Answer Key 1

V.S.
B ENGINEERING COLLEGE, KARUR-639111

(An Autonomous Institution, Affiliated to Anna University, Chennai)
CB3491-CRYPTOGRAPHY AND CYBERSECURITY
ANSWER KEY
PART - A
1)How steganography is used to encrypt the message?
Steganography is the practice of concealing a message within another medium to prevent
detection. It is different from encryption, which scrambles a message so it cannot be
understood. Steganography can be used in conjunction with encryption to enhance
security. Here’s a basic overview of how it can be used:
*Message Preparation:
The secret message is prepared and, optionally, encrypted using a conventional
encryption algorithm to add an extra layer of security.
*Carrier Selection:
A carrier or cover medium, such as an image, audio file, or text, is chosen to hide the
secret message within. Digital images are commonly used due to their large amount of
redundant data.
2) Define Cryptanalysis.
Cryptanalysis is the study and practice of analyzing and breaking cryptographic systems,
with the goal of decrypting encrypted messages without access to the secret key. It
involves a variety of techniques and methods to understand how encryption algorithms
work and to identify weaknesses or vulnerabilities that can be exploited.
* Ciphertext-Only Attack
* Known-Plaintext Attack
* Chosen-Plaintext Attack
* Chosen-Ciphertext Attack
* Side-Channel Attacks
* Mathematical Analysis
3) Find gcd (56,86) using Euclid's algorithm.
Euclid's algorithm is a method for finding the greatest common divisor (GCD) of two
integers. Here are the steps to find the GCD of 56 and 86:
 Start with the larger number (86) and the smaller number (56).
 Divide the larger number by the smaller number and find the Remainder.
-$ 86 \div 56 = 1 $ remainder $ 30 $
Replace the larger number with the smaller number, and the smaller number with the
remainder.
- New pair: (56, 30)
• Repeat the process until the remainder is 0.
- $ 56 \div 30 = 1 $ remainder $ 26 $
- New pair: (30, 26)
- $ 30 \div 26 = 1 $ remainder $ 4 $
- New pair: (26, 4)
- $ 26 \div 4 = 6 $ remainder $ 2 $
- New pair: (4, 2)
- $ 4 \div 2 = 2 $ remainder $ 0 $
When the remainder is 0, the divisor at this step (2) is the GCD.
So, the GCD of 56 and 86 is 2.
4) What is the significance of key distribution?
Key distribution is a critical aspect of cryptography, as it ensures that cryptographic keys are
securely delivered to the intended parties. The significance of key distribution lies in its impact
on the security and efficiency of cryptographic systems:
• Confidentiality
• Authentication
• Integrity
• Non-repudiation
• Scalability
5)Compare symmetric and asymmetric key cryptography.
Symmetric and asymmetric key cryptography are two fundamental approaches to securing
communications and data. Here's a comparison of the two:
Symmetric Key Cryptography
Definition: Symmetric key cryptography uses the same key for both encryption and
decryption of messages.
Asymmetric Key Cryptography
Definition: Asymmetric key cryptography uses a pair of keys – a public key for encryption
and a private key for decryption. Comparison
i) Key Size:
Symmetric: Typically uses shorter key lengths (128, 192, 256 bits for AES).
Asymmetric: Requires longer key lengths for comparable security (2048 bits or more for
RSA).
ii) Performance:
Symmetric: Faster and more efficient, suitable for encrypting large amounts of data.
Asymmetric: Slower, often used to encrypt small amounts of data (e.g., keys) or for digital
signatures.
iii) Key Distribution:
Symmetric: Requires a secure channel for key exchange.
Asymmetric: Public key can be openly distributed, simplifying key management.
iv) Applications:
Symmetric: Bulk data encryption, secure data storage, VPNs.
Asymmetric: Secure key exchange, digital certificates, email encryption, secure web
browsing.
6) Interpret Euler's totient function.
Euler's Totient Function ( $ \phi(n) $ )
Definition: Euler's totient function $ \phi(n) $ counts how many numbers from 1 to $ n $
are relatively prime to $ n $.
Relatively Prime: Two numbers are relatively prime if they have no common factors other
than 1.
Simple Examples
1. For $ n = 6 $:
- Numbers from 1 to 6: 1, 2, 3, 4, 5, 6.
- Relatively prime to 6: 1, 5.
- So, $ \phi(6) = 2 $.
2. For $ n = 9 $:
- Numbers from 1 to 9: 1, 2, 3, 4, 5, 6, 7, 8, 9.
- Relatively prime to 9: 1, 2, 4, 5, 7, 8.
- So, $ \phi(9) = 6 $.
Simple Formulas
1. Prime Number $ p $:
- If $ n $ is a prime number like 7:
- \[
\phi(7) = 7 - 1 = 6
\]
2. Product of Two Primes $ p $ and $ q $:
- If $ n = 15 $ (3 and 5 are prime factors):
- \[
\phi(15) = (3-1) \times (5-1) = 2 \times 4 = 8
\]
So, $ \phi(n) $ tells you how many numbers up to $ n $ don't share
any common factors with $ n $.
7) What do you interpret from one way property in hash function.
The "one-way" property in a hash function means that it is computationally infeasible to
reverse the process of hashing to retrieve the original input from the hash output. In other
words, given the hash value, you cannot easily determine what the original data was. This
property is essential for ensuring data integrity and security.
Key Points of the One-Way Property
i) The hash function transforms the input data into a
fixed-size string (the hash value), but there is no straightforward method to reconstruct
the original input from this hash value.
ii) Preimage Resistance: This is a formal term for the one-way
property. It means that for a given hash value $ H $, it should be difficult to find any
input $ x $ such that $ H = \text{hash}(x) $.
iii) Security Implications:
Data Integrity: Ensures that once data is hashed, the original data cannot be retrieved,
making it useful for storing and verifying data securely.
Password Storage: Hash functions are used to securely store passwords. Instead of
saving the actual password, systems store its hash value. Even if the hash value is
exposed, the original password cannot easily be determined.
iv) Applications:
Digital Signatures: Ensures that a document has not been altered by hashing the
document and signing the hash.
File Integrity Checking: Verifies that files have not been tampered with by comparing
their hash values.
Example:
If you hash the string "hello" using a hash function, you might get a hash value like
"2cf24dba5fb0a30e26e83b2ac5b0c0d1". The one-way property ensures that, from this
hash value alone, it is infeasible to determine that the original input was "hello".
8) Write about biometrics in terms of authentication.
Biometrics is a method of authentication that uses unique
physiological or behavioral characteristics of individuals to verify their
identity. Unlike traditional authentication methods, such as passwords or PINs,
which are knowledge-based, biometrics rely on physical traits or patterns that
are inherently part of the individual.
Key Types of Biometrics
i) Physiological Biometrics:
Fingerprint Recognition: Uses the unique patterns of ridges and valleys on a person's
fingertip.
Face Recognition: Analyzes facial features and contours. Modern systems use machine
learning to improve accuracy.
Iris Recognition: Scans the unique patterns in the iris of the eye. It is highly accurate and
difficult to forge.
Retina Recognition: Examines the pattern of blood vessels in the retina.
Hand Geometry: Measures the shape and size of a person's hand.
ii) Behavioral Biometrics:
Voice Recognition: Identifies individuals based on the unique characteristics of their voice,
such as pitch, tone, and speech patterns.
Keystroke Dynamics: Analyzes the typing patterns, such as typing speed and pressure, to
authenticate users.
Gait Recognition: Identifies people based on their walking patterns.
Advantages
1. Enhanced Security
2. Convenience
3. Non-Transferable
9) How do spyware affect the system?
Spyware is malicious software designed to secretly monitor and collect information about
a user's activities, often without their knowledge or consent. Here's how spyware can
affect a system:
1. Data Theft
Personal Information: Spyware can capture sensitive data such as login credentials,
financial information, and personal details.
Tracking Activities: It may record browsing history, email content, and keystrokes to
gather private information.
2. System Performance
Slower Performance: Spyware often consumes system resources, such as CPU and
memory, leading to decreased system performance and slower
operation.
3. Security Risks
Unauthorized Access: By capturing login credentials and other sensitive information,
spyware can facilitate unauthorized access to personal accounts and systems.
4. Privacy Invasion
Monitoring and Surveillance: Spyware invades privacy by monitoring user activities, such
as web browsing and communication, without the user's consent.
5. System Instability
Crashes and Errors: Spyware can cause system crashes, errors, or instability due to
conflicts with legitimate software or corrupted system files.
6. Unauthorized Advertising
Adware Integration: Some spyware is bundled with adware, which displays unwanted
advertisements or pop-ups, further disrupting user experience.
Preventive Measures
1. Use Antivirus Software: Regularly update and run antivirus scans to detect and
remove spyware.
2. Keep Software Updated: Ensure that your operating system and applications
are up to date with the latest security patches.
3. Regular Backups: Maintain regular backups of important data to mitigate the
impact of data loss.
10) State network access control.
Network Access Control (NAC) is a security approach that regulates who or what can
access a network and what resources they can use. NAC aims to ensure that only
authorized devices and users can connect to the network and that they comply with
security policies before being granted access.
Key Components of Network Access Control
1. Authentication:
User Authentication: Verifies the identity of users trying to access the network, typically
through usernames, passwords, biometrics, or multifactor authentication (MFA).
Device Authentication: Ensures that devices connecting to the network are recognized
and trusted, using methods such as certificates or device-specific credentials.
2. Authorization:
Access Policies: Defines what resources and services each user or device is allowed to
access based on their roles, attributes, or compliance status.
Role-Based Access Control (RBAC): Assigns permissions based on user roles within
the organization, ensuring that individuals have access only to the resources necessary
for their roles.
Benefits of Network Access Control
1. Enhanced Security
2. Policy Enforcement
3. Improved Visibility
4. Reduced Risk
Examples of Network Access Control Solutions
802.1X: An IEEE standard for port-based network access control that provides
authentication for devices trying to connect to a wired or wireless network.
Network Access Control Systems (NACS): Solutions from vendors like Cisco, Aruba,
and others that offer comprehensive NAC features, including device profiling,
compliance checks, and policy enforcement.
PART - B
11. a) Explain the OSI security architecture model with neat diagram in detail
The OSI (Open Systems Interconnection) security architecture model provides a

