Name : Faizan Sahid
Class : BSIT
Semester: 7th
Roll No. : 011
Assignment
Summry
cryptosystem
A cryptosystem is an implementation of cryptographic techniques and their accompanying
infrastructure to provide information security services. A cryptosystem is also referred to as a cipher
system
Services of Cryptosystems





Confidentiality
Integrity
Authentication
Authorization
Nonrepudiation
Confidentiality
When preventing disclosure of information to unauthorized parties is needed, the property of
confidentiality is required. Cryptography is used to encrypt the information to make it unintelligible to
everyone but those who are authorized to view it. To provide confidentiality, the cryptographic
algorithm and mode of operation needs to be designed and implemented in such a way that an
unauthorized party will be unable to determine the keys that have been associated with the encryption
or have the ability to derive the information without using the correct keys
Data Integrity
Data integrity provides assurance that data has not been modified in an unauthorized manner after it
was created, transmitted or stored. This means that there has been no insertion, deletion or
substitution done with the data. Digital signatures or message authentication codes are cryptographic
mechanisms that can be used to detect both accidental modifications that might occur because of
hardware failure or transmission issues and deliberate modifications that might be performed by an
adversary. While non-cryptographic mechanisms can be used to detect accidental modifications, they
are not reliable
Authentication
Cryptography can provide two types of authentication services:
Integrity authentication can be used to verify that non-modification has occurred to the data.
Source authentication can be used to verify the identity of who created the information, such as the
user or system.
Digital signatures or message authentication codes are used most often to provide authentication
services. Key-agreement techniques might also be used to provide this service.
Authorization
Authorization provides permission to perform a security function or activity. This security service is often
supported by a cryptographic service. Authorization is generally granted after the successful execution
of a source authentication service.
Non-Repudiation
In key management, the term non-repudiation refers to the binding of a certificate subject through the
use of digital signature keys and digital certificates to a public key. When non-repudiation is required for
a digital signature key, it means that the signature that has been created by that key has the support of
both the integrity and source authentication services of a digital signature. The digital signature may
also indicate a commitment by way of the certificate subject in the same manner that a document with
a handwritten signature would. However, here are many aspects to be considered in making a legal
decision regarding non-repudiation and this cryptographic mechanism is considered only one element to
be used in that decision.
Components of a Cryptosystem
The various components of a basic cryptosystem are as follows −
Plaintext
It is the data to be protected during transmission.
Encryption Algorithm
. It is a mathematical process that produces a ciphertext for any given plaintext and encryption key. It is
a cryptographic algorithm that takes plaintext and an encryption key as input and produces a ciphertext.
Ciphertext.
It is the scrambled version of the plaintext produced by the encryption algorithm using a specific the
encryption key. The ciphertext is not guarded. It flows on public channel. It can be intercepted or
compromised by anyone who has access to the communication channel.
Decryption Algorithm,
It is a mathematical process, that produces a unique plaintext for any given ciphertext and decryption
key. It is a cryptographic algorithm that takes a ciphertext and a decryption key as input, and outputs a
plaintext. The decryption algorithm essentially reverses the encryption algorithm and is thus closely
related to it.
Encryption Key.
It is a value that is known to the sender. The sender inputs the encryption key into the encryption
algorithm along with the plaintext in order to compute the ciphertext.
Decryption Key. It is a value that is known to the receiver. The decryption key is related to the
encryption key, but is not always identical to it. The receiver inputs the decryption key into the
decryption algorithm along with the ciphertext in order to compute the plaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a key space.
An interceptor (an attacker) is an unauthorized entity who attempts to determine the plaintext. He can
see the ciphertext and may know the decryption algorithm. He, however, must never know the
decryption key.
Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which encryptiondecryption is carried out in the system −


Symmetric Key Encryption
Asymmetric Key Encryption
The main difference between these cryptosystems is the relationship between the encryption and the
decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is practically
impossible to decrypt the ciphertext with the key that is unrelated to the encryption key.
Symmetric Key Encryption
The encryption process where same keys are used for encrypting and decrypting the information is
known as Symmetric Key Encryption.The study of symmetric cryptosystems is referred to as symmetric
cryptography. Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems
Challenge of Symmetric Key Cryptosystem
There are two restrictive challenges of employing symmetric key cryptography.
Key establishment − Before any communication, both the sender and the receiver need to agree on a
secret symmetric key. It requires a secure key establishment mechanism in place.
Trust Issue − Since the sender and the receiver use the same symmetric key, there is an implicit
requirement that the sender and the receiver ‘trust’ each other. For example, it may happen that the
receiver has lost the key to an attacker and the sender is not informed.
Asymmetric Key Encryption
The encryption process where different keys are used for encrypting and decrypting the information is
known as Asymmetric Key Encryption. Though the keys are different, they are mathematically related
and hence, retrieving the plaintext by decrypting ciphertext is feasible.
Asymmetric Key Encryption was invented in the 20th century to come over the necessity of pre-shared
secret key between communicating persons. The salient features of this encryption scheme are as
follows −
Every user in this system needs to have a pair of dissimilar keys, private key and public key. These keys
are mathematically related − when one key is used for encryption, the other can decrypt the ciphertext
back to the original plaintext.
