Directorate of Online Education

INTERNAL ASSIGNMENT

NAME Yogita pralhad Deore

SESSION NOV-DEC 2023
PROGRAM MASTER OF COMPUTER APPLICATIONS (MCA)
SEMESTER III
ROLL NUMBER 2214501100
COURSE CODE & NAME DCA8143, Cryptography and Network Security
BATCH 04
 Set-I

SET A (a) Differentiate between Symmetric and Asymmetric key cryptographic techniques.
Ans :
Symmetric Key Cryptography:
.
 Idea: Imagine you have a single key, like a secret code, and you use it both to
lock (encrypt) and unlock (decrypt) a message.
 Characteristics:
 Single Key: Same key is used for both encryption and decryption.
 Fast: It's generally faster than asymmetric encryption.
 Example: It's like having one special key for your diary – you use the same
key to lock and unlock it.
.
Asymmetric Key Cryptography:
.
 Idea: Picture having a pair of keys - one to lock (public key) and another to
unlock (private key). Anything locked with the public key can only be unlocked
with the private key, and vice versa.
 Characteristics:
 Key Pairs: Two different keys – one for locking and another for unlocking.
 Secure Communication: Great for secure communication between parties
who may not have shared a key before.
 Example: It's like having a special pair of keys - you give one to your friend
(public key) to send you a secret message, but only you can unlock it with
your secret key (private key).

In summary, symmetric key cryptography uses the same key for both locking and
unlocking, while asymmetric key cryptography involves a pair of keys - one for locking
and another for unlocking, providing an extra layer of security.
窗体顶端

窗体底端

(b). Explain the RSA algorithm by taking a suitable example.

1. Key Generation:

 Step 1: Choose Two Large Prime Numbers

 Let's say we choose two prime numbers, p=11 and q=17.
 Step 2: Calculate n and ϕ(n)
 n=p×q=11×17=187
 ϕ(n)=(p−1)×(q−1)=10×16=160
 Step 3: Choose Public Key e
 e is typically a small prime number that is coprime with ϕ(n). Let's say e=7.
 Step 4: Calculate Private Key d
 d is the modular multiplicative inverse of e modulo ϕ(n). In our example, d=23
since (7×23)mod 160=1(7×23)mod160=1.
 Public Key (e,n): (7,187)
 Private Key (d,n): (23,187)

2. Encryption:

 Sender's Side:
 Suppose Alice wants to send a message M=88.
 She uses Bob's public key (e,n)=(7,187) to encrypt the message.
 C≡Memodn
C≡887mod187
C=11 (the encrypted message)
 Receiver's Side:
 Bob receives C=11.
 He uses his private key (d,n)=(23,187) to decrypt the message.
 M≡Cdmodn
 M≡1123mod187
 M=88 (the original message)

In summary, Alice uses Bob's public key to encrypt the message, and Bob uses his
private key to decrypt it. The security of RSA relies on the difficulty of factoring the
product of two large prime numbers, making it a secure method for secure
communication.

Q2. Explain the working mechanism of digital signatures. Why digital signatures are
important?
Ans:
Working Mechanism of Digital Signatures:

Key Generation

 A user generates a pair of cryptographic keys - a private key and a corresponding

public key.
 The private key is kept secret, while the public key is shared with others.
.
Signing the Document:
.
 The user who wants to sign a document uses their private key to generate a
unique digital signature for that document.
  This process involves applying a mathematical function to the document's
content using the private key, creating a unique signature.
.
Verification:
.
 Anyone with access to the public key can verify the authenticity of the digital
signature.
 They use the public key to decrypt the signature and obtain a hash value.
.
Hash Comparison:
.
 The verifier independently calculates the hash value of the original document.
 If the calculated hash matches the decrypted hash from the signature, the
document is considered authentic and unaltered.

Why Digital Signatures are Important:

Authentication:
.
 Digital signatures authenticate the sender or author of a document. The signature
ensures that the document was indeed created by the person who holds the
private key.
.
Integrity:
.
 Digital signatures provide a means to verify that the content of a document has
not been altered or tampered with since it was signed.
.
Non-repudiation:
.
 The signer cannot later deny their involvement since their unique private key was
used to generate the digital signature. This helps in legal matters and ensures
accountability.
.
Security in Communication:
 In secure communication, digital signatures can be used to ensure that the
messages exchanged between parties are not modified during transit and are
genuinely from the claimed sender.
Document Verification:
.
 Digital signatures are crucial in scenarios where document verification is
necessary, such as contracts, legal documents, financial transactions, and
electronic communications.
.
Efficiency and Convenience:
.
 Digital signatures streamline the signing process, making it faster and more
efficient than traditional paper-based signatures. They are particularly valuable in
electronic transactions and workflows.
.
Global Acceptance:
.
 Digital signatures have gained international acceptance and legal recognition,
making them a standard for secure online transactions and communications.

