Vous êtes sur la page 1sur 30


Explain in detail the types of security attacks that are

encountered and distinguish between them.

Security Attack:

• Any action that compromises the security of information owned by an organization

• Information security is about how to prevent attacks, or failing that, to detect attacks on
information-based systems
• Often threat & attack used to mean same thing
• Have a wide range of attacks
can focus of generic types of attacks
• passive
• active
Passive Attacks
• Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
• The goal of the opponent is to obtain information that is being transmitted.
• Two types of passive attacks are
– the release of message contents and
– traffic analysis.

The release of message contents

• Cryptanalyst can not communicate with both parties, attempting to break the system
solely based on the observed data

Traffic analysis.
• A network attack is the process of intercepting or examining messages in order to deduce
information from pattern in communication.
• It can be performed even for encrypted messages
Greater the number of messages observed more can be inferred
Active attacks :

• Active attacks involve some modification of the data stream or the creation of a false
• can be subdivided into four categories:
– masquerade,
– replay,
– modification of messages,
– and denial of service.
Masquerade attack:

• A network attack that uses fake identity, such as network identity , to gain unauthorized
access to personal computer information through legitimate access identification

• A form of a network attack in which a valid transmission of data is maliciously or
fraudulently repeated or delayed

Modified message:

• Intruder alters packet header addresses to direct a message to a different destination of

modify the data on a target machine

Denial of Service attack:

Cyber attack where the perpetrator seeks to make a machine or network unavailable to its
intended users by temporarily disrupting services of a host connected to the internet.
This is accomplished by flooding the targeted resource with superfluous requests in an attempt to
overload systems and prevent some of all legitimate requests from being fulfilled
2. Discuss Active and Passive security attacks

Same as answer 1

3. With the diagram, explain the Network security Model

Model for Network Security:

using this model requires us to:

 design a suitable algorithm for the security transformation
 generate the secret information (keys) used by the algorithm
 develop methods to distribute and share the secret information
 specify a protocol enabling the principals to use the transformation and secret information
for a security service

At the sender side, message undergoes security related transformation using secret

information (key) and sent across the network.

At the receiver end, secret message transformed back to original message using the secret
transformation process and the key
4. Discuss the various types of Security Services w.r.t X.800
Security Service:
 Enhance security of data processing systems and information transfers of an
 intended to counter security attacks
 using one or more security mechanisms
 often replicates functions normally associated with physical documents
o which, for example, have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized or witnessed; be
recorded or licensed.
 X.800:
“a service provided by a protocol layer of communicating open systems, which ensures
adequate security of the systems or of data transfers”

Security Services (X.800)

 Authentication - assurance that the communicating entity is the one claimed

 Access Control - prevention of the unauthorized use of a resource
 Data Confidentiality –protection of data from unauthorized disclosure
 Data Integrity - assurance that data received is as sent by an authorized entity
 Non-Repudiation - protection against denial by one of the parties in a
 The assurance that the communicating entity is the one that it claims to be.
 Peer Entity Authentication
o Used in association with a logical connection to provide confidence in the
identity of the entities connected.
 Data-Origin Authentication
o In a connectionless transfer, provides assurance that the source of received
data is as claimed.
– The prevention of unauthorized use of a resource
– (i.e., this service controls
• who can have access to a resource,
• under what conditions access can occur,
• and what those accessing the resource are allowed to do).

The protection of data from unauthorized disclosure.
• Connection Confidentiality
• The protection of all user data on a connection.
• Connectionless Confidentiality
• The protection of all user data in a single data block.
• Selective-Field Confidentiality
• The confidentiality of selected fields within the user data on a connection
or in a single data block.
• Traffic-Flow Confidentiality
• The protection of the information that might be derived from observation
of traffic flows.
– The assurance that data received are exactly assent by an authorized entity
(i.e., contain no modification, insertion, deletion, or replay).
• Connection Integrity with Recovery
– Provides for the integrity of all user data on a connection and
detects any modification, insertion, deletion, or replay of any data
within an entire data sequence, with recovery attempted.
• Connection Integrity without Recovery
– As above, but provides only detection without recovery.
• Selective-Field Connection Integrity
– Provides for the integrity of selected fields within the user data of a
data block transferred over a connection and takes the form of
determination of whether the selected fields have been modified,
inserted, deleted, or replayed.
• Connectionless Integrity
– Provides for the integrity of a single connectionless data block and
may take the form of detection of data modification. Additionally,
a limited form of replay detection may be provided.
• Selective-Field Connectionless Integrity
– Provides for the integrity of selected fields within a single
connectionless data block; takes the form of determination of
whether the selected fields have been modified.

– Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
• Nonrepudiation, Origin
– Proof that the message was sent by the specified party.
• Nonrepudiation, Destination
– Proof that the message was received by the specified party

5. Write a note on Security Standards.

Various organizations have been involved in the development or promotion of these
The most important (in the current context) of these organizations are as follows.

National Institute of Standards and Technology: NIST is a U.S. federal agency that deals
with measurement science, standards, and technology related to U.S. government use and
to the promotion of U.S. private-sector innovation. Despite its national scope, NIST
Federal Information Processing Standards (FIPS) and Special Publications (SP) have a
worldwide impact.
• Internet Society: ISOC is a professional membership society with worldwide
organizational and individual membership. It provides leadership in addressing issues
that confront the future of the Internet and is the organization home for the groups
responsible for Internet infrastructure standards, including the Internet Engineering Task
Force (IETF) and the Internet Architecture Board (IAB). These organizations develop
Internet standards and related specifications, all of which are published as Requests for
Comments (RFCs).

6. Explain with a neat diagram Kerberos version 4 message


• Kerberos is a key distribution and user authentication service

• trusted key server system from MIT
• provides centralised private-key third-party authentication in a distributed network
– allows users access to services distributed through network
– without needing to trust all workstations
rather all trust a central authentication server
Kerberos address the following three threats existing in distributed network
• i)A user may gain access to a particular workstation and pretend to be another user
operating from that workstation.
• ii)A user may alter the network address of a workstation so that the requests sent
from the altered workstation appear to come from the impersonated workstation.
• Iii)A user may eavesdrop on exchanges and use a replay attack to gain entrance to a
server or to disrupt operations

Kerberos Requirements:
• its first report identified requirements as:
– secure
– reliable
– transparent
– scalable
implemented using an authentication protocol based on Needham-Schroeder

Kerberos Version 4
i)The client requests a ticket-granting ticket on behalf of the user by sending its
user’s ID to the AS, together with the TGS ID, indicating a request to use the TGS
ii). The AS responds with a ticket that is encrypted with a key that is derived from
the user’s password (KC), which is already stored at the AS.
When this response arrives at the client, the client prompts the user for his
or her password, generates the key, and attempts to decrypt the incoming message.
If the correct password is supplied, the ticket is successfully recovered.
iii)The client requests a service-granting ticket on behalf of the user. For this
purpose, the client transmits a message to the TGS containing the user’s ID, the ID of the
desired service, and the ticket-granting ticket.
iv)The TGS decrypts the incoming ticket using a key shared only by the AS and the
TGS (Ktgs) and verifies the success of the decryption by the presence of its ID.
It checks to make sure that the lifetime has not expired
.Then it compares the user ID and network address with the incoming
information to authenticate the user.
If the user is permitted access to the server V, the TGS issues a ticket to
grant access to the requested service.
v). The client requests access to a service on behalf of the user. For this purpose, the
client transmits a message to the server containing the user’s ID and the servicegranting
.The server authenticates by using the contents of the ticket.

