Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V

Cryptography & Network Security & BNCSD502C

Section- A, Section- B, Section-C
Academic Session – 2024-25

CRYPTOGRAPHY & NETWORK SECURITY

Syllabus

Module I: Computer Security

Introduction, Need for security, Principles of Security, Plain text and Cipher Text, Encryption
and Decryption, Symmetric and Asymmetric Key Cryptography, Steganography, Key Range
and Key Size, Possible Types of Attacks.

Module II: Digital Certificates and Public Key Infrastructure (PKI)

Digital Certificates, Private Key Management, The PKI-X Model, Public Key Cryptography
Standards (PKCS), XML,PKI and Security, Hash functions, Key Pre-distribution, Blom’s
Scheme, Diffie-Hellman Key Pre-distribution, Kerberos.

Module III: Network Security, Firewalls and Virtual Private Networks

Brief Introduction to TCP/IP, Firewalls, IP Security, Virtual Private Networks (VPN),

Intrusion, Internet Security Protocols: Basic concepts, Secure Socket Layer (SSL), Transport
Layer Security (TLS), Email Security: Pretty Good Privacy (PGP).

Module IV: User Authentication and Kerberos

Authentication basics, Passwords, Authentication Tokens, Certificate-based Authentication,

Biometric Authentication, Kerberos, Key Distribution Center (KDC), Security Handshake
Pitfalls, Single Sign On (SSO) Approaches.

Module V: IP Security

Peer to Peer Server, Create the WebSocket Server, Connect to Blockchain Peers, Handle
Messages from Peers, Synchronize the Blockchain across Peers.

Module VI: Operating System Security

Identification of Authorization, User management, Overview of Software firewall, Policy,

Registry, Disaster Recovery, OS Security management, IAS Authentication.

Module VII: Wireless Security

Introduction of WLAN, 802.11 Standards (802.11a, 802.11b, 802.11g, 802.11n) security type,
Overview of SSID WLAN Security authentication (WEP, TKIP, WAP1, WAP2).

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |1
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Module VIII: Malicious Logic

Malicious Logic, Types of Malicious Logic: Virus, Worm, Trojan Horse, Zombies, Denial of
Service Attacks, Intrusion, Intruders and their types, Intrusion Detection System, Intrusion
Prevention System.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |2
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Study Material
Cryptography & Network Security & BNCSD502C

Module I: Computer Security

1. Introduction to Security

Definition:
Security, in the context of information and data, refers to the protection of information
systems from unauthorized access, damage, or disruption. It encompasses measures and
protocols designed to safeguard the confidentiality, integrity, and availability of data.

Importance:

 Confidentiality: Ensuring that information is only accessible to those who are

authorized.
 Integrity: Ensuring that the information remains accurate and unaltered.
 Availability: Ensuring that information and resources are accessible to authorized
users when needed.

Example:
In an online banking system, security ensures that only the account holder can access their
account, that their account balance is accurate, and that they can access their account at any
time.

2. Need for Security

Reasons:

 Data Breaches: Unauthorized access to sensitive information can lead to financial

loss, identity theft, and legal consequences.
 Cyber Attacks: Hackers may disrupt services, steal data, or cause harm to an
organization’s reputation.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |3
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Privacy Concerns: Personal and sensitive data must be protected to maintain trust
and comply with regulations.
 National Security: Protecting critical infrastructure and national defense systems
from cyber threats.

Example:
A healthcare provider needs to secure patient records to prevent unauthorized access, which
could lead to identity theft or exposure of personal health information.

3. Principles of Security

 Confidentiality: Protecting information from unauthorized access.

Example: Using encryption to secure sensitive emails.
 Integrity: Ensuring that data is accurate and has not been tampered with.
Example: Implementing checksums to verify the integrity of a downloaded file.
 Availability: Ensuring that information and resources are available to authorized
users when needed.
Example: Redundant servers to ensure a website is always accessible.
 Authentication: Verifying the identity of a user or system.
Example: Using a password and two-factor authentication to log in to an account.
 Non-repudiation: Ensuring that a sender cannot deny sending a message.
Example: Digital signatures that verify the origin of a document.

4. Plain Text and Cipher Text

Plain Text:

 Definition: Plain text is the original, unencrypted information or data that can be
easily read and understood by anyone. It is the raw data or message that you want to
protect using encryption. This data is in a readable format, and if intercepted by an
unauthorized person, they can easily understand its content.
 Example: If you write an email that says, "Meet me at the park at 5 PM," this
message in its original, readable form is considered plain text.

Cipher Text:

 Definition: Cipher text is the result of applying an encryption algorithm to plain text.
It is the scrambled, unreadable version of the data, which cannot be easily understood
without the proper key to decrypt it. The purpose of converting plain text into cipher
text is to protect the information from unauthorized access during transmission or
storage.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |4
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Example: Using a simple substitution cipher (where each letter is replaced with
another), the plain text "HELLO" could be transformed into "KHOOR" as cipher text.
Without knowing the substitution method (or key), it would be difficult for someone
to determine that "KHOOR" actually represents "HELLO."

How It Works:

 When you want to send a secure message over the internet, you start with plain text.
For example, a password or a confidential email.
 An encryption algorithm (a set of mathematical rules) is applied to this plain text,
along with an encryption key (a secret code used to transform the data), turning it into
cipher text. This cipher text looks like a random series of characters and cannot be
understood by anyone without the key.
 When the intended recipient receives the cipher text, they use the corresponding
decryption algorithm and key to convert the cipher text back into plain text. This
ensures that the message remains secure and private while being transmitted.

Importance:

 Security: By converting plain text into cipher text, sensitive information is protected
from unauthorized access, even if the communication is intercepted.
 Confidentiality: Only those with the correct decryption key can access the original
message, ensuring that the data remains confidential.
 Data Integrity: Encryption also helps in ensuring that the data has not been altered
during transmission.

Real-World Example:

 Online Banking: When you log into your bank account online, your login credentials
(username and password) are sent to the bank’s server. However, before being sent
over the internet, these credentials are converted from plain text into cipher text using
an encryption protocol like SSL/TLS. This prevents hackers from intercepting and
reading your sensitive information.

5. Encryption and Decryption

Encryption:

 Definition: Encryption is the process of converting plain text (readable data) into
cipher text (unreadable data) using an algorithm and a specific key. The main purpose
of encryption is to protect the confidentiality of the data, ensuring that only authorized
parties who have the correct key can access the original information.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |5
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 How It Works:

o An encryption algorithm, also known as a cipher, takes the plain text as input.

o A key, which is a piece of information used to control the operation of the

encryption algorithm, is applied.

o The algorithm processes the plain text using the key and transforms it into
cipher text. This cipher text appears as a random string of characters, making
it unintelligible to anyone who doesn’t have the key.

 Example:

o Suppose you have a message, "SECRET123". If you use an encryption

algorithm like AES (Advanced Encryption Standard) with a specific key, the
output might be something like "5d41402abc4b2a76b9719d911017c592".
This is the cipher text, which is secure and cannot be easily deciphered
without the key.

Decryption:

 Definition: Decryption is the process of converting cipher text back into plain text
using a decryption algorithm and the correct key. This process is essentially the
reverse of encryption, allowing the authorized recipient to access the original data.

 How It Works:

o The decryption algorithm uses the same or a related key (depending on the
type of encryption) to process the cipher text.

o The algorithm converts the cipher text back into its original form, which is the
plain text.

 Example:

o Continuing from the earlier example, if you have the cipher text
"5d41402abc4b2a76b9719d911017c592" and the correct key, applying the
decryption algorithm will revert it back to the original message
"SECRET123".

Types of Encryption:

 Symmetric Encryption: The same key is used for both encryption and decryption.

o Example: If you encrypt a file with a password (which acts as the key), the
same password is required to decrypt it.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |6
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Asymmetric Encryption: Two different but mathematically related keys are used—
one for encryption (public key) and one for decryption (private key).

o Example: When sending an encrypted email, the sender uses the recipient's
public key to encrypt the message. The recipient then uses their private key to
decrypt it.

Importance of Encryption and Decryption:

 Confidentiality: Encryption ensures that sensitive information, such as personal data

or financial transactions, remains confidential. Even if an unauthorized person
intercepts the data, they cannot read it without the key.

 Security: It protects data from unauthorized access and breaches, which is essential
for maintaining the security of personal, financial, and organizational information.

 Data Integrity: While encryption primarily focuses on confidentiality, it also helps in

maintaining data integrity by ensuring that the data has not been tampered with during
transmission.

Real-World Example:

 Online Shopping: When you make a purchase online, your credit card information is
encrypted before it is transmitted over the internet to the merchant’s server. This
encryption prevents hackers from stealing your credit card details. Once the encrypted
data reaches the merchant, it is decrypted so that the payment can be processed.

Process Flow:

1. Plain Text (Original Data): "HelloWorld"

2. Encryption Algorithm + Key: Transforms the plain text into cipher text.

3. Cipher Text (Encrypted Data): "eNcrYptEDtExT123"

4. Decryption Algorithm + Key: Converts the cipher text back to plain text.

5. Plain Text (Decrypted Data): "HelloWorld"

AES (Advanced Encryption Standard)

Definition: AES (Advanced Encryption Standard) is a symmetric encryption algorithm

widely used across the world to secure sensitive data. It was established as the encryption
standard by the U.S. National Institute of Standards and Technology (NIST) in 2001,
replacing the older DES algorithm due to its superior security and efficiency.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |7
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Key Features of AES:

 Symmetric Encryption: The same key is used for both encryption and decryption.

 Block Cipher: AES encrypts data in fixed-size blocks of 128 bits (16 bytes).

 Key Sizes: AES supports key sizes of 128, 192, and 256 bits, providing different
levels of security.

o AES-128: 10 rounds of encryption.

o AES-192: 12 rounds of encryption.

o AES-256: 14 rounds of encryption.

 Rounds: Each "round" involves a series of complex transformations and substitutions

applied to the data. The number of rounds increases with the key size, making the
encryption stronger.

How AES Works:

1. Key Expansion: The encryption key is expanded into several round keys.

2. Initial Round: The data (128-bit block) undergoes an initial transformation with the
first round key.

3. Main Rounds: A series of transformations occur, such as substitution (using S-

boxes), shifting rows, mixing columns, and adding the round key. These rounds
ensure that even small changes in the input will drastically alter the output.

4. Final Round: After the main rounds, a final transformation occurs, and the result is
the encrypted data (cipher text).

5. Decryption: The process is reversed to obtain the original plain text using the same
key.

Advantages of AES:

 Security: AES is highly secure and resistant to all known attacks, including brute-
force attacks. Its large key sizes (128, 192, 256 bits) make it computationally
infeasible for hackers to break.

 Efficiency: AES is fast and efficient in both software and hardware implementations,
making it suitable for a wide range of applications, including smartphones, VPNs, and
secure communication protocols like SSL/TLS.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |8
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Widely Used: AES is used globally in securing data for government institutions,
financial services, and many other industries.

Example of AES: If you use AES-256 to encrypt a message, it might take a readable plain
text like "HELLO123" and transform it into an unreadable cipher text like
"5a7d3f2b9876d4eaa12c". Only someone with the correct 256-bit key can decrypt this and
access the original message.

DES (Data Encryption Standard)

Definition: DES (Data Encryption Standard) is an older symmetric encryption algorithm that
was widely used for many years before AES became the standard. DES was developed by
IBM in the 1970s and adopted as the standard by NIST in 1977. It encrypts data using a 56-
bit key, which is now considered insecure due to its vulnerability to brute-force attacks.

Key Features of DES:

 Symmetric Encryption: Like AES, DES uses the same key for both encryption and
decryption.

 Block Cipher: DES encrypts data in blocks of 64 bits (8 bytes) at a time.

 Key Size: DES uses a 56-bit key (though the original key is 64 bits, 8 bits are used for
parity, leaving only 56 effective bits).

 Rounds: DES uses 16 rounds of encryption, where each round involves permutations,
substitutions, and mixing with the key.

How DES Works:

1. Key Generation: The 56-bit key is divided into two 28-bit halves and undergoes
transformations to produce 16 subkeys, one for each round of encryption.

2. Initial Permutation: The data block undergoes an initial permutation (IP) to

rearrange the bits.

3. Rounds: In each round, the data is split into two halves, and one half undergoes
complex transformations involving substitution and permutation, while the other half
is combined with the round key.

4. Final Permutation: After 16 rounds, the two halves are recombined and undergo a
final permutation, resulting in the cipher text.

5. Decryption: The process is reversed to decrypt the data.

Weaknesses of DES:
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
Page |9
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Small Key Size: The 56-bit key size makes DES vulnerable to brute-force attacks.
Modern computing power can exhaustively try all possible keys in a relatively short
time, which compromises its security.

 Security Concerns: DES is no longer considered secure for most modern

applications due to its susceptibility to attacks like brute force and differential
cryptanalysis.

Example of DES: Suppose you use DES to encrypt a message like "HELLO". The cipher
text might look like "A1F8E3B2", but because of the short key length, this cipher text can
potentially be decrypted by an attacker using brute-force method.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 10
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Comparison Between AES and DES:

AES (Advanced
Feature DES (Data Encryption Standard)
Encryption Standard)
Key Size 128, 192, or 256 bits 56 bits
Block Size 128 bits 64 bits
10, 12, or 14
Rounds (depending on key 16
size)
Highly secure,
Security Vulnerable to brute-force attacks
resistant to attacks
Faster and more
Speed Slower compared to AES
efficient
Obsolete for modern security
Use Widely used globally
needs

6. Symmetric and Asymmetric Key Cryptography

Cryptography is the science of securing communication and information. Two major types of
cryptographic techniques are Symmetric Key Cryptography and Asymmetric Key
Cryptography. Both methods are used to protect data but differ in their approach to key
management and security.

Symmetric Key Cryptography

Definition: Symmetric Key Cryptography, also known as Secret Key Cryptography, is a type
of encryption where the same key is used for both encryption and decryption of the data. This
means that both the sender and the receiver must have access to the same secret key, which
must be kept confidential to ensure the security of the communication.

Key Characteristics:

 Single Key: A single key is used for both the encryption and decryption processes.

 Speed: Symmetric algorithms are generally faster and require less computational
power than asymmetric algorithms, making them suitable for encrypting large
amounts of data.

 Security: The security of symmetric encryption depends heavily on the secrecy of the
key. If the key is compromised, the entire communication is at risk.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 11
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Key Management: The challenge in symmetric encryption lies in securely

distributing and managing the secret key, especially when communicating over
insecure channels.

Common Algorithms:

 AES (Advanced Encryption Standard): A widely used symmetric encryption

algorithm that is secure and efficient, with key sizes of 128, 192, or 256 bits.

 DES (Data Encryption Standard): An older symmetric algorithm that uses a 56-bit
key. It is now considered insecure and has been largely replaced by AES.

 3DES (Triple DES): An enhancement of DES that applies the DES algorithm three
times with three different keys, making it more secure but slower than AES.

Example of Symmetric Key Encryption:

 Scenario: You want to securely send a confidential document to a colleague over the
internet.

1. Encryption: You use a symmetric encryption algorithm like AES and a secret
key, say "abc123", to encrypt the document.

2. Cipher Text: The document is transformed into an unreadable format (cipher

text) using the key "abc123".

3. Decryption: Your colleague receives the cipher text and uses the same key
"abc123" to decrypt it back into the original document.

Advantages:

 Efficiency: Symmetric encryption is faster and more efficient for encrypting large
volumes of data.

 Simplicity: The process of encryption and decryption is straightforward and

computationally less intensive.

Disadvantages:

 Key Distribution: Securely sharing and managing the secret key can be difficult,
especially over an insecure network.

 Scalability: In a network with many users, managing a separate key for each pair of
users becomes cumbersome.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 12
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Asymmetric Key Cryptography

Definition: Asymmetric Key Cryptography, also known as Public Key Cryptography, uses
two different but mathematically related keys: a public key and a private key. The public key
is used for encryption, and the private key is used for decryption. Unlike symmetric key
cryptography, the two keys are not identical, and the private key must be kept secret, while
the public key can be openly shared.

Key Characteristics:

 Two Keys: There are two distinct keys—a public key (for encryption) and a private
key (for decryption).

 Security: Even if the public key is known to everyone, the communication remains
secure because only the corresponding private key can decrypt the data.

 Key Management: The public key can be freely distributed, which simplifies key
management, but the security depends on the private key remaining secret.

 Slower: Asymmetric encryption is computationally more intensive and slower than

symmetric encryption, making it less suitable for encrypting large amounts of data.

Common Algorithms:

 RSA (Rivest-Shamir-Adleman): One of the most widely used asymmetric

encryption algorithms. It is used in many applications, including secure web browsing
(SSL/TLS) and digital signatures.

 ECC (Elliptic Curve Cryptography): A newer approach that offers similar security
to RSA but with smaller key sizes, leading to faster computations.

 DSA (Digital Signature Algorithm): Primarily used for creating digital signatures,
ensuring the authenticity and integrity of a message.

Example of Asymmetric Key Encryption:

 Scenario: You want to send a secure email to a client.

1. Public Key: The client shares their public key with you.

2. Encryption: You use the client's public key to encrypt the email.

3. Cipher Text: The email is transformed into an unreadable format using the
client's public key.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 13
 Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

4. Private Key: The client uses their private key (which only they possess) to
decrypt the email and read the original message.

Advantages:

 Key Distribution: Only the public key needs to be shared, reducing the risks
associated with key distribution.

 Security: The use of two keys enhances security, particularly for activities like digital
signatures and secure key exchange.

Disadvantages:

 Performance: Asymmetric encryption is slower and more resource-intensive than

symmetric encryption, making it less efficient for large-scale data encryption.

 Complexity: The mathematical operations involved are more complex, leading to

slower processing times.

son Between Symmetric and Asymmetric Key Cryptography

Symmetric Key
Aspect Asymmetric Key Cryptography
Cryptography
Same key for
Public key for encryption, private
Key Usage encryption and
key for decryption
decryption
Faster, suitable for Slower, better for small data or
Speed
large data encryption secure key exchange
Security depends on Security enhanced by using two
Security
keeping the key secret keys (public and private)
Challenging to
Easier to distribute public keys,
Key Distribution securely share and
private key remains secure
manage the secret key
Less scalable in large
More scalable, especially in
Scalability networks due to key
environments with many users
management issues
Encrypting large files, Secure communication, digital
Use Cases
data at rest signatures, key exchange

7. Steganography

Definition: Steganography is the practice of concealing a message, file, image, or video

within another file, image, video, or piece of data. Unlike encryption, which makes data

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 14
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

unreadable to protect it, steganography hides the very existence of the data, making it
invisible to anyone who doesn't know where to look.

