Explain confidentiality with eg

Confidentiality: The principle of confidentiality specifies that only the sender and the intended
recipient(s) should be able to access the contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access a message. Here, the user of computer A sends a message to the user
of computer B. Another user C gets access to this message, which is not desired, and therefore defeats the
purpose of confidentiality. An example of this could be a confidential email message sent by A to B,
which is accessed by C without the permission or knowledge of A and B. This type of attack is called
interception. Interception causes loss of message confidentiality

Explain reverse cipher and perform it on a message

The reverse cipher encrypts a message by printing it in reverse order. So “Hello, world!” encrypts to “!
dlrow ,olleH”. To decrypt, or get the original message, you simply reverse the encrypted message. The
encryption and decryption steps are the same.
The algorithm of reverse cipher holds the following features −

• Reverse Cipher uses a pattern of reversing the string of plain text to convert as cipher text.
• The process of encryption and decryption is same.
• To decrypt cipher text, the user simply needs to reverse the cipher text to get the plain text.

The major drawback of reverse cipher is that it is very weak. A hacker can easily break the cipher
text to get the original message. Hence, reverse cipher is not considered as good option to maintain
secure communication channel,.

What is firewall?
 A Firewall is a security solution for the computers or devices that are connected to a network, they can
be either in form of hardware as well as in form of software. It monitors and controls the incoming and
outgoing traffic (the amount of data moving across a computer network at any given time ). The major
purpose of the network firewall is to protect an inner network by separating it from the outer network.
Inner Network can be simply called a network created inside an organisation and a network that is not
in the range of inner network can be considered as Outer Network.

What is data privacy?

Ability of a person/organisation to determine themselves when, how and to what extent personal
information about them can be shared with or communicated to others - This personal information (PII -
Personally Identifiable Information) can be date of birth, address, phone number etc. - Data privacy in
simple terms would a someone would like to exclude another person from the private conversation to
control or prevent certain types of personal data collection - With increase an increase in use of the internet,
the importance of data privacy has also increased - In jurisdictions, privacy is considered to be a human
right and data protection law exists - Laws for Data Privacy: GDPR, CCPA - Fair Practices involve: Data
Quality, Purpose Specification, Use Limitation, Security safeguards, Openness, Individual

Explain encryption with eg

Encryption is the method by which information is converted into secret code that hides the
information's true meaning. The science ofencrypting and decrypting information is called
cryptography.
In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext

Cipher : The formulas used to encode and decode messages are called encryption algorithms
Key : The variable, which is called a key, is what makes a cipher's output unique
Historically, it was used by militaries and governments.
In modern times, encryption is used to protect data stored on computers and storage devices, as well as
data in transit over networks

Explain encryption and decryption with diagram

ENCRYPTION - Encryption is technique of converting normal/ plain text to a meaningless (cipher text) -
Encryption process takes place at sender’s place - Encryption’s major task is to convert the plain text to
cipher text - Any message can be encrypted with either a secret or a public key - The sender sends the data
to the receiver post encryption - Same algorithm with the same key is used for the decryption process -
Encryption prevents unauthorised parties to read the message DECRYPTION - Process of converting
meaningless message into original form - Decryption process takes place at receiver’s end - Decryption’s
main task is to convert the cipher text into plain text - Encrypted message can be decrypted with either
secret key or public key - In decryption, receiver receives the cipher text and converts it into plain text
Explain advanced encryption standard (AES)
The more popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays
is the Advanced Encryption Standard (AES). It is found at least six time faster than triple DES. A
replacement for DES was needed as its key size was too small. With increasing computing power, it was
considered vulnerable against exhaustive key search attack. Triple DES was designed to overcome this
drawback but it was found slow. The features of AES are as follows −• Symmetric key symmetric block
cipher • 128-bit data, 128/192/256-bit keys • Stronger and faster than Triple-DES • Provide full
specification and design details • Software implementable in C and Java

Differentiate between data privacy and security

Explain elements of data privacy

Data privacy is not a single concept or approach. Instead, it's a discipline involving rules, practices,
guidelines and tools to help organizations establish and maintain required levels of privacy compliance.
Data privacy is generally composed of the following six elements:
Legal framework: Prevailing legislation enacted and applied to data issues, such as data privacy laws.
Policies: Established business rules and policies to protect employees and user data privacy.
 Practices: Best-practices put in place to guide IT infrastructure, data privacy and protection.
Third-party associations: Any third-party organizations, such as cloud service providers, that interact with
data.
Data governance: Standards and practices used to store, secure, retain and access data.
Global requirements: Any differences or variations of data privacy and compliance requirements among
legal jurisdictions around the world such as the U.S. and European Union (EU).