Kerberos v4 Dialogue
i)obtain ticket granting ticket from AS
• once per session
ii)obtain service granting ticket from TGT
• for each distinct service required
iii)client/server exchange to obtain service
• on every service request
7. With a neat block diagram explain the model of network
security and explain the security mechanisms involved in it.
Network security model.. take from answer 3

Security Mechanism:
• feature designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all services required
• however one particular element underlies many of the security mechanisms in
– cryptographic techniques
• hence our focus on this topic
Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event detection, security audit trails,
security recovery
• Encipherment
• The use of mathematical algorithms to transform data into a form that is
not readily intelligible.
• The transformation and subsequent recovery of the data depend on an
algorithm and zero or more encryption keys.
• Digital Signature
• Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the recipient).
• Access Control
• A variety of mechanisms that enforce access rights to resources.
• Data Integrity
• A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
Authentication Exchange
• A mechanism intended to ensure the identity of an entity by means of
information exchange.
Traffic Padding
• The insertion of bits into gaps in a data stream to frustrate traffic analysis
Routing Control
• Enables selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspected.
The use of a trusted third party to assure certain properties of a data
Trusted Functionality
• That which is perceived to be correct with respect to some criteria (e.g., as
established by a security policy).
Security Label
• The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection
Detection of security-relevant events.

8. Explain in detail Kerberos version 5 Authentication dialogue.

Kerberos Version 5
• developed in mid 1990’s
• specified as Internet standard RFC 1510
• provides improvements over v4
– addresses environmental shortcomings
• encryption alg, network protocol, byte order, ticket lifetime,
authentication forwarding, interrealm auth
– and technical deficiencies
• double encryption, non-std mode of use, session keys, password
Message (1) is a client
request for a ticket-granting ticket. As before, it includes the ID of the user and the TGS.The following
new elements are added:
• Realm: Indicates realm of user.
• Options: Used to request that certain flags be set in the returned ticket.
• Times: Used by the client to request the following time settings in the ticket:
from: the desired start time for the requested ticket
till: the requested expiration time for the requested ticket
rtime: requested renew-till time
• Nonce: A random value to be repeated in message (2) to assure that the response is fresh and has not
been replayed by an opponent.
Message (2) returns a ticket-granting ticket, identifying information for the client, and a block encrypted
using the encryption key based on the user’s password. This block includes the session key to be used
between the client and the TGS, times specified in message (1), the nonce from message (1), and TGS
identifying information. The ticket itself includes the session key, identifying information for the client,
the requested time values, and flags that reflect the status of this ticket and the requested options.

We see that message (3) for both versions includes an authenticator, a ticket, and the name of the
requested service. In addition, version 5 includes requested times and options for the ticket and a
nonce—all with functions similar to those of message (1).
The authenticator itself is essentially the same as the one used in version 4. Message (4) has the same
structure as message (2). It returns a ticket plus information needed by the client, with the information
encrypted using the session key now shared by the client and the TGS.
In message (5), the client may request as an option that mutual authentication is required.The
authenticator includes several new fields:
• Subkey: The client’s choice for an encryption key to be used to protect this specific application session.
If this field is omitted, the session key from the ticket (KC,V) is used.
Sequence number: An optional field that specifies the starting sequence number
to be used by the server for messages sent to the client during this session.
Messages may be sequence numbered to detect replays.

9. Explain the different authentication procedures in X.509 certificate and

Explain with a neat diagram Kerberos Request for Service in Realm
X.509 CEX>509
X.509 certificate:
• part of CCITT X.500 directory service standards
– distributed servers maintaining user info database
• defines framework for authentication services
– directory may store public-key certificates
– with public key of user signed by certification authority
• also defines authentication protocols
• uses public-key crypto & digital signatures
– algorithms not standardised, but RSA recommended
• X.509 certificates are widely used
• issued by a Certification Authority (CA), containing:
– version (1, 2, or 3)
– serial number (unique within CA) identifying certificate
– signature algorithm identifier
– issuer X.500 name (CA)
– period of validity (from - to dates)
– subject X.500 name (name of owner)
– subject public-key info (algorithm, parameters, key)
– issuer unique identifier (v2+)
– subject unique identifier (v2+)
– extension fields (v3)
– signature (of hash of all fields in certificate)
• notation CA<<A>> denotes certificate for A signed by CA
• a Kerberos environment consists of:
– a Kerberos server
– a number of clients, all registered with server
– application servers, sharing keys with server
• this is termed a realm
– typically a single administrative domain
• if have multiple realms, their Kerberos servers must share keys and
X.509 CE
10. Describe Oakley key distribution protocol (from 7th unit..)
Oakley Key Determination Protocol: Oakley is a key exchange protocol based
on the Diffie-Hellman algorithm but providing added security. Oakley is
generic in that it does not dictate specific formats.
The key determination algorithm is characterized by five important features:
1. It employs a mechanism known as cookies to thwart clogging attacks.
2. It enables the two parties to negotiate a group; this, in essence, specifies the global
parameters of the Diffie-Hellman key exchange.
3. It uses nonces to ensure against replay attacks.
4. It enables the exchange of Diffie-Hellman public key values.
5. It authenticates the Diffie-Hellman exchange to thwart man-in-the-middle

