lOMoARcPSD|41608258

CSS Answers

Module 1:

Q1. Enlist Security Goals. Discuss their Significance.

Ans. Security goals are specific objectives that aim to protect sensitive information,
systems, and assets from unauthorized access, disclosure, modification, destruction, or
disruption.
1. Confidentiality:
i. Confidentiality is the security goal that ensures that sensitive data or
information is only accessible by authorized individuals or systems.
ii. Confidentiality is essential in protecting private, personal, and sensitive
data, such as financial information, medical records, or trade secrets.
iii. Data confidentiality: Assures that private or confidential information is not
made available or disclosed to unauthorized individuals.
iv. Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
2. Integrity:
i. Integrity is the security goal that ensures that data or information is
accurate, reliable, and trustworthy.
ii. Integrity means making sure that the data or information you have is
correct and can be trusted. To do this, you need to make sure that nobody
changes the information without permission, and if any changes are made,
they are recorded properly.
iii. Data integrity : means that information and programs can only be changed
in an authorized way, to ensure that they are accurate and trustworthy.
iv. System integrity: means that a computer system can perform its intended
functions without any unauthorized changes or manipulations, intentional
or unintentional, which could cause it to malfunction.

3. Availability:

i. It is the security goal that ensures that systems, applications, and data are
accessible to authorized users whenever they need them.
ii. Availability ensures that systems and applications are functioning correctly
and that users can access them without delay or interruption.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q2. Explain Security Services and Mechanisms in detail. Explain the relationship
between them
Ans.
-Security Services and Mechanism in detail
-ITU - T provides some security services and some mechanisms.
Security services and mechanisms are closely related because a mechanism or
combination of mechanisms are used to provide a service.
Security Services
1) Authentication -
It is a assuarance of parties that they are aunthenticated users in the
communication network.
2) Authorization -
It means providing authority or permission for accesing the system data or
services.
3) Access Control -
Controls who can have access to resource under what condition.
4) Auditing -
It helps to trace which user accessed what? When? And which way?
5) Data Confidentiality -
Information is not made available to unauthorized individual.
6) Data Integrity -
Assurance that the message is unaltered.
7) Non - Repudiation -
Protection against denial of sending or receiving in the communication.
Security Mechanisms
1) Encipherment -
To use mathematical algorithm to transform data into a form that is not
easily understandable.
2) Digital Signature -
It is a cryptographic output used to verify the aunthenticity of data.
3) Data Integrity -
Content should not modify before it reaches to intended person
4) Authentication Exchange -
The mechanism used to ensure the identity by information exchange.
5) Traffic Padding -
It is used to insert bits into gaps in data stream to frustrate traffic analysis
attempt.
6) Routing Control -
Controlling routes of actual communication in network.
7) Notarization -
Mechanism to check whether the file is authentic and unchanged since it
was backed up.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q3. What are traditional ciphers? Discuss any one substitution and transposition
cipher with example. List their merits and demerits
Ans.
1) Traditional ciphers are classical encryption techniques that were commonly
used in the past to secure communication and protect sensitive information
from unauthorized access.
2) These ciphers are based on mathematical algorithms and can be classified
into two main categories: substitution ciphers and transposition ciphers.
A. Substitution Cipher:
i. The Caesar Cipher is a simple example of a substitution cipher. In this cipher,
each letter of the plaintext is shifted a certain number of positions down the alphabet.
ii. For example, with a shift of three, the letter 'A' would be replaced by the letter
'D', 'B' would become 'E', and so on. The ciphertext is then created from the shifted
letters.
Merits:
i.Substitution ciphers are relatively easy to understand and implement.
ii.The cipher is simple and can be done mentally.
iii.It can be used to introduce encryption to beginners.
Demerits:
i.Substitution ciphers are easy to break using frequency analysis.
ii.It is not secure enough for modern encryption needs.
iii.The key is easy to discover, since there are only 25 possible keys in the
Caesar Cipher.

B. Transposition Cipher:
i.The Rail Fence Cipher is an example of a transposition cipher.
ii.In this cipher, the plaintext is written in a zigzag pattern across multiple rows,
and then the letters are read horizontally to create the ciphertext.
iii.For example, if the plaintext was "HELLO WORLD" and the key was two, the
ciphertext would be "HLOWELRLOD".
Merits:
i.Transposition ciphers are harder to break than substitution ciphers.
ii.It can be combined with substitution ciphers to create a more secure
encryption.
iii.It is easy to implement.
Demerits:
i.The encryption process is easy to understand, and once the pattern is
recognized, the cipher is relatively easy to break.
ii.The length of the plaintext determines the number of rows, which means the
pattern is predictable.
iii.The key can be discovered by finding the pattern in the ciphertext.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q4. List and explain various types of attacks on encrypted messages.

