Q1 What is meant by threat? A potential for violation of security
advertisement
Q1 What is meant by threat?
A potential for violation of security, which exists when there is a circumstances,
capability, action or event that could breach security and cause harm. That is, a
threat is a possible danger that might exploit vulnerability.
Q2 What is meant by attack?
An attack on system security that derives from an intelligent threat: that is an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system
Q3 State some example of security attacks?
Gain unauthorized access to information(ie.violate secrecy or privacy)
Disavow responsibility or liability for information the cheater did
originate.
Enlarge cheater’s legitimate license (for access, origination,
distribution etc).
Pervert the function of software, typically by adding a covert function.
Cause others to violate a protocol by means of introducing incorrect
information.
Q4 What are Active Attacks?
Active attacks involve some modification of the data stream or the creation of a
false Stream and can be subdivided into four categories.
Masquerade
Replay
Modification of message
Denial of service
A masquerade takes place when one entity when one entity pretends to be a
different entity. A masquerade attack usually includes one of the other forms of
active attack. Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect. Modification of messages simply
means that some portion of a legitimate message is altered or that messages are
delayed or reordered, to produce an unauthorized effect. The denial of service
prevents or inhibits the normal use or management of communication facilities.
Q5 What are passive attacks?
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. Two types of passive attacks are release of message contents and
traffic analysis. The release of message contents is easily understood. A telephone
conversation, an electronic mail message, and a transferred file may contain
sensitive or confidential information.
A second type of passive attack, traffic analysis, is subtler. Suppose that we
had a Way of masking the contents of messages or other information traffic
so that opponents, even if they captured the message, could not extract the
information from the message. Passive attacks are very difficult to detect
because they do not involve any alteration of the data.
Q6 What are the essential ingredients of a symmetric cipher?
A symmetric encryption scheme has five ingredients:
Plaintext: This is the original intelligible message or data that is fed
into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
Secret Key: The secret key is also input to the encryption algorithm.
The key is the value independent of the plaintext. The algorithm will
produce a different output depending on the specific key being used
at the time. The exact substitutions and transformations performed by
the algorithm depend on the key.
Cipher text: This is the scrambled message produced as output. It
depends on the plaintext and the key.
Decryption algorithm: This is essentially the encryption algorithm in
reverse. It takes the cipher text and the secret key and produces the
original plaintext.
Q7 What are the two basic functions used in the encryption algorithm?
All the encryption algorithms are based on two general principles:
Substitution: In which each element in the plaintext (bit, letter, group
of bits or letters) is mapped into another element.
Transposition: In which elements in the plaintext are rearranged. The
fundamental requirement is that no information be lost (that is, that
all operations are reversible). Most systems, referred to as product
systems, involve multiple stages of substitutions and transpositions.
Q8 How many keys are required for two people to communicate via a cipher?
If both sender and receiver use the same key, the system is referred as
symmetric, single-key, secret-key or conventional encryption. If both sender and
receiver use a different key, the system is referred as asymmetric, two-key or
public key encryption.
Q9 What is the difference between a block cipher and a stream cipher?
A block cipher processes the input one block at a time, producing an output block
for each input block.
A stream cipher processes the input continuously, producing output one element at
a time, as it goes alone.
Q10 What are the two general approaches to attacking a cipher?
The general two approaches for attacking a cipher
Cryptanalysis: Cryptanalytic attacks rely on the nature of the
algorithm plus perhaps some knowledge of the general characteristics
of the plaintext or even some samples plaintext-cipher text pairs. This
type of attack exploits the characteristics of the algorithm to attempt
to deduce a specific plaintext or to deduce the key being used. If the
attack succeeds in deducing the key, the effect is catastrophic: All
future and past messages encrypted with the key are compromised.
Brute-force attack: The attacker tries every possible key on a piece of
cipher text until an intelligible translation into plaintext is obtained.
On average, half of all possible keys must be tried to achieve success.
Q11 List and briefly define types of cryptanalytic attacks based on what is known
to the attacker?
The various types of cryptanalytic attacks, based on the amount of information
known to the cryptanalyst
Type of
Attack
Known to Cryptanalyst
Cipher text
Encryption algorithm
Cipher text to be decoded
Known
plaintext
Encryption algorithm
Cipher text to be decoded
One or more plaintext-cipher text pairs formed with the
secret key
Chosen
plaintext
Encryption algorithm
Cipher text to be decoded
Plaintext message chosen by cryptanalyst, together with its
corresponding cipher text generated with the secret key.
Chosen
cipher text
Encryption algorithm
Cipher text to be decoded
Purported cipher text chosen by cryptanalyst, together with
its corresponding decrypted plaintext generated with the
secret key
Encryption algorithm
Cipher text to be decoded
Plaintext message chosen by cryptanalyst, together with its
Chosen text corresponding cipher text generated with the secret key.
Purported cipher text chosen by cryptanalyst, together with
its corresponding decrypted plaintext generated with the
secret key
Q12 What is the difference between an unconditionally secure cipher and a
computationally secure cipher?
An encryption scheme is unconditionally secure if the cipher text
generated by the scheme does not contain enough information to
determine uniquely the corresponding plaintext, no matter how much
cipher text is available.
An encryption scheme is said to be computationally secure if:
The cost of breaking the cipher exceeds the value of the encrypted
information.
The time required to break the cipher exceeds the useful lifetime of
the information.
Q13 What is Encipherment?
The use of mathematical algorithms to transform data into a form that is not
readily intelligible. The transformation and subsequent recovery of the data depend
on an algorithm and zero or more encryption keys.
Q14 Define Threats.
