Subject Name : Cryptography and Network Security

Subject Code : IT1352

UNIT I
1 Speci!y the !our categorie" o! "ecurity thread"# ._Interruption
._Interception ._Modification ._Fabrication
2 $%p&ain acti'e and pa""i'e attack with e%amp&e#
(a""i'e attack:
Monitoring the message during transmission.
Eg: Interception
)cti'e attack:
It involves the modification of data stream or creation of false data stream.
E.g.: Fabrication, Modification, and Interruption
3 *e!ine integrity and nonrepudiation#
Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person ho denies the transaction is true or
false.
+ *i!!erentiate "ymmetric and a"ymmetric encryption#
Symmetric !symmetric
It is a form of cryptosystem in hich
encryption and decryption performed using
the same "ey.
It is a form of cryptosystem in hich
encryption and decryption
#erformed using to "eys.
Eg: $ES, !ES Eg: %S!, E&&
5 *e!ine cryptana&y"i"#
It is a process of attempting to discover the "ey or plainte't or both.
, Compare "tream cipher with b&ock cipher with e%amp&e
Stream cipher:
#rocesses the input stream continuously and producing one element at a time.
E'ample: caeser cipher.
-&ock cipher:
#rocesses the input one bloc" of elements at a time producing an output bloc" for
each input bloc".
E'ample: $ES.
. *e!ine "ecurity mechani"m
It is process that is designed to detect prevent, recover from a security attac".
E'ample: Encryption algorithm, $igital signature, !uthentication protocols.
/ *i!!erentiate unconditiona&&y "ecured and computationa&&y "ecured
!n Encryption algorithm is unconditionally secured means, the condition is if the
cipher te't generated by the encryption scheme doesn(t contain enough information to
determine corresponding plainte't.
Encryption is computationally secured means,
). The cost of brea"ing the cipher e'ceed the value of enough information.
*. Time re+uired to brea" the cipher e'ceed the useful lifetime of information.
0 *e!ine "teganography
,iding the message into some cover media. It conceals the e'istence of a
message.
11 2hy network need "ecurity#
-hen systems are connected through the netor", attac"s are possible during
transmission time.
11 *e!ine $ncryption
The process of converting from plainte't to cipher te't.
12 Speci!y the component" o! encryption a&gorithm
). #lainte't
*. Encryption algorithm
.. secret "ey
/. cipherte't
0. $ecryption algorithm
13 *e!ine con!identia&ity and authentication
Con!identia&ity:
It means ho to maintain the secrecy of message. It ensures that the information
in a computer system and transmitted information are accessible only for reading by
autherised person.
)uthentication:
It helps to prove that the source entity only has involved the transaction.
1+ *e!ine cryptography
It is a science of riting Secret code using mathematical techni+ues. The many
schemes used for enciphering constitute the area of study "non as cryptography.
15 Compare Sub"titution and Tran"po"ition techni3ue"
S12STIT1TI34 T%!4S#3SITI34
5! substitution techni+ues is one in hich
the letters of plainte't are replaced by other
letter or by number or symbols.
5Eg: &aeser cipher.
5 It means,different "ind of mapping is
achieved by performing some sort of
permutation on the plainte't letters.
5Eg: $ES, !ES.
1, *e!ine *i!!u"ion 4 con!u"ion
*i!!u"ion:
It means each plainte't digits affect the values of many cipherte't digits hich is
e+uivalent to each cipherte't digit is affected by many plainte't digits. It can be achieved
by performing permutation on the data. It is the relationship beteen the plainte't and
cipherte't.
Con!u"ion:
It can be achieved by substitution algorithm. It is the relationship beteen
cipherte't and "ey.
1. 2hat are the de"ign parameter" o! 5ei"te& cipher network#
52loc" size
56ey size
54umber of %ounds
5Sub"ey generation algorithm
5%ound function
5Fast softare Encryption7$ecryption
5Ease of analysis
1/ *e!ine (roduct cipher
It means to or more basic cipher are combined and it produce the resultant
cipher is called the product cipher.
10 $%p&ain )'a&anche e!!ect
! desirable property of any encryption algorithm is that a small change in either
the plainte't or the "ey produce a significant change in the cipherte't. In particular, a
change in one bit of the plainte't or one bit of the "ey should produce a change in many
bits of the cipherte't. If the change is small, this might provider a ay to reduce the size
of the plainte't or "ey space to be searched.
21 6i'e the !i'e mode" o! operation o! -&ock cipher
). Electronic &odeboo"8E&29
*. &ipher 2loc" &haining8&2&9
.. &ipher Feedbac"8&F29
/. 3utput Feedbac"83F29
0. &ounter8&T%9
21 State ad'antage" o! counter mode
5,ardare Efficiency
5Softare Efficiency
5#reprocessing
5%andom !ccess
5 #rovable Security
5Simplicity.
22 *e!ine 7u&tip&e $ncryption
It is a techni+ue in hich the encryption is used multiple times.
Eg: $ouble $ES, Triple $ES
23 Speci!y the de"ign criteria o! b&ock cipher
4umber of rounds
$esign of the function F
6ey scheduling
2+ *e!ine 8e'er"ib&e mapping
Each plain te't is maps ith the uni+ue cipher te't. This transformation is called
reversible mapping.
