Jul 2017 Edition Gaara etonscenetsy hs SEM - 7 (COMPUTER) (As per Revised Syllabus w.e.f 2015 - 2016) www.ToppersSolutions.com +91-7507531198Coyplogrphy & Sytem Seurty —— Sonatir~7 Cryptography & System Security Topper's Solutions Firewalls Software - Types, Viruses, Vitus Countermeasures, Worms, Targeted Malicious Code, Controls against Program Threats. 7.2. Operating System Security:_,'¥ aa j Memory and Address protect File Protection/Mechanisi, User Authentication. 7.3. Database Security: Security Requirement, Reliability and Integrity, Sensitive data, Inference, Multilevel Databases. Chapters ‘Syllabus Page No. Introduction | Security Attacks, Security Goals, Computer criminals, Methods of | 01 defense, Security Services, Security Mechanisms. Basics of __ | Symmetric Cipher Model, Substitution Techniques, Transportation | 08 Cryptography | Techniques, Other Cipher Properties- Confusion, Diffusion, Block and Stream Ciphers. Secret Key | Data Encryption Standard(DES), Strength of DES, Block Cipher | 17 Cryptography | Design Principles and Modes of Operations, Triple DES, International Data Encryption algorithm, Blowfish, CAST-128. PublicKey | Principles of Public Key Cryptosystems, RSA Algorithm, Diffie- | 30 Cryptography _ | Hellman Key Exchange. Cryptographic | Applications of Cryptographic Hash Functions, Secure Hash} 41 Hash Functions | Algorithm, Message Authentication Codes - Message Authentication Requirements and Functions, HMAC, Digital signatures, Digital Signature Schemes, Authentication Protocols, Digital Signature Standards, | Authentication | Kerberos, Key Management and Distribution, X.509 Directory | 50 | Applications } Authentication service, Public Key Infrastructure, Electronic Mail | Security: Pretty Good Privacy, $/MIME. Security & | 7.1 Program Security: 58 Secure programs, Non-malicious Program Errors, Maliciouso e Crypegrply Spon Sct Senator 7 Topper's Solutions 7A IDS and Firewalls: Intruders, Intrusion Detection, Password Management, Firewalls-Characteristics, Types of Firewalls, Placement of Firewalls, Firewall Configuration, Trusted systems. 8 | security 84 8.2 IP Security: Overview, Architecture, Authentication Header, Encapsulating Security Payload, Combining security Associations, Internet Key Exchange, Web Security: Web Security Considerations, Secure Sockets Layer and Transport Layer Security, Electronic Payment. Non-cryptographic protocol Vulnerabilities: DoS, DDoS, Session Hijacking and Spoofing, Software Vulnerabilities-Phishing, Buffer Overflow, Format String Attacks, SQL Injection. 4Cryptography & System Security Semester ~7 Marks Distribution Topper's Solutions Chapter No. Chapter Name Dec-15 | May-16 | Dec-16 | May-17 ae Introduction. 10 05 - : as Basics of Cryptography. 10 05 10 0s 3. Secret Key Cryptography. 15 1s 20 15 4 Public Key Cryptography. 20 15 20 30 5 Cryptographic Hash Functions. 05 10 15 15 6. Authentication Applications. 10 15 05 10 7. Security & Firewalls. 15, 20 35 | 0 8 IP Security. 40 40 20 | 35 9% Miscellaneous. - : ee - Repeated Questions : 25 60 40 Copyright © 2017 by Topper’s Solutions Allrights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without ission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below. Contact No: 7507531198 Email [D: Support@ToppersSolutions.com Website: www.ToppersSolutions.comIntroduction Semester ~ 7 Topper's Solutions CHAPTER - 1: INTRODUCTION Qu] Operating System Security. Ans: [5M - Deets] SECURITY: 1. Security refers to providing a protection system to computer system resources. 2. Resources can be a CPU, memory, disk, software programs and mest importantly data information stored in the computer system. OS SECURITY: Operating System Security (OS security) is the process of ensuring OS integrity, confidentiality and availability. Ifa computer program is run by an unauthorized user, then he/she may cause severe damage to computer or data stored in it. So a computer system must be protected against unauthorized access, threats, viruses, worms and malwares. Figure 1. : OS Security. GOALS OF OS SECURITY: Dn Confidentiality: } _ Itis the best security policy. > Itassures that data is accessed by authorized user only. 1) Integrity: > Itensures that the data received by the receiver is exactly same as the data send by sender. > The data should not be modified by any unauthorized entity. 11) Availability: > Itensures that the data is always accessible/ available to authorized persons. > Whenever an authorized system entity demands for system resource, it must be accessible and usable at all times by him/her. Page tof 104o Introduction Semester ~7 Topper's Solutions Q2]__ Define the goals of security and specify mechanisms to archive each goal. Qg] _ List with example the different mechanisms to achieve security. Ans: [Q2 | 5M — Dees5] & [Q3 | 5M — May16] Note: For Q3) Refer only Security Mechanism Part. SECURITY GOALS: D Confidentiality: % —_Itisthe best security policy. > Confidentiality assures that data is accessed by authorized user only. > Nounauthorized party can have access to the data. > Accessing data means to read, to print or just to know the existence of data. > Itisalso called as secrecy or privacy. > Confidentially can be achieved by means of encryption, so that even third party gets access to the message, they cannot reveal the exact meaning of that message. > Example: Figure 1.2 shows the example of Confidentiality. Consider that A & B wants to communicate with each other. When A sends a message “m” to B, only B should receive it. Only then confidentially is maintained. A 8 (Gender) (ceiver) c (attaches) Figure 1.2: Example of Confidentiality. 4H) Integrity: > Integrity ensures that the data received hy the receiver is exactly same as the data send by sender. > The data should not be modified by any unauthorized entity. > Only authorized entity or person should be able to modify or update the data. > Modification means modification of data through insertion, deletion or replay of data. Integrity can be achieved by using checksum or hashing methods such as MDS, SHA-1 & Tiger Hash. Page 2 of 104Introduction Semester—7 Topper's Solutions m1) (Senter) (ecever) ‘eat Rout ofthe mess ai = a | ema Roxte Figure 1.3: Example of Integrity. Availability: Itensures that the data is always accessible/ available to authorized persons. Whenever an authorized system entity demands for system resource, it must be accessible and usable at all times by him/her. The information created and stored by an organization needs to be available to authorized entities. Information is useless ifit is not available. Example: The situation can be difficult for a bank if the customer could not access their accounts for transactions. Interruption puts the availability of resources in danger. A B (Sender) (Receiver) Figure 1.4: Example of Availability. SECURITY MECHANISMS: 1) Encipherment: > Thisis hiding or covering of data which provides confidentiality. Itis also used to complement other mechanisms to provide other services. * Cryptography and Steganography are used for enciphering. I Digital Integrity: > The data integrity mechanism appends a short check value to the data that has been created by a specific process from the data itself. > Data integrity is preserved by comparing check value received to the check value generated. U1) Digital signature; > ry, A digital signature is a means by which the sender can electronically sign the data and the receiver can electronically verify the signature. Public and private keys can be used. Page 3 of 10%Introduction Semester —7 Topper's Solutions Iv) vsv Authentication Exchange: In this two entities exchange some messages to prove their ider Traffic Padding: ‘Traffic padding means inserting some bogus data into the data traffic to thwart the adversary's ty to each other. attempt to use the traffic analysis. Routii 4 Routing control means selecting and continuously changing different available routes between sender and receiver to prevent the opponent from eavesdropping on a particular route. Notarization: Notarization means selecting a third trusted party to control the communication between two entities. The receiver can involve a trusted third party to store the sender request in order to prevent the sender from later denying that she has made a request. VIII) Access Control: > Access control used methods to prove thata user has access right to the data or resources owned byasystem. > Examples of proofs are passwords and PINs. — EXTRA QUESTIONS — Qu] Security Attacks. Ans: ‘SECURITY ATTACKS: 1. Attackis the action which exploits the vulnerability of system. 2, Security Attack is a method or technique that violates security policy of a system or organization, 3. While transferring an information, attack may occur. 4. This attack may be either active or passive. Security Attack: Passive Active Release of ‘TrafficAnalysis Masquerade Replay Modification Denial ‘Message Content Attack of Message of Service Figure 1.5: Types of Attacks. Page 4 of 04Introduction Semester ~7 Topper's Solutions PASSIVE ATTACK: 1. _InPassive Attack, an attacker just obtains an information being transmitted. 2, —_ Itdoes notalter the message. 1) _ Release of Message Content: > This Attack discloses the message information. It may happen through various ways such as: Listening to telephone conversation, accessing e- mails or observing a transferred file which may contain sensitive information. 1) Traffic Analysis: > In Traffic Analysis, an attacker observes the network traffic and tries to analyze the nature of communication, > Encryption technique is used to prevent Traffic Analysis. ACTIVE ATTACK: Active Attack is an Attack that modifies the original Message. 0 > ») e - Masquerade: ‘This attack occurs when unauthorized entity pretends to be an authorized entity. That Is an attacker takes an identity of someone and acts on behalf of them without their knowledge. Phishing {s one of the variation of masquerade. 13 eal © Masquerades A Figure 1.6: Example of Masquerade. Replay Attack: In Replay Attack, an attacker captures the data and retransmits it after some delay as shown in Figure 1.7. Example: A Sends Rs. 1, 00,000 to B Through an online transmission. _ An Attacker captures this data and sends it again after some time to produce unauthorized effects. Page 5 of t04Introduction Semester ~7 Topper's Solutions 8 (ender) (eins) Replay same message ne A Figure 1.7: Example of Replay Attack, II) Modification of Messages: % —_ Inthis technique, an attacker tries to modify the message. > This modification may be in terms of message alteration, delay or reordering. > Example: If the original message is Transfer Rs. 1, 00,000 from A to B, it may be modified to ‘Transfer Rs. 1, 00,000 from A to C. (enter) enna) fel Figure 1.8: Modification of Message. Iv) Denial of Service (DoS): > Denial of Service (DoS) is also known as Availability Attack. > Itprevents authorized users from getting access to system communication facilities or resources. > Itmay disrupt the network either by disabling the network or by overloading it with message. > Active Attacks are easy to detect but difficult to prevent. Qe] Security Services Ans: SECURITY SERVICES: 1. Security service is a service that enhances the security of the system or data transfer. 2. They are intended to counter Security Attacks. 3. Security Services make use of one or more security mechanisms to provide the service. 4, Figure 1.9 shows the Categories of Security Services. Page 6 of to4Introduction Semester 7 Topper's Solations “Authentication Data Confidentially Data Integrity Non-repudiation Access Control Figure 1.9: Categories of Security Services. Qo Authentication: v Itensures that the communicating entity is the one claimed. 1 Data Confidentially: ee Itprotects the data from unauthorized disclosure. mm) Datalntegrity: > Itassures that data received is as sent by an authorized entity. 1) Non-Repudiation: > Itprotects against Denial by one of the parties in a communication. Vv) Access Control: > Itprevents from authorized use of a resources. Page 7 of 104o Basie of Cryptography Semester ~7 Topper's Solutions CHAPTER - 2: BASIC OF CRYPTOGRAPHY Qi] Define the following examples: @_ Substitution cipher. (ii) Poly-alphabetic cipher. Ans: [5M - Deets] SUBSTITUTION CIPHER: 1. Substitution cipher is a method of encoding by which units of plaintext are replaced with cipher text, according to a fixed system. ‘The “units” may be single letters, pairs of letters, and triplets of letters or mixtures of the above. ‘The receiver deciphers the text hy performing the inverse substitution. In short, in Substitution, one symbol/letter is replaced by another. yses ‘Substitution Cipher can be divided as: 1) Monoalphabetic Cipher: > Acharacter in plain text is always changed to the same character in the cipher text regardless of its position. > Example of this is the Ceaser Cipher which involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. T. ees aL EPL PE Perit ll ep Perr Cipher Text |DJE|F |G/H|T |J [K/L |M|N/O|P /Q|RIs |T|U z[alsle Plain Text: ViVA Institute of Technology Cipher Text: YLYD LQVWLWXWH RI WHFKQRORJB mm Polyalphabetic Cipher: > Ina polyalphabetic cipher, multiple cipher alphabets are used. » Apolyalphabetic cipher uses a number of substitutions at different times in the message. y In polyalphabetic cipher, relationship between characters in plain text to a character in cipher text is one-to-many. > Example: Consider the previous example of Monoalphabetic Cipher, where ‘A’ is replaced by at 4 different places. = If we use polyalphabetic cipher, ‘A’ will be replaced by 4 different letters. Page 8 of 104Basie of Cryptography Semester ~ 7 Topper's Solutions Key | Topper] 2 @ iB 5 z 7 Painted | Sagar | 18 o é 0 TF ; CipherTet | Lovey | 37 a er 5 a = Q2] Explain with example, keyed and keyless transposition ciphers. Ans: [5M — May16] ‘TRANSPOSITION CIPHER: 1. Transposition cipher isa method of encryption by which the positions held by units of plain text vv ev ¥ S are shifted according to a regular system, so that the cipher text constitutes a permutation of the plaintext. ‘Thats, the order of the units is changed. Transposition cipher does not substitute one symbol for another instead it changes the location of the symbols. ‘Transposition Cipher can be divided as: nsposit Itis Simplest Transposition Cipher. In first method the textis written into a table column by column and then row by row. For example, to send the message "Meet me at the park” to Bob, Alice writes k a Se eS ‘The cipher text is created reading the pattern row by row. Cipher text is “MEMATEAKETETHPR", In the second method the text is written into the table row by row and then transmitted column by column. For example, Alice and Bob can agree on the number of columns and use the second method. Alice writes the same plain text, row by row, ina table of four columns. meet re Mera hae arep aor ik The cipher textis created reading the pattern Column by Column, Cipher text is “MMTAEEHREAEKTTP”, Rage gfBasia of Cryptography Semester ~7 Topper's Solutions 11) Keyed Transposition Cipher: % In Keyed Transposition Cipher, plain text is divided into groups of predetermined size called blocks. > Then ituse a key to permute the characters in each block separately. > Example: Alice needs to send the message "Enemy attacks tonight" to Bob. > Let the block size be 5 e [n [E[m|y¥ a [Tle [ale k[s[tloe[=| [tle [h[t]z > The key used for encryption and decryption is a permutation key, which shows how the characters are permuted. Key: Encryption| 3 a 4 7 2 | Decryption + 1 2z 3 4 5 T Consider the Figure 2.1 which shows the example of keyed transposition cipher. Alice Bob aq a =. Plaintext Plaintext enemyattackstonightz enemyattackstonightz Veo by ow [Resdearty on Sacer my amma ney Es t o on koa t o on ne esata = a ° EZ ESR: A Bh Mee eA gk bli WS ay oe Ree Trae aes Baie ke ba G Reade ty esa | f rte tn y etn pT THE AK IMAQTYENZNTS G]|_————->[5 1 THE AKIMAOTY ONZNTSG = Ciphers Ceres Figure 2.1: Example of Keyed Transposition Cipher. Page t0 of tgBasie of Cryptography Semester ~7 Topper's Solutions Q3] Encrypt "The key is hidden under the door" using play fair cipher with keyword “domestic” Ans: [5M — Deca5] PLAY FAIR CIPHER: 1. Play Fair Cipher is one of the Multi-letter Cipher. 2. Play Fair Cipher uses a $x 5 Matrix of alphabets containing a keyword or phrase. 