Define – Steganography

Steganography is defined as a method of hiding secret data by embedding it into an audio, video, image
or text file. It is one of the methods employed to protect secret or sensitive data from malicious attacks.
Distinguish between active and passive attacks.
Active Attacks Passive Attacks
Active attacks are attacks that involve some Passive attacks are attacks that are in the
modification of the data stream or the creation nature of eavesdropping on, or monitoring of,
of a false stream. transmissions. The goal of the opponent is to
obtain information that is being transmitted.
Four types of active attacks are masquerade, Two types of passive attacks are release of
replay, modification of messages, and denial message contents and traffic analysis.
of service.
Active attacks are difficult to prevent because Passive attacks are difficult to detect, because
of the wide variety of potential physical, they do not involve any alteration of the data.
software and network vulnerabilities.

What are birthday attacks?

Birthday attacks are cryptographic attacks that belong to a class of brute force attacks. It exploits the
mathematics behind the birthday problem in probability theory. It is a cryptanalytic attack that attempts to
find two values in the domain of a function that map to the same value in its range.

Find the Greatest Common Divisor of 68 and 8 using Euclidean algorithm.

Euclidean formula: GCD (m, n) = GCD (n, m mod n), if n = 0, then return m as answer
Example:
GCD (68, 8) = GCD (8, 68 mod 8) = GCD (8, 4)
GCD (8, 4) = GCD (4, 8 mod 4) = GCD (4, 0) = 4

List the parameters (block size, key size and number of rounds) for AES versions. (A/M−18)
S. No. AES version / Block size Key size Number of Rounds
1 AES – 128 11 10
2 AES – 192 13 12
3 AES – 256 15 14

List the parameters of AES.

Parameters of AES
1) Key size (words / bytes / bits)
2) Plaintext Block Size (words /bytes /bits)
3) Number of Rounds
4) Round Key Size (words / bytes /bits)
5) Expanded Key Size (words / bytes)

What is SDES?
Simplified Data Encryption Standard (S-DES) is a simple version of the DES Algorithm. It is similar to
the DES algorithm but is a smaller algorithm and has fewer parameters than DES. It is a block cipher that
takes a block of plain text and converts it into ciphertext. It takes a block of 8 bit. It is a symmetric key
cipher i.e. they use the same key for both encryption and decryption.
What is Elliptic Curve Cryptography?
An elliptic curve is a planar algebraic curve defined by an equation of the form y2 = x3 + ax + b, where ‘a’ is the co-
efficient of ‘x’ and ‘b’ is the constant of the equation. The curve is non-singular (has no self-intersections)

Elliptic Curve Cryptography (ECC) is an approach to public key cryptography based on the algebraic structure of
elliptic curves over finite fields. Diffie Hellman Key Exchange algorithm is implemented by using elliptical curve
cryptography.

Define – PKI
A Public Key Infrastructure (PKI) is defined as the set of hardware, software, people, policies and procedures
needed to create, manage, store, distribute and revoke digital certificates based on asymmetric cryptography.
PKI implementation makes use of X.509 certificates.

List the PKIX management functions.

PKIX stands for Public Key Infrastructure X.509. PKIX identifies a number of management functions that
potentially need to be supported by management protocols.
PKIX management functions
1) Registration
2) Initialization
3) Certification
4) Key pair recovery
5) Key pair update
6) Revocation request
7) Cross certification

What are the benefits and limitations of PKI?

Benefits
1. Confidential Communication
2. Data Integrity
3. Authentication
4. Non-repudiation

Limitations
1. PKI is new and more about policies
2. Shortage of trained personnel
3. Lack of standards
Distinguish between MD4 and SHA
MD4
MD4 stands for Message Digest 4
Pad message length is 448 mod 512
Initialise the 4-word (128-bit) buffer
(A, B, C, D)
Process the message in 16-word chunks using
3 rounds of 16-bit operations
SHA
SHA stands for Secure Hash Algorithm
Pad message length is multiple of 512 bits
Initialise 5-word (160-bit) buffer (A, B, C,
D,E)
Process the message in 16-word chunks using
4 rounds of 20-bit operations

What is Password Sniffing?

A password sniffer is a software application that scans and records passwords that are used or broadcasted on a
computer or network interface. It listens to all incoming and outgoing network traffic and records any instance of
a data packet that contains a password.

What is Zombie?
In cybersecurity, a zombie is a computer that has been infected with malicious software and is being
controlled remotely by an attacker. The term comes from the idea that the computer's owner is often
unaware that it's being used for malicious activities.

What is Keylogger?
A keylogger or keystroke logger/keyboard capturing is a form of malware or hardware that keeps track of
and records your keystrokes as you type. It takes the information and sends it to a hacker using a command-
and-control (C&C) server. The hacker then analyses the keystrokes to locate usernames and passwords and
uses them to hack into otherwise secure systems.
There are two types
1. Software keyloggers
2. Hardware keyloggers