CNS - 2019

Visit www.Bustudymate.
in For More Study Material
VI Sem B.C.A. – 2019

CNS
Section – A (2 marks)
1. Define Cryptography
The art and science of concealing the messages to introduce secrecy in information security
recognized as cryptography.
2. Distinguish between Active and Passive attacks.
Active attack: Attempts to alter system resources or affect their operation.
Passive attack: Attempts to learn or make use of information from the system but does not
affect system resources.
3. Define Integrity and Non-repudiation.
Integrity: Guarding against improper information modification or destruction like data integrity and
system integrity.
Non – repudiation: It prevents either sender or receiver from denying a transmitted message .
4. Find the GCD of 16 and 48.
5. Define padding in block cipher.
In cryptography, padding is any of a no. of distinct practices which all include adding data to the
beginning, middle or end of the message prior to encryption.
6. Define Resedue class
7. Estimate the block size of MD5.
MD5: Digest size: 16, Block size: 64
8. Define S/MIME
S/MIME (Secure/Multipurpose Internet Mail Extension) is a security enhancement to the MIME
Internet e-mail format standard, based on technology from RSA Data Security.
9. What is Kerberos?
Kerberos is a computer-network authentication protocol that works on the basis of tickets to
allow nodes communicating over a non-secure network to prove their identity to one another in a
secure manner.
10. Define the Diffie – Hellman protocol.
The Diffie-Hellman protocol is a method for two computer users to generate a shared private key with
which they can then exchange information across an insecure channel.
11. List any 2 applications of X.509 certificate.
• SSL/TLS and HTTPS for authenticated and encrypted web browsing.
• Signed and encrypted email via the S/MIME protocol.
• Code signing.
• Document signing.
• Client authentication.
• Government-issued electronic ID.
12. Define Hijacking.
Hijacking is a type of network security attack in which the attacker takes control of a
communication.
Section – B (5 marks)
13. Compare steganography and watermarking.
• The purpose of both is to provide secret communication.
Follow Us on Instagram @Bustudymate

Visit www.Bustudymate.in For More Study Material
• Cryptography hides the contents of the message from an attacker, but not the existence of the
message.
• Steganography/watermarking even hide the very existence of the message in the
communicating data.
• Consequently, the concept of breaking the system is different for cryptosystems and
stegosystems (watermarking systems).
• A cryptographic system is broken when the attacker can read the secrete message.
• Breaking of a steganographic/watermarking system has two stages
- The attacker can detect that steganography/watermarking has been used
- The attacker is able to read, modify or remove the hidden message.
• A steganography/watermarking system is considered as insecure already if the detection of
steganography/watermarking is possible.
14. State and explain the principles of public key cryptography
In public key cryptography, encryption key is made public, but it is computationally infeasible to find the
decryption key without the information known to the receiver.
A MODEL FOR NETWORK SECURITY
A message is to be transferred from one party to another across some sort of internet. The two parties,
who are the principals in this transaction, must cooperate for the exchange to take place.
A logical information channel is established by defining a route through the internet from source to
destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
Using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the transformation and secret information for a
security service
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorized users access designated information or
resources
15. With a neat diagram explain the general structure of DES
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is
64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of

the key are not used by the encryption algorithm (function as check bits only). General Structure of DES
is depicted in the following illustration −
Initial and Final Permutation:

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES.
Round Function: The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to
the rightmost 32 bits to produce a 32-bit output.
Key Generation: The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
16. Explain Transposition cipher with an example
A very different kind of mapping is achieved by performing some sort of permutation on the plaintext
letters. This technique is referred to as a transposition cipher.
Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows.
Plaintext = meet at the school house
To encipher this message with a rail fence of depth 2, we write the message as follows:
meatecolos
etthshohue
The encrypted message is
MEATECOLOSETTHSHOHUE
Row Transposition Ciphers - A more complex scheme is to write the message in a rectangle, row by row,
and read the message off, column by column, but permute the order of the columns. The order of
columns then becomes the key of the algorithm.
e.g., plaintext = meet at the school house
Key = 4 3 1 2 5 6 7
PT = m e e t a t t
h eschoo
l house
CT = ESOTCUEEHMHLAHSTOETO

