1 2 3

MODULE 1 * The public key is used for encryption, and the private key is Timing Attacks: Exploiting variations in the time it takes for 7. Difference between an unconditionally secure cipher and a 9. difference between monoalphabetic cipher and This is difficult enough in a centralized data processing
1.Essential ingredients of a symmetric cipher used for decryption. Information encrypted with the public key cryptographic operations to complete, revealing information computationally secure cipher polyalphabetic cipher environment; with the use of localand wide area networks, the
1.Key: The key is a piece of information used by the algorithm can only be decrypted with the corresponding private key and about the key. Unconditionally Computationally Monoalphabetic problems are compounded.
Feature
to perform encryption and decryption. Both the sender and vice versa. Fault Injection Attacks: Introducing faults (e.g., glitches) in the Secure Cipher Secure Cipher Feature Cipher Polyalphabetic Cipher ITU-T3 Recommendation X.800, Security Architecture for OSI,
the receiver need to know and agree on the same secret key. * This eliminates the need for a secure key exchange, as each system to manipulate the cryptographic computations and Based on perfect Relies on the Each letter in the Different substitution defines such a systematicapproach.
The security of the symmetric cipher relies heavily on keeping person can freely share their public key. extract information. secrecy and computational plaintext is patterns are used The OSI security architecture is useful to managers as a way of
Basis of Security
the key secret. Cache Timing Attacks: Exploiting variations in access times to mathematical infeasibility of consistently replaced throughout the organizing the task ofproviding security.
2.Plaintext: This is the original, human-readable message that 4. Difference between a block cipher and a stream cipher cache memory during cryptographic operations. principles. specific problems. by the same letter or message, introducing This architecture was developed as an international standard.
the sender wants to transmit securely. The symmetric cipher Feature Block Cipher Stream Cipher Provides security Substitution symbol in the variability in the The OSI security architecture focuses on security attacks,
takes this plaintext as input for encryption. Processes 6 List and briefly define types of cryptanalytic attacks based on Provides an absolute underthe Pattern ciphertext. encryption process. mechanisms, and services.
3.Ciphertext: This is the encrypted message produced by the fixed-size Processes data bit by what is known to the attacks Security guarantee of security assumption that Caesar cipher, Atbash Vigenère cipher, ◆ Security attack: Any action that compromises the security of
symmetric cipher when it processes the plaintext with the Processing Unit blocks of data. bit or byte by byte. Cryptanalytic attacks are categorized based on the knowledge Guarantee against any certain cipher, Simple Autokey cipher, information ownedby an organization.
secret key. The ciphertext is typically in a format that is not Operates on Does not have a fixed the attacker possesses. Here are some types of cryptanalytic computational power. computational Example substitution cipher. Playfair cipher. ◆ Security mechanism: A process (or a device incorporating
easily readable by humans. fixed-size blocks block size; operates on attacks based on what is known to the attacker: problems are hard. Repetitive patterns in such a process) that isdesigned to detect, prevent, or recover
4.Encryption Algorithm: The encryption algorithm is the (e.g., 128 bits individual bits or 1. Ciphertext-Only Attack: Security is based the plaintext result in Resists repetitive from a security attack.
mathematical process used to convert the plaintext into Definition: In a ciphertext-only attack, the attacker has access Security is not ◆ Security service: A processing or communication service
Block Size for AES). bytes. on the difficulty of repetitive patterns in patterns in the
ciphertext. The algorithm takes the input plaintext and the only to the encrypted ciphertext and attempts to deduce dependent on that enhances thesecurity of the data processing systems and
Typically doesn't have Key Feature solving specific the ciphertext, making ciphertext, enhancing
secret key to produce the encrypted output. information about the plaintext or the key. computational the information transfers of anorganization. The services are
modes like block mathematical Repetition it susceptible to security against
5.Decryption Algorithm: The decryption algorithm is the Method: The attacker analyzes the patterns and properties of complexity. intended to counter security attacks, and they makeuse of one
Can operate inciphers. May use problems. of Patterns frequency analysis. frequency analysis.
mathematical process used to convert the ciphertext back into Operation different modes synchronization the ciphertext to make educated guesses about the plaintext RSA, AES, and More complex and or more security mechanisms to provide the service.
the original plaintext. It takes the ciphertext and the secret key Modes (e.g., ECB, CBC). mechanisms. or key. other widely-used resistant to traditional SECURITY ATTACKS
as input to produce the decrypted output. 2.Known-Plaintext Attack: One-time pad (when Security attacks are classified in two - passive attacks and
Commonly used Often used for real- Example modern Simple and vulnerable frequency analysis,
Definition: In a known-plaintext attack, the attacker has access used correctly). active attacks.
for bulk data time communication, cryptographic to attacks like providing improved
2. Two basic functions used in encryption algorithm encryption, files, encrypting continuous to some plaintext-ciphertext pairs and uses this knowledge to algorithms. Complexity frequency analysis. security. A passive attack attempts to learn or make use of information
1.Substitution: Use Cases disk sectors. data streams. deduce the key or decrypt other ciphertexts. Often impractical for Practical and Involves a key or from the system but doesnot affect system resources.
* Substitution involves replacing elements of the plaintext Algorithms like Operates on individual Method: The attacker exploits the relationship between most applications due widely used in keyword that An active attack attempts to alter system resources or affect
with other elements, such as characters or bits, according to a known plaintext and ciphertext to gain information about the Practicality their operation.
AES have fixed bits or bytes, often to key management real-world Typically involves a determines different
specific rule or algorithm. Implementation block sizes. using a key stream. encryption key. challenges. applications. Key single key or substitution rules, Passive Attacks
* In the context of encryption, this often means substituting Advanced 3.Chosen-Plaintext Attack: Mechanism substitution rule. adding complexity. Passive attacks are in the nature of eavesdropping on, or
letters or groups of letters with other letters or symbols based Encryption RC4, A5/1 (used in GSM Definition: In a chosen-plaintext attack, the attacker has the 8.briefly define a) caesar cipher b) monoalphabetic cipher c) Offers improved monitoring of, transmissions.
on a predefined key. Examples Standard, DES communication). ability to choose and encrypt specific plaintexts, observing the playfair cipher security by The goal of the opponent is to obtain information that is being
* Common examples of substitution ciphers include the Caesar corresponding ciphertexts. a) Caesar Cipher: Relatively less secure introducing variability transmitted.
cipher, where each letter is shifted by a fixed number of 5.list the two general approaches to attacking a cipher Method: The attacker uses the chosen plaintext-ciphertext Definition: The Caesar cipher is a substitution cipher where due to patterns in the in the encryption Two types of passive attacks:
positions in the alphabet, and the more complex methods like Attacking a cipher involves attempting to decipher encrypted pairs to gain information about the encryption key or to each letter in the plaintext is shifted a certain number of Security ciphertext. process. ◆ Release of message contents◆ Traffic analysis.
the Playfair cipher or the Advanced Encryption Standard (AES). information without knowledge of the secret key. There are optimize the cryptanalysis process. positions down or up the alphabet. It is named after Julius 10.what is a transpositon cipher Active Attacks
2.Permutation (Transposition): generally two broad approaches to attacking a cipher: 4.Adaptive Chosen-Plaintext Attack: Caesar, who is historically recorded to have used this simple A transposition cipher is a type of cryptographic algorithm that ➔ Active attacks involve some modification of the data stream
* Permutation, also known as transposition, involves 1. Cryptanalysis: Definition: An adaptive chosen-plaintext attack allows the encryption method. encrypts or encodes a message by rearranging or permuting or the creation of a falsestream.
