NETWORK SEX" — —$—$__“ABy 2 _____—_ nr TOGRARHY AND NET H SOLUTIONS | ‘PART-A SHORT QUESTIONS WIT! | 6 yarns oni. | - te Be i What are the principles of security? May TRA), oy 1 oy | Answer : stem and the information nisms, the security of a data processing employing one OF MOTE S Assccurity senive isa service that is used to enhance curity mech ‘within an organization. They are meant io tackle security atta The available security services are as follows, 1 Confidentiality | Authentication a Neo-repudiation Integr S.Availability 6 Access con Q2. Define confidentiality and authentication. Answer: ApalsHR8 coy Confidentiality . tH Confidentiality refers to the process of protecting the data being transmitted from all types of passive-attacks. In cae the release of message cortenis, higher levels of protection can be notified. All the data which is transmitting between tht systems for some specific period of time can be protected in ease of broader forms of this service. Far example, in ease of sina connection benween the two systems, any user data can be prevented ftom its release over the virtual cite a also be applied ina narrower form which protects a single message or some fields within the message but this appeasch is eae complex end expensive to implement. Another feature of confidentiality is protecting traffic low from analysis because of «8 ‘an intruder cannot monitor the source and destination, frequency, length and any other trafic characteristics Authentication i {t deals withthe process of assuring thatthe communication is authentic. In ease of < a uthentic, In ease of a single messa, function io ensue the ecient that th mevsage som the intentad voces Foro ae ese to host connection, two perspectives are involved. “—, ansmissee ® Faction such as the ()___Initiaily atthe time of connection establishment, the authentication service - ‘Must ensure the authentic} parties involved. ture the authentic of two communion G3. Differentiate between interruption and interception, Answer : Interruption (Modal Papers atja) | Dec 1A 16S This is an attack on availability hich the resourses ofa co computer sytem are damaged or become unavailable =| Gay Figure: nterrupion Examples: Dariage 0 some portion ofthe hardware cuting of comay one HCALION Hine ety, ete. WARNING: xeraePhotetopying of books 8 CRAIRAL set. An sauna SRY ABLE tp 188 LEGAL procuediogs Sead ih CamSeorrarthe confidentiality of information where an Person or program gets the access or control 10 Tesources, ‘Ss0uRcE DESTINATION INTRUDER Figure: Interception Wiretapping of a network, illicit copying of files Short notes on viruses. Model Paper, (a) is a software program that replicates itself $ another computer without the knowledge of user. Virus gets its pame from biological virus. For itself, a virus needs to execute code and should be ‘memory. For this reason, many viruses attach executable files that are part of authentic program. Propagates by transmitting itself across network security system. Viruses are otherwise said to be (idle) until certain events cause their code 10 ‘Virus also propagates from one system to another ost is taken to an uninfected system, They are attachments in e-mail message or in downloaded are the different types of viruses? ¢ of the different types of viruses are as follows, Virus ‘of the most common types of virus. It attaches ‘fo executable files like .com and .exe in order to ae. When the program that is infected is executed, ned copy of parasitic virus is ble files. dent Virus viruses load themselves into the memory during of infected program and transfer the control ted host program. In this ease, virus infects being executed on the Q6. Define non-repudiation. Answer ee. -47(R13), 18) Non-tepudiation provides protection against the denial by one ofthe entities involved in communication, Thus, once 8 message is sent, the receiver assures that the message was se by an intended sender and upon reception, the sender assures ‘that the message is received by the correct receiver Q7. What are the types of security attacks? oe May-16(R13), Q1(a) ‘Attacks on the security of a system or a network can be best described by analyzing the functionality of a computer system by providing the required information. The two different types of attacks that are possible are, 1, Passive Attacks It refers to the process of monitoring or wiretapping of the ongoing transmission. Here, the goal of the opponent is to capture the transmitting information. Two possible types of passive attacks are, (i) Release of message contents ii) Traffic analysis. 2. Active Attacks Inthis type of attack, an attacker can alter the information fr sometimes generates fraudulent information into the network. The four categories of the active attacks are as follows, (i) Masquerade Gi) Replay (iii) Modification tiv) Denial of service Fe i edn Q8. Discuss about Masquerade in brief. Answer : Dec. -199R16), O40) ‘This type of attack occurs when one entity counterfeits to bea different entity. usually includes the other types of ‘active attack. Consider an example, where the authentication Sequences can be seized and replayed after the occurrence of 4 valid authentication sequence thereby allowing an autho- {ized entity with limited privileges to get additional privileges by Pretending to be an entity that has these benefits Attacker sending messages to User? ‘Sona with CamSernarQ9, What ara 8 . Auawer t . MortHR48) ay) Some of the ypeeltic yecuslty mechanisms wre an follows Om catsily vgcensile, Th depen on the appl A DigHiat Signatures the appended data or ‘oF tes cat and prevents i from any wunuthorized IW rofers to a variety of techniques cts Haste tothe proccas af applying mtematial gorithms for converting Asta ino & form tha is yy Falgoritinn and the encryption Keys. applied to any data unit must preserve the integrity syplogenphie transform eves. 1 are usually employed for enforeing access permissions to th Alt) Aecens Cont my resources dejgltys I vefers toa variety of techniques th ofa at ensure the integrity of data, wy of either a sender or a receiver by exchanging (9) Authenttention information between thes (ob ‘rule Pudding: The process of inserting bits into a data steam to thwart trie analysis aterpts: (old Routlny: Control selects route thats assumed to safe for transmiting