1. ________ is the science and art of transforming messages to make them secure and immune to attacks.

A. CryptographyB. CryptoanalysisC. either (a) or (b)D. neither (a) nor (b)

CORRECT ANSWER: A VIEW
2. The ________is the original message before transformation
A. ciphertextB. plaintextC. secret-textD. none of the above
CORRECT ANSWER: B VIEW
3. The ________ is the message after transformation
A. ciphertextB. plaintextC. secret-textD. none of the above
CORRECT ANSWER: A VIEW
4. A(n) _______ algorithm transforms plaintext to ciphertext
A. encryptionB. decryptionC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
5. A(n) ______ algorithm transforms ciphertext to plaintext
A. encryptionB. decryptionC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
6. A combination of an encryption algorithm and a decryption algorithm is called a ________.
A. cipherB. secretC. keyD. none of the above
CORRECT ANSWER: A VIEW
7. The _______ is a number or a set of numbers on which the cipher operates
A. cipherB. secretC. keyD. none of the above
CORRECT ANSWER: C VIEW
8. In a(n) ________ cipher, the same key is used by both the sender and receiver.
A. symmetric-keyB. asymmetric-keyC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
9. In a(n) ________, the key is called the secret key.
A. symmetric-keyB. asymmetric-keyC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
10. . In a(n) ________ cipher, a pair of keys is used.
A. symmetric-keyB. asymmetric-keyC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B
1. In an asymmetric-key cipher, the sender uses the__________ key.
A. privateB. publicC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
2. In an asymmetric-key cipher, the receiver uses the ______ key
A. privateB. publicC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
3. A ________ cipher replaces one character with another character.
A. substitutionB. transpositionC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
4. _________ ciphers can be categorized into two broad categories: monoalphabetic and polyalphabetic.
A. SubstitutionB. TranspositionC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
5. The _______ cipher is the simplest monoalphabetic cipher. It uses modular arithmetic with a modulus of 26.
A. transpositionB. additiveC. shiftD. none of the above
CORRECT ANSWER: C VIEW
6. The Caesar cipher is a _______cipher that has a key of 3.
A. transpositionB. additiveC. shiftD. none of the above
CORRECT ANSWER: C VIEW
7. The ________ cipher reorders the plaintext characters to create a ciphertext.
A. substitutionB. transpositionC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
8. A(n) ______ is a keyless substitution cipher with N inputs and M outputs that uses a formula to define the relationship
between the input stream and the output stream
A. S-boxB. P-boxC. T-boxD. none of the above
CORRECT ANSWER: A VIEW
9. A(n) _______is a keyless transposition cipher with N inputs and M outputs that uses a table to define the relationship
between the input stream and the output stream
A. S-boxB. P-boxC. T-boxD. none of the above
CORRECT ANSWER: B VIEW
10. . A modern cipher is usually a complex _____cipher made of a combination of different simple ciphers.
A. roundB. circleC. squareD. none of the above
CORRECT ANSWER: A
1. DES is a(n) ________ method adopted by the U.S. government.
A. symmetric-keyB. asymmetric-keyC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
2. DES has an initial and final permutation block and _________ rounds
A. 14B. 15C. 16D. none of the above
CORRECT ANSWER: C VIEW
3. The DES function has _______ components
A. 2B. 3C. 4D. 5
CORRECT ANSWER: C VIEW
4. DES uses a key generator to generate sixteen _______ round keys
A. 32-bitB. 48-bitC. 54-bitD. 42-bit
CORRECT ANSWER: B VIEW
5. ________ DES was designed to increase the size of the DES key
A. DoubleB. TripleC. QuadrupleD. none of the above
CORRECT ANSWER: B VIEW
6. _______ is a round cipher based on the Rijndael algorithm that uses a 128-bit block of data
A. AEEB. AEDC. AERD. AES
CORRECT ANSWER: D VIEW
7. AES has _____ different configurations
A. twoB. threeC. fourD. five
CORRECT ANSWER: B VIEW
8. ECB and CBC are ________ ciphers
A. blockB. streamC. fieldD. none of the above
CORRECT ANSWER: A VIEW
9. One commonly used public-key cryptography method is the ______ algorithm
A. RSSB. RASC. RSAD. RAA
CORRECT ANSWER: C VIEW
10. . The ________ method provides a one-time session key for two parties
A. Diffie-HellmanB. RSAC. DESD. AES
CORRECT ANSWER: A
1. Message ________ means that the sender and the receiver expect privacy
A. confidentialityB. integrityC. authenticationD. none of the above
CORRECT ANSWER: A VIEW
2. Message_____ means that the data must arrive at the receiver exactly as sent
A. confidentialityB. integrityC. authenticationD. none of the above
CORRECT ANSWER: B VIEW
3. Message _______ means that the receiver is ensured that the message is coming from the intended sender, not an
imposter
A. confidentialityB. integrityC. authenticationD. none of the above
CORRECT ANSWER: C VIEW
4. ________ means that a sender must not be able to deny sending a message that he sent.
A. ConfidentialityB. IntegrityC. AuthenticationD. Nonrepudiation
ANSWER VIEW
5. _______ means to prove the identity of the entity that tries to access the system's resources.
A. Message authenticationB. Entity authenticationC. Message confidentialityD. none of the above
CORRECT ANSWER: B VIEW
6. A(n) _________ can be used to preserve the integrity of a document or a message.
A. message digestB. message summaryC. encrypted messageD. none of the above
CORRECT ANSWER: A VIEW
7. A(n) ________function creates a message digest out of a message.
A. encryptionB. decryptionC. hashD. none of the above
CORRECT ANSWER: C VIEW
8. A hash function must meet ________ criteria.
A. twoB. threeC. fourD. none of the above
CORRECT ANSWER: B VIEW
9. A _______ message digest is used as an MDC.
A. keylessB. keyedC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
10. . To authenticate the data origin, one needs a(n) _______.
A. MDCB. MACC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B
1. Digital signature provides ________
A. authenticationB. nonrepudiationC. both (a) and (b)D. neither (a) nor (b)
CORRECT ANSWER: C VIEW
2. Digital signature cannot provide ________ for the message
A. integrityB. confidentialityC. nonrepudiationD. authentication
CORRECT ANSWER: B VIEW
3. If _________ is needed, a cryptosystem must be applied over the scheme
A. integrityB. confidentialityC. nonrepudiationD. authentication
