3 UNIT-1 Security Concepts, Cryptography Concepts and Techniques Interception i It affects the confidentiality of information where an ‘unauthorized person or program gets the access or control to some system resources. souRcE DESTINATION INTRUDER Figure: Interception Examples: Wiretapping of a network, illicit copying of files oF programs. Q4. Write short notes on viruses. Answer : Model Papers, a1) AA Virus is a software program that replicates itself and infects another computer without the knowledge of user. ‘The computer virus gets its pame from biological virus. For replicating itself, a virus needs to execute eode and should be ‘written to the memory. For this reason, many viruses attach, themselves o executable files that are part of authentic program. A virus propagates by transmitting itself across network ‘and bypassing security system. Viruses are otherwise said to be in dormant phase (idle) until certain events cause their code to ‘be executed. Virus also propagates from one system to another When it’s host is taken to an uninfected system. They are transmitted as attachments in e-mail message or in downloaded [Efi | Q5. Whatare the different types of viruses? ‘Some of the different types of viruses are as follows, Parasitic Virus {tis one of the most common types of virus. It attaches itself to executable files like .com and .exe in order to ‘propagate. When the program that is infected is executed, the cloned copy of parasitic virus is transmitted to other ‘executable files. Memory-resident Virus Resident viruses load themselves into the memory during the execution of infected program and transfer the control 1 the infected host program. In this case, virus infects every © program that is being executed on the system. Boot-sector Virus tis a type of virus that infects the master-boot record. Q6. Define non-repudiation. Answer: Dee.-47(R13), 218) Non-repudiation provides protection against the denial by one ofthe entities involved in communication. Thus, once ‘message is sen, the receiver assures that the message was se by an intended sender and upon reception, the sender assures that the message is received by the correct receiver Q7. What are the types of security attacks? May-46(R13), 2118) Answer : ‘Attacks on the security of a system or a network can be best described by analyzing the functionality of a computer system by providing the required information. The two different types of attacks that are possible are, 1 jive Attacks It refers to the process of monitoring or wiretapping of the ongoing transmission. Here, the goal of the opponent is to capture the transmitting information. Two possible types of passive attacks are, wo (ii) Traffic analysis. Release of message contents 2. Active Attacks In this type of attack, an attacker can alter the information ‘or sometimes generates fraudulent information into the network. ‘The four categories of the active attacks are as follows, @ ‘Masquerade Replay (ii) Modification (iy) _Denial of service. ea ae PE BG weet ee Q8. Discuss about Masquerade in brief. Answer ee 199R16. O10) This type of attack occurs when one entity counterfeits to be adifferent entity. usually includes the other types of sequence thereby allowing ‘aed eaiy wih limited privileges to get additonal pve by pretending to be an entity that has these benefits. ‘canna wth CamSconmerQ9. What are security mechanism? Explain, . | 7 Ma A01R10), ary) || a CRYPTOGRAPHY AND NETWORK SECURITY UUNTU-HYDERABAD, Anawer Jom of the specific necurity mechanisms are ay follows, 0 Enelpherment: Ic refers 10 the process of applying mathematical algorituns ir ‘converting data into & form that is ny fanilyaccenibe, This depends on te applied algorithm and the eneryption Keys, (0) Diglea gnature: ‘The appended data ora cryplographic transformation applied 0 any data unit must preserve the integrin, ‘ofthe dati and prevents it from nny unauthorized veces. (Uy Access Controls I refer 10 4 variety of techniques that are usually employed for enforcing access permissions to the sayatem resources. lv) Data Integrity: I refers toa variety of techniques that ensure the integrity of data (©) _Authentlation xchange: tis « mechanism of ensuring the identity of ether a sender ora receiver by exchanging information between them, (WD ‘Trafic Padding: The process of inserting bits info w data stream to thwart traffic analysis attempts. certain amount of data and immediately changes (vil) Routing Control: It selects a route that is assumed to safe for ransmi the route once a breach in security is detected, (vill Notartzation: Irefers tothe involvement of a rusted third party for assuring some specific properties ofa dota exchanee. G10, Explain the network security model, Answer: OctINow-1613), aa) Generally, the data which is in the form of a stream or a block can be transmitted over network between the two ‘communicating partes. The entity which is responsible fo transmitting the data is called a sender and the entity which receives the data (from the sender) is called a