3
UNIT-1 Security Concepts, Cryptography Concepts and Techniques
Interception
i It affects the confidentiality of information where an
‘unauthorized person or program gets the access or control to
some system resources.
souRcE
DESTINATION
INTRUDER
Figure: Interception
Examples: Wiretapping of a network, illicit copying of files
oF programs.
Q4. Write short notes on viruses.
Answer : Model Papers, a1)
AA Virus is a software program that replicates itself
and infects another computer without the knowledge of user.
‘The computer virus gets its pame from biological virus. For
replicating itself, a virus needs to execute eode and should be
‘written to the memory. For this reason, many viruses attach,
themselves o executable files that are part of authentic program.
A virus propagates by transmitting itself across network
‘and bypassing security system. Viruses are otherwise said to be
in dormant phase (idle) until certain events cause their code to
‘be executed. Virus also propagates from one system to another
When it’s host is taken to an uninfected system. They are
transmitted as attachments in e-mail message or in downloaded
[Efi
| Q5. Whatare the different types of viruses?
‘Some of the different types of viruses are as follows,
Parasitic Virus
{tis one of the most common types of virus. It attaches
itself to executable files like .com and .exe in order to
‘propagate. When the program that is infected is executed,
the cloned copy of parasitic virus is transmitted to other
‘executable files.
Memory-resident Virus
Resident viruses load themselves into the memory during
the execution of infected program and transfer the control
1 the infected host program. In this case, virus infects
every © program that is being executed on the
system.
Boot-sector Virus
tis a type of virus that infects the master-boot record.
Q6. Define non-repudiation.
Answer: Dee.-47(R13), 218)
Non-repudiation provides protection against the denial
by one ofthe entities involved in communication. Thus, once
‘message is sen, the receiver assures that the message was se
by an intended sender and upon reception, the sender assures
that the message is received by the correct receiver
Q7. What are the types of security attacks?
May-46(R13), 2118)
Answer :
‘Attacks on the security of a system or a network can
be best described by analyzing the functionality of a computer
system by providing the required information. The two different
types of attacks that are possible are,
1 jive Attacks
It refers to the process of monitoring or wiretapping of
the ongoing transmission. Here, the goal of the opponent is to
capture the transmitting information. Two possible types of
passive attacks are,
wo
(ii) Traffic analysis.
Release of message contents
2. Active Attacks
In this type of attack, an attacker can alter the information
‘or sometimes generates fraudulent information into the network.
‘The four categories of the active attacks are as follows,
@
‘Masquerade
Replay
(ii) Modification
(iy) _Denial of service.
ea ae PE BG weet ee
Q8. Discuss about Masquerade in brief.
Answer ee 199R16. O10)
This type of attack occurs when one entity counterfeits
to be adifferent entity. usually includes the other types of
sequence thereby allowing
‘aed eaiy wih limited privileges to get additonal pve
by pretending to be an entity that has these benefits.
‘canna wth CamSconmerQ9. What are security mechanism? Explain, . |
7 Ma A01R10), ary) ||
a CRYPTOGRAPHY AND NETWORK SECURITY UUNTU-HYDERABAD,
Anawer
Jom of the specific necurity mechanisms are ay follows,
0 Enelpherment: Ic refers 10 the process of applying mathematical algorituns ir ‘converting data into & form that is ny
fanilyaccenibe, This depends on te applied algorithm and the eneryption Keys,
(0) Diglea gnature: ‘The appended data ora cryplographic transformation applied 0 any data unit must preserve the integrin,
‘ofthe dati and prevents it from nny unauthorized veces.
(Uy Access Controls I refer 10 4 variety of techniques that are usually employed for enforcing access permissions to the
sayatem resources.
lv) Data Integrity: I refers toa variety of techniques that ensure the integrity of data
(©) _Authentlation xchange: tis « mechanism of ensuring the identity of ether a sender ora receiver by exchanging
information between them,
(WD ‘Trafic Padding: The process of inserting bits info w data stream to thwart traffic analysis attempts.
certain amount of data and immediately changes
(vil) Routing Control: It selects a route that is assumed to safe for ransmi
the route once a breach in security is detected,
(vill Notartzation: Irefers tothe involvement of a rusted third party for assuring some specific properties ofa dota exchanee.
G10, Explain the network security model,
Answer: OctINow-1613), aa)
Generally, the data which is in the form of a stream or a block can be transmitted over network between the two
‘communicating partes. The entity which is responsible fo transmitting the data is called a sender and the entity which receives
the data (from the sender) is called a receiver, Both the parties must have certain level of coordination between them in order
to exchange the data. Ifthe sender and receiver are linked through connection-oriented means then they must use a connection-
‘oriented protocol like TCP/IP for transmitting the data, During the process of data transmission, some unauthorized interruption
‘rom intruders occur which can be avoided by providing security to the transmitting data
QA1. Define linear cryptanalysis.
