Cryptography 2 marks questions:

Justify the claim that "The Diffie-Hellman approach was the first practical public key
crypto algorithm.
The public key idea was invented and first published by Whitfield Diffie and Martin Hellman in
1976. It turns out that it had been invented earlier but kept secret by governments. Public key
cryptography is a mathematical technique to avoid the need to communicate a secret key from
one person to another.
Justify the statement, "In DES, the initial key size is equal to the length of the plain text
block."
Yes initially the key is also of the same length as that of the plaintext which is 64 bits but every
8th bit of the key is discarded. So the bits 8,16,24,32,40,48,56 and 64 are discarded and the key
length becomes 56 bits.
How does DES-3 allow for the reuse of a key?
In 3-DES the keys that we use can be all different or it may also be that two keys are the same
and the other one is different. In the latter case, users encrypt plaintext blocks with key K1,
then decrypt with key K2, and finally encrypt with K1 again where K1 and K2 are the
keys.
Why does Triple DES have a decryption in the middle rather than an encryption?
Each triple encryption encrypts one block of 64 bits of data. In each case the middle
operation is the reverse of the first and last. This improves the strength of the algorithm
when using keying option 2 and provides backward compatibility with DES with keying
option 3.
Describe the potential issue with the DES-2 algorithm.
double DES uses a 112 bit key but gives a security level of 2^56 not 2^112 and this is because
of a meet-in-the middle attack which can be used to break through double DES.
Justify the claim that "Symmetric key cryptography does not enable authentication and
non-repudiation."

Give an example of how "Secret key cryptography is faster than public key
cryptography."
Asymmetric encryption is slower than symmetric encryption because it employs two
separate keys that are linked through a difficult mathematical procedure. Symmetric
encryption is mostly used to transfer large amounts of data.
Why is DES less secure than Double DES and Triple DES? Explain.
As we know the Data encryption standard (DES) uses a 56 bit key to encrypt any plain text
which can be easily cracked by using modern technologies. To prevent this from happening
double DES and triple DES were introduced which are much more secure than the original DES
because it uses 112 and 168 bit keys respectively. They offer much more security than DES.
It is well known that two communicating parties cannot easily share the same secret key
in symmetric-key cryptography. How does public-key cryptography work to address this
issue?
Public key or asymmetric key cryptography uses two different keys-one private key and one
public key, one is used for encryption with the other one being used for decryption. Generally
the receiver’s public key is used for encryption and the private key is used for encryption. So
even if the attacker gets hold of the public key, he won’t be able to decrypt the message without
getting the private key.
Comment about the RSA algorithm's strength.
The RSA algorithm is based on the prime factorization problem. So if the attacker can break the
large composite number into two primes and get the values of p and q then the security of the
system will be compromised.
Describe how "Man-in-the-middle attack" affects public key exchange
"A man-in-the-middle attack may permit the attacker to completely subvert encryption and gain
access to the encrypted contents, including passwords. A successful attacker is able to inject
commands into terminal sessions, to modify data in transit, or to steal data.

The attack also allows injecting malware into any binaries and software updates downloaded
through the system. Several attack groups and malware packages have used this technique in
the past"

What role does the digital signature play in cryptography?

Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to
identify users and protect information in digital messages or documents. In emails, the email
content itself becomes part of the digital signature"
Justify the claim that "the digital envelope technique incorporates the best aspects of
both symmetric and asymmetric key encryption."
A digital envelope uses two layers for encryption: Secret (symmetric) key and public key
encryption. Secret key encryption is used for message encoding and decoding. Public key
encryption is used to send a secret key to a receiving party over a network. This technique does
not require plain text communication.

Either of the following methods may be used to create a digital envelope:

Secret key encryption algorithms, such as Rijndael or Twofish, for message encryption.

Public key encryption algorithm from RSA for secret key encryption with a receiver’s public key.

Describe the DSA algorithm's importance in terms of cryptography.

