1. Explain RSA Algorithm with an example.

→ The RSA algorithm is a public-key cryptography algorithm used for encrypting and
decrypting messages, as well as for digital signatures. It works by using a pair of keys: a
public key for encryption and a private key for decryption. The security of RSA relies on the
difficulty of factoring large integers.
Key Generation:
1. Choose two distinct prime numbers, p and q. For example, let p = 3 and q = 11.
2. Calculate n = p * q. This is the modulus and will be part of both public and private keys.
In our example, n = 3 * 11 = 33.
3. Calculate the totient of n, denoted as φ(n) = (p - 1) * (q - 1). In our example, φ(n) = (3 -
1) * (11 - 1) = 2 * 10 = 20.
4. Choose an integer e (public exponent) such that 1 < e < φ(n) and e is coprime to φ(n).
This means that the greatest common divisor of e and φ(n) is 1. For example, e = 7.
5. Calculate the modular inverse of e modulo φ(n) to find the private key d (private
exponent). This is such that (e * d) mod φ(n) = 1. In our example, d = 3.
Public Key: The public key is (e, n), which in our example is (7, 33).
Private Key: The private key is (d, n), which in our example is (3, 33).

Encryption:
1. The sender obtains the recipient's public key (e, n).
2. The sender converts the message (M) into a numerical value. For example, the message
"HELLO" could be converted to the numerical sequence 72, 69, 76, 76, 79.
3. The sender calculates the ciphertext (C) using the formula: C = M^e mod n. For example,
if the message is represented by the number 60, and the public key is (7, 33), then the
ciphertext would be 60^7 mod 33, which equals 60.
4. The sender sends the ciphertext (C) to the recipient.

Decryption:
1. The recipient receives the ciphertext (C).
2. The recipient uses their private key (d, n) to decrypt the ciphertext.
3. The recipient calculates the original message (M) using the formula: M = C^d mod n. For
example, if the ciphertext is 60 and the private key is (3, 33), then the original message
would be 60^3 mod 33, which equals 60.
Example:
1. Let's say Alice wants to send a message "HELLO" to Bob.
2. Alice uses her private key to generate her public key (e=7, n=33).
3. Bob converts "HELLO" to the number 60.
4. Bob uses Alice's public key (7, 33) to encrypt the message: 60^7 mod 33 = 60. The
ciphertext is 60.
5. Bob sends the ciphertext 60 to Alice.
 6. Alice uses her private key (3, 33) to decrypt the ciphertext: 60^3 mod 33 = 60. The
original message is 60.

2. Explain modes of Block Cipher and CFB, OFB, and CBC in detail.
→ Block cipher modes of operation like CFB (Cipher Feedback), OFB (Output Feedback),
and CBC (Cipher Block Chaining) provide different ways to encrypt and decrypt data,
especially when dealing with longer messages than a single block. These modes are essential
for ensuring data security and integrity.
1) Cipher Block Chaining (CBC):
Mechanism:
CBC encrypts each block of plaintext by XORing it with the previous ciphertext block before
applying the encryption function. This chaining ensures that each ciphertext block depends on
the preceding ones.
Key Features:
● Error Propagation: A single bit error in a ciphertext block can affect the decryption of
subsequent blocks.
● Parallel Processing: Decryption can be parallelized, but encryption cannot.
● Padding: CBC typically requires padding to ensure that the plaintext length is a multiple
of the block size.
Use Cases:
CBC is commonly used in legacy systems and scenarios where security and data integrity are
paramount.

2) Cipher Feedback (CFB)

Mechanism:
CFB encrypts the previous ciphertext block and XORs the output with the current plaintext block
to produce the current ciphertext. It effectively uses the block cipher as a stream cipher.
Key Features:
● Error Propagation: Similar to CBC, errors in CFB can propagate.
 ● No Padding: CFB does not require padding, making it suitable for real-time streaming
applications.
● Encryption as a Stream Cipher: CFB can encrypt data one bit at a time, making it
suitable for real-time applications.
Use Cases:
CFB is often used in scenarios where data needs to be encrypted and transmitted in real-time.