Anower + Dec-47(R13}, Otc)
“Linear Cryptanalysis is a type of eryptanalytic attack invented by Mitsuru Matsui (1016, +015, 1017}. This attack uses
‘approximations to describe the action of a block cipher. This means that if XOR is done on some of the plain text bits
together and then XOR the result le bit is generated that is the XOR of some of the
(Model Papers, 21(0) | Oct/Nov.-A6{R13), Q1(b))
er of plaintext is replaced with some other element. In transposition, the letters are jumbled
ib hefcred a sich way that no information ia lot Pete i
the traffic padding keeps on generating output as ci x
Petectheementakuccae sc.
if plaintext is not provided, then data is encrypted and it
ate transmitted randomly. As a result
‘rue data flow and padding, which eventually leads to the failure oda
book is #/CRIMINAL ect. Anyone found guity fs LIABLE ts fate LEGAL proce
‘Scand wth CamScomernt ty Concepts, Cryptog 5
a Concepts, Cryptography Concepts and Techniques
ve earay Concepts and Techniques 9
grt. Explain the caesar cipher.
oP ‘ape 10(815), 40)
Caesar cipher isthe oldest of all substitution ciphers which eplac er of the plaintext with an alphabet i.e. thre
ploces ahead ofthat alphaber. itution ciphers which replaces each letter of the plainte,
pxample
Plaintext: Hi, this is Rui
Ciphertext: KL, WKLV LV UXKL
The replacement done in the above example uses the following,
Plaintext Alphabet
See Uieey ad, ie ap
Ciphertext Alphabet
Der GH 1
Plaintext Alphabet
Ried o” pb
Ciphertext Alphabet
ee. Sie 6 Gen ave + wo oe yw git hae BoC.
Ifthe alphabets are assigned with numbers i.¢., a= 0,5 = 1,c=
(@) If the substitution is such that each letter of the alphabet is replaced by a letter i.e., three places ahead of it, then the
substitution algorithm for each letter P in the plaintext substitutes letter C as the cipher letter as follows.
~ C=E@)
=(P +3) Mod 26)
Gi) __ Ifthe substitution is such that each letter is replaced by a letter that is K places ahead of it, then,
C=E)
=(P + K) Mod (26)
‘Where, K can be any value from 0 to 25. A decryption algorithm for Caesar cipher is, m
P=D()
= (CK) Mod (26)
Q15. Compare substitution ciphers with transposition ciphers.
Substitution Cipher
| Substitution cipher substitutes or replaces the contents
of the plaintext by other letters, numbers or symbols,
Each letter takes its actual identity by varying its position.
4. | Example of transposition cipher is Rail Fence cipher.
May-19(R16), (0)
Bec.-17(R13), 21>)
‘canna wth CamScomor7
(Bier secuty concepts. crmcoragy Concepeant ectrigns
ako depends upon the
oy
)
©
@
©
oO
‘Apart from th
1A triad concepts, computer secutity
following additional concepts.
Authenticity
This concept ensu trusted parties. It
requires, user verification to know their identity and the
information that they provide about themselves is valid,
‘genuine and intact.
Accountability
This
that the user
ing
|W ensures that all the security branches are
responsible party to ensure that the system
becomes reliable
of Service Threats
threats refuse the provided services of th cients,
destroy the user threads that request for a service, load
the machine with fake requests, overload the memory
and cause the machine vulnerable to DNS attacks.
Consequences
Denial of services to the users over web results in the
irritation and discontinuation of the normal execution,
{thereby preventing the users in accomplishing thei jobs
on time,
Counter Measures
It is-very difficult to avoid denial of service threats and
their exist no standard measute,
IP Spoofing
JP spoofing is an attack where the identity of the source
is forged in order to gain unauthorized access to a sys-
tem. ‘The message which is sent appears to be as if itis
Sent from a trusted entity, thereby fooling the receiver
{0 accept junk or malicious data,
Packet Sniffing
Packet sniffing is a process in which an unauthorized
person/hacker reads the sensitive information for
illegitimate purposes. To avoid this, IAB has made
it mandatory to include secutity services such as
authentication and eneryption in every IP packet
‘generation (i.e, IPV6 as well as IPv4).
Eavesdropping
‘When two sources are being communicated and some
“unwanted messages are passed from the other sources
_then this mechanism is referred to as eavesdropping.