rearranging the order of elements in the plaintext without * Definition: Cryptanalysis is the study of cryptographic attacker to adapt their choice of plaintext based on the results Encryption Algorithm: E(x) = (x + k) mod 26, where x is the the order of its characters. Unlike substitution ciphers, which ➔ It is subdivided into four categories:
altering the actual content. systems with the goal of finding weaknesses that can be of previous encryptions. position of the letter in the alphabet, k is the shift value, and replace individual characters with other characters, ◆ Masquerade◆ Replay◆ Modification of messages
* This can be achieved by changing the position of characters exploited to recover the plaintext or the key. Method: The attacker can dynamically choose plaintexts based mod 26 ensures that the result wraps around within the 26- transposition ciphers do not change the characters themselves ◆ Denial of service
or groups of characters in the plaintext according to a specific *Methods: on the information obtained during the attack, making it more letter alphabet. but alter their positions within the message. Security Services
rule or algorithm. Brute Force Attack: Trying all possible keys until the correct flexible and potentially more powerful. b) Monoalphabetic Cipher: There are various methods to perform transposition A security service is defined as a service that is provided by a
* Transposition ciphers often involve arranging characters in a one is found. The effectiveness depends on the key length and 5.Chosen-Ciphertext Attack: Definition: A monoalphabetic cipher is a substitution cipher encryption, but they all involve rearranging the positions of protocol layer ofcommunicating open systems and that
grid or matrix and then permuting their positions based on a the strength of the cipher. Definition: In a chosen-ciphertext attack, the attacker can where each letter in the plaintext is consistently replaced by a characters based on a specific rule or algorithm. The original ensures adequate security of the systems or of data transfers.
key. The Rail Fence cipher and Columnar Transposition cipher Frequency Analysis: Analyzing the frequency of characters or choose and decrypt specific ciphertexts, observing the corresponding letter or symbol in the ciphertext. In this type of order of the characters is crucial for decryption. It is also defined as a processing or communication service
are examples of transposition ciphers. patterns in the ciphertext to make educated guesses about the corresponding decrypted plaintexts. cipher, each letter is substituted with another letter, Here's a simple example of a transposition cipher: that is provided by a systemto give a specific kind of protection
key or plaintext. Method: The attacker uses the chosen ciphertext-decrypted maintaining a one-to-one mapping throughout the encryption Rail Fence Cipher: to system resources.
3. How many keys are required for two people to Known-Plaintext Attack: Exploiting knowledge of some plaintext pairs to gain information about the decryption key. process. Encryption Algorithm: Security services implement security policies and are
communicate via a cipher plaintext-ciphertext pairs to deduce information about the key. 6.Known-Key Attack: Example: The Caesar cipher is a simple monoalphabetic cipher, * Write the message in a zigzag pattern across a set number of implemented by securitymechanisms.
The number of keys required for two people to communicate Definition: In a known-key attack, the attacker has knowledge but more complex examples include the Atbash cipher or the rails or rows. Services are classified into five categories and fourteen specific
via a cipher depends on the type of encryption scheme used: Chosen-Plaintext Attack: The attacker can choose specific of the key used for encryption and seeks to exploit this simple substitution cipher. * Read the message by concatenating the characters from services
symmetric or asymmetric. plaintexts and observe the corresponding ciphertexts to gain information to decrypt other ciphertexts. c) Playfair Cipher: each row. Categories:
1. Symmetric Encryption: information about the key. Method: The attacker uses the known key to decrypt Definition: The Playfair cipher is a digraph substitution cipher Example: ◆ Authentication◆ Access control◆ Data Confidentiality
* In symmetric encryption, the same key is used for both additional ciphertexts without necessarily having access to the that encrypts pairs of letters (digraphs) instead of individual * Original Message: "MEET ME AFTER THE PARTY" ◆ Data Integrity◆ Nonrepudiation◆ Availability
encryption and decryption. Therefore, only one key is required 2. Side-Channel Attacks: plaintexts. letters. It uses a key table or key matrix to determine the * Number of Rails: 2 Security Mechanisms
for two people to communicate securely. * Definition: Side-channel attacks exploit information leaked substitutions. The key table is typically a 5x5 matrix filled with * Encrypted Message: "MEMATRHPRYETEFETEAT" Two types of mechanisms:
* The challenge with symmetric encryption is securely sharing during the encryption or decryption process, such as power a keyword, and it is used to create the encryption and 11. OSI security architecture ● SPECIFIC SECURITY MECHANISMS: Mechanisms that are
the key between the communicating parties. If the key is consumption, electromagnetic radiation, or timing decryption mappings. To assess effectively the security needs of an organization and implemented in a
compromised during transmission or storage, it can jeopardize information. Encryption Algorithm: The plaintext is processed in pairs of to evaluate and choose various security products and policies, specific protocol layer, such as TCP or an application-layer
the security of the communication. * Methods: letters, and their positions in the key table are used to the manager responsible for security needs some systematic protocol.
2. Asymmetric Encryption: Power Analysis: Monitoring power consumption patterns determine the corresponding ciphertext pair. way of defining the requirements for security and ● PERVASIVE SECURITY MECHANISMS: Mechanisms that are
* In asymmetric encryption, also known as public-key during cryptographic operations to deduce information about characterizing the approaches to satisfying those not specific to any
cryptography, each person has a pair of keys: a public key and the key. requirements. particular protocol layer or security service.
a private key.

4 5 6

MODULE 2 4.Final Round: 4.summarize the primitive operations in RC4 algorithm. *Substitution typically involves replacing plaintext elements 3.Mathematical Representation: Mathematically, both
1.how is round key generated in DES *The final round is similar to the regular rounds but without The RC4 (Rivest Cipher 4) algorithm is a symmetric key stream (bits or bytes) with other elements based on a substitution substitution and transposition operations can be described
In the Data Encryption Standard (DES), the round keys are the MixColumns step. cipher widely used for its simplicity and efficiency. The table (S-box). using permutation matrices or functions,
derived from the original encryption key through a process *The final round key is XORed with the state. primitive operations in the RC4 algorithm include key *Permutation involves rearranging the order of the elements. 11.distingishbetwen
distingishbetwen symmetric key and assymetric
assymetri key
known as key schedule or key generation. The key schedule 5.Ciphertext:The final state is the ciphertext. scheduling and pseudorandom generation. Here's a summary *The repeated application of substitution and permutation cryptosystem
generates a set of 16 round subkeys, one for each round of the of the primitive operations in RC4: operations creates multiple rounds of transformation. Symmetric-Key
Key Asymmetric-Key
Feature
DES encryption process. Here is an overview of how the round 1.Key Scheduling: 2.Feistel Networks: Cryptosystem Cryptosystem
keys are generated in DES: *The RC4 algorithm begins by initializing two arrays, S (state) *A Feistel network is another type of product cipher that Single secret key Key pair (public key
1.Initial Permutation (PC-1): and T (temporary), both of size 256 bytes. divides the input block into two halves and applies a series of
Key Type
and private key)
*The 56-bit original key is permuted using the PC-1 *The key provided by the user is used to initialize the S array, rounds with alternating substitution and permutation Secure Public keys can be
permutation table. This table reshapes the key and selects 56 and the T array is initialized with values from 0 to 255. operations. Key distribution is freely distributed,
bits out of the original 64 bits. The remaining 8 bits are used *The key-scheduling algorithm (KSA) involves a permutation of *Each round involves the application of a function that Distribution challenging private keys must be
for parity checks and are discarded. the elements in the S array based on the key. depends on one half of the block, and the output is XORed kept confidential
2.Key Splitting: 2.Pseudorandom Generation: with the other half. More computationally
*The 56-bit key is split into two 28-bit halves, often referred to *The pseudorandom generation algorithm (PRGA) generates a *The use of XOR and the alternation of operations contribute Generally faster
Computational intensive, especially
as the left half (C0) and the right half (D0). stream of pseudorandom bytes that are XORed with the to the security of the Feistel network. and more efficient
Efficiency for bulk data
3.Key Rotation (Left Circular Shifts): plaintext or ciphertext to produce the final output. The Data Encryption Standard (DES) is an example of a product encryption
*In each round, both C and D halves are subject to left circular *During PRGA, the S array is further modified through a series cipher that uses a Feistel network structure. Bulk data
shifts. The number of shifts is determined by the round of swapping operations, creating a pseudorandom stream of 8.which parameters and design choices determine the actual encryption, Key exchange, digital
number. For Rounds 1, 2, 9, and 16, one bit is shifted, while for bytes. algorithm of feistal cipher Use Cases secure signatures, public-key
the other rounds, two bits are shifted. *PRGA involves two pointers, i and j, that traverse the S array, Block Size (n): communication infrastructure (PKI)
4.Round Key Generation (PC-2): performing swapping operations and generating the The block size n represents the size of the data block that the
*After the circular shifts, the halves are combined, forming a 3.explain the construction of S-box in AES pseudorandom stream. Feistel cipher operates on. Common choices include 64 bits (as Examples DES, AES, 3DES RSA, ElGamal, ECC
56-bit block again. The SubBytes step in the AES encryption process involves 5.compare CBC and CFB of block cipher in DES) or 128 bits (as in AES).
