UNIT-2

1. Define Asymmetric Key Encryption with a proper Diagram.

Asymmetric Key Encryption

Asymmetric key encryption, also known as public-key cryptography, is a type of encryption where two different keys are
used:

1. Public Key – Used for encryption and shared publicly.

2. Private Key – Used for decryption and kept secret by the receiver.

This encryption method ensures confidentiality, integrity, authentication, and non-repudiation of data.

Working of Asymmetric Key Encryption

1. The sender encrypts the plaintext using the receiver's public key.
2. The encrypted message (ciphertext) is sent to the receiver.
3. The receiver decrypts the ciphertext using their private key.
4. Only the intended receiver, possessing the private key, can decrypt the message.

Diagram of Asymmetric Key Encryption

Example of Asymmetric Encryption Algorithm

• RSA (Rivest-Shamir-Adleman)
• Elliptic Curve Cryptography (ECC)
• Diffie-Hellman Key Exchange
• DSA (Digital Signature Algorithm)

This method is widely used in secure communications, digital signatures, and SSL/TLS protocols.
Asymmetric Key Encryption is used in various real-life applications such as : -

1) Digital signatures use asymmetric encryption and hashing to ensure the authenticity and integrity of documents and
emails

2) SSL/TLS certificates use asymmetric encryption to authenticate the server and establish a secure communication channel
between the server and the client.

3) Personal authentication certificates use asymmetric encryption to authenticate users within an organisation and restrict
access to sensitive data or systems.

2. Explain RSA public key cryptography with all steps. – done

3. Explain Diffie-Hellman Key Exchange with all steps. – done

4. Justify why Diffie-Hellman Key Exchange is vulnerable to a Man-in-the-Middle Attack.

5. Given two prime numbers P = 7 and Q = 17, and public key E = 5, find the ciphertext for plaintext value 6 using the
RSA algorithm. Explain in detail.
6. Solve the given example using the Knapsack algorithm:
o Super Increasing Sequence = {1, 2, 4, 10, 20, 40}
o Perform necessary calculations.

7. Explain in detail about Elliptic Curve Architecture.

8. Write a short note on Man-in-the-Middle Attack.

What is a Man-in-the-Middle (MITM) Attack?

A Man-in-the-Middle (MITM) Attack happens when a hacker secretly intercepts and alters communication between two
parties (such as a user and a website) without them knowing.

Example: Imagine you are talking to your bank online, but a hacker pretends to be the bank and listens to your
conversation. You think you’re securely logging in, but the hacker steals your username and password.

How Does MITM Attack Work?

1 You connect to a website or app (e.g., an online bank or shopping site).

2 A hacker secretly places themselves in the middle of the communication.
3 The hacker intercepts data – They can read, modify, or steal information like:

• Passwords
• Credit card details
• Personal data
4 The attacker may send fake responses to trick you into entering more sensitive information.

Real-World Example: Fake Wi-Fi Hotspot

Scenario: You connect to a free public Wi-Fi at a café.

The Problem: The Wi-Fi is actually controlled by a hacker.

What Happens?

• You enter your bank login details.

• The hacker records your credentials and can access your account.
9. Write a short note on Key Distribution and define Master and Session Key.

Key Distribution and Types of Keys

Key Distribution refers to the process of securely sharing cryptographic keys between users to ensure secure
communication. Since encryption relies on keys, it is crucial to distribute them safely to prevent unauthorized access.

Types of Keys in Key Distribution

1. Master Key

• A long-term key used to generate other temporary keys.

• It is never shared directly over a network to prevent attacks.
• Example: In a banking system, a bank and an ATM share a master key to generate secure session keys.

2. Session Key

• A temporary key used for a single communication session.

• Generated from the master key to ensure higher security.
• Example: When you log in to a website using HTTPS, a session key is generated to encrypt your data during that
session.

Example of Key Distribution

Alice and Bob want to communicate securely:

1. A trusted server gives them a master key.

2. When Alice sends a message, she requests a session key from the server.
3. The session key encrypts the message for one session only.
4. Bob uses the same session key to decrypt the message.
10. List four general categories of schemes for the distribution of public keys.

Public key distribution is essential for secure communication. Here are four simple ways to distribute public keys:

1. Public Announcement (PA)

How it works:

• A user broadcasts their public key to everyone (e.g., on a website, email, or social media).