“Internetwork security is both fascinating and
. Justify the statement.
+
Stalement “Intemetwork security is both fascinating
<” because of the following reasons,
a
8
10,
os
is 1d fon achieving, miter ,
ee ‘s Howtvet the mechanistas theowgh es
‘ope its can be achieved are difficult to undierst
Assecurity mechanism has tobe developed in sacha wa
that it covers and provides secuity fom all potental
security atacks. Alo, approaching the problers i
entirely different way may help in identifying
problems in the mechanism
a result of the above reason, the mechanisms theowgh
Ce tehatn sirvioas rt ferba Goce opel
description, Te ned for such procedures arises mltipke
aspects of threats are considered that can strengthen the
security mechanisms. When are not considered, is not
needed because of the complexities.
Once all such security mechanisms are developed. 2
decision has to be made regarding their usage. For
example, deciding which poimts in networks require
security mechanism. This decision includes both pirysical
as well as logical deployment of the mechanism.
‘The mechanisms that are thus developed mostly contain
multiple algorithms (or) protocols. They also need
Participating entities to hold some critical information
(uch as creation, distribution and protection) regarding
the key used for encryption. As a result of this inclusion
of protocols and critical information, the process of
‘mechanism development gets complicated.
‘There is always a constant baitle between the attacker and
the developer. The attacker tries to violate the security
where as the developer tries to protect it, In such 2
scenario, the attacker has an edge over the developer as
‘single loop hole can lead to breach the security. But for
the developer it is necessary to identify and overcome
all such loop holes so as to provide perfect security.
The users a8 well as the system administrator get
benefitted by the security investment. They enjoy the
benefits until failure occurs.
Security ‘needs frequent counselling in order to stay
up-to-date with today's changing trends. However, i
is difficult to do.so keeping in mind the short term and
‘environments of today.
SES RATS |
‘canna wth CamSconmor| yNIT-1. Security Concepts, c;
|
certain points that should be assured:
jnclude the following,
(0) Thepolicy should be explained tothe employees,
ji) Each and every concerned person's
ares tony = erson’s responsibilities
(ii) Simple language should be used while communicating
(iv) _ Organization should be accountable forthe esablis
ome forthe establishment
(0) Plans should be made for the exceptions and review
an ceptions and reviewed
G21. Describe the various principles of security,
Model Papers aa)
OR
Write about integrity and Non-repudiation
Security Services. :
(Refer Only Topics: Integrity, Non-repudiation)
Answer : NoviDec.20(R16), (8)
Security Services
the security of a data processing system and the information
flow within an organization, They are meant to tackle security
attacks by employing one or more security mechanisms.
(3.
being
‘releasing message contents, higher levels of protection can be
Provided. All the data which is transmitting between the two
i some specific period of ime can be protected incase
ttroader forms this sevice, For example, incase of virtual
_ Connection between the two systems, any user data is prevented
sprlied ina narrower form which protects ingle message.
some fields within the message. ef, this approach is
: Pectations of emplo
imterms of 8 working syle und belie eo
Afier the implementation of security policies, there are
by the organization which
A security service is a service that is used to enhance
‘The available security services are as follows,
1. Confidentiality
2. Authentication
3. Non-repudiation
4. Integrity
5
6, Access control.
Confidentiality 71. determines tee Se aGd4Y 0
‘Confidentiality refers to the process of protecting the dat,
transmitted from all types of passive-attacks, In case of
release over the virtual ¢ircuit. Confidentiality can also
a
ryptography Concepts and Techniques
igo” Cltarstaesnes =p chong 0 UE tHe
mntication s@ the MKEhaNIEN) 40 iC
2 nates Ws oe teak
Ideals wth te process of assuring thatthe com
is authentic, In case of a single message transmission, its
function isto ensure the recipiemt that the message from the
‘intended source. For an ongoing interaction such asthe termina
0 exives are involved: i
loner Some tty Ce Roney osing eseanam < Ana feMoor
(© Initally af the time of connection establishment, the
‘authentication service must ensure the authenticity of
‘two communicating parties involved,
(i) The authentication service must assure that the
conneet two hosts is not interrupted by
‘ny third party which is pretending to be as one of the
‘wo authorized hosts.
‘Types of Authentication
‘There are two types of authentication services. They are,
(Peer entity authentication
(ii) Data origin authentication.
