1

UNIT ,
Introduction

CON TEN TS
Part-1 Introduction, What is .......:.... ,.................. 1-2W to 1-9W
Computer Security and
What to learn ?

Pai;-t-2 Sample Attacks, ...................................... 1-9W to 1-14W

The Mark5ltplace
For Vulnerabilities,
Error 404 ijacking
Digital,, India Part 1 Chase

Part-3 Contror Hijacking, More ...................... 1-14W,to 1-18'\V

Confrol Hijacldng Attacks
Integer -Ov~rflQw, More , control
Hijacking Attacks Format
String Vulnerabilities
,, .
Part-4 Defense Against Control ..................... 1-lSW to 1-20W
' Hijacking-Platform Defense,
Defen!le Against Control
Hijacking-Run-time Defense,
Advanced Control Hijacking Attacks

1-1 W (CC-Sem..:J & 4)

1-2 W (CC-Sem-3 & 4) Introduction

~!"-
J, .__ ·
i,_,•,,j,-,;~ '-I PART- 1 1-~ ..'' •
"I~(ro\J:~cr/.01;;,Vf!if'.f} s Cf?mputer Securit;·~nd W,hat to Learn L
' ....- - - - - - - - ' · ;

Questions'-An~~ers · .

: Long ~swer ~ e and"M~diu~ ~swer Type Questions

Q~e.1,1. IExplain briefly computer security. How you will design

the policies for information security within an organization ?

~sw~r L1
1. Computer security is the protection of information systems from theft
or damage to the hardware, software and to the information on them.
2. It includes controlling physical access to the hardware, as well as
protecting against harm that may come via network access, data and
code injection, and due to malpractice by operators.
We can design the policies for information security within an organization by
providing:
1. Confidentiality: Only authorized users can access the data resources
and information.
2. Integrity : Only authorized users should be able to modify the data
when needed.
3. Availability: Data should be available to users when needed.
4. Authentication : Communicating with the authorized.

&~J.t~~'.1Which components of the computer system need to be

secure?

The components of a computer system that needs to be protected are :

1. Hardware: The physical part of the computer, like the system memory
and disk drive.
2. Firmware: Permanent software that is etched into a hardware device's
non-volatile memory and is mostly invisible to the user.
3. Software : The programming that offets-services, like operating system,
word processor, internet browser to the user.

Discuss the goals of computer security system.

 1-3 W (CC-Sem-3 & 4)
Computer System Security

Answer·· I
Computer security has three main goals :
1. Confidentiality: Making sure people cannot acquire information they
should not (keeping secrets).
2. Integrity: Making sure people cannot change information they should
not (protecting data).
3. Availability: Making sure people cannot stop the computer from doing
its job.

Que Vi. IDescribe the problems related with computer security.

Answer J
Problems related with computer security are :
1. Phishing: Phishing is an attempt to obtain users sensitive information,
including credit card details and banking information, by disguising as a
trustworthy entity in an online communication (e-mail, social media,
etc).
2. Vishing: Vishing (voice phishing) is an attempt of fraudsters to persuade
the victim to deliver personal information or transfer money over the
phone.
3. Smishing : Smishing (SMS phishing) is any case where sent text
messages attempt to make potential victims pay money or click on
suspicious_links.
4. Pharming :
a. Pharming is a cyber attack meant to redirect a website's traffic to
another, fake one.
b. Pharming can be done either by changing the hosts file on a victim's
machine or by exploiting a flaw in DNS server software.
c. In pharming, no conscious user interaction is required.
5. Vulnerability:
a. Vulnerability is a software mistake that enables a bad actor to
attack a system or network by directly accessing it.
b. Vulnerabilities can permit an attacker to act as a super-user or
even a system admin and granting them full access privileges.
6. Exposures :
a. It provides a malicious actor with indirect access to a system or a
network.
b. An exposure could enable a hacker to harvest sensitive information
in a secret manner.
1-4 W(CC-Sem-3&4) Introduction

Que t.&. IExplain security measure taken to protect the system.

Answer
To protect the system, security measures can be taken at the following
levels:
1. Physical :
a. The sites containing computer systems must be physically secured
against armed and malicious intruders.
b. The workstations must be carefully protected.
2. Human:
a. Only appropriate users must have the authorization to access the
system.
b. Phishing (collecting confidential information) and dumpster diving
(collecting basic information so as to gain unauthorized access)
must be avoided.
3. Operating system : The system must protect itself from accidental or
purposeful security breaches.
4. N etworking system:
a Almost all of the information is shared between different systems
via a network.
b. Intercepting these data could be just as harmful as breaking into a
computer.
c. Henceforth, Network should be properly secured against such
attacks.
·~ e 1.$. ',1
0
1How can an organization protect its computer system
hardware?

Five steps to protect computer system hardware are :

1. Install firewall :
a. A firewall enacts the role of a security guard.
b. A firewall is the first step to provide security to the computer. It
creates a barrier between the computer and any unauthorized
program trying to come in through the Internet.
2. Install antivirus software :
a. Anti virus is a software that helps to protect the computer from any
unauthorized code or software that creates a threat to the system.
b. Unauthorized software includes viruses, keyloggers, Trojans etc.
Computer System Security 1-5W(CC-Sem-3&4)

c. This might slow down the processing speed of our computer, delete
important files and access personal information.
3. Install anti-spyware software :
a. Spyware is a software program that collects personal information
or information about an organization without their approval.
b. This information is redirected to a third party website.
c. Anti-Spyware software is solely dedicated to combat spyware.
d. Anti-spyware software offers real time protection.
e. It scans all the incoming information and helps in blocking the
threat once detected.
4. Use complex and secure passwords :
a. For maintaining system security we have to use strong and complex
passwords.
b. Complex passwords are difficult for the hackers to find.
5. Check on the security settings of the browser :
a Browsers have various security and privacy settings that we should
review and set to the level we desire.
b. Recent browsers give us ability to tell websites to not track our
movements, increasing our privacy and security.
~Q-_
-!1-~-1-_~7-:--1 What are the advantages and disadvantages of computer
security?

Advantages of computer security :

1. Protects system against viruses, worms, spyware and other unwanted
programs.
2. Protection against data from theft.
3. Protects the computer from being hacked.
4. Minimizes computer freezing and crashes.
5. Gives privacy to users.
Disadvantages of computer security :
1. Firewalls can be difficult to configure correctly.
2. Makes the system slower.
3. Need to keep updating the new software in order to keep security up to
date.
4. Could be costly for average user.
1-6 W (CC-Sem-3 &4) Introduction

Que 1.8. IWrite short note on security policy used for computer
systems.

Answer ~
General policies :
1. This is the policy which defines the rights of the staff and access level to
the systems.
2. It is included even in the communication protocol as a preventive measure
in case there are any disasters.
Server policies :
1. This defines who should have access to the specific server and with
what rights.
2. It also includes which software's should be installed, level of access to
internet, how they should be updated.
Firewall access and configuration policies :
1. It defines who should have access to the firewall and what type of
access, like monitoring, rules change.
2. It also includes which ports and services should be allowed.
Backup policies :
1. It defines who is the responsible person for backup, what should be the
backup, where it should be backed up, how long it should be kept and
the frequency of the backup.
VPN policies :
1. These policies generally go with the firewall policy, it defines those
users who should have a VPN access and with what rights.
2. For site-to-site connections with partners, it defines the access level of
the partner to our network, type of encryption to be set.
Discuss different security models in details.

1. The Bell-LaPadula Model (BLP) :

a. It is a state machine model used for enforcing access control in
government and military applications.
b. This model is a formal state transition model of computer security
policy that describes a set of access control rules which use security
labels on objects and clearances for subjects.
c. Security labels range from the most sensitive down to the least
sensitive.
Computer System Security 1-7W(CC-Sem-3 &4)

d. The Bell-LaPadula model is an example of a model where there is

no clear distinction between protection and security.
2. The Biba Model:
a. Biba integrity model is a formal state transition system of computer
security policy that describes a set of access control rules designed
to ensure data integrity.
b. Data and subjects are grouped into ordered levels of integrity. The
model is designed so that subjects may not corrupt data in a level
ranked higher than the subject, or be corrupted by data from a
lower level than the subject.
c. This model was developed to address integrity as the core principle,
which is the direct inverse of the Bell-LaPadula model.
3. The Brewer and N ash model :
a. It was constructed to provide information security access controls
that can change dynamically.
b. This security model, also known as the Chinese wall model, was
designed to provide controls that mitigate conflict of interest in
commercial organizations, and is built upon an information flow
model.
c. In the Brewer and Nash model no information can flow between
the subjects and objects in a way that would create a conflict of
interest.
I
d. This model is commonly used by consulting an9 accounting firms.

Q:u,e I.~o. j What are the advantages and disadvantages of Biba

Model?

Ans_we!' J
Advantages :
1. It simple and easy to implement.
2. It provides a number of different policies that can be selected based on
need.
Disadvantages :
1. The model does nothing to enforce confidentiality.
2. The Biba model does not support the granting and revocation of
authorization.
3. To use this model all computers in the system must support the labeling
of integrity for both subjects and objects. So there are problems with
using the Biba model in a network environment .

.Que 'i.I_l : j Discuss the security mechanism used to provide security

in computer system.
1-8W(CC-Sem-3 &4) Introduction

Answer
""'
Security mechanisms used to provide security in computer system
are:
1. Encipherment :
a. Encipherment is an algorithm used for performing encryption or
decryption by converting information from plaintext to ciphertext.
b. Cryptography and steganography are used for enciphering.
2. Data integrity :
a. Data integrity is the maintenance and the assurance of the accuracy
of the data over its entire life-cycle.
b. Data integrity is preserved by comparing check value received to
the check value generated.
3. Digital signature :
a. A digital signature is a means by which the sender can electronically
sign the data and the receiver can electronically verify the signature.
b. Public and private keys can be used.
4. Authentication exchange : In authentication exchange, two entities
exchange some messages to prove their identity to each other.
5. Traffic padding: Traffic padding means inserting some fake data into
the data traffic to prevent the unauthorized attempt to use the traffic
analysis.
6. Routing control : Routing control means selecting and continuously
changing different available routes between sender and receiver to
prevent the opponent from eavesdropping on a particular route.
7. N otarization:
a. Notarization means selecting a third trusted party to control the
communication between two entities.
b. The receiver can involve a trusted third party to store the sender
request in order to prevent the sender from later denying that they
m11de a request.

I
Que 1.12. What are the components of security policy ?

;Answer
Following are the components of security policy :
1. Training: A strong training program that is contextually appropriate
for each position gives staff members the knowledge they need to
understand and properly respond to cyber threats.
2. Passwords : Strong passwords is a line of defense - especially when
hackers are trying to force their way into your network.
Computer System Security 1-9 W (CC-Sem-3 & 4)

3. Mobile devices :
a. Many companies have Bring Your Own Devices (BYOD) policies to
manage and track the mobile devices brought in by employees.
b. These policies set expectations for which devices employees can
use the security these devices require, and how the data on these
devices will be managed.
4. Internet use :
a. Certain types of internet usage can put our organization at a higher
cyber security risk.
b. To prevent this risk, write clear policies that define how employees
may use the internet, what types of content should be avoided, and
what devices should be used to do so.
5. Social media :
a. Hackers can leverage social media to distribute malware and gain
access to user accounts.
b. In particular, the messenger functionality associated with many of
these networking sites provides a convenient way for attackers to
send compromised files or misleading messages.

T-2 ,-,;,,/' - ,
,---,-,,,,---,
<"""
-,-,-
· ~::~~ 0~' ,)::~
ee};or
''<:- _·,,,..
Vuln,e'rab
-,
··· , or
.,:~,..... ,.<

4M~:.1~i~ Discuss various attacks in computer security.

Various attacks in computer security :

1. Malware:
a Malware is us~ to describe malicious software, including spyware,
ransomware, viruses and worms.
b. Malware breaches a network through vulnerability typically when
a user clicks a dangerous link or email attachment that then installs
risky software.
2. Macro viruses :
a. These viruses infect applications such as Microsoft Word or Excel.
1-10 W (CC-Sem-3 & 4) Introduction

b. Macro viruses attach to an application's initialization sequence.

c. When the application is opened, then virus executes instructions
before transferring control to the application.
d. The virus replicates itself and attaches to other code in the computer
system.
3. File infectors :
a. File infector viruses usually attach themselves to executable code,
such as .exe files.
b. The virus is installed when the code is loaded.
4. System or boot-record infectors :
a. A boot-record virus attaches to the master boot record on hard
disks.
b. When the system is started, it will look at the boot sector and load
the virus into memory, where it can propagate to other disks and
computers.
5. Stealth viruses :
a. Stealth viruses take over system functions to conceal themselves.
b. They do this by compromising malware detection software so that
the software will report an infected area as being uninfected.
c. These viruses conceal any increase in the size of an infected file or
changes to the file's date and time oflast modification.
6. Trojans:
a. A Trojan is a program that hides in a useful program and has a
malicious function.
b. A major difference between viruses and Trojans is that Trojans do
not self-replicate.
7. Logic bombs : A logic bomb is a type of malicious software that is
appended to an application and is triggered by a specific occurrence,
such as a logical condition or a specific date and time.
8. Worms:
a Worms differ from viruses in that they do not attach to a host file,
but are self-contained programs that propagate across networks
and computers.
b. Worms are commonly spread through email attachments, opening
the attachment activates the worm program.
9. Droppers:
a A dropper is a program used to install viruses on computers. In
many instances, the dropper is not infected with malicious code
and, therefore might not be detected by virus scanning software.
Computer System Security 1-11 W(CC-Sem-3&4)

b. A dropper can also connect to the Internet and download updates to

virus software that is resident on a compromised system.
10. Ransomware : Ransomware is a type of malware that blocks access to
the victim's data and threatens to publish or delete it unless a ransom is
paid.
11. Denial of service attack :
a. A denial of service attack floods systems, servers, or networks with
traffic to exhaust resources and bandwidth.
b. As a result, the system is unable to fulfill legitimate requests.
Attackers can also use multiple compromised devices to launch this
attack.
c. This is known as a Distributed Denial of Service (DDoS) attack.

'.Q~Cr·1.14; IWrite short note on server-side attack and insider attack.

~:A:us~er , I
Server-side attacks :
1. Server-side attacks are launched directly from an attacker (the client)
to a listening service.
2. Server-side attacks seek to compromise and breach the data and
applications that are present on a server.
3. Server-side attacks exploit vulnerabilities in installed services.
Insider attacks :
1. An insider attack is a malicious attack executed on a ne~ork or computer
system by a person with authorized system access.
2. Insiders that perform attacks have a distinct advantage over external
attackers because they have authorized system access and also may be
familiar with network architecture and system policies/procedures.
3. In addition, there may be less security against insider attacks because
many organizations focus on protection from external attacks.

I
1.,15. Differentiate between active and passive attack.
1-12 W (CC-Sem-3 & 4) Introduction

Answer
.B asis.for ,, Active attack " . P assive attack
' comparison . <
.. f
'

Basic Active attack tries to Passive attack tries to read

change the system or make use of infor mation
resources or affect from the system but does
their operation not influence system
resources
Modification in the Occurs Does not take place
information
Harm to the system Always causes damage Do not cause any harm
to the system
Threat to Integrity and Confidentiality
availability
Attack awareness The entity (victim) gets The entity is unaware of
informed about the the attack
attack
Task performed by The transmission is Just need to observe the
the attacker captured by physically transmission
controlling the portion
of a link
Emphasis is on Detection Prevention

I
Qu~ 1.J6~. Write a short note on marketplace for vulnerabilities.

~swer ,, I
1. Vulnerable consumers fail to understand their preferences and lack the
knowledge, skills, or freedom to act on them.
2. To protect them, we can censor information, restrict choices, and
mandate behaviors.
3. One-fifth of the public is functionally illiterate and substantial majority
of consume~s (adolescents included) appear to be marketplace literate.
4. Rather than curtail consumer prerogatives to protect a vulnerable
minority, education reform focused on the values, knowledge, and skills
necessary to create and navigate responsive markets should be
developed.
5. Reformed adult and adolescent education can refine, expand, and
accelerate learner's informal and experiential understanding of
marketplace fundamentals.
6. The aim is to significantly replace trial and error with a robust
understanding of markets, markets habitually governed by social virtues.

, 1
Computer System Security l-13W(CC-Sem-3 &4)

7. Evidence suggests that these aims can be better achieved via adolescent
choice and should be the focus of adult basic education reform.

Qu~ ?~>I How can we defend zero-day vulnerabilities ?

Ai{swir:<::· 1
• ·,.,. > • ?,
1. A zero-day vulnerability is a computer software vulnerability that is
unknown to, or unaddressed by, those who should be interested in
mitigating the vulnerability (including the vendor of the target software).
2. Until the vulnerability is mitigated, hackers can exploit it to adversely
affect computer progran1s, data, additional computers or a network.
3. An exploit directed at a zero-day is called a zero-day exploit, or zero-day
attack.
4. The term 'zero-day' referred to the number of days since a new piece of
software was released to the public. So, 'zero-day' software was softwar e
that had been obtained by hacking int o a developer's computer before
release. ·
5. The term was applied to the vulnerabilities that allowed this hacking,
and to the number of days that the vendor has had to fix them.
6. Once the vendor learns of the vulnerability, the vendor will usually
create patches or advise workarounds to mitigate it.
7. The more recently that the vendor has become aware of the vulnerability,
the more likely that no fix or mitigation has been developed.
8. Even after a fix is developed, the fewer the days, the higher the probability
that an attack against the afflicted software will be successful, because
not every user of that software will have applied the fix.
9. For zero-day exploits, unless the vulnerability is inadvertently fixed, For
example, by an unrelated update that happens to fix the vulnerability,
the probability that a user has applied a vendor-supplied patch that fixes
the problem is zero, so the exploit would remain available. Zero-day
attacks are a severe threat.

~uft,i~..1Discuss error 404 hacking digital India part I chase.

ii\ns_w-er_·,i:i l
.( ti,~iir,;orm:,~
1. In error 404 hacking digital India part 1 chase, the cyber crime and cyber
attacks hack the information of users like bank detail and p~rsonal
information. I
2. It is real time incident. In this, attacker or hacker creates an attractive
video so that victim gets attracted and plays that video into system.
3. When we clicked on video to play then at the time of buffering, hacker
can know our current location and GPS history but also have complete
access to our contacts, text messages, Facebook, Whatsapp and most
importantly our bank details, including our CVV number.
1-14 W (CC-Sem-3 & 4) Introduction

4. Hackers are creating a kind Trojan file, and android apk files. The apk
files that will be distributed all over the internet. Those who download
this file will be hacked easily.
5. Potential cyber attacks that is most common in error 404 hacking :
a. Web application attacks :
i. A web application is a client-server computer program which
uses web browsers and web technology to allow its visitors to
store and retrieve data to/from the database over the internet.
ii. If there is flaw in the web application, it allows the attacker to
manipulate data using SQL injection attack.
b. N etwork security attacks :
1. Network security attacks are unauthorized actions against
private, corporate or governmental IT assets in order to destroy
them; modify them or steal sensitive data.
11. As more enterprises invite employees to access data from
mobile devices, networks become vulnerable to data theft or
total destruction of the data or network.
c. Mobile security attacks :
1. Mobile security, or mobile device security, has become
increasingly important in mobile computing.
11. The security of personal and business information now stored
on smartphones.
iii. More and more users and businesses use smartphones to
communicate, but also to plan and organize their users' work
and also private life.
1v. Within companies, these technologies are causing profound
changes in the organization of information systems and
therefore they have become the source of new risks.
v. Indeed, smartphones collect and compile an increasing amount
of sensitive information to which access must be controlled to
protect the privacy of the user and the intellectual property of
the company.

' 1 ~..:. -l--· -~-~-~ ,, ,~ ..,

M~unt .t\nswer.Type ~ue~tion.s

' ~- '
Computer System Security _ 1-15 W (CC-Sem-3 & 4)

~ue 1.19. IDiscuss control hijacking in computer security.

'Answer
1. Hijacking is a type of network security attack in which the attacker
takes control of a communication.
2. In hijacking (also known as a man in the middle attack), the perpetrator
an
takes control of established connection while it is in progress.
3. The attacker intercepts messages in a public key exchange and then
retransmits them, substituting their own public key for the requested
one, so that the two original parties still appear to be communicating
with each other directly.
4. The attacker uses a program that appears to be the server to the client
and appears to be the client to the server.
5. This attack may be used simply to gain access to the messages, or to
enable the attacker to modify them before retransmitting them.
6. Attacker's goal in control hijacking:
a Takeover target machine (for example web server)
b. Execute arbitrary code on target by hijacking application control
flow
7. There are three types of control hijacking in computer security :
a. Buffer overflow attacks
b. Integer overflow attacks
c. Format string vulnerabilities
I
Que 1.20., Describe briefly buffer overflow attack. O 0
OR
What is control hijacking with an example ? Explain the term of
buffer overflow in control hijacking. j_A,KTU 2019-20, Mark s 10 I
Answer , I
Control hijacking: Refer Q. 1.19, Page 1-15W, Unit-1.
Buffer overflow in Control Hijacking :
1. Buffers are memory storage regions that temporarily hold data while it
is being transferred from one location to another.
2. A buffer overflow (or buffer overrun) occurs when the volume of data
exceeds the storage capacity of the memory buffer.
3. As a result, the program attempting to write the data to the buffer
overwrites adjacent memory locations.
4. Attackers exploit buffer overflow issues by overwriting the memory of
an application. This changes the execution path of the program, triggering
a response that damages files or exposes private information.
1-16W(CC-Sem-3&4) Introduction

5. Following are the types of buffer overflow attacks :

a. Stack-based buffer overflows : These are more common, and
leverage stack memory that only exists during the execution time
of a function.
b. Heap-based attacks : These are harder to carry out and involve
flooding the memory space allocated for a program beyond memory
used for current runtime operations.
-----
Que 1,.2,1 ~~IHow to prevent buffer overflow attack ?

Answer ,, i
Buffer overflow attack can be prevented using :
1. Address Space Randomization (ASLR) :
a. It randomly moves around the address space locations of data
regions.
b. Buffer overflow attacks need to know the locality of executable
code, and randomizing address spaces makes this virtually
impossible.
2. Data execution prevention :
a. It flags certain areas of memory as non-executable or executable,
which stops an attack from running code in a non-executable region.
3. Structured Exception Handler Overwrite Protection (SEHOP) :
a. It helps to stop malicious code from attacking Structured Exception
Handling (SEH), a built-in system for managing hardware and
software exceptions.
b. It prevents an attacker from being able to make use of the SEH
overwrite exploitation technique.
c. At a functional level, an SEH overwrite is achieved using a stack-
based buffer overflow to overwrite an exception registration record,
stored on a thread's stack.
l
Que l,.22\ Explain integer overflow attack.

.~~~.erh I
1. An integer overflow attack occurs when an attacker causes a value in
the program to be large enough to overflow unexpectedly.
2. A common form of this attack is to cause a buffer to be allocated that is
too small to hold data copied into it later, thus enabling a buffer overflow
attack.
3. We, are able to detect buffer overflow attacks in the same way as a
normal buffer overflow attack.
4. An integer overflow is the condition that occurs when the result of an
arithmetic operation, such as multiplication or addition, exceeds the
maximum size of the integer types used to store it.
Computer System Security 1-17W(CC-Sem-3&4)

5. When an integer overflow occw·s, the interpreted value will appear to

have wrapped around the maximum value and started again at the
minimum value, similar to a clock that represents 13 : 00 by pointing at
1: 00.

,Que,~;~~~i l How can we prevent integer overflow attack ?