A pure transposition cipher is easily recognized because it has the same letter frequencies as the original
plaintext. The transposition cipher can be made significantly more secure by performing more than one
stage of transposition. The result is more complex permutation that is not easily reconstructed.
17. State the important properties of public key encryption scheme.
The most important properties of public key encryption scheme are −
• Different keys are used for encryption and decryption. This is a property which set this scheme
different than symmetric encryption scheme.
• Each receiver possesses a unique decryption key, generally referred to as his private key.
• Receiver needs to publish an encryption key, referred to as his public key.
• Some assurance of the authenticity of a public key is needed in this scheme to avoid spoofing by
adversary as the receiver. Generally, this type of cryptosystem involves trusted third party which
certifies that a particular public key belongs to a specific person or entity only.
• Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext from
the ciphertext and the encryption (public) key.
• Though private and public keys are related mathematically, it is not be feasible to calculate the
private key from the public key. In fact, intelligent part of any public-key cryptosystem is in
designing a relationship between two keys.
18. Why SHA more secure than MD5?
SHA-1 appears to be more secure than MD5 in many regards. While there have been some
known attacks reported on SHA-1, they are less serious than the attacks on MD5. There are more secure
and better hash functions available now, such as SHA-256, SHA-384, and SHA-512, all of which are
practically secure with no prior history of attacks reported on them. Although, MD5 is one of the well
recognized cryptographic hash functions, it is not ideally suitable for security-based services and
applications because it is cryptographically broken. Thus, MD5 is considered less secure than SHA by
many authorities on cryptography. The SHA algorithm is slightly slower than MD5, but the larger
message digest length makes it more secure against inversion attacks and brute-force collision.
19. Briefly explain the architecture of SSL.
Transport layer security provides end-end services to application that uses a reliable Transportation
layer protocol such as TCP. The aim is to provide the security services for transactions on the internet.
One of the goals of these protocols were to provide client and server authentication, data confidentiality
and data integrity.
SSL is specific to TCP and it does not work with UDP. SSL provides Application Programming Interface
(API) to applications. C and Java SSL libraries/classes are readily available.
SSL protocol is designed to interwork between application and transport layer as shown in the
following image −
SSL itself is not a single layer protocol as depicted in the image; in fact it is composed of two sub-layers.
• Lower sub-layer comprises of the one component of SSL protocol called as SSL Record Protocol.
This component provides integrity and confidentiality services.

• Upper sub-layer comprises of three SSL-related protocol components and an application

protocol. Application component provides the information transfer service between
client/server interactions. Technically, it can operate on top of SSL layer as well. Three SSL
related protocol components are −
o SSL Handshake Protocol
o Change Cipher Spec Protocol
o Alert Protocol.
• These three protocols manage all of SSL message exchanges and are discussed later in this
section.
20. Explain Tunnel mode of IPSec

Tunnel mode provides protections to the entire IP packet. To achieve this, the Header or trailer fields
are added to the IP packet, the entire packet plus security fields is treated as the payload of new “outer”
IP packet with the new outer IP header.
The entire original, or inner, packet travels through a “tunnel” from one point of an IP network to the
another, no router along the way are able to examine the inner IP header. Because the original packet is
encapsulated, the new, large packet may have totally different source and destination addresses, adding
to the security. With the tunnel mode, a number of hosts on networks behind firewalls may engage in
secure communications without implementing IPSec.

Section – C (15 - marks)

21. a) Briefly explain the model of conventional cryptosystem.
Conventional encryption involves transforming plaintext messages into ciphertext messages that are to
be decrypted only by the intended receiver. Both sender and receiver agree upon a secrete key to be
used in encrypting and decrypting. The secret key is transmitted via public key encryption methods.
• A source produces a message in plaintext, X = [X1, X2, … XM].

• The M elements of X are letters in some finite alphabet.
• For encryption, a key of the form K = [K1, K2, .. KJ] is generated. If the key is generated at the
message source, then it must also be provided to the destination by means of some secure
channel.
• With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2, …, YN]. i.e., Y = E(K, X)
• At the receiver end, in possession of the key, is able to convert the ciphertext:
X = D(K, Y). An opponent, observing Y but not having access to K or X, may attempt to recover X
or K or both X and K.
It is assumed that the opponent knows the encryption(E) and decryption(D) algorithms.
If the opponent (cryptanalyst) is interested in only this particular msg, then the focus of the effort is to
recover X by generating a plaintext and can also an attempt is made to recover K by generating an
estimate.
b) Find det. A if A = 9 0 -2
-3 -5 2
2 0 6
9 0 -2
-3 -5 2
Soln: Given det. A =
2 0 6
|A| = 9[(-5)(6) - 0] – 0 + (-2)[0 – (2)(-5)]
|A| = 9(-30)-10
|A| = -280

22. a) Explain the 4 stages of AES algorithm.

• AES is a block cipher intended to replace DES for commercial applications.
• AES is a subset of Rijndael block cipher.
• It is a successor of Data Encryption Standard (DES) and is stronger and faster than DES.
• It is a symmetric key symmetric block cipher.
• It operates on 128-bit (16 bytes) data.
• The cipher key may be of 128, 192 or 256 bits.
• All computations are performed on bytes rather than bits.
• AES gives full specification and design details.
• It can be implemented using languages C and Java for software protection.
The encryption process of Advanced Encryption Standard is based upon substitution and
permutation operations in iterative manner. The 16 bytes of data are arranged in a matrix of four
columns and four rows. On this matrix, AES performs rounds of substitution-permutation operations.
Each of these rounds uses a different cipher key, which is calculated from the original AES key. The
number of rounds of operations depends upon the size of the key in the following manner −
• For 128-bit cipher key, 10 rounds

The following diagram shows the schematic structure −
The encryption sub-processes in the above algorithm are −

• Key Expansion − The round keys are calculated from the cipher key using Rijndael's block cipher
schedule.
• Pre–Transformation − This comprises of only 1 process namely Add_Round_Key. Here, XOR
operation is performed on each data byte with a byte of the round key.
• Round 1 to Round (N-1) − Four sub-processes are performed here.
o Sub_Bytes − Non-linear substitution is performed on each byte whereby the byte is
replaced with another byte as per a lookup table.