Etymology: The word "steganography" is derived from the Greek words "steganos" meaning
"covered" or "hidden" and "graphia" meaning "writing." So, steganography literally means
"hidden writing."

How Steganography Works: Steganography involves embedding a secret message or data

within a non-secret file or data, such as an image, audio file, or text. The key aspect is that the
carrier file (the one containing the hidden message) appears normal and unsuspicious to
anyone who might intercept or examine it.

Types of Steganography:

1. Image Steganography:

o Definition: Hiding data within an image file.

o How It Works: The most common technique is Least Significant Bit (LSB)
modification. In this method, the least significant bits of each pixel in an
image are altered to store the hidden data. The changes are so small that they
are imperceptible to the human eye.

o Example: A picture of a sunset may look completely normal, but it might

contain a hidden text message embedded within the color data of the image.

2. Audio Steganography:

o Definition: Hiding data within an audio file.

o How It Works: Similar to image steganography, data is hidden in the audio

file by manipulating the least significant bits of the audio samples. The hidden
data is typically embedded in areas where it won't be noticeable during
playback.

o Example: A song file might have a hidden message embedded within the
sound data that can't be heard but can be extracted with the right tools.

3. Text Steganography:

o Definition: Hiding data within text files.

o How It Works: Techniques include using white spaces, altering font sizes, or
even using patterns of letters or characters to conceal information.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 15
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

o Example: A seemingly normal paragraph of text might have a hidden

message embedded using the first letter of each word, forming an acrostic.

4. Video Steganography:

o Definition: Hiding data within a video file.

o How It Works: Data can be embedded in the frames of a video file, often
using the LSB method similar to image steganography, but applied to the
frames of the video.

o Example: A short video clip might have secret information hidden within
certain frames, which can only be extracted by someone who knows where
and how to look.

5. Network Steganography:

o Definition: Hiding data within network protocols.

o How It Works: Involves embedding information within the headers of

network packets, timing of packet transmissions, or using unused fields in a
protocol to hide data.

o Example: Data could be hidden in the timing of TCP/IP packets sent over a
network, making it difficult to detect without specialized tools.

Uses of Steganography:

 Covert Communication: Steganography is often used to send secret messages or

data without alerting others to the fact that a communication is taking place.

 Digital Watermarking: Steganography can be used to embed watermarks into digital

media (such as images, videos, or audio) to prove ownership or protect intellectual
property.

 Avoiding Censorship: In countries with strict censorship, individuals may use

steganography to bypass government restrictions by hiding information within
innocuous files.

Example of Steganography:

Imagine you have a photograph that you want to send to a friend, but you also want to
include a secret message with it. By using steganography, you could embed your message
within the image file itself, altering the pixels in such a way that the changes are invisible to
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 16
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

the naked eye. Your friend, knowing how to extract the hidden message, could retrieve it
using special software or a decryption key.

 Original Image: A regular photo of a cat.

 Hidden Message: "Meet at the park at 5 PM."

 Steganography Process: The hidden message is embedded into the image by altering
the LSBs of the pixel values. The image looks the same to anyone who views it, but
your friend, with the correct method or key, can extract the hidden message.

Advantages of Steganography:

 Invisibility: The primary advantage is that the hidden data is invisible and does not
attract attention, unlike encrypted data, which clearly signals that something is being
hidden.

 Wide Applicability: It can be used with various types of digital media—images,

videos, audio files, and text.

 Enhanced Security: When combined with encryption, steganography can add an

extra layer of security, making it even more difficult for unauthorized parties to detect
and access the hidden data.

Disadvantages of Steganography:

 Limited Capacity: The amount of data that can be hidden within a file is often
limited. For example, you can only embed a small message within an image without
making noticeable changes.

 Complexity: Creating and extracting steganographic data requires specialized

software or knowledge, which might be a barrier for some users.

 Not Foolproof: Steganography can be detected by advanced steganalysis techniques,

especially if the person inspecting the file knows what to look for.

Steganography vs. Cryptography:

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 17
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Aspect Steganography Cryptography

Hides the existence of Secures the content of the
Purpose
the message message
Message is invisible to Encrypted message is visible but
Visibility
outsiders unreadable
Covert
Secure communication,
Use Case communication, digital
protecting data
watermarking
More complex to Easier to implement but signals
Complexity
create and detect secret data
Depends on secrecy of Depends on strength of
Security
the method encryption algorithm

8. Key Range and Key Size

Key Size:

 Definition: The key size in cryptography refers to the length of the key used in an
encryption algorithm. It is typically measured in bits, and it represents the number of
possible combinations for the key. The key size is a critical factor in determining the
security of an encryption system—larger key sizes generally mean stronger security.
 Importance:
o The larger the key size, the more difficult it is for an attacker to crack the
encryption by brute force (i.e., trying every possible key until the correct one
is found).
o A longer key provides a greater number of possible combinations, making the
encryption more resistant to attacks.
 Examples:
o AES-128: A 128-bit key means there are 21282^{128}2128 possible key
combinations. This is an extremely large number, making brute-force attacks
impractical.
o AES-256: A 256-bit key offers 22562^{256}2256 possible combinations,
which is vastly more secure than a 128-bit key, though it may require more
computational resources.

Key Range:

 Definition: The key range is the total number of possible keys that can be generated
with a given key size. It’s directly related to the key size; as the key size increases, the
key range (the number of possible keys) increases exponentially.
 Calculation:
o For a key size of N bits, the key range is 2N2^N2N.
o For example, with an 8-bit key, the key range is 28=2562^8 = 25628=256
possible keys.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 18
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Relationship Between Key Size and Security:

 Brute Force Resistance:

o The primary defense against brute-force attacks is the key size. The larger the
key, the more combinations an attacker must try to break the encryption,
making the process more time-consuming and resource-intensive.
o For instance, a 56-bit key (like in DES) allows for 2562^{56}256 possible
keys, which is about 72 quadrillion combinations. While this was considered
secure in the 1970s, advances in computing power have made it feasible to try
all these combinations in a reasonable time.
o In contrast, a 256-bit key (like in AES-256) offers 22562^{256}2256
combinations, which is astronomically large—far beyond the capability of any
current or foreseeable computing power to brute-force.

Impact on Performance:

 Encryption/Decryption Speed: Larger key sizes typically require more processing

power and time to perform encryption and decryption operations. However, the
difference in speed between, say, AES-128 and AES-256 is often negligible compared
to the added security benefits.
 Resource Requirements: As key sizes increase, the computational resources (such as
CPU and memory) needed to handle encryption and decryption also increase. This is a
trade-off between security and performance.

Examples of Key Sizes in Cryptographic Algorithms:

 DES (Data Encryption Standard): Uses a 56-bit key. Now considered insecure due
to the small key size.
 3DES (Triple DES): Uses three 56-bit keys (effectively 168 bits). Provides stronger
security than DES but is slower and less efficient.
 AES (Advanced Encryption Standard): Supports key sizes of 128, 192, and 256
bits. AES-128 is commonly used and provides a good balance between security and
performance.
 RSA (Rivest-Shamir-Adleman): An asymmetric algorithm that typically uses key
sizes of 2048 or 4096 bits. The large key sizes are necessary due to the mathematical
complexity involved in RSA encryption.

Key Size vs. Algorithm Strength:

 Symmetric Algorithms (e.g., AES): The security strength is directly proportional to

the key size. A longer key size provides exponentially greater security.
 Asymmetric Algorithms (e.g., RSA): Asymmetric algorithms generally require
much larger key sizes compared to symmetric algorithms to achieve comparable
security. For example, a 2048-bit RSA key is considered secure, while a 128-bit AES
key provides a similar level of security due to the different mathematical foundations
of the algorithms.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 19
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Key Size Selection:

 Balancing Security and Performance: When choosing a key size, it's important to
balance the need for security with the available computational resources and the
performance requirements of the system. For most applications, AES-128 or AES-256
offers sufficient security with acceptable performance.

Future Considerations:

 Quantum Computing: As quantum computing advances, traditional key sizes may

need to be increased to maintain security. Quantum computers could potentially break
current encryption schemes much faster than classical computers, necessitating even
larger key sizes or new types of algorithms designed to resist quantum attacks.

9. Possible Types of Attacks in Cryptography

Cryptography, while a powerful tool for securing data, is not invulnerable. Various types of
attacks can target cryptographic systems, aiming to break the encryption, steal sensitive
information, or disrupt communications. Understanding these attacks is crucial for designing
robust security measures. Here, we’ll explore some of the most common types of attacks in
cryptography.

1. Brute Force Attack

Definition: A brute force attack is the simplest form of attack against a cryptographic system.
It involves systematically trying every possible key until the correct one is found. Given
enough time and computational power, a brute force attack can eventually break any
encryption, but the time required increases exponentially with the key size.

How It Works:

 The attacker uses software to generate and test all possible keys.
 For example, if the key is 4 bits long, there are 16 possible keys (from 0000 to 1111).
The attacker tests each one until the correct key is found.

Protection Against Brute Force Attacks:

 Key Size: Using longer key sizes significantly increases the number of possible keys,
making brute force attacks impractical. For instance, AES-256 has 2256possible keys,
an enormous number that would take billions of years to crack with current
technology.

Example: A 128-bit key has 2128 possible combinations. Even with a supercomputer, testing
each key would take an astronomically long time.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 20
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

2. Phishing Attack

Definition: Phishing is a type of social engineering attack where the attacker tricks
individuals into revealing sensitive information such as usernames, passwords, or credit card
numbers by masquerading as a trustworthy entity.

How It Works:

 The attacker sends an email, message, or creates a website that looks legitimate.
 The victim is lured into providing sensitive information, believing they are interacting
with a genuine organization or person.
 This information is then used by the attacker to gain unauthorized access to accounts
or systems.

Protection Against Phishing:

 Awareness and Training: Educating users to recognize phishing attempts.

 Two-Factor Authentication (2FA): Even if a password is compromised, 2FA can
prevent unauthorized access.
 Email Filtering: Using advanced filters to block phishing emails before they reach
users.

Example: An email that appears to be from a bank asks the user to click a link and enter their
login details. The link leads to a fake website controlled by the attacker.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 21
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

3. Man-in-the-Middle (MITM) Attack

Definition: In a Man-in-the-Middle attack, the attacker secretly intercepts and possibly alters
the communication between two parties who believe they are directly communicating with
each other.

How It Works:

 The attacker positions themselves between the two parties (e.g., by exploiting an
unsecured Wi-Fi connection).
 The attacker can eavesdrop on the communication, steal sensitive information, or
modify the data being exchanged without either party realizing it.

Protection Against MITM Attacks:

 Encryption: Using strong encryption protocols like TLS/SSL to secure

communications.
 Authentication: Ensuring both parties authenticate each other before exchanging
data.
 Avoiding Unsecured Networks: Not using public Wi-Fi for sensitive transactions.

Example: An attacker intercepts communication between a user and a bank’s website. The
attacker can view the user’s credentials or alter the data being sent.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 22
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

4. Replay Attack

Definition: A replay attack involves intercepting and retransmitting valid data to gain
unauthorized access to a system or service. This attack exploits the fact that the intercepted
data was originally valid and can be reused to perform a similar action.

How It Works:

 The attacker captures the data being sent between two parties.
 The captured data (such as a login token or transaction request) is then sent again by
the attacker to execute the same operation without the user’s consent.

Protection Against Replay Attacks:

 Timestamping: Including a timestamp in the data to ensure that old messages cannot
be reused.
 Nonce Values: Using a unique, random number (nonce) for each session or
transaction that must match with the server’s expected value.
 Session Tokens: Issuing tokens that are valid for a single session only.

Example: An attacker intercepts a transaction request and replays it to cause a payment to be

processed twice.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 23
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

5. Denial of Service (DoS) Attack

Definition: A Denial of Service (DoS) attack aims to make a service, system, or network
unavailable to its intended users by overwhelming it with a flood of illegitimate requests or
by exploiting vulnerabilities.

How It Works:

 The attacker sends a large number of requests to the target, overwhelming its
resources and causing it to crash or become unresponsive.
 Alternatively, the attacker may exploit a bug or vulnerability that causes the system to
fail when certain conditions are met.

Protection Against DoS Attacks:

 Traffic Filtering: Using firewalls and Intrusion Detection Systems (IDS) to filter out
malicious traffic.
 Rate Limiting: Limiting the number of requests a user can make in a given period.
 Redundancy: Distributing the service across multiple servers to handle increased
traffic loads.

Example: An attacker sends thousands of requests per second to a website, causing it to slow
down and eventually crash, making it unavailable to legitimate users.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 24
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

6. Side-Channel Attacks

Definition: Side-channel attacks involve gathering information from the physical

implementation of a cryptographic system, rather than exploiting weaknesses in the algorithm
itself. These attacks take advantage of information leaked during the encryption process, such
as timing data, power consumption, or electromagnetic emissions.

How It Works:

 The attacker measures physical parameters (like the time taken to perform
cryptographic operations or the power consumed) to deduce the secret key or other
sensitive information.
 The attack does not require direct access to the encrypted data itself but rather relies
on external observations.

Protection Against Side-Channel Attacks:

 Randomization: Introducing randomness in cryptographic operations to make it

harder to extract useful information.
 Physical Shielding: Shielding devices to reduce electromagnetic emissions.
 Constant-Time Algorithms: Designing algorithms that take the same amount of time
to execute, regardless of the input.

Example: An attacker measures the power consumption of a device during encryption to

determine the encryption key.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 25
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

7. Cryptanalysis Attacks

Definition: Cryptanalysis involves studying the encryption algorithm itself to find

vulnerabilities that can be exploited to break the encryption and reveal the plain text without
needing the key.

How It Works:

 The attacker uses mathematical techniques to analyze the structure of the cipher,
looking for patterns or weaknesses.
 This may involve analyzing multiple encrypted messages, chosen plain text, or even
exploiting poorly implemented algorithms.

Types of Cryptanalysis Attacks:

 Differential Cryptanalysis: Analyzing the differences between pairs of encrypted

texts.
 Linear Cryptanalysis: Using linear approximations to describe the behavior of the
encryption algorithm.
 Known-Plaintext Attack: The attacker knows both the plain text and the cipher text
and uses this information to deduce the key.

Protection Against Cryptanalysis:

 Strong Algorithms: Using well-established and thoroughly tested encryption

algorithms.
 Regular Updates: Ensuring cryptographic software is updated to patch any
discovered vulnerabilities.
 Key Management: Regularly changing encryption keys and using appropriate key
lengths.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 26
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Example: Using differential cryptanalysis to exploit vulnerabilities in an outdated encryption

algorithm, allowing an attacker to decrypt messages.

Multiple Choice Question

State the core principles of security:

 A) Confidentiality, Integrity, Availability

 B) Confidentiality, Authentication, Non-repudiation
 C) Integrity, Availability, Non-repudiation
 D) Confidentiality, Authentication, Availability

What does the principle of confidentiality ensure?

 A) Data is accurate and complete

 B) Data is accessible only to authorized users
 C) Systems are available when needed
 D) Data can be changed by any user

Which encryption algorithm uses the same key for both encryption and decryption?

 A) RSA
 B) AES
 C) ECC

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 27
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 D) Diffie-Hellman

Explain the process of converting plain text to cipher text:

 A) Decryption
 B) Authentication
 C) Encryption
 D) Hashing

How is plain text different from cipher text?

 A) Plain text is encoded; cipher text is readable

 B) Plain text is readable, cipher text is encoded
 C) Plain text uses a private key, cipher text uses a public key
 D) Plain text is always longer than cipher text

Which algorithm is an example of asymmetric key cryptography?

 A) DES
 B) 3DES
 C) AES
 D) RSA

Choose the correct definition of integrity in security:

 A) Ensuring data is accessible only to authorized users

 B) Maintaining the accuracy and completeness of data
 C) Ensuring systems are available when needed
 D) Encrypting data for security

What is steganography primarily used for?

 A) Encrypting data
 B) Hiding information within non-secret text or data
 C) Generating digital signatures
 D) Creating hash values

Write an example of a symmetric key encryption algorithm:

 A) RSA
 B) ECC
 C) AES
 D) Diffie-Hellman

Find the typical key sizes used by AES:

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 28
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) 56 bits, 128 bits, 192 bits

 B) 64 bits, 128 bits, 256 bits
 C) 128 bits, 192 bits, 256 bits
 D) 256 bits, 384 bits, 512 bits

What problem does asymmetric key cryptography solve?

 A) Decryption speed
 B) Key distribution
 C) Encryption speed
 D) Data availability

Explain what a brute force attack involves:

 A) Sending phishing emails

 B) Trying all possible keys until the correct one is found
 C) Intercepting and altering communications
 D) Injecting malicious code into a database

Which principle of security ensures systems are available when needed?

 A) Confidentiality
 B) Integrity
 C) Availability
 D) Authentication

Choose the correct statement about symmetric key cryptography:

 A) It uses two keys for encryption and decryption

 B) It is slower than asymmetric key cryptography
 C) It uses the same key for both encryption and decryption
 D) It is not suitable for large amounts of data

What is the role of a private key in asymmetric cryptography?

 A) Encrypting data
 B) Decrypting data
 C) Generating hash values
 D) Hiding messages

Give examples of situations where encryption is necessary:

 A) Browsing public websites

 B) Sending confidential emails
 C) Posting on social media
 D) Reading news articles

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 29
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

How does a digital signature ensure integrity?

 A) By encrypting data
 B) By verifying the data has not been altered
 C) By hiding data within other data
 D) By distributing keys securely

State an example of a man-in-the-middle attack:

 A) Encrypting data with AES

 B) Intercepting and altering emails
 C) Sending phishing emails
 D) Injecting malicious SQL queries

What does the key size in cryptography determine?

 A) The speed of encryption

 B) The complexity and security level
 C) The type of data to be encrypted
 D) The method of encryption

Choose the correct definition of a cipher text:

 A) The original readable message

 B) The encrypted, unreadable message
 C) The key used for encryption
 D) The process of converting plain text

Explain how SQL injection works:

 A) By encrypting SQL queries

 B) By intercepting and modifying network traffic
 C) By inserting malicious SQL code into input fields
 D) By sending phishing emails

What is a common defense against phishing attacks?

 A) Using longer keys

 B) Educating users to recognize phishing attempts
 C) Encrypting all data
 D) Hiding data within images

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 30
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Find the primary application of digital watermarking:

 A) Encrypting messages
 B) Hiding ownership information in digital media
 C) Generating digital signatures
 D) Decrypting hidden messages

State one of the advantages of symmetric key cryptography:

 A) Solves the key distribution problem

 B) Enhances security with two keys
 C) Faster encryption and decryption processes
 D) Requires more computational resources

What is the purpose of using checksums and hash functions?

