Rakshpal Bahadur college of Engineering and

Technology, Bareilly
Computer system security
Assignment-4

Ques1. What is cryptography? Explain the types of cryptography?

Ans. Cryptography is technique of securing information and communications through use of codes so that
only those person for whom the information is intended can understand it and process it. Thus preventing
unauthorized access to information. The prefix “crypt” means “hidden” and suffix graphy means
“writing”. In Cryptography the techniques which are use to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to convert messages in
ways that make it hard to decode it. These algorithms are used for cryptographic key generation, di gital
signing, verification to protect data privacy, web browsing on internet and to protect confidential
transactions such as credit card and debit card transactions.

Types of Cryptography - Cryptography also allows senders and receivers to authenticate each other through
the use of key pairs. There are various types of Cryptography (algorithms) for encryption, some common
algorithms include:
▪ Secret (symmetric) key Cryptography (example DES, Triple DES, AES, RC5)
▪ Public (asymmetric) key cryptography (RSA, Elliptic Curve)
Secret Key Cryptography - Both the sender and receiver share a single key. The sender uses this key to
encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the same key
to decrypt the message and recover the plain text. Since only single key is used so we say that this is a
symmetric encryption.

Public-Key Cryptography - In this method, each party has a private key and a public key. The private is
secret and is not revealed while the public key is shared with all those whom you want to communicate
with. The public key is used for encryption and for decryption private key is used.

1. RSA public key cryptography

The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977.
The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world. It can be used
to encrypt a message without the need to exchange a secret key separately. Messages encrypted using the
public key can only be decrypted with the private key. The steps for the RSA algorithm are the following way:

Ques2. Discuss single Vs Public key cryptography.

Ans.
Private Key Public Key

1. The private key is faster than the public key. It is slower than a private key.

In this, the same key (secret key) and In public-key cryptography, two keys are used, one
algorithm are used to encrypt and decrypt key is used for encryption, and the other is used for
2. the message. decryption.

In private key cryptography, the key is kept In public-key cryptography, one of the two keys is
3. a secret. kept a secret.

The private key is Symmetrical because

there is only one key that is called a secret The public key is Asymmetrical because there are
4. key. two types of keys: private and public keys.

In this cryptography, the sender and receiver In this cryptography, the sender and receiver do not
5. need to share the same key. need to share the same key.

In this cryptography, the public key can be public

6. In this cryptography, the key is private. and a private key is private.

7. It is an efficient technology. It is an inefficient technology.

8. It is used for large amounts of text. It is used for only short messages.

There is the possibility of losing the key that There is less possibility of key loss, as the key is
9. renders the systems void. held publicly.

The private key is to be shared between two

10. parties. The public key can be used by anyone.

Ques3. Explain the different ELEMENTS OF THE INTERNET INFRASTRUCTURE

Ans.

Ques4- How does SSL/TLS work?

Ans. These are the essential principles to grasp for understanding how SSL/TLS works:

• Secure communication begins with a TLS handshake, in which the two communicating parties
open a secure connection and exchange the public key

• During the TLS handshake, the two parties generate session keys, and the session keys encrypt
and decrypt all communications after the TLS handshake

• Different session keys are used to encrypt communications in each new session

• TLS ensures that the party on the server side, or the website the user is interacting with, is
actually who they claim to be

• TLS also ensures that data has not been altered, since a message authentication code (MAC) is
included with transmissions

With TLS, both HTTP data that users send to a website (by clicking, filling out forms, etc.) and the HTTP
data that websites send to users is encrypted. Encrypted data has to be decrypted by the recipient using a
key.
Ques5. Write a short note on DNS Security?
Ans- The term DNS security refers to the protection measures that involve the DNS protocol. As you may
already know, the DNS (Domain Name System) has not been created using a security-by-design approach.

Back when this infrastructure was invented, security threats were not prevailing, as is now the case. During
those times, we were dealing with a much smaller and much more secure environment, but as its magnitude
and availability increased, the more promising it started to look in the eyes of malicious actors.

Secondly, throughout time, multiple additions were made to the infrastructure of the DNS – and sometimes,
perhaps without much circumspection. These aspects have contributed to the lack of security of the DNS.
Thus, it should come as no surprise that a myriad of DNS threats is now endangering companies large and
small and regular consumers alike. .

Some most of the common attacks are:

• DNS spoofing/cache poisoning

• DNS tunneling
• DNS hijacking
• Phantom domain attack
• Domain lock - up attack

The End.

By -Abhay Pratap Singh (B.Tech M.E. 2nd Year SemIII )