(Peer Entity Authentic:
(This type of authentication is used to verify the s
Of the peer entities involved in communication) It is
also used for providing authentication at the time of
connection establishment and during the process of data
‘transmission,
(ii) Data Origin Authentication
Aika used for chowiiy tie aithonticity ofthe source data
without providing protection against the alterations or
replications of the data units) It is primarily used for
the applications that do not fequire prior interactions
between the two communicating parties (such as
electronic mail).
3. Non-repudiation Meathanismo-that Prevents h¢
dengnt o& MKALE ConkENE gark thxOO}h ce nck
‘Non-repudiation provides protection against the denial — +8.
by one of the entities involved in communication, Thus, once at do
‘message is sent, the receiver assures that the message was sent {6°
by an intended sender and upon reception, the sender assures Sen de
that the message is received by the Correct receiver. 49 Vel ukee tt
Yeceive
4. Integrity
(Integrity can be applied to a single message within
stream or to an entire stream, It can also be applied t0 some
‘specific fields within a message. Two types of integrity services
are available, .
(@ Connection-oriented integrity service
Gi) Connection less integrity service.
Aconnection-oniented integrity service is concemed with
‘the message streams. It ensures thatthe messages are reveived in
‘complex and expensive to implement. Another feature of
| SPECTRUM ALLIN-ONE JOURNAL FOR ENGINEERING STUDENTS
the order in which they are sent with no alterations, insertions,
deletions, duplications, reordering or replays. It also deals with
‘the destruction of data. Hence, it attends to both message-strean
‘modification and denial of service.
‘canna wth CamSconmer2 (CRYPTOGRAPHY AND NETWORK SECURITY UINTU-HYDER ABAD,
A-comnacbion Bese aaBRGINY serve kl aly the
Amada messages Wergpectie af aay comtert thereby
-pesuning peourveie agunse BE NEE ACTIN CN
Am innegeity service can be apptied with or without
EMRE As Bese Services gee elated active ateeks the
cmRAOE CuMKURD IS BO detect ews rashes thas preventing Bet
Be imaageky ws Veanad and detected thee abe server wet
“Stmiy Nes Rs Wiokation and Sind out the ways oF ROVERS
Bem R,
SX _ Avaitabitiey
The avaitabitity cam be significantly affected by a
Namen of attacks which ane susmepiihie & authentication,
cootraiting the axcess to the bust systems and applications
‘eos Larios commenncubon beaks For achieving this aves
The confidentially of the data is very: important if the
pediication material belongs to a private corporation.
‘This is because, ittoatains critical data associated with
the ceganization and is exsential to be used within the
‘organization. For this reason, confidentiality is most
important requirement,
‘The integrity of the data is very important ifthe publi-
‘cation is related to laws, rules and regulations. This is
because, different organizations follow different laws,
rks and regulations where the decided anes are stored
and published. For this reason, integrity is most impor-
(Refer Only Topic: Caseguries of Attacks)
Answer :
Categories of Security Services
For answer refer Unitd, Q21.
Categories of Attacks
Attacks on the security of a system or 3 network car
sxace | oesmanox
Figare (1: Worms! tnformation Flow
‘Theoretical Concepts
a
‘The four general categories of attacks are as follows
1. InterruptionDESTINATION
SOURCE it
IrmueR
Figure (4): Modification
Examples
Modifying the values in a datafile or 1
4 data file or the mess
contents, making alterations in a program so tha
behaves in a different manner,
4 Fabrication
‘This is an attack on the authenticity of a message in
which an unauthorized party adds fake objects into the
system.
[[sornce —t
DESTINATION.
INTRUDER
Figure (5): Fabrication
Examples
‘Adding fraudulent messages into the network, inserting
additional records to a file.
mmemmneercne see tie So
GA. Explain in detail about different types of
programs that attack computer systems.
| Anower =
| Some of different types of programs that attack computer
_ systems ate as follows,
@ Virus
For answer refer Unit-l, Q25.
Worms
Worms are the software programs 1
themselves and transmit the cloned copy to other computers
sing network. They are reproducing programs that execute
‘and travel across network connection. These
|
viruses but the only difference
Worms are similar 10
ityelf to existing program. The
for a woren is that, itrequires a program code 10 be |"
Pinal virus has same behaviour as that of compvicr
Worms but, the former requires human to perform the actions
whereas the later independently searches for the system 10
‘perform its actions. Network worm can exhibit similar property
{8 computer virus, once it has been activated to perform
destructive action, These worms propagate over network
connection using network vehicles 4s follows,
(0) E-mail Facility
Worm sends a mail con
systems.
(b) Remote Host Execution Ability
Worm independently runs a copy of itself on other
system.
(Remote Login Ability
‘Worm logins on a remote system by pretending as an
authentic user and replicates itself using commands.