Information access threats intercept or modify data on behalf of users
who should not have access to that data.
Service threats exploit service flaws in computers to inhibit use by
legitimate users.
Q15 What are the four basic tasks in designing a particular security service?
Design an algorithm for performing the security-related
transformation. The algorithm should be such that an opponent
cannot defeat its purpose.
Generate the secret information to be used with the algorithm.
Develop methods for the distribution and sharing of the secret
information
Specify a protocol to be used by the two principals that makes use of
the security algorithm and the secret information to achieve a
particular security.
Q15 What is the use of digital signature?
Data appended to, or a data unit that allows a recipient of the data unit to prove
the source and integrity if the data unit and protect against forgery.
Q16 Define security recovery.
Security recovery deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions.
Q17 What are the aspects of information security?
There are three aspects of the information security.
Security attack
Security mechanism
Security Service
Q18 List some common information integrity functions?
Identification
Authorization
Concurrence
Liability
Endorsement
Validation
Time of occurrence
Registration
Q19 Briefly define the Caesar cipher?
The Caesar cipher involves replacing each letter of the alphabet with the
letter standing three places down the alphabet .The alphabet is wrapped
around, so that the letter following Z is A.
C = E (p) = (p + 3) mod (26)
The general Caesar cipher algorithm is
C = E (p) = (p + k) mod (26)
where k takes the value in the range 1 to 25
The decryption algorithm is
p = D(C) = (C - k) mod (26)
Q20 Briefly define the monoalphabetic cipher?
A dramatic increase in the key space is achieved by allowing an arbitrary
substitution. There are 26! Possible keys. It is referred to as monoalphabetic
substitution cipher, because a single cipher alphabet is used per message.
Q21 What is the difference between a monoalphabetic cipher and a polyalphabetic
cipher?
In monoalphabetic cipher single cipher alphabet is used per message. But in
polyalphabetic cipher there are multiple ciphertext letters for each plaintext
letter, one for each unique letter of keyword.
Q22 What are two problems with the one-time pad?
The one- time pad has the following two fundamental difficulties:
There is the practical problem of making large quantities of random
keys. Supplying truly random characters in this volume is a significant
task.
For every message to be sent, a key of equal length is needed by both
sender and receiver. Thus a mammoth key distribution problem
exists.
Unit II
Q24 Why is it important to study the Feistel Cipher?
Feistel cipher using the concept of a product cipher, which is the performing
of two or more basic ciphers in sequence in such a way that the final result
or product is cryptographically stronger then any of the component ciphers.
Feistel proposed the use of a cipher that alternates substitutions and
permutations. So Feistel cipher is considered to be an important one.
Q25 What is the difference between a block cipher and a stream cipher?
A block cipher process the input one block of elements at a time producing
an output block for each input block.
A stream cipher process the input elements continuously, producing output
one element at a time, as it goes along.
Q26 Why is it not practical to use an arbitrary reversible substitution cipher of the
kind shown in Table?
Encryption and decryptions tables for substitution cipher (any
example)
In general, for an n-bit general substitution block cipher, the size of
the key is n*2n . For a 64-bit block, which is a desirable length to
thwart statistical attacks, the key size is 64*264 = 270 ~ 1021 bits. So
it is not practical to use an arbitrarily reversible substitution cipher.
Q27 What is product cipher?
Product cipher has the performance of two or more basic ciphers in sequence is
such a way that the final result or product is cryptographically stronger than any of
the component ciphers.
Q28 What is the difference between Diffusion and Confusion?
In Diffusion the statistical structure of the plaintext is dissipated into long range
statistics of the cipher text. This is achieved by having each plaintext digit affect
the value of many cipher text digits. Which is equivalent to saying that each cipher
text digit is affected by many plaintext digits.
Confusion seeks to make a relationship between the statistics of the cipher text
and the value of the encryption key as complex as possible. Thus even if the
attacker can get some handle on the statistics of the cipher text, the way in which
the key was used to produce that cipher text is so complex as to make it difficult to
deduce the key.
Q29 Which parameters and design choices determine the actual algorithm of a
Feistel cipher?
Block size: Larger block sizes mean greater security but reduced
encryption/decryption speed. A block size of 64 bits is a reasonable
tradeoff and has been nearly universal in block cipher design.
However, the new AES uses a 128-bit block size.
Key size: Larger key size means greater security but may decrease
encryption/decryption speed. Key sizes of 64 bits or less are now
widely considered to be inadequate, and 128 bits has become a
common size.
Number of rounds: The essence of the Feistel cipher is that a single
round offers inadequate security but that multiple rounds offer
increasing security.A typical size is 16 rounds.
Subkey generation algorithm: Greater complexity in this algorithm
should lead to greater difficulty of cryptanalysis.
Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
Q30 What is the purpose of the S-boxes in DES?
The role of the S-boxes in the function F is that the substitution consists of a
set of eight S-boxes ,each of which accepts 6 bits as input and produces 4
bits as follows: The first and last bits of the input to box Si form a 2-bit
binary number to select one of four substitutions defined by the four rows in
the table for Si. The middle four bits select one of the sixteen columns. The
decimal value in the cell selected by the row and column is then converted
to its 4-bit representation to produce the output. For example, in S1,for
input 011001,the row is 01 and the column is 1100.The value in row
1,column 12 is 9,so the output is 1001.
Q31 Explain the avalanche effect?
A desirable property of any encryption algorithm is that a small change in
either the plaintext or the key should produce a significant change in the
ciphertext.In particular, a change I one of the plaintext or one bit of the key
should produce a change in many bits of the ciphertext.
Q32 What is the difference between differential and linear cyptanalysis?
