Cryptography Question Bank Solution 2080

Define the CIA Triad and explain its components. List out the services of security. Differentiate between block ciphers and stream ciphers with examples.

Dealing with the security of information we need to work on some strategies and policies that minimizes the threats and make the system secure. The system is condidered to be secured if it has maintained the data integrity, confidentiality and availability. This method of preserving Confidentiality, Integrity and Availability of the infprmation is called CIA Traid.It contain three aspects and they are Confidentiality, Integrity and Availability.

fig :CIA Traid

• Confidentiality : Confidentiality is a method to ensure that the sensative contents are concealed from other and are allowed to only authorized person or organization. It deals with data hiding or data confidentiality and privacy. Data confidentiality assures that data content thar are sensetive are hidden and privacy ensure that individual can control and influence the information themselves and can decide whom that data could be disclosed to.
• Integrity : Integrity mean to assure that the data is not modified and for this either prevention or detection method is used. In prevention method it is ensured that the data are not unauthorized person for modification.
• Availability : This means that the network should be always available to users. It assures that the system is working promptly and services are not denied to the authorized user. We can consider the system availability if it is in usuable form, has capacity enough to fulfill the need or meet the need of the user.

security services is a communication services that enhances the security of the data and information transfers of an organization. Security services includes following services:

• Authentication : The authentication service is concerned with assuring that a communication is authentic. It is of two type and they are : Peer entity authentication, Data origin authentication.
• Access control : It is the ability to limit and control the access to host systems and application via communucation. To achieve this, each entity trying to gain access must first be authenticated, identified
• Confidentiality : Data confidentiality assures that data content thar are sensetive are hidden and privacy ensure that individual can control and influence the information themselves and can decide whom that data could be disclosed to.
• Integrity : Integrity mean to assure that the data is not modified and for this either prevention or detection method is used. In prevention method it is ensured that the data are not unauthorized person for modification.
• Availability : This means that the network should be always available to users. It assures that the system is working promptly and services are not denied to the authorized user. We can consider the system availability if it is in usuable form, has capacity enough to fulfill the need or meet the need of the user.

The difference between Block cipher and Stream cipher is shown below:

Basis	Block Cipher	Stream Cipher
Defination	Block cipher take a block of plain text as input and then convert it to cipher text.	Block cipher take a plain text as input and then convert it to cipher text.
Working bits	It works on 64 bits or more.	It works on 8 bits.
Reverse	It is quite complex to reverse the cipher text back to original text as it take a block of plain text while encryption.	It is easy to reverse the cipher text back to original text as it take a plain text while encryption.
Speed	Encrypting a block of plain text to cipher text at a time take more time. Hence, it is slow	Encrypting a plain text to cipher text at a time take less  time. Hence, it is fast.
Security	Since this cipher uses 64 bits or more while encryping so it is more secure.	This cipher uses 8 bits while encryping so it is less secure.

Explain the single round operation in DES. Describe the F function in DES.

Data Encryption Standard (DES) is a type of feistal cipher which contain 16 rounds. It is a block cipher with 64 bit. The basic concept of DES is that a 64 bit block is divided into two halves of 32 bits each. The halves goes under the operations with function F, subkeys of 48 bits and XOR operator. This basic structure is shown below.

 

Initially before leading to the rounds the 64 bit plain text is divided into two halves each of 32 bits. In each rounds there are some steps to be followed and they are explained below:

• The right 32 bit half is intially expanded by passing through Expansion table(E-table). This help to convert 32 bit to 48 bit.
• The expanded bit goes under XOR operation with 48 bit subkey.
• The subkey is generated by dividing the 56 bits key of 64 bits key into two halves of 28 bit block each. Each halves goes under left shift of and its permutation to give a 48 bit subkey.
• The XORed right half bits are then passed through Substution box (S-box). In DES 8 S-box are there and each takes six bit input and give 4 bit output. This converts 48 bits back to 32 bits.
• The obtained 32 bit it then permuted i.e positioned.
• Finally the permutted bits are XORed with the left half.
• The right half of this round will be left half of next round whereas the XORed  left and right half obtained before are used as right half of next round.