Problem:

• Forgery risk – A hacker can create a fake key, pretending to be someone else.

Example:
Imagine Alice posts her public key on Twitter, but a hacker replaces it with a fake key. Bob, thinking it’s Alice’s real key,
sends an encrypted message that the hacker can read.

2. Publicly Available Directory (PKD)

How it works:

• A trusted online directory stores public keys.

• Users can look up a public key anytime.

Problem:

• If the directory is hacked, attackers can change public keys.

Example:
A company website has a public directory listing employee public keys for secure email communication. But if a hacker
modifies the directory, emails could be intercepted.

3. Public Key Authority (PKA)

How it works:

• A trusted organization (Authority) stores and distributes public keys.

• Users must contact the authority whenever they need a public key.

Problem:

• Requires real-time access to the authority each time a key is needed.

 Example:
Think of a government office where you verify a person's identity before getting their details. Similarly, users must verify
their public key from the PKA before sending encrypted data.

4. Public Key Certificates (PKC)

How it works:

• A Certificate Authority (CA) issues a digital certificate that verifies the public key’s owner.
• The certificate includes the key, owner details, expiration date, and is signed by the CA’s private key.
• Anyone can verify the certificate using the CA’s public key.

Problem:

• If the CA is compromised, fake certificates can be created.

Example:
SSL Certificates on websites ensure that you are talking to the real website, not a fake one. When you visit
https://www.bank.com, your browser verifies the certificate before allowing secure transactions.

Summary

Method How it Works Risk Example

Public Alice posts a key on Twitter, but a

Public key is shared openly Forgery
Announcement (PA) hacker replaces it

Public Directory Public keys are stored in an A company website lists public
Tampering
(PKD) online directory keys, but hackers modify them

Public Key Authority A trusted authority provides Real-time access Like verifying ID at a government
(PKA) public keys on request required office

Public Key A CA issues signed If CA is hacked, fake

SSL certificates secure websites
Certificates (PKC) certificates certificates can be made

Among these, Public Key Certificates (PKC) are the most secure and widely used!
11. Write a note on simple secret key distribution.

12. Draw a neat sketch showing the key distribution scenario.

Step-by-Step Process:

1 A Requests a Session Key from KDC

• A wants to communicate securely with B.

• A sends a request to the KDC, including:
o Its own identity (ID_A)
o B’s identity (ID_B)
o A unique random number (Nonce N1) to prevent replay attacks.

2 KDC Generates a Session Key

• The KDC creates a one-time session key (Ks) for A and B.

• It encrypts the session key separately using A’s and B’s secret keys.

3 KDC Sends the Session Key to A

• KDC sends an encrypted message to A, which contains:

o The session key (Ks)
o The original request
o A separate message encrypted for B

4 A Sends Encrypted Information to B

• A forwards the session key to B but encrypts it using B’s key to ensure security.

5 B Verifies and Uses the Session Key

• B receives the session key and sends a random number (Nonce N2) to A, encrypted with the session key.
• A replies with a function of N2, proving that it correctly received the session key.

6 Secure Communication is Established

• Now, A and B can communicate securely using the session key (Ks) without needing further KDC interaction.
13. Specify the applications of public key cryptography.

Applications of Public Key Cryptography

Public key cryptography is considered the most secure method for digital signatures and encryption processes. It ensures
secure online communication and plays a vital role in cryptographic systems.

1. Digital Signatures

• A message is signed using the private key of the sender to ensure authenticity.
• The recipient can verify the signature using the sender's public key.

2. Encryption/Decryption

• The sender encrypts the message using the receiver’s public key.
• The receiver decrypts the message using their private key to ensure confidentiality.

3. Key Exchange

• The sender and receiver collaborate to exchange a session key securely.

• This key is typically used for symmetric encryption.

4. Signing & Verification

• A user can sign a message using their private key.

• The receiver verifies the signed message using the sender’s public key.

5. Key Management

• Used to generate and distribute symmetric keys in secure communication systems.

• Helps in establishing secure communication channels between different parties.

6. Cryptographic Protocols

• Used in various security protocols such as:

 o Diffie-Hellman Key Exchange (for secure key agreement).
o RSA Encryption (for secure data transmission and protection).

Public key cryptography ensures secure authentication, confidentiality, and data integrity in modern communication
systems.