Subject : Cryptography & System Security

QB for Term Test -1

2M
1. What are the requirements for secure hash functions?
Ans:-
A secure hash function in Cryptography & System Security must satisfy these properties:

1. Preimage Resistance – Cannot find the original input from its hash.

2. Second Preimage Resistance – Cannot find another input with the same hash.

3. Collision Resistance – Cannot find two different inputs with the same hash.

4. Deterministic – Same input always gives the same output.

5. Avalanche Effect – Small input change creates a big hash difference.

6. Fast Computation – Should be efficient to compute.

7. Fixed-Length Output – Produces a fixed-size hash.

8. Secure Against Attacks – Should resist length extension and other attacks.

Examples of secure hash functions: SHA-256, SHA-3

Examples of insecure ones: MD5, SHA-1 (prone to collisions).

2. List the Substitution Techniques.

Ans:-
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Vigenère Cipher
6. One-Time Pad
7. Affine Cipher
8. Homophonic Substitution Cipher
3. Distinguish keyed and keyless transposition Ciphers.
Ans:-

4. Define non-repudiation and authentication.

Ans:-
Non-Repudiation

• Ensures that a sender cannot deny sending a message and a receiver cannot deny receiving it.

• Prevents entities from falsely claiming they did not perform an action.

• Implemented using digital signatures, cryptographic hashes, and timestamps.

• Used in secure communications, financial transactions, and legal agreements.

Authentication

• Verifies the identity of a user, system, or entity before granting access.

• Ensures only legitimate users can access a system.

• Implemented using passwords, biometrics, two-factor authentication (2FA), and cryptographic

protocols like PKI.

• Essential for preventing unauthorized access and security breaches.

5. Explain Services and Mechanisms.
Ans:-
1. Security Services:

Security services provide protection against various security threats. According to ISO 7498-2 (OSI
Security Architecture), security services can be classified as:

• Authentication: Ensures that the sender and receiver of a message are who they claim to be.

• Access Control: Restricts unauthorized users from accessing system resources.

• Data Confidentiality: Protects data from unauthorized access using encryption.

• Data Integrity: Ensures that data is not altered during transmission.

• Non-repudiation: Prevents denial of sending or receiving a message.

2. Security Mechanisms:

Security mechanisms implement security services to counteract threats. Some key mechanisms
include:

• Encryption: Converts plaintext into ciphertext to protect confidentiality (e.g., AES, RSA).

• Hashing: Ensures data integrity using hash functions (e.g., SHA-256, MD5).

• Digital Signatures: Provides authentication, integrity, and non-repudiation (e.g., RSA, DSA).

• Firewalls: Controls network traffic to prevent unauthorized access.

• Intrusion Detection Systems (IDS): Monitors networks for suspicious activities.

• Access Control Lists (ACLs): Defines rules for user access to resources.
6. List the Security Goals.
Ans:-
1. Confidentiality – Ensuring that information is accessible only to those authorized to access it
(e.g., encryption).
2. Integrity – Ensuring that data is not altered or tampered with during transmission or storage
(e.g., hash functions, digital signatures).
3. Availability – Ensuring that information and systems are accessible when needed (e.g.,
protection against DoS attacks).
4. Authentication – Verifying the identity of users or systems before granting access (e.g.,
passwords, biometrics, certificates).
5. Non-Repudiation – Preventing denial of an action by ensuring proof of origin and delivery
(e.g., digital signatures, audit logs).
6. Authorization – Granting specific permissions to users based on their identity and roles (e.g.,
access control lists).

7. Compare mono-alphabetic and polyalphabetic substitution techniques

Ans:-
8. Differentiate between SHA-1 and MD5
Ans:-

9. State Transposition technique.

Ans:-
In Cryptography & System Security, the State Transposition Technique refers to a method
where the positions of elements within a state (such as a matrix or block of data) are
rearranged according to a predefined or dynamic transposition rule. This technique is
commonly used in symmetric encryption algorithms to enhance diffusion, making it harder
for attackers to analyze patterns in ciphertext.
Example in Cryptography:
1. AES (Advanced Encryption Standard):
o The ShiftRows step in AES is a transposition technique where rows of the state
matrix are cyclically shifted.
2. Permutation-based Ciphers:
o Classical ciphers like Rail Fence Cipher and Columnar Transposition Cipher rely
purely on transposition for security.
3. Block Ciphers:
o Many modern block ciphers use transposition techniques combined with
substitution to provide confusion and diffusion, as per Shannon’s principles.
Thus, the State Transposition Technique is crucial in cryptographic algorithms for enhancing
security by redistributing plaintext dependencies across ciphertext.