Network yworms have the same life-cycle phases as that
fof computer virus. They are as follows,
1, Dormant phase
2, Propagation phase
3. Triggering phase
4. Execution phase
Network worm is capable of determining if the
system was previously infected before replicating itself. Ina
‘multiprogramming environment, network worm hides itselfand
pretend as a system processor by using other names that are not
detected by users.
‘A system can be prevented from worm attacks by
receiving regular updates about the patches and upgrades
regarding bperating system and for other applications. The other
‘way to protect a system from worms is to reduce the services
and applications executing on the system.
it) ‘Trojan Horse
‘A trojan horse can be defined as a computer program
containing hidden code which results i harmful funetioning
after execution, These programs allow users to access
information for which they are not authorized. These programs
ccan be modified when compared to other possible software
programs.
Trojan horses allow the attackers to access functions
indirectly. Most of the trojan horse infections occur because
the authentic user is trapped to-exceute an infected malicious
program. The important feature of trojan horse 1s that it has
all capabilities and permissions of an authorized user Trojan
horse can either be malicious or non-malicious program. The
following are some of the damages caused by trojan horse:
(Deleting ox evecwriting date.co the coupon.
)Corrupting files in mysterious way.
(Gil). Deactivating antivis software program.
(iv) Randomly shutting down the system.
‘The best way to detect trojan horse is to identity the
excetabl es tha re changed by comparing CRC values of
all executable files in the system.
taining its cloned copy to othet
‘canna wth CamSconmorAVirus isa software program that creates duplicate copy
‘of itself and infects another computer without the knowledge of
user, In order to duplicate itself Virus‘ must execute code and
‘write it into the memory. They are usually transmitted along an
‘email message ora dowaloaded file.
Nature of Viruses
A vitus contains malicious/harmful code that causes
‘damage t0 the system by eliminating important programs,
deleting necessary files or by reformatting the hard disk. Some
of the viruses are designed only to create duplicate copy of
themselves but not to cause any damage,
Viruses are classified into two types. They are,
(i) Non-resident virus
ii) Resident virus.
() Non-resident Virus
‘This type of virus searches for other uninfected host
‘Programs and infects them. Later, it transfers the control
10 infected application program.
(il) Resident Virus
‘These viruses load themselves into the memory during
‘execution and transfers control to the host program,
Life Cycle of Virus
A virus undergoes the following phases during its
1. Dormant phase
2. Propagation phase
3. Triggering phase
4. Execution phase.
1. Dormant Phase
A virus is said to be in dormant phase until events such
as date, presence of other file etc, allow the program
code to be executed. ei
a Propagation Phase
In this phase, virus creates a duplicate copy of itself
1. Boot Sector Virus
2. File Virus
3. Macro Virus
_and attaches to other programs, Each infected program
copy of virus which itself enters the cloning
ram,
| Phase, virus
activation takes place in order to
action, ©
© Viruses are classified into the following types,
1, Boot sector virus
File virus
Macro virus
Encrypted vines
Stealth virus
It is a type of virus which damages the maste:-bost
record. It propagates while booting the system fon
infected disk.
It is type of virus that damages only those files which
are assumed to be executable by the operating sjsiem
Macro virus is one of the common types of virus. These
Viruses cause much damage to system's data. They have
become a threat because of the following reasons,
(Macro virus damages Microsoft Word spplicatioes
by inserting unnecessary words or phrases. Dut
to this, all hardware and operating system which
supports the word document also get affected.
Gi) Macro virus damages only documents, and
large parts of system information which is in the
document form instead of program code |
(ii) Macro virus can be transmitted without any
difficulty.
4. Encrypted Virus |
{tis a type of virus which infects in the following way
Initially, a random encryption key is produced by seme
part of the virus. Then, encryption is performed on the
remaining part of virus. The encrypted key is stored along
With the virus and using this key, the virus is decrypted.
5S. Stealth Virus
‘This virus is designed in such a way that it hides its!
from being identified by any antivirus software prog
Polymorphic Virus
Itis a virus that changes with each infection. It creates
duplicate copy of itself where every copy of vrs!
Performs same action. Here, every individual vires
o ‘be a different entity. It usually includes the other | majority of attacks made by virus. As itis very difficult sp
& iypes of active attack. Consider an example, where the | virus, different approaches are used W reduce Virus three
ea authentication sequences can be seized and replayedafter | They are,
& the occurrence of a valid authentication sequence thereby View.
Gi) Virus identification approach
iii) Virus removal approach.
@ Virus Detection Approach
‘When a program is infected, analysis is ome to dex:
and find the location ofthe virus.