Explain configuration of firewall

In practical implementations, a firewall is usually a combination of packet filters and application
(or circuit) gateways. Based on this, there are three possible configurations of firewalls, as shown in
Fig. 9.20.

1. Screened Host Firewall, Single-Homed Bastion

In the Screened host firewall, Single-homed bastion configuration, a firewall set up consists of
two parts: a packet-filtering router and an application gateway. Their purposes are as follows.
● The packet filter ensures that the incoming traffic (i.e. from the Internet to the corporate network)
is allowed only if it is destined for the application gateway, by examining the destination address
field of every incoming IP packet. Similarly, it also ensures that the outgoing traffic (i.e. from the
corporate network to the Internet) is allowed only if it is originating from the application gateway,
by examining the source address field of every outgoing IP packet.
This configuration increases the security of the network by performing checks at both packet and ap-
plication levels. This also gives more flexibility to the network administrators to define more granular
security policies.
However, as we can see, one big disadvantage here is that the internal users are connected to the ap-
plication gateway, as well as to the packet filter. Therefore, if the packet filter is somehow successfully
attacked and its security compromised, then the whole internal network is exposed to the attacker.

2.Screened Host Firewall, Dual-Homed Bastion

To overcome the drawback of a screened host firewall, single-homed bastion configuration,
another type of configuration, called Screened host firewall, Dual-homed bastion, exists. This
configuration is an improvement over the earlier scheme. Here, direct connections between
the internal hosts and the packet filter are avoided. Instead, the packet filter connects only to
the application gateway, which, in turn, has a separate connection with the internal hosts.
Therefore, now even if the packet filter is successfully attacked, only the application gateway
is visible to the attacker. The internal hosts are protected. This is shown in Fig. 9.22.
3.Screened Subnet Firewall
The Screened subnet firewall offers the highest security among the possible firewall
configurations. It is an improvement over the previous scheme of screened host firewall, Dual-
homed bastion. Here, two packet filters are used, one between the Internet and the application
gateway, as previously and another one between the application gateway and the internal
network. This is shown in Fig. 9.23.
Now, there are three levels of security for an attacker to break into. This makes the life of the
attacker very difficult. The attacker does not come to know about the internal network, unless
she breaks into both the packet filters and the single application gateway standing between
 them.

How can a firewall protect data?

A firewall is a security device — computer hardware or software — that can help protect your network by
filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your
computer. Not only does a firewall block unwanted traffic, it can also help block malicious software from
infecting your computer. Firewalls can provide different levels of protection. The key is determining how
much protection you need. Thus a firewall can help protect your computer and data by managing your
network traffic. It does this by blocking unsolicited and unwanted incoming network traffic. A firewall
validates access by assessing this incoming traffic for anything malicious like hackers and malware that
could infect your computer.

*(important question) * Define IDS (Intrusion Detection System)

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity
and issues alerts when such activity is discovered. It is a software application that scans a network or a
system for the harmful activity or policy breaching. - Any malicious venture or violation is normally
reported either to an administrator or collected centrally using a security information and event
management (SIEM) system.

*(important question) * Explain the protocols involved in 7-layer OSI

(Open System Interconnection) model
Layer Name Function Protocols
Layer SMTP, HTTP, FTP,
Application To allow access to network resources.
7 POP3, SNMP
Layer MPEG, ASCH, SSL,
Presentation To translate, encrypt and compress data.
6 TLS
Layer
Session To establish, manage, and terminate the session NetBIOS, SAP
5
The transport layer builds on the network layer to
Layer
Transport provide data transport from a process on a source TCP, UDP
4
machine to a process on a destination machine.
Layer To provide internetworking. To move packets from IPV5, IPV6, ICMP,
Network
3 source to destination IPSEC, ARP, MPLS.
RAPA, PPP, Frame
Layer To organize bits into frames. To provide hop-to-hop
Data Link Relay, ATM, Fiber
2 delivery
Cable, etc.
Layer To transmit bits over a medium. To provide mechanical RS232, 100BaseTX,
Physical
1 and electrical specifications ISDN, 11.
 Explain TCP/IP protocol (Transmission Control Protocol/Internet
protocol)

