CRYPTOGRAPHY AND NETWORK SECURITY, 2 Mark Unit V

1. What is Wireless Application protocol (WAP) security?

• WAP is a protocol stack for wireless communication networks, specified by the WAP forum. The WAP forum is currently part of the Open Mobile Alliance.
• WAP is essentially a wireless equivalent to the Internet protocol stack (TCP/IP).
• A big advantage of WAP is that it is bearer independent.
• The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used.

 2. Which Algorithms using in the WAP security?

The elliptic curve cryptography (ECC) Algorithms used in the WAP security.

3. List the Advantages and Disadvantages of WAP Security?

Advantages:

• A big advantage of WAP is that it is bearer independent.
• The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used.

Disadvantages:

                        WAP does not offer end-to-end security.

                        WAP rely on Higher layer Security.

4. List the Security services in GSM?

GSM offers several security services using confidential information stored in the AuC and in the individual SIM

The security services offered by GSM are explained below:

·         Access control and authentication

·         Confidentiality

·         Anonymity

5. Define the terms Confidentiality, Anonymity

 Confidentiality: All user-related data is encrypted. After authentication, BTS and MS apply encryption to voice, data, and signaling. This confidentiality exists only between MS and BTS, but it does not exist end-to-end or within the whole fixed GSM/telephone network.

Anonymity: To provide user anonymity, all data is encrypted before transmission, and user identifiers (which would reveal an identity) are not used over the air. Instead, GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update. Additionally, the VLR can change the TMSI at any time.

6. How many algorithms are using in the GSM Security?

Three algorithms have been specified to provide security services in GSM. Algorithm A3 is used for authentication, A5 for encryption, and A8 for the generation of a cipher key.

7. What are the security issues in 3G?

            Infrastructure Enumeration

            Subscriber Intercommunication

            Attempts to send packets in traffic

 

8. List the different levels of security in 3G.

·         Privacy

·         Data integrity

·         Authentication

9. What are the problems in the 3G Networks?

·         Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up.

·         The transmission of IMEI is not protected

10.What are the Features of MS - CAPI?                                                                                                    

·  Microsoft has developed comprehensive cryptographic software, called Microsoft cryptography Application Programming Interface.

·         It is Free ware

·         It is enabled with Windows Dynamic Linking Library

11. What is the Role of Operating systems?

The operating system can be considered in various ways:

• An intermediary between the user software and the hardware
• An abstraction layer providing an idealized view of the computer hardware
• A virtual machine
• A set of services

12. What Security Services are provided by the Operating System?

•         Resource security

•         Service security

•         Communication security

•         Authentication of users

•         Authentication of resources

•         Privacy

•         Anonymity

•         Other security services

 13. What is VPN?

Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.

14. List the Functions of VPN.

• Authentication – validates that the data was sent from the sender.
• Access control – limiting unauthorized users from accessing the network.
• Confidentiality – preventing the data to be read or copied as the data is being transported.
• Data Integrity – ensuring that the data has not been altered

15. State the Advantages and Disadvantages.

            Advantages

• Cost Savings
• Scalability

                       

Disadvantages.

·         Immature standards

·         VPNs need to accommodate protocols other than IP and existing internal network technology

16. What is Single Sign On (SSO)?

            Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

17. List the Advantages of SSO?

• Reduced operational cost
• Reduced time to access data, e.g. ER
• Improved user experience, no password lists to carry
• Advanced security to systems
• Strong authentication
• One Time Password devices
• Smartcards
• Ease burden on developers
• Centralized management of users, roles
• Fine grained auditing
• Effective compliance (SOX, HIPPA)

18. Classify the SSO Types.

• Password Synchronization
• Legacy SSO (Employee/Enterprise SSO)
• Web Access Management (WAM)
• Cross Domain (realm) SSO
• Federated SSO

19. What is the Denial of Service (DOS) Attacks?

            The Basic purpose of a DOS attack is simply to flood/overhaul a network so as to deny the authentic users services of the network.