o Shift_Rows − Transposition is performed wherein a certain number of cyclical shifting of

the last three rows is done.
o Mix_Columns − Mixing of rows and columns in a pre-defined manner is performed.
o Add_Round_Key − XOR operation is performed on each byte with a byte of the round
key.
• Round N − The final round comprises of three sub-processes, namely −
o Sub_Bytes
o Shift_Rows
o Add_Round_Key
The four stages are as follows:
i) Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a
matrix of four rows and four columns.
ii) Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on the
right side of row. Shift is carried out as follows −
• First row is not shifted.
• Second row is shifted one (byte) position to the left.
• Third row is shifted two positions to the left.
• Fourth row is shifted three positions to the left.
• The result is a new matrix consisting of the same 16 bytes but shifted with respect to each
other.
iii) MixColumns
Each column of four bytes is now transformed using a special mathematical function. This function takes
as input the four bytes of one column and outputs four completely new bytes, which replace the original
column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is
not performed in the last round.
iv) Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round
key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are
interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order.
Each round consists of the four processes conducted in the reverse order −

• Add round key

• Mix columns
• Shift rows
• Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and
decryption algorithms need to be separately implemented, although they are very closely related.
b) Explain the rules of Playfair cipher with an example.
The best known multiple letter encryption is the playfair, which treats diagrams in the plaintext
as single units and translates these units into cipher text diagrams.
In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts
as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the
alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext
contains J, then it is replaced by I.
The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the first characters
(going left to right) in the table is the phrase, excluding the duplicate letters. The rest of the table will be
filled with the remaining letters of the alphabet, in natural order. The key table works out to be −
Process of Playfair Cipher

• First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of
letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”.
It will be written as −
HI DE MO NE YZ
• The rules of encryption are −
o If both the letters are in the same column, take the letter below each one (going back to
the top if at the bottom)
T U O R I
A L S B C
‘H’ and ‘I’ are in same column, hence take letter below
D E F G H
them to replace. HI → QC
K M N P Q
V W X Y Z
• If both letters are in the same row, take the letter to the right of each one (going back to the left
if at the farthest right)

T U O R I
A L S B C
D E F G H ‘D’ and ‘E’ are in same row, hence take letter to the right of
them to replace. DE → EF
K M N P Q
V W X Y Z
• If neither of the preceding two rules are true, form a rectangle with the two letters and take the
letters on the horizontal opposite corner of the rectangle.
Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be −
QC EF NU MF ZV
Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has the same
key and can create the same key table, and then decrypt any messages made using that key.
Security Value
It is also a substitution cipher and is difficult to break compared to the simple substitution cipher. As in
case of substitution cipher, cryptanalysis is possible on the Playfair cipher as well, however it would be
against 625 possible pairs of letters (25x25 alphabets) instead of 26 different possible alphabets.
The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick to use
and requires no special equipment.
23. a) Explain the procedure for RSA cryptosystem.
The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and
hence, it is termed as RSA cryptosystem. RSA encryption and decryption are commutative; hence it may
be used directly as a digital signature scheme.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to generate
a pair of keys, namely public key and private key. The process followed in the generation of keys is
described below −
• Generate the RSA modulus (n)
o Select two large primes, p and q.
o Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a
minimum of 512 bits.
• Find Derived Number (e)
o Number e must be greater than 1 and less than (p − 1)(q − 1).
o There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words
two numbers e and (p – 1)(q – 1) are coprime.
• Form the public key
o The pair of numbers (n, e) form the RSA public key and is made public.

o Interestingly, though n is part of the public key, difficulty in factorizing a large prime
number ensures that attacker cannot find in finite time the two primes (p & q) used to
obtain n. This is strength of RSA.
• Generate the private key
o Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
o Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less
than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
o This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
Signing and Verifying
Signing: Alice creates a signature out of the msg using her private exponent, S = Md mod n and sends the
msg & signature to Bob.
Verifying: Bob receives M & S, he applies alice’s public exponents to the signature to create copy of the
msg M| = Se mod e. Bob compare the value of M|
M| = M(mod n) -> Se = M(mod n) -> Md*e = M(mod n)
RSA signature on Message Digest
Alice the signer, first use an agreed- upon hash function to create a digest from the message, D =
h(M), She then signs the digest, S = Dd mod n. Both msg and signature are sent to Bob.
The verifier receives the msg and signature. He first uses the Alice’s public exponent to retrieve
the digest D’ = Se mod n, applies the Hash algorithm to the msg received to obtain D = h(M).
b) Differentiate between Symmetric and Asymmetric Key Cryptography.
Symmetric Key Asymmetric Key
i) Symmetric key cryptography is based on sharing i) Asymmetric key cryptography is based on
secrecy. personal secrecy.
ii) The secret key must be shared between two ii) The secret key is personnel; each person creates
persons. and keeps his or her own secret.
iii) In a community of n people, n(n-1)/2 shared iii) Only n personal secrets are needed in
secrets are needed for symmetric key asymmetric key cryptography.
cryptography.
iv) Symmetric is one way function. iv) Asymmetric is a two way function
v) Symmetric key uses one key for both encryption v) Asymmetric uses two different key for
and decryption. encryption public key and for decryption private
key.
vi) This does not use a key. vi) this makes use of the key
vii) Performance: Symmetric encryption is fast in vii) Asymmetric Encryption is slow in execution
execution. due to the high computational burden.
viii) Algorithm: DES, 3DES, AES, and RC4. viii) Diffie-Hallman, RSA
ix) Purpose: The symmetric encryption is used for ix) the asymmetric encryption is often used for
bulk data transmission. securely exchanging secret keys.
24. a) Explain the working of Digital Signature with a neat diagram.

