Q. No.

1
[2 Marks X 10 = 20 Marks]
a. What is Threads classification?

b. Give the difference between block ciphers and stream ciphers.

c. What is masquerading?
masquerade is a type of attack where the attacker pretends to be an authorized
user of a system in order to gain access to it or to gain greater privileges than
they are authorized for. A masquerade may be attempted through the use of
stolen logon IDs and passwords, through finding security gaps in programs,
or through bypassing the authentication mechanism. The attempt may come
from within an organization, for example, from an employee; or from an
outside user through some connection to the public network. Weak
authentication provides one of the easiest points of entry for a masquerade,
since it makes it much easier for an attacker to gain access. Once the attacker
has been authorized for entry, they may have full access to the organization's
critical data, and (depending on the privilege level they pretend to have) may
be able to modify and delete software and data, and make changes to network
configuration and routing information.
d. What are the requirements for digital signature?

To establish these conditions, the content creator must digitally sign the
content by using a signature that satisfies the following criteria:
The digital signature is valid. A CA that is trusted by the operating
system must sign the digital certificate on which the digital signature is
based.
The certificate that is associated with the digital signature is not
expired.
The signing person or organization (known as the publisher) is trusted
by the recipient.
The certificate associated with the digital signature is issued to the
signing publisher by a reputable CA.
e. Brief about Annual Loss Expectancy?
The annualized loss expectancy (ALE) is the product of the annual rate of
occurrence (ARO) and the single loss expectancy (SLE). It is mathematically
expressed as:

Suppose than an asset is valued at $100,000, and the Exposure Factor (EF)
for this asset is 25%. The single loss expectancy (SLE) then, is 25% *
$100,000, or $25,000.
The annualized loss expectancy is the product of the annual rate of
occurrence (ARO) and the single loss expectancy. ALE = ARO * SLE
For an annual rate of occurrence of one, the annualized loss expectancy is
1 * $25,000, or $25,000.
For an ARO of three, the equation is: ALE = 3 * $25,000. Therefore: ALE
= $75,000

f. Mention the Security Policies and Measures in Mobile Computing?

g. What is meant by polymorphic viruses.
A polymorphic virus is a complicated computer virus that affects data types
and functions. It is a self-encrypted virus designed to avoid detection by a
scanner. Upon infection, the polymorphic virus duplicates itself by creating
usable,
albeit
slightly
modified,
copies
of
itself.
Polymorphism, in computing terms, means that a single definition can be
used with varying amounts of data. In order for scanners to detect this type of
virus, brute-force programs must be written to combat and detect the
polymorphic virus with novel variant configurations.
h. What is the purpose of Diffie-Hellman algorithm?
Diffie Hellman is an algorithm used to establish a shared secret between
two parties. It is primarily used as a method of exchanging cryptography keys
for use in symmetric encryption algorithms like AES. The algorithm in
itself is very simple.
i. Identify any two applications where one way authentication is
necessary.
A common example of two-factor authentication is a bank card: the card
itself is the physical item and the personal identification number (PIN) is the
data that goes with it. Including those two elements makes it more difficult
for someone to access the users bank account because they would have to
have the physical item in their possession and also know the PIN.
According to proponents, two-factor authentication can drastically reduce the
incidence of online identity theft, phishingexpeditions, and other online
fraud, because stealing the victim's password is not enough to give a thief
access to their information.
j. What is Conventional Encryption?

Conventional Encryption involves transforming plaintext messages into

ciphertext messages that are to be decrypted only by the intended receiver.
Both sender and receiver agree upon a secrete key to be used in encrypting
and decrypting. Usually the secrete key is transmitted via public key
encryption methods.

Figure 1: Flow Diagram

In conventional encryption, it is assumed that it is mathematically impossible
to derive the plaintext from the ciphertext without the key.[R1] Therefore, it is
essential that the key remains secret.
These encryption algorithms are used in practice due to their efficiency in
encrypting/decrypting but these algorithms have vulnerabilities. One aspect
of these vulnerabilities is the total number of keys available to choose from.
Larger key domains reduce possibility of brute force attacks. The key length
is another aspect of these vulnerabilities since they will produce periodic
patterns in the ciphertext. Longer keys often reduce periodicity. The goal of
conventional encryption algorithms is to produce truly randomized
ciphertexts, such that the use of frequency analysis on individual ciphertext
symbols or ciphertext blocks is useless.

