ASSIGNMENT

PROGRAM BSc IT
SEMESTER FIFTH
BT0088, Cryptography and Network Security

CONTACT ME TO GET FULLY SOLVED SMU

ASSIGNMENTS/PROJECT/SYNOPSIS/EXAM GUIDE PAPER
Email Id: mrinal833@gmail.com
Contact no- 9706665251/9706665232/
www.smuassignmentandproject.com
COST= 100 RS PER SUBJECT

Q. No.1
What is the need for security? Explain types of security attacks.
ANSWER: Need for Security
Computer security is required because many organizations will be damaged by hostile software or
intruders. There may be several forms of damage which are obviously interrelated. These include:
Damage or destruction of computer systems.
Damage or destruction of internal data.
Loss of sensitive information to hostile parties.
Use of sensitive information to steal elements of monitary value.
Use of sensitive information against the customers which may result in legal action by customers
against the organization and loss of customers.
Damage to the reputation of an organization.
Monitory damage, due to loss of sensitive information, destruction of data, hostile use of sensitive
data, or damage to the reputation of the organization.

The methods used to accomplish these unscrupulous objectives are many and varied depending on the
circumstances.
Types of Threats (Attacks)
Now you would see the various types of threats which a computing environment would encounter

Interception:
This type of threat occurs when an unauthorized party(outsider) has gained access. The outside party can
be a person, a program, or a computing system. Examples of this type of failure are illicit copying of
program or data files, or wiretapping to obtain data in a network. Although a loss may be discovered
fairly quickly, a silent interceptor may leave no traces by which the interception can be readily detected.
When an unauthorized party modifies or corrupts the asset, the threat is a modification. For example,
someone might change the values in a database, alter a program so that it performs an additional
computation. It is even possible to modify hardware. Only some cases are detected easily using simple
measures, but others are almost impossible to detect.
Interruption:
This occurs when an asset of the system becomes lost, unavailable, or unusable. An example is the
malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an
operating system file manager so that it cannot find a particular disk file.
The useful means of classifying security attacks is in terms of passive attacks and active attacks. A
passive attack attempts to learn or make use of information from the system but does not affect the system
resources. An active attack attempts to alter system resources or affect their operation.
Passive attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.
The release of message content is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to
prevent the opponent from learning the contents of these transmissions.
A second type of passive attack is traffic analysis. Suppose a sender is masking the content by using
encryption( will be discussed later) an attacker still be able to observe the pattern of these messages. The
attacker (Opponent) could determine the location and identify the communicating hosts and could observe

the frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that has taken place.
Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages and denial of service.
A Masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually
includes one of the other forms of active attack. Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect.
Modification of message simply means that some portion of a legitimate message is altered, or that
message are delayed or recorded, to produce an unauthorized effect. The denial of service prevents or
enhibits the normal use or management of communication facilities. This attack may have a specific
target; for example, an entity may suppress all messages directed to a particular destination.

2 List substitution techniques. Explain Ceasers cipher.

ANSWER:
Substitution Techniques
Substitutions are the simple form of encryption in which one letter is exchanged for another. A
substitution is an acceptable way of encrypting text. In this section, we study several kinds of substitution
techniques.
The Caesar Cipher
The Caesar cipher has an important place in history. Julius Caesar is said to have been the first to use this
scheme, in which each letter is translated to a letter a fixed number of places after it in the alphabet.
Caesar used a shift of 3, so that plaintext letter pi was enciphered as ciphertext letter ci by the rule
A full translation chart of the

ABC DEFG HI J KLM NO P

Caesar cipher is shown here.