 A) Encrypting data
 B) Hiding information
 C) Verifying data integrity
 D) Distributing keys

Explain the concept of key distribution in cryptography:

 A) The process of hiding keys within data

 B) The method of sharing encryption keys securely
 C) The technique of generating encryption keys
 D) The act of encrypting keys

Choose an example of a symmetric encryption algorithm:

 A) RSA
 B) ECC
 C) AES
 D) Diffie-Hellman

What is the role of a public key in asymmetric cryptography?

 A) Decrypting data
 B) Encrypting data
 C) Hiding messages
 D) Verifying integrity

Give examples of attacks that compromise availability:

 A) Brute force attacks

 B) Denial of Service (DoS) attacks

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 31
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) Phishing attacks
 D) SQL injection attacks

How can digital signatures be used in communication?

 A) To encrypt messages
 B) To verify the authenticity and integrity of messages
 C) To hide messages within other data
 D) To generate encryption keys

Short Type Question:

1.What is cryptography?

2. Why is network security important?

3. List the core principles of security.

4. What does the principle of confidentiality ensure?

5. Define plain text and cipher text.

6.What is the difference between encryption and decryption?

7. Name two symmetric encryption algorithms.

8. What is the primary advantage of symmetric key cryptography?

9. Explain the key pair usage in asymmetric key cryptography.

10. What is steganography?

11.Give an example of how steganography can be used.

12.What does key size in cryptography determine?

13.Why are larger key sizes generally more secure?

14.Describe a brute force attack.

15.What is phishing?

16.How can man-in-the-middle attacks be prevented?

17.What is SQL injection?

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 32
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

18.List two defenses against SQL injection attacks.

19.What is the role of a digital signature in ensuring integrity?

20.How does asymmetric key cryptography solve the key distribution problem?

Long Type Questions

1.Explain the importance of network security and the types of threats it addresses.

2.Discuss the core principles of security and their significance in maintaining a secure system.

3.Describe the process of encryption and decryption, and differentiate between symmetric and
asymmetric key cryptography.

4.Explain the concept of steganography and its various methods with examples.

5.Discuss the impact of key size on the security and performance of cryptographic algorithms.

6.What are the possible types of attacks in network security, and how can they be mitigated?

7.Explain the role of digital signatures in ensuring data integrity and authenticity.

8.Describe the key distribution problem and how asymmetric key cryptography addresses it.

9.Discuss the advantages and disadvantages of symmetric key cryptography.

10.Explain how brute force attacks work and the strategies to defend against them.

11.What is phishing, and what measures can be taken to prevent it?

12.Describe the man-in-the-middle attack and how encryption can protect against it.

13.What is SQL injection, and what are its potential consequences?

14.Explain the concept of key range and its significance in cryptographic security.

15.Discuss the role of multi-factor authentication in enhancing security.

16.Describe the advantages and disadvantages of asymmetric key cryptography.

17.Explain the concept of digital watermarking and its applications.

18.What are the challenges of key management in symmetric key cryptography, and how can
they be addressed?

19.Describe the role of hashing in ensuring data integrity and security.

20.Discuss the significance of end-to-end encryption in secure communication.

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 33
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Module II: Digital Certificates and Public Key Infrastructure (PKI)

Chapter 1: Digital Certificates

1.1 Introduction to Digital Certificates

 Definition: A digital certificate is an electronic document used to prove the

ownership of a public key. It includes information about the key, the identity of its
owner, and the digital signature of a trusted entity that has verified the owner’s
identity (usually a Certificate Authority, or CA).
 Purpose: Digital certificates enable secure communication over networks by ensuring
that a public key belongs to the claimed entity. They are fundamental to many secure
protocols, such as SSL/TLS, which are used to secure web traffic.
 Historical Background: The concept of digital certificates emerged with the
development of public key cryptography in the 1970s. They have since become a
cornerstone of secure digital communication, particularly with the advent of the
internet.

1.2 Structure of a Digital Certificate

 Components:
o Public Key: The public key of the certificate holder.
o Subject: The entity (person, organization, or device) that owns the certificate.
o Issuer: The CA that issued the certificate.
o Serial Number: A unique identifier for the certificate.
o Validity Period: The start and end dates during which the certificate is valid.
o Signature Algorithm: The algorithm used by the CA to sign the certificate.
o Digital Signature: The CA’s signature on the certificate, which can be
verified using the CA’s public key.
 X.509 Standard: The most widely used standard for digital certificates, defining the
format for public key certificates.

1.3 Types of Digital Certificates

 SSL/TLS Certificates: Secure web traffic by encrypting the data exchanged between
a web server and a browser.
 Code Signing Certificates: Used to sign software, ensuring that the code has not
been tampered with since it was signed.
 Email and Document Signing Certificates: Ensure the authenticity and integrity of
emails and documents by allowing the sender to digitally sign them.
 Client Certificates: Used to authenticate users to a server, often as part of a mutual
TLS setup.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 34
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

1.4 How Digital Certificates Work

 Issuance Process: A certificate is issued by a CA after verifying the identity of the

entity requesting the certificate. This process may involve submitting identification
documents or undergoing domain validation for SSL certificates.
 Validation Process: When a certificate is presented, its authenticity is verified by
checking the CA’s digital signature. The certificate chain is also validated, tracing
back to a trusted root CA.
 Revocation: A certificate can be revoked before its expiration if it is compromised or
no longer needed. Revocation information is disseminated via Certificate Revocation
Lists (CRLs) or the Online Certificate Status Protocol (OCSP).

1.5 Examples of Digital Certificate Usage

 SSL/TLS on Websites: When you visit a website with "https" in the URL, your
browser checks the site's SSL certificate to ensure that the site is legitimate and that
the connection is secure.
 Code Signing: Microsoft requires developers to sign their software with a digital
certificate before it can be distributed via the Windows Store or run on Windows
systems without warnings.
 Email Security with S/MIME: Secure/Multipurpose Internet Mail Extensions
(S/MIME) uses digital certificates to encrypt and digitally sign emails.

Chapter 2: Private Key Management

2.1 Importance of Private Key Security

 Role of the Private Key: The private key is the secret counterpart to the public key in
a public key infrastructure (PKI). It is used to decrypt messages encrypted with the
corresponding public key and to create digital signatures.
 Risks of Compromise: If a private key is compromised, an attacker can impersonate
the key owner, decrypt sensitive information, or sign malicious documents,
potentially leading to severe security breaches.

2.2 Best Practices for Private Key Management

 Secure Storage: Private keys should be stored in a secure environment, such as a

Hardware Security Module (HSM) or a secure software solution with strong
encryption.
 Key Backup: Private keys should be backed up securely to ensure they can be
recovered in case of loss or corruption. Backups should be encrypted and stored in a
secure, offsite location.
 Key Rotation: Regularly updating or rotating private keys minimizes the risk
associated with long-term key exposure. This practice is especially important in
environments where keys are exposed to external networks.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 35
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

2.3 Private Key Lifecycle Management

 Generation: Private keys should be generated using a secure process, ensuring

sufficient randomness to prevent predictability.
 Distribution: Private keys should never be shared or transmitted insecurely. In
scenarios where a key must be distributed, secure channels or out-of-band methods
should be used.
 Revocation and Expiry: Private keys should have a defined lifespan and should be
revoked if they are compromised or no longer needed. Revocation should be
communicated via CRLs or OCSP.

2.4 Examples of Private Key Management

 HSMs in Banking: Financial institutions often use HSMs to store and manage
private keys for transaction processing and secure communications, ensuring that
these keys are protected from unauthorized access.
 Key Management in Cloud Environments: Cloud service providers offer key
management services that allow users to generate, manage, and rotate keys securely,
while ensuring that private keys are never exposed outside the service.

Chapter 3: The PKI-X Model

3.1 Introduction to PKI

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 36
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Definition: Public Key Infrastructure (PKI) is a framework for managing public-key

encryption and digital certificates. It ensures that entities can securely exchange
information through the use of cryptographic keys.
 Components of PKI: Key components include Certificate Authorities (CAs),
Registration Authorities (RAs), digital certificates, public and private keys, and end-
user devices or software.

3.2 The PKI-X Model

 Overview: The PKI-X (Public Key Infrastructure – eXtended) model extends

traditional PKI by incorporating additional features such as policy management,
enhanced trust models, and cross-certification between different PKI domains.
 Trust Hierarchies: In PKI-X, certificates are issued in a hierarchical structure, with
root CAs at the top, followed by subordinate CAs and end-entity certificates. This
hierarchy establishes a chain of trust, ensuring that certificates issued by lower-level
CAs are trusted if the root CA is trusted.
 Cross-Certification: PKI-X allows for cross-certification between different PKI
domains, enabling entities in separate PKIs to trust each other’s certificates.

3.3 PKI Deployment Models

 Hierarchical PKI: A single root CA with multiple subordinate CAs, providing a

clear chain of trust. This is the most common PKI deployment model.
 Mesh PKI: Multiple CAs at the same level trust each other directly without a central
root. This model is less common but may be used in environments where multiple
organizations need to collaborate without a single point of control.
 Bridge PKI: A hybrid approach that connects different PKI domains through a bridge
CA, allowing certificates from one domain to be trusted by another.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 37
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

3.4 Examples of PKI-X Model Applications

 Government PKI: Many governments use PKI-X models to manage digital identities
for citizens and employees, enabling secure access to online services and digital
signing of documents.
 Enterprise PKI: Large organizations often deploy hierarchical PKI models internally
to manage employee access, secure communications, and protect sensitive data.

Chapter 4: Public Key Cryptography Standards (PKCS)

4.1 Introduction to PKCS

 Definition: Public Key Cryptography Standards (PKCS) are a set of standards

designed by RSA Laboratories to facilitate the use of public key cryptography. They
ensure interoperability between cryptographic products from different vendors.
 Purpose: PKCS standards define the formats for public key certificates, private key
management, digital signatures, and encrypted messages, among other things.

4.2 Key PKCS Standards

 PKCS #1: The RSA Cryptography Standard, which defines the mathematical
properties and representations of RSA keys, as well as encryption and signature
algorithms based on RSA.
 PKCS #7: Cryptographic Message Syntax Standard, which defines a general syntax
for data that may have cryptography applied to it, such as digital signatures and
encryption.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 38
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 PKCS #10: Certification Request Syntax Standard, used for requesting digital
certificates from a CA.
 PKCS #12: Personal Information Exchange Syntax Standard, which defines a format
for storing and transporting a user's private keys, certificates, and other sensitive
information.
 PKCS #15: Cryptographic Token Information Format Standard, which defines how
cryptographic tokens (such as smart cards) should store cryptographic information.

4.3 Applications of PKCS

 Secure Email: PKCS #7 is widely used in S/MIME (Secure/Multipurpose Internet

Mail Extensions) to sign and encrypt email messages.
 Digital Signatures: PKCS #1 defines how RSA signatures should be created and
verified, ensuring compatibility across different systems.
 Certificate Requests: PKCS #10 is used by software to generate requests for new
digital certificates, which are then sent to a CA for issuance.

4.4 Examples of PKCS in Use

 Windows Certificate Store: Windows uses PKCS #12 files to import and export
certificates, keys, and intermediate certificates in a secure format.
 SSL/TLS Implementation: PKCS standards are integral to the implementation of
SSL/TLS protocols, which secure web traffic across the internet.

Chapter 5: XML, PKI, and Security

5.1 XML and Its Role in Security

 Definition: Extensible Markup Language (XML) is a flexible text format used for
structuring and transmitting data across the internet. It is widely used in web services,
data interchange, and configuration files.
 Use in Security: XML is used to define security-related data structures and protocols,
such as digital signatures, encryption formats, and authentication assertions.

5.2 XML-based Security Standards

 XML Signature: A standard for digitally signing XML data, ensuring the integrity
and authenticity of the data. It allows specific portions of an XML document to be
signed, providing flexibility in how signatures are applied.
 XML Encryption: A standard for encrypting XML data, ensuring confidentiality.
XML Encryption allows for partial encryption of an XML document, so that only
sensitive portions are protected.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 39
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 SAML (Security Assertion Markup Language): An XML-based framework for

exchanging authentication and authorization data between parties, commonly used for
Single Sign-On (SSO) implementations.

5.3 Secure XML Transactions

 How XML and PKI Work Together: Digital certificates are often used to sign and
encrypt XML data, ensuring that the data is securely transmitted and that its origin
can be authenticated.
 Practical Applications: XML and PKI are used in web services security (WS-
Security), e-commerce transactions, and federated identity management (FIM)
systems.

5.4 Real-world Examples of XML and PKI

 SAML-based SSO: In a SAML-based Single Sign-On system, XML is used to

structure the authentication assertions that are exchanged between an identity provider
(IdP) and a service provider (SP).
 WS-Security: A web service security protocol that uses XML signatures and XML
encryption to secure SOAP messages, ensuring the integrity and confidentiality of
web service communications.

Chapter 6: Hash Functions

6.1 Introduction to Hash Functions

 Definition: A hash function is a cryptographic algorithm that takes an input (or

'message') and returns a fixed-size string of characters, which is typically a
hexadecimal number. The output is unique to each unique input.
 Purpose: Hash functions are used to ensure data integrity by producing a unique hash
value (or 'digest') for each piece of data, making it easy to detect any changes.

6.2 Properties of Hash Functions

 Collision Resistance: It should be computationally infeasible to find two different

inputs that produce the same hash output.
 Pre-image Resistance: Given a hash value, it should be computationally infeasible to
find the original input.
 Second Pre-Image Resistance: Given an input and its hash, it should be infeasible to
find a different input with the same hash.

6.3 Common Hash Functions

 MD5: Once widely used but now considered insecure due to vulnerabilities that allow
collisions.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 40
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 SHA-1: Also deprecated due to collision vulnerabilities, though it was widely used in
SSL certificates.
 SHA-2 Family (SHA-256, SHA-512): The current standard for secure hash
functions, used in various security applications, including SSL/TLS and blockchain.
 SHA-3: The latest standard, designed to be secure against all known types of attacks,
with a different internal structure compared to SHA-2.

6.4 Applications of Hash Functions

 Data Integrity: Hash functions are used to verify that data has not been altered
during transmission or storage. For example, file downloads often include a hash
value so that users can verify the integrity of the downloaded file.
 Digital Signatures: Hash functions are used in conjunction with digital signatures to
ensure that the signed data has not been tampered with.
 Password Storage: Hash functions are used to store passwords securely. Instead of
storing the password itself, the hash of the password is stored, making it difficult for
attackers to recover the original password.

6.5 Examples of Hash Function Usage

 Blockchain: Hash functions are fundamental to the operation of blockchains, where

they are used to secure transactions and link blocks together in the chain.
 Digital Certificates: Hash functions are used in the process of generating and
verifying digital signatures, which are integral to the functioning of digital
certificates.

Chapter 7: Key Pre-distribution

7.1 Importance of Key Pre-distribution

 Definition: Key pre-distribution refers to the process of distributing cryptographic

keys to parties before secure communication can take place. It is essential in scenarios
where secure channels for key exchange are not available.
 Challenges: Ensuring that keys are distributed securely and efficiently, particularly in
large or decentralized networks.

7.2 Techniques for Key Pre-distribution

 Manual Distribution: Keys are physically handed over or transmitted through a

secure channel. This method is simple but not scalable for large networks.
 Blom’s Scheme: A matrix-based method that allows a network of users to securely
share keys with minimal storage requirements. Each user shares a secret key with
every other user in the network, derived from a secret matrix.
 Diffie-Hellman Key Exchange: A method for two parties to generate a shared secret
key over an insecure channel. While not strictly a pre-distribution method, Diffie-
Hellman is often used in conjunction with pre-distributed parameters.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 41
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

7.3 Real-world Applications

 Military Communications: Key pre-distribution is used to ensure secure

communication channels in military environments, where the pre-distributed keys are
critical for secure operations.
 Smart Grids: In smart grid networks, key pre-distribution schemes ensure secure
communication between sensors, control systems, and other networked devices.
 IoT Devices: Pre-distributed keys are used to secure communication between Internet
of Things (IoT) devices in scenarios where it is impractical to set up secure channels
for key exchange.

Chapter 8: Blom’s Scheme

8.1 Introduction to Blom’s Scheme

 Definition: Blom’s Scheme is a key pre-distribution method that allows any two
nodes in a network to securely establish a shared secret key. It is based on the use of a
symmetric matrix and provides scalability while keeping storage requirements low.
 Purpose: The scheme is designed to ensure that even if some keys are compromised,
the remaining keys remain secure.

8.2 How Blom’s Scheme Works

 Matrix Generation: A trusted authority generates a symmetric matrix (G) and a

random secret matrix (D). Each participant is assigned a unique vector from the
matrix.
 Key Generation: Each participant can generate a shared secret key with any other
participant using their vector and the matrix provided by the trusted authority.
 Security Properties: The security of Blom’s Scheme relies on the secrecy of the
matrix D. If an attacker compromises less than a certain threshold number of nodes,
they cannot reconstruct the entire matrix and generate the keys for other participants.

8.3 Applications of Blom’s Scheme

 Sensor Networks: Blom’s Scheme is often used in sensor networks where secure
communication between nodes is required, but the nodes have limited computational
and storage capabilities.
 Ad Hoc Networks: In ad hoc networks, where the network topology is dynamic,
Blom’s Scheme provides a flexible method for securing communications between
nodes without the need for a centralized authority.

Chapter 9: Diffie-Hellman Key Pre-distribution

9.1 Introduction to Diffie-Hellman

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 42
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Definition: Diffie-Hellman is a method of securely exchanging cryptographic keys

over a public channel. It was the first widely used method for key exchange in
cryptography.
 Historical Significance: Developed by Whitfield Diffie and Martin Hellman in 1976,
it laid the foundation for public key cryptography.

9.2 How Diffie-Hellman Works

 Key Exchange Process:

o Public Parameters: Two parties agree on a large prime number (p) and a base
(g), both of which are public.
o Private Keys: Each party generates a private key, which is kept secret.
o Public Keys: Each party computes a public key by raising the base (g) to the
power of their private key modulo the prime (p).
o Shared Secret: The shared secret key is computed by raising the received
public key to the power of the private key modulo the prime (p). The result is
the same for both parties, allowing them to derive the same secret key.

9.3 Applications of Diffie-Hellman

 SSL/TLS: Diffie-Hellman is widely used in SSL/TLS protocols to securely exchange

keys for encrypting communication between a web server and a browser.
 VPNs: Virtual Private Networks (VPNs) often use Diffie-Hellman to establish secure
connections between remote clients and the central network.
 IPSec: The Internet Protocol Security (IPSec) suite uses Diffie-Hellman as part of its
key exchange mechanism to secure IP communications.