Linear cryptanalysis based on finding linear approximations to describe the
transformations performed in DES
Q33 What are the two different uses of public-key cryptography related to key
distribution?
There are two aspects to the use of public-key cryptography In this regard:
The distribution of public keys
The use of public-key encryption to distribution secret keys
Q34 List four general categories of schemes for the distribution of public keys.
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
Q35 What are the essential ingredients of a public-key directory?
The authority maintains a directory with an entry for each participant.
Each participant registers a public key with the directory authority.
A participant may replace the existing key with a new one at any
time.
Periodically, the authority publishes the entire directory or updates to
the directory.
Participants could also access the directory electronically.
Q36 What is public-key certificate?
The public-key authority could be a bottleneck in the system, for a user
must appeal to the authority for a public key for every other user that it
wishes to contact. As before the directory of names and public keys
maintained by the authority is vulnerable to tempering.
Q37 What are the requirements for the use of a public-key certificate scheme?
Any participant can read a certificate to determine the name and public key
of the certificate’s owner.
Any participant can verify that the certificate originated from the certificate
authority and is not counterfeit.
Only the certificate authority can create and update certificates.
Any participant can verify the currency of the certificate
Q38 Briefly explain Diffie-Hellman key exchange.
The purpose for this algorithm is to enable two users to exchange a key
securely that can then be used for subsequent encryption of messages. It
depends for its effectiveness on the difficulty of computing discrete
logarithms.
Q39 What types of attacks are addressed by message authentication?
Content modification - Changes to the contents of the message
Sequence
modification - Any modification to a sequence of messages between
parties, including insertion, deletion, and reordering. Timing
modification - Delay or replay of messages.
Q40 What two levels of functionality comprise a message authentication or digital
signature mechanism?
Low-level authentication
Higher-level authentication
At the lower level there must be some sort of function that produces
an authenticator: a value to be used to authenticate a message. This
lower level function is then used as primitive in a higher-level
authentication protocol that enables a receiver to verify the
authenticity of message.
Q41 What are some approaches to producing message authentication?
Message encryption
The cipher text of the entire image serves as its
authenticator.
Message
authentication code
(MAC)
A public function of the message and a secret key
that produces a fixed length value that serves as an
authenticator.
Hash function
A public function that maps a message of any length
into a fixed– length hash value, which serves as the
authenticator.
Q 42 When combination of symmetric encryption and an error control code is used
for message authentication, in what order must the two functions be performed?
The message is encrypted first, and then the MAC is calculated using the
resulting cipher text to form the transmitted block.
Q43 What is a message authentication code?
An alternative authentication technique involves the use of a small fixed size
block of data, known as a cryptographic checksum or MAC that is appended
to the message.
Q44 What is the difference between a message authentication code and a one-way
hash function?
The difference between an MAC and a one-way hash function is that unlike
an MAC, a hash code does not use a key but is a function only of the input
message.
Q45 In what ways can a hash value be secured so as to provide message
authentication?
The ways in which a hash code can be used to provide message authentication are:
The message plus concatenated hash code is encrypted using
symmetric encryption. The hash code provides the structure required
for authentication.
Only the hash code is encrypted using symmetric encryption. This
reduces the processing burden.
Only the hash code is encrypted using public key encryption and the
sender’s private key. This provides digital signature.
The message plus the public key-encrypted hash code may be
encrypted using a symmetric secret key.
A hash function may be used without encryption for message
authentication. It assumes that two communicating parties (A and B)
share a common key (s). ’A’ computes the hash value over the
concatenation of M and S.B knows S and therefore can re-compute M.
The entire message plus the hash code may be encrypted.
Q46 Is it necessary to recover the secret key in order to attack a MAC algorithm?
A number of keys will produce the correct MAC and the opponent has no
way of knowing which the correct key is. On an average 2(n-k) keys produce
a match. Therefore attacks do not require the discovery of the key.
Q47 What characteristics are needed in a secure hash function?
Requirements of a hash function(H):
H can be applied to a block of data of any size.
H produces a fixed length output.
H(x) is easy to compute for any given x
For any given value h it is computationally infeasible to find y/x with
H(y) =H(x).
It is computationally infeasible to find any pair (a, b) such that H(x)
=H(y).
Q48 What is the difference between a strong and a weak collision resistance?
For any given value h it is computationally infeasible to find y/x with H(y)
=H(x).This is “weak collision resistance”. It is a one-way property. It is easy
to generate a code given a message, but almost impossible to do the
reverse.
It is computationally infeasible to find any pair (a, b) such that
H(x) =H(y).This is “strong collision resistance”. This guarantees
that an alternative message hashing to the same value as a
given message cannot be found. This prevents forgery.
Q49 What is the function of a compression function in a hash function?
The hash function involves repeated use of a compression function. The
motivation is that if the compression function is collision resistant, then the
hash function is also collision resistant function. So a secure hash function
can be produced.
Q50 Explain Message Authentication Code
This technique assumes that two communicating parties A and B share a common
key K.When A sends a message to B it calculates the MAC as a function of the
message and the key: MAC=CK{M), Where,
M=input message
C=MAC function
K=shared secret key
MAC=message authentication code
The message plus the MAC are transmitted to the recipient. The recipient performs
the same calculation on the received message to generate a new MAC. The
received MAC is compared to the calculated MAC. If only the sender and receiver
know the secret key, if the received MAC matches the calculated MAC , then
The receiver is assured that the message has not been altered.
The receiver is assured that the message is from the alleged sender.