QRSTUVWXYZ

Plaintext

defghijklmnopqrstuvw

Ciphertext

xyzabc

3 Explain in brief types of encryption systems.

ANSWER: Types of Encryption Systems
The two basic kinds of encryption systems are key based and block based. Key based encryption is based
on either single key or multiple keys. Block based encryption is based on either stream or block of
characters.
Based on Key
We have two types of encryptions based on keys they are symmetric (also called "secret key") and
asymmetric (also called "public key"). Symmetric algorithms use one key, which works for both
encryption and decryption. Usually, the decryption algorithm is closely related to the encryption one. (For
example, the Caesar cipher with a shift of 3 uses the encryption algorithm "substitute the character three
letters later in the alphabet" with the decryption "substitute the character three letters earlier in the
alphabet.")
The symmetric system means both encryption and the decryption are performed using the same key. They
provide a two-way channel to their users: A and B share a secret key, and they can both encrypt
information to send to the other as well as decrypt information from the other. As long as the key remains
secret, the system also provides authentication, proof that a message received was not fabricated by
someone other than the declared sender. Authenticity is ensured because only the legitimate sender can
produce a message that will decrypt properly with the shared key.
The symmetry of this situation is a major advantage of this type of encryption, but it also leads to a
problem: key distribution. How do A and B obtain their shared secret key? And only A and B can use that
key for their encrypted communications. If A wants to share encrypted communication with another user
C, A and C need a different shared key. Key distribution is the major difficulty in using symmetric
encryption. In general, n users who want to communicate in pairs need n * (n 1)/2 keys. In other words,
the number of keys needed increases at a rate proportional to the square of the number of users! So a
property of symmetric encryption systems is that they require a means of key distribution.
Public key systems, on the other hand, excel at key management. By the nature of the public key
approach, you can send a public key in an e-mail message or post it in a public directory. Only the
corresponding private key, which presumably is kept private, can decrypt what has been encrypted with
the public key. But for both kinds of encryption, a key must be kept well secured. Once the symmetric or
private key is known by an outsider, all messages written previously or in the future can be decrypted
(and hence read or modified) by the outsider. So, for all encryption algorithms, key management is a
major issue. It involves storing, safeguarding, and activating keys.
3.4.2 Based on Block

Block based encryption system is classified as stream and block encryption system. Stream encryption
algorithm convert one symbol of plaintext immediately into a symbol of ciphertext. (The exception is the
columnar transposition cipher.) The transformation depends only on the symbol, the key, and the control
information of the encipherment algorithm. Some kinds of errors, such as skipping a character in the key
during encryption, affect the encryption of all future characters. However, such errors can sometimes be
recognized during decryption because the plaintext will be properly recovered up to a point, and then all
following characters will be wrong. If that is the case, the receiver may be able to recover from the error
by dropping a character of the key on the receiving end. Once the receiver has successfully recalibrated
the key with the ciphertext, there will be no further effects from this error.
To address this problem and make it harder for a cryptanalyst to break the code, we can use block
encryption algorithm. A block encryption encrypts a group of plaintext symbols as one block. The
columnar transposition and other transpositions are examples of block ciphers. In the columnar
transposition, the entire message is translated as one block. The block size need not have any particular
relationship to the size of a character. Block ciphers work on blocks of plaintext and produce blocks of
ciphertext, as shown in figure 3.2. In this figure, the central box represents an encryption machine: The
previous plaintext pair is converted to po, the current one being converted is IH, and the machine is soon
to convert ES.

4 Explain authentication header with necessary diagrams.

ANSWER:
Authentication Header (AH)
Authentication Header (AH) is one of the two core security protocols in IPSec protocol suite. AH
provides data integrity, data source authentication, and protection against replay attacks. It does not
provide confidentiality. This makes AH header much simpler than ESP. It is merely a header and not a
header plus trailer. The figure 10.4 shows the AH protected IP packet.

Figure 10.4: An AH-protected IP packet

It provides authentication of either all or part of the contents of a datagram through the addition of a
header that is calculated based on the values in the datagram. What parts of the datagram are used for the
calculation, and the placement of the header, depends on the mode (tunnel or transport) and the version of
IP. The figure 10.5 shows the AH protocol structure.

Figure 10.5: AH-Protocol Structure

The fields comprising the AH header are:
Next Header: The next header field identifies the protocol type of the next packet header after the AH
packet header.
Payload Length: The length field states the length of the AH header information.
Reserved field: It is for future extensions of the AH protocol.
SPI field: shows to which SA the packet belongs.
Sequence number: It is an incrementing value that prevents against replay attacks.
The authentication data: contains the information for authenticating the packet.
The operation of the AH protocol is simple especially for any protocol that has anything to do with
network security. It can be considered analogous to the algorithms used to calculate checksums or
perform CRC checks for error detection. In those cases, a standard algorithm is used by the sender to
compute a checksum or CRC code based on the contents of a message. This computed result is
transmitted along with the original data to the destination, which repeats the calculation and discards the
message if any discrepancy is found between its calculation and the one done by the source.

