CSB 451: Network Security and Cryptography

LAB ASSIGNMENT 1

Submitted By:

Name: Soumay Agrawal

Roll No: 201210047
Semester: Eight
Branch: CSE

Submitted To: Dr. Karan Verma Sir

NATIONAL INSTITUTE OF TECHNOLOGY DELHI

Department of Computer Science and Engineering

Q1. What is the OSI security architecture?

Sol.The OSI model (Open Systems Interconnect) is a design concept that breaks dow
n the functioning of communication or communications into seven layers of abstracti
on. The OSI model is often used to understand and design network structures. Althou
gh the OSI model itself does not directly specify security measures, security consider
ations can be implemented at various layers. When security is discussed in the conte
xt of the OSI model, it is often referred to as OSI security architecture, or OSI security
for short.

The seven layers of the OSI model (lowest to highest):

1. Physical layer
2. Data link layer
3. Network layer
4. Transport layer
5. Session layer
6. Presentation layer
7. Application layer

Resolve security issues at different layers of the network and use the OSI model and
various security protocols and processes to protect communications and data integrit
y. Below is a brief description of the security of each layer generally discussed:

PhysicalLayer: The security measures of this system include protecting physical syste
ms (such as cabling and network equipment) from unauthorized use or tampering.

Data link layer: Security mechanisms such as MAC (Media Access Control) address filt
ering are used to control data link access to the network.

Network layer: this layer includes routing and addressing. Network layer security incl
udes measures such as firewalls and routers with access control lists (ACLs) to control
traffic.

TransportLayer: The security of this system includes ensuring the integrity and confid
entiality of information during transmission. Protocols such as SSL/TLS operate at the
transport layer to provide secure communications.

Session layer: The session layer is not particularly secure but can use encryption met
hods provided by higher layers to establish a secure session.

Presentation layer: Encryption and data format conversion (such as encryption/

decryption, compression/decompression) are often used by this layer to increase sec
urity.
Application layer: Application layer security measures include authentication, authori
zation, and encryption. Protocols such as HTTPS and SSH run on this protocol to secur
e applications such as web browsing and remote access.

Although the OSI standard provides meaning, it should be noted that the process and
technology will not exactly follow the process of the standard. Additionally, today's n
etwork security discussion often includes other standards, such as the TCP/IP standar
d, and focuses on specific security issues such as authentication, access, and access a
ccess.

Q2. Define the type of security attack and explain in each of following cases:

A. John gives a cheque of $14 to the shopkeeper to buy a book. Later he finds that
the cheque was cashed for $140.
B. A person sends hundreds of e-mails every day to another person using a phony
return e-mail address.

Sol:

A. Security Type: Investigation of Fraud (Tampering / Tampering)

Description:
In the incident, John gave the store owner a check for $14 to purchase a book. What
occurs here is the detection of fraud through security attack, intervention or
modification. After John issues the check, someone (who may be the store owner or
a third party) maliciously changes the amount on the check. The check was
fraudulently changed to $140 instead of the original $14. These attacks involve illegal
transfers into financial instruments for the purpose of committing fraud and
obtaining additional funds.

B. Security Attack Type: Email Spoofing (Phishing)

Description:
In this scenario, a person uses a fake email address to send messages to other
people every day. People send hundreds of emails. . The security attack described
here is email spoofing and specifically falls into the general category of phishing.

Email spoofing involves spoofing the sender's address in an email so that it appears
to come from a trusted source. Phishing is a type of social networking attack where
attackers typically attempt to trick recipients into revealing sensitive information,
such as access to credentials or financial details. By using the false email address,
attackers aim to trick the recipient into thinking the email is legitimate; This can lead
to various crimes such as spreading malware, hacking papers, or initiating financial
fraud.

Q3. Draw a matrix that shows the relationship between security services and
security mechanisms.

Sol. The relationship between security services and security systems can be
represented by a matrix. Security services represent the higher goals or objectives of
security, and security systems are the specific tools, processes or technologies used
to implement this service. Here is a simple matrix:

Explanation:

Authentication: Verifying the identity of a user or system.

Access Control: Regulating access to resources or services.
Data Encryption: Protecting data by converting it into a secure format.
Digital Signatures: Ensuring the integrity and authenticity of digital messages or
documents.
Hash Functions: Generating fixed-size hash values for data integrity verification.
Redundancy, Fault Tolerance: Ensuring system availability by redundancy and fault-
tolerant measures.
The matrix shows which security mechanisms are commonly associated with specific
security services. For example, access control is closely related to authentication, and
encryption is associated with data protection and confidentiality. Keep in mind that
this is a simplified representation, and in practice, multiple security mechanisms may
be used to achieve a single security service, and vice versa.