Q. No. 2
a. Explain the importance of management role in implementing
information security in an organization?
[6 Marks]
Many multinational corporations outsource their non-core projects to other
Companies to focus on core processes. The outsourced work is taken over by
Companies with the agreement that none of the customers/clients
confidential information will be compromised. In recent times, every
Organization that have thrown their hat in the ring when it comes to market

share give more importance to Information Security as it helps to maintain a

secure and reliable environment not only for the customers but also for staff
personnel.
The second instance of a security breach in an organization can be:

Organizations financial results have been leaked to Competitors and

media

Confidential business strategies for new projects have been

compromised

Clients personal information posted on the internet

Transfer of money from customers bank accounts

Many organizations have, unfortunately, by experience, found that the cost of

a breach in security is always higher than that of its prevention. Nowadays
due to the fast improvements in technology, customers want to perform most
of their business online. Indirectly, this means that they will be genuinely
interested in a Service providers organization which provides them the best
security for their confidential information and privacy to remain safe.
One of the most sought after certifications in todays IT world and non-IT
also, implementation of ITIL can aid an organization to take measures
concerning strategic, operational and tactical levels. It stresses on the
importance of Information Security as a process that should be controlled,
properly planned, correctly implemented. After these aspects, the measures
should be evaluated and maintained.
Information Security Management is a vital process in Service Design phase
of the ITIL Service Lifecycle and its main purpose can be described as
aligning IT security with the business security of the Organization and ensure
that the integrity and confidentiality of the organizations data, information,
assets and IT services are not compromised and matches the requirements of
the business.
Three factors which ITIL will stress on while emphasizing IT information
security are:

The first important factor before implementing ITIL for an organization

is that it requires patience for successfully changing the process and
policies. An organization can succeed in its endeavours only when
employees throughout the organization get involved.

In some organizations, Information Security is not given its importance

and seen off as hindrance or unnecessary costs. But with
implementation of ITIL, its policies and procedures demand that the
Information Security systems and programs are updated as per the
businesss needs.

Implementation of ITIL lays the foundation structure on which

Information Security can be built. Important processes in association with
Information Security are taken into consideration such as Change
Management, Incident Management and Configuration Management.
Roles and responsibilities are properly defined and a common language is
established which will allow Information Security staff when in
discussion with internal and external business vendors and partners.
b. Distinguish between qualitative and quantitative risk assessment
method
Qualitative Risk Analysis
A qualitative risk analysis prioritizes the identified project risks using a predefined rating scale. Risks will be scored based on their probability or
likelihood of occurring and the impact on project objectives should they
occur.
Probability/likelihood is commonly ranked on a zero to one scale (for
example, .3 equating to a 30% probability of the risk event occurring).

The impact scale is organizationally defined (for example, a one to five scale,
with five being the highest impact on project objectives - such as budget,
schedule, or quality).
A qualitative risk analysis will also include the appropriate categorization of
the risks, either source-based or effect-based.
Quantitative Risk Analysis
A quantitative risk analysis is a further analysis of the highest priority risks
during a which a numerical or quantitative rating is assigned in order to
develop a probabilistic analysis of the project.
A

quantitative

analysis:

- quantifies the possible outcomes for the project and assesses the probability
of

achieving

specific

project

objectives

- provides a quantitative approach to making decisions when there is

uncertainty
- creates realistic and achievable cost, schedule or scope targets
In order to conduct a quantitative risk analysis, you will need high-quality
data, a well-developed project model, and a prioritized lists of project risks
(usually from performing a qualitative risk analysis)

Q. No. 3 a. Explain the types of attacks on double DES and triple DES.
[6 Marks]

b. Explain the shift row step of AES encryption? [4 Marks]

The ShiftRows step operates on the rows of the state; it cyclically shifts the
bytes in each row by a certain offset. For AES, the first row is left unchanged.
Each byte of the second row is shifted one to the left. Similarly, the third and
fourth rows are shifted by offsets of two and three respectively. For blocks of
sizes 128 bits and 192 bits, the shifting pattern is the same. Row n is shifted
left circular by n-1 bytes. In this way, each column of the output state of

the ShiftRows step is composed of bytes from each column of the input state.
(Rijndael variants with a larger block size have slightly different offsets). For
a 256-bit block, the first row is unchanged and the shifting for the second,
third and fourth row is 1 byte, 3 bytes and 4 bytes respectivelythis change
only applies for the Rijndael cipher when used with a 256-bit block, as AES
does not use 256-bit blocks. The importance of this step is to avoid the
columns being linearly independent, in which case, AES degenerates into
four independent block ciphers.

Q. No.4 a. Briefly explain about OSI security architecture [6 Marks]

OSI Security Architecture
The OSI security architecture provides a useful overview of many of
the concepts. The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as follows:
Security Attack: Any action that compromises the security of
information owned by an organization.
Security Mechanism: A process ( or a device incorporating such a
process) that is designed to detect, prevent, or recover from a security
attack.
Security Service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security
mechanisms to provide the service.
SECURITY ATTACKS

Passive attack attempts to learn or make use of information from the

system but does not affect system resources.
Active attack attempts to alter system resources / affect their operation.
Passive Attack: Eavesdropping on, or monitoring of, transmissions. Aim of
the opponent is to obtain information that is being transmitted
Two types of passive attacks are
Release of message contents : A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the
contents of these transmissions. Common technique used is encryption.
Traffic analysis : The opponent could determine the location and
identity of communicating hosts and could observe the frequency and length
of messages being exchanged. This information might be useful in guessing
the nature of the communication that was taking place.
Passive attacks are difficult to detect because they do not involve any
alteration of the data. It is feasible to prevent the success of these attacks,
usually by means of encryption. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection.
Active Attack
Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories:
masquerade, replay, modification of messages, and denial of service
A masquerade( Pose/Pretend to be/ Impersonate /Deception /Cover-up)
takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity
with few privileges to obtain extra privileges by impersonating an entity that
has those privileges.
Masquerade
A

