Professional Documents
Culture Documents
Cns Question
Cns Question
● Passive
● Active
Passive Attack:A Passive attack attempts to learn or make use of information from the system but does not
affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring of transmission.
Traffic analysis –
Suppose that we had a way of masking (encryption) of information, so that the attacker, even if captured the
message, could not extract any information from the message.
The opponent could determine the location and identity of the communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the nature of
the communication that was taking place.
Active Attack
Masquerade –Masquerade attack takes place when one entity pretends to be a different entity. A Masquerade
attack involves one of the other forms of active attacks.
Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered to produce an
unauthorized effect. For example, a message meaning “Allow JOHN to read confidential file X” is modified as
“Allow Smith to read confidential file X”.
Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny later that he/she has send or
receive a message. For example, customer ask his Bank “To transfer an amount to someone” and later on the
sender(customer) deny that he had made such a request. This is repudiation.
Replay –It involves the passive capture of a message and its subsequent the transmission to produce an
authorized effect.
Denial of Service –It prevents normal use of communication facilities. This attack may have a specific target.
For example, an entity may suppress all messages directed to a particular destination. Another form of service
denial is the disruption of an entire network wither by disabling the network or by overloading it by messages
so as to degrade performance.
2. a)Explain the following
i) Cryptography
Cryptography is the science of protecting information by transforming it into a secure format.
This process, called encryption, has been used for centuries to prevent handwritten messages
from being read by unintended recipients. Today, cryptography is used to protect digital data.
It is a division of computer science that focuses on transforming data into formats that cannot
be recognized by unauthorized users.
An example of basic cryptography is a encrypted message in which letters are replaced with
other characters. To decode the encrypted contents, you would need a grid or table that
defines how the letters are transposed. For example, the translation grid below could be used
to decode "1234125678906" as "techterms.com".
t 6 m
2 e 7 s
3 c 8 .
4 h 9 c
5 r 0 o
ii) Cryptanalysis
Cryptanalysis is the art of trying to decrypt the encrypted messages without using the key that was used to encrypt
the messages. Cryptanalysis uses mathematical analysis and algorithms to decipher the ciphers. It is used to breach
security systems to gain access to encrypted content and messages even if the cryptographic key is unknown.
The success of cryptanalysis attacks depends
● Amount of time available
● Computing power available
● Storage capacity available
The following is a list of the commonly used Cryptanalysis attacks;
● Brute force attack– this type of attack uses algorithms that try to guess all the possible logical combinations
of the plaintext which are then ciphered and compared against the original cipher.
● Dictionary attack– this type of attack uses a wordlist in order to find a match of either the plaintext or key. It
is mostly used when trying to crack encrypted passwords.
● Rainbow table attack– this type of attack compares the cipher text against pre-computed hashes to find
matches.
iii) steganography
Steganography is a method in which a secret message is hidden in a cover media. Steganography means
covered writing. Steganography is the idea to prevent secret information by creating suspicion. Steganography
is less popular than Cryptography. In steganography, structure of data is not usually altered.
The forms of steganography are:
1. Text
2. Audio
3. Video
4. Images
5. Network or Protocol
b) What are the Techniques used in cryptography? Explain one Technique with example
Cryptography is used in many applications like banking transactions cards, computer passwords, and
e- commerce transactions.
Symmetric Cryptography:In symmetric cryptography a single key is used for encrypting and decrypting the
data. This encryption key is a private key. This is the limitation of this encryption technique that this private key
must be distributed only among the authorized sender and receiver.
A) Block Algorithm:The set of bits is encoded with a specific secret key in electronic data blocks. The system keeps
the data in its memory while it is waiting to get complete blocks when the data is encrypted. Some important Block
B) Stream Cipher Algorithm:In this, Plain text numbers or characters are combined with a pseudorandom cipher
digit stream. Some important Stream cipher algorithms are RC4, A5, BLOWFISH, etc. In symmetric key encryption,
The encryption code can be cracked if someone finds out the symmetric key. But this problem can be overcome with
the Diffie-Hellman algorithm. In the Diffie-Hellman key exchange or agreement algorithm, the sender and receiver
must agree on a symmetric key using this technique. This key can then be used for encryption or decryption
purposes.
Asymmetric Cryptography:In asymmetric cryptography a pair of keys, i.e., public key and private key is used for
encryption and decryption. A sender can use its public key to encrypt the data and on receiver end receiver
can decrypt the data by using its private key. This technique overcomes the problem of key distribution.
Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key
Cryptography two related keys (public and private key) are used. Public key may be freely distributed, while its
paired private key remains a secret. The public key is used for encryption and for decryption private key is
used.
Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text
that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by
A block cipher is designed by considering its three critical aspects which are listed as below:
Number of Rounds –
The number of Rounds is regularly considered in design criteria, it just reflects the number of rounds to be
suitable for an algorithm to make it more complex, in DES we have 16 rounds ensuring it to be more secure
while in AES we have 10 rounds which makes it more secure.Ge
Design of function F –
The core part of the Feistel Block cipher structure is the Round Function. The complexity of cryptanalysis can
be derived from the Round function i.e. the increasing level of complexity for the round function would be
greatly contributing to an increase in complexity.