10. Differentiate Attacks and Threats.

Ans:-
Threats
• A threat is a potential danger or risk that could exploit a vulnerability in a system.
• It represents a possibility of an attack but does not necessarily mean an attack has
occurred.
• Example: The existence of malware, phishing attempts, or weak encryption in a system
poses a threat.
Attacks
• An attack is an actual attempt to exploit a vulnerability to compromise security.
• It is an action taken by an adversary to breach confidentiality, integrity, or availability
(CIA triad).
• Example: A brute-force attack on a password-protected system or a man-in-the-middle
attack on encrypted communication.
11. Explain Services and Mechanisms.
Ans:-
1. Security Services
Security services are designed to provide protection against security threats and ensure
secure communication and data integrity. The main security services include:
1. Confidentiality – Ensures that data is accessible only to authorized users. (Example:
Encryption techniques like AES, RSA)
2. Integrity – Ensures that data is not modified or altered during transmission. (Example:
Hash functions like SHA-256, Message Authentication Codes)
3. Authentication – Verifies the identity of users or devices before granting access.
(Example: Digital signatures, certificates)
4. Non-repudiation – Ensures that an entity cannot deny having performed an action, such
as sending a message. (Example: Digital signatures)
5. Access Control – Restricts unauthorized users from accessing resources. (Example: Role-
Based Access Control (RBAC), Access Control Lists)
2. Security Mechanisms
Security mechanisms are the tools and techniques used to implement security services.
Some key mechanisms include:
1. Encryption – Converts plaintext into ciphertext to ensure confidentiality. (Example: AES,
RSA, ECC)
2. Hashing – Generates a fixed-size hash value from data to verify integrity. (Example: SHA-
256, MD5)
3. Digital Signatures – Ensures authentication and non-repudiation using cryptographic
signing. (Example: RSA, DSA, ECDSA)
4. Authentication Protocols – Secure methods to verify identity. (Example: Kerberos,
OAuth)
5. Intrusion Detection Systems (IDS) – Detects unauthorized activities or anomalies in
networks. (Example: Snort, Suricata)
6. Firewalls – Filters network traffic to prevent unauthorized access. (Example: Packet
filtering, Stateful inspection)
7. Key Management – Ensures secure storage, distribution, and renewal of cryptographic
keys. (Example: Public Key Infrastructure (PKI))
12. List the Security Goals.
Ans:-
In Cryptography & System Security, the primary security goals are:
1. Confidentiality – Ensuring that sensitive information is only accessible to authorized
entities and remains protected from unauthorized access.
2. Integrity – Ensuring that data remains unaltered during transmission and storage,
preventing unauthorized modifications.
3. Availability – Ensuring that systems, services, and data are accessible to authorized
users whenever needed.
4. Authentication – Verifying the identity of users, systems, or entities before granting
access.
5. Non-Repudiation – Ensuring that a sender cannot deny sending a message and a
receiver cannot deny receiving it, using digital signatures or cryptographic proofs.
6. Authorization – Defining and enforcing access control policies to ensure users can only
access permitted resources.
7. Accountability – Keeping logs and audit trails to track actions performed by users for
security and forensic analysis.
5M
1. Explain DES Algorithm.
Ans:-
DES Algorithm in Cryptography & System Security
The Data Encryption Standard (DES) is a symmetric key encryption algorithm used for
securing digital data. It was developed by IBM in the early 1970s and later adopted by the
U.S. National Institute of Standards and Technology (NIST) as a standard for encryption.
Though it has been largely replaced by more secure algorithms like AES, DES remains an
essential concept in cryptography and system security.

