Attacks on Block Ciphers:

1. Brute Force Attack – Trying all possible keys.

2. Ciphertext-only Attack – Guessing patterns from only the ciphertext.

3. Chosen-plaintext Attack – Attacker selects input and studies output.

4. Side-Channel Attack – Attacking based on timing or power usage.

5. Padding Oracle Attack – Exploiting padding errors to find info

How CBC Works:

 CBC mode chains each block of plaintext with the previous ciphertext block.

 The first block is chained with a random value called IV (Initialization Vector).

 This helps hide patterns and makes encryption more secure.

🧱 Steps:

1. First, Plaintext block is XORed with IV.

2. Then it's Encrypted with a key.

3. The output (Ciphertext) is used as input for the next block.

4. Repeat for each block.

Advantages:

 Same message will give different output every time (if IV is different).

 More secure than basic block encryption.

❌ Disadvantages:

 Slower than other modes (because it waits for the previous block).

 Needs a random IV each time

What is DES?

 DES (Data Encryption Standard) is a symmetric key encryption algorithm.

 It takes a 64-bit block of plaintext and a 56-bit key.

 It runs the data through 16 rounds of processing.

 In each round, subkeys (48-bit) are used, generated from the main key.

 The input is a 64-bit block.

We split it into two halves:

 Left (L) = 32 bits

 Right (R) = 32 bits

 The Right half (R) is:

 Expanded to 48 bits using a fixed rule.

 XORed with a 48-bit key (for this round).

 The result goes into 8 S-boxes, which make it back to 32 bits.

 Then it is passed through a Permutation box (P) to rearrange bits.

 The output is then XORed with the Left half (L).

 Now:

 The old Right (R) becomes the new Left (L).

 The result from step 3 becomes the new Right (R).

 This completes one round.

The process repeats for 16 rounds in total

4. What is Triple DEA (3DES)? Why is it More Secure than DES?

🔐 What is Triple DEA?

 Triple DEA (or Triple DES) is an improvement over normal DES.

 It applies the DES algorithm three times to each data block.

🔁 How it works:

There are 3 keys used: K1, K2, K3 (or K1 = K3 in some versions)

Steps:

1. Encrypt with K1

2. Decrypt with K2

3. Encrypt again with K3

This is called EDE mode: Encrypt–Decrypt–Encrypt

🔒 Why is Triple DES More Secure?

Feature DES Triple DES

Key Size 56 bits 112 or 168 bits

Security Weak (can be broken by brute-force) Much stronger

Processing 1 encryption step 3 steps (EDE)

 Triple DES is secure against brute-force attacks because the key size is much larger.

 It gives better protection for sensitive data, even though it is slower.

How IDEA Works (International Data Encryption Algorithm)

🔐 What is IDEA?

 IDEA is a block cipher developed to replace DES.

 It encrypts 64-bit blocks using a 128-bit key.

  It is used in secure email and software (e.g., PGP).

⚙️Steps of IDEA:

1. Input: 64-bit plaintext is split into 4 parts of 16 bits each.

2. The algorithm runs for 8 rounds, plus 1 final round.

3. Each round uses 6 subkeys (from the 128-bit main key).

4. Operations used in each round:

o Modular addition (addition mod 65536)

o Multiplication (mod 65537)

o Bitwise XOR

🔁 Final Round:

 A special transformation is done using the remaining 4 subkeys.

 These mix the four 16-bit values and give the encrypted output.

Feature Symmetric Key Cryptography Asymmetric Key Cryptography

Same key for encryption and Two keys: public key and private
Keys Used
decryption key

Speed Fast Slow

Security Less secure (key must be shared) More secure (private key is kept secret)

Key Sharing Key must be exchanged securely No need to share the private key

Usage Best for encrypting large data quickly Used for secure key exchange, digital signatures

Exa AES, DES, RC4, Blowfish RS

mpl A,
es E
C
C,
 D
S
A

Diffie-Hellman is a method that lets two

people securely share a secret key over a
public network — even if someone is
listening.

🔸 This key can later be used for symmetric

encryption.

