Mid Term Assignment

Subject:
Distributed Computing

Department:

CS & IT

Program:
BS-CS (6th)

Submitted to:
Mr. Fahad
Submitted by:

Hussnain Ali
Roll No:
0002-BS-CS-2017

Date:
20-06-2020
Q No.1:
Authentication
The process in which we identify user are authentic in called authentication. We identify user by
with user ID and authentication is complete when the user provide a certification for example a
password that match with user ID.
 It is a fundamental security building block.
 It determine whether someone is declare itself
Techniques are used for authentication
1. Authentication based on shared keys authorship
2. Authentication using a key distribution center
3. Authentication using public key encryption

Authentication based on shared keys authorship

In this method key share between two persons for authentication. For example two persons A
and B.
Working
 Person A send request to person B
 Person B send a challenge to person A
 Person A encrypt the challenge and send person B with secret key that use to decrypt the
challenge
 Person A send challenge to person B
 Person B encrypt the challenge and send person A with secret key that use to decrypt the
challenge
In this way person A knows that B exist on the other end and person B knows that A exist on the
other hand. In this way shared key authorship work.

Authentication using a key distribution center

In this method key distribution center collaborates with every other host for secret key but any
pair of host does not require to have shared key. In KDC it is necessary to manage N keys.
For example person A want to communicate with person B
Working
 Person A send request to key distribution center and say want to talk with person B
 KDC send a message to person A that contain secret shared key of person B and also
send message person B that contain secret shared key of person A
Authentication using public key encryption
In this method key authentication depends on the utilization of public-key cryptography. In
public-key cryptography messages are encrypted and decrypted with different keys. This implies
every person that utilizes public-key cryptography has a key pair that comprises of a public key
and a private key.
For example person A want to communicate with person B
Working
 Person A encrypt the challenge using public key and send to person B
 Person B decrypt the challenge using private key and send encrypt challenge to person A
using public key
 Person A decrypt the challenge using private key and a session generate between person
A and B
 Person A send session key and decrypt challenge of B

Q No.2:
Threat
Possible danger that expose weakness or vulnerability and cause of data interception, data
interruption, data modification or data fabrication is called threat.
Attack
Unauthorized user that try to expose, destroy, modify or steal data is said to be attack

Types of threats
1. Interception
In this threat unauthorized user gain access to data. Interception means that some
unapproved party has accessed a benefit. The outside gathering can be an individual, a
program, or a processing system. Instances of this sort of disappointment are unlawful
replicating of program or information documents.
Example:
 Illicit copying of program
 2. Interruption
In this threat a system data is made corrupted or inaccessible for real use. A benefit of the
system gets lost, inaccessible, or unusable. A model is malicious destruction of an
equipment device, deletion of a program or information record of a working framework
document supervisor with the goal that it cannot locate a specific circle document
Example:
 Overloading a server have with the goal that it can't react
 Cutting communication line

3. Modification
In this threat unauthorized person change the original data. This threat against the
integrity of data. In the event that an unapproved party gets to as well as alters a benefit,
the danger is a modification. For instance, somebody may change the qualities in a
database, adjust a program with the goal that it plays out an extra calculation, or alter
information being transmitted electronically. It is even conceivable to alter equipment. A
few instances of alteration can be recognized with basic measures, yet other, increasingly
inconspicuous, changes might be practically difficult to distinguish.
Example:
 Data exist but incorrect
 Unauthorized user add data that does not exist before

4. Fabrication
In this threat unauthorized user add additional data that is not exist. These threat against
authentication, or authorization capability of the network
Example:
 Send message into network using other user identity

Types of Attack
Passive attacks
Unauthorized user access data from PC but cannot cause harmful to PC
 Browsing
Unauthorized user read stored file, traverse message packet and access other memory
process
 Inferencing
Unauthorized user record and analyzes past activities and then use that information to
draw inferences
  Masquerading
Unauthorized user show as an authorized user for gain access to unauthorized data

Active attacks
In active attack unauthorized user access data from PC and performed malicious activities that
are harmful for PC
 Virus
It is a small batch of program that load into computer to perform malicious activities.
Attacker writer a program and attached that file with program executed file. When
program executed the virus also executed.
 Viruses cannot automatically spread to anther computer
 Virus separate from one file to other
 It need a user action to execute
Virus actions
 computer crash repeatedly
 Erase files
 Turn off computer security
 Reformat the hard disk drive

 Worm
It is a small piece of program that repeat itself very quickly using computer network and
security holes
 It cannot need user action for execution.
 It separate from one PC to another
 It consume computer resources
 It find vulnerability in an application or operating system
Worm actions
 Deleting computer files
 Allowing remote control of computer by an attacker
 Logic bomb
It is a piece of code that insert into software system that execute when specific condition
meet.
Actions that performed:
 Delete data
 Corrupt data
 Integrity attack
Attacker received the message in communication channel change that message and send
to receiver.

 Authenticity attack
Attacker connect to computer network and insert bogus message with valid address in the
system and deliver to receiver
 Denial attack
Attacker block communication path between two persons in a network
 Delay attack
Attacker delay the message delivery that can make useless to receive if it is received late
 Replay attack
Attacker send old messages as a new messages to receiver