25 Speci!y the ba"ic ta"k !or de!ining a "ecurity "er'ice
! service that enhances the security of the data processing systems and the
information transfer of an organization. The services are intended to counter security
attac", and they ma"e use of one or more security mechanism to provide the service.
2, 2hat i" the di!!erence between &ink and end to end encryption#
9ink $ncryption $nd to $nd $ncryption
). -ith lin" encryption, each vulnerable ).-ith end to end encryption, the
&ommunications lin" is e+uipped on encryption process is carried out at
2oth ends ith an encryption device the to end systems
*. Message e'posed in sending host *.Message encrypted in sending and
and in intermediate nodes intermediate nodes
.. Transperant to user ..1ser applies encryption
/ .,ost maintains encryption facility /.1sers must determine algorithm
0. 3ne facility for all users 0.1sers selects encryption scheme
:. &an be done in hardare :.Softare implementations
;. #rovides host authentication ;.#rovides user authentication
<. %e+uires one "ey per8host=intermediate9 <.%e+uires one "ey per user pair
#air and 8intermediate=intermediate9pair
2. 2hat i" tra!!ic (adding# 2hat i" it" purpo"e#
Traffic padding produces cipherte't output continuously, even in the
absence of the plain te't. ! continuous random data stream is generated. -hen plain te't
is available, it is encrypted and transmitted. -hen input plainte't is not present, random
data are encrypted and transmitted. This ma"es it impossible to for an attac"er to
distinguish beteen true dataflo and padding and therefore impossible to deduce the
amount of traffic.
2/ 9i"t the e'a&uation criteria de!ined by NIST !or )$S#
The evaluation criteria for !ES is as follos:
).Security
*. &ost
..!lgorithm and implementation characteristics
20 2hat i" Trip&e $ncryption# :ow many key" are u"ed in trip&e encryption#
Triple Encryption is a techni+ue in hich encryption algorithm is
performed three times using three "eys.
UNIT II
31 *i!!erentiate pub&ic key and con'entiona& encryption#
Con'entiona& $ncryption (ub&ic key $ncryption
). The same algorithm ith the same ).3ne algorithm is used for encryption
6ey is used for encryption and decryption and decryption ith a pair of "eys,
one for encryption and another for
decryption
*. The sender and receiver must share *.The sender and receiver
The algorithm and the "ey must each have one of the
Matched pair of "eys
.. The "ey must be secret ..3ne of to "eys must be "ept
Secret
/. It must be impossible or atleast impractial /. It must be impossible or to
decipher a message if no other information at least impractical to decipher a
is available message if no other information
is available
0. 6noledge of the algorithm plus samples 0. 6noledge of the algorithm
of cipher te't must insufficient to determine plus one of "ey plus samples of
the "ey cipherte't must be insufficient
to determine the other "ey.
31 2hat are the princip&e e&ement" o! a pub&ic key crypto"y"tem#
The principle elements of a cryptosystem are:
).plain te't
*.Encryption algoritm
..#ublic and private "ey
/.&ipher te't
0.$ecryption algorithm
32 2hat are ro&e" o! pub&ic and pri'ate key#
The to "eys used for public="ey encryption are referred to as
the public "ey and the private "ey. Invariably, the private "ey is "ept secret and the
public "ey is "non publicly. 1sually the public "ey is used for encryption purpose
and the private "ey is used in the decryption side.
33 Speci!y the app&ication" o! the pub&ic key crypto"y"tem#
The applications of the public="ey cryptosystem can classified as follos
). Encryption7$ecryption: The sender encrypts a message ith the recipient(s public
"ey.
*. $igital signature: The sender >signs? a message ith its private "ey. Signing is
achieved by a cryptographic algorithm applied to a message or to a small bloc" of
data that is a function of the message.
.. 6ey E'change: To sides cooperate to e'change a session "ey. Several different
approaches are possible, involving the private "ey8s9 of one or both parties.
3+ 2hat re3uirement" mu"t a pub&ic key crypto"y"tem to !u&!i&& to a "ecured
a&gorithm#
The re+uirements of public="ey cryptosystem are as follos:
). It is computationally easy for a party 2 to generate a pair8#ublic "ey 61b, #rivate
"ey 6%b9
*. It is computationally easy for a sender !, "noing the public "ey and the message
to be encrypted , M, to generate the corresponding cipherte't:
&@E61b8M9
.. It is computationally easy for the receiver 2 to decrypt the resulting cipherte't
using the private "ey to recover the original message :
M@$6%b8&9@$6%bAE61b8M9B
/. It is computationally infeasible for an opponent , "noing the public "ey,61b,to
determine the private "ey,6%b.
0. It is computationally infeasible for an opponent , "noing the public "ey,61b,
and a cipherte't, &, to recover the original message,M.
:. The encryption and decryption functions can be applied in either order:
M@E61bA$6%b8M9B@$61b AE6%b8M9B
35 2hat i" a one way !unction#
3ne ay function is one that map the domain into a range such that every
function value has a uni+ue inverse ith a condition that the calculation of the function is
easy here as the calculations of the inverse is infeasible.