receiver, Both the parties must have certain level of coordination between them in order to exchange the data. Ifthe sender and receiver are linked through connection-oriented means then they must use a connection- ‘oriented protocol like TCP/IP for transmitting the data, During the process of data transmission, some unauthorized interruption ‘rom intruders occur which can be avoided by providing security to the transmitting data QA1. Define linear cryptanalysis. Anower + Dec-47(R13}, Otc) “Linear Cryptanalysis is a type of eryptanalytic attack invented by Mitsuru Matsui (1016, +015, 1017}. This attack uses ‘approximations to describe the action of a block cipher. This means that if XOR is done on some of the plain text bits together and then XOR the result le bit is generated that is the XOR of some of the (Model Papers, 21(0) | Oct/Nov.-A6{R13), Q1(b)) er of plaintext is replaced with some other element. In transposition, the letters are jumbled ib hefcred a sich way that no information ia lot Pete i the traffic padding keeps on generating output as ci x Petectheementakuccae sc. if plaintext is not provided, then data is encrypted and it ate transmitted randomly. As a result ‘rue data flow and padding, which eventually leads to the failure oda book is #/CRIMINAL ect. Anyone found guity fs LIABLE ts fate LEGAL proce ‘Scand wth CamScomernt ty Concepts, Cryptog 5 a Concepts, Cryptography Concepts and Techniques ve earay Concepts and Techniques 9 grt. Explain the caesar cipher. oP ‘ape 10(815), 40) Caesar cipher isthe oldest of all substitution ciphers which eplac er of the plaintext with an alphabet i.e. thre ploces ahead ofthat alphaber. itution ciphers which replaces each letter of the plainte, pxample Plaintext: Hi, this is Rui Ciphertext: KL, WKLV LV UXKL The replacement done in the above example uses the following, Plaintext Alphabet See Uieey ad, ie ap Ciphertext Alphabet Der GH 1 Plaintext Alphabet Ried o” pb Ciphertext Alphabet ee. Sie 6 Gen ave + wo oe yw git hae BoC. Ifthe alphabets are assigned with numbers i.¢., a= 0,5 = 1,c= (@) If the substitution is such that each letter of the alphabet is replaced by a letter i.e., three places ahead of it, then the substitution algorithm for each letter P in the plaintext substitutes letter C as the cipher letter as follows. ~ C=E@) =(P +3) Mod 26) Gi) __ Ifthe substitution is such that each letter is replaced by a letter that is K places ahead of it, then, C=E) =(P + K) Mod (26) ‘Where, K can be any value from 0 to 25. A decryption algorithm for Caesar cipher is, m P=D() = (CK) Mod (26) Q15. Compare substitution ciphers with transposition ciphers. Substitution Cipher | Substitution cipher substitutes or replaces the contents of the plaintext by other letters, numbers or symbols, Each letter takes its actual identity by varying its position. 4. | Example of transposition cipher is Rail Fence cipher. May-19(R16), (0) Bec.-17(R13), 21>) ‘canna wth CamScomor7 (Bier secuty concepts. crmcoragy Concepeant ectrigns ako depends upon the oy ) © @ © oO ‘Apart from th 1A triad concepts, computer secutity following additional concepts. Authenticity This concept ensu trusted parties. It requires, user verification to know their identity and the information that they provide about themselves is valid, ‘genuine and intact. Accountability This that the user ing |W ensures that all the security branches are responsible party to ensure that the system becomes reliable of Service Threats threats refuse the provided services of th cients, destroy the user threads that request for a service, load the machine with fake requests, overload the memory and cause the machine vulnerable to DNS attacks. Consequences Denial of services to the users over web results in the irritation and discontinuation of the normal execution, {thereby preventing the users in accomplishing thei jobs on time, Counter Measures It is-very difficult to avoid denial of service threats and their exist no standard measute, IP Spoofing JP spoofing is an attack where the identity of the source is forged in order to gain unauthorized access to a sys- tem. ‘The message which is sent appears to be as if itis Sent from a trusted entity, thereby fooling the receiver {0 accept junk or malicious data, Packet Sniffing Packet sniffing is a process in which an unauthorized person/hacker reads the sensitive information for illegitimate purposes. To avoid this, IAB has made it mandatory to include secutity services such as authentication and eneryption in every IP packet ‘generation (i.e, IPV6 as well as IPv4). Eavesdropping ‘When two sources are being communicated and some “unwanted messages are passed from the other sources _then this mechanism is referred to as eavesdropping. “Internetwork security is both fascinating and . Justify the statement. + Stalement “Intemetwork security is both fascinating <” because of the following reasons, a 8 10, os is 1d fon achieving, miter , ee ‘s Howtvet the mechanistas theowgh es ‘ope its can be achieved are difficult to undierst Assecurity mechanism has tobe developed in sacha wa that it covers and provides secuity fom all potental security atacks. Alo, approaching the problers i entirely different way may help in identifying problems in the mechanism a result of the above reason, the mechanisms theowgh Ce tehatn sirvioas rt ferba Goce opel description, Te ned for such procedures arises mltipke aspects of threats are considered that can strengthen the security mechanisms. When are not considered, is not needed because of the complexities. Once all such security mechanisms are developed. 