20. What is the purpose of scripting technologies on the internet?

• Cross Site Scripting Vulnerability (CCSV) is a relatively new form of attacks that exploits inadequate validations on the server side.
• It takes advantage of Web servers that return dynamically generated Web pages or allow users to post viewable content in order to execute arbitrary HTML and active content such as JavaScript, ActiveX, and VBScript on a remote machine browsing the site within the context of a client-server session.

21. State the Advantages of the CCSV

·         Cross-site scripting is a Web-based attack technique used to gain information from a victim machine or leverage other vulnerabilities for additional attacks.

The fact that this technique could be used to specifically target and gain access to control system environments has been described in a detailed hypothetical attack scenario.

CRYPTOGRAPHY AND NETWORK SECURITY, 2 Mark Unit IV

1. Define message authentication.

            A process used to verify the integrity of a message. It is a procedure that verifies whether the received message comes from assigned source has not been altered.

2. What is hash function?

            A function that maps a variable-length data block or message into a fixed-length value called a hash code. The function is designed in such a way that, when protected, it provides an authenticator to the data or message. Also referred to as a message digest.

3. Differentiate public key encryption and conventional encryption.

            Conventional Encryption Public key Encryption

                        • Same algorithm with 1.Same algorithm is used for same key used for encryption & decryption with encryption and decryption. a pair of keys.

                        • Sender & receiver must 2.Sender & receivers have one of share the algorithm and key. the matched pair keys.

                        • Key must be kept secret. 3. Any one of the keys must be kept secret.

4. Specify the application of public key cryptography.

            • Encryption/Decryption.

            • Digital signature.

            • Key exchange.

 5. Determine the gcd(24140,16762) using Euclid’s algorithm.

             Soln:

              We know, gcd(a,b)=gcd(b,a mod b)

                        gcd(24140,16762)=gcd(16762,7378)

                        gcd(7378,2006)=gcd(2006,1360)

                        gcd(1360,646)=gcd(646,68)

                        gcd(68,34)=34

                        gcd(24140,16762) = 34.

6. Perform encryption and decryption using RSA alg. For the following.

            P=7; q=11; e=17; M=8.

             Soln:

            n=pq

            n=7*11=77

            ö(n)=(p-1) (q-1) =6*10 = 60

            e=17

            d =27

            C= Me mod n

            C = 817 mod 77 = 57

            M = Cd mod n = 5727 mod 77 = 8

 7. User A & B exchange the key using Diffie Hellman alg.

            Assume

            á=5 q=11 XA=2 XB=3. Find YA, YB, K.

             Soln:

            YA = áXA mod q =52 mod 11 = 3

            YB = áXB mod q = 53 mod 11 = 4

            KA = YBXA mod q = 42 mod 11 = 5

            KB = YAXB mod q = 33 mod 11 = 5

 8. Define the classes of message authentication function.

             • Message encryption: The entire cipher text would be used for authentication.

            • Message Authentication Code: It is a function of message and secret key produce a fixed length value.

            • Hash function: Some function that map a message of any length to fixed length which serves as authentication.

 9. What you meant by MAC?

MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed length value called as MAC.

10. Specify the techniques for distribution of public key.

            • Public announcement.

            • Publicly available directory.

            • Public key authority.

            • Public key certificate.

11. Specify the requirements for message authentication.

             • Disclosure.

            • Traffic analysis.

            • Masquerade.

            • Content Modification.

            • Sequence Modification.

            • Timing modification.

            • Repudiation.

12. Differentiate internal and external error control.

• Internal error control: In internal error control, an error detecting code also known as frame check sequence or checksum.
• External error control: In external error control, error detecting codes are appended after encryption.

13. Define Kerberos.

            Kerberos is an authentication service developed as part of project Athena at MIT.The problem that Kerberos address is, assume an open distributed environment in which users at work stations wish to access services on servers distributed throughout the network.