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a

suite of communication protocols used to interconnect network devices on the
internet. TCP/IP is also used as a communications protocol in a private
computer network (an intranet or extranet).
The 4 layers of the TCP/IP model
TCP/IP functionality is divided into four layers, each of which includes specific protocols:

1. The application layer provides applications with standardized data exchange.

Its protocols include HTTP, FTP, Post Office Protocol 3, Simple Mail Transfer
Protocol and Simple Network Management Protocol. At the application layer,
the payload is the actual application data.

2. The transport layer is responsible for maintaining end-to-end communications

across the network. TCP handles communications between hosts and provides
flow control, multiplexing and reliability. The transport protocols include TCP
and User Datagram Protocol, which is sometimes used instead of TCP for
special purposes.

3. The network layer, also called the internet layer, deals with packets and
connects independent networks to transport the packets across network
boundaries. The network layer protocols are IP and Internet Control Message
Protocol, which is used for error reporting.

4. The physical layer, also known as the network interface layer or data link layer,
consists of protocols that operate only on a link -- the network component that
interconnects nodes or hosts in the network. The protocols in this lowest layer
include Ethernet for local area networks and Address Resolution Protocol.
Uses of TCP/IP
TCP/IP can be used to provide remote login over the network for interactive file transfer to
deliver email, to deliver webpages over the network and to remotely access a server host's
file system. Most broadly, it is used to represent how information changes form as it
travels over a network from the concrete physical layer to the abstract application layer. It
details the basic protocols, or methods of communication, at each layer as information
passes through.
 Explain RSA algorithm
- RSA : Rivest Shamir Adleman Algorithm
- Asymmetric Key Algorithm i.e. keys shared across will differ - TwoKeys: Public and Private Key
- Public Key: Given to everyone
- Private Key: Kept Private
- 2 large prime numbers are used for public key
- Private key is also derived using 2 large prime numbers
- If the key turns is factored then, the key is compromisedSteps:
1. Choose 2 prime numbers p and q
2. Compute the values of n and phin = p xq
phi = (p-1) x (q-1)

3. Figure the public key (e)

Choose e in such a manner that it should be multiplying with the factorsof phi phi = 20
20 = 5*4
20 = 5*2*2
So e cannot be 5, 2 and also not be divided by 20 so prime numbers should be 3,7,11,13,17,19...
e should be a prime value

4. Compute the value for a private key (d)

Condition for private key: gcd(phi, e) = phi(x) + ey = 1 where y is the value of d

To compute value of d:
Form a table with four columns a,b,d,k

Initialise a = 1, b = 0 , d = phi, k = blank First rowInitialise a = 0, b = 1, d = e^k,

k = phi/e Second RowFrom next row apply:

a. ai = ai-2 - (ai-1 x ki - 1)
b. bi = bi-2 - (b1-1 x ki - 1)
c. di = di -2 - (di-1 x ki - 1)Ki = di -1 /di
Check until d =1, once satisfied, compute the value of corresponding b Substitute the values of phi, x, ey
in the first equation
LHS = RHS
Then value of b is correct hence value of d is correct

Diffie Hellman key exchange algorithm (eg expected)

To implement Diffie-Hellman, the two end users Alice and Bob, while communicating over achannel
they know to be private, mutually agree on positive whole numbers p and q,

such that p is a prime number and q is a generator of p The generator q is a number that, when raised to
positive whole-number powers less than p, never produces the same result forany two such whole numbers
The value of p may be large but the value of q is usually small.
 Explain Rail Fence algorithm
The rail-fence technique is an example of transposition. It uses a simple algorithm as shown in Fig.
2.35.

Let us illustrate the rail-fence technique with a simple example. Suppose that we have a plain-text
message :Come home tomorrow. How would we transform that into a cipher-text message using the
rail-fence technique? This is shown in Fig. 2.36.
As the figure shows, the plain-text message ‘Come home tomorrow’ transforms into ‘Cmhmtm- rooeoeoorw’
with the help of rail-fence technique.
Rail-fence technique involves writing plain text as a sequence of diagonals and then reading itrow by
row to produce cipher text.