certain amount of data and immediately changes the route once a breach in security is detected, (olll_Notarlzatlow: ttrefers to the nt ofa trusted thied party for assuring some specific properties of a data exchange, Q10. Explain tho notwork socurity model. wring the iden Answer t OctsNov-16{R13}, 2119) Generally, the data which is in the form of a stream or a block can be transmitted over network between the two ‘communicating parties."The entity which is responsible for transmitting the data js called a sender and the entity which receives the data (from the sender) is ealled a receiver. Both the parties must have certain level of coordination between them in ord the data, If the sender and receiver are linked through connection-oriented means then they must use a connection. oriented protocol ike TCPAP for transmitting the data. During the process of data transmission, some unauthorized interruption from intruders oceur which ean be avoided by providing security to the transmitting data. QM. Define linear cryptanalysis. Anower + Dee.-17(R13), tie) Linear Cryptanalysis is type of eryplanalytic attack invented by Mitsuru Matsui (1016, +015, 1017]. This attack uses tinear approximations to describe the action of a block cipher. This means that if XOR is done on some of the plain text bits together, XOR some cipher text bits together and then XOR the result, a single bit is generated that is the XOR of some of the key bits, This isa linear approximation and will hotd some probability P. Q12. What are the two basic functions used in encryption algorithms? Answer : (Model Papers, 21(b} | OctsNov.A6{R3), Q1(0)) “There are two general operations used in encryption. They are, Substitution 4 Transposition. In substitution, each leter of plaintext is replaced with some other element. In transpositio i ‘element. In transposition, the let in some strategy. These operations are performed in such a way tha no information is los. ae eee Q13, What is traffic padding? What Is its purpose? Answer : : Apesi18(R15), 0112) ‘Traffic padding can be defined as a technique to hide the ¢ Patterns of traffic, In essence, a dummy tral insertec q network ‘and presented to tenets different pattern. Now, the traflic pattem observed iy iatiadert ales fe = od sick hides the real operation mode of the system, However, the presence of di riheaed iL bes atm fo reduce the dummy traflic to attain necessary security. SAY Gn eas lot of uvertcad ead kf importmt Although there is no plain text, the traffic padding keeps on i epson generating output as ciphertext. Ths, it gene enti dat stream. n presence of plaintext, the proces of encryption akes pace tod tien win eecoaehed ee “There is also a possibility that if plaintext is not provided, then data is 0a pos hat if 'n data is encrypted and transmitted randomly. As a result, the attacker fails to identify the distinction between true data flow and ie low and padding, which eventually lea i ti Sere . e ually leads to the failure in detecting 78 WARNING: xerouPneiasaf ts bok'sSCRIMRAL sit Anyone fond gute ABLE Wace LEGAL proces. Seanad with CamSewrner5 uNiT-1_ Securlly Concepts, Cryptography Concopis and Techniques ats. Explain the caesar cipher, answer! Apa A8(619), al pase . pabet ie, three Caesat cipher is the oldest ofall substitution ciphers which replaces each Jetter of the plaintext with an alphabet ves abend ofthat alphabet, sample Plaintext: Hi, this is Ruhi_ Ciphertext: KL, WKLY LV UXKL ‘The replacement done in the above example uses the following, Plaintext Alphabet: aoobioc od Ciphertext Alphabet . DE F GH 1o3 kK LM NO Plaintext Alphabet mn 0 p gq Ciphertext Alphabet PQ Ro oS T Uo vow x.y z A BC tthe alphabets are assigned with numbers i¢,,0=0, B= 1,€=2yuuy2=25 and ()_TEthe substitution is such that each letter of the alphabet is replaced by a letter i.e, three plices ahead of it, then the substitution algorithm for each letter P in the plaintext substitutes letter C asthe cipher letter as follows. © C=E®) =(P+3) Mod (26) . (i) the substitution is such that each letter is replaced by a letter that is K places ahead of it, then, c (P) = (P+ K) Mod (26) ‘Where, K can be any value from 0 to 25. A decryption. algorithm for Caesar cipher is, P=D(C) (C—K) Mod (26) Q15. Compare substitution ciphers with transposition ciphers. Answer : (Model Papers, 4) | May-16(R13), Q(b)) Substitution Cipher ‘Transposition Cipher ] Substitution cipher substitutes or replaces the coments | 1. [Transposition eipher does not substitute the plainow Ie of the plaintext by other letters, numbers or symbols, (ers with other letters. tcontains monoalphabetic and polyalphabetic substitu | 2, tion ciphers, | contains keyless and keyed transposition ciphers. | Each tier takes its actual position by varying ts identity. | 3. | Bach letier takes its actual id : ity by varying its position. | Example of substitution cipher is Ceaser cipher. 4. | Example of transposition cipher is Rail Fence cipher. . What is steganography? May-19(816), 110) OR" Write a short notes on steganography. ‘Answer : Ps Bec.-17(R13), 0110) eganography is a method in which the sender writes harmless message and th 3c 5 e same Dieppe Seanad in which these ¥en conceals a secret message on the same of stepanogray ogy that was revived by David Kahn (KAHN, 96). The simplest fy Phy isthe one that stime consuming to construct, in which an arrangement or ne Ko nies txt sgewogsy gement of words or leters with harmless text SPECTRUM ALL-IN-ONE JOURNAL FOR ENGINEERING STUDENTS Smad wth Caran6 RUE SCS er (PART-B> ESSAY QUESTIONS WITH SOLUTIONS 1.1 SECURITY CONCEPTS 1.1.1 Introduction Q17. Explain in detall about the basic concepts of computor socurlt ty and attacks. Answer = we 2 c guarding the information system in order to achieve confidentialy, ce rity can be defined as the process of safeguarding t ; a integrity and abit ofthe sceourees present in the computer. These resources include hardware, software, fmware cc Computer security depends upon the following key objectives. (2) Confidemtglty (0) Integrity : . (©) Availabilty. (0) Confidentiality “This concept deals with providing sec privacy ofthe users t further consi () Data Confidentiality “This ensures tha the data belonging to acettain organization is kept private and confidential tis secured from st sorts of unauthorized