Scribd
Upload
7 views

Network and Cybersecurity 10

The document provides an overview of key concepts in network and cybersecurity, including security services and mechanisms, encryption modes, non-repudiation, and authentication methods. It also discusses various attacks like buffer overflow and DDoS, as well as cryptographic techniques such as RSA, DES, and digital signatures. Additionally, it covers protocols like SSL and Kerberos, emphasizing their roles in secure communications and user authentication.

Uploaded by

yadavyuvrajsingh6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views

Network and Cybersecurity 10

The document provides an overview of key concepts in network and cybersecurity, including security services and mechanisms, encryption modes, non-repudiation, and authentication methods. It also discusses various attacks like buffer overflow and DDoS, as well as cryptographic techniques such as RSA, DES, and digital signatures. Additionally, it covers protocols like SSL and Kerberos, emphasizing their roles in secure communications and user authentication.

Uploaded by

yadavyuvrajsingh6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Network and Cybersecurity 10-Marks Answers

1a. Relationship between Security Services and Mechanisms

Security Services provide the goals of secure communications: Confidentiality, Integrity,


Authentication, Non-repudiation, Access Control.

Security Mechanisms are techniques to implement these services: Encryption, Digital Signatures,
MACs, Access Control Lists.

Relationship: Mechanisms are the practical means to achieve services.

Example: To achieve Confidentiality (service), Encryption (mechanism) like AES is used.

Service Mechanism

Confidentiality Encryption

Integrity Hash Functions

Authentication Digital Signature

Non-Repudiation Public Key Signature

Access Control Firewalls, ACLs

1b. ECB and CBC Modes of Block Cipher

ECB (Electronic Codebook Mode):

 Each block encrypted independently.

 Fast but insecure for large data.

 Identical plaintext blocks = identical ciphertext blocks.

CBC (Cipher Block Chaining Mode):

 Each block XORed with previous ciphertext before encryption.

 More secure, but sequential dependency.

Feature ECB CBC

Block Dependency No Yes

Parallel Encryption Yes No

Security Lower Higher

Conclusion: CBC is more secure, suitable for large and sensitive data.

1c. Non-repudiation and Authentication


Authentication: Verifying identity (e.g., password login, digital certificate).

Non-repudiation: Prevents denial of sending a message (e.g., digital signature).

Example:

 Alice signs a message with her private key.

 Bob verifies it using Alice's public key.

 Confirms identity (authentication) and proof of sending (non-repudiation).

Conclusion: Digital signatures achieve both.

1d. Challenge-Response Based Authentication Tokens

Process:

1. Server sends a random challenge.

2. Client encrypts or hashes it with a secret.

3. Server verifies the response.

Example:

 Smart cards, OTP systems.

Advantages:

 Resists replay attacks.

 Passwords not directly transmitted.

Conclusion: A dynamic and secure way to authenticate users.

1e. Buffer Overflow Attack

Definition: When more data is written to a buffer than it can hold, overwriting adjacent memory.

Consequences:

 Program crash.

 Arbitrary code execution.

 System control takeover.

Example:

char buffer[10];

gets(buffer);

Prevention:

 Input validation.
 Stack canaries.

 ASLR.

Conclusion: Critical vulnerability; secure coding practices are necessary.

2a. RSA Key Generation and Encryption Example

Steps:

1. Select two primes p and q.

2. Calculate N = p*q.

3. Calculate \u03d5(N) = (p-1)(q-1).

4. Choose public key e (coprime with \u03d5(N)).

5. Calculate private key d: (d * e) % \u03d5(N) = 1.

Given: (E=7, N=187)

 p=11, q=17 (since 11*17=187)

 \u03d5(N) = (11-1)(17-1) = 1016 = 160

 Find d: d * 7 \u2261 1 (mod 160) => d=23

Encryption: M=10 C = (M^E) mod N = (10^7) mod 187 = 143

Answer:

 \u03d5(N) = 160

 Private key d = 23

 Ciphertext = 143

2b. DES (Data Encryption Standard)

1. Block and Key Size:

o Block Size: 64 bits.

o Key Size: 56 bits (plus 8 parity bits).

2. Need for Expansion Permutation:

o Expands 32-bit half-block to 48 bits for mixing with subkey.

3. Role of S-box:

o Provides non-linearity.

o Takes 6 bits input, gives 4 bits output.

4. Weak and Semi-Weak Keys:


o Weak keys: Produce same subkey in every round.

o Semi-weak keys: Two keys encrypt plaintext to same ciphertext.

5. Possible Attacks:

o Brute Force (exhaustive key search).

o Differential Cryptanalysis.

o Linear Cryptanalysis.

Conclusion: Although old, DES laid the foundation for modern encryption standards.

3a. Goals served using Message Digest (Example: MD5)

Goals:

 Data Integrity.

 Authentication (with MACs).

MD5:

 Produces a 128-bit hash value.

 Even a small change in input drastically changes output (avalanche effect).

Use:

 Verify file integrity.

 Password storage (hashed passwords).

Conclusion: Message digests protect against tampering.

3b. DDOS Attack (Distributed Denial of Service)

Definition: Multiple compromised systems attack a target, overwhelming it with traffic.

Steps:

1. Hacker infects systems (zombies).

2. Zombies simultaneously flood the victim.

Impact:

 Server crash.

 Service unavailability.

Example:

 Attack on GitHub (2018).

Conclusion: DDOS attacks are serious threats to online services.


4a. Digital Certificates and Signatures

Why Required:

 Validate the authenticity of entities online.

Role of Digital Signatures:

 Certificates are signed by trusted Certificate Authorities (CAs).

 Provide authentication and data integrity.

Example Algorithm: RSA Digital Signature

 Hash the message.

 Encrypt hash with sender's private key.

 Receiver decrypts and verifies the hash.

Conclusion: Digital signatures are central to secure e-commerce and communications.

4b. PGP (Pretty Good Privacy) in Email Security

Confidentiality:

 Encrypts email content with symmetric key.

 Symmetric key encrypted with recipient's public key.

Authentication:

 Sender signs the message with private key.

Working:

 Combines symmetric and asymmetric encryption for speed and security.

Conclusion: PGP secures email confidentiality and authenticity effectively.

5a. Euler's Phi Function Rules and Examples

Rules:

 If p is prime, \u03c6(p) = p-1.

 If N = p^k, \u03c6(N) = p^k - p^(k-1).

 If N = p*q (primes), \u03c6(N) = (p-1)(q-1).

Examples:

 \u03c6(11) = 10

 \u03c6(49) = 49 - 7 = 42
 \u03c6(240) = 240*(1-1/2)(1-1/3)(1-1/5) = 64

5b. Kerberos and Single Sign-On (SSO)

Kerberos:

 A network authentication protocol using tickets.

Working:

 Client authenticates once to Authentication Server (AS).

 Gets Ticket Granting Ticket (TGT).

 TGT used to access multiple services without re-login.

Why Called SSO:

 Single login provides access to multiple services.

Conclusion: Kerberos improves security and user convenience.

6a. SSL Protocol Functions and Handshake Phases

SSL Protocols:

 Handshake Protocol: Establishes session.

 Record Protocol: Data transmission.

 Alert Protocol: Error handling.

 Change Cipher Spec Protocol: Change encryption keys.

SSL Handshake Phases:

1. ClientHello: Client sends supported cipher suites.

2. ServerHello: Server selects cipher suite.

3. Certificate Exchange: Server sends certificate.

4. Key Exchange: Client and server exchange keys.

5. Finished Messages: Secure communication begins.

Conclusion: SSL ensures secure communications over the internet.

End of Document

You might also like