Message from B
That appears to be from A

Replay

Capture message from A to C

Later replay the message

Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an
unauthorized effect. For example, a message meaning "Allow Suresh to read
confidential file accounts" is modified to mean "Allow Ramesh to read
confidential file accounts"
The denial of service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for
example, an entity may suppress all messages directed to a particular
destination (e.g., the security audit service). Another form of service denial is
the disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance.
Modification of messages

B modifies message from A to C

A

Denial of Service

C
B

B disrupts the services provided

By server
Server

Active attacks present the opposite characteristics of passive attacks.

Whereas passive attacks are difficult to detect, measures are available to
prevent their success. On the other hand, it is quite difficult to prevent active
attacks absolutely, because of the wide variety of potential physical, software,
and network vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them. If the detection has a
deterrent effect, it may also contribute to prevention.
SECURITY SERVICES
A processing or communication service that is provided by a system
to give a specific kind of protection to system resources; security services
implement security policies and security services are implemented by
security mechanisms.
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication
Used in association with a logical connection to provide confidence
in the identity of the entities connected.
Data Origin Authentication
In a connectionless transfer, provides assurance that the source of
received data is as claimed.
ACCESS CONTROL
The prevention of unauthorized use of a resource
(This service controls who can have access to a resource, under what
conditions access can occur, what are all the things are allowed to be done)
DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality

The confidentiality of selected fields within the user data on a

connection or in a single data block.
Traffic Flow Confidentiality
The protection of the information that might be derived from
observation of traffic flows.
DATA INTEGRITY
A connection-oriented integrity service, one that deals with a stream of
messages, assures that messages are received as sent, with no duplication,
insertion, modification, reordering, or replays. The destruction of data is
also covered under this service. Thus, the connection-oriented integrity
service addresses both message stream modification and denial of service.
On the other hand, a connectionless integrity service, one that deals with
individual messages without regard to any larger context, generally provides
protection against message modification only.
NONREPUDIATION
Provides protection against denial of one of the entities involved in a
communication of having participated in all or part of the communication.
Nonrepudiation, Origin,
Proof that the message was sent by the specified party.
Nonrepndiation, Destination
Proof, that the message was received by the specified party.
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to
provide some of the OSl security services.
Encipherment
The use of mathematical algorithms to transform data into a form that
is not readily intelligible. The transformation and subsequent recovery of the
data depend on an algorithm and zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that
allows, a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the recipient).

If A is the sender of a message and B is the receiver, A encrypts the

message with As private key and sends the encrypted message to B.
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of
information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and
allows routing changes, especially when II breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data
exchange.
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service
or protocol layer.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g.,
as established by a security policy).
Security Label
The marking bound to a resource (which may be a data unit) that names
or designates the security attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail

Data collected and potentially used to facilitate a security audit, which

is an independent review and examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
b. Discuss different classical encryption techniques in detail. [4 Marks]
ENCRYPTION TECHNIQUES
Encryption techniques are broadly classified into Substition technique and
Transposition techniques.
Substitution - Substitution means replacing an element of the plaintext
with an element of ciphertext.
Transposition - Transposition means rearranging
appearance of the elements of the plaintext.

the

order

of

CAESAR CIPHER
This is the earliest known example of a substitution cipher.
Each character of a message is replaced by a character three position
down in the alphabet.
plaintext: are you ready
ciphertext: DUH BRX UHDGB
If we represent each letter of the alphabet by an integer that
corresponds to its position in the alphabet, the formula for replacing
each character p of the plaintext with a character C of the ciphertext
can be expressed as
C = E( 3, p ) = (p + 3) mod 26
A more general version of this cipher that allows for any degree of shift
would be expressed by

C = E( k, p ) = (p + k) mod 26
The formula for decryption would be
p = D( k, C ) = (C - k) mod 26
In these formulas, k would be the secret key. The symbols E and D
represent encryption and decryption.
PLAYFAIR CIPHER
In Playfair cipher, you first choose an encryption key. You then enter
the letters of the key in the cells of a 5 5 matrix in a left to right
fashion starting with the first cell at the top-left corner. You fill the rest
of the cells of the matrix with the remaining letters in alphabetic order.
The letters I and J are assigned the same cell. In the following example,
the key is smythework:
Rules
1. Two plaintext letters that fall in the same row of the 5 5 matrix are
replaced by letters to the right of each in the row. Therightness
property is to be interpreted circularly in each row, meaning that the
first entry in each row is to the right of the last entry. Therefore, the pair
of letters bf in plaintext will get replaced by CA in ciphertext.
2. Two plaintext letters that fall in the same column are replaced by the
letters just below them in the column. The belowness property is to
be considered circular, in the sense that the topmost entry in a column
is below the bottom-most entry. Therefore, the pair ol of plaintext
will get replaced by CV in ciphertext.
3. Otherwise, for each plaintext letter in a pair, replace it with the letter
that is in the same row but in the column of the other letter. Consider
the pair gf of the plaintext. We have g in the fourth row and the first
column; and f in the third row and the fifth column. So we replace g
by the letter in the same row as g but in the column that contains f.
This given us P as a replacement for g. And we replace f by the

