Q1. Enlist security goals.

Discuss their significance

Confidentiality: Preserving authorized restrictions on information access and disclosure, including
means for protecting personal privacy and proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.
• Data1 confidentiality: Assures that private or confidential information is not made available
or disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to them may
be collected and stored and by whom and to whom that information may be disclosed.
Integrity: Guarding against improper information modification or destruction, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
• Data integrity: Assures that information and programs are changed only in a specified and
authorized manner.
• System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is
the disruption of access to or use of information or an information system.
2)Explain Security Services
• A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. These services are intended to
counter security attacks, and they make use of one or more security mechanisms to
provide the service. Following are the five categories of these services:
• Authentication: The assurance that the communicating entity is the one that it claims to
be.
• Peer Entity Authentication: Used in association with a logical connection to provide
confidence in the identity of the entities connected.
• Data-Origin Authentication: In a connectionless transfer, provides assurance that the
source of received data is as claimed.
• Data Confidentiality: Protects data from unauthorized disclosure.
• Access Control: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and
what those accessing the resource are allowed to do).
• Data Integrity: The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay).
• Non-repudiation: Protects against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
• Proof of Origin: Proof that the message was sent by the specified party.
• Proof of Delivery: Proof that the message was received by the specified party.
3)Explain Security Mechanisms
A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. The mechanisms are divided into those
that are implemented in a specific protocol layer, such as TCP or an application-
layer protocol.
1. Encipherment: Encipherment is hiding or covering data and can provide
confidentiality. It makes use of mathematical algorithms to transform data into a
form that is not readily intelligible. The transformation and subsequent recovery of
the data depend on an algorithm and zero or more encryption keys. Cryptography
and Steganography techniques are used for enciphering.
2. Data integrity: The data integrity mechanism appends a short check value to the
data which is created by a specific process from the data itself. The receiver
receives the data and the check value. The receiver then creates a new check value
from the received data and compares the newly created check value with the one
received. If the two check values match, the integrity of data is being preserved.
3. Digital Signature: A digital signature is a way by which the sender can
electronically sign the data and the receiver can electronically verify it. The sender
uses a process in which the sender owns a private key related to the public key that
he or she has announced publicly. The receiver uses the sender's public key to
prove the message is indeed signed by the sender who claims to have sent the
message.
4. Authentication exchange: A mechanism intended to ensure the identity of an
entity by means of information exchange. The two entities exchange some
messages to prove their identity to each other. For example the three-way
handshake in TCP.
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
6. Routing control: Enables selection of particular physically secure routes for
certain data and allows routing changes which means selecting and continuously
changing different available routes between the sender and the receiver to prevent
the attacker from traffic analysis on a particular route.
7. Notarization: The use of a trusted third party to control the communication
between the two parties. It prevents repudiation. The receiver involves a trusted
third party to store the request to prevent the sender from later denying that he or
she has made such a request.
8. Access Control: A variety of mechanisms are used to enforce access rights to
resources/data owned by a system, for example, PINS, and passwords
 4)classical encryption techniques(substitution Cipher, Transposition Cipher)
Classical encryption techniques, such as substitution and transposition ciphers, are early forms
of encryption that were developed prior to the advent of modern computers and electronic
communication. These techniques rely on manipulating the text of a message to create a ciphertext
that is difficult for unauthorized persons to read.
• Substitution Cipher: Substitution cipher is a type of encryption technique that replaces each
plaintext character with a different ciphertext character. There are two types of substitution
ciphers:
1. Caesar Cipher: The Caesar Cipher is a simple substitution cipher in which each letter in the
plaintext is shifted a fixed number of positions down the alphabet. For example, a shift of 3
would turn "A" into "D", "B" into "E", and so on.
2. Monoalphabetic Cipher: The Monoalphabetic Cipher is a substitution cipher that uses a fixed
substitution of the entire alphabet. This substitution can be done in a random order or can
follow a pattern. An example of a pattern is the keyword cipher, where the keyword is used to
determine the substitution for each letter of the alphabet.
• Transposition Cipher: Transposition cipher is a type of encryption technique that rearranges the
letters or characters of the plaintext to create the ciphertext. There are two types of
transposition ciphers:
1. Rail Fence Cipher: The Rail Fence Cipher is a simple transposition cipher that writes the plaintext
in a zigzag pattern across a number of rows and then reads off the ciphertext row by row. For
example, if the plaintext was "HELLO WORLD" and the number of rows was 3, the ciphertext
would be "HOLELWRDLO".
2. Columnar Transposition Cipher: The Columnar Transposition Cipher rearranges the plaintext by
writing it in a table with a fixed number of columns and then reading off the ciphertext by
columns. For example, if the plaintext was "HELLO WORLD" and the number of columns was 4,
the ciphertext could be "HOELWLLROD".

5) last diagram:-

4 1 3 2 5

1 2 3 4 5
5)Transposition Techniques (Keyed and keyless Also Sums .

• A transposition cipher does not substitute one symbol for another (as in substitution
cipher), but changes the location of these symbols.
• It reorders (jumbles) the given plain-text to give the cipher-text.
• They are of two types: Keyed and Keyless Transposition Cipher.

Keyless Transposition Cipher:

• In this cipher technique, the message is converted to ciphertext by either of two
permutation techniques:
a. Text is written into a table column-by-column and is then transmitted row-by-row.
b. Text is written into a table row-by-row and is then transmitted column-by-column

• The first method (a) is also popularly known as Rail-fence cipher

• E.g. We need to send the message “DEFENDTHEEASTWALL”. Arranging into tables we get :

Now, the message is sent row-by-row. So Ciphertext is “DFNTEATALEEDHESWL”(Note: the no.

of rows is 2 by default, unless specified)Now, the message is sent row-by-row. So Ciphertext is
“DFNTEATALEEDHESWL”(Note: the no. of rows is 2 by default, unless specified)

• Similarly for the (b) method, we can arrange the same above message into tables with four
columns.

The Data is then transmitted column-by-column as “DNETLEDEWFTAAEHSL”The Data is then

transmitted column-by-column as “DNETLEDEWFTAAEHSL”
Keyed Transposition cipher:

• In this approach, rather than permuting all the symbols together, we divide the entire
plaintext into blocks of predetermined size and then permute each block independently.
• Suppose A wants to send a message to B “WE HAVE AN ATTACK”. Both A and B agreed to
had previously agreed oved the blocks size as 5. So the blocks would be as:
WEHAV EANAT TACKX
• The last character X is a bogus character so as to complete the block size of 5.
• A and B is using the following key for encryption and decryption:
6)Discuss in detail Block Cipher modes of operation
Encryption algorithms are divided into two categories based on the input type, as a block cipher and
stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input say b bits and
produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further. For
different applications and uses, there are several modes of operations for a block cipher.
Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct
encryption of each block of input plaintext and output is in form of blocks of encrypted ciphertext.
Generally, if a message is larger than b bits in size, it can be broken down into a bunch of blocks and
the procedure is repeated.
Procedure of ECB is illustrated below:

Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security
requirements. In CBC, the previous cipher block is given as input to the next encryption algorithm
after XOR with the original plaintext block. In a nutshell here, a cipher block is produced by
encrypting an XOR output of the previous cipher block and present plaintext block.
The process is illustrated here:
Cipher Feedback Mode (CFB) –
In this mode the cipher is given as feedback to the next block of encryption with some new
specifications: first, an initial vector IV is used for first encryption and output bits are divided as a set
of s and b-s bits.The left-hand side s bits are selected along with plaintext bits to which an XOR
operation is applied. The result is given as input to a shift register having b-s bits to lhs,s bits to rhs
and the process continues. The encryption and decryption process for the same is shown below,
both of them use encryption algorithms.