,Ans~~,r,:'' I
Integer overflow can be prevented by :
1. Avoidance :
a. By allocating variables with data types that are large enough to
contain all values that may possibly be computed and stored in
them, it is always possible to avoid overflow.
b. Static analysis tools and formal verification techniques can be used
to ensure that overflow does not occur.
2. Handling :
a. If it is anticipated that overflow may occur, then tests can be inserted
into the program to detect when it happens and do other processing
to mitigate it.
3. Propagation :
a If a vaiue is too large to be stored it can be assigned a special value
indicating that overflow has occurred.
b. This is useful so that the problem can be checked for once at the
end of a long calculation rather than after each step.
c. This is often supported in floating point hardware called FPUs.
~~e'l.24. I What do you understand by format string
vulnerabilities ?

,~sw~r ,l
1. A format string vulnerability is a bug where user input is passed as the
format argument to printf, scanf, or another function in that family.
2. The format argument has many different specifies which could allow an
attacker to leak data if they control the format argument to printf. Since
printf and scanf are variadic functions, they will continue popping data
off of the stack according to the format.
3. For example, if we can make the format argument "%x.%x.%x.%x",
printf will pop off four stack values and print them in hexadecimal,
potentially leaking sensitive information.
4. Printf can also index to an arbitrary "argument" with the following
syntax: "%n$x" (where n is the decimal index of the argument we want).

Qu~ 't.25'1 How can we prevent format string vulnerabilities ?

1-18 W (CC-Sem-3 & 4) Introduction

Preventing format string vulnerabilities :

1. Always specify a format string as part of program, not as an input. Most
format string vulnerabilities are solved by specifying "%s" as format
string and not using the data string as format string.
2. Make the format string a constant.
3. If the above two practices are not possible, use defenses such as
Format_ Guard .

.· ~. . \ ,
.:'{f
'
PART-4 I..;,.•~·,,:~
• ' ' <'

' / )(ffense'.A.fjai~s( Con~h'()t flf)q,ckin;g;;p[i:zt{Qrm '.Defense, Defense

, . . " , Again:st (;iJ.ritt<!l'J!ijickftig':.Run-Tiirie Pefense, ·. ,
~.,. ' •·· ,, "A9J?lf'l£~</,.Cq]j!ro/Jjfi[a;J! i~«)~tj<JC~~-,, .

Que 1.26d How can we control hijacking attack ?

,. ' ' ., , , ,1
,~ s!!.~~: :.'.J
Hijacking attack is controlled through :
i. Platform defense : Through platform defense we can prevent target
machine by using :
1. Fixed the bug :
a. Audit software through automated tools.
b. Rewrite software in a safe language.
c. Concede overflow, but prevent code execution.
d Add run-time code to detect overflows exploits.
i. Halt process when overflow exploit detected
ii. Stackguard
2. Marking memory as non-execute :
a. Prevent attack code execution by marking stack and heap as
non-executable.
ii. Run-time defense :
1. In run-time defense, we tests for stack integrity.
2. We embed "canaries" in stack frames and verify their integrity
prior to function return. There are two types of canaries :
Frame2 Frame 1

ILocal Icanary I sfp I ret II~ ILocal jcanaryl sfp I ret II str I ::~f
friilk1ffl
 Computer System Security 1-19 W (CC-Sem-3 & 4)

a. Random canary :
i. In random canary, random string is chosen at program startup.
u. Insert canary string into every stack frame.
iii. Verify canary before returning from function :
a. Exit program if canary changed.
b. Turns potential exploit into DoS.
iv. To corrupt, attacker must learn current random string.
b. Terminator canary :
1. String functions will not copy beyond terminator.
ii. Attacker cannot use string functions to corrupt stack.
iii. Heap protection :
a It protects function pointers and setjump buffers by encrypting
them.
b. It has less effective and more noticeable performance effects.
1
,Clue 1.27.. Explain heap spray attack with its techniques ?

a Heap spraying is a technique used in exploits to facilitate arbitrary code

execution.
b. In heap spray attack, we put number of copy of exploit(shell) code in
various places of heaps.
c. It is reliable method for exploiting heap overflows as shown :
FPl method #1
FP2 ; method #2
ptr FP3 . method #3
vtable
data

Object T
'. fl!·'.1:¥7·~ '.
d After overflow of buf (buffer).

bufl256J

f,1,1,:;;.· 1,217'_:e ,f
e. Here, attacker does not know where browser places shell code on the
heap.
 1-20W(CC-Sem-3&4) Introduction

buf1256]

) Following are the techniques used in heap spray attack :

1. Heap spraying :
a. Use JavaScript to spray heap will shell code.
b. Then point vtable ptr anywhere in spray area.
c. Pointing func-ptr almost anywhere in heap will cause shell code to
execute.
2. Vulnerable buffer placement :
a. Placing vulnerable buf1256) next object O :
1. By sequence of JavaScript allocations and frees make heap
look as follows :

Allocate buffer in JavaScript and cause overflow.

ii.
iii. Successfully used against a safari PCRE overflow.
Heap spray control hijacking can be prevented as :
1. Protect heap function pointers.
2. Better browser architecture :
a Store JavaScript strings in a separate heap from browser heap.
b. Open BSD heap overflow protection.
c. Detect sprays by prevalence of code of heap.
 2
UNIT
"
Confidentiality
Policies

CON TEN TS ·
Part-1 Confidentia~ty Polii:Jes, .. :.......... ...•.....:... 2-2W' to 2-6W
Confinement Principle ·

Part-2 Detour Unix U~~i- ID~ Process ... ,:........ , 2-6W to 2-l0W
IDs and Privil~ges, More•on
Gonfinement ··r~c~iqu~s, sy~t~m ·
Call foterposition; lj:J"I"Qr 404 Digital
•. · Hacking jn Indii1 Par.t C,:hast3, .'./,
0 ; ,., • ', ' :, . N

Part-3 VM. Base<Flsol~tiop;~.t •-·····.;,,:..... :: .... :·.:.. 2-l0W .to ~2QW

.Confinem, nt/ Principle;: S1>ftw1;1re '
Fault Isol~tion, Rootkits; X : ; .•· •
Intrusion D~tectiori Systems

2-1 W(CC-Sem-3&4)
2-2 W (CC-Sem-3 & 4) Confidentiality Policies

* -.
,,., ,.,, · I I
( , 'J <

PART-1
'";, • . 0 · . F . •.z :'<,. • • .• • •• •
'ti,~~j]J{f,dentiality,Policies:·Confinement frinciple.

· Questio~s-Answers .

j Define and explain the term confidentiality policy.

Ans'w e~ . ~1
1. A confidentiality policy is a security policy dealing only with confidentiality.
2. Confidentiality is one of the factors of privacy, an issue recognized in the
laws of many government entities.
3. It put constraint on what information can legally be obtained from
individuals. Also it place constraints on the disclosure and use of that
information.
4. Unauthorized disclosure can result in penalties that include jail or fines .
5. Confidentiality policies place no trust in objects.
6. The policy statement dictates whether that object can be disclosed. It
says nothing about whether the object should be believed.

j What are the issues related Bell-LaPadula model?

:Que 2.2:·

:~"!er . j
Issues with Bell-LaPadula model :
1. The transfer of information from a high-sensitivity document to
lower-sensitivity document may happen in the Bell-LaPadula model via
the concept of trusted subjects.
2. Trusted subjects are not restricted by the property.
3. This model only addresses confidentiality, control of writing (one form
of integrity).
4. Covert channels such as Trojan horses and requesting system resources
to learn about other users that are mentioned but are not addressed
comprehensively
5. The tranquility principle of the Bell-LaPadula model states that the
classification of a subject or object does not change while it is being
referenced.
6. This principle limits its applicability to systems where security levels do
not change dynamically.
Computer System Security
2-3 W (CC-Sem-3 &4)

·I
Que 2.3,. · Explain Discretionary Access Control (DAC).
,M~"<Ver ·)
L Discretionary access control (DAC) is a type of security access control
that grants or restricts object access via an access policy determined by
an object's owner group and/or subjects.
2. DAC mechanism controls are defined by user identification with supplied
credentials during authentication, such as username and password.
3. In DAC, each system object has an owner, and each initial object owner
is the subject that causes its creation.
4. DACs are discretionary because the subject (owner) can transfer
authenticated objects or information access to other users. In other
words, the owner determines object access privileges .
.Que 2~4. ,] Explain the issues related with DAC.
:4sw~~ . J
Issues related with DAC are :
L Difficult to enforce a system-wide security policy i.e., a user can leak
classified documents to an unclassified user.
2. Only support coarse-grained privileges i.e., CGA is the top-level
authorization decision that is made at the perimeter of a system. This
decision will be based upon the requested resource and action being tied
to the user.
3. Unbounded privilege escalation.
4. Only based on users identity and ownership, ignoring security relevant
information such as :
a. Users role
b. Function of the program
c. Trustworthiness of the program :
i. Compromised program can change access to the user object.
ii. Compromised program inherit all the permission granted to the
user.
d Sensitivity of the data
e. Integrity of the data

~ij:e_~.5! ,d Describe Mandatory Access Control (MAC).

flAJi~rwe;r }'.
Mand:tory Access Control (MAC) is a type of access control by which
the operating system constraints the ability of a subject to access or
perform some sort of operation on an object.
 2--4 W(CC-Sem-3 &4) Confidentiality Policies

2. MAC criteria are defined by the system administrator, strictly enforced

by the operating system (OS) or security kernel, and are unable to be
altered by end users.
3. Mandatory access control works by assigning a classification label to
each file system object. Classifications include confidential, secret and
· top secret.
4. Each user and device on the system is assigned a similar classification
and clearance level.
5. When a person or device tries to access a specific resource, the OS or
security kernel will check the entity's credentials to determine whether
access will be granted.
6. While it is the most secure access control setting available, MAC requires
careful planning and continuous monitoring to keep all resource objects
and users classifications up to date.
7. As the highest level of access control, MAC can be contrasted with
lower-level Discretionary Access Control (DAC), which allows individual
resource owners to make their own policies and assign security controls.

Qu-e.2.6.',.:I What~ the problems related with MAC?

Following are the different problems in MAC :

1. Requirement of new security levels :
a In MAC, there is no security level for common people (people outside
organization) where they can access certain data or information to
know organization or business and hence marketing of organization
or business is not possible in traditional MAC.
b. Hence, an organization cannot have efficient growth by adopting
MAC.
c. Hence, an update is required to alter the security levels and include
this functionality in proposed model which is an alternate to MAC.
2. Filtration :
a The security levels ate assigned to both subjects and objects.
b. These levels are assigned to values inside each attribute.
c. The Bell-LaPadula model form the basis of MAC.
3. Polyinstantiation :
a. In polyinstantiation, multiple instances of a tuple are created.
b. Consider the example, where user with security level confidential
can view attributes which are at lower level or equal level as
compared to this user.
c. Other values are displayed as NULL. These values can be accesses
and changed by this user by taking a key which is at lowest level in
Computer System Security 2-5 W (CC-Sem-3 & 4)

this relation and any attribute can be accessed using this key or
value.

~µe ~:!~· ·I What are the advantage and disadvantages of DAC and
MAC?

'Ahs"'.;~r· ·J
Advantages of Discretionary Access Control (DAC) :
a. Intuitive
b. Easy to implement
Disadvantages of Discretionary Access Control (DAC) :
a. Inherent vulnerability
b. Maintenance of ACL (Access Control List) of capability lists
c. Maintenance of.Grant/Revoke.
d. Limited power of negative authorized.
Advantages of Mandatory Access Control (MAC) :
a. Ensure a high degree of protection; prevent any illegal flow of
information.
b. Suitable for military and high security types of applications.
Disadvantages of Mandatory Access Control (MAC) :
a. Require strict classification of subjects and objects.
b. Applicable to few environments.
;'bie ,2,8;,··1 Differentiate between DAC and MAC.

, ''0,;/ v,,, ., , ' ·.''

1, , ' .::,t:.":. ,\,,;...
~c ' '
'... ,
&~N o;
,/ff:.
., :OAC : , })., ;; y ·' 1:.... ' ' •c,

1. A type of access control in A type of access control that

which the owner of a . restricts the access to the
resource restricts access tq resoµrces based on the clearance
the resource based on the of the subjects.
identity of the users.
2. Stands for discretionary ' Stands for mandatory access
access control. con.trol.
3. Access is determined by Access is determined by the
owner. system.
4. More flexible. Less flexible.
5 Not as secure as MAC. More secure.
2-6 W (CC-Sem-3 &4) Confidentiality Policies

~ . .. Describe confinement principle in brief.