letter in the same row as f but in the column that contains g. That
gives us Aas replacement for f. Therefore, gf gets replaced by
PA.
4. You must drop any duplicates in a key.
5. Before the substitution rules are applied, you must insert a chosen
filler letter (lets say it is x) between any repeating letters in the
plaintext. So a plaintext word such as hurray becomes hurxray
THE HILL CIPHER
The Hill cipher takes a very different (more mathematical) approach to multiletter substitution. You assign an integer to each letter of the alphabet. For the
sake of discussion, lets say that you have assigned the integers 0 through 25
to the letters a through z of the plaintext.
The encryption key, call it K, consists of a 33 matrix of integers:
K = k11 k12 k13
k21 k22 k23
k31 k32 k33
Now we can transform three letters at a time from plaintext, the letters being
represented by the numbers p1, p2, and p3, into three ciphertext letters c1, c2,
and c3 in their numerical representations by
c1 = ( k11p1 + k12p2 + k13p3 ) mod 26
c2 = ( k21p1 + k22p2 + k23p3 ) mod 26
c3 = ( k31p1 + k32p2 + k33p3 ) mod 26
The above set of linear equations can be written more compactly in the
following vector-matrix form:
C= [K] P mod 26

POLYALPHABETIC CIPHERS: THE VIGENERE CIPHER

In a monoalphabetic cipher, the same substitution rule is used for every
substitution. In a polyalphabetic cipher, the substitution rule changes
continuously from letter to letter according to the elements of the encryption
key.
Let each letter of the encryption key denote a shifted Caesar cipher, the shift
corresponding to the key.
Now a plaintext message may be encrypted as follows
key: abracadabraabracadabraabracadabraab
plaintext: canyoumeetmeatmidnightihavethegoods
ciphertext: CBEYQUPEFKMEBK.....................
The Vigenere cipher is an example of a polyalphabetic cipher.
Since, in general, the encryption key will be shorter than the message to be
encrypted, for the Vigenere cipher the key is repeated
Q. No. 5 a. List the important characteristics of Public key
cryptosystems. Explain the essential steps to be followed in the Public
key encryption Process with an example. [5 Marks]
The most important characteristics of public key encryption scheme are
Different keys are used for encryption and decryption. This is a
property which set this scheme different than symmetric encryption
scheme.
Each receiver possesses a unique decryption key, generally referred to
as his private key.
Receiver needs to publish an encryption key, referred to as his public
key.
Some assurance of the authenticity of a public key is needed in this
scheme to avoid spoofing by adversary as the receiver. Generally, this
type of cryptosystem involves trusted third party which certifies that a
particular public key belongs to a specific person or entity only.

 Encryption algorithm is complex enough to prohibit attacker from

deducing the plaintext from the ciphertext and the encryption (public)
key.
Though private and public keys are related mathematically, it is not be
feasible to calculate the private key from the public key. In fact,
intelligent part of any public-key cryptosystem is in designing a
relationship between two keys.

b. With an example explain RSA algorithm.

[5 Marks]
RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed
cryptosystem even today. The system was invented by three scholars Ron
Rivest, Adi Shamir, and Len Adleman and hence, it is termed as RSA
cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key
pair and secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using
encryption needs to generate a pair of keys, namely public key and private
key. The process followed in the generation of keys is described below
Generate the RSA modulus (n)
o Select two large primes, p and q.
o Calculate n=p*q. For strong unbreakable encryption, let n be a
large number, typically a minimum of 512 bits.
Find Derived Number (e)
o Number e must be greater than 1 and less than (p 1)(q 1).

o There must be no common factor for e and (p 1)(q 1) except

for 1. In other words two numbers e and (p 1)(q 1) are
coprime.
Form the public key
o The pair of numbers (n, e) form the RSA public key and is made
public.
o Interestingly, though n is part of the public key, difficulty in
factorizing a large prime number ensures that attacker cannot
find in finite time the two primes (p & q) used to obtain n. This is
strength of RSA.
Generate the private key
o Private Key d is calculated from p, q, and e. For given n and e,
there is unique number d.
o Number d is the inverse of e modulo (p - 1)(q 1). This means
that d is the number less than (p - 1)(q - 1) such that when
multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
o This relationship is written mathematically as follows
ed = 1 mod (p 1)(q 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as
output.
Example
An example of generating RSA Key pair is given below. (For ease of
understanding, the primes p & q taken here are small values. Practically,
these values are very high).
Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 =
91.