 14. Differentiate MAC and Hash function?

 [[[

MAC	Hash
Message Authentication Code (MAC) Cryptographic checksum.	A function that maps a variable-length data block or message into a fixed-length value called a hash code. The function is designed in such a way that, when protected, it provides an authenticator to the data or message. Also referred to as a message digest.
In MAC, the secret key shared by sender and receiver. The MAC is appended to the message at the source at a time which the message is assumed or known to be correct.	The hash value is appended to the message at the source at time when the message is assumed or known to be correct. The hash function itself not considered to be secret.

 15. In the content of Kerberos, what is realm?

            A full service Kerberos environment consisting of a Kerberos server, a no. of clients, no.of application server requires the following:

·         The Kerberos server must have user ID and hashed password of all participating users in its database.

·         The Kerberos server must share a secret key with each server. Such an environment is referred to as “Realm”.

 16. Assume the client C wants to communicate server S using Kerberos procedure.How can it be achieved?

            a) C ® AS: [IDC|| PC || IDV]

            b) AS ® C: Ticket

            c) C ® V: [IDC || ADC || IDV]

    Ticket = EKV [IDC ||ADC || IDV]

17. List any three hash algorithm.

            • MD5 (Message Digest version 5) algorithm.

            • SHA_1 (Secure Hash Algorithm).

            • RIPEMD_160 algorithm.

 18. Specify the four categories of security threats. 

            • Interruption

            • Interception

            • Modification

            • Fabrication

 19. Differentiate symmetric and Asymmetric Encryption.

            Symmetric Encryption Sender and receiver use the same key.

Asymmetric Sender and receiver uses different key.

 20.What are the services provided by PGP services?

 • Digital signature

• Message encryption

• Compression

• E-mail compatibility

• Segmentation

 21. Explain the reasons for using PGP?

 • It is available free worldwide in versions that run on a variety of platforms, including DOS/windows, UNIX, Macintosh and many more.

• It is based on algorithms that have survived extensive public review and are considered extremely secure. E.g.) RSA, DSS and Diffie-Hellman for public key encryption, CAST-128, IDEA, 3DES for conventional encryption, SHA-1for hash coding.

• It has a wide range of applicability from corporations that wish to select and enforce a standardized scheme for encrypting files and communication.

• It was not developed by nor is it controlled by any governmental or standards organization.

22. Why E-mail compatibility function in PGP needed?

            Electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this restriction PGP provides the service converting the row 8- bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is Radix-64 conversion.

  23. Name any cryptographic keys used in PGP?

            • One-time session conventional keys.

• Public keys.

• Private keys.

• Pass phrase based conventional keys.

24. Define key Identifier?

            PGP assigns a key ID to each public key that is very high probability unique with a user ID. It is also required for the PGP digital signature. The key ID associated with each public key consists of its least significant 64bits.

25. List the limitations of SMTP/RFC 822?

            • SMTP cannot transmit executable files or binary objects.

            • It cannot transmit text data containing national language characters.

            • SMTP servers may reject mail message over certain size.

            • SMTP gateways cause problems while transmitting ASCII and EBCDIC.

            • SMTP gateways to X.400 E-mail network cannot handle non textual data included in X.400 messages.

 26. Define S/MIME?

            Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the MIME Internet E-mail format standard, based on technology from RSA Data Security.

27. What are the elements of MIME?

            • Five new message header fields are defined which may be included in an RFC 822 header.

            • A number of content formats are defined.

            • Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system.

28. What are the headers fields define in MME?

             • MIME version.

            • Content type.

            • Content transfer encoding.

            • Content id.

            • Content description.

 29. What is MIME content type &explain?

            It is used to declare general type of data. Subtype define particular format for that type of the data. It has 7 content type & 15 subtypes. They are,

            1. Text type: Plain text and Enriched.

            2. Multipart type:

                        • Multipart/mixed.

                        • Multipart/parallel.

                        • Multipart/alternative.

                        • Multipart/digest.

            3. Message type:

                        • Message/RFC822.

                        • Message/partial.

                        • Message/external.

            4. Image type:JPEG and CIF.

            5. Video type.

            6. Audio type.

            7. Application type:

                        • Post script and

                        • Octet stream.