substituting each byte in the state matrix with a corresponding Security relies on the
*The combined block undergoes another permutation, this Cipher Block Chaining Cipher Feedback Key Size (k): Security relies on difficulty of
time using the PC-2 permutation table. byte from a fixed substitution table known as the S-box Feature (CBC) (CFB) The key size k is the length of the secret key used in the Feistel
(Substitution Box). The S-box is a key component in providing Security the secrecy of the mathematical
*The result is a 48-bit round subkey unique to each round. XOR of previous XOR of a portion of cipher. The choice of key size impacts the security of the Properties key problems, more
non-linearity to the encryption algorithm, enhancing its 9.distinguish
distinguish between a modern and a traditional symmetric
5.Repeating the Process: Feedback ciphertext block with previous ciphertext algorithm. Common key sizes are 56 bits (DES), 128 bits, or 256 resilient to key
resistance to various cryptographic attacks. The construction key cipher
*Steps 2 to 4 are repeated for a total of 16 rounds, generating Mechanism plaintext with plaintext bits. compromise
of the S-box involves several mathematical operations, Modern Traditional
16 different 48-bit round subkeys. Allows for Number of Rounds (r): Key distribution Easier key
including inversion, substitution, and affine transformation. Feature Symmetric Key Symmetric Key
The 48-bit round subkeys generated in the key schedule are Limited parallelization parallelization as The Feistel network consists of multiple rounds (r) of Key and management management with
Here's an overview of the construction process: Ciphers Ciphers
used during each round of the DES encryption process. They due to block blocks are processing. The number of rounds directly affects the Management pose challenges freely distributable
are combined with the 32-bit right half of the data block and 1.Substitution Operation: cryptographic strength and the complexity of the algorithm. A Latter half of the
Parallelization dependencies independent Before the mid mid- public keys
undergo a process called the Feistel function, which includes *The S-box is initialized as a 16x16 matrix. The entries in the S- higher number of rounds generally increase security but also Development Era 20th century and
Errors in one block Errors are contained 20th century Shared secret (if Public-private key pair
expansion, XOR with the round subkey, substitution, box are generated using the inverse function in the Galois field computational overhead.
beyond
Error affect subsequent within the affected compromised, (security relies on
permutation, and XOR with the left half of the data block. (GF(2^8)) and a fixed polynomial. F Function: Larger key sizes Shorter key Security Model
Propagation blocks block security is at risk) computational
*The element at position (i, j) in the S-box is determined by The F function is a critical component of each round in the Key Sizes (e.g., 128, 192, lengths, often
Requires padding for Padding is typically difficulty)
2.illustrate AES encryption in detail performing the substitution operation: S[i, j] = Feistel network. It takes one half of the data block and the 256 bits) fixed and limited
Padding the last block not required Frequently used,
The Advanced Encryption Standard (AES) is a widely used Inv(GF(2^8))(P(j) + C(i)), where P(j) is the multiplicative inverse subkey for the current round as inputs. The design of the F Simpler
Simple
Requires an IV for the Requires an IV, but Algorithm High algorithmic Hybrid Often
en not needed combining both types
symmetric encryption algorithm designed to replace the older of j in GF(2^8), C(i) is a constant determined by the affine function influences the algorithm's resistance to various algorithmic
Initialization first block to add its role is different Complexity complexity Cryptosystems for a balance of
Data Encryption Standard (DES). AES operates on fixed-size transformation, and Inv(GF(2^8)) is the inverse operation in attacks. The F function often includes operations such as structures
Vector randomness from CBC security and efficiency
blocks of data and supports key sizes of 128, 192, or 256 bits. GF(2^8). substitution, permutation, and mixing. Resistant to
Streaming May lack
Here's an illustration of the AES encryption process, focusing 2.Affine Transformation: Subkey Generation: advanced
applications Security Features robustness against
on a key size of 128 bits (AES-128): *The affine transformation is applied to each byte in the S-box The Feistel network requires subkeys for each round. The cryptanalysis
General-purpose block requiring real-time modern attacks 12.distinguish
distinguish between public and private keys in an
1.Key Expansion: to introduce diffusion and provide better cryptographic subkeys are derived from the main encryption key using a key methods
Use Cases cipher encryption processing asymmetric key cryptosystem
*The initial 128-bit key is expanded into a set of round keys properties. schedule or key expansion algorithm. The key schedule Both block and Predominantly
7.what is a product cipher Block and Stream Feature Public Key Private Key
using the key schedule. The key schedule generates a total of *The transformation involves a matrix multiplication with a determines how subkeys are generated for each round. stream ciphers are block ciphers or
fixed 8x8 binary matrix and an XOR operation with a fixed 8-bit A product cipher is a type of symmetric-key encryption Ciphers Kept confidential,
11 round keys, each of 128 bits. Round Function Order: common simple schemes Shared openly and
vector. algorithm that combines multiple transformations or Distribution known only to the
2.Initial Round Key Addition: The order in which the operations (e.g., substitution, Modern key distributed widely
encryption operations in a cascade or parallel structure to Manual key owner
*The plaintext block (128 bits) is XORed with the first round permutation, mixing) are applied in the F function can impact exchange
enhance the security of the overall encryption process. The Key Management distribution
key. the overall security and performance of the Feistel cipher. protocols (e.g.,
idea is to use several simpler cryptographic operations or methods Used for
3.Rounds: S-Boxes and P-Boxes: DH) Used for decrypting
ciphers in combination to create a more complex and secure Encryption encrypting
*AES operates on the plaintext in a series of rounds. The The design of substitution boxes (S-boxes) and permutation AES,ChaCha20, Caesar Cipher, messages or data
encryption scheme. Examples messages or data
number of rounds depends on the key size: 10 rounds for AES- boxes (P-boxes) used in the F function influences the Twofish playfair cipher
The product cipher concept was introduced as a way to Used for verifying Used for creating
128. mitigate the vulnerabilities of individual cryptographic algorithm's resistance to various cryptanalysis techniques. Authentication
*Each round consists of the following steps: Well-designed S-boxes contribute to confusion and diffusion in 10. explain why both substitution and transposition ciphers digital signatures digital signatures
techniques and provide a higher level of security. By Highly sensitive,
-SubBytes: the cipher. can be thought of permutations Security Non-sensitive,
sensitive, can
combining different encryption operations, a product cipher must be kept
*Non-linear substitution step where each byte in the state is Feistel Network Structure: 1.Reordering Elements: Implications be openly shared
aims to achieve properties such as confusion and diffusion, confidential
replaced with a corresponding byte from the S-Box. While the standard Feistel network involves dividing the block Both substitution and transposition ciphers involve reordering
making it more resistant to various cryptographic attacks.