Key Features of DES

1. Block Cipher: DES encrypts data in fixed-size 64-bit blocks.
2. Symmetric Key: The same 56-bit key is used for both encryption and decryption.
3. Feistel Network Structure: It processes data through multiple rounds of permutation
and substitution.
4. 16 Rounds of Encryption: Each round involves key mixing, expansion, substitution, and
permutation.
5. Key Scheduling: A 56-bit key is divided into 16 subkeys (48-bit each), used in each round.

DES Encryption Process

Step 1: Initial Permutation (IP)
• The 64-bit plaintext undergoes an initial permutation, which rearranges bits according to
a fixed table.
Step 2: Splitting into Two Halves
• The permuted block is split into Left Half (L) and Right Half (R), each 32-bit.
Step 3: 16 Rounds of Feistel Cipher
Each round consists of:
1. Expansion (E-Box): The 32-bit right half is expanded to 48 bits.
2. Key Mixing (XOR): The expanded right half is XORed with a 48-bit subkey.
3. Substitution (S-Box): The result is passed through 8 S-boxes, reducing it back to 32 bits.
4. Permutation (P-Box): The output is permuted based on a predefined table.
5. XOR with Left Half: The result is XORed with the left half.
6. Swap: The halves are swapped before the next round.
Step 4: Final Permutation (FP)
• After 16 rounds, the final permutation is applied to produce the ciphertext.

DES Decryption
• The decryption process follows the same steps as encryption but with the subkeys used
in reverse order.

Security & Vulnerabilities

Strengths:

Simple and efficient for hardware implementations.

Provides reasonable security for short messages.
Weaknesses:

Short Key Length (56-bit): Vulnerable to brute-force attacks.

Cryptanalysis Attacks: Differential and linear cryptanalysis weaken its security.
Not Suitable for Modern Security: DES has been replaced by AES (Advanced Encryption
Standard) and Triple DES (3DES).
2. Explain AES Algorithm.
Ans-
Advanced Encryption Standard (AES) Algorithm
The Advanced Encryption Standard (AES) is a symmetric key encryption algorithm widely
used for securing data. It was established by the National Institute of Standards and
Technology (NIST) in 2001 as a replacement for the Data Encryption Standard (DES) due to
its superior security and efficiency. AES is part of modern cryptographic systems and is used
in applications such as SSL/TLS encryption, secure communications, and data storage.
Key Features of AES
• Symmetric Key Cipher: The same key is used for both encryption and decryption.
• Block Cipher: Operates on fixed-size blocks of data (128-bit block size).
• Key Lengths: Supports 128-bit, 192-bit, and 256-bit keys.
• Security: Resistant to known cryptographic attacks like brute force and differential
cryptanalysis.
AES Algorithm Structure
AES follows a substitution-permutation network (SPN) structure and encrypts data in
multiple rounds based on the key size:
• 10 rounds for 128-bit key
• 12 rounds for 192-bit key
• 14 rounds for 256-bit key
Each round consists of four main transformations:
1. SubBytes (Substitution Layer)
o Uses the S-Box (Substitution Box) to perform byte-wise substitution, making the
encryption non-linear and resistant to cryptanalysis.
2. ShiftRows (Permutation Layer)
o Performs a left cyclic shift on rows of the block matrix to spread data across
columns.
3. MixColumns (Diffusion Layer)
o Multiplies each column with a fixed matrix using Galois Field (GF) arithmetic to
enhance diffusion and spread plaintext influence over ciphertext.
4. AddRoundKey
o XORs the current state with a round key derived from the original key using the
Key Expansion process.
The final round omits the MixColumns step to maintain reversibility during decryption.
AES Decryption
Decryption in AES follows the inverse of each encryption step:
• InvSubBytes
• InvShiftRows
• InvMixColumns
• AddRoundKey
Security Strength
• AES is considered highly secure and is used by government and financial institutions.
• It is resistant to brute force attacks, as 2¹²⁸ possible keys make it computationally
infeasible to break with current technology.
3. Consider A & B choose p=23 & g=5 as public parameters. Their secret keys are
Ans:-
4. 6 &15.Compute their shared secret using Diffie Hellman.
Ans:-
5. What goals are served using a message digest ? Explain using MD5.
Ans:-
Goals Served Using a Message Digest in Cryptography & System Security
A Message Digest is a fixed-length hash value generated from input data using a
cryptographic hash function. It serves the following security goals in cryptography and
system security:
1. Data Integrity:
o Ensures that data has not been altered during transmission or storage.
o If even a single bit of input changes, the digest (hash) will change significantly
(avalanche effect).
2. Authentication:
o Used to verify the authenticity of a message or file.
o Digital signatures use message digests to ensure messages come from trusted
sources.
3. Non-Repudiation:
o Prevents senders from denying they sent a message since the digest is unique to
the original content.
4. Efficiency in Data Comparison:
o Instead of comparing entire files, their hash values can be compared for quick
verification.
MD5 (Message Digest Algorithm 5) in Cryptography
MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash
value from any input.
Working of MD5:
1. Padding:
 o The input message is padded so its length becomes a multiple of 512 bits.
2. Processing in Blocks:
o The message is divided into 512-bit blocks, and each block is processed in 64
rounds using bitwise operations.
3. Hash Computation:
o MD5 uses four buffer registers (A, B, C, D) initialized with fixed values.
o The algorithm processes each block using a series of logical operations, rotations,
and additions.
4. Output:
o The final 128-bit hash value is produced after processing all blocks.
Security Weakness of MD5:
• Collisions: Two different inputs can produce the same hash, making it vulnerable to
attacks.
• Not Secure for Digital Signatures or Encryption: Due to weaknesses, stronger algorithms
like SHA-256 are preferred.
6. Explain double DES and triple DES Algorithm.
Ans:-
7. Differentiate between CMAC and HMAC.
Ans:-
8. Discuss Kerberos authentication protocol.
Ans:-
Kerberos Authentication Protocol in Cryptography & System Security
Kerberos is a network authentication protocol that uses secret-key cryptography to provide
secure authentication over non-secure networks. It was developed at MIT and is widely used
for securing client-server applications.

