Cyber Security

Paper Code : PEC-CS702E

ID: CS/B.TECH(N)/ODD/SEM-7/7558/2023-2024/I136
Department of Computer Science and Engineering
Maulana Abul Kalam Azad University of Technology, West Bengal

Group-A
(Very Short Answer Type Question; 1-Mark Question)

(I) What is the existence of weakness in a system or network is known as?

Vulnerability

(II) Which DDoS in mobile systems wait for the owner to trigger the cyber attack?
SMS-based DDoS

(III) Why are the factors like Confidentiality, Integrity, Availability, and Authenticity considered as
the fundamentals?
They are the core principles of information security – Confidentiality, Integrity,
Availability, and Authenticity are considered fundamental because they ensure the protection and
reliability of information.

(IV) What refers to exploring the appropriate, ethical behaviors related to the online environment
and digital media platform?
Digital Ethics

(V) What type of text is transformed with the help of a cipher algorithm?
Plaintext

(VI) Cyberspace” was coined by _______.

"Cyberspace" was coined by William Gibson in his novel Neuromancer.

(VII) Network failure is primarily a ______ issue.

Hardware

(VIII) ___________ means the security of data from tampering by unidentified users.
Data Integrity

(IX) Which is a sort of independent type of malicious program that would not require any host
program?
Worm

(X) An act to injure, corrupt, or threaten a system or network is characterized__________.

Cyberattack

(XI) What is security misconfiguration?

A security misconfiguration occurs when a system or network is not properly secured or
configured, leaving vulnerabilities open.

(XII) Differentiate Worm and Virus?

A worm is a self-replicating, independent malicious program that spreads without user
intervention, while a virus requires a host program to spread.
 Group-B
(Short Answer Type Question; 5-Mark Question)
2. Describe Security risk and analysis.
Security risk refers to the potential threats and vulnerabilities in a system or network that could lead
to harm, data loss, or disruption of services. These risks could come from various sources such as
cyberattacks, natural disasters, human errors, or system failures. To ensure the security of systems,
it is essential to analyze, identify, and assess these risks through a structured process. Risk analysis
is the process of evaluating risks to understand their likelihood and impact on an organization and
its assets. It involves:
 Risk Identification: Identifying potential threats and vulnerabilities.
 Risk Assessment: Evaluating the impact and likelihood of identified risks.
 Risk Mitigation: Implementing controls to reduce or eliminate the risks.
 Risk Monitoring: Continuously monitoring risks and adjusting strategies as necessary.
Effective risk analysis helps organizations take proactive measures to secure their systems and
protect sensitive data.

Importance of Security Risk Analysis:

 It helps organizations understand the potential threats and vulnerabilities in their
environment.
 Allows organizations to allocate resources effectively to protect against the highest risks.
 Helps in decision-making, ensuring that the organization is prepared for both expected and
unforeseen security events.
 Ensures compliance with legal and regulatory requirements by addressing security risks in
a systematic way.

3. Explain Data backup security, Data archival security, and Data disposal
considerations.
 Data Backup Security: It involves the creation and protection of copies of critical data to ensure
its availability in case of data loss or disaster. Backup data must be encrypted, stored securely
(e.g., in a secure cloud environment or offline storage), and regularly tested for recoverability.
 Data Archival Security: Archiving refers to long-term storage of inactive data. Archival security
ensures that archived data remains intact, accessible, and secure. It typically involves using
secure storage methods, encryption, and strict access controls to prevent unauthorized access or
tampering over time.
 Data Disposal Considerations: When data is no longer needed, it must be disposed of securely
to prevent unauthorized access. Methods include physical destruction (e.g., shredding hard
drives) or secure deletion (e.g., overwriting data several times). Proper data disposal is crucial
to protecting sensitive information and complying with data protection regulations.
4. What is the use of policy?
A policy is a set of guidelines or principles designed to influence decisions and ensure consistent
and proper behavior within an organization. In cybersecurity, policies are crucial for:
i. Establishing clear rules regarding data access, usage, and protection.
ii. Defining roles and responsibilities for security management.
iii. Guiding employees' actions to prevent security incidents.
iv. Ensuring compliance with legal and regulatory standards (e.g., GDPR, HIPAA).
Policies provide a framework for security practices, help minimize risks, and ensure that security
measures align with the organization's overall objectives.