3) Output Feedback (OFB)

Mechanism:
OFB uses the output of the encryption function as feedback, generating a keystream that is
XORed with the plaintext. The keystream is independent of the plaintext, unlike CFB.
Key Features:
● No Error Propagation: OFB's feedback mechanism makes it less susceptible to error
propagation compared to CFB.
● No Padding: Similar to CFB, OFB does not require padding.
● Stream Cipher: OFB also turns the block cipher into a stream cipher.
Use Cases:
OFB is often preferred in applications where error-free transmission is crucial and real-time
streaming is not a primary concern.

3. Using Euclidean Algorithm Find GCD

● 74 and 383
→ 383 ÷ 74 = 5 remainder 13
74 ÷ 13 = 5 remainder 9
13 ÷ 9 = 1 remainder 4
9 ÷ 4 = 2 remainder 1
4 ÷ 1 = 4 remainder 0
✅ GCD = 1

● 687 and 24
→ 687 ÷ 24 = 28 remainder 15
24 ÷ 15 = 1 remainder 9
15 ÷ 9 = 1 remainder 6
9 ÷ 6 = 1 remainder 3
6 ÷ 3 = 2 remainder 0
✅ GCD = 3

● 285 and 741

→ 741 ÷ 285 = 2 remainder 171
285 ÷ 171 = 1 remainder 114
171 ÷ 114 = 1 remainder 57
114 ÷ 57 = 2 remainder 0
✅ GCD = 57

● 88 and 220
→ 220 ÷ 88 = 2 remainder 44
88 ÷ 44 = 2 remainder 0
✅ GCD = 44

● 84 and 320
→ 320 ÷ 84 = 3 remainder 68
84 ÷ 68 = 1 remainder 16
68 ÷ 16 = 4 remainder 4
16 ÷ 4 = 4 remainder 0
✅ GCD = 4

● 400 and 60
400 ÷ 60 = 6 remainder 40
60 ÷ 40 = 1 remainder 20
40 ÷ 20 = 2 remainder 0
✅ GCD = 20

● 272 and 192

→ 272 ÷ 192 = 1 remainder 80
192 ÷ 80 = 2 remainder 32
80 ÷ 32 = 2 remainder 16
32 ÷ 16 = 2 remainder 0
✅ GCD = 16

● 252 and 105

→ 252 ÷ 105 = 2 remainder 42
105 ÷ 42 = 2 remainder 21
42 ÷ 21 = 2 remainder 0
✅ GCD = 21
4. What is Digital Certificate? Explain Certificate creation and revocation process.
→ A digital certificate is an electronic document that binds a public key to an individual,
organization, or device, ensuring secure communication and data exchange. It acts as an
electronic ID, verifying authenticity and establishing trust in online interactions.

Certificate Creation Process:

1. Key Pair Generation:
The entity needing the certificate generates a private key and a corresponding public key.
2. Certificate Signing Request (CSR):
The entity creates a CSR, which includes its public key, identifying information, and other
metadata, and submits it to a Certificate Authority (CA).
3. CA Verification:
The CA verifies the information in the CSR, including the entity's identity and the information
provided.
4. Certificate Issuance:
The CA signs the CSR with its own private key, creating a digital certificate.
5. Distribution and Installation:
The certificate is distributed to the entity and installed on their system, browser, or device.
Certificate Revocation Process:
1. Revocation Reasons:
Certificates can be revoked before their expiration if the private key is compromised, the
certificate is no longer needed, or there's a change in the certificate holder's information.
2. Revocation by CA:
The CA, which issued the certificate, can revoke it, and a Certificate Revocation List
(CRL) or other revocation methods (like Online Certificate Status Protocol - OCSP) is
used to inform others that the certificate is no longer valid.
3. Impact:
When a client (e.g., a browser) encounters a revoked certificate, it is instructed not to
trust it, preventing further use of the compromised or no longer valid certificate.
In essence, digital certificates facilitate secure communication by verifying the identity of
communicating parties, and revocation ensures that compromised or invalid certificates are not
used, maintaining the integrity of the system.