3, 2hat i" a trapdoor one way !unction#
It is function hich is easy to calculate in one direction and infeasible to calculate
in other direction in the other direction unless certain additional information is "non.
-ith the additional information the inverse can be calculated in polynomial time. It can
be summarized as: ! trapdoor one ay function is a family of invertible functions f",
such that
C@ f"8 D9 easy, if " and D are "non
D@f"
=)8C9 easy, if " and y are "non
D@ f"
=)8C9 infeasible, if C is "non but " is not "non
3. *e!ine $u&er;" theorem and it;" app&ication#
Euler(s theorem states that for every a and n that are relatively prime:
a ___ EEEE#%FEG
3/ *e!ine $u&er;" totient !unction or phi !unction and their app&ication"#
The Euler(s totient function states that, it should be clear for a prime number p,
EEEEEEEEEEEEEEEEEEEEEEEEEE EESE ES=)
30 *e"cribe in genera& term" an e!!icient procedure !or picking a prime number#
The procedure for pic"ing a prime number is as follos:
). #ic" an odd integer n at random 8eg., using a pseudorandom number generator9.
*. #ic" an integer aHn at random.
.. #erform the probabilistic primality test, such as Miller=%abin. If n fails the test,
reIect the value n and go to step ).
/. If n has passed a sufficient number of tests, accept nJ otherise , go to step *.
+1*e!ine 5ermat Theorem#
Fermat Theorem states the folloing: If p is prime and a is a positive integer
not divisible by p, then
!p=) EEE#%FES
+1 9i"t !our genera& characteri"tic" o! "chema !or the di"tribution o! the pub&ic key#
The four general characteristics for the distribution of the public "ey are
). #ublic announcement
*. #ublicly available directory
.. #ublic="ey authority
/. #ublic="ey certificate
+2 2hat i" a pub&ic key certi!icate#
The public "ey certificate is that used by participants to e'change "eys ithout
contacting a public "ey authority, in a ay that is as reliable as if the "eys ere
obtained directly from the public="ey authority. Each certificate contains a public
"ey and other information, is created by a certificate authority, and is given to a
participant ith the matching private "ey.
+3 2hat are e""entia& ingredient o! the pub&ic key directory#
The essential ingredient of the public "ey are as follos:
). The authority maintains a directory ith a Kname, public "eyL entry for each
participant
*. Each participant registers a public "ey ith the directory authority. %egistration
ould have to be in person or by some form of secure authenticated communication.
.. ! participant may replace the e'isting "ey ith a ne one at a time ,either because
of the desire to replace a public "ey that has already been used for a large amount of
data, or because the corresponding private "ey has been comprised in some ay.
/. #eriodically, the authority publishes the entire directory or updates to the directory.
For e'ample, a hard=copy version much li"e a telephone boo" could be published, or
updates could be listed in a idely circulated nespaper.
0. #articipants could also access the directory electronically. For this purpose, secure,
authenticated communication from the authority to the participant is mandatory.
++ 5ind gcd <10.1= 11,,> u"ing $uc&id;" a&gorithm#
gcd 8)M;N,)N::9 @ gcd8)N::,)M;N mod )N::9
@ gcd8)N::,MN/9
@ *
+5 U"er ) and - e%change the key u"ing *i!!ie?:e&&man a&gorithm )@@A(:B BB
3C11 A)C2 A-C3 5ind the 'a&ue o! D)= D- and k#
Soln:
C!@E D
! mod +
@ *0 mod ))
@ .
C2 E D
2 mod +
@ )*0 mod ))
@ /
6 @ 8 C!9 D
2 mod +
@ *; mod ))
@ 0
6 @ 8 C29 D
! mod +
@ ): mod ))
@ 0
+, 2hat i" the primiti'e root o! a number#
-e can define a primitive root of a number p as one hose poers generate all
the integers from ) to p=). That is p, if a is a primitive root of the prime number p then
the numbers.
+. *etermine the gcd <2+1+1=1,.,2> u"ing $uc&id;" a&gorithm
Soln:
-e "no, gcd8a, b9 @ gcd8b, a mod b9
gcd8*/)/N,):;:*9 @gcd8):;:*,;.;<9
gcd8;.;<,*NN:9 @gcd8*NN:,).:N9
gcd8).:N,:/:9 @gcd8:/:,:<9
gcd8:<,./9 @ ./
gcd8*/)/N,):;:*9 @ ./.
+/ (er!orm encryption and decryption u"ing 8S) )&g !or the !o&&owing
(C.E 3C11E eC1.E 7C/
Soln:
n @ p+
n @ ;5))@;;
EGE ES=)9 8+=)9
@:5)N @ :N
e @);
d @*;
& @ Me mod n
& @ <); mod ;;
@ 0;
M @ &d mod n
@ 0;*; mod ;;
@ <
+0 2hat i" an e&&iptic cur'e#
The principle attraction of E&& compared to %S!, is that it appears to offer e+ual
security for a far smaller "ey size, thereby reducing processing overhead.