5. Define session hijacking and its various challenges.

Session Hijacking is an attack in which an attacker steals or predicts a valid session token or session
ID in order to gain unauthorized access to a user’s session. This can happen in web applications or
network communications, where an attacker can impersonate the legitimate user.
Challenges in Session Hijacking:
i. Secure Communication: If the session data is not encrypted (e.g., in plain HTTP), it can be
intercepted and hijacked by attackers.
ii. Session Fixation: Attackers can trick users into using a known session ID, allowing them to
take control of the session.
iii. Cross-Site Scripting (XSS): Attackers inject malicious scripts to steal session cookies.
iv. Mitigation: Using HTTPS, implementing session timeouts, regenerating session IDs, and
utilizing multi-factor authentication are essential to prevent session hijacking.

6. Explain the Feistel cipher in detail.

The Feistel Cipher is a symmetric key encryption algorithm that divides the input data into two
halves and processes them through multiple rounds. Each round applies a series of operations,
including substitution and permutation, to create ciphertext from plaintext. The Feistel cipher
structure is the foundation for many encryption algorithms, such as DES.
Working of Feistel Cipher:
i. Initial Split: The plaintext is divided into two equal halves, Left (L) and Right (R).
ii. Rounds: In each round, the right half (R) is processed through a round function (typically a
function involving the key and some permutation or substitution operations). The output is
XORed with the left half (L), and the result becomes the new left half. The right half becomes
the new left half for the next round.
iii. Key Schedule: A set of subkeys is generated from the main key. Each round uses a different
subkey for encryption.
iv. Final Output: After all rounds, the two halves are recombined to produce the ciphertext.
The Feistel cipher is notable because it can be easily inverted, meaning the same algorithm and key
can be used for both encryption and decryption. The number of rounds and the complexity of the
round function determine the strength of the encryption.
 Group-C
(Long Answer Type Question; 15-Mark Question)
7. Write short notes on:
7. (a) Firewall
A firewall is a network security device that monitors
and controls incoming and outgoing network traffic
to protect a computer network from unauthorized
access:
i. How Firewall it works?
Firewalls act as a gatekeeper, analyzing each network
packet and deciding whether to allow it through
based on a set of pre-defined security rules.

7. (b) Backdoor

A backdoor is a method of bypassing normal authentication or encryption in a computer system,

often for the purpose of gaining unauthorized access to data or system functionality. Typically
installed by malware or a malicious actor, backdoors can provide an attacker with remote control
over the compromised system, making it easier to exploit vulnerabilities. Backdoors may be hidden
in software or hardware and can be accessed without the user's knowledge, often allowing for
continuous, undetected access.

7. (c) Trapdoor
A trapdoor is similar to a backdoor but is a hidden entry point
intentionally embedded into a program or system by the
developer (often for testing purposes). It can be used
maliciously if discovered by unauthorized users. Unlike
backdoors, which are typically installed by external attackers,
trapdoors are intentionally created by insiders (e.g.,
developers) and can be used to exploit vulnerabilities for
malicious purposes.
8. (a) Discuss the SQL Injection in detail.
SQL Injection is a code injection technique that exploits vulnerabilities in an application’s software
by inserting or "injecting" malicious SQL code into a query. This attack is possible when an
application fails to validate input data properly. The injected code can manipulate the SQL query
to gain unauthorized access to the database, retrieve, modify, or delete data. SQL Injection can also
allow attackers to execute administrative operations on the database, such as shutting down the
database or bypassing authentication systems. Preventative measures include input validation,
prepared statements, and parameterized queries.

8. (b) What is buffer overflow?

A buffer overflow occurs when data overflows from one buffer to another, which can lead to
corruption of data, unexpected program behavior, or even system crashes. This occurs when a
program writes more data to a buffer than it can handle. Attackers can exploit buffer overflows to
execute arbitrary code, gain control of a system, or crash applications. Buffer overflows can target
security vulnerabilities and compromise the confidentiality, integrity, or availability of a system.

