Q2.

Answer the following (Any 2)

1. Explain security basics. CO1 03
Information security builds on the pillar of CIA
C – Confidentiality
I – Integrity
A – Availability

 Confidentiality
Information kept private and secure.
Principal of Confidentiality specifies that only sender and recipients should be able to access
the content of message
Interception: Confidentiality get compromised if an unauthorized person is able to access a
message
For example a Confidentiality e-mail sent by A to B which is accessed by C without
permission or knowledge of A & B.
  Integrity
Data not modified, deleted or added
When the content of a message are changed after sender sends it, but before it reaches the
intended recipients, then Integrity of message is lost.
Modification: If Integrity of message is lost than it is known as modification.
For example user C change message originally sent by user A, which is made for user B.
User C somehow manage to access it change its content & sent changed message user B.
User A & B both are unknown about alteration by C

 Availability
System available to whom requires them

Principal of Availability states that resources should be available to authorized parties at all
times.
Interruption: If Availability of message is lost than it is known as interruption.

For example intentional action of unauthorized user C, an authorized user A may not able to
connect a server computer B.

2. Explain component of good password CO2 03

Here, following are policy of making good password

 Use more than 8 characters (More characters = Stronger passwords)

 Include random characters within the password (#, @, &, %, $ etc.)

 Use both uppercase and lowercase characters (i.e.- AbCDeF)

 Avoid using dictionary word or stereotypical passwords such as “dog”, “red” etc.

 Try using a passphrase instead of a password. “I8burger4d!NER”.

 Avoid using important dates or other meaningful information in your password.

 Users to change passwords periodically, every 90-180 days.

 3. Explain Symmetric and Asymmetric encryption model CO2 03

Symmetric Encryption:

It uses a single same key that both the sender and receiver have for Encryption and
Decryption
It is conventional cryptography also called secret key or symmetric key or private key
cryptography.
In this encryption system. One key is used both for encryption and decryption. The Data
Encryption Standard (DES) is an example of conventional cryptosystem.
As shown in below figure, the sender uses the key and encryption algorithm to encrypt the
plaintext and sends the cipher text to the receiver.
The receiver applies the same key and decryption algorithm to decrypt the message and
recover the plain text.
Symmetric key algorithm is efficient: it takes less time to encrypt a message than public key
algorithm. Because the key is usually smaller symmetric cryptography is used to encrypt and
decrypt long messages.
Asymmetric Encryption:

It is also known as a public key system. It uses two keys known to everyone and a private
key that only the recipient of messages uses.
RSA algorithm, DSA algorithm and Digital Signature are the example of public key system.
A cryptographic system that uses two keys a public key known to everyone and private or
secret key known only to the recipients of the messages.
Receiver then use her private key to decrypt it. So in public key cryptography pairs of keys
are used, public key for encryption and private key for decryption, instead of using same
secret key at both side like symmetric key cryptography.
The private key is never distributed and kept confidential by the receiver. The public key is
announced to the public and distributed widely and freely.