NAME : Abdul Gani

ROLL NO : 201DDE1184
COURSE : MCA
YEAR/SEM : 2nd / 3rd
PAPER CODE : MCA 302
PAPER NAME : (NETWORK SECURITY & ADMINISTRATION)
Q-1. Why do we need communication protocol?

A communication protocol is a system of rules that allow two or more entities of a

communications system to transmit information via any kind of variation of a physical
quantity. The protocol defines the rules, syntax, semantics and synchronization of
communication and possible error recovery methods. Protocols may be implemented by
hardware, software, or a combination of both.]

Communicating systems use well-defined formats for exchanging various messages. Each
message has an exact meaning intended to elicit a response from a range of possible
responses pre-determined for that particular situation. The specified behavior is typically
independent of how it is to be implemented. Communication protocols have to be agreed
upon by the parties involved. To reach an agreement, a protocol may be developed into a
technical standard. A programming language describes the same for computations, so there
is a close analogy between protocols and programming languages: protocols are to
communication what programming languages are to computations. An alternate
formulation states that protocols are to communication what algorithms are to
computation.

Multiple protocols often describe different aspects of a single communication. A group of

protocols designed to work together is known as a protocol suite; when implemented in
software they are a protocol stack.

Internet communication protocols are published by the Internet Engineering Task Force
(IETF). The IEEE handles wired and wireless networking and the International Organization
for Standardization (ISO) handles other types. The ITU-T handles telecommunication
protocols and formats for the public switched telephone network (PSTN). As the PSTN and
Internet converge, the standards are also being driven towards convergence

Messages are sent and received on communicating systems to establish communication.

Protocols should therefore specify rules governing the transmission. In general, much of the
following should be addressed:

Data formats for data exchange

Digital message bitstrings are exchanged. The bitstrings are divided in fields and each
field carries information relevant to the protocol. Conceptually the bitstring is
divided into two parts called the header and the payload.
Address formats for data exchange
 Addresses are used to identify both the sender and the intended receiver(s). The
addresses are carried in the header area of the bit strings, allowing the receivers to
determine whether the bit strings are of interest and should be processed or should
be ignored.
Address mapping
Sometimes protocols need to map addresses of one scheme on addresses of another
scheme. For instance to translate a logical IP address specified by the application to
an Ethernet MAC address. This is referred to as address mapping.[
Routing
When systems are not directly connected, intermediary systems along the route to
the intended receiver(s) need to forward messages on behalf of the sender. On the
Internet, the networks are connected using routers. The interconnection of networks
through routers is called internetworking.
Detection of transmission errors
Error detection is necessary on networks where data corruption is possible. In a
common approach, a CRC of the data area is added to the end of packets, making it
possible for the receiver to detect differences caused by corruption.
Acknowledgements
Acknowledgement of correct reception of packets is required for connection-
oriented communication. Acknowledgments are sent from receivers back to their
respective senders.[
Loss of information - timeouts and retries
Packets may be lost on the network or be delayed in transit. To cope with this, under
some protocols, a sender may expect an acknowledgment of correct reception from
the receiver within a certain amount of time.
Direction of information flow
Direction needs to be addressed if transmissions can only occur in one direction at a
time as on half-duplex links or from one sender at a time as on a shared medium.
Sequence control
If long bitstrings are divided into pieces and then sent on the network individually,
the pieces may get lost or delayed or, on some types of networks, take different
routes to their destination. As a result, pieces may arrive out of sequence.
Flow control
Flow control is needed when the sender transmits faster than the receiver or
intermediate network equipment can process the transmissions. Flow control can be
implemented by messaging from receiver to sender.
Queueing
Communicating processes or state machines employ queues (or "buffers"), usually
FIFO queues, to deal with the messages in the order sent, and may sometimes have
multiple queues with different prioritizationey communicate. 
Q-2. Why is there a dispute between digital non-repudiation and legal no repudiation?

Ans:- Non-repudiation is the assurance that someone cannot deny the validity of something.
Non-repudiation is a legal concept that is widely used in information security and refers to a
service, which provides proof of the origin of data and the integrity of the data. In other
words, non-repudiation makes it very difficult to successfully deny who/where a message
came from as well as the authenticity and integrity of that message.
Digital signatures (combined with other measures) can offer non-repudiation when it comes
to online transactions, where it is crucial to ensure that a party to a contract or a
communication can't deny the authenticity of their signature on a document or sending the
communication in the first place. In this context, non-repudiation refers to the ability to
ensure that a party to a contract or a communication must accept the authenticity of their
signature on a document or the sending of a message.