-ShiftRows:A byte-shift operation is applied to each row of the into two halves, applying a function to one half, and XORing elements (characters or positions) in the plaintext to produce
The two main types of product ciphers are:
state. the result with the other half, variations in structure, such as the ciphertext.
1.Substitution-Permutation Networks (SPN):
-MixColumns:A mixing operation is applied to the columns of the use of multiple branches or additional layers, can be 2.Permutation Space:The
The set of all possible ciphertexts in both
*An SPN is a type of product cipher that involves alternating
the state. employed types of ciphers can be viewed as the space of permutations of
substitution and permutation (transposition) operations.
-Round Key Addition:The round key is XORed with the state.
7 8 9

13.define a state in AES Permutation

More complex with Initial *Sender uses the recipient's public key (e,n)) to encrypt the 4)ElGamal cryptosystem – Algorithm 5)KEY EXCHANGE USING ECC
Simple with e
In the context of AES (Advanced Encryption Standard), a Permutation, Expansion P- message M as C≡M modn. If p is a very large prime, e1 is a primitive root in the group
Complexity ShiftRows
"state" refers to the intermediate data structure during the box, and FinalPermutation are distinct and consist
ist of the integers from 1 through p - 1 in G = <Zp,*,x)and r is an integer, then e2 = e1r mod p is easy to
5.Decryption:
encryption or decryption process. AES operates on data 16.compare substitution in AES and DES some permutation. computeusing the fast exponential algorithm (square (square-and-
*Recipient uses their private key (d,n)) to decrypt the
blocks, and the state represents the internal arrangement of Aspect AES (SubBytes) DES (S-boxes) d For any integer b and a primitive root
roota of prime number p, we multiply method), butgiven e2, e1, and p, it is infeasible to
ciphertext C as M≡C modn.
the data within these blocks during various stages of the Operation Type SubBytes S-boxes can find a unique exponent i such that calculate r = loge1e2 mod p (discretelogarithm problem).
Example with p=13, q=17, and Public Key (e,n)=(35,
)=(35,n):
algorithm. The state allows AES to operate on fixed-size blocks Number of S- One S-box per Eight S-boxes per i = logab mod p
1. Calculate n=p×q=13×17=221.
of data in a structured and consistent manner, ensuring the Boxes round round 2. Calculate ϕ(n)=(p−1)×(q−1)=192.
security and efficiency of the encryption and decryption The exponent i is referred to as the discrete logarithm of b for
6x4 matrix structure 3. Choose e=35 (given).
processes. Fixed 8-bit the base a, mod p.
S-Box Structure (6 input, 4 output ≡1mod192. Solving for
4. Calculate d such that d×35≡1mod192.
14.compare AES and DES substitution table Diffie-Hellman
Hellman Key Exchange Algorithm:
bits) d(mod 192) yields d=11.
Aspect AES DES For this scheme, there are two publicly known numbers: a
Involves So, the private key of A is (d,n)=(11,221).
Symmetric-key Symmetric-key prime number q and an integer α that is a primitive root of q.
Type mathematical Nonlinear mappings 2) man in the middle
block cipher block cipher Suppose the users A and B wish to exchange a key K. User A
Construction operations like 1.Darth prepares by creating two private/public keys
Block Size 128 bits (fixed) 64 bits (fixed) selects a random integer XA< q and computes YA. Similarly,
modular arithmetic 2.Alicee transmits her public key to bob
56 bits (effective user B independently selects a random integer XB< q and
128, 192, or 256 and inversion 3.Darth intercepts this and transmits his first public key to Bo.
Key Size key size, 64 bits computes YB. Each side keeps the X value private and makes
bits Size of Each S- 256 bytes (16x16 64 bytes (8 S-boxes Darth also calculates a shared key with Alice
total) the Y value available publicly to the other side. The whole
Box matrix) with 6x4 matrices) 4.Bob receives the public key and calculates the shared key
Key expansion algorithm can be summarized as follows:
Key expansion Provides non- (with Darth instead of Alice)
Key Expansion based on 56-bit Emphasizes 5.Bob transmits his public key to alice
based on key size linearity, bit
key Bit maximizing bit 6.Darth intercepts this and transmits his secod public key to
independence not as
Vulnerable to Independence independence in S- alice. Darth calculates a shared key with bob
Strength Highly secure pronounced as in
brute-force attacks box design 7.alice receives the key and calculates the shared key(with
AES
Key Length vs. Key length Key length less Part of the darth instead of bob )
Block Size matches block size than block size Used within the Darth can then intercept, re-encrypt,
encrypt, forward all messages
substitution-
Deprecated due to Usage in Feistel network between alice& bob
Widely used and permutation
Current Status vulnerability to Algorithm structure
considered secure network (SPN)
attacks structure
Substitution- Fixed S-boxes with a
Algorithm Fixed S-box with a
Permutation Feistel Network Flexibility specific standard
Structure specific design
Network (SPN) design
10 rounds for 128- S-boxes provide non-
bit keys, 12 rounds More complex S- linearity, less
Rounds for 192-bit keys, 16 rounds Complexity box design to emphasis on bit
14 rounds for 256- enhance security independence
bit keys compared to AES
Generally faster ***************************************************
Speed Slower than AES
than DES MODULE 3
Widely adopted in Deprecated in 1.Explain RSA cryptosystem. In an RSA cryptosystem A uses
Adoption various favor of more two prime numbers p=13 and q=17 to generate public and
applications secure algorithms private key. The public key os A is 35 find the private key of A.
Official standard Official standard The RSA cryptosystem is a widely used public-key encryption
Standardization
by NIST since 2001 by NIST since 1977 algorithm for secure data transmission. It relies on the
Key expansion Key expansion mathematical properties of large prime numbers. Here's an
Key Generation based on chosen based on the 56- overview of the RSA cryptosystem and the steps to find the
key size bit key private key in your example:
Supports various Supports various RSA Cryptosystem Overview:
Key Modes modes (e.g., CBC, modes (e.g., CBC, 1.Key Generation:
GCM) ECB) *Choose two distinct large prime numbers, denoted as p and
q.
15.compare permutation and round keys in AES and DES *Compute n=p×q, where n is used as the modulus for both the
Aspect AES DES public and private keys.
Initial Permutation, *Calculate ϕ(n)=(p−1)×(q−1), where ϕ is Euler's totient
Permutation in
ShiftRows Expansion P-box, Final
3) DIFFIE HELLMAN KEY EXCHANGE
Operation function. Diffie-Hellman Key Exchange:
Permutation 2.Public Key (e, n):
Permutation Diffusion and Rearrangement and It is a protocol that enables two users to establish a secret key
*Select a public exponente such that 1<e<ϕ(n) and e is using a public-key
key scheme based on discrete logarithms. The
Effect confusion in state expansion of bits
coprime to ϕ(n). Common choices include 3 or 65537. protocol is secure only if the authenticity of the two
Round Key Key schedule
Key schedule derivation *The public key is (e,n). participants can be established.
Generation derivation
3.Private Key (d, n): Primitive Root:
Number of 10, 12, or 14 keys 16 keys derived from the ---1
*Calculate the private exponent d such that d≡e modϕ(n), A primitive root of a prime number p as one whose powers
Round Keys based on key size original key
XORed with the XORed with the expanded
i.e., d×e≡1modϕ(n). modulo generate all the integers from 1 to p-1.. That is, if a is a
Round Key *The private key is(d,n).
state during half-block during each round primitive root of the prime number p,, then the numbers
Application 4.Encryption:
AddRoundKey in Feistel network

10 11 12

2.listthe security services provided by a digital signature 3)define RSA digital signature Authentication: Digital signatures generated with the private unauthorized access to a system or to disrupt communication. party keeps track of used nonces and rejects any repeated
Authentication: RSA (Rivest-Shamir-Adleman) is a widely used public-key key can be verified using the corresponding public key, Here are some examples of replay attacks: values.