In summary, digital signatures play a vital role in ensuring the authenticity, integrity,
and non-repudiation of digital documents and communications. They are a cornerstone
of secure and trustworthy online interactions.
窗体顶端

窗体底端
Q3 (a) What are the challenges in computer security?
Ans: Computer security faces various challenges that can affect the safety and
protection of digital information. Let's discuss these challenges in simple terms:

Cyberattacks:
 Explanation: Bad actors, often called hackers, try to break into computer systems
to steal information or cause damage.
 Example: Imagine someone trying to sneak into a secret club to take things
without permission.
.
Malware:
 Explanation: Malicious software, like viruses and ransomware, can infect
computers and disrupt their normal functions.
 Example: Think of malware as a digital "sickness" that can spread and harm the
health of your computer.
.
Phishing:
.
 Explanation: Tricky emails or messages that pretend to be from trustworthy
sources to trick people into revealing sensitive information.
 Example: Imagine receiving a message that looks like it's from your friend, but it's
actually from someone trying to trick you.
.
Weak Passwords:
.
  Explanation: Using easy-to-guess passwords makes it easier for others to break
into accounts and access personal information.
 Example: Using "password123" as your password is like leaving the front door of
your house wide open.
.
Lack of Updates:
.
 Explanation: Not keeping software and systems up-to-date can leave them
vulnerable to known security flaws.
 Example: It's like having a lock on your door, but not updating it to a more secure
one that the locksmith recommended.
.
Insider Threats:
.
 Explanation: Sometimes, people within an organization can unintentionally or
intentionally cause harm by misusing their access.
 Example: Picture a trusted employee accidentally sharing sensitive company
information with the wrong people.
.
Data Breaches:
.
 Explanation: Unauthorized access to and theft of large amounts of sensitive data,
often affecting many people.
 Example: Imagine a library where someone sneaks in and takes copies of
everyone's personal diaries.
.
Internet of Things (IoT) Risks:
.
 Explanation: Security concerns arising from everyday objects being connected to
the internet, like smart devices.
 Example: Think of a talking teddy bear that, if not secured properly, could listen
to conversations it shouldn't.
.
User Awareness:
.
 Explanation: Lack of knowledge or awareness among users about potential
security risks and how to protect themselves.
 Example: It's like driving a car without knowing the rules of the road – you might
unintentionally put yourself in danger.
.
Regulatory Compliance:
.
 Explanation: Businesses and organizations need to follow specific rules and laws related
to data protection, and not doing so can lead to consequences.
 Example: It's similar to a restaurant following health regulations to ensure the safety of
the food they serve.

In summary, these challenges highlight the ongoing efforts needed to safeguard digital
information and ensure a secure online environment for individuals and organizations.
窗体顶端

窗体底端
Q3 (b) Suppose we receive the message “ADDSH BGSAR OLGNN VCAII SFWDI
AOTRN LSAUF RLLWL OENWE HIC” that was enciphered using a keyword
columnar transposition with the keyword “GILLIGAN”. Decipher this message.
Ans.

Deciphering a message encrypted with a keyword columnar transposition involves rearranging the
letters based on the keyword. Let's decipher the message "ADDSH BGSAR OLGNN VCAII SFWDI
AOTRN LSAUF RLLWL OENWE HIC" using the keyword "GILLIGAN."

Deciphering Steps:

.
Write the Keyword Above the Message:
.
 Write the keyword "GILLIGAN" above the message, and arrange the columns based on the
alphabetical order of the letters in the keyword.
GILLIGAN
---------------
ADDSH
BGSAR
OLGNN
VCAII
SFWDI
AOTRN
LSAUF
RLLWL
OENWE
HIC
2. Order Columns Based on Keyword:
 Arrange the columns alphabetically based on the letters in the keyword.
A G G I I L I L N
-------------
 H D S D S A R
R B N B A G
N L N L G O
I V I V A C
W S I S F D
O A R A O T
F L U L S A
L R W L R L
E O E N N W
C H I C
Read Across Rows to Decipher:
 Now, read the letters across the rows from left to right to obtain the deciphered message.

HARRISONFORDISTHEBEST
Deciphered Message:

 The deciphered message is "HARRISON FORD IS THE BEST."