If the message includes a sequence number then the receiver is
assured of the proper sequence. The MAC function need not be
reversible. Usually, it is a many-to-one function. If there are N
possible messages then an n bit MAC is used where N>>2n and there
are 2k possible keys where the key has k bits.
For example, if we are using 100 bit messages then there are 2100 different
messages and if a 10 bit MAC is used there are 210 different MACs. On an average
each MAC value is generated by a total of (2100/210) =290 different messages. If
a 5bit key is used there are 25=32 different mappings from a set of messages to a
set of MAC values. Usually two separate keys are used each of which is shared by
the sender and receiver. The message is calculated with the message as input and
is then concatenated to the message. The entire block is then encrypted. (For
diagrams refer: Prescribed Text Book)
MAC is used when:
There are a number of applications in which the same message is
broadcast to many destinations.
When there exchanges where there is heavy load on one side and
there is no time to decrypt.
For authentication of a computer in plain text.
When it is not needed to keep messages secret but it is important to
provide authentication.
Because separation of authentication and confidentiality provides
architectural flexibility.
When users wish to prolong the period of protection beyond the time
of reception and yet allow processing of message contents. MAC does
not provide digital signature because both sender and receiver share
the same key.
Q51 Explain Hash Function
A variation on the message authentication code is the one-way hash function. As
with the message authentication code, a hash function accepts a variable size
message M as input and produces a fixed-size output, referred to as hash code H
(M).
A variety of ways in which hash code can be used to provide message
authentication, as follows:
The message plus concatenated hash code is encrypted using symmetric
encryption.
Only the hash code is encrypted using symmetric encryption.
Only the hash code is encrypted using the public-key encryption and using
the sender’s private key.
If confidentiality as well as a digital signature is desired, then the message
plus the public key encrypted hash code can be encrypted using a symmetric
secret key.
This technique uses a hash function but no encryption for message
authentication.
Confidentiality can be added to the approach of (e) by
encrypting the entire message plus the hash code.
Unit III
Q52 What problem was Kerberos designed to address?
The problem that Kerberos addresses is this:
Assume an open distributed environment in which users at
workstations wish to access services on servers distributed
throughout the network.
We would like for servers to be able to restrict access to authorized
users and to be able to authenticate requests for service.
In this environment a workstation cannot be trusted to identify its
users correctly to network services.
Q53 What are the three threats associated with user authentication over a network
or Internet?
The three threats are:
A user may gain access to a particular workstation and pretend to
another user operating from that workstation.
A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the
impersonated workstation.
A user may eavesdrop on exchanges and use a replay attack to gain
entrance to a server or to disrupt operations.
Q54 List three approaches to secure user authentication in a distributed
environment?
Three approaches to secure user authentication in a distributed environment are:
Rely on each individual client workstation to assure the identity of its
user or users and rely on each server to enforce a security policy
based on user identification (ID).
Require that client systems authenticate themselves to servers, but
trust the client system concerning the identity of its user.
Require the user to prove identity for each service invoked. Also
require that servers prove their identity to clients.
Q55 What four requirements were defined for Kerberos?
The four requirements defined for Kerberos are:
A network eavesdropper should not be able to obtain the
necessary information to impersonate a user. More generally
Secure
Kerberos should be strong enough that a potential opponent
does not find it to be the weak link.
Reliable
For all services that relay on Kerberos for access control, lack
of availability of the supported services. Hence, Kerberos
should be highly reliable and should employ distributed server
architecture, with one system able to back up another.
Transparent
Ideally, the user should not be aware that authentication is
taking place, beyond the requirement to enter a password.
Scalable
The system should be capable of supporting large numbers of
clients and servers. This suggests a modular, distributed
architecture
Q56 What entities constitute a full-service Kerberos environment?
A full service environment consists of a Kerberos server, a number of clients
and a number of application servers.
Q57 In the context of Kerberos, what is a realm?
The Kerberos server must have the user ID (UID) and hashed
password of all participating users in its database. All users are
registered with the Kerberos server.
The Kerberos server must share a secret with each server. Such an
environment is referred to as realm
Q58 What are the principle differences between version 4 and version 5 of
Kerberos?
The principle differences between version 4 and version 5 of Kerberos are:
Encryption system dependence
Internet Protocol Dependence
Message byte ordering
Ticket Life Time
Authentication Forwarding
Interrealm Authentication
U
nit IV
Q59 What are the five principle services provided by the PGP?
Function
Algorithm used
Description
The hash code of a message is
created using SHA1.This message
Digital
Signature
DSS\SHA or
RSA\SHA
Message
Encryption
CAST or IDEA or
Three-key Triple DES
with Diffie-Hellman
or RSA A message is
encrypted using
CAST-128 or IDEA or 3DES with a
one-time session key generated by
the sender. The session key is
encrypted using Diffie-Hellman or
RSA with the recipient’s public key
and included with the message
Compression
ZIP
A message may be compressed, for
storage or transmission using ZIP
Email
compatibility
Radix 64 conversion
To provide transparency for email
applications, an encrypted message
digest is encrypted using DSS or RSA
with the sender’s private key and
included with the message
may be converted to an ASCII string
using radix 64 conversion
Segmentation ------
To accommodate maximum message
size limitations, PGP performs
segmentation and reassembly
Q60 What is the utility of a detached signature?
A detached signature may be stored and transmitted separately from the
message it signs. This is useful in several contexts. A user may wish to
maintain a separate signature log of all messages sent or received. A
detached signature of an executable program can detect subsequent virus
infection. Finally detached signature can be used when more than one party
must sign a document, such as legal contract.
Q61 Why does PGP generate a signature before applying compression?
