Information Security and PR - FaQ I - IndianTechnoEra
Latest update Android YouTube
Home
Faq Explain
IPR

Information Security and PR - FaQ I


Section-A 

Question 1: What is the Principle of Cryptography?

Answer: The principle of cryptography is to protect the confidentiality, integrity, and authenticity of information by transforming it into a format that is unreadable to unauthorized persons.


Question 2: Explain Transposition and Substitution ciphering techniques.

Answer: Transposition and substitution ciphers are two basic types of ciphers.

Transposition ciphers: In transposition ciphers, the order of the letters in the plaintext is changed. For example, the transposition cipher "ROT13" shifts each letter by 13 positions.

Substitution ciphers: In substitution ciphers, each letter in the plaintext is replaced with another letter, number, or symbol. For example, the substitution cipher "Caesar cipher" shifts each letter by 3 positions.


Question 3: Name different security services achieved by Digital Signature.

Answer: A digital signature is a cryptographic technique that is used to verify the authenticity and integrity of a digital message. It can also be used to identify the sender of a message.

The following are some of the security services that can be achieved using a digital signature:

  • Authentication: A digital signature can be used to authenticate the sender of a message.
  • Integrity: A digital signature can be used to verify that the message has not been tampered with since it was signed.
  • Non-repudiation: A digital signature prevents the sender from denying that they sent the message.


Question 4: Explain different components of Cryptosystem.

Answer: A cryptosystem is a system that uses cryptography to protect information. It consists of the following components:

  • Plaintext: The plaintext is the original message that is to be encrypted.
  • Ciphertext: The ciphertext is the encrypted message.
  • Encryption algorithm: The encryption algorithm is the algorithm that is used to encrypt the plaintext.
  • Decryption algorithm: The decryption algorithm is the algorithm that is used to decrypt the ciphertext.
  • Key: The key is a secret value that is used to encrypt and decrypt the message.


Question 5: Limitations of Diffe-Hellman and KDC Session Keys generating Protocols.

Answer: The Diffie-Hellman and KDC session key generation protocols are both secure protocols, but they have some limitations:

  • Diffie-Hellman: The Diffie-Hellman protocol requires both parties to have a shared secret, such as a prime number and a generator. This can be difficult to arrange in practice.
  • KDC: The KDC protocol relies on a trusted third party, known as a key distribution center (KDC). If the KDC is compromised, then all of the session keys that it has generated are also compromised.


Question 6: Explain the difference between Passive and Active Attacks.

Answer: Passive attacks are attacks in which the attacker eavesdrops on or intercepts communication between two parties without altering the communication. Active attacks are attacks in which the attacker modifies or disrupts communication between two parties.


Some examples of passive attacks include:

  • Traffic analysis: The attacker analyzes network traffic to learn about the communication patterns of the network.
  • Eavesdropping: The attacker intercepts and listens to communication between two parties.
  • Sniffing: The attacker captures data packets that are being transmitted over a network.


Some examples of active attacks include:

  • Man-in-the-middle attack: The attacker intercepts communication between two parties and impersonates one of the parties.
  • Replay attack: The attacker records and replays a previous communication.
  • Denial-of-service attack: The attacker floods a network with traffic, making it unavailable to legitimate users.


Section-B 

Question 1: Explain most Common types of Cyber Security Attacks.

Answer: The most common types of cyber security attacks include:

  • Malware attacks: Malware attacks involve the use of malicious software, such as viruses, worms, and Trojan horses, to infect computers and networks.
  • Phishing attacks: Phishing attacks involve sending fraudulent emails or text messages to trick users into revealing sensitive information, such as passwords or credit card numbers.
  • Man-in-the-middle attacks: Man-in-the-middle attacks involve intercepting communication between two parties and impersonating one of the parties.
  • Denial-of-service attacks: Denial-of-service attacks involve flooding a network with traffic, making it unavailable to legitimate users.


Question 2: Define the security service integrity and confidentiality.

Answer: Integrity and confidentiality are two of the most important security services in information security. By protecting the integrity and confidentiality of data, organizations can help to protect their data from unauthorized access, modification, and disclosure.

  • Integrity: Integrity is the assurance that data has not been tampered with or altered in any way. This is important because if data is altered, it may no longer be accurate or reliable. Integrity can be ensured through a variety of methods, such as using digital signatures, checksums, and encryption.
  • Confidentiality: Confidentiality is the assurance that data is only accessible to authorized individuals. This is important because if data is accessed by unauthorized individuals, it may be compromised or used for malicious purposes. Confidentiality can be ensured through a variety of methods, such as encryption and access control lists.


Section C 

Question 1: How does PGP provide confidentiality and authentication service for e-mail and file storage applications? Draw the block diagram and explain its components.

Answer: PGP (Pretty Good Privacy) is a cryptographic software that provides confidentiality and authentication services for e-mail and file storage applications. It uses a combination of symmetric and asymmetric encryption to protect data.

Block diagram of PGP:

PGP (Pretty Good Privacy): Alice Sender

PGP (Pretty Good Privacy): Bobs Reciver 


Components of PGP:

Encryption: PGP uses symmetric encryption to encrypt the message with a session key. The session key is generated randomly for each message and is encrypted with the recipient's public key. This ensures that only the recipient can decrypt the message.

Authentication: PGP uses digital signatures to authenticate the sender of the message. The sender's private key is used to sign the message digest, which is a hash of the message. The recipient can then verify the sender's signature using the sender's public key.


Steps involved in PGP encryption:

  • The sender generates a random session key.
  • The sender encrypts the message with the session key using symmetric encryption.
  • The sender encrypts the session key with the recipient's public key using asymmetric encryption.
  • The sender sends the encrypted message and the encrypted session key to the recipient.