11. With a neat diagram explain general format of X.509

public key certificate.
Same as answer 9

12. List out the differences between Kerberos version 4 and

version 5
DIFFERENCES BETWEEN VERSIONS 4 AND 5 Version 5 is intended to address the limitations of version 4 in two
areas: environmental shortcomings and technical deficiencies.We briefly summarize the improvements in
each area.Kerberos version4 did not fully address the need to be of general purpose. This led to the
following environmental shortcomings.
1. Encryption system dependence: Version 4 requires the use of DES. Export restriction on DES as
well as doubts about the strength of DES were thus of concern. In version 5, ciphertext is tagged with an
encryption-type identifier so that any encryption technique may be used. Encryption keys are tagged with
a type and a length, allowing the same key to be used in different algorithms and allowing the pecification
of different variations on a given algorithm.
2. Internet protocol dependence: Version 4 requires the use of Internet Protocol (IP) addresses. Other
address types, such as the ISO network address, are not accommodated.Version 5 network addresses
are tagged with type and length, allowing any network address type to be used.
3. Message byte ordering: In version 4, the sender of a message employs a byte ordering of its own
choosing and tags the message to indicate least significant byte in lowest address or most significant byte
in lowest address. This techniques works but does not follow established conventions. In version 5, all
message structures are defined using Abstract Syntax Notation One (ASN.1) and Basic Encoding Rules
(BER), which provide an unambiguous byte ordering.
4. Ticket lifetime: Lifetime values in version 4 are encoded in an 8-bit quantity in units of five minutes.
Thus, the maximum lifetime that can be expressed is 28 5 1280 minutes (a little over 21 hours).This may
be inadequate for some applications (e.g., a long-running simulation that requires valid Kerberos
credentials throughout execution). In version 5, tickets include an explicit start time and end time, allowing
tickets with arbitrary lifetimes.
5. Authentication forwarding: Version 4 does not allow credentials issued to one client to be forwarded
to some other host and used by some other client. This capability would enable a client to access a
server and have that server access another server on behalf of the client. For example, a client issues a
request to a print server that then accesses the client’s file from a file server, using the client’s
credentials for access.Version 5 provides this capability.
6. Interrealm authentication: In version 4, interoperability among N realms requires on the order of N2
Kerberos-to-Kerberos relationships, as described earlier. Version 5 supports a method that requires fewer
Apart from these environmental limitations, there are technical deficiencies
in the version 4 protocol itself. Most of these deficiencies were documented in [BELL90], and version 5
attempts to address these. The deficiencies are the following.
1. Double encryption: Note in Table 4.1 [messages (2) and (4)] that tickets provided to clients are
encrypted twice—once with the secret key of the target server and then again with a secret key known to
the client. The second encryption is not necessary and is computationally wasteful.
PCBC encryption: Encryption in version 4 makes use of a nonstandard mode of
DES known as propagating cipher block chaining (PCBC).
2 It has been demonstrated that this mode is vulnerable to an attack involving the interchange
of ciphertext blocks [KOHL89]. PCBC was intended to provide an integrity check as part of the encryption
operation.Version 5 provides explicit integrity mechanisms, allowing the standard CBC mode to be used
for encryption. In particular, a checksum or hash code is attached to the message prior to encryption
using CBC.
3. Session keys: Each ticket includes a session key that is used by the client to encrypt the authenticator
sent to the service associated with that ticket. In addition, the session key subsequently may be used by
the client and the server to protect messages passed during that session. However, because the same
ticket may be used repeatedly to gain service from a particular server, there is the risk that an opponent
will replay messages from an old session to the client or the server. In version 5, it is possible for a client
and server to negotiate a subsession key, which is to be used only for that one connection. A new access
by the client would result in the use of a new subsession key.
4. Password attacks: Both versions are vulnerable to a password attack. The message from the AS to
the client includes material encrypted with a key based on the client’s password.3 An opponent can
capture this message and attempt to decrypt it by trying various passwords. If the result of a test
decryption is of the proper form, then the opponent has discovered the client’s password and may
subsequently use it to gain authentication credentials from Kerberos.. Version 5 does provide a
mechanism known as preauthentication, which should make password attacks more difficult,
but it does not prevent them.