framework for understanding and implementing security measures in network
communication. The model is divided into several layers, each with its own security
considerations. Here's a detailed explanation along with a diagram:
OSI Security Architecture Model Layers
1. Physical Layer
- Security Focus: Protects against physical damage and unauthorized access to hardware.
- Examples: Physical locks, surveillance, and hardware tampering prevention.
2. Data Link Layer
- Security Focus: Ensures the integrity and authentication of data frames.
- Examples: MAC address filtering, frame relay security.
3. Network Layer
- Security Focus: Provides secure routing and ensures data is not intercepted or altered during
transit.
- Examples: IPsec, VPNs (Virtual Private Networks), and packet filtering.
4. Transport Layer
- Security Focus: Ensures data is securely transmitted between systems.
- Examples: TLS (Transport Layer Security), SSL (Secure Sockets Layer), and port
security.
5. Session Layer
- Security Focus: Manages and controls the dialog between systems, ensuring sessions are
secure and properly established.
- Examples: Session tokens and secure session management.
6. Presentation Layer
- Security Focus: Handles data encryption, decryption, and format translation to ensure data
security and privacy.
- Examples: Data encryption algorithms and secure encoding.
7. Application Layer
- Security Focus: Provides application-level security measures, including authentication,
authorization, and auditing.
- Examples: Firewalls, intrusion detection systems, and secure application protocols.
+-------------------------+
| Application Layer |
| (Firewalls, IDS, etc.) |
+-------------------------+
| Presentation Layer |
| (Encryption, Encoding) |
+-------------------------+
| Session Layer |
| (Session Management) |
+-------------------------+
| Transport Layer |
| (TLS, SSL) |
+-------------------------+
| Network Layer |
| (IPsec, VPNs) |
+-------------------------+
| Data Link Layer |
| (MAC Filtering) |
+-------------------------+
| Physical Layer |
| (Physical Security) |
+-------------------------+
Summary
Physical Layer: Focuses on securing the physical infrastructure.
Data Link Layer: Protects data frames and manages link-level security.
Network Layer: Ensures secure data routing and addresses network security.
Transport Layer: Provides secure end-to-end communication.
Session Layer: Manages secure sessions and dialogues.
Presentation Layer: Handles data encryption and format security.
Application Layer: Implements security controls at the application level.
Each layer addresses different aspects of security, ensuring comprehensive protection across
the entire network communication stack.
11. b) What is cryptography? Explain anny three types of substitution techniques and
transposition techniques with suitable examples
Cryptography is the practice of securing communication by transforming