⚙️Basic Steps (in Simple Terms):

1. Public values are agreed upon:

o A prime number p

o A base number g (also called

generator)

2. Each person picks a secret number

(kept private):

o Person A picks secret a

o Person B picks secret b

3. Each person calculates a public value:

o A sends: A = g^a mod p

o B sends: B = g^b mod p

4. Both use each other's public value to

calculate the shared key:

o A computes: K = B^a mod p

o B computes: K = A^b mod p

➡️Both get the same secret key K, but no one

else can figure it out.

What is a Firewall?

A firewall is a security system that monitors

and controls incoming and outgoing network
traffic.
It acts like a barrier between a trusted
network (like your computer) and an
untrusted one (like the internet).

🧱 Firewall Design Principles

1. All traffic must go through the

firewall
– No direct connection allowed
without passing through it.

2. Only authorized traffic is allowed

– The firewall blocks or allows traffic
based on security rules.

3. The firewall itself must be secure

– It should not be easy to hack or
bypass.

🌟 Characteristics of Firewalls

Feature Description

Traffic Checks all incoming

Monitoring and outgoing data

Allows or blocks data

Filtering
based on rules

Records suspicious or
Logging
unauthorized activity

Access Controls who can

Control access what resources

Should be regularly
Updates updated to stay
secure

Types of Firewalls

Type Description

Checks data packets based on IP, port, and protocol. Fast,

Packet Filtering Firewall
but basic.

Stateful Inspection Firewall Tracks active connections and decides based on the
 Type Description

connection state. Secure.

Acts as a gateway between users and internet. Hides

Proxy Firewall
internal network.

Filters data for specific apps (like web or email). Very

Application Layer Firewall
detailed control.

Next-Generation Firewall Combines multiple features: deep inspection, antivirus,

(NGFW) intrusion prevention.

A DMZ (Demilitarized Zone) in networking is a special area between an internal network (like a
company’s private network) and the internet. It acts as a buffer zone to protect the internal
network from external threats.

✅ Purpose:

 Hosts public-facing services like web servers, email servers, or DNS servers.

 Keeps internal network isolated and secure, even if the DMZ gets attacked.

⚙️How it Works:

 The DMZ is placed between two firewalls or a firewall with three zones:

1. Internet (untrusted)

2. DMZ (semi-trusted)

3. Internal network (trusted)

🔒 Why It’s Important:

 If a hacker attacks a server in the DMZ, they still can’t reach the internal network.

 It adds an extra layer of security.

1. How Does Certificate-Based Authentication Work?

Certificate-based authentication uses digital certificates to verify a user’s or device’s identity

securely.

 Digital Certificate: A document issued by a trusted third party called a Certificate Authority
(CA). It contains:

o The user’s public key,

o User identity information,

o CA’s digital signature.

 Process:

1. When a user wants to authenticate, they send their digital certificate to the server.

2. The server checks the certificate’s validity by verifying the CA’s signature.

3. If valid, the server trusts the public key inside the certificate.

4. Using this key, the server and user establish a secure encrypted connection.

 This method avoids sending passwords over the network, reducing risks of interception.

 Used in SSL/TLS protocols for secure web browsing.

2. Differences Between Authentication and Authorization

Aspect Authentication Authorization

Meaning Verifies who the user is Decides what the user is allowed to do

When it
First step before access Happens after authentication
Occurs

Goal Confirm user’s identity Grant permissions to resources or services

Input Credentials like passwords, certificates Access control rules, user roles

Access granted or denied based on

Outcome Specific access rights given or denied
identity

Logging into email using username & User allowed to read emails but not delete
Example
password them

3. Services Provided by IPSec and Factorization Problem

IPSec is a protocol suite that protects internet communications through these services:
  Confidentiality: Encrypts IP packets so outsiders cannot read data.

 Data Integrity: Uses hashing to ensure data is not tampered with.

 Authentication: Confirms the identity of sender and receiver.

 Anti-Replay Protection: Prevents attackers from resending old data packets.

 Access Control: Controls who can send and receive packets.

 Factorization Problem:

o It is a mathematical problem of breaking down a large number into prime factors.

o This problem is computationally hard, which makes encryption algorithms like RSA
secure.

o The difficulty ensures attackers cannot easily find the private key.