It should be quite clear that the rail-fence technique is quite simple for a cryptanalyst to break into. It
has very little sophistication built in.

Explain active and passive attacks

ACTIVE ATTACKS PASSIVE ATTACKS

Attempts to involve some modificationof the data or Attempts to learn or make use of information from the
can be used for creating a false system system but doesaffect the resources

Goal: Tamper the data Goal: Obtain Information

Such attacks are easier to detect Such attacks are difficult to detect

Example: Modification of payslips Example: Tapping of phone calls

Alters the data Does not alter the data

Classified as: Masquerade, Modification, Denial of Classified as: Release of messagecontents,

Service Traffic analysis

Explain and encode Modified Ceaser Cipher

Modified Caesar cipher is an extension to Caesar cipher. Caesar cipher is not good because it can be
analyzed by any attacker easily, so new concept was implemented to complicate the Caesar Cipher &
increase the complexity of the attacker to decode it.
In the program we are implementing Modified Caesar cipher which is an example of substitution cipher.
Program consist of two methods encrypt and decrypt. The encrypt method has two parameter one the plain
text and second is key. In Modified Caesar cipher each alphabet of plain text is may not necessarily
replaced by key bits down the order instead the value of key is incremented and then it is replaced with new
key value. The decryption method also has two parameters one encrypted message and key. It does
opposite process of encryption.
Encoding:
 What happens if data privacy is compromised?
Although a data breach can be the result of an innocent mistake, real damage is possible if the person with
unauthorized access steals and sells Personally Identifiable Information (PII) or corporate intellectual data
for financial gain or to cause harm.
Malicious criminals tend to follow a basic pattern: targeting an organization for a breach takes planning.
They research their victims to learn where the vulnerabilities are, such as missing or failed updates and
employee susceptibility to phishing campaigns. Hackers learn a target's weak points, then develop a
campaign to get insiders to mistakenly download malware. Sometimes they go after the network directly.
Once inside, malicious criminals have the freedom to search for the data they want — and lots of time to do
it, as the average breach takes more than five months to detect.
In many cases, data breaches cannot just be patched up with some password changes. The effects of a data
leak can be a lasting issue for your reputation, finances, and more.
For business organizations: a data breach can have a devastating effect on an organization's reputation and
financial bottom line. Organizations such as Equifax, Target, and Yahoo, for example, have been the
victims of a data breach. And today, many people associate/remember those companies for the data breach
incident itself, rather than their actual business operations.

For government organizations: compromised data can mean exposing highly confidential information to
foreign parties. Military operations, political dealings, and details on essential national infrastructure can
pose a major threat to a government and its citizens.
For individuals: identity theft is a major threat to data breach victims. Data leaks can reveal everything
from social security numbers to banking information. Once a criminal has these details, they can engage in
all types of fraud under your name. Theft of your identity can ruin your credit, pin you with legal issues,
and it is difficult to fight back against.

Explain Vernam cipher with eg

The Vernam cipher, whose specific subset is called one-time pad, is implemented using a random set of non-
repeating characters as the input cipher text. The most significant point here is that once an input cipher text for
transposition is used, it is never used again for any other message (hence the name one- time). The length of the
input cipher text is equal to the length of the original plain text. The algorithm used in the Vernam cipher is
described in Fig. 2.41.

Let us apply the Vernam cipher algorithm to a plain-text message HOW ARE YOU using a one-time pad
NCBTZQARX to produce a cipher-text message UQXTRUYFR as shown in Fig. 2.42.

It should be clear that since the one-time pad is discarded after a single use, this technique is highly secure and
suitable for small plain-text message, but is clearly impractical for large messages. The Vernam Cipher
was first implemented at AT&T with the help of a device called the Vernam machine.
Vernam Cipher uses a one-time pad, which is discarded after a single use, and therefore, issuitable only for
short messages.