.:~ ,~:;t;l~:
1. The confinement principle is the principle of preventing a server from
leaking information that the user of the service considers confidential.
2. The confinement principle deals with preventing a process from taking
disallowed act ions.
3. Consider a client/server situation: the client sends a data request to the
server; the server uses the data, performs some function, and sends the
results (data) back to the client.
4. In confinement principle, access control affects the function of the server
in two ways:
a. Goal of service provider : The server must ensure that the
resources it accesses on behalf of the client include only those
resources that the client is authorized to access.
b. Goal of the service user: The server must ensure that it does not
reveal the client's data to any other entity which is not authorized
to see the client's data.

~~~·~.:.~p::JDescribe detour used in Unix user ids and process ids.

1. Detolir is defined as few words about Unix user IDs and IDs associated
with Unix processes.
2. Every us2r in Unix like operating system is identified by different integer
numher, this unique number is called as Usei::ID.
3. There are three types of UID defined for a process, which can be
dynamically changed as per the privilege of task.
4. The three different types of UIDs defined are :
Computer System Security 2-7W (CC-Sem-3 &4)

a. Real UserID : It is account of owner of this process. It defines

which files that this process has access to.
b. Effective UserID : It is normally same as real UserID, but
sometimes it is changed to enable a non-privileged user to access
files that can only be accessed by root.
c. Saved UserID: It is used when a process is running with elevated
privileges (generally root) needs to do some under-privileged work,
this can be achieved by temporarily switching to non-privileged
account.
5. A subject is a program (application) executing on behalf of some
principal(s). A principal may at any time be idle, or have one or more
subjects executing on its behalf.
6. An object is anything on which a subject can perform operations (mediated
by rights) usually objects are passive, for example :
a. File b. Directory (or folder) c. Memory segment.
7. Each user account has a unique UID. The UID Omeans the super user
(System admin). A user account belongs to multiple groups. Subject are
processes, associated with uid/gid pairs.
8. There should be a one-to-many mapping from users to principals. A
user may have many principals, but each principal is associated with a
unique user. This ensures accountability of a user action.
Que 2.11.;I Explain basic permission bits on non-directories and
directories files.

Answer
Every file and directory in our UNIX/Linux system has following three
permissions :
1. Read : This permission gives us the authority to open and read a file.
Read permission on a directory gives us the ability to lists it's content.
2. Write:
a. The write permission gives us the authority to modify the contents
ofa file.
b. The write permission on a directory gives us the authority to add,
remove and rename files stored in the directory.
3. Execute:
a. In Windows, an executable program usually has an extension" .exe"
and which we can easily run.
b. In Unix/Linux, we cannot run a program unless the execute
permission is set.
c. If the execute permission is not set, we might still be able to see/
modify the program code (provided read & write permissions are
set), but not run it.

':~~;;;2if Define SUID, SGID and sticky bits with basic difference.
 2-8W(CC-Sem-3 &4) Confidentiality Policies

'~S}Ver '. ,, I
1. There are three special permissions that are available for executable
files and directories.
2. These permissions allow the file being executed to be executed with
the privileges of the owner or the group. These are :
a. SUID permission :
i. SUID is set user identification. SUID is a special permission
assigned to a file .
n. These permissions allow the file being executed to be executed
with the privileges of the owner.
b. SGID permission :
i. SGID is set group identification.
ii. When the Set Group ID bit is set, the executable is run with
the authority of the group.
c. Sticky bit: When the sticky bit is set on a directory, only the root
user, the owner of the directory, and the owner of a file can
remove files within the directory.
Difference :

Basic sum . '.

, SGID Sticky bit
Non-executable no effect affect locking not used
files (unimportant for us) 'lnymore
Executable files change euid change egid when not used
when executing executing the file anymore
the file
Directories no effect new files inherit only the owner
group of the of a file can
directory delete
I
Que, 2;!3· Discuss confinement techniques in details.

Aiis~er
~t...,).J.,.¼1/";;«<, . A:,

Following are the various confinement techniques :

1. Chroot (change root) :
a. A chroot on Unix operating systems is an operation that changes
the apparent root directory for the current running process and its
children.
b. The programs that run in this modified environment cannot access
the files outside the designated directory tree. This essentially limits
their access to a directory tree and thus they get the name chroot
jail.
c. The idea is that we create a directory tree where we copy or link in
all the system files needed for a process to run.

"
'I
 2-9W (CC-Sem-3 &4)
Computer System Security

d. We then use the chroot system call to change the root directory to
be at the base of this new tree and start the process running in that
chrooted environment.
e. Since it cannot actually reference paths outside the modified root,
it cannot maliciously read or write to those locations.
2. Jailkits:
a. Jailkit is a set of utilities to limit user accounts to specific files using
chroot() or specific commands.
b. Setting up a chroot shell, a shell is limited to some specific command
and can be automated using theRe utilities.
c. Jailk.it is a specialized tool that is developed with a focus on security.
d It will abort in a secure way if the configuration is not secure, and
it will send useful log messages that explain what is wrong to system
log.
e. Jailk.it is known to be used in network security appliances.
3. FreeBSD jail :
a. FreeBSD is a popular free and open source operating system that is
based on the Berkeley Software Distribution (BSD) version of the
Unix operating system.
b. It runs on processors such as the Pentium that are compatible with
Intel'sx86.
c. FreeBSD is an alternative to Linux that will run Linux applications.
d The jail mechanism is an implementation of FreeBSD's OS-level
virtualization that allows system administrators to partition a
FreeBSD-derived computer system into several independent mini-
systems called jails, all sharing the same kernel, with very little
overhead.
e. The need for the FreeBSD jails came from a small shared-
environment hosting provider's desire to establish a clean, clear-
cut separation between their own services and those of their
customers, mainly for security and ease of administration.
4. System call interposition :
a. System call interposition is a powerful technique for regulating and
monitoring program behaviours.
b. It gives security systems the ability to monitor all of the application's
interaction with network, file system and other sensitive system
resources.
ic9,~.~-:~.i4J Explain error 404 digital backing in India part 2 chase.
.: 'eI''-.,·'"I
i~ "w
l n:uS
.,.-~-~:."'S.V•'-; ~- \ ,.,
1. In error 404 digital hacking in India part 2 chase experts discuss about
some attack related to cyber attack and the attacker can control the
overall system if proper security is not provided to the system.
2. Some attacks discuss in error 404 digital hacking India part 2 chase are :
2-l0W(CC-Sem-3 &4) Confidentiality Policies

a. Israel's power grid hit by a big hack attack. It is one of the worst
cyber attacks ever.
b. In 2014 a hydropower plant in upstate New York got h acked.
c. Iran's infrastructure including its main nuclear power plant is being
targeted by a new and dangerous powerful cyber worm.
d Bangladesh best group hacked into nearly 20,000 Indian website
-including the Indian Border Security Force.
e. First virus that could crash power grid or destroy pipeline is available
online for anyone to download and tinker with.
f. India's biggest data breach when the SBI debit card branch happens.
When this happened bank where initially in a state of denial but
subsequently they had to own up cyber security breach that took
place in Indian history.

VM Based lsoiatiriri,;Co11,fin_eJ ierit Rrinciple, .Software Fault

;,;w,
lsolatiort;.il~bik~
'-
tf;, Iniru;io}J, l)etec#an Sy~te,ris,
"""'·"-M·•·""""'""'<""· ,~.,,_r.'<-'
-../--.-<;>Jc.,;.~"--
'
>.«>-~~-).~_,....._:,,;,; .. -4;,;~~

Que 2.15. IWhat do you understand by VM based isolation ?

Answer
1. A VM is an isolated environment with access to a subset of physical
resources of the computer system.
2. Each VM appears to be running on the bare hardware, giving the
appearance of multiple instances of the same computer, though all are
supported by a single physical system.
3. A process VM is a virtual platform created for an individual process and
destroyed once the process terminates.
4. Virtually all operating systems provide a process VM for each one of the
applications running, but the more interesting process VMs are those
which support binaries compiled on a different instruction set.
5. A system VM supports an OS together with many user processes. When
the VM runs under the control of a normal OS and provides a platform-
independent host for a single application we have an application VM, for
example, Java Virtual Machine (JVM).
·Que 2.16. 1 Explain confinement principles with its techniques.
 Computer System Security 2-11 W (CC-Sem-3 & 4)

Answer .J
Confinement principle: Refer Q. 2.9, Page 2-6W, Unit-2.
Confinement principles techniques: Refer Q. 2.13, Page 2-8W, Unit-2.
j
"Que ~ -} 7. Describe the types ofVM based isolation.

··Answer
Following are the types of Virtual Machine based isolation :
a. Process virtual machines :
1. Process virtual machines support individual processes or a group of
processes and enforce isolation between the processes and operating
system environment.
2. Process virtual machines can run processes compiled for the same
Instruction Set Architecture based (ISA) or for a different ISA as
long as the virtual machine runtime supports the translation.
3. Isolation policies are provided by a runtime component which runs
the processes under its control.
4. Isolation is guaranteed because the virtual machine runtime does
not allow direct access to the resources.
b. System virtual machines (Hypervisor virtual machines):
1. System virtual machines provide a full replica of the underlying
platform and thus enable complete operating systems to be run
within it.
2. The virtual machine monitor (also called the hypervisor) runs at
the highest privilege level and divides the platforms hardware
resources amongst multiple replicated guest systems.
3. All accesses by the guest systems to the underlying hardware
resources are then mediated by the virtual machine monitor.
4. This mediation provides the necessary isolation between the virtual
machines.
5. System virtual machines can be implemented in a pure-isolation
mode in which the virtual systems do not share any resources
between themselves or in a sharing-mode in which the VM Monitor
multiplexes resources between the machines.
6. Pure-isolation mode virtual machines are as good as separate
physical machines.
c. Hosted virtual machines :
1. Hosted Virtual Machines are built on top of an existing operating
system called the host. 1

2. The virtualization layer sits above the regular operating system

and makes the virtual machine look like an application process.

I
 2-12 W (CC-Sem-3 & 4) Confidentiality Policies

3. We then install complete operating systems called guest operating

systems within the host virtual machines.
4. The VM can provide the same instruction set architecture as the
host platform or it may also supp'ort a completely different
Instruction Set Architecture (ISA).
5. VMware GSX Server is an example where the host ISA and guest
ISA are same.
6. Isolation in hosted virtual machines is as good as the isolation
provided by the hypervisor approach except that the virtual machine
monitor in the case of the hosted VM does not run at the highest
privilege.
7. The processes running inside the virtual machine cannot affect the
operation of processes outside the virtual machine.
d. Hardware virtual machines :
1. Hardware virtual machines are virtual machines built using
virtualization primitives provided by the hardware like processor
orl/0.
2. The advantage of hardware level virtualization is tremendous
performance improvements over the software based approaches
and guarantees better isolation between machines.
3. The isolation provided by the hardware assisted virtualization is
more secure than that provided by its software counterpart for
obvious reasons.
I
Que 2.18., Discuss briefly the term rootkit.

Answer
. -
1. A rootkit is a computer program designed to provide continued privileged
access to a computer while actively hiding its presence.
2. Rootkit is a collection of tools that enabled administrator-level access to
a computer or network.
3. Root refers to the Admin account on Unix and Linux systems, and kit
refers to the software components that implement the tool.
4. RootKits he generally associated with malware such as Trojans, worms,
viruses that conceal their existence and actions from users and other
system processes.
5. A rootkit allows us to maintain command and control over a computer
without the computer user/owner knowing about it.
6.
Once 'a rootkit has been installed, the controller of the rootkit has the
ability to remotely execute files and change system configurations on
the host machine.
A rootkit on an infected computer can also access log files and spy on the
7.
legitimate computer owner's usage. -

I
I
1•,'.
j
 Computer System Security 2-13W(CC-Sem-3&4)

8. Rootkits can be detected using detection methods which include :

a. Behavioural-based methods
b. Signature scanning
c. Memory dump analysis
I
Que 2.19, Explain the purpose of rootkit. What are the examples
of rootkits ?
Answer
Purpose of rootkits :
1. The purpose of a rootkit is for a malware to give its owner, a (often)
permanent, hidden remote access to our computer.
2. To avoid detection, they tamper with the system to conceal the presence
of the malware (for example, hide files) and its activities (for example,
running processes).
Examples of rootkits :
1. N 1Rootkit: One of the first malicious rootkits targeted at Windows OS.
2. HackerDefender : This early Trojan altered/augmented the OS at a ,
very low level offunctions calls.
3. Machiavelli : The first rootkit targeting Mac OS X. This rootkit creates
hidden system calls and kernel threads.
4. Greek wiretapping: This rootkit targeted Ericsson's AXE PBX.

Que 2.20.1 Explain various types of rootkits.

Answer j
Following are the various types ofrootk.its :
1. Application rootkits :
a Application rootkits replace legitimate files with infected rootkit
files on our computer.
b. These rootkits infect standard programs like Microsoft Office,
Notepad, or Paint.
c. Attackers can get access to our computer every time we run those
prograins.
d Antivirus programs can easily detect them since they both operate
on the application layer.
2. Kernel rootkits :
a. Attackers use these rootkits to change the functionality of an
operating system by inserting malicious code into it.
b. This gives them the opportunity to easily steal personal information.
3. Bootloader·rootkits:
a. The bootloader mechanism is responsible for loading the operating
system on a computer.
b. These rootkits replace the original bootloader with an infected one.
c. This means that bootloader rootkits are active even before the
operating system is fully loaded.
4. Hardware and firmware rootkits :
2--14 W (CC-Sem-3 & 4) Confidentiality Policies

a. This ki~d ofrootkit can get access to a computer's BIOS system or

• har? drives as ~ell as routers, memory chips, and network cards.
5. V1rtuabzed rootkits :
a. Virtualized rootkits take advantage of virtual machines in order to
control operating systems.
b. These rootkits create a virtual machine before the operating system
loads, ~d thens.imply take over control of our computer.
c. V~ualized rootkits operate at a higher level than operating systems,
which makes them almost undetectable.
-9..._u-e---2-.2-1-.-j How can we prevent rootkits ?
,.Answer . ]
Following are the method to prevent rootkits :
1. Avoid opening suspicious emails:
a. Statistics shows that malware, including rootkits, are distributed
through emails.
b. This means that the chances of getting infected with a rootkit via
email are high.
c. Using another type of malware, hackers collect email addresses on
the internet, which they flood with spam emails.
d. The rootkit installs silently in the background when the user opens
the infected email.
e. To prevent rootkits from infiltrating our computer, avoid opening
suspicious emails, especially if the sender is unfamiliar to us.
2. Avoid downloading cracked software :
a. Cracked software may be free but it is also unsafe.
b. Cracked software is commonly used by hackers to install rootkits
on victims' computers.
c. Cracked software is sometimes bundled with Adware (a software),
which generates stubborn and annoying pop-ups on the computer.
d. To prevent rootkits and other types ofmalware, download legitimate
software only.
3. Install software updates :
a. Through system vulnerabilities, a rootkit can get through to our
computer.
b. System vulnerabilities are inevitable. In fact, programmers are
often only able to discover a bug after the software is released. The
solution is a software update.
c. Unfortunately, some users ignore the importance of software
updates. But the fact is that installing software updates enhances
our cyber security, preventing malware like rootkits from getting
onto our computer.
d. When software updates become available, do not delay their
installation.
Computer System Securit y 2-15 W (CC-Sem-3 & 4)

4. Anti-malware software with rootkit detection :

a. Anti-malware software prevents varieties of malware. But advanced
anti-malware software with rootkit detection is required to stop
rootkits from getting on t he computer.
b. Anti-m alware software equipped with a Host Intrusion Prevention
Syst em as a feature is specifically designed to monitor computer
memory.
c. It prevents any malicious software from loading on the ker nel of
the oper ating syst em , which prevent rootkits using anti-malware
software.
I
~ ue 2.22. What is Intrusion Detection System (IDS) ?

Answer -
1. An Intr_u sion Detection System (IDS) is a network security technology
originally built for detecting vulnerability exploits against a target
application or computer.
2. Intrusion Prevention Systems (IPS) extended IDS solutions by adding
t he ability to block threats in addition to detecting them and has become
the dominant deployment option for IDS/IPS technologies.
3. An IDS needs only to detect threats and as such is placed out-of-band on
the network infrastructure, meaning that it is not in the true real-time
communication path between the sender and receiver of information .
4. IDS solutions will often take advantage of a SPAN (Switched Port
Analyzer) port to analyze a copy of the inline traffic stream
5. The IDS monitors traffic and report its results to an administrator, but
cannot automatically take action to prevent a detected exploit from
taking over the system.
6. Attackers are capable of exploiting vulnerabilities very quickly once
they enter the network, rendering the IDS an inadequate deployment
for prevention device.
Que 2.23. IExplain the types of intrusion detection system.
Answer ·
Following are the types of intrusion detection system :
1. N etwork Intrusion Detection System (N IDS) :
a. It is an independent platform that identifies intrusions by examining
network traffic and monitors multiple hosts.
b. It gains access to network traffic by connecting to a network hub, a
network switch configured for port mirroring, or a network tap.
c. In a NIDS, sensors are placed at choke points in the network to
monitor, often in the Demilitarized Zone (DMZ) or at network
borders.
d. Sensors capture all network traffic and analyze the content of
individual packets for malicious traffic.
e. An example of a NIDS is Snort.
2-16W(CC-Sem-3 &4) Confidentiality Policies

2. Host-based Intrusion Detection System (IDDS) :

a It consists of an agent on a host that identifies intrusions by
analyzing system calls, application logs, file-system modifications
and other host activities and state.
b. In a HIDS, sensors usually consist of a software agent.
c. Intrusion detection systems can also be system-specific using custom
tools and honeypots.
d. In the case of physical building security, IDS is defined as an alarm
system designed to detect unauthorized entry.
e. An example of a HIDS is OSSEC (Open source HIDS Security).
3. Perimeter Intrusion Detection System (PIDS) :
a. Detects and pinpoints the location of intrusion attempts on perimeter
fences of critical infrastructures.
b. Using either electronics or more advanced fiber optic cable
technology fitted to the perimeter fence, the PIDS detects
disturbancE.s on the fence, and if an intrusion is detected and deemed
by the system as an intrusion attempt, an alarm is triggered.
4. VM based Intrusion Detection System (VMIDS) :
a It detects intrusions using virtual machine monitoring.
b. By using this, we can deploy the Intrusion Detection System with
Virtual Machine Monitoring.
c. It is the most recent type and it is still under development.
d There is no need for a separate intrusion detection system since by
using this; we can monitor the overall activities.
2~4. ·I Discuss the need of intrusion detection system.
"",. ,.,,
.
~~er~ J
1. A network intrusion detection system (NIDS) is crucial for network
security because it enables us to detect and respond to malicious traffic.
2. The primary purpose of an intrusion detection system is to ensure IT
personnel is notified when an attack or network intrusion might be
taking place.
3. A network intrusion detection system (NIDS) monitors both inbound
and outbound traffic on the network, as well as data traversing between
systems within·the network.
4. The network IDS monitor network traffic and triggers alerts when
suspicious activity or known threats are detected, s? IT personnel can
examine more closely and take the appropriate steps to block or stop an
attack.
··5:. Explain advantages and disadvantages of different types
ofIDS.
'f,,
! r:~
Advantages of HIDS :
1. HIDS can analyze encrypted data and communications activity.
 Computer System Security ~17 W (CC-Sem-3 & 4)

2. HIDS tells us if an attack is successful or no.

3. Easy to deploy because it does require additional hardware.
4. It does not affect the current architecture.
Disadvantages of IDDS :
1. HIDS breakdown if the OS break down by the attack.
2. HIDS are not able to detect network scans or DOS attack.
3. HIDS tend to be resource intensive.
Advantage~ of N IDS:
1. Operating environment independent, therefore NIDS will not affect
the performances of host.
Disadvantages of N IDS :
1. Does not indicate whether the attack was successful or not.
2. Cannot analyze encrypted traffic.
3. NIDS has very limited visibility inside the host machine.
Advantages ofVMIDS:
1. More flexible
2. More efficient
3. VMIDS take advantage of the strengths of the combined type.
Disadvantages ofVMIDS:
1. High overhead load on the monitored system depending on the combined
methodologies.
2. Processor utilization of the hybrid agent is much great.
Advantages of PIDS :
1. More accurate.
2. It can manage wireless protocol activity.
Disadvantages ofPIDS:
1. Sensors have limited computational resource and limited energy.

I
'Que 2,26~ What are the features of intrusion detection system ?

~swer --
.I
~.«: ..,.

Features of an intrusion detection system are :

1. It monitors and analyzes the user and system activities.
2. It performs auditing of the system files and other configurations and the
operating system.
3. It assesses the integrity of system and data files.
4. It conducts analysis of patterns based on known attacks.
5. It detects errors in system configuration.
6. It detects and cautions if the system is in danger.

~ue 2.27, , What are the components of IDS?

2-18 W (CC-Sem-3 & 4) Confidentiality Policies

Components of intrusion detection system are :

Internet Packet
decoder

Logging and r-----------,I

I
Preprocessors alerting I
engine I I
s stem I I
IOutput alert orl
II log to a file II
Packet is I I
dropped Output I
I I
modules I _ _ _ _ _ _ _JI

,:Fig~_~:iiil
1. A packet decoder : It take;" packets from different networks and
prepares them for preprocessing or any further action. It basically
decodes the coming network packets.
2. A preprocessor : It prepares and modifies the data packets and also
performs defragmentation of data packets, decodes the TCP streams.
3. A detection engine : It performs the packet detection on basis of
Snort rules. If any packet matches the rules, appropriate action is
. taken, else it is dropped.
4. Logging and alerting system : The detected packet is either logged
in system files or incase of threats, the system is alerted.
5. Output modules : They control the type of output from the logging
and alert system.
~,e 2~8. IWhat is an intrusion detection system ? What are the
difficulties in anomaly detection ? LAI\TU'2019-20",Marks 10 j

Intrusion detection system: Refer Q. 2.22, Page 2-15W, Unit-2.

Difficulties in anomaly detection :
1. It increases the false alarm rate.
2. Developing a general methodology or _a set of parameters that can be
used to evaluate the intrusion detection system.
3. When new patterns are identified in anomaly detection intrusion
detection system (ANIDS) updating the database without reducing the
performance.
4. It increases the computational complexities of data preprocessing in
the training phase and also in the deploYJilent phase.
5. De:veloping a suitable method for selecting the attributes for each
category of attacks.
Que 2,29~ I
- Why is security hard ? (AKTU 2019-20, Marks 10 j
Computer System Security 2-19W (CC-Sem-3 &4)

Answer
1. Today in computers and on the internet attack is easier than defense.
There are many reasons for this, but the most important is the complexity
of these systems.
2. Complexity is the worst enemy of security. The more complex a system
is, the less secure it is.
3. A hacker typically targets the "attack surface" of a system. The attack
surface of a system contains all the possible points that a hacker might
target.
4. A complex system means a large attack surface, and that means a huge
advantage for the hacker.
5. The hacker just has to find one vulnerability. He can also attack
constantly until successful.
6. At the same time, the defender has to secure the entire attack surface
from every possible attack all the time.
7. Also the cost to attack a system is only a fraction of the cost to defend it.
8. This is one of the reasons why security is so hard, even though over the
years there is significant improvement in security technologies.
Que 2.30. ·I What is Access Control list (ACL) and also define what
are the technologies used in access control ?
IAKTU 2019-20, Marks 10 I
I
Access control list :
a An access-control list is a list of permissions attached to an object.
b. An ACL specifies which users or system processes are granted access to
objects, as well as what operations are allowed on given objects.
c. Each entry in a typical ACL specifies a subject and an operation.
d An access control list (ACL) is a table that tells a computer operating
system which access rights each user has to a particular system object,
such as a file directory or individual file.
e . Each object has a security attribute that identifies its access control list.
Access control technology includes :
1. Access Technology Architectures :
a Internet of Things (IoT) access control
b. .Physical Access Control System (PACS)
2. Communications technologies :
a Radio Frequency Identification (RFID) access control
b. Near Field Communication (NFC) access control
c. Bluetooth Access Control (BAC) access control
d Wireless access control technology.
3. Authentication technologies :
a Biometric access control technology
b. Smart card access control technology
 2-20 W (CC-Sem-3 & 4) Confidentiality Policies

c. Mobile Access Control (MAC) access control

d. Two Factor Authentication in access control .
4. Infrastructure technologies :
a. Internet switches for access technology
b. CAT6 Cable access control technology
c. Power over Ethernet (PoE) access control
d. IP based Access Control.

~1Write short- notes on Software Fault Isolation (SFI)

'Qtfe,~.'31.

i. Goal and solution, ii. SFI approach. IAK'.l'U 2019-20, Marks 10 I

Answer
\,f '. ,·I
= :t;G
Goal and solution :
1. Software Fault Isolation (SFI) is an alternative for unsafe languages,
example C, where memory safety is not granted but needs to be enforced
at runtime by program instrumentation.
2. SFI is a program transformation which confines a software component
to a memory sandbox. This is done by pre-fixing every memory access
with a carefully designed code sequence which efficiently ensures that
the memory access occurs within the sandbox.
SFI approach :
1. Traditionally, the SFI transformation is performed at the binary level
and is followed by an a posteriori verification by a trusted SFI verifier.
2. Because the verifier can assume that the code has undergone the SFI
transformation, it can be kept simple, thereby reducing both verification
time and the Trusted Computing Base.
3. This approach is a simple instance of Proof Carrying Code where the
complier is untrusted and the binary verifier is either trusted or verified.
4. Traditional SFI is well suited for executing binary code from an
untrusted origin.

{
I
J
/
I
I
,1
k
3,
UNIT
Secure Architecture
Principles Isolation
and Leas

CON TEN TS
Par t-1 Access Control Concepts, Unix .............. 3-2W to 3- SW
and Windows .~ccess Qontrol
Summary, Other ,Issues in
Access Contrp l . ·

Part-2 Introduct ion to ........................................ 3--SW to 3-l0W

Browser, lspl_a tion

Part-3 Web Security Definitions········'·· ········· .a.:..1ow to 3-17W

Goals and Thr~at l\f~dels;
HTTP Content Renderirig; ·
Br owser Isol&ti9ri ·

Part-4 Security Inter(ace, Cookies ................ 3-l 7W to 3-20W

Frames and Frame J;lusting, ·
Major Web Server Threats

Part~5 Cross Site Request Forgery, .............. 3-20W to 3-27W

Cross Site Scripting,
, Defeqses and Protection
Against XS$, Finding
Vulnerabilities, Secure Development

!>-1 W(CC-Sem-3&4)
 3-2W(CC-Sem-3&4) Secure Architecture Principles Isolation & Leas

~.;__._......._...;.;;._~-- ·1
"'""-.,. PART-1 , .
Assess Control Cqncepts: Unix and Windows Access
Contr<>l Summary, Other Issues in Access Control.

• Qu~stfons-Answers
',•

· L,ong An~er
.F >.
Type and.Medium Answer Type Questions
'v • ., , ,,

Q'g.e'~.l. IExplain briefly the term access control.

·Answer I
1. Access control is a method of limiting access to a system, physical or
virtual resources.
2. It is a process by which users can access and are granted certain privilege
to systems, resources or information.
3. Access control is a security technique that has control over who can
view different aspects, what can be viewed and who can use resources
• • • I
m a computmg environment. 1

4. It is a fundamental concept in security that reduces risk to the business

or organization.
5. Access control systems perform identification, authentication, and
authorization of users and entities by evaluating required login
credentials that may include passwords, pins, bio-metric scans or other
authentication factors .
6. There is multi-factor authentication which requires two or more
,authentication factors which is an important part of the layered defense
to protect access control systems.
au.~13.~•.. ·IDescribe different model~ of access conirol.
Following are the models of access control :
1. Discretionary Access Control (DAC) : Refer Q. 2.3, Page 2-3W,
Unit-2.
2. Role-Based Access Control (RBAC) :
i. RBAC, (also known as a non-discretionary access control), is used
when system administrators need to assign rights based on
organizational roles instead of individual user accounts within an
organization .
•I
1
'I
'i
Computer System Security 3-3W(CC-Sem-3&4)

n. It presents an opportunity for the organization to address the

principle ofleast privilege.
m. This gives an individual only the access needed to do their job, since
access is connected to their job.
3. Mandatory Access Control (MAC) : Refer Q. 2.5, Page 2- 3W,
Unit-2.
Que 3.3. I Discuss implementation of access control ABAC and
MAC.

Answer
Implementation of RBAC :
1. Windows and Linux environments use for implementation process.
2. Each group has individual file permissions and each user is assigned to
groups based on their work role.
3. RBAC assigns access based on roles. This is different from groups since
users can belong to multiple groups but should only be assigned to one
role.
4. _Example roles are: accountants, developer, among others.
Implementation of MAC :
1. Windows Vista-8 used a variant of MAC which is also called Mandatory
Integrity Control (MIC).
2. This type of MAC system added Integrity Levels (IL) to process/files
running in the login session.
3. The IL represented the level of trust the object would have.
4. Subjects were assigned an IL level, which was assigned to their access
token.
5. IL levels in MIC were: low, medium, high, and system.
6. Under this system, access to an object was prohibited unless the user
had the same level of trust, or higher than the object.
7. Windows limited the user to not being able to write or delete files with a
higher IL.
8. It first compared IL levels, then moved on to checking the ACLs to make
sure the correct permissions are in place.
9. This system took advantage of the Windows DAC system ACLs and
combined it with integrity levels to create a MAC environment. /

I
:Q~ e 3,.4;~~,: Briefly explain the uses of access control system.

!.«.Answert ~l
- , ,,....,J
1. Access control system is used to control access into certain areas located
within the interior ofbupdings.
 3-4 W (CC-Sem-3 & 4) Secure Architecture Principles Isolation & Leas

2. The purpose of an access control system is to provide quick, convenient

access to those persons who are authorized, while at the same time,
restricting access to unauthorized people.
3. Access control is used to minimize the risk of unauthorized access to
physical and logical systems.
4. Access control policies are used to protect confidential information, such
as customer data.
5. Access control systems are complex and can be challenging to manage
in dynamic IT environments that involve on-premises systems and cloud
services.

I
,Q~e~.;~, · What are the components of access control system?

~ s,lVer :J
Basics components of access control system are :
1. Access cards :
i The access card may be thought of as an electronic key.
ii The access card is used by persons to gain access through the doors
secured by the access control system.
llL Each access card is uniquely encoded. Most access cards are
approximately the same size as a standard credit card, and can
easily be carried in a wallet or purse.
2. Card readers :
i Card readers are the devices used to electronically read the access
card.
11. Card readers may be/of the insertion type (which requires insertion
of the card into the reader).
llL Card readers are usually mounted on the exterior (non-secured)
side of the door that they control.
3. Access control keypads :
i Access control keypads are devices which may be used in addition
to or in place of card readers.
ii The access control keypad has numeric keys which look similar to
the keys on a touch-tone telephone.
iii The access control keypad requires that a person desiring to gain
access must enter a correct numeric code.
1v. When access control keypads are used in addition to card readers,
both a valid card and the correct code must presented before entry
is allowed.

,,'
,,r
L
Computer System Security 3-6 W (CC-Sem-3 &4)

4. Electric lock hardware :

i. Electric lock hardware is the equipment that is used to electrically
lock and unlock each door that is controll' d by the access control
system.
ii. The specific type and arrangement of hardware to be used on each
door is determined based on the construction conditions at the
door.
iii. In almost all cases, the electric lock h ardware is designed to control
entrance into a building or secured space. To comply with building
and fire codes, the electric lock hardware never restricts the ability
to freely exit the building at any time.
5. Access control field panels :
i Access control field panels (also known as Intelligent Controllers)
are installed in each building where access control is to be provided.
n. Card readers, electric lock hardware, and other access control devices
are all connected to the access control field panels.
iii The access control field panels are used to process access control
activity at the building level.
iv. The number of access control field panels to be provided in each
building depends on the number of doors to be controlled.
v. Access control field panels are usually installed in telephone,
electrical, or communications closets.
6. Access control server computer :
i The access control server computer is the brain of the access control
system.
11. The access control server computer serves as the central database
and file manager for the access control system and is responsible
for recording system activity, and distributing information to and
from the access control field panels.
iii. A single access control server computer is used to control a large
number of card-reader controlled doors.
iv. The access control server computer is usually a standard computer
which runs special access control system application software.
v. In most cases, the computer is dedicated for full-time use with the
access control system.
-Q-ue--S-.~-.-1 Discuss access control principle and security principle
used for access control

!Ans:wer
Access control principles :
I. Principle of least privilege : It states that if nothing has been
specifically configured for an individual or the groups, he/she belongs to,
the user should not be able to access that resource i.e. , default no access.
3--6 W (CC-Sem-3 & 4) Secure Architecture Principles Isolation & Leas

2. Separation of duties : Separating any conflicting areas of responsibility

so as to reduce opportunities for unauthorized or unintentional
modification or misuse of organizational assets and/or information.
3. N eed to know : It is based on the concept that individuals should be
given access only to the information that they absolutely require in
order to perform their duties.
Security principles used for access control :
1. Identification : Identification describes a method of ensuring that a
subject is the entity it claims to be. For ex:=i mple, a user name or an
account number.
2. Authentication: Authentication is the method of proving the subjects
identity. For example, password, passphrase, PIN.
3. Authorization : Authorization is the method of controlling the access
of objects by the subject. For example, a user cannot delete a particular
file after logging into the system.
4. N on-repudiation: Non-repudiation is the assurance that someone
cannot deny something. Non-repudiation refers to the ability to ensure
that a party to a contract or a communication cannot deny the authenticity
ortheir signature on a document or the sending of a message that they
originated.
Que 3.7. IWhat are the characteristics and features of Unix?
Answer
Characteristics of Unix :
1. Memory allocation : It keeps tracks of primary memory i.e., which
part of it is in use or not and by whbm, as well as it allocates memory
when a program requests.
2. ,Processor management : It allocates the CPU for a process or
deallocates if not required.
3. Device management: It keeps tracks of all devices it decides for how
much time and to whom should be given the priority.