From the point of view of information security, non-repudiation usually applies to cases of a
formal contract, a communication, or the transfer of data. Its aim is to ensure that an
individual or organization bound by the terms of a contract, or the parties involved in a
particular communication or document transfer are unable to deny the authenticity of their
signatures on the contract documents, or that they were the originator of a particular
message or transfer.

Dispute between digital non-repudiation and legal no repudiation?

Digital signatures are not sufficient for non-repudiation -- not by a long shot.

Non-repudiation is a legal concept. It means that, if there is a dispute, in a lawsuit it will be

possible to hold one party to their commitments.

For example, mathematical schemes that claim to provide non-repudiation have to

withstand the "jury attack". Some expert witness is going to have to be able to explain, in
non-technical terms that an ordinary juror (and judge) can understand, why the
mathematics proves anything at all. Meanwhile, an expert witness for the other side is going
to be arguing the opposite. If the scheme uses fancy mathematics, it is likely to be
incomprehensible to the jurors and the judge, and hence not likely to be of much use in a
lawsuit. This is a kind of attack that most mathematical schemes in the literature are unlikely
to be able to stand up to.

I'm afraid much of the cryptographic research community has screwed this up. Researchers
have written many technical papers that claim to address "the non-repudiation problem",
trying to solve it with mathematics -- but what they've failed to accept is that there is a
tremendous gap between the crypto-mathematics and the pragmatics and legal issues. And
unfortunately, the hardest part of the problem to solve is not the mathematics, but rather
the pragmatics and legal issues. Unfortunately, this seems to be a long-standing blind spot
within the cryptographic research community.

Here are some of the challenges to achieving true non-repudiation that a court or lawyer
would be satisfied with:

 Malware. What if Grandpa's computer is infected with malware, which steals his private
key? Are we going to hold him responsible for anything signed by that malware -- even if it
means he loses his house? That'd be ridiculous. In particular, an easy way to repudiate is
simply to claim "my private key must have been leaked/stolen".

Similar remarks can be made about social engineering. When social engineering attacks
have a good chance of being successful at stealing the private key, and when the scheme is
designed in such a way that ordinary people cannot use it securely, and when the designers
know (or should have known) this, I think it is questionable whether jurors will be willing to
hold Grandpa responsible, simply because he got screwed by a poorly-designed security
system.

 Humans vs. computers. Legally, non-repudiation is about the actions of a human. A court
is going to be looking for evidence that a human (e.g., Grandpa) assented to the terms of
the contract/transaction. The cryptographic schemes cannot achieve that. They can only
show that some computer performed some action. Cryptographers like to assume that the
computer acts as an agent of the human and the computer's actions can stand in for the
human's actions, but this is not a reasonable assumption. For example, malware on the
person's computer can apply the private key without the human's consent.

Q-3. Give a detailed account of why the three-way handshake is a security threat.
Ans:- 3-Way Handshake Process

This could also be seen as a way of how TCP connection is established. Before getting into
the details, let us look at some basics. TCP stands for Transmission Control Protocol which
indicates that it does something to control the transmission of the data in a reliable way.

The process of communication between devices over the internet happens according to the
current TCP/IP suite model(stripped out version of OSI reference model). The Application
layer is a top pile of stack of TCP/IP model from where network referenced application like
web browser on the client side establish connection with the server. From the application
layer,the information is transferred to the transport layer where our topic comes into
picture. The two important protocols of this layer are – TCP, UDP(User Datagram Protocol)
out of which TCP is prevalent(since it provides reliability for the connection established).
However you can find application of UDP in querying the DNS server to get the binary
equivalent of the Domain Name used for the website.

TCP provides reliable communication with something called Positive Acknowledgement

with Re-transmission(PAR). The Protocol Data Unit(PDU) of the transport layer is called
segment. Now a device using PAR resend the data unit until it receives an
acknowledgement. If the data unit received at the receiver’s end is damaged(It checks the
data with checksum functionality of the transport layer that is used for Error Detection),
then receiver discards the segment. So the sender has to resend the data unit for which
positive acknowledgement is not received. You can realize from above mechanism that
three segments are exchanged between sender(client) and receiver(server) for a reliable
TCP connection to get established. Let us delve how this mechanism works :
 Step 1 (SYN) : In the first step, client wants to establish a connection with server, so it
sends a segment with SYN(Synchronize Sequence Number) which informs server that client
is likely to start communication and with what sequence number it starts segments with
 Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits set.
Acknowledgement(ACK) signifies the response of segment it received and SYN signifies with
what sequence number it is likely to start the segments with
 Step 3 (ACK) : In the final part client acknowledges the response of server and they both
establish a reliable connection with which they will start the actual data transfer

The steps 1, 2 establish the connection parameter (sequence number) for one direction and
it is acknowledged. The steps 2, 3 establish the connection parameter (sequence number)
for the other direction and it is acknowledged. With these, a full-duplex communication is
established.