CORRECT ANSWER: B VIEW
4. A digital signature needs a(n)_________ system
A. symmetric-keyB. asymmetric-keyC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
5. A witness used in entity authentication is ____________
A. something knownB. something possessedC. something inherentD. all of the above
CORRECT ANSWER: D VIEW
6. In _______, a claimant proves her identity to the verifier by using one of the three kinds of witnesses
A. message authenticationB. entity authenticationC. message confidentialityD. message integrity
ANSWER VIEW
7. In ________ authentication, the claimant proves that she knows a secret without actually sending it
A. password-basedB. challenge-responseC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
8. . Challenge-response authentication can be done using ________
A. symmetric-key ciphersB. asymmetric-key ciphersC. keyed-hash functionsD. all of the above
CORRECT ANSWER: D VIEW
9. A(n) _____ is a trusted third party that assigns a symmetric key to two parties.
A. KDCB. CAC. KDDD. none of the above
CORRECT ANSWER: A VIEW
10. A(n)______ creates a secret key only between a member and the center.
A. CAB. KDCC. KDDD. none of the above
CORRECT ANSWER: B
1. The secret key between members needs to be created as a ______ key when two members contact KDC.
A. publicB. sessionC. complimentaryD. none of the above
CORRECT ANSWER: B VIEW
2. __________ is a popular session key creator protocol that requires an authentication server and a ticket -granting
server.
A. KDCB. KerberosC. CAD. none of the above
CORRECT ANSWER: B VIEW
3. A(n) ________is a federal or state organization that binds a public key to an entity and issues a certificate.
A. KDCB. KerberosC. CAD. none of the above
CORRECT ANSWER: C VIEW
4. A(n) ______ is a hierarchical system that answers queries about key certification.
A. KDCB. PKIC. CAD. none of the above
CORRECT ANSWER: C VIEW
5. The _______ criterion states that it must be extremely difficult or impossible to create the message if the message
digest is given.
A. one-waynessB. weak-collision-resistanceC. strong-collision-resistanceD. none of the above
CORRECT ANSWER: A VIEW
6. The ________ criterion ensures that a message cannot easily be forged.
A. one-waynessB. weak-collision-resistanceC. strong-collision-resistanceD. none of the above
CORRECT ANSWER: B VIEW
7. The _______criterion ensures that we cannot find two messages that hash to the same digest
A. one-waynessB. weak-collision-resistanceC. strong-collision-resistanceD. none of the above
CORRECT ANSWER: C VIEW
8. _________ is a collection of protocols designed by the IETF (Internet Engineering Task Force) to provide security for a
packet at the network level.
A. IPSecB. SSLC. PGPD. none of the above
CORRECT ANSWER: A VIEW
9. _________ operates in the transport mode or the tunnel mode.
A. IPSecB. SSLC. PGPD. none of the above
CORRECT ANSWER: A VIEW
10. In the ______ mode, IPSec protects information delivered from the transport layer to the network layer.
A. transportB. tunnelC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A
1. IPSec in the ______ mode does not protect the IP header.
A. transportB. tunnelC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: A VIEW
2. The _______ mode is normally used when we need host-to-host (end-to-end) protection of data
A. transportB. tunnelC. either (a) or (b)D. neither (a) nor (b)
ANSWER VIEW
3. In the _______ mode, IPSec protects the whole IP packet, including the original IP header.
A. transportB. tunnelC. either (a) or (b)D. neither (a) nor (b)
CORRECT ANSWER: B VIEW
4. ______ provides authentication at the IP level.
A. AHB. ESPC. PGPD. SSL
CORRECT ANSWER: A VIEW
5. ______ provides either authentication or encryption, or both, for packets at the IP level.
A. AHB. ESPC. PGPD. SSL
CORRECT ANSWER: B VIEW
6. . IPSec uses a set of SAs called the ________
A. SADB. SABC. SADBD. none of the above
CORRECT ANSWER: C VIEW
7. ______ is the protocol designed to create security associations, both inbound and outbound.
A. SAB. CAC. KDCD. IKE
CORRECT ANSWER: D VIEW
8. IKE creates SAs for _____
A. SSLB. PGPC. IPSecD. VP
CORRECT ANSWER: C VIEW
9. IKE is a complex protocol based on ______ other protocols
A. twoB. threeC. fourD. five
CORRECT ANSWER: B VIEW
10. IKE uses _______
A. OakleyB. SKEMEC. ISAKMPD. all of the above
CORRECT ANSWER: D
1. A _______network is used inside an organization.
A. privateB. publicC. semi-privateD. semi-public
CORRECT ANSWER: A VIEW
2. An ________ is a private network that uses the Internet model
A. intranetB. internetC. extranetD. none of the above
CORRECT ANSWER: A VIEW
3. An _________ is a network that allows authorized access from outside users
A. intranetB. internetC. extranetD. none of the above
CORRECT ANSWER: C VIEW
4. The Internet authorities have reserved addresses for _______
A. intranetsB. internetsC. extranetsD. none of the above
CORRECT ANSWER: D VIEW
5. A ______ provides privacy for LANs that must communicate through the global Internet.
A. VPPB. VNPC. VNND. VPN
CORRECT ANSWER: D VIEW
6. . A _______ layer security protocol provides end-to-end security services for applications.
A. data linkB. networkC. transportD. none of the above
CORRECT ANSWER: C VIEW
7. ______ provide security at the transport layer.
A. SSLB. TLSC. either (a) or (b)D. both (a) and (b)
CORRECT ANSWER: D VIEW
8. _____ is designed to provide security and compression services to data generated from the application layer.
A. SSLB. TLSC. either (a) or (b)D. both (a) and (b)
CORRECT ANSWER: D VIEW
9. Typically, ______ can receive application data from any application layer protocol, but the protocol is normally HTTP
A. SSLB. TLSC. either (a) or (b)D. both (a) and (b)
CORRECT ANSWER: D VIEW
10. SSL provides _________
A. message integrityB. confidentialityC. compressionD. all of the above
CORRECT ANSWER: D
1. The combination of key exchange, hash, and encryption algorithms defines a ________ for each SSL session
A. list of protocolsB. cipher suiteC. list of keysD. none of the above
CORRECT ANSWER: B VIEW
2. In _______, the cryptographic algorithms and secrets are sent with the message.
A. IPSecB. SSLC. TLSD. PGP
CORRECT ANSWER: D VIEW
3. One security protocol for the e-mail system is _________
A. IPSecB. SSLC. PGPD. none of the above
CORRECT ANSWER: C VIEW
4. ______ was invented by Phil Zimmerman
A. IPSecB. SSLC. PGPD. none of the above
CORRECT ANSWER: C VIEW
5. . ____ provides privacy, integrity, and authentication in e-mail
A. IPSecB. SSLC. PGPD. none of the above
CORRECT ANSWER: C
s
Solution of F/Bs
1) Phishing

