Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    Assignment No: 1

    Uploaded by

    Javeria Shakil
    The document contains details of a student named Kazim Hussain enrolled in the Information Security course under teacher Miss Razia Talha. It discusses questions related to confidentiality, integrity and availability of information on different types of web servers and various cybersecurity attacks. Encryption techniques like rail fence cipher and a custom "CS6D-TECHNIQUE" are also explained with examples.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Assignment No: 1

    Uploaded by

    Javeria Shakil
    19 views8 pages
    The document contains details of a student named Kazim Hussain enrolled in the Information Security course under teacher Miss Razia Talha. It discusses questions related to confidentiality, integrity and availability of information on different types of web servers and various cybersecurity attacks. Encryption techniques like rail fence cipher and a custom "CS6D-TECHNIQUE" are also explained with examples.

    Original Description:

    Original Title

    CNS ASS1

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains details of a student named Kazim Hussain enrolled in the Information Security course under teacher Miss Razia Talha. It discusses questions related to confidentiality, integrity and availability of information on different types of web servers and various cybersecurity attacks. Encryption techniques like rail fence cipher and a custom "CS6D-TECHNIQUE" are also explained with examples.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    19 views8 pages

    Assignment No: 1

    Uploaded by

    Javeria Shakil
    The document contains details of a student named Kazim Hussain enrolled in the Information Security course under teacher Miss Razia Talha. It discusses questions related to confidentiality, integrity and availability of information on different types of web servers and various cybersecurity attacks. Encryption techniques like rail fence cipher and a custom "CS6D-TECHNIQUE" are also explained with examples.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 8

    NAME : Kazim hussain

    ROLLNO: Se-18-305

    COURSE NAME : INFORMATION SECURITY

    TEACHER NAME : MISS RAZIA TALHA

    Assignment No : 1
    Q1:

    Confidentiality:To access debit or credit cards one must enter a security password which is available only
    to authorized users and aimed at further enhancing the level of security.Proper encryption of PIN
    ensures that high level of confidentiality is maintained while lack of attention towards the same could
    lead to breach of data or customers information.

    Integrity:Use of advanced, efficient technology and proper optimization & Collaboration of ATMs is
    necessary to ensure their integrity is maintained and customers information is secure.

    Availability:The frequency of ATM should enhance depending upon the demand of the customers and
    further should be frequently updated with cash to provide accurate services. While ATM which is out of
    service could lead to customer dissatisfaction, that of ATM with accuracy in services could attract more
    and more customers.

    Q2:

    a.

    Organization managing public information on its web server:

    Confidentiality:

    Web server contains the public information. So everyone can access that information.

    So there is no confidentiality is provided.So impact of confidentiality level is low

    Integrity:

    Server maintains public information. So there may be anyone can modify that is either authorized user
    or intruder.So impact of integrity level is moderate.

    Availability:
    Loss of information is not a biggest issue in this server.So impact of availability level is moderate.

    b.

    Confidentiality:

    Web server contains the sensitive information. If any of data loss is occurred then it gives high loss.So
    impact of the confidentiality level is high.

    Integrity:

    Server maintains private information. If any modifications occurred it gives huge loss

    So impact of integrity level is high.

    Availability:

    Information is only available to organization that is stored at a single location.

    So impact of availability level is high.

    c.

    Organization managing public information on its web server:

    Confidentiality:

    Web server contains only routine information not privacy related information. So everyone can access
    that information.So there is no confidentiality is provided.So impact of confidentiality level is low

    Integrity:

    Server maintains routine information. If data loss is occured , it is not a big issue.

    So impact of integrity level is low.

    Availability:

    Loss of information is not a biggest issue in this server.So impact of availability level is low.

    d.

    Security contact information:


    Confidentiality:

    Web server contains private information that is pre solicitation phase contract information only.

    So impact of confidentiality level is low

    Integrity:

    Loss data is not a huge problem.Therefore impact of integrity level is moderate.

    Availability:

    Loss of availability is not a huge.

    Therefore impact of availability level is low.Routine administrative information:

    Confidentiality:

    Web server does not contain private information.So impact of confidentiality level is low

    Integrity:

    Loss data is not a huge problem.Therefore impact of integrity level is low.

    Availability:

    Loss of availability is not a huge.Therefore impact of availability level is low.

    e.

    Real time sensor information:

    Confidentiality:

    Web server maintains real time information. So loss of confidentiality is not a big problem.

    So impact of confidentiality level is low

    Integrity:

    Web server provides exact data is necessary. So there is no modification allowed

    Therefore impact of integrity level is high.

    Availability:
    Data availability is required at any time.Therefore impact of availability level is high.