2 decision has to be made regarding their usage. For example, deciding which poimts in networks require security mechanism. This decision includes both pirysical as well as logical deployment of the mechanism. ‘The mechanisms that are thus developed mostly contain multiple algorithms (or) protocols. They also need Participating entities to hold some critical information (uch as creation, distribution and protection) regarding the key used for encryption. As a result of this inclusion of protocols and critical information, the process of ‘mechanism development gets complicated. ‘There is always a constant baitle between the attacker and the developer. The attacker tries to violate the security where as the developer tries to protect it, In such 2 scenario, the attacker has an edge over the developer as ‘single loop hole can lead to breach the security. But for the developer it is necessary to identify and overcome all such loop holes so as to provide perfect security. The users a8 well as the system administrator get benefitted by the security investment. They enjoy the benefits until failure occurs. Security ‘needs frequent counselling in order to stay up-to-date with today's changing trends. However, i is difficult to do.so keeping in mind the short term and ‘environments of today. SES RATS | ‘canna wth CamSconmor| yNIT-1. Security Concepts, c; | certain points that should be assured: jnclude the following, (0) Thepolicy should be explained tothe employees, ji) Each and every concerned person's ares tony = erson’s responsibilities (ii) Simple language should be used while communicating (iv) _ Organization should be accountable forthe esablis ome forthe establishment (0) Plans should be made for the exceptions and review an ceptions and reviewed G21. Describe the various principles of security, Model Papers aa) OR Write about integrity and Non-repudiation Security Services. : (Refer Only Topics: Integrity, Non-repudiation) Answer : NoviDec.20(R16), (8) Security Services the security of a data processing system and the information flow within an organization, They are meant to tackle security attacks by employing one or more security mechanisms. (3. being ‘releasing message contents, higher levels of protection can be Provided. All the data which is transmitting between the two i some specific period of ime can be protected incase ttroader forms this sevice, For example, incase of virtual _ Connection between the two systems, any user data is prevented sprlied ina narrower form which protects ingle message. some fields within the message. ef, this approach is : Pectations of emplo imterms of 8 working syle und belie eo Afier the implementation of security policies, there are by the organization which A security service is a service that is used to enhance ‘The available security services are as follows, 1. Confidentiality 2. Authentication 3. Non-repudiation 4. Integrity 5 6, Access control. Confidentiality 71. determines tee Se aGd4Y 0 ‘Confidentiality refers to the process of protecting the dat, transmitted from all types of passive-attacks, In case of release over the virtual ¢ircuit. Confidentiality can also a ryptography Concepts and Techniques igo” Cltarstaesnes =p chong 0 UE tHe mntication s@ the MKEhaNIEN) 40 iC 2 nates Ws oe teak Ideals wth te process of assuring thatthe com is authentic, In case of a single message transmission, its function isto ensure the recipiemt that the message from the ‘intended source. For an ongoing interaction such asthe termina 0 exives are involved: i loner Some tty Ce Roney osing eseanam < Ana feMoor (© Initally af the time of connection establishment, the ‘authentication service must ensure the authenticity of ‘two communicating parties involved, (i) The authentication service must assure that the conneet two hosts is not interrupted by ‘ny third party which is pretending to be as one of the ‘wo authorized hosts. ‘Types of Authentication ‘There are two types of authentication services. They are, (Peer entity authentication (ii) Data origin authentication. (Peer Entity Authentic: (This type of authentication is used to verify the s Of the peer entities involved in communication) It is also used for providing authentication at the time of connection establishment and during the process of data ‘transmission, (ii) Data Origin Authentication Aika used for chowiiy tie aithonticity ofthe source data without providing protection against the alterations or replications of the data units) It is primarily used for the applications that do not fequire prior interactions between the two communicating parties (such as electronic mail). 