 Select e = 5, which is a valid choice since there is no number that is

common factor of 5 and (p 1)(q 1) = 6 12 = 72, except for 1.
The pair of numbers (n, e) = (91, 5) forms the public key and can be
made available to anyone whom we wish to be able to send us
encrypted messages.
Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm.
The output will be d = 29.
Check that the d calculated is correct by computing
de = 29 5 = 145 = 1 mod 72
Hence, public key is (91, 5) and private keys is (91, 29).
Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute (n) = (p - 1) * (q - 1) = 2 * 10 = 20
Choose e such that 1 < e < (n) and e and n are coprime. Let e = 7
Compute a value for d such that (d * e) % (n) = 1. One solution is d =
3 [(3 * 7) % 20 = 1]
Public key is (e, n) => (7, 33)
Private key is (d, n) => (3, 33)
The encryption of m = 2 is c = 27 % 33 = 29
The decryption of c = 29 is m = 293 % 33 = 2

Q. No. 6 a. Describe the KERBEROS protocol.

[6 Marks]

The Kerberos protocol relies heavily on an authentication technique that

makes use of shared secrets. The basic concept is quite simple: If a secret is
known by only two people, either person can verify the identity of the other
by confirming that the other person knows the secret.
For example, let's suppose that Alice often sends messages to Bob and that
Bob needs to be sure that a message from Alice really has come from Alice
before he acts on its information. They decide to solve their problem by
selecting a password, and they agree not to share this secret with anyone else.
If Alice's messages can somehow demonstrate that the sender knows the
password, Bob knows that the sender is Alice.
The only question for Alice and Bob to resolve is how Alice can show that
she knows the password. She might simply include it somewhere in her
messages, perhaps in a signature block at the end Alice, Our$ecret . This
would be simple and efficient and might even work if Alice and Bob can be
sure that no one else is reading their mail. Unfortunately, that is not the case.
Their messages pass over a network used by people like Carol, who has a
network analyzer and a hobby of scanning traffic in hope that one day she
might spot a password. So it is out of the question for Alice to prove that she
knows the secret simply by saying it. To keep the password secret, she must
show that she knows it without revealing it.
The Kerberos protocol solves this problem with secret key cryptography .
Rather than sharing a password, communication partners share a
cryptographic key. They use knowledge of this key to verify one another's
identity. For this method of authentication to work, the shared key must be
symmetric a single key must be capable of both encryption and
decryption. One party proves knowledge of the key by encrypting a piece of
information, the other by decrypting it.
Authenticators
A simple protocol that uses secret key authentication begins when someone is
outside a communications door and wants to go in. To gain entry, this person
presents an authenticator in the form of a piece of information encrypted in
the secret key. The information in the authenticator must be different each
time the protocol is executed, otherwise an old authenticator could be reused

by anyone who happens to overhear the communication. Upon receiving an

authenticator, the person guarding the door decrypts it and knows from what
is inside it whether the decryption was successful. If it was successful, the
doorkeeper knows that the person presenting the authenticator has the correct
key. Only two people have the key; the doorkeeper is one of them, so the
person who presented the authenticator must be the other one.
If the person outside the door wants mutual authentication, the same protocol
can be executed in reverse, with a slight difference. The doorkeeper can
extract part of the information from the original authenticator, encrypt it in a
new authenticator, and then give the new authenticator to the person waiting
outside the door. The person outside the door can then decrypt the
doorkeeper's authenticator and compare the result with the original. If there is
a match, the person outside the door knows that the doorkeeper was able to
decrypt the original, so he must have the correct key.
It might help to walk through an example. Suppose Alice and Bob decide that
before transferring any information between their computers, each will use
knowledge of a shared secret key to verify the identity of the party at the
other end of the connection. In situations where Alice is the wary guest and
Bob is the suspicious host, they agree to follow this protocol:
1. Alice sends Bob a message containing her name in plaintext and an
authenticator encrypted in the secret key she shares with Bob. In this
protocol, the authenticator is a data structure with two fields. One field
contains information about Alice. For simplicity, let's say this is her
name. The second field contains the current time on Alice's
workstation.
2. Bob receives the message, sees that it is from someone claiming to be
Alice, and uses the key he shares with Alice to decrypt the
authenticator. He extracts the field that contains the time on Alice's
workstation
and
evaluates
the
time.
Bob's task is easier if his clock is reasonably synchronized with Alice's
clock, so let's suppose both Alice and Bob use a network time service to
keep their clock times fairly close. Let's say the time skew is never
more than five minutes. This way, Bob can compare the time from the
authenticator with the current time on his clock. If the difference is

greater than five minutes, he can automatically reject the authenticator.