E bof : Gi) Virus Identification Approach
Bs Replay When a virus is detected, this approach identities |
‘refers tothe process of passively capturing a particular the actual type of virus, which is the main reason fee
eo) (data unit along with its succeeding retransmission infection,
convine metered oS. © | Gi) Virus Removal Approach
a Wht thon ana aati
all instances of the virus and restores the wife!
ys [rogram to its actual state. Then. viruses frows ah oe
systems are detected to halt virus propagation
If detection approach is performed wccesfull)
if idemtfication and removal appeoash failed to aden) an!
‘Temove virus from infected program. then the only pete
way is to delete the infected program completely and reweeeel
‘a clean backup version of same peogram
act viruses were just a simple program code tha
easily detected and removed using simple antivirus ote
‘canna wth CamScomer|
First generation software
Sccond generation software
Third generation software
4. Fourth generation software
First Generation Software
fave same structure and bit pattern. The disadvantane of
Thc other first generation scanners save the information shone
m length and examine it regularly. This is done in onder
incheck whether any modifications are made tothe pros
Aength or not. i
2. Second Generation Software
This type of sofware is not signature dependent,
Instead, the seanners use heuristic rules for détecting possible
sins infection. The other approach used in second generation
camers is integrity checking which is done using checksum
deletion technique.
1. Third Generation Software
‘These programs identify virus hased on their action but
tot on their structures, *
4. Fourth Generation Software
They are software packages that contain different types
ofantivitus methods. These methods are used in conjunction
ing activity trap element, access
of specific
The following are the different types of specific attacks.
(i) Spoofing
(i) Phishing
(Git) Pharming.
(Spoofing
Spoofing refers to the misrepresentation of one’s
identity for fraudulent purpose. Hackers atack individuals or
‘onganizations using fake e-mail addresses or domain names that
resemble very closely to the actual e-mail addresses of domain
imines For example, jhe bogs domain naric of icici.com (ind)
istegistered for a legitimate site, icici.com. The bogus site copies
the legitimate site's text and graphics to resemble the legal site.
‘Next, it sends attractive messages inducing users to give their
Personal information. The innocent tarvets that assume the
age to be from the IP address of a trusted system reveal
information. Thus, with such unauthorized access,
gain valuable information of individuals or corporate
like credit card information and business secrets.
15
(i) Phishing
Jshing pronounced as fishing refers to a process in
ich victms sferanatack wher they areedirete 0 se
‘ther website the morent they click on the link, Such inks are
fake and victims generally come across them while browsing
imtemet or through a sent e-mail inthe mailbox
Some ofthe websites by which users gt attracted areas
follows, ‘
7 im your lucky draw by clicking on the link below,
“Security breach’, itis to hereby inform that due to some
security reasons customers are requested to provide their
account details by clicking on the link below,
wow banking.com
‘As shown in the above examples, the moment one clicks
‘on the above websites, they are redirected 10 some fake website
Which resembles with the original bank website
Phishing attacks are usually executed by using URL's
similar tothe original websites URL's. Therefore, when the user
enter its crucial information onthe fake website then the attacker
Bains access to the users sensitive information and misuses it.
‘Types of Phishing
(2) Spear-phishing emails
(b) Web forgery
© (© Avalanche phishing.
(a) Spear-phishing Emails
a highly recognized phishing
technique, where the emails copy the messages from
authoritative source which could be financial institution,
4 communications company or any famous entity
associated with a reputed brand. Basically, all the
phishing techniques are exhibited in social engineering.
URL/Link manipulation filter evasion i.e. images are
used o hide malicious links and website forgery
Web Forgery
Web forgery is also a kind of phishing where in an
identity theft occurs when a malicious website pretends
lobe legitimate one, soas to acquire secret information.
‘Avalanche Phishit
The Avalanche phishing is @ criminal act which is
considered as the most sophisticated and damaging
‘cross the internet. It is productive in mass-production
system while setting up phishing sites and malware
development particularly for automating identity theft.
11 also encourages unauthorized transactions from
‘consumer bank accounts. It is solely Yesponsible for
increase in phishing attacks across the internet reported
by Anti-phishing working Group (APWG).
Pharming
tis another important phishing technique where in DNS.
tables are contaminated such that victim’s address (frww.paypal.
com) points to some phishing site. So, each time the user clicks
‘the site, it navigates him to the phishing site. However, if the
user performs URL checking, it prevents DNS mapping.