3. Non-repudiation Meathanismo-that Prevents h¢ dengnt o& MKALE ConkENE gark thxOO}h ce nck ‘Non-repudiation provides protection against the denial — +8. by one of the entities involved in communication, Thus, once at do ‘message is sent, the receiver assures that the message was sent {6° by an intended sender and upon reception, the sender assures Sen de that the message is received by the Correct receiver. 49 Vel ukee tt Yeceive 4. Integrity (Integrity can be applied to a single message within stream or to an entire stream, It can also be applied t0 some ‘specific fields within a message. Two types of integrity services are available, . (@ Connection-oriented integrity service Gi) Connection less integrity service. Aconnection-oniented integrity service is concemed with ‘the message streams. It ensures thatthe messages are reveived in ‘complex and expensive to implement. Another feature of | SPECTRUM ALLIN-ONE JOURNAL FOR ENGINEERING STUDENTS the order in which they are sent with no alterations, insertions, deletions, duplications, reordering or replays. It also deals with ‘the destruction of data. Hence, it attends to both message-strean ‘modification and denial of service. ‘canna wth CamSconmer2 (CRYPTOGRAPHY AND NETWORK SECURITY UINTU-HYDER ABAD, A-comnacbion Bese aaBRGINY serve kl aly the Amada messages Wergpectie af aay comtert thereby -pesuning peourveie agunse BE NEE ACTIN CN Am innegeity service can be apptied with or without EMRE As Bese Services gee elated active ateeks the cmRAOE CuMKURD IS BO detect ews rashes thas preventing Bet Be imaageky ws Veanad and detected thee abe server wet “Stmiy Nes Rs Wiokation and Sind out the ways oF ROVERS Bem R, SX _ Avaitabitiey The avaitabitity cam be significantly affected by a Namen of attacks which ane susmepiihie & authentication, cootraiting the axcess to the bust systems and applications ‘eos Larios commenncubon beaks For achieving this aves The confidentially of the data is very: important if the pediication material belongs to a private corporation. ‘This is because, ittoatains critical data associated with the ceganization and is exsential to be used within the ‘organization. For this reason, confidentiality is most important requirement, ‘The integrity of the data is very important ifthe publi- ‘cation is related to laws, rules and regulations. This is because, different organizations follow different laws, rks and regulations where the decided anes are stored and published. For this reason, integrity is most impor- (Refer Only Topic: Caseguries of Attacks) Answer : Categories of Security Services For answer refer Unitd, Q21. Categories of Attacks Attacks on the security of a system or 3 network car sxace | oesmanox Figare (1: Worms! tnformation Flow ‘Theoretical Concepts a ‘The four general categories of attacks are as follows 1. InterruptionDESTINATION SOURCE it IrmueR Figure (4): Modification Examples Modifying the values in a datafile or 1 4 data file or the mess contents, making alterations in a program so tha behaves in a different manner, 4 Fabrication ‘This is an attack on the authenticity of a message in which an unauthorized party adds fake objects into the system. [[sornce —t DESTINATION. INTRUDER Figure (5): Fabrication Examples ‘Adding fraudulent messages into the network, inserting additional records to a file. mmemmneercne see tie So GA. Explain in detail about different types of programs that attack computer systems. | Anower = | Some of different types of programs that attack computer _ systems ate as follows, @ Virus For answer refer Unit-l, Q25. Worms Worms are the software programs 1 themselves and transmit the cloned copy to other computers sing network. They are reproducing programs that execute ‘and travel across network connection. These | viruses but the only difference Worms are similar 10 ityelf to existing program. The for a woren is that, itrequires a program code 10 be |" Pinal virus has same behaviour as that of compvicr Worms but, the former requires human to perform the actions whereas the later independently searches for the system 10 ‘perform its actions. Network worm can exhibit similar property {8 computer virus, once it has been activated to perform destructive action, These worms propagate over network connection using network vehicles 4s follows, (0) E-mail Facility Worm sends a mail con systems. (b) Remote Host Execution Ability Worm independently runs a copy of itself on other system. (Remote Login Ability ‘Worm logins on a remote system by pretending as an authentic user and replicates itself using commands. Network yworms have the same life-cycle phases as that fof computer virus. They are as follows, 1, Dormant phase 2, Propagation phase 3. Triggering phase 4. Execution phase Network worm is capable of determining if the system was previously infected before replicating itself. Ina ‘multiprogramming environment, network