Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Cryptography: Principles, Methods, and Applications, Thesis of Network security

University of Engineering & ManagementNetwork security

A complete walkthrough of network security and cryptography

Typology: Thesis

2021/2022

Available from 11/26/2022

rajarshi-banerjee
rajarshi-banerjee 🇮🇳

5 documents

1 / 15

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cryptography and Network Security
Module 1
Very short, Short & Long Type Questions Solution Model
1. Specify the four categories of security threats.
Interruption
Interception
Modification
Fabrication
2. Explain active and passive attack with example.
Passive attack: Monitoring the message during transmission.
Eg: Interception
Active attack: It involves the modification of data stream or
creation of false data stream.
E.g.: Fabrication, Modification, and Interruption
3. Define integrity and non repudiation.
Integrity: Service that ensures that only authorized person able to modify the
message.
Non repudiation: This service helps to prove that the person
who denies the transaction is true or false.
4. Differentiate symmetric and asymmetric encryption?
5. Cryptography
The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that message
back to its original form. It is a science of writing Secret code using mathematical
techniques. The many schemes used for enciphering constitute the area of study known as
cryptography.
6. Non Repudiation
This service helps to prove that the person who denies the transaction is true or false.
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Cryptography: Principles, Methods, and Applications and more Thesis Network security in PDF only on Docsity!

Cryptography and Network Security

Module 1 Very short, Short & Long Type Questions Solution Model

  1. Specify the four categories of security threats. Interruption Interception Modification Fabrication
  2. Explain active and passive attack with example. Passive attack: Monitoring the message during transmission. Eg: Interception Active attack: It involves the modification of data stream or creation of false data stream. E.g.: Fabrication, Modification, and Interruption
  3. Define integrity and non repudiation. Integrity: Service that ensures that only authorized person able to modify the message. Non repudiation: This service helps to prove that the person who denies the transaction is true or false.
  4. Differentiate symmetric and asymmetric encryption?
  5. Cryptography The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form. It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography.
  6. Non Repudiation This service helps to prove that the person who denies the transaction is true or false.
  1. Stegenography A plaintext message may be hidden in any one of the two ways. The methods of steganography conceal the existence of the message, whereas the methods of cryptography render the message unintelligible to outsiders by various transformations of the text. A simple form of steganography, but one that is time consuming to construct is one in which an arrangement of words or letters within an apparently innocuous text spells out the real message. e.g., (i) the sequence of first letters of each word of the overall message spells out the real (Hidden) message. (ii) Subset of the words of the overall message is used to convey the hidden message.
  2. Authentication Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be. Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server.
  3. Data Encryption Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Currently, encryption is one of the most popular and effective data security methods used by organizations. Two main types of data encryption exist - asymmetric encryption, also known as public-key encryption, and symmetric encryption.
  4. Key In cryptography, a key is defined as a piece of information that determines the functional output of a cryptographic algorithm or cipher. In encryption, a key specifies the particular transformation of plaintext into ciphertext or vice versa during decryption.
  5. Cryptology Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  6. Enchiperment The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. 13.Ciphertext In cryptography, ciphertext (or cyphertext) is the result of encryption performed on plaintext using an algorithm, called a cipher.[Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or

attacks are the release of message contents and traffic analysis.