If the time is within the allowable skew, it's probable that the
authenticator came from Alice, but Bob still does not have proof that it
actually came from her. Another person might have been watching
network traffic and might now be replaying an earlier attempt by Alice
to establish a connection with Bob. However, if Bob has recorded the
times of the authenticators that were received from Alice during the
past five minutes, he can defeat attempts to replay earlier messages by
rejecting any message with a time that is the same as or earlier than the
time of the last authenticator. If this authenticator yields a time later
than the time of the last authenticator from Alice, then this message
must be from Alice.
3. Bob uses the key he shares with Alice to encrypt the time shown on
Alice's message and sends the result back to her.
Note that Bob does not send back all of the information taken from
Alice's authenticator, just the time. If he sent back everything, Alice
would have no way of knowing whether someone posing as Bob had
simply copied the authenticator from her original message and sent it
back to her unchanged. He sends just a piece of the information in
order to demonstrate that he was able to decrypt the authenticator and
manipulate the information inside. He chooses the time because that is
the one piece of information that is sure to be unique in Alice's message
to him.
4. Alice receives Bob's reply, decrypts it, and compares the result with the
time in her original authenticator. If the times match, she can be
confident that her authenticator reached someone who knows the secret
key needed to decrypt it and extract the time. She shares that key only
with Bob, so it must be Bob who received her message and replied.
This process is illustrated in Figure 11.1.

Figure 11.1 A Simple Protocol for Mutual Authentication

Key Distribution
One problem with the simple protocol described in the preceding section is
that it does not explain how or where Alice and Bob get a secret key to use in
their communications with each other. If they are people, Alice and Bob can
meet, perhaps in an alley, and agree on a secret key. But if Alice is a client
program that is running on a workstation and Bob is a service that is running
on a computer somewhere across the network, that method does not work.
There is the further problem that the client, Alice, might want to talk to many
services and will need keys for each of them. Likewise, the service, Bob,
might talk to many clients and will need keys for each of them. If each client
needs a key for every service and each service needs a key for every client,
key distribution can quickly become a difficult problem to solve. The need to
store and protect so many keys on so many computers presents an enormous
security risk.
The name Kerberos suggests how the protocol resolves the problem of key
distribution. Kerberos (also known as Cerberus) was a figure in classical
Greek mythology, a three-headed dog who kept living intruders from entering
the underworld. Like the mythical guard dog, the protocol has three heads,
which in this case are a client, a server, and a trusted third party that mediates
between the client and server. The trusted intermediary in the protocol is
known as the Key Distribution Center (KDC).
The KDC is a service that runs on a physically secure server. It maintains a
database with account information for all security principals in its realm
the protocol's equivalent of a Windows 2000 domain. Along with other
information about each security principal, the KDC stores a cryptographic
key known only to the security principal and the KDC. This key is used in
exchanges between the security principal and the KDC and is known as
along-term key . In most implementations of the protocol, the long-term key
is derived from a user's logon password.
When a client wants to talk to a server, the client sends a request to the KDC,
and the KDC distributes a unique session key for the two parties to use when
they authenticate each other, as illustrated in Figure 11.2. The server's copy of
the session key is encrypted in the server's long-term key. The client's copy of
the session key is encrypted in the client's long-term key.

Figure 11.2 Key Distribution (in Theory)

In theory, the KDC can fulfill its role as a trusted intermediary by sending the
session key directly to each of the security principals involved, as illustrated
in Figure 11.2. But, in practice, that procedure would be extremely difficult to
implement. For one thing, it would mean that the server would have to retain
its copy of the session key in memory while it waited for the client to call.
Moreover, the server would need to remember a key not just for this client
but for every client who might ask for service. Key management would
consume considerable resources on the server and would thus limit its
scalability. In addition, given the vagaries of network traffic, a client's request
for service might reach the server before the KDC's message arrived there
with the session key. The server would have to suspend its reply to the client
while it waited to hear from the KDC. This would require the server to save
state, imposing still another burden on the server's resources. What actually
happens in the Kerberos protocol is considerably more efficient.
Top Of Page
Session Tickets
The KDC responds to the client's request to talk to a server by sending both
copies of the session key to the client, as shown in Figure 11.3. The client's
copy of the session key is encrypted with the key that the KDC shares with
the client. The server's copy of the session key is embedded, along with
authorization data for the client, in a data structure called a session ticket .
The entire structure is then encrypted with the key that the KDC shares with
the server. The session ticket with the server's copy of the session key
safely inside becomes the client's responsibility to manage until it contacts
the server.

Figure 11.3 Key Distribution (in Practice)

Note that the KDC is simply providing a ticket-granting service. It does not
keep track of its messages to make sure they reach the intended address. No
harm is done if the KDC's messages fall into the wrong hands. Only someone
who knows the client's secret key can decrypt the client's copy of the session
key. Only someone who knows the server's secret key can read what is inside
the ticket.
When the client receives the KDC's reply, it extracts the ticket and the client's
copy of the session key, putting both aside in a secure cache, which is located
in volatile memory, not on disk. When the client wants admission to the
server, it sends the server a message that consists of the session ticket, which
is still encrypted with the server's secret key, and an authenticator, which is
encrypted with the session key, as illustrated in Figure 11.4. The session
ticket and authenticator together are the client's credentials to the server.