accesses. curity to,the vital information against unauthorized users and also safeguarding the ‘of two concepts within it. They are, (i) Privacy ‘This ensures control of an individual over the information that it collects. By this, the individual can provide access rights to other users and can also get aware of what information is currently being displayed to which user. () Integrity This concept ensires thatthe received data is exactly similar to the transmitted data by the sender i.e., no insertion, deletion ‘modification or replay occurs during the process of data transmission, However, itis essential that they should be specite and authorized. I also ensures that the data is not non repudiated and is authentic, Integrity is of two types, @ Data Integrity This ensures that updations made to the data are specific and authorized, (il) System Integrity This ensures that the system carry out intended funeti bil ws nas ystem carry out intended functions in undisturbed way and prevents it from unauthorived (©) Availability This concept ensures that proper and safe access is provided to the informati : is provided to the information present insid that he autor wer ae never dened f the atesrequcstl by them. Thee the bane ee eee CIA (Confidentiality, Integrity, Availabilty) triad. Iti represented as all SSCESPEE we sai Availability Figure: Security Requirement Triads WARNING: XeroxPhrctocopying of tis books @ CRIMINAL act. Anyone found gulty is LIABLE to face LEGAL jocmediogs. ce Sosa with Cameronro} ) © @ o) wo @) iy ig. ako depends upon the following ‘Abit from these C1A triad concepts, computer seeutty ‘concepts, sl Authenticity, This concept requires, user v * ave trusted pa n to know th: information that they provide about themselves i vali genuine and intact. ‘Accountability, This concept takes care of the non repudi tite, detecting and preventing intrusions and isolating the faults. 1 ensures that all the security branches ate {raced out by responsible party to ensure that the system becomes reliable, ion of the Denial of Service Threats ‘These threats refuse the destroy the user thre: the machine with fake ‘and eause the machine Provided services of the clients, Is that request for a service, oad requests, overload the memory ulnerable to DNS at Consequences 18 over web results in the n of the norinal execution, in accomplishing ther jobs tion and discontinuation thereby preventing the users on time, MLis-very difficult to avoid denial of service threats and their exist no standard measure, IP Spoofing JP spoofing is an attack where the identity of the source is forged in order to gain unauthorized access to a sys- tem. ‘The message which is sent appears to be as itis sent from a trusted entity, thereby fooling the receiver to accept junk oF malicious Packet Sniffing. Packet sniffing process in which an unauthorized *person/tincker reads the sensitive information for Hegitimate purposes, To avoid this, JAB has made it mandatory to include security serviees such as authentication and eneryption in every IP packet Beneration (i.e.,1PV6 as well as IP¥v4), Eavesdropping ‘When two squrves are being communicated and some “unwanted messages are passed from (he other sources then this mechanism is referred to as eavesdropping, “Internetwork security is both fascinating and ~ complex”. Justify the statement, oe er UNIT-1 Security Concepts, Cryptography Concepts and Tachniques ts 10. | SPECTROM @LLIN-ONE JOURNAL FOR ENGINEERING STODENTS _ Security is never considere: 7 repudiation and integrity. The ate He specify. However, the mecha wig at and implement. jeation. 10% it nis ha eloped in sucha way A security mechanisin has to be developed in sucks wary that cower aed proves secu fort teeta security attacks, Also, approaching the probler i entirely different way may help in identifying, problesns in the mechanism, ‘ echeanisens theeugtt ‘Asarresultof the above reason, the ra ou high certain service ar olfered become logs in description The ned for such procedures iss ripe aspecttofthteas are considered that can strengthen th security mechanisms. When are not considered, is rot needed because 6f the complexities. Once all such security mechanisms are developed, « decision has to be made regarding their usage. For deciding which points in networks require This decision includes both physical al deployment of the mechanism. ‘The mechanisms that are thus developed mostly contain multiple ‘algorithms (or) protocols. They also need Participating entities to hold some critical information (such as creation, distribution and protection) regerding the key used for encryption. As a result of this inclusion of protocols and critical information, the process of mechanism development gets complicated. ‘There is always a constant baitle between the attacker and the developer. The attacker tries to violate the security where as the developer tries to protect it, In such = scenario, the attacker has an edge over the developer 2s ‘single loop hole can lead to breach the security. Bus for” the developer it is necessary to identify and overcome all such loop holes so as to provide perfect security The users as well as the system administrator get benefitted by the security investment. They enjoy the bonefits until failure occurs. Security needs frequent counselling in order to sta up-to-date with today’s changing trends. However, is difficult 16 do.so keeping in mind the short-term overloaded environments of today. it and it to be a part of the design ‘Process. Rather, itis integrated into the system once the Alesign process is eainpleted. It is believed by most of the users and system ‘aiministrators that providing high security will unpose | vasimation rvtRUDER Figure (4): Modification Examples Modifying the values in a data file or the message contents, making alterations in a program so that it behaves in a different manner. 