4. Approaches for Intrusion Detection

Intrusion Detection Systems (IDS) monitor networks or systems for suspicious activity using these
methods:

 Signature-Based Detection:

o Uses a database of known attack patterns (signatures).

o Works well for known attacks but fails with new, unknown threats.

 Anomaly-Based Detection:

o Establishes a baseline of normal behavior.

o Detects deviations as possible intrusions.

o Can detect unknown attacks but may give false alarms.

 Specification-Based Detection:

o Defines expected behavior rules for programs.

o Detects deviations from these specifications.

 Hybrid Approach:

o Combines signature and anomaly methods.

o Improves detection accuracy and reduces false positives.

5. Clear Text Password Authentication with Example and Problems

 Explanation:

o In clear text authentication, the password is sent over the network without
encryption.
 o The server compares the received password with the stored password.

 Example:

o FTP or Telnet protocols often send passwords in clear text.

 Problems:

o Easy for attackers to capture passwords using sniffers.

o Leads to unauthorized access and security breaches.

o Not safe for public or shared networks.

o Lack of confidentiality and privacy.

6. Working Principle of Biometric Authentication

Biometric authentication uses unique physical or behavioral traits for identification:

 Process:

1. Data Capture: A sensor collects biometric data like fingerprints, face image, or iris
scan.

2. Feature Extraction: Important characteristics are extracted from the data.

3. Matching: The extracted features are compared with stored biometric templates.

4. Decision: If the features match within a threshold, authentication is successful.

 Advantages:

o Difficult to fake or share.

o Provides strong security.

 Common Biometrics: Fingerprint, face recognition, iris, voice.

1. Different Protocols Associated with SSL & SSL Record Protocol Header Fields

Protocols in SSL:

 Handshake Protocol: Used to establish secure connection by agreeing on algorithms,

exchanging keys, and authenticating parties.

 Record Protocol: Handles fragmentation, compression, encryption, and transmission of data

securely.

 Alert Protocol: Sends error and warning messages if something goes wrong.
  Change Cipher Spec Protocol: Signals the switch to new encryption methods during
handshake.

SSL Record Protocol Header Fields:

 Content Type (1 byte): Indicates the type of data (e.g., handshake, alert, application data).

 Version (2 bytes): SSL version number (e.g., SSL 3.0 or TLS 1.2).

 Length (2 bytes): Length of the payload (data) following the header.

This header helps to format and secure data before sending over the network.

2. How Pre-Master-Secret and Master-Secret Are Prepared in SSL Handshake Protocol

 Pre-Master-Secret:

o Client generates a random number called the pre-master-secret.

o It is encrypted with the server’s public key (from the server’s certificate) and sent to
the server.

 Master-Secret:

o Both client and server use the pre-master-secret and two random values (client
random and server random) to generate the master-secret.

o This master-secret is used to create session keys for encrypting data.

This process ensures a secure key exchange without sending the secret directly.

3. Steps Involved in the SSL Handshake Protocol

1. ClientHello: Client sends supported SSL version, cipher suites, and a random number.

2. ServerHello: Server responds with chosen cipher suite, SSL version, and its random number.

3. Server Certificate: Server sends its digital certificate to prove identity.

4. Server Key Exchange (optional): If needed, server sends additional key info.

5. Client Key Exchange: Client sends the pre-master-secret encrypted with server’s public key.

6. Change Cipher Spec: Both client and server notify they will start using the agreed encryption.

7. Finished: Both send finished messages encrypted with the new keys to confirm handshake
completion.

4. Explain SET with Suitable Model & Compare SSL and SET

SET (Secure Electronic Transaction):

A protocol developed to secure credit card payments online. It uses digital certificates to
authenticate both cardholders and merchants.
SET Model includes:

 Cardholder: Initiates transaction.

 Merchant: Sells goods/services.

 Issuer: Cardholder’s bank.

 Acquirer: Merchant’s bank.

 Payment Gateway: Processes payments.