Verification of Sender: Digital signatures authenticate the cryptosystem that can be employed for secure communication providing authentication. Passive Replay Attack: Advantages: Nonces help prevent replay attacks by ensuring
identity of the sender. The recipient can verify that the and digital signatures. An RSA digital signature is a Key Exchange: RSA facilitates secure key exchange in Scenario: An attacker intercepts network traffic containing that each piece of data has a unique identifier that is not
message was indeed signed by the claimed sender. cryptographic technique that uses the principles of RSA to sign communication protocols, enabling the establishment of authentication credentials. reused.
Integrity: digital messages, providing a way to verify the authenticity and shared symmetric keys for further secure communication. Replay: The attacker later retransmits the captured credentials Considerations: Proper handling and storage of nonces are
Detection of Alterations: Digital signatures ensure the integrity of the message. to gain unauthorized access to a system. essential to prevent unintended reuse.
integrity of the signed data. If any part of the message is Here's how RSA digital signatures work: 5)Mention three variations of digital signatures Authentication Token Replay: Sequence Numbers:
altered or tampered with, the signature verification will fail. 1.Key Generation: 1.Elliptic Curve Digital Signature Algorithm (ECDSA): Scenario: A user logs in and receives an authentication token. Approach: Assign a unique sequence number to each
Non-Repudiation: The entity generating the signature (signer) has a key pair: a Key Feature: ECDSA is based on elliptic curve cryptography Replay: An attacker intercepts the authentication token and transmitted message. The receiving party keeps track of the
Prevention of Denial: Digital signatures provide non- non private key (kept secret) and a corresponding public key. (ECC), which utilizes the mathematics of elliptic curves over later uses it to impersonate the user without knowing the expected sequence number and rejects messages with out-of-
repudiation, meaning ing the sender cannot later deny having 2.Signature Generation (Signing): finite fields. actual credentials. sequence or repeated numbers.
signed the message. This helps establish accountability. To sign a message, the signer applies a mathematical function Advantages: ECDSA offers the same level of security as Transaction Replay in Financial Systems: Advantages: Sequence numbers help prevent replay attacks by
Data Origin Authentication: to a hash value of the message using their private key. The traditional RSA-based digital signatures but with shorter key Scenario: A financial transaction is conducted online, and the enforcing the correct order of messages and rejecting
Confirmation of Source: Digital signatures confirm the source hash function condenses the message into a fixed-size hash lengths, making it more efficient in terms of computational transaction details are sent over the network. duplicates.
of the data. The recipient can trust that the data originated value. resources and bandwidth. Replay: The attacker intercepts and retransmits the Considerations: Secure transmission of the sequence numbers
from the claimed sender. 3.Verification: 2.Digital Signature Algorithm (DSA): transaction details to execute the same financial transaction is crucial, and mechanisms should be in place to handle
Tamper Detection: Anyone with access to the public key can verify the signature. Key Feature: DSA was developed by the National Institute of multiple times. potential gaps or resets.
Detection of Changes: Any unauthorized changes to the The verifier applies the corresponding mathematical function Standards and Technology (NIST) and is specified in the Digital Replay of Remote Control Signals: 9)what is suppress-replay attack
signed data, even a single bit, will be detected during th the to the received message's hash value using the public key. If Signature Standard (DSS). Scenario: Infrared signals from a remote control are A suppress-replay attack, also known as a replay suppression
signature verification process. the result matches the signature, the message is considered Advantages: DSA is specifically designed for digital signatures intercepted. attack, is a type of security threat where an attacker attempts
Time-Stamping: authentic and unaltered. and is faster than RSA for signature generation. It is commonly Replay: The attacker retransmits the intercepted signals to to prevent the detection or mitigation of replayed data. In a
Recording Time of Signature: Digital signatures can be time- time used in government and financial applications. remotely control a device, such as a smart home system or a suppress-replay attack, the goal is not necessarily to replay
stamped, providing evidence of when the signature was 4.define RSA cryptosystem 3.Lattice-based Digital Signatures: television. data maliciously, but rather to suppress or evade mechanisms
applied. This is crucial for legal and regulatory compliance. he RSA (Rivest-Shamir-Adleman) cryptosystem is a widely used Key Feature: Lattice-based cryptography relies on the Network Session Hijacking: designed to detect and prevent replay attacks.
Key Pair Security: and influential public-key encryption and digital signature mathematical structure of lattices for security. Scenario: An attacker intercepts a session cookie or token Here's a general overview of how a suppress-replay attack
Protection of Private Key: The security of digital signatures algorithm. It was introduced in 1977 by Ron Rivest, Adi Shamir, Advantages: Lattice-based digital signatures are believed to be during an established session between a user and a server. might occur:
relies on the protection of the private key. Asymmetric key and Leonard Adleman. RSA is named after the initials of its resistant to attacks by quantum computers, providing post- Replay: The attacker replays the intercepted session identifier 1.Capture of Data:
pairs ensure that only the possessor of the private key can inventors. quantum security. As quantum computers pose a potential to gain unauthorized access to the user's session. The attacker intercepts or captures valid data exchanged
generate a valid signature. Here's an overview of how the RSA cryptosystem works: threat to certain classical cryptographic systems, post- Message Replay in IoT Devices: between two parties, such as network messages,
Efficient Key Distribution: 1.Key Generation: quantum cryptography is an area of active research, and Scenario: Commands sent to Internet of Things (IoT) devices authentication tokens, or any information susceptible to
*************************************************** Public Key Distribution: Digital al signatures leverage public
public-key *Each user in the RSA system generates a pair of keys: a public lattice-based schemes are among the candidates. are intercepted. replay.
MODULE 4 cryptography, allowing the distribution of public keys for key and a private key. 6) properties of a digital signature Replay: The attacker retransmits the intercepted commands, 2.Replay of Captured Data:
1.compare and contrast a conventional signature and a digital signature verification without compromising security. *The public key is shared openly, while the private key is kept 1.Authentication: potentially causing unauthorized actions in the controlled Instead of immediately replaying the captured data, the
signature Adaptability to Various Documents: confidential. Definition: A digital signature authenticates the identity of the devices. attacker holds onto it temporarily and refrains from replaying
Conventional Applicability to Different Data Types: Digital signatures can be 2.Public Key Encryption: signer or sender. VPN Replay Attacks: it immediately.
Aspect Digital Signatures
Signatures applied to o various types of digital data, including emails, *The public key is used for encryption. If User A wants to send 2.Integrity: Scenario: An attacker intercepts encrypted VPN traffic. 3.Timing:
Handwritten Generated,electronically
electronically documents, code, and more. a confidential message to User B, User A uses User B's public Definition: A digital signature ensures the integrity of the Replay: The attacker replays the intercepted encrypted The attacker carefully selects the timing for replaying the
Nature on physical using cryptographic Certificate Authorities (CAs): key to encrypt the message. signed data. packets to gain unauthorized access to the VPN-protected captured data. This timing is chosen strategically to evade
documents algorithms Trust via Certification: Certificates issued by trusted Certificate 3.Private Key Decryption: 3.Non-Repudiation: network. detection mechanisms.