  1. Define security mechanism. One of the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security. Some of the mechanisms are 1 Encipherment 2 Digital Signature 3 Access Control
  2. Multiple Encryption Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. The terms cascade encryption, cascade ciphering, multiple encryption, multiple ciphering, and superencipherment are used with the same meaning. Superencryption refers to the outer-level encryption of a multiple encryption.
  3. Four categories of security threads? a. Interruption b. Interception c. Modification d. Fabrication
  4. Fabrication Fabrication: In this type of attack a fake message is inserted into the network by an unauthorized user as if it is a valid user. This results in the loss of confidentiality, authenticity and integrity of the message.
  5. key principle of security The key principle of security is the following:
  6. Make sure you have the latest security updates & patches
  7. Install anti-virus software
  8. Install anti-spyware software
  9. Use a personal firewall
  10. Password advice
  11. Difference between threat and attack. Attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an Asset. Attacks are categorized in many different ways but mainly categorized as passive or active attacks. Threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
    1. Differentiate conventional (symmetric) from public key (asymmetric) encryption.
  1. Distinguish between passive attack and active attack with reference t o X. 8 0 0. X.800 categorize the attacks into two, namely passive and active attacks. Passive attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. It includes release of message contents and Traffic analysis. Passive attacks are very difficult to detect because they do not involve any alteration of data. However, it is feasible to prevent the success of these attacks, usually by means of encryption. Active attacks: Active attack involves some modification of the data stream or the creation of a false data stream and can be subdivided into four categories namely as a masquerade, replay, modification of messages and the denial of service attack.
  2. Define – Key and Plaintext

property of cryptographic algorithms, typically block ciphers and cryptographic hash functions. The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single

  1. Exhaustive key search: It is basically used by the side of cryptanalyst. Basically the procedure for exhaustive key search becomes more complex as the key size that means number of bits are increased. The time required for single encryption message and entire message would be automatically increased. All encryption algorithm are having two main criteria for encryption– I. The cost of breaking the cipher exceeds the value of encryption information. II. The time required to break the cipher exceeds the useful timeline of the information. An encryption scheme is said to be comparatively secure if the above two criteria are met.
  1. Playfair cipher The best known multiple letter encryption cipher is the playfair, which treats digrams in the plaintext as single units and translates these units into cipher text digrams. The playfair algorithm is based on the use of 5x5 matrix of letters constructed using a keyword. The Playfair cipher encrypts pairs of letters (digraphs), instead of single letters as is the case with simpler substitution ciphers such as the Caesar Cipher. Frequency analysis is still possible on the Playfair cipher, however it would be against 600 possible pairs of letters

34. The One-time pad

One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. Used by Special Operations teams and resistance groups during WW2, popular with intelligence agencies and their spies during the Cold War and beyond, protecting diplomatic and military message traffic around the world for many decades, the one-time pad gained a reputation as a simple yet solid encryption system with an absolute security which is unmatched by today's modern crypto algorithms. Whatever technological progress may come in the future, one-time pad encryption is, and will remain, the only truly unbreakable system that provides real long-term message secrecy. We can only talk about one-time pad if some important rules are followed. If these rules are applied correctly, the one-time pad can be proven unbreakable (see Claude Shannon's "Communication Theory of Secrecy Systems"). Even infinite computational power and infinite time cannot break one-time pad encryption, simply because it is mathematically impossible. However, if only one of these rules is disregarded, the cipher is no longer unbreakable.

⦁ The key is at least as long as the message or data that must be encrypted.

⦁ The key is truly random (not generated by a simple computer function or such)

⦁ Key and plaintext are calculated modulo 10 (digits), modulo 26 (letters) or modulo 2

(binary)

⦁ Each key is used only once, and both sender and receiver must destroy their key after

use.

⦁ There should only be two copies of the key: one for the sender and one for the receiver

(some exceptions exist for multiple receivers) Important note: one-time pads or one-time encryption is not to be confused with one-time keys (OTK) or one-time passwords (sometimes also denoted as OTP). Such one-time keys, limited in size, are only valid for a single encryption session by some crypto-algorithm under control of that key. Small one-time keys are by no means unbreakable, because the security of the encryption depends on the crypto algorithm they are used for.

  1. Hill Cipher ⦁ The Hill Cipher uses an area of mathematics called Linear Algebra, and in particular requires the user to have an elementary understanding of matrices. ⦁ To encrypt a message using the Hill Cipher we must first turn our keyword into a key matrix (a 2 x 2 matrix for working with digraphs, a 3 x 3 matrix for working with trigraphs, etc). We also turn the plaintext into digraphs (or trigraphs) and each of these into a column vector. We then perform matrix multiplication modulo the length of the alphabet (i.e. 26) on each vector. These vectors are

then converted back into letters to produce the ciphertext.