DSA Algorithm provides three benefits, which are as follows:

● Message Authentication: You can verify the origin of the sender using the right
key combination.
● Integrity Verification: You cannot tamper with the message since it will prevent
the bundle from being decrypted altogether.
● Non-repudiation: The sender cannot claim they never sent the message if
verifies the signature.
Why does cryptography employ message digests?
https://www.google.com/amp/s/www.geeksforgeeks.org/message-digest-in-information-security/
amp/

Describe the importance of IPSec in terms of cryptography.

IPsec is a group of protocols that are used together to set up encrypted connections between
devices. It helps keep data sent over public networks secure. IPsec is often used to set up
VPNs, and it works by encrypting IP packets, along with authenticating the source where the
packets come from
Describe SHTTP's place in the TCP/IP protocol family.
Secure HTTP) An earlier security protocol that provided secure transactions over the Web.
Working at the application layer rather than the transport layer of the protocol stack, SHTTP was
also used to authenticate the client. In contrast, SSL is used to authenticate the Web server.
Why does the SSL layer come before the application layer and after the transport layer?
It is one that "sits" between both layers. Because of its position, SSL gives the client machines
the ability to selectively apply security protection on individual applications, rather than set forth
encryption on an entire group of applications. The procedure can be done without concerning
Layer 3, the network layer.
What distinguishes SHTTP from SSL?
https://www.geeksforgeeks.org/ssl-vs-https-which-one-is-more-secure/amp/

Comparison of SSL and SET with justification

https://www.google.com/amp/s/www.geeksforgeeks.org/difference-between-secure-socke
t-layer-ssl-and-secure-electronic-transaction-set/amp/

What distinguishes TLS from SSL?

The notable differences include:

Cipher suites

SSL protocol offers support for the Fortezza cipher suite. TLS does not offer support. TLS
follows a better standardization process that makes defining of new cipher suites easier like
RC4, Triple DES, AES, IDEA, etc.

Alert messages

SSL has the “No certificate” alert message. TLS protocol removes the alert message and
replaces it with several other alert messages.

Record Protocol
SSL uses Message Authentication Code (MAC) after encrypting each message while TLS on
the other hand uses HMAC — a hash-based message authentication code after each message
encryption.

Handshake process

In SSL, the hash calculation also comprises the master secret and pad while in TLS, the hashes
are calculated over handshake message

Describe the role that electronic money plays in e-commerce applications.

https://corporatefinanceinstitute.com/resources/economics/electronic-money/#:~:text=M
edium%20of%20exchange%3A%20Electronic%20money,and%2For%20services%20being
%20transacted

Describe the requirement for biometric authentication.

Biometric authentication involves using some part of your physical makeup to authenticate you.
This could be a fingerprint, an iris scan, a retina scan, or some other physical characteristic. A
single characteristic or multiple characteristics could be used.
Biometric factors are defined by seven characteristics: universality, uniqueness, permanence,
collectability, performance, acceptability, and circumvention

Describe PGP's importance as an email security protocol

Since its invention back in 1991, PGP has become the de facto standard for email security.
...
There are, essentially, three main uses of PGP:
Sending and receiving encrypted emails.
Verifying the identity of the person who has sent you this message.
Encrypting files stored on your devices or in the cloud."

PGP uses Base-64 encoding, — Describe.

The confidentiality scheme of PGP is provided through the use of symmetric
block encryption, compression using the ZIP algorithm, and E-Mail compatibility
using the radix64 or Base-64 encoding scheme
Describe the importance of S/MIME to the security of electronic mail.
S/MIME is based on asymmetric cryptography to protect your emails from unwanted access. It
also allows you to digitally sign your emails to verify you as the legitimate sender of the
message, making it an effective weapon against many phishing attacks out there. That's
basically the gist of what S/MIME is all about.
The flow between internal and potentially hostile networks is managed by the packet
filter. – Explain this assertion.
The packet filtering firewall analyses the source and destination IP addresses, source, and
destination port numbers, and protocol IDs of IP packets as per an ACL. The firewall checks for
the information contained in the IP, TCP, or UDP header, and then it decides to accept or drop
the packet depending upon the ACL.
The firewall can allow fragment-type packets after comparing the information with the ACL.
Additionally, it has a default method, set by users, that allows the packets to pass even if these
do not qualify with the ACL.
Describe "A firewall or proxy server handles network address translation.”
A Network Address Translation (NAT) firewall operates on a router to protect private networks. It
works by only allowing internet traffic to pass through if a device on the private network
requested it. A NAT firewall protects the identity of a network and doesn't show internal IP
addresses to the internet
Justify the statement, "DMZ networks are a common idea in firewall architectures. “
DMZs function as a buffer zone between the public internet and the private network. The DMZ
subnet is deployed between two firewalls. All inbound network packets are then screened using
a firewall or other security appliance before they arrive at the servers hosted in the DMZ.
A network DMZ sits between two firewalls, creating a semisafe buffer zone between the internet
and the enterprise LAN.
If better-prepared threat actors pass through the first firewall, they must then gain unauthorized
access to the services in the DMZ before they can do any damage. Those systems are likely to
be hardened against such attacks.