5. Explain
● Kerberos
→ Kerberos is a protocol for authenticating service requests between trusted hosts across an
untrusted network, such as the internet. By providing a gateway between users and a
network, Kerberos helps verify the identities of users and hosts, and it keeps unauthorized or
malicious users out of a private network.
How It Works (Steps Simplified):
1. Login & Request Ticket:
User logs in → sends username to the Authentication Server (AS).
2. AS Sends Ticket Granting Ticket (TGT)
AS verifies identity → sends back encrypted TGT.
3. Request Service Ticket (ST)
User sends TGT to the Ticket Granting Server (TGS) to access a service.
4. Access Resource
TGS gives a Service Ticket → user shows it to the service → access granted.

Example:
You log in to your college portal once. Then you can access library, attendance, result pages
without logging in again = Kerberos ticket is working.
● X.509 Certificate
→ An X.509 certificate is a digital document that verifies the identity of an entity (like a
person, organization, or device) over the internet. It's a key component of the Public Key
Infrastructure (PKI) and is used to secure communication and transactions. Essentially, it acts
like a digital identity card, allowing users to verify the legitimacy of an entity they are
interacting with.
Purpose:
X.509 certificates are designed to establish trust and security in online communication and
transactions.
Content:
They contain information such as the entity's identity (name, organization, etc.), a public key, a
digital signature, and details about the Certificate Authority (CA) that issued it.
Function:
The public key allows secure encryption and decryption of data.
The digital signature ensures the integrity and authenticity of the data.
The CA's signature verifies the authenticity of the certificate itself.
Applications:
They are widely used in various applications like:
1. Secure web browsing (HTTPS).
2. Secure email (S/MIME).
3. Code signing.
4. Client authentication.
5. Government-issued electronic IDs.
Trust:
When a certificate is signed by a trusted CA, it can be relied upon to verify the identity of the
entity it represents.

● MD5
→ MD5 (Message Digest Method 5) is a cryptographic hash algorithm that generates a 128-
bit digest from a string of any length. The digests are represented as 32-digit hexadecimal
numbers.

Ronald Rivest designed this algorithm in 1991 to provide the means for digital signature
verification. Eventually, it was integrated into multiple other frameworks to bolster security
indexes.

The digest size is always 128 bits, and thanks to hashing function guidelines, a minor change in
the input string generates a drastically different digest. This is essential to prevent similar hash
generation, also known as a hash collision, as much as possible.

Example:
Input: "hello"
MD5 Hash: 5d41402abc4b2a76b9719d911017c592

Even a small change will make a completely different hash.

Note:
● MD5 is fast but no longer secure
● Vulnerable to collision attacks (2 inputs giving same hash)