2) LUCIFER

3) confusion , diffusion

4) Digital Signature

5) Jeffersen Wheel

6) Enigma

Abbreviations
i) Rivest, Shamir, and Adleman

ii) Message Digest 5

iii) Public Key Schemes

iv) Cryptographically Secure Pseudo Random Number Generator

v) Secure Sockets Layer

vi) Internet Protocol

vii) Data Encryption Standard

viii) Message Authentication Code

ix) Encapsulating Security Payload

x) Simple Network Management Protocol

xi) Challenge Handshake Authentication Protocol

xii) Authentication, Authorization, and Accounting

xiii) Layer 2 Tunneling Protocol

xiv) Internet Key Exchange

Questions
1. Describe the types of Vector Attacks.
2. . Differentiate between the following:
a. Confusion and Diffusion

b. Transport Mode and Tunnel Mode

c. Public Key Authority and Public Key Certificate

3. Give Brief Reasons For Two of the Following:

a. Fabrication is an active attack..

b. A New IP header is added to the packet IP Sec Tunnel Mode.

4. What is Reconnaissance?

5. Steps of MD5?

6. What happens if a router is under attack? What are the considerations to take to avoid/Defend?

7. Differentiate between Transport and Tunnel mode and Draw their packet diagrams.
2018 - 2019
Q1) Definition: Cryptography
Cryptanalysis
Q2) The primary objective of using cryptography is to provide the following four fundamental
information security services

Q3) some applications of cryptography:

Q4) functionality of tcp flags

Q5) what cant firewall protect against?
Q6) difference between active and passive attack
Q7) will the AES replace triple DES and DES?

Q9) IPSEC and its applications

Q10)

Secure Socket Layer (SSL)

a)What are two different uses of public-key cryptography related to key distribution?

b) List out the two methods of operations in authentication header (AH) and encapsulating
security payload ESP.

c) What is the role of a compression function in a hash function? What is the difference between
weak and strong collision resistance.
d)Describe the MDS message digest algorithm with block diagram?
e) explain briefly how transport and tunnel mode operates on AH packets for IPV4?f
f) Consider an automated teller machine (atm) in which users provide a personal identification
number (pin) and a card for account access. Give examples of confidentiality, integrity, and
availability requirements associated with the system and, in each case, indicate the degree of
importance of the requirement.
j) What if router becomes attack target? Highlight some router security considerations

OR

j) What are the candidate best practice to avoid header manipulation and fragmentation attack?

(g) For each of the following assets, assign a low, moderate, or high impact level for the loss of
confidentiality, availability, and integrity, respectively. Justify youranswers.

I) List and briefly define categories of passive and active security attacks. (2 points)

OR
Active attacks
List and briefly defines the categories of of security services.
Q) Define the reconnaissance attempt and identify how we protect themselves from the kind of
attack?

Picture Waly Sawal

 Steps of md5
 , Types of vector attacks
 , Abbreviations,
 List out two methods of operations in authentication header AH & encapsulating security Payload
ESP,
 For each of the following assets assign a low moderate or high impact level loss of coinfidentility
availability and integrity (An organization managing public info on its web server)(A law
enforcement organization managing ecxtremely sensitive investigation info)(A financial
organizationmanaging routine administration info) ,
 Router wala sawal,
 Give berief reason for (A new IP header is added to the packet Ip sec)(Fabrication is an active
attack) ,
 Transportation vs Tunnel mode, Public Key authority vs Public key Certificate ,
 Define ressonaince…,
 List and briefly define categories pof actibe and passive attacks, ,
 Confusion vs diffusion,
 Consider the straight forward use of symmetric encryption a message …
 Difference between signature and message authentication
 Use of mac in network security
 Mods of algorithm
Question 2:

3. Describe the types of Vector Attacks.

Attack vector is a method used by attackers to obtain local or remote networks and computers. This is a term used in
the information security industry to describe the path of an attacker (or malware). It allows hackers to access
computers or network servers to deliver payloads or malicious results.
Types of Attack Vector
Insider Threats
Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm
that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the
integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.
Man-in-the-Middle Attacks
Man-in-the-middle Attack (MITM) is a long-standing network intrusion method, and it still has a wide development
space. For example, SMB session hijacking, DNS spoofing, and other attacks are typical MITM attacks.
Ransomware
Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting
these files and demanding a ransom payment for the decryption key, cyberattacks place organizations in a position
where paying the ransom is the easiest and cheapest way to regain access to their files.
Phishing
Phishing is a criminal scam that attempts to obtain sensitive personal information such as user names, passwords,
and credit card details from electronic communications by posing as reputable corporate media.
Brute Force Attack
Brute force attacks are trial-and-error methods most commonly used to crack passwords and encryption keys. Brute
force attacks do not employ intelligence strategies, but simply try to use different combinations of characters until the
right combination is found.
Distributed Denial of Service (DDoS)
Distributed denial of service attacks can attack many computers at the same time so that the target of the attack
cannot be used normally.
SQL Injections
SQL injection is a security vulnerability that occurs at the application and database levels. In short, SQL instructions
are injected into the input string, and character checking is neglected in a poorly designed program.
Cross-Site Scripting
An XSS attack (cross-site scripting) is a security vulnerability attack on a web application that allows a malicious user
to inject code into a web page so that other users are affected when viewing the web page. These attacks usually
include HTML as well as user-side scripting languages.
Session Hijacking
Session hijacking is an attack method that obtains the Session ID of a user and uses the Session ID to log in to the
target account. In this case, the attacker uses the valid Session of the target account.