3. This cipher encrypts pair of letters instead of single letter. 4, Iti difficult to break because frequency analysis does not work in Play Fair Cipher. EXAMPLE: Plain Text: The key is hidden under the door. Key: Domestic Steps: 1. Pair the plain text alphabets in two. ‘Thek ey ishi dd en un de rt he do or 2, Ifany character in the plain text is ‘J then replace it with . Thekey ishidd en un de rt he do or 3. Double letter or consecutively repeated same letters are separated by x or z. Thek ey ishi dxd en un de rt he dox or 4. Ifan odd character is left out pair it with x or 2. Th ek ey is hi dx de nund er th ed ox or 5, Preparea table same as Monoalphabetic table but this table will be 5x5 table because’ & J will be merge together. (Using Key ie. Domestic) a ° M [oe s Trig Sc |e f ae 1 n Q } r u v w x - Z 6. Replace the pair ofcharacters with the intersection, ifthe intersection is not found follow the rule. Page tt of to4Basic of Cryptography Semester ~7 Topper's Solutions Rules: > Ifboth letters are in the same column, take the letter below each one (going back to the top ifat the bottom) If both letters are in the same row, take the letter to the right of each one (going back to the left if at the farthest right) Ifneither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle. Thekey is hi dx de nu nd er th ed ox or After Applying Rules: cf ar ae bo ge my os pn vtay cso mw ep Therefore, hher Text is: far ae bo ge mv os pn vtay cf'so mw ep of Enerypt the string "This is an easy task" using a playfair cipher with key "monarchy" Ans: [5M - Decx6] PLAY FAIR CIPHER: 1. Play Fair Cipher is one of the Multi-letter Cipher. 2. Play Fair Cipher uses a 5 x 5 Matrix of alphabets containing a keyword or phrase. 3. This cipher encrypts pair of letters instead of single letter. 4, Its difficult to break because frequency analysis does not work in Play Fair Cipher. ‘EXAMPLE: Plain Text: This is an easy task. Key: Monarchy Steps: Pair the plain text alphabets in two. Thisis an easy task Ifany characterin the plain textis‘J'then replace it with‘ {in our case character J'is not present) Thisis an ea sy task Double letter or consecutively repeated same letters are separated by x or z. (in our case there is no consecutively repeated same letters) Thisis an easy ta sk Page t2 of 104Basie of Cryptography Semester ~7 Topper's Solutions 4 v Ifan odd character is left out pair it with x or z. (in our case there is no odd character) Thisisan easy task Prepare a table same as Monoalphabetic table but this table will be 5 x5 table because ‘’ & J’ will be merge together. (Using Key ie, Monarchy} ) [aR ~ fe M 0 CK Efe (oJ L v Dy N - |B is K . at T Si 4 Ww Zz Ifboth letters are in the same column, take the letter below each one (going back to the top ifat the bottom) hw Ifboth letters are in the same Zaus,take the letter to the right of each one (going back to the left if at the farthest right) If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle. Thisisan easy task th Rule3 > pd_, is > Rule 2> sx on tO is > Rule 2 > sx an>Rule1> ra ea> Rule3 Sim ee NG oe sy > Rule3 > ab ta> Rule3 > sr sk> Rule3 > ti After Applying Rules: pd sx sx ra im qb sr ti ‘Therefore, Cipher Text Is: pd sx sx raim qb sr tt Page t3 of tonBasic of Cryptography Semester -7 Topper's Solutions Q5] _ Use the Play fair cipher with the keyword: "MEDICINE" to encipher the message "The greatest wealth is health". Ans: [5M —May17] PLAY FAIR CIPHER: 1. Play Fair Cipher is one ofthe Multi-letter Cipher. 2. Play Fair Cipher uses a § x 5 Matrix of alphabets containing a keyword or phrase. 3. This cipher encrypts pair oflletters instead of single letter. 4. tis difficult to break because frequency analysis does not work in Play Fair Cipher. EXAMPLE: Plain Text: The greatest wealth is health. Key: MEDICINE Steps: 1. Pair the plain text alphabets in two. Thegreates tw ealthish ealth Ifany character in the plain textis ! then replace it with. (in our case character ‘J'is not present) Thegreat es tw ealthish ealth 3. Double letter or consecutively repeated same letters are separated by x or z. (in our case there is no consecutively repeated same letters) ‘Thegreatestwealthish ealth Ifan odd character is left out pair it with x or z. (we pair it with x) Th eg reat es tw ealt hi sh ea lt hx 5. Prepare a table same as Monoalphabetic table but this table will be S x5 table because '! & ‘' will be merge together. (Using Key ie. Medicine) Tee a [nla D f g Teas (eee east (cages eas See w [ee [eee [aBasic of Cryptography Semester - 7 Topper's Solutions Q6] Compare and contrast: Block and stream ciphers. Ans: [5M — Dec16] ‘Table 2.1: Comparison between Block & Stream Cipher. ‘Stream Cipher Block Cipher ‘Stream Cipher operates on smaller units of plain text. | Block Cipher operates on larger block of data. | Faster than Block Cipher. ‘Slower than Stream Cipher. > ‘Stream Cipher has Low Diffusion. Block Cipher has High Diffusion. Requires less code. Requires more code. Tt does not provide integrity protection or Te provide integrity protection or authentication. authentication. Stream Cipher is more suitable for hardware Block Cipher is more suitable For software implementation. implementation. Keyis used only once. Reuse of key is possible, Example: One Time Pad Example: DES ‘Application: SSL Application: Database, File Encryption. — EXTRA QUESTION — Qu] Block & Stream Cipher. Ans: BLOCK CIPHER: 1. Block Cipher is a symmetric key cipher which operates on a fixed length group of bits, called block. 2. Itencrypts entire block of message one at atime, In this the plain text are combined with a pseudorandom cipher bit stream by an XOR operation. 4. Cipher text is generated by encrypting the plain text bits one ata time. 5. Example: RSA, Diffie Hellman, DES and AES. STREAM CIPHER: 1, Stream Cipher is also called as state cipher. 2, It is asymmetric key cipher, which operates on bits/ bytes. 3. Inthis the plain text are combined with 2 pseudorandom cipher bit stream by an XOR operation. 4. Cipher text is generated by encrypting the plain text bits one at a time. 5. Example: A5/1,RC4. Page t6 of t04Seret Key Cryptography Sonester~7 Topper’ Soatons CHAPTER - 3: SECRET KEY CRYPTOGRAPHY Qu] DEA. Qe] Key generation in IDEA. Ans: [Qt | 5M- May16] & [Q2 | 5M - Dees} IDEA: 1, IDEA stands for International Data Encryption Algorithm, 2, Itis Block Cipher Algorithm. 3. IDEA\s the replacement of DES (Data Encryption Standard). 4. IDEA operates on 64-bit blocks using a 128 bit key. 5. IDEA derives much of its security by interleaving operations from different groups like modular addition and multiplication, and bitwise exclusive OR (XOR). KEY GENERATION: > The 128 bit key is divided into 8 sub parts that is 16 bits each. > Then the 128 bit key is cyclically shifted to the left by 25 position, so by doing this we will have one new 128 bit key. > Now similarly as above it is divided into 8 sub blocks and will be used in next round, > The same process is performed 9 times and 56 keys are generated from which the first 52 keys will be used. > Solikewise from K1 to KS2 keys are generated as shown in figure 3.1. Plain Text (64 Bits) Px (16 Rts) P, (16 Bits) PLC6Bits) —P, (16 Bits) Output Traneformation GUsnH) ce Bis) ec16Bim) Cc, (6 Bits) ‘cipher Text (64 Bits) Figure 3.1: IDEA Key Generation. Pagesz of ohSearet Kay Cryptography Smale ‘Sequence of operation in one round; Multiply P, and Ki. ‘Add P2 and second Ks. ‘Add Ps and third Ks. Multiply Ps and Ki, 5. Step 1 ® step 3. 6. Step 2 @ step. 7. Multiply step 5 with Ks. 8 Add result of step 6 and step 7. 9, Multiply result of step 8 with Ko. 10. Add result of step 7 and step 9. 11, XORresult of steps 1 and step 9. 12, XOR result of steps 3 and step 9. 13, XOR result of steps 2 and step 10. 14, XOR result of steps 4 and step 10. Same operations are performed in 8 rounds. Figure 3.2: Encryption round of IDEA. ‘Sequence of operation in last round: 1. Multiply P; with Kis. 2, Add Pr and Kso, 3. Add Pzand Ks. 4. Multiply Ps and Kso. Topper's Solutions Page 18 of 104Score Key Cryptography Semestor 7 Toppers Solutions Q3] Explain working of DES. Q4]__ Explain working of DES detailing the Fiestel structure. Qs] _ Explain DES, detailing the Fiestel structure and S-block design. Ans: [Q3 | 10M ~ May16] & [Q4 | 10M — Decis] & [Q5 | 10M — May17] DES: 1. DESstands for Data Encryption Standard 2. Itisalso known as Data Encryption Algorithm or DEA ~ 1. 3. DESis nothing but an algorithm developed by IBM based on 4, Algorithm is complicated but straight forward. 5. Ituses logical operations on a group of bits. 6. The successor of DES are Triple DES, G - DES, DES - X. 7. DES algorithm is a powerful combination of two basic encryption techniques. a. Confusion, b. Diffusion. 8. DES is a block cipher that uses shared secret encryption. It encrypts the data in the block of 64 bits. WORKING: Figure 3.3 shows working of DES. som ir RPT t oy ——+[ te Rowe Te Row I i Cipher Tet (64H) Figure 3.3: Working of DES. STEPS: 1) Initial Permutation: > Initial Permutation means rearranging the bits of the plain text. > Initial Permutation is performed over plain text. > For Example: P = 1010101010 > 1111100000 > It produces two halves of the permuted blocks ie. Left Plain Text (LPT) & Right Plain Text (RPT) Page 19 of tonSecret Key Cryptography Semester~7 Topper's Solutions 11) Detail of one round in DES: > Each Round in DES performs following Steps as shown in Figure 3.4 & Fiestel Structure is shown in Figure 3.5, **° Note: For Q3 Consider Figure 3.4 & for Q4 Consider Figure 3.5. Don’t Refer Both Figure in Same Key Transformation | serie Expansion Permutation 485i S-Box Substitution |—+ so1010 328 P-Box Perinutation 3zBH XOR& Swap Figure 3.4: Detail of one round in DES. s2Bits 32.Bits Ge Permatation/ Contra al x Figure 3.5: Fiestel structure of Detail of one round in DES. Page 20 of 104Seoret Key Cryptography Semester ~7 Topper's Solutions mm > > ™) v vp we vin) ‘Key Discarding Process: 56 Bit Key is used during encryption process. In Key Discarding Process, 56 bit key is transformed into 48 bit key by discarding every 8* bit of initial key. In Expansion Permutation, the right half is expanded from 32 bits to 48 bits. Expansion permutation permutes order of the bit and repeats certain bits, so that both the inputs of first XOR operation are comparable. Key Transformation (Compress Key 56 to 48 Bit) Expanston Permutation (Expand RPT 32 to 48 Blocks) 48 RIERPT S-Box Substitution is the process which accepts 48 bit key and expanded right plain text of 48 bit which getXOR and produces 32 bit outputas shown in figure 3.6 = srmutat Its similar to Initial Permutation. In this step, the 32 bit output from eight boxes is permuted XOR & SWAP; In this Step, the output of XOR operation becomes new right plain text and old right plain text becomes new left plain text. ‘The complete process is called as XOR and swapping operations. Page 24 of 04S2IERPT Block. Expansion Permutation S-Box Substitution P-Box Permutation fone 32 bit RPT Block 32 bit LPT Block Figure 3.7: XOR & Swap. Vi) Final Permutation: > Final Permutation is performed after successful completion of 16 rounds. > Itproduces 64-bit encrypted block. Q6] Describe triple DES with two DES keys. Is man in the middle attack possible on triple DES? Ans: [5M -Decs6] TRIPLE DES: 1. The DES algorithm uses a key length of 56 bits, with which becomes very easy for an attacker to break the encryption. 2. To improve the security of DES at higher level Triple DES was proposed. 3. This uses three stages on DES for encryption and Decryption. 4. Ithas two versions: Triple DES with Two Keys and Triple DES with Three Keys. ‘Triple DES with Two Keys: v v In this two keys are used. In first and third stage Key 1 is used while in second stage Key K2 is used. First the plain text is encrypted with key K1 then the output of stage 1 is decrypted with key K2 and final output second step is encrypted again with key K1. Figure 3.8 shows the encryption & decryption using triple DES with 2 keys. Page 22 of t04Seoret Key Cryptography Semester~7 Topper’s Solutions my KR Ky Ky, bok. bbe. Figure 3.8: Triple DES with 2 Keys. ‘Man in the Middle Attack: vvyovyv v e v vy No Man-in-the-middle attack or Meet-in-the-middle attack is not possibie in Triple DES. For the given known pair of plain text-cipher text (P, C), the attacker will Encrypt P with all 25 possible keys for K1 (size of key is 56 bits in DES) and Decrypt C with all 25 possible keys for K2. IfE (K1, P) = D (K2, C) then K1, K2 are most likely the correct pair of keys. ‘The attacker confirms this key pair by checking it with another pair of P, C. In order to counter Man-in-the-middle attack or Meet-in-the-middle attack, three stages of encryption-decryption with two different keys is used. This raises the cost of the Man-in-the-middle attack or Meet-in-the-middle attack to 28 which is not practical for now. However, it has the drawback of requiring a key length of 56 x 3 = 168 bits, which may be somewhat unwieldy. For this reason Triple DES with 2 keys is used. Using Triple DES with 2 keys we get the same cost of attacking for less number of keys. One half has (K1, K2) and the other K1. Attacking the first half costs 2122 operations, attacking the second half costs 256 operations. od ‘What are block ciphers? Explain with examples the CBC and ECB modes of block ciphers Ans: [5M —Dect6] BLOCK CIPHER: 1. Block Cipher is a symmetric key cipher which operates on a fixed length group of bits, called block. 2, Itencrypts entire block of message one ata time. 3. In this the plain text are combined with a pseudorandom cipher bit stream by an XOR operation. 4, Cipher text is generated by encrypting the plain text bits one ata time, 5. Example: RSA, Diffie Hellman, DES and AES. Page 23 of to%Seeret Key Cryptography Semester~7 Topper’ Solutions MODES OF OPERATION: 1D ECBMode: > ECB Mode stands for Electronic Code Book Mode. Itis simplest encryption mode. > ‘The message is divided into blocks, and each block is encrypted separately. If the size of plaintext is not a multiple of block size, padding is used to maintain uniform size of block. > Since it is symmetric, it uses same key for encryption and decryption of each block. © The encryption and decryption can he done as follows as shown in figure 3.9. a oe pe t i ae ik ar Dik ar asker tey—-| “enption | | ‘encryption | Y—| ‘enenpton | | euetae sus custom aharioe beri Geena Electronic Codebook (ECB) made encryption Ciphertext Ciphertext Ciphertext emir cgi cone eee er ese ae ey —-[ Senseo | ey —[ Behetr | er —[ Baiotoe coo coo coo ae a nee Electronic Codebook (ECB) mode decryption 1) cBCMode: to CBC Mode Stands for Cipher Block Chaining Mode. > twas invented by IBM. > Itisused to overcome the security deficiencies of ECB Mode. > In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. > This way, each ciphertext block depends on all plaintext blocks processed up to that point. > Tomake each message unique, an initialization vector (IV) must be used in the first block. % Theencryption and decryption can be done as follows as shown in figure 3.10. Page 24 of (04Seoret Key Cryptography Semester ~7 Topper's Solutions — = $ o— a oe f 5 4 ses a a an Cipher Block Chaining (CBC) mode encryption a conto cco aig = atm = lim i i 9 —-[Eaee | | »—-ERE) | »-LE tsi ee a od sa py Cipher Block Chaining (CBC) made decryption Figure 3.10: CBC Mode. Ifthe first block has index 1, the mathematical formula for CBC encryption is i= Ex (Pi @ Gi-1) and Go=1V While the mathematical formula for CBC decryption is P= Dx (C) @ G-1 and Co=1V Q8] Blowfish Ans: [5M —May17] Note: For better understanding we have explained in detail. Cut short it as per understanding when asked for 5 marks. BLOWFISH: Blowfish is an encryption algorithm. Itcan be used as a replacement for the DES or IDEA algorithms. Itisa symmetric block cipher. Ituses a variable-length key, from 32 bits to 448 bits. Ituseful for both domestic and exportable use. ae ee Ne Blowfish was designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. ‘This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. 8, Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. Page 25 of 04Seoret Key Cryptography Semester ~7 Topper's Solutions STRUCTURE OF BLOWFISH ALGORITHM: > > i Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits. Itis.a 16-round Fiestel cipher and uses large key-dependent S-boxes. Figure 3.11 shows the action of Blowfish. crs) E-Funtion one rand teas oe be xs KW, | isto [Sewioeimeeneo Nak G bole) nora PePdauent CoCipestent Kr Pasraenty O-= FB ~ sttion mod 2722 Figure 3.11: The Fiestel structure of Blowfish. Each line represents 32 bits. The algorithm keeps two sub key arrays. ‘The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries. Since Blowfish is a Fiestel network, it can be inverted simply by XORing K17 and K18 to the ciphertext block, then using the P-entries in reverse order. Page 26 of t04 QueSeer Key Cryptography Semester ~7 Topper's Solutions Q9] Compare DES and IDEA. Explain the round key generation scheme in both these algorithms. Ans: COMPARISON BETWEEN DES & IDEA: [10M - Dect6] ‘Table 3.1: Comparison between DES & IDEA. f DES [DES Stands for Data Encryption Standard Algorithm. WEA IDEA stands for International Data Encryption Algorithm. Ttuses 56-bit key. Truses 128-bit key. DES is now considered insecure (mainly due to a small key size of 56-bits). Considered to be a good and secure algorithm, DES divides plain text/cipher text into 64 bits per block, IDEA divides plain text/cipher text into 64 bits per block. Tt has 16 rounds of encryption/decryption process. Ithas 8 rounds of encryption/decryption process followed by a final round of output transformation. Each round uses different 46-bit sub key generated from the 56-bit key. Each of the 8 rounds uses different 6 sub Key and last round uses 4 sub keys. 16 different sub keys are used in DES. 52 different sub keys are used in IDEA. DESis weaker than IDEA. IDEA is stronger than DES. Round key generation scheme in DES: Refer Q3. Round key generation scheme in IDEA; Refer Ql. — EXTRA QUESTION — Qi] Variant of DES Ans: DOUBLE DES: 1. The DES algorithm uses a key length of 56 bits, with which becomes very easy for an attacker to break the encryption. 2. Double DES is the encryption standard which provides greater security, since it uses key length of 80 bits. Page 27 of 104Seorot Kay Crypiography Semestor ~7 Topper’ Solitons ae In this two keys are used say K: and Ko, It first performs DES on the original plain text using Key K; to get the encrypted text. It performs DES again on the encrypted text but this time with the other key Kz. The final output is the encryption of encrypted text with the original plain text encrypted twice with two different keys shown below in figure 3.12. T= tat) tate FP) Bata) sogoatrsin | Geogr of tomorun citer aa Final Ger ey “et (®) r ey) o Ky % Figure 3.12: Double DES. Man in the the drawback of double DES. ‘TRIPLE DES: 1. Toimprove the security of DES at higher level Triple DES was proposed. ‘This uses three stages on DES for encryption and Decryption. 3. thas two versions: 1) Triple DES with Two Keys: > Inthis two keys are used. > In first and third stage Key K1 is used while in second stage Key K2 is used. > First the plain text is encrypted with key K1 then the output of stage 1 is decrypted with key K2 and final output second step is encrypted again with key K1. > Figure 3.13 shows the encryption & decryption using triple DES with 2 keys. ese % em K, e—fe Hf ee ee Figure 3.13: Triple DES with 2 Keys. in) i i > Inthis three keys are used. > Infirst stage Key K1 is used while in second stage Key K2 is used and in third stage key K3 First the plain text is encrypted with key K1 then the output of stage 1 is decrypted with key K2 and final output second step is encrypted again with key K3. > Figure 3.14 shows the encryption & decryption using triple DES with 3 keys. Page 28 of 104 ;Paulo Key Cryptography Somester~7 Topper’ Soltions CHAPTER - 4: PUBLIC KEY CRYPTOGRAPHY Qu] Elaborate the steps of key generation using RSA Algorithm. Ans: [5M May16] RSA: 1. RSAtsa publickey encryption algorithm. 2, RSAis derived from its inventors Rivest, Shamir and Adleman in 1978, 3. RSAworks on the principle that says it is too difficult to find the factors of large prime numbers. 4, Itinvolves multiplying two large prime numbers. 5. It is used for both public key encryption and digital signature. 6 RSAuses modular exponentiation for encrypting and decrypting the message. ALGORITHME: 1. Choose two different large random prime numbers say “p" and “q’. 2. Caleulate n = p xq, Since “n” is the modulus for the public key and the private keys 3. Calculate the totient: 6 (n) = (p- 1)(q-1) 4, Choose an integer “e” such that 1 < e < @ (n) and “e” is co-prime to @ (n) ie. “e” and 9 (n) share no factors other than 1, 5. Find out decryption key “d” such that e * d= 1 mod (p - 1) (a- 1). 6 Encrypt the message “m” using encryption key e, ¢= m¢mod n. 7. Decryptthe message “m” using decryption key d, m= cod n. In above algorithm, e and n are public whereas d is kept public. Q2] Briefly define idea behind RSA and also explain 1) What is the one way function in this system? 2) What is the trap door in this? 3) Give Public key and Private Key. 4) Describe security in this system. Ans: [10M — May17] RSA: Refer Q1. What is the one way function in this system? > Aone-way function is a funetion that is “easy” to compute and “difficult” to reverse. Page 30 of 04Public Key Cryptography Semester ~ 7 Topper's Solutions > There are two one-way functions involved in the security of RSA. = Encryption Function. = Multiplication of Two Primes, What is the trap door in this? > trapdoor function is a function that is easy to perform one way, but has a secret that is required to perform the inverse calculation efficiently. > Trapdoor in RSAis the private key. Give Public key and Private Key > Refer RSA Algorithm from QU. Describe security in this system. > There are two one-way functions involved in the security of RSA. 1. Encryption Function: > The encryption function is a trapdoor one-way function, whose trapdoor is the private key. > The difficulty of reversing this function without the trapdoor knowledge is believed (but not known) to be as difficult as factoring. 2. Multiplication of Two Primes: > Thedifficulty of determining an RSA private key from an RSA public key is known to be equivalent to factoring n. > Anattacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless they can factor n. > Because multiplication of two primes is believed to be a one-way function, determining an RSA private key from an RSA public key is believed to be very difficult. Qg] Iman RSA system the public key (e, n) of user A is defined as (7, 119). Calculate ®, and private key d. what is the cipher text when you encrypt message mz=10, using the public key? Ans: [10M — Dect] RSA: Refer Ql. EXAMPLE: Given: Public Key (e, n) = (7, 119) To Calculate: 6 (1) and private keyPublic Key Cryptography Semester - 7 Solution: =X q ensunnaWhere p & q are two prime numbers sp=i7andq=7 Now@(n) = (p-1)x(q-1) =(17-x(7-1) =16x6 =96 20 (n) =96 14+kd (m) e 14496) 7 85/7 5 Now Private Key’‘d” Then As given m= 10 Using formula for encryption key e: + Cipher Text (c) =73 5 & Cipher Text (¢) = 73 | Topper’s Solutions Q4] Aand B wish to use RSA to communicate securely. A chooses public key (e, n) as (7, 247) and B chooses public key (e, n) as (5, 221). Calculate their private keys. What will be the cipher text sent by A to B if A wishes to send message m = securely to B? Ans: RSA: Refer Q1. EXAMPLE: Given: ‘A: Public Key (e, n) = (7, 247) B: Public Key (e, n) = (5, 221) To Calculate: @ (in) and private key ‘a’. [10M ~ May16] Page 32.0f 0hPublic Key Cryptography Semester ~7 Topper's Solutions Solution: n=247 Since = p Xq -n.mWwhere p & q are two prime numbers #p=13andq=19 Now@(n) = (p-1)x(a-1) = (43-1)x (49-1) = 12x18 =216 +9 () = 216 Lrko(n) Now Private Key d 24K 16) Whenk=1, PrivateKeyd =222@19 =217/7 = 31 ... (which is an integer) -d=31 ‘Thus, private key of A is (d.n) = (31,247) 224 Since n = pxq.. here p & qare two prime numbers sp=13andq=17 NowS(n) = (-1)x(q-1) = (13-1)x(17-1) =12x16 =192 (s) =192 NowPrivateKeyd =2**#@) gu Page 33 of 04Publie Key Cryptography Semester ~7 Topper's Solutions 4 (292) sm When k=1, Private Key d ene =193/5 8.6 ... (which is not an integer) Whenk=2, Private Key d= 242.0% = 385/5 = 77 «(which is an integer) 2d=77 vate ke 223 Now, A wishes to send message m = 5 to B. will encrypt the message using public key of B (e, n) = (5,221) P= Plaintext=5 C= Ciphertext =? © =Pemodn = (5)5mod 221 =31 ‘Thus. cipher text.= 311 for plain text=5- Qs] Explain how a key is shared between two parties using Diffie-Hellman by exchange algorithm. What is the drawback of this algorithm? Ans: [1oM — Decis] DIFFIE-HELLMAN ALGORITHM: 1. Diffie-Hellman algorithm was developed by Whitfield Diffie & Martin Hellman in 1976. It is used to solve the key distribution problem of symmetric key encryption. 3. Diffie Hellman isa public key cryptosystem. Itdoes not encrypt the message. Ic isa special method of exchanging keys. This algorithm generates a secret key to be used for encrypting a message, > aae Once a key is decided, both the sender and receiver can encrypt and decrypt the message using same key. Page 34 of 104Topper's Solutions Public Key Cryptography Semester~7 ALGORITHME: Consider A and Bare two users. > Aand Bwill take two large prime numbers “n” & "g". > — Awill choose any large random number say “x”. x > Awill then compute m = grmod.n. 4 > Similarly B will choose any independent large random nuraber say > Itthe compute s = grmod n. > — Awill send “m” to Band b-vill send ‘s" to A. > Keyfor A: Ky=stmodn fen Sees Se > KeyforB:Ke=mymodn ea ont ode > Both the key Ki and Kz are equal ie. K= Ki = Ke e ad EXAMPLE: a B A choose x=3 B choose y= 6 Mz grmod_n, S=g/mod n. =7modn =76mod a 43 mod 11 = 117649 mod 11 M=2 s=4 Asends M=2toB B send S=4toA Ky=stmodn Ko=mymodn =4mod 11 [S =26mod 11 = 64 mod 11 Keo DRAWBACKS: > Diffie-Hellman key exchange is vulnerable to a man in the middle attack. S asecret key. y e Expensive exponential operations are involved. This algorithm is also a lack of authentication. Diffie-Hellman Algorithm cannot be used to encrypt messages, it can only be used to establishing, Page 35 of 104Publie Key Cryptography Semester ~7 Topper's Solutions Q6] Explain Diffie-Hellman Key exchange algorithm with suitable example. Also explain the problem of MIM attack in it Ans: [10M — May17] DIFFIE-HELLMAN KEY EXCHANGE ALGORITHM: Refer Q5. PROBLEM OF MIM ATTACK IN DIFFIE-HELLMAN KEY EXCHANGE ALGORITHM: > MIM stands for Man in Middle Attack. > The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. > In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. > When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. > Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. > After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. > This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants, > Possible solutions include the use of digital signatures and other protocol variants. > Figure 4.1 shows the MIM attack in Diffie Hellman Algorithm. Ace carol Bob choose a choose choose © & compute (e fe compute (29 ‘Compute (g*)* epee ley Secret Key = Secret Kay = Figure 4.1: Man in Middle Attack in Diffie Hellman Algorithm. Page 36 of 10%Public Key Cryptography Semester -7 Topper's Solutions Q8] What are the various ways in which public key distribution is implemented. Explain the working of public key certificates clearly detailing the role of certificate authority. Ans: [10M - May17] PUBLIC KEY DISTRIBUTION: > In public key cryptography, only public key needs to be distributed, whereas private key is kept secret. ¥ Following are the ways in which public keys can be distributed: Q Public Announcement: One of the simplest approach to distribute public keys is to announce it publicly. v One can display his/her public key on his/her website or advertise it in local or national newspaper. e For example: When Rutuja wants to send a confidential message to Tanvi, she can obtain Tanvi’s public key either from her website or from newspaper and then encrypt the message using it. > Figure 4.2 describes the situation. PublieKey “a Publietey anya Tanvt Figure 4.2: Announcement of public key. Drawbacks: ‘The announced public key can be forged i.e. man-in-the-middle attack is possible. 1) Publicly Avi 7 > better security approach is to maintain a publicly available directory of public keys, which is updated dynamically. Si It is the responsibility of some trusted center or organization to maintain and distribute the directory. > The concept of directory is as follows: = The directory contains (name, public key) pair for each user. * Each user registers a public key with directory authority. + Auser can also modify the public key as and when needed. * The directory can also be accessed electronically by the users. > Figure 4.3 shows maintenance of public key directory. Page 38 of 104Public Key Cryptography Semester ~7 ‘Toppe's Solations unite ney Directory | trostedeoity twa Tom Figure 4.3: Maintenance of public Key directory. Drawback: Anadversary/intruder may obtain the private key of directory authority and impersonate any user. Thus, the messages are disclosed to intruder. Mm) Public Key Authority: A higher level of security for public key distribution can be achieved if tighter control on distribution of public keys is provided. > To prevent interception and modification of the response, public key announcements include a timestamp T which is signed by an authority. a For example: If Rutuja wants to know the public key of Tanvi, she sends a time stamped message to the public key authority containing (name, timestamp). > The authority then responds with a message which is encrypted by using its private key. S ‘The encrypted message contains following: «= Tanvi's public key. "Original request made by Rutuja. "The timestamp. > Now, to verify the timestamp, Rutuja decrypts the message using authority's public key. > After decryption, Rutuja gets Tanvi's public key. > The procedure is described in figure 4.4. sLRoqust as rested atty 2.€ (PR (PU; [I Requeet tM) Figure 4.4: Distribution of public key through authority. Drawback: E > Public keys maintained by authority are vulnerable to modification, > Public key authority gets overloaded if the number of requests is large. Page 39 of 104Pull Key Cryptography Somester-7 Topper’ Soltions IV) Public key Certificates: > The alternative to previous approach is to create public key certificates. > Using the public key certificates, users can exchange the keys without contacting a public key authority. ‘The certificates consists of: * Apublickey. * An identification of key owner. This certificate is signed by a certificate authority such as a government agency, a financial Institution or a state organization. v Consider for example: Rutuja wants to distribute her public key in a secure manner. She can present her public key to certificate authority (CA), obtain a certificate and then publish the certificate. a Now, one who wants the public key of Rutuja, can obtain the certificate and also verify that the certificate has originated from CA. (1. the certificate is valid and original). ee One can also transmit a certificate to convey the key to those who requested it. Figure 4.5 shows distribution of public key using certificates. Certificate Authority (cA) Cq=E (PRox [1D |] PUnl) (Rey [IDs || PUD Figure 4.5: Distribution of public key using certificates. Where, PUs = Public key of Rutuja. Public key of Tanvi. Cu = Certificate issued for Rutuja Cr= Certificate issued for Tanvi. Page 40 of 104Cryptographic Hash Functions Semester ~7 Topper's Solutions CHAPTER - 5: CRYPTOGRAPHIC HASH FUNCTIONS Qt] Whatis a digital signature? Explain any digital signature algorithm in detail. Ans: [10M - May16 & 5M - Dee16] DIGITAL SIGNATURE: 1. _ Digital Signature is a type of electronic signature. 2. It encrypts documents with digital codes that are porticularly difficult to duplicate, 3. A digital signature takes the concept of traditional paper-based signing and turns it into an electronic “fingerprint.” 4, This “fingerprint,” or coded message, is unique to both the document and the signer and binds them together. 5. Itisused to validate the authenticity and integrity of a message, software or digital document. 6. Digital signature technique is based on public key cryptography with a difference. 