1.Explain principles of security.

Security principals:
1.Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle
specifies that only the sender and receiver will be able to access the information shared
between them. Confidentiality compromises if an unauthorized person is able to access a
message.
2.Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures
the identity of the person trying to access the information. The authentication is mostly
secured by using username and password. The authorized person whose identity is
preregistered can prove his/her identity and can access the sensitive information.
3.Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the
content of the message is changed after the sender sends it but before reaching the
intended receiver, then it is said that the integrity of the message is lost.
4.Access control:
The principle of access control is determined by role management and rule management.
Role management determines who should access the data while rule management
determines up to what extent one can access the data
5.Availability:
The principle of availability states that the resources will be available to authorize party
at all times. Information will not be useful if it is not available to be accessed. Systems
should have sufficient availability of information to satisfy the user request.
2. What is meant by blow fish? Explain.
Bow fish algorithm:
It is significantly faster than DES and provides a good encryption rate with no effective
cryptanalysis technique found to date.
1. blockSize: 64-bits
2. keySize: 32-bits to 448-bits variable size
3. number of subkeys: 18 [P-array]
4. number of rounds: 16
5. number of substitution boxes: 4 [each having 512 entries of 32-bits each]
Diagram
 Step1: Generation of subkeys
Step2: initialise Substitution Boxes:
Step3: Encryption:
a. Rounds
b. post-processing

4. List and explain substitution techniques.

Substitution Technique in Cryptography
Substitution technique is a classical encryption technique where the characters present in
the original message are replaced by the other characters or numbers or by symbols. If the
plain text (original message) is considered as the string of bits, then the substitution
technique would replace bit pattern of plain text with the bit pattern of cipher text.
Substitution Technique:
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Cipher
6. One-Time Pad
Caesar Cipher
In this substitution technique, to encrypt the plain text, each alphabet of the plain text is
replaced by the alphabet three places further it. And to decrypt the cipher text each
alphabet of cipher text is replaced by the alphabet three places before it.
Let us take a simple example:
Plain Text: meet me tomorrow
Cipher Text: phhw ph wrpruurz
Monoalphabetic Cipher
Monoalphabetic cipher is a substitution cipher, where the cipher alphabet for each plain
text alphabet is fixed, for the entire encryption.
In simple words, if the alphabet ‘p’ in the plain text is replaced by the cipher alphabet ‘d’.
Then in the entire plain text wherever alphabet ‘p’ is used, it will be replaced by the
alphabet ‘d’ to form the ciphertext.
Playfair Cipher
Playfair cipher is a substitution cipher which involves a 5X5 matrix
Hill Cipher
Plain text: Binary
Key: HILL
Choose the key in such a way that it always forms a square matrix. With HILL as the key, we
can form a 2×2 matrix.
The general equation to find cipher text using hill cipher is as follow:
C = KP mod 26
Polyalphabetic Cipher
Polyalphabetic cipher is far more secure than a monoalphabetic cipher. As monoalphabetic
cipher maps a plain text symbol or alphabet to a ciphertext symbol and uses the same
ciphertext symbol wherever that plain text occurs in the message.
One-Time Pad
The one-time pad cipher suggests that the key length should be as long as the plain text to
prevent the repetition of key. Along with that, the key should be used only once to encrypt
and decrypt the single message after that the key should be discarded.

5. Describe model for network security

A Network Security Model exhibits how the security service has been designed over the
network to prevent the opponent from causing a threat to the confidentiality or authenticity
of the information that is being transmitted through the network.
Well, we are concerned about the security of the message over the network when the
message has some confidential or authentic information which has a threat from an
opponent present at the information channel. Any security service would have the three
components discussed below:
1. Transformation of the information which has to be sent to the receiver. So, that any
opponent present at the information channel is unable to read the message. This indicates
the encryption of the message.
It also includes the addition of code during the transformation of the information which will
be used in verifying the identity of the authentic receiver.
2. Sharing of the secret information between sender and receiver of which the opponent
must not any clue. Yes, we are talking of the encryption key which is used during the
encryption of the message at the sender’s end and also during the decryption of message at
receiver’s end.
3. There must be a trusted third party which should take the responsibility of distributing
the secret information (key) to both the communicating parties and also prevent it from
any opponent.
Now we will study a general network security model with the help of the figure given below:

The network security model presents the two communicating

party’s sender and receiver who mutually agrees to exchange the information. The sender
has information to share with the receiver.
But sender cannot send the message on the information cannel in the readable form as it
will have a threat of being attacked by the opponent. So, before sending the message
through the information channel, it should be transformed into an unreadable format.

6. Write about secure hash algorithms.

Secure Hash Algorithms, also known as SHA, are a family of cryptographic functions
designed to keep data secured. It works by transforming the data using a hash function: an
algorithm that consists of bitwise operations, modular additions, and compression
functions.
These were published by the National Institute of Standards and Technology (NIST) as
a U.S. Federal Information Processing Standard (FIPS), including:
• SHA-0: A retronym applied to the original version of the 160-bit hash function
published in 1993 under the name "SHA". It was withdrawn shortly after publication
due to an undisclosed "significant flaw" and replaced by the slightly revised version
SHA-1.
• SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was
designed by the National Security Agency (NSA) to be part of the Digital Signature
Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard
was no longer approved for most cryptographic uses after 2010.
• SHA-2: A family of two similar hash functions, with different block sizes, known
as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words
where SHA-512 uses 64-bit words. There are also truncated versions of each
standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were
also designed by the NSA.
• SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public
competition among non-NSA designers. It supports the same hash lengths as SHA-2,
and its internal structure differs significantly from the rest of the SHA family.
7. What is diffie-hellman key exchange?
Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys
over a public channel and was one of the first public-key protocols as conceived by Ralph
Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest
practical examples of public key exchange implemented within the field of cryptography.
Traditionally, secure encrypted communication between two parties required that they
first exchange keys by some secure physical means, such as paper key lists transported
by a trusted courier. The Diffie–Hellman key exchange method allows two parties that
have no prior knowledge of each other to jointly establish a shared secret key over
an insecure channel. This key can then be used to encrypt subsequent communications
using a symmetric-key cipher. Diffie–Hellman is used to secure a variety
of Internet services. However, research published in October 2015 suggests that the
parameters in use for many DH Internet applications at that time are not strong enough
to prevent compromise by very well-funded attackers, such as the security services of
some countries.

In the Diffie–Hellman key exchange scheme, each party generates a public/private key
pair and distributes the public key. After obtaining an authentic copy of each other's
public keys, Alice and Bob can compute a shared secret offline. The shared secret can be
used, for instance, as the key for a symmetric cipher.

8. Write about authentication requirements.

Authentication requirements are policies that dictate how a user must authenticate
before access is granted to a protected web application.
Authentication methods are string values that are ordered in a list by preference. At
runtime, the attempted method of authentication is determined by the order of the
authentication methods.
Hash Functions: A public function that maps a message of any length into a fixed length
hash value, which serves as the authenticator.
The hash value is appended to the message at the source at the time when the message
is assumed or known to be correct. The receiver authenticates that message by
recomputing the hash value.
A hash value is generated by a function H of the form:
h = H(M)
where M is a variable-length message, and H(M) is the fixed length hash value (also
referred to as a message digest or hash code).
Secure Hash Algorithms, also known as SHA, are a family of cryptographic functions
designed to keep data secured. It works by transforming the data using a hash function: an
algorithm that consists of bitwise operations, modular additions, and compression
functions.
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software or digital document. ... Digital signatures can provide
evidence of origin, identity and status of electronic documents, transactions or digital
messages.