2. Differentiate between the following:

a. Confusion and Diffusion

S.NO Confusion Diffusion

Confusion is a cryptographic technique which is
1. used to create faint cipher texts. While diffusion is used to create cryptic plain texts.
This technique is possible through substitution
2. algorithm. While it is possible through transportation algorithm.
In confusion, if one bit within the secret’s modified, While in diffusion, if one image within the plain text is
most or all bits within the cipher text also will be modified, many or all image within the cipher text also will
3. modified. be modified
4. In confusion, vagueness is increased in resultant. While in diffusion, redundancy is increased in resultant.
5. Both stream cipher and block cipher uses confusion. Only block cipher uses diffusion.
 The relation between the cipher text and the key is While The relation between the cipher text and the plain
6. masked by confusion. text is masked by diffusion.

b. Transport Mode and Tunnel Mode

Transport mode Tunnel mode

Here end hosts do IPsec encapsulation of their own IPsec gateways provide service to other hosts in peer-
data; hence IPsec needs to implemented on each end- to-peer tunnels; hence the end-hosts don’t need IPsec.
hosts

Lower overhead than tunnel mode More overhead required

No edits on IP header The entire packet is hashed or encrypted; IP header is

applied to the packet during transit.

Used in securing communication from one device to Used to tunnel traffic from one site to another
another.

It is good for ESP host-to-host traffic It is good for VPNs, gateway-to-gateway security.

Provides protection primarily to upper layer protocols Provides protection to entire IP packet

AH in transport mode authenticates the IP payload and AH in tunnel mode authenticates the entire inner IP
selected portions of IP header. packet and selected portions of the outer IP header.

ESP in transport mode encrypts and optionally ESP in tunnel mode encrypts and optionally
authenticates the IP payload but not the IP header. authenticates the entire inner IP packet, including the
inner IP header.

c. Public Key Authority and Public Key Certificate

3. Give Brief Reasons For Two of the Following:

a. Fabrication is an active attack..

An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en
route to the target. The fabrication attack is performed by generating false routing messages by an attacker which
make it difficult to detect since the messages are received as legitimate routing packets from malicious
devices.

b. A New IP header is added to the packet IP Sec Tunnel Mode.

Tunnel mode protects internal routing information by encrypting the original packet's IP header by creating a new IP
header on top of it. This allows tunnel mode to protect against traffic analysis, since attackers can only determine
the tunnel endpoints.

c.
4. What is Reconnaissance?

Reconnaissance is the information-gathering stage of ethical hacking, where you collect data about the target
system. This data can include anything from network infrastructure to employee contact details. The goal of
reconnaissance is to identify as many potential attack vectors as possible.

5. Steps of MD5?

The following five steps are performed to compute the message digest of the

message

As we all know that MD5 produces an output of 128-bit hash value. This encryption of input of any size into hash values

undergoes 5 steps, and each step has its predefined task.

Step1: Append Padding Bits

 Padding means adding extra bits to the original message. So in MD5 original message is padded such that its

length in bits is congruent to 448 modulo 512. Padding is done such that the total bits are 64 less, being a

multiple of 512 bits length.

 Padding is done even if the length of the original message is already congruent to 448 modulo 512. In padding

bits, the only first bit is 1, and the rest of the bits are 0.

Step 2: Append Length

After padding, 64 bits are inserted at the end, which is used to record the original input length. Modulo 2^64. At this

point, the resulting message has a length multiple of 512 bits.

Step 3: Initialize MD buffer.

A four-word buffer (A, B, C, D) is used to compute the values for the message digest. Here A, B, C, D are 32- bit

registers and are initialized in the following way

Word A 01 23 45 67

Word B 89 Ab Cd Ef

Word C Fe Dc Ba 98

Word D 76 54 32 10
Step 4: Processing message in 16-word block
MD5 uses the auxiliary functions, which take the input as three 32-bit numbers and produce 32-bit output. These

functions use logical operators like OR, XOR, NOR.

F(X, Y, Z) XY v not (X)Z

G(X, Y, Z) XZ v Y not (Z)

H(X, Y, Z) X xor Y xor Z

I(X, Y, Z) Y xor (X v not (Z))

The content of four buffers are mixed with the input using this auxiliary buffer, and 16 rounds are performed using 16

basic operations.

Output-

After all, rounds have performed, the buffer A, B, C, D contains the MD5 output starting with lower bit A and ending with

higher bit D.

6. What happens if a router is under attack? What are the considerations to take to avoid/Defend?

Answer nichy hai

7. Differentiate between Transport and Tunnel mode and Draw their packet diagrams.
Q1) Definition: Cryptography is associated with the process of converting ordinary plain text
into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read and process it. Cryptography not only
protects data from theft or alteration, but can also be used for user authentication.

Cryptanalysis is the art of trying to decrypt the encrypted messages without the use of the
key that was used to encrypt the messages. Cryptanalysis uses mathematical analysis &
algorithms to decipher the ciphers.

Q2) The primary objective of using cryptography is to provide the following four fundamental
information security services

Confidentiality: Confidentiality is the fundamental security service provided by cryptography. It is a

security service that keeps the information from an unauthorized person. It is sometimes referred to as
privacy or secrecy.

Confidentiality can be achieved through numerous means starting from physical securing to the
use of mathematical algorithms for data encryption.