13. Write a short note on

a. PKI b. IETF c. Key management


Public-key Infrastructure (PKI) is an integrated system of software, encryption methodologies,

protocols, legal agreements, and third-party services that enables users to communicate
securely. PKI systems are based on public-key cryptosystems and include digital certificates
and certificate authorities (CAs).
c)Key Management
• public-key encryption helps address key distribution problems
• have two aspects of this:
– distribution of public keys
– use of public-key encryption to distribute secret keys
Distribution of Public Keys
• can be considered as using one of:
– public announcement
– publicly available directory
– public-key authority
– public-key certificates
Public Announcement
• users distribute public keys to recipients or broadcast to community at large
• eg. append PGP keys to email messages or post to news groups or email list
• major weakness is forgery
• anyone can create a key claiming to be someone else and broadcast it
• until forgery is discovered can masquerade as claimed user
Publicly Available Directory
• can obtain greater security by registering keys with a public directory
• directory must be trusted with properties:
– contains {name,public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
– directory can be accessed electronically
still vulnerable to tampering or forging
Public-Key Authority
– improve security by tightening control over distribution of keys from
– has properties of directory
– and requires users to know public key for the directory
– then users interact with directory to obtain any desired public key securely
– does require real-time access to directory when keys are needed

Public-Key Certificates
– certificates allow key exchange without real-time access to public-key
– a certificate binds identity to public key
– usually with other info such as period of validity, rights of use etc
– with all contents signed by a trusted Public-Key or Certificate Authority
– can be verified by anyone who knows the public-key authorities public-key
Simple Secret Key Distribution
– A generates a new temporary public key pair
– A sends B the public key and their identity
– B generates a session key K sends it to A encrypted using the supplied
public key
– A decrypts the session key and both use
Public-Key Distribution of Secret Keys
• if have securely exchanged public-keys:

The Internet Engineering Task Force
(IETF) Public Key Infrastructure X.509 (PKIX) working group has been the driving
force behind setting up a formal (and generic) model based on X.509 that is
suitable for deploying a certificate-based architecture on the Internet.
These organizations develop Internet standards and related specifications,
all of which are published as Requests for Comments (RFCs).
14. Discuss the authentication procedures in detail
Authentication Procedures
 X.509 includes three alternative authentication procedures:
 One-Way Authentication
 Two-Way Authentication
 Three-Way Authentication
 all use public-key signatures
One-Way Authentication
 1 message ( A->B) used to establish
o the identity of A and that message is from A
o message was intended for B
o integrity & originality of message
 message must include timestamp, nonce, B's identity and is signed by A
 may include additional info for B
o eg session key
Two-Way Authentication
 2 messages (A->B, B->A) which also establishes in addition:
o the identity of B and that reply is from B
o that reply is intended for A
o integrity & originality of reply
 reply includes original nonce from A, also timestamp and nonce from B
 may include additional info for A

Three-Way Authentication
 3 messages (A->B, B->A, A->B) which enables above authentication without synchronized clocks
 has reply from A back to B containing signed copy of nonce from B
 means that timestamps need not be checked or relied upon

15. Differentiate between symmetric and asymmetric encryption

Symmetric Encryption:
• conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key in 1970’s
• and by far most widely used
• two requirements for secure use of symmetric encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
• mathematically have:
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key