Output Feedback Mode –

The output feedback mode follows nearly the same process as the Cipher Feedback mode except
that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In
this output feedback mode, all bits of the block are sent instead of sending selected s bits. The
Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It also
decreases the dependency or relationship of the cipher on the plaintext.
Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a
counter-initiated value is encrypted and given as input to XOR with plaintext which results in
ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in
parallel.
Its simple implementation is shown below:

Applications of Block Ciphers

1. Data Encryption: Block Ciphers are widely used for the encryption of private and sensitive data
such as passwords, credit card details and other information that is transmitted or stored for a
communication. This encryption process converts a plain data into non-readable and complex
form. Encrypted data can be decrypted only by the authorised person with the private keys.
2. File and Disk Encryption: Block Ciphers are used for encryption of entire files and disks in order
to protect their contents and restrict from unauthorised users. The disk encryption softwares
such as BitLocker, TrueCrypt aslo uses block cipher to encrypt data and make it secure.
3. Virtual Private Networks (VPN): Virtual Private Networks (VPN) use block cipher for the
encryption of data that is being transmitted between the two communicating devices over the
internet. This process makes sure that data is not accessed by unauthorised person when it is
being transmitted to another user.
4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS protocols use block
ciphers for encryption of data that is transmitted between web browsers and servers over the
internet. This encryption process provides security to confidential data such as login credentials,
card information etc.
5. Digital Signatures: Block ciphers are used in the digital signature algorithms, to provide
authenticity and integrity to the digital documents. This encryption process generates the
unique signature for each document that is used for verifying the authenticity and detecting if
any malicious activity is detected.
7)Explain Man-in-the-middle attack for Diffie-Hellman. Explain how to overcome
the same.
Diffie-Hellman Key Exchange algorithm is an advanced cryptographic method used to establish a
shared secret (or shared secret key) that can be used to perform secret communication on a public
network between Alice and Bob while preventing Eve (eavesdropper), who can eavesdrop on all
their communication, from learning the generated secret.
The key exchange procedure has two steps :
1. One-time setup: We define some public parameters that are used by everyone forever.
2. Protocol: To generate new secret keys, run a two-message key exchange protocol. This process
is done using some simple algebra, prime numbers, and properties of modular arithmetic.
Security Threat of the Diffie-Hellman
Let’s assume that the eavesdropper EVE knows the public values p and g like everyone else, and
from her eavesdropping, she learns the values exchanged by Alice and Bob, gᵃ mod p and gᵇ mod p,
as well. With all her knowledge, she still can’t compute the secret key S, as it turns out, if p and g are
properly chosen, it’s very, very hard for her to do.For instance, you could brute force it and try all
the options, but The calculations (mod p) make the discrete log calculation super slow when the
numbers are large. If p and g have thousands of bits, then the best-known algorithms to compute
discrete logs, although faster than plain brute force, will still take millions of years to compute.
Even with its immunity to brute force, it’s vulnerable to MITM (man in the middle position).
Man in the Middle (MITM) against Diffie-Hellman:
A malicious Malory, that has a MitM (man in the middle) position, can manipulate the
communications between Alice and Bob, and break the security of the key exchange.
Step by Step explanation of this process:
• Step 1: Selected public numbers p and g, p is a prime number, called the “modulus” and g is called
the base.
• Step 2: Selecting private numbers.let Alice pick a private random number a and let Bob pick a
private random number b, Malory picks 2 random numbers c and d.
• Step 3: Intercepting public values,Malory intercepts Alice’s public value (ga(mod p)), block it from
reaching Bob, and instead sends Bob her own public value (gc(modp)) and Malory intercepts Bob’s
public value (gb(mod p)), block it from reaching Alice, and instead sends Alice her own public value
(gd (modp))
• Step 4: Computing secret key Alice will compute a key S1=gda(mod p), and Bob will compute a
different key, S2=gcb(mod p)
• Step 5: If Alice uses S1 as a key to encrypt a later message to Bob, Malory can decrypt it, re-encrypt
it using S2, and send it to Bob.
8)Two users wish to establish a secure communication channel and exchange a session
key after mutual authentication. I Show how this can be done with the help of a KDC.
Key Distribution Center (KDC) is a central authority dealing with keys for individual
computer ( nodes) in a computer network.

• It is similar to the concept of the authentication Services (AS) & Tichel Granting
Service (TGS) in Kerheros.
• The basic idea is that every node shares an unique secret key with the KDC.
Whenever user wants to communicate securely with user B , the following action
take place.
• The background is that A has a secured secret key KA with KDC . Similarly B is
assumed to share a secret key KB with the KDC.
• A sends a request to KDC encrypted with KA , which includes:
• Identifies of A & B
• A random number R , called as names.
• KDC responds with a message encrypted with KA , continuing :
a. One - time symmetric key KS.
b. Original request that was sent by A, for verification
c. Plus, KS encrypted with KB & ID of A encrypted with KB.

