Intro to Information Security

29.10.23
─

Saqib Hussian
20pwbcs0743

Question no 1
Solution : CODE

import collections
 1

def frequency_analysis(ciphertext):

# Count the frequency of each letter in the ciphertext

letter_count = collections.Counter(ciphertext)

# Sort the letters by frequency (most common to least common)

sorted_letters = sorted(letter_count.items(), key=lambda x: x[1], reverse=True)

# Calculate the shift required to map the most common letter in the ciphertext to 'e'

shift = ord(sorted_letters[0][0]) - ord('e')

# Generate the decryption key

decryption_key = {}

for letter, count in sorted_letters:

decrypted_letter = chr((ord(letter) - shift - ord('a')) % 26 + ord('a'))

decryption_key[letter] = decrypted_letter

return decryption_key

def decrypt(ciphertext, decryption_key):

plaintext = ""

for letter in ciphertext:

if letter.isalpha():

plaintext += decryption_key.get(letter, letter)

else:

plaintext += letter

return plaintext
 2

# Given ciphertext

ciphertext = "Nzyrclefwletzydjzfslgpmczvpyesppyncjaetzy"

# Analyze the frequency and obtain the decryption key

decryption_key = frequency_analysis(ciphertext)

# Decrypt the ciphertext using the obtained key

plaintext = decrypt(ciphertext, decryption_key)

# Print the decryption key and the plaintext

print("Decryption Key:")

for key, value in decryption_key.items():

print(f"{key} -> {value}")

print("\nDecrypted Text:")

print(plaintext)

Question No 2
Which CIA aspects are used to counter the following attacks?

Explain in detail

a. Spoofing

b. Repudiation of origin, Denial of receipt

c. Denial of service

d. Delay

Solution:

In information security, the CIA Triad refers to the three core principles that govern
information security and data protection: Confidentiality, Integrity, and Availability. To
counter various types of attacks, these CIA aspects can be employed as follows:

a. Spoofing:
 3

Confidentiality: To counter spoofing attacks, confidentiality is crucial. Confidentiality

ensures that information is only accessible to authorized users. Implementing strong
authentication mechanisms, like two-factor authentication (2FA) or biometric verification,
helps prevent unauthorized users from impersonating legitimate users.

Integrity: Maintaining data integrity is essential to detect and prevent spoofing. Data
integrity ensures that data remains accurate and unaltered. Employing cryptographic
techniques, such as digital signatures and hashing, can help verify the authenticity and
integrity of data, making it difficult for attackers to forge information.

b. Repudiation of Origin, Denial of Receipt:

Integrity: To counter repudiation of origin and denial of receipt, integrity is critical. These
attacks involve disowning actions or denying the receipt of a message. By implementing
secure audit trails and logging systems, organizations can maintain the integrity of data
and establish the source of actions, making it difficult for parties to disavow their actions or
messages.

Non-repudiation: Non-repudiation is a sub-aspect of integrity that can be used to counter

these attacks. Non-repudiation ensures that the sender cannot deny sending a message,
and the receiver cannot deny receiving it. Digital signatures and timestamping are common
techniques used to establish non-repudiation.

c. Denial of Service (DoS):

Availability: DoS attacks aim to disrupt or deny access to resources, services, or systems.
Ensuring availability is the primary countermeasure. Implementing redundancy and load
balancing can help distribute traffic and mitigate the impact of DoS attacks. Additionally,
intrusion detection and prevention systems can identify and block malicious traffic.

Question No 3
CIA Triad:

Confidentiality: Within the CMS of UET Peshawar, safeguarding confidentiality is

paramount. It ensures that sensitive student data, encompassing personal details,
academic records, and course registrations, remains protected and only accessible by
authorized individuals, namely students, faculty, and administrators. This is achieved
 4

through the implementation of robust access controls and encryption measures, which
shield sensitive information from prying eyes.

Integrity: In the CMS, data integrity is fundamental. It guarantees the accuracy and
unalterability of information within the system. For instance, students' academic records
should remain immune to unauthorized modifications. This level of security is upheld by
employing data integrity mechanisms such as checksums and digital signatures, which
serve to validate the genuineness of data and protect against unauthorized alterations.

Availability: The CMS must consistently deliver availability to meet the academic and
administrative needs of students, faculty, and staff. Redundancy, load balancing, and
comprehensive disaster recovery strategies are often in place to ensure that the system
remains accessible and operational even in the face of unexpected disruptions. This
steadfast availability is critical for uninterrupted service.

Authentication:

Authentication is the process of verifying the identity of users before granting them access
to the CMS. In the UET Peshawar CMS, several mechanisms are in place:

● Usernames and Passwords: Every student is furnished with a unique username and
password. These credentials serve as the means to authenticate their identity and
subsequently grant access to their personalized accounts within the system.

● Multi-Factor Authentication (MFA): In pursuit of heightened security, the CMS may

deploy multi-factor authentication. Students may be required to provide additional
authentication factors, such as one-time codes from mobile apps or biometric
scans, adding an extra layer of assurance.

● Strong Password Policies: The CMS enforces stringent password policies to ensure
that students create and maintain robust passwords. This serves as a safeguard
against unauthorized access, discouraging the use of weak or easily guessed
passwords.

Authorization:

Authorization defines what actions and resources users are permitted to access after
successful authentication. Within the UET Peshawar CMS:

● Role-Based Access Control (RBAC): User roles are established, encompassing

students, faculty, and administrators, each endowed with distinct privileges and
access rights. For instance, students can access their academic records, while faculty
members may input grades and course materials.
 5

● Access Controls: Access to specific functionalities and data is restricted based on

user roles. This stringent control ensures that students can only view their personal
academic records and are unable to modify the records of other students.

● Granular Permissions: The CMS may employ fine-grained authorization, allowing for
meticulous control over access rights. This level of precision is instrumental in
preserving data privacy and security.