The figure below shows the diagram for single round steps

 

F function also known as feistal function is a function which works on right half and subkey or round key. In this function intitally the 32 bit text is expanded to 48 bits. The 48 bit text is then XORed with 48 bit subkey. The obtained 48 bits are sent to Substution box where each S-box accepts 8 input data and produce 4 output data resulting to the reduction of 48 bit data to 32 bit data. Obtained 32 bits are then permutted. This is visually represented below:

 

Explain the concept of a denial of service attack and provide examples.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks are attempts to interrupt a website or network’s operations by overwhelming it with traffic. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected. Hacker tries to make a network, system, or machine unavailable by flooding it with fake requests or traffic. This prevents real users from accessing it, causing anything from slowdowns to complete shutdowns.

There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

• Buffer overflow attacks – It is the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks
• ICMP flood – It leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.
• SYN flood – It is a variation that exploits vulnerability in TCP connection sequence that sends a request to connect to a server, but never completes the handshake. This continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

 

Encrypt the message “INFORMATION” using the Playfair cipher with the keyword “SECURITY”.

given,

Message = INFORMATION

Keyword = SECURITY

From above we can encrypt the message INFORMATION,

    IN                FO                RM             AT           IO              NZ

       YL               HM               EP                BY            AL             PW

Hence, for message INFORMATION the cipher text will be YLHMEPBYALPW.

Given p = 61, q = 53. Calculate the public key, private key, and encrypt the message “42”. Then, decrypt the ciphertext to retrieve the original message.

given,

p = 61

q = 53

n = pq

n = 61 x 53

n = 3233

now

Φ(n) = (p-1)(q-1)

Φ(n) = (61-1)(53-1)

Φ(n) = 3120

choosing a value of e such that 3120 is co-prime with e. So, we can say that

e = 17

now,

public key = (n, e) = (3233, 17)

we have ,

ed = 1 (mod Φ(n))

17 d = 1 (mod 3120)

for finding value of d we can use the extended euclidean algorithm then we get,

3120 = 17 x 183 +9

17 = 9 x 1 +8

9 = 8 x 1 + 1

8 = 1 x 8 + 0

By solving above equations by substution we get,

d = 367

so,

 private key = (n, d) = (3233, 367)

Here, we have message “42”.

So, for encryption we have formula as,

m^e mod n

= 42¹⁷ mod 3233

 = 2557

now,

for decryption we have formula as,

c^d mod n

= 2557³⁶⁷ mod 3233

= 42

 

 

 

Explain the process of generating message digests using MD4.

MD4 is a cryptographic hash function which digest an arbitrary message length of 128 bit. It was designed to be a 32 bit word oriented so that it could be computed faster on 32 bit computer. This algorithm influenced later design such as MD-5, SHA-1 algorithms. It has rounds containing block size of 512 bits.

Initialization

• Step 1: Given a message m₀, m₁, m₂, ……. m_b-1  b bits
• Step 2: Append padding bits and get m₀, m₁, m₂, ……. m_b-1 (b bits ≡ 448 mod 512)
• Step 3: Append 64 bits and get m₀, m₁, m₂, ……. m_b-1  
• Divide it to N words as m₀, m₁, m₂, ……. m_b-1 (N is a multiple of 16).
• Initialize 4 MD buffer (A, B, C, D) each of them is 32 bit register.

Word A : 01  23  45  67

Word B : 89 ab  cd  ef

Word C : fe  de  ba  89

Word D : 76  54  32  10

Processing 48 rounds

• first pass 16 rounds : f(B, C, D) = BC ∨ (¬ B)D,    i =0,1,2,3,4,5….. 15,    k₁ = 0,    S = 3,7,11,19,3,7,11,19,3,7,11,19,……
• second pass 16 rounds : f(B, C, D) = BC ∨ BD ∨ CD,    i =0,4,8,12,   k₁ = 5A827999,    S = 3,5,9,13,3,3,5,9,13,3,5,9,13……

• third pass 16 rounds : f(B, C, D) = B⊕C⊕D,    i =0,8,4,12,    k₁ = 6ED9EBA1,    S = 3,9,11,15,3,9,11,15,3,9,11,15,……

Compute :

A = A + A°

B = B + B°

C = C + C°

D = D + D°

Output :

A, B, C, D as result.

fig : MD4 

Explain the process of public key distribution and secret key distribution using public key cryptography.

false

Divide 3x²+x+6 by 5x + 3 over GF(9).

given,

dividend = 3x² + x + 6

divisor = 5x + 3

GF over 9.  so, Z = {0, 1, 2, 3, 4, 5, 6, 7, 8}

Define firewall and types of firewalls.

