BT0088 - Cryptography and Network Security

Question 1 - Define attack and explain the types of Threats.

The Internet continues to grow exponentially. Personal, government, and business

applications continue to multiply on the Internet, with immediate benefits to end users.
However, these network-based applications and services can pose security risks to
individuals and to the information resources of companies and governments. Information is
an asset that must be protected. Without adequate network security, many individuals,
businesses, and governments risk losing that asset is called attack.

Types of Threats
Interception: This type of threat occurs when an unauthorized party (outsider) has
gained access. The outside party can be a person, a program, or a computing
system. Examples of this type of failure are illicit copying of program or data files, or
wiretapping to obtain data in a network. Although a loss may be discovered fairly
quickly, a silent interceptor may leave no traces by which the interception can be
readily detected. When an unauthorized party modifies or corrupts the asset, the
threat is a modification. For example, someone might change the values in a
database, alter a program so that it performs an additional computation. It is even
possible to modify hardware. Only some cases are detected easily using simple
measures, but others are almost impossible to detect.

Interruption: This occurs when an asset of the system becomes lost, unavailable, or
unusable. An example is the malicious destruction of a hardware device, erasure of a
program or data file, or malfunction of an operating system file manager so that it
cannot find a particular disk file. The useful means of classifying security attacks is in
terms of passive attacks and active attacks. A passive attack attempts to learn or
make use of information from the system but does not affect the system resources.
An active attack attempts to alter system resources or affect their operation.

1
Question 2 - What is security attack? Explain with examples.

When you test any computer system, one of your jobs is to imagine how the system could
malfunction. Then, you improve the system's design so that the system can withstand any of
the problems you have identified. In the same way, we analyze a system from a security
perspective, thinking about the ways in which the system's security can malfunction and
diminish the value of its assets. Any action that compromises the security of information
owned by an organization is called security attack. Those who execute such actions, or
cause them to be executed, are called attackers or opponents.

Computer-based system has three interrelated and valuable components namely, hardware,
software, and data. Each of these assets offers value to different members of the community
affected by the system. To analyze security, we can brainstorm about the ways in which the
system or its information can experience some kind of loss or harm. For example, we can
identify data whose format or contents should be protected in some way. We want our
security system to make sure that no data is disclosed to an unauthorized parties. Neither do
we want the data being modified in illegitimate ways nor do we want the illegitimate users to
access the data. By this we identify weaknesses of a system.

i.e. A process whereby a person compromises your computer by installing harmful malicious
software in your computer without your knowledge. These malicious software includes
viruses, spywares, adwares, and trojan horses. These software often deletes certain vital
files on your computer, making your computer to function abnormally, spying on your online
surfing habits, and cause advertisements to pop up on your screen when you are online.

2
Question 3 - Explain different characteristics that identify a good encryption technique.

Several characteristics that identify a good Encryption technique.

The implementation of the process should be as simple as possible. Principle 3 was

formulated with hand implementation in mind: A complicated algorithm is prone to
error or likely to be forgotten. With the development and popularity of digital
computers, algorithms far too complex for hand implementation became feasible.
Still, the issue of complexity is important. People will avoid an encryption algorithm
whose implementation process severely hinders message transmission, thereby
undermining security. And a complex algorithm is more likely to be programmed
incorrectly.

The enciphering algorithm and set of keys used should be less complex. This
principle implies that we should restrict neither the choice of keys nor the types of
plaintext on which the algorithm can work. For instance, an algorithm that works only
on plaintext having an equal number of As and Es is useless. Similarly, it would be
difficult to select keys such that the sum of the values of the letters of the key is a
prime number. Restrictions such as these make the use of the encipherment
prohibitively complex. If the process is too complex, it will not be used. Furthermore,
the key must be transmitted, stored, and remembered, so it must be short.

The amount of secrecy needed should determine the amount of labor appropriate for
the encryption and decryption. Principle 1 is a reiteration of the principle of timeliness
and of the earlier observation that even a simple cipher may be strong enough to
deter the casual interceptor or to hold off any interceptor for a short time.

Errors in ciphering should not propagate and cause corruption of further information
in the message. Principle 4 acknowledges that humans make errors in their use of
enciphering algorithms. One error early in the process should not throw off the entire
remaining ciphertext.

The size of the original message and that of enciphered text should be at most same.
The idea behind principle 5 is that a ciphertext that expands dramatically size cannot
possibly carry more information than the plaintext, yet it gives the cryptanalyst more
data from which to infer a pattern. Furthermore, a longer ciphertext implies more
space for storage and more time to communicate.