● SHA -512
→ SHA stands for secure hashing algorithm. SHA is a modified version of MD5 and used for
hashing data and certificates. A hashing algorithm shortens the input data into a smaller form
that cannot be understood by using bitwise operations, modular additions, and compression
functions. You may be wondering, can hashing be cracked or decrypted? Hashing is similar
to encryption, the only difference between hashing and encryption is that hashing is one-
way, meaning once the data is hashed, the resulting hash digest cannot be cracked, unless a
brute force attack is used. See the image below for the working of SHA algorithm. SHA
works in such a way even if a single character of the message changed, then it will generate
a different hash. For example, hashing of two similar, but different messages i.e., Heaven and
heaven is different. However, there is only a difference of a capital and small letter.
OR
SHA-512 is part of the SHA-2 family, which is more secure than MD5.
📌 Produces a 512-bit hash (64 bytes)
📌 Stronger and safer than MD5
Example:
Input: "hello"
SHA-512 Hash:
9b71d224bd62f3785d96d46ad3ea3d73319bfc... (very long 128-character hash)
6. What is PKI? How does it work?
→ PKI, or Public Key Infrastructure, is a system that uses digital certificates and public-key
encryption to securely exchange information and authenticate users, devices, and services. It
provides a framework for creating, managing, distributing, using, storing, and revoking
digital certificates, which are crucial for establishing trust and security in digital
communications.
What is a Public Key Infrastructure (PKI)? - essendi it
Here's how it works:
1. Key Pair Generation:
A user or entity generates a pair of cryptographic keys: a private key (kept secret) and a public
key (shared with others).
2. Certificate Authority (CA):
A trusted CA issues a digital certificate that binds the public key to a specific user, device, or
service.
3. Secure Communication:
When two parties want to communicate securely, they exchange their public keys, which are part
of their certificates.
4. Encryption and Decryption:
The sender encrypts the message using the recipient's public key, and only the recipient can
decrypt it using their corresponding private key.
5. Authentication:
The digital certificate ensures that the recipient knows the sender's identity and that the message
hasn't been tampered with.
In essence, PKI uses asymmetric encryption (public and private keys) to provide confidentiality,
authentication, and integrity for digital communications and transactions. It's widely used in
various applications, including secure web browsing (HTTPS), email encryption (S/MIME),
code signing, and IoT device authentication.
7. Explain Digital Encryption Standards (DES) in detail.
→ The Data Encryption Standard (DES) is a symmetric-key algorithm used to encrypt data
by transforming it into an unreadable format using a 56-bit key. It operates on 64-bit blocks
of data and was a widely used encryption standard, especially in the government and
financial sectors, before being largely replaced by more secure algorithms like AES.
Here's a more detailed breakdown:
● Symmetric-key: DES uses the same key for both encrypting and decrypting data,
meaning both the sender and receiver must have access to the key.
● Block cipher: DES processes data in fixed-size blocks (64 bits) at a time.
● Key size: While the initial key is 64 bits, only 56 bits are used for encryption.
● Encryption process: DES uses a series of substitutions, transpositions, and key mixing
operations within a 16-round Feistel structure to encrypt the data, according to a blog
post on Medium.
● Vulnerability: DES's 56-bit key length has been found to be vulnerable to brute-force
attacks, making it less secure for modern applications, says Simplilearn.com.
● Replacement: DES has been largely replaced by more secure algorithms like the
Advanced Encryption Standard (AES).
● Historical significance: Despite its vulnerabilities, DES played a significant role in the
development of cryptography and was the first encryption standard adopted by the U.S.
government.
Example (Conceptual):
Let’s say:
Plaintext = "HELLO123" → Converted into binary (64 bits)
Key = 56-bit symmetric key
After 16 rounds, we get the ciphertext (scrambled version)
To decrypt, we use the same key and go in reverse order of operations.

8. Discuss various components of Information Security.

→ Information security encompasses various components, including the fundamental
principles of confidentiality, integrity, and availability (CIA triad), alongside security
measures like access controls, authentication, and data protection, all working together to
safeguard information assets.
Key components of information security:
1. Core Principles (CIA Triad):
Confidentiality:
Ensuring that only authorized individuals can access sensitive information, preventing
unauthorized disclosure.
Integrity:
Maintaining the accuracy and completeness of data, preventing unauthorized modification or
destruction.
Availability:
Guaranteeing that authorized users can access information and resources when needed, ensuring
uninterrupted operations.