Unit III
51 2hat i" me""age authentication#
It is a procedure that verifies hether the received message comes from assigned
source has not been altered. It uses message authentication codes, hash algorithms to
authenticate the message.
51 *e!ine the c&a""e" o! me""age authentication !unction
Message encryption: The entire cipher te't ould be used for authentication.
Message !uthentication &ode: It is a function of message and secret "ey produce
a fi'ed length value.
,ash function: Some function that map a message of any length to fi'ed length
hich serves as authentication.
52. 2hat are the re3uirement" !or me""age authentication#
The re+uirements for message authentication are
). $isclosure:%elease of message contents to any person or process not processing
the appropriate cryptographic "ey
*. Traffic !nalysis: $iscovery of the pattern of traffic beteen parties. In a
connection oriented application, the fre+uency and duration of connections could be
determined. In either a connection oriented or connectionless environment, the
number and length of messages beteen parties could be determined.
.. Mas+uerade: Insertion of messages into the netor" from a fraudulent source.
This includes the creation of messages by an opponent that are purported to come
from an authorized entity. !lso included are fraudulent ac"noledgements of
message receipt or no receipt by someone other than the message recipient.
/. &ontent modification: &hanges to the contents of a message , including
insertion, deletion, transposition, and modification.
0. Se+uence modification: !ny modification to a se+uence of messages beteen
parties, including insertion, deletion, and modification.
:. Timing modification: $elay or replay of messages. In a connection oriented
application, an entire session or se+uence of messages could be a replay of some
previous valid session, or individual messages in the se+uence could be delayed or
replayed. In connectionless application, an individual message could be delayed or
replayed.
;. Source repudiation: $enial of transmission of message by source.
<. $estination repudiation: $enial of receipt of message by destination.
53 2hat you meant by ha"h !unction#
,ash function accept a variable size message M as input and produces a fi'ed size
hash code ,8M9 called as message digest as output. It is the variation on the message
authentication code.
5+ *i!!erentiate 7)C and :a"h !unction#
M!&: In Message !uthentication &ode, the secret "ey shared by sender
and receiver. The M!& is appended to the message at the source
at a time hich the message is assumed or "non to be correct.
,ash Function: The hash value is appended to the message at the source
at time hen the message is assumed or "non to be correct. The
hash function itself not considered to be secret.
55 )ny three ha"h a&gorithm
M$0 8Message $igest version 09 algorithm.
S,!E) 8Secure ,ash !lgorithm9.
%I#EM$E):N algorithm.
5, 2hat are the re3uirement" o! the ha"h !unction#
, can be applied to a bloc" of data of any size.
, produces a fi'ed length output.
,8'9 is relatively easy to compute for any given ', ma"ing both
hardare and softare implementations practical.
5. 2hat you meant by 7)C#
M!& is Message !uthentication &ode. It is a function of message and secret "ey
hich produce a fi'ed length value called as M!&.
M!& @ &"8M9
-here M @ variable length message
6 @ secret "ey shared by sender and receiver.
&68M9 @ fi'ed length authenticator.
5/ *i!!erentiate interna& and e%terna& error contro&
Internal error control:
In internal error control, an error detecting code also "non as
frame chec" se+uence or chec"sum.
E'ternal error control:
In e'ternal error control, error detecting codes are appended after
encryption.
50 2hat i" the meet in the midd&e attack#
This is the cryptanalytic attac" that attempts to find the value in each of
the range and domain of the composition of to functions such that the forard mapping
of one through the first function is the same as the inverse image of the other through the
second function=+uite literally meeting in the middle of the composed function.
,1 2hat i" the ro&e o! compre""ion !unction in ha"h !unction#
The hash algorithm involves repeated use of a compression function f, that
ta"es to inputs and produce a n=bit output. !t the start of hashing the chaining variable
has an initial value that is specified as part of the algorithm. The final value of the
chaining variable is the hash value usually bOnJ hence the term compression.
,1 2hat i" the di!!erence between weak and "trong co&&i"ion re"i"tance#
-ea" collision resistance Strong resistance collision
For any given bloc" ', it is computationally
infeasible to fine yAEPQ-6ERESE REAEE
It is computationally infeasible to find any
pair 8',y9 such that ,8'9@,8y9
It is proportional to *n
It is proportional to * n7*
,2 Compare 7*5= S:)1 and 8I($7*?1,1 a&gorithm
M$0 S,!=) %I#EM$):N
$igest length )*< bits ):N bits ):N bits
2asic unit of
processing
0)* bits
0)* bits
0)* bits
4o of steps :/8/ rounds of
):9
<N 8/ rounds of
*N9
):N 80 paired rounds of ):9
Ma'imum
message size
.
*:/=) bits
*:/=) bits
#rimitive logical
function
/
/
0
!dditive
constants used
:/ / M
Endianess Qittle Endian 2ig Endian Qittle Endian
,3 *i"tingui"h between direct and arbitrated digita& "ignature#
$irect digital signature !rbitrated $igital Signature
The direct digital signature involves only
the communicating parties.
The arbiter plays a sensitive and crucial
role in this digital signature.