• The sender uses a signing algorithm to sign the message.
• The message and the signature are sent to the receiver.
• The receiver receives the message and the signature and applies the verifying algorithm to the
combination if the result is true, the message is accepted otherwise, it is rejected.

• Need for keys:
In a digital signature, the signer uses he/she uses her private key, applied to a signing algorithm,
to sign the document. The verifier, on the other hand, uses the public key of the signer, applied
to verifying algorithm, to verify the document.
In this, public and private keys are used in a cryptosystem for confidentiality. The sender uses
the public key of the receiver to encrypt. The receiver uses his/her own private key to decrypt.
• Signing the Digest:
In this, the msgs are normally long, but we have to use asymmetric key schemes. The
solution is to sign a digest of the message, which is shorter than the message. He the sender can
sign the message digest and the receiver can verify the message digest the effect is same.
i.e.,
oA digest is made out of the message at Alice, S site.
oThe digest goes through the signing process using Alice private key, Alice then sends the
message and signature to Bob.
o At Bobs site, using the same public hash function, a digest is first created out of the
received. Calculations are done on the signature and the digest.
o Verify process also applies to determine authenticity of the signature, if authentic, the
message is accepted otherwise it is rejected.
b) How does PGP provide confidentiality and authentication service for e-mail? Explain
Pretty Good Privacy (PGP) is a secure email program that provides a confidentiality and
authentication service that can be used for electronic email and file storage applications. PGP achieves
confidentiality and authentication by the following steps:
1. The sender creates a message M
2. SHA-1 is used to generate a 160-bit hash code of the message
3. The hash code is then encrypted with RSA using sender’s private key.
4. The result is concatenated with the original message. (Pts. 1-4 covers authentication)

5. Also, a 128-bit number is generated which is going to be the session key for the current session
only.
6. The message from step 4 is encrypted using CAST-128 and the session-key
7. The session-key is then encrypted with RSA using the recipient’s public key and is attached
(pretended) to the message. (Pts. 5-7 covers confidentiality)
8. Message is transferred through the medium.
9. The receiver uses RSA to with its private key to decrypt and recover session key
10. Now since the session key is obtained , the remaining message is decrypted using sender’s
public key and RSA
11. The receiver then generates a hash code for the message and compares them it with the
decrypted hash code. If they match, the message is considered as authentic.
25. a) List and explain the four protocols of SSL.

SSL Protocol
• SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
• SSL is not a single protocol but rather two layers of protocols, as illustrated in Figure below.
• The SSL Record Protocol provides basic security services to various higher layer Protocols.
• In particular, the Hypertext Transfer Protocol (HTTP), which providesthe transfer service for
Web client/server interaction, can operate on top ofSSL.
• Three higher-layer protocols are defined as part of SSL:
1. the Handshake Protocol,
2. The Change Cipher Spec Protocol,
3. The Alert Protocol.
• These SSL-specific protocols are used in the management of SSL exchanges and are examined
later in this section.

• Two important SSL concepts are the SSL session and the SSL connection, which are defined in
the specification as follows.
1. Connection:
o A connection is a transport (in the OSI layering model definition that provides a suitable
type of service.
o For SSL, such connections are peer-to-peer relationships. The connections are transient.
Every connection is associated with one session.
2. Session:
o An SSL session is an association between a client and a server.
o Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic
security parameters which can be shared among multiple connections.
o Sessions are used to avoid the expensive negotiation of new security parameters for
each connection.
Handshake Protocol
• This protocol allows the server and client to authenticate each other and to negotiate an
encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL
record.
• The Handshake Protocol is used before any application data is transmitted. The Handshake
Protocol consists of a series of messages exchanged by client and server.
Type (1 byte): Indicates one of 10 messages.
Length (3 bytes): The length of the message in bytes.
Content (bytes): The parameters associated with this message
Phase 1
Establishing Security Capabilities
• The exchange is initiated by the client, which sends a client hello message with the following
parameters:
Version: The highest SSL version understood by the client.
Random: A client-generated random structure consisting of a 32-bit timestamp and 28 bytes generated
by a secure random number generator. These values serve as numbers and are used during key
exchange to prevent replay attacks.