To increase the complexity of the round function, the avalanche effect is also included in the round function, as
the change of a single bit in plain text would produce a mischievous output due to the presence of avalanche
effect.
Data Encryption Standard (DES) is a block cipher algorithm that takes plain text in blocks of 64 bits and
converts them to ciphertext using keys of 48 bits. It is a symmetric key algorithm, which means that the
same key is used for encrypting and decrypting data.
1. Compress and transpose the given 64-bit key into a 48-bit key using the following table:
10
11
int pc1[56] = {
57,49,41,33,25,17,9,
1,58,50,42,34,26,18,
10,2,59,51,43,35,27,
19,11,3,60,52,44,36,
63,55,47,39,31,23,15,
7,62,54,46,38,30,22,
14,6,61,53,45,37,29,
21,13,5,28,20,12,4
};
PC-1 table
10
int pc2[48] = {
14,17,11,24,1,5,
3,28,15,6,21,10,
23,19,12,4,26,8,
16,7,27,20,13,2,
41,52,31,37,47,55,
30,40,51,45,33,48,
44,49,39,56,34,53,
46,42,50,36,29,32
};
PC-2 table
5. The result of step 3 is the input for the next round of key generation.
2
3
10
11
12
// the first bit, 50th bit the second bit and so on.
int initial_permutation_table[64] = {
58,50,42,34,26,18,10,2,
60,52,44,36,28,20,12,4,
62,54,46,38,30,22,14,6,
64,56,48,40,32,24,16,8,
57,49,41,33,25,17,9,1,
59,51,43,35,27,19,11,3,
61,53,45,37,29,21,13,5,
63,55,47,39,31,23,15,7
};
2. Divide the result into equal parts: left plain text (1-32 bits) and right plain text (33-64 bits)
3. The resulting parts undergo 16 rounds of encryption in each round.
The right plain text is expanded using the following expansion table:
2
3
int expansion_table[48] = {
32,1,2,3,4,5,4,5,
6,7,8,9,8,9,10,11,
12,13,12,13,14,15,16,17,
16,17,18,19,20,21,20,21,
22,23,24,25,24,25,26,27,
28,29,28,29,30,31,32,1
};
4. The expanded right plain text now consists of 48 bits and is XORed with the 48-bit key.
5. The result of the previous step is divided into 8 boxes. Each box contains 6 bits. After going
through the eight substitution boxes, each box is reduced from 6 bits to 4 bits. The first and last bit
of each box provides the row index, and the remaining bits provide the column index. These
indices are used to look-up values in a substitution box. A substitution box has 4 rows, 16 columns,
and contains numbers from 0 to 15.
6. The result is transposed in accordance with the following rule:
7
// The array elements denote the bit numbers
int permutation_table[32] = {
16,7,20,21,29,12,28,17,
1,15,23,26,5,18,31,10,
2,8,24,14,32,27,3,9,
19,13,30,6,22,11,4,25
};
7. XOR the left half with the result from the above step. Store this in the right plain text.
8. Store the initial right plain text in the left plain text.
9. These halves are inputs for the next round. Remember that there are different keys for each
round.
10. After the 16 rounds of encryption, swap the left plain text and the right plain text.
11. Finally, apply the inverse permutation (inverse of the initial permutation), and the ciphertext will
be generated.
Steps for decryption:The order of the 16 48-bit keys is reversed such that key 16 becomes key 1, and so on. Then,
the steps for encryption are applied to the ciphertext.
4. a)In how many ways the secret Key Distribution can be done
KEY- it is a piece of information,usually a string of numbers or letters that are stored in a file, which,
when processed through a cryptographic algorithm,can encode or decode cryptographic data.
Several techniques have been proposed for the distribution of public keys, which can mostly be grouped
into the categories shown.
Distribution of Secret Keys
Once public keys have been distributed or have become accessible, secure communication that thwarts
eavesdropping, tampering, or both, is possible. However, few users will wish to make exclusive use of
public-key encryption for communication because of the relatively slow data rates that can be achieved.
Accordingly, public-key encryption provides for the distribution of secret keys to be used for conventional
encryption
WAYS-
Simple Secret Key Distribution :by Merkle in 1979
:
The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public
key consists of two numbers where one number is multiplication of two large prime numbers. And
private keys are also derived from the same two prime numbers. So if somebody can factorize the
large number, the private key is compromised. Therefore encryption strength totally lies on the key size
and if we double or triple the key size, the strength of encryption increases exponentially. RSA keys can
be typically 1024 or 2048 bits long, but experts believe that 1024 bit keys could be broken in the near
future. But till now it seems to be an infeasible task.
P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"
● Now each of the subkey is changed with respect to the input key as:
The resultant P-array holds 18 subkeys that is used during the entire encryption process
● 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption as well as decryption process with
each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4} where each entry is 32-bit.