    Routine administrative information:

    Confidentiality:

    Web server does not contain private information.So impact of confidentiality level is low

    Integrity:

    Loss data is not a huge problem.Therefore impact of integrity level is low

    Availability:

    Loss of availability is not a huge problem.Therefore impact of availability level is low

    Q3:

    •) Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file transfers,
    and client/server exchanges are examples of transmissions that can be monitored.

    Passive attacks include Unauthorized disclosure.

    •)Active attacks include the modification of transmitted data and attempts to gain unauthorized access
    to computer systems.

    Active attacks include Deception, Disruption, Usurpation (An event that results in control of system
    services of functions by an unauthorized entity)

    Q4:

    Social engineering is the art of manipulating people so they give up confidential information. The types
    of information these criminals are seeking can vary, but when individuals are targeted the criminals are
    usually trying to trick you into giving them your passwords or bank information, or access your computer
    to secretly install malicious software–that will give them access to your passwords and bank information
    as well as giving them control over your computer.

    Q5:

    SECURITY SERVICES:
    •)Authentication (Assures a message is authentic)

    •)Access Control (each entity is identified or authenticated to obtain correct access rights)

    •)Data Confidentiality (Protection of transmitted data from passive attacks)

    •)Data Integrity (Protection from active attacks to alter data)

    •)Non-repudiation (Prevents either sender or receiver from denying a transmitted message)

    •)Availability (being accessible and usable upon demand)

    SECURITY MECHANISMS:

    •)Access Control - A variety of mechanisms that enforce access rights to resources.

    •)Authentication Exchange - A mechanism intended to ensure the identity of an entity by means of


    information exchange.

    •)Data Integrity - A variety of a mechanisms used to assure the integrity of a data unit or stream of data
    units.

    •)Digital Signature - Used in cryptographic transformation to allow a recipient of the data unit to prove
    the source and integrity of the data unit and protect against forgery (by the recipient.)

    •)Encipherment - Mathemtical algorithms to transform readable data to a form that's not readable

    •)Event Detection - Detection of security-relevant events

    Q6:

    Encryption is the method by which information is converted into secret code that hides the
    information's true meaning.

    Decryption is the method of getting the original information by decoding the secret code.

    BLOCK DIAGRAM:
    Q7:

    There are five types of crytanalysis attacks which are as follows:

    Known-Plaintext Analysis (KPA) :

    In this type of attack, some plaintext-ciphertext pairs are already known. Attacker maps them in order to
    find the encryption key. This attack is easier to use as a lot of information is already available.

    Chosen-Plaintext Analysis (CPA) :

    In this type of attack, the attacker chooses random plaintexts and obtains the corresponding ciphertexts
    and tries to find the encryption key. Its very simple to implement like KPA but the success rate is quite
    low.

    Ciphertext-Only Analysis (COA) :

    In this type of attack, only some cipher-text is known and the attacker tries to find the corresponding
    encryption key and plaintext. Its the hardest to implement but is the most probable attack as only
    ciphertext is required.

    Man-In-The-Middle (MITM) attack :

    In this type of attack, attacker intercepts the message/key between two communicating parties through
    a secured channel.

    Adaptive Chosen-Plaintext Analysis (ACPA) :

    This attack is similar CPA. Here, the attacker requests the cipher texts of additional plaintexts after they
    have ciphertexts for some texts.
    Q8:

    Cipher text : Rjjy rj ts ymj xfggfym.bj bnqq inxhzxx ymj uqfs

    after decypting it, we get

    Plain text : Meet me on the sabbath.We will discuss the plan.

    Q9:

    PLAIN TEXT : Happy Birthday to you

    Encrypting it using Rail Fence technique:

    Assuming depth = 2

    Hpyitdyoo

    apbrhatyu

    ENCRYPTED TEXT: Hpyitdyooapbrhatyu

    Q10:

    "CS6D-TECHNIQUE"

    In this technique,the english alphabets of the message are replaced with their corresponding and
    previous english alphabets alternatively.

    For e.g:

    PLAIN TEXT: HELLO WORLD

    AFTER ENCRYPTION:

    IDMJP VPQMC

    You can observe that the first alphabet "H" is replaced with its corresponding alphabet "I" while the next
    alphabet "E" is replaced with its previous english alphabet "D" then the replacement with corresponding
    and previous alphabets goes on and the message is encrypted.
    To decrypt the message,simply do the opposite of encyption i.e replace the first english alphabet of the
    message with its previous english alphabet and the next english alphabet of the message with its
    corresponding english alphabet and so on.

    ENCRYPTED MESSAGE:

    IDMJP VPQMC

    AFTER DECRYPTION:

    HELLO WORLD

    You might also like