Ans.
1. Ciphertext Only Attack:
a. An attacker has access to only the encrypted ciphertext and attempts to
decipher it without any knowledge of the plaintext or the encryption key.
b. Encryption algorithm to alter the data.
2. Known Plaintext Attack:
a. An attacker has access to both the plaintext and the corresponding
encrypted ciphertext.
b. By analyzing the known pairs, the attacker attempts to deduce the
encryption key.
3. Chosen Plaintext Attack:
a. An attacker can choose the plaintext message and see its corresponding
encrypted ciphertext.
b. By analyzing the encrypted messages, the attacker attempts to deduce
the encryption key.
4. Chosen Ciphertext Attack:
a. An attacker can choose the encrypted ciphertext and see its
corresponding decrypted plaintext.
b. By analyzing the known pairs, the attacker attempts to deduce the
encryption key.
5. Chosen text:
a. Algorithm processed for the encryption of data.
b. Cipher text together with subsequent plain text and key chosen by the
cryptanalysts.

Q5. Explain with an example keyed and keyless transposition cipher.

Ans.
1. Transposition ciphers are encryption techniques that involve rearranging the
plaintext characters to create ciphertext.
2. These ciphers can be categorized into keyed and keyless transposition ciphers.

Keyless Transposition Cipher:

1. The Rail Fence Cipher is an example of a keyless transposition cipher. In this
cipher, the plaintext is written in a zigzag pattern across multiple rows, and then
the letters are read horizontally to create the ciphertext.
2. The encryption process does not require a key, as the pattern of the rows is
determined by the length of the plaintext and the number of rows chosen.
3. Example-

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Keyed Transposition Cipher:

1. The Columnar Transposition Cipher is an example of a keyed transposition
cipher. In this cipher, the plaintext is first written in rows under the letters of a
keyword or key phrase.
2. Then, the columns of the plaintext are rearranged based on the alphabetical
order of the letters in the keyword. Finally, the ciphertext is read out by columns
in the new order.
3. Example-

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Module 2:

Q1. Compare AES and DES. Which one is bit oriented? Which one is byte
oriented?
Ans.

AES is bit-oriented, while DES is byte-oriented.

Q2. Discuss in detail block cipher modes of operation.

Ans.
Block cipher modes of operation
Block Cipher modes of operation includes -
1) Electronic Code Book (ECB) Mode
2) Cipher Block Chaining (CBC) Mode
3) Cipher Feedback (CFB) Mode
4) Output Feedback (OFB) Mode
5) Counter Mode

1) Electronic Code Book (ECB) Mode -

a. Simplest mode of operation
b. Plaintext is divided into number of fixed size blocks
c. Padding is added when message is not a multiple of block size.
d. Takes one block at a time for encryption
e. Same key is used for both encryption and decryption for each block
f. Best for short data such as key but not suitable for large data
g. For identical blocks there are same ciphertext

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Fig:ECB

2) Cipher Block Chaining (CBC) Mode -

a. It overcomes security issues of ECB
b. Input given to encryption algorithm is XOR of current plaintext block and
proceeding ciphertext block
c. Repeating patterns are not exposed
d. Same key is used for both encryption and decryption for each block
e. Initalization Vector (IV) used in first encryption as well as first decryption where it
is a data block of same size
f. IV is shared to receiver using ECB

Fig:CBC

3) Cipher Feedback (CFB) Mode -

a. It uses block cipher as stream cipher where data is encrypted in smaller units of
block.
b. Initialization vector is used for first encryption and output bits are divided as a set
of s and b-s bits
c. XOR is done with left hand side s bits and plaintext bits and their result is given
as input to shift register having b-s bits to left hand side and s bits to right hand
side and the process continues

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Fig:CFB
4) Output Feedback (OFB) Mode -
a. It works same as Cipher Feedback Mode.
b. Only difference is, in OFB, output of encryption algorithm is passed to the s-bits
for shift registers.

Fig: OFB
5) Counter Mode (CTR) -
a. It is a simple counter-based block cipher implementation.
b. Every time a counter initiated, message is encrypted and given as input to XOR
with plaintext which results in ciphertext block.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q3. Write a short note on following: i) Kerberos ii) Triple DES iii) X.509 Digital
Certificate
Ans.
1) Kerberos-
1. Kerberos is a network authentication protocol designed to provide secure
authentication between client and server applications over an unsecured
network.
2. It was developed at MIT in the 1980s and has since become an industry
standard.
3. The basic idea behind Kerberos is to use a third-party authentication
server, known as the Key Distribution Center (KDC), to authenticate users
and services.
4. The KDC acts as a trusted intermediary between clients and servers,
issuing encrypted tokens known as tickets that clients can use to
authenticate themselves to servers.
5. The Kerberos protocol involves the following steps:
a. Authentication Request: A client requests authentication from the
KDC by sending a message known as an Authentication Service
Request (AS_REQ).
b. Ticket Granting Ticket: The KDC responds to the client with a Ticket
Granting Ticket (TGT), which contains a session key that will be
used to encrypt subsequent communications.
c. Authenticator: The client sends the TGT to the KDC along with an
Authenticator, which is a message that proves the client's identity.
d. Service Ticket: The KDC verifies the client's identity and issues a
Service Ticket (ST) for the requested service.
e. Service Authentication: The client sends the ST to the service it
wishes to access, along with another Authenticator message that
proves its identity.
f. Service Access: The Authenticator using the session key provided
in the TGT.
6. The use of a trusted third party (KDC) and encrypted tickets ensures
that only authenticated users can access network services, even if
the network is unsecured. The Kerberos protocol also uses
cryptographic techniques to prevent replay attacks and other types
of security threats.
7. Overall, Kerberos is a robust and widely used authentication
protocol that provides secure authentication in distributed network
environments.
2) Triple DES-
1. 3DES is based on the original Data Encryption Standard (DES) algorithm,
which uses a 56-bit key.
2. 3DES is much more secure than DES because it uses three keys (each
56 bits in length) and encrypts the data three times.
3. There are two modes of operation for 3DES:

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

a. EDE (Encrypt-Decrypt-Encrypt), where the data is encrypted with

one key, decrypted with another, and encrypted again with a third
key.
b. CBC (Cipher Block Chaining), where each block of data is
encrypted using the previous block's cipher text as part of the
encryption process.
4. 3DES can be used for both symmetric key encryption (where the same
key is used for encryption and decryption) and hybrid encryption (where a
public key algorithm is used to securely exchange a symmetric key, which
is then used for encryption).
5. While 3DES is still considered a secure encryption algorithm, it is slowly
being phased out in favor of more modern algorithms such as AES
(Advanced Encryption Standard).
6. 3DES is widely used in applications such as financial transactions, VPNs
(Virtual Private Networks), and secure email communications.

3) X.509 Digital Certificate-

1. X.509 is a standard for digital certificates that authenticate identities in
online transactions.
2. X.509 certificates contain information about the certificate holder, signed
by a trusted Certificate Authority (CA).
3. They secure internet communication via HTTPS protocol and are used in
email encryption and digital signatures.
4. They use a hierarchical structure known as PKI, with root CA at the top
issuing certificates to intermediate CAs and end entities.
5. They are used for both server and client authentication and code signing.
6. They have an expiration date to maintain security.

Q4. Discuss DES with reference to following points: i. Fiestel structure and its
significance ii. Block Size & key Size iii. Key Expansion iv. Significance of extra
swap between left and right half blocks v. Need of expansion permutation vi.
Significance of S-box vii. DES function viii.Weak Keys and semi weak keys ix.
Possible attacks on DES x. Avalanche effect
Ans.
Discuss DES
1. DES (Data Encryption Standard) is a symmetric-key block cipher that was widely
used for encryption of data in the late 20th century.
2. It was developed by IBM in the 1970s and later standardized by the National
Institute of Standards and Technology (NIST) in 1977.
3. DES uses a Fiestel structure, which makes it highly secure and efficient.

i) Fiestel structure and its significance:

1. The Fiestel structure is a design principle for constructing a symmetric-key block
cipher that divides the plaintext into two halves and applies a series of rounds on
them, with each round using a subkey derived from the main key.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

2. In DES, the Fiestel structure is used to perform 16 rounds of encryption and

decryption.
3. The significance of the Fiestel structure is that it makes DES highly secure and it
makes very difficult for an attacker to decrypt the ciphertext without the key.

ii) Block Size & key Size:

1. The block size of DES is 64 bits, which means that it can encrypt data in 64-bit
blocks at a time.
2. The key size of DES is 56 bits, which means that it uses a 56-bit key to encrypt
and decrypt data.

iii) Key Expansion:

1. To generate subkeys for each round of encryption and decryption, DES uses a
key expansion algorithm that generates 16 subkeys from the 56-bit key.
2. The key expansion algorithm uses a combination of permutation and substitution
techniques to generate subkeys that are used in each round.

iv) Significance of extra swap between left and right half blocks:
1. In DES, after each round of encryption or decryption, the left and right halves of
the block are swapped.
2. This extra swap ensures that the bits in the left half of the block are mixed with
the bits in the right half of the block, making it difficult for an attacker to decrypt
the ciphertext without the key.

v) Need of expansion permutation:

1. In DES, before the main encryption algorithm is applied, the 64-bit plaintext block
is first expanded to 72 bits using an expansion permutation.
2. This is done to ensure that each bit of the plaintext is affected by every bit of the
key, making it difficult for an attacker to decrypt the ciphertext without the key.

vi) Significance of S-box:

1. In DES, S-boxes (Substitution boxes) are used to perform substitution on the
48-bit blocks generated by the key expansion algorithm.
2. The S-boxes are designed to ensure that even small changes in the input to the
S-box result in significant changes in the output, making it difficult for an attacker
to predict the output of the S-box without the key.

vii) DES function:

1. The DES function is the main encryption and decryption algorithm used in DES.
2. It performs a series of operations on the plaintext block and the subkey
generated by the key expansion algorithm to generate the ciphertext block.

viii) Weak Keys and semi-weak keys:

1. In DES, certain keys are considered weak or semi-weak because they result in a
reduced level of security.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

2. A weak key is a key that, when used for encryption or decryption, produces the
same ciphertext for every plaintext block.
3. A semi-weak key is a key that, when used for encryption or decryption, produces
a limited number of possible ciphertexts.

ix) Possible attacks on DES:

1. One of the main attacks is a brute-force attack, where an attacker tries all
possible keys until the correct key is found.
2. Another attack that DES is vulnerable to is differential cryptanalysis. This attack
involves observing the differences between plaintexts and their corresponding
ciphertexts and using this information to deduce the key.

x) Avalanche effect:
1. The avalanche effect is the property of encryption algorithms where a small
change in the plaintext or the key results in a significant change in the ciphertext.
2. DES has a strong avalanche effect, which means that any small change in the
input results in a significant change in the output.
3. This property ensures that any tampering or manipulation of the ciphertext will
result in a significant change in the plaintext, making it difficult for an attacker to
modify the ciphertext without being detected.

Q5. Explain Diffie Hellman Key Exchange Algorithm. What types of attacks are
possible on it?
Ans.
1) The Diffie-Hellman key exchange algorithm is a cryptographic protocol used to
establish a shared secret key between two parties over an insecure channel.
2) It was invented by Whitfield Diffie and Martin Hellman in 1976.
3) Is widely used for secure key exchange in various cryptographic systems.
4) The key exchange process involves the following steps:
A. Both parties, Alice and Bob, agree on a large prime number p and a
primitive root of p, g, which are publicly known.
B. Alice and Bob each generate a secret key, a and b, respectively, which
are kept private.
C. Alice sends Bob the value g^a mod p, and Bob sends Alice the value g^b
mod p.
D. Alice computes the shared secret key as (g^b)^a mod p, and Bob
computes it as (g^a)^b mod p.
5) The shared secret key obtained from this process can be used for symmetric key
encryption and decryption.
6) Man-in-the-middle (MITM) attack: An attacker intercepts the communication
between Alice and Bob, impersonates each of them to the other, and negotiates
a separate key with each party. To prevent this attack, the Diffie-Hellman key
exchange can be combined with authentication techniques such as digital
signatures or certificates.
7) Computational attacks: An attacker can try to compute the discrete logarithm of
the shared secret key by trying every possible value until the correct key is

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

found. This attack is difficult for large prime numbers, but it is still possible if the
key size is small. To prevent this attack, a larger key size can be used.
8) Timing attacks: An attacker can measure the time it takes for the key exchange
process to complete and use this information to deduce the value of the secret
key. This attack is difficult to execute, but it is still possible in some cases. To
prevent this attack, constant-time implementations can be used.
9) Side-channel attacks: An attacker can exploit physical characteristics of the
hardware or software implementation of the key exchange algorithm to extract
information about the secret key. This attack can be prevented by using secure
implementations of the algorithm.
OR

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q6. Elaborate the steps of key generation using RSA algorithm.

Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Module 3:

Q1. What are the requirements of the cryptographic hash functions? State real
world applications of hash functions.?
Ans.
Requirements of Cryptographic Hash Functions:
1. Collision Resistance: It should be computationally infeasible to find two different
inputs that produce the same hash value.
2. Preimage Resistance: Given a hash value, it should be infeasible to find an input
that hashes to that value.
3. Second Preimage Resistance: Given an input, it should be infeasible to find a
second input that hashes to the same value.
4. Determinism: The same input should always produce the same output hash value.
5. Efficiency: The hashing process should be computationally efficient.

Real World Applications of Hash Functions:

1. Password Storage: Hash functions are commonly used to store passwords securely.
When a user creates a password, the hash function is applied to the password and
the resulting hash value is stored instead of the plaintext password. When the user
later logs in, their password is hashed again and compared to the stored hash value
to verify their identity.
2. Data Integrity: Hash functions are used to ensure the integrity of data. The hash
value of a file can be computed and compared to the original hash value to detect if
any changes have been made to the file.
3. Digital Signatures: Hash functions are used in digital signature algorithms to verify
the authenticity of a message or document. The message is first hashed and then
the hash value is signed with a private key. The recipient can verify the signature by
hashing the message themselves and comparing it to the signed hash value.
4. Blockchain: Hash functions are used in blockchain technology to create a secure,
decentralized ledger of transactions. Each block in the chain contains a hash of the
previous block, creating a tamper-proof chain of data.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q2. Compare MD5 and SHA hash functions.

Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q3. Explain HMAC with example.

Ans:
1. HMAC (Hash-based Message Authentication Code) is a type of a message
authentication code (MAC) that is acquired by executing a cryptographic hash
function on the data (that is) to be authenticated and a secret shared key.
2. It is used for both data integrity and authentication.