7. Inpublic key cryptography a pair of keys are used, one public key and one private key. & The public key is often used for message encryption, and the private key is often used for decrypting the message. However in case of digital signature, message is encrypted with the private key and decrypted with the public key. 10. Only a specific person with the corresponding private key can encrypt the message or in other words sign the message. 11. However any party who has the signatory’s public key can encrypt the message, in other words can verify the message. 12. Figure 5.1 shows the processes of Digital Signature. create Digital Signature Bobs Private Key on lee Send Over Internet Verity Digital Signature S Riser Bobs Public Key Message Figure 5.1: Digital Signature Process. Page 44 of 104,Cryptographic Hash Functions Semester -7 Topper's Solutions DSA: Key Generatioi > v v vy S > DSA Stands for Digital Signature Algorithm. DSAis ai Itis used .d States Federal Government standard for digital signatures. Digital Signature Standard (DSS). The first part of the DSA algorithm is the public key and private key generation. ‘The second part of the DSA algorithm is the signature generation and signature verification. Choose a prime number q, which is called the prime divisor. Choose another primer number p, such that p -1 mod q = 0. Where p is called the prime modulus. Choose an integer g, such that 1 Hie] A GA -m-----> Ze Figure 5.2: Signature Generation. To generate a message signature, the sender can follow these steps: vyvy y Let ‘h’ be the hashing function & ‘m’ the message. Generate a random number k, such that 0 oror tors00 Hatot Figure 5.3: Signature Verificativ.. To verify a message signature, the receiver of the message and the digital signature can follow these steps: > Let ‘h’ be the hashing function & ‘m’ the message. > Reject the signature if 0 — Calculate w= s** mod q. x Compute wi =h (m) * wmod q. v Compute u2 =r * w mod q. > Compute v= (((@")*(y*)) mod p) mod q. Ifv == r, the digital signature is valid. v Q2] Why are Digital Signatures & Digital certificates required? What is the significance of Dual Signature? Ans: [10M - May17] DIGITAL SIGNATURE: Refer Digital Signature part from Ql. Why Digital Signatures are required: > Toprovide Authenticity, Integrity and Non-repudiation to electronic documents. > Touse the Internet as the safe and secure medium for e-Commerce and e- Governance. DIGITAL CERTIFICATES: 1. Digital Certificate (DC) is a digital file. 2. Itcertifies the identity of an individual or institution, or even a router seeking access to computer ~ based information. 3. It is issued bya Certification Authority (CA). 4. A digital certificate is an electronic "passport that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI) Page 48 of 104Cryptographic Hash Fumetions Semester -7 Toppper's Solutions 5. _Adigital certificate may also be referred to as a public key certificate. Why Digital Certificates are required: Digital Certificates can be used to identify a person or a device. Once identification is established, the Certificate is most frequently used to prove one person's, or device's identity to another person or device. Because of the RSA system, they both know each other, ‘The Digital Certificate can now be used for signing and/or encrypting email or for providing two- factor strong authentication. SIGNIFICANCE OF DUAL SIGNATURE: 1, Dual signature is a significant modernization of SET protocol. 2. The function of the dual signature is to guarantee the authenticity and integrity of data. 3. The purpose of the dual signature is to link two messages that are intended for two different recipients. 4. In this case, the customer wants to send the order information (01) to the merchant and the payment information (PI) to the bank 5. The merchant does not need to know the customer's credit-card number, and the bank does not need to know the details of the customer's order. 6 The customer is afforded extra protection in terms of privacy by keeping these two items separate, However, the two items must be linked in a way that can be used to resolve disputes if necessary. 8 The linkis needed so that the customer can prove that this payment is intended for this order and not for some other goods or service. To see the need for the link, suppose that the customers send the merchant two messages: a signed Ol and a signed PI, and the merchant passes the PI on to the bank. 10. Ifthe merchant can capture another OI from this customer, the merchant could claim that this OI ‘goes with the PI rather than the original Ol. 11. The linkage prevents this. 12, Figure 5.¢ shows the use of a dual signature to meet the requirement of the preceding paragraph. Pu [eae oop Figure 5.4: Page 44 of ot se of a dual signature.Cryptographic Hash Functions Semester ~ 7 Topper's Solutions Where, > Pl-= Payment Information. > OIMD = OI Message Digest > — 01=Order Information. > POMD = Payment Order Message Digest >» H=Hash Function. > B= Encryption (RSA) > || =Concatenation > KRe= Customer's private signature key > PIMD = PI Message Digest Qs] SHA4 Ans: [5M — May17] SHAcI: SHA stands for Secure Hash Algorithm. 2. Incryptography, SHA-1 isa cryptographic hash function proposed by NIST. 3. There are three SHA algorithm named as SHA-O, SHA-1 and SHA-2. 4, SHA-1 is most widely used SHA hash function, 5. The input to SHA-1 is message of length 264 bits and its produces a 160 bits output. 6. __Itis similar to MDS with following differences: a. Itis more secure b._Itis little slower to execute than MDS. c. SHA-1 makes 5 passes whereas MDS makes four passes. SHA-1 pads the message in similar way as MDS. Similar to MDS, SHA-1 also operates in stages. ‘The message is padded so that its length is congruent to 448, module 512. Message + Padding bits + 64 should be a multiple of 512 bits. Example: If message is 400 + 64 = 464 Hence padding = $12 - 464 = 48 padding bi original message ++ Padding . Original Message | Padding Page 45 of 4Cryptographic Hash Functions Semester -7 Topper's Solutions Ste nd Length > 64 bit length is appended. The resultant message has a length that is an exact multiple of 512 bits. 400 “ o orgiaecnes [Petting fo mfie —[ net Original tiers | Padding | Legh ata oe tant Step - 3: Divide the input in it bl Datatabe hashed Bloeea lock? Block sme [lose size Gaabe Gab sabe a2Bit[ A | HEX | 01 | 23 | 45 | 67 32Bit{ B | HEX @ | =F 32Bit{C | HEX BA | 98 32pit| D | HEX 32 | 10 32pit{E | HEX | c3 | D2 | El | FO Ste) bloe 5.1: Copy chaining variable to five corresponding variables a, b, ¢, d and e. ae ae ale ee el dee S72 lp [ise] = ele [eau jivide current $12 bit block into 16 sub blocks. Block 1 (512 bit) Sub block 1 | Sub block2 ‘Sub block N szbit s2bit, a2bit Page. 46 of 104Cryptographic Hash Functions Semester - 7 5.3: We have four rounds In each round consist of: a) All 16 sub-block. b) Variables a, b,c, dande. ©) Some constant. Topper's Solutions n 16 Sub Blocks Other Constants One Round int [J i= 0t015 afope tale] epgoneito Process round In each round process p zi (b* V(b" d) 2 : b@eced | 3 Graver av(e*a | 4 bOcod | Page 47 of 04Cryptographic Hash Functions Semester ~7 Q4] Differentiate between MD-5 and SHA. Ans: Topper's Solutions [5M — Deets & Dec16] ‘Table 5.1 shows the Comparison between MD-5 & SHA Algorithm. ‘Table 5.1: Comparison of MD-5 & SHA. Points MD-5 SHA Message Digest Length | 128 Bits. 160 Security Less Secure than SHA. Considered more secure than MD-5. Speed Faster, only 64 Iterations. Slower than MD-5, Required 80 Iterations. Format Little endian format used to | Big endian format used to store values. store values. Buffers Used 4 buffers of 32 bits each. 5 buffers of 32 bits each. Attack required to find out original message 2329 bit operations required to break. | 286 bit operations required to break. | | attack, Collision Collision attack exist Collision ratio is less than MD-5 Pass Itrequires 4 passes. Itrequires 5 passes. Rounds 64 Rounds. 20 Rounds. Cryptanalytic Attack Vulnerable to cryptanalysis | Non-Vulnerable to cryptanalysis attack. Page 48 of tonCryptographic Hash Functions Semester ~7 Topper's Solutions 251 Compare and contrast: KDC versus CA. Ans: [5M —Dec16] ‘Table 5.2 shows the Comparison between KDC versus CA. ‘Table 5.2: Comparison between KDC versus CA. KDC & cA KDC Stands for Key Distribution Center. CA Stands for Certificate Authority. It is symmetric key solution against active attacks. It is asymmetric key solution against active attacks. Itis less secure, Itis more secure, Ithas single point failure. No single point failure. KDChas to be online. CA does not have to be online. KDC can scale up to hundreds. CAhas better scalability. Everyone who register with KDC shares a secret key. Everyone who register with CA ob for its public key. s certificate It is more expensive, Itis less expensive. It is performance sensitive. Itis not performance sensitive. Preferred for LANs. Preferred for WANs. Page 49 of t04Authentication Appleations Semester ~7 ‘Topper's Solutions CHAPTER - 6: AUTHENTICATION APPLICATIONS Qu] Give the format of X.509 digital certificate and explain the use of a digital signature in it. Ans: [5M — Decs5] X.509: 1, X09 isan important standard for a Public Key Infrastructure (PKI). 2. Its used to manage Digital Certificates & Public Key Encryption. 3. X.509 are the building blocks a PKI system that defines the standard formats for certificates and their use, 4, Figure 6.1 shows the format of X.509 Digital Certificate. (CA - Certificate Authority) Version Serial Number ee Issuer (CA) X00 Neme + cas entity Vality Period <— Lifetime of This Cart Subject X00 Name <— User's dentty ‘Subject Public Hate e «Users Public Key (Bound to Key Info Ee em User's Subject Narre) Issuer Unigue 1D Subjeet Urique (D ean |< Ober User Info; fr Example, subAlName, CDP Figure 6.1: Format of X.509 Digital Certificate. USE OF DIGITAL SIGNATURE: > Digital Signature in X.509 Digital Certificate can be used to access secured zones of websites. ¥ Itis used for verification & validation purpose. > Itensures confidentiality of certificate. eS It can also be used to verify validity period & Unique ID. Page 50 of 104Authentication Applications Semester ~7 Topper's Solutions Qe] Email Seeurity. Ans: [5M - May16] ‘EMAIL. SECURITY: 1. E-Mail Stands for Electronic Mail. 2. Electronic mail is most widely used application on the internet to send and receive messages to other users. Due to this the security of email messages has become an extremely important issue. 4, The Simple Mail Transfer Protocol (SMTP) is used for email communi The three main email security protocols used are as follows: Figure 6.2: Email Security. 1) _ Privacy Enhanced Mail (PEM): > Privacy Enhanced Mail is an Internet Standard for Protecting Email. > — Itwas adopted by Internet Architecture Board (IAB). vvy vyvvy v PEM supports the three main functions of encryption, non-repudiation and message integrity. In PEM, Message is DES Encrypted. Authentication is provided using MD-5. Pretty Good Privacy (PGP): Pretty Good Privacy (PGP) is widely used Email cryptosystem. PGP provides authentication through the use of Digital Signature. It provides confidentiality through the use of symmetric block encryption. It provides compression using Zip Algorithm. ‘The most significant aspects of PGP are that it supports the basic requirements of cryptography which Is quite simple to use and is free along with its source code and documentation. Page 5t of 0%Authentication Applications Semester ~7 Topper's Solutions IM) Secure Multipurpose Internet Mail Extensions (S/MIME): > — MIME system extends the basic email system by permitting users to send binary files using the basic email system. > S/MIME is a security enhancement to the MIME Internet Email format Standard. S/MIME is similar to PGP which provides digital signatures and encryption of email messages. Q3] Explain the working of Kerberos. Ans: [10M - Mays6] KERBEROS: 1, _ In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Hades. 2. Whereas In security, Kerberos is a network authentication protocol. 3. __Itis designed to provide strong authentication for Client/Server Applications by using Secret-Key (Symmetric Key) Cryptography. Kerberos originated at MIT (Massachusetts Institute of Technology) which was designed for smaller scale use, 5. Kerberos is used for authentication and to establish a session key that can be used for confidentiality and integrity. WORKING OF KERBEROS: > Any symmetric cipher can be used with Kerberos however the crypto algorithm widely used is the Data Encryption Standard (DES). ‘There are four parties involved in the Kerberos protocol: User: The one who uses the client workstation. Server: The server provides services for the user. Authentication Service (AS): + Itis part of Key Distribution Center in the Kerberos protocol. © Each user registers with the AS and i granted a user identity and a password. * The AS verifies the user, issues a session key to be used between User and TGS and sends a ticket toTGS. ‘Ticket Granting Service (TGS); Issues a ticket for the Server. It provides the session key (KAB) between User and Server. Page 52 of 104Authentication Applications Topper’ Soatons Semester ~7 ca? a yo use | f Server £ , 1: User Request Ticket for 765. 12 User ~ TGS Session Key & Ticket for TGS. 2 Requestor ree i I Uses Server Sesion oy @ Tat for Server Anthentiation ‘Ticker Granting 5: Request Access. ‘Servica (AS) ‘Service (765) 6: Request Grant (Cm ‘Key Distribution Genter (KDO) Figure 6.3: Working of Kerberos. Figure 6.3 shows the working of Kerberos. The Three steps involved in Kerberos protocol are: Figure 6.4 shows the Confidentiality & Authentication in Emails using PGP. First, a signature is generated for the plaintext message and prepended to the message. ‘Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES). Session key is then encrypted using RSA. In summary, when both services are used, the sender first signs the message with its own private key. Page 54 of 0hAuthentication Applications Semester ~7 Topper's Solutions > Then the sender encrypts the message with a session key, and finally encrypts the session key with the reciptent’s public key. Poy Ph, Public Key Publle Key Encryption HPU» Kl peeryption cs Le. ton 5 ‘a us BN TP algriean symmetric a Encryption Pu, Pablle Key Decryption == Sesson Key used in Symmetric Encryption Scheme Ph = Private Key ofuser A PR, = Private ey oftserB PUz= Public Key of Use A PU, Public Key of ser B PR, HIE : Authentication & Confidentiality in PGP. Q6] Explain key rings in PGP Ans: [5M — May17] PGP: 1. PGP Stands for Pretty Good Privacy. 2. Itis an open-source, freely available software package for e-mail security. 3. __Itprovides Authentication through the use of digital signature and confidentiality through the use of symmetric block encryption. 4. Italso provides Compression using the ZIP algorithm. KEY RINGS IN PGP: 1. PGP uses key rings to identify the key pairs that a user owns or trusts. 2. Private-key ring contains public/private key pairs of keys he owns. 3. Public-key ring contains public keys of others he trusts. 4. Each PGP user has a pair of key rings: Public key ring and private key ring, Page 55 of 104Authentication Applications Semester ~7 Topper's Solutions 1 Public-key ring: > PGPallows multiple public/private key pairs for each user. > _Itstores other’s public keys known at this node. Public keys can be obtained in various ways. ‘Timestamp |) KeyIDY | | Public | Owner | User | Key | Signature(s) | Signature Key Trust ID* | Legitimacy ‘Trust(s) Tr KU;mod2* | KU; | Trust flag | User: ‘Trust_flag i Owner trust: Trust value for the key owner; assigned by the user when the user enters a new public key. ‘Signatures: Signatures attached to the key. ‘Signature trusts: Trust value for the owner of this signature attached to the key; “unknown’ value is assigned if the owner is not known Key legitimacy: The extent to which PGP will trust the key. I) Private-key ring: Itstores the public/private key pairs owned by that node. Private keys are encrypted using a key based on the user's passphrase (SHA hash code of the passphrase) Timestamp ‘Key ID* Public Key, Encrypted Private Key ‘User ID* I I E i | 5 g 5 Ti KU; mod 2 KU, "Eucry [KR User: 5 a : Z | fe | Page 56 of 104 WeAuthentication Applications Semester ~ 7 Topper's Solutions Q7] S/MIME Ans: [5M - May17] ‘S/MIME: 1. S/MIME Stands for Secure/Multipurpose Internet Mail Extensions. 