www.vidyarthiplus.

com

CS2363 Computer Networks / EEE UNIT-4 PART-A

1) Define cryptography? (AU Nov/Dec 2011) Cryptography is the science of information security. The word is derived from the Greek kryptos, meaning hidden. Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into cipher text (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers. 2) What is PGP? (AU Nov/Dec 2011) Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. Available both as freeware and in a low-cost commercial version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. 3) What is cipher text?(AU April /may 2011) In cryptography, ciphertext (or cyphertext) is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. Decryption, the inverse of encryption, is the process of turning ciphertext into readable plaintext. 4) List out the two modes of IP security. (AU April /may 2011)

www.vidyarthiplus.com
IPsec can be implemented in a host-to-host transport mode, as well as in a network tunnel mode . Transport mode: In transport mode, only the payload of the IP packet is usually encrypted and/or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value. The transport and application layers are always secured by hash, so they cannot be modified in any way (for example by translating the port numbers). A means to encapsulate IPsec messages for NAT traversal has been defined by RFC documents describing the NAT-T mechanism. Tunnel mode: In tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access), and host-tohost communications (e.g. private chat). Tunnel mode supports NAT traversal. 5) Explain objectives of cryptography? Confidentiality (the information cannot be understood by anyone for whom it was unintended) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) Authentication (the sender and receiver can confirm each other?s identity and the origin/destination of the information) 6) Explain data compression? In computer science and information theory, data compression, source coding, or bit-rate reduction involves encoding information using fewer bits than the original re presentation. Compression can be either lossy or lossless. Lossless compression reduces bits by identifying and eliminating statistical redundancy. No information is lost in lossless compression. Lossy compression reduces bits by identifying marginally important information and removing it. The process of reducing the size of a data file

www.vidyarthiplus.com
is popularly referred to as data compression, although its formal name is source coding. 7. Explain Huffman coding? In computer science and information theory, Huffman coding is an entropy encoding algorithm used for lossless data compression. The term refers to the use of a variable-length code table for encoding a source symbol (such as a character in a file) where the variable-length code table has been derived in a particular way based on the estimated probability of occurrence for each possible value of the source symbol. 8. Define JPEG? The term "JPEG" is an acronym for the Joint Photographic Experts Group JPEGis a commonly used method of lossy compression for digital photography (image). The degree of compression can be adjusted, allowing a selectable tradeoff between storage size and image quality. JPEG typically achieves 10:1 compression with little perceptible loss in image quality. JPEG compression is used in a number of image file formats. JPEG/Exif is the most common image format used by digital cameras and other photographic image capture devices; along with JPEG/JFIF, it is the most common format for storing and transmitting photographic images on the World Wide Web.These format variations are often not distinguished, and are simply called JPEG. 9. Define MPEG? Moving Picture Experts Group (MPEG) is a working group of experts that was formed by ISO and IEC to set standards for audio and video compression and transmission. The MPEG compression methodology is considered asymmetric as the encoder is more complex than the decoder. The encoder needs to be algorithmic or adaptive whereas the decoder is 'dumb' and carries out fixed actions. This is considered advantageous in applications such as broadcasting where the number of expensive complex encoders is small but the number of simple inexpensive decoders is large. 10. Define MP3? MPEG-1 or MPEG-2 Audio Layer III, more commonly referred to as MP3, is a patented encoding format for digital audio which uses a form of lossy data compression. It is a common audio format for consumer audio storage, as well as a de facto standard of digital audio compression for the transfer and playback of music on most digital audio players. MP3 is an audio-specific format that was designed by the Moving Picture Experts Group (MPEG) as

www.vidyarthiplus.com
part of its MPEG-1 standard and later extended in MPEG-2 standard. The use in MP3 of a lossy compression algorithm is designed to greatly reduce the amount of data required to represent the audio recording and still sound like a faithful reproduction of the original uncompressed audio for most listeners. An MP3 file that is created using the setting of 128 kbit/s will result in a file that is about 1/11 the size of the CD file created from the original audio source. An MP3 file can also be constructed at higher or lower bit rates, with higher or lower resulting quality. 11.Explain Encryption? Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. 12.Explain Decryption? Decryption is the process of converting encrypted data back into its original form, so it can be understood. 13.What is symmetric key? Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext 14.What is Asymmetric key? Asymmetric cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. 15.What is MAC? A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the Media Access Control protocol sub-layer of the OSI reference model. 16.Define HMAC? In cryptography, a hash-based message authentication code (HMAC) is a specific construction for calculating amessage authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. 17.Explain PKI? A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. 18.What is X.509? The X.509 v3 certificate format is described in detail, with additional information

www.vidyarthiplus.com
regarding the format and semantics of Internet name forms (e.g., IP addresses). 19.What is KDC? A key distribution center (KDC) is part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others. 20.What is Kerberos? Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. 21.What is SSH? Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2. 22.What is telnet? Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). 23.What is port forwarding? Port forwarding or port mapping is a name given to the combined technique of 1.translating the address and/or port number of a packet to a new destination 2.possibly accepting such packet(s) in a packet filter (firewall) 3.forwarding the packet according to the routing table. The destination may be a predetermined network port (assuming protocols like TCP and UDP, though the process is not limited to these) on a host within a NAT-masqueraded, typically private network, based on the port number on which it was received at the gateway from the originating host.The technique is used to permit communications by external hosts with services provided within a private local area network. 24.What is SSL? Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over

www.vidyarthiplus.com
the Internet. TLS and SSL encryptthe segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. 25.What is TLS? Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encryptthe segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, and is based on the earlier SSL specifications developed by Netscape Communications. 26.What is 802.11(Wi-Fi)? Wi-Fi is a popular technology that allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. 27.ExplainWEP? Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network.WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools. 28.Explain WPA2. Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy). 29.Explain CCMP? Counter Cipher Mode with Block Chaining Message Authentication Code Protocol or CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism

www.vidyarthiplus.com
designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol. 30.Explain firewall? A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between the internal network or computer it protects, upon securing that the other network is secure and trusted, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted. 31.Explain DMZ? A DMZ (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.