A firewall is a network security device, either hardware or software based. It monitors all incomming and outgoing traffic and based on a defined set of security rules it accepts, drops or rejects that specific traffic which seems suspecious or dangerous.

Types of firewalls are :

1. Packet Filtering Firewall: Examines packets of data and makes decisions to allow or block based on predetermined rules, such as IP addresses and port numbers.
2. Stateful Inspection Firewall: Keeps track of the state of active connections and makes decisions based on the context of the traffic, allowing or blocking packets based on the current state of the connection.
3. Circuit-Level Gateway: Operates at the transport layer of the OSI model and monitors TCP handshakes. It doesn’t inspect the contents of packets but makes decisions based on the state of the connection.
4. Application Layer Firewall (Proxy Server): Operates at the application layer of the OSI model, inspecting and filtering traffic based on specific applications or services. It provides granular control over the applications being used.
5. Next-Generation Firewall (NGFW): Combines traditional firewall features with advanced functionalities, including intrusion prevention, deep packet inspection, and application-layer filtering, to provide more comprehensive security.

State Fermat’s theorem example. Write the algorithm forelse

Fermat’s theorem states that if p is a prime number, then for any integer a, the number a^p – a is an integer multiple of p.

Here p is a prime number
a^p ≡ a (mod p)

Example:

P = an integer Prime number
a = an integer that is not a multiple of P
Let a = 2 and P = 17

According to Fermat’s little theorem
2 17 – 1 ≡ 1 mod(17)
we got 65536 % 17 ≡ 1
that mean (65536-1) is a multiple of 17

 

It is used to test primality of large number. To test whether a given number ‘n’ is prime or not. Miller Rabin algorithm works as follow:

Step 1 : Write n – 1 = 2^k m, where m is odd.

Step 2 : Choose a random number a; 1 ≤ a ≤ n-1.

Step 3 : Compute b = a^m mod n.

Step 4 : If b ≡ 1 (mod n) then return prime.

Step 5 : for i = 0 to k-1 ,

• do if b ≡ -1 (mod n) then return prime.
• else b = b² mod n.

Step 6 : return composite.

Explain IP Security (IPSec) and its components.

IPSec (Internet Protocol Security):

IPSec is a suite of protocols designed to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet within a communication session. It operates at the network layer of the OSI model and can be used to provide security services for various protocols, including IP itself, as well as higher-layer protocols like TCP and UDP. IPSec is commonly used in virtual private network (VPN) implementations to ensure secure and private communication over the internet.

Key components of IPSec include:

1. Authentication Header (AH): Provides authentication and integrity checking for IP packets. Ensures that the data has not been altered during transit.
2. Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity for the data being transmitted. Encrypts the payload of the IP packet to protect it from eavesdropping.
3. Security Associations (SAs): SAs define the security parameters and keys used for protecting communication between two devices. Both AH and ESP use SAs to establish secure communication.
4. Key Management: Involves the generation, distribution, and management of cryptographic keys used for encryption and authentication. Key exchange protocols like IKE (Internet Key Exchange) are often used for this purpose.
5. Tunnel and Transport Modes: IPSec operates in two modes: tunnel mode and transport mode. In tunnel mode, the entire original IP packet is encrypted and becomes the payload of a new IPSec-protected packet. In transport mode, only the payload of the original packet is encrypted.

Explain the concept of digital signatures and differentiate between direct and arbitrated digital signatures.

Digital signatures are cryptographic mechanisms that provide a way to verify the authenticity and integrity of digital messages or documents. They are the digital equivalent of handwritten signatures or stamped seals, but they offer far more inherent security. Digital signatures rely on asymmetric cryptography, also known as public key cryptography.

Feature	Direct digital signature	Arbitrated digital signature
Parties involved	Two parties : signer and receiver are there in this.	There are three parties and they are : signer,  receiver and trusted third parties.
Verification process	Verifier uses public key to decrypt the signature and verify the message and integrity.	Verifier sends the message and signature to the trusted third party, who verifies the signature and sends the result to the verifier.
Impartability	Maybe seen as less impartial, as there is no third party involved.	More impartial, as the trusted third party is an independent entity.
Cost	Lower cost, as there is no any third parties are involved.	High cost, as there is third parties involved so they need to be paid.
Application	Low value transactions, internal communication.	High value transactions, contract, legal documents.