This may be formed by encrypting the
entire message ith the sender(s private
"ey.
Every signed message from a sender ' to a
receiver y goes first to an arbiter !, ho
subIects the message and its signature to a
number of tests to chec" its origin and
content.
,+ 2hat are the propertie" a digita& "ignature "hou&d ha'e# _It must verify the
author and the data and time of signature. _It must authenticate the contents at the
time of signature. _It must be verifiable by third parties to resolve disputes.
,5 2hat re3uirement" "hou&d a digita& "ignature "cheme "hou&d "ati"!y# ._The
signature must be bit pattern that depends on the
message being signed. ._The signature must use some information uni+ue to the
sender, to prevent both forgery and denial. ._It must be relatively easy to produce the
digital signature. ._It must be relatively easy to recognize and verify the digital
signature. ._It must be computationally infeasible to forge a digital
signature, either by constructing a ne message for an
e'isting digital signature or by constructing a fraudulent
digital signature for a given message. ._It must be practical to retain a copy of the
digital signature
in storage.
,, *e!ine Ferbero"
6erberos is an authentication service developed as part of proIect !thena at MIT.
The problem that 6erberos address is, assume an open distributed environment in hich
users at or" stations ish to access services on servers distributed throughout the
netor".
,. 2hat i" Ferbero"# 2hat are the u"e"#
6erberos is an authentication service developed as a part of proIect !thena at
MIT.6erberos provide a centralized authentication server hose functions is to
authenticate servers.
,/ 2hat + re3uirement" were de!ined by Ferbero"#
._Secure ._%eliable ._Transparent ._Scalable
,0 In the content o! Ferbero"= what i" rea&m#
! full service 6erberos environment consisting of a 6erberos server, a no. of
clients, no.of application server re+uires the folloing: ._The 6erberos server must
have user I$ and hashed passord of all participating
users in its database. ._The 6erberos server must share a secret "ey ith each server.
Such an
environment is referred to as >%ealm?.
.1 )""ume the c&ient C want" to communicate "er'er S u"ing Ferbero" procedure
:ow can it be achie'ed#
$ialogue beteen client T&( , server TS( and authentication server8!S9 are given
belo
a9 & !S: AI$cUU #c UU I$sB
b9 !S &: Tic"et
c9 & S: AI$c UU !$c UU I$sB
Tic"et @ E6s AI$c UU!$c UU I$sB
Step 1: The user logon to or"station and re+uest access to the server S. The
client module & in the or"station re+uest user passord and sends message to !S that
includes user I$8I$c9, server I$8I$c9 and its passord.
Step 2: 4o the !S verify users passord against its passord database, if it is valid. !S
sends the tic"et to & that includes user I$8I$c9, server I$8I$s9 and the address of the
client or"station 8!$c9 are encrypted ith "ey hich is shared by both !S and
server8S9.
Step 3: 4o the client use the tic"et to server S, to send the message to S ith I$c to
access service.
.1 2hat i" the purpo"e o! A510 "tandard#
D.0NM defines frameor" for authentication services by the D.0NN directory to its
users.D.0NM defines authentication protocols based on public "ey certificates.
Unit I@ 4 Unit @
12hat are the "er'ice" pro'ided by (6( "er'ice"
$igital signature
Message encryption
&ompression
E=mail compatibility
Segmentation
2 $%p&ain the rea"on" !or u"ing (6(#
a9 It is available free orldide in versions that run on a variety of platforms,
including $3S7indos, 14ID, Macintosh and many more.
b9 It is based on algorithms that have survived e'tensive public revie and are
considered e'tremely secure.
E.g.9 %S!, $SS and $iffie=,ellman for public "ey encryption, &!ST=)*<,
I$E!, .$ES for conventional encryption, S,!=)for hash coding.
c9 It has a ide range of applicability from corporations that ish to select and
enforce a standardized scheme for encrypting files and communication.
d9 It as not developed by nor is it controlled by any governmental or standards
organization.
3 2hy $?mai& compatibi&ity !unction in (6( needed#
Electronic mail systems only permit the use of bloc"s consisting of !S&II te't.
To accommodate this restriction #F# provides the service converting the ro <=
bit binary stream to a stream of printable !S&II characters. The scheme used for
this purpose is %adi'=:/ conversion.
+ Name any cryptographic key" u"ed in (6(#
a9 3ne=time session conventional "eys.
b9 #ublic "eys.
c9 #rivate "eys.
d9 #ass phrase based conventional "eys.
5 *e!ine key Identi!ier#
#F# assigns a "ey I$ to each public "ey that is very high probability uni+ue
ith a user I$. It is also re+uired for the #F# digital signature. The "ey I$
associated ith each public "ey consists of its least significant :/bits.
, 9i"t the &imitation" o! S7T(G85C /22#
a9 SMT# cannot transmit e'ecutable files or binary obIects.
b9 It cannot transmit te't data containing national language characters.
c9 SMT# servers may reIect mail message over certain size.
d9 SMT# gateays cause problems hile transmitting !S&II and E2&$I&.
e9 SMT# gateays to D./NN E=mail netor" cannot handle non te'tual data
included in D./NN messages.
