-layer protoco .

The record protocol provides.two services In SSL connection :

(a) Confidentiality: .
This can be achieved by using secret key, which is already defined by handshake protocol.

(b)Integrity :
The handshake protocol defines a shared secret key that is used to assure the messag~ integrity·
Following are the operations perfonned in Record. protocol after connection is eSlabhshed and
authentication is done of both client and server.
1. Fragmentation :
The original message tliat is to be sent is broken into blocks .The size of each block is less than
or equal to 214 bytes.
2. Comprmion :
The fragmen~ed blocks are compressed which is optional. It should be noted that the compression
process must not result into loss of original data .
3. Addition of MAC :
. . . The Message authentication code (a short piece of iQformation used to authenticate a message for
mtegnty and assurance of message) for each block is to be calculated using shared secret key.
4. Encryption :
. The overall steps inclu~g message is encrypted using symmetric key but the enc tion should '
not mcrease the overall block size. · · · ryp
5. . Append header :
After all the above operations, header is added in the encrypted bl k hi h . •
fields : · oc w c contains following

Content type (8 bits) specifies which protocol is used fi .

speci~es the _major version of SSL used, for example if SSLor pr~ssmg: ~ajor Version ~8 bits)
contains 3. Minor Version (8 bits) specifies the min0 . version 3.1 IS m use than this field
3.0 is in use than this field contains o. Compressed ; ve::,on of ~SL used, for example if SSL version
original pl~ text block. . eng 0 6 bit) specifies the length in bytes of the

a. 1
Ana.:
Solve TLS.
-•i ,. i

. · · · It is an extension of
the tran · rt l be
secure
socket r, . Th .
ayer. e main aim f TLS ·
·
. .. . spo . ayer ~een ~o web applications. Alm o is to pro\'·ide security and data at
. · TLS.
· . It e_nsures no eavesdroppmg and. tampenng
. of the mes
ost all web bfctwsers
. . and web servers sup.v,tt.r·· . ;·.·
tit · sage. . . . }. •.
-----· ;·•

Scanned by CamScanner
} ;.;:._ •. · ·:· · .. '.raphY at1d System Security (MU) 11-16
t;_ o~W _~ · . .
ll:··;. -..r. The T.LS protocol
consists of two main components :H~dshake protocol, to start session and
. -~ private key~and Record protocol. to transmit data securely usmg the shared keys.
Handshake protocol :In the Handshake protocol. both sending and receiving parties
i . :. wledge their protocol versions. agree on cryptographic and compression algorithms, optionally
~ · ::ticate·each othet through certificates, and use public-key encryption techniques to generate shared
private keys.
Following are the stepa :
SteP t: Clients sends message publicly to containing version of TLS,32-byte random number rA
consisti~g of a 4-byte timestamp and a 28-byte random number.
' . A Cipher Suite list in decreasing order of preference for each of the following algorithm
families: Public-Key Algorithm (PKA), encryption algorithm used in the Cipher Block
Chaining, and compression algorithm (COMPRESS).
Step 2: Server informs the client about the decided algorithms (after examining the Cipher Sui~ list
sent by the client) along with a 32~byte random number re constructed similarly as rA ..
Step 3 : : Client replies with a number called pre-master ·secret Spm using the public key algorithm PKA
with public keys retrieved from the server's certificate signed by a Certifying Authority (CA).
Step 4 : Both parties independently calculate the 48-byte long master secret, Sm, to further obtain the
keys to exchange data. The master secret is calculated using Pseudorandom Function
PRF:sm = PRF(Spm, ,,master secret". rAllr8 ) It is worth mentioning that in the previous version
of TLS the master secret was computed as follows, before MOS proven to be in~ure:
MD5(Spm11SHA-l(A11SpmllrAllte)) II MD5(Spm11SHA-l(BBIISpmllrAllre)) II MDS(Spm IISHA-
l(CCCIISpmllrAllre)) Where A. BB, arid CCCare strings added for padding.
Step 5: · At this stage, both parties know Sm, Spm, rA, and re. they independently compute the Key Block
(KB) thai contains all needed . private shared keys for this session: KB = P RF(Sm, "key
expansion", rAllr8 ) KB is then broken into six pieces and labeled as Kl, K2, ... , and K6,
before terminating the Handshake phase ·
.Record protocol:Now the client and the server are ready to communicate securely using the key
block as a set of security parameters obtained by the Handshake protocol. The Record protocol takes
data to be transmitted in one endpoint, fragments the data into manageable blocks, compresses the. data,
applies a MAC, encrypts by block cipher, and transmits the result. Received data is then decrypted,
verified, decompressed, reassembled, and then delivered to higher-level application on the other
endpoint. In short, Record protocol ensures that the connection is private via symmetric.encryption by
sessionunique keys and reliable via integrity check. Suppose the client wants to send data chunk, d. ·
The client:
1. Compresses the data using the agreed algorithm: d' = COMPRESS(d)
2. · Hashes the compressed data for data integrity using K2: d"= {d' , HMACia (d' ) }
3. Encrypts the d~ta along with its MAC using CijC mode block cipher BCA where the secret key
is Kr and the initialization vector is K3: d "'= BCAK 1(d", K 3) . · ·
4- Sends d''' over the public channel
And the server retrieves d from d '":
1. -Decrypts the data along with its MAC using ~-CAKl. . . -, .
· ._·. Verifies data integrity by computing_HMAC of data using K~ and cmnparing ·it.~ith.the HMAC .
2
_,~ · computed on the client side · · ·· . ·· · , ' '·
: . . lliii#iiitillliiiM _ 0e: .

Scanned by CamScanner
 Cryptography and S)'!!tem Security (MU)
es retrieve d . to send data to the client while the last three pieces of
-- - C

II
3. Decompress to
.
The process is reversed when server wants
the key block is used instead.
-
o. 8 Explain Internet key exchange protocol.
· · k . . IPSec network. It allows for
10
Ans. : managmg ~ys •d rotocol based on three
Internet Key Exchange protocol is ·used for
and managing keys betw een IPSec ~rs . It; is_ a by~~ p anagement protocol.
automatic creation secunty association an ey m
protocols: Oakley, SKEME, and ISAKMP (Internet
ISAKMP!
rnet security asso ciation and key man agem ent protocol is a framewor~ that defines the
The inte hange of a
ats of payl oad, the mec hani cs_of imp lem entation of a key exchange protocol, and the exc
form
security association between the parties. and
implementing a key exchange ·protocol,
ISAKMP protocol deftnes the mechanics of l has to ·
betw een com mun icating parties i.e. which are the different features of IPSec protoco
agreement
ciation).
useetc. and all (simply its negotiation of security asso
18'\KMP pro vid es following fea tur es: . ing
ages the secure session between communicat
It is use4 to authenticate of remote entity. It man
ging required information about key
niques. Exchan
parties by applying different cryptographic tech security policies. The reasons ISAKMP
ove r all data transmis sion by app lying
sharing. Negotiation ies and authenticate them for secure key
com mun icati ng · chan nel betw een two part
establish secure . · .
e and negotiation on certain security term s and condition.
exchang
Oakley :
ex~ bang e pro t~l _that de~ es how to obtain authenticated Key for exchange of
It is a key h IP b·
een parties. Oak ley, within IKE , 1s used to determine AH and ESP key for
message betw rithm Oakl pro . eac · see, y
default its uses an authenticate d Diffie Hellman key exchange algo . · ey tocol defines the
· h · , protocols in which two · • mu .
mec arusm of key exchange orn.key agreement . · part ies st agree on key
generated before data tran smi ssio
sec . · .; ·
IKE uses different cryptographic techniques and lrn ~ unty pohcies for securely exchan
ging
between two entities . such as Diffie Hel
information
etc. · - · · an ey exchange, DES, MDS, SHA, RSA
algorithm

SKEME·:
. . .
It is ·another prot ocol for exchangi·ng authen. ti.cated ke be . .
• . &.
enti
• •
cati on
•
m key exchange protoco l. y tw~ n the parties. It uses public key
encryptio~ '!Or auth
·I
0. 9 . of IKE protoco.
Explain diffe. rent phases
. ' .
Ana.:
- IKE• has
two p· base • ns :
-.s of--operatio .
. .
1. :_Aggressive mode of exchange .. Used to n. . ..
Phase _ . .
. . . egotiate IKE SA -.
. ~base 2·:: Qwck m~ e of exchan e : Uses to neg
•,

. ;. . .. . _g otiate IPSec' .
. .. . SSA
t! a S V · S O 111 11 ll II S
Scanned by CamScanner ----- .
.... '. ,:f(>::·: :~'.i ·.. . . . .
'. ' e·hv·.,,·d sv:. tom s, curl
,: ·. . .:' \ .toQrt\... ... ... ~
C) e-:.. < - (MU).
. ' ty
· )k'. '.; ::1p11ai1t 1: Aggrea■lve mod8 ol exchange: Uses to negotiate IKE SA. · IKE phase 1 negotiation
··:l::.:' ·. -.' C ..·: ·· · ·· · · ·

.f , ~isb!.l~in<I RM~1.b~~ ~-
. .;.r :·;_i.~::~\i ~::.:;:,~:·}'. or ;·. ~-,,1·,..:~/)1:
7
.;_,:_
. ...? ►,'i, ::
. .

. '. 'l)E$ 1$fi >\f and RS,~ :~ig~ftAi'@s{.