4. File management : It allocates and deallocates the resources; it also
decides to whom the resources should be given.
5. Security: By means of password and some other techniques, preventing
unauthorized access to program and data.
Features of Unix:
1. Portable: Unix can be installed on many hardware platforms.
2. Multi-user: The Unix users allow multiple users to concurrently share
hardware and software.
3. Multi-tasking: Unix allows a user to run more than one program at a
time.
 Computer System Security 3-7W (CC-Sem-3 &4)

4. Organized file system: Unix has organized file and directory system
that allows users to organize and maintain files .
5. Device independence: Unix treats input output devices as ordinary
files. The destination of file input and output is easily controlled through
Unix design feature called redirection.
6. Utilities : Unix provides a rich library of utilities that can increase
user's productivity.
Que 3.8. IDifferentiate between Unix and Windows.
Answer ]
,s.,No. Unix '',, Windows
1. It is an open source. It is not open source.
2. It has very high security It has low security system.
system.
3. It is a command based It is a GUI based operating system.
operating system.
4. The file system is arranged The file system is arranged in a
in hierarchical manner. parallel manner.
5. Unix is not user friendly. It is user friendly.

Que 3.9. j What are the various issues in access control ?

Aiiswer'
Issues related to access control are :
1. Appropriate role-based access :
i Users should only be given access to systems that they need to
access, and at a level that's appropriate to their role.
ii. Good practice is to ensure that access privileges (and changes) are
approved by a sufficiently senior director or manager.
Ill. Finally, access privileges should be reviewed regularly and amended
as part of a process of security governance.
2. Poor password management :
i. Password management is most common mistakes when it comes to
access control.
n. When there are a lot of different systems that require a password
to access then it is not uncommon for employees and even business
owners to use the same password across the board.
Ill. Even when employees are required to change their password
regularly though, there is still the problem of using passwords that
are weak and easy to crack.
 3-8W(CC-Sem-3&4) Secure Architecture Principles Isolation & Leas

iv.It is logical why people would do this since remembering multiple

passwords can often be impractical.
3. Poor user education :
a. One of the mo_st impor~ant aspects of improving the security of
company data 1s educatmg employees about risk.
b. ·~mployees could easily be doing things that are putting our data at
nsk.
c. Human error is always one of the biggest security risks for company
so we should be aware of this and take steps we can educate our
employees, including risk-training programs.

'1·F'~RT-2 1
lri:troduction to"B;owser 1so{ation.

, ,Long Ansvyer ~ .and Medi~ Answ~r '.l'ype Questions

.~··. '->-,·~· ..,,k .. ; · ;::,, ' ;.

Que 3.10.1 Oescribe browser isolation.

~s~ r .· I
1. Browser isolation is a cyber security model for web browsing that can be
used to physically separate an internet user's browsing activity from
their local machine, network and infrastructure.
2. With this model, individual browser sessions are abstracted away from
hardware and direct internet access, trapping harmful activity inside
the disposable environment.
3. Browser isolation may also be referred to as remote browser isolation,
web isolation or remote browsing.
4. A major weakness in popular security tools is protection from web or
browser-based attacks, malware and ransomware.
5. By separating browsing activity from endpoint hardware, the device's
attack surface is reduced, sensitive data is protected and malware or
other known and unknown security threats are minimized.
6. This is an evolution of the cyber security concepts of security through
physical isolation and air-gapping.
:Que 3.;1,1. IExplain working of browser isolation.
I

.,I
f \
''
ll
'I
'1
\ I~
Computer System Security 3-9 W (CC-Sem-3 & 4)

Answer
1. Browser isolation works by providing users with a disposable, non-
persistent environment for browsing.
2. This can be executed through a variety of methods but involves
virtualization, containerization or cloud browsing.
3. When a user closes the browsing session or the session is timed out, the
isolated environment is reset or discarded.
4. Any malicious code or harmful traffic is discarded as well, preventing it
from ever reaching the endpoint device or network.
5. The browser isolation method treats all websites, files and content equally
by labeling them as untrusted or blacklisted unless otherwise specified.
6. Within the isolated environment, files can be rendered remotely or
sanitized without the need to download them.
7. This is different from other security methods that do not treat information
equally and filter content based on potential threatening signs.

I
Que 3.12. Define browser isolation technology. What are browser
isolation vendors ?

Answer
Browser isolation technology : Browser isolation technology is a
technology delivered to customers through a cloud browser, a container, a
virtual machine or browser isolation technology hosted on a server.
Following are the browser isolation vendors :
L Apozy
ll. Authentic
Ill. Ericom
iv. Menlo security
V. Symantec
VI. WEBGAP

I
Que 3.13. What are the advantages and disadvantages of browser
isolation?

Answer )
Advantages of browser isolation :
1. The primary benefit to browser isolation is reducing the spread of
malware through web browsers.
 3-10 W (CC-Sem -3 & 4) Secure Architecture Principles Isolation & Leas

2. It is more effective than other anti-viru s applicat ion methods since it

does not need to be program med to find specific threats or risks.
Disadv antages of browse r isolatio n :
1. The installat ion of browser isolation can be complex or expensiv e.
2. Browser isolation may cause users to experien ce slight delay or lag
times when browsin g.

PART -3
Web $ec'lltrity f!efi.niti ons Goals and Threat Models, HTTP
Content Rendering, Browser Isolation.

Questio ns-Answ ers

Long Answer Type and Medium Answer Type Questio ns

l
Que 3.14. Define web securit y with its goals.

Answe r
1. Web security is :he process of securing confiden tial data stored online
from unautho rized access and modifica tion.
2. This is accompl ished by enforcin g strict policy measure s.
3. Website s are scanned for any possible vulnerab ilities and malware
through website security software . This software ca,n scan for backdoo r
hacks, redirect hacks, Trojans, and many other threats.
4. A website security software notifies the user if the website has any
issue and provides solution s to address them.
5. It is the cumulat ive phrase for all of the methods and measure that we
can use and enforce to keep the files behind our website and any data of
our custome rs safe.
6. Security should be built into our website from beginnin g, but certain
systf)ms, the likes of WordPr ess, allow us to easily install security
measure s at any time at little or no cost.
7. The goal of web security is to identify the following:
L Critical assets of the organiza tion
n. Genuine users who m&y access the data
111. Level of access provided to each user
iv. Various vulnerab ilities that may exist in the applicat ion
v. Data criticali ty and risk analysis on data exposur e.
vi. Appropr iate remedia tion measure s.

i
l
I
,.,'
Com put er Sys tem Sec urit y 3-1 1 W (CC-Sem-3 & 4)

Qu e 3.15 . \ Exp lain thr eat mo del ling . Wh

at is its pur pos e ?

An swe r, \
1. Thr eat mod ellin g is a pro ced ure for opti miz
ing netw ork sec urit y by
iden tify ing objectives and vuln erab iliti es,
and the n defi ning cou nter
mea sure s to prev ent, or mit igat e the effe cts
of thre ats to the sys tem .
2. In this con text , a thre at is a pote ntia l or
actu al adv erse eve nt tha t may
be malicious (suc h as a denial-of-service atta
ck) or inci den tal (suc h as
the fail ure of a stor age device) , and tha t can
com prom ise the asse ts of
an ente rpri se.
3. The key to thre at modelling is to
dete rmi ne whe re the mos t effo rt
sho uld be app lied to kee p a syst em secu re.
4. Thr eat mod ellin g is an iter ativ e
pro cess tha t con sist s of def inin g
ente rpri se asse ts, identifying wha t eac h app
lica tion doe s wit h resp ect to
thes e asse ts, crea ting a secu rity profile for eac
h app lica tion , iden tify ing
pote ntia l thre ats, prioritizing potential thre ats,
and doc ume ntin g adv erse
eve nts and the acti ons tak en in eac h case.
5. Thr eat mod ellin g is a stru ctur ed app
roac h to iden tify ing, qua ntif yin g,
and add ress ing thre ats.
6. It allows syst em secu rity staf f to com mun
icat e the pot enti al dam age of
secu rity flaws and prio ritiz e rem edia tion effo
rts.
Pur pos e of thr eat mo del ling :
1. The pur pos e of thre at mod ellin g is
to iden tify , com mun icat e, and
und erst and thre ats and miti gati on to the orga
nisa tion 's stak eho lder 's as
earl y as possible.
2. Doc ume ntat ion from this process prov
ides syst em ana lyst and defe nde rs
with a complete ana lysi s of prob able atta cke
r prof ile.
Qu e 3.16 . \ Dis cus s thr eat mo del ling me
tho dol ogi es.
~An swe r ·\
Following are the thre at modelling methodolog
ies :
1. STR IDE : STRIDE is a methodology tha
t pro vide s a mn
secur1·ty threats m· six
• cate gori
es :
· fi
emo mc or
a. Spo ofin g :
An adv ers ~ pos i?g ~ ano ther use r, com
oth er sys tem tha t has an iden tity m the sys pon ent, or
tem bein g mod elle d.
b. Tam per ing : The modifica
. · US al tion of dat a with in the syst em to hi
amallClO go . ac eve
c. Rep udi atio n : The abil ity
. . of an adv ersa ry to den y perfi •
som e m al1c1o us act·1vi·t Ym
. b
a senc e of suff icie nt proof. orm mg
 3-12 W (CC-Sem-3 & 4) Secure Archit.ecture Principles Isolation & Leas
r d. Information disclosure : The exposure of protected data to a
user that is not otherwise allowed access to that data.
e. Denial of service : It is an attack where the attackers attempt to
prevent legitimate users from accessing the service.
2. DREAD : DREAD was proposed for threat modelling but due to
inconsistent ratings it was dropped by Microsoft in 2008. It is currently
used by open stack and many other corporations. It provides a mnemonic
for risk rating security threats using five categories :
a. Damage potential : Ranks the extent of damage that would occur
if vulnerability is exploited.
b. Reproducib ility : Ranks how easy it is to reproduce attack.
c. Exploitabil ity : Assigns a number to the effort required to launch
the attack.
r
I
d. Affected users : A value characterizin g how many people will be
impacted if an exploit become widely available.
e. Discoverab ility : Measures the likelihood how easy it is to discover
the threat.
3. PASTA:
i The Process for Attack Simulation and Threat Analysis (PASTA) is
risk-centric methodology.
11. The purpose is to provide a dynamic threat identificatio n,
enumeration , and scoring process.
UL Upon completion of threat model security, subject matter experts
develop a detailed analysis of the identified threats.
1v. Finally, appropriate security controls can be enumerated. This helps
developer to develop a asset-centric mitigation strategy by analyzing
attacker-cen tric view of application.
4. Trike:
L The focus is in using threat models as risk managemen t tool.
n. Threat models are based on requirement model.
m. The requiremen ts model establishes the stakeholder- defined
acceptable level of risk assigned to each asset class.
iv. Analysis of the requirement s model yields a threat model from
which threats are identified and assigned risk values.
v. The completed threat model is used to build a risk model on the
b~is of asset, roles, actions, and calculated risk exposure.
5. VAST:
L VAST is an acronym for Visual, Agile, and Simple Threat modelling.
n. This methodology provides actionable outputs for the unique needs
of various stakeholders like application architects and developers,
cyber security personnel etc.
Computer System Security ~13 W (CC-Sem-3 & 4)

ill. It provides a unique application and infrastructure visualization

scheme such that the creation and use of threat models do not
requrre specific security subject matter expertise.
6. Attack tree :
1. Attack trees are the conceptual diagram showing how an asset, or
target, might be attacked.
u. These are multi-level diagram consisting of one root node, leaves
and children nodes.
ill. Bottom to top, child nodes are conditions which must be satisfied to
make the direct parent node true.
1v. An attack in considered complete when the root is satisfied. Each
node may be satisfied only by its direct child nodes.
7. Common Vulnerability Scoring System (CVSS) :
1. It provides a way to capture the principal characteristics of
vulnerability and produce a numerical score depicting its severity.
n. The score can then be translated into a qualitative representation
to help organizations properly assess and prioritize their vulnerability
management processes.
8. T-MAP:
L T-MAP is an approach which is used in Commercial Off The Shelf
(COTS) systems to calculate the weights of attack paths.
ii This model is developed by using UML class diagrams, access class
diagrams, vulnerability class diagrams, target asset class diagrams
and affected value class diagrams.

Que 3.17. ] Explain tools used for threats modelling.

Answer
Tools used for threat modelling :
1. Microsoft's threat modelling tool : This tool identifies threats based
on STRIDE threat classification scheme and it is based on Data Flow
Diagram (DFD).
2. My App security :
a. It offers the first commercially available threat modeling tool i.e.,
Threat Modeler.
b. It uses VAST threat classification scheme and it is based on Process
Flow Diagram (PFD).
3. IriuRisk :
a. It offers both a community and a commercial version of the tool.
b. This tool is primarily userl to create and maintain live threat model
through the entire SDLC.
~14 W (CC-Sem-3 & 4) Secure Archit.ecture Principles Isolation & Leas

c. It connects with other several different tools like OWASP ZAP

BOD-Secur ity etc., to facilitate automation and involves fully'
customizabl e questionnai res and risk pattern libraries.
4. securiCAD :
a It is a threat modelling and risk managemen t tool.
b. Risk are identified and quantified by conducting automated attack
simulations to current and future IT architecture s, and provides
decision support based on the findings.
c. securiCAD is offered in both commercial and community editions.
5. SD elements by security compass : It is a software security
requiremen ts managemen t platform that includes automated threat
modelling capabilities.
6. Modelling attack trees : Commercia l tools like Se cur !Tree, --
AttackTree + and open source tools like ADTool, SeaMonster are used
to model attack trees.
7. Tiramisu:
a This tool is used for T-MAP approach.
b. It is used to calculate a list of all attack paths and produce overall
threats in terms of total weight of attack paths.
Que 3.18. f How to create a threat model ?

Answe r
All threat modelling process start with creating visual representati on of
application or system being analyzed. There are two ways to create visual
representat ion :
a. Visual representa tion using data flow diagram :
1. The Microsoft methodology , PASTA and Trike each develop a visual
representat ion of the application- infrastructu re utilizing data flow
diagrams (DFD).
2. DFDs are used to provide a high-level visualizatio n of how an
application works within a system to move, store, and manipulate
data.
3. ·The concept of trust boundaries was added by security professionals
in an attempt to make them applicable for threat modelling.
4. DFDs are used to identify broad categories usually using STRIDE
threat classificatio n scheme.
5. The list of threats identifies through such methods is limited and
thus a poor starting point for the modelling.
6. DFD based approach uses three main steps :
L View system as an adversary
Computer System Security 3-15 W (CC-Sem-3 & 4)

n. Characterize the system

w. Determine the threats
7. DFD based approach has certain weakness :
L DFD does not accurately represent design and flow of
application.
n. They analyse how data is flowing rather than how user interacts
with system.
w. DFD based threat modelling has no standard approach due to
which different people create threat models with different
output for the same scenario or problem.
b. Visual representation using process flow diagram :
1. To deal with the limitations of DFD based threat modelling Process
Flow Diagrams were introduced as a tool to allow Agile software
development teams to create threat models based on the application
design process.
2. These were designed to illustrate how attacker thinks.
3. Attacker does not analyze data flow. Rather, they try to figure out
how they can move through application which was not supported
in DFD based threat modelling.
4. Their analysis lays emphasis on how to abuse ordinary use cases to
access assets or other targeted goals.
5. Threat models based on PFD view application from the perspective
of user interactions.
6. Following are the steps for PFD based threat modelling :
L Designing application's use cases.
n. The communication protocols by which individuals move
between use cases are defined.
w. Including t~e various technical controls such as a forms, cookies
etc.
7. PFD based threat modelling has following advantages :
L PFD based threat models are easy to understand that do not
require any security expertise.
n. Creation of process map-showing how individuals move
through an application. Thus, it is easy to understand
application from attacker's point of view.

Qjie 3 .19. j What is rendering? Discuss rendering engine. List some

rendering engine in web browser.
Computer System Security 3-17 W (CC-Sem-3 & 4)

14. The browser renders the page on the screen according to the DOM
tree and the style information for each node.
15. We see the page on the screen.
List of rendering engines produced by major web browser vendors:
1. Blink : It is used in Google Chrome, and Opera browsers.
2. WebKit : It is used in Safari browsers.
3. Gecko : It is used in Mozilla Firefox browsers.
4. Trident : It is used in Internet Explorer browsers.
5. EdgeHTML : It is used in Edge browsers.
6. Presto : Legacy rendering engine for Opera.
Que 3.20. f Explain browser isolation in detail.

Answer
Refer Q. 3.10, Page 3--8W, Unit-3.

I PART-4 1
Security Interface, Cookies_Frames and Frame Busting, Major
Web -S erver Threats: , . -

, Questions- Answ:ers

'LongAn~ er Type and_Medium Answer Type Questio~s

~ • "" -x , ,..... t"

I
Que 3.21. Explain security interface framework .

~swer ]
1. The security interface framework is a set of Objective-C classes that
provide user interface elements for programs that implement security
features such as authorizatio n, access to digital certificates, and access
to items in keychains.
2. User Interface (UI) defines the way humans interact with the information
systems.
3. User Interface (UI) is a series of pages, screens, buttons, forms and
other visual elements that are used to interact with the device. Every
app and every website has a user interface.
4. User Interface (UI) design is the creation of gra phi~, illustrations , and
use of photographi c artwork and typography to enhance the display and
layout of a digital product within its various device views.
 3-18 W (CC-Sem-3 & 4) Secure Archit.ecture Principles Isolation & Leas

5. Interface elements consist of input controls (buttons, drop-down menus,

data fields), navigationa l components (search fields, slider, icons, tags),
information al components (progress bars, notifications , message boxes).

I
Que 8.22. Describe cookies and frame busting.

Answer
Cookies:
1. These are small text files that the web browser stores on the computer.
2. The first time we visit a page on the internet, a new cookie is created,
which collects the information that can be accessed by the website
operator.
3. However, some browsers store all cookies in a single file.
4. The information in this text file is in turn subdivided into attribut.es that
are included individually .
Frame busting :
1. Frame busting refers to code or annotation provided by a web page
intended to prevent the web page from being loaded in a sub-frame.
2. Frame busting is the recommend ed defense against click-jacking and is
also required to secure image-based authenticati on such as the sign-in
seal used by Yahoo.
3. Sign-in seal displays a user-selecte d image that authenticate s the Yahoo
login page to the user.
4. Without frame busting, the correct image is displayed to the user, even
though the top page is not the real Yahoo login page.
5. New advancemen ts in click jacking techniques using drag and drop to
extract and inject data into frames makes frame busting even more
critical.

Que 3..23. IDiscuss web server threats in details.

.Answer
Major web server threats are :
1. Injection flaws :
a . Injection flaws, such as SQL, OS injection occur when untrusted
data is sent to an interpreter as part of a command or query.
b. The attacker's hostile data can trick the interpreter into executing
unintended commands or accessing data without proper
authorizatio n.
2. Sensitive data exposure :
a Many web applications and APis do not properly protect sensitive
data such as financial, healthcare.

l
l
,I
•
d
Computer System Security 3-19 W (CC-Sem-3 & 4)

b. Attackers may steal or modify such weakly protected data to conduct

credit card fraud, identity theft, or other crimes.
c. Sensitive data may be compromised without extra protection, such
as encryption at rest or in transit, and requires special precautions
when exchanged with the browser.
3. XML external entities :
a Many older or poorly configured XML processors evaluate external
entity references within XML documents.
b. External entities can be used to disclose internal files using the file
URI handler, internal file shares, internal port scanning, remote
code execution, and denial-of-ser vice attacks.
4. Broken access control :
a Restrictions on what authenticate d users are allowed to do are
often not properly enforced.
b. Attackers can exploit these flaws to access unauthoriz ed
functionality and/or data, such as access other users accounts, view
sensitive files, modify other users, data, change access rights, etc.
5. Cross-Site Scripting (XSS) :
a Injects malicious code from a trusted source to execute scripts in
the victim's browser that can hijack user sessions or redirect the
user to malicious sites.
b. Cross-site scripting is a common vector that inserts malicious code
into a web application found to be vulnerable.
c. Unlike other web attack types, such as SQL, its objective is not our
web application. Rather, it targets its users, resulting in harm to
our clients and the reputation of our organization.
6. Reflected xss:
a Reflected XSS use a malicious script to reflect traffic to a visitor's
browser from web application.
b. Initiated via a link, a request is directed to a vulnerable website.
c. Web application is then manipulated to activate harmful scripts.
7. Cross-Site Request Forgery (CSRF) :
a It is also known as XSRF, Sea Surf, or session riding, cross-site
request forgery deceives the user's browser-log ged into our
application-t o run an unauthorize d action.
b. A CSRF can transfer funds in an authorized manner and change
passwords, in addition to stealing session cookies and business data.
8. Man in the Middle Attack (MITM) :
a. A man in the middle attack can occur when a bad actor positions
himself between application and an unsuspectin g user.
b. MITM can be used for eavesdroppi ng or impersonatio n.
 3-20 W (CC-Se m-3 & 4) Secure Archite cture Principles Isolation & leas

c. Meanw hile, accoun t creden tials, credit card numbe rs and other
person al inform ation can easily be harves ' '
ted by the attacke r.
9. Phish ing attack :
a. Phishin g can be set up to steal user data, such as credit card and
login inform ation.
b. The perpet rator, posing as a trustwo rthy entity, fools their prey
into openin g an email, text memo, or instant messag e.
c. Then attract to click a link that hides a payload .
d Such an action can cause malwa re to be covert installe d.
e. It is also possibl e for ransom ware to freeze the user's PC, or for
sensiti ve data to be passed.
10. Remo te File inclus ion (RFI) :
a Remot e File Inclusi on (RFI) exploit s weakne sses in those web
applica tions that dynami cally call externa l scripts.
b. Taking advant age of that functio n, an RFI attack uploads malwa re
and takes over the system .
11. Using compo nents with known vulner abiliti es: It occurs when
attacke rs are able to take control of and exploit vulnera ble librarie s,
framew orks, and other module s runnin g with full privileg es.
12. Insuff icient loggin g and monit oring :
a Insuffi cient logging and monito ring, allows attacke rs to attack
system s, mainta in persist ence, pivot to more system s, and tamper,
extract , or destroy data.
13. Backd oor attack :
a Being a form of malwa re, a backdo or circum vents login
authen ticatio n to enter a system.
b. Many organiz ations offer employ ees and partner s remote access to
applica tion resourc es, includi ng file servers and databas es.
c. This enable s bad actors to trigger system comma nds in the
compro mised system and keep their malwa re update d.
d The attacke r's files are usually heavily cloaked , making detecti on
problem atic.

PAR T-5 I
Cross Site Reque st Forgery, Cross Site-Sc ripting, Defenses
and Protection Again st XSS, Findin g Vulnerabilities,

- · Secure Development.

~<
I
~

t
l
I
Com puter Syste m Secu rity 3-21 W (CC- Sem- 3 & 4)

Que stion s-An swer s

s
Lon g Answ er Type and Med ium Answ er Type Que stion
"

I
Que 3.24. Desc ribe cros s-sit e requ est forg ery in deta
ils.

Ans wer
end user to
1. Cross -site reque st forge ry (CSRF) is an attac k that forces an
h they are
exec ute unwa nted actio ns on a web appli catio n in whic
curre ntly authe ntica ted.
not theft of
2. CSRF attac ks specifically targe t state -chan ging reque sts,
the forge d
data, since the attac ker has no wJy to see the respo nse to
reque st.
emai l or
3. With the help of socia l engin eerin g (such as send ing a link via
execu ting
chat) , an attac ker may trick the users of a web appli catio n into
actio ns of the attac ker's choosing.
I
Websi te
visito r ®A visitor clic~
Perpe trator embed s on the link,
the reque st into a inadv ertent ly
hyper link and sends sendin g the
it to visito rs who may reque st to the
be logged into the site Websi te valida tes reque st websi te
and transf ers funds from
the visito rs accou nt to the
perpe trator
Perpe trator I Webs ik I
CD
Perpe trator forges a reque st for
a fund transf er to a websi te
Fig. 8.24. 1.

If the victim is a norm al user, a succe ssful CSR F, attac k

can force the
4.
, chan ging
user to perfo rm state chang ing reque sts like trans ferrin g funds
their emai l addre ss, and so forth .
romi se the
5. If the victim is an admi nistr ative accou nt, CSRF can comp
entir e web appli catio n.
s a web
6. Cross -Site Requ est Forg ery (CSRF) is an attac k vecto r that trick
n to whic h a
brow ser into exec uting an unwa nted actio n in an appli catio
user is logged in.
ess and
7. A succe ssful CSRF attac k can be deva statin g for both the busin
zed fund
user. It can resul t in dama ged clien t relati onsh ips, unau th~ri I
 3-22 W (CC-Sem-3 & 4) Secure Architecture Principles Isolation & Leas

transfers, changed passwords and data theft-including stolen session

cookies.
8. As the unsuspecting user is authenticated by their application at the
time of the attack, it is impossible to distinguish a legitimate request
from a forged one.

Que 3.25. IHow can we prevent CSRF attack ?

Answer
We can prevent CSRF attack in two ways :
1. On user side : User side prevention is very inefficient in terms of
j browsing experience, prevention can be done by browsing only a singfe
tab at a time and not using the remember-me functionality.
2. On server side :
J
I
a. There are many proposed ways to implement CSRF protection on
server side, among which the use ofCSRF tokens is most popular.
b. A CSRF token is a string that is tied to a user's session but is not
submitted automatically.
c. A website proceeds only when it receives a valid CSRF token along
with the cookies, since there is no way for an attacker to know a
user specific token, the attacker cannot perform actions on user's
behalf.
I
r

Que 3.26. When does CSRF attack takes place ?

Answer
For a CSRF attack to be possible, three key conditions must be followed :
1. A relevant action :
a. There is an action within the application that the attacker has a
reason to induce.
b. This might be a privileged action (such as modifying permissions
for other u~ers) or any action on user-specific data (such as changing
the user's own password).
2. Cookie-based session handling :
a Performing the action involves issuing one or more HTTP requests,
and the application relies solely on session cookies to identify the
user who has made the requests.
b. There is no other mechanism in place for tracking sessions or
validating user requests.
(

'
J
 I

Computer System Security 3-23 W (CC-Sem-3 & 4)

I

3. No unpredictable request parameters :

a. , The requests that perform the action do not contain any parameters
whose values the attacker cannot determine or guess.
b.' For example, when causing a user to change their password, the
I '
function is not vulnerable if an attacker needs to know the value of
the existing password.

Que ~~1-.,·
::;,~ r. ,{' }"-,· .;:;,.
Write short note on cross-site scripting (XSS).

:~sw~r'
t ( ~- ·1 -/<" _;,.., ]

1. Cross-site scripting (XSS) is vulnerability in a web application that allows

a third party to execute a script in the user's browser on behalf of the
web application.
1 -2_ Cross-site scripting is one of the most prevalent vulnerabilities present
on the web.
3. The exploitation of XSS against a user can lead to various consequences
such as account compromise, account deletion, privilege escalation,
-malware infection and many more.
4. It allows an attacker to masquerade as a victim user, to carry out any
actions that the user is able to perform and to access any of the user's
data.
5. If the victim user has privileged access within tile-application then the
attacker might be able to gain full control over all of the applications
functionality and data.
fi. Describe the types of cross-site scripting.

Depending on the context, there are two types ofXSS:

1. Reflected XSS :
1. If the input has to be provided each time to execute, such XSS is
called reflected. 1
IL These attacks are mostly carried out by delivering a payload directly
to the victim.
I
m. Victim requests a page with a request containing the payload and
the payload comes embedded in the response as a script.
iv. An example of reflected XSS is XSS in the search field.
 3-24 W (CC-Sem-3 & 4) Secure Architecture Principles Isolation & Leas

®
Perpetra tor injects the ~ ® For each visit to the
website with a malicious ~ ~ ~ , 1>,;te, th, maHdou s
script that steal each
\ \cr;pt ;, act;vat, d
visitor's session
cookies

Perpetra tor Visitor's session cookie Website

is sent to perpetra tor visitor

CD Perpetra tor discovers a

website having a
vulnerab ility that enables
script injection
Fig. 3.~.1.
t¥t4.x

2. Stored XSS :·
a When the respons e contain ing the payload is stored on the server
in such a way that the script gets execute d on every visit withou t
submis sion of payload, then it is identifi ed as stored XSS.
b. An exampl e of stored XSS is :XSS in the comme nt thread.

1 Attacke r gets marc·o

1 1 U s d aa
t into the
databas e (no social enginee ring required )
Perpetra tor

- 2. Entirely innocen t request

,, 3. Bad app
-
4. Response include s maliciou s
-- retrieve s
malicious
Website Website
data as active content data and
-- uses it
verbati m

i
Que~ .29" Write short notes on followi ng :
i. Cross site scripti ng,
ii. Why is HTfPs not used for all web traffic ?

IAl<TU 2()19-20, Marks 10)

L Refer Q. 3.27, Page 3-23W, Unit-3.
Compute r System Security ~25 W (CC-Sem-3 & 4)

n. HTTPs is not used for all web traffic because :

1. The cost of operatio ns : Although servers are faster and
implemen tation of SSL is more optimized, it still costs more than
doing plain http.
2. Does not work with virtual hosts : Virtual hosts allow the Web
host to serve multiple websites from the same physical server with
the same IP address. It works with regular H'ITP connectio ns, but
it does not work with HTTPs.

I
Que 3.30. Explain protectio n methods used for CSRF.

Answer
The protection methods used for CSRF are :
. 1. Anti CSRF Token:
a. This is a cryptogra phically strong string that is submitted to the
website separatel y from cookies.
b. This can be sent as a request paramete r or as an HTTP header.
c. The server checks for the presence and correctne ss of this token
when a request is made and proceeds only if the token is correct
and the cookies are valid.
2. HM'P PUT method:
a. The PUT method is used to create instances of a resource on the
server.
b. It is similar to POST except that sending the same PUT requests
multiple times does not do anything extra.
c. If the server is using PUT method for sensitive actions then there
is no need for any additiona l CSRF protection (unless Cross-Ori gin
Resource Sharing is' enabled) at that endpoint.
d It is because the PUT request cannot be duplicate d through a web
page like POST request (HTTP forms dp not allow PUT requests).
3. HTTP bearer authenti cation :
a. This is a type of HTTP authentic ation where the user is identified
through a token that is submitted in authoriza tion header of each
request.
b. This mechanis m solves CSRF because unlike cookies it is not
submitted by the browser automatic ally.
c. There are problems and potential bypasses to each of these methods.
d. Anti CSRF tokens do not have a fixed standard so their generatio n
✓
mechanis m and use depends solely on how developer s intended it
to be.
3-26 W (CC-Sem-3 & 4) Sec~ Architecture Principles Isolation & Leas

e. Due to this lack of a standard, a lot of implementation specific

loopholes exist in web applications.

Que 3.31. f Explain different ways used to prevent XSS.

~swer, 1
Different ways used to prevent XSS are :
1. Escaping :
a. The first method used to prevent XSS vulnerabilities from appearing
in our applications is by escaping user input.
b. Escaping data means taking the data an application has received
and ensuring it is secure before rendering it for the end user.
c. By escaping user input, key characters in the data received by a
web page will be prevented from being interpreted in any malicious
way.
d In essence, we are censoring the data our web page receives in a
way that will disallow the characters especially <and> characters
from being rendered, which otherwise could cause harm to the
application and/or users.
2. Validating input :
a. Validating input is the process of ensuring an application is rendering
the correct data and preventing malicious data from doing harm to
the site, database, and users.
b. While whitelisting and input validation are more commonly
associated with SQL injection, they can also be used as an additional
method of prevention for XSS.
c. Whereas blacklisting, or disallowing certain, predetermined
characters in user input, disallows only known bad characters,
whitelisting only allows known good characters and is a better
method for preventing XSS attacks as well as others.
d Input validation is especially helpful and good at preventing XSS in
forms, as it prevents a user from adding special characters into the
fields, instead refusing the request.
3. Sanitizing:
a . A third way to prevent cross-site scripting attacks is to sanitize user
input.
b. Sanitizing data is a strong defense, but should not be used alone to
battle XSS attacks.
c. Sanitizing user input is especially helpful on sites that allow HTML
markup, to ensure data received can do no harm to users as well as
our database by scrubbing the data clean of potentially harmful
markup, changing unacceptable user input to an acceptable format.
 \

Computer System Security 3-27 W (CC-Sem-3 & 4)

I
Que 3.32. Describe XSS vulnerabilities.

Answer 1
Following are :XSS vulnerabilities :
1. Stored :XSS vulnerabilities :
a. Stored attacks are those where the injected script is permanently
stored on the target servers, such as in a database, in a message
forum, visitor log, comment field, etc.
b. The victim then retrieves the malicious script from the server when
it requests the stored information. Stored XSS is also referred to as
Persistent or Type-I XSS.
2. Reflected XSS vulnerabilities :
a. Reflected attacks are those where the injected script is reflected off
the web server, such as in an error message, search result, or any
other response that includes some or all of the input sent to the
server as part of the request.
b. Reflected attacks are delivered to victims via another route, such
as in an e-mail message, or on some other website.
c. When a user is tricked into clicking on a malicious link, submitting
a specially crafted form the injected code travels to the vulnerable
web site, which reflects the attack back to the user's browser.
d The browser then executes the code because it came from a trusted
server.
e. Reflected XSS is also referred to as Non-Persistent or Type-II XSS.
3. Server-side versus DOM-based vulnerabilities :
a XSS vulnerabilities were first found in applications that performed
all data processing on the server side.
b. User input (including an XSS vector) would be sent to the server,
and then sent back to the user as a web page.
c. The need for an improved user experience resulted in popularity of
applications that had a majority of the presentation logic working
on the client-side that pulled data, on-demand, from 'the server
using AJAX.
d. As the JavaScript code was also processing user input and rendering
it in the web page content, a new sub-class of reflected XSS attacks
started to appear that was called DOM-based cross-site scripting.
e. In a DOM-based XSS attack, the malicious data does not touch the
web server. Rather, it is being reflected by the JavaScript code,
fully on the client side.
 I
UNIT
Basic C'r yptogra phy

CONTENTS
Part-1 : Public Key Cryptography, . ~ .......i.:o .. .-........,4-2W to 4-SW.
RSA Public Key_yrypto ' :· ' . -: - - ' ·
. . !

P art-2 : lligital Signature Hash· F~~tfo:ri.s, ...... 4-8W to 4-19W

Public Key :PistributiQn ·. : ·,, , -, ,-
t
.. -
;- ...... '
- ; - • >- .,'),; ->. -~~ " ,, , / . ~ ~Y . - ~, -"-· -, ., -.,;. ~ ,
P art-3 : Real Worltl -ProtocQls,
'
,.,.... ::.....
'?,._ .·._
,; . , '
~:.;-.:.'.:..:... ,i;;.19W
"','•'"',;_:,... ~- ' t"
,._, < .. '
to;- 4-22W
..,.., --

, Basic Terminologie_s ; ·. " ~· ' ·

(, ,''

Part-4 : Email Security· C~rtifiJates_. ....~ ........ ::.~22w to ,4-~SW

Transport -Layer Secutj'ty, . '_. , . ' _, _ ', -_ - - :,
TLS; IP Setutjty ' " , " ,, .
'
/

·, Pa:tt-5
l
DNS Security .......... :;;.....:.._..... '.\ .............. 4-28W
< }
/.

,,,.,, •'\,,
to 4-3SWi

4-1 W(CC-Sem-3&4)
4-2 W (CC-Sem-3 & 4) Basic Cryptography

PART-1
Public Key Cryptography, RSA Public Key Crypto.

Questions-Answers

Long Answer Type and Medium Answer Type Questions

"'

Que 4.1. IDiscuss public (asymmetric) key cryptography.

Answer
1. In public key cryptography, there are two keys : a private key and a
public key.
2. The private key is kept by the receiver. The public key is announced to
the public.
3. In Fig. 4.1.1 imagine Aaditya wants to send a message to Jyoti. Aaditya
uses the public key to encrypt the message. When the message is
received by Jyoti, the private key is used to decrypt the message. ·
4. In public key encryption/decryption, the public key that is used for
encryption is different from the private key that is used for decryption.

Aaditya
f
I
I
nf
To the public
t_!-:.•=======·-= f Jyoti's public key
Jyoti's private key
Jyoti
D
t Ciphertext _ _.;___rjP'l .
Encryption1-- - ~.i Decryption amtext

Fig. 4.111. Asymmetric key cryptography.

L •

Que 4.2. ·1What is the principle of public key cryptography? Discuss

the applications for public key cryptography.