Integrity: It is security service that deals with identifying any alteration to the data. the
information cannot be altered in storage or transit between sender and intended receiver
without the alteration being detected

Authentication: Authentication provides the identification of the originator. It confirms to the

receiver that the data received has been sent only by an identified and verified sender. Apart
from the originator, authentication may also provide assurance about other parameters related
to data such as the date and time of creation/transmission.

Non-repudiation: It is a security service that ensures that an entity cannot refuse the
ownership of a previous commitment or an action. It is an assurance that the original creator
of the data cannot deny the creation or transmission of the said data to a recipient or third
party. For example, once an order is placed electronically, a purchaser cannot deny the
purchase order, if non-repudiation service was enabled in this transaction.

Q3) some applications of cryptography:

Authentication/Digital Signatures:

Authentication is any process through which one proves and verifies certain information.
Sometimes one may want to verify the origin of a document, the identity of the sender, and
the document was sent or signed and so on. A digital signature is a cryptographic means
through which many of these may be verified. It is typically created through the use of a hash
function and a private signing function (algorithms that create encrypted characters containing
specific information about a document and its private keys).

Encryption/Decryption in email:

Email encryption is a method of securing the content of emails from anyone outside of the
email conversation looking to obtain a participant’s information. In its encrypted form, an email
is no longer readable by a human. Each person with an email address has a pair of keys
associated with that email address, and these keys are required in order to encrypt or decrypt
an email. One of the keys is known as a “public key”, and is stored on a keyserver where it is
tied to your name and email address and can be accessed by anyone. Email encryption works
by employing public key cryptography. The other key is your “private key”, which is not shared
publicly with anyone.
Cash Withdrawal

The banks are doing something to ensure that the cash withdrawal from your ATM remains
a safe procedure. This type of encryption is called HSM, or Hardware Security Module
encryption. This method protects the privacy of your PIN, as well as that of other sensitive
information that’s stored on your credit or debit card. In essence, HSM encryption makes
sure that the cybercriminals can’t intercept your PIN during the network data exchange, i.e.
your interaction with the ATM.

Secrecy in Storage

Secrecy in storage is usually maintained by a one-key system where the user provides the key
to the computer at the beginning of a session, and the system then takes care of encryption
and decryption throughout the course of normal use. As an example, many hardware devices
are available for personal computers to automatically encrypt all information stored on disk.
When the computer is turned on, the user must supply a key to the encryption hardware. The
information cannot be read meaningfully without this key, so even if the disk is stolen, the
information on it will not be useable.

Q4) functionality of tcp flags

TCP flags are used within TCP packet transfers to indicate a particular connection state or
provide additional information. Therefore, they can be used for troubleshooting purposes or
to control how a particular connection is handled. There are a few TCP flags that are much
more commonly used than others as such SYN, ACK, and FIN.
Q5) what cant firewall protect against?
Even with a firewall, there are still many areas of risk for your network. The most obvious
is malware. Malware is a combination of the words 'malicious' and 'software' and includes
viruses, trojan horses, worms, spyware/adware, phishing and pharming.

• Malware is most commonly acquired through clicking on email attachments and email
links.
• Spyware/adware gathers information about you. It can record keystrokes and, as
such, can potentially be very dangerous, revealing everything you do on your
computer. • Another well-known threat, not covered by your firewall, is SPAM. Dealing
with SPAM can seriously affect your productivity and, as SPAM often contains viruses
and phishing emails, it is also a direct security threat.
• Phishing is about fake emails trying to extract sensitive information, such as your bank
passwords or credit card details and a variation of this is pharming, where the criminal
sets up a fake web site which looks like one you normally use, typically a banking site.
Once you enter your details, the criminal is able to plunder your account.

Q6) difference between active and passive attack

In Active Attack, information is modified. In Passive Attack, information remains

unchanged.

Active Attack is dangerous for Integrity as well as Passive Attack is dangerous for
Availability. Confidentiality.

In Active Attack, system is damaged. In Passive Attack, system has no impact.

 Victim gets informed in active attack. Victim does not get informed in passive
attack.

System Resources can be changed in active System Resources are not changed in
attack. passive attack.
Q7) will the AES replace triple DES and DES?

Each of cryptographic algorithms has weakness points and strength points. We select
the cryptographic algorithm based on the demands of the application that will be used.
From the experiment results and the comparison, If confidentiality and integrity are major
factors, AES algorithm can be selected. If the demand of the application is the network
bandwidth, the DES is the best option. We can consider that blowfish and AES
algorithms are used to prevent the application from guessing attacks and it can be
applied on top of all the internet protocols that are based on IPv4 and IPv6 Q8) the
differences between hashing and encryption:
Encryption is a two-way function where Hashing is a one-way function where a
information is scrambled using an encryption key unique message digest is generated from an
and unscrambled later using a decryption key. input file or a string of text. No keys are used.
The resultant encrypted string is of a variable The resultant hashed string is of a fixed
length. length.
Purpose of encryption is to transmit data securely The objective of using hashing is to verify
(i.e., protect data confidentiality) data (i.e., protect data integrity)
The original message can always be retrieved by Output can’t be reverted to the original
using the appropriate decryption key. message.

Examples of encryption algorithms: RSA, AES, Examples of hashing algorithms: SHA-1,

DES, etc. SHA-2, MD5, Tiger, etc.
Q9) IPSEC and its applications
Internet Protocol Security (IPSec) is a framework of open standards for ensuring private,
secure communications over Internet Protocol (IP) networks, through the use of cryptographic
security services. IPsec protects one or more paths between a pair of hosts, a pair of security
gateways, or a security gateway and a host. A security gateway is an intermediate device,
such as a switch or firewall, that implements IPsec.
IPsec provides the following security services for traffic at the IP layer:

• Data origin authentication—identifying who sent the data.

• Confidentiality (encryption)—ensuring that the data has not been read enroute.

• Connectionless integrity—ensuring the data has not been changed en route.

• Replay protection—detecting packets received more than once to helpprotect

against denial of service attacks.
Applications of IPSec

As we all know to help in the security of a network the Internet community has done lot of
work and developed application-specific security mechanisms in numerous application areas,
including electronic mail (Privacy Enhanced Mail, Pretty Good Privacy [PGP]), network
management (Simple Network Management Protocol Version 3[SNMPv3]), Web access
(Secure HTTP, Secure Sockets Layer [SSL]), and others.