4,” Fabrication ‘This is an attack on the authenticity of a message in ‘which an unauthorized party adds fake objects into the system. SOURCE sf pesmsstion RETRUDER Figure (5: Fabrication Examples ‘Adding fraudulent messages into the network, inserting additional records toa file. pce rseailignel resante tora Nee Se. G24. Explain in detail about different types of programs that attack computer systems. Answer : Some of different types of programs that allack computer Systems are as flows, ) Views For anawer refer Unit-I, Q25. Gi) Worms Me roms are the software programs thal repli themselves and transmit the elosied copy t0 other computers sing network. They are reproducing programs that execute independently and travel across network connection. These Worms are termed aa network worms. Nature of Worms but the only difference 7 Worma sxe similar 10 virus cr “is tat & worm doesn’t atactr itself to existing program: The + ilfcal tack for a worm is that, it requires a program code 10 be F ecwted on a remote host aystem. Worms propagate by utilizing | ‘vate vulnerabilities available in operating system. 4. i ‘i UNIT-1, Securily Concepts, Cryptography Concepts and Techniquos = Funai virus fae same behaviour as that of comm ‘woems but, the former requires human to perform te oe whereas the lntier independently searches for the system © erloem itsgotions. Network worm can exhibitsitilar pooper {ss computer virus, one it hus been activated te perform destructive action, These worms propagate over network conngetion using nctwork vehicles a follows. (0) E-mail Factlity ‘Worm sends « mi systems. (b) Remote Host Execution Ability Worm independently runs a copy of itself on other system. (9 Remote Login Ability 15 on a remote system by pretending as an commands. is cloned copy to othet il containing Worm log authentic user and replicates itsell us ele phis Network worms have the same of computer virus. They are as follows, 2. ropa 3. Triggering phase 4, Execut Network worm is system was previously infected before repli rmultiprogramming envionment, network worm hides itselfand pretend as a system processor by using other names tat are not detected by users. A system can be prevented from worn attacks by ving regular updates about the patches and upgrades regarding operating System and for other applications. The other ‘way to protect a system from worms is to reduce the services and applications executing on the system. (i) “Trojan Horse A trojan horse can be defined as a computer program containing hidden code which results iii haémful functioning after execution. These programs allow users 10 access information for which they arc not authorized. These programs can be modified when compared to other possible soliware programs. Trojan horses allow the attackers to access functions indirectly. Most of the trojan horse infections occur because the authentic user is trapped to.exeeute an infected malicious program, The important feature of trajan horse is that it has all capabilities and permissions of an authorized user. Trojan horse can either be malicious or non-malicious progeam. The following are'some of the damages mn phase. ble of determining if ing itself. In a sd by trojan horse: {i)__Deleting or overwriting data on the computer. Gi) Cortupting files in myster ii) Deaetivating antivirus sofware prose us Way. iv) Randomly shutting down the system. ‘The best way to detect trojan horse cexceutable files that are ehianged by comparin: all executable files in the system, SPECTRUM @LLIH-OHE JOURNAL FOR ENGINEERING STUDENTS -. i Semmnad with Caner12 oF i CRYPTOGRAPHY AND NETWORK SECURITY UNTU-HYDERABA», | Q25. Define virus. Explain tho nature of viruses. Answer: Mode! Papers, 02(0) Virus A virus isa software program that ereates duplicate copy ‘of'tself and infects another computer without the knowledge of ct In order to duplicate itself, a virus must execute code and ‘write it into the memory. They are usvally transmitted along an ‘email message or downloaded file Nature of Viruses A vitus contains maliciousvharmful code that causes damaye to the system by eliminating important programs, Ueleting necessary files or by reformatting the hard disk. Some ‘oF the viruses are designed only to ereate duplicate copy of themselves but not to eause any damage. Viruses are clasified into two types. They are, (i) Non-resident virus (ii) Resident vies, (© Non-resident Virus “This type of virus searches for other uninfected host programs and infects them. Later, it transfers the control to infected upplication program. (i) Resident Virus ‘These viruses load themselves into the memory during execution and transfers control to the host program. Life Cyele of Virus A virus undergoes the following phases during its lifetime, 1. Dormant phase 2. Propagation phase 3. Triggering phase 4. Bxecution phase, 1, Dormant Phase ‘A vinus is said to be in dormant phase until events such as date, presence of other file etc, allow the program code to be executed. 2. Propagation Phase In this phase, virus creates a duplicate copy of itself and attaches to other programs. Each infected program contains 1 copy of virus which itself enters the eloning phase ‘Triggering Phase Jn this phase, virus activation takes place in order 10 execute the intended action: Execution Phase In this phase, virus executes the Functions that are either harmful or nondestructive. (Q26. Explain the classification of viruses. ; Answer = ! 3 © Viruses are classified into the following types, Boot sector vines 1 2. File virus 3. Macro virus 4. Enerypeed vins 5. Stealth virus 6. Polymorphic virus 7. Metamorphic virus E-mail virus . Parasitic virus 10, Memory-resident virus. Boot Sector Virus is a type of virus which damages the master tox record. It propagates while booting the system Ste: infected disk. File Virus Iisa type of virus that damages only those files are assumed to be executable by the operating syste=., Macro Virus Macro virus is one of the common types of vinss. These viruses cause much damage to system's dats. They ne become a threat because of the following reasons, (Macro virus damages Microsoft Word applications by inserting unecessary words or phrases. Due to this, all hardware and operating system which supports the word document also get affected. Macro virus damages only documents, and large parts of system information which is in the document form instead of program code, Macro virus can be transmitted without an Aifficulty, Encrypted Virus Wis atype of virus which infects in the following way. | Initially, « random encryption key is produced by some part of the virus. Then, encryption is performed on the ‘emaining partof virus. The encrypted key is stored a ‘with the virus and using Stealth Virus