2 It is a standard for public key encryption and signing of MIME data. 3. Itwas originally developed by RSA Data Security Inc. 4. S/MIME enables email security features by providing encryption, authentication, message integrity and other reiated services. 5 It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages. 6. To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA). KR A digital signature is used to validate a sender's identity, whereas a public key provides encryption and decryption services. A very secure way of e-mail encryption is the S/MIME protocol. X.509 certificates are used by S/MIME and can be created by the administrator or PKI trust center. 10. ‘The user doesn’t need to have any technical knowledge to use S/MIME. 11. Figure 6.5 shows S/MIME Encryption Process. Pare »@-@-e ‘Sender Internet i Figure 6.5: S/MIME Eneryption Process. Page 57 of 04Security & Firewalls Semester ~7 Topper's Solutions CHAPTER - 7: SECURITY & FIREWALLS Qa] What is a firewall? What are the firewall design principle? Ans: I5M- May16] FIREWALL: 1. Firewall is the device or set of devices located at the network gateway server. 2. Itcan be hardware, software or combination of both. 3. Itprotects private networks from outside networks. 4, Itis a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. 5. The rules are nothing but the firewall security policy. 6. This policies specifies which traffic is authorized to pass in each direction. 7. Firewall examines each packet to determine whether to permit or deny network transmission. 8. The purpose of firewall is to filter traffic and keep malicious or unsafe information outside of a protected network. 9, Firewall is likea secretary of network. 10. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet or Wide Area Network that is assumed not to be secure or trusted as shown in figure 7.1. <<) ay Ei Figure 7.1: Firewall. FIREWALL CHARACTERISTICS: 1) Service control: Specifies what type of services can be accessed, depending on set of rules. 11) Direction control: Specifies the direction of initialization and flow of particular service. I) User control: Specifies which particular user is allowed to access a service. 1V) Behavior control: Specifies behavior of the service. FIREWALL DESIGN PRINCIPLE: > Alltraffic from inside to outside and vice versa must pass through the firewall > — Onlyauthorized traffic as defined by the local security policy will be allowed to pass. % To Establish a Secure Control Link. > — Toprotect the premises network from Internet based attacks, Page 58 of 104Security & Firewalls Semester ~7 Topper's Solutions Qe] What are firewalls? Explain the different types of firewalls and mention the layer in which they operate. Qg]_ What are the types of firewalls? How are firewalls different from IDS? Ans: [Q2 | 10M — Dec16] & [Q3 | 10M - May17] FIREWALL: Refer Q1. ‘TYPES OF FIREWALLS: D Firewal > Apacket filtering firewall is also called as screening router firewall. > Itissimplest and most effective type of firewall > Itfilters the packet based on following information: = Source and destination IP address. = Source and destination Port address. IP Protocol field. > Packet filtering firewall examines packets up to the network layer and can only filter packet ‘based on the information that is available at the network layer > Apacket filter receives packets and passes them through a set of rules, if they match the rules then accept or reject. omngoing Packets 1. Receive Packet 2. Apply Rules 3. Accept or Roject Internal Network Internet Loe alter Figure 7.2: Packet Filtering Firewall. Advantages: > Efficiency. > Simplicity, fast speed of packet processing. > Low cost, > Low impact on network performance. Disadvantages: > They can be complex to configure. > Have limited logging capabilities. Application: In the area as a first line defense and in SOHO networks. Page 59 of 0%Security & Firewall Semester ~7 Topjper’s Solutions 1) ful Inspection Firewall: > Unlike packet filtering firewall, Stateful firewall keeps track of state of a connection which may be initiation, data transfer or termination. > A drawback of packet filters is that they are stateless and they have no memory of previous packets which makes them vulnerable to spoofing attacks. > Attacker may modify the attack by splitting it into multiple packets, which goes undetected in packet filter. > Stateful inspection firewall examines a group of packets at the same time. > — Stateful firewall operates at network, transport & session layer of OSI Model. ‘toot ars | ‘Server address staf Packet rer 1. 1? | romizzicasor |—> | +] romssatcesas | “tess "re t721688 ee Te | semimscss |—|—] memiracss | — ‘392168301 morta ieei0a io UDP Sent 1 Nermoceann fo] promiaasss | — Uo Rete ‘risa 160104 Figure 7.3: Stateful Inspection Firewall. Advantages: > Prevent more kinds of DoS attack than packet filter. > Have more robust logging. Disadvantages: > Slower than packet filtering firewall. } _ Itdoes not prevent application layer attacks. Mi) Application Proxies Firewall: > Aproxy means acting on your behalf of something. > Anapplication proxy firewall processes incoming packets all the way up to the application layer. > This firewall contains a proxy agent that acts as an intermediary between two hosts that want to communicate with each other. > Application proxies never allow a direct connection between the two hosts and it is transparent tothem. > Each proxy agent authenticates each individual network user; with the authentication having several forms such as, user ID and password, biometrics, token matching ete. ie Page 60 of 104Security & Firewalls Semester ~7 Topper's Solutions > Italso verifies the data inside the packet. > Itwork on the application laver of the OSI Model. Source Address Source Address 178.28.10.80 178.28.10.60 reracket sae Packet Inside Host eo Outside Host application Gateway I Address: 178.28.10.60 Figure 7.4: Application Proxy Firewall. es: > Ithas complete view of connections and application data. > Itprovides detailed logging, Disadvantages: > Requires special client software. } Process intensive. They requires lot of CPU cycles and memory to process every packet that they see, Iv) _ Personal Firewall: > _Itis software application used to protect a single internet connected computer from intruders. > Personal firewall protection is useful for users with ‘always-on’ connections such as DSL or cable modem, > These users are students, home users, individual workers, small businessmen ete. > Using separate firewall system would be expensive. To tackle this problem personal firewall are used. Itisan application program which runs on a workstation to block unwanted traffic from network. > Personal firewall can be used with antivirus software to become more effective and efficient. > Example: Norton Personal firewall from Symantec, McAfee personal firewall etc. HOW ARE FIREWALLS DIFFERENT FROM IDS? Refer Q4. Page 61 of 104Security & Firewall Semester ~7 Topjoer's Solutions Q4] Differentiate between Firewall and IDS. Ans: [5M - Deets] ‘Table 7.1: Comparison between Firewall & IDS, Firewall IDs | Firewall is device or set of devices located at the | network gateway server. | IDS is a software or hardware device installed on the network or host. Firewall is used to protect private networks from outside networks. IDSis used to detect and report intrusion attempts | to the network. | Firewall can block connection. IDS cannot block connection. 1 It does not gives early warning of an intrusion. It gives early warning of an intrusion. Firewall is more likely to be attacked then IDS, IDS is less likely to be attacked then Firewall. Itis not aware of traffic in the internal network tis aware of traffic In the internal network. ‘Types: 1. Packet Filtering Firewall. Stateful-inspection Firewall. a 3. Network Address Translation Firewall 4. Application Based Firewall 5, Hybrid Firewalls. Types: 1, Network IDS. 2, Host IDS. 3. Protocol Based IDS. 4, Anomaly Based IDS. 5. Misuse Based IDS. 6 Hybrid IDs. ‘Strength: It provides Protection from vulnerable services. Strength: It can detect password cracking & denial of services. Limitation: Firewall cannot give protection | against all attack that does not pass through firewall Limitation: IDS Detect attack only after they have entered the network, and do nothing to stop attacks. Diagram: Refer Figure 7.1 Diagram: Refer Figure 75 Qs Explain the significance of an instruction Detection System for securing a ¢ network. Compare signature based and anomaly based IDS. [10M - May16] Ans: ws: 1. IDS stand for Intrusion Detection System. 2, Itis the device which gives early warning of an intrusion. 3. So that the defensive action can be taken to prevent or minimize damage. 4 IDS detect unusual pattern of activity, which may be malicious or suspicious. Page 62 of104Seourty & Firewalls Semester ~7 Toppier's Solutions | — gl — —ex>— = | o wos Router oH re CHARACTERISTICS: 1 Itmust run continuously without human supervision. Itshould not be in a black box. 3. Iemustresistsubversion._ 4, Itmust be fault tolerant. IDS SIGNIFICANCE: 1. IDS is used for Monitoring and analyzing both user and system activities. Fs Ithelps in assessing system and file integrity. 3. IDS detect attack which may harm the system by continuously monitoring it. 4 It provides cross platform protection. 5. Itis used to track user policy violations. 6. IDS perform Analysis of abnormal activity patterns in order to secure a network, COMPARISON BETWEEN SIGNATURE BASED AND ANOMALY BASED IDS: ‘Table 7.2: Comparison between signature based and anomaly based IDS. “ Signature Based IDS Anomaly Based [DS It is based on simple pattern matching. Itis based on behavior of user. It maintain database of signature. It does not maintain database of signature. It is less efficient as compared to Anomaly Based IDS. It is more efficient as compared to Signature Based IDS. tis able to detect known attacks. itis able to prevent new unknown attacks. signatures. : ‘Signature Based IDS monitors the packets on the | Anomaly Based IDS monitors the system activity network and compare them against a database of | and classifies them as either normal or anomalous based on heuristics rather than signature. Page 63 of tonSemester -7 Topper's Solutions generated. unknown attacks. if Signature are correctly | Strength: It has the potential to detect new or signature. difficulty in modelling the “norm” ‘Weakness: Requires prior knowledge about the | Weakness: Often resultsin false alarms due to the Q6] _ Viruses and their types. Af ‘What are the different types of viruses and worms? How do they propagate? Ans: [Q6 | 5M— Dec15] & [Q7 | 10M - Decs6] VIRUS: A computer virus is a type of malicious software program. 2. Itis a program or piece of code that is loaded onto the computer without user’s knowledge and runs against wishes of the user. 3. Viruses can also replicate themselves. 4, All computer viruses are man-made. 5. Viruses can automatically copied and pasted from memory to memory over & over. 6. __Itcan cause program to operate incorrectly or corrupt a computer's memory, 7. Virus can spread itself by infecting files on a network file system that is accessed by other computers. 8. For Example: A virus might attach itself toa program such as Excel. Now each time the Excel runs, the virus runs too. TYPES OF VIRUSES: ‘Types of Viruses One Tine BoctSectorVirus _Memary Resident Bac Views nal Virus Network's Execution Virus Virus Figure 7.6: Types of Viruses. 1) One Time Execution Virus: > This type of virus executes only once, > Inone execution, Virus spreads its copy in order to cause malicious effect. For example: spread itself. Page 64 of to virus that comes as an e-mail attachment. Once it is opened, it gets executed andSecurity & Firewalls Semester ~7 Toppers Solutions 11) Boot Sector Virus: > Thistype of virus infects the boot sector on floppy disks, hard disks and other bootable media like CDorDvD. > Example of Boot Sector Virus are Form & Stoned. II) — Memory Resident Virus: > This type of virus lodges in main memory as part ofa resident system program. > From that point on, the virus infects every program that executes. IV) Macro Virus > Macros are the blocks of the code written to automate frequently performed tasks and embedded ina program file. > Macro virus is platform independent. > Virtually all of the macro viruses infect Microsoft Word documents. > Examples of Macro virus are Relax, Babbles & Melissa. Vv) E-Mail Virus: > This type of virus is transferred through Email. > Generally this is a macro virus which multiplies by sending itself to other contacts, in hopes that they will activate the virus as well. VI) Network Virus: > This type of virus are uniquely created to quickly spread throughout the local area network and generally across the internet as well > Ittypical moves within shared resources like drivers and folders. WORMS: ‘A worm is a piece of malicious code that can spread from one computer to another without requiring a host file to infect: Worm isa program that replicates itself and makes use of a PC’s network connectivity to transfer a copy of itself to other computers within that network. Itis capable of doing this without any input from the user. Worms are distinct from viruses in that they donot require. host program to run, but like viruses, they almost always cause damage to the infected computer. Thus, they are self-propagating. Page 65 of 104Security & Firewall Semester ~ 7 Topjoer’s Solutions ‘TYPES OF WORMS: 1) Email Worms: > Anemail worms uses a PC's email client to spread itself. > Itwill either send a link within the email that, when clicked, will infect the computer, or it will send an attachment that, when opened, will start the infection. > Awell-known example of this type of worm is the "ILOVEYOU" worm, which infected millions of computers worldwide in 2000. 1) Internet Worms: > Internet worms are completely autonomous programs. > They use an infected machine to scan the Internet for other vulnerable machines. > Whena vulnerable machine is located, the worm will infect it and begin the process again. 1) File:sharing Networks Worms: > File-sharing worms take advantage of the fact that file-sharers do not know exactly what they are downloading. > The worm will copy itself into a shared folder with an unassuming name. > When another user on the network downloads files from the shared folder, they will unwittingly download the worm, which then coples itself and repeats the process. > In2004, a worm called *Phatbot” infected millions of computers in this way, and had the ability to steal personal information, including credit card details, and send spam on an unprecedented scale. IV) Instant Message and Chat Room Worms: > These work ina similar way to email worms. > The infected worm will use the contact list of the user's chat-room profile or instant-message program to send links to infected websites. } These are notas effective as email worms as the recipient needs to accept the message and click the link. > They tend to effect only the users of the particular program Page 66 of toxSecurity & Firewall Semester ~7 Topyper's Solutions Q8]_ With the help of examples explain non-malicious programming errors. ‘Ans: I5M—Decss] NON-MALICIOUS PROGRAMMING ERRORS: 1, Being Human, Programmers & Other Developers make many mistakes. 2, Most of mistakes made are unintentional & non malicious. 3, Many such errors will not lead to more serious vulnerabilities but few will put many security professionals in trouble. 4, Thereare three broad classes of non-malicious programming errors that have security effects and they are as follows. 1) Buffer Overflows: > Abufferisa space in which data can be held. > —— Abulfer resides in memory. > Because memory is finite, a buffer’s capacity is finite. > For this reason, in many programming languages the programmer must declare the buffer's ‘maximum size so that the complier can set aside that amount of space. > Example of Buffer Overflow in C Language: "Char Sample [5] = The complier sets aside 5 bytes to store this buffer, one byte for each of the 5 elements of the array, sample [0] through sample [4]. = Now we execute the statement: Sample [5] = = The subscript is out of bounds and results in buffer overflow because it does not fall between 0 and 4. 