Describe the issue with the exchange of public keys.

If two parties cannot establish a secure initial key exchange, they won't be able to communicate
securely without the risk of messages being intercepted and decrypted by a third party who
acquired the key during the initial key exchange."
Describe the objective of network security
Network Security is vital in protecting client data and information, keeping shared data secure
and ensuring reliable access and network performance as well as protection from cyber threats.
What is notarial service?
Notary services incorporate the time-stamping service in blockchain to assure that the date and
time is a part of the content for later verification. HSMs provision the trusted root by securely
storing the cryptographic identity used for the digital signing and time-stamping of data.
What kind of assault is utilized to compromise confidentiality?

Interception attacks allow unauthorized users to access our data, applications, or environments,
and are primarily an attack against confidentiality."
What fundamental tenet underpins digital signatures?

List the five objectives for network security.

Maintain a Safe Network. ...
Maintain Vulnerability Management. ...
Prevent Unauthorized Access. ...
Ensure Security Flaws are Immediately Reported. ...
Maintain Integrity of Data Assets."
Non-repudiation: What Is It?
Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender's identity, so neither can later deny having processed the
information
How many different kinds of active attacks exist?
Session Hijacking Attack​A session hijacking attack is a form of active attack in which the
attacker will take over your internet session. ...

Message Modification Attack​...

Masquerade Attack​...

Denial-of-Service Attack​...

Distributed Denial-of-Service Attack​...

Trojans

What does posing mean?

-_-
What is Steganography?
"Steganography is the practice of hiding a secret message inside of (or even on top of)
something that is not secret. That something can be just about anything you want. These days,
many examples of steganography involve embedding a secret piece of text inside of a picture.
Or hiding a secret message or script inside of a Word or Excel document."
What is cryptanalysis?
https://www.geeksforgeeks.org/cryptanalysis-and-types-of-attacks/

Block cypher algorithm: what is it?

https://www.google.com/amp/s/www.geeksforgeeks.org/block-cipher-modes-of-operation
/amp/

A minor alteration to the plain text should result in a substantial modification to the
encrypted text. Why does that matter?
The plain text is encrypted into the ciphertext using some standard encryption algorithms and
specific user chosen keys. If change to a single bit of the plaintext results in change of a single
bit in the ciphertext then it will be easy to perform statistical analysis and cryptanalysis on it
because the underlying mathematics is simple. On the other hand if it causes significant
changes in the ciphertext then it will be very difficult for the attacker. For example in hash
function, one single bit change in the original message will result in an entirely different
message digest. This is known as the Avalanche property of Cryptography.
https://www.geeksforgeeks.org/avalanche-effect-in-cryptography/

What number of bits does DES encryption use?

56 bit key, 64 bit plaintext and 64 bit ciphertext
What kind of encryption is Data Encryption Standard (DES)?
Symmetric or private key encryption. It is also a block cipher.
Which cipher's key size is the same as the message size?
Stream cipher.
What kind of encryption does RSA use?
"RSA is a type of asymmetric encryption, which uses two different but linked keys. In RSA
cryptography, both the public and the private keys can encrypt a message. The opposite key
from the one used to encrypt a message is used to decrypt it."
How exactly does the attacker use an attack to try to change the message?
The attacker at first tries to find the potential loop-holes or vulnerabilities in the system/network
to exploit the network. He can use either active attacks or passive attacks. The primary goal of
the attacker will be to steal the sensitive information about the system such as user id,
password i.e. login details. For example, in a public key algorithm the message is decrypted
using the private key of the receiver. So if the attacker gets access to the private key then
he/she can easily decrypt the message and compromise the system.
How does a cryptanalyst attempt to decipher the initial message?