__ . •#::.;·t~)~·::;;:!.~~.-·
:·~:t'.:>:(.~/~:.;~_-', .Lor
., ~.,,.,·:.:. . :·,· · :.3P.$~;:$~~/:~n,d.p~~s-~ar.~~J~yJ
• •• • ~ . ,. 1

Fig.11.14
..
,.For Instance:
mon IKE
ri in Fig. 1·1.14 user A and user B want to talk IKE, They must agree on a com
As show onder (user B)
on suite; The initiator (user A) prop oses several protection suites and the resp
. · protecti to the priorities and the
suite. The selection is made according
, chooses .one of the offered protection which
resp ond er. In the Fig .11 .14, user A proposes three protection suites out of
configuration of the If they do not,
ection suit e. Bot h must agree on the same protection suite.
:user B ~hooses the seco nd prot
session may be terminated.
.no common policies may e~ist and the IKE
ge : Uses to negotiate IPSec's SA
· IKE Phase 2: Quick mode of exchan
IKE phase 2 negotiation

Scanned by CamScanner
 C7Ptography and System Security (M
U)
11-19

- -
C

C
Q. 10 ~ n SET Protocol. . 'f l.
• & and se. cunty sp ec i ic~t•on
Ana.: n. It is an en cry pti on
onic Transactio T is no t
SET stands for Secure Electr cti on s ov er an ins ec ure ch annel such as Internet. SE
dit card transa of users,
protocol designed to protect cre ula tio ns de sig ne d to pro tect credit card pa rm en ts
rules & reg m 1~ 6 ~y VISA
payment system it is set of ern et in a sec ure way. SET was de ve lo ~ C
h as Int cl u~ s
employee over an open netw
ork suc
fer en t lea din g tec hn olo gy compames, . whic~ m t
ipation from dif After testing o f the SE T
m 1998 1t
and MasterCard, with partic a Sy ste ms an d Ve riS ign . it
C

Microsoft, IBM, Netscape, RS

A, Teris
car d pu rch ase s ma de ov er open networks & made
eguarding credit
declares as a standard for saf ·
ilable to users wi th follow ing requirements. action. SE T
ava
tions ch an ne l am on g all parties ·involved in a trans the
(
ica r, receiver & bank or
SET create a secure commun on ly av ail ab le to sen de
the information is nfidentially, only sender
and his
provides privacy because on . SE T pro vid es co
~mmunicati~n parties' inv
olved in _transa cti
able to access the conte nts of a me ssa geassures
. It to card holder is that is
rity gives
mtended receiver should be ipien t. SE T pro vid es int eg rity of.the message. Integ
intended rec odification, no
safe and accessible only to the entity. (No alteration, no ·m
J
as sen t by an au tho riz ed
assw:ance that data rec eived exactly J
deletion and no intersect ion etc.).
I
Q. 11 What are .SET participants ? J
Ana.: . .
Electronic T . (S .
componen ts of the Secure
ransaction ET ) wh ich mvolves in the
Following are the -in F:ig. l l. lS.
electronic payment as shown
Cash holder

Merchant

l
1
. Payment _
· gateway

Acquirer
'
~1~
~ . - ·
· card.ho.lder .·Called as buyer in the tr .
.
ansaction Who initiates the nsaction.
.
or ac u t IJ 1' rc ~t :A lso Called of seller tra .
800ds and serv· · ~ . .
.~ m ,
_ .ices Which lllaiht!l•- count with a bank
·. ~ an ac
· ~¥·iW!ldih liiiii -- ·
. : . -
Scanned by CamScanner
 · -~tc)draphY and System securtty (MU) 11 •20
c;_ .
p.i kn
The acqulrer :Also own as bank or financial institution. The financial institution that
establisheS an account with a merchant and processes payment card authorizations and payments.
The lsAdng bank:Bank that maintains the account of the buyer and issues a credit card to the
f buyer and also sets limit on the amount of purchases.
eertfflcation Authority (CA): Certification Authority (CA) is a trusted unit that helps to issue
certificates. A CA takes the certificate request from ·owner, verifies the requested information according
to the terms and conditions of the CA, and uses its private key to ~pply digital signature to the
certificate.
Responsibility of the CA is to identify the correct identity of the person who asks for a certificate
to be issued, and make sure that the information contained within the certificate is legal and later
digitally sign on certificate.
'Ibis is an entity that is trusted to issue X509v3 public-key certificates for cardholders,
merchants, and payment gateways. .
Payment gateways: It is designated third party that processes merchant payment ~ssages. The
merchant exchanges Sec_ure Electronic Transaction messages with the payment gateway over the
Internet, while the payment gateway has some ~ t or network connection to the acquirer's fmancial
p~sing system.
Following are the steps of interactions used in SET protocol : .
1. The ~mer opens the account :Once the customer obtains a credit card account, such as
Master Card or Visa, from the bank which supports electronic payment and Secure Electronic
Transaction then customer may proceed for future communication over network.
2. The customer receives a certifkate :After suitable verification of identity, the customer
receives an X.509v3 digital certificate, which is sign~ by the bank which verifies the customers
RSA public key & its expiration date.
3. Merchants have their own certificates :A merchant have two public keys one for signing
message & another for key exchange The merchant also needs a copy of the payment gateway's
public-key certificate.
4. The customer places an order: Here customer first browsing through the merchant's Web site
to select items ~d determine the price. The customer now sends its list of items to be purchased
to the merchant. Upon . rece_iving ·list of. items from ~ustomer merchant returns an order from
containing the list of items, their price, a total price, and an order number to the customer.
s. The merchant is verifted :Along with order number, the merchant sends a copy of its certificate,
so that the customer can verify that he or she is dealing with a valid merchant store. ·
6. The order and payment ~ verifted :The customer sends both order and payment information to
the merchant, along with the customer's certificate (approved by CA). Customer also confirms
the purchase of the items in the order form. The payment_contains credit card details. The ·
payment information is encrypted in ·such a way that it cannot be read by the .merchant The
customer's certi{icate enables the merchant to verify the customer. ·· ,
·
. 7• . .'The merchant requests payment authorization :The merchant sends the. payment information .
to·the.payment gateway for authentication as well as to check whether customer's available credit
is~sufficient for this·purchase. ·
8. ·The me~cbant confirm tlie order :Upon receiving payment confmriation from customers credit, ·.
·.· the merchant sends confmnation of the order to the customer.

-.: ~lliiW,iiliiiilii~i
Scanned by CamScanner
 11-21
)
stem Security (MU
Cryptography and Sy the m er ch an t pro,
i des fr.c
all ve rification
e. After
erch ant pr ovid es the goods o r servic
9. The m
e customer. teway. which hand
le s~
goods or service to th is sent to the pa ym en t ga
yment. This request
·I
10. er chan t requ es t pa
The m sing.
of the payment proces
,i
l

I, i
I

t•I :
I

I
i

..'· /
. ,I
' I!
I
.· /

f.

: .. .

,) .;:..
..... . . ..
,• •

Scanned by CamScanner
. . ·. ·¢ 17 and sr9tem Security (MU) 12-1

· Chlpt•r 12 : Non-Cryptographic Protocol Vulnerabllltles P.hlshlng

-
o. 1 Write ·short note on phlshing attack.

It .is an attempt to acquire p~sword credit essential financial data by sending fake email,
·aieslages, electronically. There are treated as spam mails. These mails ask for some confidential data
by
grabbing trust of the user. Phishing mail generally in form of trustworthy email. These are a usually
carried out by e-mail spoofing. It is an example of social engineering.
Type• of Phlshlng Attack
L Deceptive pblshln& :
Sending bulk of email messages, which make user to click any one of the bulk email such type of
attack called as deceptive phishing.
2. Malware based phishing :
Running malicious software on target's or users machine. There malware comes from the email
attachments.
3. Key loggers '811d screen loggers :
These malware track input from keyboard and send inf~rmation of target through target's
keyboard to hacker (attacker) via internet
~- Session hijacking :
User activities are monitored to get login into the user's system.
5. Web trojans:
They are a .kind of pop-ups, when logging into $0lile website. These pop ups usually asks for
user's credentials.
6. System reconfiguration attacks :
It is kind of pbishing attack where user's PC setting are modified or changed.
,. DNS based pbJshlng :

In this type of phishing the URL requested return to some bogus or fake site which is actually
sent by bacbr by changing the URL of the requested site of the user.
I. Centeat iDjecdon pblsblng ~
_It is aQ act of inserting some malicious content in ~ websites which can redirect to some other
•_'Website or may install malware.. . . . . . . _·. . . . .-- .

Scanned by CamScanner
 Q.I ~tttewormQol~
t p·. ; . •• .
.a . ;

-
.C
z
'
4
(

l. (
P\9eotna : . ...... tr\ ~• d\l\)\lgh I.hr uirrct'. mail. Thill 18
~ •~~ ~nd
, .......
The first step is to ~'!de rl.iUl '""'\· "' .....
generally done using~ owling.
'
J. Setup : , !\il lh~y will Slllrt c-rcatlng and
~ phisber ' oof or
oomes to mow wbool to s.p: · Mt~k U& l\i ('U\, •

delivering~ to 00,llect data about the t~~t

3. A~
,-..... •• . . , ., to be from " reputed 0- i·ganization.
The plusher starts. sending messages. em.ill. which ~~m. _

Collection : · d ··
. _n...,.._the :-~-tiul
, tho web~
that. vidimcmtas ID . , or emans or popup wm ows
Pbisbers "VLKI\,~ · lll.lU.llljjl! •

which are aeated by attacker.

Identity tbeft and Corn.rd
. :_,-,..__ ~ thev start misusing information for illegal use.
After gathering WIVl.u.-.-& J .

What is denial of seMCe attack ? l)('C.2012. M.1 2013

Q.3

Ana. : Denial
• of semce. ~...,'buted denial of sen~ is
· and w•.u a type of attack that. .causes legitimate users
....,_,.__,, o r ~ become unavailable to the 1eg1t1mate users.
· or the..-.-..-
unable to use services

Q.4 What a,e the way in which on attack can motflt a DOS attack on the system ?

Dec. 2012. M.1 2013

Ana.:
In this attack. the attacker keeps on sending or makes the network or bandwidth overflow by
e-mails or spam mail by depiving the ¥ictim to ~ services. It is a continuous effort of attackers to
make victim unable to use any internet service or resouroes. The attacker's main target for websites or
services which include financial site bank site or credit card gateway systems.
Tbe ~ netwott which are root for DOS are mobile phone network or credit card gatewa~
network. Buffer overflow technique is med to make denial service attack. What an attackers does is it
· takes packet (where is a unit of data) dime into small chunks, the attacker checks for the IP addreSS of
the particul~ network in~ packet_and floods the network of victim with repeated·request. As IP is 8
fate:, from attacker's, machine. This acts ·consumes bandwidth which let other service to fail or
unavailable for other user. ·
A DOS •ttacl do followiag ldioas :
Flood whole networt with ~ lraffic.

Scanned by CamScanner
 . ~ and system ~"ty (MU)
II

,. [)am8gC connection between two syste,ms so that communication cannot occur.

3.
· . Disrupt services to legitimate users.
4. . Prevents individuals to access network services.
caes-fficatlon of attack s :
(l) Bandwidth attack :
of any
. . Every websi~ is given particular amount of bandwidth to host (e.g. 50 GB) loading
websites takes certain amount of time to display whole webpage.
idth than
I . If more. visitors load particular websites page or consumes whole 50 GB bandw
parocular webSJtes can be ban.
,1- _The attac ~ does the same by opening 100 pages of site and · keeps on loading
and
' refreshing .Consummg all bandwidths to make the site out of services.
(2) Logic.attack :

Attack on the network software to make it vulnerable.

For example : in TCP/IP stack.
(3) Protocol athcks :
This attack. consumes more amount of resources in victims system. It is
an attack on the
particular features of some protocol that are been installed in the victims systems.
(4) Unintentional Dos attack
up.
Sometimes because of huge popularity among users the particular wets suddenly end

a. 5 What are types of DOS attacks ?