Session ID: A variable-length session identifier. A nonzero value indicates that the client wishes to
update the parameters of an existing connection or to create a new connection on this session. A zero
value indicates that the client wishes to establish a new connection on a new session.
CipherSuite: This is a list that contains the combinations of cryptographic algorithms supported by the
client, in decreasing order of preference. Each element of the list (each cipher suite) defines both a key
exchange algorithm and a CipherSpec
PHASE 2.
SERVER AUTHENTICATION AND KEY EXCHANGE
• In this phase the server authenticates itself if needed.
• The sender may send its certificate, its public key and may also request certificate from client.
• At the end server announces that the server Hello process is been done.
After phase 2
• The server is authenticated to the client.
• The client knows the public key of the server if required.
Phase 3
CLIENT KEY EXCHANGE AND AUTHENTICATION
Phase 3 is designed to authenticate the client upto 3 messages are send from client to server.
After phase 3
• The client is authenticated for the server
• Both client and server knows pre- master secret.
Phase 4
FINALIZING AND FINISHING
• In phase 4 client and server send messages to change cipher specification and to finish the
handshake protocol
• Four messages are exchanged in this phase as shown below:
SSL RECORD PROTOCOL: The SSL Record Protocol provides two services for SSL connections:
• Confidentiality: The Handshake Protocol defines a shared secret key that is used for
conventional encryption of SSL payloads.
• Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form
a message authentication code (MAC).
The figure indicates the overall operation of the SSL Record Protocol. The Record
Protocol takes an application message to be transmitted, fragments the data into manageable
blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits
the resulting unit in a TCP segment. Received data are decrypted, verified, decompressed, and
reassembled and then delivered to higher-level users.

Operations of SSL Record Protocol are:

Step 1: The fragmentation, each upper-layer message is fragmented into blocks of 214 bytes
(16384 bytes) or less.
Step 2: The compression is optionally applied. Compression must be lossless and may not
increase the content length by more than 1024 bytes. The default compression algorithm is null.
Step 3: To compute a Message Authentication Code (MAC) over the compressed data. For this
purpose, a shared secret key is used.
Step 4: The compressed message plus the MAC are encrypted using symmetric encryption.
Encryption may not increase the content length by more than 1024 bytes, so that the total
length may not exceed 214 + 2048 bits.
Step 5: The final step of SSL Record Protocol processing is to append a header.
The final step of SSL Record Protocol processing is to prepend a header, consisting of the
following fields:
• Content Type (8 bits): The higher layer protocol used to process the enclosed fragment.
• Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.

• Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.
• Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed
fragment if compression is used). The maximum value is 214 + 2048.
Change Cipher Spec Protocol
The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record
Protocol, and it is the simplest. This protocol consists of a single message (Figure 1.5a), which consists of
a single byte with the value 1. The sole purpose of this message is to cause the pending state to be
copied into the current state, which updates the cipher suite to be used on this connection.
Alert Protocol:
The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with other applications that
use SSL, alert messages are compressed and encrypted, as specified by the current state. Each message
in this protocol consists of two bytes. The first byte takes the value warning (1) or fatal(2) to convey the
severity of the message. If the level is fatal, SSL immediately terminates the connection. Other
connections on the same session may continue, but no new connections on this session may be
established. The second byte contains a code that indicates the specific alert. First, we list those alerts
that are always fatal (definitions from the SSL specification):
• unexpected_message: An inappropriate message was received.
• bad_record_mac: An incorrect MAC was received.
• decompression_failure: The decompression function received improper input (e.g., unable to
decompress or decompress to greater than maximum allowable length).
• handshake_failure: Sender was unable to negotiate an acceptable set of security parameters
given the options available.
• illegal_parameter: A field in a handshake message was out of range or inconsistent with other
fields. The remainder of the alerts are the following:
• close_notify: Notifies the recipient that the sender will not send any more messages on this
connection. Each party is required to send a close_notify alert before closing the write side of a
connection.
• no_certificate: May be sent in response to a certificate request if no appropriate certificate is
available. The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use
the SSL Record Protocol, and it is the simplest. This protocol consists of a single message (Figure
1.5a), which consists of a single byte with the value 1. The sole purpose of this message is to
cause the pending state to be copied into the current state, which updates the cipher suite to
be used on this connection.
• bad_certificate: A received certificate was corrupt (e.g., contained a signature that did not
verify).
• unsupported_certificate: The type of the received certificate is not supported.
• certificate_revoked: A certificate has been revoked by its signer.

• certificate_expired: A certificate has expired.