• A & B can now communicate by using KS for encryption

9) Explain Needham-Schroeder protocol for secret key distribution with
suitable diagram
The Needham-Schroeder protocol is a widely used cryptographic protocol for secure key exchange
between two parties over an insecure network. It was proposed by Roger Needham and Michael
Schroeder in 1978.
The protocol involves three entities: Alice, Bob, and a trusted server known as the Key Distribution
Center (KDC). The goal of the protocol is for Alice and Bob to securely exchange a secret key that can
be used for subsequent encryption and decryption of messages.
The protocol can be summarized as follows:
• Alice sends a message to the KDC requesting a session key for communication with Bob.
• The KDC generates a session key, encrypts it with Bob's public key, and sends the encrypted key
to Alice.
• Alice then forwards the encrypted session key to Bob, along with a message requesting
confirmation of the key's validity.
• Bob decrypts the session key using his private key and sends a message to Alice confirming the
key's validity.
Here is a diagram that illustrates the steps involved in the Needham-Schroeder protocol:
Key Distribution Center (KDC)
-----------------------------
|
(1) Alice requests session key
The Needham-Schroeder
|
v protocol provides a secure
Generate session key method for key exchange
|
v between two parties over
Encrypt session key with Bob's public key an insecure network.
|
However, it has since been
v
Send encrypted key to Alice found to be vulnerable to
| certain attacks, such as
v
Alice (2) Forward encrypted key to Bob the replay attack and the
----------------------------- | man-in-the-middle attack.
-----------------------------
| |
Decrypt session key Confirm key validity
| |
v v
Bob (3) (4)
In this diagram, the KDC generates a session key and encrypts it with Bob's public key (step 2), which
ensures that only Bob can decrypt it using his private key. Alice then forwards the encrypted key to
Bob (step 3), along with a message requesting confirmation of the key's validity. Bob decrypts the
session key using his private key (step 4) and sends a message to Alice confirming the key's validity.
10) Explain Kerberos protocol in detail.
The Kerberos protocol is a widely used authentication protocol that provides secure authentication
for distributed systems. It was developed by MIT and is based on a trusted third-party authentication
server. The protocol uses symmetric-key cryptography and provides secure authentication through
the use of tickets.
Here is a detailed explanation of how the Kerberos protocol works:
Authentication Server (AS): The Kerberos authentication server is a trusted third-party server that is
responsible for authenticating users and providing tickets for access to resources. When a user logs
in to a client machine, the client sends a request to the authentication server, requesting a Ticket
Granting Ticket (TGT). The request includes the user's credentials, such as a username and password.
The authentication server verifies the credentials and sends back a TGT encrypted with a secret key
that only the client and the authentication server share.
Ticket Granting Server (TGS): The Ticket Granting Server is another trusted server that is responsible
for granting access to resources. When the user wants to access a resource on a remote server, the
client machine sends a request to the Ticket Granting Server, requesting a service ticket for the
desired resource. The request includes the TGT that was obtained in step 1. The Ticket Granting
Server verifies the TGT and sends back a service ticket encrypted with a secret key that only the
client and the remote server share.
Client: The client machine stores the TGT and service ticket and uses them to access remote
resources. When the client wants to access a resource on a remote server, it sends the encrypted
service ticket to the remote server along with a request for the desired resource. The remote server
decrypts the service ticket using its secret key, verifies that the ticket is valid, and grants access to
the requested resource.
Here are the detailed steps involved in the Kerberos protocol:
Step 1: Authentication
1. The client sends a request to the Authentication Server (AS) for a TGT. The request includes
the client's username.
2. The Authentication Server verifies the username and sends back a TGT encrypted with a
secret key that only the client and the Authentication Server share.
3. The client decrypts the TGT using its secret key and stores the decrypted TGT.
Step 2: Obtaining a Service Ticket
1. The client sends a request to the Ticket Granting Server (TGS) for a service ticket. The
request includes the client's username, the name of the desired service, and the TGT
obtained in step 1.
2. The TGS verifies the TGT and sends back a service ticket encrypted with a secret key that
only the client and the remote server share.
 3. The client decrypts the service ticket using its secret key and stores the decrypted service
ticket.
Step 3: Accessing the Service
1. The client sends the encrypted service ticket to the remote server along with a request for
the desired resource.
2. The remote server decrypts the service ticket using its secret key, verifies that the ticket is
valid, and grants access to the requested resource.
The Kerberos protocol provides secure authentication for distributed systems, as it uses symmetric-
key cryptography to protect communication between the client and the Authentication Server and
between the client and the Ticket Granting Server. Additionally, the use of tickets ensures that the
client's credentials are not sent over the network, thus reducing the risk of interception and
unauthorized access.

11) What is trojan. how it works.

A Trojan, also known as a Trojan horse, is a type of malware that masquerades as legitimate
software but contains malicious code. Trojans can be used by attackers to gain unauthorized access,
steal data, or install other malware on a victim's computer.
Trojans typically work by tricking users into downloading and executing them, often disguised as
harmless or useful software. Once installed, the Trojan can perform a variety of malicious actions,
such as:

1. Backdoor access: Trojans can create a backdoor or remote access point on a victim's
computer, allowing attackers to gain unauthorized access and control over the system.
2. Data theft: Trojans can steal sensitive data, such as passwords, credit card numbers, or
personal information, and send it to attackers.
3. Keylogging: Trojans can record keystrokes made by a user and send them to attackers,
allowing them to capture sensitive information, such as login credentials.
4. Botnet creation: Trojans can install a botnet client on a victim's computer, allowing attackers
to control it as part of a larger network of compromised systems.
5. Ransomware installation: Trojans can install ransomware on a victim's computer, encrypting
files or blocking access to the system and demanding payment in exchange for a decryption
key or system access.

To prevent Trojan infections, users should follow safe computing practices, such as keeping their
software up to date, using anti-virus and anti-malware software, avoiding suspicious links or
attachments, and being cautious when downloading or installing software from unknown sources. It
is also important to regularly back up important data to prevent data loss in the event of a Trojan
infection.
12)write short note on X.509
A digital certificate is a digital form of identification, like a passport. A digital certificate provides
information about the identity of an entity. A digital certificate is issued by a Certification Authority
(CA). Examples of trusted CA across the world are Verisign, Entrust, etc. The CA guarantees the
validity of the information in the certificate.
A typical X.509 standard digital certificate has the following format:

An X.509 certificate contains information about the identity to which a certificate is issued and
the identity that issued it. Standard information in an X.509 certificate includes:
Version: which X.509 version applies to the certificate (which indicates what data the
certificate must include)
Algorithm information: the algorithm used by the issuer to sign the certificate
Issuer distinguished name: the name of the entity issuing the certificate (usually a certificate
authority)
Validity period of the certificate: the period of time for which the certificate is valid with the
start/end date.
Subject distinguished name: the name of the identity the certificate is issued to
Subject public key information the public key associated with the identity
Extensions (optional)
Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in
fact X.509 certificates.
The first X.509 certificates were issued in 1988 as part of the International
Telecommunications Union's Telecommunication Standardization Sector (ITU-T) and the
X.500 Directory Services Standard. In 1993, version 2 added two fields to support directory
access control. Version 3 was released in 1996 and defines the formatting used for certificate
extensions.
13) What are the requirements of the cryptographic hash functions? Compare
MDS and SHA Hash functions

Cryptographic Hash Function

• Cryptographic hash function takes a message of arbitrary length and creates a message
digest of fixed length.
• The cryptographic hash function h(x) criteria are as follows:

Compression: For any size of input x, the output length of y = h(x) is small. Hash functions
produce a fixed size output regardless of the length of the input.
Efficiency: It must be easy to compute h(x) for any input x. the computational effort
required to compute h(x) will certainly grow with the length of x, but it should not grow
too fast.
One-way: Given any value y, it is computationally infeasible to find a value x such
that h(x)=y It is difficult to invert the hash.
Weak collision resistance: Given x and h(x) it is infeasible to find y with y≠x such
that h(y)=h(x)
Strong collision resistance: It is infeasible to find y with x≠y such that h(x)=h(y)

Comparison between MD-5 and SHA-1:

Parameters MD-5 SHA-1

Message digest size Message digest 128 bits Message digest is 160 bit long.

