UNIT I PART A 1. What is computer security, network security and internet security?

Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks 2. What are the key princip es o! security? Key properties of security: To protect the data during transmission across the networks uthentication Confidentiality Integrity ccess control ". Why network need security? !hen systems are connected through the network" attacks are possi#le during transmission time$ #. What are the three aspects o! in!ormation security? %$ Security attack &$ Security mechanism '$ Security service $. %e!ine security attack, security mechanism and security ser&ices. 'ecurity attack( any action that compromises the security of information owned #y an organi(ation$ 'ecurity mechanism( a mechanism that is designed to detect" prevent or recover from a security attack$ 'ecurity ser&ices( a service that enhances the security of the data processing systems and the information transfers of an organi(ation$ ). *ention the di!!erent types o! security ser&ices. uthentication ) Confidentiality ) *ata integrity ) Non repudiation ) ccess control ) vaila#ility +. %e!ine passi&e attack and acti&e attack. +assive attacks are in the nature of eavesdropping" or monitoring of transmissions$ The types of passive attack are ,elease of message content )
1

Traffic analysis ) ctive attacks involve some modification of data stream or creation of a )false stream$ The types of active attack are -as.uerade ) ,eplay ) -odification ) *enial of service )

,. %e!ine inte-rity and nonrepudiation? Inte-rity( Service that ensures that only authori(ed person a#le to modify the message$ Nonrepudiation( This service helps to prove that the person who denies the transaction is true or false$ .. What are the di!!erent types o! security po icy? System policy /ser policy Network policy 1/. *ention the di!!erent types o! security mechanisms. 0ncipherment *igital signature ccess control Traffic padding uthentication e1change 11. %raw the mode !or network security.

12. %e!ine con!identia ity and authentication2 Confidentiality: It means how to maintain the secrecy of message$ It ensures that the information in a computer system and transmitted information are accessi#le only for reading #y authori(ed person$
2

uthentication: It helps to prove that the source entity only has involved the transaction$ 1". Write the re ation 0etween security ser&ices and security mechanisms. 'ecurity 'er&ices *ata Confidentiality *ata Integrity uthentication Nonrepudiation ccess Control 'ecurity *echanisms 0ncipherment and routing control 0ncipherment" digital signature" data integrity 0ncipherment" digital signature" authentication e1change *igital Signature" data integrity" and notari(ation ccess control mechanism

1#. %e!ine crypto-raphy. It is a science of writing Secret code using mathematical techni.ues$ The many schemes used for enciphering constitute the area of study known as cryptography$ 1$. %e!ine 1ncryption$ The process of converting plainte1t into cipher te1t is called encryption$ 0ncryption is the science of changing data so that it is unrecogni(a#le and useless to an unauthori(ed person$ 1). 'peci!y the components o! encryption a -orithm. +lainte1t 0ncryption algorithm Secret key Cipher te1t *ecryption algorithm 1+. %e!ine %ecryption *ecryption is the reverse operation of encryption$ The process of decoding data that has #een encrypted into a secret format$ *ecryption re.uires a secret key or password$ 1,. %e!ine pri&ate key or symmetric key crypto-raphy Symmetric key cryptography is referred to #y various other terms such as secret key cryptography or private key cryptography$ In this scheme only one key is used and the same key is used for #oth encryption and decryption of messages$ 3oth the parties must agree upon the key #efore any transmission #egins and no#ody else should know a#out it 04:-*0S"Cesar cipher"-ono alpha#etic cipher 1.. %e!ine asymmetric key or pu0 ic key crypto-raphy. +u#lic key algorithms rely on % key for encryption and a different #ut related key for decryption 04:-,S "0CC50lliptical curve cryptography6
3

2/. %e!ine cryptana ysis and crypto o-y. 2ryptana ysis( techni.ues used for deciphering or decrypting a message without the knowledge of the enciphering or encrypting details is said to #e cryptanalysis$ 2rypto o-y( the study of cryptography and cryptanalysis together is called cryptology$ 21. What is 3rute !orce attack? Trying out all the possi#le keys on a piece of cipher te1t until an intelligi#le translation to plain te1t is o#tained$ 22. %e!ine the two 0asic 0ui din- 0 ocks o! encryption techni4ues. 'u0stitution techni4ue 7 it is one in which the letters of the plainte1t are replaced #y other letters or #y num#ers or sym#ols$ ) ) Transposition techni4ue 7 it is one which performs some sort of permutation on the plainte1t letters$ 2". %e!ine stream cipher and 0 ock cipher. stream cipher is one that encrypts a digital data stream one #it or one #yte at a time$ #lock cipher is one in which a #lock of plainte1t is treated as a whole and used to produce a cipher te1t #lock of e.ual #lock$ 2#. 5ow many keys are re4uired !or two peop e to communicate &ia a cipher? If #oth sender and receiver use the same key" the system is referred to as symmetric" single key" secret key" or conventional encryption$ If the sender and receiver each use a different key" the system is referred to as asymmetric" two-key" or pu#lic-key encryption$ 2$. %i!!erentiate unconditiona y secured and computationa y secured? n 0ncryption algorithm is unconditionally secured means" the condition is if the cipher te1t generated #y the encryption scheme doesn8t contain enough information to determine corresponding plainte1t$ 0ncryption is computationally secured means" %$ The cost of #reaking the cipher e1ceeds the value of enough information$ &$ Time re.uired to #reak the cipher e1ceed the useful lifetime of information$ 2). %e!ine ste-ano-raphy? Steganography is a techni.ue for hiding the message into some cover media$ It conceals the e1istence of a message$ Some of the related techni.ues are: Character marking ) Invisi#le ink ) +in puncture Typewriter correction ri##on PART63

%$*escri#e categories of Security Services in detail &$3riefly e1plain the categories of Security mechanisms '$9ist the categories of active security attack and e1plain any one active security attack :$9ist the categories of passive security attack and e1plain any one passive security attack ;$*istinguish #etween active and passive security attacks and name possi#le active and passive security attacks <$9ist and descri#e security goals and security policies$ =$!rite short notes on symmetric encryption$ >$!rite short notes on asymmetric encryption$ ?$Ta#ulate and e1plain the relationship #etween Security services and -echanisms %@$!rite short notes on Su#stitution A Transposition cipher