Q:1 Briefly explain at-least three examples of
Passive and Active attacks security attacks?
Passive Attack
A passive attack monitors unencrypted
traffic and looks for clear-text passwords and sensitive information that can
be used in other types of attacks. Passive attacks include traffic
analysis, monitoring of unprotected communications, decrypting weakly encrypted
traffic, and capturing authentication information such as passwords. Passive
interception of network operations enables adversaries to see upcoming actions.
Passive attacks result in the disclosure of information or data files to an
attacker without the consent or knowledge of the user.
Examples of Passive Attacks:
Wire Tapping:
Telephone
tapping (also wire
tapping or wiretapping in American
English) is the monitoring of telephone and Internet conversations by a third party, often by covert means. The
wire tap received its name because, historically, the monitoring connection was
an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful
interception. Passive
wiretapping monitors or
records the traffic, while active
wiretapping alters or
otherwise affects it.
Port scanner:
A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host
with the view to compromise it.
A port scan or portscan is "An attack that sends client
requests to a range of server port addresses on a host, with the goal of
finding an active port and exploiting a known vulnerability of that
service."
Idle Scan:
The idle scan is a TCP port scan method that consists of sending spoofed packets to a computer to find out what services are available. This
is accomplished by impersonating another computer called a "zombie"
(that is not transmitting or receiving information) and observing the behavior
of the zombie system.
This action can be done through
common software network utilities such as nmap and hping. The attack involves sending
forged packets to a specific machine target in an effort to find distinct
characteristics of another zombie machine. The attack is sophisticated
because there is no interaction between the attacker computer and the target:
the attacker interacts only with the "zombie" computer.
Active Attack
In an active attack, the attacker tries to
bypass or break into secured systems. This can be done through stealth,
viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break
protection features, to introduce malicious code, and to steal or modify
information. These attacks are mounted against a network backbone, exploit
information in transit, electronically penetrate an enclave, or attack an
authorized remote user during an attempt to connect to an enclave. Active
attacks result in the disclosure or dissemination of data files, DoS, or
modification of data.
denial-of-service
attack (DoS attack):
denial-of-service
attack (DoS attack) or distributed
denial-of-service attack (DDoS
attack) is an attempt to make a computer or network resource unavailable to
its intended users. Although the means to carry out, motives for, and targets
of a DoS attack may vary, it generally consists of the concerted efforts of a
person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or
indefinitely. Perpetrators of DoS attacks typically target sites or services
hosted on high-profile web
servers such as banks,credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also
used in reference to CPU resource management.
Spoofing
Attacks:
In the context
of network security, a spoofing
attack is a situation in
which one person or program successfully masquerades as another by falsifying
data and thereby gaining an illegitimate advantage.
Ping Flood:
A ping flood is a simple denial-of-service attack where the attacker/s overwhelms the victim with ICMP Echo Request (ping) packets. This is most effective by using the flood option of ping
which sends ICMP packets as fast as possible without waiting for replies. Most
implementations of ping require the user to be privileged in order to specify
the flood option. It is most successful if the attacker has more bandwidth than the victim (for instance an attacker with a DSL line and the victim on a dial-up modem).
The attacker hopes that the victim will respond with ICMP Echo Reply packets, thus consuming both outgoing bandwidth as well as
incoming bandwidth. If the target system is slow enough, it is possible to
consume enough of its CPU cycles for a user to notice a significant slowdown.
2. Briefly
define the well known Network Security Services?
Antivirus
software packages : These packages counter most virus threats
if regularly updated and correctly maintained.
Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and security management.
Dedicated network security hardware and software-Tools such as firewalls and intrusion detection systems provide protection for all areas of the network and enable secure connections.
Virtual private networks : These networks provide access control and data encryption between two different computers on a network. This allows remote workers to connect to the network without the risk of a hacker or thief intercepting data.
Identity services: These services help to identify users and control their activities and transactions on the network. Services include passwords, digital certificates, and digital authentication keys.
Encryption: Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.
Security management: This is the glue that holds together the other building blocks of a strong security solution.
Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and security management.
Dedicated network security hardware and software-Tools such as firewalls and intrusion detection systems provide protection for all areas of the network and enable secure connections.
Virtual private networks : These networks provide access control and data encryption between two different computers on a network. This allows remote workers to connect to the network without the risk of a hacker or thief intercepting data.
Identity services: These services help to identify users and control their activities and transactions on the network. Services include passwords, digital certificates, and digital authentication keys.
Encryption: Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.
Security management: This is the glue that holds together the other building blocks of a strong security solution.
None of
these approaches alone will be sufficient to protect a network, but when they
are layered together; they can be highly effective in keeping a network safe
from attacks and other threats to security. In addition, well-thought-out
corporate policies are critical to determine and control access to various
parts of the network.
What are
the essential ingredients of Symmetric Key Ciphers?
What is
the difference between computational security and unconditional
3. What are the
essential ingredients of Symmetric Key Ciphers?
A symmetric
encryption scheme has five ingredients (Figure 2.1):
Plaintext: This is the original message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.
Plaintext: This is the original message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.
4.
What is the difference between
computational security and unconditional security? Which cryptographic scheme
is regarded as the perfectly secure or unconditionally secure scheme? Explain
the constraints of such scheme (if any) with respect to practicaI implementation?
The scheme in cryptography in which key in generated
randomly, and which has less probability to predict in known as unconditional
security and vice versa is computational.
5.
A
teacher wants to distribute notes to all the students in the class. Propose any
scheme from your own thinking which is better to use in this scenario?
a public
key crypto-system will be used. The teacher will generate the key, encrypt the
message with the key and distribute key to all students of the class to decrypt
the message.
6.
What will be the consequence of using an
irreversible round function in Feistel Cipher? Suppose the function will always
give the constant output, all 0’s or all 1’s?
No effect.
7.
Is it feasible to do the frequency of
occurrence analysis for individual letters to decipher a message encrypted with
PlayFair Cipher? If no, then which kind of analysis do you suggest and
why?
Yes it is possible to do frequency of occurrence analysis for
individual letters, few hundred letters are enough to break the scheme.
QUESTION#8
KXJEY
UREBE ZWEHE WRYTU HEYFS
KREHE
GOYFI WTTTU OLKSY CAJPO
BOTEI
ZONTX BYBNT GONEY CUZWR
GDSON
SXBOU YWRHE BAAHY USEDQ
The key used was ‘royal new Zealand
navy’. Break the cipher by revealing the plaintext?
“Pt boat owe nine lost in action in blackett
strait two miles from sw meresu cove x crew of twelve x request any
information.”
QUESTION#9
Total key in play fair cipher would be:
25! = 2^84
Total key in play fair cipher would be:
25! = 2^84
No comments:
Post a Comment