CSS UT2 QB

Q) Role of Hash function in security.

Hash functions play a critical role in security by providing a way to transform data of
any size into a fixed-size output. This output, called a hash value or message digest, is
unique to the input data.
The use of hash functions in security is wide-ranging and includes the following:
1. Data integrity: Hash functions are used to ensure that data has not been tampered
with during transmission or storage. By calculating the hash value of the data before
and after transmission, it is possible to verify that the data has not been modified in
transit.
2. Password storage: Hash functions are commonly used to store passwords securely.
Rather than storing passwords in plaintext, which would be vulnerable to theft
3. Digital signatures: Hash functions are used in digital signatures to verify the
authenticity and integrity of digital documents.
4. Block chain: Hash functions are the backbone of the block chain technology. Hash
functions are used to create a unique identifier for each block in a Block chain, which
ensures the immutability of the data in the block chain.

Q) Properties of Hash function.

1. Deterministic: Given the same input, a hash function should always produce the
same output. This property ensures that the hash value can be used as a reliable
identifier for the input.
2. Uniformity: A good hash function should uniformly distribute the hash values
across the output space. This property helps to minimize collisions, which occur when
two different inputs produce the same hash value.
3. Non-invertible: It should be computationally infeasible to derive the input from the
hash value. This property ensures that the hash function provides a secure means of
storing and transmitting sensitive information.
4. Fixed-size output: A hash function should always produce a hash value of a fixed
length, regardless of the input size. This property ensures that hash values can be
stored and compared efficiently.
5. Avalanche effect: A small change in the input should produce a large change in the
output hash value. This property helps to maximize the security of the hash function
by ensuring that small changes in the input will result in completely different hash
values.
Q) Explain Birthday attack.
A birthday attack is a type of cryptographic attack that takes advantage of the
probability that two people in a large group share the same birthday. The attack is
named after the "birthday problem," which asks how many people would need to be
in a room for there to be a greater than 50% chance that at least two of them share
the same birthday.
In a cryptographic context, the birthday attack is used to find collisions in hash
functions. A hash function is a mathematical function that takes an input (such as a
password or a file) and produces a fixed-length string of characters, known as a hash
or a digest. The goal of a hash function is to produce a unique output for each input,
so that it is virtually impossible to reverse-engineer the original input from the hash.
However, because hash functions produce fixed-length outputs, it is mathematically
inevitable that two different inputs will occasionally produce the same output. This is
known as a collision. A hash function is considered secure if it is computationally
infeasible to find a collision by brute force (i.e., by trying every possible input until a
collision is found).
A birthday attack takes advantage of the fact that, for a hash function with a 128-bit
output (for example), there are only 2^64 possible outputs. This means that if an
attacker can generate 2^64 random inputs and hash them, there is a good chance
(about 50%) that at least two of the hashes will collide. The attacker can then use the
collision to mount a more sophisticated attack, such as creating a fake digital
certificate that appears to be signed by a trusted authority.
To protect against birthday attacks, cryptographic systems typically use hash
functions with longer output lengths (such as 256 bits or 512 bits), which make it
much less likely that collisions will occur. Additionally, some hash functions (such as
SHA-3) have been specifically designed to be resistant to birthday attacks.

Q) What is access control?

Access control in cryptography and system security refers to the process of
controlling who can access or perform specific actions on a system or data. Access
control is a fundamental principle of information security, and it plays a critical role in
protecting sensitive information from unauthorized access, modification, or
disclosure.
Access control can be implemented at various levels, including the physical, network,
and application layers. Some common access control mechanisms used in
cryptography and system security include:
1. Authentication: This refers to the process of verifying the identity of a user or
entity before granting access to the system or data. Authentication can be achieved
using various mechanisms, such as passwords, biometrics, smart cards, or digital
certificates.
2. Authorization: Once a user or entity has been authenticated, authorization
determines the level of access or privileges that they are granted. Authorization can
be based on various factors, such as user roles, job functions, or security clearance
levels.
3. Encryption: Encryption is a cryptographic technique that transforms data into an
unreadable format using a secret key. Encryption can be used to protect sensitive
data from unauthorized access or disclosure, both at rest and in transit.