Figure 11.4 Mutual Authentication (Client/Server)

When the server receives credentials from a client, it decrypts the session
ticket with its secret key, extracts the session key, and uses the session key to
decrypt the client's authenticator. If everything checks out, the server knows
that the client's credentials were issued by a trusted authority, the KDC. If the
client has asked for mutual authentication, the server responds by using the
session key to encrypt the timestamp from the client's authenticator. The
server then returns the encrypted timestamp to the client, just as Bob returned
the encrypted timestamp to Alice in the communication illustrated in
Figure 11.1.
One benefit of using session tickets is that the server does not have to store
the session key that it uses with this client. It is the client's responsibility to
hold a session ticket for the server in its credentials cache and present the
ticket each time it wants access to the server. Whenever the server receives a
session ticket from a client, it can use its secret key to decrypt the ticket and

extract the session key. When the server no longer needs the session key, it
can discard it.
Another benefit of using session tickets is that the client does not have to go
back to the KDC each time it wants access to a particular server. Session
tickets can be reused. As a precaution against the possibility that someone
might steal a copy of a ticket, session tickets have an expiration time that is
specified by the KDC in the ticket's data structure. How long a session ticket
is valid depends on the Kerberos policy for the domain. Tickets usually are
good for no longer than eight hours, about the length of a normal logon
session. When the user logs off, the credentials cache is flushed and all
session tickets as well as all session keys are destroyed.
b. Explain the difference between passive attacks and active attacks [4
Marks]
Passive Attack: Passive attack attempts to learn information but does not
affect resources. In this type of attack there is always monitoring of transmit
information. Passive attack is of two types:
Release of message contents is easily understood. A telephone conversation,
an electronic mail message, and a transferred may contain sensitive or
confidential information. In this opponent is preventing from learning this
type of information.
Second type of passive attack is traffic analysis .In this type masking of
message has occurred so that opponent cannot read the transmitted message.
The common technique used for masking is encryption of the plain message
into some unreadable form.
ACTIVE ATTACK: Active Attacks involve some modification of the data
stream or the creation of a false stream and can be subdivided into four
categories: masquerade, replay, modification of messages and denial of
service.
A masquerade occurs when one entity pretends to be a different entity. A
masquerade attack usually includes one of the other forms of active attack.

Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of message includes the altering of a message.
The denial of service prevents the normal use or management of
communications facilities.This attack may have a specific target.

A passive attack is one in which the intruder eavesdrops but does not modify
the message stream in any way. An active attack is one in which the intruder
may transmit messages, replay old messages, modify messages in transit, or
delete selected messages from the wire. A typical active attack is one in
which an intruder impersonates one end of the conversation, or acts as a manin-the-middle
Q. No. 7 a. Describe the steps in the creation of a digital certificate.
Marks]

[5

How is a digital certificate created?

In creating digital certificates a unique cryptographic key pair is
generated. One of these keys is referred to as a public key and the other
as a private key. Then the certification authoritygenerally on your
campuscreates a digital certificate by combining information about
you and the issuing organization with the public key and digitally
signing the whole thing.
This is very much like an organizations ID office filling out an ID card
for you and then signing it to make it official.
In PKI terms, the public key for an individual is put into a digital
document, along with information about that individual, and then the
digital document is signed by the organizations certification authority.
This signed document can be transmitted to anyone and used to identify
the subject of the certificate. However, the private key of the original
key pair must be securely managed and never given to anyone else. As
the private key is a very large prime number, it is not something an

individual memorizes; rather, the private key must be stored on some

device, such as a laptop computer, PDA, or USB key ring.
If you send a copy of your certificate to another computer to
authenticate yourself, what keeps someone with access to that computer
from reusing it later to pretend to be you? Unlike an ID card which is
valuable by itself, the digital certificate is useless without the associated
private key. That is why protecting the private key is so important.
The private key must never be given to anyone else nor left somewhere
outside of control by the owner.
An added value of digital certificates is that they provide a higher level
of security than what we currently have with PIN and password
combinations. Users still use passwords, but only on their local
computer to protect their digital certificates.
If one loses the device on which a digital certificate is stored, a person
holding the certificate would still need the password to unlock the
certificate.
b. What are the key requirements of message digests? Describe the
secure hash algorithm[5 marks]

The Secure Hash Algorithm is a family of cryptographic hash

functions published by the National Institute of Standards and
Technology (NIST)
as
a U.S. Federal
Information
Processing
Standard (FIPS), including:

SHA-0: A retronym applied to the original version of the 160-bit hash

function published in 1993 under the name "SHA". It was withdrawn
shortly after publication due to an undisclosed "significant flaw" and
replaced by the slightly revised version SHA-1.

SHA-1: A 160-bit hash function which resembles the

earlier MD5 algorithm. This was designed by the National Security
Agency (NSA) to be part of the Digital Signature Algorithm.
Cryptographic weaknesses were discovered in SHA-1, and the standard
was no longer approved for most cryptographic uses after 2010.

SHA-2: A family of two similar hash functions, with different block

sizes, known as SHA-256 and SHA-512. They differ in the word size;
SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are
also truncated versions of each standard, known as SHA-224, SHA384, SHA-512/224 and SHA-512/256. These were also designed by the
NSA.

SHA-3: A hash function formerly called Keccak, chosen in 2012 after a

public competition among non-NSA designers. It supports the same hash
lengths as SHA-2, and its internal structure differs significantly from the
rest of the SHA family.

