ISS Important Questons and Solutions

Q:1- What is HTTPS?

Ans:- HTTPS is an abbreviation of Hypertext Transfer Protocol Secure. It is a secure extension

or version of HTTP. This protocol is mainly used for providing security to the data sent between
a website and the web browser. It is widely used on the internet and used for secure
communications. This protocol uses the 443 port number for communicating the data.

This protocol is also called HTTP over SSL because the HTTPS communication protocols are
encrypted using the SSL (Secure Socket Layer).

Q:2- What Is SSL and SSL Certificate?

Ans: SSL stands for Secure Sockets Layer, a cryptographic protocol for keeping online
communications safe and secure. It establishes an encrypted connection between two
applications over a network and prevents cyber thieves from intercepting sensitive data in
transit.
An SSL certificate is a small digital file that authenticates the identity of a website and encrypts
sensitive information exchanged between the website and the user’s browser. It’s issued by a
private or public third-party Certificate Authority (CA) after the website owner completes a
verification process.

Q:3- A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7.
What is the value of ciphertext for a plain text 5 using the RSA public-key encryption
algorithm?

Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p = 3 and q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 3 x 11 = 33

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1< e < φ (n), e
is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (3 - 1) x (11 - 1)

φ (n) = 2 x 10

φ (n) = 20

Step 4: To determine the public key, we use the following formula to calculate the d such that:

Calculate e x d = 1 mod φ (n)

e x 7 = 1 mod 20

e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3………………]

Put k = 0

e = (1 + 0 x 20) / 7

e = 1/7
Put k = 1

e = (1 + 1 x 20) / 7

e = 21/7 = 3

The public key is <e, n> = (3, 33)

Hence, public key i.e. e = 3

Q:4- explain kerberos in detail.

Ans:- Kerberos provides a centralized authentication server whose function is to authenticate

users to servers and servers to users. In Kerberos Authentication server and database is used
for client authentication. Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a principal.

The main components of Kerberos are:

 Authentication Server (AS): The Authentication Server performs the initial authentication
and ticket for Ticket Granting Service.
 Database: The Authentication Server verifies the access rights of users in the database.
 Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for the Server.
 Step-1:
User login and request services on the host. Thus user requests for ticket-granting service.
 Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using the Password of the user.
 Step-3:
The decryption of the message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contains authenticators like user names and network
addresses.
 Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.
 Step-5:
The user sends the Ticket and Authenticator to the Server.
 Step-6:
The server verifies the Ticket and authenticators then generate access to the service. After
this User can access the services.

Kerberos Limitations

 Each network service must be modified individually for use with Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability
Applications

 User Authentication: User Authentication is one of the main applications of Kerberos.

Users only have to input their username and password once with Kerberos to gain access to
the network. The Kerberos server subsequently receives the encrypted authentication data
and issues a ticket granting ticket (TGT).
 Single Sign-On (SSO): Kerberos offers a Single Sign-On (SSO) solution that enables users
to log in once to access a variety of network resources. A user can access any network
resource they have been authorized to use after being authenticated by the Kerberos server
without having to provide their credentials again.
 Mutual Authentication: Before any data is transferred, Kerberos uses a mutual
authentication technique to make sure that both the client and server are authenticated.
Using a shared secret key that is securely kept on both the client and server, this is
accomplished. A client asks the Kerberos server for a service ticket whenever it tries to
access a network resource. The client must use its shared secret key to decrypt the
challenge that the Kerberos server sends via encryption. If the decryption is successful, the
client responds to the server with evidence of its identity.
 Authorization: Kerberos also offers a system for authorization in addition to
authentication. After being authenticated, a user can submit service tickets for certain
network resources. Users can access just the resources they have been given permission to
use thanks to information about their privileges and permissions contained in the service
tickets.
 Network Security: Kerberos offers a central authentication server that can regulate user
credentials and access restrictions, which helps to ensure network security. In order to
prevent unwanted access to sensitive data and resources, this server may authenticate users
before granting them access to network resources.