Comparison SSL vs SET:

Feature SSL SET

Purpose Secure communication (general) Secure online credit card payments

Both cardholder and merchant

Authentication Server authentication mainly
authentication

Encrypts data between client and

Confidentiality Encrypts payment info separately
server

Complexity Simpler, widely used More complex, specific to payments

5. Explain PGP and How Authentication & Confidentiality Are Maintained

PGP (Pretty Good Privacy):

A software for secure email communication using a mix of symmetric and asymmetric encryption.

 Confidentiality:

o The message is encrypted with a symmetric key (fast).

o The symmetric key is encrypted with the receiver’s public key.

 Authentication:

o The sender creates a digital signature by hashing the message and encrypting the
hash with their private key.

o The receiver verifies the signature using sender’s public key.

This combination ensures only the receiver reads the message and verifies who sent it.

7. Short Note on S/MIME and Its Significance

S/MIME (Secure/Multipurpose Internet Mail Extensions):

A standard for encrypting and digitally signing email messages.

 Uses X.509 certificates for authentication.

 Provides message encryption for confidentiality.

  Provides digital signatures for integrity and authentication.

 Widely supported by email clients.

Significance:
Protects emails from eavesdropping and forgery, ensuring secure communication.

8. Short Note on Electronic Money and SHTTP

 Electronic Money:
Digital form of money used for online transactions, stored in digital wallets or accounts.
Examples include prepaid cards or cryptocurrencies.

 SHTTP (Secure Hypertext Transfer Protocol):

Protocol designed to provide secure transmission of web data, especially for secure e-
commerce transactions. It works by encrypting individual HTTP messages.

9. Alert Protocol and Record Protocol in SSL

 Alert Protocol:
Sends warnings or fatal error messages (e.g., connection failure, bad certificate). Alerts help
both parties know about problems during communication.

 Record Protocol:
Responsible for fragmenting, compressing, encrypting, and transmitting data. It ensures data
privacy and integrity during transmission.

10. SSL in TCP/IP Protocol Suite (with Explanation)

 SSL works between the Transport Layer (TCP) and Application Layer.

 It receives data from applications, encrypts it, and sends it to TCP.

 On receiving, SSL decrypts the data before passing it to the application.

 This layering ensures SSL provides security without changing TCP or applications.

11. PGP Key Exchange Between Bob and Alice

 Alice wants to send a secret message to Bob.

 Alice generates a random session key (symmetric).

 She encrypts her message with this session key.

 She encrypts the session key using Bob’s public key.

 Alice sends both the encrypted message and encrypted session key to Bob.

 Bob decrypts the session key with his private key and then decrypts the message.
12. Broad Steps of a Mail Security Protocol (Example: PGP)

1. Message Creation: User composes the message.

2. Hashing: Message is hashed to create a digest.

3. Signing: Digest is encrypted with sender’s private key (digital signature).

4. Encryption: Message and signature are encrypted with a symmetric key.

5. Key Encryption: Symmetric key is encrypted with receiver’s public key.

6. Sending: Encrypted message and encrypted key are sent.

7. Decryption: Receiver decrypts key with private key, then decrypts message.

8. Verification: Receiver verifies signature using sender’s public key.

1. Explain RSA Public Key Encryption Algorithm with Example

 RSA is a public-key encryption system used to securely send messages.

 It uses two keys:

o Public key (e, n): For encryption.

o Private key (d, n): For decryption.

 How it works:

1. Choose two large prime numbers ppp and qqq.

2. Compute n=p×qn = p \times qn=p×q.

3. Calculate ϕ(n)=(p−1)(q−1)\phi(n) = (p-1)(q-1)ϕ(n)=(p−1)(q−1).

4. Choose eee such that 1<e<ϕ(n)1 < e < \phi(n)1<e<ϕ(n) and eee is coprime to ϕ(n)\
phi(n)ϕ(n).

5. Compute ddd such that e×d≡1mod ϕ(n)e \times d \equiv 1 \mod \

phi(n)e×d≡1modϕ(n).

 Encryption: C=Memod nC = M^e \mod nC=Memodn

 Decryption: M=Cdmod nM = C^d \mod nM=Cdmodn

Example:

 Let p=3p=3p=3, q=11q=11q=11, so n=33n=33n=33, ϕ(n)=20\phi(n)=20ϕ(n)=20.

