8/16/2019 725103 ISNS winter 2012

1/39

Q. No. 1 [2 Marks X 10 = 20 Marks]

a. What is Threads classification?

b. Gie the difference bet!een block ci"hers and strea# ci"hers.

8/16/2019 725103 ISNS winter 2012

2/39

c. What is #as$%eradin&?

masquerade is a type of attack where the attacker pretends to be an authorizeduser of a system in order to gain access to it or to gain greater privileges thanthey are authorized for. A masquerade may be attempted through the use of stolen logon IDs and passwords, through finding security gaps in programs,or through bypassing the authentication mechanism. The attempt may comefrom within an organization, for eample, from an employee! or from anoutside user through some connection to the public network. "eak authentication provides one of the easiest points of entry for a masquerade,since it makes it much easier for an attacker to gain access. #nce the attacker has been authorized for entry, they may have full access to the organization$scritical data, and %depending on the privilege level they pretend to have& may

 be able to modify and delete software and data, and make changes to network configuration and routing information.

d. What are the re$%ire#ents for di&ital si&nat%re?

8/16/2019 725103 ISNS winter 2012

3/39

To establish these conditions, the content creator must digitally sign thecontent by using a signature that satisfies the following criteria'

• The digital signature is valid. A (A that is trusted by the operating

system must sign the digital certificate on which the digital signature is based.

• The certificate that is associated with the digital signature is not

epired.

• The signing person or organization %known as the publisher& is trusted

 by the recipient.

•

The certificate associated with the digital signature is issued to thesigning publisher by a reputable (A.

e. 'rief abo%t (nn%al )oss *+"ectanc,?

The ann%ali-ed loss e+"ectanc, %A)*& is the product of the annual rate of occurrence %A+#& and the single loss epectancy %)*&. It is mathematicallyepressed as'

uppose than an asset is valued at -//,///, and the *posure 0actor  %*0&for this asset is 123. The single loss epectancy %)*& then, is 123 4-//,///, or -12,///.

The annualized loss epectancy is the product of the annual rate of occurrence %A+#& and the single loss epectancy. A)* 5 A+# 4 )*

0or an annual rate of occurrence of one, the annualized loss epectancy is 4 -12,///, or -12,///.

0or an A+# of three, the equation is' A)* 5 6 4 -12,///. Therefore' A)*5 -72,///

https://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/wiki/Exposure_Factorhttps://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/wiki/Exposure_Factorhttps://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/wiki/Single_loss_expectancyhttps://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1https://en.wikipedia.org/w/index.php?title=Annual_rate_of_occurrence&action=edit&redlink=1

8/16/2019 725103 ISNS winter 2012

4/39

f. Mention the ec%rit, /olicies and Meas%res in Mobile o#"%tin&?

&. What is #eant b, "ol,#or"hic ir%ses.

A polymorphic virus is a complicated computer virus that affects data types

and functions. It is a self8encrypted virus designed to avoid detection by ascanner. 9pon infection, the polymorphic virus duplicates itself by creatingusable, albeit slightly modified, copies of itself.

:olymorphism, in computing terms, means that a single definition can beused with varying amounts of data. In order for scanners to detect this type of virus, brute8force programs must be written to combat and detect the

 polymorphic virus with novel variant configurations.

h. What is the "%r"ose of iffie3ell#an al&orith#?iffie 3ell#an is an al&orith# used to establish a shared secret betweentwo parties. It is primarily used as a method of echanging cryptography keysfor %se in symmetric encryption al&orith#s like A*. The al&orith# initself is very simple.

i. 4dentif, an, t!o a""lications !here one !a, a%thentication is

necessar,.

A common eample of two8factor authentication is a bank card' the carditself is the physical item and the personal identification number %:I;& is the

data that goes with it. Including those two elements makes it more difficult

for someone to access the user

8/16/2019 725103 ISNS winter 2012

5/39

onentional *ncr,"tion involves transforming plaintet messages intociphertet messages that are to be decrypted only by the intended receiver.=oth sender and receiver agree upon a secrete key to be used in encryptingand decrypting. 9sually the secrete key is transmitted via public key

encryption methods.