1) —_ Incomplete Mediation: > Incomplete Mediation means Incomplete Checking, > Incomplete Mediation is easy to exploit and attackers use it to cause security problems. > Inabove example, buffer overflow will occur if the length of the input is greater than the length of buffer, > Toprevent sucha buffer overflow, the program validates the input by checking the length of input before attempting to write it to buffer. > Failure to do so is an example of Incomplete Mediation. Example: Consider the following URL http://www -ToppersSolutions.com /indexasp?parm1=(555)8184567andparm2=2014Dec20 = Parm1 & Parm2 are the parameters for Telephone number and a Date respectively. Page 67 of tonSecurity & Firewall Semester ~7 Topper's Solutions "Its possible for the attacker to change this parameters in the URL as Parm2=1100Feb20. + The receiving program may give data type error, or it may execute and give wrong result. m1) — Time-of- ime-of-usi > The Time-of-check to Time-of-use (TOCTTOU) Errors is performed by “bait & switch” strategy. > Itisalso known as Race Condition Errors or serialization or synchronization flaw. > Time-of-check to Time-of-use errors exploits the time lag between the time we check and the time we use, > Non Computing Example: + Shopkeeper shows buyer real Rolex watch (bait) * After buyer pays, shopkeeper switches real Rolex watch to a forged one. > Computing Example: * Change ofa resource (e.g. Data) between time access checked and time access used. Qo] What are the various ways for memory and address protection. Qto] What are the various ways for memory and address protection in Operating systems? How is authentication achieved in 0.S? Ans: TQ9 | 5M—May16] & [Q10 | 10M ~ Dec16] MEMORY & ADDRESS PROTECTION: 1. _Itis away to control memory access rights on a computer. 2, Memory protection includes protection for the memory that the OS itself uses as well as the memory of user processes. 3. The main purpose of memory & address protection is to prevent a process from accessing memory that has not been allocated to it. 4, This prevents a bug or malware within a process from affecting other processes, or the operating system itself. METHODS: rence Base & Bounds Tsing Segmentation Paging Register 1 Fence: > Afence or fence address is simplest form of memory protection. > Itis designed for single user systems. Page 68 of 104Security & Firewalb Semester ~7 ‘Topper's Solutions > > 1 , m) v v) o A fence is a particular address that users and their processes cannot cross. Only the OS can operate on one side of the fence and users are restricted to the other side. Base and Bounds Registers: This type of protection can be used in multi- user environment where one users program needs to be protected from the other. Each user has a base register which is the lower address and a Bound register which is the upper address limit. The base and bounds register approach implicitly assumes that the user or process space is, contiguous in memory. ‘The OS must determine what protection to apply toa specific memory location. Tagging: Problem of Base & Bounds Register is that it can allow another module to access all or none of its, data. This problem is solved using Tagging. ‘Tagging specifies the protection for each individual address. In this method of protection every word of machine memory has one or more extra bits to identify the access rights to that word. Only privileged instructions can set these access bits. ‘Segmentation: This method divides the memory into logical units such as individual procedures or the data in one array. Once they are divided, appropriate access control can be enforced on each segment. A benefit of segmentation is that any segment can be placed in any memory location provided the location is large enough to hold it. Paging: Paging discards the disadvantage of segmentation. In paging all segments are ofa fixed size called as pages and the memory divided is known as page frames. ‘The advantages of paging over segmentation include no fragmentation & improved efficiency. ‘The disadvantages are that there is, in general, no logical unity to pages, which makes it more difficult to determine the proper access control to apply to a given page. Page 69 of 04Security & Firewalls Semester -7 Topper's Solutions How Authentication achieved in 0.S: 1. Authentication refers to identifying each user of the system. 2. It is the responsibility of the Operating System to create a protection system which ensures that a.user who is running a particular program is authentic, 3. Operating Systems generally authenticates users using following three ways: a, Username / Password: User need to enter a registered username and password with Operating system to login into the system. b. User card/Key: User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system. c. Userattribute - fingerprint/ eve retina pattern/ signature: User need to pass his/her attribute via designated input device used by operating system to login into the system Wn) eee authentication and non-repudiation and show with examples how each one can be achieved. Ans: [10M - Decs6] AUTHENTICATION: 1. Authentication refers to identifying each user of the system. 2. Authentication is process of identifying an individual, usually based ona username and password. 3. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. For example: If the sender claims herself as Snehal, the authentication would be to determine whether the sender is really Snehal or not. 5. Operating Systems generally authenticates users using following three ways: a. Username / Password: User need to enter a registered username and password with Operating system to login into the system. b. User_card/Key: User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system. c. Userattribute - fingerprint, eve retina pattern/ signature; User need to pass his/her attribute via designated input device used by operating system to login into the system. 6. Figure 7.7 shows basic authentication process. Page 70 of 104Security & Firewalls Semester ~7 Topper's Solutions @ Requests « priected resource Requests usemame:password: Sends username:password @ Returns requested resource Figure 7.7: Authentication Process. NON-REPUDIATION: 1, _Non-repudiation is the assurance that someone cannot deny something. 2. Non-repudiation does not allow the sender or receiver of a message to refuse the claim of not sending or receiving that message. In reference to security, non-repudiation means to ensure that a transferred message has been sent and received by the part s claiming to have sent and received the message. 4. Non-repudiation isa way to guarantee that the sender ofa message cannot later deny having sent. the message and that the recipient cannot deny having received the message. 5. Non-repudiation can be obtained through the use of: a. Digital signatures: Function as a unique identifier for an individual, much like a written signature. b. Confirmation services: The message transfer agentcan create digital receiptsto indicate that messages were sent and/or received. c. Timestamps: Timestamps contain the date and time a document was composed and proves that a document existed at a certain time. 6. Figure 7.8 shows non-repudiation process. Signed —oeh ee sin Signature vest CHenvs keystore, ua Gee Ee Sertificate private key, Figure 7.8: Non-repudiation Scenario. Page 71 of 04Security & Firewall Semester ~7 Topper's Soliions sewn Ee > o y — EXTRA QUESTION — Malware Malware stands for malicious software. It consists of programming with malicious intent to harm the system. Malware is nothing buta software that do malicious things without the victim's nowledge. ‘Malware can be subdivided into many categories as shown in figure 7.9 Backdoor spyware O06 nai ) Wome 7779 Mahare by extogonies Figure 7.9: Types of Malware. Logic Bomb: Itisa piece of code that detonates or sets off when specific condition is triggered. ‘The condition may be a day, date, time, a particular ‘ifloop’, time interval, or count. Virus: Itis a computer program which replicates itself and spreads from one computer to another. A virus can spread itself by infecting files on a network file system that is accessed by other computer. Example: An email virus attaches itself to an email that is send from one user to another. Worm: Itspreads itself through network to infect other computers. Itdoes not need outside assistance as required by virus. Example: Code red worm may be crash the operating system and other devices connected under the same network. ‘Trojan horse: Itis the malware that invites the user to run it, which may contain harmful or malicious payload. ‘The payload may lead to many undesirable effects. Example: An innocent looking game could do something malicious while the victim is playing. ‘Trapdoor: It is method of bypassing normal authentication procedure i.e. tallows unauthorized access to a system. Page 72 of 10%Security & Firewalls Semester~7 Toppers Solutions Vi) Rabbit: % Iisa malware which creates many instances of them in order to exhaust the system resources. Unlike worms, it does not spread over network, > Itcan exhaust system resources, VID) Spyware: Itis the type of malware that can be installed on computer and which collects information about users without their knowledge. Itmonitors user’s computing. Page 73 of to4Semester ~7 Topper's Solutions CHAPTER - 8: IP SECURITY Qu] What is a Denial of service attack? What are the different ways in which an attacker can mount a DOS attack on a system? Q2] Denial of service attacks. Q3] What are Denial of Service attacks? Explain any three types of DOS attacks in detail. Ans: [Q1 | 10M — Deets] & [Q2 | 5M - May16] & [Q3 | 10M - May17] DENIAL OF SERVICE: 1. Denial of Service (DoS) is also called as availability attack. 2. DoS makes a computer or its resources unavailable to its intended user. 3. In DoS, an attacker may prevent you from accessing email, website, online accounts or other services that rely on affected computer. 4. The basic purpose of a DoS attack is simply to flood a network or change in the configurations of routers on the network, 5. These attacks sometimes have a specific target. 6, Forexample: a. All message sent to specific recipient may be suppressed. b, An entire network may be disrupted either by disabling the network or by flooding it with messages. METHODS: ‘The different ways in which attackers can mount DoS attacks are: 1) SYNFlood Attack: > SYN Flood Attack uses TCP protocol suite, where a 3-way handshaking of network connec done with SYN and ACK message as shown in figure 8.1 SYN+ACK Destination Figure 8.1: SYN Flood Attack 3 Way Handshaking. Page 74 of t04IP Security Semester ~7 Topper's Solutions > vy y 1) vy y v v v To initiate TCP connection, the system that wishes to communicate, sends a SYN message to the target system. Ifthe target system is ready to communicate, it sends SYN + ACK message to source machine. ‘The source system then responds with an ACK message to complete the communication. In SYN flood attack, attacker denies service to the target by sending many SYN message and not + replying with ACK, This fills up the buffer space for SYN message on the target machine, which prevents other systems on the network from communicating with target system. svn ‘SYN + ACK Source Destination Figure 8.2: SYN Flood Attack. Ping of death: ‘The ping of death simply sends ping packets that are larger than 65,535 bytes to the victim. ‘This DoS attack is as follows: ping -1 86600 victim.org This attack saturates the victim's bandwidth, ifattacker is on let’s saying 100 MB connection and victim is on 10 MB connection. But the attack would not succeed if attacker is on 10 MB connection and victim is on 100 MB connection. ardrop At Teardrop Attack is conducted by targeting TCP/IP fragmentation reassembly code. This attack causes fragmentation packets to overlap one another on the host receipt. ‘The host attempt to reconstruct them during the process but fails. For example: you need to send 3000 bytes of data from one system to another. The data is divided and sent into smaller packets as given below: + Packet 1 carries bytes 1- 1000 Packet 2 carries bytes 1001 - 2000 + Packet 3 carries bytes 2001 - 3000 Teardrop attack overlaps the bytes with each other. Bytes 1 - 1500, bytes 1000 - 2000 and bytes 1500 - 2500 =p Page 75 of 10490 Seourty Semester ~7 Topper’ Soltions Iv) Smurf attack: % Itisavariation ofa ping attack. > This attacker floods a target system via spoofed broadcast ping message. > Theattacker sends a ping request to a third party's broadcast address on the network address. > Every system within third party's broadcast domain then sends ping response to the victim. 4.Sends Echo requestto ‘etworkin broadcast ode, 2. Host reply t0 view "5 View gets saturated Figure 8.3: Smurf Attack. V) Echo Chargen: > Echo chargen takes place between two hosts > Echo services repeat anything sent to it. > Chargen service generates a continuous stream of data. > If they are used together, they create an infinite loop and results in denial of service. > For example an attacker starts this chargen process on host A which sends echo packets to host B. > Host B replies to stream of packets generated by host A, by echoing them back to host A. > This creates an endless loop between Aand B. Qa] What is access control? How does the Bell La Padula model achieve access control? Ans: [10M - May16] ACCESS CONTROL: 1, Access control is a security technique. 2, Itcan be used to regulate who or what can view or use resources in a computing environment. 3. Theact of accessing may mean consuming, entering, or using. 4, Permission to access a resource is called authorization. 5. Access Control includes Access Control Matrix & Access Control List. i Page 76 of 04IP Security Semeser~7 Topper's Soltions vvy S v vyvyv S o Access Control Matrix: Access Control Matrix gives a classic view of authorization. Authorization is used to restrict the actions of authenticated users. Access control matrix has all relevant information needed by the operating system to made a decision about which users are allowed to do what with the various system resources. Access Control Matrix consists of subjects and objects. Subjects (users) are the index of rows. Ubiects (resources) are the index of columns. Figure 8.4 shows the example of Access Control Matrix, where UNIX-style notation such as execute (x), read (r), and write (w) privileges are used. ] 05 | Accounting | Accounting insurance | Payroll Program | Data | Data_| Data _| Bob | x Es r 2 = ace | _ re RB : ve nu sm | rx | rw r Be re_| Accounting] x % Bw ne | one | Program } Figure 8.4: Example of Access Control Matrix. Access Control List: Access control matrix has all relevant information. This could be 1000's of users and 1000's of resources. ‘Then matrix with 1,000,000's of entries. ‘The problem is how to manage such a large matrix. This can be done by portioning the Access Control Matrix into more manageable pieces. ‘There are two ways to split the Access Control Matrix: = Using Access Control List: Access Control List stores access control matrix by column, cos | Accounting | Accounting | Insurance | Payrot Program | Data | _Data_| Data sob | x me ; : a aco |x % t rw | ow sam_| wx | rm 5 nw nw Accounting) ne = ww ny nrIP Security Semester -7 Topper’ Solutions "Using Capabilities: Capabilities stores access control matrix by row. 5 | Accounting Accounting | Insurance | Payroll Program | Data__| Data _| Data |__ Bob x me fi - - Allee re Ea r ny bw Sam __ nx ead Lee ciel? Accounting | 1% Ey mw ea nw Program BELI-LA PADULA MODEL: 1, Bell La Padula model is known as BLP Security Model. 2. BLP security model was designed to express essential requirements for Multi-Level Security. 3. BLP deals with confidentiality. 4, Itis used to prevent unauthorized reading. 5. Bell La Padula Model Supplements the Access Matrix to provide Access Control & Information Flow. 6. Assume that 0 is an object, $ isa subject. 7. Object 0 hasa classification. 8 Subject Shasa clearance. 9. Security level denoted L(0) and L{S) 10. BLP consists of: a. Simple Security Condition: S can read 0 if and only if L() < L{S) b. Property (Star Property); $ can write 0 if and only if L(S) < L(0) 11, Noread up & no write down as shown in figure 8.5 No Read Up No Write Down Figure 8.5: Bell-La Padula Model. Page 78 of 10%IP Security Semester ~7 Topper's Solutions Q5] SSL Protocol. Ans: [5M —May16] SSL: 1. SSL stands for Secure Socket Layer (SSL). 