~~~--J
Principle of public key cryptography :
1. The concept of public key cryptography evolved from an attempt to
solve the most difficult problems associated with symmetric encryption :
L Two communicants already share a key, which has been distributed
to them.
Computer System Security 4-3 W (CC-Sem-3 & 4)

The use of a key distribution center.

ii.
2. The second problem negates the very essence of cryptograph y i.e., the
ability to maintain total secrecy over the communicat ion.
Applicatio ns for public key cryptograp hy : The use of public key
cryptograph y is classified into three categories :
a. Encryption /decryptio n : The sender encrypts a message with the
recipient's public key.
b. Digital signature: The sender signs a message with its private key.
Signing is achieved by a cryptograph ic algorithm applied to the message
or to a small block of data that is a function of the message.
c. Key exchange: Two sides cooperate to exchange a session key. Several
different approaches are possible, involving the private keys of one or
both parties.

Que 4.3. I Difference between symmetric and asymmetric key

cryptograp hy.

hswe~
,, '.
S. No. Symmetric ;k~y, ,,• . :
lto;: Asy:gimetriC:key ,
,·.·,,,_~\\' :(; ~•_:;.. ~ ·.,.... ' _;:!
•'
, k- --~ ,.
" cryptogra phy · · · · ' ' cryptograp hy '

1. It uses a single key for both It uses two different keys-public

encryption and decryption of
data.
2. Both the communica ting
parties share the same
algorithm and the key.
key for encryption and private
key for decryption.
Both the communica ting parties
should have at least one of the
matched pair of keys.

3. The pro~esses of encryption The encryption and decryption

and decryption are very fast. processes are slower as compared
to symmetric-k ey cryptograph y.
4. Key distributio n is a Key distribution is not a problem.
problem.
5. The size of encrypted text is The size of encrypted text is more
same or less than the original than the size of the original text.
text. .

Qu~ 4:4. . 1Describe RSA algorithm. In RSA, given e =7 and n =3.

Encrypt the message "ME" using 00 to 25 for letters A to Z.
4-4 W (CC-Sem-3 & 4) Basic Cryptograph y

Answer
RSA algorithm :
1. RSA is a public key encryption algorithm, named for its inventors (Rivest,
Shamir and Adleman).
2. The RSA algorithm is based on the mathematic al part that it is easy to
find and multiply large prime numbers together, but it is extremely
difficult to factor their product.
3. The RSA algorithm is shown as :
a. Choose two large prime numbers p and q .
b. Calculate n =p x q.
c. Select the public key (i.e., the encryption key) e such that it is not a
factor of (p - 1) and (q - 1).
d Select the private key (i.e., the decryption key) d such that the
following equation is true :
(d x e) mod (p - 1) x (q - 1) = 1
e. For encryption, calculate the cipher text C from the plain text Mas
follows:
C=Memod n
f.
Send C as the cipher text to the receiver.
g.
For decryption, calculate the plain text C from the cipher text C as
follows:
M=V1mod n
Numerical :
1. Translate the numbers into letters : M = 12 and E =4
2. Encrypt each block Musing, C = M1 (mod 3)
3. ForM= 12
C = 127 (mod 3)
= 124 x 123 (mod 3)
= (122) 2 x 122 x 12 (mod 3) =0
ForE=4
C = E 1 (mod 3)
= 4 7 (mod 3)
= 4 (mod 3) = 1
The encrypted ciphertext is : 0 and 1.
~
0

u~ 4.5. ' I Explain RSA algorithm. Perform encryption and

decryption using RSA algorithm for p =11, q =13, e =7, m =9.
OR
Explain RSA using example.
Computer System Security 4-5 W (CC-Sem--3 & 4)

'Answer j
RSA algorithm : Refer Q. 4.4, Page 4--3W, Unit-4.
Numerical:
Step 1 :p = 11, q = 13 .
Step 2 : n = p x q = 11 x 13 = 143
Step 3 : Calculate
q>(n) = (p - 1) (q - 1)
= (11- 1) (13 -1) = 10 X 12 = 120
Step 4 : Determine d such that de = 1 (mod 160)
d = e -- 1 mod 160
Using extended Euclidean algorithm we calculated.
q rl r2 r t1 lz t
17 120 7 1 0 1 -17
7 7 1 0 1 -17 120
1 0 -17 120
= - 17mod 120
d = 103
Public key= {7, 143}
Private key= {103, 143}
Encryption (C) = Me (mod n)
M=9
C = 97 mod 143
= [(9" mod 143) x (g2 mod 143)
(91 mod 143)] mod 143
= (126 x 81 x 9) mod 143
= 91854 mod 143 = 48
Decryption (M) = 13103 mod 143
Que 4.6.- IDiscuss public key cryptography. Explain RSA algorithm
= = = =
with suitable steps. Let p 17, q 11, e 7 and d 23. Calculate the
public key and private key and show encryption and decryption for
plain text M = 88 by using RSA algorithm.
~;wei:_ , )
Public key cryptography: Refer Q. 4.1, Page 4-2W, Unit-4.
RSA algorithm: Refer Q. 4.4, Page 4--3W, Unit-4.
Numerical:
Step 1 : p =17, q = 11
 ~ W (CC-Sem-3 & 4) Basic Cryptography

St~p 2: n =p x q = 17 x 11 = 187
Step 3 : Calculate <j>(n) = (p - 1) (q - 1) = 16 x 10 = 160
Step 4 : d = 23 and e = 7
Public key is {7, 187}
Private key is {23, 187}
Encryption : Ciphertext is
C = M e mod n = 887 mod 187 = (882 mod 187) (885 mod 187)
= [77 x (77 x 77) x 88] mod 187 = 11
C= 11
Decryption : Plaintext is
M = CC' mod n = 1123 mod 187 =(115 mod 187) (11 18 mod 187)
= [44 x (44 x 44 x 44) (113 mod 187)] mod 187
= [444 x 22] mod 187 =88
Que 4.7-. IWhat are the advantages and disadvantages of RSA?
Answer
Advantages of RSA:
1. Convenience : It solves the problem of distributing the key for
encryption.
2. Provides message authentication : Public key encryption allows
the use of digital signatures which enables the recipient of a message to
verify that the message is from a particular sender.
3. Detection of tampering : The use of digital signatures in public key
encryption allows the receiver to detect if the message was altered in
transit. A digitally signed message cannot be modified without invalidating
the signature.
4. Provides non-repudiati on : Digitally signing a message is related to
physically signing a document. It is an acknowledgeme nt of the message
and thus, the sender cannot deny it.
Disadvantage s of RSA :
1. Public keys should/must be authenticated : No one can be
absolutely sure that a public key belongs to the person it specifies and so
everyone must verify that their public keys belong to them.
2. Slow: Public key encryption is slow compared to symmetric encryption.
Not feasible for use in decrypting bulk messages.
3. Uses more computer resources : It requires a lot more computer
supplies compared to single-key encryption.
4. Widespread security compromise is possible : If an attacker
determines a person's private key, his or her entire messages can be
read.
5. Loss of private key may be irreparable : The loss of a private key
means that all received messages cannot be decrypted.

:i.
Computer System Security 4-7 W (CC-Sem..S & 4)

Que 4.8. IWhat are the securities of RSA ? Perform encryption

and decryption using RSA algorithm for p = 17, q = 11, e =7, d =23,
m=88.

An~wei;- ·
Three possible approaches and securities of the RSA algorithm are:
1. Brute force :
a. This involves trying all possible private keys.
b. The defense against the brute force approach is to use a large key space.
2. Mathematical attacks :
a. There are several approaches used for factoring the product of two
primes.
b. The defense against mathematical attacks is to use factoring
performance as a benchmark against which to evaluate the security
of RSA.
3. Timing attacks : These depend on the running time of the decryption
algorithm. Counter-measures that can be used, includes the following :
a. Constant exponentiation time : Ensure that all exponentiation
take the same amount of time before returning a result. This is a
simple fix but does degrade performance.
b. Random delay : Better performance could be achieved by adding
a random delay to the exponentiation algorithm to confuse the
timing attack.
c. Blinding: Multiply the ciphertext by a random number before
performing exponentiation. This process prevents the attacker from
knowing what ciphertext bits are being processed inside the
computer and therefore prevents the bit-by-bit analysis essential
to the timing attack.
Numerical: Refer Q. 4.6, Page 4-5W, Unit-4.
Que 4.9. IWri~e a short note on hybrid cryptosystem.
I ' . ~
Arl$wer""4'':,
4" .I- ;d.,

1. A hybrid cryptosystem is a protocol using multiple ciphers of different

types together.
11. In hybrid cryptosystem, we generate a random secret key for a symmetric
cipher, and then encrypt this key via an asymmetric cipher using the
recipient's public key.
111. The message itself is then encrypted using the symmetric cipher and
the secret key.
1v. Both the encrypted secret key and the encrypted message are then sent
to the recipient.
4-8 W (CC-Sem..S & 4) Basic Cryptography

v. The recipient decrypts the secret key first, using his/her own private
key, and then uses that key to decrypt the message.
vi. The steps of hybrid encryption are :
1. Generate a symmetric key. The symmetric key needs to be kept a
secret.
2. Encrypt the data using the secret symmetric key.
3. The person to whom we wish to send a message will share her
public key and keep the private key a secret. -
4. Encrypt the symmetric key using the public key of the receiver.
5. Send the encrypted symmetric key to the receiver.
6. Send the encrypted message text.
7. The receiver decrypts the encrypted symmetric key using her
private key and gets the symmetric key needed for decryption.
8. The receiver uses the decrypted symmetric key to decrypt the
message, getting the original message.

~, ," ' ' 1 p ART- 2 I~- '- ,:: ' ~.- ' ,. . '
. '}' ,
., ' ·' ' ' . .'

;, Di.i,_itc4 Signyt~,:e ]:l,a~b, Fu'nctions, -ftq,blic Key Distribution.

-~,.. ..,:-;, ' ' . • ,. '%;.'

}"if~- - "'-.:..:·,. (i~ . ,"',,

'
'i,.~

-
:~';.~ '

.
--- ,.

) '.:-«,:Z ,- :

Lo:11g} .. S'\lser., . p~ a:p, ·, · ~- lJlll ·. _swer . · -e · 1:1estions

~ - ~.,,, _(• '~A v.fJ.{"'·' $:'¼•t· ~,.,,.-:',,, ..,,." • ':: ~ ;'>~, •','

:Que 4.(0~t-
-~ ;~-::i 0
Describe briefly the term digital envelope.
/.<, • ~i"

'fl: . ..,:$0 -s-•:;.;< :,,'>_;_

~A~"'~W~
~ ~ ,;M#~

1. A digital envelope is a secure electronic data container that is used to

protect a message through encryption and data authentication.
2. A digital envelope allows users to encrypt data with the speed of secret
key encryption and the convenience and security of public key encryption.
3. Rivest, Shamir and Adleman (RSA) Public-Key Cryptography Standard
(PKCS) governs the application of cryptography to data for digital
envelopes and digital signatures.
4. A digital envelope is also known as a digital wrapper.
5. Following methods may be used to create a digital envelope :
a. Secret key encryption algorithms, for message encryption.
b. Public key encryption algorithm from RSA for secret key encryption
with a receiver's public key.
Computer System Security 4-9W (CC-Sem-3 &4)

6. An example of a digital envelope is Pretty Good Privacy (PGP), a popular

data cryptography software that provides cryptographic privacy and
data communication authentication.

Que 4.11. 'I Explain the digital si~atures.

Answer
1. Digital signature is a mathematical scheme used for verifying the
authenticity of digital message or documents.
2. Digital signature uses three algorithms :
a. Key generation : This algorithm selects a private key uniformly
at random from a set of possible private keys. Output of this
algorithm is private key and its corresponding public key.
b. Signing algorithm : It produce signature by using message and
private key.
c. Signature verifying algorithm : For a given message, signature
and public key, either accepts or rejects the messages claim to
authenticity.
3. Fig. 4.11.1 shows the concept of digital signature.