The signature is generated before compression due to 2 reasons:
It is preferable to sign an uncompressed message so that one can
store only the uncompressed message together with the signature for
future verification
Even if one were willing to generate dynamically a recompressed
message for verification, PGP’s compression algorithm presents a
difficulty
Q62 What is Radix 64 conversion?
Radix 64 converts the input stream into radix 64 format. It expands a message by
33%
Q63 Why is R 64 conversion useful for email generation?
The Radix 64 conversion is performed before the
segmentation of the messages take place
The use of radix 64 is that it converts he input stream to 33%. The
radix 64 converts the input stream to a radix 64 format
Q64 What is MIME?
Multipurpose Internet Mail Extensions (MIME) is an extension to the
RFC 822 framework that is intended to address some of the problems
and limitations of these use of SMTP.
Some of limitations:
It cannot transmit executable files or folders.
SMTP servers may reject, mail message over a certain size.
Q65 What is S/MIME?
Secure/Multipurpose Internet Mail Extension is a security enhancement to
the MIME Internet e-mail format standard, based on technology from RSA
Data Security. It is ability to sign and/or encrypt messages.
Q66 What is RFC 822?
RFC 822 defines a format for text messages that are sent using electronic
mail. It has been the standard for Internet-based text message and remains
in common use. In the RFC822 context, messages are viewed as having an
envelope and contents. The envelope contains whatever information needed
to accomplish transmission and delivery. The contents compose the object
to be delivered to the recipient.
Q67 How does PGP use the concept of trust?
PGP provide a convenient means of using trust, associating trust with public
keys, and exploiting trust information. Each entry in the public-key ring is a
public key certificate.
Associated with each such entry is a key legitimacy field that indicates the
extent to which PGP will trust that this is a valid public key for this user; the
higher the level of trust, the stronger is the binding of this user ID to this
key.
Q68 Write short notes on S/MIME?
Secure/Multipurpose Internet Mail Extension is a security enhancement to
the MIME Internet e-mail format standard, based on technology from RSA
Data Security. It is ability to sign and/or encrypt messages.
RFC 822 defines a format for text messages that are sent using electronic
mail. It has been the standard for Internet-based text message and remains
in common use. In the RFC822 context, messages are viewed as having an
envelope and contents. The envelope contains whatever information needed
to accomplish transmission and delivery. The contents compose the object
to be delivered to the recipient.
Multipurpose Internet Mail Extensions (MIME) is an extension to the RFC 822
framework that is intended to address some of the problems and limitations
of the use of SMTP.
The MIME specification includes the following elements:
1. Five message header fields are defined which may be included in and
RFC 822 header.
2. A numbers of content formats are defined, thus standardizing
representations that support multimedia electronic mail.
3. Transfer encodings are defined that enable the
conversion of any content format into a form that is
protected from alteration by the mail system.
Q69 What are the limitations of SMTP?
Some of limitations of SMTP are: 1. It cannot transmit executable files or folders.
2. SMTP servers may reject, mail message over a certain size.
3. Some SMTP implementations do not adhere completely to the
SMTP standards defined in RFC 821.
Common problems include
Deletion, addition, or reordering of carriage return and linefeed
Truncating or wrapping lines longer than 76 characters
Removal of trailing white space
Padding of lines in a message to the same length
Conversion of tab characters into multiple space characters
Q69 Explain S/MIME Functionality
It offers ability to sign and/or encrypt messages.
Functions
Enveloped Data: This consists of encrypted content of any type and
encrypted content encryption keys for one or more recipients.
Signed Data: A digital signature is formed by taking the message
digest of the content to be signed and then encrypting that with the
private key of signer. The content plus signature are the encoded
using base64 encoding.
Clear-signed data: As with assigned data, a digital signature of the
content is formed. In this case only the digital signature is encoded
using base64.
Signed and enveloped data: Signed-only and encrypted-only entities
may be nested, so that encrypted data may be signed and signed
data or clear-signed data may be signed and signed data or clearsigned data may be encrypted.
Cryptographic algorithms
Function
Requirement
Create a message digest
to be used in Forming a
digital signature
MUST support SHA-1. Receiver SHOULD
support md5 for backward compatibility
Sending and receiving agents MUST support
Encrypt session key for
Diffie-Hellman. Sending agents Should support
transmission with message RSA encryption with key sizes 51 bits to 1024
bits.
MUST: The definition is an absolute requirement of the specification.
An implementation must include this feature or function to be in
conformance with the specification.
SHOULD: There may exist valid reasons in particular circumstances to
ignore this feature or function, but it is recommended that an
implementation include this feature of function.
S/MIME incorporates three public-key algorithms. The Digital
Signature Standard (DSS) is the preferred algorithm for digital
signature. S/MIME uses a variant of Diffie-Hellman that does provide
encryption/decryption.
The S/MIME specification includes a discussion of the procedure for
deciding which content encryption algorithm to use.
A sending agent should follow the following rules, in the following
order:
1. The sending agent SHOULD choose the first capability on the
list that it is capable of using.
2. If the sending agent has no such list of capabilities from an
intended recipient but has received one or more messages from
the recipient, then the outgoing message SHOULD use the
same encryption algorithm as was used on the last signed and
encrypted message received from that intended recipient.
3. If the sending agent has no acknowledge about the decryption
capabilities of the intended recipient and is willing to risk that
the recipient may not be able to decrypt the message, then the
sending agent SHOULD use tripleDES.
4. If the sending agent has no knowledge about the decryption
capabilities of the intended recipient and is not willing to risk
that the recipient may not be able to decrypt the message,
then the sending agent MUST use RC2/40.