• certificate_unknown: Some other unspecified issue arose in processing the certificate,
rendering it unacceptable.
b) Explain X.509 certificate.
The use of a CA solved the problem of public-key fraud. The Internet community has accepted.
The ITU-T recommendation X.509 as a way to unify certificate formats.
The optional Issuer or Subject unique Identifier allows two issuers or two subjects to have the same
value in the Issuer or Subject name field, provided their unique identifiers are different.
The certificate has the following important fields:
• Version number: This field is the version of X.509 (current version is 3).
• Serial number: this field is the serial number assigned to each certificate and is unique for each
certificate issuer.
• Signature algorithm ID: this field identifies the signature algorithm used in the certificate.
• Validity period: this field defines the earliest (not before) time and the latest (not after) time
during which the certificate is valid.
• Subject name: this field defines the entity that owns the public key stored in this certificate.
• Subject public key: this field gives the value of the public key of the owner of the certificate and
defines the public key algorithm.
• Signature: this field contains the digest of all other fields in the certificate encrypted by the CA's
private key, and also contains the ID of the signature algorithm.
*ITU-T = International Telecommunication Union-Telecommunication Standardization Sector
• Certificate Renewal: Each certificate has a period of validity. If there is no problem with the
certificate, the CA issues a new certificate before the old one expires.
• Certificate Revocation: In some cases a certificate must be revoked before its expiration (e. g.,
the private key of the subject or of the CA has been compromised), The revocation is done by
periodically issuing certificate revocation list (CRL) that contains all revoked certificates that
have not expired on the date the CRL is issued. To ensure the validity of a certificate, the user
must check the latest CRL published by the CA that issued the certificate
A certificate revocation list has the following fields:
• Signature algorithm ID
• Issuer name
• This Update date
• Next update date
• Revoked certificate
• Signature

Delta Revocation: To make revocation more efficient, the delta certificate revocation list has been
introduced. A delta CRL is created and posted on this on this directory if there are changes after this
update date and next update date.
Section – D
26. Discuss in detail block cipher modes of operations.
A block cipher processes the data blocks of fixed size. Usually, the size of a message is larger
than the block size. Hence, the long message is divided into a series of sequential message blocks, and
the cipher operates on these blocks one at a time.
Electronic Code Book (ECB) Mode
This mode is a most straightforward way of processing a series of sequentially listed message blocks.
Operation
• The user takes the first block of plaintext and encrypts it with the key to produce the first block
of ciphertext.
• He then takes the second block of plaintext and follows the same process with same key and so
on so forth.
The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted twice under the same
key, the output ciphertext blocks will be the same.
In fact, for a given key technically we can create a codebook of ciphertexts for all possible plaintext
blocks. Encryption would then entail only looking up for required plaintext and select the corresponding
ciphertext. Thus, the operation is analogous to the assignment of code words in a codebook, and hence
gets an official name − Electronic Codebook mode of operation (ECB). It is illustrated as follows −
Analysis of ECB Mode

In reality, any application data usually have partial information which can be guessed. For example, the
range of salary can be guessed. A ciphertext from ECB can allow an attacker to guess the plaintext by
trial-and-error if the plaintext message is within predictable.
For example, if a ciphertext from the ECB mode is known to encrypt a salary figure, then a small number
of trials will allow an attacker to recover the figure. In general, we do not wish to use a deterministic
cipher, and hence the ECB mode should not be used in most applications.
Cipher Block Chaining (CBC) Mode
CBC mode of operation provides message dependence for generating ciphertext and makes the system
non-deterministic.
Operation
The operation of CBC mode is depicted in the following illustration. The steps are as follows −
• Load the n-bit Initialization Vector (IV) in the top register.
• XOR the n-bit plaintext block with data value in top register.
• Encrypt the result of XOR operation with underlying block cipher with key K.
• Feed ciphertext block into top register and continue the operation till all plaintext blocks are
processed.
• For decryption, IV data is XORed with first ciphertext block decrypted. The first ciphertext block
is also fed into to register replacing IV for decrypting next ciphertext block.

Analysis of CBC Mode

In CBC mode, the current plaintext block is added to the previous ciphertext block, and then the result is
encrypted with the key. Decryption is thus the reverse process, which involves decrypting the current
ciphertext and then adding the previous ciphertext block to the result.
Advantage of CBC over ECB is that changing IV results in different ciphertext for identical message. On
the drawback side, the error in transmission gets propagated to few further block during decryption due
to chaining effect.
It is worth mentioning that CBC mode forms the basis for a well-known data origin authentication
mechanism. Thus, it has an advantage for those applications that require both symmetric encryption
and data origin authentication.
Cipher Feedback (CFB) Mode
In this mode, each ciphertext block gets ‘fed back’ into the encryption process in order to encrypt the
next plaintext block.
Operation
The operation of CFB mode is depicted in the following illustration. For example, in the present system,
a message block has a size ‘s’ bits where 1 < s < n. The CFB mode requires an initialization vector (IV) as
the initial random n-bit input block. The IV need not be secret. Steps of operation are −
• Load the IV in the top register.
• Encrypt the data value in top register with underlying block cipher with key K.
• Take only ‘s’ number of most significant bits (left bits) of output of encryption process and XOR
them with ‘s’ bit plaintext message block to generate ciphertext block.
• Feed ciphertext block into top register by shifting already present data to the left and continue
the operation till all plaintext blocks are processed.
• Essentially, the previous ciphertext block is encrypted with the key, and then the result is XORed
to the current plaintext block.
• Similar steps are followed for decryption. Pre-decided IV is initially loaded at the start of
decryption.
Analysis of CFB Mode