Classify IDS
- Classification of Intrusion Detection System:
IDS are classified into 5 types:
1. Network Intrusion Detection System (NIDS):
Network intrusion detection systems (NIDS) are set up at a planned point within the network to
examine traffic from all devices on the network. It performs an observation of passing traffic on the
entiresubnet and matches the traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behaviour is observed, the alert can be sent to the
administrator. An example of a NIDS is installing it on the subnet
 where firewalls are located in order to see if someone is trying tocrack the firewall.
2. Host Intrusion Detection System (HIDS):
Host intrusion detection systems (HIDS) run on independent hosts or devices on the network. A
HIDS monitors the incoming and outgoing packets from the device only and will alert the
administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system files
and compares it with the previous snapshot. Ifthe analytical system files were edited or deleted, an
alert is sentto the administrator to investigate. An example of HIDS usage can beseen on mission-
critical machines, which are not expected to change their layout.
3. Protocol-based Intrusion Detection System (PIDS):
Protocol-based intrusion detection system (PIDS) comprises a system or agent that would
consistently resides at the front end of a server, controlling and interpreting the protocol between a
user/ device and the server. It is trying to secure the web server by regularly monitoring the HTTPS
protocol stream and accept the related HTTP protocol. As HTTPS is un-encrypted and before
instantlyentering its web presentation layer then this system would need to reside in this interface,
between to use the HTTPS.
4. Application Protocol-based Intrusion Detection System (APIDS):
Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that generally
resides within a group of servers. Itidentifies the intrusions by monitoring and interpreting the
communication on application-specific protocols. For example, this would monitor the SQL protocol
explicit to the middleware as it transacts with the database in the web server.
5. Hybrid Intrusion Detection System :
Hybrid intrusion detection system is made by the combination of two or more approaches of the intrusion
detection system. In the hybridintrusion detection system, host agent or system data is combined with
network information to develop a complete view of the network system. Hybrid intrusion detection system
is more effective in comparison to the other intrusion detection system. Prelude is an example of Hybrid
IDS.

Explain the functionality of each layer in the 7-layer OSI

model
-Physical Layer:
1.Responsible for physical cable/ wireless connection between network nodes
2.Defines connector, electrical cables and wireless technology
3.Responsible for transmitting raw data which is simply a series of 0s and 1s while taking care of bit rate
control
-Data Link Layer:
1.Establishes and terminates a connection between two physically connected nodes on a network
2.It breaks up packets into frames and sends them from source to destination
3.Consists of 2 parts: Logical Link Control which identifies network protocols, performs error checking and
synchronises frames and Media Access Control which uses MAC addresses to connect devices and define
permissions to transmit and receive data-
Network Layer: 1.Two functions: Breaking up segments into network packets and reassembling the packets
on the receiving end, the other is routing packets by discovering the best path across the physical network.
Uses network addresses to route packets to a destination node-
Transport Layer:
1.Transport Layer takes data transferred in the session layer and breaks in to segments on the transmitting
end.
2.Responsible for reassembling the segments on the receiving end, turning it back into data that can be used
by the session layer.
3.Carries out flow control, sending data at the rate that matches the connection speed of the receiving
device and error control, checking if data was received incorrectly and if not requesting it again-
 Session Layer:
1.Creates communication channels called sessions between devices.
2.Responsible for opening sessions, ensuring they remain open and functional while data is being
transferred and closing when communication ends
-Presentation Layer:
1.Prepares data for application layer
2.Defines how devices should encode, encrypt and compress data so it is received correctly on the other
end.
3.Takes any data transmitted by application layer and prepares it for transmission over the session layer-
Application Layer:
1.Used by end user software such as web browsers and email clients
2.Provides protocols that allow softwares ti send and receive information and present meaningful data to
users.

