Professional Documents
Culture Documents
2) What is steganography?
STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways.
The methods of steganography conceal the existence of the message,
whereas the methods of cryptography render the message unintelligible to
outsiders by various transformations of the text. A simple form of
steganography, but one that is time consuming to construct is one in which
an arrangement of words or letters within an apparently innocuous text
spells out the real message. e.g., (i) the sequence of first letters of each
word of the overall message spells out the real (hidden) message. (ii)
Subset of the words of the overall message is used to convey the hidden
message. Various other techniques have been used historically, some of
them are
Character marking – selected letters of printed or typewritten
text are overwritten in pencil. The marks are ordinarily not visible
unless the paper is held to an angle to bright light.
Invisible ink – a number of substances can be used for writing
but leave no visible trace until heat or some chemical is applied to
the paper.
Pin punctures – small pin punctures on selected letters are
ordinarily not visible unless the paper is held in front of the light.
Typewritten correction ribbon – used between the lines typed
with a black ribbon, the results of typing with the correction tape
are visible only under a strong light.
Drawbacks of Steganography
Requires a lot of overhead to hide a relatively few bits of information.
Once the system is discovered, it becomes virtually worthless.
3) Compare transposition ciphers with substitution
cipher.
Difference between Substitution Cipher Technique and
Transposition Cipher Technique:
S.N
O Substitution Cipher Technique Transposition Cipher Technique
In substitution Cipher Technique,
plain text characters are replaced with In transposition Cipher Technique, plain
other characters, numbers and text characters are rearranged with respect
1. symbols. to the position.
Substitution Cipher’s forms are: MonoTransposition Cipher’s forms are: Key-
alphabetic substitution cipher and polyless transposition cipher and keyed
2. alphabetic substitution cipher. transposition cipher.
In substitution Cipher Technique, While in transposition Cipher Technique,
character’s identity is changed while The position of the character is changed
3. its position remains unchanged. but character’s identity is not changed.
In substitution Cipher Technique, The While in transposition Cipher Technique,
letter with low frequency can detect The Keys which are nearer to correct key
4. plain text. can disclose plain text.
The example of substitution Cipher is The example of transposition Cipher is
5. Caesar Cipher. Rail Fence Cipher.
4) Write short notes on principles of security.
The Principles of Security can be classified as follows:
1. Confidentiality:
The degree of confidentiality determines the secrecy of the
information. The principle specifies that only the sender and
receiver will be able to access the information shared between
them. Confidentiality compromises if an unauthorized person is able
to access a message.
For example, let us consider sender A wants to share some
confidential information with receiver B and the information gets
intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C.
2. Authentication:
Authentication is the mechanism to identify the user or system or
the entity. It ensures the identity of the person trying to access the
information. The authentication is mostly secured by using
username and password. The authorized person whose identity is
preregistered can prove his/her identity and can access the
sensitive information.
3. Integrity:
Integrity gives the assurance that the information received is exact
and accurate. If the content of the message is changed after the
sender sends it but before reaching the intended receiver, then it is
said that the integrity of the message is lost.
4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the
message content sent through a network. In some cases the sender
sends the message and later denies it. But the non-repudiation
does not allow the sender to refuse the receiver.
5. Access control:
The principle of access control is determined by role management
and rule management. Role management determines who should
access the data while rule management determines up to what
extent one can access the data. The information displayed is
dependent on the person who is accessing it.
6. Availability:
The principle of availability states that the resources will be
available to authorize party at all times. Information will not be
useful if it is not available to be accessed. Systems should have
sufficient availability of information to satisfy the user request.
7. Issues of ethics and law
The following categories are used to categorize ethical dilemmas in
the security system.
5) What is Caesar Cipher?
Examples :
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
6) Define Confidentiality and Authentication.
Confidentiality:
The degree of confidentiality determines the secrecy of the
information. The principle specifies that only the sender and receiver
will be able to access the information shared between them.
Confidentiality compromises if an unauthorized person is able to
access a message.
For example, let us consider sender A wants to share some
confidential information with receiver B and the information gets
intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C.
Authentication:
Authentication is the mechanism to identify the user or system or the
entity. It ensures the identity of the person trying to access the
information. The authentication is mostly secured by using username
and password. The authorized person whose identity is preregistered
can prove his/her identity and can access the sensitive information.
7) Define Non Repudiation.
Non-repudiation
Non-repudiation is the assurance that someone cannot deny the validity of
something. Non-repudiation is a legal concept that is widely used in information
security and refers to a service, which provides proof of the origin of data and the
integrity of the data. In other words, non-repudiation makes it very difficult to
successfully deny who/where a message came from as well as the authenticity and
integrity of that message.
All cryptographic methods aim to scramble data to hide it from outsiders. But unlike
their counterparts, stream ciphers work on each bit of data in a message rather than
chunking the message into groups and encrypting them in blocks.
Advantages:
Unit 3
1) How keys are exchanged in Deffie
Hellman algorithm.
The algorithm is based on Elliptic Curve Cryptography, a method of doing
public-key cryptography based on the algebra structure of elliptic curves
over finite fields. The DH also uses the trapdoor function, just like many
other ways to do public-key cryptography. The simple idea of understanding
to the DH Algorithm is the following.
1. The first party picks two prime numbers, g and p and tells them to the
second party.
2. The second party then picks a secret number (let’s call it a), and then it
computes ga mod p and sends the result back to the first party; let’s call the
result A. Keep in mind that the secret number is not sent to anyone, only the
result is.
3. Then the first party does the same; it selects a secret number b and
calculates the result B similor to the
4. step 2. Then, this result is sent to the second party.
5. The second party takes the received number B and calculates B a mod p
6. The first party takes the received number A and calculates A b mod p
This is where it gets interesting; the answer in step 5 is the same as the
answer in step 4. This means both parties will get the same answer no matter
the order of exponentiation.
(ga mod p)b mod p = gab mod p
(gb mod p)a mod p = gba mod p
The number we came within steps 4 and 5 will be taken as the shared secret
key. This key can be used to do any encryption of data that will be
transmitted, such as blowfish, AES, etc.
Unit 4
4) What is IP Security?
7) Explain IP Security.
Unit 5
1)What is intruder?