Speed Faster because of size Slower compared to MD-5

Brute force attack is of the Brute force attack is of the

Brutte force attack order 21282128 order 21602160
possibility

Collision Difficulty in producing same digest Difficulty in producing same

is 264264 message is 280280
Secure Less secure More secure
Cryptanalytic attack Vulnerable to cryptanalysis attack Non-vulnerable to cryptanalytic
attack
Buffers used Four buffers of 32 bits each Five buffers of 32 bits
Format No format used Big endian format used to store
values
14) Explain short note on digital signature

• Digital signatures are used to authenticate the identity of the sender. It is like
signing a message in electronic form.
• A digital signature is a protocol that produces the same effect as a real signature.
• It is a mark that only the sender can make and other people can easily recognize
that it belongs to the sender. A digital signature is also used to confirm agreement
to a message.
• A digital signature must be unforgeable and authentic.
• In a digital signature process, the sender uses a signing algorithm to sign the
message. The message and the signature are sent to the receiver. The receiver
receives the message and the signature and applies the verifying algorithm to the
combination.
• If the result is true, the message is accepted otherwise it is rejected.
• A conventional signature is like a private key belonging to the signer of the
document. The signer uses it to sign documents. The copy of the signature on a file
is like a public key so anyone can use it to verify a document to compare it to the
original signature.

• In digital signature the signer uses her private key applied to a signing algorithm to
sign the document. The verifier uses the public key of the signer applied to
verifying algorithm to verify the sign.
• When a document is signed anyone including Bob can verify it because everyone
has access to Alice’s public key. Alice must never use her public key to sign the
document because anyone could forge her signature.
• Digital signatures have assumed great significance in the modern world of web-
commerce. Many countries have made provisions for recognizing digital signature
as a valid authorization mechanism like paper-based signatures.
15) explain different types of dos attacts?
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information
systems, devices, or other network resources. An attacker or attackers, attempt to make it
impossible for a service to be delivered by interrupting the device's normal functioning. Services
affected may include email, websites, online accounts, or other services that rely on the affected
computer or network. A denial-of- service condition is accomplished by flooding the targeted
host/network with traffic or sending it information until the target cannot respond or simply
crashes, preventing access for legitimate users. A DOS attack is characterized by using a single
computer to launch the attack. DoS attacks can cost an organization both time and money while
their resources and services are inaccessible.
DoS attacks typically fall in two categories:
1. Buffer overflow attacks:This is the most common DoS attack targeted at application layer of OSI
model. In this attack, a memory buffer overflow causes a machine to consume all available hard disk
space, memory, or CPU time because more traffic/HTTP requests to a network address is sent than
the programmers have built the system to handle. This form of exploit often results in sluggish
behaviour, system crashes, or other harmful server behaviours, resulting in denial-of-service.
2. Flood attacks:The most common method of attack occurs when an attacker floods a network
server with traffic. In this type of DoS attack, the attacker sends several requests to the target
server, overloading it with traffic and thus resulting in denial-of-service
ICMP (Internet Control Message Protocol) flood: This denial-of-service attack is based on crushing a
target with ICMP (ping) packets. By flooding a target with more pings than it can respond to
efficiently, denial-of-service can occur. This attack can also be used as a DDoS attack. This attack
leverages misconfigured network devices by sending spoofed packets that ping every computer on
the targeted network, instead of just one specific machine. The network is then triggered to intensify
the traffic. This attack is also known as the Smurf attack or Ping of death.
3.SYN flood: A three-way handshake method is used in TCP/IP network to create a connection
between a local host/client and server. SYN flood attack occurs when an attacker sends a request to
connect to the target server but never completes the handshake. The incomplete handshake leaves
the connected port in an occupied status and unavailable for further requests for legitimate users.
An attacker will continue to send requests, saturating all open ports, so that legitimate users cannot
connect.
4.UDP flood: A denial-of-service attack in which a high number of User Datagram Protocol (UDP)
packets are sent to a targeted server with the goal of overwhelming that device's ability to process
and react. UDP flooding can potentially exhaust the firewall protecting the targeted server, resulting
in a denial-of-service attack on genuine traffic. Under normal conditions, when a server receives a
UDP packet at a particular port, it goes through two steps in response:
1.The server first checks to see if any programs are running which are presently listening for requests
at the specified port.
2. If no programs are receiving packets at that port, the server responds with a ICMP (ping) packet to
inform the sender that the destination was unreachable.

16) Define DoS attack. Show the different ways by which this attack can be
mounted at various layers.
A DOS (Denial-of-Service) attack is a type of cyber attack in which an attacker attempts to disrupt or
prevent legitimate users from accessing a network, website, or service. The goal of a DOS attack is to
overwhelm the targeted system with traffic or requests, rendering it unable to respond to legitimate
requests.
DOS attacks can be mounted at various layers of the network stack, including:
Application layer: This type of DOS attack is also known as an application-layer attack or an HTTP
flood attack. In this attack, the attacker sends a large number of requests to a specific application or
website, overwhelming it with traffic and making it unavailable to legitimate users. This can be
achieved by sending HTTP GET or POST requests or by exploiting vulnerabilities in the application
code.
Transport layer: This type of DOS attack is also known as a network-layer attack. In this attack, the
attacker floods the victim's network with a large number of packets, overwhelming its capacity and
making it unavailable to legitimate users. Common transport-layer attacks include UDP floods, ICMP
floods, and SYN floods.
Network layer: This type of DOS attack is also known as a volumetric attack or a network flood
attack. In this attack, the attacker floods the victim's network with a large amount of traffic,
overwhelming its bandwidth and making it unavailable to legitimate users. Common network-layer
attacks include DNS amplification attacks and IP spoofing attacks.
Physical layer: This type of DOS attack is also known as a physical-layer attack. In this attack, the
attacker physically damages the victim's network infrastructure, such as by cutting cables or
disrupting power.
DOS attacks can be difficult to prevent or mitigate, as they can be launched from a large number of
sources and may be difficult to distinguish from legitimate traffic. However, there are several
strategies that can be used to protect against DOS attacks, including network segmentation, traffic
filtering, and rate limiting. Additionally, cloud-based services and content delivery networks (CDNs)
can help absorb and mitigate the impact of DOS attacks.
17) Write short note on: IPSec

• One of the weaknesses of the original Internet Protocol was that it lacked any sort
of general purpose mechanism for ensuring the authenticity and privacy of data as
it is passed over a network.
• A set of protocols named Internet Protocols for Security (IPsec) were developed to
provide security enhancements for internet critical applications.

There are two security modes for use depending on network need:

• Transport mode:
o Transport mode provides protection primarily for upper-layer protocols.
o It is used to encrypt and optionally authenticate the data carried by IP.
o Typically, transport mode is used for end-to-end communication between
two hosts
• Tunnel Mode:
o It encrypts an entire IP packet.
o After attaching all inner security header, the payload+security headers are
treated as a new “payload” and a separate IP header is attached to it.
o The entire original, or inner, packet travels through a "tunnel" from one
point of an IP network to another; no routers along the way are able to
examine the inner IP header
o E.g. VPN (Virtual Private Network) Two important protocols which are also
referred as core IPsec protocols are:
• IPsec Authentication Header(AH):
o This protocol provides authentication services for IPSec.
o What this means is that it allows the recipient of a message to verify that the
supposed originator of a message was in fact the one that sent it.
o It also allows the recipient to verify that none of the data in the datagram
has been changed by any intermediate devices en-route.
o It also provides protection against so-called “replay” attacks, where a
message is captured by an unauthorized user and re-sent.
• Encapsulating Security Payload (ESP):
o The Authentication Header ensures integrity of the data in datagram, but
not its privacy.
o When the information in a datagram is “for your eyes only”, it can be further
protected using the ESP protocol, which encrypts the payload of the IP
datagram.
• Internet Key Exchange (IKE) is another important protocol involved in IPsec. It
involves the involves the determination and distribution of secret keys. A typical
requirement is four keys for communication between two applications: transmit
and receive pairs for both AH and ESP.
18) How does ESP header guarantee to achieve confidentiality and
integrity of packet payload?