It requires to put the public key in public repository and the private key as a well-guarded secret. Hence,
this scheme of encryption is also called Public Key Encryption.
Though public and private keys of the user are related, it is computationally not feasible to find one
from another. This is a strength of this scheme.
When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository, encrypts
the data, and transmits.
Host2 uses his private key to extract the plaintext.Length of Keys (number of bits) in this encryption is
large and hence, the process of encryption-decryption is slower than symmetric key
encryption.Processing power of computer system required to run asymmetric algorithm is higher.
Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are quite difficult
to comprehend.
TCP/IP hijacking
A form of cyber attack in which an authorized user gains access to a legitimate connection of another
client in the network. Having hijacked the TCP/IP session, the attacker can read and modify transmitted
data packets, as well as send their own requests to the addressee.
TCP/IP hijacking is a type of man-in-the-middle attack. The intruder can determine the IP addresses of
the two session participants, make one of them inaccessible using a DoS attack, and connect to the
other by spoofing the network ID of the former
Example
An attacker monitors the data transmission over a network and discovers the IP’s of two devices that
participate in a connection.
When the hacker discovers the IP of one of the users, he can put down the connection of the other user
by DoS attack and then resume communication by spoofing the IP of the disconnected user
What is IP spoofing?
IP spoofing is the creation of Internet Protocol (IP) packets which have a modified source address in
order to either hide the identity of the sender, to impersonate another computer system, or both. It is a
technique often used by bad actors to invoke DDoS attacks against a target device or the surrounding
infrastructure.
Sending and receiving IP packets is a primary way in which networked computers and other devices
communicate, and constitutes the basis of the modern internet. All IP packets contain a header which
precedes the body of the packet and contains important routing information, including the source
address. In a normal packet, the source IP address is the address of the sender of the packet. If the
packet has been spoofed, the source address will be forged.
Blind hijacking
A type of session hijacking in which the cybercriminal does not see the target host's response to the
transmitted requests. ... Nevertheless, blind hijacking can be used, for instance, to send a command to
change/reset a password
UDP hijacking
A network level hijacking where the attacker send forget server reply to a victim udp request befor the
intended server reply to it .
Directory traversal attacks
A directory traversal attack exploits insufficient security validation or sanitization of user-supplied file
names, such that characters representing "traverse to parent directory" are passed through to the
operating system's file system API
HTTP response splitting attack
HTTP response splitting occurs when:
Data enters a web application through an untrusted source, most frequently an HTTP request.
The data is included in an HTTP response header sent to a web user without being validated for
malicious characters.
HTTP response splitting is a means to an end, not an end in itself. At its root, the attack is
straightforward: an attacker passes malicious data to a vulnerable application, and the application
includes the data in an HTTP response header.
Web cache poisoning attack
Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web
server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit
a response from the back-end server that inadvertently contains some kind of dangerous payload. Once
successful, they need to make sure that their response is cached and subsequently served to the
intended victims
Web server password cracking
Web Application Attacks
Vulnerabilities in web applications running c path for web server compromise. Directory Traversal
Directory traversal is exploitation of HTTP thr restricted directories and execute commands c by
manipulating a URL.
Parameter/Form Tampering
This type of tampering attack is intended to between client and server in order to modify and
permissions, price and quantity of products, etc.
Cookie Tampering
Cookie tampering is the method of poisonin client. The phases where most of the attacks a the client
side to the server. Persistent and non-persi different tools.
Command Injection Attacks
14 Command injection is an attacking method in which a hacker alters the content of the web page by
using html code and by identifying the form fields that lack valid constraints.
Buffer Overflow Attacks
Most web applications are designed to sustain some amount of data. If that amount is exceeded, the
application may crash or may exhibit some other vulnerable behavior. I he attacker uses this advantage
and floods the applications with too much data, which in turn causes a buffer overflow attack.
Web Server Attack Methodology
Hacking a web sewer is accomplished in various stages. At each stage the attacker tries to gather more
information about loopholes and tries to gain unauthorized access to the web server. The stages of web
server attack methodology include:
Information Gathering
Every attacker tries to collect as much information as possible about the target web server. Once the
information is gathered, he or she then analyzes the gathered information in order to find the security
lapses in the current mechanism of the web server.
Web Server Footprinting
The outpost of lootpbnting is :o gather more information about security aspects of a web server with
the help of tools or footprinting techniques. The main purpose is to know about its remote access
capabilities, its ports and services, and the aspects of its security.
Minoring Web like
Website mirroring is a method of copying a website and its content onto another server for offline
browsing vulnerability scanning is a medico of hnding yanous vulnerabilities and misconflgurations of a
web server. Vulnerability scanning is done with the help of various automated tools known as vulnerable
scanners.
Session Hijacking
Session hijacking is possible once the current session of the client is identified. Complete control of the
user session is taken over by the attacker by means of session hijacking.
Hacking Web Server Passwords
Attackers use various password cracking methods like brute force attacks, hybrid attacks, dictionary
attacks, etc. and crack web server passwords.