Unit 1

1) What are security mechanisms?

Security Mechanism
A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. The mechanisms are divided into those that
are implemented in a specific protocol layer, such as TCP or an application-layer
protocol.

2) What is steganography?

STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways.
The methods of steganography conceal the existence of the message,
whereas the methods of cryptography render the message unintelligible to
outsiders by various transformations of the text. A simple form of
steganography, but one that is time consuming to construct is one in which
an arrangement of words or letters within an apparently innocuous text
spells out the real message. e.g., (i) the sequence of first letters of each
word of the overall message spells out the real (hidden) message. (ii)
Subset of the words of the overall message is used to convey the hidden
message. Various other techniques have been used historically, some of
them are
 Character marking – selected letters of printed or typewritten
text are overwritten in pencil. The marks are ordinarily not visible
unless the paper is held to an angle to bright light.
 Invisible ink – a number of substances can be used for writing
but leave no visible trace until heat or some chemical is applied to
the paper.
 Pin punctures – small pin punctures on selected letters are
ordinarily not visible unless the paper is held in front of the light.
  Typewritten correction ribbon – used between the lines typed
with a black ribbon, the results of typing with the correction tape
are visible only under a strong light.
Drawbacks of Steganography
 Requires a lot of overhead to hide a relatively few bits of information.
 Once the system is discovered, it becomes virtually worthless.
3) Compare transposition ciphers with substitution
cipher.
Difference between Substitution Cipher Technique and
Transposition Cipher Technique: 
S.N
O Substitution Cipher Technique Transposition Cipher Technique
In substitution Cipher Technique,
plain text characters are replaced with In transposition Cipher Technique, plain
other characters, numbers and text characters are rearranged with respect
1. symbols. to the position.
Substitution Cipher’s forms are: MonoTransposition Cipher’s forms are: Key-
alphabetic substitution cipher and polyless transposition cipher and keyed
2. alphabetic substitution cipher. transposition cipher.
In substitution Cipher Technique, While in transposition Cipher Technique,
character’s identity is changed while The position of the character is changed
3. its position remains unchanged. but character’s identity is not changed.
In substitution Cipher Technique, The While in transposition Cipher Technique,
letter with low frequency can detect The Keys which are nearer to correct key
4. plain text. can disclose plain text.
The example of substitution Cipher is The example of transposition Cipher is
5. Caesar Cipher. Rail Fence Cipher.
4) Write short notes on principles of security.
The Principles of Security can be classified as follows: 
1. Confidentiality: 
The degree of confidentiality determines the secrecy of the
information. The principle specifies that only the sender and
receiver will be able to access the information shared between
them. Confidentiality compromises if an unauthorized person is able
to access a message. 
For example, let us consider sender A wants to share some
confidential information with receiver B and the information gets
intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C. 
2. Authentication: 
Authentication is the mechanism to identify the user or system or
the entity. It ensures the identity of the person trying to access the
information. The authentication is mostly secured by using
username and password. The authorized person whose identity is
preregistered can prove his/her identity and can access the
sensitive information. 
3. Integrity: 
Integrity gives the assurance that the information received is exact
 and accurate. If the content of the message is changed after the
sender sends it but before reaching the intended receiver, then it is
said that the integrity of the message is lost. 
4. Non-Repudiation: 
Non-repudiation is a mechanism that prevents the denial of the
message content sent through a network. In some cases the sender
sends the message and later denies it. But the non-repudiation
does not allow the sender to refuse the receiver. 
5. Access control: 
The principle of access control is determined by role management
and rule management. Role management determines who should
access the data while rule management determines up to what
extent one can access the data. The information displayed is
dependent on the person who is accessing it. 
6. Availability: 
The principle of availability states that the resources will be
available to authorize party at all times. Information will not be
useful if it is not available to be accessed. Systems should have
sufficient availability of information to satisfy the user request. 
        7. Issues of ethics and law
            The following categories are used to categorize ethical dilemmas in
the security system.
5) What is Caesar Cipher?

Caesar Cipher in Cryptography

The Caesar Cipher technique is one of the earliest and simplest methods of encryption
technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is
replaced by a letter with a fixed number of positions down the alphabet. For example
with a shift of 1, A would be replaced by B, B would become C, and so on. The
method is apparently named after Julius Caesar, who apparently used it to
communicate with his officials. 
Thus to cipher a given text we need an integer value, known as a shift which indicates
the number of positions each letter of the text has been moved down. 
The encryption can be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of
a letter by a shift n can be described mathematically as. 

Examples : 
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW

Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
6) Define Confidentiality and Authentication.
Confidentiality: 
The degree of confidentiality determines the secrecy of the
information. The principle specifies that only the sender and receiver
will be able to access the information shared between them.
Confidentiality compromises if an unauthorized person is able to
access a message. 
For example, let us consider sender A wants to share some
confidential information with receiver B and the information gets
intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C. 
Authentication: 
Authentication is the mechanism to identify the user or system or the
entity. It ensures the identity of the person trying to access the
information. The authentication is mostly secured by using username
and password. The authorized person whose identity is preregistered
can prove his/her identity and can access the sensitive information. 
7) Define Non Repudiation.