There are many different types of cryptanalysis attacks and techniques, which
vary depending on how much information the analyst has about the ciphertext
being analyzed. Some cryptanalytic methods include:

● In a ciphertext-only attack, the attacker only has access to one or

more encrypted messages but knows nothing about the plaintext
data, the encryption algorithm being used or any data about the
cryptographic key being used. This is the type of challenge that
intelligence agencies often face when they have intercepted
encrypted communications from an opponent.
● In a known plaintext attack, the analyst may have access to some or
all of the plaintext of the ciphertext; the analyst's goal in this case is
to discover the key used to encrypt the message and decrypt the
message. Once the key is discovered, an attacker can decrypt all
messages that had been encrypted using that key. Linear
 cryptanalysis is a type of known plaintext attack that uses a linear
approximation to describe how a block cipher Known plaintext
attacks depend on the attacker being able to discover or guess some
or all of an encrypted message, or even the format of the original
plaintext. For example, if the attacker is aware that a particular
message is addressed to or about a particular person, that person's
name may be a suitable known plaintext.
● In a chosen plaintext attack, the analyst either knows the encryption
algorithm or has access to the device used to do the encryption. The
analyst can encrypt the chosen plaintext with the targeted algorithm
to derive information about the key.

What do you mean when you say a message was fabricated?

Fabricated basically means falsified. So a message was fabricated means the contents of it
were intentionally altered or falsified in order to deceive the receiver/receivers.
How many different kinds of security threats exist?
https://onlinedegrees.und.edu/blog/types-of-cyber-security-threats/#:~:text=7%20Types%
20of%20Cyber%20Security%20Threats

What does "denial of service" mean to you?

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a
machine or network resource unavailable to its intended users by temporarily or indefinitely
disrupting services of a host connected to a network.
What does "decryption algorithm" mean to you?
Decryption is also known as deciphering. A decryption algorithm is a mathematical
process utilized for decryption that generates the original plaintext as an outcome of any
given ciphertext and decryption key.
What does Fiestel Cipher mean to you?
https://www.google.com/amp/s/www.geeksforgeeks.org/feistel-cipher/amp/

Why is a firewall necessary?

Firewalls provide protection against outside cyber attackers by shielding your computer or
network from malicious or unnecessary network traffic. Firewalls can also prevent malicious
software from accessing a computer or network via the internet.
What is the purpose of message authentication code (MAC)?
The message authentication code, also known as digital authenticator, is used as an integrity
check based on a secret key shared by two parties to authenticate information transmitted
between them. It is based on using a cryptographic hash or symmetric encryption algorithm
What algorithms does PGP employ?
PGP uses two public key algorithms, one symmetric key algorithm, a one-way hashing
algorithm, and a compression algorithm. These are seamlessly and transparently integrated into
the program
What does authentication serve?
An authentication server manages processes that allow access to a network, application, or
system. Before connecting with a server, users must prove that they are who they say they are.
An authentication server handles this delicate work
What are the typical justifications for using a digital signature in communications?
https://www.jscape.com/blog/what-is-a-digital-signature

Contrast a handwritten signature with a computerized one.

Differences between digital and handwritten signatures include: A handwritten signature is
biologically linked to a specific individual, whereas a digital signature relies on the protection
afforded a private signature key by the signer, and the procedures implemented by a
Certification Authority
How is the envelope for a digital signature decrypted?
Opening Digital Envelopes

1. The recipient applies his or her private key to the encrypted message key. The
result is the secret key that was originally used to encrypt the digital document.
2. The secret key that was revealed in the previous step is used to decrypt the
digital document. Result.