9.4 Variants of Diffie-Hellman

 Elliptic Curve Diffie-Hellman (ECDH): A variant of Diffie-Hellman that uses

elliptic curve cryptography to achieve the same security with smaller key sizes,
making it more efficient.
 Ephemeral Diffie-Hellman (DHE): A version of Diffie-Hellman where the key pairs
are generated for each session, providing forward secrecy.

Chapter 10: Kerberos

10.1 Introduction to Kerberos

 Definition: Kerberos is a network authentication protocol designed to provide strong

authentication for client-server applications by using secret-key cryptography.
 History: Developed at MIT as part of Project Athena in the 1980s, Kerberos has
become a widely adopted standard for secure authentication in enterprise networks.

10.2 How Kerberos Works

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 43
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Key Components:
o Key Distribution Center (KDC): The KDC is a trusted third party that
consists of two services: the Authentication Server (AS) and the Ticket
Granting Server (TGS).
o Authentication Server (AS): The AS authenticates users and issues a Ticket
Granting Ticket (TGT), which is used to obtain service tickets from the TGS.
o Ticket Granting Server (TGS): The TGS issues service tickets that allow
users to access specific network services.
o Service Ticket: A ticket that is presented to a network service to authenticate
the user and grant access.
 Authentication Process:
o Initial Authentication: The user logs in and is authenticated by the AS,
which issues a TGT.
o Service Request: The user presents the TGT to the TGS to request a service
ticket.
o Service Access: The service ticket is presented to the target service, which
verifies the ticket and grants access.

10.3 Security Features of Kerberos

 Mutual Authentication: Kerberos ensures that both the client and the server verify
each other’s identities before establishing a connection.
 Session Keys: Kerberos uses session keys to encrypt communication between the
client and the server, ensuring confidentiality and integrity.
 Replay Protection: The use of timestamps and nonces in Kerberos tickets helps
prevent replay attacks.

10.4 Applications of Kerberos

 Enterprise Networks: Kerberos is commonly used in Windows Active Directory

environments to authenticate users and services.
 Unix/Linux Systems: Many Unix and Linux systems use Kerberos for secure
authentication, especially in environments where they integrate with Windows
domains.
 Single Sign-On (SSO): Kerberos is often used to implement SSO, allowing users to
authenticate once and access multiple services without re-entering credentials.

10.5 Challenges and Limitations of Kerberos

 Time Synchronization: Kerberos relies on synchronized clocks between the client,

KDC, and server, which can be a challenge in distributed environments.
 Single Point of Failure: The KDC is a critical component in Kerberos. If the KDC is
compromised or becomes unavailable, the entire authentication process is affected.
 Complex Configuration: Setting up and managing a Kerberos environment can be
complex, requiring careful configuration and maintenance.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 44
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

10.6 Examples of Kerberos in Use

 Windows Active Directory: Kerberos is the default authentication protocol in

Windows domains, providing secure access to network resources.
 Cross-Platform Authentication: Kerberos allows Unix/Linux systems to
authenticate against a Windows Active Directory domain, providing seamless
integration in mixed environments.

Multiple Choice Question

What component is included in a digital certificate?

 A) Private Key
 B) Public Key
 C) Serial Number
 D) CRL

Which entity issues digital certificates in a PKI system?

 A) RA
 B) CA
 C) KDC
 D) HSM

What does PKCS stand for?

 A) Public Key Common Standards

 B) Public Key Cryptography Standards
 C) Private Key Cryptography Standards
 D) Public Key Certification System

Which PKCS standard is used for RSA Cryptography?

 A) PKCS#7
 B) PKCS#1
 C) PKCS#12
 D) PKCS#5

Which property of hash functions ensures that the same input always produces the same
output?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 45
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) Fast Computation
 B) Deterministic
 C) Pre-image Resistance
 D) Collision Resistance

What is a primary use of XML Signature?

 A) Providing integrity and authentication

 B) Encrypting XML documents
 C) Storing private keys
 D) Distributing public keys

What is the main advantage of using Diffie-Hellman Key Exchange?

 A) Securely sharing a secret key over an insecure channel

 B) Encrypting large data sets
 C) Storing keys securely
 D) Authenticating digital certificates

What does the CRL in a PKI system stand for?

 A) Certificate Registration List

 B) Certificate Revocation List
 C) Certificate Renewal List
 D) Certificate Reassignment List

In Kerberos, what is the role of the Ticket Granting Server (TGS)?

 A) Issuing service tickets based on TGTs

 B) Authenticating users
 C) Storing private keys
 D) Generating public parameters

Which of the following is a property of SHA-256?

 A) 128-bit hash value

 B) 256-bit hash value
 C) 160-bit hash value
 D) 512-bit hash value

How does the Registration Authority (RA) function in PKI?

 A) Authenticates entities requesting certificates

 B) Issues digital certificates
 C) Stores private keys
 D) Generates public parameters

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 46
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Which standard format is used for digital certificates in PKI?

 A) PKCS#7
 B) PKCS#12
 C) X.509
 D) SHA-256

What is the purpose of key pre-distribution?

 A) Increasing encryption speed

 B) Reducing the need for real-time key exchange
 C) Enhancing data integrity
 D) Authenticating users

State the importance of private key management.

 A) Maintains security and integrity of encrypted communication

 B) Speeds up encryption process
 C) Reduces the size of encrypted data
 D) Enhances user authentication

Which of the following is a common application of XML Encryption?

 A) Hashing passwords
 B) Protecting sensitive parts of XML documents
 C) Storing digital certificates
 D) Authenticating users

Find the correct description of Blom’s Scheme.

 A) A key pre-distribution scheme ensuring any two nodes can establish a shared key
 B) A method for encrypting large data sets
 C) A protocol for user authentication
 D) A standard for digital signatures

Which process in Kerberos involves the user receiving a Ticket Granting Ticket (TGT)?

 A) Initial Authentication
 B) Service Request
 C) Ticket Validation
 D) Key Distribution

What is the result of a hash function known as?

 A) Key
 B) Hash Value

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 47
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) Signature
 D) Ciphertext

Choose the standard that is commonly used for securing email messages.

 A) PKCS#7
 B) PKCS#1
 C) PKCS#12
 D) X.509

Give examples of commonly used hash functions.

 A) RSA, Diffie-Hellman
 B) MD5, SHA-1, SHA-256
 C) AES, DES
 D) Kerberos, Blom's Scheme

Short Type Question:

1.What component is included in a digital certificate?

2.Which entity issues digital certificates in a PKI system?

3.What does PKCS stand for?

4.Which PKCS standard is used for RSA Cryptography?

5.Which property of hash functions ensures that the same input always produces the same
output?

6.What is a primary use of XML Signature?

7.What is the main advantage of using Diffie-Hellman Key Exchange?

8.What does CRL stand for in a PKI system?

9.What is the role of the Ticket Granting Server (TGS) in Kerberos?

10.What is the hash value length for SHA-256?

11.How does the Registration Authority (RA) function in PKI?

12.Which standard format is used for digital certificates in PKI?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 48
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

13.What is the purpose of key pre-distribution?

14.State the importance of private key management.

15.Give a common application of XML Encryption.

16.Describe Blom’s Scheme in brief.

17.In Kerberos, which process involves the user receiving a Ticket Granting Ticket (TGT)?

18.What is the result of a hash function known as?

19.Which PKCS standard is commonly used for securing email messages?

20.Give examples of commonly used hash functions.

Long Type Questions:

1.Explain the components of a digital certificate and their significance.

2.Describe the role of a Certificate Authority (CA) in the Public Key Infrastructure (PKI).

3.Discuss the various Public Key Cryptography Standards (PKCS) and their applications.

4.Elaborate on the RSA Cryptography Standard (PKCS#1) and its importance.

5.Describe the key properties of hash functions and their importance in cryptography.

6.Explain how XML Signature is used to provide integrity and authentication in digital
communications.

7.Discuss the Diffie-Hellman Key Exchange method and its significance in secure
communications.

8.Explain the concept of a Certificate Revocation List (CRL) and its role in PKI.

9.Describe the function and importance of the Ticket Granting Server (TGS) in the Kerberos
authentication protocol.

10.Compare and contrast different hash functions, including MD5, SHA-1, and SHA-256.

11.Explain the process and importance of authentication performed by the Registration

Authority (RA) in PKI.

12.Discuss the X.509 standard for digital certificates and its applications.

13.Describe the key pre-distribution methods and their benefits in cryptographic systems.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 49
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

14.Discuss the various methods of private key management and their importance in
maintaining security.

15.Explain the role and applications of XML Encryption in securing digital communications.

16.Describe Blom’s Scheme and its application in secure communication systems.

17.Explain the initial authentication process in Kerberos and the importance of the Ticket
Granting Ticket (TGT).

18.Discuss the importance of hash functions in cryptography and provide examples of their
applications.

19.Explain the use of PKCS#7 in securing email messages and other communications.

20.Compare Blom’s Scheme and Diffie-Hellman Key Pre-distribution in terms of their

mechanisms and applications.

Module III: Network Security, Firewalls and Virtual Private Networks

Chapter 1: Brief Introduction to TCP/IP

1.1 Overview of TCP/IP

 Definition: The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the

foundational protocol for communication on the internet and most private networks.
 History and Development: TCP/IP was developed in the 1970s by the Defense
Advanced Research Projects Agency (DARPA) for ARPANET, the precursor to the
modern internet. TCP/IP became the standard networking protocol with the rise of the
internet in the 1990s.
 Key Layers in the TCP/IP Model:
o Application Layer: Deals with high-level protocols like HTTP, FTP, SMTP,
and DNS, which facilitate user applications like web browsing and email.
o Transport Layer: Responsible for data flow between two systems. Key
protocols include TCP (provides reliable, ordered delivery) and UDP
(provides fast but unreliable transmission).
o Internet Layer: Manages packet routing and addressing through IP (Internet
Protocol). It handles logical addressing and is responsible for directing data to
its destination across interconnected networks.
o Link Layer (Network Interface): Deals with hardware-level addressing and
local network communication, typically through Ethernet, Wi-Fi, or other
physical mediums.

1.2 Importance of TCP/IP in Network Security

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 50
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Vulnerabilities: Due to its ubiquity, TCP/IP is a common target for attacks, such as
IP spoofing, packet sniffing, and session hijacking. Protocols like ARP (Address
Resolution Protocol) and DNS (Domain Name System) are also vulnerable to specific
attacks like ARP spoofing and DNS cache poisoning.
 Security Enhancements: Modern implementations of TCP/IP include built-in
security mechanisms like SSL/TLS for encrypted communication, IPSec for IP-level
security, and secure routing protocols.

1.3 Examples of TCP/IP in Real-world Applications

 Web Browsing (HTTP/HTTPS): The Hypertext Transfer Protocol (HTTP) runs over
TCP, while HTTPS (secure HTTP) uses SSL/TLS to encrypt traffic between a client
and server.
 Email Transmission (SMTP, IMAP, POP3): Email protocols like SMTP (sending)
and IMAP/POP3 (retrieving) operate over TCP, requiring additional security
mechanisms like TLS to ensure confidentiality.

Chapter 2: Firewalls

2.1 Introduction to Firewalls

 Definition: A firewall is a network security device or software that monitors and

controls incoming and outgoing network traffic based on predetermined security
rules.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 51
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Purpose: Firewalls create a barrier between a trusted internal network and untrusted
external networks (like the internet) to protect sensitive data and systems.

2.2 Types of Firewalls

 Packet Filtering Firewalls: Operate at the network layer (Layer 3) and transport
layer (Layer 4) by inspecting the headers of incoming/outgoing packets. Packet
filtering firewalls allow or block traffic based on source/destination IP addresses,
ports, and protocols. Example: Cisco Access Control Lists (ACLs).
 Stateful Inspection Firewalls: Track the state of active connections and make
decisions based on the context of the traffic. Stateful firewalls understand whether a
packet is part of an existing connection or a new one. Example: iptables in Linux.
 Proxy Firewalls (Application Firewalls): Act as intermediaries between clients and
servers, performing deep inspection of the entire data payload and filtering based on
application-layer data (Layer 7). Example: Squid proxy server.
 Next-Generation Firewalls (NGFW): Combine traditional firewall functionality
with advanced features like deep packet inspection (DPI), intrusion detection and
prevention (IDS/IPS), and application-layer control. Example: Palo Alto Networks
NGFW.

2.3 Firewall Architectures

 Bastion Host: A hardened server exposed to potential attacks, typically hosting

services like web servers or email gateways in the DMZ (Demilitarized Zone).
 Dual-Homed Firewall: A firewall with two or more network interfaces, separating
internal and external networks to provide an extra layer of defense.
 DMZ (Demilitarized Zone): A buffer zone that separates an internal network from
external networks. Services like web servers or email servers are placed in the DMZ
to reduce direct exposure of the internal network.

2.4 Best Practices for Configuring Firewalls

 Rule Sets: Define access control lists (ACLs) that specify which traffic is allowed or
blocked based on IP addresses, ports, and protocols.
 Least Privilege: Only allow the minimum necessary traffic to pass through the
firewall.
 Logging and Monitoring: Enable logging of firewall traffic and alerts for suspicious
activities to detect potential intrusions.
 Regular Updates: Firewalls should be updated regularly to patch vulnerabilities and
ensure compatibility with new network technologies.

2.5 Real-world Examples of Firewalls

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 52
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Enterprise Use: Organizations like banks use firewalls to protect sensitive customer
data, such as personal and financial information.
 Home Networks: Personal firewalls are used on devices like laptops to block
unauthorized access to private files or prevent malware from communicating with
command-and-control servers.

Chapter 3: IP Security (IPSec)

3.1 Introduction to IPSec

 Definition: Internet Protocol Security (IPSec) is a suite of protocols designed to

provide secure communication over IP networks. IPSec ensures the confidentiality,
integrity, and authentication of data at the IP layer.
 Importance: IPSec secures the transfer of data between devices by encrypting and
authenticating each IP packet, making it a cornerstone of virtual private networks
(VPNs) and secure internet communication.

3.2 Components of IPSec

 Authentication Header (AH): Provides authentication and integrity to data by

ensuring that the packet headers and payload have not been altered. However, AH
does not provide encryption, meaning that data remains visible to eavesdroppers.
 Encapsulating Security Payload (ESP): Provides encryption, data integrity, and
authentication for the payload of an IP packet. ESP can encrypt both the payload and
portions of the IP header.
 Security Associations (SAs): Define the parameters for encryption, authentication,
and key management between communicating parties. SAs are established by
protocols like IKE (Internet Key Exchange).

3.3 IPSec Modes

 Transport Mode: Encrypts only the payload of the IP packet, leaving the original
headers intact. This mode is used for end-to-end encryption between devices.
 Tunnel Mode: Encrypts both the payload and the header of the IP packet,
encapsulating the entire original packet inside a new IP header. This mode is
commonly used in site-to-site VPNs, where the endpoints are routers or gateways.

3.4 Example Use Cases for IPSec

 Site-to-Site VPNs: IPSec in tunnel mode is used to securely connect two offices over
the internet, ensuring that data is encrypted as it travels between the networks.
 Remote Access VPNs: IPSec in transport mode is used to secure communication
between a remote user and their corporate network, ensuring that sensitive data
remains encrypted while in transit.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 53
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Chapter 4: Virtual Private Networks (VPN)

4.1 What is a VPN?

 Definition: A Virtual Private Network (VPN) is a secure connection that extends a

private network across a public network, such as the internet. VPNs allow users to
send and receive data across shared or public networks as if their devices were
directly connected to the private network.
 Purpose: VPNs provide confidentiality, integrity, and security by encrypting the data
transmitted between the user and the private network, often masking the user's IP
address to enhance privacy.

4.2 Types of VPNs

 Remote Access VPNs: Enable individual users to connect securely to a private

network from a remote location, such as a home or coffee shop. The connection is
typically encrypted using IPSec or SSL/TLS.
 Site-to-Site VPNs: Connect entire networks over a public network, such as
connecting a branch office to the main corporate network. IPSec is commonly used in
this scenario to encrypt traffic between the two locations.
 Client-to-Server VPNs: Allow a client (such as a laptop) to establish a secure tunnel
to a specific server within a private network.

4.3 VPN Protocols

 PPTP (Point-to-Point Tunneling Protocol): An older VPN protocol that is no

longer considered secure due to vulnerabilities in its encryption scheme.
 L2TP (Layer 2 Tunneling Protocol): Often used in conjunction with IPSec to
provide encryption for VPNs. L2TP creates a tunnel, and IPSec provides encryption
for data traveling through the tunnel.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 54
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 OpenVPN: A widely used, open-source VPN protocol known for its flexibility and
security. It uses SSL/TLS for encryption and can traverse firewalls and NAT.
 IKEv2/IPSec: A modern VPN protocol that offers strong encryption, fast connection
times, and robustness in handling network changes (e.g., switching between Wi-Fi
and cellular data).

4.4 VPN Security Considerations

 Encryption: VPNs rely on strong encryption algorithms like AES (Advanced

Encryption Standard) to ensure the confidentiality of data.
 Authentication: VPN connections should use secure authentication mechanisms such
as two-factor authentication (2FA) or digital certificates to prevent unauthorized
access.
 Logging: Choose VPN providers or implement VPNs that have clear policies about
not logging user activity to ensure privacy.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 55
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

4.5 Real-world Applications of VPNs

 Corporate VPNs: Companies use VPNs to allow employees to securely access

internal resources, such as databases and email servers, from remote locations.
 Bypassing Geographical Restrictions: VPNs are used by individuals to access
content that may be restricted based on geographic location, such as streaming
services or websites.
 Securing Public Wi-Fi Connections: Individuals use VPNs to encrypt their internet
traffic when connected to insecure public Wi-Fi networks, preventing attackers from
intercepting their data.

Chapter 5: Intrusion Detection and Prevention

5.1 What is Intrusion?

 Definition: An intrusion refers to unauthorized access to or compromise of a

computer system, network, or data. Intrusions can involve attacks such as malware
infections, data theft, or disruption of services.

5.2 Types of Intrusions

 External Intrusions: Attacks originating from outside the network, such as hacking
attempts, brute-force attacks, or denial-of-service (DoS) attacks.
 Internal Intrusions: Attacks carried out by insiders (employees or contractors) who
misuse their access privileges to steal, manipulate, or destroy data.

5.3 Intrusion Detection Systems (IDS)

 Network-based IDS (NIDS): Monitors network traffic for suspicious activity by

analyzing packet contents and detecting patterns that match known attack signatures
or anomalies.
 Host-based IDS (HIDS): Monitors system activity, including log files, file changes,
and user activity, to detect signs of a compromised host.
 Signature-based Detection: Identifies intrusions by comparing network traffic or
system logs against a database of known attack signatures.
 Anomaly-based Detection: Detects abnormal behavior by comparing current
network activity to a baseline of normal traffic patterns.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 56
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

5.4 Intrusion Prevention Systems (IPS)

 Definition: An Intrusion Prevention System (IPS) not only detects intrusions like an
IDS but also actively blocks or mitigates identified threats in real time.
 How IPS Works: IPS monitors network traffic, scans for malicious activities, and
takes proactive measures such as dropping malicious packets or blocking specific IP
addresses.