0igure ' 0low Diagram

In conventional encryption, it is assumed that it is mathematically impossibleto derive the plaintet from the ciphertet without the key.>+? Therefore, it isessential that the key remains secret.

These encryption algorithms are used in practice due to their efficiency inencrypting@decrypting but these algorithms have vulnerabilities. #ne aspectof these vulnerabilities is the total number of keys available to choose from.)arger key domains reduce possibility of brute force attacks. The key lengthis another aspect of these vulnerabilities since they will produce periodic

 patterns in the ciphertet. )onger keys often reduce periodicity. The goal of conventional encryption algorithms is to produce truly randomizedciphertets, such that the use of frequency analysis on individual ciphertetsymbols or ciphertet blocks is useless.

Q. No. 2

a. *+"lain the i#"ortance of #ana&e#ent role in i#"le#entin&

infor#ation sec%rit, in an or&ani-ation? [6 Marks]

any multinational corporations outsource their non8core proBects to other 

(ompanies to focus on core processes. The outsourced work is taken over by

(ompanies with the agreement that none of the customer

8/16/2019 725103 ISNS winter 2012

6/39

share give more importance to Information ecurity as it helps to maintain a

secure and reliable environment not only for the customers but also for staff 

 personnel.

The second instance of a security breach in an organization can be'

• #rganization

8/16/2019 725103 ISNS winter 2012

7/39

• The first important factor before implementing ITI) for an organization

is that it requires Cpatience for successfully changing the process and

 policies. An organization can succeed in its endeavours only when

employees throughout the organization get involved.

• In some organizations, Information ecurity is not given its importance

and seen off as Chindrance or Eunnecessary costs

8/16/2019 725103 ISNS winter 2012

8/39

The impact scale is organizationally defined %for eample, a one to five scale,

with five being the highest impact on proBect obBectives 8 such as budget,

schedule, or quality&.

A qualitative risk analysis will also include the appropriate categorization of 

the risks, either source8based or effect8based.

Q%antitatie 7isk (nal,sis

A quantitative risk analysis is a further analysis of the highest priority risks

during a which a numerical or quantitative rating is assigned in order todevelop a probabilistic analysis of the proBect.

A quantitative analysis'

8 quantifies the possible outcomes for the proBect and assesses the probability

of achieving specific proBect obBectives

8 provides a quantitative approach to making decisions when there is

uncertainty

8 creates realistic and achievable cost, schedule or scope targets

In order to conduct a quantitative risk analysis, you will need high8quality

data, a well8developed proBect model, and a prioritized lists of proBect risks

%usually from performing a qualitative risk analysis&

8/16/2019 725103 ISNS winter 2012

9/39

Q. No. 8 a. *+"lain the t,"es of attacks on do%ble * and tri"le *.

[6 Marks]

8/16/2019 725103 ISNS winter 2012

10/39

8/16/2019 725103 ISNS winter 2012

11/39

8/16/2019 725103 ISNS winter 2012

12/39

 b. *+"lain the shift ro! ste" of (* encr,"tion? [9 Marks]

The hift+ows step operates on the rows of the state! it cyclically shifts the bytes in each row by a certain offset. 0or A*, the first row is left unchanged.*ach byte of the second row is shifted one to the left. imilarly, the third andfourth rows are shifted by offsets of two and three respectively. 0or blocks of sizes 1F bits and G1 bits, the shifting pattern is the same. +ow n is shiftedleft circular by n8 bytes. In this way, each column of the output state of 

https://en.wikipedia.org/wiki/Offset_(computer_science)https://en.wikipedia.org/wiki/Offset_(computer_science)

8/16/2019 725103 ISNS winter 2012

13/39

the hift+ows step is composed of bytes from each column of the input state.%+iBndael variants with a larger block size have slightly different offsets&. 0or a 12H8bit block, the first row is unchanged and the shifting for the second,third and fourth row is byte, 6 bytes and bytes respectivelyJthis change

only applies for the +iBndael cipher when used with a 12H8bit block, as A*does not use 12H8bit blocks. The importance of this step is to avoid thecolumns being linearly independent, in which case, A* degenerates intofour independent block ciphers.