is Key, the virus is decrypted ‘This virus is designed in such a way that it hides is! | from being identified by any antivirus software prosra> | Polymorphic Virus | Iisa virus that changes with each infection. It create | duplicate copy of itself where every «: Performs same action. Here, every individual vir differs from one another in their bit pattem. This chans* their bit patterns is achieved using encryption proces | iden i on WARNING: xerowPhotoeaping of tis books & CRIMINAL act Anyone found guity ts LIABLE wo tase LEGAL peeesings Pi ‘ Sona ih CanSerrnar1, Security Concerts, 7 jt Copter 12 “Metamorphic Viruw POY Corts 200 Tehcieaes Metamorphic virus also # also gets ned that, @ Metamorphic virus rewaites so CFY infection in a way sinner to gohyrmery metamorphic virus becomes more thes Po ile Caan se exenasat 8 io virus. Ta Sit suse, of Sis, Email Virws ‘Anemail virus is one of the la : i Me8t develozed harsat ene rie ich 9 rere a ee, a cos a @ E-mail virus is tanemitted t everyone present to pease ee (Ths inser ee tematic ee a 9, Parasitic Virus ° si s orsneee stable Ses jo Memory-resident Virus Resident viruses load themselves into ; eve into the es fe creation infected host program. In this cae, vinss mine on ng en Off. Differentiate between virus and worm, Asswer anesh ete. prengane weil tiesten or ny mod ie ay Viruses Virus is a software program that creaiss @ us is @ ‘creates Guplieate copies of iuelf but requires human meesenton aed across different computers. Itcannot make use of network to create copies. Its major focus is to destroy the filesand system It replicates the files slower than worms. Ii repficaaes the fen 5, | It gets attached to the program code so that it can be 1: dees nee need to gee emacked os pesgrame ee oy executed when the program is opened. ecced, 6, |Ituswally delete and modify files stored inthe memory. 6. | Inumay ds not atlees the Sie sree 028, Discuss in detail about various types of Security attacks with neat iagrams. Answer era Pacers 2 en “Anacks’om the security ofa system or a network can be best desert and providing the required information. The two differene types of smacks that art postitic at. i 1. Passive attacks 2. Active attacks. 1. Passive Attacks . Passive attack refers to the process of monitoring or wireapping of tie cnawing tmeccisice. isto capture the transmitting information. Two possible types of passive amacks xa, oe Palette cgpmet ‘ Uses-1 (Release of message contents (i) Traffic analysis. Release of Message Contents This ype of atack ean be easly understoed incase of sensitive or confidential information waemition. pach 28 ieghemic- convenation, sending of an e-mail message, tc. Here, & opponest is prevented fom learaing or eapnaring the comients of the transmitted information. SPECTRUM ALLIY-OME JOURNAL FOR ENGINEERING STODENTS 3 ‘SoseeRRIRSeRERSR REI Wi tntes or Sead ih CamSerrrar= CRYPTOGRAPHY AND NETWORK SECURITY (INTU-RYDERAGAG, g pene Se OSGi Trattic Analysis FESS Anvnpeodhsedinginmotves fasts whi sche hy EL FS carying owt trattic analysis. This type of passive attack sts ‘more suite mashing technigne fr the intimation SEK LL psing tzansits, is employes an sucha way that $F sppsnentisunabls to evtract the infomation even its SF captured, The common masking technique is encryption ence, passive attacks ane ver ittiout to dtect as there can be a alterations in the transmitted data, Ths it wohl be advantagcous to prevent stich type of attacks father than, Alctocting them after their occurrence 2 Active Attacks Inthistypeofattack, an attacker can alter the information, ‘or sometimes generate fraudulent information ina the network, The four categories ofthe active attacks are as Fallows, oy «i «ity i) Masquerade Replay Modification Denial of service. Masquerade This type of attack occurs when one entity counterfeits to be a different entity. It usually includes the other pes of active attack, Consider an example, where the Sauthentication sequences ean be seized and replayed ater the occurence af a valid authentication sequence thereby allowing an authorized entity with limited privileges to get additional privileges pretending to be an entity that has these benefits. ae iw s Attacker sending messages to User-2 pretending to be User-1 D ser | — Sle tes Taer3] wise 1 SE SEE tretersothe process of passively capnringa panicular LES {7 data unit along with its suceceding retransmission for FSH J soins an authored ete : S ‘Attacker eapruring messages # and sending them later f = = User} > Cater)» f Uren (ily Message Modification It refers to the alteration of a specific portion of an authorized message or delay and reordering of the messages to generate an unauthorized effect, Uh) Servtee Dentat Ainhituts the narmat wsape bythe system or netwack Ha ies acy somne pei to wall Be mgr ant all the messages dest dlestrayeat, Another form of itt the dostictit nt ec rtword, ener hy overasting withthe mesapey e by disabling # to reatuce the wverall pertoomance Ia contrast to passive attacks, active alachs ace hey Alitficult to prevent as they require protection FoF all ay ation facilities, Hence, they must be aecurateh mul revue Q29. Explain the various antivirus approache: Answer: Antivirus Approaches ‘The best way te control threat is to stop a Vins feow centering into the system. This prevention arity of attacks made by Virus, As tis very difis a virus, different approaches are used to reduce vin They are, w (i) Virus detection approach Virus identification approach Gil) Virus removal approach (Virus Detection Approach, When a program is infected, analysis is done to dist and find the location of the Views. ay When a virus is detected, this approach identifies the actual type of virus, which is the main reasoe. fer infection. «| iil) Virus Removal Approach When a virus has been identified, this approach removes all instances of the vitus and restores the info Program to its actual state, Then, vinases fron al systems are detected to halt virus propagation. If detection approach is performed successflly, bt if identification and removal appeoach faiked ty ntentify 2! Femove virus from infected program, then the oaly powuble way is to delete the infected program completely ana! teins a clean backup version of same program Early viruses were just a semple program cose that wert easily detected and removed using simple antivinss softs Program. But advanced virus contains complicated poses code that requires complex antivirus software progras © perform detection and removal Sod wih CanSerrnar ' Zest eee S, \ “ s i n 4 one ee > areeavrevesac os .Tike credit card information and business seerets. ee TST 1 Securit uNIT-1_ Secuily Concepts, Cryptography Concepts and Techniques 15 30, Describe the generations of antivin feneer us software, Generations Of Antivirus Software The differen generations of anv 1, First generation software 2 Second generation sofware 3. Third generation software 4. Fourth generation software. 