Cryptography and Network Security

NAME – AMAN JAIN

SAP ID – 500075904

R177219023

AI & ML BATCH-1

CLASS TEST
ANS-1

A block cipher is a symmetric cryptographic technique which we used to encrypt a fixed-size

data block using a shared, secret key. During encryption, we used plaintext and ciphertext is
the resultant encrypted text. It uses the same key to encrypt both the plaintext, and
the ciphertext.

A block cipher processes the data blocks of fixed size. Typically, a message's size exceeds a
block's size. As a result, the lengthy message is broken up into a number of sequential
message blocks, and the cipher operates on these blocks one at a time.

With the help of the shared secret key, a block cipher encrypts and decrypts its input one
block rather than one bit at a time. Since the block's size is fixed, padding is not necessary. It
is a symmetric algorithm. During encryption, it converts text input into cyphertext using the
shared key. It uses the same key during decryption to change the cyphertext back to the
original plaintext. The length of the output and input are identical.

o Popular variations of the block cipher algorithm include the Data Encryption
Standard (DES), TripleDES, and the Advanced Encryption Standard (AES).
o The stream cipher uses a shared key and operates on its input one bit at a time, which
is the block cipher's counterpart.
o Alternative to the block cipher algorithm includes public-key
cryptography and asymmetric cryptography. This algorithm uses the public key to
encrypt plaintext and a private key to decrypt the ciphertext.

1. Data Encryption Standard (DES)

Initially, sensitive, private information was protected using a 56-bit symmetric key
algorithm. DES was later discontinued because of its short length and other security issues,
although it is still regarded as a pioneer encryption standard.
2. Advanced Encryption Standard (AES)

It is a popular block cipher which encrypts data in blocks of 128 bits using 128, 192, and 256-
bit symmetric keys. The underlying block cipher uses substitution-permutation and
transportation techniques to produce ciphertext by shuffling and replacing input data in a
sequence of linked calculations. AES is a widely encryption standard since cryptanalysis
efforts against its algorithms have been ineffective.

3. Twofish

Twofish is an encryption standard that uses a Feistel network, a complex key schedule, and
substitution techniques to separate the key and ciphertext. Using keys that can range in size
from 128 to 256 bits, the standard encrypts plaintext data in blocks of 128 bits.

Block ciphers are also used by other encryption schemes such as 3DES,
Serpent, and Blowfish.

A stream cipher uses time-varying changes on plaintext data to encrypt a continuous string
of binary numbers. As a result, this method of encryption works bit-by-bit, utilising
keystreams to generate ciphertext for arbitrary lengths of plain text messages. The cipher
combines a key (128/256 bits) and a nonce digit (64-128 bits) in order to generate the
keystream - a pseudorandom number XORed with the plaintext to generate the ciphertext.
The keystream must be different for each encryption iteration even though the key and nonce
can be reused to maintain security. In order to build the keystream, stream encryption ciphers
generate a unique nonce (a number used only once utilising feedback shift registers.

Since a mistake in the translation of one bit often does not affect the entire plaintext block,
stream cipher encryption algorithms are less likely to cause system-wide errors to spread.
Additionally, stream encryption is linear and continuous, making it easier and quicker to
deploy. However, stream ciphers do not have diffusion because each digit of the plaintext is
mapped to one ciphertext output. Furthermore, they don't check for validity, which leaves
them open to insertions. If hackers defeat the encryption algorithm, they are able to add to or
change the encrypted message without being noticed. Stream ciphers are typically used to
encrypt data in an application where the volume of plain text cannot be predicted and in low
latency use-cases.

The following are examples of stream ciphers:

1. River Cipher (RC4)

A quick and easy encryption algorithm called RC4/ARC4/ARCFOUR was created

in 1987 to accomplish byte-by-byte encryption utilising 64- or 128-bit length
keys. Transport Layer Security, secure Sockets Layer, and the IEEE 802.11
WLAN standard all use extensively RC4. The widely used encryption method is available in
a number of variations, including SPRITZ, RC4A, and RC4A+.
 2. Salsa20

Salsa20 is a powerful, up-to-date encryption cipher that creates the encryption keystream
using an expansion function. Salsa20 also relies on a core function which uses add-rotate-
XOR (ARX) operations to map the key, a nonce digit, and constant vectors retrieved from the
expansion function to the keystream.

ANS-2
The passive attack is the initial sort of attack. For specific functions, a passive attack can
monitor, observe, or develop the use of the system's data. However, it does not affect the
system's resources, and the data remains unaffected. Because passive attacks are carried out
in stealth, it is difficult for the victim to notice them. The goal of a passive attack is to get
data or to search the network for open ports and vulnerabilities.
An example is when an intruder uses a packet analyser programme like Wireshark to record
network data for subsequent examination.

An active attack might be a network exploit in which the attackers modify or alter the content
and cause a system resource to be impacted. The victims will suffer harm as a result of it. The
attackers might use passive attacks to gather information before launching a more aggressive
strike. The attackers try to break into the system and cause it to lock. The victims can be
alerted about the ongoing attack. Their integrity and accessibility may be jeopardised due to
such an attack. A forceful attack is more challenging to execute than a quiet attack.
Man-in-the-middle (MitM), impersonation, and session hijacking are examples of active
attacks. The Attacker sends data to the client, Credential Service Provider, Verifier, or
Relying Party via the authentication protocol.

ANS-3
A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies
on guessing possible combinations of a targeted password until the correct password is
discovered. The longer the password, the more combinations that will need to be tested. A
brute force attack can be time consuming, difficult to perform if methods such as data
obfuscation are used, and at times down right impossible. However, if the password is weak it
could merely take seconds with hardly any effort. Weak passwords are like shooting fish in a
barrel for attackers, which is why all organizations should enforce a strong password policy
across all users and systems.

Brute force attacks are usually used to obtain personal information such as passwords,
passphrases, usernames and Personal Identification Numbers (PINS), and use a script,
hacking application, or similar process to carry out a string of continuous attempts to get the
information required.

Goals of a brute force attack include:

 Theft of personal information such as passwords, passphrases and other information used to
access online accounts and network resources
 Harvesting credentials to sell to third parties
 Posing as users to send phishing links or spread fake content
 Defacement of websites and other information in the public domain that could damage the
reputation of the organization
 Redirecting domains to sites holding malicious content
They can also be used for positive gains. Many IT specialists use this method of attack to test
network security and more specifically, the strength of the encryption used on the network.

ANS-4

Direct

 It only requires the communicating parties.

 In this the digital signature encrypts the whole plain text with the sending party’s
private key.
 The message is directly transmitted between both parties without any help from an
intermediate
 The timestamp is not maintained by both sides.
 In case the confidentiality is needed the message will be encrypt with receiver’s
public key or a shared key.
 Vulnerable to any kind of replay attack.
 It clocks a processing speed of 16 MHz.
 It is implemented using public key.

Arbitrated digital signatures

 It requires an arbiter along with communicating parties to send or receive messages.

The encrypted message is send by X to arbiter Z with Y’s id, timestamp and some
random number PQ.
 An arbiter is needed to transmit the message.
 The timestamp is maintained by all three members by default.
 The arbiter provides confidentiality of the message.
 The timestamp is used to protect the message from any kind of replay attack.
 While Raspberry Pi clocks a processing speed of 1.4 GHz.
 It is implemented using private key.