worm hides itselfand pretend as a system processor by using other names that are not detected by users. ‘A system can be prevented from worm attacks by receiving regular updates about the patches and upgrades regarding bperating system and for other applications. The other ‘way to protect a system from worms is to reduce the services and applications executing on the system. it) ‘Trojan Horse ‘A trojan horse can be defined as a computer program containing hidden code which results i harmful funetioning after execution, These programs allow users to access information for which they are not authorized. These programs ccan be modified when compared to other possible software programs. Trojan horses allow the attackers to access functions indirectly. Most of the trojan horse infections occur because the authentic user is trapped to-exceute an infected malicious program. The important feature of trojan horse 1s that it has all capabilities and permissions of an authorized user Trojan horse can either be malicious or non-malicious program. The following are some of the damages caused by trojan horse: (Deleting ox evecwriting date.co the coupon. )Corrupting files in mysterious way. (Gil). Deactivating antivis software program. (iv) Randomly shutting down the system. ‘The best way to detect trojan horse is to identity the excetabl es tha re changed by comparing CRC values of all executable files in the system. taining its cloned copy to othet ‘canna wth CamSconmorAVirus isa software program that creates duplicate copy ‘of itself and infects another computer without the knowledge of user, In order to duplicate itself Virus‘ must execute code and ‘write it into the memory. They are usually transmitted along an ‘email message ora dowaloaded file. Nature of Viruses A vitus contains malicious/harmful code that causes ‘damage t0 the system by eliminating important programs, deleting necessary files or by reformatting the hard disk. Some of the viruses are designed only to create duplicate copy of themselves but not to cause any damage, Viruses are classified into two types. They are, (i) Non-resident virus ii) Resident virus. () Non-resident Virus ‘This type of virus searches for other uninfected host ‘Programs and infects them. Later, it transfers the control 10 infected application program. (il) Resident Virus ‘These viruses load themselves into the memory during ‘execution and transfers control to the host program, Life Cycle of Virus A virus undergoes the following phases during its 1. Dormant phase 2. Propagation phase 3. Triggering phase 4. Execution phase. 1. Dormant Phase A virus is said to be in dormant phase until events such as date, presence of other file etc, allow the program code to be executed. ei a Propagation Phase In this phase, virus creates a duplicate copy of itself 1. Boot Sector Virus 2. File Virus 3. Macro Virus _and attaches to other programs, Each infected program copy of virus which itself enters the cloning ram, | Phase, virus activation takes place in order to action, © © Viruses are classified into the following types, 1, Boot sector virus File virus Macro virus Encrypted vines Stealth virus It is a type of virus which damages the maste:-bost record. It propagates while booting the system fon infected disk. It is type of virus that damages only those files which are assumed to be executable by the operating sjsiem Macro virus is one of the common types of virus. These Viruses cause much damage to system's data. They have become a threat because of the following reasons, (Macro virus damages Microsoft Word spplicatioes by inserting unnecessary words or phrases. Dut to this, all hardware and operating system which supports the word document also get affected. Gi) Macro virus damages only documents, and large parts of system information which is in the document form instead of program code | (ii) Macro virus can be transmitted without any difficulty. 4. Encrypted Virus | {tis a type of virus which infects in the following way Initially, a random encryption key is produced by seme part of the virus. Then, encryption is performed on the remaining part of virus. The encrypted key is stored along With the virus and using this key, the virus is decrypted. 5S. Stealth Virus ‘This virus is designed in such a way that it hides its! from being identified by any antivirus software prog Polymorphic Virus Itis a virus that changes with each infection. It creates duplicate copy of itself where every copy of vrs! Performs same action. Here, every individual vires o ‘be a different entity. It usually includes the other | majority of attacks made by virus. As itis very difficult sp & iypes of active attack. Consider an example, where the | virus, different approaches are used W reduce Virus three ea authentication sequences can be seized and replayedafter | They are, & the occurrence of a valid authentication sequence thereby View. Gi) Virus identification approach iii) Virus removal approach. @ Virus Detection Approach ‘When a program is infected, analysis