Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
BT0088 : Cryptography and Network Security - Assignment

BT0088 : Cryptography and Network Security - Assignment



|Views: 420 |Likes:
Published by Pawan Mall
Download - BT0088 : Cryptography and Network Security - Assignment
Download - BT0088 : Cryptography and Network Security - Assignment

More info:

Categories:Types, School Work
Published by: Pawan Mall on Feb 06, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





BT0088 - Cryptography and Network Security
Question 1 -
Define attack and explain the types of Threats.
The Internet continues to grow exponentially. Personal, government, and businessapplications continue to multiply on the Internet, with immediate benefits to end users.However, these network-based applications and services can pose security risks toindividuals and to the information resources of companies and governments. Information isan asset that must be protected. Without adequate network security, many individuals,businesses, and governments risk losing that asset is called attack.Types of Threats
Interception: This type of threat occurs when an unauthorized party (outsider) hasgained access. The outside party can be a person, a program, or a computingsystem. Examples of this type of failure are illicit copying of program or data files, or wiretapping to obtain data in a network. Although a loss may be discovered fairlyquickly, a silent interceptor may leave no traces by which the interception can bereadily detected. When an unauthorized party modifies or corrupts the asset, thethreat is a modification. For example, someone might change the values in adatabase, alter a program so that it performs an additional computation. It is evenpossible to modify hardware. Only some cases are detected easily using simplemeasures, but others are almost impossible to detect.
Interruption: This occurs when an asset of the system becomes lost, unavailable, or unusable. An example is the malicious destruction of a hardware device, erasure of aprogram or data file, or malfunction of an operating system file manager so that itcannot find a particular disk file. The useful means of classifying security attacks is interms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect the system resources. An active attack attempts to alter system resources or affect their operation.
Question 2 -
What is security attack? Explain with examples.
When you test any computer system, one of your jobs is to imagine how the system couldmalfunction. Then, you improve the system's design so that the system can withstand any of the problems you have identified. In the same way, we analyze a system from a securityperspective, thinking about the ways in which the system's security can malfunction anddiminish the value of its assets. Any action that compromises the security of informationowned by an organization is called security attack. Those who execute such actions, or cause them to be executed, are called attackers or opponents.Computer-based system has three interrelated and valuable components namely, hardware,software, and data. Each of these assets offers value to different members of the communityaffected by the system. To analyze security, we can brainstorm about the ways in which thesystem or its information can experience some kind of loss or harm. For example, we canidentify data whose format or contents should be protected in some way. We want our security system to make sure that no data is disclosed to an unauthorized parties. Neither dowe want the data being modified in illegitimate ways nor do we want the illegitimate users toaccess the data. By this we identify weaknesses of a system.i.e. A process whereby a person compromises your computer by installing harmful malicioussoftware in your computer without your knowledge. These malicious software includesviruses, spywares, adwares, and trojan horses. These software often deletes certain vitalfiles on your computer, making your computer to function abnormally, spying on your onlinesurfing habits, and cause advertisements to pop up on your screen when you are online.
Question 3 -
Explain different characteristics that identify a good encryption technique.
Several characteristics that identify a good Encryption technique.
The implementation of the process should be as simple as possible. Principle 3 wasformulated with hand implementation in mind: A complicated algorithm is prone toerror or likely to be forgotten. With the development and popularity of digitalcomputers, algorithms far too complex for hand implementation became feasible.Still, the issue of complexity is important. People will avoid an encryption algorithmwhose implementation process severely hinders message transmission, therebyundermining security. And a complex algorithm is more likely to be programmedincorrectly.
The enciphering algorithm and set of keys used should be less complex. Thisprinciple implies that we should restrict neither the choice of keys nor the types of plaintext on which the algorithm can work. For instance, an algorithm that works onlyon plaintext having an equal number of As and Es is useless. Similarly, it would bedifficult to select keys such that the sum of the values of the letters of the key is aprime number. Restrictions such as these make the use of the enciphermentprohibitively complex. If the process is too complex, it will not be used. Furthermore,the key must be transmitted, stored, and remembered, so it must be short.
The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption. Principle 1 is a reiteration of the principle of timelinessand of the earlier observation that even a simple cipher may be strong enough todeter the casual interceptor or to hold off any interceptor for a short time.
Errors in ciphering should not propagate and cause corruption of further informationin the message. Principle 4 acknowledges that humans make errors in their use of enciphering algorithms. One error early in the process should not throw off the entireremaining ciphertext.
The size of the original message and that of enciphered text should be at most same.The idea behind principle 5 is that a ciphertext that expands dramatically size cannotpossibly carry more information than the plaintext, yet it gives the cryptanalyst moredata from which to infer a pattern. Furthermore, a longer ciphertext implies morespace for storage and more time to communicate.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->