1. First Generation Software The first generation ay sgecfeslanture scanner. This seanner is used er detecting sins. Though virus contains diffe erent character sequenecs, fave same structure and bit pattern. The disadvaunee scanner is that, itcan detect only those viruses that ay ‘Tre other first generation scanners save the information abot program length and examine it regularly, This is done in onder to check whether any modifications are made t y ations are made to the progra length or not = ius software package are, of this re known, 2, Second Generation Software Ins an sofware is not signature dependen. nsead, the seanners use heuristic rules for déteting possible sins infection. The other approach used in second generation scanners is integrity checking which is done using checksum detection technique, 3. Third Generation Software ‘These programs identify virus based on their action but ston their structures. : 4. Fourth Generation Software They are software packages that contain different types of antivirus methods. These methods are used in conjunction with each other such as scanning activity trap element, access contol eapabili Q31. Discuss about different types of specific attacks. Answer: The following are the diferent types of specific atacks. (i) Spoofing Gi) Phishing (iii), Pharming, (Spoofing Spoofing refers to the misrepresentation of one's identity for fraudulent purpose. Hackers attack individuals or organizations using fake e-mail addresses or domain names that resemble very closely to the actual e-mail addresses or domain ‘ames, For example, jhe bogus domain name of iici.com (ind) istegistered fora legitimate site, icici,com. The boyus site copies ‘the legitimate site’s text and graphics to resemble the legal site. Next, it sends attractive messages inducing users to give U Personal information, The innocent targets that assume the Message to be from the IP address of a trusted system reveal ‘heir private information. Thus, with such unauthorized aceess, hackers gain valuable information of individuals or corporate (i) Phishing Phishing pronounced as fishin ‘hich victims sufferanatack where they are redirected 10 ‘ther website the moment they click on the link, Such links a fake and victims generally come across them while browsing internet or through a sent e-mail inthe mailbox. Some of the websites by which users get attracted are as Follows, , Claim your lucky draw by clicking on the link below, winwelaimdraw.com 4 “Security breach’, itis thereby inform that due tosome scourty reasons customers are requested to provide their account detuils by clicking on the link below, wwvbanking.com {As shown in the above examples, the moment one click onthe above websites, they are redirected to some fake website ‘hich resembles with the original bank website, Phishing attacks are usually exceuted by using URL's similar tothe original websites URL'S. Therefore, when the user enter its crucial information onthe fake website then the attacker sgnins access to the users sensitive information and misuses it. ‘Types of Phishing (a) Spear-phishing emails {b) Web forgery * © Avalanche phishing. (2) Spear-phishing Emai Spear phishing e-mail is a highly recognized phishing technique, where the emails copy the messages from authoritative source which could be financial institution, 2 communications company or any famous entity associated with a reputed brand. Basically, all the phishing techniques are exhibited in social engineering. URLLink manipulation filter evasion ie, images are used to hide malicious links and website forgery. Web Forgery Web forgery is also a kind of phishing where in an identity the occurs when a malicious website pretends tobea legitimate one, soas toacquire sceret information Avalanche Phishing ‘The Avalanche phishing is a criminel act which is considered as the most sophisticated and damaging across the internet, lis productive in mass-production system while setting up phishing sites and malware development particularly for automating identity theft. 10 also encourages unauthorized transactions from consumer bank accounts. It is solely Yesponsible for increase in phishing attacks across the internet reported bby Anti-phishing working Group (APWG), Pharming Wis another important phishing technique wherein DNS tables are contaminated such that vitim’saddress (ivsow.paypal ‘com) points to some phishing site. So, each time the user clicks the site, it navigates him to the phishing site. However, if the yg refers to a process in ed to some a fo © iy user performs URL checking, it prevents DNS mapping SPECTRUM ALLIN-ONE JOURNAL FOR ENGINEERING STUDENTS: : Sod ih CamSerrrar16 CRYPTOGRAPHY AND NETWORK SECURITY [JNTU-HYDERABAD, 032, Doseribe man-n-the-middie attack and compare ‘with ARP attack. Westone 4810), O%D} on Discuss thy “man-in-tho-middis” attack. (efor Only Tophe: Man-in-the-Middle (MITM) Attacks) Answers ‘Auth 15), OMe) Mai Ahe- Middle (METM) Attack MITA are the mont effestive lypes of attacks often woe Alon ih the encrypted protean hijcking and S51} and S51. connection types Consider an example of user trying, wo establith a ‘connection Vian SSL enabled ste Here the hey is inerehanged ‘with the SSI. server and its centificate ix compared ith the certificate sted inthe web browsers rusted 18 certification authority store. Ifthe desited certificate is found in the cemifiation shorty store wath no limitations or restrictions, then nu warning messaze appears un the client side. However, 4 venion key i provided for encrypting the eommunieation that staking place between the SSL-enabled site and the client system, Initially, at the time oF MSFT attack the elent