Ana.:
(1) Flood attack :
Attack er keeps on flooding or overloading victim's system with 'n' numbe
rs of p4lg packets
to launch but
which resuJt into huge traffic which the victim itself cannot handle. It is very simple
difficult handle.
(2) Pina of Death attack :
for indicating
Sending huge ICMP packet (These packets arc used in IP layer or network layer
which causes
error message). 1be attackt.r sends this huge oversize packet to the victim's system
victim's system to crash or freeze resulting in DOS.
(3) SYN attack :
It is a TCP SYN flooding attac~ a denial of service attack. In TCP handshaking
of network
acknowledgement
connection is done between sender and receiver through synchronous (SYN) and
e. The server in
(ACK) ~ - An attack.er initiates a TCP connection with server with .a SYN messag
reply sends an acknowledgement me.ssage. (SYN - ACK) message.
server to wait
· . · The client (attacker) does not respond back with ackno wledg e~nt which causes
e
-Due to which it is unable to connect with other client This fills up the buffer .space for SYN messag
tie ~ oda formm:::::::::.
··-·!"C mam i~ __ __ __ __ __ __
:.:.;.;__ __ __
'' ," l:,v Slll!t:1 0lt:..

Scanned by CamScanner
 Security (MU)
Cryptography and Sys 4.

,~ 5.

~
6.

~~ 0
A
hand shake
Flg.J2. 1: 3 way
ruze packet to server . C
1. Clients sends syncbro . (SYN)
n in Fig. 12. I.
· s,
d clien I as show
2. . he
t nnect is establis V
YN - AC
. K
pa iednco
)cktoetclan
3. s resespndonsy
ntrs k (S
acck with
dsn-ba A CK
Slie
Cer. ve

eI
..
r
t

.. .. . . .
.. .. .. .. .. .. .. .. ..

full
Connection are aH

ction
?• Legitimate oonrie
is refused

handshake
Fig. 12. 2 : Chaotic
1. all With bad addres
s. ;,,
s llll!ilip le SY N J>ac te t. to
C lieat send , .
to in COtTect address
. 2. .
Y N : A C K J>acte t.
3• . Server Bead S . connection as shown
itional
ca.mot accept add
.
.
P-,g. 12.2. e IJ.8er is deuied . because server
Legitimat
--
.r .

Scanned by CamScanner
 .$."
_-·_.,~y
. .
and System Security (MU)
-
,.
12 5

pped with each other and the receiver is

' ·TeardroP attack: It is an_attack when packets are overla
are send by attacker to hang or frec ,e the
· · '-· . not·able to reassemble them, usually corrupted packets 1
system,
down the affected
• Nuke : It is an attack of sendi~g invalid ICMP packet to the target which slow
5
computer till it is completely stop.
A Smurf program is used
Smurf attack :It is an attack in which IP address broad casting is done.
ate from another address.
to make network inoperable. It builds a packet which seems to origin
victim. Maximum ping and
This packet contains ICMP ping. The echo responses are sent back to
echo make network unusable. r
The various tools used for DOS attack or Jolt2, Nemesy, Targa etc.
'

a. & What are the way in which on attack can mount a 000S attack
on the system ? ■ij§♦1ii•J
Ana.:
uter to attack on another
Distributed denial of service, it ls where an attacker uses your own comp
computer. It takes advantage of loopholes and security vulnerability to
· _·send vulnerability spam or send huge data to other computers. The system
victim computer are called as Zombie systems. Various tools to launc
flood, shaft etc.
take control on for computer to
s which are used for attacking
h O00S ~ttack are Trinoo, Tri~ I.
,,;

Measures to protect from 00S/DDOS attack are :

ine the physical security
Implementing filters on routers. Disable unused network services. Exam
password policies. Using fault
routinely. Maintain regular backup schedules and policies. -Maintain
s Zombie Zapper, find - DOOS,
tolerant network configuration. Tools for detecting DOS/0OOS attack
remote intrusion detector (RID).
Dcc. 2012 .M;i 2014
Q. 7 s used to commit session hijack.
· Explain method_

Ans.:
session- between two
In session hijacking, the hacker takes over the control over the TCP
e user and gain access to other
machines whereas in spoofing the attacker pretends to be the authenticat
machine.•
Steps in smion hijacking : ·
rk:
(i) Sniff the network, by placing itself between victim and target's.netwo
(ii) Monitor the packet ffow between two machines.
(iii) Predict the SYN sequence number.
·(iv) Kill the connection to the victim's machine.
(v) Take over the session.
(vi) Start injecting packets to ~e target server.
Type, of Session Hijacking
I. Active: In active attack ,attacker finds the active session-and takes over.
2. analyses the session.
: Pqsive : With passive attack, an attacker. hijacks a ~ession observes and

Scanned by CamScanner
 j
\

~:=::c~=~tem=:,~secu:;:ri~!Y,l!(M~U~)-----------::::::• ,
12-6 r

Cryptography and Sys -

--
Session Hijacking Levell . transmission between
\
\. th . tercep.tion of the packets du: : to backers providing
be defined as e m • articularly attraC
t. Network level : It ~an P and UDP session. It is p licatio
.
client and server m a TC k hicb is used to attack app n level session.
critical infonnation to the attac er w
Ex. :TCP/IP session hijacking

IP Spoofing
Packet Sniffer (Man-in middle attack) . , .d,
y_rrr n user session by obtaining
session s I
2. Applkatlon level :It is about gaining contro l on n 1 u
thorized access.
after.gaining control it creates a new unau . .
·
Ex. :Sniffing
Brute Force attack
-Misdirect trust . . Ju emaut IP watcher etc.
Various tools of session hijacking are :Wueshark, gg '·
Session Hijacking : Detection
It can be detected in two ways:
t. Manual method :by usfog packet sniffing software.
2. Automatic method : Using IDS(lntrusion Detection system) an d IPS(Intrusion Prevention
System)
Session Hijacking : Prevention
It can be prevented if proper encryption is done, antivirus softw
are is used and proper secure . ,
connection is established.
I.
Q. a What Is mean by buffer overflow ?
Ana.:
It is also known as buffer overrun. It deviates from a standard,
where the process stores data in
buffer overruns the buffer's boundary and overwrites adjacent memo
ry locations. Buffer overflow can be
ttiggered by inputs that are design~ to execute code or· alter
check can prevent buffe~ overflow. the way the program operates. Bound
• .
The languages which are commonly associated with buffe
r overflow are : c and C++, as it
provides no built in protection ~ainst accessing or overwriting
data in any part of memory. Buffer
overflow occur when a process tries to store data in buffer then it was
intended to hold . .
~Q:--.,;--:---;Wha~:;-t::ar:e-;:ty:pe:s;-:o;f;:bu ff:; ;:er ;:o: v:er fl;.o
w=: -:?; ---- ---- :--- ---- ---- --
An,.:
1. Stack based buffer overflow : When program Write •
stack outside the intended data structure, then stacks m mem • , all
ory address, on pro _~ s cere
Buffer being overw ritten is allocated on the stack . ~verflow occurs. The cond
function). · · ition wh
· (i.e., 18 a local _variabl~ or a parameter to 8
2. NOP (No Operation) :It is an as~mbly Ian
..
. ; -. ,
nothing at all. NOP enables developer to forc eS:e ms~ ction
COllllllaild that effective~y do: i:
. .
t: as V - S fl I II l I ll II'., . · · -. mory alignment to act as a place bold er!:. .,

Scanned by CamScanner
 ,:,r:f!'X and sgtem Securify (MU)
-- ~ b) lM:tive instruction later on in
Ml NOP slide. which allows code t
:-1.o. , f ' l2.3 shows NOP
P
rogra
. opeo exe.c
t '
m
d
evelopment. NOP opcode can be used to form
.
ute when exact val ue of instruction nnin
r-•
ter it
12-7

~~m una t~. 1g.

IS>
~ ra ton.
S- , ~ o,•erftow : In Buffer over flow th
nllW data mto buffer then the buffer wa . d ', e ~verflow occurs when an application copies
~t Ni by newQ,mallocQ,calloc() dyna:u c:s11gn alel to co~tain.
me.
heap space is dynamically !he
Y ocated m runti

fativeojump

~ - - -......- -·..- - - - ' :i

-,.. ... ~ ~-... ... - ' . . :! ~
.. -....... . ...-: ..•: ,·•- ,,. . . .. .... -~·-•''· ~:. '" . ·.

Fig. 12.3 : NOP operadon

Oec .201 2 . Dec . 2014

Q. 10 What is SOL Injection ? Give example.
Ana.:
s SQL statements are inserted into entr y
is
It a soun:e code injection technique in which maliciou
cker targets the database organization win e
field of database to dump data base content. Atta
confidential data is stored.
server stored in database table by sending
Its main focus is to get information from th~ database
malicious query since database can be accessible by quer
When legitimate user enters an additional database
y.
via web Jonn, the attacker sends its ~11
1
kers before proceeding always cbe cb wbeth:r
cnmmand through same web fonn field. The attac
orpnizatioo's database bas any loop is it vulnerable
or not.

Steps for SQL Injection :

pages or pages that display HTML
(l) The attacker looks for login pages search pages or feedback
commands·like POST or GET.
• {l) · Attacker checks the source code of the
web page by·right click on web page and view source~

Scanned by CamScanner
 ~~:•~;'! ., '
,'J

!
...'
,,,. ' '
'(
,a
12-.
curity ( MU)
. tography and System Se
Cryp tt.in8
or m > tag </ fo rm >have potential of go
insides <f
<form> tag ~verything
(3) . It checks tenn onse
vulnerabilities. and password. If rc-sp
: ; ts single quote under
the text which ac ce pt s us em am e
erable•
, J
II (4) Th e attac ke r pu
"= 'a ' (so m eth in g lik e) then website is vuln
is an em>r message such
as "a mmand to add
e data or INSERT co
•
I
SE LE CT to retriev
L command such as
(5) A tt ac ke r~ usestabSQ
:· I information to da as
e.
ing SQL Injection :
i.· f 8eneffta for attacker us nization.
:. I . at io n about website or orga FROM
(l ) Obtain ba sic in fo nn
e, pa ss w ord fro m SELECT command
'. I ning usemam
ay ga in ac cess to database by obtai
. ,l ·(2 ) M
command where comm
and.
and.
1
th e da tab as e by ex ec uting INSERT comm
Can add new data to
I (3)
Can modify da ta in th e da tab as e by UPDATE comman
d.
' (4)
SQL Injection : .
Prevention against or administration of
website.
po
I w eb site co di ng an d
happen because of poor
SQL injection attacks ck :
st ep s he lp to pr ev ent SQL Injection ~
Followfng .
es to two single quotes
(1) Replace all single quot icious.
ch ar ac te r an d strin g that should not be mal
any
(2) Check the user input of
also be checked.
(3) Numeric value should 'de
I im m ed iate ly bu t no t be displayeclto tsi rs.
'
(4)
If there is SQL error
it should be modified OU
' ul t server should never
be used.
I
(5) 00 w hi ch is a de fa
i SQL server 20 nt macbine
er be reside in differe
/'
·1 (6) se rv er an d we b se rv
;. Both da. tabase
i],
;
□□□
!
!.