Private key ♦ Public key

Message ....___, Digital Signature

(Plaintext) signature is VALID or
NOT

Sender side Receiver side

, ·
m,~ J 4t:1Tnigital ~igi\;tµ}~.~
, ~~ ,.;_~"' r,,o;s,1/t~ ,;,rr . ). (,-~• ,, '<. ilrl"' ,.<,,.,

I
~u~ 4.~2. Explain key generation algorithm, signing algorithm,
signature verification algorithm in digital signature.
' ·' (

,_ Ans:wer
~i .,,t -

1. Key generation algorithms :

a Digital signatures are electronic signatures, which assures that the
message was sent by a particular sender.
b. While performing digital transactions authenticity and integrity
should be assured, otherwise the data can be altered or someone
can also act as ifhe was the sender and expect a reply.
4-10 W (CC-Sem-3 & 4) Basic Cryptography

2. Signing algorithms :
a. To create a digital signature, signing algorithms like email programs
create a one-way hash of the electronic data which is to be signed.
b. The signing algorithm then encrypts the hash value using the private
key (signature key).
c. This encrypted hash along with other information like the hashing
algorithm is the digital signature.
d This digital signature is appended with the data and sent to the
verifier.
e. The reason for encrypting the hash instead of the entire message
or document is that a hash function converts any arbitrary input
into a much shorter fixed length value.
f. This saves time as instead of signing a long message a shorter hash
value has to be signed and moreover hashing is much faster than
signing.
3. Signature verification algorithms :
a Verifier receives digital signature along with the data.
b. It then uses verification algorithm to process on the digital signature
and the public key (verification key) and generates some value.
c. It also applies the same hash function on the received data and
generates a hash value. Then the hash value and the output of the
verification algorithm are compared. If they both are equal, then
the digital signature is valid else it is invalid.

I
Que 4.13. Describe the steps used in creating digital signature.

Answer
The steps followed in creating digital_signature are :
1. Message digest is computed by applying hash function on the message
and then message digest is encrypted using private key of sender to
form the digital signature.
2. Digital signature is then transmitted with the message.
3. Receiver decrypts the digital signature using the public key of sender.
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message.
6. The message digest computed by receiver and the message digest got by
decryption needs to be same for ensuring integrity.

9ue 4.1,-t: IWrite a short note on Message Digest (MD) hash function.
Comput er System Security 4-11 W(CC-S em-3&4 )

;An~ei -;: ]
~ ~.r 1
1. The MD hashing algorith m is a one-way cryptogr aphic function that
accepts a message of any length as input and r eturns as output a fixed
length digest value to be used for authenti cating the original message .
2. The MD hash function can be use as a secure cryptog raphic hash
algorith m for authenti cating digital signatur es.
3. MD has been depreca ted for uses other than as a non-cryp tographi c
checksu m to verify data integrit y and detect uninten tional data
corrupti on.
4. The goal of any message digest function is to produce digests that &ppear
to be random.
5. To be consider ed cryptogr aphicall y secure, the hash function should
meet two requirem ents :
L It is impossib le for an attacker to generate a message matchin g a
specific hash value.
u. It is impossib le for an attacker to create two message s that produce
the same hash value.

:'.Qu~:t!..,15iJ Write the Digital Signatu re Algorit hm (DSA) of Digital

Signatu re Standar d. What is the implica tion if same K (secret per
messag e) is used to sign two differen t messag e using DSA ?
1
\,~ r·~ 1
·Aiisw~
Digitai Signatu re Algorit hm (DSA) : DSA is an asymme tric encrypti on
algorith m that works on two differen t key i.e., one public and one private to
produce digital signatur e.
1. The sender generate s a random number k, which is less than q.
2. The sender now calculat es :
a r = <.gk modp) mod q
b. s = (K - 1(H(m) + xr)) mod q
The values rands are the signatur es of the sender.
3. The sender sends these values to the receiver . To verify the signatur e,
the receiver calculat es :
w =s- 1 modq
ul = (H(m) * w) mod q
u2 = (rw) mod q
v = ((gul• yu 2) modp) modq
Ifv =r, the signatur e is said_to be verified. Otherwi se, it is rejected.
 l
4-12 W (CC-Sem-3 & 4) Basic Cryptography

where,
p = A prime number of length L bits
q = A 160-bits prime factor of (p - 1)
g = h(.p- l)lq modp
x = A number less than q.
y =gX modp.
H = Message Digest algorithm.
If same secret (kl, k2) is used for signing two different messages, it will
generate two different signatures (rl, s1) and (rl, s2):
1. s1 = kl - 1(hlk2 + d(rl + r2))
2. s2 = kl - 1(h2k2 + d(rl + r2))
where hl = SHA512(ml) and h2 = SHA512(m2)
3. kls 1 - k1s2 = hlk2 + dr - h2k2- dr
4. kl(s 1- s2) = k2(hl - h2)
5. We cannot obtain kl, k2 from this equation and so this scheme is more
secure than original ECDSA (Elliptical Curve Digital Signature
Algorithm) scheme.

Que 4.16. j What are the properties and requirements for a digital
signature?

Answer
Properties of digital signature :
1. It must be able to verify the author, the date and time of the signature.
2. It must be able to authenticate the contents of the message at the time
of the signature.
3. There must be third (trusted) party who can verify the digital signature
to resolve disputes between the sender and receiver.
Requirements for a digital signature :
I
..1. The signature must be in the form of a bit pattern and relative to the
message being signed.
2. The signature must contain information that is unique to the sender, so
that forgery and denial can be avoided.
3. The process of creating, recognizing and verifying the digital signature
must also be comparatively easy.
4. A high computational effort must be required to forge a digital signature.
6. The copy of a digital signature must be retained in storage mechanism.

Qu~ 4.17. j Explain the variants of digital signatures.

Comput er System Security 4-13 W (CC-Sem -3 & 4)

Answer
Varian ts of digital signatu re are :
1. Timest amped signatu re :
a. Timesta mped digital signatur es include a timestam p value in order
to prevent replay attack.
b. In a replay attack, the docume nts can be replayed by a third party.
2. Blind signatu re :
a. Blind signatur e is used when the sender does not want to reveal
the contents of the message to the signer and just wishes to get the
message signed by the signer.
b. Blind signatur es are used in situation s where the signer message
authors are complet ely differen t parties.
c. Blind signatur es scheme can be impleme nted by using a number of
public-k ey digital signatur e schemes such as RSA and DSS.
3. Undeni able digital signatu re :
a This scheme is a non self-auth enticatin g signatur e scheme in which
no signatur es can be verified without the signer's coopera tion and
notifica9 on.
b. This scheme has three compon ents :
i. Signing algorith m: This allows the signer to sign a message .
ii. Verific ation (or confirm ation) protoco l: This allows the
signer to limit the users who can verify his or her signatur e.
iii. Disavo wal (or denial) protoco l : Since the verifica tion
process requires the involvem ent of the signer, it is quite
possible that the signer can freely decline the request of the
verifier. This protocol prevent s the signer from proving that a
signatur e is invalid when it is valid and vice-ver sa.
Que 4t18.1 What is hash functio n ? Discus s SHA-51 2 with all
require d steps, round functio n and block diagram .

Answer
Hash functio n :
1. A cryptog raphic hash function is a transfor mation that takes an input
and returns a fixed-size string, which is called the hash value.
2. A hash value h is generat ed by a function H of the form :
h = H(M)
where M is the variable length message and H(M) is the fixed length
hash value.
3. The hash value is appende d to the message at the source at a time
when message is assumed or known to be correct.
4-14 W (CC-Sem-3 & 4) Basic Cryptography

4. The receiver authenticates the message by recomputing the hash value ..

5. The ideal hash function has three main properties :
a. It is extremely easy to calculate a hash for any given data.
b. It is extremely difficult to calculate a text that has given hash.
c. It is extremely unlikely that two different messages, however
close, will have the same hash.
Working of Secure Hash Algorithm (SHA) : The algorithm takes as
input a message with maximum length of less than 2128 bits and produces as
output a 512-bit message digest. The input is processed in 1024-bit blocks.
The processing consists of following steps :
Step 1 : Padding : The first step in SHA is to add padding to the end of the
original message in such a way that the length of the message is 64-bits short
of a multiple of 512.
Step 2 ; Append length: The length of the message excluding the length of
the padding is calculated and appended to the end of the padding as a 64-bit
block .
Step 3 : Divide the input into 512-bit blocks : The input message is
divided int o blocks, each oflength 512-bits. These blocks become the input to
the message digest processing logic.
Step 4 : Initialize chaining variables : Five chaining variables A through
E are initialized. In SHA, we want to produce a message digest of length
160-bits. Therefore, we need to have five chaining variables.
Step 5 : Process blocks : Main algorithm is executed in process block.
Round Functions :
1. The round function computes a new value for variable A and shifts all
working variable once per round.
2. The computation for variable A is a five operand addition modulo 232
where the operands depend on all input words, the round-dependent
constant Kt, and the current message word Wt"
Block diagram of SHA-512 :
1. The core is composed of two main units, the SHAl Engine and the
padding unit.
2. The SHAl Engine applies the SHAl loops on a single 512-bit message
block , while the padding unit splits the input message into 512-bit
blocks and performs the message padding on the last block of the
message.
3. The processing of one 512-bit block is performed in 82 clock cycles and
the bit-rate achieved is 6.24 Mbps/ MHz on the input of the SHAl core.
Com pute r Syst em Secu rity 4-15 W (CC- Sem- 3 & 4)

j Message Registers I
Leng th
-fili Coun ter t t - f/l

...,'"'
Q)
,---
f/l

...,'"'
Q)
-...,
::::,
(IS
f/l ...,~
....
f/l
f/l
Q)

...,s
- - SHA l Round ..... 'So
~
Q)
~
·Gt
~
Q) - - 0
::::,

Oper ation s '1::l I ...,(1S

::, ,.cl (IS
§
--= Paddin~ f/l
~ (1S A
Unit
- ~
-:z: -
Inpu t SHA 1 Engi ne

I
Que 4.19 . Wha t are the char acte risti cs of SHA func tion
?

Answer·'
;
func tion :
Cha ract eris tics (req uire men ts) of secu re hash
k of data of any size.
1. The hash func tion shou ld be appl icab le on a bloc
ld always be of fixed
2. The outp ut prod uced by the hash func tion shou
leng th.
be easie r to gene rate
3. For any give n mess age or bloc k of data , it shou ld
the hash code.
e to dete rmin e the
4. Give n a hash code , it shou ld be near ly impo ssibl
corr espo ndin g mess age or bloc k of data.
be com put ation ally
5. Give n a mess age or bloc k of data , it shou ld not
gene ratin g the
feasi ble to dete rmin e anot her mess age or block of data
of data.
sam e hash code as that of the give n mess age or block
st simi lar, should
6. No two mess ages or bloc ks of dat a, even bein g almo
be likel y to have the same hash code.
the vari ous
Que 4.20 . f Disc uss pub lic key dist ribu tion . Desc ribe
sche mes µsed for pub lic key dist ribu tion .

:Answf;r ~ l ic keys is done

1. In publ ic key cryp t ogra phy, the key distr ibuti on of publ
thro ugh publ ic key serv ers.
priv ate and the
2. Whe n a pers on crea tes a key- pair, they keep one key
whe re it can be
othe r know n as the publ ic-ke y is uplo aded to a serv er
d, mess age.
acce ssed by anyo ne to send the user a priv ate, encr ypte
 \
4-16 W (CC-Sem-3 & 4) Basic Cryptography

Schemes used for the distribution of public keys are as follows :

1. Public announcement :
a. The main focus of public key encryption is that the public key
should be public; that is, a user can send his or her public key to
any other user of broadcast it to a large community.
b. The main problem is that of forgery. That is, anyone can forge the
key while it is being transmitted.
2. Public directory :
a. Public directory is a dynamic directory where the name and public
key entry for each user is maintained and distribut~d by some
trusted authority.
b. This approach assumes that the public key of the authority is
known to everyone, however the corresponding private key is
known only to the authority.
c. Each user has to register his or her public key with the directory
authority.
d The user can replace its existing key with a new one as per his or
her choice.
3. Public key authority :
a In public directory scheme, if the private key of the authority is
stolen, then it may result in loss of data.
b. Thus, to achieve stronger security for public key distribution, a
tighter control needs to be provided over the distribution of public
keys from the directory.
c. In this case, a central authority maintains the dynamic directory
of the public keys of all the users. The user knows only the public
key of the authority, while the corresponding private key is secret
to the authority.

Que 4.21. j Discuss X.509 certificates in detail. What is the role of

X.509 certificates in cryptography ?

Answ-er J
X.509 certificates :
1. In cryptography, X.509 is an ITU-T standard for a Public Key
Infrastructure (PKI) for single sign-on and Privilege Management
Infrastructure (PMI).
2. X.509 specifies, standard formats for public key certificates, certificate
revocation lists, attribute certificates and a certification path validation
algorithm.
3. X.509 defines a framework for the provision of authentication services
by the X.500 directory to its user.
 Compute r System Security 4-17 W (CC-Sem-3 & 4)

4. X.509 certificat e is based on the use of public key cryptogra phy and
digital signature s.
5. The standard does not dictate the use of a specific algorithm but
recomme nds RSA.
6. X.509 certificat es format is used in S/MIME, IP security and SET.
Role of X.509 certifica tes in cryptogr aphy :
1. To verify that a public key belong to the user, computer or service
identify contained within the certificate .
2. To validate the identity of encrypted data.

I
Que 4.22. Discuss X.509 digital certifica te format.

Answer , )
Format of X.509 certifica te:
The general format of a X.509 digital certificate is shown in Fig. 4.22.1.
Version

Certificate serial
number

Signature {
algorithm
identifier
------ -
Algorithm
------
Parameters

Issuer name

Period of {
Validity ------ ------ -
Subject name

Subject's { __ Algorithms ____ _

public key --Key _________
Parameters
informa tion
I
I Issuer unique identifier
'
'
I Subject unique
! identifier
)
Extensions

_ _ Al~rithms ___ _
Signature {
------ ------ -
Par ameters
Encrypted
4-18 W (CC-Sem-3 & 4) Basic Cryptography

1. Version : Differentiates among successive versions of the certificate

format; the default is version 1. If the Issuer Unique Identifier or Subject
Unique Identifier is present, then the value must be version 2. If one or
more extensions are present, the version must be version 3.
2. Serial number : It is a unique integer value within the issuing CA
(Certification Authority) that is unambiguously associated with this
certificate.
3. Signature algorithm identifier : This algorithm is used to sign the
certificates together with any associated parameters.
4. Issuer name : X.500 name of the CA that created and signed the
certificate.
5. Period of validity: Consist of two dates : the first and last on which the
certificate is valid.
6. Subject name : The name of the user to whom this certificate refers.
This certificate certifies the public key of the subject who holds the
corresponding private key.
7. Subject's public key information : The public key of the subject, plus
an identifier of the algorithm for which this key is to be used, together
with any associated parameters.
8. Issuer unique identifier : An optional bit string field used to identify
uniquely the issuing CA.
9. Subject unique identifier: An optional bit string field used to identi.fy
uniquely the subject in the event that X.500 name has been reused for
different entities.
10. Extensions : A set of one or more extension fields. Extensions were
added in version 3.
11. Signature: Cover all other fields of the certificate. It contains the hash
code of the other fields encrypted with the CA's private key. This field
includes the signature algorithm identifier.

I
Que 4.2'3. What do you mean by PGP ? Discuss its application.

'Answer
PGP:
1. PGP (Pretty Good Privacy) is an encryption algorithm that provides
cryptographic privacy and authentication for data communication.
2. PGP uses a combination of public-key and conventional encryption to
provide security services for electronic mail message and data files.
3. PGP provides five services related to the format of messages and data
files: authentication, confidentiality, compression, e-mail compatibility
and segmentation.
 Computer System Security 4-19 W (CC-Sem -3 & 4)

Applicatio n of PGP :
1. PGP provides secure encryption of document s and data files t hat even
advanced super comput ers are not able t o crack.
2. For authenticati on, PGP employs the RSA public-key encryption scheme
and th e MD5, a one -way hash function to form a digital signature that
assures th e receiver that an incoming messages is authentic (th at it
comes from the alleged send and that it has not been alter ed).

I
Que ,4 .~~- Dfocuss the steps that are followed for the t ranBmfoai oID\
and reci."'ption of PGP m essage s.

Th e PGP rn<"ssa g.es are transmitted from the sender to r eceiver nsing
foilowing st eps :
1. If signature is required, the hash code of the uncompr essed plainte.Kt
message is created and encrypted using the sen der 's private key.
2. The plaintext message and the signature are compressed using the ZIP
compression algorithm.
3. The compressed plaintext message and compr essed signatur e ar e
encrypted with a randomly gen e rat ed se ssion k ey t o provide
confidential ity. The session key is t hen encrypted with the r ecipient's
public k ey and is added to the beginning of the message.
4. The entire block is converted to radix-64 format .
On receiving t he PGP message, the receiver follows the following st eps :
1. The entire block is first converted back to binary for mat .
2. The recipient recovers the session key using his or her privat e key, and
then decrypts the message with the session key.
3. The decrypted message is then decompress ed.
4. If the message is signed, the receiver needs to ver ify the signature. For
this, he or she computes a new hash code and compar es it with th e
received hash code. Ifthey match, the message is accepted; otherwise, it
is rejected.

PART· 3
>
I
) Real Wo~ld Protocols, Basic Terrninolog i~s.

Qu~stions•Ans'Yers

·Long Answer Type and Medium Answer Type Quest!ttn~~

l-- - - ~- - - - - - - - - - - -- -- -- - - - -- __J
4-20 W (CC-S em-3 & 4) Basic Crypt ograph y

Que 4.25. IExplain real world protocols.

Answer
Follow ing are the real world proto cols :
1. SSL archi tectur e :
1. The Secure Socke t Layer (SSL) protoc ol provides excha nge of
inform ation betwe en a web brows er and a web server in a secure
mann er.
n. Its main aim is to provid e entity authen ticatio n, messa ge integr ity
and confidentiality.
Ill. SSL is an additio nal layer locate d betwe en the application layer and
the transp ort layer of the TCP/I P protocol suite. All the major web
brows ers suppo rt SSL.
2. SIMIM E:
L A secure versio n of MIME, St'MIME (Secur e/Mult ipurpo se Intern et
Mail Extens ions), is used to suppo rt encryp tion of email messa ges.
ll. It is based on the MIME standa rd and provides the securi ty servic es
for electro nic messa ging applic ations : authen ticatio n, messa ge
integr ity and data securi ty.
Ill. S/MIME uses public key crypto graphy to sign and encryp t e-mail .
iv. Every partic ipant has two keys :
a A privat e key, which is kept secret .
b. A public key, which is availa ble to everyo ne.
iv. The following steps are taken in order to create a signed messa ge :
a. The user writes the messa ge as clear-t ext.
b. The messa ge digest is being calcul ated using SHA-1 or MD5.
c. The message digest is being encryp ted using the signer's privat e
key (DSS or RSA).
3. PGP: Refer Q. 4.23, Page 4--18W, Unit-4.
4. SET:
L Secure Electr onic Trans action (SET) is a standa rd protoc ol for
securi ng credit card transa ctions over insecu re netwo rks, i.e., the
intern et.
ll. SET is not a payme nt system but rather a set of securi ty protoc ols
and forma ts that enable s users to emplo y the existin g credit card
payme nt infras tructu re on an open netwo rk in a secure fashio n.
Ill. SET is based on X.509 certifi cates with severa l extens ions.
1v. SET makes use of crypto graph ic techni ques such as digita l
certifi cates and public key crypto graphy to allow partie s to identif y
thems elves to each other and excha nge inform ation secure ly.
 Comput er System Security 4-21 W (CC-Sem-3 & 4)

v. The purpose of the SET protoco l is to establis h paymen t

transact ions. It provides confiden tiality of paymen t and ordering
informa tion, and ensures the integrit y of all transmi tted data.
VI. It facilitat es and encoura ges interope ratabilit y among software
and network provider s.
5. IPSec:
1. IP Security (IPSec) is a collectio n of protocol s designe d by the
Interne t Enginee ring Task Force (IETF) to provide security for a
packet at the network layer.
n. IPSec is a capabili ty that can be added to either version of the
Interne t Protoco l (IPv4 or 1Pv6), by means of addition al headers .
iii. IPSec encomp asses three function al areas : authent ication,
confiden tiality, and key manage ment.

Que 4.26'. IList the basic terminology used in cryptography.

:Ans~e r ;" J
Some basic termino logy used in cryptog raphy :
1. Plainte xt: Plaintex t is a readable , plain message that anyone can read.
2. Cipher text : The transfor med message or coded message
3. Cipher : An algorith m for transfor ming an intelligible message into one
that is unintelli gible by transpos ition and/or substitu tion methods .
4. Key :-Some critical informa tion used by the cipher, known only to the
sender and receiver
Encodi ng/Enc ryption : The process of converti ng plaintex t to cipher

I
5.
text using a cipher and a key. ·
6. Decodi ng/Dec ryption : The process of converti ng cipher text back
into plaintex t using a cipher and a key.
7. Crypta nalysis (code breakin g): The study of principle s and methods
of transfor ming an unintelli gible message back into an intelligi ble
message without knowled ge of the key.
8. Crypto logy : The combina tion of cryptogr aphy and cryptana lysis.
9. Code : An algorith m for transfor ming an intelligi ble message into an
unintelli gible one using a code-book.
) 10. Substit ution: Replacin g one entity with other.
I

11. Transp osition : Shufflin g the entities.

12. Block cipher : Processe s the input one block element and produce one
output block.
13. Stream Cipher : Processe s the one input element and outputs one_
element at a time.
4-22 VI (CC-Sem-3 & 4) Basic Cryptogra phy

Que~.27 ~) Discu s s th e function ality of S/MU.W.~~.

Answer . w1
The basic function alities of SIMIME are :
1. En veloped d ata : S/MIME supports enveloped data, which consists of
the message cont aining any type of contents in encrypted form and the
encryption key encrypted with receiver's public key.
2- Signed data: This consists of the message digest encrypted using the
sender's pr ivate key. This signed message can only be viewed by t he
receiver s who have S/MIME capability .
3. Clear-sig ned data: This functional ity is similar to the signed data that
allows the receivers to view the content s of the message even if they do
not have S/MIME capability. However, they cannot verify the signature .
4. Signed and envelope d data: In this, S/MIME allows nesting of signed-
only and encrypted -only entities, so that t he encrypted data can be
signed, and signed or clear-sign ed data can be encrypt ed.
,. #"

1 PART· 4 I ~. ·,. : ~ • • ?

Email' Security Certificates, ·Tran.sport

' Layer Security TLS; IP.Secu:rUy.
s-~ ,,,: ,, ." " ...

~-'> .;; j,'-' '? ; :- ;,. ,.-;~ ,..; -~ - - , . ~ .....

·:,,t , Qyes~on.,.·
:s..An.swe,r(j
. ,.:

'L ong AnsiVer'Type rui~-M~~iufu ·Ans~e-r ~;n,e Question

~ .
s
'

1
Q ue 4.28. What is email security ?

Answ~r l
1. Email securit y refers to the collective measures used to secure the
access and content of an email account or service.
2. It allows an individua l or organizat ion to prot ect the overall access to
one or more email addresses /account s.
3. Email securit y is a term that encompas ses multiple technique s used to
secure an email service.
4. 1t also implemen ts firewall and software-based spam filtering applications
to restrict unsolicite d, untrustw orthy and malicious email messages
from delivery to a user's inbox.
5. SSL, TLS refers to the standard protocol used to secure email
transmiss ion.
 Computer System Security 4-23 W (CC-Sem-8 & 4)

6. Transport Layer S ecurity (TLS) prov ides a w a y to encr ypt a

communication channel between two computers over the internet .
Q_tie 4.29.., ,, What fo re, email certificate ?
Answer - 1
1. Email certificates (b/MIME certificates), are digital certificates that can
be used to sign anrl encrypt email messages.
2. Whei1 we encnrpt an email using an email certificate, only the person
that we sent it to '.~aJ l decrypt and read the email. The recipient can also
be surP that the P.m nil has not been changed in any way.
3. An email certificate is a digital file that is installed to our email application
to enable secure email communication.
4. S/MIME (Secure/Multipurpose Internet Mail Extension) is a certificate
that allows users to digitally sign their email communications as well as
encrypt the content and attachments included in them.
5. An S/MIME email certificate allows us to :
a Encrypt our_emails so that only our intended recipient can access
the content of the message.
b. Digitally sign our emails so the recipient can verify that the email
was, in fact, sent by you and not a phisher posing as you.