Chapter 6: Internet Security Protocols

6.1 Basic Concepts of Internet Security Protocols

 Definition: Internet security protocols are sets of rules that govern how data is
securely transmitted over the internet, ensuring data confidentiality, integrity, and
authentication.
 Role of Encryption: Encryption is central to many internet security protocols, as it
ensures that data is unreadable to unauthorized parties during transmission.

Chapter 7: Secure Socket Layer (SSL)

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 57
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

7.1 What is SSL?

 Definition: Secure Socket Layer (SSL) is a cryptographic protocol designed to secure

communications over a network by encrypting data transmitted between a client and
server. SSL has been deprecated and replaced by Transport Layer Security (TLS).
 History and Evolution: SSL was developed by Netscape in the mid-1990s. Due to
vulnerabilities in SSL, it was succeeded by TLS, which is considered more secure.

7.2 How SSL Works

 SSL Handshake: The client and server exchange cryptographic keys to establish a
secure session. The handshake involves authenticating the server's digital certificate,
agreeing on encryption algorithms, and generating session keys.
 Encryption and Decryption: Once the handshake is complete, SSL encrypts the data
exchanged between the client and server. The encrypted data can only be decrypted
by the recipient, ensuring confidentiality.

7.3 SSL Use Cases

 Secure Websites: Websites that use "https://" in the URL rely on SSL/TLS to encrypt
traffic, ensuring secure communication between users and web servers.
 E-commerce: SSL is critical for securing online payment transactions, protecting
sensitive information like credit card numbers and personal data.

Chapter 8:

8.1 What is TLS?

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 58
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Definition: Transport Layer Security (TLS) is the successor to SSL and is a more
secure protocol for encrypting communications over a network. It ensures data
confidentiality, integrity, and authenticity.
 TLS Versions: The most widely used versions are TLS 1.2 and TLS 1.3. TLS 1.3
introduces significant security improvements, including faster handshakes and the
elimination of weaker cryptographic algorithms.

8.2 How TLS Works

 TLS Handshake Process: Similar to SSL, TLS uses a handshake to negotiate

encryption algorithms, authenticate the server, and establish shared session keys.
However, TLS supports stronger encryption and improved session management
compared to SSL.
 Cipher Suites: TLS supports a variety of cipher suites, which are combinations of
cryptographic algorithms that govern how data is encrypted, authenticated, and
hashed. Examples include AES (encryption) and SHA-256 (hashing).

8.3 TLS Applications

 Web Security: TLS is used to secure most of the web today, including securing
HTTPS connections, online banking, and email transmission.
 VPNs: TLS is often used in VPN protocols, such as OpenVPN, to secure the
communication channel between the client and the VPN server.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 59
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Chapter 9: Email Security: Pretty Good Privacy (PGP)

9.1 What is PGP?

 Definition: Pretty Good Privacy (PGP) is an encryption program that provides

cryptographic privacy and authentication for data communication, particularly for
securing email communications.
 History: Developed by Phil Zimmermann in 1991, PGP became one of the most
widely used tools for securing email communications.

9.2 How PGP Works

 Public Key Encryption: PGP uses a combination of symmetric and asymmetric

encryption. The sender encrypts the email using the recipient’s public key, and the
recipient decrypts it using their private key.
 Digital Signatures: PGP allows users to digitally sign emails, ensuring that the
message has not been altered and that it comes from the legitimate sender.

9.3 PGP Applications

 Email Encryption: PGP is widely used for encrypting email messages to ensure
privacy and protect sensitive information from being intercepted.
 File Encryption: In addition to emails, PGP can be used to encrypt files, ensuring the
confidentiality and integrity of data.

9.4 Real-world Use Cases of PGP

 Corporate Communication: Many businesses use PGP to secure internal

communications, ensuring that sensitive information like business strategies,
contracts, and financial data remain confidential.
 Whistleblowing and Activism: PGP is used by whistleblowers, journalists, and
activists to communicate securely and protect themselves from government
surveillance or adversarial actors

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 60
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Multiple Choice Question

What does TCP in TCP/IP stand for?

 A) Transmission Control Protocol

 B) Transfer Communication Protocol
 C) Transport Control Protocol
 D) Transfer Control Protocol

Which layer of the TCP/IP model is responsible for routing packets?

 A) Application Layer
 B) Transport Layer
 C) Internet Layer
 D) Network Interface Layer

What type of firewall inspects packets and blocks them based on source and destination
addresses?

 A) Proxy Firewall
 B) Packet-Filtering Firewall
 C) Stateful Inspection Firewall
 D) Next-Generation Firewall

Which IPsec component provides data integrity and authentication without encryption?

 A) Authentication Header (AH)

 B) Encapsulating Security Payload (ESP)
 C) Transport Layer Security (TLS)
 D) Secure Socket Layer (SSL)

In VPNs, what does IPsec primarily provide?

 A) Only encryption
 B) Confidentiality, integrity, and authentication
 C) Only authentication
 D) Only integrity

What is a primary function of an Intrusion Detection System (IDS)?

 A) Preventing intrusions
 B) Monitoring and alerting on suspicious activities
 C) Encrypting network traffic
 D) Managing network bandwidth

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 61
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Which protocol is considered the more secure successor to SSL?

 A) TLS (Transport Layer Security)

 B) IPsec
 C) PPTP (Point-to-Point Tunneling Protocol)
 D) L2TP (Layer 2 Tunneling Protocol)

What does PGP use to ensure the confidentiality of email communication?

 A) Hashing
 B) Public Key Encryption
 C) Symmetric Key Encryption
 D) Digital Signatures

Which type of firewall can understand and filter traffic based on applications?

 A) Packet-Filtering Firewall
 B) Next-Generation Firewall (NGFW)
 C) Stateful Inspection Firewall
 D) Proxy Firewall

In IPsec, what does Tunnel Mode encrypt?

 A) Only the payload

 B) The IP header
 C) The entire IP packet
 D) Only the source address

Which VPN protocol is known for being one of the oldest and less secure?

 A) IPsec
 B) PPTP (Point-to-Point Tunneling Protocol)
 C) SSL/TLS
 D) L2TP (Layer 2 Tunneling Protocol)

What function does the Transport Layer perform in the TCP/IP model?

 A) Routing packets
 B) End-to-end communication services
 C) Data encryption
 D) Physical transmission of data

What does the Network Interface Layer in TCP/IP handle?

 A) Address resolution
 B) Physical transmission of data

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 62
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) Packet routing
 D) Data encryption

Which component of IPsec provides confidentiality by encrypting data?

 A) Authentication Header (AH)

 B) Encapsulating Security Payload (ESP)
 C) Transport Layer Security (TLS)
 D) Secure Socket Layer (SSL)

What is the primary purpose of a firewall?

 A) Encrypting data
 B) Controlling network traffic based on security rules
 C) Analyzing network performance
 D) Providing VPN access

Which protocol provides secure web communication by using public key encryption?

 A) FTP
 B) SMTP
 C) HTTPS (HyperText Transfer Protocol Secure)
 D) DNS

What is the main advantage of stateful inspection firewalls over packet-filtering firewalls?

 A) Faster performance
 B) Context-aware decision making
 C) Simpler configuration
 D) Greater application support

In a VPN, what does the L2TP protocol often pair with for enhanced security?

 A) PPTP
 B) IPsec
 C) SSL/TLS
 D) HTTP

Which of the following is NOT a function of the Internet Layer in TCP/IP?

 A) Addressing
 B) Data encapsulation
 C) Packet routing
 D) Error detection

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 63
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

How does an IDS differ from an IPS?

 A) IDS monitors and alerts, IPS prevents intrusions

 B) IDS prevents intrusions, IPS monitors and alerts
 C) IDS encrypts data, IPS decrypts data
 D) IDS operates at the application layer, IPS at the network layer

Short Type Question:

1.What component is included in a digital certificate?

2.Which entity issues digital certificates in a PKI system?

3.What does PKCS stand for?

4.Which PKCS standard is used for RSA Cryptography?

5.Which property of hash functions ensures that the same input always produces the same
output?

6.What is a primary use of XML Signature?

7.What is the main advantage of using Diffie-Hellman Key Exchange?

8.What does CRL stand for in a PKI system?

9.What is the role of the Ticket Granting Server (TGS) in Kerberos?

10.What is the hash value length for SHA-256?

11.How does the Registration Authority (RA) function in PKI?

12.Which standard format is used for digital certificates in PKI?

13.What is the purpose of key pre-distribution?

14.State the importance of private key management.

15.Give a common application of XML Encryption.

16.Describe Blom’s Scheme in brief.

17.In Kerberos, which process involves the user receiving a Ticket Granting Ticket (TGT)?

18.What is the result of a hash function known as?

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 64
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

19.Which PKCS standard is commonly used for securing email messages?

20.Give examples of commonly used hash functions.

21.What is TCP/IP?

22.Name the four layers of the TCP/IP model.

23.What does the Application Layer in TCP/IP do?

24.Explain the main function of the Transport Layer in TCP/IP.

25.What is the role of the Internet Layer in TCP/IP?

26.Describe the function of a firewall.

27.What are Packet-Filtering Firewalls?

28.Define IPsec and its main purpose.

29.What is a VPN and its primary function?

30.What is the main difference between Remote Access VPN and Site-to-Site VPN?

31.What does an IDS do?

32.What is the purpose of SSL?

33.How does TLS improve upon SSL?

34.What are the main components of PGP?

35.What does the Authentication Header (AH) in IPsec provide?

36.What is the role of the Encapsulating Security Payload (ESP) in IPsec?

37.Explain the difference between Transport Mode and Tunnel Mode in IPsec.

38.What is the function of ARP in the Internet Layer?

39.Describe the main function of stateful inspection firewalls.

40.What does flow control in TCP/IP ensure?

Long Type Questions:

1.Describe the structure and purpose of the TCP/IP model.

2.Explain the roles and functions of the different types of firewalls.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 65
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

3.Discuss the key components and functions of IPsec.

4.What are Virtual Private Networks (VPNs) and how do they enhance security?

5.Differentiate between Network Intrusion and Host Intrusion, and describe the roles of IDS
and IPS.

6.What are the differences between SSL and TLS, and how do they secure data transmission?

7.Describe the importance and components of Pretty Good Privacy (PGP) in email security.

8.Explain the function of the Internet Layer in the TCP/IP model and its key protocols.

9.What are the functions of Data Encapsulation and Packet Routing in TCP/IP?

10.How do firewalls contribute to network security and what are their main functions?

11.Describe the difference between Stateful Inspection Firewalls and Proxy Firewalls.

12.What are the key features and improvements of Transport Layer Security (TLS) over Secure
Socket Layer (SSL)?

13.Explain the roles of Authentication Header (AH) and Encapsulating Security Payload (ESP)
in IPsec.

14.How does a Virtual Private Network (VPN) ensure secure remote access?

15.Discuss the importance of Intrusion Detection Systems (IDS) and Intrusion Prevention
Systems (IPS) in network security.

16.Describe the concept of data confidentiality, integrity, and authentication in internet security
protocols.

17.What are the main functions of Secure Socket Layer (SSL) in protecting internet
communications?

18.Explain the role of cryptographic hashes and digital signatures in Pretty Good Privacy
(PGP).

19.What is the significance of Address Resolution Protocol (ARP) in the Internet Layer of
TCP/IP?

20.How do firewalls enhance threat mitigation and data protection in network security?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 66
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Module IV: User Authentication and Kerberos

Chapter 1: Authentication Basics

1.1 What is Authentication?

 Definition: Authentication is the process of verifying the identity of a user, device, or

system before granting access to resources. In simple terms, it’s about confirming
whether someone or something is who they claim to be.
 Key Elements: Authentication typically involves verifying some form of credentials,
such as a password, token, or biometric data.

1.2 Examples:

 Daily Example: When you log into your email account, you type your username and
password. The system checks (authenticates) whether these details match what it has
on file before allowing you to access your emails.

1.3 Why is Authentication Important?

 Security: Authentication prevents unauthorized users from accessing sensitive

information. This is crucial for protecting data, both for personal use and for
businesses.

Chapter 2: Passwords

2.1 What are Passwords?

 Definition: A password is a secret string of characters that users create to prove their
identity. It’s one of the most basic forms of authentication.

2.2 Issues with Passwords:

 Weak Passwords: Many users choose easy-to-guess passwords like "12345" or

"password," making them vulnerable to attacks.
 Password Reuse: Users often reuse passwords across multiple accounts, increasing
the risk if one password is compromised.

2.3 Best Practices:

 Strong Passwords: A strong password includes a combination of letters, numbers,

and special characters, and it should be unique for every account.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 67
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Password Manager: Many people use password managers to generate and store
complex passwords securely.

2.4 Examples:

 Daily Example: Using a complex password for your online banking app like
"Pa$$w0rd2024!" instead of something simple like your birthdate protects your
account from being hacked.

Chapter 3: Authentication Tokens

3.1 What are Authentication Tokens?

 Definition: Tokens are physical or digital devices used to confirm a user’s identity in
addition to or instead of a password. These can be hardware (e.g., a USB key) or
software-based (e.g., an app-generated code).

3.2 Types of Tokens:

 One-Time Password (OTP) Tokens: These generate a unique code that is valid for a
single session or transaction.
 Smart Cards: Physical cards with embedded chips that store credentials and require
insertion into a reader.
 Software Tokens: Apps on mobile devices that generate time-based or event-based
codes (e.g., Google Authenticator).

3.3 Two-Factor Authentication (2FA):

 Definition: Combining something you know (like a password) with something you
have (like a token) for stronger security. This is commonly referred to as 2FA.

3.4 Examples:

 Daily Example: When you log into your email account from a new device, the
service may ask for a code sent to your phone. That code is your token, adding an
extra layer of security.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 68
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Chapter 4: Certificate-Based Authentication

4.1 What is Certificate-Based Authentication?

 Definition: Instead of using passwords, certificate-based authentication uses a digital

certificate to confirm the user’s identity. The digital certificate includes the user’s
public key and is issued by a trusted Certificate Authority (CA).

4.2 How it Works:

 When a user logs in, their certificate is verified by checking the digital signature of
the CA that issued it. If the certificate is valid and trusted, the user is granted access.

4.3 Benefits:

 Security: Certificates are much harder to forge than passwords. They offer strong
authentication for systems that require higher security.
 Convenience: Once configured, certificates can offer seamless authentication without
needing to remember or input passwords.

4.4 Examples:

 Daily Example: When accessing a secure corporate VPN, your system may use a
certificate issued by your company to verify that you are an authorized employee.

Chapter 5: Biometric Authentication

5.1 What is Biometric Authentication?

 Definition: Biometric authentication verifies identity using physical characteristics,

such as fingerprints, facial recognition, or voice patterns.

5.2 Types of Biometrics:

 Fingerprint Scanning: Common on smartphones, where users unlock the device

using their fingerprint.
 Facial Recognition: Cameras scan and analyze facial features to authenticate the
user.
 Iris Scanning: Scanning the unique pattern in the user’s eyes for secure access.

5.3 Benefits:

 Security: Biometrics are difficult to replicate, making them more secure than
traditional passwords.
 Convenience: Users don’t need to remember anything—authentication is quick and
easy.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 69
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

5.4 Challenges:

 False Positives/Negatives: There is a small chance that the system either incorrectly
grants or denies access.
 Privacy Concerns: Storing and managing sensitive biometric data poses privacy risks
if the data is compromised.

5.5 Examples:

 Daily Example: Unlocking your phone using your fingerprint is an example of

biometric authentication. It's quick, secure, and much more convenient than typing in
a passcode every time.

Chapter 6: Kerberos

6.1 What is Kerberos?

 Definition: Kerberos is a network authentication protocol that uses secret-key

cryptography to provide secure authentication for users and services in a computer
network. It was developed by MIT and is widely used in large corporate networks.

6.2 How Kerberos Works:

1. User Authentication: The user logs in, and their credentials are validated by the Key
Distribution Center (KDC).
2. Ticket Granting Ticket (TGT): If the user is authenticated, they receive a TGT,
which is used to request access to other services without needing to log in again.
3. Service Ticket: When the user tries to access a service, the TGT is used to request a
service ticket from the KDC. The service ticket allows the user to access the service
securely.

6.3 Security Features:

 Mutual Authentication: Both the user and the service confirm each other’s identity,
preventing man-in-the-middle attacks.
 No Password Transmission: The user’s password is never sent across the network,
enhancing security.

6.4 Examples:

 Corporate Example: Large companies, such as those using Microsoft Active

Directory, often use Kerberos for secure single sign-on (SSO). Once an employee logs
in to their computer, they can access various services (email, file servers) without
entering their password again.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 70
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Chapter 7: Key Distribution Center (KDC)

7.1 What is the KDC?

 Definition: The KDC is a trusted server in the Kerberos protocol that is responsible
for handling the authentication process. It issues two types of tickets: the Ticket
Granting Ticket (TGT) and service tickets.

7.2 How it Works:

 Authentication Server (AS): The KDC first acts as the Authentication Server,
verifying the user’s credentials.
 Ticket Granting Server (TGS): The KDC then acts as the TGS, issuing service
tickets that grant users access to different services.

7.3 Security Considerations:

 The KDC is a single point of failure—if it is compromised or unavailable, no one can

authenticate to the network. Proper security and backup procedures are critical for
maintaining KDC integrity.

7.4 Examples:

 Corporate Example: In a university system, the KDC could manage authentication

for students accessing various services like email, library systems, and campus Wi-Fi.

Chapter 8: Security Handshake Pitfalls

8.1 What are Security Handshakes?

 Definition: A security handshake is the process where two systems (e.g., a user’s
computer and a server) exchange information to authenticate each other and establish
a secure connection.

8.2 Common Pitfalls:

 Weak Key Exchange: Using outdated or weak cryptographic algorithms can allow
attackers to intercept or decrypt data.
 Lack of Mutual Authentication: If both parties don’t verify each other, attackers can
impersonate one of the systems (man-in-the-middle attacks).
 Replay Attacks: An attacker could capture data from a previous session and reuse it
to impersonate a legitimate user.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 71
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

8.3 Example:

 Daily Example: Imagine you call your bank, and they ask for your name, but you
never verify that you’re really speaking to your bank. This lack of mutual verification
could be exploited by a scammer pretending to be your bank.

Chapter 9: Single Sign-On (SSO) Approaches

9.1 What is SSO?

 Definition: Single Sign-On (SSO) is an authentication process that allows users to

access multiple systems or applications with one set of login credentials. It simplifies
the login process and improves user experience.