Q10)
Secure Socket Layer (SSL) provide security to the data that is transferred between web
browser and server. SSL encrypt the link between a web server and a browser which ensures
that all data passed between them remain private and free from attack. Secure Socket Layer
Protocols:
• SSL record protocol
• Handshake protocol
• Change-cipher spec protocol
• Alert protocol
•
SSL Record Protocol:
SSL Record provide two services to SSL connection.
• Confidentiality
• Message Integrity
In SSL Record Protocol application data is divided into fragments. The fragment is
compressed and then encrypted MAC (Message Authentication Code) generated by
algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After
that encryption of the data is done and in last SSL header is appended to the data. Types
of Encryption:

There are two main categories of encryption:

Asymmetric Encryption — This encryption process involves two different keys. One
key encrypts (public key) while the other key (private key) decrypts. This encryption is
the foundation for public key infrastructure (PKI), which is the trust model on which
SSL/TLS is based.

Symmetric Encryption — This type of encryption uses the same key to both encrypt and
decrypt a message. Because there’s only one key involved, it’s a faster type of encryption that
requires less processing power to compute.
In the SSL/TLS handshake process, the secret key is shared using asymmetric encryption.
Once the key has been exchanged the browser and server communicates using the symmetric
session key that is passed along.

Asymmetric encryption is considered to be stronger and more secure owing to its one-way
nature.

Some Common Encryption Algorithms

Let’s take a look at some of the most common encryption algorithms:

• Advanced Encryption Standard (AES) – AES is an extremely efficient symmetric

block cipher that’s trusted as a standard by numerous organizations. AES has proven
to be reliable since the only practical successful attacks against it have leveraged side-
channel attacks.
• Triple DES – Designed to replace the original Data Encryption Standard (DES), triple
DES uses three individual keys with 56 bits each. Though a considerable improvement over
DES in terms of security, it’s now considered a legacy encryption algorithm.
• RSA – Named after its creators Rivest-Shamir-Adleman, RSA is a public key encryption
algorithm that was developed in 1977 and is still in use today. In RSA, both the public
and the private keys can encrypt a message while the opposite key from the one used
in encryption is used to decrypt it.

Some Common Hashing Algorithms

 The following are some of the most common hashing algorithms in use today:

• MD4 and MD5 — MD4 was created in 1990 by Ronal Rivest. However, using this
algorithm gives rise to a series of security concerns. MD5 was created as its successor;
while its security is slightly improved, MD5 is also known to suffer from vulnerabilities.
Salts are added typically to protect password hashes (as a preventive measure against
brute force attacks). While using weak hashing functions such as MD5, salting is a must
and so is ensuring the salt remains uncompromised.
• SHA (Security Hashing Algorithm) — There are three different SHA algorithms: SHA
0, SHA-1, and SHA-2. With SHA-1 being deprecated, SHA-2 is used in most SSL/TLS cipher
suites. SHA-256 or above is the recommendation for security critical applications.
• Tiger — This is a faster and improved 192-bit hashing function that was developed by
Ross Anderson and Eli Biham in 1996. Tiger doesn’t suffer from the known
vulnerabilities of MD5 and SHA-0/SHA-1. In the Tiger2 variant, the message is padded
with a hexadecimal value of 0x80 instead of 0x01 as in Tiger. The two variants are
otherwise identical.

The following is a list of the commonly used Cryptanalysis attacks;

• Brute force attack– this type of attack uses algorithms that try to guess all the possible
logical combinations of the plaintext which are then ciphered and compared against the
original cipher.
• Dictionary attack– this type of attack uses a wordlist in order to find a match of either
the plaintext or key. It is mostly used when trying to crack encrypted passwords.
• Rainbow table attack– this type of attack compares the cipher text against
pre-computed hashes to find matches.

a)What are two different uses of public-key cryptography related to key distribution?

The public key of the recipient can be used to encrypt the message, which is in turn decrypted using a
private key. Secondly, public key cryptography is used as digital signatures.

There are two aspects to the use of public-key cryptography

In this regard:
● The distribution of public keys
● The use of public-key encryption to distribution secret keys
OR
a) Define stream cipher? Write the specific function of MAC in network security?

A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and
algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much
used in modern cryptography. The main alternative method is the block cipher in which a key and
algorithm are applied to blocks of data rather than individual bits in a stream. Stream cipher is also known
as state cipher.

Message authentication code (MAC)

A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to
detect both accidental and intentional modifications of the data. A MAC requires two inputs: a message
and a secret key known only to the originator of the message and its intended recipient(s).

d) List out the two methods of operations in authentication header (AH) and encapsulating
security payload ESP.
e) What is the role of a compression function in a hash function? What is the difference between
weak and strong collision resistance.

B) A compression function takes a fixed length input and returns a shorter, fixed-length output. ...
Theblocks are then processed sequentially, taking as input the result of the hash so far and the current
message block, with the final output being the hash value for the message.

C) Weak collision resistance is bound to a particular input, whereas strong collision

resistance applies to any two arbitrary inputs. As the name implies, it is more difficult to achieve strong
collision resistance than weak collision resistance

d)Describe the MDS message digest algorithm with block diagram?

A group of hashing algorithms used in cryptography and developed by Rivest. The term “message
digest” refers to a short string or hash value of fixed length that is computed from the longer variable-
length message being hashed by the algorithm.

e)explain briefly how transport and tunnel mode operates on AH packets for IPV4?