ESP (Encapsulating Security Payload) is a protocol used in IPsec (Internet Protocol Security) to
provide confidentiality and integrity for packet payloads. The ESP header is used to achieve these
security objectives through a combination of encryption and authentication mechanisms.
To provide confidentiality, the ESP header includes a field for the encryption algorithm and a field for
the encryption key. When an IP packet is encapsulated with an ESP header, the payload of the
packet is encrypted using the specified algorithm and key. This ensures that the payload of the
packet is protected from eavesdropping or interception by unauthorized parties.
To provide integrity, the ESP header includes a field for the authentication algorithm and a field for
the authentication key. When an IP packet is encapsulated with an ESP header, the payload of the
packet is also authenticated using the specified algorithm and key. This ensures that the payload of
the packet has not been tampered with or modified during transit.
In summary, the ESP header provides confidentiality and integrity by encrypting the payload of an IP
packet and authenticating it to ensure that it has not been modified during transit. By using both
encryption and authentication mechanisms, the ESP header provides a high level of security for
IPsec-protected communications.

19) What is Authentication Header (AH)? How does it protect against Replay attack?
The Authentication Header (AH) is a protocol used in IPsec (Internet Protocol Security) to provide
authentication and integrity for IP packets. AH protects the IP packet header and the data payload
by adding an authentication header to the packet.
AH protects against replay attacks by including a sequence number field in the AH header. The
sequence number is incremented with each packet sent, and the receiver keeps track of the
expected sequence number. If a packet is received with a sequence number that is lower than
expected, it is discarded as a replay attack.
In addition to the sequence number, the AH header also includes an integrity check value (ICV),
which is calculated over the packet header and data payload using a message authentication code
(MAC) algorithm. The ICV provides assurance that the packet has not been tampered with or
modified during transit. If the receiver calculates a different ICV than the one included in the AH
header, it indicates that the packet has been tampered with, and it is discarded.
By providing both sequence number checking and integrity checking, AH protects against replay
attacks by ensuring that only valid packets are accepted and processed by the receiver. This helps to
ensure the integrity and authenticity of IP packets and provides a high level of security for IPsec-
protected communications.
20) Write Short Note on SSL/TLS

• The socket layer lies between the application layer and the transport layer in the Internet
protocol stack. The SSL protocol is an internet protocol for secure exchange of information
between a web browser and web server. This provides a secure pipe for communication.
SSL is the protocol that is used for the vast majority of secure transactions over the
internet.
• Suppose Alice wants to buy a book from KT280.com. Before she provides the credit card
information she needs to be sure that she’s dealing with the original site, hence she needs
to authenticate KT280.com. The authentication need not be mutual.
• After Alice is satisfied that she is dealing with a secure site she will provide the private
information which needs to be protected in transit.
• In this protocol Alice the client informs Bob the server that she wants to conduct a secure
transaction. Bob responds with his certificate.
• Alice needs to verify the signature on the certificate at which point she will be confident
that she has Bob’s certificate although she cannot yet be certain that she’s talking to Bob.
• Then Alice will encrypt a symmetric key KAB with Bob’s public key and send the encrypted
key to Bob. This symmetric Key can then be used to encrypt and integrity protect
subsequent communication.