. *raw the diagram !or (6( me""age tran"mi""ion reception#
/ 2hat i" the genera& !ormat !or (6( me""age#
0 *e!ine SG7I7$#
Secure7Multipurpose Internet Mail E'tension8S7MIME9 is a security enhancement
to the MIME Internet E=mail format standard, based on technology from %S! $ata
Security.
11 2hat are the e&ement" o! 7I7$# 9_Five ne message header fields are defined
hich may be included in an
%F& <** header. 9_! number of content formats are defined. 9_Transfer encodings
are defined that enable the conversion of any content
format into a form that is protected from alteration by the mail system.
11 2hat are the header" !ie&d" de!ine in 7I7$#
MIME version.
&ontent type.
&ontent transfer encoding.
&ontent id.
&ontent description.
12 2hat i" 7I7$ content type and e%p&ain#
It is used to declare general type of data. Subtype define particular format
for that type of the data. It has ; content type V )0 subtypes. They are,
). Te't type
#lain te't.
Enriched.
*. Multipart type
Multipart7mi'ed.
Multipart7parallel.
Multipart7alternative.
Multipart7digest.
.. Message type
Message7%F&<**.
Message7partial.
Message7e'ternal.
/. Image type
W#EF.
&IF.
0. Xideo type.
:. !udio type.
;. !pplication type
#ost script.
3ctet stream.
13 2hat are the key a&gorithm" u"ed in SG7I7$#
$igital signature standards.
$iffi ,ellman.
%S! algorithm.
1+ 6i'e the "tep" !or preparing en'e&ope data 7I7$#
Fenerate 6s.
Encrypt 6s using recipient( s public "ey.
%S! algorithm used for encryption.
#repare the Trecipient info bloc"( .
Encrypt the message using 6s.
15 2hat you mean by @eri"ign certi!icate#
Mostly used issue D.0NM certificate ith the product name? Xerisign
digital id?. Each digital id contains oner( s public "ey, oner( s name and serial number
of the digital id.
1, 2hat are the !unction area" o! I( "ecurity#
!uthentication
&onfidentiality
6ey management.
1. 6i'e the app&ication o! I( "ecurity#
#rovide secure communication across private V public Q!4.
Secure remote access over the Internet.
Secure communication to other organization.
1/ 6i'e the bene!it" o! I( "ecurity#
#rovide security hen I# security implement in router or fireall.
I# security is belo the transport layer is transparent to the
application.
I# security transparent to end=user.
I# security can provide security for individual user.
10 2hat are the protoco&" u"ed to pro'ide I( "ecurity#
!uthentication header 8!,9 protocol.
Encapsulating Security #ayload 8ES#9 protocol.
21 Speci!y the I( "ecurity "er'ice"#
!ccess control.
&onnectionless integrity.
$ata origin authentication
%eIection of replayed pac"et.
&onfidentiality.
Qimited traffic for &onfidentiality.
21 2hat do you mean by Security )""ociation# Speci!y the parameter" that
identi!ie" the Security )""ociation#
!n association is a one=ay relationship beteen a sender and receiver that
affords security services to the traffic carried on.
! "ey concept that appears in both the authentication and confidentiality
mechanism for I# is the security association 8S!9.
! security !ssociation is uni+uely identified by . parameters:
Security #arameter Inde' 8S#I9.
I# $estination !ddress.
Security #rotocol Identifier.
22 2hat doe" you mean by 8ep&y )ttack#
! replay attac" is one in hich an attac"er obtains a copy of an
authenticated pac"et and later transmits it to the intended destination.
Each time a pac"et is send the se+uence number is incremented in
the counter by the sender.
23 6enera& !ormat o! I("ec $S( 5ormat#
Security #arameter Inde'8S#I9
Se+uence 4umber8S49
#ayload $ata 8Xariable9
#adding8N=*00 bytes9
!uthentication $ata 8variable9
2+ *i!!erentiate Tran"port and Tunne& mode in I("ec#
25 2hat i" )uthentication :eader# 6i'e the !ormat o! the I("ec )uthentication
:eader#
It provides the authentication of I# #ac"et, so authentication is based on the
use of M!&.
Format of I#sec !uthentication ,eader:
First ,eader #ayload Qength %eserved
Security #arameter Inde'8S#I9
Se+uence number8S49
!uthentication $ata8Xariable9
2, $%p&ain the !ormat o! $S( Tran"port 7ode#
!uthenticated
Encrypted
3rig I#hdr ES#
hdr
T&# $!T! ES#
Trir
ES#
auth
Fig: I#X/
!uthenticated
Encrypted
3rig I#
hdr
,op by
hop,dest,routing,fragment
ES#
hdr
dest Tcp $ata ES#
trir
ES#
auth
Fig:I#X:
Transport mode Tunnel Mode
). #rovide the protection for
upper layer protocol beteen to
hosts.
*. ES# in this mode encrypts and
optionally authenticates I#
#ayload but not I# ,eader.
.. !, in this mode authenticate
the I# #ayload and selected
portion of I# ,eader.
). #rovide the protection for entire I#
#ac"et.