Cryptography 5 marks questions:

An attack known as a "meet-in-the-middle":
https://www.google.com/amp/s/www.techtarget.com/iotagenda/definition/meet-in-the-middle-atta
ck%3famp=1
Why is the middle part of the 3DES decryption and not encryption?
There is no cryptographic significance to the use of decryption for the second
stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by
users of the older single DES by repeating the key.
https://www.geeksforgeeks.org/double-des-and-triple-des/

Key wrapping – what is it? How does it help?

https://cloud.google.com/kms/docs/key-wrapping#:~:text=Key%20wrapping%20is%20the%20pr
ocess,cryptography%2C%20depending%20on%20the%20context
Assume for the moment that Bob and Alice, two users, want to utilise the DiffieHellman
Key exchange protocol to exchange a secret key. Find out the values of A, B, and the
secret key K1 or K2 assuming the values n=11, g=5, x=2, and y=3.
Handwritten
Give an explanation of the S-box and P-box functions in DES.
NPTEL notes
What are the message digest's primary requirements?
https://www.ibm.com/docs/en/ibm-mq/7.5?topic=concepts-message-digests
What issues arise when public key exchanges? Describe a procedure for resolution.
https://smallbusiness.chron.com/disadvantages-public-key-encryption-68149.html
What distinguishes the MAC from the message digest?
https://www.tutorialspoint.com/what-is-the-difference-between-mac-and-hash-function-in-informa
tion-security
How is the MD5 algorithm used?
https://www.google.com/amp/s/www.geeksforgeeks.org/what-is-the-md5-algorithm/amp/
What distinguishes little-endian format from big-endian format?
https://www.google.com/amp/s/www.techtarget.com/searchnetworking/definition/big-endian-and-
little-endian%3famp=1
What fields are public-key cryptosystems used in?
https://www.google.com/amp/s/www.geeksforgeeks.org/public-key-encryption/amp/
The purpose of using a digital signature Digital certificates: what are they?
https://www.emptrust.com/blog/benefits-of-using-digital-signatures/
Find the corresponding private key in RSA given P=17, Q=11, and the public key (E) of a
specified user as 7. (D).
Handwritten
What distinguishes SHTTP from SSL?
https://www.google.com/amp/s/www.geeksforgeeks.org/ssl-vs-https-which-one-is-more-secure/a
mp/
Which protocols use SSL?
https://www.google.com/amp/s/www.geeksforgeeks.org/secure-socket-layer-ssl/amp/
Describe the dangers of the security handshake.
https://www.venafi.com/blog/where-tlsssl-handshake-most-vulnerable
List all of the services that IPSec offers.
https://www.google.com/search?q=List+all+of+the+services+that+IPSec+offer&oq=List+all+of+t
he+services+that+IPSec+offer&aqs=chrome..69i57.515j0j4&client=ms-android-samsung-ss&so
urceid=chrome-mobile&ie=UTF-8#:~:text=Three%20security%20services%20that%20can%20b
e%20provided%20by%20IPSec%20are%3A%20message%20confidentiality%2C%20message
%20integrity%20and%20traffic%20analysis%20protection
Make distinctions between the three categories of invaders.

