Scribd Logo
Upload

Welcome to Scribd!

  • 308

    Uploaded by

    Himanshu Chaudhary
    11 views16 pages
    Description

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Description

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    11 views16 pages

    308

    Uploaded by

    Himanshu Chaudhary
    Description

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 16
    Govt. R. C. Khaitan Polytechnic College Saipus FIRST CLASS TEST PAPER ‘THIRD YEAR. “CRYPTOGRAPHY AND NETWORK SECURITY (CS308) Time: One Hour Max, Marks:15 ote: Attempt Any three questions. All questions carry equal marks Explain principle of security Jen if someone else jot B gets the envelope and ev' This is the principle fe to ensure that no one exces t come to know about the details of the cheque ‘hat no one can tamper with the contents of the name of the payee, etc.). this is the lke to make sure mount, dat, signsture, indeed come from A and not from the principle wosits the cheque in his account, the money is dep sent the fecount and then A refuses having written/ Jw A to refute this claim and. signature to disad se As sf non-repudi curity. There are two more, access control and paiticular, message, but are linked to the overall Interception causes loss of message confidentiality: ‘The authentication process or document is correctly identified. For ‘document over the Internet to user B. sent this documents Authentication Authentication mechanism h ‘ensures that the origin of a electronic message ince, suppose that user C send an electronic However, the trouble is that user C has posed as user A when she 8, hew'would use B know that the message has come form user C, who is posing al life example of this could be the case of a user C, posing As user A, ansfer request (from A’s account to C’s account] to bank B. the bank ansfer the funds from A’s account to C’s account- after all, it would think guested for the funds transfer. This type of attack is called as lp establish proof of identities: d after the sender sends it, Butit reach ity of the message is lost. For example, a Suppose You write a cheque for Rs 100 to ee the goods bought from the market. However, na: See your next account statement, you are startled to see that the cheque in payment of Rs 1000, This is the case of loss of, ‘ oaeani sees message integrity. Here, user C ees age originally sent by user A which is actually destined for user 8. va somehow messages to access it, change its contents and send the changed ag iBe to User B. User 8 has no way of knowing that the contents of the message wer: janged after user A had sent it. User A also does not know about this change. This type Of attack is called as modification. ‘dost eoute ofthe massage ee Transfer $100 “Transtor oD $1000, ‘Actual route af tho messag0 ec Modification causes loss of message integrity. Non- repudiation Thera are situations wherea user sendsa message and later on refuses that he had sent that message. For instance, user A could send a funds transfer request to bank B over the internet. after the bank performs the funds transfer as per A's instructions, A& ld Claim that he never sent the funds tranefer instruction tot the bank! Thus, @ repudiates Of denies, his funds transfer instruction. The principle of non-repudiation defeats such sof denying something, having done it. possibili [never sent that message, which you claim to have recelved ===> Non- repudiation does not allow the sender of a message to ‘refute the claim of not sending that message. cess what. For 9 snould be able to a can view the records in a database, int be allowed © make updates 25 well: AN fis, Access control broadly related ecess contol mechanis™ p to wo areas: rote managemen nd rule managernene: role management concentrates of the user side (which use! C20 “ho what), wneteas (Ue management focuses O° the sesqurces side (which resource 8 ecossiole and under M2 Hreumstances) Bosc °° oss control mattis [2 prepared, which lists the users ppecteeenie camatitcsse file X, but n access: islons taken here, an 2 ay can act d 2). An Access the de against a list of items the) can only update files ¥ an cess (e.g. It can S2Y Control Ui js a subset of 3 ist( ACL) ‘control matrix. Access Control speci “¢ Control specifies and controls who can access what. Availability The principle of ple of availability states z that resources (i ees etna es (1e. information) should be available Seas cates st a ue + example, due to the intentional actions of 2n a oe a user A may not be able to contact a server com iple of availability. Such an attack is called as inte! er interruption. 