Q70 How to Secure a MIME Entity
S/MIME secures a MIME entity with a signature, encryption, or both. A MIME entity
may be an entire message, or if the MIME content type is multipart, then a MIME
entity is one or more of the subparts of the message. Then the MIME entity plus
some security related date, such as algorithm identifies and certificated, are
processed by S/MIME to produce what is known as a PKCS object. A PKCS object is
then treated as message content and wrapped in MIME.
S/MIME Certificate Processing
S/MIME uses public-key certificates. The key-management scheme used by
S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and
PGP’s web of trust. As with the PGP model, S/MIME managers and/or users must
configure each client with a list of trusted keys and with certificate revocation lists.
That is the responsibility is local for maintaining the certificated needed to verify
incoming signatures ad to encrypt outgoing messages. On the other hand, the
certificates are signed by certification authorities.
An S/MIME user has several key management functions to perform:
1. Key generation: Each key pair MUST be generated from a good
source of nondeterministic random input and be protected in a
secure fashion.
2. Registration: A user’s public key must be registered with a
certification authority in order to receive an X.509 public key
certificate.
3. Certificate storage and retrieval: A user requires access to local
list of certificated in order to verify incoming signatures and to
encrypt outgoing messages.
Q71 Explain briefly PRETTY GOOD PRIVACY
PGP provides a confidentiality and authentication service that can be used for
electronic mail and file storage applications. Phil Zimmermann has done the
following:
1. Selected the best available cryptographic as building blocks
2. Integrated these algorithms into a general purpose application that is
independent of operating system and processor and that is based on a
small set of easy to use commands
3. Made the package and its documentation including the source code,
freely available via internet ,bulletin boards ,and commercial networks
such as AOL
4. Entered into an agreement with a company to provide a fully
compatible, low cost commercial version of PGP.
PGP has grown explosively and now widely used. A number of reasons
can be cited for this growth,
1. It is available free worldwide in versions that run on a variety of
platforms,including windows ,UNIX,Macintosh,and many more.
2. It is based on algorithms that have survived extensive public
review and are considered extremely secure.
3. It has a wide range of applicability from corporations that wish
to select and enforce a standardized scheme for encrypting files
and messages to individuals who wish to communicate securely
with others worldwide over the internet and other networks .
4. It was not developed by ,nor is it controlled by, any
governmental or standard organization
5. PGP is now on an internet standards track.
Notation
Ks =Session key used in symmetric encryption scheme
KRa=Private key of user A used in public key encryption
scheme.
KUa= Public key of user A, used in public key encryption
scheme
EP = Public key encryption
DP = Public key decryption
EC = Symmetric encryption
DC = Symmetric decryption
H = Hash function
|| = Concatenation
Z = compression using ZIP algorithm
R64 = Conversion to radix 64 ASCII format
Q72 Explain PGP services
Operational Description PGP provides five services
1.
2.
3.
4.
5.
Authentication – DSS/SHA or RSA/SHA
Confidentiality – CAST or IDEA or 3DES Diffe or RSA
Compression –ZIP
Email Compatibility – Radix 64 conversion
Segmentation
Authentication
1. The sender creates a message
2. SHA-1 is used to generate a 160 bit hash code of the
message
3. The hash code is encrypted with RSA using the sender’s
private key,and the result is prepended to the message
4. The receiver uses RSA with the sender’s public key to
decrypt and recover the hash code
5. The receiver generates a new hash code for the message
and compares it with the decrypted hash code
Confidentiality
6. The sender generates a message and random 128 bit
number to be used as a session key for this message
only
7. The message is encrypted ,using CAST -128 with the
session key
8. The session key is encrypted with RSA with its private
key to decrypt and recover the session key
9. The session key is used to decrypt the message
10.The receiver uses RSA with its private key to decrypt and
recover the session key
Compression
11.The signature is generated before compression for 2
reasons
It is preferable to sign an uncompreesed message
so that one can store only the compressed
message together with the signature for future
verification
Even if one were willing to generate dynamically a
recompressed message for verification
12.The message encryption is applied after compression to
strengthen cryptographic security
Email Compatibility
When PGP is used; at least part of the block to be transmitted
is encrypted. If only the signature service is used then the
message digest is encrypted. If the confidentiality service is
used, the message plus signature are encrypted .Thus part or
the entire resulting block consists of a stream of arbitrary 8 bit
octets.
Segmentation and reassembly
Email facilities often are restricted to a maximum message
length. To accommodate this restriction PGP automatically
subdivides the message that is too large into segments that are
small enough to send via email
What are Cryptographic Keys and Key rings? Explain
1. A means of generating unpredictable session keys is needed
2. We would like to allow a user to have multiple publickey/private-key pairs the user may wish to change his or her
key pair from time to time. Also the recipient will know only the
old private key until an update reaches them
3. Each PGP entity must maintain a file of its own public/private
key pairs as well as a file of public keys of correspondence
Key Rings
Private Key Rings
Timestamp: The date/time when this key pair was generated
Key ID: The least significant 64 bits of the public key for the
entry
Public key: The public key portion of the pair
Private key: The private key portion of the pair
User ID: is the user’s email address
Public key Rings
Timestamp: The date/time when the entry was generated
Key ID: The least significant 64 bits of the public key for this
entry
Public key: the public keys for this entry
UserID: Identifies the owner of this key
Unit V
Give examples of applications of IPSec?
Secure branch office connectivity over the Internet.
Secure remote access over the Internet.
Establishing extranet and intranet connectivity with partners.
Enhancing electronic commerce security.
What services are provided by IPSec?
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
What parameters identify an SA and What parameter Characterize the nature of a
particular SA?
