Professional Documents
Culture Documents
Mid Term Assignment
Mid Term Assignment
Subject:
Distributed Computing
Department:
CS & IT
Program:
BS-CS (6th)
Submitted to:
Mr. Fahad
Submitted by:
Hussnain Ali
Roll No:
0002-BS-CS-2017
Date:
20-06-2020
Q No.1:
Authentication
The process in which we identify user are authentic in called authentication. We identify user by
with user ID and authentication is complete when the user provide a certification for example a
password that match with user ID.
It is a fundamental security building block.
It determine whether someone is declare itself
Techniques are used for authentication
1. Authentication based on shared keys authorship
2. Authentication using a key distribution center
3. Authentication using public key encryption
Q No.2:
Threat
Possible danger that expose weakness or vulnerability and cause of data interception, data
interruption, data modification or data fabrication is called threat.
Attack
Unauthorized user that try to expose, destroy, modify or steal data is said to be attack
Types of threats
1. Interception
In this threat unauthorized user gain access to data. Interception means that some
unapproved party has accessed a benefit. The outside gathering can be an individual, a
program, or a processing system. Instances of this sort of disappointment are unlawful
replicating of program or information documents.
Example:
Illicit copying of program
2. Interruption
In this threat a system data is made corrupted or inaccessible for real use. A benefit of the
system gets lost, inaccessible, or unusable. A model is malicious destruction of an
equipment device, deletion of a program or information record of a working framework
document supervisor with the goal that it cannot locate a specific circle document
Example:
Overloading a server have with the goal that it can't react
Cutting communication line
3. Modification
In this threat unauthorized person change the original data. This threat against the
integrity of data. In the event that an unapproved party gets to as well as alters a benefit,
the danger is a modification. For instance, somebody may change the qualities in a
database, adjust a program with the goal that it plays out an extra calculation, or alter
information being transmitted electronically. It is even conceivable to alter equipment. A
few instances of alteration can be recognized with basic measures, yet other, increasingly
inconspicuous, changes might be practically difficult to distinguish.
Example:
Data exist but incorrect
Unauthorized user add data that does not exist before
4. Fabrication
In this threat unauthorized user add additional data that is not exist. These threat against
authentication, or authorization capability of the network
Example:
Send message into network using other user identity
Types of Attack
Passive attacks
Unauthorized user access data from PC but cannot cause harmful to PC
Browsing
Unauthorized user read stored file, traverse message packet and access other memory
process
Inferencing
Unauthorized user record and analyzes past activities and then use that information to
draw inferences
Masquerading
Unauthorized user show as an authorized user for gain access to unauthorized data
Active attacks
In active attack unauthorized user access data from PC and performed malicious activities that
are harmful for PC
Virus
It is a small batch of program that load into computer to perform malicious activities.
Attacker writer a program and attached that file with program executed file. When
program executed the virus also executed.
Viruses cannot automatically spread to anther computer
Virus separate from one file to other
It need a user action to execute
Virus actions
computer crash repeatedly
Erase files
Turn off computer security
Reformat the hard disk drive
Worm
It is a small piece of program that repeat itself very quickly using computer network and
security holes
It cannot need user action for execution.
It separate from one PC to another
It consume computer resources
It find vulnerability in an application or operating system
Worm actions
Deleting computer files
Allowing remote control of computer by an attacker
Logic bomb
It is a piece of code that insert into software system that execute when specific condition
meet.
Actions that performed:
Delete data
Corrupt data
Integrity attack
Attacker received the message in communication channel change that message and send
to receiver.
Authenticity attack
Attacker connect to computer network and insert bogus message with valid address in the
system and deliver to receiver
Denial attack
Attacker block communication path between two persons in a network
Delay attack
Attacker delay the message delivery that can make useless to receive if it is received late
Replay attack
Attacker send old messages as a new messages to receiver