ia not really connected tothe SS1.site. Rather, «hijacker provides fake rodents and replies using the clients information to the SSL site. Hence, he hijacker establishes a connection with the SSL. server us a representative of the client system and displays all the information anit in either of th two directions ayain, ‘ri this, hijacker can choore any portion ofthe information Comparlon with ARP Attack AWD attack is a type of MITM attack, These attacks refers Wo the altacks performed on the ongoing packets across the snachine. The objective of these type of attacks ix to alter the ARI tables un the target machine. The main function of the ARP able isto contiol the MAC-addrers to IP-address mapping on each individual machine, Hence, ARP iva dynamic protocol which is used to assign the MAC addresses to the newly added machines into 3 network. Itisalso used to obtain the new MAC. addresses foi the existing, machines asa result of which all the machines are dynamically updated within a short interval of time. The drawback of this protocol is that no authentication is provided by it. Whena MAC address belonging to a specific IP address is browdeavted, the attacker acts asa real machine and provides the requested MAC address, During the process of traffic forwarding, no difference in the requested address is noticed At somne specific point, such as traversing a packet across LLAN, © theve differences are noted and handled. Anavailable too! for pertontning an ARP attack i grat-arp © WARHING: Zorox/Protocapying ofthis back isa CRAANAL act. Anyone foures gutty Is LIABLE to face LEGAL proceedings ' 1.1.5. Security Services, Security Mechanism, Q33. Write a short notes on throats, Answer + ‘Threats A threat refers to the cayability of violating the secur |) pom the occustence of an event, action of a circumstance. jf affects the network vecurity and causes damaze to it. Inston, threat isan expected danger that may attain vuleerability. Thy ponsible threats to network security are as follows, () Insecure Network Architecture A network which is rot configured in a proper mance oceans an easier entry point for intruders. Keeping a trust-hased local network open to an insecure internet ultimately causes someone to make use of this “opportunity to enter the network in an unauthorized ay (ii) Broadcast Networks Many system administrators fail to analyze the significance of networking hardware in providing the feature of security. The hardware devices such as hubs and routers are dependent on the broadcast or non-svitched principles. This means. once the data is ansmitted ta recipient over a network, the conrecting device i¢., a hub or a router broadcasts the data packets Aill the reception of a node remains the receiver. Apart fom this, it causes a vulnerable effect on the Adres Kesnlution Protocol (ARP) and Media Access Control (MAC) addressin, Centralized Servers Gi) ‘The use of centralized computing is another threat to network security. This can be reduced by integrating all the services into a single server rather than distributing on ‘muhiple server configurations. This reduces the overall ‘cost and makes the task of network management easict But the problem with this approach is that, it leads network failure, if some malfunctioning occurs in the Centralized server. In such situations, central server acts 4 an entry point for the unauthorized users to enter a4 disrupt its functioning. (iy) No Firewall ‘The most common error often made by the administatoss and home-users is their assumption about the network security and hence they relinquishes the implementatioz of a firewall or network packet filtering service. TRE Firewall installation in a stand-alone ot a gatews is important for segmenting internal and external network. It also helps in making the task of finding te network's external IP address for the crackers, e2sict Hence, an intruder enters into the network and acts 3 4 proxy. This problem can be prevented by employing firewalls that perform the task of packet filtering. pot forwarding and network address translation. Impropet firewall implementation makes the network completely vulnerable. Sod ih CamSerrnarposers Different types of controls that are. Available to users ace, Fo. _ 3. Physical control, Software control refers to the contr grorams must be developed and maintained in such ¢ way that they ensure desired security. Several ; Program contols provi computer securities, Some of them ate as falloon (@_Imernal program controls i) Network and operating system controls i) Independent controls (iv) Development controls. (Internal Program Controls These controls are some parts of provide security restrictions like database program, (i) Network/Operating System Controls ‘These ate the restrictions applied by the network or operating system inorder to protect one user from all other users, Independent Control Programs These are the application programs like intrusion detection liabilities, virus scanning, password checker et. which protect from several type of vulnerabilities, (iv) Development Controts ‘These are the quality standards used while developing the program during the processes like designing, coding, {esting and maintaining, These standards help to prevent software defects to become as exploitable vulnerabilities. 2. Mardware Control Software control f the program which sceess limitation in a iy Mardwvare control refers to the control over hardware devices that has been developed to help in providing computer security. Some of these controls are as follows, () Firewalls (4) Instnw t iiy n detection system. Implementations of encryption through smart card or hardware, Access limitation through locks or cables. (¥) Devices that can verify or identify the user. (vi) Circuit boards controlling the-access to storage medi . Physical Control (iv) B B -___ Physical controls are snost easiest, effective and least _O'Petsive, Indoor locks, backup copies of important software 794 dara and physical site planning are some of the physical canto, ert Paper ie) Describe pervasive and specific security mechanisms in detail. (Refer Only Topics: Pervarive Security Mechanisms. Specific Security echanisms) Answer : Dect, C2) Security Architecture The security manager det the ways of defining security requirements in order to effectively determine various needs pertaining to any organizations secuity. Moreover they ate used to assess various security products, policies, end for o he zpprcaches for satisfying the seoutity requirements. Some of the sysiematic approaches such 2s ITU-T" recommendation X21) and security architecture for OSI, have been developed for this poxpene. The OSI security exchitecrsre helps the security mene. in coordinating various organizational tasks thereby ensuti ‘security. Most of the computer vendors have adopted imernationally standardized sxchitecture of developing $00 features for their products and services. The OS! security architecture is mainly concerned with the following three For answer refer Unit-I Q21. 