• There are a number of popular symmetric encryption cryptosystems. One of the most
widely known is the Data Encryption Standard (DES), which was developed by IBM and
is based on the company’s Lucifer algorithm, which uses a key length of 128 bits. As
implemented, DES uses a 64-bit block size and a 56-bit key.
• In 1998, a group called the Electronic Frontier Foundation (www.eff.org), using a
specially designed computer, broke a DES key in less than three days (just over 56 hours,
to be precise). Since then, it has been theorized that a dedicated attack supported by the
proper hardware (not necessarily a specialized computer) can break a DES key in less
than four hours.
• Triple DES (3DES) was created to provide a level of security far beyond that of DES.
3DES was an advanced application of DES, and while it did deliver on its promise of
encryption strength beyond DES, it too soon proved too weak to survive indefinitely—
especially ascomputing power continued to double every 18 months. Within just a few
years, 3DES needed to be replaced.
• The successor to 3DES is the Advanced Encryption Standard (AES). AES has been
developed to replace both DES and 3DES. While 3DES remains an approved algorithm
for some uses, its expected useful
• life is limited
• AES implements a block cipher called the Rijndael Block Cipher with a variable block
length and a key length of 128, 192, or 256 bits. Experts estimate that the special
computer used by the Electronic Frontier Foundation to crack DES within a couple of
days would requireapproximately 4,698,864 quintillion years
(4,698,864,000,000,000,000,000) to crack AES.

• Asymmetric Encryption
• While symmetric encryption systems use a single key to both encrypt and decrypt a
message, asymmetric encryption uses two different but related keys, and either key can
be used to encrypt or decrypt the message. If, however, key A is used to encrypt the
message, only key B can decrypt it, and if key B is used to encrypt a message, only key A
can decrypt it.
• Asymmetric encryption can be used to provide elegant solutions to problems of secrecy
and verification.
• This technique has its highest value when one key is used as a private key, which means
that it is kept secret (much like the key in symmetric encryption), known only to the
owner of the key pair, and the other key serves as a public key, which means that it is
stored in a public location where anyone can use it. This is why the more common name
for asymmetric encryption is public-key encryption.
• Asymmetric algorithms are one-way functions. A one-way function is simple to compute
in one direction, but complex to compute in the opposite direction. This is the foundation
of public-key encryption. Public-key encryption is based on a hash value, which, as you
learned earlier in this chapter, is calculated from an input number using a hashing
• One of the most popular public key cryptosystems is RSA, whose name is derived from
• Rivest-Shamir-Adleman, the algorithm’s developers. The RSA algorithm was the first
public key encryption algorithm developed (in 1977) and published for commercial use.
• The problem with asymmetric encryption, as shown earlier in the example in Figure 8-6,
is that holding a single conversation between two parties requires four keys. Moreover, if
four organizations want to exchange communications, each party must manage its private
key and four public keys. In such scenarios, determining which public key is needed to
encrypt a particular message can become a rather confusing problem, and with more
organizations in the loop, the problem expands. This is why asymmetric encryption is
sometimes regarded by experts as inefficient. Compared to symmetric encryption,
asymmetric encryption is also not as efficient in terms of CPU computations.

16.Using Vernam Cipher Method encrypt the following: Plain

Text: SECURITY One time Pad: ROUTE

17 14 20 19 4 17 14 20

+ (mod 26)

18 4 2 20 17 8 19 24

Cipher Text:

17.Explain Feistel Cipher structure with a neat diagram

Feistel Cipher Structure

Horst Feistel devised the feistel cipher based on concept of invertible product cipher partitions
input block into two halves process through multiple rounds which perform a substitution on left
data half based on round function of right half & subkey then have permutation swapping halves
implements Shannon’s S-P net concept
The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K.
The plaintext block is divided into two halves, LE0 and RE0.
The two halves of the data pass through n rounds of processing and then combine to produce the
ciphertext block.
Each round i has as inputs LEi 1 and REi 1 derived from the previous round, as well as a
subkey Ki derived from the overall K. In general, the subkeys Ki are different from K and from
each other and are generated from the key by a subkey generation algorithm.
In Figure 16 rounds are used, although any number of rounds could be implemented.

