Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Submitted
Reg.
Active Attacks
Active attacks are in the
nature of to create false
information.
Active Attacks are easy to
Passive Attacks
Passive attacks are in the nature of
eavesdropping on, or monitoring of,
transmissions.
Passive attacks are very difficult to
detect
detect
Goal of opponent is to modify The goal of the opponent is to obtain
the transmitted information
information
that
is
being
transmitted.
Emphasis in dealing with the Emphasis in dealing with passive
active attacks is on the attacks is on prevention rather than
detection and how quickly detection.
recovers from the attacks
rather than prevention.
Active attacks are very Passive attacks can be preventing
difficult to prevent absolutely using
the
best
encryption
because of
algorithms.
the wide variety of potential
physical, software
i. Masquerade
In this type of active attack one entity pretends to be another
entity. For example the authentication sequence if captured by the
attacker is replayed so as to impersonate as an authorized entity
and hence acquired more privileges.
ii. Replay
In this type of attack the attacker initial acquires the
data/message passively and then retransmits the same to
intended destination so as create an un-authorized effect of the
original data transmission.
a. Authentication:
The assurance that the communicating entity is the one that it
claims to be.The problem of authorization is often thought to be
identical to that of authentication; many widely adopted standard
security protocols, obligatory regulations, and even statutes are
based on this assumption. However, more precise usage describes
authentication as the process of verifying a claim made by a subject
that it should be treated as acting on behalf of a given principal
(person, computer, smart card etc.), while authorization is the
process of verifying that an authenticated subject has the authority
to perform a certain operation.
b. Access control:
The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions
access can occur, and what those accessing the resource are
allowed to do).
c. Data confidentiality:
The protection of data from unauthorized disclosure. Data integrity:
The assurance that data received are exactly as sent by an
authorized entity (i.e., contain no modification, insertion, deletion,
or replay).
d. Nonrepudiation:
Provides protection against denial by one of the entities involved in
a communication of having participated in all or part of the
communication.
e. Availability service:
The property of a system or a system resource being accessible and
usable upon demand by an authorized system entity, according to
performance specifications for the system (i.e., a system is
available if it provides services according to the system design
whenever users request them).
PART - 2
Read the attached Research Papers and Answer any TWO of
the following Questions
Question. 2.1. How secret Japanese messages were decoded in
Washington hours before Pearl Harbor?
Answer:
United States had the cryptanalytic section of the Navy cryptologic
organization OP-20-G meant for deciphering tasks. On morning of December
07, 1941 a radio message from Tokyo to Washington was intercepted. The
message was meant for Japanese Ambassador to United States. The
encrypted text, that was ciphered using a complex technique called as
PURPLE at that time, was forwarded to cryptanalytic section where it was
decrypted using a machine uniquely built for this purpose. The machine was
composed of three components, the first one was a typewriter for input, the
second one and most important was a cryptographic assembly proper
consisting of a plugboard, four electric coding rings and associated wires
and switches, the final component was a printer used for output. The
cryptanalysts fed the key previously acquired, by flicking the appropriate
switches and then provided the encrypted message to the machine. The
message was accordingly deciphered by the machine and printed out by the
printer. The message was accordingly forwarded to all concerned
departments hours before the attack on Pearl harbor by the Japanese.
Answer:
The most famous cryptologyist was an american named Herbert Osborne
Yardley from Indiana, USA. He was very enthusiastic about cryptology and
he tried to solve a 500 word code that was considered as the most difficult
code in American codes. He was successful just in a matter of few hours. He
followed this with demonstration of the low estate of high-level
cryptography with a 100-page memorandum on the solution of American
diplomatic codes. While absorbed in possible solutions for a proposed new
coding method, he diagnosed what has ever since been known among
cryptologists as the "Yardley symptom". He was later on declared as head of