A security association(SA) is uniquely identified by three parameters,
Security Parameter Index(SPI)
IP Destination Address
Security Protocol Identifier
The parameters that characterize the particular SA is
Sequence number counter
Sequence counter overflow
Anti-Replay window
AH Information
ESP Information
Lifetime of this SA
IPSec Protocol Mode
Path MTU
What is the difference between Transport mode and Tunnel mode?
Transport Mode
1. It provides protection for
upper layer protocols.
2. Used for end-to-end
communication between two
host
3. AH:Authenticates IP payload
and selected portions of IP
header and IPv6 extension
header
Tunnel Mode
4. It provides protection to the
entire IP packet.
5. It is used when one or both
ends of an SA is a security
gateway, such as firewall or
router that implement IPSec.
6. Authenticates enter inner IP
packet plus selected portions
of outer IP header and outer
IPv6 extension headers.
What is replay attack?
A replay attack is one which an attacker obtains a copy of an authenticated
packet and later transmits it to the intended destination.
Why does ESP include a padding field?
Padding field is added to the ESP to provide partial traffic flow confidentiality
by concealing the actual length of the payload.
What are the basic approaches to bundling SAs?
1. Transport adjacency
Refers to applying more than one security protocol to the same
packet, without invoking tunneling.
2. Iterated tunneling
Refers to the application of multiple layers of
security protocol affected through IP tunneling.
Write about the AH associated with IPSec
The authentication header provides support for data integrity and
authentication of IP packets. The data integrity feature ensures that
undetected modification to a packet’s content in transit is not possible. The
authentication feature enables an end system or network to authenticate the
user or application and filter traffic accordingly.
Authentication is based on the use of a message authentication code (MAC)
The authentication header consists of the following fields.
1. Next header (8 bits): Identifies the type of header immediately
following this header.
2. Payload length (8 bits): Length of authentication header in 32-bit
words, minus 2.
3. Reserved (16 bits): For future use.
4. Security parameters index (32 bits): Identifies a security association.
5. Sequence number (32 bits): A monotonically increasing counter
value.
6. Authentication data (variable): A variable-length field that contains
the Integrity Check Value.
Anti-replay service
A replay attack is one in which an attacker obtains a copy of an
authenticated packet and later transmits it to the intended destination. The
sequence number field is designed to thwart such attacks.
Integrity check value
The authentication data field holds a value referred to as the integrity check
value. The ICV is a message authentication code or a truncated version of a
code produced by a MAC algorithm.
Transport and tunnel modes
These are the two ways in which the IPSec authentication service can be
used. In one case authentication is provided directly between a server and
client work stations; the work station can be either on the same network as
the server or on an external network. As long as the work station and the
server share a protected secret key, the authentication process is secure.
This case uses a transport mode SA. In the other case a remote work station
authenticates itself to the corporate firewall, either for access to the entire
internal network or because the requested server does not support the
authentication feature. This case uses a tunnel mode SA.
For transport mode AH using IPv4, the AH is inserted after the original IP
header and before the IP payload.
In the context of IPv6, the AH is viewed as an end-to-end payload; that is it
is not examined or processed by intermediate routers. Therefore the AH
appears after the IPv6 base header and the hop-by-hop, routing and
fragment extension headers.
For tunnel mode AH the original IP packet is authenticated, and the AH is inserted
between the original IP header and a new outer IP header
Write about the ESP associated with IPSec
ENCAPSULATING SECURITY PAYLOAD
The encapsulating security payload provides confidentiality services,
including confidentiality of message contents and limited traffic flow
confidentiality. As an optional feature, ESP can also provide the same
authentication services as AH.
ESP Format
ESP packet contains the following fields
1. Security parameters index (32 bits): Identifies a security association.
2. Sequence number (32 bits): A monotonically increasing counter
value; this provides an anti-replay function, as discussed for AH.
3. Payload data (variable): This is a transport level segment (transport
mode) or IP packet (tunnel mode) that is protected by encryption.
4. Padding(0-255 bytes):The padding field serves several purposes:
If an encryption algorithm requires the plain text to be a
multiple of some number of bytes the padding field is used to
expand the plain text to the required length.
The ESP format requires that the cipher text must be an integer
multiple of 32 bits. The padding field is used to assure this
alignment.
Additional padding may be added to provide partial traffic flow
confidentiality by concealing the actual length of the payload.
5. Pad length (8 bits): Indicates the number of pad bytes immediately
preceding this field.
6. Next header (8 bits): Identifies the type of data contained in the
payload data field.
7. Authentication data (variable): A variable length field that contains
the Integrity Check Value computed over the ESP packet minus the
authentication data field.
Transport and tunnel modes
Figure shows the two ways in which IPSec ESP services can be used. Hosts
on the internal networks use the internet for the transport of data but do not
interact with the other internet based hosts. By terminating the tunnels at
the security gateway to each internal network the configuration allows the
hosts to avoid implementing the security capability. The former technique is
supported by a transport mode SA, while the latter technique uses a tunnel
mode SA.
Transport mode ESP
Transport mode ESP is used to encrypt and optionally authenticate the data
carried by IP. For this mode using IPv4, the ESP header is inserted into the
IP packet immediately prior to the transport layer header and an ESP trailer
is placed after the IP packet.
In the context of IPv6, ESP is viewed as an end-to-end payload; that is it is
not examined or processed by intermediate routers. Therefore the ESP
header appears after the IPv6 base header and the hop-by-hop, routing and
fragment extension headers. The destination option extension could appear
before or after the ESP header, depending on the semantics required. For
IPv6 encryption covers the entire transport level segment plus the ESP
trailer plus the destination options extension header if it occurs after the ESP
header.