Choose the ideal type of website for server-side and client-side scripting by comparing
static, dynamic, and active webpages.
https://www.google.com/amp/s/www.geeksforgeeks.org/difference-between-static-and-dynamic-
web-pages/amp/
Describe the high-level steps for each mail security protocol.
https://www.techtarget.com/searchsecurity/answer/What-are-the-most-important-email-security-
protocols
Describe the PGP key rings concept
http://www.faadooengineers.com/online-study/post/cse/network-management-and-securuty/617/
pgp-key-rings
Use any two Transposition Techniques and any two Substitution Techniques to convert
"MEET ME."
Handwritten
Selecting the prime numbers p=7 and q=11, encrypt the message "BE" using the RSA
algorithm.
Handwritten
Draw a diagram of the RSA key generation algorithm.
https://www.researchgate.net/figure/Block-diagram-of-RSA-encryption-algorithms-IV-Design-of-t
he-RSA-Encryption-Algorithm-The_fig1_282249995
The message "where are you" should be encrypted and decrypted using the play fair
cypher technique.
Handwritten
What are the initial and inverse initial permutations of the plain string
123456ABCD132536 when it is submitted as input to the DES?
Handwritten
Draw a detailed diagram of the email sending and receiving process.
https://www.oasis-open.org/khelp/kmlm/user_help/html/how_email_works.html
Show how PGP is used to ensure the confidentiality of a message.
https://www.google.com/amp/s/www.geeksforgeeks.org/pgp-authentication-and-confidentiality/a
mp/
Showcase the MIME's features.
https://www.google.com/amp/s/www.geeksforgeeks.org/multipurpose-internet-mail-extension-mi
me-protocol/amp/
Distinguish between steganography and cryptography.
https://www.google.com/amp/s/www.geeksforgeeks.org/difference-between-steganography-and-
cryptography/amp/
Explain the differences between block and stream cypher
https://www.google.com/amp/s/www.geeksforgeeks.org/difference-between-block-cipher-and-str
eam-cipher/amp/
PGP and S/MIME can be compared and contrasted.
https://www.google.com/amp/s/www.geeksforgeeks.org/difference-between-pgp-and-s-mime/am
p/
Symmetric and asymmetric key encryption are compared and contrasted
https://www.geeksforgeeks.org/difference-between-symmetric-and-asymmetric-key-encryption/
RC5 and RC6 are contrasted.
https://crypto.stackexchange.com/questions/68460/difference-between-rc2-rc4-rc5-and-rc6
Use PGP to describe the transmission and receipt of messages
http://www.faadooengineers.com/online-study/post/cse/network-management-and-securuty/617/
pgp-message-transmission-and-reception
Examine the RC5's features.
https://www.google.com/amp/s/www.geeksforgeeks.org/rc5-encryption-algorithm/amp/
Examine the Fiestel cipher's characteristics.
https://www.google.com/amp/s/www.geeksforgeeks.org/feistel-cipher/amp/
Pick the S/MIME algorithms you want to use. Explain your response.
https://www.google.com/amp/s/www.compuquip.com/blog/what-is-smime%3fhs_amp=true
Discuss the qualities that a digital signature ought to have
NPTEL notes
How many bits are generated as the message digest and what should the MD5 block size
be?
The output from MD5 is a 128-bit message-digest value. Computation of the MD5
digest value is performed in separate stages that process each 512-bit block of data
along with the value computed in the preceding stage.
https://www.techtarget.com/searchsecurity/definition/MD5#:~:text=The%20output%20fro
m%20MD5%20is,computed%20in%20the%20preceding%20stage.
Discover the DES algorithm's advantages and disadvantages
https://www.tutorialspoint.com/what-are-the-advantage-and-disadvantage-of-des

10 marks questions:
Draw a block diagram to illustrate how one DES round works.
NPTEL NOTES
Describe the IDEA algorithm's guiding ideas
https://www.google.com/amp/s/www.geeksforgeeks.org/simplified-international-data-enc
ryption-algorithm-idea/amp/
Describe the RC5 encryption process.
https://www.google.com/amp/s/www.geeksforgeeks.org/rc5-encryption-algorithm/amp/
(a) What makes studying the Fiestel Cipher important? (b) Give a brief description
of the Fiestel Cipher construction. Draw attention to the design elements and
variables that affect how a design is realized. Talk about the decryption algorithm
used at the other end as well.
https://www.google.com/amp/s/www.geeksforgeeks.org/feistel-cipher/amp/
Give a brief description of the S-DES approach. (b) Give a brief overview of
the DES-2 (or Double DES) algorithm. (c) What exactly is Triple DES? Why is it
safer than DES, exactly?
Ans:
a) NPTEL notes
b) https://www.geeksforgeeks.org/double-des-and-triple-des/
c) https://www.geeksforgeeks.org/double-des-and-triple-des/
Why is the SHA-1 (message digest) algorithm important? Explain the differences
between SHA-1 and MD5, then examine the main criteria for message digests.
https://www.encryptionconsulting.com/education-center/what-is-sha/
https://www.geeksforgeeks.org/difference-between-md5-and-sha1/amp/
https://www.google.com/amp/s/www.geeksforgeeks.org/message-digest-in-information-
security/amp/
The following should be discussed critically: (a) Symmetric key cryptography
does not offer authentication and non-repudiation. (b) The symmetric and
asymmetric key cryptography's greatest qualities are combined in the digital
envelope technique. (c) In contrast to public key cryptography, secret key
cryptography is faster.