8. (c) Discuss how to minimize Buffer Overflow.

To minimize buffer overflow vulnerabilities, developers should:
i. Use safe programming languages that check bounds, like Python or Java.
ii. Validate input data to ensure it matches expected types and lengths.
iii. Use stack canaries and security mechanisms like ASLR (Address Space Layout
Randomization).
iv. Avoid using unsafe functions like strcpy() or gets().
v. Implement memory management techniques such as bounds checking.
9. (a) How VoIP hacking is done by attacker?
Voice over Internet Protocol (VoIP) hacking involves exploiting vulnerabilities in VoIP technology
to eavesdrop, intercept calls, or gain unauthorized access. Common methods include:
i. Man-in-the-Middle (MITM) Attacks: Intercepting VoIP traffic to listen or alter
communication.
ii. VoIP Phishing: Trick users into providing sensitive information.
iii. Denial of Service (DoS): Overloading the VoIP network to disrupt service.
iv. Credential Cracking: Attempting to gain access by cracking weak passwords or exploiting
default configurations.

9. (b) What are the measures for it?

i. Encryption: Encrypt VoIP calls using protocols like TLS (Transport Layer Security) or SRTP
(Secure Real-Time Transport Protocol).
ii. Strong Authentication: Implement two-factor authentication to secure access to VoIP
accounts.
iii. Regular Updates: Keep VoIP hardware and software updated to patch known
vulnerabilities.
iv. Firewalls: Use firewalls to block unauthorized VoIP traffic.
v. Intrusion Detection Systems (IDS): Monitor for unusual VoIP activity.

9. (c) Identify wireless network defense.

Defending wireless networks involves:
i. Encryption: Use WPA3 encryption to protect data transmitted over the network.
ii. Strong Authentication: Implement robust password policies and multi-factor authentication.
iii. Disable SSID Broadcasting: Hide the network’s SSID to make it less visible to unauthorized
users.
iv. Firewalls: Set up firewalls to filter traffic from unauthorized devices.
v. Regular Monitoring: Continuously monitor network activity for suspicious behavior.

10. (a) Name & explain the two protocols to use for E-mail Security.
i. SSL/TLS (Secure Socket Layer/Transport Layer Security): This protocol secures email
communication by encrypting the connection between email servers, preventing
eavesdropping and tampering.
ii. PGP (Pretty Good Privacy): PGP provides end-to-end email encryption by using a
combination of public-key and symmetric encryption techniques, ensuring that only the
intended recipient can read the message.

10. (b) Explain Cryptanalysis process.

Cryptanalysis is the process of analyzing and breaking cryptographic algorithms to decipher
encrypted information without having access to the secret key. It involves:

i. Ciphertext Analysis: Studying the ciphertext for patterns or weaknesses.