(b)
©
(iii)
‘canna wth CamSconmor16
(CRYPTOGRAPHY AND NETWORK SECURITY [UNTU-HYDERABAD)
ee
032, Describe man-in-the-rniddie attack and compare 5, Security Services, Security Mechanisn,
with ARP attack,
on
Discuss the “man-in-the-middie” attack.
(Refer Only Tope: Man-in-the- Middle (BIT) Attacks)
Anewer ‘herb sHH98), Mb)
Man-in-the-Middle (MITM) Attacks
MITM are the most effective types of attacks often used
‘long with the encrypted protocol hijacking and S8H11 and SSI.
connection types,
‘Consider an example of user trying to establish a
‘connection 1 an SSL cnabled site, Here, the key is iterchanged
with the 861. server and its certificate is compared with the
‘cenificate stored in the web browsers trusted root cetification
authority store. If the desired certificate is found in the
certification authority store with no liritations on restrictions,
then no warning, message appears on the client side. However,
‘session key is provided for encrypting the communication
‘that is taking place between the SS1_-enabled site and the client
system,
Initially, at the time of MITM attack, the client is not
really connected tothe SSI. site. Rather, a hijacker provides fake
‘credential and replies using the clients information to the SSI.
site Hence, the hijacker establishes a connection with the SSL.
‘servers a representative of the client system and displays all
‘the information transmitted in either of the two directions ayain,
‘with this, hijacker can choowe any portion of the information
For accessing,
Conparoon with ARY Attack
eZ. ARP attack is a type of MITM attack. These attacks
_ telers to the attacks performed on the ongoing packets acrons
the machine. The objective of these type of anacks isto alter
tables on the target machine, The main function of the
sto control the MAC-address to IP-address mapping
machine. Hence, ARP is dynamic protocol
toasnign the MAC addresses to the newly added
1s network. Its also used to obtain the new MAC
existing machines as result of which all the
Her Nowe 996),
ie bk CANAL nt. A nd uty ABLE otc LEGAL proces
1
223, Write a short notes on throats,
Answer +
“Threats
‘A threat refers to the capability of violating the secu
upom the oceurtence of an event, action oF a circumstance
affects the network security and causes damage to it. In shen
a threat isan expected danger that may attain vulnerayliy
possible threats to network seeutity are as follows,
() Insecure Network Architecture
A network which is not configured in s proper mance;
becomes an easier entry point for intruders. Keeping
44 trust-based local network open to an insecy
internet ultimately causes someone to make use 0
opportunity to enter the network in an unauthorized 3,
Broadcast Networks
Many system administrators fail to analyze the
significance of networking hardware in providing
the feature of security. The hardware devices such 2
hubs and routers are dependent on the broadcast cr
non-switched principles. This means, once the data is
transmitted to a recipient over a network, the connecting
device ie., a hub or a router broadcasts the data packets
{il the reception of a node remains the receiver. Apan
from this, it causes a vulnerable effect on the Address
Resolution Protocol (ARP) and Media Access Control
(MAC) addressing.
Centralized Servers
‘The use of centralized computing is another threat 1»
network security. This can be reduced by integrating ali
the Services into a single server rather than distributing or
multiple server configurations. This reduces the overall
ost and makes the task of network management easier
‘But the problem with this approach is that, it leads 1
network failure, if some malfunctioning occurs in the
Centralized server. In such situations, central server acts
48 an entry point for the unauthorized users to enter and
disrupt its functioning.
No Firewall
‘The most common error often made by the administraios
‘and home-sers is their assumption about the networt
‘security and hence they relinquishes the implementa
of a firewall or network packet filtering service. The
firewall installation in a stand-alone or 2 gatc*s)
is important for segmenting internal and external
Aetwork. It also helps in making the task of finding te
network's extemal IP address for the crackers, e3sic-
Hence, an intruder enters into the network and acts ®
4 proxy. This problem can be prevented by employ9¢
firewalls that perform the task of packet filtering. pot
forwarding and network address translation. Imprope
firewall implementation makes the network complete?
‘vulnerable.
wi
(iy
ivy
‘Scand wth CamScomor19
UNIT-7_Securty Concepts, Cryptography Concepts and Techniques
38. Give the relationship between security services and security mechanism,
answer:
Security Services
Peerentity | Data Origin | Access | Confide- Availability
Authentication | Authentication ntiaity
Yes ‘Yes No
Yes Yes No
No
No No
Security Attacks
Moditie Denial of
of Message | Service
Wo |
Masquerade | Replay
1.1.6 A Model for Network Security
'Q38. Describe the model for network security with neat sketch,
OR
~ Give a model for Network Security with neat diagram,
C oR .