information into an unreadable format, called ciphertext, to protect it from unauthorized
access. The goal is to ensure that only intended recipients, who have the decryption key,
can understand the message.
Substitution Techniques
In substitution techniques, each character in the plaintext is replaced with another
character. Here are three common substitution techniques:
1. Caesar Cipher
- Description: This is a simple substitution cipher where each letter in
the plaintext is shifted a certain number of places down or up the
alphabet.
- Example: With a shift of 3:
- Plaintext: HELLO
- Ciphertext: KHOOR
- Explanation: H → K, E → H, L → O, L → O, O → R
2. Atbash Cipher
- Description: This is a substitution cipher where each letter of the
alphabet is mapped to its reverse (A ↔ Z, B ↔ Y, etc.).
- Example:
- Plaintext: HELLO
- Ciphertext: SVOOL
- Explanation: H → S, E → V, L → O, L → O, O → L
3. Monoalphabetic Substitution Cipher
- Description: In this cipher, each letter in the plaintext is replaced with a
corresponding letter in a fixed substitution alphabet. The key is the
alphabet used for substitution.
- Example:
- Plaintext: HELLO
- Key: ZEBRASCDFGHIJKLMNOPQTUVWXYA
- Ciphertext: ZEBBPM
- Explanation: H → Z, E → E, L → B, L → B, O → P
Transposition Techniques
In transposition techniques, the characters in the plaintext are rearranged based on a certain
system. Here are three common transposition techniques:
1. Rail Fence Cipher
- Description: This method involves writing the plaintext in a zigzag pattern across
multiple lines (rails) and then reading it off line by line.
- Example: With 3 rails: - Plaintext: HELLO WORLD
- Rail Pattern:
H...O...R... .E.L.W.
R.L.D
..L...O...O.
- Ciphertext: HO R EL WRLD LO
2. Columnar Transposition
- Description: The plaintext is written into columns based on a key, and then the
columns are read off in a different order.
- Example: Using the key "3124" for the plaintext "HELLO WORLD":
- Plaintext Matrix:
1234
HELL
OWOR
LD
- Reading Columns: 3, 1, 2, 4
- Ciphertext: LLO O HLW RD
3. Scytale Cipher
- Description: This ancient transposition cipher involves writing the message on
a strip of paper wound around a rod of a certain diameter. When unwound, the message
appears scrambled.
- Example: If the plaintext "HELLO WORLD" is written on a rod with a
circumference of 4:
- Text on Rod:
HELL
OWOR
LD
- Ciphertext: HOW LLD EOL R
These techniques demonstrate different methods of securing messages through
substitution and transposition, each with its unique approach to encoding information.
12. a) (i) Explain Euclid's algorithm with an example
Euclid's Algorithm is a method for finding the greatest common
divisor (GCD) of two integers. The GCD is the largest number that divides
both integers without leaving a remainder. Euclid's Algorithm is based on the
principle that the GCD of two numbers also divides their difference.
Steps of Euclid's Algorithm
1. Subtract the smaller number from the larger number to get a new
number.
2. Replace the larger number** with this new number.
3. Repeat the process until the two numbers are equal.
4. The common number is the GCD.
Alternatively, you can use the modulo operation which is often more efficient:
1. Replace the larger number with the remainder when divided by the
smaller number.
2. Repeat the process until the remainder is zero.
3. The non-zero remainder before reaching zero is the GCD.
Example
Find the GCD of 48 and 18 using Euclid's Algorithm.
1. Initial Numbers: 48 and 18

- Compute $ 48 \mod 18 = 12 $ (48 divided by 18 leaves a remainder of 12)
2. Replace 48 with 18 and 18 with 12:
- New Numbers: 18 and 12
- Compute $ 18 \mod 12 = 6 $ (18 divided by 12 leaves a remainder of 6)
3. Replace 18 with 12 and 12 with 6:
- New Numbers: 12 and 6
- Compute $ 12 \mod 6 = 0 $ (12 divided by 6 leaves a remainder of
0)
4. When remainder is 0, the non-zero number is the GCD.