Q. No. 8 a. Explain the various risk mitigation methods with suitable

examples? [10 Marks]
A. Avoidance (Terminating
B. Transfer (Transferring
C. Mitigation (Treating
D. Acceptance (Tolerating the risk)

the
the
the

Lets therefore look a little more closely at each of these options.

risk)
risk)
risk)

A. Avoidance (Terminating the risk)

The best risk management strategy of all is avoidance or elimination, so we
should invest the most effort into investigating this option wherever possible.
Avoidance usually means not doing a task or project at all in the future but it
can also mean redesigning work or a process so that the risky step no longer
has to be taken.
In reality avoidance is often much more possible than many people think
because many risks are introduced by particular decisions and can be unintroduced or removed by different decisions (especially if the leader or
manager who introduced the risk is the one responsible for making the
decision to avoid the risk).
Avoidance or elimination strategies includes the option of not performing an
activity that could carry risk at all. An example would be not buying a
property or business in order to not take on the liability that comes with it.
Another would be not flying in order to avoid the risk of being on-board if
the airplane was hijacked.
Avoidance may appear to be the best solution to all risks. However, avoiding
risks also means losing out on the potential gain that accepting (retaining) the
risk may have allowed. Not entering a business to avoid the risk of loss also
avoids the possibility of earning profits. Equally not flying means either not
getting to your destination (if you stay home) or having to choose another
mode of travel (which may have different risks to consider).
B. Transfer (Transferring the risk)
Transfer is not always available to the manager as an option but after looking
at avoidance strategies this may be the next best choice.
Transfer means causing another party to accept the risk, typically by contract
or by hedging. Insurance is one type of risk transfer that uses contracts. Other
times it may involve contract language that transfers a risk to another party
without the payment of an insurance premium. Liability among construction
or other contractors is often transferred this way. Another example would be

taking offsetting positions in derivative securities. This is typically how

brokerage firms or fund managers use hedging for financial risk management.
Some of the ways in which risk is potentially transferred falls into several
categories. Risk retention pools are technically retaining the risk for all
participations, but spreading it over the whole group involves transfer among
individual members of the group. This is different from traditional insurance,
in that no premium is exchanged between members of the group up front, but
instead losses are assessed to all members of the group. In many ways,
transfer may sound simply like passing on the risk to someone else to
tackle. However, if another party or a group of people or even a different
enterprise can manage a specific risk better than we can, it is a legitimate
option to pursue.
C. Mitigation (Treating the risk)
Mitigation (or treating/lessening the risk in some way) is essentially
concerned with lessening the impact that a particular risk might have. In
considering this strategy, we have usually accepted that the risk cannot be
readily avoided or transferred and are therefore now only trying to keep the
expected loss or damage to acceptable levels.
Of course, acceptable is a subjective term and has to do with how much
risk the organization may be comfortable in taking from task to task or
project to project. However, in all cases, the aim is to either lower or increase
the likelihood (depending upon whether the risk is positive and negative)
and/or decrease or increase the impact.
In most cases, mitigation involves achieving a reduction of the risk impact.
This means that our mitigation strategies should either reduce the probability
that the risk will occur or lessen the overall severity (damage or loss)
experienced when it happens. For example, I can potentially lower my need
to go for medical checks for high blood pressure but changing my diet and
exercising more (and thereby lower the possibility of having a heart attack
and the severity of it if it does occur).

D. Acceptance (Tolerating the risk)

Risk Retention or tolerance is the level of risk an organization is willing to
accept in order to achieve its business goals or objectives. Every individual
and every organization has a different level of risk tolerance (often called its
risk appetite), with corporate culture and values being a primary driver
behind acceptable tolerance levels. For instance, the nuclear industry may
have a very conservative, low risk tolerance culture for everything that it does
(and often spends a lot of time and money on risk management and safety
measures). An advertising agency, on the other hand, may have a very high
risk tolerance culture and therefore is willing to make riskier decisions
about a lot of things it does.
Risk tolerance then is the result of making a deliberate decision to endure the
consequences of an event should it occur. Tolerance of the risk can take one
of two forms, passive and active.
Passive acceptance occurs when no action is taken to resolve the risk, cope
with it, or otherwise manage it.
With active acceptance, action is taken to manage the impact of the event
should the event occur. In these circumstances, contingency or fallback plans
are followed only when the event occurs.
Risk tolerance is the lowest form of control, in as much as it is typically only
a good choice when all other strategies are not viable. As such we either live
with the risk and its loss consequences or we use the only available protection
we can as a barrier or final line of defense.
A good example of this is in the area of noise. In some industries, old
equipment is too expensive to replace immediately so the noise risk (and
damage to potential hearing) is tolerated (by both regulatory authorities and
the management team in an organization). The best and only form of defense
against the risk in these circumstances is in personal protective equipment
(PPE) like ear plugs (although they may not work completely in long periods
of exposure).

Hence, risk tolerance is finally a matter of choice for the organization, but
such choices should always be made wisely and based on the circumstances
faced at a given time (e.g. it may be tolerable risk now but is this going to be
the case 6 or 12 months from now)?