1. Components of Kerberos
Kerberos consists of three main components:
1. Key Distribution Center (KDC) – The central authority responsible for authentication and
ticket granting.
o Authentication Server (AS) – Verifies user identity and issues a Ticket Granting
Ticket (TGT).
o Ticket Granting Server (TGS) – Issues service tickets after verifying the TGT.
2. Client – The entity requesting access to a service.
3. Server (Service Provider) – The resource that the client wants to access securely.

2. Working of Kerberos
The authentication process involves multiple steps:
1. Initial Authentication:
o The client sends an authentication request to the AS.
o AS verifies credentials and sends back a TGT encrypted with the client’s secret
key.
2. Service Request:
o The client presents the TGT to the TGS for access to a specific service.
o TGS verifies the TGT and issues a service ticket.
3. Access Granting:
o The client presents the service ticket to the server.
o The server decrypts and verifies the ticket.
 o If valid, the client is granted access.

3. Security Features of Kerberos

• Mutual Authentication – Both client and server authenticate each other.
• Ticket-based Authentication – Eliminates the need to send passwords over the network.
• Session Keys – Uses encrypted session keys to maintain confidentiality.
• Time-stamped Tickets – Prevents replay attacks by limiting ticket validity.

4. Cryptographic Techniques Used

• Symmetric Key Cryptography (AES, DES, or RC4) – Used for encryption of tickets and
authentication messages.
• Hash Functions – Used for integrity verification.
• Nonce & Timestamping – Protects against replay attacks.

5. Vulnerabilities & Mitigations

Vulnerability Mitigation

Replay Attacks Uses timestamps & nonces

Password Guessing Enforces strong password policies

KDC as Single Point of Failure Implement redundancy & backup KDCs

Man-in-the-Middle (MITM) Attacks Uses strong encryption & mutual authentication

6. Applications of Kerberos
• Used in Windows Active Directory for authentication.
• Integrated with SSH for secure remote logins.
• Used in enterprise Single Sign-On (SSO) systems.
• Secures database access in systems like PostgreSQL and Oracle.