is ome to dex: and find the location ofthe virus. E bof : Gi) Virus Identification Approach Bs Replay When a virus is detected, this approach identities | ‘refers tothe process of passively capturing a particular the actual type of virus, which is the main reason fee eo) (data unit along with its succeeding retransmission infection, convine metered oS. © | Gi) Virus Removal Approach a Wht thon ana aati all instances of the virus and restores the wife! ys [rogram to its actual state. Then. viruses frows ah oe systems are detected to halt virus propagation If detection approach is performed wccesfull) if idemtfication and removal appeoash failed to aden) an! ‘Temove virus from infected program. then the only pete way is to delete the infected program completely and reweeeel ‘a clean backup version of same peogram act viruses were just a simple program code tha easily detected and removed using simple antivirus ote ‘canna wth CamScomer| First generation software Sccond generation software Third generation software 4. Fourth generation software First Generation Software fave same structure and bit pattern. The disadvantane of Thc other first generation scanners save the information shone m length and examine it regularly. This is done in onder incheck whether any modifications are made tothe pros Aength or not. i 2. Second Generation Software This type of sofware is not signature dependent, Instead, the seanners use heuristic rules for détecting possible sins infection. The other approach used in second generation camers is integrity checking which is done using checksum deletion technique. 1. Third Generation Software ‘These programs identify virus hased on their action but tot on their structures, * 4. Fourth Generation Software They are software packages that contain different types ofantivitus methods. These methods are used in conjunction ing activity trap element, access of specific The following are the different types of specific attacks. (i) Spoofing (i) Phishing (Git) Pharming. (Spoofing Spoofing refers to the misrepresentation of one’s identity for fraudulent purpose. Hackers atack individuals or ‘onganizations using fake e-mail addresses or domain names that resemble very closely to the actual e-mail addresses of domain imines For example, jhe bogs domain naric of icici.com (ind) istegistered for a legitimate site, icici.com. The bogus site copies the legitimate site's text and graphics to resemble the legal site. ‘Next, it sends attractive messages inducing users to give their Personal information. The innocent tarvets that assume the age to be from the IP address of a trusted system reveal information. Thus, with such unauthorized access, gain valuable information of individuals or corporate like credit card information and business secrets. 15 (i) Phishing Jshing pronounced as fishing refers to a process in ich victms sferanatack wher they areedirete 0 se ‘ther website the morent they click on the link, Such inks are fake and victims generally come across them while browsing imtemet or through a sent e-mail inthe mailbox Some ofthe websites by which users gt attracted areas follows, ‘ 7 im your lucky draw by clicking on the link below, “Security breach’, itis to hereby inform that due to some security reasons customers are requested to provide their account details by clicking on the link below, wow banking.com ‘As shown in the above examples, the moment one clicks ‘on the above websites, they are redirected 10 some fake website Which resembles with the original bank website Phishing attacks are usually executed by using URL's similar tothe original websites URL's. Therefore, when the user enter its crucial information onthe fake website then the attacker Bains access to the users sensitive information and misuses it. ‘Types of Phishing (2) Spear-phishing emails (b) Web forgery © (© Avalanche phishing. (a) Spear-phishing Emails a highly recognized phishing technique, where the emails copy the messages from authoritative source which could be financial institution, 4 communications company or any famous entity associated with a reputed brand. Basically, all the phishing techniques are exhibited in social engineering. URL/Link manipulation filter evasion i.e. images are used o hide malicious links and website forgery Web Forgery Web forgery is also a kind of phishing where in an identity theft occurs when a malicious website pretends lobe legitimate one, soas to acquire secret information. ‘Avalanche Phishit The Avalanche phishing is @ criminal act which is considered as the most sophisticated and damaging ‘cross the internet. It is productive in mass-production system while setting up phishing sites and malware development particularly for automating identity theft. 