I
.... .
Scanned by CamScanner
 Cryptography and System Security
Statistical Analysis
~;1~1-t :~ s&,<r:: ·
tJi,, .,,, . . ,,,.,.::..,•~,,,,_,.-,'.
• .
-.-J••;.,-... ·.,.,,, '\,j~
~ .. _.,_ -. . ·
• .. ' . "f.•.: ':' ,-•':,t...,}~t.,,
-r",_.¥-~!.. n,-'' 1.·.-, ,.,·--
•·l,.- •.•
• : , ·:
·r, .•v- .2011
.
,,=• .,
' , .

,, '. Chapter 1 · OS-Mark~-·,.,.. · ,,:·•·;·; ·M~ ~-,'. ·..·;"

_I

Chapter 2 11 Marks 05 Mar1<s

Chaoter3 15 Marks -
Chaoter4 20 Marks 05 Mar1<s
. Chapter 5 05 Mar1<s 15 Marks
Chapters 10 Marks -
Chapter7 12 Marks 05 Mar1<s
Chapters OS .Marks · 05 Mar1<s
Chapter9 - 05 Mar1<s
Chapter 10 05 Marks 05 Mar1<s
Chapter 11 15 Mar1<s 05 Mar1<s
Chapter 12 22 Mar1<s 10 Marks
Repeated Questions . 30 Mar1<s

1Dec. 201s 1
Chapter 1 : Introduction [Total Marks - 051
each goal. (5 Marks)
Q. 1(c) Define the goals of security and specify mechanisms to achieve
Ana.:
Chapter 2: Basics of Cryptography [Total Mar ka-1 1]
(3 Marks)
Q.1(a)(I) Define with examples: Substitution cipher.
Ana. : ~-- refer Q. 3 of Chapter 2.
(3 Marks)
Q.1(a)(II) Define with examples: Poly-alphabetic cipher.
Ana. : Polyalphabetlc cipher :
random letter from the
Monoalpbabetic cipher substitutes one letter of the alphabet with any
alphabet, but draw back in monoalphabe~c is that these are fairly
easy to break or this can make the
make it more harder to break the
cryptanalysis attacker straight forward to guess the pattern. So to
concept of polyalphabetic cipher arises it is a way to use more
than one alphabet and switchillg
between them systematically.
Procecl-.re of polyalphabetlc cipher :
1. Pick a keyword (for our example, the keyword will be "MEC").
2. Write your keyword across the top of the text you·want to encipli_er, repeating it as many times as

3· · : : ~ r , look at the letter Qf the keyword above it (if it was 'M', then you would go to the
·
row that starts with an 'M'), and find that row in the Vigenere table.

Scanned by CamScanner
 C
D (15)•2
-
e
1
2

1~ ll(M NO? QRS T v~x ;lic ieF GH I J_K

WXY-:Cl t=GH I K-
<~N OPJ RST !ll
11 II OPO ~ rruiv vxv zA,. ,o ~=G HI JIK_ M
~ ~,PQ RS U~iV YXrl 'l"~o E
X'fZ · ABoi :aF
GHI JKL MN
,HI J KLM ~O
14 ::>eC RSIT JVnl
ts P a R s rr ~ w x I!7 z A ! (; - F G H I
JKL
~ K L M N IQ P
MNO ~Q
t6 :lRS TUlf 1YX Y ABu ~~IG H
R U I/ r, y 7 A , C ID I I I< L M N O p O R_
; ~ ~ ; ~ ~ J ~ _ M N O P Q ~ ~
17
18 i U I/ w I( 't Z A
, W X y_ A 8 J K M N O p Q R ~
19 U
nlX[Y 711tl JC 11:-IG HI KL MIN OP O R ,
20
~ G H U < L M N ) ? Q R S .,'I
21 ,~ '(7A ,CD
22 rrK ZAB _;OE c;H MN0 1t;1 RST J 'f!___

ABC JEF riti J · -.MN OP JRS ITUI I 'flt_

· 23 CY'
24 ~ l_ ' B C IJ I: r: _ G H J 1K Iii N O p a ~ S T U :V 'tY y
25 z~B CDE GH'- I<
n).
I 'w' so the twenty-third columdown
4. plainte~t letter (for examp ;• o~ found before and write the
Then find the column of your
5-. F'mally trace down that rolumn until you reach the ro Y ,
letter ~ the cell where they intersect (in this case, you find an '.I there).
Europe:
. Keyword: MBC MEC MEC MEC .MEC MEC MEC M
Plalnten: wen e e d m.o res up p 1 i es fast
Cipberten : · I IP QI FY ST Q WW B TN U I U RE U F
Thus, the urgent message "We need more supp~es fast!" comes out:
IIPQ IFYS TQW ·WB TNU IUR E UF
rd •domestic•.
a. 2(c) Encrypt "The key is hidden under the door" using Playfair ciph~r with keywo
. . . · . (5 Marb)
.
Ana. : Keyword-domestic :
from left to right.
Keyword is domestic.· 1n the first step all letters are to be filled in that ·matrix
the·letters which .are already beenplaced is not be placed again in that matrix. After filling up of the
alphabetically with 00
given letter, fill rest of the space in the matrix with the rem~ining letters
repetiti~os. The letters I ~d J will be considered as one letter: So If I is alread
y placed then no need to
. place 1 m rest of the matrtx.
d 0 m e s
t
.
1 C a b
f .g ·· h k 1 •

n p '· q ·r - u
V ,w ~ y -z

Scanned by CamScanner
 1
· . ~ -•net System Secunty (MU)
D (15)-3
lh, ... " DJ· "'~ · . a..~
r , aJ 13.tr Ctpa ior (Use foll ,
u ~ USl.-e
dng steps to encrypt., give n word or message) we want to
~ dlt plai n text ntt. .~g c "The key is ~wd1
en und er the doo .
t...: •
. r usmg keyword domestic.
t TIie pu11ntcxt received is to be broken . pau of two letters, if duplicate letter put x
l 1b., ek, ey, is, hi, dx\ de, nu nd er th mcd
I ox, or
1 1 1
I
. Jf 1" - ~ 1~~ .....- -
~ sam e or only one I tt .
.! . ouu •
pai r alphabe t app ear . . e er is l~ft then put X with that alphabet. .
"- If both the l t . .
m same row replace
. ..
(\\fl Pl)l
tilt row).
ng arou nd to the left side of the ro ·r I . e ter with the mun
w a ctter ID the original pair was on the
I
ediate right alphabet
right side of
:- . ,.
''::.$°~7-
:,c,:.;..-:::
-=-

, S. lf both letters appear in same'de

(~
. side of the column).
around to the to
column · 1 . . .
rep ace ~t with alphabet immediate belowon the bottom
p s1 of the column if a letter in the orig
· ·
inal pair was
to that letter
I
~
.

........,._
"--'-
:

6. If none of the condition explain.ed fabo ve mee t, then replace them with the letters on the same row E
~-·
respoctivcly but at the othe original pair.
~c. .- abo . . . r pau o comers of the rectangle defined by the
l'r
,,. ~q vc matrix for the same.
di -➔ Step 6 ➔ cf
ck ➔ StepS ➔ ar
ey ➔ StepS ➔ ae
is ➔ Stcp6➔ bo
hi ➔ Step6 ➔ gc
dx ➔ Step6 ➔ mv
de ➔ Stcp4 ➔ os
nu ➔ Step 4 ➔ pn
od ➔ Step 5 ➔ vt
er ➔ Step S ➔ ay
th ➔ Step 6 ➔ cf
ed. ➔ Step 4 ➔ so
ox ➔ Step6 ➔ mw
or ➔ Step 6 ➔ ep
1bc plain text message ''The key is hidd
en under the door'' encrypted as :
cf, ar, ae, bo, gc, mv, os, pn, vt, ay, cf, so,
mw, ep.
tal Marks - 15]
Chapter 3 : Secret Key Cryptography [To
tel structure. (10 Ma tb)
Q.4(a) Explain working of DES detailing the Fles
Ana.: PIN N refer Q. 1 of Chapter 3.
(5 Marb)
A.
Q. l(V) Write in brief about : Key generation in IDE
hm (IDEA) :
Ana. : International Data Encryption Algorit in
a block ciph er algorith m des igne d by Xue jia Lai and James L. Massey of ETH-Zurich
It is m. It operates on 64-bit plaintext and
1?9.1. It is a modified version of Data encryption S14Ddard algorith al 8
ks and key use d is of 128 bit It was used in Pr ett y~ Privacy POP v2. Tot
~ t bloc round
of rou nds are don e using 6 key s in eac h round. Like this 48 keys are there and in last
OUJ:nbcq rations performed
4=5 2) are used for both encryption and decryption. The ope
~ 4 key s (6* 8= 48 +
Ill this J>rOOess·are i)XOR ii) Additio
n iii) Multiplication
. '

. ' . ·.