21) What is the need of SSL? Explain the SSL handshake protocol.
SL (Secure Sockets Layer), now known as TLS (Transport Layer Security), is a protocol used to provide
secure communication over the internet. The primary need for SSL is to ensure that sensitive
information transmitted between two parties is protected from eavesdropping, tampering, and
forgery.The SSL handshake protocol is a process that takes place between a client and a server to
establish a secure connection using SSL/TLS. The SSL handshake involves the following steps:
• Client Hello: The SSL handshake begins with the client sending a "Client Hello" message to
the server, indicating the SSL version and encryption algorithms that the client supports.
• Server Hello: The server responds with a "Server Hello" message, selecting the SSL version
and encryption algorithms to be used for the connection. The server also sends its SSL
certificate, which includes its public key.
• Client Authentication (Optional): If the server requests client authentication, the client
sends its SSL certificate to the server, along with any necessary authentication information.
• Key Exchange: The client and server perform a key exchange to establish a shared secret key
to be used for symmetric encryption of data. This is typically done using the server's public
key, which is included in its SSL certificate.
• Certificate Verification: The client verifies the server's SSL certificate to ensure that it is valid
and issued by a trusted authority.
• Finished: The client and server exchange "Finished" messages, indicating that the SSL
handshake is complete and that the connection is now secured with SSL/TLS.
22) Write short note on IDS:--→A system called an intrusion detection system (IDS) observes
network traffic for malicious transactions and sends immediate alerts when it is observed. It is
software that checks a network or system for malicious activities or policy violations. Each illegal
activity or violation is often recorded either centrally using a SIEM system or notified to an
administration. IDS monitors a network or system for malicious activity and protects a computer
network from unauthorized access from users, including perhaps insiders. The intrusion detector
learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections’.
IDS are classified into 5 types:
Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up
at a planned point within the network to examine traffic from all devices on the network. It performs
an observation of passing traffic on the entire subnet and matches the traffic that is passed on the
subnets to the collection of known attacks. Once an attack is identified or abnormal behavior is
observed, the alert can be sent to the administrator. An example of a NIDS is installing it on the
subnet where firewalls are located in order to see if someone is trying to crack the firewall.
Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent
hosts or devices on the network. A HIDS monitors the incoming and outgoing packets from the
device only and will alert the administrator if suspicious or malicious activity is detected. It takes a
snapshot of existing system files and compares it with the previous snapshot. If the analytical system
files were edited or deleted, an alert is sent to the administrator to investigate. An example of HIDS
usage can be seen on mission-critical machines, which are not expected to change their layout.
Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS)
comprises a system or agent that would consistently reside at the front end of a server, controlling
and interpreting the protocol between a user/device and the server. It is trying to secure the web
server by regularly monitoring the HTTPS protocol stream and accepting the related HTTP protocol.
As HTTPS is unencrypted and before instantly entering its web presentation layer then this system
would need to reside in this interface, between to use the HTTPS.
Application Protocol-based Intrusion Detection System (APIDS): An application Protocol-based
Intrusion Detection System (APIDS) is a system or agent that generally resides within a group of
servers. It identifies the intrusions by monitoring and interpreting the communication on
application-specific protocols. For example, this would monitor the SQL protocol explicitly to the
middleware as it transacts with the database in the web server.
Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the combination of
two or more approaches to the intrusion detection system. In the hybrid intrusion detection system,
the host agent or system data is combined with network information to develop a complete view of
the network system. The hybrid intrusion detection system is more effective in comparison to the
other intrusion detection system. Prelude is an example of Hybrid IDS.
23) What is a firewall? Explain different types of firewalls and list their advantages.
A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It acts as a barrier between a trusted
internal network and an untrusted external network, such as the internet, and helps to
protect the internal network from unauthorized access, attacks, and other security threats.
There are several types of firewalls, including:
Packet filtering firewall: This type of firewall examines each packet of data that passes
through it and filters out packets that do not match the pre-defined rules. It operates at the
network layer of the OSI model and can only filter based on IP addresses, port numbers, and
protocols.
Stateful inspection firewall: This type of firewall operates at the transport layer of the OSI
model and keeps track of the state of network connections. It examines the state of each
packet and compares it to previous packets to determine whether it is allowed through or
not.
Proxy firewall: A proxy firewall acts as an intermediary between the client and the server. It
intercepts all network traffic and processes it on behalf of the client. It can filter based on
application-layer protocols and can provide additional security features such as content
filtering.
Next-generation firewall (NGFW): NGFW is a more advanced firewall that combines
traditional firewall capabilities with intrusion prevention, deep packet inspection, and other
security features. It provides greater visibility and control over network traffic and can
protect against advanced threats such as zero-day attacks.
Advantages of firewalls include:
1. Protection against unauthorized access: A firewall can prevent unauthorized access
to the network by blocking traffic from untrusted sources.
2. Protection against malware: A firewall can detect and block malware and other
malicious traffic before it enters the network.
3. Monitoring and logging: A firewall can log network activity, which can be useful for
monitoring and detecting potential security incidents.
4. Policy enforcement: A firewall can enforce security policies to ensure that users and
devices comply with organizational security standards.
Overall, firewalls play a critical role in network security and are an essential component of
any comprehensive security strategy.
24) List various software vulnerabilities. How this vulnerabilities can be exploited
to launch an attack?
There are various software vulnerabilities that can be exploited to launch an attack,
including:
Buffer overflow: A buffer overflow occurs when a program tries to write more data to a
buffer than it can hold. This can be exploited by an attacker to overwrite adjacent memory
locations, which can be used to execute arbitrary code.
SQL injection: An SQL injection occurs when an attacker injects malicious code into an SQL
query, which can be used to read, modify, or delete data from a database.
Cross-site scripting (XSS): XSS occurs when an attacker injects malicious code into a web
page, which can be executed by other users who visit the page. This can be used to steal
user credentials or perform other malicious actions.
Cross-site request forgery (CSRF): CSRF occurs when an attacker tricks a user into executing
an unintended action on a website. This can be used to perform actions such as changing
passwords or making unauthorized purchases.
Directory traversal: Directory traversal occurs when an attacker exploits a vulnerability in a
web application to access files outside of the web root directory. This can be used to access
sensitive data or execute arbitrary code.
Man-in-the-middle (MITM) attacks: A MITM attack occurs when an attacker intercepts and
modifies communication between two parties. This can be used to steal sensitive
information or modify data in transit.
These vulnerabilities can be exploited by attackers to launch a variety of attacks, including:
1. Denial-of-service (DoS) attacks: DoS attacks are designed to disrupt the normal
functioning of a network or system by flooding it with traffic.
2. Malware attacks: Malware attacks involve the use of malicious software to gain
unauthorized access to a network or system, steal data, or perform other malicious
actions.
3. Data theft: Data theft involves stealing sensitive information, such as credit card
numbers, passwords, or other personal information, from a network or system.
4. Privilege escalation: Privilege escalation involves gaining higher-level access to a
system or network than is authorized. This can be used to access sensitive data or
perform other malicious actions.
 25) Short note on Buffer Overflow
Buffer overflow is a type of software vulnerability that occurs when a program tries to store more
data in a buffer than it can hold. This can result in the extra data being written to adjacent memory
locations, which can be exploited by an attacker to execute arbitrary code or crash the program.
Buffer overflow attacks can be particularly dangerous because they can be used to gain
unauthorized access to a system, modify or steal data, or even take control of the system entirely.
Attackers can exploit buffer overflow vulnerabilities in a number of ways, including by sending
specially crafted input to a vulnerable program, such as a web application.
To prevent buffer overflow attacks, developers can use secure coding practices, such as bounds
checking and input validation, to ensure that input data is properly sanitized before it is processed
by the program. In addition, operating systems and programming languages have implemented
various security features, such as stack canaries and address space layout randomization (ASLR), to
mitigate the impact of buffer overflow attacks.
Overall, buffer overflow vulnerabilities remain a significant threat to software security, and it is
essential for developers and system administrators to be aware of these vulnerabilities and take
steps to prevent them from being exploited.
26) What is meant by malicious software and its types.
Ans: Malicious software, also known as malware, refers to any software program designed to cause harm
or damage to computer systems, networks, or devices. Malware can be used by attackers to steal
sensitive data, gain unauthorized access, or cause disruptions to computer systems or networks.
There are several types of malware, including:

1. Viruses: Viruses are programs that can replicate themselves and spread from one computer
to another by attaching themselves to other programs or files. They can be used to delete or
modify files, steal data, or gain unauthorized access to systems.
2. Worms: Worms are self-replicating programs that can spread over networks without user
interaction. They can be used to overload network traffic or exploit vulnerabilities in systems
to gain unauthorized access.
3. Trojans: Trojans are programs that masquerade as legitimate software but contain malicious
code. They can be used to steal data, gain unauthorized access, or download and install
other malware.
4. Ransomware: Ransomware is a type of malware that encrypts files or blocks access to
computer systems and demands payment in exchange for the decryption key or system
access.
5. Spyware: Spyware is a type of malware that secretly gathers information about users'
activities and sends it to attackers. It can be used to steal personal or sensitive data, track
user behavior, or display unwanted advertisements.
6. Adware: Adware is a type of malware that displays unwanted or malicious advertisements
on users' devices. It can be used to generate revenue for attackers or trick users into
installing other malware.
27) What are the properties of a hash function? Explain the role of the hash
function in
A hash function is a mathematical function that takes an input (or "message") and produces
a fixed-length output, called a "hash" or "digest." The properties of a hash function are:
1. Determinism: For a given input, a hash function should always produce the same
output.
2. Pre-image resistance: It should be computationally infeasible to find an input that
hashes to a given output.
3. Second pre-image resistance: It should be computationally infeasible to find a
second input that hashes to the same output as a given input.
4. Collision resistance: It should be computationally infeasible to find two inputs that
hash to the same output.
Hash functions are used in a variety of security applications, including:
1. Password storage: Instead of storing a user's password in plaintext, a hash function is
used to store a hash of the password. When the user logs in, the system hashes the
user's input and compares it to the stored hash to determine if the password is
correct.
2. Digital signatures: Hash functions are used in digital signature schemes to ensure the
integrity of the signed data. A hash of the data is signed, rather than the data itself,
so that any modifications to the data will result in an invalid signature.
3. Message authentication codes (MACs): A MAC is a cryptographic checksum that is
used to ensure the integrity and authenticity of a message. A hash function is used to
generate the MAC, which is then transmitted with the message.
4. Blockchain: Hash functions are used in blockchain technology to create a chain of
blocks that is resistant to modification. Each block contains a hash of the previous
block, which links the blocks together and makes it difficult to alter the data in any
one block.
Overall, the properties of a hash function make it a valuable tool for ensuring the integrity
and security of data in a variety of applications.
 Key AES DES
Definition AES stands for Advanced Encryption DES stands for Data Encryption
Standard. Standard.
Key Length Key length varies from 128 bits, 192 Key length is of 56 bits.
bits to 256 bits.
Rounds of Rounds per key length: 16 rounds of identical operations.
Operations • 128 bits - 10
• 192 bits - 12
• 256 bits - 14
Network AES structure is based on DES structure is based on Feistal
substitution-permutation network. network.
Security AES is de-facto standard and is DES is weak, however 3DES (Triple
more secure than DES. DES) is more secure than DES.
Rounds The operation rounds involved in Expansion, XOR operation with
AES encryption are Byte round key, Substitution, and
Substitution, Shift Row, Mix Column, Permutation are the rounds used in
and Key Addition. DES encryption
Size AES can encrypt 128 bits of plain DES can encrypt 64 bits of plain
text. text.
Derived from AES is derived from Square cipher. DES is derived from Lucifer cipher.
Designed By AES was designed by Vincent DES was designed by IBM.
Rijmen and Joan Daemen.
Known No known attacks. Brute-force, Linear crypt-analysis
attacks and Differential crypt-analysis.
Encryption AES can encrypt plain text up to 128 DES can encrypt 64 bits of plain
bits. text.