The GCD of 48 and 18 is 6.
Euclid's Algorithm efficiently finds the GCD by repeatedly replacing numbers
with their remainders until one number becomes zero. The non-zero number before
reaching zero is the GCD.
12. a) (ii) Describe about RC4 algorithm.
RC4 (Rivest Cipher 4) is a widely used stream cipher designed by Ronald Rivest in
1987. It is known for its simplicity and speed, making it popular in various encryption
applications. However, due to certain vulnerabilities, its use has declined in favor of more
secure algorithms.
How RC4 Works:
1. Key Scheduling Algorithm (KSA):
- Purpose: Initializes the state of the permutation array based on the encryption
key.
- Process:
1. Initialize an array S of 256 bytes, where S[i] = i for i = 0 to 255.
2. Permute the array based on the key. Use the key to swap values in the array,
creating a pseudorandom permutation.
2. Pseudo-Random Generation Algorithm (PRGA):
- Purpose: Generates a keystream that is XORed with the plaintext to produce
ciphertext.
- Process:
1. Initialize two indices, i and j, both set to 0.
2. Update i and j in each step. Swap elements in the array S based on these
indices to generate the keystream.
3. Generate a keystream byte by using the values from S indexed by (S[i] + S[j])
% 256.
Example of RC4 Encryption
Let's demonstrate RC4 with a simple example:
- Key: KEY
- Plaintext: HELLO
1. Key Scheduling Algorithm (KSA):
Convert the key KEY to its byte representation (e.g., ASCII values).
Initialize S array from 0 to 255.
Apply permutations to S based on the key.
2. Pseudo-Random Generation Algorithm (PRGA):
Use the permuted S array to generate a keystream.
3. Encryption:
XOR each byte of the plaintext with the corresponding byte of the keystream to produce the
ciphertext.
Security and Usage
Strengths: RC4 is fast and simple, making it suitable for hardware and software
implementations.
Weaknesses:
Initialization Vector Issues: Early RC4 implementations used static keys and non-random
initialization vectors, which led to vulnerabilities.
Biases: Certain biases in the keystream can leak information about the plaintext, especially if
the same key is used for multiple messages.
Modern Context
Due to its vulnerabilities, RC4 is no longer recommended for use in secure applications. It
has been replaced by more secure algorithms like AES (Advanced Encryption Standard) in
protocols such as TLS (Transport Layer Security) and WPA2 (Wi-Fi Protected Access 2).
In summary, RC4 is a fast and straightforward stream cipher, but its security issues have led
to its deprecation in favor of more secure encryption methods.
12.b) Sketch the general depiction of DES encryption algorithm.
The Data Encryption Standard (DES) is a symmetric-key block cipher that encrypts data in 64-bit
blocks using a 56-bit key. Here’s a general sketch of how DES encryption works:
DES Encryption Algorithm Overview
1. Initial Permutation (IP):
o The 64-bit plaintext block undergoes an initial permutation (IP), which is a
predefined bit rearrangement.
2. Round Function:
o DES operates through 16 rounds of processing. Each round involves the
following steps:
1. Splitting: The permuted input is split into two 32-bit halves: Left (L)
and Right (R).
2. Expansion: The 32-bit Right half (R) is expanded to 48 bits using an
expansion permutation.
3. Key Mixing: The expanded R is XORed with a round-specific subkey.
4. Substitution: The result is passed through a set of substitution boxes
(S-boxes) which reduce the 48-bit input to 32 bits.
5. Permutation: The output from the S-boxes is permuted using a P-box
(Permutation).
6. Feistel Function: The permuted output is XORed with the Left half (L),
and the result becomes the new Right half for the next round. The old
Right half (R) becomes the new Left half.
3. Round Keys:
o DES uses a 56-bit key, which is divided into 16 subkeys, each 48 bits long.
These subkeys are generated through a process involving key scheduling,
including permutation and shifts.
4. Final Permutation (IP⁻¹):
o After all 16 rounds, the final 64-bit block is permuted using the inverse of the
initial permutation (IP⁻¹) to produce the ciphertext.
+-----------------------------------+
| Initial Permutation (IP) |
| 64-bit Plaintext |
|↓ |
| Permuted Plaintext (64 bits) |
+-----------------------------------+
| Round 1 |
| +-------------------------------+ |
| | Left (L1) | Right (R1) | |
|| | | |
|| | | |
| +-------------------------------+ |
| Feistel Function |
| ↓ |
| +-------------------------------+ |
| | Left (L2) | Right (R2) | |
| +-------------------------------+ |
| ... |
| +-------------------------------+ |
| | Left (L16) | Right (R16) | |
| +-------------------------------+ |
+-----------------------------------+
| Final Permutation (IP⁻¹) |
| Ciphertext (64 bits) |
+-----------------------------------+
13. a) (i) Describe about the fermat and euler's theorem with example
Fermat's and Euler's theorems along with examples:
Fermat's Little Theorem
Statement:
If $ p $ is a prime number and $ a $ is any integer not divisible by $ p $, then $ a^{p-1} \
equiv 1\pmod{p} $.
Example:
Let's use Fermat's Little Theorem with $ p = 7 $ (a prime number) and $ a = 3 $.
According to the theorem:
\[ 3^{7-1} \equiv 1 \pmod{7} \]
So:
\[ 3^6 = 729 \]
Now, compute $ 729 \mod 7 $:
\[ 729 \div 7 = 104 \text{ remainder } 1 \]
Thus:
\[ 729 \equiv 1 \pmod{7} \]
This confirms Fermat's Little Theorem in this case
Euler's Theorem
Statement:
For any integer $ a $ and $ n $ where $ a $ and $ n $ are coprime (i.e., $ \gcd(a,
n) = 1 $), Euler's Theorem states:
\[ a^{\phi(n)} \equiv 1 \pmod{n} \]
where $ \phi(n) $ is Euler's totient function, which counts the number of integers
up to $ n $ that are coprime to $ n $.
Example:
Let's use Euler's Theorem with $ n = 10 $ and $ a = 3 $.
First, calculate $ \phi(10) $. Since 10 can be factored as $ 2 \times 5 $:
\[ \phi(10) = (10 \times (1 - \frac{1}{2})) \times (10 \times (1 - \frac{1}{5})) \]
\[ \phi(10) = 10 \times \frac{1}{2} \times \frac{4}{5} = 4 \]
According to Euler's Theorem:
\[ 3^4 \equiv 1 \pmod{10} \]
Now, compute $ 3^4 $:
\[ 3^4 = 81 \]
And:
\[ 81 \mod 10 = 1 \]
Thus:
\[ 3^4 \equiv 1 \pmod{10} \]
Both theorems are useful in number theory and cryptography for proving properties
related to modular arithmetic.
13. a) (ii) Discuss about the Chinese remainder theorem
The Chinese Remainder Theorem (CRT) is a fundamental result in number theory that
provides a way to solve systems of simultaneous congruences with pairwise coprime
moduli. Here's a detailed discussion:
Statement of the Theorem
Suppose you have a system of congruences:
1. $ x \equiv a_1 \pmod{n_1} $
2. $ x \equiv a_2 \pmod{n_2} $
3. $ \vdots $
4. $ x \equiv a_k \pmod{n_k} $
here $ n_1, n_2, \ldots, n_k $ are pairwise coprime (i.e., $\gcd(n_i, n_j) = 1$ for $i \neq
j$). Then there exists a unique solution $ x $ modulo $ N $, where $ N $ is the product
of all the moduli:
\[ N = n_1 \cdot n_2 \cdot \ldots \cdot n_k \]
Example
Let's solve the following system of congruences:
1. $ x \equiv 2 \pmod{3} $
2. $ x \equiv 3 \pmod{4} $
3. $ x \equiv 2 \pmod{5} $
Step 1:
Verify that the moduli are pairwise coprime.
- $ \gcd(3, 4) = 1 $
- $ \gcd(3, 5) = 1 $
- $ \gcd(4, 5) = 1 $
So, the moduli are pairwise coprime.
Step 2:
Compute the product of the moduli:
\[ N = 3 \cdot 4 \cdot 5 = 60 \]
Step 3:
Find the partial products:
- $ N_1 = \frac{N}{n_1} = \frac{60}{3} = 20 $
- $ N_2 = \frac{N}{n_2} = \frac{60}{4} = 15 $
- $ N_3 = \frac{N}{n_3} = \frac{60}{5} = 12 $
Step 4:
Find the multiplicative inverses:
We need to find integers $ M_1 $, $ M_2 $, and $ M_3 $ such that:
- $ 20 \cdot M_1 \equiv 1 \pmod{3} $
- $ 15 \cdot M_2 \equiv 1 \pmod{4} $
- $ 12 \cdot M_3 \equiv 1 \pmod{5} $
For $ M_1 $:
\[ 20 \mod 3 = 2 \]
So, find $ M_1 $ such that:
\[ 2 \cdot M_1 \equiv 1 \pmod{3} \]
$ M_1 = 2 $ (because $ 2 \cdot 2 = 4 \equiv 1 \pmod{3} $)
For $ M_2 $:
\[ 15 \mod 4 = 3 \]
For $ M_3 $:
\[ 12 \mod 5 = 2 \]
Step 5:
Compute the solution using:
\[ x = (a_1 \cdot N_1 \cdot M_1 + a_2 \cdot N_2 \cdot M_2 + a_3 \cdot N_3 \cdot M_3) \
mod N \]
Substitute the values:
\[ x = (2 \cdot 20 \cdot 2 + 3 \cdot 15 \cdot 3 + 2 \cdot 12 \cdot 3) \mod 60 \]
\[ x = (80 + 135 + 72) \mod 60 \]
\[ x = 287 \mod 60 \]
\[ x = 47 \]
So, the solution to the system is $ x \equiv 47 \pmod{60} $.
Applications
The Chinese Remainder Theorem is useful in various areas, including:
- Cryptography (e.g., RSA algorithm)
- Computing large numbers efficiently
- Solving problems in modular arithmetic
It provides a structured way to solve complex congruence systems by breaking them down
into simpler, manageable parts.
13. b) Users A and B use the diffie Hellman key exchange technique, a common prime q=11
and a primitive root alpha=7.
i) if user A has private key Xa=3.What is A's public key Ya?
ii) if user B has private key Xb=6.what is B's public key Yb?
iii) what is the shared secret key? Also write the algorithm
To perform the Diffie-Hellman key exchange, we'll follow these steps for the given
parameters:
- Common prime $ q = 11 $
- Primitive root $ \alpha = 7 $
- User A's private key $ X_A = 3 $
- User B's private key $ X_B = 6 $
(i) Calculate User A's Public Key
User A’s public key $ Y_A $ is calculated using the formula:
\[ Y_A = \alpha^{X_A} \mod q \]
Substitute the given values:
\[ Y_A = 7^3 \mod 11 \]
Calculate $ 7^3 $:
\[ 7^3 = 343 \]
Now compute $ 343 \mod 11 $:
So:
\[ 343 \equiv 2 \pmod{11} \]
Thus, User A's public key is:
\[ Y_A = 2 \]
(ii) Calculate User B's Public Key
User B’s public key $ Y_B $ is calculated using the formula:
\[ Y_B = \alpha^{X_B} \mod q \]
Substitute the given values:
\[ Y_B = 7^6 \mod 11 \]
\[ 7^6 = 117649 \]
Now compute $ 117649 \mod 11 $:
So:
\[ 117649 \equiv 5 \pmod{11} \]
Thus, User B's public key is:
\[ Y_B = 5 \]
(iii) Calculate the Shared Secret Key
To calculate the shared secret key, each user computes the secret key using the other user’s
public key and their own private key.
User A computes the shared secret key $ K $ as follows:
\[ K_A = Y_B^{X_A} \mod q \]
\[ K_A = 5^3 \mod 11 \]
\[ 5^3 = 125 \]
So:
\[ 125 \equiv 4 \pmod{11} \]
User B computes the shared secret key $ K $ as follows:
\[ K_B = Y_A^{X_B} \mod q \]
\[ K_B = 2^6 \mod 11 \]
\[ 2^6 = 64 \]
So:
\[ 64 \equiv 9 \pmod{11} \]
Both computations should yield the same result for the shared secret key.
In this case, the shared secret key $ K $ that both users compute is:
\[ K = 4 \]
Summary
1. User A's public key $ Y_A $ is 2.
2. User B's public key $ Y_B $ is 5.
3. The shared secret key $ K $ is 4.
Algorithm Summary
1. Choose a common prime $ q $ and a primitive root $ \alpha $.
2. Each user selects a private key (e.g., $ X_A $ for User A and $ X_B $ for User B).
3. Calculate public keys:
- User A: $ Y_A = \alpha^{X_A} \mod q $
- User B: $ Y_B = \alpha^{X_B} \mod q $
4. Exchange public keys.
5. Compute the shared secret key:
- User A: $ K = Y_B^{X_A} \mod q $
- User B: $ K = Y_A^{X_B} \mod q $
This algorithm ensures that both users end up with the same shared secret key, which can be
used for further secure communication.
14. a) i) Discuss about the secure hash algorithm
Secure Hash Algorithms (SHAs) are a family of cryptographic hash functions designed to
provide a fixed-size output (hash) for any input data, ensuring data integrity and security.
Here's a detailed discussion about SHA:
Overview of SHA
Hash functions play a crucial role in cryptographic systems. They convert input data into a
fixed-size string of bytes. The output is typically a digest that uniquely represents the input
data. Secure hash functions are designed to be secure against various types of attacks, such
as collision, pre-image, and second pre-image attacks.
Key Properties of a Secure Hash Function
1. Deterministic:
The same input always produces the same hash output.
2. Fixed Size:
The output length is constant regardless of the input size.
3. Fast Computation:
The hash value is computed quickly.
4. Pre-image Resistance:
Given a hash value, it should be infeasible to determine the original input.
5. Second Pre-image Resistance:
Given an input and its hash, it should be infeasible to find another input that produces
the same hash.
6. Collision Resistance:
It should be infeasible to find two different inputs that produce the same hash value.
SHA Family
1. SHA-0: The original version of SHA, released in 1993. It was withdrawn due to flaws.
2. SHA-1: Released in 1995, it produces a 160-bit hash value. SHA-1 has been found to be
vulnerable to collision attacks and is considered deprecated for security-
sensitive applications.
3. SHA-2: Released in 2001, SHA-2 is an improvement over SHA-1. It includes six hash
functions with output lengths of 224, 256, 384, and 512 bits:
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- SHA-512/224
- SHA-512/256
SHA-2 addresses many of the vulnerabilities found in SHA-1 and is widely used for
secure hashing.
4. SHA-3: Released in 2015, SHA-3 is the latest member of the Secure Hash Algorithm
family. It uses a different construction called the Keccak algorithm. SHA-3
provides the same hash lengths as SHA-2 but is based on a different
cryptographic approach.
Example of SHA-256
SHA-256 is a member of SHA-2 and produces a 256-bit (32-byte) hash value. It’s widely
used in various applications, including digital signatures, certificate
generation, and data integrity checks.
Example Hash Calculation with SHA-256:
Suppose you want to hash the input string "hello world":
1. Input: "hello world"
2. SHA-256 Hash Output:
a591a6d40bf420404a011733cfb7b190d62c65bf0bcda29fb4c8996fb92427ae
Python Example Using SHA-256:
import hashlib
# Input data
data = "hello world"
# Create a SHA-256 hash object
hash_object = hashlib.sha256(data.encode())
# Get the hexadecimal representation of the hash
hex_dig = hash_object.hexdigest()
print(hex_dig)
Output:
a591a6d40bf420404a011733cfb7b190d62c65bf0bcda29fb4c8996fb92427ae
Applications
1. Data Integrity: Ensuring data has not been altered by comparing hashes.
2. Digital Signatures: Hashing data before signing to verify authenticity and integrity.
3. Password Storage: Hashing passwords before storing them in databases.
4. Cryptographic Protocols: Used in various protocols to ensure secure communications.
Secure Hash Algorithms are fundamental to modern cryptography, ensuring data
integrity and security in various applications. SHA-2 is currently widely used
due to its robustness, while SHA-3 offers an alternative with a different
internal structure.
14. a) ii) Explore the design objectives of HMAC
HMAC (Hash-based Message Authentication Code) is a mechanism for providing
message integrity and authentication using cryptographic hash functions and a secret key.
The design objectives of HMAC are centered around ensuring that the message has not
been tampered with and verifying the authenticity of the message sender. Here’s a detailed
exploration of the design objectives of HMAC:
Design Objectives of HMAC
1. Data Integrity:
Ensure that the message has not been altered during transit. HMAC achieves this by
generating a hash code based on both the message and a secret key. Any
tampering with the message will lead to a different hash value.
2. Message Authentication:
Verify the identity of the sender. Only parties who know the secret key can generate the
correct HMAC. This prevents unauthorized entities from forging messages or
tampering with the message without detection.
3. Key Security:
Protect the secret key from exposure. HMAC is designed to be resistant to attacks that
could reveal the key. It achieves this by using a combination of the key and the
hash function in a secure manner.
4. Resistance to Cryptographic Attacks:
- Collision Resistance:
The hash function used in HMAC must be collision-resistant, meaning it is infeasible to
find two different inputs that produce the same hash output. This ensures that
an attacker cannot generate a different message with the same HMAC.
- Pre-image Resistance:
Given an HMAC value, it should be computationally infeasible to determine the
original input message and key.
- Second Pre-image Resistance:
Given an input message and its HMAC, it should be infeasible to find another message
that has the same HMAC.
5. Flexibility and Compatibility:
HMAC is designed to work with any cryptographic hash function, such as MD5, SHA-1,
SHA-256, etc. This provides flexibility and compatibility with existing
systems and hash functions.
6. Efficiency:
HMAC should be computationally efficient, ensuring that it does not introduce significant
overhead in terms of processing time and resources. It uses hash functions,
which are generally efficient to compute.
How HMAC Works
1. Key Padding:
If the secret key is longer than the block size of the hash function, it is hashed to reduce