Scanned by CamScanner
 0(15)-4 ·
.. ---------.._
!!._)_ _ _ _ _ _ _. . : . .
~'Cryplog~~raphy~~and~~Sys~te~m!!S~ecu~rity~~(M!!'.U

. . b. art. Then this 128 bit key is

1 .
Key generation process: . i.e. 16 bit m eac h su p . .
bit key is
• s . 128 b't key . Similarly this 128
bit keys arc divided mto 8 sub part hi h 5
The 128
itions an d gencrates a new i ss is repeated from w c 2
...u ... 1.,.. hiftcd to the left
by 25 pos proce ·
"~._ .._ s into 8 sub blocks whi.ch wd . I be used in next round. .The same
divided
teys are gcocrated. Table 1 show sub bloc
ks of key generation.
cks
Table 1· : Encryptto_. of the key sub-blo
(1) (I) (I) . (I) Z(l) z'l)
Round 1 z1 z2 z3 z4 s 6
(2) (2) (2) (2) z'2) z'2)
Round 2 z1 z2 z3 z4 s 6
<3>· <3> <3> <3> z<3> zo>
Round3 z1 z2 z3 z4 s 6
<4> <4> <4> <4> z<4> z<4>
Rou nd4 z1 z2 z3 z4 s 6_
. (5) (5) (5) (5) (5) Z(S) ·
Rou nds zl z2 z3 z4 Zs 6

(6> (6) <6> (6) z'6) 2 <6>

Rou nd6 z1 z2 z3 z. s 6
Round 7
m m m z4C1> z<7)s z(7>6
z1 z2 z3
(8) (8) (8) (8) Z(8) z<8) I
Rou nd8 z. z2 z3 z4 s 6 I

rI
<9> (9) c9> (9> · (
Output Transform 2 2 2 3 2 4
1 2
t-
2. Encryption: i
s of eigh t iden tica l enc ryp tion step s (known as encryption r~:mnds) followed
The process consist
transfor mation . The stru cture of the firs t round is shown in Fig. 1-Q. 6(v).
by .an out put
h two of the 16-bit plaintext blocks usin
g ·
r 16- bit key sub -blo cks are com bin ed wit
The first fou + l. The
o 2
16
and with the oth er two plai ntex t blocks using multiplication modulo 2 16
addition modul ,
third
pro ces sed , whe re two mo re 16- bit key sub-blocks enter the calculation and the
results are then tion round
the bit- by- bit exc lusi ve OR , is used. At the end of the first encryp
alj jdn ic group ope rato r,
a partially
ed whi ch arc use d as inp ut to the second ellCryption ~u nd in
four 16-bit valu es arc pro duc
changed ordeL .

cribed abo ve for rou nd one is repeated in each of the subsequent 7 encryption
The proces s des
sub -blocks for each com bination. During the subsequent oulplll '
lllWlds using diflmnt 16-bit key
bit values pro duced at the end of the 8th encryption round are combined
tnmsfunnatioo, the four 16-
Irey sub-blocks using add itio n modulo 216 and multiplication modulo
widi tho last four of ~ S2 r 16-bit ciphertext blocks. ·
216 ·-f:' 1 to form the resulting fou

£4 W ,it r. lli ill l

Scanned by CamScanner
- 1_•.

is
is
2
' -

First
round

7 additional rounds

Output
Z 1(9) transform
(9th round)

Cipher text 4 x 16 bit

EB -Bit-by-bit exclusive OR of two 16-bit subblocks

.EB - Addition module 2" - 1of two 16-bit Integers

0 --Multiplication module 2" + 1 of two 16-blt Integers, where
·
sub blocks of all ~eroes corresponds to 2"
Fig.1-Q. 6(v): The IDEA structure
3. Decryption :
Table 2 : Decryption of the key sub-blocks
Round 1 (9) - 1 <9> (9) (9) - 1 C9> (9)
Z i 22 23 Z 4 Zs 26
Round 2 (8) - 1 (8) (8) (8) - 1 {8l (8l
Z I 22 23 Z 4 Zs 26
Round 3 (7) - I (7) z(7)
2 2· 3 Z
(7) - 1 (7)
2s 26
(7)
Z 1 4 -

Round 5 <SJ-.1 z'~ zcsi z<SJ- i z<SJ z<5>

Zl 2 3 4 S 6

I (3) (3)
(3) - 1 (3) (3) (3) - I

1t --
Round 7
Round 8
z I

I
2
Z
3 4
Z 6
Z
z(2)- I z(2) z(2) z(2)- I z(2) z(2)
2 3 - 4 S 6
Zs Z

(I) (I) (I)- I

Output Transfonn z(1)-1
1
Z
2
Z
3
Z
4

eia11a,,._.,,,,111,1
Scanned by CamScanner
 -~ - --
!

Cryptography an
d Sy1tem Secur
ity (MU)

fo r decr
·
yption o
f the CJ 'phertex•
t is
d
es
e
sentia
c ry
•
:o
0 (1SlA ;I
~
. ,
lly the same as 1n ;
, :
~ . ~ach of the_s2 ,
--
c ry p

- The computational proceH us ed rated du nn g 1.

t ke y su b blocks are gene key sub-b~ock .0 unng encryption.
z.
Here on ly 16 bi e o f the reverse the ·
encryption proceBI. used for ·decryption is the invers during decryption 10 order to
ocks r
16•bir key sub-bl
ust be us ed in the reverse orde 3.
ks m
The key sub-bJoc 2.
as shown in Table otal Marks • 20
] 4.
encryption process
Chapter 4 : Publlc
Key C ry p tog ra p hy (T
Is defined as (7 , 119) . C al culate fn and
?
Private -
a .:
the public ke y (e,n) of user A using the public key
In an RSA system u encrypt message m = 1O, (10 Marke) ·
Q. 2(•)
e cipher text whe
n yo An
key d. Whal Is th

An1.:
select e & a.
y ualn g R SA al gorlthm : ven, m ea ns we d o n 't need to
B (7,119) is gi
Je~ s~ m e n t Public key (e,n) =lts n = 119 as shown below. Ar
. In the prob mg pnme numbers which resu
n. if we seJect foJJ
ow
rs are 7 and 17 a = =
7, b 17
Prim e nu m be
Step 1 :
b = 7 • 17 = 119. Q,
Step 2 : n = a • = (7 - I) • (17 -1 ) = 6 • 16
= 96
(a -1 ) • (b -1 ) (n)) = 1
Step 3 : ,P(n) = ely pr im e to ,t, (n) i.e. gcd(e, 4>
lativ
e such that it is re ent. A
St~p 4 : Select lem em stat p
e = 7 as per prob at
te d such th
Step 5 : Calcula 1
I
(n)
d = e- mod,t, ct
.: :
ed mod It, (n) =
1 b
7 •d m o d 9 (5 =
1 I p
m
Using RSA algorith
1
6•
i = 1 to 100 - (9 1 + 1')11 = 13.85
1)17 w he re
d _= ((f(n) *I)+sible b ' ' . - .
com pletely divi Y e .
be
d must
*2 ) + 1)11 = 21
)/ 7 -
.57 = ((96*3) + 1 - 48.28 ((96*4) + 1)11
= =55
= . ((96 -
d = 55
y = {e, n J : (7
, 119} .
Step 6 : :: b li c ke
te key = {d, n}
= {SS, 119}
• va .
text message m = .
Ste te cipher text m 10
p 7 • C alcu la r given plain '
r·
as P = lOessa de
g( e fo
Plain text denoted m noted as p)
C _ od 119= 1 ~-
o d n: 10 1 m VV UUU J1
¥)d 1J 9
·c - 73 p em
.
VV
: -
lculate pl am.
Step B: N . ow ca text p req •Jred at the time of dee .
nder sends 40 to rM
U se
te Plain text p. ~
ceiv er can IYP tion. Once
receiver then re aJ cu la
P = C" m od n = ?i 'c .-
mod 119
Now represent 40'' 19 wi]J
.
p ti o n = q mention above itaJ results P as I0. .
·Because d= 7J5'
e c ry
s always Yields 0rig
in
message /pJ!l-iu.. te X
t
I
I: .

:. . P
P· = 10 mod 11
9 =10 ·
I
' :
'
r ..

,.,
1
; ,· ..

Scanned by CamScanner
 ........... .... --ii!QJ,.11111--■PRIIIIIW\UIII\HI S .• IUUillllllJIIIWIC;;. .,

·, cunty (MU)
oiyptography and Syetem s,_
~ · -· D (115)-7

fbtte are tour pos.4ilble attacks on RSA 118 foll OWN,

€. , lllO k0yri
1, Bnate force attack : Hnckor tries, uJI !)OHSibl C Pl'IV
. ,
J. Mathen,atJcaI attacks : Hnckors nttno.k. 8 on n I.e. 11.Iott ,to. lactorb,0 the product of two prime
numbers.
Tlmlna attacks : It totnlly depends O . •
3,
time decryption aJgorithm.
of
4, Chosen Cipher text attack: Hncke '.\~nnlngnUu ck on the propertieH of RSA algorithm.
a I es to
-
Q. 9(1) Explain how a key Is shared between tw ies ualng Dlffle Hellman key exchange algorithm
.
What Is the drawback of this algorithm? o part
(10 Marke)
Ant, : P...,e refer Q. I of Chapter 4•
[Total Marke • OS]
Chapter 6 : Cryptographic Hash Function,
a. 3(bKI) Differentiate between : MD-5 and SHA. (5 Marke)

Ana. : Pleau refer Q. 4 of Chapter a.

tal Marks • 1OJ
Chapter 8 : Authentication Appllcatlona [To
e
e and explain the use of a digital signatur
Q. 2(b) Give the format of X 509 dlgltal certificat (5 Marica)
In It.
Ana.:
:
Publlc key certificate/ dlgltal certificate
to identify peop~e and resources over a insecure
Digital certificate is an electronic file that is used on
ificate also enable secure, confidential communicati
channel or a networks called Internet. Digital cert coun try, our
For example when we travel to another
between sender and receiver using encryption. similar
tity and gain entry. Digital certificate provide
passport provides a way to establish our iden e certificates
tificatio n in the elec tronic wor ld. The role of Certification Authority (CA) is to issu
iden CA is to
the role of the passport office, the role of the
with authorized digital signature. Much like by
the certificate own er's iden tity and to "sig n" the certificate so that it cannot be tampered
validate people,
ficate, the owner can present their certificate to
unauthorized user. Once a CA has signed a certi for confidential communications over insecure
netw ork re.source s to prov e their iden tity·
web sites and
l
channel. ture of digital certificate. The Internationa
A standard called as X..509 defines struc ture of
standard in 1998. Fig. 1-Q. 2(b) shows struc
Telecommunication Union (ITU) pennitted this nn~~on
_certificate ~ypically includes a variety of. info
X.509 digital certificate. A standard di~ital honty (a trusted agency that . can issue . d1g1tal
its owner and to 'the Certification Aut
pertaining to
certificate) such as : ar version of the X.509. Current version is
1. CertHlcate version number : Identifies a particul
X.509 v3. .
number generate~ by certification authority.
2. . Certificate "rial number: Unique integer
algorithm used by the certification authority to
3. Algorithm for signature ldentlfter : Identifies
.
sign the certificate. · ed the certificate.
ation Authority that issu
4. Certlflcate Issuer name : The name of the Certific
of the certificate (astan and an end date).
S. Valldlty Details: The validity period (or lifetime)

·l ·· . ..

