Indian Institute of Information Technology, Allahabad

Department of Information Technology

Network Security

Student Name-Garv Garg Roll no.-IIT2019047

Introduction to Network Security - Tutorials Questions:

1) Draw a matrix similar to the slide 23 that shows the relationship between security
services and attacks.

Service Release of Traffic Masquerade Replay Modification Denial of service

message Analysis of message

Peer Entity Y
Authentication

Data Origin Y
Authentication

Access Control Y

Confidentiality Y

Traffic-Flow Y
Confidentiality

Data Integrity Y Y

Non-repudiation Y

Availability Y
 2) Consider an automated cash deposit machine in which users provide a card or an
account number to deposit cash. Give examples of confidentiality, integrity, and
availability requirements associated with the system, and, in each case, indicate the
degree of importance of the requirement.

Confidentiality: To access debit or credit cards one must enter a security password which is
available only to authorized users and aimed at further enhancing the level of security. While
securing the PIN of a respective card, it is the responsibility of the end user to ensure they use
a strong pin. Banks also need to ensure privacy whenever a communication is happening in
between ATM and bank server to prevent hacking. The entire transaction needs to be
properly secured so to avoid any kind of harm or hackers cracking the card pins.

Proper encryption of PIN ensures that high level of confidentiality is maintained, while lack
of attention towards the same could lead to breach of data or customers information.
Moreover, the policy related to changing PIN after regular intervals will help boost the
customers and keep data and information secure.

Integrity: Use of advanced, efficient technology and proper optimization & Collaboration of
ATMs is necessary to ensure their integrity is maintained and customers information is
secure. Both in case of withdraw and deposit, systems must be updated chronologically with
authentic data and does not affect the customer account in any manner. Withdrawals of
money should reflect as debits on the account, deposit of funds would result in credit of
account.

Moreover, a section or committee should be incorporated to handle queries of customers

which are related with mismatch of account due to use of ATM.

Availability: The frequency of ATM should enhance depending upon the demand of the
customers and further should be frequently updated with cash to provide accurate services.
While ATM which is out of service could lead to customer dissatisfaction, that of ATM with
accuracy in services could attract more and more customers.
 3) Consider a payment gateway system where a user pays for an item using their account
via the payment gateway. Give examples of confidentiality, integrity, and availability
requirements associated with the system, and, in each case, indicate the degree of
importance of the requirement.

Confidentiality: To access an online payment system one must enter a security password
which is available only to authorized users and aimed at further enhancing the level of
security. It is the responsibility of the end user to ensure they use a strong password. Banks
also need to ensure privacy whenever a communication is happening in between payment
gateways and bank server to prevent hacking. The entire transaction needs to be properly
secured so to avoid any kind of harm or hackers cracking the card pins.

Proper encryption of passwords and OTPs ensure that high level of confidentiality is
maintained, while lack of attention towards the same could lead to breach of data or
customers information. Moreover, the policy related to changing passwords after regular
intervals will help boost the customers and keep data and information secure.

Integrity: Use of advanced, efficient technology and proper optimization & Collaboration of
gateway is necessary to ensure their integrity is maintained and customers information is
secure. Withdrawals of money should reflect as debits on the account, deposit of funds would
result in credit of account.

Customer care must be incorporated to solve the queries of customers regarding payment
issues or unexpected errors.

Availability: The frequency of payment gateways should enhance depending upon the
demand of the customers and further should be frequently updated with cash to provide
accurate services. Payment gateways make transferring money convenient online and
efficient speedy transfers will attract more customers.
 4) Draw a matrix similar to the slide 23 that shows the relationship between security
Mechanisms and attacks.

Service Release of Traffic Masquerade Replay Modification Denial of service

message Analysis of message

Encipherment Y

Digital Y Y Y
Signature

Access Control Y Y Y Y Y

Data Integrity Y Y

Authentication Y Y Y Y
Exchange

Traffic Padding Y

Routing Control Y Y Y

Notarization Y Y Y

5) Develop an attack tree for gaining access to the contents of a physical safe.

The goal of attackers is to open the safe. To open the safe, attackers have several options:
they can pick the lock, learn the combination, cut open the safe, or install the safe improperly
so that they can easily open it later. Now you can assign values -- I (impossible) and P
(possible) in this figure -- to the leaf nodes to indicate what needs to be considered next. You
can now pursue the nodes that are possible for further evaluation. Let us now evaluate "learn
the combination" node and break it into two activities: find the combination written down or
get the combination from the safe owner through eavesdropping or other means. Each node
becomes a sub-goal, and children of that node are ways to achieve that sub-goal.