*. ES# in this mode encrypt authenticate
the entire I# pac"et.
.. !, in this mode authenticate the
entire I# #ac"et plus selected portion of
outer I# ,eader.
2. *e!ine Tran"port )djacency and Iterated Tunne&#
Transport !dIacency:
!pply authentication after encryption, to bundle transport mode Security
!ssociation
o Inner S! 8ES#ES!9
o 3uter S!8!,ES!9
Iterated Tunnel:
!pply authentication before encryption, * S! are combined,
o Inner Sa=!, transport mode.
o 3uter Sa=ES# Tunnel mode.
2/ 6i'e !eature" and weakne"" o! *i!!ie :e&&man#
FE!T1%ES:
Secret "eys created only hen needed.
E'change re+uires no pree'isting infrastructure.
-E!64ESS: ._#rovide no information about identities. ._It is subIected to man
in middle attac".
20 $%p&ain man in the midd&e attack#
If ! and 2 e'change message, means E intercept the message and receive
the 2( s public "ey and 2( s userId, E sends its on message ith its on public "ey and
2( s user I$ based on the private "ey and C. 2 compute the secret "ey and ! compute "*
based on private "ey of ! and C.
31 9i"t the "tep" in'o&'ed in SS9 record protoco&#
). SSQ record protocol ta"es application data as input and fragments it.
*. !pply lossless &ompression algorithm.
.. &ompute M!& for compressed data.
/. M!& and compression message is encrypted using conventional alg.
31 6i'e SS9 record !ormat#
&ontent
type
MaIor
Xersion
Minor
Xersion
&ompressed
length
#lain Te't83ptionally &ompressed9
M!&
N, ): or *N bytes.
32 2hat are the di!!erent between SS9 'er"ion 3 and T9S#
SS9 T9S
5 In SSQ the minor version is N and 5 In TQS, the maIor version is . and the
the maIor version is . minor version is ).
5 SSQ use ,M!& alg., e'cept that 5 TQS ma"es use of the same alg.
the padding bytes concatenation.
5 SSQ supports )* various alert 5 TQS supports all of the alert codes
codes. defined in SSQ. ith the e'ception of
no E certificate.
33 2hat i" mean by S$T# 2hat are the !eature" o! S$T#
Secure Electronic Transaction 8SET9 is an open encryption and security
specification designed to protect credit card transaction on the internet.
Features are:
). &onfidentiality of information
*. Integrity of data
.. &ardholder account authentication
/. Merchant authentication
3+ 2hat are the "tep" in'o&'ed in S$T Tran"action#
). The customer opens an account
*. The customer receives a certificate
.. Merchants have their on certificate
/. The customer places an order.
0. The merchant is verified.
:. The order and payment are sent.
;. The merchant re+uests payment authorization.
<. The merchant confirm the order.
M. The merchant provides the goods or services.
)N. The merchant re+uests payment.
35 2hat i" dua& "ignature# 2hat it i" purpo"e#
The purpose of the dual signature is to lin" to messages that intended for
to different recipients.
To avoid misplacement of orders.
3, 9i"t the 3 c&a""e" o! intruder#
&lasses of Intruders
)9 Mas+uerader
*9 Misfeasor
.9 &landestine user
3. *e!ine 'iru" Speci!y the type" o! 'iru"e"#
! virus is a program that can infect other program by modifying them the
modification includes a copy of the virus program, hich can then go on to infect other
program.
Types:
)9 #arasitic virus
*9 Memory=resident virus
.9 2oot sector virus
/9 Stealth virus
09 #olymorphic virus
3/ 2hat i" app&ication &e'e& gateway#
!n application level gateay also called a pro'y serverJ act as a relay of
application=level traffic. The user contacts the gateay using a T&#7I# application,
such as Telnet or FT#, and the gateay as"s the user for the name of the remote host to
be accessed.
30 9i"t the de"ign goa&" o! !irewa&&"#
). !ll traffic from inside to outside, and vise versa, must pass through
the fireall.
*. 3nly authorized traffic, as defined by the local security policy, ill
be alloed to pass.
