Unit 1: Cryptography

Cryptography / By /
Unit - 4 Cryptography

Unit 1: Cryptography

Que 1. List out the principles of Security.

Here are some most important questions which are asked in University exam for unit 1: cryptography

Having discussed some of the attacks that have occurred in real life, let us now classify the principles related to security. This will help us understand the attacks better, and also help us in thinking about the possible solutions to tackle them.

These are the four chief principles of security. There are two more: access control and availability, which are not related to a particular message, but are linked to the overall system as a whole.

1. Confidentiality

The principle of confidentiality specifies that only the sender and the intended recipient(s) should be able to access the contents of a message. Confidentiality gets compromised if an unauthorized person is able to access a message.

unit 1: cryptography

2. Authentication

Authentication mechanisms help establish proof of identities. The authentication process ensures that the origin of an electronic message or document is correctly identified.

U1.2

3. Integrity

When the contents of a message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost.

U1.3

4. Non-repudiation

There are situations where a user sends a message, and later on refuses that she had sent that message. The principle of non-repudiation defeats such possibilities of denying something after having done it. This is shown

U1.4

5. Access Control

The principle of access control determines who should be able to access what. An access-control mechanism can be set up to ensure this. Access control is broadly related to two areas: role management and rule management.

An Access Control List (ACL) is a subset of an access-control matrix.

6. Availability

The principle of availability states that resources (i.e. information) should be available to authorized parties at all times.

U1.5

A very less known standard on similar lines is the OSI standard for Security Model (titled OSI Security Model 7498-2). This also defines seven layers of security in the form of

  • Authentication
  • Access control
  • Non-repudiation
  • Data integrity
  • Confidentiality
  • Assurance or availability
  • Notarization or signature

7. Ethical and Legal Issues

Many ethical issues (and legal issues) in computer security systems seem to be in the area of the individual’s right to privacy versus the greater good of a larger entity (e.g. a company, society, etc.) .

Also Read: Unit III : Basic Radio Propagation and Multiple Access Techniques

Que 2. What do you mean by passive and active attacks?

Passive Attack

  • Passive attacks are those wherein the attacker indulges in eavesdropping or monitoring of data transmission.
  • In other words, the attacker aims to obtain information that is in transit.
  • Passive attacks are very difficult to detect because they do not involve any alteration of data. However, it is feasible to prevent the success of these attacks.
  • Passive attacks can be classified in to two categories-
    Release of message contents and Traffic analysis

Release of message contents

  • A telephone conversation, an e-mail message and a transferred file may contain sensitive or confidential information.
  • We would like to prevent the opponent from learning the contents of these transmissions.
  • In this type of passive attack, the information transmitted from one person to another gets into the hands of a third person/hacker.
U1.6

Traffic analysis

  • If we had encryption protection in place, an opponent might still be able to observe the pattern of the message.
  • The opponent could determine the location and identity of communication hosts and could observe the frequency and length of messages being exchanged.
  • This information might be useful in guessing the nature of communication that was taking place.

Active attacks

These attacks involve some modification of the data stream or the creation of a false stream.

Active attacks can be classified in to four categories:

Masquerade
Replay
Modification of messages
Denial of service

Masquerade

  • A ‘masquerade’ takes place when one entity pretends to be a different entity.
  • A masquerade attack usually includes one of the other forms of active attack.
  • Masquerade attacks can be carried out via stolen logins and passwords, by spotting holes in programmers, or by figuring out a way to get around the authentication procedure.
U1.8

Replay

  • Replay involve the passive capture of a data unit and its subsequent retransmission to produce an authorized effect. login control is tampered.
  • Eg. Suppose Alice wants to prove her identity to Bob.
  • Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like hashing, the password); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash).
  • After the interchange is over, Eve (acting as Alice) connects to Bob; when asked for proof of identity, Eve sends Alice’s password (or hash) read from the last session which Bob accepts, thus granting Eve access.
  • Information of the author can be changed by malicious user actions to save suspicious data in log files, up to the widespread alteration of data on behalf of others.

Modification of messages 

  • It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorised effect.
  • Modification compromises the accuracy of the source data.
  • For example, a message meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”.
  • In essence, it indicates that unauthorized individuals not only access data but also spoof it by modifying sent data packets or flooding the network with false data. 
U1.9

Denial of service

  • Prevents or inhibits the normal use or management of communication facilities.
  • Another form of service denial is the disruption of an entire network, either by disabling the network or overloading it with messages so as to degrade performance.
  • It is quite difficult to prevent active attacks absolutely, because to do so would require physical protection of all communication facilities and paths at all times.
  • Instead, the goal is to detect them and to recover from any disruption or delays caused by them.
U1.10

Que 3. define Steganography? Differentiate symmetric key and asymmetric key cryptography.

  • •A steganography technique involves hiding sensitive information within an ordinary, non-secret file or message, so that it will not be detected.
  • •The sensitive information will then be extracted from the ordinary file or message at its destination, thus avoiding detection.
  • •Steganography hides a message without altering its original format.
  • •Steganography is an additional step that can be used in conjunction with encryption in order to conceal or protect data.
  • •It comes from the Greek words steganos, which means “covered” or “hidden,” and graph, which means “to write.” Hence, “hidden writing.”
WhatsApp Group Join Now
Telegram Group Join Now
Instagram Group Join Now
Linkedin Page Join Now

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top