Non-repudiation
Non-repudiation is the assurance that someone cannot deny the validity of
something. Non-repudiation is a legal concept that is widely used in information
security and refers to a service, which provides proof of the origin of data and the
integrity of the data. In other words, non-repudiation makes it very difficult to
successfully deny who/where a message came from as well as the authenticity and
integrity of that message.

Digital signatures (combined with other measures) can offer non-repudiation when

it comes to online transactions, where it is crucial to ensure that a party to a
contract or a communication can't deny the authenticity of their signature on a
document or sending the communication in the first place. In this context, non-
repudiation refers to the ability to ensure that a party to a contract or a
communication must accept the authenticity of their signature on a document or
the sending of a message.

8) Write short notes on steganography.

A steganography technique involves hiding sensitive information within an

ordinary, non-secret file or message, so that it will not be detected. The
sensitive information will then be extracted from the ordinary file or message
at its destination, thus avoiding detection. Steganography is an additional
step that can be used in conjunction with encryption in order to conceal or
protect data.

Steganography is a means of concealing secret information within (or even

on top of) an otherwise mundane, non-secret document or other media to
avoid detection. It comes from the Greek words steganos, which means
“covered” or “hidden,” and graph, which means “to write.” Hence, “hidden
writing.”

9) Give various security services?

Security services

 Authentication: assures recipient that the message is from the

source that it claims to be from. 
 Access Control: controls who can have access to resource under
what condition
 Availability: available to authorized entities for 24/7. 
 Confidentiality: information is not made available to unauthorized
individual
 Integrity: assurance that the message is unaltered
 Non-Repudiation: protection against denial of sending or receiving in
the communication
10) What are the principles of security? Repeated
 Unit 2

1)List three approaches to message authentication.

   

2)Differentiate conventional encryption and public key

encryption.
3)What is traffic padding? What is its purpose?
 Traffic Padding − The insertion of bits into gaps in an information flow is
known as traffic padding. This provide to counter traffic analysis attempts.
Definitions:
   The generation of spurious instances of communication, spurious data units,
and/or spurious data within data units. Note: May be used to disguise the amount
of real data units being sent

4)Define linear cryptanalysis.

Linear cryptanalysis is a known plaintext attack, in which the attacker studies probabilistic
linear relations referred to as linear approximations among parity bits of the plaintext, the
Ciphertext and the hidden key. In this approach, the attacker acquire high probability
approximations for the parity bit of the hidden key by computing the parity bits of the known
plaintexts and ciphertexts. By use of several approaches including the auxiliary technique,
the attacker can extend the attack to discover extra bits of the secret key. Linear
cryptanalysis together with differential cryptanalysis are the generally used attacks on block
ciphers. The linear cryptanalysis technique was first invented by Mitsuru Matsui who first
used it to the FEAL cipher. There are generally two parts to linear cryptanalysis such as the
first is to make linear equations associating to plaintext, Ciphertext and key bits that have a
large bias; that is whose probabilities of holding are as close as applicable to 0 0r
The objective of linear cryptanalysis is to discover an effective linear equation of the form −
P[α1,α2...αa]⊕C[β1,β2...βb]=K[γ1,γ2...γc]P[�1,�2...�a]⊕C[�1,�2...�b]=K[
�1,�2...�c]
(where x = 0 or 1; 1≤ a, b≤ n, 1 ≤ c ≤ m, and where the α, β and γ terms represent fixed,
specific bit locations) that influence with probability p ≠ 0.5.

5) Illustrate Message Authentication Code

Apart from intruders, the transfer of message between two people also faces
other external problems like noise, which may alter the original message
constructed by the sender. To ensure that the message is not altered there’s
this cool method MAC.
MAC stands for Message Authentication Code. Here in MAC, sender and
receiver share same key where sender generates a fixed size output called
Cryptographic checksum or Message Authentication code and appends it to
the original message. On receiver’s side, receiver also generates the code
and compares it with what he/she received thus ensuring the originality of
the message. These are components:
 Message
 Key
 MAC algorithm
 MAC value

6) Define Stream ciphers?

A stream cipher is an encryption technique that works byte by byte to transform

plain text into code that's unreadable to anyone without the proper key. Stream
ciphers are linear, so the same key both encrypts and decrypts messages. And while
cracking them can be difficult, hackers have managed to do it. For that reason,
experts feel stream ciphers aren't safe for widespread use. Even so, plenty of people
still lean on the technology to pass information through the internet. 

All cryptographic methods aim to scramble data to hide it from outsiders. But unlike
their counterparts, stream ciphers work on each bit of data in a message rather than
chunking the message into groups and encrypting them in blocks. 

Stream ciphers rely on:

 Plaintext. You must have a message you'd like to encode. 

 Keystreams. A set of random characters replaces those in the plaintext. They could be
numbers, letters, or symbols. 
 Ciphertext. This is the encoded message. 
7) Show the two basic functions used in encryption
algorithms?

Substitution and transposition are the two basic

functions used in encryption algorithms.
Explanation:

 The encryption algorithms are totally based on two generic

principles namely substitution and transposition.  