7 sodekct, 2. Securty Mechanisms tok it denged ode Kets Seng BO recetex TOM & The security mechani AAS Sid re Coser into to types. They ae as follows, ec tpatt (9) Themechanisms that are execcted in a particular protoco! layer. ‘The mechanisms that are not specific to any protecol layer. (i) X.800 also differentiates between reversible and irreversible encipher techniques. A reversible encipher technique refers to an encryption algorithm that encrypts and decrypts the data whereas ireversible encipher mechanism involves the application of hash algorithms and MAC which are often applied jn digital signatures and message authentication applications Security mechanisns { i ‘Specific Pervasive securey securty | mechanisms mecharisas Figure: Classification ef Security Mechanism SPECTRUM ALLIN-ONE JOURNAL FOR ENGINEERING STUDENTS _ Sosa wth CamSerrnar18 CRYPTOGRAPHY AND NETWORK SECURITY [JNTU-HYDERABAg)| - 1 (a) Specific Security Mechanisms. + * ti | ices. Some gf “These type of security mechanisms must-be includ in the protocol layer for providing OSI sei the specific security mechanisms are as follows, ; ()—_Encipherment: refers to the process of applying mathematical algorithms for converting data into form thal is not easily access ‘This depends on the applied algorthin and the encryption keys. | Gi) Digital Signature : “The appended data ora eryplographic transformatign applied fo any data unit must preserve the integrity ofthe data ‘prevents it from any unauthorized access. i (il) Access Control 5 . Itrefersto a variety of techniques that are usually employed for enforcing access perm Im resource, (vy Data Integrity | Itrofers to a variety of techniques that ensure the integrity of dats, () Authentieati \n Exchange 11s a mechanism of ensuring the idéntity of either a sender or a reeciver by exchanging information between them, (vi) Traffie Padding . ‘The process of inserting bits into a data stream-to thwart traffic analysis attempts. (il) Routing Control I seleets a route that is assumed to besa for transmiting certain amount of data and immediately changes the route one a bieach insecurity is detected. (vii). Notarization Itefers to the involvement of a trusted third party for assuring some specifie properties of a data exchange. (©) Pervasive Scourity Mechanisms ‘Theb'ar ie meehinisms that are not implemented in any protocol Iner. The various pervasive security mechanisms as follow, 6) ~ Trusted Fun ality ‘ a is something which is considered:to be correct in rel i) Security Label jon to some criteria, ‘The bounding value of a resource which specifics the seeurity mtributes associated with that resource, (ii) Bvent Detection Iisa process of detecting all the events related to network security. (iv) Security Audit Trail | - The process of collecting data and using it to enable aseet reviewing and examining various records and act (v) Security Recovery It deals with the requests made by various mechanisms such as event hand and takes certain recovery actions. indling: and lunctions related to network management 3, Security Attacks For answer refer United, Q28. WARNING: XerouPhotbcopying tis bok sa CRIMINAL act. Anyone found gully is IASLE to face LEGAL procmmings Semiad mith CanSerrnar19 | UNIT-7_ Security Concepts, Cryptography Concepis and Tachiniques 38. Give the relationship betwoon security sorvices and security mechanism. answer t Sceurlty Services Securit - Mech Hetty | Data Origin | Access] Contte-| teat Flow | Date | Nem | ayautity Authentication | Authentication | Control | atiality | Confidentalty | Integrity | Repudiation fEncipherment | Yes Yes No | Yes ves Yes No No Digital signature Yes ‘Yes No ‘No No. Yes Yes No ‘Access control | _No No Yes | No No No No No Data integrity No No Ne_|_No No Yes Yes Yeu ‘Authentication | - N oa exchange fes No No |. No No No 0 Traficpadding | No No No [No Yes No No No Routingcontrol| No” No__[- No | Yes Ves No. No No No No No_ [No No No. Yes No 37. Whats the relation between security mechanisms and attacks? Explain. Answer: ‘Security Attacks Security Mechanisms | Release or | avame Modification ] Dental of nn Masquerade | Replay : essage | Analysts ofMessage | Service Encipherment Yes No No No No No igital Signature No No Yea Yes Yes No [Access Control Yes Yes Yes Yes No Yeu Data Integrity No No No Yes Yes No [Authentication Exchange Yes No Yes ves_| No Yes Traffic Padding No Yes No No No "No Routing Controt Yes Yes No No No Yes . _ Notarization No No Yet Yes Yes No 1.1.6 A Madel for Network Security 38. Describe the model for network security with neat sketch, Dec.10(R48), 02/4) OR Give a model for Natwork Security with neat diagram, May-17(813),02(0) OR * Explain the modal of network security, (Model Papers, 3a) | May-164R13), 03(a)) Answer : Network Security Model Generally, the data which is in the form of a stream or a block can be transmitted over netwotk between the Iwo fe geancating partes. The entity which is responsible for transmitting the data is called a sender and the entity which rcelven the data (from the sender) is called a receiver. Both the parties must have certain level Of coordination between them in order eanchange the data Ifthe sender and receiver ae liked through connection-oriented means then they tun we connections ‘tiented protocol like TCP/P for transmitting the data, During the process of data transmission, some unauthorized interruption ling security to the transmitting data. The model for the network security is SPECTRUM ALLIM-ONE JOURNAL FOR ENGINEERING STUDENTS. Seanad wih CamSeorrarx 20 (CRYPTOGRAPHY AND NETWORK SECURITY, {UNTU-HYDERABAD, ;