The manner in which the original IP packet is modified depends on the encapsulation mode used. There
are two encapsulation modes used by AH and ESP, transport and tunnel.
Transport mode encapsulation retains the original IP header. Therefore, when transport mode is used,
the IP header reflects the original source and destination of the packet. Transport is most often used in a
host-to-host scenario, where the data endpoints and the security endpoints are the same. A transport
mode encapsulated datagram is routed, or transported, in the same manner as the original packet.
Figure 1 shows an IPv4 packet that is encapsulated using AH in transport mode:
Figure 1. IPv4 packet encapsulated using AH in transport mode

Tunnel mode encapsulation builds a new IP header containing the source and destination address of the
security endpoints. When tunnel mode is used, the outer IP header reflects the source and destination of
the security endpoints, which might or might not be the same as the original source and destination IP
address of the data connection. The choice of transport or tunnel mode depends on the structure of the
network and relies heavily on logical connections between the endpoints. Tunnel mode is required if one
of the IKE peers is a security gateway that is applying IPSec on behalf of another host or hosts. A
datagram that is encapsulated in tunnel mode is routed, or tunneled, through the security gateways, with
the possibility that the secure IPSec packet will not flow through the same network path as the original
datagram. To successfully encapsulate and send an outbound packet, the route table must contain a
route that can be used to reach the security gateway, as well as a route that can be used to reach the
data endpoint. If policy-based routing is being used on a TCP/IP stack where IP security is active, it is
important to understand how the two functions interact. For more information, see Considerations for
using policy-based routing with IP security.
Figure 5 shows an IPv4 packet that is encapsulated using AH in tunnel mode:
Figure 5. IPv4 packet encapsulated using AH in tunnel mode

f) Consider an automated teller machine (atm) in which users provide a personal identification number
(pin) and a card for account access. Give examples of confidentiality, integrity, and availability
requirements associated with the system and, in each case, indicate the degree of importance of the
requirement.

Confidentiality:To access debit or credit cards one must enter a security password which is available
only to authorized users and aimed at further enhancing the level of security. While securing the PIN of
a respective card it is the responsibility of end user to ensure they use a strong pin. Banks also need to
ensure privacy whenever a communication is happening in between ATM and bank server to prevent
hacking. The entire transaction needs to be properly secured so to avoid any kind of harm or hackers
cracking the card pins and accessing (Ajaykumar & Kumar, 2013).

Proper encryption of PIN ensures that high level of confidentiality is maintained while lack of attention
towards the same could lead to breach of data or customers information. Moreover, the policy related to
changing PIN after regular intervals will help boost the customers and keep data and information secure.

Integrity:Use of advanced, efficient technology and proper optimization & Collaboration of ATMs is
necessary to ensure their integrity is maintained and customers information is secure. Both in case of
withdraw and deposit, systems must be updated chronologically with authentic data and does not affect
 the customer account in any manner. Withdrawals of money should reflect as debits on the account,
deposit of funds would result in credit of account.

Moreover, a section or committee should be incorporated to handle queries of customers which are
related with mismatch of account due to use of ATM.
Availability:The frequency of ATM should enhance depending upon the demand of the customers and
further should be frequently updated with cash to provide accurate services. While ATM which is out of
service could lead to customer dissatisfaction, that of ATM with accuracy in services could attract more
and more customers.

j) What if router becomes attack target? Highlight some router security considerations

Routers provide an important role in network communications supporting the exchange of information.
Router attacks can take advantage of vulnerabilities in protocols, inconsistencies in router software and
weak authentication. Attacks can occur in the form of distributed denial of service and brute force attacks.
While they are occurring, attacks impact network services and business operations

● Change factory default passwords in your router to strong and unique credentials.
● Switch on two-factor authentication for even more log-in protection, if offered.
● Check regularly for firmware updates and apply them as soon as they’re available. This may
require you to visit the manufacturer’s website from time-to-time.
● Use WPA2 on your routers for encrypted Wi-Fi.
● Disable UPnP and any remote management features.
● Set up a guest network for your devices, which isolates harm guests can cause, as well as
hackers’ efforts.
● Put the router in middle of house if possible, so the signal is not unduly extended to hackers
who may be lurking in parked cars outside.
● Invest in security for your entire home network from a reputable provider like Trend Micro.

OR

j) What are the candidate best practice to avoid header manipulation and fragmentation attack?

You can minimize the risk of an IP fragmentation attack by employing one of these methods:

1. Inspect incoming packets using a router, a secured proxy server, firewalls, or intrusion detection systems;

2. Make sure that your OS is up to date and has all the latest security patches installed;

3. You can block fragmented IP packets by cutting your connection with anyone who sends them. However,
some benign connections (e.g., mobile devices) use fragmented packets, so disabling them might cause
disruptions for your traffic.

(g) For each of the following assets, assign a low, moderate, or high impact level for the loss of
confidentiality, availability, and integrity, respectively. Justify youranswers.

a. An organization managing public information on its Web server.

b. A law enforcement organization managing extremely sensitive investigation information.
c. A financial organization managing routine administrative information (not privacy-related information).

ANSWER:
(a) Organization managing public information on its web server:
Confidentiality:

Web server contains the public information. So everyone can access that information.
So there is no confidentiality is provided.
So impact of confidentiality level is low
Integrity:

Server maintains public information. So there may be anyone can modify that is either authorized user or
intruder.
So impact of integrity level is moderate.
Availability:

Loss of information is not a biggest issue in this server.

So impact of availability level is moderate.
b.

Confidentiality:

Web server contains the sensitive information. If any of data loss is occurred then it gives high loss.
So impact of the confidentiality level is high.
Integrity:

Server maintains private information. If any modifications occurred it gives huge loss
So impact of integrity level is high.
Availability:

Information is only available to organization that is stored at a single location.

So impact of availability level is high.
c.

Organization managing public information on its web server:

Confidentiality:

Web server contains only routine information not privacy related information. So everyone can access
that information.
So there is no confidentiality is provided.
So impact of confidentiality level is low
Integrity:
Server maintains routine information. If data loss is occured , it is not a big issue.
So impact of integrity level is low.
Availability:

Loss of information is not a biggest issue in this server.