its size. If it is shorter, it is padded to the block size.
2. Internal Structure:
- Outer Padding:
The key is XORed with an outer padding value (usually 0x5c repeated to match the
block size of the hash function).
- Inner Padding:
The key is XORed with an inner padding value (usually 0x36 repeated to match the
block size).
3. Hash Computation:
- Inner Hash: Concatenate the inner padding and the message, then hash the result.
- Outer Hash: Concatenate the outer padding with the result of the inner hash, then hash this
result to produce the final HMAC value.
Formula:
\[ \text{HMAC}(K, M) = \text{Hash}((K \oplus \text{opad}) \| \text{Hash}((K \oplus \
text{ipad}) \| M)) \]
Where:
- $ K $ is the secret key
- $ \text{Hash} $ is the hash function
- $ \text{opad} $ is the outer padding
- $ \text{ipad} $ is the inner padding
- $ \| $ denotes concatenation
Example
Let's compute an HMAC using SHA-256 with a key and message:
Key: "secretkey"
Message: "hello world"
1. Pad Key:
Adjust the key length if necessary.
2. Compute Inner Hash:
Concatenate inner padded key with the message, hash the result.
3. Compute Outer Hash:
Concatenate outer padded key with the result of the inner hash, hash this result to get the
final HMAC.
HMAC is designed to provide both message integrity and authentication by combining a
cryptographic hash function with a secret key. Its design objectives ensure resistance to
various cryptographic attacks, efficiency, and compatibility with different hash functions.
These characteristics make HMAC a widely used mechanism for secure message
verification and authentication in various security protocols and applications.
14. b) Explain the format of the X.509 certificate
The X.509 certificate format is a widely used standard for public key certificates in
various security protocols, including SSL/TLS, email encryption, and code signing. X.509
certificates are used to establish secure communications by verifying the identity of entities
through digital signatures and public key infrastructure (PKI). Here's a detailed explanation
of the X.509 certificate format:
X.509 Certificate Format
An X.509 certificate is essentially a digital document that binds a public key to the identity
of an entity. The format consists of several fields and components:
1. Version:
Specifies the version of the X.509 standard used. Common versions include:
- Version 1: Basic format
- Version 2: Adds support for additional extensions
- Version 3: Supports extensions, which are widely used in modern certificates
2. Serial Number:
A unique identifier for the certificate issued by the certificate authority (CA). It is used to
identify the certificate and can be used to revoke it if necessary.
3. Signature Algorithm:
Indicates the algorithm used by the CA to sign the certificate. Common algorithms
include RSA, ECDSA, and DSA, along with the hashing algorithm (e.g., SHA-256).
4. Issuer:
The distinguished name (DN) of the CA that issued the certificate. It includes fields
such as the CA’s name, organization, country, and other identifying details.
5. Validity Period:
Specifies the time frame during which the certificate is valid. It includes:
- Not Before:
The start date and time from which the certificate is valid.
- Not After:
The end date and time until which the certificate is valid.
6. Subject:
The distinguished name (DN) of the entity to which the certificate is issued. It
includes fields such as the entity’s name, organization, and country.
7. Subject Public Key Information:
Contains the public key associated with the entity and the algorithm used. It
includes:
- Public Key Algorithm:
Specifies the algorithm used for the public key (e.g., RSA, ECDSA).
- Public Key:
The actual public key value.
8. Issuer Unique Identifier :
An optional field used to uniquely identify the issuer. It is used in X.509 version 2
and 3 certificates to handle cases where the issuer may change its
distinguished name.
9. Subject Unique Identifier :
An optional field used to uniquely identify the subject. Similar to the issuer unique
identifier, it is used in version 2 and 3 certificates.
10. Extensions (Version 3 and later):
Provides additional information and capabilities. Common extensions include:
- Basic Constraints:
Indicates whether the certificate is a CA certificate and specifies the maximum
depth of valid certification paths.
- Key Usage:
Specifies the purpose of the key contained in the certificate (e.g., digital signature,
key encipherment).
- Extended Key Usage:
Specifies additional purposes for which the key can be used (e.g., server
authentication, client authentication).
- Subject Alternative Name (SAN):
Provides additional identities for the subject, such as DNS names, IP addresses,
and email addresses.
- Authority Key Identifier:
Identifies the public key corresponding to the CA that issued the certificate.
- Subject Key Identifier:
Provides a unique identifier for the public key contained in the certificate.
11. Signature:
The digital signature of the CA, which is used to verify the authenticity and integrity
of the certificate. It is computed by applying the signature algorithm to the
certificate’s data.
Example Structure
Here is a simplified structure of an X.509 certificate:
1. Certificate
- Version: 3
- Serial Number: 123456
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=Example CA, O=Example Organization, C=US
- Validity
- Not Before: 2024-01-01
- Not After: 2025-01-01
- Subject: CN=www.example.com, O=Example Organization, C=US
- Subject Public Key Info
- Public Key Algorithm: rsaEncryption
- Public Key: (key value)
- Extensions
- Basic Constraints: CA: false
- Key Usage: Digital Signature, Key Encipherment
- Subject Alternative Name: DNS:www.example.com
- Signature Algorithm: sha256WithRSAEncryption
- Signature: (digital signature value)
The X.509 certificate format is a standardized way to encode public key certificates.
It includes essential fields such as version, serial number, issuer, subject, validity period,
public key information, and optional extensions. The digital signature ensures the integrity
and authenticity of the certificate. X.509 certificates are crucial in establishing secure
communications and verifying identities in various security protocols.
15. a) i) Examine the attacks that happened through password cracking
Password cracking attacks are a common cybersecurity threat, where attackers attempt to
gain unauthorized access to accounts or systems by deciphering passwords. Here are some
notable examples of password cracking attacks:
1. Yahoo Data Breach (2013-2014):
One of the largest breaches in history, it affected all 3 billion Yahoo accounts. Attackers
used stolen passwords from previous breaches and brute-force attacks to
compromise these accounts.
2. LinkedIn Breach (2012):
This breach involved 6.5 million hashed passwords being stolen. The attackers used
brute-force methods to crack the passwords, exploiting weak hashing
algorithms.
3. Adobe Breach (2013):
Attackers stole data from 38 million Adobe accounts. They used methods like dictionary
attacks and rainbow tables to crack hashed passwords that used weak
encryption.
4. Target Data Breach (2013):
Hackers used stolen credentials to gain access to Target's network. They exploited weak
passwords and poor security practices to access sensitive data.
5. Sony PlayStation Network Breach (2011):
Attackers exploited weak password policies and security flaws to access user accounts
on the PlayStation Network, compromising personal information of 77 million
users.
In these attacks, methods such as brute-force attacks, dictionary attacks, and rainbow
tables were commonly used. To mitigate the risk of password cracking, it’s crucial to use
strong, complex passwords, employ multi-factor authentication, and implement robust
hashing algorithms.
15. a) ii) Write short note on keyloggers
Keyloggers are malicious software or hardware designed to record keystrokes on a computer
or mobile device. They capture everything typed, including passwords, personal information,
and sensitive data, and then send this information to the attacker.
Types of Keyloggers:
1. Software Keyloggers:
These are programs installed on a device, often disguised as legitimate software or
embedded in malware. They can be distributed via phishing emails, malicious
downloads, or compromised websites.