· ·'-DNWMNl■illi
>i.··,. . .
' , . '

Scanned by CamScanner
 D (15)-e
--.:..-
:)~~---- -----------
UU
em Security ( M M
Cryptography and Syst
ents
Digital Certificate cont
mber
Certificate version nu
ber
Certificate serial num
e identifier
Ah~orithrn for simatur
e
Certificate Issuer nam
Validity Details
e owner
Name of the certificat
e owner
Public key of certificat
r
Issuer unique identifie
ier
Owner unique identif
e
Extensions to certificat ure
y (CA) Disrital Signat
Certification Authorit . . . .
ig ita l ce rt ifi ca te
ure of x.509 D id en tif ic at io n m fo
nn at m n
Fig. t-Q. 2(b) : Struct e ow ne r an d ot he r
of th
te owner : The name . _
6. Name of the certfflca an d contact details.
d for iden tifyi ng th e owne r su ch as em ail id
bl ic ke y, w hi ch 1s us ed to encrypt
require ner's pu
y of ce rt fflca te owner : Certificate ow .
7. PubU c ke
rtificate owner. . y
confidential in fo rm atio n of the ce
i.e .
_ w he th er si ng le C A signed it or is an
uniquely
8. Issuer wuque iden tffler : Indentify the CA
. · the same
· CA using same details iq ue ly if tw o or m ore ow ne r has us ed
r un
ler : Indentify the owne
9. Owner wuque identff l private
name over a time. ld w hi ch al lo w s a C A to add additiona
tional fie n 2 or 3,
10. Extensions to certfflcate: This is an op fie ld s ar e ca lle d as extensions of versio
ese additio nal
informatio n to a certificate. Th ·
respectively. e ce rt if ic at e, th is in
formation is
e : In cr ea tin g th
11. CerUlicadon Authority (CA) Digital Signat signature on the certificate is like a tamper-
ur
the. issuing CA. ~
~A 's ed.
digita!Jy signe d by
m pe nn g w ith th e co ntents is easily detect
aging any ta
. detection seal on pack ?
nfid ttnti~ ity an d au thentication in emails (5 Marb)
es PG P achie~e co :
0. 5(b) Ho w do
curity : pretty gOOd privacy
Electronlc mall se
An1. :
L PGP Authentkatlon : ·
he W ants to send di gt·tan y s1·gned
Re) an d a
bas (p
Ramsaeageb m rivate/public) key pa ir (Rd/
I. to Suresh.
mes in SH A(m). .
H A -! to obta
sage Wling S
2. . Ram.sh bashes ilJe hash using his private ke Rd
mes . .
xt c given by
3. Ramesh encrypts
the Y to obtain c1pherte
. · c = CDcrn>tact(SHA(m))
e
4. Rame.h sends th ,--. m.c to Suresh .
~ ir (. )
,
ive s (m ,c ) an d de cry c in signature S
5. Sure sb n,ce
es h 8 public key Rd to obta
pts USing R am
ha sh o f _s = ~(c)
6. He com pu te s th e
1 t
_ ~ s hash valu e is equal to S then the
d .if
essa ge is au th en ticat ed . m UJJDg· SHA. an
m
sage is
Sufesb is sure that the me, d that is . do es come from Ramesh. Furthennorete
Ratneih cannot hdtr wdeith ny lendi . COrrect an e since only Ramesh has access to his priva
. re bw~:g the ~bhssc ag
~r- u v e l'U key Rd.
by Rd w hi ch .,,,o rb
·
..
.- -:,~11by,i&
·Scanned frs1a1i
CamScanner
· ----- '
 ...ntograph)' and System Security (MU)
C•,~-
-,.-- ~~====:--=-.:..--.:.__ __ __ __ __ __ __ _~~ ~
D (15)-9
-
z. PGP confidentiality:
I. Ramesh wishes to send Suresh a confidential messa
2. ge m.
Ramesh generates a random sess1·on key k tior a symm etric c · tos
Ramesh encrypts k using Suresh's publ'1c key Be to get ryp ystem.
3.
k' = encrypt8e(k) ·
get ciphertext c
4. Ramesh encrypts the message m with the session key k to
c = encrypti,;(m)
5. Ramesh sends Suresh the value s (k',c)"
6Su resh · ,
· recei ves the values (k ,c) and decrypts k' using his private key Bd to obtain k.
k = decrypt8 d(k')
7 recover the message m
· Suresh uses the session key k to decrypt the ciphertext c and
ffi = decryptic(C) . .
way to provide security for
Public and symmetric key cryptosystems are combined in this
key k is used only to encrypt
key exchange and then efficiency for encryption. The session ·
message m and is not stored for any length of time.
3. PGP authentication and confidentiality :
ined so that Ramesh can ·sign a
The schemes for authentication and confidentiality can be comb
The steps required are as follows :
confidential message which is encrypted before transmission.
Authentication scheme
I. Ramesh ge~rates a signature c foe his message m as in the
c = encrypiRd{SHA(m))
2. Ramesh generates a random session key k and encrypts
the message m and the signature c
using a symmetric cryptosystem to obtain ciphertext C
C = encryptic(m,c)
3. He encrypts the session key k using Bob's public key
k' = encryptee(k)
s
4. · Ram esh sends Suresh the value (k',C)
to obtain the session key k
5. Suresh recieves k' and C and decrypts k' using his private key Bd
. k .= decrypted(k')
6. Suresh decrypts the ciphertext C using the session key
k to obtain m and c
(m, c) = decryp~{C)
it he uses Ramesh public key Re to
7. Suresh now has the mess age~ In order to authenticate
decrypt the signature c and hashes the message m using SHA-1.
If SHA(m) = decryp~e{c)
Then the message is authenticated.
Chapter 7: Program Security [Total Marks• 121
(2 Marks)
Q.1(a)(III) Define with examples: Salami attack.
works on "collect and roundoff' trick.
Ana. : It is series of small attacks which results in large attack. It
takes ~vantage of rounding. operati~n in
It is a fraudulent practice of stealing -money repeatedly .' It
fractions of_amount remained will be
financial transactions. It always rounds down and thus the
go undetected. Such type of attacks can
· transfered into some another account Thus the transaction will
be easily automated.
. (5 Marks)
G.1(b) With .the help of examples explain non-malicious programming errors
.Ana.:
.
,,._. reter
..
·a. . 1 ,a. 2 and. Q. 3of
.
.
Chap
.
ter 1.

C..IJIIM♦itiiiit•ilfli- -.· . I -

Scanned by CamScanner
 (
0(15)-10 ...
I
[.
(5 Marki) I
i
t.
Q. ~ ) . Write In brief abOut ; Viruses and their types
.
t'
. d· ks
Ana. : type s of vlru• : like disleclll and hard dnves, ".11 M1.s as:rBha rd '
ll _ _., ,,1,,, .... 11 inf..:ls tlte ,1omg.• media II d B t Secto r This boot carrie s r oot '
. . - • . .
sen~s ""-"'t,tin ~tor and the first sector is ca ~ as oo
t . . . feet itself sector while
The virus h te
Rc!\."L'l\i whk.h is used to read and load operating system.
in
if same disk is share d to ot er syS m.
~b-.-x'<i~ systcn, B~'IOt sector also spreads other computers · · these virus gets opened
·
l"r-o8ram \'lrus : A program virus gets active when program
contammg
(l)
(.bin•.c.,-c, .twc), once if gets open it starts copying itself and
infect other program.
Muldpardte virus : It is combination/hybrid of boot secto
r and program virus. It infects the
(3
program files. Wben this virus is active it will affect boot
sector also after booting or starting up

it will affect other computer also. a stealth virus it tries to disguise

4 S1ealth virus : ''Dubbed Brain" the first computer virus was
it. It alters the file size, concealing
itself, so that antivirus software may not able to recognize
file's memory and so on. to get undetected. Usually it
(5) Polymorphic virus: It keeps on changing it patterns or signature
actual virus of the
~ Jil"C a 'cbamleon'. These are not actual virus, it is a virus which hides
system.
has macro supportive language. These [
Macro vinas: Applications such as MS word, excel sheets
virus infects victim every documents once it get into victim
s systems. 1

ol active X enable to function I

(1) Active X and Java control : All web browser need java contr !1
settings of browser to check for
~ · A w ~ is needed about managing and controlling
eaabl ing or disabling popups, downloading files and
sounds, since these can invite virus which
c.an affect computer by downloading unwanted software.
. !
Chapter 8 : Operating Syste".1 Security [Total Marks - 05)
!
(5 Marki)
Q. 6(1) Write in brief about: Operating System Security.
AnL : I.
Operating system secu rity:
Memory and add.r eg protection :
o . .
Due to memory protection the process can access the mem ry whicl,t is allocated to it only. It
cannot ~ tbe memory which is not allocated to .t Th .
othe.r ~ of operating system. Following are the t~~ . us it
pre~ents spr ~g of bugs or malwares in
1. F'ixed and variable Fence 2 ruques for memory and address protection,
3. Segmentation · · · Base / Bound
S. .Pa 4. Paging
ged Segmentation
. .
FIie protection mech anism : In multi · ·
ill
other so that they user operating syste users must be protected from each
.. . . . . w not be able to modify each , ms
secunty m mulbuser operating systems ~ other s files. Following are the ways for provimng
.. .
So an AB-None System (ANS) : In earlier IBM operaµng •
~
syste all .,
. Yuser could have access to .
cc . · .·. m .. files were by default publiC· :.
··. and it must ·he locked with any ther users files, But
passwords by an administr rtain files m the system are very ~
0
i;
.lils easv - s01u11ons ator. - However to - provide access$ ,.
•· ~
. •\ I

Scanned by CamScanner
,·.· ( )_ 1
) · · ··c,yptog·raphy and System Security (MU) 0 15 1

----
adfllioiStralOr passwords are required which again limits acces
s to that files. All none system thus
eptable due to following reasons, .
. provides either full access or n~ ~~- But this approach is unacc
assumed that all the users
Lack of trust : Every time it 1s not possible to trust other users. It is
anywhere.
..,e using system with good intension. But this assumption is not justified
Too course : It is hard to provide selective rights to selective users . .
with each other.
Rise of sharing : Due to time sharing concept users always interacts
Complexity : Every time human intervention is required.
may browse other files also.
File listings : File lists are maintained for users. But interactive user
a new modified approach is
Group protection : Due to so many drawbacks of All None system
introduced where groups of authorized users are created. then
access is given to these authoriz.ed users
groups. This scheme also has following disadvantages,
s. i.e. one person one group ;
Group affiliation : One member cannot be a member of two group
nts to get involved into two
Multiple personalities : A single person may have two accou
different groups.
All groups:
the world.
Limited sharing : Files can be shared to only within groups or to
ple files can be locked. But
Single acceu permissions : Using passwords the single or multi
again this scheme has dra\\'.backs like forget password,
attempts to provide a correct password, leaked
password etc.
Per object and per user protection : In the groups ~ffer
ent objects can be assigned to different users.
New users when created their access rights to different objects
are also specified also.
two different reasons :
User authentication : Authentication is basically perfonned for
nn an operation. · ·
1. To check whether a requesting user is having pennission to perfo
2. To pedorm an audit trial i.e. who performed what operation.
Authorization:
or a server gets pennission to
Authorization is the process by .which an entity such as .a user
perform a restricted operation.
F~llowing are the commonly used au~entication techniques :
m itself. Based on the type of the
1. Local user authentication : Verification by the operating syste
Guest
user different access permissions are given. Ex : Administrator,
to check whether it is safe
2. Network host authentication: Verification of remote server in order
to submit data or not. Ex : Digital certificates on the webs
ites.
te servers.
- ·3. Reino&e user authentication :'Verification of a user by some remo
Ex : User verification by sending usemame and ·password.