Working of HMAC
1. HMACs provides client and server with a shared private key that is known only to
them.
2. The client makes a unique hash (HMAC) for every request.
3. When the client requests the server, it hashes the requested data with a private
key and sends it as a part of the request.
4. Both the message and key are hashed in separate steps making it secure.
5. When the server receives the request, it makes its own HMAC.
6. Both the HMACS are compared and if both are equal, the client is considered
legitimate.

Example
For example, suppose Alice wants to send the message "Hello Bob" to Bob.
They share a secret key, which is "secretkey".
Alice generates the HMAC for the message using the SHA-256 hash function as
follows:
1) Alice concatenates the message with the secret key: "Hello Bobsecretkey"
2) Alice applies the SHA-256 hash function to the concatenated string:
"d326f2c1d3f9ea15cb13c3456e57ec6a91397f65178c89f8d0441d427b5e5b88"
3) Alice uses the result of the hash function as the key to compute the HMAC
using the same hash function:
HMAC_SHA256("secretkey", "Hello Bob") =
"1abaf6a9b98c7f6ebda69c8a53f30c75d1611ebbb0d03f2e9e9a4e3cdd4ab583"
4) Alice sends the message "Hello Bob" and the HMAC to Bob.
Bob receives the message and the HMAC. He repeats the process:
1) Bob concatenates the message with the secret key: "Hello Bobsecretkey"
2) Bob applies the SHA-256 hash function to the concatenated string:
"d326f2c1d3f9ea15cb13c3456e57ec6a91397f65178c89f8d0441d427b5e5b88"
3) Bob uses the result of the hash function as the key to compute the HMAC
using the same hash function:
HMAC_SHA256("secretkey", "Hello Bob") =
"1abaf6a9b98c7f6ebda69c8a53f30c75d1611ebbb0d03f2e9e9a4e3cdd4ab583"
4) Bob compares the computed HMAC with the HMAC that Alice sent. Since they
match, Bob knows that the message "Hello Bob" has not been tampered with
and was sent by someone who knows the secret key.

Advantages -
1. HMACs are ideal for high-performance systems like routers due to the use of
hash functions.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

2. HMACs provide higher security than digital signatures.

3. HMACs are used in administrations where public key systems are prohibited.

Disadvantage -
1. HMACs uses shared key which may lead to non-repudiation. If either sender or
receiver’s key is compromised then it will be easy for attackers to create
unauthorized messages.

Q4.What is need for message authentication? List various techniques used for
message authentication. Explain any one.
Ans.
Need for Message Authentication:
1. Verify the origin of the message.
2. Ensure the message has not been tampered with in transit.
3. Ensure the message has not been altered or modified by an unauthorized party.
4. Ensure the integrity and confidentiality of the message.

Techniques Used for Message Authentication:

1. Message Authentication Codes (MAC): A symmetric-key technique used to
authenticate messages between two parties. It uses a secret key shared
between the sender and receiver to generate a MAC, which is appended to the
message. The receiver can then generate their own MAC using the same key
and verify the message by comparing the two MACs.
2. Digital Signatures: A public-key technique used to authenticate messages
between two parties. It uses the sender's private key to sign the message, which
can be verified by the recipient using the sender's public key.
3. Hash Functions: A technique used to ensure the integrity of a message. A hash
function generates a fixed-length value that represents the original message. Any
change in the message will result in a different hash value.

Explanation of Message Authentication Code (MAC):

1. A secret key is shared between the sender and receiver.
2. The sender generates a MAC using the key and appends it to the message.
3. The receiver generates their own MAC using the same key and compares it to
the received MAC.
4. If the two MACs match, the message is authenticated and has not been
tampered with in transit.
5. If the MACs do not match, the message has been tampered with and should be
discarded or further investigated.
6. The strength of the MAC depends on the length of the key and the cryptographic
algorithm used.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q5.State the properties of secure hash function.

Ans.
A secure hash function should possess the following properties:

1. Pre-image resistance (one-way-ness): Given a hash value, it should be

computationally infeasible to find the input that produced that hash value.
2. Second pre-image resistance (weak collision-resistance): Given an input, it
should be computationally infeasible to find another input that produces the same
hash value.
3. Collision resistance (strong collision-resistance): It should be computationally
infeasible to find two different inputs that produce the same hash value.
4. Fixed output: The hash function should always produce the same size output,
regardless of the size of the input.
5. Arbitrary-length input: The hash function should be able to handle inputs of any
size.
6. Efficiency: The hash function should be computationally efficient and require a
reasonable amount of time to compute.
7. Uniform distribution: The hash function should produce a uniformly distributed
output, which means that each possible output should be equally likely.
8. Fast computation: The hash function should be computationally efficient and
require a reasonable amount of time to compute.

