Cryptography & Network Security

Unit-III

 Buffer flow attack :- Attackers exploit buffer overflow issues by overwriting the memory of an application.
This changes the execution path of the program, triggering a response that damages files or exposes private
information. mostly occurred in c & c++ lang. Two types of buffer flow attacks are
o Heap Based :- chunk of memory is allocated to the heap and data is written to this memory without
any bound checking being done on the data. difficult to execute.
o Stack Based :- a condition where the buffer being overwritten is allocated on the stack. (i.e., is a local
variable or, rarely, a parameter to a function).
 DDOS (Distributed Denial-Of-Service) :- A DDoS attack is a malicious attempt to disrupt the normal traffic of a
targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood
of Internet traffic from multiple zombie(infected) system.
 Weak Authentication :- when strength of the authentication mechanism is relatively weak in comparison to
the value of the assets that are being protected. It also describes situations in which an authentication
mechanism is flawed or vulnerable. to avoid weak authentication use -Two Factor Authentication, Strong
password policy, Authentication security token.
 S-Box (Substitution Box) :- it is a basic component of symmetric key algorithm which perform substitution
and used depict relationship between key and cipher text.
o It should have high algebric degree.
o non linearity of it’s component func. should be high.
 Hash Function :-it’s a mathematical function that converts a numerical input value into another compressed
numerical value. The input to the hash function is of arbitrary length but output is always of fixed length.
properties of hash function are Deterministic(Same input result same output), Quick, Avalanche Effect(minor
change in message results major change in hash), One-Way Function, Collision Resistance
 Security of Hash Function:
o They are “collision-free.” This means that no two input hashes should map to the same output hash.
o They can be hidden. It should be difficult to guess the input value for a hash function from its output.
o They should be puzzle-friendly. It should be difficult to select an input that provides a pre-defined
output.
 SHA (Secure Hash Algorithm) :- it’s a cryptographic functions designed to keep data secured and works by
transforming the data using a hash function. Common attacks like brute force attacks can take years or even
decades to crack the hash digest.
 Authentication :- allows users to enter their credentials and store them in the application server password
cache so that they are not prompted when they next run an application on that application server.
 Kerberos :-it’s a network security protocol that authenticates service requests between two or more trusted
hosts across an untrusted network, like the internet. It uses secret-key cryptography and a trusted third
party for authenticating client-server applications and verifying users' identities.
 IP Security :- allows individual users or organizations to secure traffic for all applications, without having to
make any modifications to the applications.. It also defines the encrypted, decrypted and authenticated
packets.
 PGP (Pretty Good Privacy) :- it is a popular program that is used to provide confidentiality and authentication
services for electronic mail and file storage., as well as authenticate messages with digital signatures and
encrypted stored files. it offers Authentication, Confidentiality, Email Compatibility, Segmentation.
 Light weight Cryptography :- it is a form of encryption designed for resource-constrained devices.
Lightweight encryption technology uses less memory, fewer computing resources, and a smaller amount of
power to provide secure solutions for limited resources in a network.
 Side channel Attack :- A side-channel attack is a security exploit that aims to gather information from or
influence the program execution of a system by measuring or exploiting indirect effects of the system or its
hardware -- rather than targeting the program or its code directly.