2. Security Measures:
Access Controls:
Implementing mechanisms to restrict access to information and resources based on roles and
permissions.
Authentication and Verification:
Verifying the identity of users and devices to ensure only legitimate individuals can access
systems and data.
Data Encryption:
Protecting sensitive data by converting it into an unreadable format, preventing unauthorized
access even if the data is intercepted.
Firewalls and Intrusion Detection/Prevention Systems:
Protecting networks and systems from unauthorized access and malicious activities.
Vulnerability Management:
Identifying and addressing security weaknesses in systems and applications.
Security Policies and Procedures:
Establishing guidelines and procedures for managing information security risks and ensuring
compliance.

3. Physical and Environmental Protection:

Physical Security:
Protecting physical assets like servers, storage devices, and data centers from unauthorized
access, damage, or theft.
Environmental Controls:
Ensuring proper temperature, humidity, and power supply to maintain the reliability and
availability of IT infrastructure.

4. Monitoring and Incident Response:

Security Monitoring:
Continuously monitoring systems and networks for suspicious activity and potential security
breaches.
Incident Response:
Developing plans and procedures to respond to and manage security incidents, minimizing
damage and restoring systems.
Security Awareness and Training:
Educating users about security threats and best practices to help them avoid security risks.

5. Asset Management:
Information Asset Classification:
Categorizing information assets based on their sensitivity and importance, enabling appropriate
security controls.
Data Lifecycle Management:
Managing the lifecycle of information assets, from creation to storage, use, and disposal,
ensuring data security throughout.

9. In a system RSA algorithm with p=5 and q=11 is implemented for data security. What is
the value of the decryption key if the value of the encryption is 27? Also, verify that the
calculated value for the decryption key is correct.
→ The RSA algorithm (Rivest-Shamir-Adleman) is an algorithm used by modern
technologies to encrypt and decrypt messages.
It is asymmetric or public-key cryptography that uses two keys for encryption & decryption: a
Public key and a private key.

Steps for RSA algorithm:

1. Choose two large prime numbers P & Q.
2. Find the product of chosen two numbers, N = P x Q
3. Calculate Euler's totient (φ) = (P - I)(Q - 1)
4. Choose random integer e (public key) such that,
d x e = 1(mod φ)
Where, d is the private key.
5. Calculate Ciphertext C = mod n.
6. Calculate Plain text P = mod n.
CALCULATION:
Given two prime numbers are p = 5, q = 11
Product, n = 5 x 11 = 55
φ = (5 - 1) x (11 -1) = 40
e = 27,
d x 27 = 1 (mod 40)
d=3

10. Explain algorithm CBC used in Security Key Cryptography.

→ Cipher Block Chaining (CBC) is a block cipher mode of operation that encrypts data by
XORing each plaintext block with the previous ciphertext block before encryption. This
creates a chain of ciphertext blocks, where each block depends on all previous blocks. An
Initialization Vector (IV) is used for the first block.

How CBC Works:

1. Plaintext Division:
The plaintext is divided into fixed-size blocks.
2. IV:
An Initialization Vector (IV) is used for the first block. The IV is a random number, typically the
same length as a block.
3. XOR and Encryption:
The first plaintext block is XORed with the IV. The result is then encrypted using the symmetric
key.
4. Chaining:
Subsequent plaintext blocks are XORed with the previous ciphertext block (the output of the
previous encryption) before being encrypted.
5. Decryption:
Decryption reverses the process. The ciphertext is decrypted and then XORed with the previous
ciphertext block to recover the plaintext.
6. Self-Synchronization:
CBC is self-synchronizing, meaning that if a transmission error occurs, it will only affect the
current block and the following block, not subsequent blocks.

Benefits of CBC:
● Increased Security:
● By chaining the blocks, CBC makes it more difficult for attackers to exploit predictable
patterns in the ciphertext.
● Protection Against Known Plaintext Attacks:
● CBC is generally resistant to known plaintext attacks, where an attacker knows some of
the plaintext and tries to deduce the key.
● Widely Used:
● CBC has been a popular choice for symmetric encryption, particularly in older protocols
like TLS/SSL