1. What are Security Attacks?

Differentiate between Active and Passive Attacks

Security attacks are attempts made by unauthorized users to access, alter, or damage data and systems.

Types of Attacks:

| Aspect | Active Attack | Passive Attack |

|----------------|--------------------------------------------|--------------------------------------------|

| Definition | Alters or affects system operations | Only observes or monitors communication |

| Detection | Easier to detect due to changes | Harder to detect as no change is made |

| Example | Data modification, DoS attack | Eavesdropping, traffic analysis |

- Active attacks involve tampering with data or disrupting services.

- Passive attacks aim to gather information without changing it.

- Both types threaten confidentiality, integrity, or availability.

2. Write any Two Differences between Stream and Block Ciphers

Ciphers are encryption methods used in cryptography. Stream and block ciphers are two main types.

| Aspect | Stream Cipher | Block Cipher |

|----------------|---------------------------------------------|--------------------------------------------|

| Operation | Encrypts 1 bit/byte at a time | Encrypts fixed-size blocks (e.g., 64 bits) |

| Speed | Faster, used in real-time systems | Slower, but offers higher security |

| Error Impact | Affects only one bit | May affect entire block |

- Stream ciphers are used in wireless communications.

- Block ciphers are suitable for file encryption.

- Both types ensure data confidentiality.

3. What is Avalanche Effect?

The avalanche effect is a desirable property in cryptographic algorithms where a small change in the input leads to a

significant change in the output.

- If one bit in the plaintext or key is changed, many bits in the ciphertext should change.
- This helps prevent attackers from predicting how changes affect encryption.

- It ensures high sensitivity in encryption algorithms.

Importance:

- Makes brute-force and differential attacks difficult.

- Strengthens data security by hiding patterns.

- Used in strong algorithms like AES and DES.

Example:

- Changing 1 bit in input may alter more than 50% of the output bits.

4. Write any Two Strengths of DES Algorithm

The Data Encryption Standard (DES) is a symmetric-key algorithm used for data encryption.

Strengths:

1. Fast Performance:

- DES is efficient in hardware and software.

- Suitable for fast data encryption and decryption.

2. Widespread Adoption:

- Well-researched and widely used in earlier systems.

- Provides a base for understanding modern ciphers.

- Although now considered outdated due to its short key length (56 bits), DES introduced important principles in

symmetric encryption.

- It supports block cipher mode and is easy to implement.

Usage:

- Used in older financial and government systems.

5. What is Public Key Cryptography?

Public Key Cryptography (PKC) uses a pair of keys - a public key for encryption and a private key for decryption.
Key Features:

- The public key is shared with everyone.

- The private key is kept secret by the owner.

How it Works:

- One person encrypts data using the recipient's public key.

- The recipient decrypts it using their private key.

Advantages:

- Enables secure communication without sharing private keys.

- Supports digital signatures and authentication.

Applications:

- Secure emails, digital signatures, and SSL/TLS.

Example Algorithms:

- RSA, ECC (Elliptic Curve Cryptography).

6. Write any Two Applications of Public Key Cryptography

1. Secure Communication:

- Used in sending encrypted emails or messages.

- Ensures only the intended recipient can read the message.

2. Digital Signatures:

- Validates the sender's identity.

- Prevents tampering with the message content.

Other Applications:

- SSL/TLS Protocols: Used in securing websites (HTTPS).

- Blockchain: Verifies transactions in cryptocurrency.

- Software Security: Used for code signing to verify authenticity.

Benefits:
- Enhances confidentiality and data integrity.

- Allows secure data exchange even over insecure networks.

Used In:

- Online banking, e-commerce, and VPNs.

7. What is Cryptographic Hash Function? Write any Two Properties

A cryptographic hash function converts data of any size into a fixed-length hash value, which is a unique representation

of the original data.

Properties:

1. Deterministic:

- Same input always gives the same output.

2. Collision Resistance:

- Very difficult to find two different inputs with the same hash output.

Other Features:

- Fast computation.

- Irreversible (can't derive input from hash).

- Used for password storage, digital signatures, and file verification.

Example Hash Functions:

- SHA-256, MD5 (less secure).

Use Case:

- Verifying data integrity in file downloads or blockchain.

8. What is Message Authentication Code (MAC)?

A Message Authentication Code is a short string of bits generated using a secret key and message, used to ensure

message integrity and authenticity.

Purpose:
- Verifies that the message comes from the correct sender.

- Ensures that the message has not been changed.

How It Works:

- Sender generates MAC using a shared secret key and sends it with the message.

- Receiver recalculates MAC and compares it to the one received.

Key Features:

- Requires secret key for both sender and receiver.

- Detects accidental or intentional data modification.

Used In:

- Online banking, payment systems, secure file transfers.

9. Write any Four General Means of Authenticating a User's Identity

Authentication Methods:

1. Something You Know:

- Password, PIN, or answer to a secret question.

2. Something You Have:

- Smart card, mobile phone, or security token.

3. Something You Are:

- Biometrics like fingerprints, retina scan, or face recognition.

4. Somewhere You Are:

- Location-based verification (e.g., GPS data or IP address).

Explanation:

- Combining two or more methods increases security (multi-factor authentication).

- Helps prevent unauthorized access to systems and data.

Use Cases:
- Online accounts, ATM machines, office logins.

10. What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It encrypts communication between a web

browser and server using SSL/TLS.

How It Works:

- Uses SSL/TLS certificates to create a secure session.

- Data is encrypted during transmission.

Benefits:

- Protects against data theft, eavesdropping, and tampering.

- Ensures confidentiality and trust between user and website.

Common Uses:

- E-commerce, banking, email services, and login pages.

Indicators:

- URL starts with "https://"

- Padlock icon appears in browser address bar.

Importance:

- Essential for protecting sensitive user data on the internet.