Chapter 10: IDS and Firewalls [Total Marks - 05]

(5 Mar bf
q: 3<b)(II) Differentiate between : Firewall and IDS.

Scanned by CamScanner
 ~~~-~· ~~-~~S~~-ty~(~~)_ _ _ _ _ _ _ _ _ _ _ _ _D_(........:1~~~
(
\.
~ryptography $nd System ecun r

""•· :·01tterence Firewall.and Intrusion Detection

Firewall
siystem:
Intrusion Detecdon System -- \
V·
\
I.
Sr.
No. detection system-- t
Only network intrusion
1. A firewall device filters all traffic between monitors the inside & outside network traffic. ~

intranet and extranet.

Different types of IDS are :
2. Different types of firewalls are :
Network based IDS I.
Packet filtering gateways
Host based IDS
Stateful inspection firewalls
Active & Passive IDS
Application proxies
All network traffic doesn't passes through
3. All network traffic passes through firewall. activities
IDS. It monitors the malicious
inside the packet. -
IDS block the packet by using well known
4. Firewall blocks the traffic or packet by using
signatures or using set of ·rules.
port numbers or using certain policies. -
Increase in network traffic does not affects
5. . Traffic increases because of more number of
policies set in the firewall. on the speed of IDS.
Ultimately it affects .on speed of a network.
6. ·well known firewalls are Sonicwall Symantec, WeH known IDS are SNORT & SAX2
McAfee.

· Chapter 11 : IP Security _(Total Marks - 15]

a. S(a) · List the functions of the different protocols of SSL. Explain the handshake protocol. (5 Marki).
Ana. : Please refer a. 6 of C~pter 11. ·

Q. S(c) Differentiate between the transport mode and tunnel mode of . .

au_thentication and confidentiality are achieved using IPSec. . IPSec and explain how
Ans. : Please refer Q. 1 and Q. 2 of Chapter 11. . (10 Marki)

Chapter 12 : Non-Cryptographic Protocol V I

. [Total M k u nerabllltles
-
Phlshlng
. IF.
' • ,
_ ar s -22]
h.. · k. ·
Q. 1(a)(lv)
. , . · Session 11ac mg.
Define with examples.
(2 Markt)
Ans.: Please refer Q. 7 of Chapter 12. l
What is a Denial of service attack· Wh at are the diffe· t · -
rL
·
. .an attacker can mount
Ans.: ·
8 DOS. .attack on-a sy~tem? . ·
P"8se refer Q. 3, Q. 4 and Q. 5 of Chapter 12_
ren ways in which
· (10 Marllt) i
q. 6(11) . Write in brief about : Buffer overflow atta k !,
v·
Ans.:
- '-.
·p1ea
- 88 refer Q.
·
8, a. 9 of Chapter 12.
c· ,, (5 i4a,tcs) k
.bo;urtt~:~~~~s;poo;;;jifin~g;::::_:::__ _ _ ___:.__:____~--...:.. '---~~~_
-~11i,)~_lwMr1;te;-~in~brine;,t~a;
.a~-.6{1~
. -~
___..,,
(5 Markf) f,_\ .· ;
,,·
r.asv-so11 111nns f,i__
,. '
,·

Scanned by CamScanner
 D (15)-13

' . _,,.. ~
IP spoofing :
In this attack, attacker establishes a large number of "half-open" connections using
IP spoofing._
™· attaeker first sends _SYN packets with the spoofed (faked) -IP address to the victim
in order to
s with SYN/ACK
· establish a connection. The victim creates a record in a data structure and respond
message ACK for
message to the spoofed IP address, but it never receives the final acknowledgment
to respond to the
establishing the connection, since the spoofed IP addresses are unreachable or unable
out period, the
· -sYN/ACK messages. Although the record from the data structure is freed after a time
overflow the data
attacker attempts to ·generate sufficiently large number of "half-open" connections to
structure that may lead to a segmentation fault or locking up the computer.
n two
In session hijacking, the hacker talces over the control over the TCP session betwee
gain access to other
· machines whereas in spoofing the .attacker pretends to be the authenticate user and
machine.
Steps In session hijacking :
1. Sniff the network, by placing itself between victim and target's network.
2. Monitor the packet flow between two machines.
3. Predict the SYN sequence number.
4. . Kill the connection to the victim's machine.
5. Talce over the session.
6. Start injecting packets to the target server.
Types of session hijacking :
1. Active : In active attack , attacker finds the active session and takes over.
session.
2. Passive : With passive attack, an attacker hijacks a session observes and analyses the
Session hijacking levels: · _ _
Network IeveI .• It can be defined as the interce
. ption of the . .n
. transmission betwee
. packets during
1. s providing
. .attracti
· larly ve to hacker
• and
client · server · m· a T·c·p and UDP · session. It is particu . .
• · lmonn
cntica · to the attacker which is used to attack apphcation level session.
· fi ation
Ex. : TCP/IP session hijacking
IP Spoofing
· . . . , .
Packet Sniffer (Man-in mjddle attack)
2. · about gaining, control on HTTP user- session by obtammg session s 1d, _
Application· 1eveI : It 1s
after gaining control it creates a new unauthorized access. ..

Ex. : Sniffing
Brute Force attack
. Misdirect trust · · .
Various tools of ~ion hijacking are -: Wireshark, Juggernaut, IPwatcber etc. -

Scanned by CamScanner
 1
5)~
( -.:...
_ _ _ _ __ ___o--:...
··-~c~ry~pt~og~ra~p~hy~a~n~d~S~ys~te~m~S~e~cu~rity~(M~U'!.!.)_ _ _ _ _ _ _ _ _

Session Hijacking : Detection

It can be detected in two ways :
. 1. · Manual method : ·by using packet sniffing software.
Automatic method : Using IDS(Intrusion Detection system) and IPS(Intrus
ion Prevention
2.
System)
·Session Hijacking ·: Prevention
is used ancl proper secure
. . I~ c~ be prevented if proper encryption is done, antivirus software
· · ·
connection 1s established.
□□□

..
,·

. ., .
<

,• '

. .• . . . ~·
'. -:·'
. ' '. ... : .,·, .
.._. ' -.

. ,,
· ., , ,. -·

. . .. .

•
.. ·.
'\ , I

_., • . ' i

Scanned by CamScanner
 _____ (~~)-
_!!_M~16
__
~~rap:..-h.:...yand te_m_Sec_u_rity_(M_U.,;_)_ _ _ _ _ _ _ _
sy_s...... 1

[ May 20161

Chapter 1 : 1,ntroductlon [Total Marks -10]

ve security. (5 Marks)
Q. 1(b) List with examples the different mechanisms to achie
Anl· : Please refer Q. 5 of Chapter 1.
(5 Marks)
a. 3(1) What is access control ?
An•• : Access control :
the access to the host systems. It prevents
Access Control is the ability to limit and cont,ol i.e.
to prevent unauthorized use of a resources
unauthorized use of a resource. The service used wha t are
r what conditions access can occur and
complete control oyer who can access to resources, unde
different accessing methodology.
h is to be made available only to legitimate user.
, For example : It controls the access of resources whic
rce or network and what is allowed to ·be done
Secondly it looks to the conditions of accessing the resou

I
l
l
to the resources.

Q.1(b)
Chapter 2 : Basics of C!Jetoaraeh:( [!_otal Marks

Explain with examples, keyed and keyless transposit

ion
• 05]

ciphers. (5 Marke)

Ans. : Please refer a. 4 of Chapter 2.

- 15]
Chapter 3 : Secret Key Cryptography [Total Marks
(10 Mark•)
a. 2(b) Explain working of .DES.
Ana. : · Ple a• refer a. 4(a) of Dec. 2015.
(5 Marke)
a. &(v) Write in brief abou t ; IDEA.
Ana.: Ple a• refer a. &(v) of Dec. 2015.
ks ~ 05]
Chapter 4 : Publlc Key Cryptography [Total Mar
rithm. (5 Mar ke)
Q.1(c) Elaborate the steps of key generation ~sing ASA algo
Please refer Q. 2 of Chapter 4.
I Ans.:
Chapter 5 : Cryptographic Hash Functions [Total
Marks·- 1O]
1 Q. 3(b) What is a digital signature. Explain any digital signature
algorithm In detail. (10 Mark•)

l l
Ana.: Pleaae refer Q. 5 of Chapter 5.
hentlcatlon Applications [Total Marks - 15]
1: Chapter 6 : Aut_
(10 Marks)
i
·' Q. 4 (b) Explain working of Kerberos.
. t
•.
. .Ana.: .
Plea
. ee me rQ. 1. of Chapter ·&.
·j
. (5 Mar ks)
Q,8(Q .
·'• · . Write in brief about : Email security.
An,..: Please refer Q. 6 of Chapter 6•
.
.-.. ~ '
... _ ~ .
-_.,;

.. Ii• .
Scanned by CamScanner
 (16).~

--
~
security (MU) ~ Cry~
· .
Cryptography and Sys tem S urltv [Total Marks - 05]
grarn ec -- .
Chapter 7 : Pro
clasi
The:
hig,h
nece
(S
and address protection. '-'•~1 , be g
a. 5(b) What are the various ways for memory info,
8 ·
Pl ••• refer a. 1 of Chapter · - 05]
Ace
An•. : 9 Database Security (Total Marks AU
Chapter : ope
(S Ma'b)
ieve access control.
a. 3(1) How does the Bell La Padula model ach
. An1. : The Bell-La Padula Model
(BLP) :
ion of the Ac cess ~a trix mo del witb classified data. This mOdel has
Bell-La Padula is an ext ens to use Q.
ication and Set of cat ego nes . Be ll-La Padula model shows how