Steps involved in PGP decryption:

  • The recipient decrypts the session key with their private key using asymmetric encryption.
  • The recipient decrypts the message with the session key using symmetric encryption.
  • The recipient verifies the sender's signature using the sender's public key.


Question 2: Explain all the steps of Needham-Schroeder Session Key generation Protocol. How it prevents all the attacks that exist in other protocols.

Answer: The Needham-Schroeder protocol is a cryptographic protocol for establishing a secure session between two parties. It uses a trusted third party, called a key distribution center (KDC), to generate and distribute session keys.

Steps involved in the Needham-Schroeder protocol:

  • The client sends a message to the KDC requesting a session key with the server.
  • The KDC generates a random session key and encrypts it with the client's public key.
  • The KDC sends the encrypted session key and the server's public key to the client.
  • The client decrypts the session key with their private key and stores it.
  • The client sends a message to the server containing the server's public key and a nonce.
  • The server decrypts the message with its private key and verifies the nonce.
  • The server encrypts the session key with the client's public key and sends it to the client.
  • The client decrypts the session key with its private key and stores it.
The Needham-Schroeder protocol prevents the following attacks:

  • Replay attacks: The nonce ensures that the messages are not being replayed from a previous session.
  • Man-in-the-middle attacks: The encryption of the session key with the client's and server's public keys ensures that the attacker cannot intercept and modify the session key.


Question 3: Explain the RSA algorithm of Asymmetric key cryptography.

Answer: The RSA algorithm is an asymmetric encryption algorithm that uses a pair of keys to encrypt and decrypt data. One key is public and can be shared with anyone. The other key is private and should be kept secret.

Steps involved in RSA encryption:

  • The sender generates a plaintext message and a random session key.
  • The sender encrypts the session key with the recipient's public key using the RSA algorithm.
  • The sender encrypts the message with the session key using symmetric encryption.
  • The sender sends the encrypted session key and the encrypted message to the recipient.

Steps involved in RSA decryption:

  • The recipient decrypts the session key with their private key using the RSA algorithm.
  • The recipient decrypts the message with the session key using symmetric encryption.
  • The RSA algorithm is a very secure algorithm and is widely used in many


Section-D 

Question 1: What is cryptography? What is the difference between symmetric and asymmetric cryptography? Why is asymmetric key suitable for small size messages?

Answer: Cryptography is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It is a vital tool for protecting sensitive data, such as financial information, medical records, and government secrets.


Symmetric cryptography uses the same key to encrypt and decrypt data. This means that the sender and receiver must both have the key in order to communicate securely. Symmetric cryptography is very efficient and is widely used for encrypting large amounts of data.

Asymmetric cryptography uses two different keys to encrypt and decrypt data: a public key and a private key. The public key can be shared with anyone, but the private key must be kept secret. Asymmetric cryptography is slower than symmetric cryptography, but it is more secure because the attacker cannot decrypt the data without the private key.


Asymmetric key cryptography is suitable for small size messages because the overhead of encryption and decryption is relatively low. For example, asymmetric key cryptography can be used to encrypt and decrypt digital signatures.


Question 2: Explain the DES algorithm in detail. How other variants such as 2DES, 3DES preserved more security? What are the properties of a Good Hash Function? Write all the steps to calculate message digest using the MD5 algorithm.

Answer: Data Encryption Standard (DES) is a symmetric encryption algorithm that was developed by IBM in the 1970s. DES uses a 56-bit key to encrypt and decrypt data. DES was once the most widely used encryption algorithm, but it is now considered insecure due to advances in computing power.

2DES and 3DES are variants of DES that use two or three DES keys to encrypt and decrypt data, respectively. 2DES and 3DES are more secure than DES because they are more difficult to crack.


Properties of a good hash function:

  • One-wayness: It should be difficult to compute the input message from the hash value.
  • Collision resistance: It should be difficult to find two different messages that produce the same hash value.

Steps to calculate message digest using the MD5 algorithm:

  • Pad the message to a multiple of 512 bits.
  • Divide the padded message into 512-bit blocks.
  • Initialize four 32-bit hash values (A, B, C, and D).
  • For each block of the message:
  • Process the block using a series of mathematical operations.
  • Update the four hash values.
  • The final hash value is the message digest.


Question 3: Explain different types of Malicious Programs. Write the life cycle of a Virus.

Answer: Types of malicious and cycle of virus are follows.

Types of malicious programs:

  • Viruses: Viruses are self-replicating programs that can infect and damage computer systems.
  • Worms: Worms are self-replicating programs that can spread through networks without requiring user interaction.
  • Trojan horses: Trojan horses are malicious programs that disguise themselves as legitimate programs. Once a user installs a Trojan horse, it can give the attacker control over the user's computer.
  • Spyware: Spyware is malicious software that collects information about a user's computer activities without their knowledge or consent.
  • Ransomware: Ransomware is malicious software that encrypts a user's files and demands a ransom payment in order to decrypt them.


Life cycle of a virus:

  • Infection: The virus infects a computer system when the user opens an infected file, attachment, or link.
  • Replication: Once the virus has infected a computer system, it begins to replicate itself.
  • Propagation: The virus spreads to other computer systems by attaching itself to files, emails, or links.
  • Execution: The virus executes its payload, which can damage the computer system or steal data.

It is important to have antivirus software installed on your computer to protect it from malicious programs. Antivirus software can detect and remove viruses before they can damage your computer system.



#Faq Explain #IPR #QnA

Post a Comment

Feel free to ask your query...
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.