2. Whi a at are different types of Ans 2:-Types of Attacks ee plain bri We can classify a technologist’s yj ttacks with respect oe Rect to 1. Criminal attacks 2. Publicity attacks 3. Legal Attacks “wi the common person’s view and an These attacks are further grouped into two ‘pes: * Passive attacks and + active attacks, Passive attacks:- Passive attacks are those, wher 1 oad eels wherein the attacker indulges in itoring of data transmission. In othar words, the attacker aims to obtain information that is in transit, The term passive ee Fee dons not attempt t9 perform any modification to the data, In fact, this Is also why passive attacks are harder to detect, Thus, the general approach to deal with passive attacks is to think about prevention, rather than detection or corrective actions. Passive attacks do not involve any modifications to the contents of an original message Classification of passive attacks into two sub-categories. These categories are namely, release of message contents and traffic analysis. Active Attack: Unlike passive attacks, the active attacks are based on modification of the original message in some manner or the creation of a false message. These attacks cannot be prevented easily. However, they can be detected with some effort and attempts can be made to recover from them. These attacks can be in the form of interruption, modification an fabrication. In active attacks, the contents of the original message are modified in some way. + Trying to pose as another entity involves masquerade attacks. Modification attacks can be classified further into replay attacks an alteration of messages. «Fabrication causes Denial Of Service (DOS) attacks. Programs that Attack Virus:-One-In simple, terms, a virus is a piece of program code that attached itself to legitimate program code and runs when the legitimate program runs, ‘A virus is 2 computer program that attaches itself to another legitimate program and causes damage to the computer system or to the network, phase phase hase pormant 2, Propagation ing ‘iggetir® Sa rae! 4 ution a te fo the follow be classified int Viruses parasitic vitUs 2 sident VITUS 2, Memory: Te! 3, Boot sector virus 4, stealth virus 5, Polymorphic virus 6. Metamorphic virus Worm — A virus modifies a program ( implementation. ae ie ‘A worm is actually different in imp! ee city ittaches itself to the program under attack). A worm, however, doe: i 5 ch that rogram. Instead, it replicates itself again and again. The replication grows so mu tac the compute or the network not which the worm residés, becomes very slow, finally coming to a halt. A worm dees not perform any destructive actions and instead, only consumes system resources to bring it down. Trojan Horse computer or a network. Applets and Activex controls oe applets{ form Sun Microsystems) and ActiveX controls (from Microsof oF " i Ss ek : “Peretion) are small client-side programs that Imight cause security problems, if used by attackers with a malicious intention, ae je a number of interactions between ient to identify itself fhanism of maintaining the state ‘cookie fs just one or more pieces of e of the client computer(i-e. the ouser 2 cookie andthe browser Pi is illustrate practical situations, this could washes So orca cna best grotna oo aeerstcame messane Pic gerous. actualy, this is generally not true. Cookies i to you. Fist, the web server that originally created a cookie "secondly, cookies can contain only text-based information. mes. Attackers set up fake web sites, 0, since creating web pages involves t, CSS(Cascading Style Sheets) etc. itacker's modus operandi works as fe, which looks very identical to a clone Citibank’s web site. The able to distinguish between the the bank’s customers. We the email system to Suge (e-8. accountmanger@cit ank.com), 7; has been some Sort of same email, is tly clicks on the URL spectied in the jot the bank’s original site. There, Confidential information, such as her @ site looks exactly like the original bank n. The attacker gladly accepts this to the unsuspecting victim. in the basic purpose 0 make Govt. R. C. Khaitan Polytechnic College Jaipur SECOND CLASS TEST PAPER THIRD YEAR CRYPTOGRAPHY AND NETWORK SECURITY (C5308) Max. Marks: 15, In Asymmetric key cryptography, two different other corresponding key must be the first) “Asymmetric key”. for encryption & only the ‘key can decrypt message — not even the original ( i.e. se to B without having to worry about its security Then, A&B public key - _ B should keep her private key secret blic key . BShould inform A about her public key nmetric key cryptography work as follow: Arencrypts the message using B's public key . This is public key ) .B DECRYPTS ‘S a message Using private key & the message can be decrypted e can make any sense out of the message d into the algorithm as input yes various transformations on the been selected so that if one is used for st transformations performed by the #5 output. it depends on the plaintext Oduce two different cipher texts, xt and the matching Key ane! Gi teas arkansas my suncnestice i Alice's private key, With this approach, all ate keys are generated focally by each Aslong asa user's private key remains &. Atany time, a system can change its place its old public key. © Conan A's private key, only A could hat message serves as a digital signature. In add ‘access to A's private key, so the mes of data integrity Js able to invert the encrypted using 1@ entire encrypted message without ition technique of enciphering? plaintext are nce of 15 of das 2 seaue xt bit patterns: text symbol for 3 ch the lette! ext is Viewe' cipher te ipher fone in whi ifthe plaint is with: 0.2, What Is differen explain play fair ipher- ‘Ans 2+! Substitution:= by numbers or s¥ text bit pattern: nique is ‘A substitution tech pmbols. I So eeerar involve the substitution Of 2

    You might also like