 Choose e=7e=7e=7 (coprime with 20).

 Find ddd such that 7×d≡1mod 207 \times d \equiv 1 \mod 207×d≡1mod20, d=3d=3d=3.

 To encrypt message M=2M=2M=2: C=27mod 33=128mod 33=29C = 2^7 \mod 33 = 128 \

mod 33 = 29C=27mod33=128mod33=29.
  To decrypt C=29C=29C=29: M=293mod 33=2M = 29^3 \mod 33 = 2M=293mod33=2.

2. In RSA, public key e=17e=17e=17, N=187N=187N=187. Find private key ddd.

 Factorize N=187=11×17N=187 = 11 \times 17N=187=11×17, so p=11,q=17p=11,

q=17p=11,q=17.

 Calculate ϕ(N)=(p−1)(q−1)=10×16=160\phi(N) = (p-1)(q-1) = 10 \times 16 = 160ϕ(N)=(p−1)

(q−1)=10×16=160.

 Find ddd such that e×d≡1mod 160e \times d \equiv 1 \mod 160e×d≡1mod160.

 Solve 17×d≡1mod 16017 \times d \equiv 1 \mod 16017×d≡1mod160.

 Using extended Euclidean algorithm, d=113d = 113d=113.

 So, private key is d=113d=113d=113.

 Public key is (e=17,N=187)(e=17, N=187)(e=17,N=187).

3. Given ciphertext CT=1570CT=1570CT=1570, public key E=79E=79E=79, N=3337N=3337N=3337,

find plaintext.

 Decrypt using private key ddd.

 First, factor N=3337N=3337N=3337 (usually big, but for simplicity assume factors known).

 Compute ϕ(N)=(p−1)(q−1)\phi(N) = (p-1)(q-1)ϕ(N)=(p−1)(q−1).

 Find ddd such that e×d≡1mod ϕ(N)e \times d \equiv 1 \mod \phi(N)e×d≡1modϕ(N).

 Then, compute PT=CTdmod NPT = CT^d \mod NPT=CTdmodN.

 This calculation requires factoring and modular exponentiation, done using software tools in
practice.

 The plaintext PTPTPT is the decrypted message.

4. Perform encryption and decryption with RSA: p=3,q=11,e=7,N=5p=3, q=11, e=7,

N=5p=3,q=11,e=7,N=5.

 First calculate N=p×q=3×11=33N = p \times q = 3 \times 11 = 33N=p×q=3×11=33 (N=5 is

incorrect if p=3, q=11).

 Use N=33N=33N=33.

 ϕ(N)=(3−1)(11−1)=2×10=20\phi(N) = (3-1)(11-1) = 2 \times 10 = 20ϕ(N)=(3−1)

(11−1)=2×10=20.

 Find ddd such that 7×d≡1mod 207 \times d \equiv 1 \mod 207×d≡1mod20.
d=3d=3d=3.
  Encrypt: For message M=4M=4M=4, C=47mod 33=16384mod 33=16C = 4^7 \mod 33 =
16384 \mod 33 = 16C=47mod33=16384mod33=16.

 Decrypt: M=163mod 33=4096mod 33=4M = 16^3 \mod 33 = 4096 \mod 33 =

4M=163mod33=4096mod33=4.

5. What is Key Wrapping? How is it Useful?

 Key Wrapping: It is a method to securely encrypt (wrap) one key using another key.

 It protects keys during storage or transmission.

 Wrapped keys are less vulnerable to attacks.

 Usefulness:

o Secure key management in cryptographic systems.

o Allows safe transfer of keys in networks.

o Prevents exposure of keys even if data is intercepted.

6. What is Digital Signature? How Are They Generated? What Do They Provide?

 A Digital Signature is an electronic fingerprint to prove message authenticity.

 Generation steps:

1. Hash the message to create a message digest.

2. Encrypt the digest with the sender’s private key.

3. The encrypted digest is the digital signature.

 What it provides:

o Authentication: Verifies sender’s identity.

o Integrity: Shows message is unchanged.

o Non-repudiation: Sender cannot deny sending the message.