ii. Frequency Analysis: Identifying the frequency of certain symbols or letter combinations to
infer potential plaintext.
iii. Brute Force Attack: Trying all possible keys until the correct one is found.
iv. Mathematical Attacks: Using mathematical techniques to solve the cryptographic problem
or reduce the search space.
11. (a) Elaborate "Cyber-crime plays a vital role against person, property, and govt. to protect all
valuable information and rights".
Cybercrime has become a significant threat to individuals, property, and governments, impacting
the safety and integrity of valuable information and rights in multiple ways. Here’s an elaboration
on how ''Cyber crime play a vital role against person, property and Govt. to protect all valuable
information and rights':
 Impact on Individuals
 Identity Theft and Fraud: Cybercriminals can steal personal information such as social
security numbers, credit card details, or login credentials. This allows them to commit fraud,
leading to financial losses, ruined credit, or unauthorized use of an individual's identity.
 Privacy Violations: Hackers may invade personal privacy by accessing emails, social media
accounts, or private files. Sensitive personal data may be sold or used maliciously, leading to
emotional and financial distress.
 Cyberbullying and Harassment: The internet provides a platform for bullying, defamation,
and harassment, often anonymously, leading to mental and emotional harm for victims.
 Impact on Property
 Intellectual Property Theft: Cybercriminals often steal valuable intellectual property, such
as patents, designs, trademarks, and software, which can harm businesses and creative
industries. Counterfeiting and pirated content can be sold online, diminishing the value of
original creations.
 Financial Losses to Businesses: Cyber attacks like ransomware and data breaches can lead
to significant financial losses for businesses. The costs of repairing damage, compensating
victims, and dealing with legal ramifications can be devastating. For example, a ransomware
attack can lock critical systems, and the company may be forced to pay a ransom to regain
access to their data.
 Damage to Infrastructure: Cybercriminals may target industrial systems, utilities, or
transportation networks, causing physical and financial damage to infrastructure. In some
cases, such attacks could even endanger lives, especially in critical sectors like healthcare or
energy.
 Impact on Governments
 National Security Threats: Cyber attacks on government institutions can compromise
national security. Hackers may target military systems, intelligence agencies, or critical
infrastructure like power grids, water supplies, and communication networks. These
breaches can lead to espionage, sabotage, or even cyber warfare between nations.
 Election Interference: Cybercriminals, including foreign actors, may interfere with elections
by hacking voting systems or spreading misinformation to manipulate public opinion. This
undermines democracy and weakens trust in electoral processes.
 Loss of Public Trust: When governments fail to protect citizens' data or suffer breaches of
sensitive information, it can lead to a loss of public trust. Citizens may become distrustful of
governmental institutions, which could have long-term repercussions on societal stability.
 Protecting Information and Rights
 Encryption and Cybersecurity: Strong encryption techniques and cybersecurity measures
help protect sensitive data from unauthorized access. Encryption ensures that even if data is
intercepted, it cannot be read by cybercriminals.
 Laws and Regulations: Governments around the world have enacted cyber laws to address
cybercrime, protect citizens' rights, and hold cybercriminals accountable. Laws such as the
GDPR (General Data Protection Regulation) in the EU aim to protect personal data and
privacy.
11. (b) Encrypt a plain text using transposition cipher key.
To encrypt a plaintext using a transposition cipher, follow these steps:
Example:
Plaintext: "MEETMEATTHEPARK"
Key: [3, 1, 4, 2] (the key determines the column order)
i. Step-by-Step Process:
1. Write the Plaintext in Rows: Divide the plaintext into rows according to the key length (4 in this
example). Add padding if needed.
M E E T
M E A T
T H E P
A R K X (Padded with 'X')

ii. Rearrange Columns by Key Order: Rearrange the columns based on the key [3, 1, 4, 2].
 Column 3 becomes first, Column 1 becomes second, and so on:
E M T E
A M T E
E T P H
K A X R
iii. Read Column by Column: Read the characters column-wise to form the ciphertext:
Ciphertext: ETAKE MMTT EPXR HEAR
Final Ciphertext:
"ETAKEMTTEPXRHAR"
This is how the plaintext is encrypted using the transposition cipher. The decryption process involves
reversing the column order using the key.

11. (c) What is transposition cipher?

A transposition cipher is a method of encryption that rearranges the positions of the characters in the
plaintext according to a specific system or key, without altering the actual characters. Unlike substitution
ciphers, which replace characters with others, transposition ciphers work by changing the order of the
characters to create the ciphertext.
Key Characteristics of a Transposition Cipher
i. Rearrangement: Characters are shuffled according to a pre-determined rule or key.
ii. No Substitution: The characters remain the same; only their positions are altered.
iii. Key-Based: The order of rearrangement is defined by a key, which must be known to both the
sender and the recipient for proper encryption and decryption.
Example:
Plaintext: "MEETMEATTHEPARK"
i. Rail Fence (2 rows):
MEMATEAK
ETETHPR
Ciphertext: "MEMATEAKEETETPHR"
ii. Columnar Transposition Cipher: The plaintext is written in rows of a fixed length (based on the
key) and then read column by column in a rearranged order.
Example:
Plaintext: "MEETMEATTHEPARK"
Key: [3, 1, 4, 2]
Ciphertext: "ETAKEMTTEPXRHAR"
iii. Route Cipher: The plaintext is written in a grid and read according to a specific route, such as
spirals, zig-zags, or diagonals.
Transposition ciphers were historically used in military communication but are now considered weak
for modern encryption standards. However, they provide an essential foundation for understanding
cryptography.