 Substitution: In this function, each and every element in the plain

text (letter, bit, group of letters or bits) mapped into different
element.  

 Transposition: Here, the elements in the plain text got rearranged.  

 The primary requirement is that, here none of the information should

get lost. Mostly these systems are said to be product systems
with multiple stages of substitution and transposition.

8) What are the advantages of Key Distribution?

A key distribution center is a form of symmetric encryption that allows the
access of two or more systems in a network by generating a unique ticket type
key for establishing a secure connection over which data is shared and
transferred. KDC is the main server which is consulted before communication
takes place. Due to its central infrastructure, KDC is usually employed in smaller
networks where the connection requests do not overwhelm the system. KDC is
used instead of standard key encryption because the key is generated every
time a connection is requested, which minimizes the chances of attack.

Advantages:

 Security is easy as only the private key must be kept secret.

  Maintenance of the keys becomes easy being the keys (public
key/private key) remain constant through out the communication
depending on the connection.
 As the number of keys to be kept secret become less.

9)List three approaches to Message Authentication?

Repeated
10)Compare block cipher with stream ciphers?
S.N
O Block Cipher Stream Cipher
Block Cipher Converts the plain text into Stream Cipher Converts the plain text
cipher text by taking plain text’s block at into cipher text by taking 1 byte of
1. a time. plain text at a time.
Block cipher uses either 64 bits or more
2. than 64 bits. While stream cipher uses 8 bits.
3. The complexity of block cipher is simple. While stream cipher is more complex.
Block cipher Uses confusion as well as While stream cipher uses only
4. diffusion. confusion.
In block cipher, reverse encrypted text is While in-stream cipher, reverse
5. hard. encrypted text is easy.
The algorithm modes which are used
The algorithm modes which are used in in stream cipher are CFB (Cipher
block cipher are ECB (Electronic Code Feedback) and OFB (Output
6. Book) and CBC (Cipher Block Chaining). Feedback).
While stream cipher works on
Block cipher works on transposition substitution techniques like  Caesar
techniques like rail-fence technique, cipher, polygram substitution cipher,
7. columnar transposition technique, etc. etc.
Block cipher is slow as compared to a While stream cipher is fast in
8. stream cipher. comparison to block cipher.

Unit 3
 1) How keys are exchanged in Deffie
Hellman algorithm.
 The algorithm is based on Elliptic Curve Cryptography, a method of doing
public-key cryptography based on the algebra structure of elliptic curves
over finite fields. The DH also uses the trapdoor function, just like many
other ways to do public-key cryptography. The simple idea of understanding
to the DH Algorithm is the following.
 1. The first party picks two prime numbers, g and p and tells them to the
second party.
 2. The second party then picks a secret number (let’s call it a), and then it
computes ga mod p and sends the result back to the first party; let’s call the
result A. Keep in mind that the secret number is not sent to anyone, only the
result is.
 3. Then the first party does the same; it selects a secret number b and
calculates the result B similor to the
 4. step 2. Then, this result is sent to the second party.
 5. The second party takes the received number B and calculates B a mod p
 6. The first party takes the received number A and calculates A b mod p
 This is where it gets interesting; the answer in step 5 is the same as the
answer in step 4. This means both parties will get the same answer no matter
the order of exponentiation.
 (ga mod p)b mod p = gab mod p
(gb mod p)a mod p = gba mod p
 The number we came within steps 4 and 5 will be taken as the shared secret
key. This key can be used to do any encryption of data that will be
transmitted, such as blowfish, AES, etc.

2) Give a note on public key infrastructure

Public Key Infrastructure (PKI)
PKI provides assurance of public key. It provides the identification of public keys and their
distribution. An anatomy of PKI comprises of the following components.

 Public Key Certificate, commonly referred to as ‘digital certificate’.

 Private Key tokens.
 Certification Authority.
 Registration Authority.
 Certificate Management System
3) problem was Kerberos designed to address?

4) What is the function of TGS server in Kerberos?

5) What is the purpose of X.509 standard?

6) In the content of Kerberos, what is realm?

7) Show the Biometric authentication?

8) What are the principles of public key

cryptosystems?

9) Summarize advantages of elliptic-curve

cryptography.

10) Define Message Authentication Code.

Unit 4

1)Show the transport mode and Tunnel mode in IPSec.

2) What are S/MIME message?

3) List the different encryption and authentication

algorithms used for AH and ESP protocols.

4) What is IP Security?

5) Discuss about the concept of combining security

associations.

6) Give the features of Authentication Header.

7) Explain IP Security.

8) What are the different approaches to public-key

Management?

9) How does PGP provides public key management?

10) What are the various PGP Services?

Unit 5

1)What is intruder?

2) What do you mean by malicious software?

3) Show the application level gateway.

4) Write short notes on virtual elections.

5) What is cross site scripting vulnerability?

6) Illustrate secure socket Layer

7) What are different alert codes of TLS protocol?

8) Summarize the limitations of firewalls.

9) What are the different types of viruses?

10) What are the limitations of firewalls?