*(important question) * compare IPv4 vs IPv6

- An IP (Internet Protocol) address is a numerical label assigned to eachdevice connected to a computer
network that uses the IP protocol for communication. An IP address acts as an identifier for a specific
device on a particular network. The IP address is also called an IP number or Internet address.
- IP address specifies the technical format of the addressing and packets
scheme. Most networks combine IP with a TCP (Transmission Control Protocol). It also allows
developing a virtual connection between adestination and a source.
- IPv4 is an IP version widely used to identify devices on a network
using an addressing system. It was the first version of IP deployed forproduction in the ARPANET in
1983. It uses a 32-bit address scheme to store 2^32 addresses which is more than 4 billion addresses. It is
considered the primary Internet Protocol and carries 94% of Internet traffic.
- Following are the features of IPv4:
- Connectionless Protocol
- Allow creating a simple virtual communication layer over diversified
devices
- It requires less memory, and ease of remembering addresses
- Already supported protocol by millions of devices
- Offers video libraries and conferences
- IPv6 is the most recent version of the Internet Protocol. This new IP
address version is being deployed to fulfil the need for more Internetaddresses. It was aimed to resolve
issues that are associated with IPv4. With 128-bit address space, it allows 340 indecision unique address
space. IPv6 is also called IPng (Internet Protocol next generation).
- Internet Engineer Taskforce initiated it in early 1994. The design and
development of that suite are now called IPv6.
- Features of IPv6
- Here are the features of IPv6:
- Hierarchical addressing and routing infrastructure
- Stateful and Stateless configuration
- Support for quality of service (QoS)
- An ideal protocol for neighbouring node interaction
- IPv4 & IPv6 are both IP addresses that are binary numbers. IPv4 is a
32-bit binary number, and IPv6 is a 128-bit binary number address. IPv4addresses are separated by
periods, while IPv6 addresses are separated by colons.
- Both IP addresses are used to identify machines connected to a network.
In principle, they are almost similar, but they are different in howthey work.
- IPv4 is the fourth version of the Internet Protocol (IP), while IPv6 is
the most recent version of the Internet Protocol. Therefore, IPv6 ismore advanced, secure, and faster
compared to IPv4.
 Basis for
IPv4 IPv6
differences

Size of IP IPv4 is a 32-Bit IPAddress.

IPv6 is 128 Bit IP Address.
address
 IPv6 is an alphanumeric address
IPv4 is a numeric address,and its whose binary bitsare separated by a
Addressing
binary bits are separated by a dot (.) colon (:). It also contains
method
hexadecimal.

Number of
header fields 12 8

Length of
header filed 20 40

Does not have checksumfields

Checksum Has checksum fields

2001:0db8:0000:0000:0000:ff
Example 12.244.233.165
00:0042:7879

Type of Unicast, broadcast, andmulticast. Unicast, multicast, andanycast.

Addresses

IPv4 offers five different classes lPv6 allows storing anunlimited

Number of
of IPAddress. Class A to E. number of IPAddress.
classes

You have to configure a newly

In IPv6, the configuration is optional,
Configuration installed system before it can
depending uponon functions needed.
communicatewith other systems.

VLSM IPv4 support VLSM (VariableLength IPv6 does not offer supportfor VLSM.
support Subnet mask).

Fragmentation is done bysending

Fragmentation Fragmentation is done bythe
and forwarding routes.
sender.

Routing
RIP is a routing protocolsupported by
Information RIP does not support IPv6.It uses
the routed daemon.
Protocol (RIP) static routes.

Networks need to be configured either

manuallyor with DHCP. IPv4 had
Network several overlays to handleInternet IPv6 support
Configuration growth, which require more autoconfiguration
maintenance efforts. capabilities.
 Widespread use of NAT (Network
address translation) devices which
allows single NAT address can mask
It allows direct addressingbecause of
Best thousands of
vast address Space.
feature non-routable addresses,making
end-to-end integrity achievable.

Address Use for the designated network from

Not used.
Mask host portion.

SNMP is a protocol used forsystem

SNMP SNMP does not support IPv6.
management.

IPv6 provides interoperability

Relatively constrained network
andmobility
Mobility & topologies to whichmove restrict
capabilities which areembedded
Interoperability mobility and interoperability
in network devices.
capabilities.

IPSec(Internet Protocol Security) is

Security is dependent on applications –
built into theIPv6 protocol, usable with
IPv4 was notdesigned with security in
Security a proper key infrastructure.
mind.

Packet size 576 bytes required,

1208 bytes required without
Packet size fragmentationoptional
fragmentation

Packet
Allows from routers andsending
fragmentation Sending hosts only
host

Packet head contains Flow Label field

Does not identify packet flow for QoS
Packet that specifiespacket flow for QoS
handling whichincludes checksum
header handling
options.

Address (A) records, mapshostnames Address (AAAA) records,maps

DNS records
hostnames

Stateless address autoconfiguration

Address using Internet Control Message Protocol
configuration Manual or via DHCP version 6 (ICMPv6)or DHCPv6

IP to MAC Multicast Neighbour

Broadcast ARP
resolution Solicitation

Local subnet
Group Internet Group ManagementProtocol Multicast Listener
management GMP) Discovery (MLD)
 Does not have optionalfields.
Optional
Has Optional Fields But Extension headers are
Fields
available.

