Professional Documents
Culture Documents
Ans. ITU-T-provides some security services like Data Confidentiality, Data integrity,
Authentication, Nonrepudiation and Access control.
i. Data Confidentiality: -It refers to the protection of sensitive information from
unauthorized access or disclosure. It involves ensuring that only authorized
individuals or systems can access and view the data, and that the data is encrypted
or protected in some other way during transmission and storage. it is designed to
prevent snooping and traffic analysis attack.
ii. Data integrity: - Refers to the assurance that data has not been altered or
corrupted during transmission or storage means that data received are exactly as
sent by an authorized entity. It is designed to protect data from modification,
insertion, deletion, and replaying by an adversary. It may protect the whole
message or part of the message.
iii. Authentication: - It refers to the process of verifying the identity of a user or system
to ensure that they are who they claim to be. It involves confirming that a user or
system has the necessary credentials, such as a username and password, digital
certificate, or biometric data, to access a network or system. it provides
authentication like peer entity authentication & data origin authentication.
iv. Nonrepudiation: - Provides protection against denial by one of the entities
involved in a communication of having participated in all or part of the
communication. It ensures that the sender of a message cannot later deny having
sent it, and that the recipient cannot deny having received it. Nonrepudiation is
important in legal and regulatory contexts, where it may be necessary to provide
evidence of a transaction or communication.
v. Access control: - provides protection against unauthorized access to data. This
service controls who can have access to a resource, under what conditions access
can occur, and what those accessing the resource are allowed to do.
2. What are the different security goals?
Ans. Three main security goals: confidentiality, integrity, and availability
I. Confidentiality: - Ensuring that sensitive information is only accessible to
authorized individuals or systems, assures that private or confidential
information is not made available or disclosed to unauthorized individuals.
II. Integrity: - changes need to be done only by authorized entities and through
authorized mechanisms. Guarding against improper information modification
or destruction, including ensuring information nonrepudiation and
authenticity
III. Availability: - The information created and stored by an organization needs to
be available to authorized entities, Ensuring timely and reliable access to and
use of information
3. List and briefly define categories of passive and active security attacks.
Ans. Our three goals of security confidentiality, integrity, and availability can be
threatened by security attacks. Security attacks divide into two broad categories based
on their effects on the system.
I. passive security attacks: - A passive attack attempts to learn or make use of
information from the system but does not affect system resources. The
attacker’s goal is just to obtain information. Attacks that threaten
confidentiality -snooping and traffic analysis are passive attacks.
II. Active security attacks: - An active attack attempts to alter system resources or
affect their operation, an active attack may change the data or harm the
system. Attacks that threaten the integrity and availability are active attacks.
Modification, Masquerading, Replaying, Repudiation and Denial of service are
Active attacks.
4. List and briefly define categories of security mechanisms.
Ans. Security mechanisms are divided into those that are implemented in a specific
protocol layer, such as TCP or an application-layer protocol, and those that are not
specific to any protocol layer or security service.
I. Encipherment: - hiding or covering data, to provide confidentiality via cryptography and
steganography. It is the use of mathematical algorithms to transform data into a form
that is not readily intelligible.
II. Data Integrity: - A variety of mechanisms used to assure the integrity of a data unit or
stream of data units. It is a mechanism appends to the data a short check value that has
been created by a specific process from the data itself. The receiver receives the data and
the check value.
III. Digital Signature: - The sender can electronically sign the data and the receiver can
electronically verify the signature. The digital signature is then encrypted using the
sender's private key, which can only be decrypted using their public key.
IV. Authentication Exchange: - A mechanism intended to ensure the identity of an entity by
means of information exchange.
V. Traffic Padding: - The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts. It is a technique used to add additional data to a network packet to
increase its size and make it more difficult for an attacker to analyze or intercept.
VI. Routing Control: -It is selecting and continuously changing different available routes
between the sender and the receiver to prevent the opponent from eavesdropping on a
particular route.
VII. Notarization: - It is selecting of a third trusted party to control the communication
between two entities to prevent repudiation
VIII. Access Control: - It is a method of proving that a user has access right to the data or
resources owned by a system like passwords and PINs.
5. What is the difference between a block cipher and a stream cipher?
Ans. The main difference between a block cipher and a stream cipher is the way they
encrypt data. Block ciphers encrypt data in fixed-size blocks, typically 64 or 128 bits at
a time. A stream cipher is one that encrypts a digital data stream one bit or one byte
at a time.
6. What is Steganography?
Ans. Steganography is the practice of concealing secret information within a
seemingly innocent message or file, such as an image, audio file, or text document.
Unlike encryption, which scrambles the original message to make it unreadable,
steganography hides the existence of the message itself. This can be done by altering
the least significant bits of a digital file or by using invisible ink on physical paper.
Steganography is often used in combination with encryption to provide an extra layer
of security for sensitive information.
7. What is the difference between diffusion and confusion?
Ans. Diffusion refers to the process of spreading the influence of each plaintext bit or
byte throughout the entire ciphertext. In other words, a small change in the plaintext
should result in a large change in the ciphertext. This makes it more difficult for an
attacker to identify patterns or relationships between the plaintext and ciphertext, as
any change in the plaintext will affect many bits or bytes in the ciphertext.
Confusion, on the other hand, refers to the process of making the relationship
between the plaintext and the ciphertext as complex and difficult to understand as
possible. This is achieved by using mathematical operations such as substitution and
permutation to scramble the plaintext before encryption. The goal is to make it
difficult for an attacker to determine the relationship between the plaintext and the
ciphertext, even if they have access to a large amount of encrypted data.
1. Draw a matrix that shows the relationship between security services and attacks.
2. Draw a matrix that shows the relationship between security mechanisms and attacks.
3. A cipher text has been generated with an affine cipher. The most frequent letter of the
cipher text is 'B', and the second most frequent letter of the cipher text is 'U'. Break this
code.
4. Decipher the message YITJP GWJOW FAQTQ XCSMA ETSQU SQAPU SQGKC PQTYJ using
the Hill cipher with the inverse key . Show your calculations and the result.
5. Show that DES decryption is, in fact, the inverse of DES encryption.
Ans.
q r1 r2 r
0 4,655 12,075 4,655
2 12,075 4,655 2,765
1 4,655 2,765 1,890
1 2,765 1,890 875
2 1,890 875 140
6 875 140 35
4 140 35 0
35 0
13. Perform encryption and decryption using the RSA algorithm, for the following:
1. p = 3; q = 11, e = 7; M = 5
2. p = 5; q = 11, e = 3; M = 9
14. In a public-key system using RSA, you intercept the cipher text C = 10 sent to a user whose
public key is e = 5, n = 35. What is the plaintext M?