Feistel Cipher Design Elements

block size
Larger block sizes mean greater security , but reduced encryption/decryption speed. A block size
of 128 bits is a reasonable tradeoff and is nearly universal among recent block cipher designs.
key size
Larger key size means greater security but may decrease encryption/ decryption speed.The most
common key length in modern algorithms is 128 bits.
number of rounds
a single round offers inadequate security but that multiple rounds offer increasing security. A
typical size is 16 rounds.
subkey generation algorithm , greater complexity generally means greater resistance
round function greater complexity generally means greater resistance
fast software en/decryption
ease of analysis
18.Describe secure Key Management techniques
Refer previous answers

19.Discuss about Digital Certificates and Signatures in detail

Digital Signatures:
Digital signatures were created in response to the rising need to verify information transferred
via electronic systems. Asymmetric encryption processes are used to create digital signatures.
When an asymmetric cryptographic process uses the sender’s private key to encrypt a message,
the sender’s public key must be used to decrypt the message. When the decryption is
successful, the process verifies that the message was sent by the sender and thus cannot be
refuted. This process is known as nonrepudiation and is the principle of cryptography that
underpins the authentication mechanism collectively known as a digital signature. Digital
signatures are, therefore, encrypted messages that can be mathematically proven authentic.
• have looked at message authentication
– but does not address issues of lack of trust
• digital signatures provide the ability to:
– verify author, date & time of signature
– authenticate message contents
– be verified by third parties to resolve disputes
• hence include authentication function with additional capabilities

Digital Signature Properties:

• must depend on the message signed
• must use information unique to sender
– to prevent both forgery and denial
• must be relatively easy to produce
• must be relatively easy to recognize & verify
• be computationally infeasible to forge
– with new message for existing digital signature
– with fraudulent digital signature for given message
• be practical save digital signature in storage

Digital Certificates:
Digital Certificates
As you learned earlier in this chapter, a digital certificate is an electronic document or container
file that contains a key value and identifying information about the entity that controls the key.
The certificate is often issued and certified by a third party, usually a certificate authority. A
digital signature attached to the certificate’s container file certifies the file’s origin and integrity.
This verification process often occurs when you download or update software via the Internet.
Unlike digital signatures, which help authenticate the origin of a message, digital certificates
authenticate the cryptographic key that is embedded in the certificate. When used properly these
certificates enable diligent users to verify the authenticity of any organization’s certificates. This
is much like what happens when the Federal Deposit Insurance Corporation issues its FDIC logo
to banks to assure customers that their bank is authentic.

20. Discuss Diffie Hellman Key Exchange Algorithm

Diffie-Hellman Key Exchange:
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the exposition of public key concepts
– note: now know that Williamson (UK CESG) secretly proposed the concept in
• is a practical method for public exchange of a secret key
• used in a number of commercial products
• a public-key distribution scheme
– cannot be used to exchange an arbitrary message
– rather it can establish a common key
– known only to the two participants
• value of key depends on the participants (and their private and public key information)
• based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
• security relies on the difficulty of computing discrete logarithms (similar to factoring) –
• all users agree on global parameters:
– large prime integer or polynomial q
– a being a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
compute their public key: yA = axA mod q
• each user makes public that key yA
• shared session key for users A & B is KAB:

KAB = axA.xB mod q

= yAxB mod q (which B can compute)
= yBxA mod q (which A can compute)
• KAB is used as session key in private-key encryption scheme between Alice and Bob
• if Alice and Bob subsequently communicate, they will have the same key as before,
unless they choose new public-keys
• attacker needs an x, must solve discrete log
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and a=3
• select random secret keys:
• A chooses xA=97, B chooses xB=233
• compute respective public keys:
• yA=397 mod 353 = 40 (Alice)
• yB=3233 mod 353 = 248 (Bob)
• compute shared session key as:
• KAB= yBxA mod 353 = 24897 = 160 (Alice)
• KAB= yAxB mod 353 = 40233 = 160 (Bob)