Q) What is Firewall? Explain its types.

A firewall is a network security device that monitors incoming and outgoing network
traffic and permits or blocks data packets based on a set of security rules. Its purpose
is to establish a barrier between your internal network and incoming traffic from
external sources(like internet) in order to block malicious traffic like viruses and
hackers.
Firewall is of following types:
Packet Filtering Firewall: Packet filtering is the process of examining the packet
coming from the outside world. Packet headers are inspected by the firewall to make
decision to block or allow access of that packet.
It is a security mechanism that allows the movement of packets across the network
and controls their flow on the basis of a set of rules, protocols, IP addresses and
ports.

Stateful inspection firewalls: This type of firewall keeps track of the state of network
connections and examines the entire packet rather than just the header. This allows
stateful inspection firewalls to filter traffic based on more advanced criteria, such as
the contents of the packet or the application that generated the packet.

Application-level gateways (proxy firewalls): This type of firewall acts as an

intermediary between the client and the server, and it inspects and filters traffic at
the application layer.
Q) Write a note on IDS.
Q) Differentiate between MD5 and SHA 1.

Q) Explain Kerberos with diagram

Kerberos provides a centralized authentication server whose function is to
authenticate users to servers and servers to users.
In Kerberos Authentication server a database is used for client authentication.
Kerberos runs as a third-party trusted server known as the Key Distribution Center
(KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
 Authentication Server (AS): The Authentication Server performs the initial
authentication and ticket for Ticket Granting Service.
 Database: The Authentication Server verifies the access rights of users in the
database.
 Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for the
Server

Step-1: The authentication server receives the request by the client and verifies that
client
Step-2: upon the verification a timestamp is created with current time in user session
and expiration date
Step-3: The key is sent back to the client in the form of TGT (Ticket Granting Ticket)
Step-4: The client submits the TGT to TGS to get authenticated
Step-5: The TGS creates an encrypted key with a time stamp and grants the client
service ticket
Step-6: The client decrypts the ticket and sends acknowledgement to the TGS
Step-7: Then it sends its own encrypted key to the service server. The service server
decrypts the key and checks the time stamp whether it is valid or not. If it is valid then
it contacts the KDC and returns session to the client
Step-8: The client decrypts the ticket. If the key is still valid communication is initiated
between the client and the server. Now the client is authenticated until session
expires
Q) Digital Signature.
Digital signatures are the public-key primitives of message authentication. In the
physical world, it is common to use handwritten signatures on handwritten or typed
messages. They are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital
data. This binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to
the sender and he should not be able to repudiate the origination of that message.
This requirement is very crucial in business applications, since likelihood of a dispute
over exchanged data is very high.

The following points explain the entire process in detail −

 Each person adopting this scheme has a public-private key pair.
 Generally, the key pairs used for encryption/decryption and signing/verifying
are different. The private key used for signing is referred to as the signature key
and the public key as the verification key.
 Signer feeds data to the hash function and generates hash of data.
 Hash value and signature key are then fed to the signature algorithm which
produces the digital signature on given hash. Signature is appended to the data
and then both are sent to the verifier.
 Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
 Verifier also runs same hash function on received data to generate hash value.
  For verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the digital
signature is valid.
 Since digital signature is created by ‘private’ key of signer and no one else can
have this key; the signer cannot repudiate signing the data in future.