9.2 Types of SSO:

 Kerberos-based SSO: After the initial authentication, users can access multiple
services without having to log in again. Kerberos handles issuing the necessary tickets
for each service.
 SAML (Security Assertion Markup Language): A common method used for SSO
in web applications, where a user logs in once and accesses multiple applications
within the same organization (e.g., Google Apps).
 OAuth/OpenID Connect: Common for logging into third-party applications using
credentials from major platforms like Google or Facebook.

9.3 Benefits of SSO:

 Convenience: Users only need to remember one set of credentials.

 Efficiency: Reduces the number of login prompts, saving time.
 Security: Reduces the risk of password fatigue, where users reuse passwords across
systems.

9.4 Examples:

 Daily Example: If you sign into Gmail, and from there you can access Google Drive,
Google Photos, and YouTube without needing to log in again, that’s an example of
SSO in action.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 72
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Multiple Choice Question

What is authentication primarily concerned with in a computer system?

 A) Data encryption
 B) Verifying identity
 C) Preventing malware
 D) Managing network traffic

Which type of authentication uses something you know?

 A) Token
 B) Biometric
 C) Password
 D) Certificate

What is a characteristic of strong passwords?

 A) Single-factor
 B) Includes letters, numbers, symbols
 C) Plain-text storage
 D) Publicly shared

Which authentication method involves physical or digital objects?

 A) Tokens
 B) Biometrics
 C) Passwords
 D) Certificates

What is the main benefit of using two-factor authentication (2FA)?

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 73
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) Convenience
 B) Single point of failure
 C) Enhanced security
 D) Reduced complexity

How does certificate-based authentication verify identity?

 A) Using digital certificates

 B) Biometric data
 C) Hashing algorithms
 D) Token generation

What biometric characteristic is commonly used for authentication?

 A) DNA
 B) Fingerprint
 C) Social security number
 D) Postal address

Which protocol is designed to provide strong authentication for client-server applications?

 A) HTTP
 B) SSL
 C) IPsec
 D) Kerberos

What is a function of the Key Distribution Center (KDC) in Kerberos?

 A) Issuing tickets
 B) Managing web traffic
 C) DNS resolution
 D) Encrypting emails

What is a potential pitfall of security handshakes?

 A) Man-in-the-Middle Attacks
 B) Single sign-on benefits
 C) Biometric authentication
 D) Two-factor authentication

What does SSO (Single Sign-On) aim to reduce for users?

 A) Authentication methods
 B) Login prompts
 C) System performance
 D) Network congestion

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 74
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Which SSO approach uses OAuth or SAML tokens?

 A) Token-Based SSO
 B) Federated SSO
 C) Kerberos-Based SSO
 D) Biometric SSO

What does the authentication service (AS) in Kerberos verify?

 A) User credentials
 B) Issues Ticket Granting Tickets (TGTs)
 C) System availability
 D) Data integrity

What is a crucial consideration for implementing biometric authentication?

 A) Hardware cost
 B) Privacy concerns
 C) Physical changes affect accuracy
 D) Static nature of data

What makes certificate-based authentication more secure?

 A) Single-factor
 B) Encryption and digital signatures
 C) Username and password
 D) Social engineering attacks

Which authentication factor is often combined with biometric authentication?

 A) Password
 B) Something you are
 C) Token
 D) Certificate

What type of authentication is PGP primarily associated with?

 A) Token
 B) Biometric
 C) Certificate-Based
 D) Password

How does SSL/TLS contribute to authentication on the web?

 A) Authentication protocols
 B) Secure web communications

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 75
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) Token management
 D) Network routing

Which authentication component checks submitted credentials against stored data?

 A) Ticket Granting Service (TGS)

 B) Credential Verification
 C) Service Access
 D) Key Distribution Center (KDC)

In what way does multi-factor authentication (MFA) enhance security?

 A) Requires multiple forms of verification

 B) Single authentication step
 C) Limited access control
 D) User anonymity

Short Type Questions

1. What is authentication?

2. What are the main components of authentication?

3. Name three types of authentication factors.

4. What is a characteristic of strong passwords?

5. Why should passwords be stored using hashing algorithms?

6. What is the purpose of multi-factor authentication (MFA)?

7. What is an authentication token?

8. Give an example of a hardware authentication token.

9. What is certificate-based authentication?

10. What does biometric authentication use to verify identity?

11. What is the role of the Key Distribution Center (KDC) in Kerberos?

12. What does a Ticket Granting Ticket (TGT) do in Kerberos?

13. What is a common pitfall of security handshakes?

14. What is Single Sign-On (SSO)?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 76
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

15. How does Kerberos-Based SSO work?

16. What is the main benefit of SSO?

17. Name two types of software tokens.

18. What is the primary function of the Authentication Service (AS) in Kerberos?

19. What are digital certificates used for in secure web communications?

20. What is a man-in-the-middle attack?

Long Type Questions

1. Explain the process and benefits of multi-factor authentication (MFA).

2. Describe the components and functions of a Key Distribution Center (KDC) in the Kerberos
protocol.

3. Discuss the importance and implementation of certificate-based authentication.

4. Explain how biometric authentication works and its advantages and considerations.

5. Outline the process and security benefits of using SSL/TLS for web communications.

6. Describe the authentication process in the Kerberos protocol and its key features.

7. Discuss the benefits and challenges of Single Sign-On (SSO) approaches.

8. Explain the concept of authentication tokens and their types and benefits.

9. Discuss the role of hashing algorithms in password storage and their importance.

10. Describe the process and security benefits of using digital certificates in HTTPS.

11. What are the considerations for implementing biometric authentication in a system?

12. Explain the potential pitfalls of security handshakes and how they can be mitigated.

13. Describe how Single Sign-On (SSO) improves user experience and security.

14. Explain the process of certificate issuance and verification in certificate-based

authentication.

15. Discuss the advantages and challenges of using hardware tokens for authentication.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 77
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

16. Explain how Kerberos prevents eavesdropping and replay attacks.

17. Describe the role and security measures of the Authentication Service (AS) in Kerberos.

18. Discuss the security and convenience benefits of using biometric authentication.

19. Explain the importance of regular password changes and the best practices for creating
strong passwords.

20. Describe the process and advantages of using software tokens for authentication.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 78
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Module V: IP Security

IP Security and Peer-to-Peer Server Communication

This section explores key concepts related to IP security, peer-to-peer communication, and
how to set up WebSocket servers and connect blockchain peers. It is crucial to understand
these processes as they form the foundation for secure, decentralized network
communications.

Chapter 1: Peer-to-Peer Server

1.1 What is a Peer-to-Peer (P2P) Server?

 Definition: A peer-to-peer (P2P) network is a decentralized network where each

participant, or "peer," acts as both a client and a server. Peers share resources directly
with one another without relying on a central server.
 How it Works: In P2P networks, tasks like file sharing, communication, or
blockchain validation are distributed among the peers. Each peer can initiate or
respond to requests, making the system highly scalable and resilient.
 Key Characteristics:
o Decentralized: No central authority; peers interact directly.
o Equal Privileges: All nodes have equal roles and responsibilities.
o Resource Sharing: Peers can share files, bandwidth, or processing power.

1.2 Benefits of P2P Networks:

 Scalability: More nodes can easily join the network, expanding its capacity.
 Resilience: Since there is no central server, the network is more resistant to failures or
attacks on individual nodes.
 Cost Efficiency: There’s no need for costly centralized infrastructure.

1.3 Examples:

 File Sharing: Systems like BitTorrent use P2P technology to allow users to share
large files directly with each other.
 Cryptocurrencies: Bitcoin and other blockchain-based currencies use P2P networks
to validate and record transactions without a central authority.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 79
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Chapter 2: Create the WebSocket Server

2.1 What is a WebSocket Server?

 Definition: A WebSocket server enables full-duplex communication between a server

and clients over a single TCP connection. This means that both the server and client
can send and receive messages at any time.
 How WebSockets Work: Once a WebSocket connection is established, it stays open,
allowing continuous real-time data exchange without the overhead of repeatedly
opening and closing HTTP connections.

2.2 Why Use WebSockets?

 Real-time Communication: Ideal for applications that require instant updates, such
as chat applications, gaming, or stock price updates.
 Efficiency: Unlike HTTP, WebSockets minimize the overhead associated with
sending and receiving data, making it faster and more efficient.

2.3 Steps to Create a WebSocket Server:

1. Set Up the Environment: Install a WebSocket server package (e.g., ws for Node.js).
2. Initialize the Server: Create a WebSocket server that listens on a specified port.
3. Handle Incoming Connections: Use event listeners to manage new client
connections.
4. Send and Receive Messages: The server can send messages to connected clients, and
clients can send messages back.

2.4 Example Use Cases:

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 80
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Real-Time Messaging: Chat applications where users receive messages instantly.

 Online Multiplayer Games: Games where player actions are synchronized in real-
time across all clients.

Chapter 3: Connect to Blockchain Peers

3.1 Blockchain and Peer-to-Peer Connectivity

 Definition: In a blockchain network, peers are interconnected to share information

about transactions and blocks. Blockchain relies on a P2P structure where every node
is both a client (sending transactions) and a server (validating transactions).
 How it Works: Each peer in the network maintains a copy of the blockchain and
communicates with other peers to propagate new transactions and blocks.

3.2 Importance of Peer Connectivity:

 Consistency: For the blockchain to remain consistent across all nodes, each peer
needs to be connected to multiple other peers to receive updates about the latest
blocks and transactions.
 Security: A strong peer-to-peer connection ensures the network’s resilience against
attacks, as it decentralizes control over the blockchain.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 81
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

3.3 Steps to Connect to Blockchain Peers:

1. Discover Peers: Blockchain nodes use peer discovery protocols to find other nodes.
This can be done through hardcoded peers, DNS seeds, or by querying connected
nods.

Example: Bitcoin uses DNS seeds to automatically discover peers when a

node is first started.

2. Establish a Connection: Once peers are discovered, a handshake protocol (like a

WebSocket or TCP connection) is initiated.
3. Exchange Information: After connecting, the nodes exchange blockchain data such
as block headers, transactions, and the latest blocks.

3.4 Example in Blockchain Networks:

 Bitcoin: When you run a Bitcoin node, it automatically connects to other nodes to
download the latest blocks and transactions.
 Ethereum: Nodes in the Ethereum network are constantly sharing new transactions
and verifying smart contracts via peer-to-peer communication.

Chapter 4: Handle Messages from Peers

4.1 What are Peer Messages?

 Definition: In a peer-to-peer blockchain network, messages are the way nodes

communicate. These messages contain transactions, block updates, and other
important network data.
 Types of Messages:

Transaction Messages: Inform other nodes about new transactions that need
to be validated.

Block Messages: Share new blocks that are mined or validated, allowing the
blockchain to stay synchronized across peers.

Consensus Messages: Used for reaching agreement on the state of the

blockchain, especially in protocols like proof-of-work or proof-of-stake.

4.2 Steps to Handle Messages:

1. Message Reception: Nodes listen for incoming messages from peers using protocols
like WebSocket or TCP.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 82
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

2. Message Parsing: Once a message is received, it is parsed to determine whether it

contains a transaction, a new block, or other data.
3. Validation: The node verifies the validity of the message (e.g., checking that a
transaction hasn’t been tampered with or that a block follows the blockchain’s rules).
4. Propagation: Valid messages are propagated to other connected peers to ensure they
are aware of the updated state of the blockchain.

4.3 Example in a Blockchain Context:

 Bitcoin Node: When a new transaction is created in the Bitcoin network, it is

broadcast as a message to the node’s peers. These peers validate the transaction and
pass it along to others until it reaches miners for inclusion in a block.
 Ethereum Smart Contract Execution: Ethereum nodes receive messages related to
smart contract execution and distribute the resulting state changes across the network.

Chapter 5: Synchronize the Blockchain across Peers

5.1 Why Synchronization is Critical:

 Definition: Blockchain synchronization refers to the process where all nodes in the
network maintain an identical copy of the blockchain. Synchronization ensures that
every node has the same data and that the blockchain remains consistent and
immutable.

5.2 Challenges in Synchronizing a Blockchain:

 Network Delays: Peers may receive updates at different times, which can temporarily
cause forks (multiple chains) or outdated data.
 Fork Resolution: If two different valid blocks are broadcast at the same time, the
network must resolve which block is the correct one to keep the blockchain
synchronized.

5.3 Synchronization Methods:

1. Gossip Protocols: A method for spreading information across a decentralized

network where each peer randomly shares new data with a set of peers. This ensures
that information like transactions and blocks are quickly propagated.
2. Block Propagation: When a node receives a new block, it propagates it to its
connected peers. Each peer validates the block and then propagates it further, ensuring
that all nodes receive the latest block.
3. Fork Resolution: If a node detects that its blockchain differs from the majority, it
will discard its current chain and adopt the longer chain (this is known as the "longest
chain rule" in proof-of-work blockchains like Bitcoin).

5.4 Real-World Examples:

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 83
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Bitcoin Forks: In the event of a temporary fork, the Bitcoin network resolves it by
ensuring that the longest valid chain is adopted by all peers. This prevents
inconsistencies in transaction records.
 Ethereum Synchronization: Ethereum clients (like Geth) synchronize by
downloading the latest blocks and state from the network to ensure they have an up-
to-date copy of the blockchain.

Multiple Choice Question

What is a characteristic of a P2P network?

 A) Centralized control
 B) Decentralization
 C) Single point of failure
 D) Limited scalability

Which protocol enables real-time, full-duplex communication channels over a single TCP
connection?

 A) HTTP
 B) WebSocket
 C) FTP
 D) SMTP

What is an advantage of P2P networks?

 A) High central server costs

 B) Improved resource utilization
 C) Single point of failure
 D) Complexity

What does the WebSocket handshake process involve?

 A) Data encryption
 B) Token exchange
 C) Protocol upgrade
 D) Client authentication

Which is a key concept of blockchain technology?

 A) Centralized ledger
 B) Immutable records
 C) Limited transparency
 D) Data redundancy

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 84
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

In WebSockets, what is used to broadcast messages to all clients?

 A) ws.send()
 B) wss.clients.forEach()
 C) ws.close()
 D) ws.broadcast()

What is a common library for implementing WebSockets in Node.js?

 A) socket.io
 B) ws
 C) websocket
 D) net

What is a blockchain?

 A) A central database
 B) A decentralized ledger
 C) A peer list
 D) A transaction pool

What is Proof of Work (PoW)?

 A) Stake validation
 B) Computational puzzle solving
 C) Token distribution
 D) Peer connection

Which strategy helps in maintaining blockchain synchronization?

 A) Manual updates
 B) Static data exchange
 C) Periodic updates
 D) Random updates

What does a block in a blockchain contain?

 A) User credentials
 B) List of transactions
 C) Peer information
 D) Network topology

What is the purpose of consensus algorithms in blockchain?

 A) Peer disconnection
 B) Resolving conflicts and ensuring agreement

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 85
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) Data encryption
 D) Token generation

How is a new WebSocket connection initiated?

 A) Sending a UDP packet

 B) Establishing an FTP session
 C) Sending an HTTP request with Upgrade header
 D) Peer-to-peer messaging

What is the main function of a WebSocket server?

 A) Creating HTTP requests

 B) Handling connections and messages
 C) Encrypting data
 D) Storing blockchain

Which type of message contains information about new transactions in a blockchain?

 A) Block messages
 B) Transaction messages
 C) Peer messages
 D) Control messages

Short Type Questions

1.What is a characteristic of a P2P network?

2.What protocol enables real-time, full-duplex communication channels over a single TCP
connection?

3.What is an advantage of P2P networks?

4.What does the WebSocket handshake process involve?

5.Which is a key concept of blockchain technology?

6.What method is used to broadcast messages to all clients in WebSockets?

7.Name a common library for implementing WebSockets in Node.js.

8.Define a blockchain.

9.What is Proof of Work (PoW)?

10.Which strategy helps in maintaining blockchain synchronization?

11.What does a block in a blockchain contain?

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 86
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

12.What is the purpose of consensus algorithms in blockchain?

13.How is a new WebSocket connection initiated?

14.What is the main function of a WebSocket server?

15.Which type of message contains information about new transactions in a blockchain?

Long Type Questions

1.Explain the characteristics and advantages of P2P networks.

2.Describe the WebSocket protocol and its difference from HTTP.

3.Discuss the process of setting up a WebSocket server using Node.js.

4.What are the key concepts of blockchain technology? Explain each in detail.

5.Outline the steps involved in creating a simple WebSocket server with example code.

6.Describe the structure of a blockchain, including the contents of a block and how they are
linked.

7.Explain the importance of consensus algorithms in blockchain and describe how they work.

8.How does Proof of Work (PoW) operate in blockchain networks?

9.Discuss the strategies for maintaining blockchain synchronization among peers.

10.Explain how to handle messages from peers in a P2P blockchain network.

11.Describe the process of connecting to blockchain peers using WebSockets.

12.What are the challenges in maintaining data consistency in P2P networks, and how can they
be addressed?

13.Discuss the security risks associated with P2P networks and how to mitigate them.

14.Describe a case study of a real-world application of P2P networks and WebSockets in

blockchain.

15.Explain how WebSocket servers handle connections and messages, including broadcasting
to multiple clients.

Module VI: Operating System Security

Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 87
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Operating System Security: Detailed and Elaborated Notes

Operating System (OS) security is essential for protecting the integrity, availability, and
confidentiality of the system and the data it stores or processes. It involves various tools,
techniques, and best practices to ensure the OS can resist attacks, maintain performance, and
recover from failures. Below is a detailed overview of the key concepts involved in OS
security.

Chapter 1: Identification of Authorization

1.1 What is Authorization in OS Security?

 Definition: Authorization is the process of determining what actions or access rights a

user or system component has after they have been authenticated. It ensures that users
can only access the resources and perform actions that they have been granted
permission to.
 How It Works: Once a user is authenticated (e.g., logged in), the system checks their
authorization level to determine what they are allowed to do. This could be accessing
certain files, running applications, or changing system settings.

1.2 Examples:

 Daily Example: If you have an office key, you can enter the building, but you might
not have access to every room. Similarly, in an OS, an administrator may have access
to system files, but a regular user can only access their own files.

1.3 Importance in OS Security:

 Proper authorization controls prevent unauthorized users from accessing or modifying

sensitive system resources.
 It limits potential damage from compromised user accounts by restricting their access
based on roles or permissions.

Chapter 2: User Management

2.1 What is User Management?

 Definition: User management refers to the processes and tools used to manage user
accounts, privileges, and access to resources on an operating system. It is a key
component of OS security that ensures each user has the appropriate level of access.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 88
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 User Types:
o Administrator/Superuser: Has full control over the system and can install
software, change system settings, and manage other user accounts.
o Standard Users: Have limited access, typically restricted to using the
applications and files assigned to them.