● It is initialized with the digits of pi(?) after initializing the P-array. You may find the s-boxes in here!
Step3: Encryption:
● The encryption function consists of two parts:
a. Rounds: The encryption consists of 16 rounds with each round(Ri) taking inputs the plainText(P.T.) from the
previous round and corresponding subkey(Pi). The description of each round is as follows:
2. CBC Mode: CBC Mode stands for Cipher block Mode at the sender side; the plain text is divided into blocks. In
this mode, IV(Initialization Vector) is used, which can be a random block of text. IV is used to make the ciphertext of
each block unique.
The first block of plain text and IV is combined using the XOR operation and then encrypted the resultant message
using the key and form the first block of ciphertext. The first block of ciphertext is used as IV for the second block of
plain text. The same procedure will be followed for all blocks of plain text.
At the receiver side, the ciphertext is divided into blocks. The first block ciphertext is decrypted using the same key,
which is used for encryption. The decrypted result will be XOR with the IV and form the first block of plain text. The
second block of ciphertext is also decrypted using the same key, and the result of the decryption will be XOR with
the first block of ciphertext and form the second block of plain text. The same procedure is used for all the blocks.
CBC Mode ensures that if the block of plain text is repeated in the original message, it will produce a different
ciphertext for corresponding blocks.
3. CFB Mode: CFB mode stands for Cipher Feedback Mode. In this mode, the data is encrypted in the form of units
where each unit is of 8 bits.
Like cipher block chaining mode, IV is initialized. The IV is kept in the shift register. It is encrypted using the key and
forms the ciphertext.
Now the leftmost j bits of the encrypted IV is XOR with the plain text’s first j bits. This process will form the first part
of the ciphertext, and this ciphertext will be transmitted to the receiver.
Now the bits of IV are shifted left by j bits. Therefore the rightmost j position of the shift register now has
unpredictable data. These rightmost j positions are now filled with the ciphertext. The process will be repeated for
all plain text units.
4. OFB Mode: OFB Mode stands for output feedback Mode. OFB mode is similar to CDB mode; the only difference is
in CFB, the ciphertext is used for the next stage of the encryption process, whereas in OFB, the output of the IV
encryption is used for the next stage of the encryption process.
The IV is encrypted using the key and forms an encrypted IV. Plain text and the leftmost 8 bits of encrypted IV are
combined using XOR and produce the ciphertext.
For the next stage, the ciphertext, which is the form in the previous stage, is used as an IV for the next iteration. The
same procedure is followed for all blocks.
5. CTR Mode: CTR Mode stands for counter mode. As the name is counter, it uses the sequence of
numbers as an input for the algorithm. When the block is encrypted, to fill the next register the next
counter value is used.
For encryption, the first counter is encrypted using a key, and then the plain text is XOR with the
encrypted result to form the ciphertext.
The counter will be incremented by 1 for the next stage, and the same procedure will be followed for all
blocks. For decryption, the same sequence will be used. Here to convert ciphertext into plain text, each
ciphertext is XOR with the encrypted counter. For the next stage, the counter will be incremented by the
same will be repeated for all Ciphertext blocks.
9. Apply RSA algorithm to generate the RSA Key for p=7 and q=11 and explain RSA Algorithm.
(please check answer 5(b) to understand this example)
Example, p = 7, q = 11
• n=pxq = 77 and (p - 1)(q - 1) = 60
• Pick a value of e that is relatively prime of 60, e = 7
• d= 7-¹ mod ((7-1) x (11-1))
7d = 1mod60, we have d = 43
• Public key <e,n> = <7,77>
Private key <d,n> = <43,77>
• A message = 9
• c = m² mod n = 9 ^ 7 * r mod 77 = 37
• m = cd mod n = 37 ^ 43 mod 77= 9
10. Explain Diffie-Hellman key exchange algorithm and generate common keys shared by Alice
and Bod with p=23 and g=5.
Step by Step Explanation
Alice:Public Keys available = P, G
Private Key Selected = a
Key generated = x=G^amodP
Exchange of generated keys takes place
Key received = y
Generated Secret Key = ka=y^amodP
Bob:Public Keys available = P, G
Private Key Selected = b
Key generated = y=G^bmodP
Exchange of generated keys takes place
Key received = x
Generated Secret Key = kb=x^bmodP
Algebraically, it can be shown that ka=kb
Users now have a symmetric secret key to encrypt
Example:
Step 1: Alice and Bob get public numbers P = 23, G = 5
Step 2: Alice selected a private key a = 4 and Bob selected a private key b = 3
Step 3: Alice and Bob compute public values Alice: x =(5^4 mod 23) = (625 mod 23) = 4
Bob: y =(5^3 mod 23) = (125 mod 23) = 10
Step 4: Alice and Bob exchange public numbers
Step 5: Alice receives public key y =10 and Bob receives public key x = 4
Step 6: Alice and Bob compute symmetric keys
Alice: ka = y^a mod p = 10000 mod 23 = 18 Bob: kb = x^b mod p = 64 mod 23 = 18
Step 7: ka=kb
18 is the shared secret.