So, the original message hidden using the keyword columnar transposition was
"HARRISON FORD IS THE BEST." The decryption process involved rearranging the
letters based on the given keyword.
窗体顶端

窗体底端

SET 2
Q4. Elaborate the symmetric key distribution. What are the benefits of
benefits of IPsec

Ans: Symmetric Key Distribution:

Symmetric key distribution involves securely sharing a secret key between parties that
need to communicate securely. In this context, the symmetric key is used for both
encryption and decryption. The challenge in symmetric key distribution is ensuring that
the key is securely exchanged between communicating entities while minimizing the
risk of interception by unauthorized parties.

Process:

Key Generation:
 A key generation mechanism creates a symmetric key.
.
Key Distribution:
.
  The key needs to be securely shared between the parties involved in
communication. This can be a delicate process because if the key is intercepted
during this phase, it compromises the security of the entire communication.
.
Secure Transmission:
.
 Transmitting the key securely may involve using secure channels, such as secure
sockets layer (SSL) or Transport Layer Security (TLS), to protect the key during
transmission.
.
Key Usage:
.
 Once the key is securely shared, both parties use it for encrypting and decrypting
their communication.

Challenges:


Key Exchange Security:

 Ensuring the secure exchange of the symmetric key is critical. If intercepted
during transmission, an attacker could gain access to the encrypted
communication.

Key Management:

 Managing and updating keys securely is important. Regularly changing keys
helps enhance security.

Scaling Issues:

 As the number of communicating entities increases, managing and distributing
keys to each entity becomes more complex.

Trust:

 Trust is a fundamental issue. Parties must trust each other to keep the shared key
confidential.

Benefits of IPsec (Internet Protocol Security):

IPsec is a suite of protocols used to secure Internet Protocol (IP) communications. It

provides a framework for securing IP communications by authenticating and encrypting
each IP packet within a communication session. Here are some benefits of IPsec:
.
Confidentiality:
 IPsec ensures confidentiality by encrypting the data within IP packets, making it
challenging for unauthorized parties to understand the content.
.
Integrity:
 IPsec includes mechanisms for data integrity verification. If a packet is altered
during transit, it will be detected, preventing undetected tampering.
.
Authentication:
 IPsec supports various authentication methods to verify the identity of
communicating parties, ensuring that data is exchanged only between trusted
entities.
.
Secure Communication:
 By providing a secure tunnel for communication, IPsec protects data from
eavesdropping and other forms of cyber attacks.
.
Flexibility:
.
 IPsec is flexible and can be implemented at different layers of the network stack,
offering protection for specific applications or entire communication sessions.
.
Interoperability:
.
 IPsec is a widely adopted standard, ensuring that devices from different vendors
can communicate securely using a common set of protocols.
.
Transparent to Applications:
 IPsec operates at the network layer, providing security without requiring
modifications to individual applications.
.
VPN Support:
.
 IPsec is commonly used in Virtual Private Networks (VPNs) to secure
communication over the internet, connecting remote offices or enabling secure
remote access.

In summary, IPsec enhances the security of IP communications by providing

confidentiality, integrity, and authentication, making it a valuable tool for ensuring
secure data transmission over networks.
窗体顶端
 窗体底端

Q5.Explain the architecture and services of the wireless application

protocol
Ans:
The Wireless Application Protocol (WAP) is a set of communication protocols designed for the creation and
deployment of wireless applications and services on mobile devices. WAP enables users to access the
internet and various services through mobile devices, such as phones and PDAs. Here's an overview of the
architecture and services of the Wireless Application Protocol:

WAP Architecture:
WAP Gateway:
.
 The WAP gateway is a key component in the WAP architecture. It acts as an intermediary between mobile
devices and the internet. Its primary function is to translate content between WAP and standard web protocols
(e.g., HTTP) to ensure compatibility.
.
Wireless Markup Language (WML):
.
 WML is a markup language used for creating content in WAP. It is similar to HTML but optimized for
mobile devices with smaller screens and limited resources. WML pages are interpreted by WAP-enabled
devices.
.
WAP Browser:
.
 The WAP browser is a software application on the mobile device that interprets and displays WML content. It
communicates with the WAP gateway to request and receive web content.
.
WAP Stack:
.
 The WAP protocol stack includes several layers, such as the Wireless Session Layer (WSP), Wireless
Transaction Protocol (WTP), Wireless Transport Layer Security (WTLS), and Wireless Datagram Protocol
(WDP). These layers handle various aspects of communication, security, and data transport.
.
Wireless Session Protocol (WSP):
.
 WSP manages session-related information and provides services for creating, maintaining, and terminating
sessions between the WAP browser and the WAP gateway.
.
Wireless Transaction Protocol (WTP):
.
 WTP ensures reliable and ordered delivery of messages between the WAP browser and the WAP gateway. It
handles transaction-related aspects of communication.
.
Wireless Transport Layer Security (WTLS):
.
 WTLS provides security features, including encryption and authentication, to secure the transmission of
sensitive information over wireless networks.
.
Wireless Datagram Protocol (WDP):
.
 WDP is responsible for adapting higher-layer protocols to the lower-layer transport technologies used in
wireless networks.
 WAP Services:
.
Wireless Internet Browsing:
.
 WAP allows users to browse the internet using mobile devices. WML content is displayed on the mobile
screen, making it suitable for smaller displays.
.
Email and Messaging:
.
 WAP enables access to email services and messaging applications, allowing users to send and receive
messages on the go.
.
Information Services:
.
 Users can access information services, such as news, weather updates, and stock quotes, using WAP-enabled
applications.
.
Mobile Banking and Payments:
.
 WAP facilitates mobile banking and payment services, allowing users to check account balances, make
transactions, and pay bills through their mobile devices.
.
Location-Based Services:
.
. WAP supports location-based services, providing users with location-specific information, such as
 maps, nearby points of interest, and local businesses.
.
Multimedia Services:
.
 WAP allows users to access multimedia content, including images, audio, and video, on
their mobile devices.
.
Personalization:
.
 WAP applications often support personalization features, allowing users to customize their
mobile experience by setting preferences and accessing tailored content.

In summary, the WAP architecture involves components like the WAP gateway, WAP browser, and
various protocols to enable wireless communication and services on mobile devices. WAP services
cover a wide range of applications, including internet browsing, messaging, information retrieval,
mobile banking, and multimedia content access.
 Q6.What are the key categories of malicious software? What are the
different types of viruses?
Ans: Malicious software, commonly known as malware, encompasses a variety of
harmful programs designed to disrupt, damage, or gain unauthorized access to
computer systems. The key categories of malicious software include viruses, worms,
trojan horses, ransomware, spyware, adware, and rootkits. Here, let's focus specifically
on the different types of viruses:

Key Categories of Malicious Software:

Viruses:
 Programs that attach themselves to legitimate files or programs and replicate
when the infected file is executed.
.
Worms:
 Self-replicating programs that spread across networks and systems without the
need for a host file. Worms exploit vulnerabilities to propagate.
.
Trojan Horses:
.
 Malicious programs disguised as legitimate software. Unlike viruses and worms,
trojans do not replicate but can cause significant harm when activated.
.
Ransomware:
.
 Malware that encrypts a user's files and demands payment (ransom) in exchange
for the decryption key. It restricts access to the victim's data until the ransom is
paid.
.
Spyware:
.
 Software that secretly monitors user activities, collects sensitive information, and
sends it to a third party without the user's knowledge or consent.
.
Adware:
.
 Programs that display unwanted advertisements on a user's device. While not
always inherently harmful, adware can degrade system performance and
compromise user privacy.
.
Rootkits:
.
  Concealed sets of tools that allow unauthorized access to a computer or network.
Rootkits are designed to hide their presence and maintain privileged access for
attackers.

Different Types of Viruses:

File Infector Viruses:

 Attach themselves to executable files and spread when these files are executed.
Examples include the CIH (Chernobyl) virus.
.
Boot Sector Viruses:
.
 Infect the master boot record of a computer's hard drive or removable storage
devices. Examples include the Stone virus.
.
Macro Viruses:
 Embed malicious code into macros of documents or applications. Commonly
found in Microsoft Office documents. The Melissa virus is an example.
.
Polymorphic Viruses:
.
Change their appearance each time they infect a new file or system, making
detection more challenging. Examples include the Storm Worm.
Metamorphic Viruses:
.
 Rewrite their own code entirely, making them even more difficult to detect and
analyze. The Simile virus is an example.
.
Multipartite Viruses:
.
 Employ multiple methods to infect both files and boot sectors. Examples include
Tequila and Invader.
.
Resident Viruses:
 Embed themselves in a computer's memory, allowing them to operate even when
the infected file is not executed. Examples include Randex and CMJ.
.
Non-Resident Viruses:
 Do not stay in the computer's memory after the infected file is executed.
Examples include Cascade and Vienna.
Understanding the various types of malicious software and viruses is crucial for
implementing effective cybersecurity measures, including antivirus programs, firewalls,
and user education to prevent infections and mitigate their impact.
窗体顶端

窗体底端