3
Question 4 - Compare Symmetric and Asymmetric Encryption Systems.

Based on Key
We have two types of encryptions based on keys they are symmetric (also called "secret
key") and asymmetric (also called "public key"). Symmetric algorithms use one key, which
works for both encryption and decryption. Usually, the decryption algorithm is closely related
to the encryption one. (For example, the Caesar cipher with a shift of 3 uses the encryption
algorithm "substitute the character three letters later in the alphabet" with the decryption
"substitute the character three letters earlier in the alphabet.") The symmetric system means
both encryption and the decryption are performed using the same key. They provide a two-
way channel to their users: A and B share a secret key, and they can both encrypt
information to send to the other as well as decrypt information from the other. As long as the
key remains secret, the system also provides authentication, proof that a message received
was not fabricated by someone other than the declared sender. Authenticity is ensured
because only the legitimate sender can produce a message that will decrypt properly with
the shared key. The symmetry of this situation is a major advantage of this type of
encryption, but it also leads to a problem: key distribution. How do A and B obtain their
shared secret key? And only A and B can use that key for their encrypted communications. If
A wants to share encrypted communication with another user C, A and C need a different
shared key. Key distribution is the major difficulty in using symmetric encryption. In general,
n users who want to communicate in pairs need n * (n 1)/2 keys. In other words, the
number of keys needed increases at a rate proportional to the square of the number of
users! So a property of symmetric encryption systems is that they require a means of key
distribution.

Based on Block
Block based encryption system is classified as stream and block encryption system. Stream
encryption algorithm convert one symbol of plaintext immediately into a symbol of ciphertext.
(The exception is the columnar transposition cipher.) The transformation depends only on
the symbol, the key, and the control information of the encipherment algorithm. Some kinds
of errors, such as skipping a character in the key during encryption, affect the encryption of
all future characters. However, such errors can sometimes be recognized during decryption
because the plaintext will be properly recovered up to a point, and then all following
characters will be wrong. If that is the case, the receiver may be able to recover from the
error by dropping a character of the key on the receiving end. Once the receiver has
successfully recalibrated the key with the ciphertext, there will be no further effects from this
error. In the columnar transposition, the entire message is translated as one block. The
block size need not have any particular relationship to the size of a character. Block ciphers
work on blocks of plaintext and produce blocks of ciphertext, as shown in figure 3.2. In this
figure, the central box represents an encryption machine: The previous plaintext pair is
converted to po, the current one being converted is IH, and the machine is soon to convert
ES.

4
Question 5 - Give the Overview of DES Algorithm.

The Data Encryption algorithm is a combination of both substitution as well as transposition

technique. The strength of DES technique is improved when it uses both the techniques
together. It uses both the technique repeatedly i.e., one on the top of other for a total of 16
cycles. The sheer complexity of tracing a single bit through 16 iterations of substitutions and
transpositions has so far stopped researchers in the public from identifying more than a
handful of general properties of the algorithm. The algorithm begins by encrypting the
plaintext as blocks of 64 bits. The key is 64 bits long, but in fact it can be any 56-bit number.
(The extra 8 bits are often used as check digits and do not affect encryption in normal
implementations.) The user can change the key at will any time there is uncertainty about
the security of the old key.

DES uses only standard arithmetic and logical operations on numbers up to 64 bits long, so
it is suitable for implementation in software on most current computers. Although complex,
the algorithm is repetitive, making it suitable for implementation on a single-purpose chip.

5
Question 6 - Explain RSA technique with an example.

RSA is an exponentiation cipher. You have to follow the following two steps.

1. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the
number of numbers less than n with no factors in common with n.
Example: Let n = 10. The numbers that are less than 10 and are relatively prime to
(have no factors in common with) n are 1, 3, 7, and 9. Hence,
(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4,
5, 8, 10, 11, 13, 16, 17, 19, and 20. So (21) = 12.

2. Choose an integer e < n that is relatively prime to (n). Find a second integer d such
that ed
mod (n) = 1. The public key is (e, n), and the private key is d.
Let m be a message. Then:
c = me mod n
and
m = cd mod n.
Example: Let p = 7 and q = 11. Then n = 77 and (n) = 60. Alice chooses e = 17, so
her private
key is d = 53. In this cryptosystem, each plaintext character is represented by a
number
between 00 (A) and 25 (Z); 26 represents a blank. Bob wants to send Alice the
message
"HELLO WORLD." Using the representation above, the plaintext is 07 04 11 11 14 26
22 14 17
11 03. Using Alice's public key, the ciphertext is
0717 mod 77 = 28
0417 mod 77 = 16 1117 mod 77 = 44 ... 0317 mod 77 = 75 or 28 16 44 44 42 38 22
42 19 44 75.

In addition to confidentiality, RSA can provide data and origin authentication. If Alice
enciphers her message using her private key, anyone can read it, but if anyone alters it, the
(altered) ciphertext cannot be deciphered correctly. Example: Suppose Alice wishes to send
Bob the message "HELLO WORLD" in such a way that Bob will be sure that Alice sent it.
She enciphers the message with her private key and sends it to Bob. As indicated above, the
plaintext is represented as 07 04 11 11 14 26 22 14 17 11 03. Using Alice's private key, the
ciphertext is 0753 mod 77 = 35 0453 mod 77 = 09 1153 mod 77 = 44 ... 0353 mod 77 = 05
or 35 09 44 44 93 12 24 94 04 05.