Internet Protocol Security (IPSec) Internet Protocol Security (IPSec)

IPSec concerning networksecurity is optional Concerning network security is
mandatory

Dynamic host Clients have approach DHCS (Dynamic A Client does not have to approach any
configuration Host Configurationserver) whenever such server asthey are given permanent
Server they want to connect to a network. addresses.

Uses ARP(Address ResolutionProtocol) Uses NDP(Neighbour Discovery

Mapping to map to MAC address Protocol) to mapto MAC address

IPv6 address is representedin

IPv4 address uses the dot-decimal hexadecimal, colon- separated notation.
Combability
notation. That’s why it is not suitable IPv6 is better suited tomobile
with mobile
formobile networks. networks.
devices

Explain UDP (User Datagram Protocol)

- User Datagram Protocol (UDP) is a Transport Layer protocol.
- UDP is a part of the Internet Protocol suite, referred to as UDP/IP
suite. Unlike TCP, it is an unreliable and connectionless protocol. So,there is no need to establish a
connection prior to data transfer.
- Though Transmission Control Protocol (TCP) is the dominant transport
layer protocol used with most of the Internet services; provides assured delivery, reliability, and
much more but all these servicescost us additional overhead and latency.
- Here, UDP comes into the picture. For real-time services like computer
gaming, voice or video communication, live conferences; we need UDP.Since high performance is
needed, UDP permits packets to be dropped instead of processing delayed packets. There is no error
checking inUDP, so it also saves bandwidth.
User Datagram Protocol (UDP) is more efficient in terms of both latencyand bandwidth.

UDP Header –
UDP header is an 8-bytes fixed and simple header, while for TCP it may vary from 20 bytes to 60 bytes. The
first 8 Bytes contains all necessary header information and the remaining part consist of data. UDP port
number fields are each 16 bits long, therefore the range for port numbers is defined from 0 to 65535; port
number 0 is reserved. Port numbers help to distinguish different user requests or processes.
1. Source Port: Source Port is a 2 Byte long field used to identify theport number of the source.
2. Destination Port: It is a 2 Byte long field, used to identify the
port of the destined packet.
3. Length: Length is the length of UDP including the header and thedata. It is a 16-bits field.
4. Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s
complement of the one’s complement sum of the UDP header, the pseudo-header of
information from the IP header, and the data,
padded with zero octets at the end (if necessary) to make a multipleof two octets.
Notes – Unlike TCP, the Checksum calculation is not mandatory in UDP. No Error control or flow control is
provided by UDP. Hence UDP depends on IPand ICMP for error reporting.

Solving Diffie Hellman

Solving Diffie Hellman using an example.
Alice and tom decide to have a secure communication over a channel. Let two large numbers be 11 and 7 (n
and g) respectively.Assume values of x and y for Alice and tom and check whether keys match or not
Let x be 3 and y be 5
Step 1: Alice and Tome agreed on 11 and 7
Step 2: Alice chose a large number 3 A = 7^3 mod 11A = 2
Step 3: Tom chose large number 5B = 7^5 mod 11 B = 10
Step 4: Alice sends value 2 to Tom and Tom sends value 10 to Alice
Step 5: Compute K1K1 = B^x mod n K1 = 10^3 mod 11 K1 = 10
Step 6: Compute K2K2 = A^y mod n K2 = 2^5 mod 11K2 = 10
K1 = K2
Key Matches

Differentiate between symmetric and asymmetric key

algorithm
Explain the principles of security
1. Confidentiality: The principle of confidentiality specifies that only the sender and
the intended recipient(s) should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access a
message. Here, the user of computer A sends a message to the user of computer B.
Another user C gets access to this message, which is not desired, and therefore
defeats the purpose of confidentiality. An example of this could be a confidential
 email message sent by A to B, which is accessed by C without the permission or
knowledge of A and B. This type of attack is called interception. Interception
causes loss of message confidentiality

2. Authentication: Authentication mechanisms help establish proof of identities. The

authentication process ensures that the origin of an electronic message or document is
correctly identified. For instance, suppose that user C sends an electronic document
over the Internet to user B. However, the trouble is that user C had posed as user A
when he/she sent this document to user B. How would user B know that the message
has come from user C, who is posing as user A? This type of attack is called
fabrication. Fabrication is possible in absence of proper authentication mechanisms.
3. Integrity: When the contents of a message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
For example, suppose you write a check for $100 to pay for goods bought from the
US. However, when you see your next account statement, you are startled to see that
the check resulted in a payment of $1000! This is the case for loss of message
integrity. This type of attack is called modification. Modification causes loss of
message integrity. Here, user C tampers with a message originally sent by user A,
which is actually destined for user B. User C somehow manages to access it, change
its contents, and send the changed message to user B