These properties ensure that the hash function is secure and cannot be easily
manipulated or tampered with. A secure hash function is essential in various
applications, including digital signatures, password storage, and data verification.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Module 4:

Q1. Explain Digital Signature and Digital Certificate used for authentication.?
Ans.
Digital Signature:
1. A digital signature is a cryptographic technique used to ensure the authenticity,
integrity, and non-repudiation of digital messages or documents.
2. It is created using the sender's private key and can be verified using their public
key.
3. The process involves creating a hash of the message/document, encrypting the
hash using the private key, and appending the resulting digital signature to the
message/document.
4. The recipient can verify the digital signature and the message digest using the
sender's public key.
5. A digital signature provides assurance that the message/document has not been
tampered with during transmission and was indeed sent by the claimed sender.
6. It also provides non-repudiation, meaning that the sender cannot deny having
sent the message/document.
Digital Certificate:
1. A digital certificate is an electronic document that contains information about the
identity of the certificate holder.
2. It is issued by a trusted third-party Certificate Authority (CA) after verifying the
identity of the certificate holder.
3. The digital certificate includes the certificate holder's public key and other identity
information.
4. The digital certificate is signed using the CA's private key to ensure its
authenticity.
5. The certificate holder shares their public key and digital certificate with others to
prove their identity.
6. When someone receives the digital certificate, they can verify its authenticity by
checking the digital signature of the CA.
7. They can then use the certificate holder's public key to encrypt messages or
verify digital signatures.
8. Digital certificates are widely used for secure online transactions, such as
e-commerce and online banking.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Module 5:
Q1. Explain different types of Denial of Service attacks?
Ans.
1. Application Layer Flood:
a. This is a type of DoS attack that targets the application layer of a system,
such as a web server.
b. The attacker floods the system with a large number of requests,
overwhelming the server and causing it to become unresponsive.
c. This type of attack is difficult to detect and mitigate because it appears to
be legitimate traffic.
2. Distributed Denial of Service (DDoS):
a. This is a type of DoS attack that involves multiple systems, often
compromised by malware and controlled by the attacker, to flood the
target system with traffic.
b. The goal is to overwhelm the system's resources and make it unavailable
to legitimate users.
c. DDoS attacks can be difficult to prevent and mitigate because they come
from multiple sources and can be distributed across multiple networks.
3. Unintended Denial of Service Attacks:
a. These are DoS attacks that occur unintentionally, often as a result of
software bugs or misconfigurations.
b. For example, a software update may cause a server to crash or a
misconfigured network device may cause a network outage.
c. These types of attacks are unintentional but can still cause significant
disruptions to services.

Q2. What is meant by DOS attack? What are different ways to mount DOS
attacks?
Ans.
DOS
1. A denial-of-service attack is an attempt to make a computer resource unavailable
to its intended users.
2. The basic purpose of a DOS attack is simply to flood a network so as to deny the
authentic users services of the network.
Ways to mount DOS attack on the system -
1) SYN Flood Attack -
1. The attacker takes control of multiple hosts over the internet instructing them to
contact the target Web server.
2. Each SYN packet is a request to open a TCP connection. For each such packet,
the web server responds with a SYNACK packet trying to establish a TCP
connection.
3. SYN request waiting for a response back and becomes bogged down as more
traffic floods in due to which users are denied access.
2) Distributed DOS Attack -

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

1. An attacker begins a DDoS attack by exploiting vulnerability in one computer

system and making it the DDoS master.
2. The attacker infects multiple systems and controls machines to launch DDoS
attacks using commands.
3) Exhaustion of Bandwidth -
1. The attacker takes control of multiple hosts over the internet instructing them to
send ICMP ECHO packets with the targets spoofed IP address to a group of
hosts.
2. Nodes at the bounce site receive multiple spoofed requests and respond by
sending echo reply packets to the target site.
3. The targets router is flooded with packets from the bounce site leaving no data
transmission capacity for legitimate traffic.
4) Slowloris -
1. Slowloris is a highly-targeted attack, enabling one web server to take down
another server, without affecting other services or ports on the target network.
2. Slowloris does this by holding as many connections to the target web server
open for as long as possible.
5) Ping of Death -
1. A ping of death ("POD") attack involves the attacker sending multiple malformed
or malicious pings to a computer.
2. This can overflow memory buffers allocated for the packet, causing denial of
service for legitimate packets.

6) UDP Flood -
1. This type of attack floods random ports on a remote host with numerous UDP
packets, causing the host to repeatedly check for the application listening at that
port, and reply with an ICMP Destination Unreachable packet.
7) Teardrop Attack -
1. The Teardrop attack involves sending corrupted IP packages, the purpose of this
is to confuse and potentially crash the receiving system.
8) Smurf Attack -
1. In this the attacker knows the broadcast servers in a network and sends a ping
request.
2. When the broadcast server receives the ping request, the ping request is sent to
the entire network and all the machines in the network return a response. These
responses are further redirected by the broadcast server to the target machine.

Q3. Write a short note on IDS.

Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

1. IDS stands for Intrusion Detection System.

2. It is a software or hardware-based system that monitors network traffic or system
events to detect unauthorized access or malicious activity.
3. IDS can be classified into two types: Network-Based IDS (NIDS) and Host-Based
IDS (HIDS).
4. NIDS monitors network traffic to detect suspicious activity, while HIDS monitors
system events and logs to detect suspicious behavior on a single host.
5. IDS works by comparing observed activity against a set of predefined rules or
signatures that indicate known attacks or malicious activity.
6. IDS can also use anomaly detection, which identifies deviations from normal
behavior, to detect unknown or zero-day attacks.
7. When suspicious activity is detected, the IDS can generate an alert or take action
to block the activity.
8. IDS is an important component of an organization's security infrastructure, as it
can provide early warning of a potential security breach and allow for a rapid
response to mitigate the risk.

Q4. Describe various types of IDS. What are Active and Passive IDS?.
Ans.
1. IDS stands for Intrusion Detection System.
2. It is a software or hardware-based system that monitors network traffic or system
events to detect unauthorized access or malicious activity.
3. IDS can be classified into two types: Network-Based IDS (NIDS) and Host-Based
IDS (HIDS).
4. Network Intrusion Detection Systems (NIDS) usually consists of a network
appliance (or sensor) with a Network Interface Card (NIC) operating in
promiscuous mode and a separate management interface. The IDS is placed
along a network segment or boundary and monitors all traffic on that segment.
5. A host Intrusion detection system (HIDS) can only monitor the individual
workstations on which the agents are installed and it cannot monitor the entire
network. Host based IDS systems are used to monitor any intrusion attempts on
critical servers.
6. Active IDS is a type of IDS that takes an active role in preventing attacks. It can
block suspicious traffic or terminate malicious processes to prevent further

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

damage.Active IDS is useful for quickly responding to and stopping attacks in

real-time.
7. Passive IDS, on the other hand, only monitors network traffic or system activity
and generates alerts for system administrators or security personnel. It does not
take any direct action to prevent or stop attacks.Passive IDS is useful for
collecting information about network traffic and analyzing it to identify potential
attacks.

Q5. Differentiate between Firewall and IDS

Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q6. Explain IPsec Authentication Header and Encapsulating Security Payload?

Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q7. What is the need of SSL? Explain SSL Handshake Protocol.?

Ans.
1. The need for SSL (Secure Sockets Layer) arises due to the following reasons:
2. Confidentiality: SSL provides confidentiality by encrypting data in transit between
the client and server.
3. Integrity: SSL ensures the integrity of the data by detecting any tampering or
alteration of data during transit.
4. Authentication: SSL provides authentication of the server to the client, ensuring
that the client is communicating with the intended server.
5. Trust: SSL establishes trust between the client and server by verifying the
authenticity of the server's digital certificate.
6. It is used to protect sensitive information such as login credentials, credit card
details, and personal information that is transmitted over the internet.
7. The SSL Handshake Protocol is used to establish a secure connection between
the client and server. It involves the following steps:

A. Client Hello: The client sends a message to the server to initiate a secure
connection. The message includes the SSL version, cipher suites
supported by the client, and a random number.
B. Server Hello: The server responds to the client with its SSL version, cipher
suite selected for the communication, and a random number.
C. Certificate: The server sends its digital certificate to the client to
authenticate its identity.
D. Server Key Exchange: The server sends its public key to the client to
establish a secure session key.
E. Client Key Exchange: The client generates a session key using the
server's public key and sends it to the server.
F. Change Cipher Spec: Both the client and server agree to switch to
encrypted communication using the session key.
G. Finished: Both the client and server exchange a message to confirm that
the SSL handshake is complete, and encrypted communication can begin.

8. Once the SSL handshake protocol is complete, the client and server can exchange
data in a secure and encrypted manner, and the data cannot be intercepted by any
unauthorized third party.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Q8.What are different types of firewall? How firewall different than IDS?
Ans.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Firewalls and IDS are both network security tools, but they differ in their approach to
securing a network:

1. Functionality: Firewalls are primarily designed to prevent unauthorized access to

a network by filtering or blocking incoming and outgoing network traffic based on
predetermined rules. IDS, on the other hand, are designed to detect and alert on
potential security threats by analyzing network traffic and looking for patterns of
suspicious activity.
2. Traffic analysis: Firewalls examine network traffic to enforce security policies and
filter traffic based on IP addresses, ports, protocols, and content. IDS analyze
network traffic for signs of security threats, such as malware, viruses, or
unauthorized access attempts.
3. Response: Firewalls respond to security threats by blocking or filtering network
traffic, while IDS alert administrators to potential security threats so that they can
take appropriate action.
4. Placement: Firewalls are typically placed at the perimeter of a network to filter
incoming and outgoing traffic. IDS are often placed internally within the network
to monitor traffic between network segments or on individual hosts

Q9. How does PGP achieve confidentiality and authentication in emails?