Bee.-01R16), 2/6)
May-174R3), 20)
Explain the model of network security.
Answer :
Network Security Model
Generally, the data which is in the form of a stream or
(Model Papers, Q3(a) | May-16(R13), 03(a))
a block can be transmitted over network between the two
or gauicsting partes. The entity which i responsible for transmitting the data is called sender and the entity which resiven
the data (from the sender) is called a receiver. ust have certain level of coordination between them in order
W exchange the data. 1 the sender and receiver are linked through connection-oriented means then they must wse » connection-
Fated protocol like TCP/IP for transmitting the data, During the process of data transmission, some onauthoried interruption
| fiom intruders occur which can be avoided by providing sec to the transmitting data. The model for the network security is
_ shown below,
‘canna wth CamScomoreee ee
1 Security C 21
Nit WY Concepts, Cryptography Concepts 1nd Techniques
o Service Threats
‘These threats produce various fa 4 ae em services
seth nous faults pertaining to services and prevent the legitimate users to utilize the 5!
The security mechanisms for preventin
Placing a gatekeeper function wh,
includes a password-based login method that provides access to only authorized users
Pere esos Wome emer at ese Ere
1f unauthorized access is divided into two categories. They are as follows,
An internal control which
™MOnitors the inter
of unauthorized users or i are
system activities,
intruders, if any.
lyzes the stored information and detects the presence
Human (ex: hacker)
Opponent
1 Software [ex: virus, worm)
1
Gatceper
1
Information System
© Computing Resouces
(Processor, Memory, LO)
© Data
© Processes
© Sofware
Information Security Controls
Figure: Network Access Security Model
1.2. CRYPTOGRAPHY CONCEPTS AND TECHNIQUES
Q40. Differentiate linear and differential Crypto-analysis.
_ Answer : j Oct Nov.-16(R13), Gaia)
Linear Cryptanalysis
Linear Cryptanalysis is a type of eryptanalytic attack invented bs
linear approximations to describe the action of a block cipher. This means that if XOR is done on seme ot dhe plain text bits
pests, XOR some cipher text bits together and then XOR the result single bit is generated that is the XOR uf some of the
ey bits. This is a linear approximation and will hold some probability P.
¥y Mitsuru Matsui (1016, +015, 1017]. This attack uses
_ Working of Linear Approximation in Case of DES
A cipher with n-bit plain text und cipher text blocks and an M-bits key,
PED), PLZ]... Plat)
the cipher text block be labelled as
Cll}, Cl2}, C[3}-..Cln}
and the key (1, K{2), k(3)...k[n}
then the equation is defined as,
Ali, kK] = Ali] ® AG] ®....@ Afk)
‘The objective of linear cryptanalysis is to find an effective linear equation of the form
{et the plain text block be labelled as,
‘canna wth CamScomerI
CRYPTOGRAPHY AND NETWORK SECURITY [JNTU-HYDERABap)
22
Ss a
‘The pairs of input to the function f(m, &) possess,
1d
Play, yO, 8] CIB, By BI =K LY
{
where X=0, or 1
Isa,
bsn,
Isesm
and a, B, 7 terms represent fixed, unique bit concerns
that hold with probabilities P+ 0.5.
‘The equation becomes more effective ifthe value of P
is more than 0.5. Upon determination of a proposed relation,
results are to be computed for multiple plaintext-ciphertext
pairs. If this result is 0 for half of the time then k[r,.f,.
1] =0 is assumed. Else if the result is 1 for most of the time
then k{r, ty. f= 1 is assumed. This assumption entails a
linear equation of the key bits. In the similar way, multiple
relations are built through which linear equations will be
deduced. Hence, all such equations are to be computed for
solving the key bits.
Differential Cryptanalysis
11990, Eli Biham and Adi Shamir introduced differential
+ cryptanalysis. It looks specifically at cipher text pairs. Using
differentia cryptanalysis, Biham and Shamir found chosen-plain
) text attack against DES that was more efficient than brute force.
It analyzes cipher text pair difference as the plain text
‘propagates through various rounds of DES when they are
encrypted with the same key. Here, pairs of plain text are
selected with a fixed difference. The two plain texts can be
chosen at random, as long as they satisfy particular difference
conditions. The cryptanalyst does not have to know their values.
For DES, the term “difference” is defined by using XOR.
DES Notation
____ Consider a block m consisting of plain text and is divided
into equal halves m, and m,. A DES round maps the right-hand
input into the left hand output anid the resultant output generated
at right-hand is set as a function of the left hand input along
with sub key for that round. As a result, only one new 32-bit
block is created. If new block m, (2