Que 4.3~.-I What is Transport Layer Security (TLS) ?

Ans~e~ 1
;- J
1. Transport Layer Security (TLS) is a protocol that provides communication
security between client/server applications that communicate with each
other over the Internet.
I
2. It enables privacy, integrity and protection for the data that is transmitted
) between different nodes on the Internet.
3. TLS is a successor to the Secure Socket Layer (SSL) protocol.
I 4. Transport Layer Security (TLS) is a protocol that provides authentication,
I
privacy, and data integrity between two communicating computer
I applications.
~ 5. It is the most widely-deployed security protocol used for web browsers
and other applications that require data to be securely exchanged over
a network, such as web browsing sessions, file transfers , VPN
connections, remote desktop sessions , and Voice over IP (VoIP).
6. TLS is a cryptographic protocol that pr ovides end-to-end communications
security over networks and is widely used for internet communications
and online transactions.
7. TLS primarily enables secure Web browsing, applications access, data
transfer and mo3t Internet -based communication.
4-24 W (CC-Sem-3 & 4) Basic Cryptography

8. It prevents the transmitted/transporte d data from being eavesdropped

or tampered.
9. TLS is used to secure Web browsers, Web servers, VPNs, database
servers and more.
10. TLS protocol consists of:
a. TLS handshake protocol: It enables the client and server to
authenticate each other and select an encryption algorithm prior to
sending the data.
b. TLS record protocol: It works on top of the standard TCP protocol
to ensure that the created connection is secure and reliable. It also
provides data encapsulation and data encryption services.

I
Que 4.31. What are the components of TLS ? Explain the working
ofTLS.

Answer
1. TLS is used on top of a transport layer security protocol like TCP.
2. There are three main components to TLS :
a. Encryption : It hides the data being transferred from third parties.
b. Authentication : It ensures that the parties exchanging
information are who they claim to be.
c. Integrity: It verifies that the data has not been forged or tampered
with.
Working of TLS :
1. A TLS connection is initiated using a sequence known as the TLS
handshake.
2. The TLS handshake establishes a cipher suite for each communication
session. I
3. The cipher suite is a set of algorithms that specifies details such as which
shared encryption keys, or session keys, will be used for that particular
session.
4. TLS is able to set the matching session keys over an unencrypted channel
known as public key cryptography.
5. The handshake also handles authentication, which usually consists of
the server proving its identity to the client. This is done using public
keys.
6. Public keys are encryption keys that use one-way encryption, meaning
that anyone can unscramble data encrypted with the private key to
ensure its authenticity, but only the original sender can encrypt data
with the private key.
 Computer System Security 4-25 W (CC-Sem-3 & 4)

7. Once data is encrypted and authenticated, it is then signed with a message

authentication code (MAC).
8. The recipient can then verify the MAC to ensure the integrity of the
data.

Que 4.32. , Explain internet protocol security (IPSec) in detail.

Answer
i. IP Security (IPSec) is a collection of protocols designed by the Internet
Engineering Task Force (IETF) to provide security for a packet at the
network layer.
11. IPSec is a capability that can be added to either version of the Internet
Protocol (IPv4 or IPv6), by means of additional headers.
Ill. IPSec encompasses three functional areas : authentication,
confidentiality, and key management.
a. The authentication mechanism assures that a received packet
was transmitted by the party identified as the source in the packet
header.
b. The confidentiality facility enables communicating nodes to
encrypt messages to prevent eavesdropping by third party.
c. The key management facility is concerned with the secure
exchange of keys.
1v. IPSec has two modes of operation :
a. Transport mode : It is the default mode ofIPSec which provide
end-to-end security. It can secure communication between a client
and a server.
b. Tunnel mode : Tunnel mode is used between two routers, between
a host and a router, or between a router and a host. It is used when
either the sender or the receiver is not a host.
v. IPSec uses two protocols for message security :
a. Authentication Header (AH) : It covers the packet format and
general issues related to the use of AH for packet authentication.
b. Encapsulating Security Payload (ESP) : It covers the packet
format and general issues related to the use oftqe ESP for packet
encryption and, optionally, authentication.

I
;Qu~ 4.38., Write a short note on the applications of IP security.

;~!1~!,e,r.. ~, ]
Applications of IP security :
1. Secure remote Internet access: Using IPSec, we can make a local
call to our Internet Service Provider (ISP) so as to connect to our
organiza~ion's network in a secure manner from our home or hotel.
4-ZS W (CC-Sem-3 & 4) Basic Cryptog raphy

2. Secure branch office connec tivity : Rather than subscrib ing to an

expensive borrow line for connecti ng its branches across cities/co untries
an organiza tion can set up an IPSec-enabled network to securely connect
all its branche s over the Internet .
3. Set up commu nicatio n with other organiz ations: IPSec allows
connectivity between various branche s of an organiza tion , and it can
also be used to connect the network s of differen t organiza tions together
in a secure and inexpen sive fashion.

~ ~~,si.7 What are the advantages of IPSec?

..."11:.-,'K"er l
L IPSec is transpa rent to the end users. There is no need for user training ,
k ey revocati on.
2. When IPSec is configur ed to work with a firewall, it becomes the only
entry-ex it point for all traffic making it extra secure.
3. IPSec works at the network layer. Hence, no changes are needed to the
upper layers i.e., applicat ion and transpo rt.
4. When IPSec is impleme nted in a firewall or a router, all the outgoing
and incomin g traffic gets protecte d.
5. IPSec can allow travelin g staff to have secure access to the corpora te
network .
6. IPSec allows intercon nectivit y between branche s/offices in a very
inexpen sive manner.

I
'Q u~ 4.3~. What are the uses of IP securit y ?

·Anawer t ·- I
iPsec can be used :
1. To encrypt applicat ion layer data.
2. To provide security for routers sending routing data across the public
internet .
3. To provide authenti cation without encrypti on, like to authenti cate that
the data originat es from a known sender.
4. To protect network data by setting up circuits using IPsec tunnelin g in
which all data is being sent between the two endpoin ts is encrypte d, as
with a Virtual Private Network (VPN) connection.

'.9ui t4 JDiscuss compon ents of IP Securit y.

Computer System Security 4-27 W (CC-Sem-3 & 4)

Answer
Compone nts of IP security :
1. Encapsu lating Security Payload (ESP): It provides data integrity,
encryption, authentica tion and anti replay. It also provides authentication
for payload.
2. Authenti cation Header AH :
a. It also provides data integrity, authentica tion and anti-replay and it
does not provide encryption.
b. The anti-repl ay protectio n protects against unauthor ized
transmiss ion of packets. It does not protect data's confidentiality.
3. Internet Key Exchang e (IKE) :
a. It is a network security protocol designed to dynamically exchange
encryption keys and find a way over Security Association (SA)
between two devices.
b. The Security Association (SA) establishes shared security attributes
between two network entities to support secure communication.
c. Internet Security Associatio n and Key Managem ent Protocol
(ISAKMP) provide a framewor k for authentic ation and key
exchange.
d It tells how the set up of the Security Associations (SAs) and how
direct connection s between two hosts that are using IPsec.
e. Internet Key Exchange (IKE) provides message content protection
and also an open frame for implemen ting standard algorithms such
as SHA and MD5.

Que 4.37.1 Explain the working of IP Security.

Answ.e r
Working of IP security:
1. The host checks if the packet should be transmitte d using IPsec or not.
These packet traffic triggers the security policy for themselve s. This is
done when the system sending the packet apply an appropria te
encryption. The incoming packets are also checked by the host that they
are encrypted properly or not.
2. Then the IKE Phase I starts in which the two hosts (using IPsec)
authentica tes themselve s to each other to start a secure channel. It has
two modes. The main mode which provides the greater security and the
aggressive mode which enables the host to establish an IPsec circuit
more quickly.
4-28 W (CC-Sem-3 & 4) Basic Cryptography

3. The channel created in the last step is then used to securely negotiate
the way the IP circuit will encrypt data across the IP circuit.
4. Now, the IKE Phase 2 is conducted over the secure channel in which
the two hosts negotiate the type of cryptographic algorithms to use on
the session and agreeing on secret keying material to be used with
those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted
tunnel. These packets are encrypted and decrypted by the hosts using
IPsec SAs.
6. When the communication between the hosts is completed or the session
times out then the IPsec tunnel is terminated by discarding the keys by
both the hosts.

PART-5 I
.DNS Se"<;urity."
'· ,)i ·'"'"'

Questi~ns-Ao~~~r~·-- .
. • • < M

. " ·:.:.. , ,. . .;:;'.~ '~<- -~ •

Long Answer 'J)rpe and Medlu:m-Answer-T ype Questions

, , ...... ~ ~~ . • ~ '- .. ~ ·• . : '·+ •

~ue 4 .3 8. IDescribe briefly Domain Name Server (DNS).

Answer )
1. Domain Na.me Server is a prominent building block ofthe Internet. It is
developed as a system to convert alphabetical names into IP addresses,
allowing users to access websites and exchange emails.
2. DNS is organized into a tree-like infrastructure where the first level
contains topmost domains, such as .com and .org.
3. The second level nodes contain general, traditional domain names.
4. The leaf nodes on this tree are known as hosts.
5. DNS works similar to a database which is accessed by millions of computer
systems in trying to identify which address is most likely to solve a user's
query.
5. In DNS attacks, hackers will target the servers which contain the domain
names.
7. In other cases, these attackers will try to determine vulnerabilities within
the system itself and exploit them for their own benefits.
Que 4.39. IHow DNS security works ?

Answer
1. The DNS turns domain names, or website names, into internet protocol
(IP) addresses.
Computer System Security 4-29 W (CC-Sem-3 & 4)

2. These are unique identifiers that help computers around the world
access the information quickly.
3. DNS security adds a set of extensions for increased protection.
4. These security extensions include :
a. Origin authentica tion of DNS data : This ensures that the
recipient of the data can verify the source.
b. Authentica ted denial of existence : This tells a resolver.
c. Data integrity: This assures the data recipient that the data has
not been changed in transit.
I
Que 4.4~: Explain the DNS security threats.

~ ~er' 'I
Common DNS security threats are :
1. Distribute d Denial of service (DDoS) :
a The attacker controls an overwhelmi ng amount of computers
(hundreds or thousands) in order to spread malware and flood the
victim's computer with unnecessary and overloading traffic.
b. Eventually, unable to harness the power necessary to handle the
intensive processing, the systems will overload and crash.
2. DNS spoofing (also known as DNS cache poisoning) :
a Attacker will drive the traffic away from real DNS servers and
redirect them to a pirate server, unrecognize d to the users.
b. This may cause in the corruption/t heft of a user's personal data.
3. Fast flux :
a. Fast flux is a technique to constantly change location-..,ased data in
order to hide where exactly the attack is coming from.
b. This will mask the attacker's real location, giving him the time
needed to exploit the attack.
c. Flux can be single or double or of any other variant. A single flux
changes address of the web server while double flux changes both
the address of web server and names of DNS serves.
4. Reflected attacks :
a. Attackers will send thousands of queries while spoofing their own
IP address and using the victim's source address.
b. When these queries are answered, they will all be redirected to the
victim himself.
5. Reflective amplificati on DoS :
a. When the size of the answer is considerably larger than the query
itself a flux is triggered, causing an amplificatio n effect.
b. This generally uses the same method as a reflected attack, but this
attack will overwhelm the user's system's infrastructu re further.

~ue ~.41. f Discuss measures against DNS attacks.

4-30 W (CC-Se m-3 & 4) Basic Crypto graphy

Answe r . j
Measu res agains t DNS attack s :
1. Use digital signatu res and certific ates to authen ticate session s in order
to protect private data.
2. Update regular ly and use the latest softwa re version s, such as BIND.
BIND is open source softwa re that resolve s DNS queries for users.
3. Install approp riate patche s and fix faulty bugs regular ly.
4. Replica te data in a few other servers , so that if data is corrup ted/ lost in
one server, it can be recove red from the others. This could also preven t
single point failure .
5. Block redund ant queries in order to preven t spoofing.
6. Limit the numbe r of possibl e queries .
I
Que 4.42. Expla in SSL encryp tion. What are the steps involv ed in

SSL server authen ticatio n ? IAKTU 2019-20, Marks 10 I

Answe r
SSL encry ption :
1. • SSL (Secur e Socket s Layer) , is an encryp tion-ba sed Interne t securit y
protoco l.
2. It is used for the purpos e of ensurin g privacy , authen tication , and data
integri ty in Intern et commu nicatio ns.
3. In order to provid e a high degree of privacy , SSL encryp ts data that is
transm itted across the web. This means that anyone who tries to
interce pt this data will only see a garbled mix of charac ters.
4. SSL initiate s an authen ticatio n process called a handsh ake betwee n
two commu nicatin g devices to ensure that both devices are really who
they claim to be.
5. SSL also digitall y signs data in order to provide data integri ty, verifyi ng
that the data is not tamper ed, before reachin g its intend ed recipie nt.
Steps involv ed in SSL server authen ticatio n are :
1. The client reques ts access from the server to a specific user accoun t,
and also sends the user's certific ate contain ing a public key to the
server .
2. The server checks the CA (Certif ication of Author ity) signatu re in the
certific ate and consul ts a local databa se to see if the CA is trusted . If
not, the_certific ate is rejecte d and the user is not authen ticated .
3. The server , checks the validit y of t};le certific ate, for examp le, by
consul ting a Certifi cate Revoca tion List (CRL) publish ed by the CA. If
rthe certific ate has been revoke d or has expired , the certific ate is rejecte d.
4. The client signs a value with the user's private key.
5. The server verifie s the signatu re with the user's public key.
6. If the signatu re is success fully verifie d, the user is authen ticated , and
the server_can move on to author izing the user, or giving access to the
~

releva nt parts of the system .

Computer System Security 4-31 W (CC-Sem-3 & 4)

Que 4.43.1 What are asymmetric algorithms ? Give their

advantages, disadvantages. IAKTU 2019-20, Marks 10 I

Ans~er, ·. I
Asymmetric algorithms : Refer Q. 4.1, Page 4-2W, Unit-4. _
Advantages and disadvantages : Since RSA is an asymmetric algorithm.
Hence for advantages and disadvantages Refer Q. 4. 7, Page 4--BW, Unit-4.
Que ~-44~ f What is DES ? Why were double and triple DES created

and what are they ? IAKTU 2019-20, Marks 10 I

Answer
DES:
1. The DES has a 64-bit block size and uses a 56-bit key during execution
(8 parity bits are stripped off from full 64-bit key). DES is a symmetric
cryptosystem, specifically a 16-round Feistel cipher.
2. A block to be enciphered is subjected to an initial permutation IP and
then to a complex key-dependent computation and finally to a
permutation which is the inverse of the initial permutation IP-1 .
3. Permutation is an operation performed by a function, which moves an
element at place j to the place k. ,
4. The key-dependent computation can be simply defined in terms of a
function f, called the cipher function, and a function KS, called the key .
schedule.
Reason for creation :
1. Since DES uses 56 bit key to encrypt any plain text which can easily be
cracked by using modern technologies.
2. To prevent this from happening, double DES and triple DES were
created which are much more secured than the original DES because
it uses 112 and 168 bit keys respectively. They offer much more security
than DES.
Double DES:
1. Double DES is an encryption technique which uses two instance of
DES on same plain text. In both instances it uses different keys to
encrypt the plain text.
2. Both keys are required at the time of decryption. The 64 bit plain text
goes into first DES instance which than converted into a
64 bit middle text using the first key and then it goes to second DES
instance which gives 64 bit cipher text by using second key.
3. However double DES uses 112 bit key but gives security level of 256 not
211 2 and this is because of meet-in-the middle attack which can be used
to break through double DES.
Triple DES:
1. In triple DES, three stages of DES are used for encryption and
decryption of messages.
4-32 W (CC-Sem-3 & 4) Basic Cryptography

2. This increases the security of DES. Two versions of triple DES are :
a. Triple DES with two keys :
1. In triple DES with two keys, there are only two keys K 1 and
1½- The first and the third stages use the key K 1 and the
second stage uses 1½-
2. The middle stage of triple DES uses decryption (reverse cipher)
in the encryption site and encryption cipher in the decryption
site.
P I 64-bit pla in text I PI 64-bit pla in text I
,--------+ ------, ,-------+------,
:I
§I
DES cipher
♦
I +-
:
K1
I

I
I
DES reverse cipher
I
1
I
s:::
I -~
:;; I I
I
,----------, I
I >,
o.
~: M 64-bit middle t ext : 64-bit middle t ext
0tl
t Mt
~I .....__ _~ ~ - - - ' I I .....__ _ _ _ _~ I
~I I I I
I ,----------, I I ,----------, I
: I DES cipher , ~ K2 I
1 DES reverse cipher
I .....__ _ _ _ _~
I
1
I
--------+------ J
._ _ _ _ _ _ _ ______ J

Cl 64-bit ciphertext Cl 64-bit ciphertext

Fig. 4.44.1. Triple DES with two keys.

b. Triple DES with three keys :
1. This cipher uses three DES cipher stages at the encryption
site and three reverse cipher at the decryption site.
2. The plaintext is first encrypted with a key Ki, then encrypted
with a second key 1½ and finally with a third key Ka, where Ki,
1½ and Ka are all different.
3. Triple DES with three keys is used in PGP and S/MIME.
Plaintext can be obtained by first decrypting the ciphertext
with the key Ki, then with 1½ and finally with Ka-
p= DK3 (DK2 (DKl (C))).
P ~-
6-4-b-it_p_l-ai-n-te_x_t _, P~l-6-4--b-it_p_l-ai-n-te_x_t_,1
------+-----
,---

lI DES cipher I +-
I

K1
,-
1
DES reverse cipher
-1

: s:::

]: ♦ : I ,---------, : :3
P.I
~: M DES reverse cipher ~ u z ~ :t
--, , u l DES cipher IM: t ~
~
~I I I f I i=l
I ,---------, I I ,---------, I
: I DES cipher I ~ K3 : DES reverse cipher :
_ _ _ _ _ _ _ _, _ _ _ _ _ _ J ._ _ _ _ _ _ _ ------~

Cl 64-bit ciphertext I Cl 64-bit ciphertext

F ig . 4.44.2. Triple DES with t hree keys.

Computer System Security 4-33 W (CC-Sem-3 & 4)

Que 4.45. IWrite short note on secret key cryptogra'phy. Also list
its advantages, disadvantages and examples.
IAKTU 2019-20, Marks 10 I
Answer
1. Secret key cryptography refers to cryptographic system that uses the
same key to encrypt and decrypt data.
2. This means that all parties involved have to know the key to be able to
communicate securely i.e. , decrypt encrypted messages to read them
and encrypt messages they want to send.
3. Therefore the key, being shared among parties, but having to stay
secret to third parties in order to keep communications private is
considered as a shared secret.
Advantages of secret key cryptography :
1. It is efficient.
2. In secret key cryptography, encrypted data can be transferred on the
link even if there is a possibility that the data will be intercepted. Since
there is no key transmitted with the data, the chances of data being
decrypted are null.
3. It uses password authentication to prove the receiver's identity.
4. A system only which possesses the secret key can decrypt a message.
Disadvantages of secret key cryptography:
1. It has a problem of key transportation.
2. It cannot provide digital signatures that cannot be repudiated.
Examples of secret key cryptography are :
1. Data Encryption Standard (DES)
2. Triple-strength DES (3DES)
3. Rivest Cipher (RC2)
4. Rivest Cipher 4 (RC4)
 UNIT
Interne t Infrastr ucture

CONTE NTS
Part-1 : Internet Infrastructure, ........, .................. 5-2W to 5-4W
Basic Security Problems

Part-2 : Routing Protocols.: ..................................... 5-4W to 5-7W

Part-3 : DNS Revisit ed, Summary ...................... 5-7W to 5-12W

of Weakness
Internet Security -

Part-4 : Link Layer :Connectivity ...................... 5-12W to 5-l7W

and TCP/IP Connectivity,
' Packet Filtering Fiiew~ll,
Intrusion Detection

5-1 W (CC-Sem-3 & 4)

5-2 W (CC-Sem-3 & 4) Internet Infrastructu re

I PART-1 I
Internet Infrastructure, Basic Security Problems.

Questions-Answers
❖ ~. '· >I: ~ , f.' . > • "\

Long Answer Type and Medium Answer Type Questions

~ue5.t Define internet infrastruc ture. What are different

internet infrastruc tures ?

Answer
1. Internet infrastructu re is the physical hardware, transmissio n media,
and software used to interconnec t computers· ancl. users on the Internet.
2. Internet infrastructu re is responsible for hosting, storing, processing,
and serving the information that makes up websites, applications , and
content.
Different internet infrastruc ture :
1. Dial-up Internet Access :
a. Using a modem connected to our PC, users connect to the Internet
when the computer dials a phone number (which is provided by our
ISP) and connects to the network.
b. Dial-up is an analog connection because data is sent over an analog,
public-switc hed telephone network.
c. The modem converts received analog data to digital and vice versa.
2. Integrated Services Digital Network (ISDN) : Integrated services
digital network (ISDN) is an internationa l communicat ions standard for
sending voice, video, and data over digital telephone lines or normal
telephone wires.
3. Broadband ISDN (B-ISDN) :
a. Broadband ISDN is similar in function to ISDN but it transfers data
over fiber optic telephone lines, not normal telephone wires.
b. SONET (Synchronou s Optical N etwork:ing) is the physical transport
backbone of B-ISDN.
c. Broadband ISDN has not been widely implemente d.
4. Digital Subscriber Line (DSL) : DSL is frequently referred to as an
"always on" connection because it uses existing 2-wire copper telephone
line connected to the premise so service is delivered simultaneou sly
with wired telephone service.
Computer System Security 5-3 W (CC-Sem-3 & 4)

Que 5~2. IExplain the advantages and disadvantages of in TCP/IP

model.

Answer
Advantages of TCP/IP model are :
1. It is an industry-standa rd model that can be effectively deployed in
practical networking problems.
2. It allows cross-platform communication s among heterogeneous
networks.
3. It is an open protocol suite.
4. It is a scalable, client-server architecture. This allows networks to be
added without disrupting the current services.
5. It assigns an IP address to each computer on the network, thus making
each device to be identifiable over the network.
Disadvantage s of the TCP/IP model are :
1. It is not generic in nature. So, it fails to represent any protocol stack
other than the TCP/IP suite. For example, it cannot describe the Bluetooth
connection.
2. It does not clearly separate the concepts of services, interfaces, and
protocols. So, it is not suitable to describe new technologies in new
networks.
3. It does not distinguish between the data link and the physical layers,
which has very different functionalities. The data link layer should
concern with the transmission of frames. On the other hand, the physical
layer should lay down the physical characteristics of transmission.
4. It was originally designed and implemented for wide area networks. It is
not optimized for small networks like LAN (Local Area Network) and
PAN (Personal Area Network).
Que 5.3. IGive a short summary of IP protocol functions.
IAKTU 2019-20, Marks 10 I
Answer
Following are the functions of internet protocols :
1. Addressing :
a. In order to perform the job of delivering datagrams, IP must know
where to deliver them to. For this reason, IP includes a mechanism
for host addressing.
b. Since IP operates over internetworks, its system is designed to
allow unique addressing of devices across arbitrarily large networks.
 5-4 W (CC-Sem-3 & 4) Internet Infrastructure

c. It also contains a structure to facilitate the routing of datagrams to

distant networks if required.
d. Since most of the other TCP/IP protocols use IP, understanding the
IP addressing scheme is of vital importance to understand TCP/IP.
2. Data encapsulation and formatting / packaging :
a. As the TCP/IP network layer protocol, IP accepts data from the
transport layer protocols UDP and TCP.
b. It then encapsulates this data into an IP datagram using a special
format prior to transmission.
3. Fragmentation and reassembly :
a. IP datagrams are passed down to the data link layer for transmission
on the local network.
b. However, the maximum frame size of each physical/data link
network using IP may be different.
c. For this reason, IP includes the ability to fragment IP datagrams
into pieces so that they can each be carried on the local network.
d. The receiving device uses the reassembly function to recreate the
whole IP datagram again.