CFB mode differs significantly from ECB mode, the ciphertext corresponding to a given plaintext block
depends not just on that plaintext block and the key, but also on the previous ciphertext block. In other
words, the ciphertext block is dependent of message.
CFB has a very strange feature. In this mode, user decrypts the ciphertext using only the encryption
process of the block cipher. The decryption algorithm of the underlying block cipher is never used.
Apparently, CFB mode is converting a block cipher into a type of stream cipher. The encryption
algorithm is used as a key-stream generator to produce key-stream that is placed in the bottom register.
This key stream is then XORed with the plaintext as in case of stream cipher.
By converting a block cipher into a stream cipher, CFB mode provides some of the advantageous
properties of a stream cipher while retaining the advantageous properties of a block cipher.
On the flip side, the error of transmission gets propagated due to changing of blocks.
Output Feedback (OFB) Mode
It involves feeding the successive output blocks from the underlying block cipher back to it. These
feedback blocks provide string of bits to feed the encryption algorithm which act as the key-stream
generator as in case of CFB mode.
The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an IV as the initial
random n-bit input block. The IV need not be secret.
The operation is depicted in the following illustration −
Counter (CTR) Mode

It can be considered as a counter-based version of CFB mode without the feedback. In this mode, both
the sender and receiver need to access to a reliable counter, which computes a new shared value each
time a ciphertext block is exchanged. This shared counter is not necessarily a secret value, but challenge
is that both sides must keep the counter synchronized.
Operation
Both encryption and decryption in CTR mode are depicted in the following illustration. Steps in
operation are −
• Load the initial counter value in the top register is the same for both the sender and the
receiver. It plays the same role as the IV in CFB (and CBC) mode.
• Encrypt the contents of the counter with the key and place the result in the bottom register.
• Take the first plaintext block P1 and XOR this to the contents of the bottom register. The result
of this is C1. Send C1 to the receiver and update the counter. The counter update replaces the
ciphertext feedback in CFB mode.
• Continue in this manner until the last plaintext block has been encrypted.
• The decryption is the reverse process. The ciphertext block is XORed with the output of
encrypted contents of counter value. After decryption of each ciphertext block counter is
updated as in case of encryption.

Analysis of Counter Mode

It does not have message dependency and hence a ciphertext block does not depend on the previous
plaintext blocks.
Like CFB mode, CTR mode does not involve the decryption process of the block cipher. This is because
the CTR mode is really using the block cipher to generate a key-stream, which is encrypted using the
XOR function. In other words, CTR mode also converts a block cipher to a stream cipher.
The serious disadvantage of CTR mode is that it requires a synchronous counter at sender and receiver.
Loss of synchronization leads to incorrect recovery of plaintext.
However, CTR mode has almost all advantages of CFB mode. In addition, it does not propagate error of
transmission at all.
27. List and explain the properties of Hash functions.
Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is always of
fixed length.
Values returned by a hash function are called message digest or simply hash values. The following
picture illustrated hash function −
Features of Hash Functions

The typical features of hash functions are −
• Fixed Length Output (Hash Value)

o Hash function coverts data of arbitrary length to a fixed length. This process is often
referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence hash functions are
sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash function. Popular hash
functions generate values between 160 and 512 bits.
• Efficiency of Operation
o Generally for any hash function h with input x, computation of h(x) is a fast operation.
o Computationally hash functions are much faster than a symmetric encryption.
Properties of Hash Functions
In order to be an effective cryptographic tool, the hash function is desired to possess following
properties −
• Pre-Image Resistance
o This property means that it should be computationally hard to reverse a hash function.
o In other words, if a hash function h produced a hash value z, then it should be a difficult
process to find any input value x that hashes to z.
o This property protects against an attacker who only has a hash value and is trying to find
the input.
• Second Pre-Image Resistance
o This property means given an input and its hash, it should be hard to find a different
input with the same hash.
o In other words, if a hash function h for an input x produces hash value h(x), then it
should be difficult to find any other input value y such that h(y) = h(x).
o This property of hash function protects against an attacker who has an input value and
its hash, and wants to substitute different value as legitimate value in place of original
input value.
• Collision Resistance
o This property means it should be hard to find two different inputs of any length that
result in the same hash. This property is also referred to as collision free hash function.
o In other words, for a hash function h, it is hard to find any two different inputs x and y
such that h(x) = h(y).
o Since, hash function is compressing function with fixed hash length, it is impossible for a
hash function not to have collisions. This property of collision free only confirms that
these collisions should be hard to find.
o This property makes it very difficult for an attacker to find two input values with the
same hash.
o Also, if a hash function is collision-resistant then it is second pre-image resistant.
Design of Hashing Algorithms
At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of data to
create a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes are from 128 bits
to 512 bits. The following illustration demonstrates hash function −

Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes an input
of a fixed size, typically a combination of the most recent message block and the output of the last
round.
This process is repeated for as many rounds as are required to hash the entire message. Schematic of
hashing algorithm is depicted in the following illustration −
Since, the hash value of first message block becomes an input to the second hash operation, output of
which alters the result of the third operation, and so on. This effect, known as an avalanche effect of
hashing.
Avalanche effect results in substantially different hash values for two messages that differ by even a
single bit of data.
Understand the difference between hash function and algorithm correctly. The hash function generates
a hash code by operating on two blocks of fixed-length binary data.
Hashing algorithm is a process for using the hash function, specifying how the message will be broken up
and how the results from previous message blocks are chained together.
Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)
MD5 was most popular and widely used hash function for quite some years.
• The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted as
Internet Standard RFC 1321. It is a 128-bit hash function.
• MD5 digests have been widely used in the software world to provide assurance about integrity
of transferred file. For example, file servers often provide a pre-computed MD5 checksum for
the files, so that a user can compare the checksum of the downloaded file to it.
• In 2004, collisions were found in MD5. An analytical attack was reported to be successful only in
an hour by using computer cluster. This collision attack resulted in compromised MD5 and
hence it is no longer recommended for use.
Secure Hash Function (SHA)
Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from same
family, there are structurally different.
• The original version is SHA-0, a 160-bit hash function, was published by the National Institute of
Standards and Technology (NIST) in 1993. It had few weaknesses and did not become very
popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several
widely used applications and protocols including Secure Socket Layer (SSL) security.

• In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame
making long-term employability of SHA-1 doubtful.
• SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512
depending up on number of bits in their hash value. No successful attacks have yet been
reported on SHA-2 hash function.
• Though SHA-2 is a strong hash function. Though significantly different, its basic design is still
follows design of SHA-1. Hence, NIST called for new competitive hash function designs.
• In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers
many benefits, such as efficient performance and good resistance for attacks.
RIPEMD
The RIPEND is an acronym for RACE Integrity Primitives Evaluation Message Digest. This set of hash
functions was designed by open research community and generally known as a family of European hash
functions.
• The set includes RIPEND, RIPEMD-128, and RIPEMD-160. There also exist 256, and 320-bit
versions of this algorithm.
• Original RIPEMD (128 bit) is based upon the design principles used in MD4 and found to provide
questionable security. RIPEMD 128-bit version came as a quick fix replacement to overcome
vulnerabilities on the original RIPEMD.
• RIPEMD-160 is an improved version and the most widely used version in the family. The 256 and
320-bit versions reduce the chance of accidental collision, but do not have higher levels of
security as compared to RIPEMD-128 and RIPEMD-160 respectively.
Whirlpool
This is a 512-bit hash function.
• It is derived from the modified version of Advanced Encryption Standard (AES). One of the
designer was Vincent Rijmen, a co-creator of the AES.
• Three versions of Whirlpool have been released; namely WHIRLPOOL-0, WHIRLPOOL-T, and
WHIRLPOOL.
Applications of Hash Functions
There are two direct applications of hash function based on its cryptographic properties.
Password Storage
Hash functions provide protection to password storage.
• Instead of storing password in clear, mostly all logon processes store the hash values of
passwords in the file.
• The Password file consists of a table of pairs which are in the form (user id, h(P)).
• The process of logon is depicted in the following illustration −

• An intruder can only see the hashes of passwords, even if he accessed the password. He can
neither logon using hash nor can he derive the password from hash value since hash function
possesses the property of pre-image resistance.
Data Integrity Check
Data integrity check is a most common application of the hash functions. It is used to generate
the checksums on data files. This application provides assurance to the user about correctness of the
data.
The process is depicted in the following illustration −
The integrity check helps the user to detect any changes made to original file. It however, does
not provide any assurance about originality. The attacker, instead of modifying file data, can change the
entire file and compute all together new hash and send to the receiver. This integrity check application
is useful only if the user is sure about the originality of file.

CNS - 2019

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CNS - 2019

Uploaded by

Copyright:

Available Formats

Visit www.Bustudymate.

in For More Study Material

VI Sem B.C.A. – 2019

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Initial and Final Permutation:

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

• Upper sub-layer comprises of three SSL-related protocol components and an application

20. Explain Tunnel mode of IPSec

Follow Us on Instagram @Bustudymate

Section – C (15 - marks)

• A source produces a message in plaintext, X = [X1, X2, … XM].

Follow Us on Instagram @Bustudymate

22. a) Explain the 4 stages of AES algorithm.

• For 128-bit cipher key, 10 rounds

The encryption sub-processes in the above algorithm are −

Follow Us on Instagram @Bustudymate

o Shift_Rows − Transposition is performed wherein a certain number of cyclical shifting of

i) Byte Substitution (SubBytes)

Follow Us on Instagram @Bustudymate

• Add round key

Process of Playfair Cipher

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

24. a) Explain the working of Digital Signature with a neat diagram.

Follow Us on Instagram @Bustudymate

• Need for keys:

Follow Us on Instagram @Bustudymate

25. a) List and explain the four protocols of SSL.

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Operations of SSL Record Protocol are:

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

• certificate_expired: A certificate has expired.

Follow Us on Instagram @Bustudymate

Analysis of ECB Mode

Follow Us on Instagram @Bustudymate

Analysis of CBC Mode

Analysis of CFB Mode

Follow Us on Instagram @Bustudymate

Counter (CTR) Mode

Follow Us on Instagram @Bustudymate

Analysis of Counter Mode

Features of Hash Functions

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

Follow Us on Instagram @Bustudymate

You might also like