two components, Classif
Trojan Horse.
~andatory Access Control to prevent the Al
a secure system are :
Two main properties of this model for a higher
me ans : A sub ject at a giv en sec urity level may not read an object at Q
I. Slmp~e security
secunty level (no read-up). A
ject at a giv en security lev el mu st not write to any object at a lower
2. Star ~roperty means : Aow sub
secunty level (no write-d n).
ation.
s model guaran tees secrec y by pre ven ting unauthorized release of inform
Thi
C
J

Secret

Confidential

Unciaaslfled

File A
Lable: Top Seoret +- Write only
-
FIie B
labia: Sec,at ♦ R9lld/Wrtte
...
· FUec ···
~b le : Confidential - AEHld only

-
.' ,

eas 11- so1 111 101 1s

Scanned by CamScanner ----
(16).~
~.
c; -~

:, , .
·,.. ·t1ea
.. ,1ass1
::;~;;;:~·:·:::::-:-=~~'--__:__-:-----~~
. :: >:,~:-:'.: ,~phyand System Security (MU)
.,·;,;;.,ol09· ··p
'. ·. ::- :A
- riate
. p;op
info rma
.
access rights .and permiss·ions must be
tion . Con fide
.
ntial informati on can be se gran b
ted to individ uaJ s before th
. ey 0can see
M (16)-3

·
ret or Top Sec re t .mformation en Y those who ha ve permissio nt .
ltk ..,· , ... are not tJ1Jsted to see Sec b D ~ see 1t.
.. •,1ttY ·· 'II the reverse as shown i F · ata flow oper at es 1rom Jo 1
,-~hr Jevels. It w1 never e . Even if someonewer evels to
' ~f.e (suc h as a secu rity 1 n ig. 1-Q . 3(a) has II th
, . . sarY offic ial app rova ls c eara nce) t ·
~ . . . o access certa in info rma t' h a e
ss to such mfo rma tion unless they h
."given acce teythshould ~ot
's o;~e _aalndeed_ to know that is, unless a~; :! o e specific
rka) ·~rormation necessary for the conduct .of one uties B II L
• Jill',-, I b d fi d and thus mformat· ic1 fl ow can b· e - aPadula is a simP1e 1.mear model.
. ·,cces . •s Jeve sca n e e me • 10n
controlle d as shown in figu re 1-Q. 3(a).
ls of obJects are static · B ecause of thie
. _r,
; _"I the. secu nty leve . . .
.~ · , 'd · em becomessvery ctions at different le ve1s certam
restnd"ffi
. 111\' !rations are outs1 e the context of protection syst I
vr~ 1 1cu t to perform.
kaj · · .. ·
. ,, : . .· - . . Chapter 1O : ·IDS and Firewall [T l Marks -15)
.. . . s _ ota
_·: :\-: _ __ _. . · _
.· · ·
ificance of an intrusi on detec·t1on . ·
tas . · o.S(c) · ·:Exp lain the sign system fo a .network. compare
· ·- • · • r secunng
1se . signature based and anomaly based IDS.
(10 Marks)
.
· : An~.: . · Please refer a. 3(b) of Dec. 20 15
all des1·gn pnnc . Ies ?
. ,p (5 Marks)
er · all?
.. : . - Q. 5{a) .·.. W~at is a· firew . firew
What are the
1o. .
_ · · Ans;: · Please refer Q. 8 of Chapter
- 1OJ
Chapter 11 : IP Security [Total Marks
ocol. (5 Marks)
a. 6(11) ,Write in brief about': SSL handshake prot
5.
Ans. : : ·PleHe refer Q. 5(a) of Dec. 201
(5 Marks)
security.
Q, 6(111) Write in brief abo ut: IP Sec protocols for
·. Ans.: Please refer Q: 1 of Chapter 11.
.
ol Vulnerabilities Phlshlng
Chapter 12 : Non-Cryptographic Protoc
-, '•·

. [Total Marks~ 15]

(10 Marks)
. Explain session hijacking attack.
.· :., . Q, 4{a) Compare packet sniffing and packet spoofing
- .
· Ans.• :
packet _spoofing
Sr: packet sniffing ·

-lNo.· . ;

e
.s~f ing is the technique to get the identity
of
·Sniffing · ·is the . most effective techniqu another computer with the special privileges so
Which is used ·to ·attack •over · the network .as fo get over to the network .
. and gain over the network
2 .. ·. . ·. . . .· . ... "
.- : .
S~ fin g ~s the ac~ve secur~ty attack'.
~ Sni~ng is a passive k.- . . ,
'

.sec urit y a~

alters the . : sfu>ofing d~~ intemJpt ~d alte

rsthe data.
: ). ; : . Sniffin~ does . not .interrupt .at)d
··.. · · . , :_. __ · ··
~d ata . :

... -- - ...
' . ·...., . .
. . ~- - . -' ' .. .' ·.

Scanned by CamScanner
 (16)-4
_ _ _ _ _ __:,:M

=====
Sy
=-
st
--
em
r--
Se
--
cu
~----=----~
rity (MVIIUlJJ)._ __:,_
______ _ _ _ _ _ _ _ _

=
d

=
· .Cryptography an

r-.--===== packet spoofing

Sr.
- - - - 1 ------------
packetsnffflng
- - - . . , ; . _ . -w-s
~-+-------
No. - - Spoofing fo llo the te nn "masqu
erade"
n~
word "sniff from the oling the other machi
4. Sniffing word coines Masquerade means fo er
er'' is Ethernet into accepting the other us
the ether'' where "eth on the ne tw ork
network.
network into real or original
ith the help of sn
iffin --
s. Sniffing can be used in the good ·and bad
Spoo fi ng is do ne w
use with the help
o f sniffing it is mo! ·
beca
manner. effective.
(5 Markt)
in brief about : Den ial of service attacks.
Q . 8(fv) Write
f C ha pt er 12.
Ana. : P IN N refer Q . 4 o

□□□

. :.

' , .. ..
Scanned by CamScanner
 [ Dec. 201s f

~,
",,•j
~

-/-1
- - . l -~ - D:!f

h
~
"
. iing ~ examples =

a:
dph e-, ii) PC>Jy-afphabetic cipher,
iv) · Session hijacking

· Qt exa."'r4Ji.'es explain non-maiicious prog

ramming errors.
(10 Mar ks)
(5 Marks)

(5 Mar ks)
s- ~ of security and spec ify mechanisms to achieve
each goaJ.
Qn and private
user A is defined as (7,119). Calc ulate
RS A~ ~~ PlZt:ilie key (e,n) of publ key ?
ic
encrypt message m= 10, using the
~c i. \\~ is_~cip her -tex twh en you (10 Mar ks)

the use of a digital signature in it

bm at of X 509 digjta!, certificate and explain (5 Mar ks)
•dom estic •.
OOOC-- usin g Ptayfair cipher with keyword
. . ~ "The key is hk!den under the (5 Marks}
algori1hm.
between two parties usin g Diffie Henman key exchange
· S (a) ~ how a key is.shar ed c10 Mar ks)
, . is1 hem ~ot this a!g orl ttvn ?
. (10 Mar ks}
~emrma:l:9 between : i) MD-5 and SHA i) Firewal1 andlDS
(10 Mar ks)
tef structure .
~ ~ o f DES detaiing the Fies
an attacker can ·mount
c. Wha t are the different ways in whic h
· _(b \ ~ is a DeRal of saM Ce attad (10 Mar ks)
a DOS ata! :k oo a S)'Stern?
e prot ocol . (5 Mar ks}
List , ~ of the <iffe rant prot ocol s of SSL Explain the handshak
· ~ 5 a)
(5 Marks)
authentication in emails?
ta i ~ PGP ach iew conf iden tiait y and
- how
tunnel mode of IPSec and explain
~r at e tJetween the transport mode and (10 Mar ks} .
e1ti0n t:alcy are achi eved usin g IPSec.
u mlc and couf iden
(20 Mark.a)
-in mef' ab: :d fany fcu ): ~
~
c.,. «at i~ S)5t ecn Sea.tmy, i) Buffer overflow attack. "f'~'l" '!

iv). V"ITTJS8S and their types,

I
iij _IP ~ I Q .
q Ke)! gae atic n i1 IDEA.
□□□

1 May 201s f ~~,

(5 Marks)

_(SM arks )
· · - -...-...~.....c~ to achieve security "'
) list exarr.- Ille (iffe cem 11-. .,IIC II-.• _ ' . _ . .. : -
(5 Marks) . ·
-

.J fiplaln w il l~ .keyed and ke ~ transposition~ : . (5 Martes)

(c}, ~~ ofksygeneraoon using RSA.-~

...:~ -
- : / .::-;::_:2·~{:.)':r,.· '
. ' ...
. :·- ,:, · :

. ..
. . , .. .-· . ·-
'

, . . '
·: ;.
,·

Scanned by CamScanner
 ·. .
. ~
. •·C!l!~r!PhY ~nd System seourity (MU) · . · •thm to share a key. The
y chose p :: 23
: · · 1
· .·· · , pectively. Compute ~d
B dec ide t
· o use Olff ie He ll~ ~: :; keys are 6 and 15 res (1 OMa e
O. Q {a) A and - -
pub lic. par am ete rs . The
.
. ·. . -g -= 5 as the . r1t1)
secret key the t they sha re. .
(lO Mar1ts)
of DE S. .
(b) Expla1n working
- II La Pad la model achieve access control ·
· : --· · u (1 OMartta)
Q; S : ·f ) What Is access control?
How does the Be
·
uvithm in detail. (1 oMarks)
· · · d'g lt 1 ,,.e al.r~-·
· ·nahu,,..,
· a !UQ ·
at Is a digital signature. ExplaJ~ any
· ·.Wh· I
(b).
laln session hijacking attack. (10 Marica)
pac ket ~t ing . Exp
·.·a. 4 _{a) Compare packet snif fing and
(10 Martes)
·(b) Exp lain won dng of Ker ber os.
(5 Mar1c1)
at ls a flrew aJI? Wh at are the firewal l design pfinciples?
0. 5 (a) Wh
(5 Marb)
are the vaJ iou. s way s for me mo ry and .ddre: protee ·
· :· . (b) , Wha.t
n delectfon system f securing a net
work. ~ re
laifl the sJg ntfi can ce of an Intr usio
(c) Exp (10 Marlt1)
re based and anomaly based IDS
.
. signatu
(20 Marki)
0 . 6 Write in brief about (any four):
_i) . Email security, · ll) SSL haodsha.kD protocol,
. Den· I of Mee 8:9.:c:c:.~
lrl) IP Sec protocol for security, fv)

v) ·. 10 ~ ·
t .

. ; ...

. .-· . ~: . . : : ' .

·.... ·. _.... ·:.·.· . . . i•·,. ·,:

. ( ·', -
••• I• ·, ·,
. •· . 1_"; ·. :.
. . . ·:·.: ·. .
-. .,'. ' .. ,.,·--.. .,·.
~ " • '

.. .. . . . ·· . }:• .r._.
. .• ·: . :· '· '

•,.:,.•. :, ,• ,.i . c~' '.'. : ,-. •

I • · •••; ' . • • • •
• •

. .. . .·...' ~ . : . . ,. •.

Scanned by CamScanner