This is the same idea behind AH, except that instead of using a simple algorithm known to everyone, it
uses a special hashing algorithm and a specific key known only to the source and the destination. SA
between two devices is set up that specifies these particulars so that the source and destination know how
to perform the computation, but nobody else can. On the source device, AH performs the computation and
puts the result (called the Integrity Check Value or ICV) into a special header with other fields for
transmission. The destination device does the same calculation using the key the two devices share, which
enables it to see immediately if any of the fields in the original datagram were modified either due to error
or malice.
It's important to point here that just as a checksum doesn't change the original data, neither does the ICV
calculation change it. The presence of the AH header allows us to verify the integrity of the message, but
doesn't encrypt it. Thus, AH provides authentication but not privacy.

5 Explain the processing of Encrypted E-Mail

ANSWER:
Let us now look at how to provide confidentiality enhancements. The sender chooses a (random)
symmetric algorithm encryption key. Then, the sender encrypts a copy of the entire message to be
transmitted, including FROM:, TO:, SUBJECT:, and DATE: headers. Next, the sender prepends plaintext
headers. For key management, the sender encrypts the message key under the recipient's public key, and
attaches that to the message as well. The process of creating an encrypted e-mail message is shown in
Figure 12.1.

Figure 12.1: Overview of Encrypted E-Mail Processing

Encryption can potentially yield any string as output. Many e-mail handlers expect that message traffic
will not contain characters other than the normal printable characters. Network e-mail handlers use
unprintable characters as control signals in the traffic stream. To avoid problems in transmission,
encrypted e-mail converts the entire ciphertext message to printable characters. An example of an
encrypted e-mail message is shown in Figure 12.2. Notice the three portions: an external (plaintext)
header, a section by which the message encryption key can be transferred, and the encrypted message
itself. (The encryption is shown with shading.)

6 Explain characteristics of good security policy.

ANSWER:
A good security policy -- something that inspires confidence in the security of the software -- should
include the following:

Full Disclosure: Vulnerabilities should be openly disclosed, in full, as quickly as reasonably

possible. This should never be more than a week at most, whether the problem was fixed in that time
or not. If it takes you longer than that to fix a security problem, there's something wrong, and even if
you're still working day and night on producing a fix, end users should be informed of their
vulnerability so they can work around the vulnerability if they so desire. Even if the internal policy is
to delay disclosure for a few days, though, no efforts should be made to "punish" someone who
discloses sooner, unless the disclosure is directed at malicious security crackers rather than the user
base. Ideally, disclosure should be proactive and user friendly.

Open Development: I don't trust software that doesn't trust me. Closed policies not only betray a
distrustworthy tendency in the distributors, but also ensure that I have no way to verify the
trustworthiness of the developers. Ultimately, the software I use should ideally be available as source
code that I can compile and run myself; this discourages deviousness on the part of software
developers and ensures that, should I choose to compile it myself, I know personally that the source
code to which I have access is the same stuff used to build the software I'm running. Ideally, the entire
operating environment should be verifiable with both cryptographic hashes and source-based software
management.

Open Formats: When my data is stored in a particular format, it needs to be an open format.
Vendors die, discontinue products, and play silly games with file format compatibility in the interests

of "encouraging" upgrades. Closed formats hold my data hostage to the people who control those
formats, and can make it difficult for me to maintain access to that data. This is, it should be obvious,
simply unacceptable. When closed formats are taken to a ridiculous extreme, you get the
similarly extreme consequences of DRM. Ideally, one's choice of format should be as close to plain
text as possible, because in a worst-case scenario you can still read plain text with the naked eye.

Privacy Friendly: Because of the importance of privacy, encryption support is critical to

trustworthy systems. The strongest, open encryption systems should be included by default, such as
OTR for IMs, OpenPGP and S/MIME for email, TLS for Web browsing, and full disk encryption that
doesn't leave encryption keys lying around in swap space (i.e., "virtual memory"). Ideally, everything
that can be encrypted should be encrypted, and should use strong encryption protocols that are open to
peer review and have been the subject of extensive "real world" and academic testing.

CONTACT ME TO GET FULLY SOLVED SMU

ASSIGNMENTS/PROJECT/SYNOPSIS/EXAM GUIDE PAPER
Email Id: mrinal833@gmail.com
Contact no- 9706665251/9706665232/
www.smuassignmentandproject.com
COST= 100 RS PER SUBJECT