Describe the functions that the SSL Record Protocol offers. Infer the steps that
the SSL handshake protocol takes
https://www.google.com/amp/s/www.geeksforgeeks.org/secure-socket-layer-ssl/amp/

What exactly is a dual signature and why would you want one? List the four
essential procedures involved in producing a digital certificate. What drawbacks
are there to using clear text passwords?
https://www.google.com/amp/s/www.geeksforgeeks.org/secure-electronic-transaction-s
et-protocol/amp/
https://www.google.com/amp/s/www.geeksforgeeks.org/digital-certificate-creation/amp/
https://security.stackexchange.com/questions/12641/what-are-all-of-the-issues-with-sto
ring-a-cleartext-password#:~:text=There%20are%20two%20primary%20risks,This%20i
s%20poor%20practice

Justify the requirement for biometric authentication and provide a succinct

overview of the Kerberos Protocol.
https://www.google.com/amp/s/www.geeksforgeeks.org/kerberos/amp/
Determine the demand for electronic money and define SET with the aid of an
appropriate model.
https://www.investopedia.com/terms/e/electronic-money.asp
https://www.geeksforgeeks.org/secure-electronic-transaction-set-protocol/amp/
Describe how the SSL handshake protocol prepares the pre-master-secret and
master-secret. Compile two methods that are frequently used to secure
password file
https://www.cryptologie.net/article/340/tls-pre-master-secrets-and-master-secrets/
Describe the benefits of SSO using its two methods. Explain the rationale for
placing the SSL layer between the application and transport layers.
https://www.pingidentity.com/en/resources/blog/post/top-benefits-sso.html
 https://www.google.com/amp/s/www.techtarget.com/searchsecurity/answer/How-does-
SSL-sit-between-the-network-layer-and-application-layer%3famp=1
List the benefits and drawbacks of utilizing Packet Filter in brief. Create
strategies for an attacker to breach Packet Filter's security. Gather evidence to
support the claim that "the packet filter controls the flow between internal and
potentially hostile network."
https://www.indeed.com/career-advice/career-development/packet-filtering
https://www.google.com/amp/s/www.compuquip.com/blog/protect-network-firewall-hack
ing%3fhs_amp=true
https://intellipaat.com/blog/packet-filtering-firewall/
Create the broad-level PEM and PGP steps.
https://www.geeksforgeeks.org/privacy-enhanced-mail-pem-and-its-working/
https://www.geeksforgeeks.org/pgp-authentication-and-confidentiality/amp/
Create the qualities of a successful firewall setup. What are a firewall's
restrictions?
https://www.google.com/amp/s/www.geeksforgeeks.org/firewall-design-principles/amp/
Describe the steps involved in creating and verifying a digital signature with
DSA.
https://www.simplilearn.com/tutorials/cryptography-tutorial/digital-signature-algorithm
Why is image steganography using the LSB method? Clearly describe the
LSBbased image steganography technique.
This method is very fast and easy to implement in comparison to other methods of
image Steganography. The output image has a very slight difference to the input
image. Instead of embedding the message in only the LSB, we can embed the
message in last two LSBs, thus embedding even large messages.
https://www.geeksforgeeks.org/lsb-based-image-steganography-using-matlab/