7. What is Message Digest? Key Requirements?

 Message Digest: A fixed-size hash value computed from data using a hash function.

 Requirements:

o One-way: Cannot reverse hash to get original data.

o Fixed length: Output size is constant regardless of input size.

o Collision resistance: Hard to find two different inputs with same digest.
 o Efficiency: Quick to compute.

8. Difference Between MAC and Message Digest

Feature MAC (Message Authentication Code) Message Digest

Key Usage Uses a secret key for generating the code No key used (hash function only)

Purpose Provides authentication and integrity Provides data integrity only

Fixed-length code depends on key and

Output Fixed-length hash of message
message

Verification Receiver verifies using the shared secret key Receiver recalculates hash and compares

9. What is Digital Envelope? How Does It Work?

 A Digital Envelope is a way to securely send a message using a combination of symmetric

and asymmetric encryption.

 How it works:

1. Generate a random symmetric key.

2. Encrypt the message with the symmetric key.

3. Encrypt the symmetric key with the recipient’s public key.

4. Send both encrypted message and encrypted key to recipient.

 Recipient decrypts the symmetric key with private key, then decrypts the message.

10. Typical Contents of Digital Certificate

 Owner’s public key

 Owner’s identity information (name, organization)

 Certificate Authority (CA) name

 Certificate serial number

 Expiration date

 Digital signature of CA

 Certificate version and algorithm info

What are Passive Threats and Active Threats? Difference Between Them

 Passive Threats:
These threats involve listening or monitoring the communication without changing or
 disturbing it. The attacker just eavesdrops to get sensitive data like passwords, emails, or
credit card info.
Example: Eavesdropping, traffic analysis.

 Active Threats:
These involve interfering, modifying, or attacking the data or communication. The attacker
can change data, inject fake messages, or disrupt the system.
Example: Data modification, denial of service attack.

Aspect Passive Threats Active Threats

Goal Steal information quietly Damage, modify, or disrupt systems

Action No alteration of data Alters data or disrupts service

Detection Hard to detect Easier to detect

Examples Eavesdropping, traffic analysis Virus attack, DoS, data modification

2. What is IP Sniffing (Packet Sniffing) and IP Spoofing (Packet Spoofing)?

 IP Sniffing:
It is the process of capturing and monitoring data packets that travel over a network.
Attackers use special software (packet sniffers) to capture sensitive information like
passwords or emails.

 IP Spoofing:
It is when an attacker fakes the source IP address in a packet to make it look like it came
from a trusted source. This helps in hiding the attacker’s identity or bypassing security
checks.

3. Different Types of Cryptanalytic Attacks

 Ciphertext-only attack: Attacker has only the encrypted messages and tries to find the key or
plaintext.

 Known-plaintext attack: Attacker has some pairs of plaintext and corresponding ciphertext
and tries to find the key.

 Chosen-plaintext attack: Attacker can choose some plaintexts and get the ciphertexts,
aiming to find the key.

 Man-in-the-middle attack: Attacker intercepts and alters communication between two

parties.

 Brute force attack: Trying every possible key to decrypt a message.

4. What is a Worm? How Does It Differ From a Virus?

  Worm:
A worm is a standalone malware program that spreads automatically over networks without
needing to attach itself to other programs.

 Virus:
A virus attaches itself to other programs or files and spreads when the infected file runs.

Feature Worm Virus

Spreads Automatically Yes No, needs host program

Attaches to files No Yes

Action Spreads through network Infects files/programs

Effect Can cause network slowdowns Damages files and programs

5. Explain DOS Attack

 Denial of Service (DoS) Attack:

It is an attack aimed to make a network or service unavailable to users by overwhelming it
with a huge number of requests or data. The server gets overloaded and can’t respond to
real users.

 Example: Flooding a website with too many requests to crash it.

6. Distinguish Between Active Attacks and Passive Attacks with Examples

Aspect Active Attack Passive Attack

Nature Changes or disrupts data or service Only monitors or listens

Goal Damage, modify, or deny service Steal or gather information

Detectability Easier to detect Hard to detect

Examples Virus, DoS attack, data modification Eavesdropping, traffic analysis