Block Cipher Stream Cipher

Block Cipher Converts the plain text into cipher
text by taking plain text’s block at a time.
Block cipher uses either 64 bits or more than 64
bits.
The complexity of block cipher is simple.
Block cipher Uses confusion as well as diffusion.
In block cipher, reverse encrypted text is hard.
The algorithm modes which are used in block
cipher are ECB (Electronic Code Book) and CBC
(Cipher Block Chaining).
Block cipher works on transposition techniques
like rail-fence technique, columnar transposition
technique, etc.
Block cipher is slow as compared to a stream
cipher.
Stream Cipher Converts the plain text into cipher text
by taking 1 byte of plain text at a time.
While stream cipher uses 8 bits.
While stream cipher is more complex.
While stream cipher uses only confusion.
While in-stream cipher, reverse encrypted text is easy.
The algorithm modes which are used in stream cipher
are CFB (Cipher Feedback) and OFB (Output Feedback).
While stream cipher works on substitution techniques
like Caesar cipher, polygram substitution cipher, etc.
While stream cipher is fast in comparison to block
cipher.
28) Digital Certificate
Digital certificate is issued by a trusted third party which proves sender’s identity to the
receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity
of the certificate holder. The CA issues an encrypted digital certificate containiused to attach
public key with a particular individual or an entity.
Digital certificate contains:- The authenticity
1.Name of certificate holder.
2. number which is used to uniquely identify a certificate, the individual or the entity
3.identified by the certificate
4.Expiration dates. 6.Digital Signature of the certificate issuing authority.
5.Copy of certificate holder’s public key.(used for decrypting messages and digital signatures
29) Explain block cipher principles
Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of
rounds and keys for generating ciphertext. For defining the complexity level of an algorithm
few design principles are to be considered which are listed as below:
1. Number of Rounds
2. Design of Function F
3. Key Schedule Algorithm
1. Number of Rounds
• The number of Rounds is regularly considered in design criteria, it just reflects the
number of rounds to be suitable for an algorithm to make it more complex and
decides the strength of the block cipher algorithm. It is considered that more is the
number of rounds, difficult is for cryptanalysis to break the algorithm.
• In DES we have 16 rounds ensuring it to be more secure while in AES we have 10
rounds which makes it more secure.
2. Design of function F
• The core part of the Feistel Block cipher structure is the Round Function. The
complexity of cryptanalysis can be derived from the Roundfunction i.e. the
increasing level of complexity for the round function would be greatly contributing
to an increase in complexity. The criterion that strengthens the function F is it non-
linearity. More the function F is nonlinear, more it would be difficult to crack it.
• To increase the complexity of the round function, the avalanche effect is also
included in the round function, as the change of a single bit in plain text would
produce a mischievous output due to the presence of avalanche effect.
3. Key schedule algorithm
• It is suggested that the key schedule should confirm the strict avalanche effect and
bit independence criterion.
• In Feistel Block cipher structure, each round would generate a sub-key for increasing
the complexity of cryptanalysis. The Avalanche effect makes it more complex in
deriving sub-key. Decryption must be done very carefully to get the actual output as
the avalanche effect is present in it.
30) types of security attacks.
In computer and computer networkan attack is any attempt to alter,disabl & destroy or gain
access of confidential information. The X.800 & RFC2828 classify security attack in two types

a)passive attack : an active attack is an attempt to alter, damage, or destroy the targeted system
or network, and it typically involves a deliberate action by the attacker to compromise or
disrupt the system. For instance, a hacker might try to break into a computer system to steal
sensitive data or plant malware that can corrupt or destroy the system.
b) active attack: a passive attack is an attempt to intercept or monitor the targeted system or
network without altering its state. In other words, a passive attacker is trying to observe and
collect information about the system, its users, or its communications, without causing any
disruption. Passive attacks might involve eavesdropping on network traffic, sniffing out login
credentials, or collecting sensitive data such as credit card numbers or personal information.

31) types of cryptography.

Cryptography is the practice of securing communications and information by transforming it
into a code that can only be deciphered by authorized recipients. There are several types of
cryptography that are used for different purposes, including:

1. Symmetric-key cryptography: In this type of cryptography, the same key is used for
both encryption and decryption. It is a relatively fast and efficient method and is
commonly used for encrypting large volumes of data. Examples of symmetric-key
algorithms include AES, DES, and Blowfish.
2. Asymmetric-key cryptography: Also known as public-key cryptography, this type uses
two different keys, one for encryption and one for decryption. The encryption key is
public, meaning anyone can use it to encrypt messages, but only the recipient with
the corresponding private key can decrypt them. Examples of asymmetric-key
algorithms include RSA and ECC.
32) short note on conffusion and diffusion.
• confusion and diffusion are two important concepts in cryptography that are used to
improve the security of encryption algorithms.
• Confusion refers to the process of making the relationship between the plaintext and the
ciphertext as complex and obscure as possible. This is typically achieved through
mathematical operations such as substitution and permutation, which make it difficult
for an attacker to find patterns in the ciphertext that would reveal information about the
plaintext.
• Diffusion, on the other hand, refers to the process of spreading the influence of a single
plaintext bit or character throughout the entire ciphertext. This is usually done by
performing operations on multiple plaintext bits or characters at once, and is intended
to prevent an attacker from being able to analyze small parts of the ciphertext to deduce
information about the plaintext.
• By combining confusion and diffusion, encryption algorithms can create a high degree of
complexity in the relationship between the plaintext and the ciphertext, making it
extremely difficult for attackers to decrypt the message without knowing the key. These
concepts are fundamental to many modern encryption algorithms and have been
instrumental in the development of secure communication protocols and the protection
of sensitive information.
33) why digital signature and digital certificate are required.
Digital signatures and digital certificates are required for secure electronic communication and
transactions. Here's why:

1. Authenticity: A digital signature is a way of verifying that a document or message

was actually sent by the person claiming to have sent it. It also ensures that the
document has not been altered in any way since it was signed. A digital certificate is
used to verify the authenticity of the digital signature and the identity of the signer.
This is important in situations where there is a need to ensure that the person or
entity who signed the document is actually who they claim to be.
2. Security: Digital signatures and certificates provide an additional layer of security to
electronic transactions. Digital signatures use encryption technology to ensure that
only the intended recipient can read the message or document. Digital certificates
provide an assurance that the public key used to verify the signature belongs to the
person or entity that signed the document.
 3. Legal validity: In many countries, including the United States, digital signatures have
the same legal validity as traditional signatures. Digital certificates provide proof of
the authenticity of the signature, which can be important in legal proceedings.
4. Efficiency: Electronic transactions can be completed much more quickly and
efficiently than traditional paper-based transactions. Digital signatures and
certificates make it possible to sign and verify documents and messages
electronically, which can save time and money.

34) explain key rings in PGP.

1. PGP (Pretty Good Privacy) is a popular encryption software used for secure
communication and data encryption. One of the key features of PGP is the use of key
rings, which are collections of public and private keys used for encryption and
decryption.
2. In PGP, there are two types of key rings: the public key ring and the secret key ring.
3. Public Key Ring: The public key ring contains the public keys of all the users with
whom you want to communicate securely. When you want to send an encrypted
message to someone, you need their public key to encrypt the message. The public
key ring is also used to verify the digital signatures of incoming messages.
4. Secret Key Ring: The secret key ring contains your own private key, which is used to
decrypt incoming messages and sign outgoing messages. The private key is kept
secret and protected by a passphrase that only you know.
5. Key rings are essential for the operation of PGP because they allow users to securely
exchange messages and data without having to share their private keys. When you
encrypt a message using someone's public key, only they can decrypt it using their
private key, which they keep secret.
6. It is important to keep the key rings secure, as they contain sensitive information
that could be used to decrypt your messages or forge your digital signature. Key
rings should be backed up regularly and stored in a secure location, such as an
encrypted external hard drive or a password-protected cloud storage service.
35) Explain structure of DES wrt:
a) Fiestel structure and its significance.
b) Significance of extra swap between right half and left half block.
c) Expansion.
d) Significance os s-block.
e) Des functions.
The Data Encryption Standard (DES) is a symmetric-key block cipher that was widely used in the
1970s and 1980s to protect electronic communications and transactions. It is based on a Feistel
structure, which is a particular type of cryptographic algorithm that uses a round function to
scramble the plaintext and produce the ciphertext.
a) Feistel Structure and Its Significance: The Feistel structure used in DES involves dividing
the plaintext into two equal halves, with each half undergoing a series of identical
rounds of encryption and decryption using a subkey generated from the main key. The
output of each round is combined with the other half of the plaintext to produce the
input for the next round. The significance of the Feistel structure is that it allows for the
same encryption and decryption algorithm to be used, making the cipher highly efficient
and easy to implement.
b) Significance of Extra Swap Between Right Half and Left Half Block: At the end of each
round in DES, an extra swap is performed between the right half and left half block. This
ensures that each half of the block is processed in the same way and allows for efficient
implementation of the cipher.
c) Expansion:During each round of DES, the right half of the block is expanded from 32 bits
to 48 bits using a fixed expansion permutation. This is done to increase the complexity
of the encryption process and provide additional diffusion.
d) Significance of S-Block: The S-boxes (or substitution boxes) used in DES are a key
component of the cipher's security. They operate on 6-bit input values and produce 4-
bit output values using a non-linear substitution function. The significance of the S-
boxes is that they introduce confusion in the relationship between the plaintext and the
ciphertext, making it difficult for attackers to reverse-engineer the encryption process.
e) DES Functions: The DES encryption function involves several rounds of operations,
including key generation, initial permutation, expansion, substitution using S-boxes,
permutation, and a final swap. The decryption function is essentially the same as the
encryption function, but the subkeys are used in reverse order. The significance of the
DES functions is that they provide a highly efficient and effective means of encrypting
36) what are different types of firewall.how firewall is different from IDS.
1. Firewalls and intrusion detection systems (IDS) are both important tools for securing
computer networks, but they serve different functions and are designed to address
different types of threats.
2. Firewalls are network security systems that monitor and control incoming and
outgoing network traffic based on a set of predefined rules. They are designed to
prevent unauthorized access to a network or system by blocking traffic from known
sources of malicious activity and allowing only authorized traffic to pass through.
There are several different types of firewalls, including:
3. Packet Filtering Firewall: This type of firewall examines each incoming and outgoing
packet and filters them based on predefined rules.
4. Stateful Inspection Firewall: This type of firewall tracks the state of network
connections and only allows packets that are part of an established connection to
pass through.
5. Application Firewall: This type of firewall is designed to protect specific applications,
such as web servers or email servers, from attacks.
6. Next-Generation Firewall: This type of firewall combines traditional firewall
functionality with additional security features, such as intrusion prevention,
application visibility and control, and advanced malware detection.
7. IDS, on the other hand, are designed to detect and respond to attacks that have
already penetrated a network or system. They monitor network traffic for signs of
suspicious activity, such as unusual network traffic patterns or known attack
signatures, and generate alerts or take action to stop the attack. There are two main
types of IDS:
8. Network-based IDS: This type of IDS monitors network traffic for signs of suspicious
activity and generates alerts or takes action to stop the attack.
9. Host-based IDS: This type of IDS monitors activity on individual hosts or servers for
signs of suspicious activity and generates alerts or takes action to stop the attack.

In summary, while firewalls are designed to prevent unauthorized access to a network or

system by blocking traffic based on predefined rules, IDS are designed to detect and
respond to attacks that have already penetrated a network or system by monitoring
network traffic for signs of suspicious activity.
Firewall
A firewall is a hardware and/or software which
functions in a networked environment to block
unauthorized access while permitting authorized
communications
A firewall can block an unauthorized access to
network (E.g. A watchman standing at gate can
block a thief)
A firewall cannot detect security breaches for
traffic that does not pass through it (E.g. a
gateman can watch only at front gate. He is not
aware of wall-jumpers)
Firewall doesn’t inspect content of permitted
traffic. (A gateman will never suspect an
employee of the company )
No man-power is required to manage a firewall.
IDS
An Intrusion Detection System (IDS) is a software
or hardware device installed on the network
(NIDS) or host (HIDS) to detect and report
intrusion attempts to the network.
An IDS can only report an intrusion; it cannot
block it (E.g.A CCTV camera which can alert about
a thief but cannot stopit)
IDS is fully capable of internal security by
collecting information from a variety of system
and network resources and analyzing the
symptoms of security problems
IDS keeps a check of overall network
An administrator (man-power) is required to
respond to threats issued by IDS