Individual Authorities validate the association between a public key and *The corresponding private key is used for decryption. Only Definition: Non-repudiation means the signer cannot later Challenge-Response Replay: 4.Evading Detection:
Authentication
handwriting Public-key
key cryptography its owner, enhancinging trust in the digital signature. User B, who possesses the private key, can decrypt the deny their involvement in signing the message. Scenario: A system uses challenge-response authentication. By delaying the replay of the captured data, the attacker aims
Mechanism
characteristics Revocation Mechanism: message encrypted with their public key. 4.Tamper Detection: Replay: An attacker intercepts the challenge and response, to evade or suppress mechanisms implemented by the system
Highly secure with proper Invalidation of Compromised Keys: Digital signatures often 4.Digital Signatures: Definition: Digital signatures detect any changes or tampering then later replays them to authenticate without going through to detect and prevent replay attacks. This could include
Vulnerable to implementation of incorporate revocation mechanisms to invalidate *RSA is also used for digital signatures. The sender signs a with the signed data. the proper challenge-response process. measures like timestamp checks, nonces, or sequence number
Security
forgery cryptographic algorithms compromised or no longer trusted private keys. message with their private key, and the recipient can verify the 5.Time-Stamp: 8)three general approaches to delaying with replay attacks verification.
and key management Forward Secrecy: signature using the sender's public key. Definition: A digital signature can be time-stamped to indicate Dealing with replay attacks typically involves implementing 5.Unauthorized Access or Manipulation:
Manual Security Against Future Compromises:
promises: Regularly updating key 5.Mathematical Operations: when the signature was applied. countermeasures that prevent or detect and mitigate the Once the timing is opportune, the attacker replays the
Electronic verification using
Verification verification pairs and using secure cryptographic algorithms contribute to *RSA's security is based on the difficulty of factoring the 6.Key Pair Security: impact of replayed data. Here are three general approaches to captured data. This could lead to unauthorized access,
public keys
forward secrecy, minimizing the impact of a compromised key. product of two large prime numbers. Definition: The security of a digital signature relies on the addressing replay attacks: manipulation of system states, or other malicious actions, and
Limited *The encryption and decryption processes involve modular protection of the private key. Timestamps and Time-based Checks: the delayed replay might make it more challenging for the
Alteration Robust detection of any
detection exponentiation with large integers. 7.Efficient Key Distribution: Approach: Include timestamps in the transmitted data to system to recognize the attack.
Detection changes in the document
capabilities 6.Key Exchange: Definition: Digital signatures support efficient distribution of indicate the time of creation. On the receiving end, validate ***************************************************
Strong non
non-repudiation, *RSA is often used in secure communication protocols for key public keys. the timestamp and reject data that is too old or too far in the
Non- Limited non-
making it difficult for the exchange. For example, it is used in the initial phase of the 8.Adaptability to Various Documents: future.
repudiation repudiation
signer to deny involvement TLS/SSL protocol to exchange symmetric keys securely. Definition: Digital signatures can be applied to various types of Advantages: This approach helps mitigate replay attacks by
Technology Independent Relies on techno
technology and The RSA cryptosystem provides the following key features: digital data, including emails, documents, software, and more. ensuring that data is only considered valid within a certain
Dependence of technology cryptographic algorithms Public-Key Infrastructure: The use of asymmetric key pairs 9.Forward Secrecy: time window.
Higher risk of Lower risk of forgery when allows for secure communication without the need for a Definition: Forward secrecy minimizes the impact of a Considerations: Proper time synchronization between
Forgery Risk shared secret key. compromised key by regularly updating key pairs. communicating parties is crucial for the effectiveness of this
forgery implemented securely
Commonly Widely used for electronic Confidentiality: Messages encrypted with the public key can 7)examples of replay attacks approach.
used for transactions, contracts, only be decrypted by the corresponding private key, providing A replay attack is a type of network attack in which an attacker Nonce (Number Used Once) Implementation:
Use Cases confidentiality. intercepts and maliciously retransmits data that was Approach: Include nonces in the communication. A nonce is a
physical and digital
exchanged between two parties. The goal is to either gain random or unique value that is used only once. The receiving
13 14 15

MODULE 5 Benefit: One of the primary advantages of an Intrusion 4)difference between statistical anomaly detection and rule 6)difference between rule based anomaly detection and rule 7)what is a honeypot Implementation: Implement 2FA or MFA, where users need to
1)list and briefly define three classes of intruders Detection System is its ability to detect and alert on potential based intrusion detection based penetration identification A honeypot is a security mechanism designed to deceive and provide a second form of authentication, such as a one-time
1.Masquerader: security incidents in real-time or near real-time. Statistical Anomaly Rule-Based Intrusion Rule-Based Rule-Based Penetration detect unauthorized access or attacks on a network or system. code from a mobile app, a hardware token, or biometric data
Aspect
A masquerader is an intruder who disguises their identity to How it Helps: Detection Detection Aspect Anomaly Identification It is essentially a decoy system or set of resources that is (fingerprint, facial recognition) in addition to their password.
gain unauthorized access to a system or network. This involves Identifying Anomalies: IDS monitors network and system Rely on statistical Use predefined rules or Detection (Hypothetical) intentionally made vulnerable to attract and study malicious This significantly strengthens the overall security of user
pretending to be a legitimate user or system to avoid activities, looking for deviations from established baselines or Detection models to define signatures to identify Abnormal activities. The primary purpose of a honeypot is to: accounts.
detection. Masqueraders often use stolen credentials or predefined patterns. Unusual behavior or patterns indicative Approach normal behavior and known attack patterns Focus of patterns or Characteristics consistent Deception: Honeypots appear to be valuable targets, enticing 4.Password Blacklisting:
employ various techniques to appear as an authorized entity. of an attack can be detected early. identify deviations. or behaviors. Detection behaviors in the with penetration testing. attackers to interact with them, diverting their attention away Definition: Maintain a list of known weak or compromised
2.Misfeasor: Signature-based Detection: IDS uses predefined signatures or More adaptable to system. from critical systems. passwords and prevent users from selecting or changing their
A misfeasor is an intruder who gains unauthorized access to a patterns associated with known threats. If it identifies a Less flexible and Detection: By monitoring the honeypot's activity, security passwords to these insecure options.
changes in the Rules based on
system or network with the intention of causing harm or match, it can promptly alert security personnel. Flexibility and requires regular Rules designed to recognize professionals can gather information about the tactics, Implementation: Regularly update a blacklist of commonly
environment and Rule expected or
disrupting its normal functioning. Unlike a masquerader, a 2.Reduced Dwell Time and Incident Response Time: Adaptability updates to rule sets for penetration testing techniques, and procedures (TTPs) used by attackers, as well used passwords, easily guessable passwords, and those
new attack Definition normal
misfeasor may not necessarily hide their identity and may act Benefit: IDS helps minimize the dwell time—the duration an new threats. activities. as potential vulnerabilities they may be exploiting. identified in data breaches. When users attempt to change
techniques. behavior.
openly to compromise or manipulate data, introduce malware, attacker goes undetected within a system or network—and Well-suited for Deviations from Honeypots come in various types, including: their password or set a new one, check against the blacklist
or carry out other malicious activities. accelerates incident response. Effective when dealing Recognition of patterns Low-Interaction Honeypots: These emulators simulate and reject passwords that appear on it.
dynamic Triggering established
3.Clandestine User: How it Helps: with known attack indicating penetration vulnerabilities at a basic level, allowing for minimal interaction
Use Cases environments where Alerts rules trigger
A clandestine user is an intruder who accesses a system or Quick Identification: By detecting anomalies or known attack patterns and stable testing activities. with attackers. They are less resource-intensive and are often 9)what is the role of compression and encryption operation of
normal behavior may alerts or alarms.
network without proper authorization but does so with the signatures promptly, IDS contributes to the swift identification network environments. used to detect automated attacks. a virus
vary over time. Identifying
intention of remaining undetected. Clandestine users aim to of security incidents. Distinguishing between High-Interaction Honeypots: These are real systems with real 1.Compression:
May generate false May generate fewer deviations that
maintain a low profile, avoiding activities that might trigger Immediate Alerts: IDS generates alerts, allowing security authorized penetration vulnerabilities, providing a more realistic environment for Role: Compression is the process of reducing the size of files
positives if the false positives for Purpose may indicate
alarms or attract attention. They often engage in unauthorized teams to respond quickly to potential threats, mitigate risks, testing and unauthorized attackers. While they carry a higher risk, they offer more or data. In the context of a virus, compression can be
False baseline is not known threats but may security threats
access for information gathering, espionage, or other covert and prevent further damage. penetration attempts. detailed insights into attacker behavior. employed to make the malicious code more compact and less
Positives accurately defined or miss new or custom or anomalies.
purposes. 3.Enhanced Security Posture and Policy Enforcement: if there are legitimate attacks. Requires Various metrics Metrics related to activities Honeypots can be classified based on their deployment within conspicuous.