2. Itisalso known as Transport Layer Security (TLS). 3. SSLis layered on top of TCP. 4, _ Itisaprotors! developed by Netscape to protect communication between web browser and server. 5. URLs that require SSL connection start with https. 6. SSL ensures that all data passed between web server and browser remains private and secure. FESTURES: 1. Fragmentation: Divides the data into blocks of 214 bytes or less. 2. Compression: Lossless compression methods are used for compressing fragmented data. 3 Message Integrity: To preserve the integrity of data SSL uses a keyed-hash function to create a MAC. 4. Confidentiality: Original data and the MAC are encrypted using symmetric key cryptography. 5. Protects against Man-in-the-middle attack. 6. Simple and well designed. ARCHITECTURE: Hanuenace | Sh cnense | ea: Renee ee ci Figure 8.6: SSL Architecture. 1. SSL has three sub protocols namely Handshake Protocol, the Record Protocol and the Alert Protocol. 2, $SLuses TCP to provide reliable end-to-end service. 3, _ HTTPis used to provide interaction between web client and web server. ADVANTAGES: > SSL provides session oriented security. > — SSL protects from phishing. > By using SSL, sensitive information is encrypted and then sent on internet. Page 79 of toxIP Security Semester~7 Topper's Solitons DISADVANTAGE: > Performance is degraded. Cost of infrastructure is increased. Q6] List the functions of the different protocols of SSL. Explain the handshake protocol. Ans: [5M — Decs5] FUNCTIONS OF THE DIFFERENT PROTOCOLS OF SSL: 1. SSL Protocols Authenticates the End Points usually the servers. 2. Ithides the data during transmission, 3. It provides a way to validate or identify the website by creating the information file and making the accessing possible. It creates an encrypted connection that provides the sending of the data from one source to another using the SSL. 5. SSL provides a way to ensure that the security is being provided to the transaction and the data in use. 6. The lockis used to display the browsers connection is closed or opened on the secure channel of SSL or TLS. HANDSHAKE PROTOCOL: Glen server aa { hese Sr pecs Seodrieae Sedsneiestetae Sire iia one Seo rete Seo et age te ery 10. Sind Cn tor Se Cane Sheree oe Passos Figure 8.7: Handshake Protocol Operation. Page 80 of ta4IP Security Semester ~7 Topper's Solutions ft yi Vv m mm o vv v Handshake Protocol is the first sub layer protocol used in client and server to communicate using an SSL-Enabled Connection. This is similar to how Alice & Bob would shake hands with each other with a hello before they start conversing. ‘The Handshake Protocol is made up of four phases which pass message between the client and server. Figure 8.7 shows the handshake protocol operation, Itincludes: Establish Security Capabilities: This initiates logical connections and establishes capabilities associated with that connection. This consists of two messages that are the client hello and server hello. ‘The client sends the client hello message to server and receives a server hello message from the serverasa reply. yn and Ker : ‘The server initiates this phase and is the sole sender of all messages. While client is the sole recipient of all messages. This phase contains the following four steps: * Certificate: Server sends its digital certificate to the client for authentication. = Server Exchange Key: If server does not send a certificate then it sends its public key. = Certificate Request: The server request for the client's digital certificate. = Server Hello Done: This message indicates to the client that its portion of hello message is, complete. Client Authentication and Key Exchange: ‘The client initiates this phase and is the sole sender of all messages. ‘While server is the sole recipient of all messages. This phase contains the following three steps: * Certificate: This is an optional and used only if the server requested for client's digital certificate. + Client Exchange Key: the client sends a symmetric key to the server. = Certificate Verify: This is needed only if the server demands client authentication. ee ‘The client initiates this phase of the Handshake which the server ends. ‘The client sends change cipher specs and finished message to the server. On receiving them the server sends change cipher specs and finishes messages. Page Bt of 104IP Seourty Semester 7 Topper’ Soltions Q7]__ IPSec Protocols for security Ans: [5M —May16] IPSEC PROTOCOL: 1. [IPSec Stands for Internet Protocol Security. 2 Itis a protocol suite for securing Internet Protocol Communication. 3. It uses cryptographic security services to protect communications over Internet Protocol (IP) networks. 4 IPSec is implemented at the IP Layer, so it affects all upper layers (i.e. TCP & UDP) iB It provides Authentication, Confidentiality & Key Management. 6. Using IPSec, it is possible to communicate securely across a LAN, across public/private WAN and across the internet. 7. IPSecis used to provide an en-to-end security services. 8. IPSec is usually installed in networking device such as router or firewall. 9. Figure 8.8 shows IPSec Scenario. eer eter, PSeeia Network Device seein Network Deco Ur Stns Figure 8.8: IPSec Scenario. SERVICES PROVIDED BY IPSEC: > Access Control, i Connectionless Integrity. Confidentiality. Data Origin Authentication. R Rejection of Replayed Packets. Page 82 of (04IP Security Semester ~ 7 Topper's Solutions GOALS OF IPSEC: To provide system security solutions. > Tohave single security policy. > Both endpoints must agree to bypass or protect traffic. Q8]__ IPSec offers security at n/w layer. What is the need of SSL? Explain the services of SSL protocol? Ans: [10M - May17] IPSEG PROTOCOL: Refer Q7 NEED OF SSL: Dp ‘To Encrypt Information: > The major purpose ofan SSI. certificate is to encrypt information so that it can only be read and understood by the intended parties. > Information submitted on Internet forms often passes through more than one computer before reaching its final destination, and the more "stops" it has to make, the higher the chance that a third party could obtain acces > An SSL certificate inserts random characters into the original information, rendei incomprehensible to anyone without the proper encryption key. Il) Toprovide authentication: > To make sure that the Information on website, including customer information, goes to the correct server without being intercepted > This requires authentication. > When obtaining an SSL certificate, another type of protection called a server certificate is also issued, > This certificate acts as a mediator between browsers and SSL servers to show that the SSL. certificate provider can be trusted. MM) Guards against Phishing: > — $SLalso acts asa guard against phishing. > When users don't see the signs of security on a site, they're more likely to navigate away without entering any information, IV) Toaccept Payments: > An SSL certificate with the proper encryption of at least 128-bit is needed, Page 83 of 104Semester ~7 Topyper's Solutions PCI standards verify that the SSL. certificate is from a trusted source, uses the right strength of encryption and provides a private connection on any page that requires customers to enter personal information. > — Withouta certificate that meets these standards, a site won't be able to take credit card payments. SERVICES OF SSI. PROTOCOL: 1, Fragmentation: Divides the data into blocks of 214 bytes or less. 2. Compression: Lossless compression methods are used for compressing fragmented data a Message Integrity: To preserve the integrity of data SSL uses a keyed-hash function to create a MAG. 4. Confidentiality; Original data and the MAC are encrypted using symmetric key cryptography. Protects against Man-in-the-middle attack. 6. Simple and well designed. Q9] How is security achieved in the transport and tunnel modes of IPSec? Describe the role of AH and ESP. Ans: [10M - Dec16] 1, IPsec Communication has two modes of functioning: transport and tunnel modes. 2, These modes can be used in combination or used individually depending upon the type of communication desired ‘TRANSPORT MODE, > Transport mode is used for host-to-host communication. It only encrypts and optically authenticates IP Payload and not the IP header as shown in figure 8.9. Before trsec | wP Meader rer | baa aterssc | wioader asuae re | inane me a a Header ‘Trailer | authentication Figure 8.9: Transport Mode. ‘That means, transport mode does not protect entire IP packet. Transport mode is efficient, but since it does not encrypts IP header, IP header is visible to attacker. Page 84 of 04IP Security Semester ~7 Topper's Solutions ‘TUNNEL MODE: 1. Tunnel mode is used for network to network communication, host to network communication and host to host communication. 2. Inthis mode, enti IP packet is encrypted and optionally authenticated. 3. It takes the original IP packet with its IP header, uses IPSec to encrypt it and then adds new IP header to encrypted payload. Refer 8.10 figure for tunnel mode. BeforePSec | rpteader so | am aserwsee | xewirneader | S/T apneader | ree | mata | SA eat Figure 8.10: Tunnel Mode. AM: 1, AHstands for Authentication Header. 2. The AH protocol provides service of data integrity and authentication of IP packets. 3. Italso protects against replay attacks by using sliding window and discarding old packets. 4, Itis based on use of MAC. 5. The packet format of AH is shown in figure 8.11. ° ° 16 a Next Header Payload Length Reserved Security Parameter midex (5P0) Sequence Number Authentication Data (Yartable) Figure 8.11: Authentication Header. ‘Next Header (8 bit): It identifies the type of header immediately following AH header. Payload Length (8 bit); It is length of authentication header. Reserved (16 hit); Its reserved for future use, Security Parameter Index (SP1) (32 bit): It identifies a security association. ‘Sequence Number (8 bit); It is used as counter. Authentication Data (Variable): A variable length field that contains the integrity check value. Page 85 of to4Semester ~7 Topper's Solutions ESP: 1, _ ESP stands for Encapsulating Security Payload. 2, Itis the key protocol use in IPSec. 3. Its used to provide confidentiality, data origin authentication, connection less integrity, an ant replay service and limited flow confidentiality. 4. The packet format for ESP is shown in figure 8.12. ° 8 16 24 31 ‘Security Parameter Index (SPD) Sequence Number Payload (Variable) Padding Pad Length Next Header ‘Authentication (Variable) — Encryption —> Figure 8.12: ESP Packet Header. ‘Security Parameter Index (SPI) (32 bit): It identifies a security association. ‘Sequence Number (32 bit); Its used as counter to provide anti-replay function. Payload (Variable): IP Packet protected by encryption. Padding (0 = 255 bytes): tis used for various reasons. Pad length (8 bit): It indicates number of pad bytes. Next Header: It identifies type of data contained in payload data field by ident ng the first header in that payload. ‘Authentication Data (Variable); A variable length value which contains the integrity check value. Padding: It is used as padding bit. Page 86 of 104IP Security Semester ~7 Topper's Solutions Qio] Differentiate between the transport mode and tunnel mode of IP Sec and explain how authentication and confidentiality are achieved using IP Sec. Ans: COMPARISON OF TRANSPORT & TUNNEL MODE OF IPSEC: [10M — Deets] Table 8.1 shows the Differentiate between the transport mode and tunnel mode of IP Sec. ‘Table 8.1: Differentiate between the transport mode and tunnel mode of IP Sec. Points Transport 4ode Tunnel Mode Protection Provided | It protects IP Payload only. Te protects entire IP Packet. | ‘Authentication Header | Authenticates only P payload and | Authenticates entire inner IP (AH) | selected portions of the IP header. | packet and selected portions of the outer IP header. Encapsulation Security __| Itencrypts IP Payload and Itencrypts and optionally for upper layer protocols. Payload (FSP) optionally authenticates it. authenticates the entire inner IP packet. Purpose | Teisused when we need host-to- | Ttis used when one or both ends | host protection of data. ofa security association are a security gateway. Protection Mode It provides protection primarily | Itprovides protection to the entire IP Packets. Payload Message Service Specification (MSS) | Tess. Comparatively higher. Place in TCP/IP Model In this mode, IPSec is placed between transport and network In this mode, IPSec is placed between network layer and new | hosts. layer. network layer: | “Tansee Besser Reeonctayee | Teer ager Ss | NAT Traversal ] Not supported. Supported. [WPNScenarios _—_| Site-to-site VPN Scenarios. Client-to-site VPN Scenarios. Use [Tt is used for end-to-end |It is used between two routers, | communication between two | between a host and a router or between a router and a host. Page 87 of 04Semester ~7 Topper's Solutions AUTHENTICATION IN IPSEC: > [Psecauthentication algorithms use shared key to verify the identity of the sending IPsec device. > The IPsec protocol suite defines two authentication algorithms: MDS and SHA-1. > The Services Router uses an HMAC variant of MDS and SHA-1 algorithms that provide an additional level of hashing. > —_Inan IPsec-enabled network, the Services Router that sends an IP packet computes a MDS or SHA- 1 digital signature, and adds this digital signature to the packet. > The Services Router that receives the packet computes the digital signature and compares it with the signature stored in the packet's header. > Ifthe digital signatures match, the packet is authenticated. (CONFIDENTIALITY IN IPSEC: > Confidentiality means encryption of data. > Encryption encodes data into a secure format so that it cannot be deciphered by unauthorized users. > Like authentication algorithms, encryption algorithms use a shared key to verify the authenticity of the IPSec devices. > The Services Router uses the following encryption algorithms: = Data Encryption Standard-cipher block chaining (DES-CBC) = Triple Data Encryption Standard-cipher block chaining (3DES-CBC) Advanced Encryption Standard (AES) Qt] Explain software flaws with example. Ans: [5M - May16] SOFTWARE FLAWS: 1. Asoftware flaws is an error, bug, failure or fault in a computer program or system. 2. Most software flaws arise from mistakes and errors made in either a program's source code or its design, or in components and operating systems used by such programs. 3. According to National Institute of Standards and Technology (NIST), there are as many as twenty flaws per thousand lines of software code, Software Flaws can result in Denial of Service, Unauthorized Disclosure and Unauthorized Modification of Data. Following are some standard terminologies suggested by IEEE: i. Error: Human Action that produces an incorrect Result. ii, Faults Itis an incorrect step, process, command or data definition in a computer program. iii, Failure: A failure is the inability of the system to perform its required behavior. Page 88 of 104IP Security Semester ~7 Topper's Solutions Classification of Software Flaws: Gorn eee oo Figure 8.13: Classification of Soicware Flaws. Example: Consider the below programming code. Char array [10]; For (i= 0;1<10; +49) t + > This Program has an Error. > This Error might cause a Fault. > Ifa Fault occurs, it might lead to Failure. > — Weuse the term Flaw for all the above case. _/ Wa] Buffer overflow attack. Ans: I5M - Deci5] BUFFER OVERFLOW ATTACK: ; 1. Abuffer isa space in which data can be held. 2. Abuifer resides in memory. 3, Because memory is finite, a buffer’s capacity is finite, 4, Buffer overflow is the result of stuffing more data into a buffer than it can handle. 5, For Example: Ifyou try to pour four gallons of water into three gallons capacity jug, some water is going to spill out. 6. Itisalso called as buffer overrun or smashing the stack. 7. Itis the basis of many software vulnerabilities. 8, Assume a Web form that asks the user to enter data, such as name, age and date of birth. 