Q4. Briefly define the fundamental security design principles

Sol. Fundamental security design principles provide guidance for creating secure
systems and networks. These principles help create a safe and effective environment.
Some important aspects of security design are:

Least Privilege:

Users and systems should be allowed the minimum access or authorization necessary
to perform their tasks. This principle limits damages in the event of a security breach
by minimizing unauthorized access.

Defense in depth:

Security needs to be implemented with multiple defenses at different levels. If one

system is breached, there are other systems that can prevent or mitigate further
breaches. This approach makes it difficult for attackers to exploit vulnerabilities.

Failsafe default:

The system must be failsafe by default. If security controls are not working or
misconfigured, the system needs to be reset to the most secure state rather than
exposing vulnerabilities.

Economy of mechanism:

Make the security mechanism as simple as possible. Systems with fewer components
are easier to understand, analyze and manage. Complexity often creates
vulnerabilities, so simplicity increases security.
Completing the Discussion:

Permissions should be checked for all access to resources. This ensures that
unauthorized access attempts are always denied and ignored.

Open Design:

The security of the system should not depend on the confidentiality of its design. The
design should be open to review by the security community. This principle promotes
transparency and helps identify and resolve potential problems through public
scrutiny.

Separation of Responsibilities:

Key tasks or processes should be divided between different people or processes to

prevent one from failing or affecting impact Separation of responsibilities helps
reduce the risk of illegal activity or crime.

Minimal mechanisms:

Sharing mechanisms between different users or applications should be minimized.

This reduces the likelihood of a security breach affecting many organizations.

Least surprising:

Security and behavior should be no surprise to users or administrators. The system

must operate in a predictable manner to prevent frustration and illegal activity.
Partition:

Divide the system into parts or sections and restrict the flow of data between them.
This principle helps to overcome the security situation by isolating different parts of
the body.

Using these principles helps develop robust and secure systems, communications
and applications. Remember that security is a constantly evolving process and the
application of these principles must be adapted to the environment and technology.

Q5. The following cipher-text was generated using a simple substitution

algorithm.
hzsrnqc klyy wqc flo mflwf ol zqdn nsoznj wskn lj xzsrbjnf, wzsxz gqv zqhhnf ol
ozn qlco zlfnco hnlhrn; nsoznj jnrqosdnc lj fnqj kjsnfbc,wzsxz sc xnjoqsfrv gljn
efeceqr.zn rsdnb qrlfn sf zsc zlecn sf cqdsrrn jlw,wzsoznj flfn hnfnojqonb. q
csfyrn blgncosx cekksxnb ol cnjdn zsg.zn pjnqmkqconb qfb bsfnb qo ozn
xrep,qo zlejc gqozngqosxqrrv ksanb,sf ozn cqgn jllg,qo ozn cqgn oqprn,fndnj
oqmsfy zsc gnqrc wsoz loznj gngpnjc,gexz rncc pjsfysfy q yenco wsoz zsg; qfb
wnfo zlgn qo naqxorv gsbfsyzo,lfrv ol jnosjn qo lfxn ol pnb.zn fndnj ecnb ozn
xlcv xzqgpnjc wzsxz ozn jnkljg hjldsbnc klj soc kqdlejnb gngpnjc.zn hqccnb onf
zlejc leo lk ozn ownfov-klej sf cqdsrrn jlw,nsoznj sf crnnhsfy lj qqmsfy zsc
olsrno.

Decrypt this message.

Sol. The text provided appears to have been encrypted using a password that is easy
to change. In password changing, ciphertext is created by replacing each letter in the
plaintext with another letter. To determine this, we need to determine the
orientation of the original text and the replaced text.

Here is the decrypted message:

computers have made our lives easier by automating many mundane tasks; making
them much more efficient and less time-consuming. a computer system consists of
various components, making it complex and capable of performing a wide range of
tasks. a system typically includes input devices such as keyboards and mice, output
devices like monitors and printers, and a central processing unit (cpu) that performs
calculations and manages data. a network connects computers and allows them to
communicate with each other, enabling the sharing of resources and information.
decrypt this message.

decryption requires a simple replacement cipher, where each letter is always

replaced by another letter throughout the message. If there are changes or additions
to the encryption process, further review is required.