Benefit: IDS contributes to a proactive security posture by variations. updates and tuning. Metrics (e.g., network associated with penetration a network: Purpose:
2)what are the two common techniques to protect a password enforcing security policies and ensuring compliance with Limited to detecting Considered traffic, system testing (e.g., scanning, Production Honeypots: Placed alongside actual production Stealth: Compressed code may be more challenging to detect
file established guidelines. Known vs. Effective at detecting systems, these honeypots help detect and deflect attacks by traditional antivirus scanners because the compressed file
known threats, may resource usage). vulnerability testing).
1.Password Hashing: How it Helps: Unknown previously unknown targeting the entire network. may not exhibit typical patterns associated with known
miss new or May need
Technique: Instead of storing passwords in plaintext, a secure Policy Violation Detection: IDS can identify activities that Threats or zero-day attacks. May require adjustments to Research Honeypots: Isolated from the production malware.
sophisticated attacks. regular updates
cryptographic hash function is applied to the passwords, and violate security policies, helping organizations maintain rules based on changes in environment, these honeypots are set up for research Payload Concealment: Compressing the payload of a virus can
A series of failed login Adaptability for evolving
only the hash values are stored in the password file. compliance and adhere to best practices. penetration testing purposes, allowing in-depth analysis of attacker behavior help conceal its true nature and make it more challenging for
An increase in attempts from a single normal
Advantages: Configurable Policies: Administrators can configure IDS to methodologies. without risking the security of critical systems. security systems to identify and analyze.
outbound network IP address within a behavior.
Reduced Exposure: Even if an attacker gains access to the monitor specific activities or behaviors based on organizational Example Key characteristics and uses of honeypots include: 2.Encryption:
traffic is flagged as an short time is flagged as Detecting
password file, they only obtain hashed values, making it more policies, providing flexibility in addressing evolving security Identifying and Early Warning System: Honeypots can serve as anearly Role: Encryption involves encoding data in such a way that
anomaly. a potential brute force anomalies
challenging to retrieve the original passwords. needs. categorizingactivities warning system by detecting attacks before they reach critical only authorized parties with the decryption key can access the
attack. Use Case indicative of
Collision Resistance: A good hash function should be collision- 4.Forensic Analysis and Incident Investigation: relatedto penetration systems. original content.
5)what matrices are useful for profile based intrusion potential
resistant, meaning different passwords produce different hash Benefit: IDS logs and records information about detected testing. Research and Analysis: Security professionals use honeypots Purpose:
detection security threats.
values. events, facilitating post-incident analysis, forensic Counter: A nonnegative integer that may be incremented but May generate Should be designed to avoid to study the tactics, tools, and procedures employed by PayloadProtection: Encrypting the virus payload helps protect
Considerations: investigations, and the identification of the root causes of not decremented until it is reset by management action. False false positives if false positives attackers, enhancing threat intelligence. it from being easily analyzed by security researchers or
Salt: To enhance security, a unique random value called a security incidents. Typically, a count of certain event types is kept over a Positives rules are not for authorized penetration Deception and Diversion: Honeypots divert attackers away detected by antivirus solutions.
"salt" is often added to each password before hashing. This How it Helps: particular periodof time. Examples include the number of finely tuned. testing activities. from valuable assets, buying time for security teams to Stealth: Encrypted code is often more difficult to recognize as
helps prevent attackers from using precomputed tables Log Retention: IDS maintains logs of detected events, including logins by a single user during an hour, the number of times a respond and mitigate potential threats. malicious because it appears as garbled or nonsensical data
(rainbow tables) for common passwords. details about the nature of the incident, source and given command is executed during a single user session, and until decrypted.
2.Key Derivation Functions (KDFs): destination addresses, and timestamps. the number of password failures during a minute. 8) Define 4 techniques to avoid guessable passwords 3.Polymorphic Techniques:
Technique: Key derivation functions, such as bcrypt, scrypt, or Forensic Evidence: Security teams can use IDS logs to Gauge: A nonnegative integer that may be incremented or 1.Password Complexity Requirements: Role: Some advanced viruses employ polymorphic techniques,
Argon2, are designed to slow down the process of password reconstruct the sequence of events leading to a security decremented. Typically, a gauge is used to measure the Definition: Enforce rules that mandate the use of complex which include both compression and encryption, to
cracking by introducing computational and memory-intensive incident, aiding in forensic analysis and compliance reporting. current value of some entity. Examples include the number of passwords, including a combination of uppercase and dynamically alter their code with each infection.
operations. logical connections assigned to a user application and the lowercase letters, numbers, and special characters. Purpose:
Advantages: number of outgoing messages queued for a user process. Implementation: Require passwords to meet certain length EvadingDetection: Polymorphic viruses change their
Resistance to Brute Force Attacks: The increased Interval timer: The length of time between two related events. criteria and include a mix of character types. For example, a appearance each time they infect a new system, making it
computational cost makes brute force attacks significantly An example is the length of time between successive logins to password policy might enforce a minimum length of 12 challenging for signature-based antivirus solutions to keep up.
more time-consuming and resource-intensive. an account. characters with at least one uppercase letter, one lowercase PersistentThreat: The dynamic nature of polymorphic viruses
Adaptability: KDFs can be tuned to adjust the computational Resource utilization: Quantity of resources consumed during a letter, one digit, and one special character. allows them to adapt and remain persistent in the face of
effort required, providing a balance between security and specified period. Examples include the number of pages 2.Password History and Expiry: security measures.
system performance. printed during a user session and total time consumed by a Definition: Implement policies that track password history and 10)what are the typical phases of operation of a virus or worm
Considerations: program execution. force users to change their passwords regularly. 1.Dormant Phase:
Parameters: The security of KDFs often depends on the Implementation: Maintain a history of previous passwords, Description: In this phase, the virus or worm is inactive and
appropriate choice of parameters, such as iteration count, preventing users from reusing recent passwords. Additionally, does not exhibit malicious behavior. It may be dormant for a
memory cost, and parallelization factor. set password expiration policies to prompt users to change specific period, triggered by a specific event, or activated by a
their passwords at regular intervals (e.g., every 90 days). command from the attacker.
3)what are the three benifits that can be provided by an 3.Two-Factor Authentication (2FA) or Multi-Factor 2.Propagation Phase:
intrusion detection system Authentication (MFA): Description: The malware begins to spread or propagate to
1.Early Detection of Security Incidents: Definition: Enhance password security by requiring additional other systems. This phase involves the infection of files,
authentication factors beyond a password. network resources, or other targets to facilitate the spread of
the malicious code to additional hosts.

16 17

3.Triggering Phase: Network Propagation: 13)what is DDoS desensitized or may spend valuable time investigating non-
Description: The virus or worm is activated based on a specific Exploiting Network Vulnerabilities: Worms leverage network DDoS stands for Distributed Denial of Service, and it refers to a threats.
trigger or condition. This trigger could be a particular date, a vulnerabilities to move from one system to another. This may type of cyberattack in which multiple compromised computers Countermeasures: To reduce false positives, administrators
specific event, user actions, or other predefined criteria. Once involve exploiting unpatched software, weak passwords, or (often a network of bots or botnet) are used to flood a target may need to fine-tune the IDS rules, adjust sensitivity settings,
triggered, the malicious payload is executed. other security weaknesses. system, service, or network with an overwhelming volume of or implement additional filtering mechanisms.