9, The entered information is then sent to a server and the server writes the data entered to a buffer that can hold N characters, Page 89 of 104IP Security Semester ~7 Topper's Solutions 10, Ifthe server software does not verify that the length of the data is at most N characters, then a buffer overflow might occur. EXAMPLE OF BUFFER OVERFLOW IN C LANGUAGE: Tat main () 1 Char Sample {51 Sample [5] = ‘A’; } Char Sample [5]: The complier sets aside 5 bytes to store this buffer, one byte for each of the 5 elements of the array, sample [0] through sample [4]. > Now we execute the statement: Sample [5] > — The subscript is out of bounds and results in buffer overflow because it does not fall between 0 and 4 > The buffer overflow might overwrite the user data or code, or it could overwrite system data or code, or it might overwrite unused space. Q13] Compare packet sniffing and packet spoofing. Explain session hijacking attack. Ans: [1oM—May16] PACKET SNIFFING: 1. Packet Sniffing is a technique of monitoring every packet that crosses the network. 2. It isa form of wiretap applied to computer. 3. Packet Sniffing is widely used by hackers and crackers to gather information illegally about networks they intend to break into. 4. The software or device used to do this is called a Packet Sniffer. A Packet Sniffer is a utility that sniffs without modifying the network's packets in any ways. 6. There are two ways in which a Packet Sniffer can be set: a. Unfiltered: It captures all packets. b. Filtered: It captures only the packets with specific data items, Packet Sniffing is difficult to detect, but itcan be done. But the difficulty of the solution means that, in practice, itis rarely done. 8 Figure 8.14 shows example of Packet Sniffing, Page 90 of 104IP Security Semester ~7 Topper's Solutions Router User Figure 8.14: Packet Sniffing Example. _APSCKET SPOOFING: 1. Packet Spoofing isalso known as IP Spoofing. 2. Itis the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose : of hiding the identity of the sender or impersonating another computing system. One technique which a sender may use to maintain anonymity is to use a proxy server 4. As shown below in figure 8.15, attacker creates an IP packet and sends to the server which is known as SYN r & The difference in the IP packet and normal packetis that the attacker puts ‘the own, ‘source address as another computers IP address in the newly created IP packet. Se 6. The server responds back with a SYN-ACK response which travels to the forged IP address. 7. Theattacker somehow gets this SYN-ACK response send by the server and acknowledges it so as to complete a connection with server. 8. Once this is done the attacker can try various commands on the server computer. si The most common methods include IP address spoofing attacks, ARP spoofing attacks, and DNS. server spoofing attacks. Se es = | =e Figure 8.15: Packet Spoofing Example. Page 9 of 104IP Security Semester —7 Topper's Solutions aa HIJACKING: 1. Session Hijacking is also known as TCP session hijacking. 2, Itisamethod of taking over a secure /unsecure web user session by secretly obtaining the session 1D and masquerading as an authorized user. 3. Once the user's session ID has been accessed, the attacker can masquerade as that user and do anything the user is authorized to do on the networks shown in figure 8.16. Figure 8.16: Session Hijacking Example. 4, The session ID is stored within a cookte or URL. HTTP cookies are used for authenticating, session tracking, state maintenance and maintaining user information. 6. Session hijacking takes advantage of this practice by intruding in real time during a session. 7. The intrusion may or may not be detectable. 8, __If a website does not respond in a normal way to user input or stops responding then session hijacking may be the reason. Qu4]_ IP spoofing. Ans: [5M - Deets] Refer Q13 Packet Spoofing Part, Q15] Session Hijacking and Spoofing. Ans: [5M — Mays7] Refer Q13 Session Hijacking and Packet Spoofing Part. Page 92 0f 104IP Security Semester ~7 Topper's Solutions Q16] Define the following examples: @ Salami attack. Gi) Session Hijacking. Ans: [5M — Dec1s5] \ASALAML ATTACK: 1. Salami Attack is the series of small attacks which results in large attack. 2. Itworks on “Collect & Round Off” Trick. A salami attack is when small attacks add up to one major attack that can go undetected, Italso known as salami slicing or penny shaving. Example: Consider the example of banking system. ‘The bank pays 9% interest on accounts deposited in the bank. In first month, let's say an account holder gets Rs. 102.25 and in second month he/she gets Rs. 198.54 But because the bank deals only in Rupees, rounding is performed based on value of residue, Ifresidue is half of rupees or more, round up is performed otherwise round down is performed. Attacker tries to steal this 0.25 or 0.6 or some other fraction of rupee in paise and add to its own account. Even if the value is negligible for one account holder or transaction, a bank makes a few lakh transactions every day and an attacker may collect these fractional paise from all accounts or transaction to add significant amount his account. SESSION HIJACKING: Refer Q13 Session Hijacking part. Qu7] Ans: Explain briefly with examples, how the following attacks occur: i) Salami attack ii) Denial of Service attack ii) Session hijacking attack iv) Cross-cite scripting attack. [10M — Dec16] SALAMI ATTACK: Refer Q16 Salami attack part. Page 93 of 04IP Security Semestor -7 Topper's Soations DENIAL OF SERVICE ATTACK: Refer Q1. SESSION HIJACKING: Refer Q13 Session Hijacking part. CROSS-CITE SCRIPTING ATTACK: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. ‘The scripts referred here are malicious code. InXSS, the attacker does not directly target the user. Firstly the attacker injects the malicious code into the Web App where the user visits and then the malicious code is delivered to the victim's browser. ‘The figure 8.17 shows the working of XSS. e Perpetrator injects the = website with a maliious For each visitto the script that steals each website, the malicious visitors session cookies scriptis activated (@p Visitors session cookie issent to perpetrator. — Perpetrator Website Visitor @} Perpetrator dscoversa “website havinga vulnerability that enables scriptinjection Figure 8.17: Working of XSS. Page 94 of 104Miscellaneous Semester~7 Toppers Solations MISCELLANEOUS Qu] Timing and Storage Covert Channel. Ans: [5M - Mays7] COVERT CHANNEL: 1. Covert Channel is type of computer security attack. 2. Ittransfers information in a way that violates a security policy. Se Covert channels have been defined by Lampson in 1973 as a communication channel, not designed for any kind of information transfer. <3 Consider there is group of students preparing for exam, where questions are of objective type. 5. For each question there are four choice of answer: a,b, c,d and right answer has to be selected. 6. Now one who is clever in the group decides to help others. 7. So he/she any reveal the answer by acting in accordance to a predetermined protocol like coughing for answer “a”, sighing for answer “b” and so on. Covert channel is hidden communication in open channel. ee TIMING COVERT CHANNEL: 1. Timing Covert Channel are memoryless channel, 2. Ina covert timing channel, the information transmitted from the sender must be sensed by the receiver immediately, otherwise it will be lost. 3. The task of identifying and handling covert timing channel in a secure system is more difficult than storage covert channel. 4, Examples of timing channel are: a. 1/0 Scheduling Control, b. Memory Resource Management Channel. 5. Figure 9.1 represents example of covert timing channel. Servico Spy Service Spy Service Spy Program Program Program Program Prograin Program 1 ° 1 ° 7 ° Figure 9. (a) Normal Scheduling Service spy Spy Service Service Spy Program Programm Program Program Program Program Figure 9.1 (6) Service program communicating 101 Figure 9.1: Example of Timing Covert Channel. Page 95 of 104Miscelloneous Semester ~7 Topper's Solutions °% 10. uw. 12. In Figure 9.1, the scheduling of service program and spy’s program is shown, Aservice program makes use of timing channel either by using certain amount of time or by not usingit, In multi programmed system, time is divided into blocks and allocated to one process and another alternatively. The processing time is rejected by a process if it is waiting for an event to occur and is idle. Ablockis used by a process to signal 1 and it is rejected to signal 0. Figure 9.1 (a) shows first situation of normal scheduling, where service program and spy program are used alternately. In figure 9.2 (b), the second situation is showed where service program communicates 101 string to spy program. STORAGE COVERT CHANNEL: A storage covert channel transfers information through the writing of bits by one program and reading those bits by another, Examples of storage covert channel are: a. File Lock Channel, b, Printer Attachment Channel. Figure 9.2 shows the example of storage covert channel. attached? Sender Process Attached (2) ‘Service itary Printer Detached (0} ata tobeprinted Figure 9.2: Printer Attachment Covert Channel. ‘When physical printers or other 1/0 devices are shared resources in a system, a sending process ‘Sat a high security level could potentially transfer information to a receiving process ‘R’ at lower security level by creating contention for the device. The sender and receiver must have some way to synchronize. To send a1, the sender process simply checks to see if the printer is attached and attaches if it is not. : Tosenda0, the sender process checks to see ifthe printer is attached and detaches ifitis attached. Page 96 of 04Mircellaneous Semester 7 The receiver process attempts t attach the printer, receiving Wifsuccesstal cet oT +The receiver process then deta hes the printer ifthe attach eall was sneressQuestion Papers Somester~7 Topper's Solutions Qi) Q2) Q3] Qa Q5) Cryptography & System Security - Dec 2015 (a) Define the following examples: (0) Substitution cipher. (ii) Poly-alphabetic cipher. ii) Salami attack. (iv) Session Hijacking, Ans: [Chapter - 2 & 8] [10] (b) With the help of examples explain non-malicious programming errors. Ans: [Chapter - 7] [05] (0) Define the goals of security and specify mechanisms to archive each goal. Ans: [Chapter - 1] [05] (a) Inan RSA system the public key (e, n) of user A is defined as (7, 119). Calculate ®, and private key d. what is the cipher text when you encrypt message m=10, using the public key? Ans: [Chapter - 4] [10] (b) Give the format of X 509 digital certificate and explain the use of a digital signature in it. ‘Ans: [Chapter - 6] [os] (c) Encrypt "The key is hidden under the door” using play fair cipher with keyword “domestic” Ans: [Chapter - 2} (05] (a) Explain how a key is shared between two parties using Diffie-Hellman by exchange algorithm. Whatiis the drawback of this algorithm? Ans: [Chapter - 4] [10] (©) Differentiate between i) MD-5 and SHA i) Firewall and IDS. Ans: [Chapter-5 & 7] [10] (@) Explain working of DES detailing the Fiestel structure. Ans: [Chapter - 3] [10] (b) Whatis a Denial of service attack? What are the different ways in which an attacker can mount a DOS attack on a system? Ans: [Chapter - 8] [19] (a) List the functions of the different protocols of SSL. Explain the handshake protocol. Ans: [Chapter - 8] [05] (b) How does PGP achieve confidentially and authentication in emails? Ans: [Chapter - 6] [05] Page 98 of (04Question Papers Semester -7 Topper's Solutions (©) Differentiate between the transport mode and tunnel mode of IP Sec and explain how authentication and confidentiality are achieved using IP Sec. Ans: [Chapter - 8] [10] Q6] Write in brief about (any four): (a) Operating System Security. Ans: [Chapter - 1] Tos} (b) Buffer overflow attack. Ans: [Chapter - 8] [05] (0 PP spoofing, Ans: [Chapter - 8] [05] (@ Viruses and their types. Ans: [Chapter - 7] fos] (©) Key generation in IDEA. Ans: [Chapter - 3] [05] Cryptography & System Security - May 2016 Qi] (@) Explain software flaws with example. Ans: [Chapter - 8] [os] (b) List with example the different mechanisms to achieve security. Ans: [Chapter - 1] [05] (©) Explain with example, keyed and keyless transposition ciphers Ans: [Chapter - 2] [05] (d) Elaborate the steps of key generation using RSA Algorithm, Ans: [Chapter - 4] [05] Q2]_ @) Aand B decide to use Diffie Hellman Algorithm to share a key. They chose P = 23 and G= 5 as. the public parameters. Their secret keys are 6 and 15 respectively. Compute the secret key that they share. Ans: [Chapter - 4] hoy (b) Explain working of DES. Ans: [Chapter - 3] [19] Page 99 of 4 itQuestion Papers Semester - 7 Toppee's Solutions Q3] (a) Whatis access control? How does the Bell La Padula model achieve access control. Ans: [Chapter - 8] {10} (b) What is a digital signature? Explain any digital signature algorithm in detail. Ans: [Chapter - 5] [10] Q4] (a) Compare packet sniffing and packet spoofing, Explain session hijacking attack, Ans: [Chapter - 8] [10] (b) Explain working of Kerberos. Ans: [Chapter - 6] [10] Q5] (a) Whatiis a firewall? What are the firewall design principle? Ans: [Chapter - 7] [05] (b) What are the various ways for memory and address protection. Ans: [Chapter - 7] [05] (c) Explain the significance of an instruction Detection System for securing a network. Compare signature based and anomaly based IDS. Ans: [Chapter - 7] [10] Q6] Write in brief about (any four): (a) Email Security. Ans: [Chapter - 6] [05] (b) SSL handshake protocol. Ans: [Chapter - 8] [05] (©) IPSec Protocols for security. Ans: [Chapter - 8] [05] (@) Denial of service attacks. Ans: [Chapter - 8] [05] (e) IDEA. Ans: [Chapter - 3] [05] Page 100 of 104Question Papers Semester ~7 Topper's Solutions a) Q] 3] Qa) Cryptography & System Security - Dec 2016 (a) What are block ciphers? Explain with examples the CBC and ECB modes of block ciphers. Ans: [Chapter - 3] 1) (b) Encrypt the string “This is an easy task" using a playfair cipher with key "monarchy". Ans: [Chapter - 2] [05] (c) Define authentication and non-repudiation and show with examples how each one can be achieved. Ans: [Chapter-7] 105] (@) Describe triple DES with two DES keys. Is man in the middle attack possible on triple DES? Ans: [Chapter - 3] [05] (@) Aand B decide to use Diffie Hellman algorithm to share key. They choose p=23 and g=5 as the public parameters. Their secret keys are 6 and 15 respectively. Compute the secret key that they share. Ans: [Chapter - 4] [10] (b) Compare DES and IDEA. Explain the round key generation scheme in both these algorithms. Ans: [Chapter - 3] [10] (a) Whatare the different types of viruses and worms? How do they propagate? Ans: [Chapter - 7] fo} (b) What are the various ways for memory and address protection in Operating systems? How is authentication achieved in 0.5? Ans: [Chapter - 7] [10] (@) Explain briefly with examples, how the following attacks occur: i) Salami attack ii) Denial of Service attack iii) Session hijacking attack Iv) Cross-cite scripting attack Page 101 of (04Question Papers Semester ~7 Toppers Solutions Qs] Q6] Ans: [Chapter - 8] [10] (b) How is security achieved in the transport and tunnel modes of IPSec? Describe the role of AH and ESP. Ans: [Chapter - 8] [10] (a) How is confidenti achieved in emails using either S/MIME or PGP? ‘Ans: [Chapter - 6] [05] (b) Aand B wish to use RSA to communicate securely. A chooses public key (e, n) as (7, 247) and B chooses public key (e, n) as (5, 221). Calculate their private keys. What will be the cipher text sent by A to B if A wishes to send message m = 5 securely to B? Ans: [Chapter - 4] [10] (©) What is a digital signature? Explain any digital signature algorithm. Ans: [Chapter - 5] [05] (a) Compare and contrast (any two): 4) Block and stream ciphers ii) MD-S versus SHA iii) KDC versus CA Ans: [Chapter ~2 & 5] [10] (b) What are firewalls? Explain the different types of firewalls and mention the layer in which they operate. Ans: [Chapter - 7] [10] Page 102 of taQuestion Papers Semester 7 Toppers Solutions Q6) (b) Why are Digital Signatures & Digital certificates required? What is the significance of Dual Signature? Ans: [Chapter - 5] Attempt any 4 (a) SHA Ans: [Chapter - 5] (b) Timing and Storage Covert Channel. Ans: [Miscellaneous] (0) Session Hijacking and Spoofing. Ans: [Chapter - 8] (@) Blowfish, Ans: [Chapter - 3] (0 S/MIME Ans: [Chapter - 6] [10] [05] [05] {05} {05} {05}