2. Hardware Keyloggers:
These are physical devices attached to a computer between the keyboard and the
computer. They do not require software installation and can be harder to
detect.
Impacts of Keyloggers:
- Privacy Breach:
They can steal sensitive personal information, including financial data and login
credentials.
- Identity Theft:
Stolen data can be used for fraudulent activities and identity theft.
- Data Compromise:
Organizations can suffer from data breaches if keyloggers capture confidential business
information.
Protection Measures:
- Use up-to-date antivirus and anti-malware software.
- Be cautious of downloading software from untrusted sources.
- Regularly update operating systems and applications.
- Implement multi-factor authentication to reduce the impact of stolen credentials.
15. b) i) How do we prevent SQL injection attacks? Explain in detail
SQL injection attacks occur when an attacker inserts or manipulates
SQL queries in a way that compromises the database's integrity or exposes sensitive data.
Preventing SQL injection requires a combination of secure coding practices and defensive
measures. Here's a detailed approach to preventing SQL injection attacks:
1. Use Prepared Statements and Parameterized Queries
- Prepared Statements:
These are SQL statements that are sent to and parsed by the database server
before any parameters are substituted. By separating the SQL code from the
data, prepared statements prevent attackers from injecting malicious SQL.
- Parameterized Queries:
Similar to prepared statements, parameterized queries use placeholders for
data input, which the database server processes separately from the query
logic.
Example (in PHP with PDO):
php
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username
AND password = :password");
$stmt->execute(['username' => $username, 'password' => $password]);
2. Use Stored Procedures
- Stored procedures are precompiled SQL code stored in the database. When
executed, they are protected from SQL injection because they separate SQL
code from user input.
Example (in SQL Server):
sql
CREATE PROCEDURE GetUser
@username NVARCHAR(50),
@password NVARCHAR(50)
AS
BEGIN
SELECT * FROM users WHERE username = @username AND password =
@password;
END;
3. Escape User Input
- Escaping involves adding escape characters to special characters in user input,
ensuring that they are treated as data rather than executable code. However,
this method is less secure than prepared statements and parameterized queries.
Example (in PHP with MySQLi):
php
$username = mysqli_real_escape_string($conn, $username);
$query = "SELECT * FROM users WHERE username='$username'";
4. Use ORM (Object-Relational Mapping) Libraries
- ORM libraries abstract database interactions and automatically handle
parameterization. They reduce the risk of SQL injection by using high-level
data access methods.
Example (in Python with SQLAlchemy):
python
user = session.query(User).filter(User.username == username).first()
5. Implement Input Validation
- Validate and sanitize user input to ensure it conforms to expected formats. Reject or
clean data that does not meet criteria before processing it.
Example:
- For a username field, ensure it only contains alphanumeric characters and is
within a specific length range.
6. Use Least Privilege Principle
- Ensure database accounts have the minimum permissions necessary. For
instance, an application user should not have rights to modify or delete
database structures.
7. Regularly Update and Patch Systems
- Keep database management systems, libraries, and application frameworks up to
date with the latest security patches.
8. Employ Web Application Firewalls (WAFs)
- WAFs can detect and block SQL injection attacks by filtering and monitoring
HTTP requests.
9. Conduct Regular Security Audits and Code Reviews
- Regularly review and test your code for vulnerabilities. Automated tools and
manual audits can help identify and fix potential security issues.
By integrating these practices, you can significantly reduce the risk of SQL
injection attacks and enhance the overall security of your applications and
databases.
15. b) ii) Analyze the challenges present in web security
Web security faces numerous challenges due to the complexity of web
technologies, the evolving nature of threats, and the need for constant vigilance. Here’s an
analysis of key challenges:
1. Evolving Threat Landscape
- New Vulnerabilities:
Attackers continuously discover new vulnerabilities in software, frameworks, and
protocols. Staying ahead requires continuous monitoring and updating.
- Advanced Attacks:
Analyze the challenges present in web security
Web security faces numerous challenges due to the complexity of web technologies, the
evolving nature of threats, and the need for constant vigilance. Here’s an
analysis of key challenges:
1. Evolving Threat Landscape
- New Vulnerabilities:
Attackers continuously discover new vulnerabilities in software, frameworks, and
protocols. Staying ahead requires continuous monitoring and updating.
- Advanced Attacks:
Threats such as zero-day attacks, sophisticated phishing, and advanced persistent
threats (APTs) are increasingly difficult to detect and mitigate.
2. Complex Web Architectures
- Microservices and APIs:
Modern web applications often use microservices and APIs, which can create
security challenges due to the increased attack surface and inter-service
communication vulnerabilities.
- Third-Party Integrations:
Integration with third-party services, such as payment gateways or social media
logins, can introduce vulnerabilities if these services are compromised.
3. Data Privacy and Protection
- Sensitive Data Handling:
Properly securing sensitive user data (e.g., personal identification information,
financial details) is crucial. Inadequate encryption or improper data handling
can lead to data breaches.
- Compliance:
Adhering to data protection regulations (e.g., GDPR, CCPA) involves complex
requirements for data security and privacy.
4. User Authentication and Authorization
- Weak Passwords:
Users often create weak or reused passwords, making them susceptible to
credential stuffing and brute-force attacks.
- Session Management:
Properly managing user sessions (e.g., session fixation, session hijacking) is
challenging, especially in applications with high user traffic.
5. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
- XSS:
Attackers inject malicious scripts into web pages viewed by other users,
potentially leading to data theft or session hijacking.
- CSRF:
Attackers trick users into performing actions on behalf of authenticated users
without their consent.
6. Insecure Code and Development Practices
- Code Quality:
Poor coding practices and lack of security awareness can lead to vulnerabilities
such as SQL injection or insecure deserialization.
- Dependency Management:
Using outdated or vulnerable libraries and frameworks can introduce security
risks. Regular updates and dependency management are crucial.
7. Denial of Service (DoS) Attacks
- Volume-Based Attacks:
Attackers can overwhelm a web application or server with excessive traffic,
leading to service unavailability.
- Application Layer Attacks:
These attacks target specific features or functionalities of an application, such as
login pages or search functionality, to disrupt service.
8. Security Misconfigurations
- Default Settings:
Leaving default configurations or inadequate security settings can expose
vulnerabilities.
- Access Controls:
Improperly configured access controls can allow unauthorized users to access
restricted areas or data.
9. Human Factor
- User Awareness:
Users often lack awareness about security best practices, making them
susceptible to social engineering attacks and phishing.
- Developer Training:
Developers may not be fully trained in secure coding practices, leading to
vulnerabilities in applications.
10. Resource Constraints
- Budget and Expertise:
Small organizations may struggle with limited budgets and lack of expertise to
implement and maintain robust security measures.
- Scalability:
Ensuring security while scaling applications and infrastructure can be
challenging.
Addressing these challenges requires a comprehensive approach, including
implementing robust security practices, regularly updating and patching
systems, educating users and developers, and employing advanced security
