Professional Documents
Culture Documents
Saqib Hussain
Saqib Hussain
29.10.23
─
Saqib Hussian
20pwbcs0743
Question no 1
Solution : CODE
import collections
1
def frequency_analysis(ciphertext):
letter_count = collections.Counter(ciphertext)
# Calculate the shift required to map the most common letter in the ciphertext to 'e'
decryption_key = {}
decryption_key[letter] = decrypted_letter
return decryption_key
plaintext = ""
if letter.isalpha():
else:
plaintext += letter
return plaintext
2
# Given ciphertext
ciphertext = "Nzyrclefwletzydjzfslgpmczvpyesppyncjaetzy"
decryption_key = frequency_analysis(ciphertext)
print("Decryption Key:")
print("\nDecrypted Text:")
print(plaintext)
Question No 2
Which CIA aspects are used to counter the following attacks?
Explain in detail
a. Spoofing
c. Denial of service
d. Delay
Solution:
In information security, the CIA Triad refers to the three core principles that govern
information security and data protection: Confidentiality, Integrity, and Availability. To
counter various types of attacks, these CIA aspects can be employed as follows:
a. Spoofing:
3
Integrity: Maintaining data integrity is essential to detect and prevent spoofing. Data
integrity ensures that data remains accurate and unaltered. Employing cryptographic
techniques, such as digital signatures and hashing, can help verify the authenticity and
integrity of data, making it difficult for attackers to forge information.
Integrity: To counter repudiation of origin and denial of receipt, integrity is critical. These
attacks involve disowning actions or denying the receipt of a message. By implementing
secure audit trails and logging systems, organizations can maintain the integrity of data
and establish the source of actions, making it difficult for parties to disavow their actions or
messages.
Availability: DoS attacks aim to disrupt or deny access to resources, services, or systems.
Ensuring availability is the primary countermeasure. Implementing redundancy and load
balancing can help distribute traffic and mitigate the impact of DoS attacks. Additionally,
intrusion detection and prevention systems can identify and block malicious traffic.
Question No 3
CIA Triad:
through the implementation of robust access controls and encryption measures, which
shield sensitive information from prying eyes.
Integrity: In the CMS, data integrity is fundamental. It guarantees the accuracy and
unalterability of information within the system. For instance, students' academic records
should remain immune to unauthorized modifications. This level of security is upheld by
employing data integrity mechanisms such as checksums and digital signatures, which
serve to validate the genuineness of data and protect against unauthorized alterations.
Availability: The CMS must consistently deliver availability to meet the academic and
administrative needs of students, faculty, and staff. Redundancy, load balancing, and
comprehensive disaster recovery strategies are often in place to ensure that the system
remains accessible and operational even in the face of unexpected disruptions. This
steadfast availability is critical for uninterrupted service.
Authentication:
Authentication is the process of verifying the identity of users before granting them access
to the CMS. In the UET Peshawar CMS, several mechanisms are in place:
● Usernames and Passwords: Every student is furnished with a unique username and
password. These credentials serve as the means to authenticate their identity and
subsequently grant access to their personalized accounts within the system.
● Strong Password Policies: The CMS enforces stringent password policies to ensure
that students create and maintain robust passwords. This serves as a safeguard
against unauthorized access, discouraging the use of weak or easily guessed
passwords.
Authorization:
Authorization defines what actions and resources users are permitted to access after
successful authentication. Within the UET Peshawar CMS:
● Granular Permissions: The CMS may employ fine-grained authorization, allowing for
meticulous control over access rights. This level of precision is instrumental in
preserving data privacy and security.