Q. No.9 a. 'riefl, e+"lain abo%t :4 sec%rit, architect%re [6 Marks]

 :4 ec%rit, (rchitect%re

The #I security architecture provides a useful overview of many of the concepts. The #I security architecture focuses on security attacks,mechanisms, and services. These can be defined briefly as follows'

ec%rit, (ttack ' Any action that compromises the security of information owned by an organization.ec%rit, Mechanis#' A process % or a device incorporating such a

 process& that is designed to detect, prevent, or recover from a securityattack.ec%rit, erice' A processing or communication service thatenhances the security of the data processing systems and theinformation transfers of an organization. The services are intended tocounter security attacks, and they make use of one or more securitymechanisms to provide the service.

*;74T< (TT(

8/16/2019 725103 ISNS winter 2012

14/39

/assie attack  attempts to learn or make use of information from the

system but does not affect system resources.

(ctie attack  attempts to alter system resources @ affect their operation.

/assie (ttack> *avesdropping on, or monitoring of, transmissions. Aim of the opponent is to obtain information that is being transmittedT!o t,"es of "assie attacks are

7elease of #essa&e contents > A telephone conversation, an electronicmail message, and a transferred file may contain sensitive or confidentialinformation. "e would like to prevent an opponent from learning thecontents of these transmissions. (ommon technique used is encryption.

Traffic anal,sis > The opponent could determine the location andidentity of communicating hosts and could observe the frequency and length

of messages being echanged. This information might be useful in guessingthe nature of the communication that was taking place.

:assive attacks are difficult to detect because they do not involve anyalteration of the data. It is feasible to prevent the success of these attacks,usually by means of encryption. Thus, the emphasis in dealing with passiveattacks is on prevention rather than detection.(ctie (ttack 

Active attacks involve some modification of the data stream or thecreation of a false stream and can be subdivided into four categories'#as$%erade, re"la,, #odification of #essa&es, and denial of serice

( #as$%erade /ose@/retend to be@ 4#"ersonate @ece"tion @oer%"A

takes place when one entit, "retends to be a different entit,. A masqueradeattack usually includes one of the other forms of active attack. 0or eample,authentication sequences can be captured and replayed after a validauthentication sequence has taken place, thus enabling an authorized entitywith few privileges to obtain etra privileges by impersonating an entity that

has those privileges.

Mas$%erade

essage from =That appears to be from A

B

CA

8/16/2019 725103 ISNS winter 2012

15/39

7e"la,

(apture message from A to (

)ater replay the message

7e"la, involves the passive capture of a data unit and its subsequentretransmission to produce an unauthorized effect.

Modification of #essa&es simply means that some portion of a legitimatemessage is altered, or that messages are delayed or reordered, to produce anunauthorized effect. 0or eample, a message meaning KAllow uresh to read

confidential file accountsK is modified to mean KAllow +amesh to readconfidential file accountsK

The denial of serice prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target! for eample, an entity may suppress all messages directed to a particular destination %e.g., the security audit service&. Another form of service denial isthe disruption of an entire network, either by disabling the network or byoverloading it with messages so as to degrade performance.

Modification of #essa&es

' modifies message from A to (

enial of erice

= disrupts the services provided', serer

B

CA

B

A C

B

Server A

8/16/2019 725103 ISNS winter 2012

16/39

Active attacks present the opposite characteristics of passive attacks."hereas passive attacks are difficult to detect, measures are available to

 prevent their success. #n the other hand, it is quite difficult to prevent activeattacks absolutely, because of the wide variety of potential physical, software,

and network vulnerabilities. Instead, the goal is to detect active attacks and torecover from any disruption or delays caused by them. If the detection has adeterrent effect, it may also contribute to prevention.

*;74T< *7B4*

A "rocessin& or co##%nication serice that is "roided b, a s,ste#to &ie a s"ecific kind of "rotection to s,ste# reso%rces ! security servicesi#"le#ent sec%rit, "olicies  and security services are implemented bysecurity mechanisms.