Q) Write a short note on: SSL

SSL is the secure communications protocol of choice for a large part of the internet
community. There are many applications of SSL in existence, since it is capable of
securing any transmission over TCP.
The different protocol in SSL are as follows:
SSL Handshake Protocol:
Messages passed back and forth between the user's browser (client) and web
application (server) establish a handshake that begins a secure connection. The
messages that compose this handshake are: ClientHello, ServerHello,
ServerKeyExchange, ServerHelloDone, ClientKeyExchange,ChangeCipherSpec,
Finished, ChangeCipherSpec, Finished.
SSL Record Protocol:
This protocol provides two services for SSL connection:
Confidentiality: using conventional encryption
Message Integrity: using Message Authentication Code (MAC)
This protocol performs following action fragmentation, compression, Addition of
mac, encryption and prepared header
SSL Alert Protocol:
This protocol sends errors, problems or warnings about the connection between the
two parties. This layer is formed with two fields: security level and alert description.
SSL Change Cipher Spec Protocol:
The change cipher spec protocol is composed of one message that signals the
beginning of the secure communication between client and server.
Q) Write in brief about AES.
One of the most widely used symmetric encryption algorithm is AES. It is 6 times
faster than DES.
A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search attack.
Triple DES was designed to overcome this drawback but it was found slow.
The features of AES are as follows −
 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation
network’. It comprises of a series of linked operations, some of which involve replacing
inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES
treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four
columns and four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the
key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys. Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round
comprise of four sub-processes. The first round process is depicted below −

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design.
The result is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are
re-inserted on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect
to each other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function.
This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column. The result is another new matrix
consisting of 16 new bytes. It should be noted that this step is not performed in the
last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128
bits of the round key. If this is the last round then the output is the ciphertext.
Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another
similar round.
Q) Define HMAC
Q) Short note on SHA - 1
SHA-1 (Secure Hash Algorithm 1) is a widely used cryptographic hash function that
was developed by the National Security Agency (NSA) and published by the National
Institute of Standards and Technology (NIST) in 1995. It produces a 160-bit hash value
and is used for digital signatures, message authentication codes (MACs), and other
security applications.
SHA-1 operates by taking a message of arbitrary length as input and producing a
fixed-size output, or hash value. Like other hash functions, SHA-1 is one-way, which
means that it is computationally infeasible to generate the original input message
from the hash value.
However, like MD5, SHA-1 is susceptible to collision attacks, where different input
messages can produce the same hash value. This vulnerability was demonstrated in
2005, and as a result, SHA-1 is no longer considered secure for cryptographic
purposes. More secure hash functions, such as SHA-256 and SHA-3, have been
developed and are now widely used.
Despite its vulnerabilities, SHA-1 is still used in some applications, such as digital
certificates and software updates. However, these applications are being phased out,
and SHA-1 is being replaced by more secure hash functions.

Q) Short note on SHA – 512

SHA-512 is a cryptographic hash function that is part of the SHA-2 family of hash
functions developed by the US National Security Agency (NSA). It is a secure and
widely-used algorithm for generating fixed-size, unique digital fingerprints of data.
SHA-512 produces a 512-bit (64-byte) hash value, which is typically represented as a
hexadecimal string. It is designed to be highly resistant to collision attacks, which
means it is extremely difficult to find two different inputs that produce the same hash
output.
The SHA-512 algorithm works by taking an input message and repeatedly processing
it through a set of mathematical operations, resulting in a fixed-size output hash. It is
commonly used in digital signatures, password storage, and other security
applications that require data integrity and authenticity.
Overall, SHA-512 is a reliable and secure hash function that provides strong
cryptographic protection for digital data.
Q) Short note on MAC
MAC (Message Authentication Code) is a cryptographic technique used to provide
integrity and authenticity to a message or data. It is a type of symmetric key
algorithm that uses a secret key to generate a fixed-size code or tag, which is
appended to the message. The recipient of the message can then use the same secret
key to recompute the MAC and verify that the message has not been tampered with
during transmission.
MAC provides assurance that the message has not been modified, and that the
sender of the message is the one who claims to be. MAC can be generated using
different algorithms such as HMAC (Hash-based Message Authentication Code) and
CBC-MAC (Cipher Block Chaining-MAC), among others.
MAC is commonly used in security protocols like SSL/TLS, IPSec, and SSH, to ensure
that the data being transmitted is not altered or modified by an attacker. It is also
used in electronic payment systems to provide integrity and authenticity to payment
transactions.