Q-4. What is cryptography?

Cryptography is a method of protecting information and communications through the use of

codes, so that only those for whom the information is intended can read and process it. The
prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing."

In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations called
algorithms, to transform messages in ways that are hard to decipher. These deterministic
algorithms are used for cryptographic key generation, digital signing, verification to protect
data privacy, web browsing on the internet, and confidential communications such as credit
card transactions and email.

Cryptography techniques

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It includes

techniques such as microdots, merging words with images, and other ways to hide
information in storage or transit. However, in today's computer-centric world, cryptography
is most often associated with scrambling plaintext (ordinary text, sometimes referred to as
cleartext) into ciphertext (a process called encryption), then back again (known as
decryption). Individuals who practice this field are known as cryptographers.

Features Of Cryptography are as follows:

1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no
other person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send
information at later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.

Symmetric-key cryptography
Symmetric-key cryptography, where a single key is used for encryption and decryption

Symmetric-key cryptography refers to encryption methods in which both the sender and
receiver share the same key (or, less commonly, in which their keys are different, but
related in an easily computable way). This was the only kind of encryption publicly known
until June 1976.

Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years.
In Public-Key Cryptography two related keys (public and private key) are used. Public key
may be freely distributed, while its paired private key, remains a secret. The public key is
used for encryption and for decryption private key is used.

Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as
per the plain text that makes it impossible for the contents of the plain text to be recovered.
Hash functions are also used by many operating systems to encrypt passwords.

Q-5. 1. Define the following terms: (i) Hacker (ii) Hacktivist (iii) Cracker

Hacker:-
A computer hacker is any skilled computer expert who uses their technical knowledge to
overcome a problem. While "hacker" can refer to any skilled computer programmer, the
term has become associated in popular culture with a "security hacker", someone who, with
their technical knowledge, uses bugs or exploits to break into computer systems.

Two types of hackers, there are two definitions of the word "hacker":

1. an adherent of the technology and programming subculture; see hacker culture.

 2. someone who is able to subvert computer security. If doing so for malicious
purposes, the person can also be called a cracker

White hat hacker :-White hats are hackers who work to keep data safe from other
hackers by finding system vulnerabilities that can be mitigated. White hats are
usually employed by the target system's owner and are typically paid (sometimes
quite well) for their work. Their work is not illegal because it is done with the system
owner's consent.

Black hat hacker :-Black hats or crackers are hackers with malicious intentions. They
often steal, exploit, and sell data, and are usually motivated by personal gain. Their
work is usually illegal. A cracker is like a black hat hacker, [13] but is specifically
someone who is very skilled and tries via hacking to make profits or to benefit, not
just to vandalize. Crackers find exploits for system vulnerabilities and often use them
to their advantage by either selling the fix to the system owner or selling the exploit
to other black hat hackers, who in turn use it to steal information or gain royalties.

Grey hat hacker :-Grey hats include those who hack for fun or to troll. They may
both fix and exploit vulnerabilities, but usually not for financial gain. Even if not
malicious, their work can still be illegal, if done without the target system owner's
consent, and grey hats are usually associated with black hat hackers.

Hacktivist:-In Internet activism, hacktivism, or hactivism (a portmanteau of hack and

activism), is the use of computer-based techniques such as hacking as a form of civil
disobedience to promote a political agenda or social change. [1] With roots in hacker culture
and hacker ethics, its ends are often related to free speech, human rights, or freedom of
information movements

The term is frequently attributed to Cult of the Dead Cow (cDc) member "Omega," who
used it in a 1996 e-mail to the group. [3][4] However, writer Jason Sack used the term earlier,
in a 1995 article on New Media artist Shu Lea Cheang. Due to the variety of meanings of its
root words, hacktivism is sometimes ambiguous and there exists significant disagreement
over the kinds of activities and purposes it encompasses. Some definitions include acts of
cyberterrorism while others simply reaffirm the use of technological hacking to effect social
change.[

3-cracker
A cracker is an individual who performs cracking, or the process of breaking into a computer
or a network system. A cracker might be performing cracking for malicious activities, profit,
for certain nonprofit intentions or causes, or just for a challenge. Some crackers break into a
network system deliberately to point out the flaws involved in that network's security
system. In most cases, crackers aim to gain access to confidential data, get hold of free
software applications, or carry out malicious damage to files.