(;T3*NT4(T4:N

The assurance that the communicating entity is the one that it claims to be./eer *ntit, (%thentication

9sed in association with a logical connection to "roide confidencein the identit, of the entities connected.

ata :ri&in (%thentication

In a connectionless transfer, "roides ass%rance that the so%rce of receied data is as clai#ed.

(* :NT7:)

The "reention of %na%thori-ed %se of a reso%rce%This service controls who can have access to a reso%rce, %nder !hat

conditions access can occur, !hat are all the thin&s are allowed to be done& (T( :NC4*NT4()4T<

The "rotection of data fro# %na%thori-ed disclos%reonnection onfidentialit,

The protection of all user data on a connection.onnectionless onfidentialit,

The protection of all user data in a single data block electieCield onfidentialit, 

8/16/2019 725103 ISNS winter 2012

17/39

The confidentiality of selected fields within the user data on aconnection or in a single data block.

Traffic Clo! onfidentialit,

The protection of the information that might be derived fromobservation of traffic flows.

DATA I;T*L+ITMA connection8oriented integrity service, one that deals with a stream of messages, ass%res that #essa&es are receied as sent, with no d%"licationDinsertionD #odificationD reorderin&D or re"la,s. The destruction of data isalso covered under this service. Thus, the connection8oriented integrityservice addresses both #essa&e strea# #odification and denial of serice.

#n the other hand, a connectionless integrity service, one that deals withindividual messages without regard to any larger contet, generally provides"rotection a&ainst #essa&e #odification onl,.

N:N7*/;4(T4:N

:rovides "rotection a&ainst denial of one of the entities inoled   in acommunication of having participated in all or part of the communication.Nonre"%diationD :ri&inD

:roof that the message was sent by the specified party.Nonre"ndiationD estination

:roof, that the message was received by the specified party.

/*4C4 *;74T< M*3(N4M

ay be incorporated into the appropriate protocol layer in order to provide some of the #l security services.*nci"her#ent

The use of mathematical algorithms to transform data into a form thatis not readily intelligible. The transformation and subsequent recovery of thedata depend on an algorithm and zero or more encryption keys.i&ital i&nat%re

Data appended to, or a cryptographic transformation of, a data unit thatallows, a recipient of the data unit to prove the source and integrity of thedata unit and protect against forgery %e.g., by the recipient&.

8/16/2019 725103 ISNS winter 2012

18/39

If A is the sender of a message and = is the receiver, A encrypts the

message with A

8/16/2019 725103 ISNS winter 2012

19/39

Data collected and potentially used to facilitate a security audit, whichis an independent review and eamination of system records and activities.

ec%rit, 7ecoer,

Deals with requests from mechanisms, such as event handling and

management functions, and takes recovery actions.b. isc%ss different classical encr,"tion techni$%es in detail. [9 Marks]

*N7

8/16/2019 725103 ISNS winter 2012

20/39

( 5 *% k, p & 5 %p P k& mod 1H 

• The formula for decryption would be

 p 5 D% k, ( & 5 %( 8 k& mod 1H

• In these formulas,

8/16/2019 725103 ISNS winter 2012

21/39

letter in the same row as

8/16/2019 725103 ISNS winter 2012

22/39

/:)

8/16/2019 725103 ISNS winter 2012

23/39

• *ncryption algorithm is comple enough to prohibit attacker from

deducing the plaintet from the ciphertet and the encryption %public&

key.

•Though private and public keys are related mathematically, it is not befeasible to calculate the private key from the public key. In fact,

intelligent part of any public8key cryptosystem is in designing a

relationship between two keys.

 b. With an e+a#"le e+"lain 7( al&orith#. [E Marks]

+A (ryptosystemThis cryptosystem is one the initial system. It remains most employed

cryptosystem even today. The system was invented by three scholars 7on

7iestD (di ha#irD and )en (dle#an  and hence, it is termed as +A

cryptosystem.

"e will see two aspects of the +A cryptosystem, firstly generation of key

 pair and secondly encryption8decryption algorithms.