11 also encourages unauthorized transactions from ‘consumer bank accounts. It is solely Yesponsible for increase in phishing attacks across the internet reported by Anti-phishing working Group (APWG). Pharming tis another important phishing technique where in DNS. tables are contaminated such that victim’s address (frww.paypal. com) points to some phishing site. So, each time the user clicks ‘the site, it navigates him to the phishing site. However, if the user performs URL checking, it prevents DNS mapping. (b) © (iii) ‘canna wth CamSconmor16 (CRYPTOGRAPHY AND NETWORK SECURITY [UNTU-HYDERABAD) ee 032, Describe man-in-the-rniddie attack and compare 5, Security Services, Security Mechanisn, with ARP attack, on Discuss the “man-in-the-middie” attack. (Refer Only Tope: Man-in-the- Middle (BIT) Attacks) Anewer ‘herb sHH98), Mb) Man-in-the-Middle (MITM) Attacks MITM are the most effective types of attacks often used ‘long with the encrypted protocol hijacking and S8H11 and SSI. connection types, ‘Consider an example of user trying to establish a ‘connection 1 an SSL cnabled site, Here, the key is iterchanged with the 861. server and its certificate is compared with the ‘cenificate stored in the web browsers trusted root cetification authority store. If the desired certificate is found in the certification authority store with no liritations on restrictions, then no warning, message appears on the client side. However, ‘session key is provided for encrypting the communication ‘that is taking place between the SS1_-enabled site and the client system, Initially, at the time of MITM attack, the client is not really connected tothe SSI. site. Rather, a hijacker provides fake ‘credential and replies using the clients information to the SSI. site Hence, the hijacker establishes a connection with the SSL. ‘servers a representative of the client system and displays all ‘the information transmitted in either of the two directions ayain, ‘with this, hijacker can choowe any portion of the information For accessing, Conparoon with ARY Attack eZ. ARP attack is a type of MITM attack. These attacks _ telers to the attacks performed on the ongoing packets acrons the machine. The objective of these type of anacks isto alter tables on the target machine, The main function of the sto control the MAC-address to IP-address mapping machine. Hence, ARP is dynamic protocol toasnign the MAC addresses to the newly added 1s network. Its also used to obtain the new MAC existing machines as result of which all the Her Nowe 996), ie bk CANAL nt. A nd uty ABLE otc LEGAL proces 1 223, Write a short notes on throats, Answer + “Threats ‘A threat refers to the capability of violating the secu upom the oceurtence of an event, action oF a circumstance affects the network security and causes damage to it. In shen a threat isan expected danger that may attain vulnerayliy possible threats to network seeutity are as follows, () Insecure Network Architecture A network which is not configured in s proper mance; becomes an easier entry point for intruders. Keeping 44 trust-based local network open to an insecy internet ultimately causes someone to make use 0 opportunity to enter the network in an unauthorized 3, Broadcast Networks Many system administrators fail to analyze the significance of networking hardware in providing the feature of security. The hardware devices such 2 hubs and routers are dependent on the broadcast cr non-switched principles. This means, once the data is transmitted to a recipient over a network, the connecting device ie., a hub or a router broadcasts the data packets {il the reception of a node remains the receiver. Apan from this, it causes a vulnerable effect on the Address Resolution Protocol (ARP) and Media Access Control (MAC) addressing. Centralized Servers ‘The use of centralized computing is another threat 1» network security. This can be reduced by integrating ali the Services into a single server rather than distributing or multiple server configurations. This reduces the overall ost and makes the task of network management easier ‘But the problem with this approach is that, it leads 1 network failure, if some malfunctioning occurs in the Centralized server. In such situations, central server acts 48 an entry point for the unauthorized users to enter and disrupt its functioning. No Firewall ‘The most common error often made by the administraios ‘and home-sers is their assumption about the networt ‘security and hence they relinquishes the implementa of a firewall or network packet filtering service. The firewall installation in a stand-alone or 2 gatc*s) is important for segmenting internal and external Aetwork. It also helps in making the task of finding te network's extemal IP address for the crackers, e3sic- Hence, an intruder enters into the network and acts ® 4 proxy. This problem can be prevented by employ9¢ firewalls that perform the task of packet filtering. pot forwarding and network address translation. Imprope firewall implementation makes the network complete? ‘vulnerable. wi (iy ivy ‘Scand wth CamScomor19 UNIT-7_Securty Concepts, Cryptography Concepts and Techniques 38. Give the relationship between security services and security mechanism, answer: Security Services Peerentity | Data Origin | Access | Confide- Availability Authentication | Authentication ntiaity Yes ‘Yes No Yes Yes No No No No Security Attacks Moditie Denial of of Message | Service Wo | Masquerade | Replay 1.1.6 A Model for Network Security 'Q38. Describe the model for network security with neat sketch, OR ~ Give a model for Network Security with neat diagram, C oR . Bee.