So impact of availability level is low.
I) List and briefly define categories of passive and active security attacks. (2 points)

The two types of passive attacks are: Release of message, this is where the attacker listens to the data
stream and then share the confidential information. Traffic analysis, this involves analysis of the traffic
and observe the time taken and the size of the message being sent and received.
The types of active security attacks are as follows: Masquerade, this involves the attacker to impersonate
the sender of the message. Replay, this is where the data are captured and then retransmit in view of
creating an unauthorised effect. Modification of messages – in this case the message is are modified or
delayed or the sequence of the message is reordered in view of creating an unauthorised effect. Denial
of service, this is where the attacker prevents the authorised person to use the infrastructure in an
authorised manner by disabling the network.

OR
Active attacks: An Active attack attempts to alter system resources or effect their operations. Active
attack involve some modification of the data stream or creation of false statement. Types of active attacks
are as following:
1. Masquerade –
Masquerade attack takes place when one entity pretends to be different entity. A Masquerade
attack involves one of the other form of active attacks.

2. Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered
to produce an unauthorised effect. For example, a message meaning “Allow JOHN to read
confidential file X” is modified as “Allow Smith to read confidential file X”.

3. Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny later that
he/she has send or receive a message. For example, customer ask his Bank “To transfer an
amount to someone” and later on the sender(customer) deny that he had made such a
request. This is repudiation.
 4. Replay –
It involves the passive capture of a message and its subsequent the transmission to produce
an authorized effect.

5. Denial of Service –
It prevents normal use of communication facilities. This attack may have a specific target. For
example, an entity may suppress all messages directed to a particular destination. Another
form of service denial is the disruption of an entire network wither by disabling the network or
by overloading it by messages so as to degrade performance.

Passive attacks: A Passive attack attempts to learn or make use of information from the system but
does not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring
of transmission. The goal of the opponent is to obtain information is being transmitted. Types of Passive
attacks are as following:
1. The release of message content –
Telephonic conversation, an electronic mail message or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from learning the
contents of these transmissions.

2. Traffic analysis –
 Suppose that we had a way of masking (encryption) of information, so that the attacker even
if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could
observe the frequency and length of messages being exchanged. This information might be
useful in guessing the nature of the communication that was taking place.

Q) List and briefly defines the categories of of security services.

Security Services:
A processing or communication service that enhances the security of the data processing systems and
the information transfers of an organization. These services are intended to counter security attacks, and
they make use of one or more security mechanisms to provide the service. Following are the five
categories of these services:

Authentication: The assurance that the communicating entity is the one that it claims to be.

● Peer Entity Authentication: Used in association with a logical connection to provide confidence
in the identity of the entities connected.
● Data-Origin Authentication: In a connectionless transfer, provides assurance that the source of
received data is as claimed.

Data Confidentiality: Protects data from unauthorized disclosure.

Access Control: The prevention of unauthorized use of a resource (i.e., this service controls who can
have access to a resource, under what conditions access can occur, and what those accessing the
resource are allowed to do).
Data Integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
Non-repudiation: Protects against denial by one of the entities involved in a communication of having
participated in all or part of the communication.
● Proof of Origin: Proof that the message was sent by the specified party.
● Proof of Delivery: Proof that the message was received by the specified party.

Q) Define the reconnaissance attempt and identify how we protect themselves from the kind of
attack?
ANSWER:
RECONNAISSANCE ATTEMPT:
Reconnaissance attacks are general knowledge gathering attacks. These attacks can happen in both
logical and physical approaches. Whether the information is gathered via probing the network or through
social engineering and physical surveillance, these attacks can be preventable as well. Some common
examples of reconnaissance attacks include packet sniffing, ping sweeping, port
scanning, phishing, social engineering and internet information queries. We can examine these further
by breaking them into the two categories of logical and physical.

Logical Reconnaissance refers to anything that is done in the digital spectrum and doesn’t require a
human on the other side to complete the reconnaissance attack. Ping sweeps and port scans, for
example, are two methods of discovering both if the system is there and what it is looking for on the
network. An example of a return on a port scan would be discovering that an IP address was listening on
port 443 for HTTPS traffic. That allows the hacker to know that they can attempt exploitation geared
towards HTTPS.
Additionally, here we see information queries over the internet. These are sometimes called who is
queries. All domains registered to independent companies belong to a domain provider somewhere, as
regulation of these domains must occur. The problem is like patenting a product name where company
A wants to use a specified domain and company B already owns that domain. These domain
management platforms handle the exchanges and maintenance of domain names from conception to
expiration. These domain hosting services typically offer a lot of information relative to an organization to
include points of contact and contact information. All of this makes the information gathering that much
easier when you contact a company having legitimate information of persons of interest.

Physical Reconnaissance crosses the lines of what a network admin has control of. There are elements
that will never be protected fully like locations as well as security elements like cameras, mantraps, door
locks or guards. However, these can play into physically securing a network.
For example, bank security may be limited in the ability to stop an extremely well-orchestrated heist
attempt to what that security team has prepared for, but the simple fact that a bank has security in place
creates the potential to deter most lower to mid-level criminals who would make the attempt. That is the
same idea that goes into most physical security measures for network protection. Reconnaissance, as
we have established, is the collection of information from any available sources. If the surveyor cannot
access the information easily, it can deter the collection altogether or force them into a more logical realm.
Either of these options from the surveyor would be beneficial to the network team, as it drives the
reconnaissance into a more controllable atmosphere.
Solution
For these kinds of attacks, there is really a limited effort that can be done, as some details and company
information absolutely need to be out there. However, through training and simple steps at the
developmental level, mitigation steps can be taken to prevent this from compounding into a bigger issue.
Try to limit the information posted about a company’s contact information. Edit banner returns for banner-
grabbing attacks so the information is limited to the attacker. If all the information for contacting the
network admin or company representative is required, be sure those personnel are trained up on how to
spot social engineering attacks. This training needs to be extended out to all employees, as anyone is a
risk of sharing company secrets if a social engineer is charismatic enough.

Additionally, a company can outsource red teams and pen testers. Doing so can greatly inform an
organization leader what shortcomings exist. Most red teams achieve access by any means necessary,
and this can truly highlight what an attacker is capable of. Be sure to also conduct audits of both the
logical information as well as the physical security in place. If badges are being used, check logs and be
sure personnel are following the guidelines of the access agreements.