Q1.

For each of the following assets, assign a low, moderate, or high impact level for the
loss of confidentiality, availability, and integrity, respectively. Justify your answers.

a) Student maintaining a blog to post public information.

Confidentiality
maintaining a blog or website is public information. Anyone is allowed to modify or change
it. everyone can access that information and use for his own benefit. there is no
confidentiality is provided. So impact of confidentiality level is low.

Integrity
It is public information to keep a blog or publish web on a server. Anyone, whether an
authorized user or an intruder, may be able to make changes (Modification) So impact of
integrity level is moderate.

Availability
Unavailability of data is not a big issue for student or users. There are also minimum chances
of loss of information. Loss of information is not a biggest issue from the post of server. So
impact of availability level is moderate.

b) An examination section of a university that is managing sensitive information about

exam papers.

Confidentiality
An examination section of a university that is managing sensitive information about exam
papers need high security. Unauthorized data access may cause severe issues. As web server
contains the sensitive information so if any data loss occurs then it gives high loss. So impact
of confidentiality is high.

Integrity
Exam paper information system must be secured. On web server all the information about
the exam paper stored is private so if any modification occurs it gives a huge loss. So impact
of integrity level is high.

Availability
Exam paper information is only available to organization that is stored at single place. So
impact of availability is high.
c) An information system in a pathological laboratory maintaining the patient's records.

Confidentiality
Maintaining the patient's records in a pathological laboratory demands security. Any unauthorized
access can result in serious problems So impact of confidentiality is moderate.

Integrity
Patient data modification by unauthorized user may or may or may not cause adverse effect. Data
loss isn't a major issue. so, impact of integrity level is moderate.

Availability
Loss of availability is not a huge. so, impact of availability level is low.

d)Personal Academic Information

Confidentiality
A student information system used for maintaining student data may be web based. Web
server contains private information that is pre solicitation phase contract information only. So
impact of confidentiality level is low.

Integrity
Unauthorized modification in student data may cause severe effects. So, impact of integrity level is
moderate.

Availability
Loss of availability is not a huge. so, impact of availability level is low.

Routine Administrative Information

Confidentiality
A student information system used for maintaining student data and routine administrative
information may be web based. Web server contains only routine related information so; it
does not contain privacy related information. So everyone either students or administrators
can access that information So no confidentiality is provided and hence impact is low.

Integrity
As server has routine information so if there is any data loss so it will not a big issue. So the
impact level of integrity is low.
Availability
In this server loss of information is not biggest issue. So impact of availability is low.
Q2

A
There are no limitations on the value of b. If the value of b changes then the change in the
cipher text happens uniformly so the mapping remains one-to-one
b. The values (0, 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24) are not allowed for a. The value
of a is valid for encryption only when GCD(a,26) = 1. Any value greater than 25 will be
equivalent to a mod 26. The values of a and 26 must have no common positive integer factor
other than 1. This is equivalent to saying that a and 26 are relatively prime, or that the
greatest common divisor of a and 26 is 1.

Q3
As we know that the principal for Feistel systems is that the decoding or
decryption calculation is the same as the encryption one, just utilizing the sub
keys in the opposite manner.
As given in question for Feistel structure
Key Length = 128 bits
Number of Rounds = 16
Block Length = 128 bits
The Round keys are: Kl, K2, cK8

Set of keys are: K9 = K8, K10 = K7, K11 = K6, c, K16 = K1

From the above keys the cipher text is c. In the above set of keys are given as the mirror
images of the round functions used in round 9 though round 16 as images of the round
functions used in rounds 1 through 8.
The Complete set of keys are:

K9 = K8, K10 = K7, K11 = K6, c, K12 = K5, K13 = K4, K14 = K3, K15 = K2, K16 = K1

From the above key schedule, the encryption and decryption are identical. Suppose, the
encryption oracle to encrypt of message m is encrypt (m, key) = c or m’ = c
The cipher text will be returned by the oracle c.
Again, the decryption oracle cipher text c to decrypt of message m is decrypt (c, key) = m or
c’= m Hence, from the above key schedule shows that the use of cipher text c is unsafe to
choose the plain text.

Q4
 (A)Encryption

(B) Decryption

Encryption

For encryption, the counter is encrypted and then XORed

with the plaintext block to produce the ciphertext block; there is no chaining.
Figure A represent the CTR mode for encryption. Decryption operation is described as
below.
Ci = Pi XOR E (K, Ti)

1. The first counter 1 is encrypted using the K key and the intermediate result is XORed with
the plaintext block P, to produce the first ciphertext block C1. the counter is initialized
to some value and then incremented by 1 for each subsequent block

2. The first counter 2 is encrypted using the K. key and the intermediate result is XORed
with the plaintext block P2 to produce the first ciphertext block C2.
3. The preceding plaintext blocks are encrypted using the above steps. It is seen that each
plaintext block requires the previous ciphertext block for the encryption operation. As a
result, in the CBC mode, encrypting all of the plaintext blocks at the same time is impossible.
Decryption
Figure B represent the CTR mode for decryption. The operation for decryption is described
as below.
Pi = Ci XOR E (K, Ti)
1. The first counter 1 is encrypted using the K key and the intermediate result is XORed with
the plaintext block C, to produce the first ciphertext block P1.
2. The first counter 2 is encrypted using the K key and the intermediate result is XORed with
the plaintext block C2 to produce the first ciphertext block P2.
3. The preceding Ciphertext blocks are decrypted using the above steps. Thus, it can be seen
that each current ciphertext block requires previous ciphertext block for the decryption
operation. As a result, in the CBC mode, it is likewise impossible to decrypt all of the
ciphertext blocks at the same time.

Detail

In the encrypting and decryption in the CTR mode the encryption function E (K, Ti) produces
the output for the encryption function as the intermediate result. Assume that plaintext P; and
the ciphertext C is known. Now if the counter value Ti is known then all the possible values
of Key K, generate the intermediate results. Suppose the key is 56-bit log then for all 256
values encrypt the counter Ti. These outputs of the encryption function is stored in a table.
Now XOR all the intermediate results with the given plaintext P; and match the all produced
result with the known ciphertext block. The matched ciphertext block is considered and
stored. Therefore, the correct Key value for K is determined. Now the K is determined and
the counter is known, therefore, the output of the encryption function is determined with the
help of associated ciphertext block.