-01R16), 2/6) May-174R3), 20) Explain the model of network security. Answer : Network Security Model Generally, the data which is in the form of a stream or (Model Papers, Q3(a) | May-16(R13), 03(a)) a block can be transmitted over network between the two or gauicsting partes. The entity which i responsible for transmitting the data is called sender and the entity which resiven the data (from the sender) is called a receiver. ust have certain level of coordination between them in order W exchange the data. 1 the sender and receiver are linked through connection-oriented means then they must wse » connection- Fated protocol like TCP/IP for transmitting the data, During the process of data transmission, some onauthoried interruption | fiom intruders occur which can be avoided by providing sec to the transmitting data. The model for the network security is _ shown below, ‘canna wth CamScomoreee ee 1 Security C 21 Nit WY Concepts, Cryptography Concepts 1nd Techniques o Service Threats ‘These threats produce various fa 4 ae em services seth nous faults pertaining to services and prevent the legitimate users to utilize the 5! The security mechanisms for preventin Placing a gatekeeper function wh, includes a password-based login method that provides access to only authorized users Pere esos Wome emer at ese Ere 1f unauthorized access is divided into two categories. They are as follows, An internal control which ™MOnitors the inter of unauthorized users or i are system activities, intruders, if any. lyzes the stored information and detects the presence Human (ex: hacker) Opponent 1 Software [ex: virus, worm) 1 Gatceper 1 Information System © Computing Resouces (Processor, Memory, LO) © Data © Processes © Sofware Information Security Controls Figure: Network Access Security Model 1.2. CRYPTOGRAPHY CONCEPTS AND TECHNIQUES Q40. Differentiate linear and differential Crypto-analysis. _ Answer : j Oct Nov.-16(R13), Gaia) Linear Cryptanalysis Linear Cryptanalysis is a type of eryptanalytic attack invented bs linear approximations to describe the action of a block cipher. This means that if XOR is done on seme ot dhe plain text bits pests, XOR some cipher text bits together and then XOR the result single bit is generated that is the XOR uf some of the ey bits. This is a linear approximation and will hold some probability P. ¥y Mitsuru Matsui (1016, +015, 1017]. This attack uses _ Working of Linear Approximation in Case of DES A cipher with n-bit plain text und cipher text blocks and an M-bits key, PED), PLZ]... Plat) the cipher text block be labelled as Cll}, Cl2}, C[3}-..Cln} and the key (1, K{2), k(3)...k[n} then the equation is defined as, Ali, kK] = Ali] ® AG] ®....@ Afk) ‘The objective of linear cryptanalysis is to find an effective linear equation of the form {et the plain text block be labelled as, ‘canna wth CamScomerI CRYPTOGRAPHY AND NETWORK SECURITY [JNTU-HYDERABap) 22 Ss a ‘The pairs of input to the function f(m, &) possess, 1d Play, yO, 8] CIB, By BI =K LY { where X=0, or 1 Isa, bsn, Isesm and a, B, 7 terms represent fixed, unique bit concerns that hold with probabilities P+ 0.5. ‘The equation becomes more effective ifthe value of P is more than 0.5. Upon determination of a proposed relation, results are to be computed for multiple plaintext-ciphertext pairs. If this result is 0 for half of the time then k[r,.f,. 1] =0 is assumed. Else if the result is 1 for most of the time then k{r, ty. f= 1 is assumed. This assumption entails a linear equation of the key bits. In the similar way, multiple relations are built through which linear equations will be deduced. Hence, all such equations are to be computed for solving the key bits. Differential Cryptanalysis 11990, Eli Biham and Adi Shamir introduced differential + cryptanalysis. It looks specifically at cipher text pairs. Using differentia cryptanalysis, Biham and Shamir found chosen-plain ) text attack against DES that was more efficient than brute force. It analyzes cipher text pair difference as the plain text ‘propagates through various rounds of DES when they are encrypted with the same key. Here, pairs of plain text are selected with a fixed difference. The two plain texts can be chosen at random, as long as they satisfy particular difference conditions. The cryptanalyst does not have to know their values. For DES, the term “difference” is defined by using XOR. DES Notation ____ Consider a block m consisting of plain text and is divided into equal halves m, and m,. A DES round maps the right-hand input into the left hand output anid the resultant output generated at right-hand is set as a function of the left hand input along with sub key for that round. As a result, only one new 32-bit block is created. If new block m, (2