4.Execution Phase: Automated Scanning: traffic. The objective of a DDoS attack is to disrupt the normal 2.False Negatives:
Description: This is the phase where the actual malicious Discovery of New Targets: Worms typically include scanning functioning of the targeted resource, rendering it temporarily Definition: A false negative occurs when the IDS fails to detect
payload is executed. The virus or worm carries out its intended mechanisms to identify potential targets on the network. They or indefinitely unavailable to its users. actual malicious activity, thereby missing a real security threat.
actions, which may include damaging files, stealing may use techniques like port scanning to locate systems with Here are key characteristics and aspects of DDoS attacks: Example: If an IDS fails to generate an alert for a genuine
information, or disrupting system functionality. specific vulnerabilities. Distributed Nature:DDoS attacks involve multiple sources or intrusion attempt, allowing the malicious activity to go
5.Concealment Phase: Remote Code Execution: machines, often spread across the globe. These sources undetected, it is considered a false negative.
Description: To avoid detection and removal, the malware may Exploiting Remote Systems: Once a vulnerable system is collectively form a network of compromised devices, known as Impact: False negatives are more critical because they
employ various techniques to conceal its presence. This can identified, the worm exploits the vulnerability to execute code a botnet, which is orchestrated to launch the attack. represent instances where the IDS fails to detect actual
include encryption, polymorphic code, or rootkit capabilities on the remote system. This allows the worm to gain control Denial of Service:The primary goal of a DDoS attack is to deny security threats. This can lead to undetected intrusions, data
to hide from antivirus and security tools. and initiate the infection process on the new target. access to a particular service, website, or network resource. By breaches, or other malicious activities going unnoticed.
6.Propagation to New Targets: Propagation Channels: overwhelming the target with a massive volume of traffic, the Countermeasures: To reduce false negatives, administrators
Description: The malware continues to spread to new hosts, Email: Worms may use email attachments or links to attackers aim to exhaust its resources, causing it to become should regularly update and fine-tune the IDS rules, ensure
either locally or across networks. This phase is critical for the propagate, tricking users into opening infected files or clicking slow, unresponsive, or entirely unavailable. the system has signatures for the latest threats, and consider
malware's survival and expansion. on malicious links. Attack Vectors:DDoS attacks can take various forms, utilizing employing multiple detection techniques.
7.Payload Delivery: File Sharing: Worms can spread through shared files or different attack vectors. Common attack vectors include: 15)difference between direct DDoS attack and a reflector
Description: Some viruses or worms carry a payload designed network drives, infecting files on connected systems. Volume-Based Attacks: Flooding the target with a high volume DDoS attack
to perform specific actions beyond self-replication. This Internet Services: Worms may exploit vulnerabilities in web of traffic (e.g., UDP or ICMP floods). Aspect Direct DDoS Attack Reflector DDoS Attack
payload could involve activities such as data theft, launching servers, FTP servers, or other internet-facing services to Protocol Attacks: Exploiting weaknesses in network protocols Amplified and
Originates directly
additional attacks, or establishing backdoors for remote propagate. (e.g., SYN/ACK or Ping of Death attacks). reflected through
from compromised
access. Payload Activation: Application Layer Attacks: Targeting vulnerabilities in web Traffic Source third-party systems
devices controlled
8.Persistence: Trigger Event: Some worms are designed to activate their applications or services, overwhelming them with requests unwittingly exploited
by the attacker.
Description: The malware seeks to establish persistence on payload at specific times or based on certain conditions. The (e.g., HTTP floods). by the attacker.
infected systems, ensuring that it remains on the target even payload could include malicious actions such as data deletion, Botnets:Botnets are networks of compromised computers or Exploitsthe
after a system reboot or attempts at removal. This may involve system disruption, or the installation of additional malware. devices that are under the control of a single attacker (or a Relies on the
amplification potential
modifying system settings, registry entries, or other Stealth and Evasion: group). These compromised devices, often infected with volume of devices
Amplification of reflector systems to
configurations. Concealment Techniques: Worms often use techniques to malware, are used to launch DDoS attacks collectively. in the botnet to
Factor magnify the volume of
9.Update and Adaptation: evade detection and removal. This may include encryption, Amplification:Some DDoS attacks leverage amplification generate a large
traffic.
Description: Some sophisticated malware can update itself or polymorphic code, or other methods to conceal their techniques to increase their impact. For example, an attacker volume of traffic.
receive new instructions from a remote command and control presence. may use open DNS resolvers or other services to amplify the Detection involves Detection can be
(C2) server. This allows the malware to adapt to changes in the Propagation Cycle: volume of traffic sent to the target. monitoring challenging as attack
environment, evade detection, or acquire new capabilities. Continuous Replication: The propagation cycle continues, with Duration:DDoS attacks can be short-lived, lasting for a few Detection patterns of traffic traffic is reflected from
10Remote Control (Optional): the worm continually seeking new targets, exploiting minutes, or they can be prolonged over an extended period, Challenges and identifying third-party systems,
Description: Certain malware, particularly worms, may vulnerabilities, and replicating itself to further spread across depending on the attackers' goals and resources. anomalies from making tracing more
establish remote control capabilities, allowing attackers to the network. Motivations:DDoS attacks can be motivated by various factors, the source. difficult.
manipulate the infected systems remotely. This enables the 12)what is digital immune system including financial gain, revenge, competition, hacktivism, or Traffic directly Attack traffic may
execution of additional commands or the deployment of A Digital Immune System refers to a concept inspired by the simply to create disruption and chaos. Traffic generated by the appear more
secondary payloads. human immune system, adapted to the realm of information Mitigation:Organizations employ DDoS mitigation strategies Characteristics compromised distributed as it is
11)how does a worm propagate technology and cybersecurity. The idea is to create a and tools to protect their networks and services. These may devices in the reflected from various
A worm is a type of malicious software that is designed to self- cybersecurity framework that can detect, respond to, and include traffic filtering, rate limiting, and the use of specialized attacker's control. third-party systems.
replicate and spread across computer networks without mitigate threats in a manner similar to how the human body's DDoS mitigation services. Involves identifying
requiring user intervention. Worms typically exploit immune system defends against infections and diseases. The Requires filtering
and mitigating the
vulnerabilities in software or use social engineering tactics to digital immune system aims to provide adaptive and proactive 14)what are false positives and negatives in the context of and blocking traffic
Mitigation exploited reflector
trick users into executing them. The propagation of a worm defense mechanisms against a wide range of cyber threats. intrusion detection system from the identified
Strategies systems, implementing
involves several stages: In the context of an Intrusion Detection System (IDS), false sources of the
rate limiting, and
Entry: positives and false negatives are terms used to describe errors attack.
filtering traffic.
Vulnerability Exploitation: Worms often target vulnerabilities in the system's detection and reporting capabilities. These Using open DNS
in operating systems, applications, or network services. They terms are crucial for evaluating the performance and Flooding a website
resolvers or other
use exploits to take advantage of these weaknesses and gain effectiveness of an IDS. server with a
services to send small
unauthorized access to a system. 1.False Positives:Definition: A false positive occurs when the Example massive volume of
requests, which are
Infection: IDS incorrectly identifies normal or legitimate activity as traffic directly from
reflected and amplified
Payload Execution: Once a worm gains access to a system, it malicious or indicative of an intrusion. a botnet.
towards the target.
executes its payload. The payload may include the actual Example: If an IDS generates an alert for legitimate user
worm code and additional components designed to facilitate activity, such as accessing a specific file or using a certain
replication and further actions. network protocol, when no malicious activity is occurring, it is
Replication: considered a false positive.
Self-Copying: The worm creates copies of itself, often by Impact: Too many false positives can lead to alert fatigue
attaching its code to other files or by creating new files. It may among security personnel. If the system generates numerous
also use various propagation mechanisms to spread to other alerts for non-malicious events, security analysts may become
systems.