technologies.
PART -C
16. a) i) Explain RSA algorithm in detail. Perform decryption and encryption using RSA
algorithm with p=3,q=11,e=7 and N=5
RSA Algorithm Overview
The RSA algorithm is a widely used public key cryptosystem that provides secure data
encryption and digital signatures. It is based on the mathematical properties of prime
numbers and modular arithmetic.
Steps in RSA Algorithm:
1. Key Generation:
- Choose Two Distinct Prime Numbers (p and q):
These are used to compute the modulus for both the public and private keys.
- Compute N:
$ N = p \times q $
- Compute Euler’s Totient Function (φ(N)):
$ \phi(N) = (p - 1) \times (q - 1) $
- Choose Public Exponent (e):
This should be a number such that $ 1 < e < \phi(N) $ and $ e $ is coprime with $ \
phi(N) $.
- Compute Private Exponent (d):
This is the modular multiplicative inverse of $ e $ modulo $ \phi(N) $, i.e., $ d \times
e \equiv 1 \ (\text{mod} \ \phi(N)) $.
2. Encryption:
- Public Key (e, N):
Used to encrypt the plaintext.
- Ciphertext (C):
$ C = M^e \ (\text{mod} \ N) $
3. Decryption:
- Private Key (d, N):
Used to decrypt the ciphertext.
- Plaintext (M):
$ M = C^d \ (\text{mod} \ N) $
Example with Given Parameters
Let's perform encryption and decryption using RSA with the parameters:
- $ p = 3 $
- $ q = 11 $
- $ e = 7 $
- $ N = 5 $ (Note: Here, $ N $ is incorrect since $ N $ should be $ p \times q $, which is \
( 3 \times 11 = 33 \). We’ll use $ N = 33 $.)
1. Key Generation
- Compute N:
$ N = p \times q = 3 \times 11 = 33 $
- Compute φ(N):
$ \phi(N) = (p - 1) \times (q - 1) = (3 - 1) \times (11 - 1) = 2 \times 10 = 20 $
- Public Exponent (e):
Given as $ e = 7 $
- Compute Private Exponent (d):
We need $ d $ such that $ d \times e \equiv 1 \ (\text{mod} \ \phi(N)) $. So, we need \
( d \times 7 \equiv 1 \ (\text{mod} \ 20) \).
To find $ d $, we solve:
- $ 7d \equiv 1 \ (\text{mod} \ 20) $
- By testing values or using the extended Euclidean algorithm, we find $ d = 3 $.
Thus, the keys are:
- Public Key: (7, 33)
- Private Key: (3, 33)
2. Encryption
Suppose we want to encrypt the plaintext $ M = 4 $.
- Ciphertext (C):
$ C = M^e \ (\text{mod} \ N) $
- $ C = 4^7 \ (\text{mod} \ 33) $
- Calculate $ 4^7 = 16384 $
- $ 16384 \ (\text{mod} \ 33) = 31 $
So, Ciphertext (C) = 31.
3. Decryption
To decrypt the ciphertext $ C = 31 $:
- Plaintext (M):
$ M = C^d \ (\text{mod} \ N) $
- $ M = 31^3 \ (\text{mod} \ 33) $
- Calculate $ 31^3 = 29791 $
- $ 29791 \ (\text{mod} \ 33) = 4 $
So, Plaintext (M) = 4.
- Public Key: (7, 33)
- Private Key: (3, 33)
- Encryption of 4: Results in ciphertext 31
- Decryption of 31: Results in plaintext 4
The RSA algorithm ensures that the original message is recovered after encryption and
decryption, demonstrating its effectiveness in securing communications.
16. b) Illustrate the application of Kerberos in ensuring secure authentication within a
corporate network. Describe a scenario where an employee attempts to access sensitive
company resources, detailing the step-by-step process of how Kerberos facilitates this
authentication. Emphasize the role of tickets,key distribution centers, and encryption
protocols involved. Additionally, discuss potential security vulnerabilities and how
Kerberos mitigates them in the context of the given scenario.
Kerberos is a network authentication protocol designed to provide secure authentication over
an insecure network. It is particularly effective in corporate environments where sensitive
resources need protection. Here's a detailed illustration of how Kerberos ensures secure
authentication within a corporate network, using an example scenario:
Scenario: Accessing Sensitive Company Resources
Scenario Description:
An employee, Alice, wants to access a sensitive company resource, such as a financial
database, within a corporate network.
Step-by-Step Authentication Process
1. Initial Login (Client Authentication)
- Alice's Action:
Alice logs into her workstation and provides her username and password.
- Kerberos Client Action:
The Kerberos client on Alice's workstation sends a request to the Key Distribution Center
(KDC) to authenticate her.
2. Authentication Request
- KDC Response:
The KDC responds with an Authentication Ticket (TGT) and a session key. The TGT
is encrypted with Alice’s password-derived key (from her initial login) and
contains a session key and a timestamp.
3. Ticket-Granting Ticket (TGT)
- Alice’s Action:
Alice’s workstation decrypts the TGT using the password-derived key and retrieves
the session key. Alice's workstation now has a valid TGT.
- TGT Role:
The TGT is used to obtain service tickets for accessing specific resources within the
network. It is valid for a specified time period.
4. Service Request
- Alice’s Action:
Alice tries to access the financial database.
- Kerberos Client Action:
Alice’s workstation sends a request to the KDC to obtain a Service Ticket (TGS
Request) for the financial database service, using the TGT.
5. Service Ticket Request
- KDC Response:
The KDC verifies the TGT and responds with a Service Ticket (TGS) for the financial
database. The Service Ticket is encrypted with the database’s secret key and
contains a session key specific to this session.
6. Accessing the Service
- Alice’s Action:
Alice’s workstation presents the Service Ticket to the financial database server to
access the sensitive resource.
- Database Server Action:
The database server decrypts the Service Ticket using its secret key, retrieves the
session key, and authenticates Alice.
7. Session Establishment
- Alice’s Action:
If the Service Ticket is valid, the database server allows Alice access to the resource
and establishes a secure session using the session key provided in the Service
Ticket.
Key Components and Protocols
1. Key Distribution Center (KDC):
The KDC is central to Kerberos, consisting of two parts:
- Authentication Server (AS):
Authenticates users and issues TGTs.
- Ticket-Granting Server (TGS):
Issues Service Tickets based on valid TGTs.
2. Tickets:
- Ticket-Granting Ticket (TGT):
Used to request service tickets. Encrypted with the user’s password-derived key.
- Service Ticket (TGS):
Used to access specific services. Encrypted with the service’s secret key.
3. Encryption Protocols:
- Symmetric Encryption:
Kerberos uses symmetric encryption (e.g., DES, AES) for encrypting tickets and
session keys. This ensures that only the intended recipient (the KDC or
service) can decrypt the ticket.
Security Vulnerabilities and Mitigations
1. Password Theft:
- Vulnerability:
If an attacker obtains Alice’s password, they could potentially generate a valid TGT.
- Mitigation:
Strong password policies and multi-factor authentication (MFA) reduce the risk of
password theft.
2. Ticket Forgery:
- Vulnerability:
Attackers might attempt to forge tickets.
- Mitigation:
Kerberos relies on strong encryption algorithms and secure key management practices
to prevent ticket forgery.
3. Replay Attacks:
- Vulnerability:
An attacker might capture and reuse valid tickets.
- Mitigation:
Kerberos uses timestamps and expiration times in tickets to prevent replay attacks.
The use of nonces (random values) also helps to ensure ticket freshness.
4. Session Hijacking:
- Vulnerability:
Attackers might hijack an authenticated session.
- Mitigation:
The use of session keys and encryption ensures that even if session data is
intercepted, it cannot be decrypted without the correct session key.
Kerberos facilitates secure authentication by using a combination of tickets, a Key

Distribution Center, and encryption protocols to ensure that users can access sensitive
resources securely. It effectively mitigates several security vulnerabilities through strong
encryption, time-sensitive tickets, and secure key management practices.

Answer Key 1

Uploaded by

Copyright:

Available Formats

Answer Key 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Answer Key 1

Uploaded by

Copyright:

Available Formats

V.S.

B ENGINEERING COLLEGE, KARUR-639111

Examples of Network Access Control Solutions

The OSI (Open Systems Interconnection) security architecture model provides a

Cryptography is the practice of securing communication by transforming

1. Initial Numbers: 48 and 18

4. When remainder is 0, the non-zero number is the GCD.

Kerberos facilitates secure authentication by using a combination of tickets, a Key

You might also like