Tunnel mode ESP
Tunnel mode ESP is used to encrypt the entire IP packet. For this mode the ESP
header is prefixed to the packet and then the packet plus the ESP trailer is
encrypted. This method can be used to counter the traffic analysis.
Write about how security associations can be combined.
An individual SA can implement either the AH or ESP protocol but not
both. Sometimes a particular traffic flow will call for the services provided by both
AH and ESP. Multiple SA must be employed for the same traffic flow to achieve the
desired IP services.
The term security association bundle refers to a sequence of SAs
through which traffic must be processed to provide a desired set of
IPSec services. The SAs in a bundle may terminate at different
endpoints or at the same endpoints.
Security associations may be combined into bundle in two types.
Transport adjacency: Refers to applying more than one security
protocol to the same IP packet without invoking tunneling.
Iterated tunneling: Refers to the application of multiple layers of
security protocols affected through IP tunneling.
The two approaches can be combined for example by having a
transport SA between hosts travel part of the way through a tunnel
SA between security gateways
Authentication plus confidentiality
Encryption and authentication can be combined in order to transmit
an IP packet that has both confidentiality and authentication between
hosts.
Esp. with authentication option
In this approach the user first applies ESP to the data to be protected
and the appends the authentication data field. There are two sub
cases.
Transport mode ESP:
Authentication and encryption apply to the IP payload delivered to the
host but the IP header is not protected.
Tunnel mode ESP:
Authentication applies to the entire IP packet delivered to the outer IP
destination address and authentication is performed at that
destination.
For both the cases authentication applies to cipher text rather than
the plain text.
Transport adjacency
Another way to apply authentication after the encryption is to use two
bundle transport SAs with the inner being an ESP SA and the outer
being an AH SA. In this case ESP is used without its authentication
option. Because the inner SA is a transport SA, encryption is applied
to the IP payload. The resulting packet consists of an IP header
followed by an ESP. AH is then applied in the transport mode so that
authentication covers the ESP plus the original IP header except for
mutable fields.
Transport-Tunnel bundle
One approach to applying authentication before encryption between
two hosts is to use a bundle consisting of an inner AH transport SA an
outer ESP tunnel SA. IN this case authentication is applied to the IP
payload plus the IP header except for the mutable fields. The resulting
IP packet is then processed in the tunnel mode by the ESP; the result
is that the entire authenticated inner packet is encrypted and a new
outer IP header is added.
Basic combinations of security associations
In case1 all security is provided between end systems that implement
IPSec. For any two end systems to communicate via an SA they must
share the appropriate secret keys. The following are among the
possible combinations. • AH in transport mode. • Esp. in transport
mode. • AH followed by ESP in transport mode. • Any one of a,b, or c
inside an AH or ESP in tunnel mode.
For case2 security is provided only between gateways and no hosts
implement IPSec.
Case3 builds on case2 by adding end-to-end security. The gateway –
to-gateway tunnel provides either authentication or confidentiality or
both for all traffic between end systems. When the gateway-togateway tunnel is ESP it also provides a limited form of traffic
confidentiality.
Case4 provides support for a remote host that uses the internet to
reach an organization’s firewall and then to gain access to some
server or workstation behind the firewall. Only tunnel mode is
required between the remote host and the firewall.
Unit VI
What protocols comprise SSL?
The protocols that comprise SSL are:SSL Handshake
Protocol,SSL Change Cipher Spec Protocol,SSL Alert
Protocol,Hypertext Transfer Protocol(HTTP) and SSL Recprd
Protocol.
What is the difference between an SSL connection and an SSL session?
A Connection is a transport that provides a suitable type of service. For SSL,
such connections are peer-to-peer relationships. The connections are
transient.
An SSL session is an association between a client and a server. Sessions are
created by the Handshake Protocol. Sessions define a set of cryptographic security
parameters, which can be shared among multiple connections.
List and briefly define the parameters that define an SSL session state.
A session state is defined by the following parameters:
Session identifier
Peer certificate
Compression method
Cipher spec
Master secret
Is resemble
List and briefly define the parameters that define an SSL session connection.
A connection state is defined by the following parameters:
Server and client random
Server write MAC secret
Client write MAC secret
Server write key
Client write key
Initialization vectors
Sequence numbers
Unit VIII
List the three design goals for a firewall.
1. All traffic from inside to outside, and vice versa, must pass
through the firewall. This is achieved by physically blocking all
access to the local network except via the firewall.
2. Only authorized traffic, as defined by the local security policy,
will be allowed to pass. Various types of firewalls are used,
which implement various types of security policies.
3. The firewall itself is immune to penetration. This implies that
use of a trusted system with a secure operating system.
List four techniques used by firewalls to control access and enforce a security
policy.
Service control
Direction control
User control
Behavior control
What are the differences among the three configuration of firewall?
In the screened host firewall, single-homed bastion configuration, the
firewall consists of two systems: a packet-filtering router and a bastion host.
In the screened host firewall, dual-homed bastion configuration prevents such a
security breach.
In the screened subnet firewall configuration is the most secure one. Here two
packet filters are used, one between the bastion host and the Internet and one
between the bastion host and the internal network.
In the context access control, what is the difference between a subject and an
object?
Subject is an entity capable of accessing objects. Any user or
application actually gains access to an object by means of a
process that represents that user or application. Object is one
in which anything is controlled.eg.files, programs and segments
of memory.
What is the difference between an access control list and a capability ticket?
An access control list lists users and their permitted access rights for each object.
A capability ticket specifies authorized objects and operations for a user. Each user
has a no. of tickets and may be authorized to loan or give them to others.