3 The fireall itself is immune to penetration.
(art -
Unit I
1 i> $%p&ain (&ay!air cipher 4 @ernam cipher in detai&
(&ay!air cipher
i9 Multiple letter encryption cipher
ii9 E'ample
iii9 Four %ules
@ernam Cipher
i9 Encryption &i @ #i 6i
ii9 $ecryption #i @ &i 6i
iii9 E'ample
ii> Con'ert H7$$T 7$I u"ing :i&& cipher with the key matri%
Con'ert the cipherte%t back to p&ainte%t
2 $%p&ain "imp&i!ied *$S with e%amp&e
Structure of S=$ES
Functions
6ey Feneration
Encryption Y2loc" $iagram
3 2rite "hort note" on
i> Steganography
$efinition
,istorical Techni+ues
!dvanced Techni+ues
$rabac"s
ii> -&ock cipher mode" o! operation
Electronic &ode boo" mode
&ipher bloc" chaining mode
&ipher feedbac" mode
3utput feedbac" mode
+ $%p&ain c&a""ica& $ncryption techni3ue" in detai&
Sub"titution techni3ue"
o &aesar cipher
o #layfair &ipher
o ,ill &ipher
o Monoalphabetic &ipher
o #olyalphabetic cipher
Tran"po"ition Techni3ue"
5 2rite "hort note" on
a. Security "er'ice"
$efinition
&onfidentiality
!uthentication
Integrity
4on %epudiation
!ccess &ontrol
!vailability
b 5ei"te& cipher "tructure
2loc" diagram
E'planation of Encryption and $ecryption #rocess
$esign #arameters
, $%p&ain *ata $ncryption Standard <*$S> in detai&
2loc" diagram
$etails of Single %ound
&alculations of F8%, 69
6ey Feneration
$ES $ecryption
. :ow )$S i" u"ed !or encryptionGdecryption# *i"cu"" with e%amp&e
!ES #arameters
Structure of !ES
!ES 6ey E'pansion
/ 9i"t the e'a&uation criteria de!ined by NIST !or )$S
Security
&ost
!lgo. !nd Implementation characteristics
Final=M points
Unit II
1 State and e%p&ain the princip&e" o! pub&ic key cryptography
#roblems in &E
&haracterestics
Elements
2 $%p&ain *i!!ie :e&&man key $%change in detai& with an e%amp&e
!lgorithm
E'ample
3 $%p&ain the key management o! pub&ic key encryption in detai&
#ublic 6ey announcement
#ublicly available directory
#ublic "ey &ertification
#ublic 6ey !uthority
Simple Secret 6ey $istribution
Secret 6ey $istribution ith confidentiality and authentication
,ybrid Scheme
+ $%p&ain 8S) a&gorithm in detai& with an e%amp&e
%e+uirements
!lgorithm
E'ample
&omputational !spects
Security of %S!
5 -rie!&y e%p&ain the idea behind $&&iptic Cur'e Crypto"y"tem
E& over %eal 4o and Pp
E&& $, 6ey E'change
E& E7$
Security of E&&
Unit III
1 $%p&ain the c&a""i!ication o! authentication !unction in detai&
Introduction
Message Encryption
M!&
,ash function
2 *e"cribe 7*5 a&gorithm in detai& Compare it" per!ormance with S:)?1
0)* bit bloc" size produces )*< bit M$
#rocessing steps
&ompression function
&omparison
3 *e"cribe S:)?1 a&gorithm in detai& Compare it" per!ormance with 7*5 and
8I($7*?1,1 and di"cu"" it" ad'antage".
0)* bit bloc" size produces ):N bit M$
#rocessing steps
&ompression function
&omparison and advantages
+ *e"cribe 8I($7*?1,1 a&gorithm in detai& Compare it" per!ormance with
7*5 and S:)?1
0)* bit bloc" size produces ):N bit M$
#rocessing steps
&ompression function
&omparison
5 *e"cribe :7)C a&gorithm in detai&
!lgorithm
Structure
Security
, 2rite and e%p&ain the *igita& Signature )&gorithm
Signature @ 8r,s9
Xerify v @ r(
!lgorithm
2loc" diagram
. )""ume a c&ient C want" to communicate with a "er'er S u"ing kerbero"
protoco& :ow can it be achie'ed#
Introduction
Simple !uthentication $ialogue
Secure !uthentication $ialogue
Unit I@
1 $%p&ain the operationa& de"cription o! (6(
!uthentication
&onfidentiality
&ompression
Email &ompatibility
Segmentation
2 2rite Short note" on SG7I7$
MIME Elements
Functionality
!lgorithms
MIME Messages
&ertificate #rocessing
3 $%p&ain the architecture o! I( Security
Introduction
I# Sec. $ocuments
I# Sec. Services
Security !ssociation
+ 2rite "hort note" on authentication header and $S(
!uthentication header format
!nti replay service
Transport and tunnel mode
ES# format
ES# Encryption and !uthentication
&ombined Security !ssociation
5 $%p&ain in detai& the operation o! Secure Socket 9ayer in detai&
SSQ concepts
SSQ %ecord protocol operation
Qogical connection beteen client and server
, $%p&ain Secure $&ectronic tran"action with neat diagram
Introduction
Services
%e+uirements and features
#articipants
Se+uence of even
$ual signature
#ayment processing
Unit @
1 $%p&ain the technica& detai&" o! !irewa&& and de"cribe any three type" o! !irewa&&
with neat diagram
#ac" filtering router
!pplication level gateay
&ircuit level gateay
2 2rite "hort note" on Intru"ion *etection
Intrusion Techni+ues
Statistical anomaly detection
%ule based detection
$istributed Intrusion $etection
3 *e!ine 'iru" $%p&ain in detai&.
! virus is a program that can infect other program by modifying them the
modification includes a copy of the virus program, hich can then go on to infect other
program.
4ature of viruses Y / phases
Xirus Structure
Types of viruses
!ntivirus !pproaches
+ *e"cribe Tru"ted "y"tem in detai&
!ccess control structure
%eference Monitor concept
5 $%p&ain in detai& about pa""word management
#assord protection
Qoadind a ne passord
Xerifying a passord
#assord selection strategies