' I PART-2 I
Routing Protocols.

, Questio~s-Ans wers
'
Long Answer Type and Medium Answer Type Questions

Que 5.4. IDefine routing protocols.

Answer
1. A routing protocol specifies how routers communicate with each other,
distributing information that enables them to select routes between any
two nodes on a computer network.
2. Routers perform the traffic directing functions on the Internet, data
packets are forwarded through the networks of the internet from router
to router until they reach their destination computer.
3. Routing algorithms determine the specific choice of route. Each router
has a prior knowledge only of networks attached to it directly.
4. A routing protocol shares this information first among immediate
neighbours, and then throughout the network. This way, routers gain
knowledge of the topology of the network.
Computer Syste~ Security
5--5 W (CC-Sem-3 & 4)
5.
The :3-?ility of rout~ng protocols to dynamically adjust to changing
conditions such as disabled data lines and computers.

Que 5 ..5. IWhat are the types of routing protocols ?

Answer "'I
Various types of routing protocols are :
1. Routing Information Protocols (RIP) :
a. RIP is dynamic routing protocol which uses hop count as a routing
metric to find best path between the source and destination
network.
b. RIP (Routing Information Protocol) is a forceful protocol type used
in local area network and wide area network.
c. RIP is categorized as an interior gateway protocol within the use of
distance vector algorithm.
d. It prevents routing loops by implementing a limit on the number of
hops allowed in the path.
2. Interior Gateway Routing Protocol (IGRP) :
a It is distance vector Interior Gateway Routing Protocol (IGRP).
b. It is used by router to'exchange routing data within an independent
system.
c. Interior gateway routing protocol created in part to defeat the
confines of RIP in large networks.
d. It maintains multiple metrics for each route as well as reliability,
delay load, and bandwidth.
e. It measured in classful routing protocol, but it is less popular because
of wasteful of IP address space.
3. Open Shortest Path first (OSPF) :
a. Open Shortest Path First (OSPF) is an active routing protocol used
in internet protocol.
b. It is a link state routing protocol and includes into the group of
interior gateway protocol.
c. It operates inside a distinct autonomous system.
d. It is used in the network of big business companies.
4. Exterior Gateway Protocol (EGP) :
a . The absolute routing protocol for internet is exterior gateway
protocol.
b. EGP (Exterior Gateway Protocol) is a protocol for exchanging
routing table information between two neighbour gateway hosts.
c. The Exterior Gateway Protocol (EGP) is unlike distance vector and
path vector protocol.
5-6 W (CC-Sem-3 & 4) Internet Infrastructu re

5. Enhanced Interior Gateway Routing Protocol (EIGRP) :

a. Enhanced Interior Gateway Routing Protocol (EIGRP) is an
advanced distance vector routing that is used in a computer network
for automating routing decisions and configuratio n.
b. It works on network layer protocol of OSI model and uses the
protocol number 88.
6. Intermedia te System-to- Intermedia te System (IS-IS):
a. Intermediat e System-to-I ntermediate System (IS-IS) is a protocol
used by network devices to determine the best packet switched
network route for data through.
b. It is an interior gateway protocol designed for use within an
administrati ve network.

Que 5.6. IDiscuss the advantages and disadvantages of different

routing protocols.

Answer
Advantage s of RIP :
1. Easy to configure and use.
2. Supported by all routers.
3. Support load balancing.
Disadvant ages of RIP :
1. Limited to a hop count of 15 i.e., it can transmit packet through 15
routers only.
2. Does not support a Variable-Le ngth Subnet Mask (VLSM), which means
that it sends routing updates based only on a fixed-length subnet mask
(FLSM) or routes that fall on classful boundaries.
3. Converges slowly, especially on large networks.
4. Does not have knowledge of the bandwidth of a link.
5. Does not support multiple paths for the same route.
6. Routing updates can require significant bandwidth, as the entire routing
table is sent when a link's status changes.
7. Prone to routing loops.
Advantage s ofIGRP:
1. Easy to configure and use.
2. Uses the delay, bandwidth, reliability, and load of a link as its metric.
This makes it very accurate in selecting the proper route.
Disadvant ages of IGRP :
1. It is not an Internet standard; all routers must be from Cisco Systems.
2. Converges slowly, slower than RIP.
Computer Syst e m Security 5-7 W (CC-Sem-3 & 4)

3. Does not support VLSM.

4. Prone to routing loops .
Advanta ge of EIGRP:
1. It provides very quick convergen ce and a loop-free network.
2. It supports different version of IP.
3. It requires less CPU than OSPF.
4. It requires little bandwidt h for routing updates.
5. It supports VLSM.
Disadvan tages of EIGRP :
1. It is not an Internet standard; all routers must be from Cisco Systems.
Advanta ges of OSPF :
1. It converges quickly, compared to a distance vector protocol.
2. Its routing update packets are small, as the entire routing table is not
sent.
3. It is not prone to routing loops.
4. It scales very well to large networks.
5. It supports VLSM.
Disadvan tages of OSPF :
1. More complex to configure and understan d than a distance vector
protocol.

_, PART- 3
DNS R evisited, Summar y of Weakness of Internet Security. ,

Question s-Answe rs

LongAnswer Type and Medium Answer Type Question s

Que 5.7. What do you mean by DNS ? Explain DNS rebindin g

attack.

Answer
DNS: Refer Q. 4.38, Page 4-28W, Unit-4.
DNS rebindin g attack :
1. DNS rebinding is a form of computer attack.
2. In this attack, a malicious web page causes visitors to run a client-side
script that attacks m achines elsewhere on the network.
5-8 W (CC- Sem- 3 & 4) Inter net Infra struc ture

3. In this attac k, the same -orig in policy preve nts this from
happ ening ,
clien t-side scrip ts are only allow ed to acces s conte nt on the
same host
that serve d the scrip t.
4. Com parin g doma in name s is an essen tial part of enfor cing this
policy, so
DNS rebin ding circu mven ts this prote ction by misu sing
the Dom ain
Nam e Syste m (DNS).
5. This attac k can be used to breac h a priva te netw ork by
causi ng the
victim 's web brow ser to acces s comp uters at priva te IP addre
sses and
retur n the resul ts to the attac ker.
6. It can also be empl oyed to use the victim mach ine for spam
ming,
distr ibute d denia l-of-s ervic e attac ks, or other malic ious activ
ities.
Qu~ 5.8. IHow DNS rebinding work?
Ans wer
DNS rebi ndin g work s as :
1. The attac ker regis ters a doma in (such as attac ker.c
om) and deleg ates it
to a DNS serve r that is unde r the attac ker's contr ol.
2. The serve r is confi gured to respo nd with a very short
Time-To-Live
(TTI, ) recor d, preve nting the DNS respo nse from
being cache d. Whe n
the victim brow ses to the malic ious doma in, the attac ker's
DNS serve r
first respo nds with the IP addre ss of a serve r hosti ng the
malic ious
clien t-side code.
3. For insta nce, they could point the victim 's brow ser to
a webs ite that
conta ins malicious JavaS cript or Flash scrip ts that are inten ded
to execute
on the victim 's comp uter.
4. The malic ious clien t-side code make s addit ional acces ses
to the origi nal
doma in name (such as attac ker.com).
5. Thes e are perm itted by the same -orig in policy. Howe
ver, when the
victim 's brow ser runs the scrip t it make s a new DNS reque
st for the
doma in, and the attac ker repli es with a new IP addre ss.
6. For insta nce, they could reply with an inter nal IP addre
ss or the IP
addre ss of a targe t some wher e else on the Inter net.

Que 5.9. IDiscuss the features of DNS rebinding attack.

Ans wer
,
Feat ures of DNS rebi ndin g attac ks :
1. Custo m DNS serve r that allows rebin ding the DNS name
and IP addre ss
of the attac ker's web serve r to the targe t victi m mach ine's
addre ss.
2. HTT P serve r serve s HTM L page s and JavaS cript code
to targe ted users
and to mana ge the attac ks.
Computer System Security 5-9 W (CC-Sem-3 & 4)

3. Several sample attack payloads, ranging from grabbing the home page
of a target application to performing remote code execution. These
payloads can be easily adapted to perform new and custom attacks.
4. Supports concurrent users.
5. Provides several DNS rebinding strategies, including sequential mapping
from the attacker to the target IP address and random mapping, to
minimize the impact of IDS interfering with the attack.
6. A number of technical controls to maximize the reliability and speed of
attacks :
a. Disabling H'ITP keep alive, caching, DNS prefetching.
b. Aggressive DNS response TTLs.
7. Ability to allocate H'ITP servers at startup or dynamically thereafter:
a A convenience feature to avoid restarting singularity to listen on a
different H'ITP port.
b. To lay the ground work to attack vulnerable ports discovered after
a scan.

Que 5.10. IHow can we prevent DNS rebinding attack?

Answer ~ j
1. DNS rebinding attacks can be prevented by validating the Host HTTP
header on the server-side to only allow a set ofwhitelisted values.
2. For services listening on the loopback interface, this set ofwhitelisted
host values should only contain localhost and all reserved numeric
addresses for the loopback interface, including 127.0.0.1.
3. For instance, let's say that a service is listening on address 127.0.0.1,
TCP port 3000. Then, the service should check that all HTTP request
Host header values strictly contain "127 .0.0.1 : 3000" and/or ''localhost :
3000".
4. If the host header contains anything else, then the request should be
denied.
5. Depending on the application deployment model, we may have to
whitelist other or additional addresses such as 127.0.0.2, another reserved
numeric address for the loopback interface.
6. For services exposed on the network (and for any services in general),
authentication should be required to prevent unauthorized access.
7. Filtering DNS responses containing private, link-local or loopback
addresses, both for 1Pv4 and IPv6, should not be relied upon as a primary
defense mechanism against DNS rebinding attacks.
8. Singularity can bypass some filters in certain conditions, such as
responding with a localhost record when targeting an application via the
Google Chrome browser.
&-10 W (CC-Sem-3 & 4) Internet Infrastructure

Que 5.11. IExplain key ,management protocol.

Answer
1. Key management protocol refers to the collection of processes used for
the generation, storage, installation, transcription, recording, change,
disposition, and c~ntrol of keys that are used in cryptography.
2. It is essential for secure ongoing operation of any cryptosystem.
3. The various functions of key management protocol are :
a. Generation : This process involves the selection of a key that is
used for encrypting and decrypting the messages.
b. Distribution : This process involves all the efforts made in carrying
the key from the point where it is generated to the point where it is
to be used.
c. Installation : This process involves getting the key into the storage
of the device or the process that needs to use this key.
d. Storage : This process involves maintaining the confidentiality of
stored or installed keys while preserving the integrity of the storage
mechanism.
e. Change : This process involves ending with the use of the key and
starting with the use of another key.
f. Control: This process refers to the ability to implement a directing
influence over the content and use of the key.
Que 5.12. I What are the advantages and disadva... .;ages of key
management protocol ?

Answer )
Advantages:
1. In key management protocol, less than N - 1 keys are stored.
2. It is scalable.
Disadvantage s :
1. It lacks authentication process and does not clearly define any process
for revoking or refreshing keys.
2. The dynamic handshaking process prevents any form of data
aggregation.
3. No support for collaborative operations.
4. No node is guaranteed to have common key with all of its neighbours
there is a chance that some nodes are unreachable.
5. Fail~ to satisfy security requirement authentication and operational
requirement accessibility.
 Computer System Security 5-11 W (CC-Sem-3 & 4)

I
Que 5.18. What are the security and operational requirements for
key management protocol ?

Answer J
Security and operational requirements for key management
protocol:
1. Confidentiality : Nodes should not reveal data to any unintended
recipients.
2. Integrity : Data should not be changed between transmissions due to
environment or malicious activity.
3. Data freshness : Old data should not be used as new.
4. Authentication : Data used in decision making process should originate
from correct source.
5. Robustness : When some nodes are compromised, the entire network
should not be compromised.
6. Self-organization : Nodes should be flexible enough to be self-
organizing (autonomous) and self-healing (failure tolerant).
7. Availability: Network should not fail frequently.
8. Time synchronization : Protocols should not be manipulated to produce
incorrect data.
9. / Secure localization : Nodes should be able to accurately and securely
acquire location information. ""-
10. Accessibility : Intermediate nodes should be able to perform data
aggregation by combining data from different nodes.
/ C

I
_Q_u_e_5-.1-4-..... Write a short note on VPN and tunnel mode.

Answer )
Virtual Private Network (VPN) :
1. A Virtual Private Network (VPN) is a technology that creates a safe and
encrypted connection over a less secure network, such as the internet.
2. It is a way to extend a private network using a public network such as
internet.
3. The name only suggests that it is Virtual private network i.e., user can
be the part oflocal network sitting at a remote location.
4. It makes use of tunneling protocols to establish a secure connection.
Tunnel mode :
1. I~ IPSec tunnel mode, the original IP packet (IP header and the Data
payload) is encapsulated within another packet.
 5-12 W (CC-Sem-3 & 4) Internet Infrastructure

2. In IPSec tunnel mode, the original IP Datagram is encapsulated with an

Authentication Header (AH) or Encapsulating Security Protocol (ESP)
header and an additional IP header.
3. The traffic between the two VPN Gateways appears to be from the two
gateways (in a new IP datagram), with the original IP datagram is
encrypted (in case of ESP) inside IPSec packet.
;, ~ ' )':- ~ . • < -..,!: 'l

'."': ' ., -~'.;·, '~,.- ' J PART-4- I ' ' .

;Link ½rer Con~cti~ity' atul,, TCP!, IP Cpnnectivity, Packet Filtering
-· . Firewall,,Intrusi~n J)etection.

I
I •

'
Long swer' . .an . . e,di '-Atiswe~ Type Questions
. ~" " ~ ..\ :~• ·,-.,· ~-. -~ ·, 4

I
Que 5.15. Discuss link layer connection in TCP/IP model.

~swe~ "]
~ ,,, «,.,...,,. '<;

1. The link layer in the TCP/IP model is a descriptive field networking

protocols that operate only on the local network segment (link) that a
host is connected to. Such protocol packets are not routed to other
networks.
2. The link layer includes the protocols that define communication between
local (on-link) network nodes which fulfill the purpose of maintaining
link states between the local nodes, such as the local network topology,
and that usually use protocols that are based on the framing of packets
specific to the link types.
3. The core protocols specified by the Internet Engineering Task Force
(IETF) in this layer are the Address Resolution Protocol (ARP), th~
Reverse Address Resolution Protocol (RARP), and the Neighbour
Discovery Protocol (NOP).
4. The link layer of the TCP/IP model is often compared directly with the
combination of the data link layer and the physical layer in the Open
Systems Interconnection (OSI) protocol stack. Although they are
congruent to some degree in technical coverage of protocols, they are
not identical.
5. In general, direct or strict comparisons should be avoided, because the
layering in TCP/IP is not a principal design criterion and in general is
considered to be harmful.
·j
Que 5:16. Write short note on firewall.
Computer System Security 5-13 W (CC-Sem-3 & 4)

Answer
:,,

1. A firewall defines a single choke point that keeps unauthorized users

out of the protected network, prohibits potentially vulnerable services
from entering or leaving the network, and provides protection from
various kinds of IP spoofing and routing attacks.
2. The use of a single choke point simplifies security management because
security capabilities are ~onsolidated on a single system or set of systems.
3. A firewall provides a location for monitoring security-related events.
Audits and alarms can be implemented on the firewall system.
4. A firewall is a convenient platform for several Internet functions that
are not security related. These include a network address translator,
which maps local addresses to Internet addresses, and a network
management function that audits or logs Internet usage.
5. A firewall can serve as the platform for IPSec. Using the tunnel mode
capability, the fitewall can be used to implement virtual private
networks.

I
Que 5.17. What is packet filtering firewall? Explain its advantage
and disadvantage.

Answer
Packet filtering firewall :
1. Packet filtering firewall is a technique used to control network access by
monitoring outgoing and incoming packets.
2. Packet filtering firewall allows packet to pass or halt based on the source
and destination Internet Protocol (IP) address, protocols and ports.
Advantages :
1. They are simple, since a single rule is enough to indicate whether to
allow or deny the packet.
2. They are transparent to the users i.e., the users need not know the
existence of packet filters.
3. They operate at a fast speed as compared to other techniques.
4. The client computers need not be conf~gured specially while
implementing packet-filtering firewalls.
5. They protect the IP addresses of internal hosts from the outside network.
Disadvantages :
1. They are unable to inspect the application layer data in the packets and
thus cannot restrict access to FI'P services.
'
2. It is a difficult task to set up the packet-filtering rules correctly.
3. They lack support for authentication and have no alert mechanisms.
~14 W (CC-Sem-3 & 4) Internet Infrastructure

4. Being stateless in nature, they are not well suited to application layer
protocols.

Que 5.18.1 Write short note on telnet.

Answer
1. Telnet is a user command and an underlying TCP/IP protocol for
accessing remote computers.
2. Through
I
Telnet, an administrator or another user can access someone
else's computer remotely.
3. With Telnet, we log on as a regular user with whatever privileges we
may have been granted to the specific application and data on that
computer.
4. At the Telnet client, a character that is typed on the keyboard is not
displayed on the monitor, but, instead, is encoded as an ASCII character
and transmitted to a remote Telnet server.
5. At the server, the ASCII character is interpreted as if a user had typed
the character on the keyboard of the remote machine. If the keystroke
results in any output, this output is encoded as (ASCII) text and sent to
the Telnet client, which displays it on its monitor.
6. The output can b,~just the (echo of the) typed character or it can be the
output of a comr..iand that was executed at the remote Telnet server.

Que 5.19. , Explain briefly fragmentation at network layer.

Answer j
1. Fragmentation is done by the network layer when the maximum size of
datagram is greater than maximum size of data that can be held a frame
i.e., it's Maximum Transmission Unit(MTU).
2. The network layer divides the datagram received from transport layer
into fragments so that data flow is not disrupted.
3. It is done by network layer at the destination side and is usually done at
routers.
4. Source side does not require fragmentation due to segmentation by
transport layer i.e., the transport layer looks at datagram data limit and
frame data limit and does segmentation in such a way that resulting
data can easily fit in a frame without the need of fragmentation.
5. Receiver identifies the frame with the identification (16 bits) field in IP
header. Each fragment of a frame has same identification number.
6. Receiver identifies sequence of frames using the fragment offset
(13 bits) field in IP header.
7. An overhead at network layer is present due to extra header introduced
due to fragmentation.
Computer System Security 5-15 W (CC-Sem-3 &4)

I
Que 5.20. Write short note on proxy firewall.

Answer , I
1. Proxy firewalls are the most secure types of firewalls, as they can limit
which applications our network can support.
2. The enhanced security of a proxy firewall is because information packets
do not pass through a proxy. Instead the proxy acts as an intermediary;
computers make a connection to the proxy which then initiates a new
network connection based on the request.
3. This prevents direct connections and packet transfer between either
sides of the firewall, which makes it harder for intruders to discover
where the location of the network is from packet information.
4. A firewall proxy provides int.ernet access to computers on a network but
is mostly deployed to provide safety or security by controlling the
information going in and out of the network.
5. Firewall proxy servers filter, cache, log, and control requests coming
from a client to keep the network secure and free of intruders and
viruses.

~~e 5.2~.. ] Write·short note on intrusion detection.

Answe~ J
1. Intrusion detection refers to the process of identifying attempts to
penetrate a system and gain unauthorized access.
2. An intrusion detection syst.em is a software/hardware designed to detect
unwanted attempts at accessing of target application or syst.em.
3. If an intrusion is detected quickly enough, the intruder can be identified
and ejected from the system before any damage is done or any data are
compromised.
4. Even if the detection is not sufficiently time to preempt the intruder, the
sooner that the intrusion is detected, the less the amount ofdamage and
more quickly recovery can be achieved.
5. An effective intrusion detection system can serve as a barrier to
intrusions.
6. Intrusion detection enables the collection of information about intrusion
techniques that can be used to strengthen the intrusion prevention
facility.

·Q ue 5.22: f Briefly describe approaches for intrusion detection.

 5-16 W (CC-Sem-3 & 4)
Inter net Infra struc ture

Answer ]
Two appr oach es for intru sion dete ction are :
1. Stat istic al anom aly dete ction : In this categ ory,
the beha viour of
legit imate users is evalu ated over some time interv al. It can
be achie ved
by two ways :
a. Thre shol d dete ction :
L In thres hold detec tion, thres holds are defin ed for all users
as a
group , and the total numb ers of even ts that are attrib uted
to
the user are meas ured again st these thres hold value s.
n. The numb er of even ts is assum ed to roun d upto a numb
er that
is most likel y to occur , and if the even t coun t excee ds this
numb er, then intru sion is said to have occur red.
b. Prof ile-b ased dete ction :
L In profi le-ba sed detec tion, profi les for all users are creat
ed,
and then matc hed with avail able statis tical data to find out
if
any unwa nted actio n has been perfo rmed .
n. A user profi le conta ins sever al param eters . There fore,
chan ge
in a singl e para mete r is not a sign of alert .
2. Rule -bas ed dete ction : In this categ ory, certa in
rules are appli ed on
the actio ns perfo rmed by the users . It is class ified into two.
types :
a. Ano maly -bas ed dete ction :
L In anom aly-b ased detec tion, the usage patte rns of users
are
colle cted, and certa in rules are appli ed to check any devia tion
from the previ ous usag e patte rns.
IL The colle cted patte rns are defin ed by the set of rules that
inclu des past beha viour patte rns of users , progr ams, privileges,
time- slots , term inals , etc.
DL The curre nt beha viour patte rns of the
user are matc hed with
the defin ed set of rules to check whet her there is any devia tion
in the patte rns.
b. Pene trati on iden tific ation :
L In pene tratio n ident ificat ion, an expe rt syste m is main taine
d
that looks for any unwa nted attem pts.
IL This syste m also conta ins rules that are used to ident ify
the
suspi cious beha viour and pene tratio ns that can explo it know
n
weak nesse s.

I
Que 5.23. Wha t is dom ain nam e syste m and expl ain
wha t is DNS
cach e pois onin g? IAKTU 2019-20, Marks 10 I
Computer System Security 5-17 W (CC-Sem-3 & 4)

Answer
Domain name system :
1. The Domain Name System (DNS) is a hierarchic al and decentrali zed
naming system for computers , services, or other resources connected
to the Internet or a private network.
2. It associates various informati on with domain names assigned to each
of the participat ing entities.
3. The domain name system resolves the names of websites with their
underlyin g IP addresses adding efficiency and even security in the
process.
4. Web browsing and most other internet activities depend on DNS to
quickly provide the informati on necessary to connect users to remote
hosts.
5. DNS mapping is distribute d throughou t the internet in a hierarchy of
authority.
6. For example, ifwe type www.google.com into a web browser, a server
behind the scenes will map that name to the correspon ding IP address,
something similar in structure to 172.217.24.228.
DNS cache poisonin g: DNS cache poisoning also known as 'DNS spoofing',
is a form of computer security hacking in which corrupt domain name
system data is introduce d into the DNS resolver's cache causing the name
server to return an incorrect result record. For example, an IP address.