2.2 Key Components of User Management:

 Creating and Deleting Users: Administrators can create new user accounts or
remove old ones to control who has access to the system.
 Managing User Roles and Permissions: Defining what each user can or cannot do
on the system, such as installing programs, accessing certain files, or using specific
applications.
 Password Policies: Setting requirements for password complexity, expiration, and
resets to ensure that user credentials remain secure.

2.3 Examples:

 Daily Example: If you have multiple family members sharing a computer, each
person may have their own account with different permissions. Parents
(administrators) might be able to install apps, while children (standard users) can only
use pre-installed programs.

2.4 Importance in OS Security:

 User management helps prevent unauthorized access, limits the damage from
compromised accounts, and ensures that users only access resources necessary for
their tasks.

Chapter 3: Overview of Software Firewall

3.1 What is a Software Firewall?

 Definition: A software firewall is a security system that monitors and controls

incoming and outgoing network traffic based on predefined security rules. It is
implemented as a program within the operating system, and it filters network
connections to block potentially harmful traffic.

3.2 How it Works:

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 89
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 The firewall evaluates each data packet that tries to enter or leave the system. Based
on the firewall’s rules, it decides whether to allow or block the packet.

3.3 Types of Software Firewalls:

 Host-Based Firewalls: Installed on individual devices to control traffic to and from

that device.
 Network Firewalls: Protect an entire network by filtering traffic between external
and internal networks, but these are often hardware-based.

3.4 Examples:

 Windows Defender Firewall: Comes built-in with Windows OS, helping to block
unauthorized access while permitting legitimate communication.
 Linux iptables: A command-line utility for configuring the rules of the built-in Linux
firewall, used to manage incoming and outgoing traffic based on the user’s needs.

3.5 Importance in OS Security:

 Firewalls help protect systems from various network-based attacks, such as

unauthorized access, malware distribution, and denial-of-service (DoS) attacks. They
act as the first line of defense against external threats.

Chapter 4: Policy

4.1 What is a Security Policy?

 Definition: A security policy is a formal set of rules that governs how security will be
implemented on a system. It defines the security requirements for users, software, and
hardware, as well as the procedures for monitoring and enforcing compliance.
 Key Elements:
o Acceptable Use: Guidelines on how users should use the system and its
resources.
o Password Policies: Requirements for password length, complexity,
expiration, and history.
o Backup and Recovery: Procedures for backing up critical data and restoring
it in the event of a failure.

4.2 Examples:

 Corporate Policy Example: A company’s IT security policy might require

employees to use multi-factor authentication to access internal systems and mandate
regular software updates and patches to prevent vulnerabilities.

4.3 Importance in OS Security:

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 90
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Security policies ensure consistent application of security controls across the system.
They help minimize risks, prevent misuse, and provide guidelines for responding to
security incidents.

Chapter 5: Registry

5.1 What is the Registry?

 Definition: In Windows operating systems, the Registry is a hierarchical database

that stores low-level settings for the OS and installed applications. It includes
information, configurations, and preferences that the system uses to operate properly.

5.2 How the Registry Works:

 The Registry contains keys and values that define how the system operates, including
startup configurations, hardware drivers, user profiles, and application settings.
 Keys: Containers that can hold subkeys and values.
 Values: Specific data entries within a key, such as configuration settings.

5.3 Security Risks:

 Registry Vulnerabilities: Malicious software or users can modify the Registry to

gain unauthorized control over the system, create backdoors, or disable security
features.
 Registry Hijacking: Attackers can alter the Registry to load harmful software on
startup or grant themselves administrator privileges.

5.4 Examples:

 System Tuning: You can use the Registry to enable or disable specific Windows
features, like turning off certain services or adjusting performance settings.
 Malware Exploits: Some malware programs modify the Registry to automatically
run each time the computer starts, making it harder to detect and remove.

5.5 Importance in OS Security:

 Ensuring the security of the Registry is critical because unauthorized changes can
compromise the system’s stability, security, and performance. Administrators must
regularly monitor the Registry for unusual activity and lock down critical settings.

Chapter 6: Disaster Recovery

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 91
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

6.1 What is Disaster Recovery?

 Definition: Disaster Recovery (DR) refers to the strategies and processes for
recovering IT systems and data after a catastrophic event, such as a natural disaster,
cyberattack, or hardware failure.

6.2 Key Components of Disaster Recovery:

 Backups: Regularly scheduled backups of system files, user data, and configurations
are essential for quick recovery.
 Recovery Plan: A detailed plan outlining how the system will be restored after an
outage. This includes roles, responsibilities, and specific steps to follow during a
disaster.
 Redundancy: Systems may be duplicated across multiple physical or cloud locations
to ensure that, if one system fails, another can take over with minimal downtime.

6.3 Examples:

 Daily Example: In a company, IT teams might schedule daily or weekly backups of

all key data. If a ransomware attack encrypts the main servers, the company can
restore from the latest backup without paying the ransom.

6.4 Importance in OS Security:

 Disaster Recovery ensures business continuity, even in the face of catastrophic system
failures or cyberattacks. It minimizes downtime, prevents data loss, and ensures a
smooth recovery.

Chapter 7: OS Security Management

7.1 What is OS Security Management?

 Definition: OS security management involves monitoring, updating, and configuring

an operating system to protect it from threats and vulnerabilities. This includes
applying patches, configuring security settings, and managing user access.

7.2 Key Elements of OS Security Management:

 Patch Management: Regular updates and patches are critical to fixing security
vulnerabilities in the operating system.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 92
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Configuration Management: Ensuring that the OS is configured securely, with

unnecessary services disabled and critical settings locked down.
 Monitoring and Auditing: Continuously monitoring system activity to detect
unusual behavior and conducting audits to review user actions, system changes, and
potential security breaches.

7.3 Examples:

 Patch Management: A company may install monthly security updates for Windows
to protect against the latest vulnerabilities discovered by Microsoft.

7.4 Importance in OS Security:

 Proper OS security management ensures that the operating system remains up to date,
free from vulnerabilities, and configured to resist attacks.

Chapter 8: IAS Authentication

8.1 What is IAS Authentication?

 Definition: Internet Authentication Service (IAS) is Microsoft’s implementation of

a RADIUS (Remote Authentication Dial-In User Service) server, which provides
centralized authentication, authorization, and accounting for network access. It is
often used for wireless networks, VPNs, and dial-up services.

8.2 How IAS Works:

 IAS verifies the identity of users or devices attempting to access the network by
checking their credentials (e.g., username, password, certificate) against a central
database, such as Active Directory.
 Once the user is authenticated, IAS provides authorization for what resources or
services the user can access, and it logs these actions for accounting purposes.

8.3 Examples:

 Corporate Network Example: A company uses IAS to authenticate employees

trying to connect to the corporate VPN remotely. When an employee attempts to
connect, IAS checks their credentials, grants them access to the network, and logs the
session for future audits.

8.4 Importance in OS Security:

 IAS provides centralized control over who can access network resources and ensures
that only authorized users are granted access. It also offers detailed logging for
tracking and auditing network activity, which is crucial for detecting and responding
to security incidents.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 93
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Multiple Choice Question

Which access control model assigns rights based on the identity of the user and is at the
discretion of the object owner?

 A) Mandatory Access Control (MAC)

 B) Discretionary Access Control (DAC)
 C) Role-Based Access Control (RBAC)
 D) Attribute-Based Access Control (ABAC)

What is the primary difference between authentication and authorization?

 A) Authentication verifies identity; authorization determines permissions

 B) Authorization verifies identity; authentication determines permissions
 C) Both verify identity
 D) Both determine permissions

What type of user account typically provides limited access and is used for temporary
access?

 A) Guest account
 B) Local account
 C) Domain account
 D) Administrator account

Which tool is used in Unix/Linux systems for creating user accounts from the command
line?

 A) useradd
 B) usermod
 C) userdel
 D) usercreate

What is the primary function of a software firewall?

 A) To control network traffic to and from a computer

 B) To manage user accounts
 C) To back up data
 D) To edit the registry

What does "Default Deny" mean in firewall rules?

 A) All traffic is allowed except what is explicitly blocked

 B) All traffic is blocked except what is explicitly allowed
 C) All traffic is allowed
 D) All traffic is blocked

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 94
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Which type of firewall tracks the state of active connections and makes decisions based on
the state and context of the traffic?

 A) Packet Filtering
 B) Stateful Inspection
 C) Stateless Filtering
 D) Application Layer Filtering

What is a security policy?

 A) A detailed step-by-step instruction

 B) A high-level statement reflecting the organization's goals
 C) A specific technical requirement
 D) A set of backup procedures

In the Windows registry, what are keys analogous to?

 A) Files
 B) Folders
 C) Values
 D) Programs

Which registry hive contains configuration settings for the local machine?

 A) HKEY_CURRENT_USER
 B) HKEY_CLASSES_ROOT
 C) HKEY_USERS
 D) HKEY_LOCAL_MACHINE

What is the purpose of a disaster recovery plan?

 A) To control network traffic

 B) To restore critical systems and data after a catastrophic event
 C) To manage user accounts
 D) To update software

What is the difference between full, incremental, and differential backups?

 A) Full backups save only changes since the last backup

 B) Incremental backups save all data
 C) Differential backups save only the first backup
 D) Full backups save all data, incremental save changes since the last backup, and
differential save changes since the last full backup

What does RTO stand for in the context of disaster recovery?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 95
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) Recovery Time Objective

 B) Recovery Test Objective
 C) Recovery Technology Objective
 D) Recovery Task Objective

What is a common tool used for applying patches and updates in Linux systems?

 A) Windows Update
 B) apt
 C) Windows Defender
 D) regedit

What does IAS stand for in the context of Windows Server?

 A) Internet Access Service

 B) Internet Authentication Service
 C) Internet Application Service
 D) Internet Authorization Service

Which protocol is commonly used by IAS for remote user authentication and accounting?

 A) RADIUS
 B) LDAP
 C) HTTPS
 D) FTP

Which of the following authentication methods involves a challenge and response

mechanism?

 A) PAP
 B) CHAP
 C) EAP
 D) OAuth

What does the least privilege principle entail?

 A) Users have only the permissions they need to perform their tasks
 B) Users have maximum permissions
 C) Users have no permissions
 D) Users have administrative permissions

What command-line tool is used to edit the Windows registry?

 A) apt
 B) yum
 C) reg.exe

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 96
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 D) firewall-cmd

Which type of firewall is installed on individual computers and protects them from network
threats?

 A) Network-based Firewall
 B) Host-based Firewall
 C) Application Firewall
 D) Cloud Firewall

Short Type Questions

1.What is the primary function of authorization in an operating system?

2.Explain the difference between Discretionary Access Control (DAC) and Mandatory Access
Control (MAC).

3.How does Role-Based Access Control (RBAC) simplify user management?

4.What is the purpose of user management in an operating system?

5.Name a command-line tool used for creating user accounts in Unix/Linux systems.

6.What is a software firewall, and what is its primary purpose?

7.Describe the "Default Deny" rule in firewall settings.

8.How does stateful inspection differ from packet filtering in firewalls?

9.What is the role of a security policy in an organization?

10.What are registry keys and values in the Windows registry?

11.Identify two major hives in the Windows registry and their purposes.

12.What is disaster recovery, and why is it important?

13.Differentiate between full, incremental, and differential backups.

14.What does RTO stand for, and why is it significant in disaster recovery planning?

15.What tool is commonly used for managing software updates and patches in Linux systems?

16.Explain the purpose of Internet Authentication Service (IAS) in Windows Server.

17.What protocol does IAS typically use for remote user authentication and accounting?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 97
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

18.What is the least privilege principle in OS security management?

19.Name a tool used to edit the Windows registry from the command line.

20.What is the difference between host-based and network-based firewalls?

Long Type Question

1. Explain the concept of authorization and its significance in operating system security.

2. Compare and contrast Discretionary Access Control (DAC) and Mandatory Access Control
(MAC).

3. Discuss the advantages of Role-Based Access Control (RBAC) in managing user

permissions.

4. What are the key responsibilities involved in user management within an operating system?

5. Describe the process of creating a user account in Unix/Linux systems using the command
line.

6. Define a software firewall and explain its role in protecting a computer system.

7. Explain the "Default Deny" rule in firewall settings and its importance in security.

8. Discuss the differences between stateful inspection and packet filtering in firewalls.

9. What is a security policy, and why is it crucial for organizations?

10. Explain the structure and purpose of the Windows registry.

11. What are the main hives in the Windows registry, and what are their functions?

12. Describe the key components of a disaster recovery plan.

13. Compare full, incremental, and differential backups, highlighting their pros and cons.

14. What is the significance of Recovery Time Objective (RTO) in disaster recovery planning?

15. What are some common tools used for applying patches and updates in Linux systems?

16. Explain the role and functions of Internet Authentication Service (IAS) in Windows Server.

17. What is the RADIUS protocol, and how does it work in the context of IAS?

18. Describe the principle of least privilege and its importance in operating system security
management.

19. What are the key steps involved in editing the Windows registry using the command line?
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 98
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

20. Explain the differences between host-based and network-based firewalls and their
respective use cases

Module VII: Wireless Security

Introduction to WLAN

Wireless Local Area Networks (WLANs) allow devices to connect and communicate
wirelessly within a local area. Unlike traditional wired networks, WLANs use radio frequency
(RF) technology to transmit data. WLANs have become ubiquitous in homes, businesses, and
public spaces due to their convenience and flexibility. The most common standard for WLANs
is IEEE 802.11, which defines protocols for implementing wireless connectivity.

802.11 Standards

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 99
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

The IEEE 802.11 standards have evolved over time to improve data rates, range, and reliability.
Here are some key 802.11 standards:

1. 802.11a: Introduced in 1999, 802.11a operates in the 5 GHz frequency band and
supports data rates up to 54 Mbps. It uses Orthogonal Frequency Division Multiplexing
(OFDM) to reduce interference and improve signal quality. Due to its higher frequency,
it offers less range but is less susceptible to interference compared to 2.4 GHz bands.

2. 802.11b: Also introduced in 1999, 802.11b operates in the 2.4 GHz frequency band and
supports data rates up to 11 Mbps. It uses Direct Sequence Spread Spectrum (DSSS)
technology. While it has a longer range than 802.11a, it is more prone to interference
from other devices operating in the 2.4 GHz band.

3. 802.11g: Ratified in 2003, 802.11g also operates in the 2.4 GHz band but supports data
rates up to 54 Mbps using OFDM, similar to 802.11a. It is backward compatible with
802.11b, allowing devices using either standard to communicate on the same network.

4. 802.11n: Introduced in 2009, 802.11n operates in both the 2.4 GHz and 5 GHz bands
and supports data rates up to 600 Mbps. It introduced Multiple Input Multiple Output
(MIMO) technology, which uses multiple antennas to improve data throughput and
range. 802.11n is backward compatible with 802.11a/b/g.

Security Types

Securing WLANs is critical to protect against unauthorized access and data breaches. Various
security protocols have been developed to enhance WLAN security:

1. Wired Equivalent Privacy (WEP): WEP was the first security protocol for WLANs,
introduced in the original 802.11 standard. It uses a static encryption key to secure data.
However, WEP has significant vulnerabilities, including weak encryption algorithms
and the use of static keys, making it relatively easy to crack.

2. Temporal Key Integrity Protocol (TKIP): TKIP was introduced as an interim

solution to address WEP's weaknesses, part of the 802.11i standard (WPA). TKIP uses
dynamic keys and adds a per-packet key mixing function, message integrity check, and
rekeying mechanism. While more secure than WEP, TKIP is still considered outdated
and less secure than more modern protocols.

3. Wi-Fi Protected Access (WPA): WPA was introduced to replace WEP and uses TKIP
for encryption. It includes additional security features like a message integrity check
and dynamic key rotation. While WPA was a significant improvement over WEP, it
has since been succeeded by WPA2.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 100
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

4. Wi-Fi Protected Access 2 (WPA2): WPA2, part of the 802.11i standard, is the most
widely used security protocol for WLANs today. It uses the Advanced Encryption
Standard (AES) for encryption, providing robust security. WPA2 supports both
personal (pre-shared key) and enterprise (802.1X authentication) modes, making it
suitable for home and business environments.

Overview of SSID

The Service Set Identifier (SSID) is a unique identifier that distinguishes one WLAN from
another. It acts as the network name, allowing devices to identify and connect to the correct
network. An SSID can be up to 32 characters long and is broadcast by the wireless router or
access point. While broadcasting the SSID makes it easier for devices to find and connect to
the network, it can also expose the network to potential attackers. For enhanced security, some
administrators choose to disable SSID broadcasting, although this does not provide substantial
protection against determined attackers.

WLAN Security Authentication

1. Wired Equivalent Privacy (WEP): As mentioned earlier, WEP uses static keys and
provides basic encryption. However, due to its vulnerabilities, it is no longer
recommended for securing WLANs.

2. Temporal Key Integrity Protocol (TKIP): TKIP, used in WPA, improves upon WEP
by dynamically generating keys for each session and each packet. It is a more secure
alternative to WEP but has been largely replaced by more robust protocols.

3. Wi-Fi Protected Access (WPA): WPA introduced TKIP and improved message
integrity checks. It provides better security than WEP but has been succeeded by
WPA2.

4. Wi-Fi Protected Access 2 (WPA2): WPA2 uses AES for encryption, offering strong
security. It supports two modes: WPA2-Personal (using a pre-shared key) and WPA2-
Enterprise (using 802.1X authentication with a RADIUS server). WPA2 is the current
standard for WLAN security, providing robust protection for both home and enterprise
networks.

Multiple Choice Questions

Which IEEE 802.11 standard operates in the 5 GHz frequency band and supports data rates
up to 54 Mbps?

 A) 802.11b
 B) 802.11a
 C) 802.11g

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 101
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 D) 802.11n

What technology does 802.11b use to transmit data?

 A) OFDM
 B) DSSS
 C) MIMO
 D) AES

Which 802.11 standard introduced Multiple Input Multiple Output (MIMO) technology?

 A) 802.11a
 B) 802.11b
 C) 802.11g
 D) 802.11n

What is the primary security weakness of Wired Equivalent Privacy (WEP)?

 A) Dynamic key generation

 B) Weak encryption algorithms
 C) Message integrity check
 D) Use of AES encryption

Which protocol uses the Advanced Encryption Standard (AES) for encryption?

 A) WEP
 B) TKIP
 C) WPA
 D) WPA2

What does SSID stand for in wireless networking?