 30. What are the key algorithms used in S/MIME?

            • Digital signature standards.

            • Diffi Hellman.

            • RSA algorithm.

 31. Give the steps for preparing envelope data MIME?

            • Generate Ks.

            • Encrypt Ks using recipient’s public key.

            • RSA algorithm used for encryption.

            • Prepare the ‘recipient info block’.

            • Encrypt the message using Ks.

32. What you mean by versioned certificate?

            Mostly used issue X.509 certificate with the product name” versioned digital id”. Each digital id contains owner’s public key, owner’s name and serial number of the digital id.

33. What are the function areas of IP security?

            • Authentication

            • Confidentiality

            • Key management.

 34. Give the application of IP security?

            • Provide secure communication across private & public LAN.

            • Secure remote access over the Internet.

            • Secure communication to other organization.

 35. Give the benefits of IP security?

            • Provide security when IP security implement in router or firewall.

            • IP security is below the transport layer is transparent to the application.

            • IP security transparent to end-user.

            • IP security can provide security for individual user.

36. What are the protocols used to provide IP security?

            • Authentication header (AH) protocol.

            • Encapsulating Security Payload(ESP).

37. Specify the IP security services?

            • Access control.

            • Connectionless interpretty.

            • Data origin authentication

            • Rejection of replayed packet.

            • Confidentiality.

            • Limited traffic for Confidentiality.

38. What do you mean by Security Association? Specify the parameters that identifies the Security Association?

            • An association is a one-way relationship between a sender and receiver that affords security services to the traffic carried on.

            • A key concept that appears in both the authentication and confidentiality mechanism for ip is the security association (SA).

            A security Association is uniquely identified by 3 parameters:

                        • Security Parameter Index (SPI).

                        • IP Destination Address.

                        • Security Protocol Identifier.

39. What do you mean by Reply Attack?

            • A replay attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination.

            • Each time a packet is sending the sequence number is incremented .

 40. Explain man in the middle attack?

            If A and B exchange message, means E intercept the message and receive the B’s public key and b’s userId,E sends its own message with its own public key and b’s userID based on the private key and Y.B compute the secret key and A compute k2 based on private key of A and Y

41. Steps involved in SSL required protocol?

            • SSL record protocol takes application data as input and fragments it.

            • Apply lossless Compression algorithm.

            • Compute MAC for compressed data.

            • MAC and compression message is encrypted using conventional algorithm.

 42. What is mean by SET? What are the features of SET?

            Secure Electronic Transaction (SET) is an open encryption and security specification designed to protect credit card transaction on the Internet. Features are:

            1. Confidentiality of information

            2. Integrity of data

            3. Cardholder account authentication

            4. Merchant authentication

 43. What are the steps involved in SET Transaction?

            1. The customer opens an account

            2. The customer receives a certificate

            3. Merchants have their own certificate

            4. The customer places an order.

            5. The merchant is verified.

            6. The order and payment are sent.

            7. The merchant requests payment authorization.

            8. The merchant confirms the order.

            9. The merchant provides the goods or services.

            10. The merchant requests payment.

44. List the 3 classes of intruder?

            Classes of Intruders

                        1) Masquerader

                        2) Misfeasor

                        3) Clandestine user

45. Define virus. Specify the types of viruses?

            A virus is a program that can infect other program by modifying them the modification includes a copy of the virus program, which can then go on to infect other program.

             Types:

                        1) Parasitic virus

                        2) Memory-resident virus

                        3) Boot sector virus

                        4) Stealth virus

                        5) Polymorphic virus

46. What is application level gateway?

            An application level gateway also called a proxy server; act as a relay of application-level traffic. The user contacts the gateway using a TCP\\IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed.

 47. List the design goals of firewalls?

            • All traffic from inside to outside, and vise versa, must pass through the firewall.

            • Only authorized traffic, as defined by the local security policy, will be allowed to pass.

            • The firewall itself is immune to penetration.