A generalization of the Caesar cipher, known as the affine Caesar cipher, has the
following form: For each plaintext letter p, substitute the ciphertext letter C: C =
E([a, b], p) = (ap + b) mod 26 A basic requirement of any encryption algorithm is
that it be one-to-one. That is, if p ≠ q, then E(k, p) ≠ E(k, q). Otherwise, decryption
is impossible, because more than one plaintext character maps into the same
ciphertext character. The affine Caesar cipher is not one-to-one for all values of
a. For example, for a = 2 and b = 3, then E([a, b], 0) = E([a, b], 13) = 3. a. Are there
any limitations on the value of b? Explain why or why not. b. Determine which
values of a are not allowed. c. Provide a general statement of which values of a
are and are not allowed. Justify your statement
a. No. A change in the value of b shifts the relationship between plaintext letters and
ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it
remains one-to-one.
b. 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than 25 is equivalent
to a mod 26.
c. The values of a and 26 must have no common positive integer factor other than 1. This
is equivalent to saying that a and 26 are relatively prime, or that the greatest
common divisor of a and 26 is 1. To see this, first note that E(a, p) = E(a, q) (0 ≤ p ≤
q < 26) if and only if a(p – q) is divisible by 26. 1. Suppose that a and 26 are
relatively prime. Then, a(p – q) is not divisible by 26, because there is no way to
reduce the fraction a/26 and (p – q) is less than 26. 2. Suppose that a and 26 have a
common factor k > 1. Then E(a, p) = E(a, q), if q = p + m/k ≠ p.
Consider a block encryption algorithm that encrypts blocks of length n, and let N =
2n. Say we have t plaintext–ciphertext pairs Pi, Ci = E(K, Pi), where we assume
that the key K selects one of the N! possible mappings. Imagine that we wish
to find K by exhaustive search. We could generate the key K′ and test whether
Ci = E(K′, Pi) for 1 … i … t. If K′ encrypts each Pi to its proper Ci, then we have
evidence that K = K′. However, it may be the case that the mappings E(K, # )
and E(K′, # ) exactly agree on the t plaintext–ciphertext pairs Pi, Ci and agree
on no other pairs. a. What is the probability that E(K, # ) and E(K′, # ) are in fact
distinct mappings? b. What is the probability that E(K, # ) and E(K′, # ) agree
on another t′ plaintext ciphertext pairs where 0 … t′ … N- t?

The second signatory as a first step must verify that the document was
really signed by the first signatory. She then incorporates her signature
into the document’s signature so that the recipient, as well as any member
of the public, may verify that the document was indeed signed by both
signatories. In addition, only the second signatory has to be able to verify
the document’s signature after the first step; that is, the recipient (or any
member of the public) should be able to verify only the complete document
with signatures of both signatories, but not the document in its
intermediate form where only one signatory has signed it. Moreover, the
bank would like to make use of its existing modules that support RSA-style
digital signatures.” “Hm, I understand how RSA can be used to digitally
sign documents by one signatory, Holmes. I guess you have solved the
problem of Mr. Hosgrave by appropriate generalization of RSA digital
signatures.” “Exactly, Watson,” nodded Sherlock Holmes. “Originally, the
RSA digital signature was formed by encrypting the document by the
signatory’s private decryption key ‘d’, and the signature could be verified
by anyone through its decryption using publicly known encryption key ‘e’.
One can verify that the signature S was formed by the person who knows
d, which is supposed to be the only signatory. Now the problem of Mr.
Hosgrave can be solved in the same way by slight generalization of the
process, that is …” Finish the explanation.

We have a global elliptic curve, prime p, and “generator” G. Alice picks a

private signing key XA and forms the public verifying key YA = XAG. To
sign a message M: ■ Alice picks a value k. ■ Alice sends Bob M, k, and the
signature S = M- kXAG. ■ Bob verifies that M = S + kYA. a. Show that this
scheme works. That is, show that the verification process produces an
equality if the signature is valid. b. Show that the scheme is unacceptable
by describing a simple technique for forging a user’s signature on an
arbitrary message
Values are different here but process should be same
Suppose we are told that the plaintext conversation yields the ciphertext
HIARRTNUYTUS where the Hill Cipher is used but the key size m is not
specified. Determine the encryption matrix.
Let X′ be the bitwise complement of X. Prove that if the complement of the
plaintext block is taken and the complement of an encryption key is taken,
then the result of DES encryption with these values is the complement of
the original ciphertext. That is, If Y = E(K, X) Then Y′ = E(K′, X′) . b. It has
been said that a brute-force attack on DES requires searching a key space
of 256 keys. Does the result of part (a) change that?