 A) Service Set Identifier

 B) Secure Service Identifier
 C) Shared Service Identifier
 D) Standard Set Identifier

Which security protocol was introduced as an interim solution to address the weaknesses of
WEP?

 A) TKIP
 B) AES
 C) WPA2
 D) SSID

Which of the following 802.11 standards is backward compatible with 802.11b?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 102
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) 802.11a
 B) 802.11n
 C) 802.11g
 D) None of the above

What does WPA stand for in wireless networking?

 A) Wireless Protected Access

 B) Wi-Fi Protected Access
 C) Wired Protected Access
 D) Wide Protected Access

Which frequency bands does 802.11n operate in?

 A) 2.4 GHz only

 B) 5 GHz only
 C) Both 2.4 GHz and 5 GHz
 D) Neither 2.4 GHz nor 5 GHz

What type of key does WEP use for encryption?

 A) Dynamic key
 B) Static key
 C) Rotating key
 D) None of the above

Which security protocol provides the best security for WLANs among the given options?

 A) WEP
 B) TKIP
 C) WPA2
 D) WPA

What is the purpose of SSID in a wireless network?

 A) To encrypt data
 B) To provide IP addresses
 C) To identify the network
 D) To act as the network name

Which wireless security protocol introduced a message integrity check to protect against
packet tampering?

 A) WEP

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 103
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 B) WPA
 C) WPA2
 D) TKIP

What encryption standard does WPA2 use to provide strong security?

 A) WEP
 B) TKIP
 C) AES
 D) OFDM

Short Type Question

1. What is WLAN and how does it differ from a wired LAN?

2. Describe the main feature of the 802.11a standard.

3. What technology does 802.11b use and what are its data rate capabilities?

4. What advantage does 802.11g have over 802.11b?

5. Explain the significance of MIMO in the 802.11n standard.

6. What is the primary security weakness of WEP?

7. How does TKIP improve security compared to WEP?

8. What encryption method does WPA2 use?

9. Define SSID and its role in a wireless network.

10. What are the two modes supported by WPA2?

11. Why is it important to disable SSID broadcasting?

12. Describe the main difference between 802.11a and 802.11b.

13. What does WPA stand for and what was its purpose?

14. How does WPA2-Enterprise enhance network security?

15. What is the function of a message integrity check in wireless security protocols?

16. What are the frequency bands used by 802.11n?

17. Why is AES preferred over TKIP in WPA2?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 104
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

18. What does the principle of least privilege entail in WLAN security?

19. What was the purpose of introducing WPA?

20. Explain the significance of 802.11 in wireless security.

Long Type Question

1. Explain the concept of WLAN and its importance in modern communication.

2. Discuss the key features and limitations of the 802.11a standard.

3. Compare and contrast 802.11b and 802.11g standards.

4. Explain the significance of 802.11n and its impact on WLAN performance.

5. Describe the function and importance of SSID in a WLAN.

6. Discuss the vulnerabilities of WEP and why it is no longer recommended for WLAN
security.

7. Explain how TKIP improves upon WEP and its limitations.

8. What are the key features of WPA and how does it enhance WLAN security?

9. Describe the advantages of WPA2 over WPA for WLAN security.

10. How does certificate-based authentication work in WLANs, and what are its benefits?

11. Explain the process and benefits of biometric authentication in WLANs.

12. What is the role of the Key Distribution Center (KDC) in Kerberos protocol?

13. Describe the authentication process of the Kerberos protocol.

14. Discuss the common security handshake pitfalls and their implications.

15. Explain the concept and benefits of Single Sign-On (SSO) in WLAN security.

16. How does 802.11n enhance WLAN performance compared to earlier standards?

17. Discuss the benefits and challenges of using biometric authentication in WLANs.

18. Explain the security features of WPA2 and why it is preferred over WPA.

19. Describe the function of SSID in WLANs and its role in network security.

20. Compare the security mechanisms of WEP, WPA, and WPA2.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 105
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Module VIII: Malicious Logic

Introduction to Malicious Logic

Malicious logic refers to any code or software designed to disrupt, damage, or gain
unauthorized access to computer systems. It includes various forms of malicious software
(malware) and other harmful activities that threaten computer security. Understanding the
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 106
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

different types of malicious logic, their mechanisms, and countermeasures is crucial for
safeguarding information systems.

Types of Malicious Logic

1. Virus

Definition

A computer virus is a type of malicious software that attaches itself to a host file or boot sector
of a computer. When the infected file is executed, the virus activates and replicates, spreading
to other files and systems.

Characteristics

 Replication: Viruses replicate by attaching themselves to executable files or

documents.

 Activation: Viruses remain dormant until the host file is executed.

 Payload Delivery: Upon activation, viruses can deliver a payload, which might range
from harmless pranks to destructive actions like data corruption.

Examples

 Melissa Virus: Spread through email attachments, causing significant email traffic.

 ILOVEYOU Virus: Sent as an email attachment, it overwrote files and sent itself to
contacts in the victim's address book

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 107
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

2. Worm

Definition

A worm is a standalone malicious program that replicates itself to spread across networks
without the need for a host file. Worms exploit vulnerabilities in network protocols to
propagate.

Characteristics

 Self-Replication: Worms can autonomously replicate and spread.

 Network Propagation: Worms spread through network connections, often exploiting

security vulnerabilities.

 Payload Delivery: Worms may carry payloads that cause harm, such as deleting files
or creating backdoors.

Examples

 Morris Worm: One of the first worms, it exploited vulnerabilities in UNIX systems,
causing widespread disruption.

 Conficker Worm: Spread by exploiting vulnerabilities in Windows OS, creating a

botnet of infected machines.

3. Trojan Horse

Definition

A Trojan Horse, or simply a Trojan, is a type of malware disguised as legitimate software.

Users inadvertently install Trojans, believing them to be benign, while they perform malicious
actions in the background.

Characteristics

 Deceptive: Trojans masquerade as useful or harmless software.

 Non-Self-Replicating: Unlike viruses and worms, Trojans do not replicate themselves.

 Payload Delivery: Trojans can install backdoors, keyloggers, or other malicious

software.

Examples

 Zeus Trojan: A notorious banking Trojan that stole sensitive financial information.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 108
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 Remote Access Trojans (RATs): Allow attackers to remotely control infected

systems, such as the DarkComet RAT.

4. Zombies and Botnets

Definition

Zombies are compromised computers controlled by an attacker, often without the knowledge
of the owner. A network of zombies is called a botnet, which can be used for various malicious
purposes.

Characteristics

 Remote Control: Attackers use command and control (C&C) servers to manage
zombies.

 Distributed Attacks: Botnets can launch distributed denial-of-service (DDoS) attacks,

send spam, or mine cryptocurrencies.

 Stealthy Operation: Zombies operate covertly, making detection difficult.

Examples

 Mirai Botnet: Compromised IoT devices to launch massive DDoS attacks.

 Storm Botnet: Used for spam campaigns and DDoS attacks.

5. Denial of Service (DoS) Attacks

Definition

Denial of Service (DoS) attacks aim to make a system or network resource unavailable to its
intended users by overwhelming it with a flood of illegitimate requests.

Characteristics

 Volume-Based Attacks: Flood the target with excessive traffic to exhaust bandwidth.

 Protocol Attacks: Exploit weaknesses in network protocols to disrupt service.

 Application-Layer Attacks: Target specific applications, overwhelming their

resources.

Examples

 Ping of Death: Sends malformed or oversized packets to crash the target system.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 109
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 SYN Flood: Exploits the TCP handshake process to consume server resources.

Intrusion and Intruders

Intrusion

Definition

Intrusion refers to unauthorized access to a computer system or network. Intrusions can lead to
data theft, system damage, and other malicious activities.

Types of Intrusion

 External Intrusion: Conducted by attackers outside the organization, often using

hacking tools and techniques.

 Internal Intrusion: Involves insiders, such as employees or contractors, who misuse

their access privileges.

Intruders and Their Types

Definition

Intruders, also known as hackers or attackers, are individuals or groups that attempt to gain
unauthorized access to computer systems.

Types of Intruders

 Script Kiddies: Inexperienced attackers who use pre-made tools and scripts to exploit
vulnerabilities.

 Hacktivists: Attackers motivated by political or social causes, using hacking to

promote their agenda.

 Cybercriminals: Individuals or groups engaged in illegal activities for financial gain,

such as stealing data or spreading ransomware.

 State-Sponsored Attackers: Operatives backed by nation-states, conducting cyber-

espionage or cyber warfare.

Intrusion Detection System (IDS)

Definition

An Intrusion Detection System (IDS) monitors network or system activities for malicious
actions or policy violations. It alerts administrators when suspicious activities are detected.
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 110
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Types of IDS

 Network-Based IDS (NIDS): Monitors network traffic for suspicious patterns.

 Host-Based IDS (HIDS): Monitors individual systems for suspicious activities, such
as unauthorized file modifications.

Techniques Used in IDS

 Signature-Based Detection: Uses predefined patterns (signatures) to identify known

threats.

 Anomaly-Based Detection: Establishes a baseline of normal activity and detects

deviations from this norm.

Benefits and Limitations

 Benefits: Provides real-time alerts, helps identify ongoing attacks, and enhances overall
security posture.

 Limitations: Can produce false positives, requires constant updates, and may not detect
new or unknown threats.

Intrusion Prevention System (IPS)

Definition

An Intrusion Prevention System (IPS) not only detects but also actively prevents and blocks
potential threats. It sits in-line with network traffic and takes immediate action upon detecting
malicious activities.

Types of IPS

 Network-Based IPS (NIPS): Monitors and analyzes network traffic, blocking

malicious activities in real-time.

 Host-Based IPS (HIPS): Monitors and protects individual systems by intercepting

malicious actions.

Techniques Used in IPS

 Signature-Based Prevention: Blocks known threats based on predefined signatures.

 Behavioral-Based Prevention: Identifies and blocks actions that deviate from normal
behavior.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 111
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Benefits and Limitations

 Benefits: Provides proactive protection, reduces the risk of successful attacks, and
enhances response capabilities.

 Limitations: Can impact network performance, may produce false positives, and
requires regular updates to remain effective.

Multiple Choice Questions

What does malicious logic refer to?

 A) Useful code
 B) Malicious software
 C) Legal software
 D) Open-source software

A computer virus attaches itself to what?

 A) Network packets
 B) Host files or boot sectors
 C) User passwords
 D) IP addresses

How do worms spread across networks?

 A) Via email
 B) By attaching to files
 C) By exploiting network vulnerabilities
 D) Through physical media

What distinguishes a Trojan Horse from other malware?

 A) It replicates itself
 B) It spreads via networks
 C) It masquerades as legitimate software
 D) It encrypts files

What is a network of compromised computers called?

 A) Intranet
 B) Extranet
 C) Botnet
Ms.Debdutta Mandal , Ms. Raima Saha
Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 112
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 D) Mainframe

What does DoS stand for in cybersecurity?

 A) Data over Systems

 B) Denial of Service
 C) Delay of Service
 D) Denial of Security

What is the primary goal of a Denial of Service (DoS) attack?

 A) Stealing data
 B) Disrupting service
 C) Gaining root access
 D) Installing malware

What is a common symptom of a DoS attack?

 A) Data corruption
 B) Network slowdown
 C) Unauthorized file access
 D) Phishing emails

What type of malware can control a computer remotely?

 A) Virus
 B) Worm
 C) Trojan Horse
 D) Adware

What are zombies in the context of cybersecurity?

 A) Legitimate users
 B) Compromised computers
 C) Security tools
 D) Network switches

Which attack involves overwhelming a target with traffic?

 A) Denial of Service
 B) Trojan Horse
 C) Virus
 D) Rootkit

What is the primary function of an Intrusion Detection System (IDS)?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 113
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 A) Blocking traffic
 B) Detecting unauthorized access
 C) Encrypting data
 D) Generating malware

What is the key difference between an IDS and an Intrusion Prevention System (IPS)?

 A) IDS detects, IPS prevents

 B) IDS prevents, IPS detects
 C) IDS encrypts, IPS decrypts
 D) IDS generates, IPS blocks

Which type of intruder is typically an insider?

 A) Script kiddie
 B) Disgruntled employee
 C) Hacker
 D) Network administrator

What is the main purpose of an Intrusion Prevention System (IPS)?

 A) Monitoring traffic
 B) Blocking malicious activities
 C) Generating reports
 D) Scanning for viruses

How does a worm differ from a virus?

 A) Worms spread autonomously

 B) Worms require host files
 C) Worms are harmless
 D) Worms are only on mobile devices

What does a Trojan Horse typically disguise itself as?

 A) Legitimate software
 B) Network device
 C) Firewall
 D) User account

Which type of attack aims to make a service unavailable to users?

 A) Phishing
 B) Man-in-the-Middle
 C) Denial of Service
 D) SQL injection

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 114
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

What is a common use of a botnet?

 A) Encrypting files
 B) Launching DDoS attacks
 C) Installing patches
 D) Monitoring network traffic

What does the term "zombie" refer to in a botnet?

 A) A controlling server
 B) A compromised computer
 C) An attack vector
 D) A security protocol

What does an Intrusion Detection System (IDS) primarily monitor?

 A) User activity
 B) Network traffic
 C) Power usage
 D) System temperature

Which malicious logic can replicate itself and spread to other computers?

 A) Worm
 B) Adware
 C) Spyware
 D) Rootkit

What is the main feature of a Trojan Horse?

 A) Disguises as legitimate software

 B) Deletes files
 C) Encrypts data
 D) Monitors power usage

Which type of intruder uses pre-written scripts to hack systems?

 A) Script kiddie
 B) Disgruntled employee
 C) Advanced Persistent Threat
 D) Insider threat

How does an Intrusion Prevention System (IPS) respond to threats?

 A) By blocking them
 B) By logging them

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 115
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

 C) By notifying the user

 D) By ignoring them

Short Type Questions

1.What is malicious logic?

2.How do viruses spread?

3.What is the primary characteristic of a worm?

4.What distinguishes a Trojan Horse from other types of malware?

5.What is a botnet?

6.Define a Denial of Service (DoS) attack.

7.What are the symptoms of a DoS attack?

8.What is a zombie in cybersecurity terms?

9.How do Intrusion Detection Systems (IDS) work?

10.What is the primary function of an Intrusion Prevention System (IPS)?

11.Who are script kiddies?

12.What is the main purpose of a botnet?

13.How does a worm differ from a virus in terms of spread?

14.Describe the primary feature of a Trojan Horse.

15.What type of attack aims to make a service unavailable?

16.What does an Intrusion Detection System (IDS) primarily monitor?

17.What is the difference between an IDS and an IPS?

18.How does a botnet operate?

19.What are the functions of the Key Distribution Center (KDC) in Kerberos?

20.What is the role of encryption in Certificate-Based Authentication?

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 116
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

Long Type Question

1.What is malicious logic and how does it impact computer systems?

2.Describe the lifecycle of a virus from infection to eradication.

3.How do worms propagate, and what measures can be taken to prevent their spread?

4.Explain the functioning and purpose of a Trojan Horse in cybersecurity.

5.What are botnets and how are they utilized in cyberattacks?

6.Discuss the different types of Denial of Service (DoS) attacks and their impacts.

7.What are the primary characteristics of an Intrusion Detection System (IDS)?

8.How does an Intrusion Prevention System (IPS) differ from an IDS, and what are its benefits?

9.Who are script kiddies, and what impact do they have on cybersecurity?

10.How do botnets operate and what are the common strategies for mitigating their threats?

11.Explain the role of the Key Distribution Center (KDC) in the Kerberos authentication
protocol.

12.What is the importance of encryption in Certificate-Based Authentication, and how does it

enhance security?

13.What measures can be taken to prevent the spread of worms in a network environment?

14.Describe the security implications of botnets and the challenges in combating them.

15.How do Denial of Service (DoS) attacks affect organizations, and what are effective
mitigation strategies?

16.Discuss the role and effectiveness of Intrusion Detection Systems (IDS) in cybersecurity.

17.Explain the differences between Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS).

18.What are the motivations and methods used by script kiddies in cyberattacks?

19.How do botnets impact cybersecurity, and what are the common methods for detecting and
mitigating them?

20.Describe the authentication process in the Kerberos protocol and its security benefits.

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 117
Bachelor of Science (Honours) in Advanced Networking and Cyber Security – 2022 & Semester- V
Cryptography & Network Security & BNCSD502C
Section- A, Section- B, Section-C
Academic Session – 2024-25

21.How does Certificate-Based Authentication work, and what are its advantages in securing
communications?

MCQ ANSWERS:

MODULE I

1.A | 2. B | 3. B | 4. C | 5. B | 6. D | 7. B | 8. B | 9. C | 10. C |11. B | 12. B | 13. C | 14. C |

15.B | 16. B | 17. B | 18. B | 19. B | 20. B |21.C | 22. B | 23. B | 24. C | 25. C | 26. B | 27. C |
28. B | 29. B | 30. B

MODULE II

1. B | 2. B | 3. B | 4. B | 5. B | 6. A | 7. A | 8. B | 9. A | 10. B |
11. A | 12. C | 13. B | 14. A | 15. B | 16. A | 17. A | 18. B | 19. A | 20. B

MODULE III

1.A | 2. C | 3. B | 4. A | 5. B | 6. B | 7. A | 8. B | 9. B | 10. C |
11. B | 12. B | 13. B | 14. B | 15. B | 16. C | 17. B | 18. B | 19. D | 20. A

MODULE IV

1. B | 2. C | 3. B | 4. A | 5. C | 6. A | 7. B | 8. D | 9. A | 10. A |
11.B | 12. B | 13. A | 14. B | 15. B | 16. A | 17. C | 18. B | 19. B | 20. A

MODULE V

1.B | 2. B | 3. B | 4. C | 5. B | 6. B | 7. A | 8. B | 9. B | 10. C |
11.B | 12. B | 13. C | 14. B | 15. B

MODULE VI

1. B | 2. A | 3. A | 4. A | 5. A | 6. B | 7. B | 8. B | 9. B | 10. D |
11. B | 12. D | 13. A | 14. B | 15. B | 16. A | 17. B | 18. A | 19. C | 20. B

MODULE VII

1.B | 2. B | 3. D | 4. B | 5. D | 6. A | 7. A | 8. C | 9. B | 10. C |
11. B | 12. C | 13. C | 14. D | 15. C

MODULE VIII

1.B | 2. B | 3. C | 4. C | 5. C | 6. B | 7. B | 8. B | 9. C | 10. B |
11.A | 12. B | 13. A | 14. B | 15. B | 16. A | 17. A | 18. C | 19. B | 20. B |
21.B | 22. A | 23. A | 24. A | 25. A

Ms.Debdutta Mandal , Ms. Raima Saha

Assistant Professor, Dept. of Cyber Science & Technology
Brainware University, Kolkata
P a g e | 118