4. Non-Repudiation: There are situations where a user sends a message, and later on
refuses that she had sent that message. Non-repudiation does not allow the sender of
a message to refute the claim of not sending that message. For instance, user A could
send a funds transfer request to bank B over the Internet. After the bank
 performs the funds transfer as per A’s instructions, A could claim that he/she never
sent the funds transfer instruction to the bank! Thus, A repudiates, or denies, his/her
funds transfer instruction.

5. Access Control: The principle of access control determines who should be

able to access what. For instance, we should be able to specify that user A
can view the records in a database, but cannot update them. However, user B
might be allowed to make updates as well. An access-control mechanism can
be set up to ensure this. Access control is broadly related to two areas: role
management and rule management. Role management concentrates on the
user side (which user can do what), whereas rule management focuses on the
resources side (which resource is accessible, and under what circumstances).

6. Availability: The principle of availability states that resources (i.e.

information) should be available to authorized parties at all times. For
example, due to the intentional actions of another unauthorized user C, an
authorized user A may not be able to contact a server computer B. This
would defeat the principle of availability. Such an attack is called
interruption. Interruption puts the availability of resources in danger.

In general, what do you mean by intrusion?

 the act of going into a place or becoming involved in a situation where you are not wanted or do
not belong

Interception,Fabrication,Modification,Interpution

Explain DES (Data Encryption Standard)

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST). DES is an implementation of a Feistel Cipher. It
uses 16 round Feistel structure. The block size is 64-bit. Though, key length is 64-bit, DES has an
effective key length of 56 bits, since 8 of the 64 bits of the keyare not used by the encryption
algorithm (function as check bits only).
General

Structure of DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −
• Round function
• Key schedule
• Any additional processing − Initial and final permutation

*(important question) * What is Digital certificate and

how is it verified?
Digital certificate is issued by a trusted third party which proves sender’s identity to the
receiver and receiver’s identity to the sender. A digital certificate is a certificate issued by
a Certificate Authority (CA) to verify the identity of the certificate holder. The CA issues
an encrypted digital certificate containing the applicant’s public key and a variety of other
identification information. Digital certificate is used to attach public key with a particular
individual or an entity. Digital certificate contains:- 1. Name of certificate holder. 2. Serial
number which is used to uniquely identify a certificate, the individual or the entity identified
by the certificate 3. Expiration dates. 4. Copy of certificate holder’s public key.(used for
decrypting messages and digital signatures) 5. Digital Signature of the certificate issuing
authority. Digital certificate is also sent with the digital signature and the message.
Having understood how the CA signs a digital certificate, let us now think how the
verification of a certificate takes place. Suppose we receive a digital certificate of a user,
which we want to verify. What should we do for this? Clearly, we need to verify the digital
signature of the CA. Let us understand what steps are involved in this process, as shown in
Fig. 5.19.

The verification of a digital certificate consists of the following steps.

(a)The user passes all fields except the last one of the received digital certificate to a message-
digestalgorithm This algorithm should be the same as the one used by the CA while signing the
certificate. The CA mentions the algorithm used for signing along with the signature
in the certificate, so the user here knows which algorithm is to be used.
(b)The message-digest algorithm calculates a message digest (hash) of all fields of the
certificate, except for the last one. Let us call this message digest as MD1.
(c)The user now extracts the digital signature of the CA from the certificate (remember, it is the
lastfield in a certificate).
(d)The user de-signs the CA’s signature (i.e. the user decrypts the signature with the CA’s
public key).
€This produces another message digest, which we shall call MD2. Note that MD2 is the same
message digest as would have been calculated by the CA during the signing of the certificate
(i.e.before it encrypted the message digest with its private key to create its digital signature
over thecertificate).
(f)Now, the user compares the message digest it calculated (MD1) with the one, which is the
re- sult of de-signing the CA’s signature (MD2). If the two match, i.e. if MD1 = MD2, the user
is convinced that the digital certificate was indeed signed by the CA with its private key. If
this comparison fails, the user will not trust the certificate, and reject it.