Ans.
1) Pretty Good Privacy (PGP) is a secure email program that provides a
confidentiality and authentication service that can be used for electronic email
and file storage applications.
2) PGP achieves confidentiality and authentication by the following steps:
1. The sender creates a message M
2. SHA-1 is used to generate a 160-bit hash code of the message
3. The hash code is then encrypted with RSA using sender’s private key.
4. The result is concatenated with the original message. (Pts. 1-4 covers
authentication)
5. Also, a 128-bit number is generated which is going to be the session key
for the current session only.
6. The message from step 4 is encrypted using CAST-128 and the
session-key
7. The session-key is then encrypted with RSA using the recipient’s public
key and is attached (prepended) to the message. (Pts. 5-7 covers
confidentiality)
8. Message is transferred through the medium.
9. The receiver uses RSA to with its private key to decrypt and recover
session key
10. Now since the session key is obtained , the remaining message is
decrypted using sender’s public key and RSA
11. The receiver then generates a hash code for the message and compares
it with the decrypted hash code. If they match, the message is considered
as authentic.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

Module 6:
Q1.Write a short note on Buffer Overflow.?
Ans.
1. Buffer overflow is a type of software vulnerability that occurs when a program or
process tries to store more data in a buffer (temporary storage area) than it can
hold.
2. This can happen when the size of the input data exceeds the capacity of the
buffer, or when the input data is not properly checked or validated before being
stored in the buffer.
3. Buffer overflow attacks can allow an attacker to overwrite or modify the contents
of the buffer, which can lead to a variety of security issues, such as crashing the
program, executing malicious code, or gaining unauthorized access to a system.
4. To prevent buffer overflow attacks, developers can use techniques such as
bounds checking, input validation, and buffer size limits.
5. Additionally, security measures such as Data Execution Prevention (DEP) and
Address Space Layout Randomization (ASLR) can make it more difficult for
attackers to exploit buffer overflow vulnerabilities.
6. Regular software updates and security patches can also help to mitigate the risk
of buffer overflow attacks.
7. Overall, buffer overflow attacks are a serious threat to software security and can
have significant consequences if not properly addressed.

Q2. How can we achieve web security? Explain with an example?

Ans.
1. Use Secure Communication Protocols: Use secure communication protocols
such as HTTPS to ensure that all data transmitted between the client and the
server is encrypted and cannot be intercepted or tampered with by an attacker.

Example: When a user enters their credit card information on an e-commerce

website, the website should use HTTPS to encrypt the data and protect it from
being intercepted by an attacker.

2. Input Validation: Validate user input on the server-side to prevent injection attacks
such as SQL injection or cross-site scripting (XSS).

Example: A web application should validate user input such as form data or
search queries to prevent malicious users from injecting code that could be used
to steal data or compromise the system.

3. Use Access Controls: Implement access controls to restrict access to sensitive

information or actions to authorized users.

Example: A website should require users to log in with a username and

password to access their account information or perform certain actions such as
making a purchase.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

4. Use Security Headers: Use security headers such as Content Security Policy
(CSP) and X-Frame-Options to prevent cross-site scripting (XSS) and
clickjacking attacks.

Example: A website can use a Content Security Policy to restrict which external
resources, such as scripts or stylesheets, can be loaded on the page, preventing
malicious code from being executed.

5. Keep Software Up-to-Date: Keep all software and plugins up-to-date to ensure
that any known vulnerabilities are patched.

Example: A website should regularly update its content management system,

plugins, and other software to ensure that any known security vulnerabilities are
patched, preventing attackers from exploiting them.

Q3. List various software vulnerabilities. How vulnerabilities are exploited to

launch an attack?
Ans.
1. Buffer Overflow: This occurs when a program tries to write more data to a buffer
than it can hold, allowing an attacker to overwrite adjacent memory and execute
malicious code.

Example of attack: An attacker can craft a specific input to a program, such as a

long string of characters, that will overflow the buffer and overwrite memory with
their own code, which can be executed by the program.

2. SQL Injection: This occurs when an attacker uses malicious input to manipulate a
SQL query and access unauthorized data or perform unauthorized actions.

Example of attack: An attacker can input SQL code into a web form that is not
properly sanitized, causing the SQL query to execute malicious code that can
access or modify data in the database.

3. Cross-Site Scripting (XSS): This occurs when an attacker injects malicious code
into a website that is then executed by a user's browser.

Example of attack: An attacker can input JavaScript code into a web form that is
not properly sanitized, causing the code to execute when a user visits the
website, potentially allowing the attacker to steal sensitive data or perform
unauthorized actions.

4. Cross-Site Request Forgery (CSRF): This occurs when an attacker tricks a user
into unknowingly performing an action on a website, such as submitting a form or
making a payment.

Example of attack: An attacker can craft a webpage that includes a hidden form
that submits a request to a vulnerable website when the user visits the page,
causing the user to unknowingly perform an action on the website without their
knowledge.

Downloaded by Krehs (krehsmisc@gmail.com)

 lOMoARcPSD|41608258

5. Remote Code Execution: This occurs when an attacker is able to execute

arbitrary code on a system, potentially allowing them to take control of the
system or access sensitive data.

Example of attack: An attacker can exploit a vulnerability in a web application or

server software to execute their own code on the system, potentially allowing
them to access sensitive data or take control of the system.

Downloaded by Krehs (krehsmisc@gmail.com)