Leneration of +A Uey :air *ach person or a party who desires to participate in communication using

encryption needs to generate a pair of keys, namely public key and private

key. The process followed in the generation of keys is described below W

• Generate the 7( #od%l%s nA

o elect two large primes, p and q.

o (alculate n5p4q. 0or strong unbreakable encryption, let n be a

large number, typically a minimum of 21 bits.

• Cind eried N%#ber eA

o  ;umber e must be greater than and less than %p W &%q W &.

8/16/2019 725103 ISNS winter 2012

24/39

o There must be no common factor for e and %p W &%q W & ecept

for . In other words two numbers e and %p X &%q X & are

coprime.

•Cor# the "%blic ke,

o The pair of numbers %n, e& form the +A public key and is made

 public.

o Interestingly, though n is part of the public key, difficulty in

factorizing a large prime number ensures that attacker cannot

find in finite time the two primes %p Y q& used to obtain n. This is

strength of +A.

• Generate the "riate ke,

o :rivate Uey d is calculated from p, q, and e. 0or given n and e,

there is unique number d.

o  ;umber d is the inverse of e modulo %p 8 &%q X &. This means

that d is the number less than %p 8 &%q 8 & such that when

multiplied by e, it is equal to modulo %p 8 &%q 8 &.

o This relationship is written mathematically as follows W

ed 5 mod %p W &%q W &

The *tended *uclidean Algorithm takes p, q, and e as input and gives d as

output.

*ample

An eample of generating +A Uey pair is given below. %0or ease of 

understanding, the primes p Y q taken here are small values. :ractically,these values are very high&.

• )et two primes be p 5 7 and q 5 6. Thus, modulus n 5 pq 5 7 6 5

G.

8/16/2019 725103 ISNS winter 2012

25/39

• elect e 5 2, which is a valid choice since there is no number that is

common factor of 2 and %p W &%q W & 5 H Q 1 5 71, ecept for .

• The pair of numbers %n, e& 5 %G, 2& forms the public key and can be

made available to anyone whom we wish to be able to send usencrypted messages.

• Input p 5 7, q 5 6, and e 5 2 to the *tended *uclidean Algorithm.

The output will be d 5 1G.

• (heck that the d calculated is correct by computing W

de 5 1G Q 2 5 2 5 mod 71

• Nence, public key is %G, 2& and private keys is %G, 1G&.

• (hoose p 5 6 and q 5

• (ompute n 5 p 4 q 5 6 4 5 66

• (ompute Z%n& 5 %p 8 & 4 %q 8 & 5 1 4 / 5 1/

• (hoose e such that [ e [ Z%n& and e and n are coprime. )et e 5 7

• (ompute a value for d such that %d 4 e& 3 Z%n& 5 . #ne solution is d 5

6 >%6 4 7& 3 1/ 5 ?

• :ublic key is %e, n& 5\ %7, 66&

• :rivate key is %d, n& 5\ %6, 66&

• The encryption of m = 2 is c = 27  % 33 = 29

• The decryption of c = 29 is m = 293 % 33 = 2

 Q. No. 6 a. escribe the *7'*7: "rotocol. [6 Marks]

8/16/2019 725103 ISNS winter 2012

26/39

The Uerberos protocol relies heavily on an authentication technique thatmakes use of shared secrets. The basic concept is quite simple' If a secret isknown by only two people, either person can verify the identity of the other 

 by confirming that the other person knows the secret.

0or eample, let$s suppose that Alice often sends messages to =ob and that=ob needs to be sure that a message from Alice really has come from Alice

 before he acts on its information. They decide to solve their problem byselecting a password, and they agree not to share this secret with anyone else.If Alice$s messages can somehow demonstrate that the sender knows the

 password, =ob knows that the sender is Alice.

The only question for Alice and =ob to resolve is how Alice can show that

she knows the password. he might simply include it somewhere in her messages, perhaps in a signature block at the end J Alice, Our$ecret  . Thiswould be simple and efficient and might even work if Alice and =ob can besure that no one else is reading their mail. 9nfortunately, that is not the case.Their messages pass over a network used by people like (arol, who has anetwork analyzer and a hobby of scanning traffic in hope that one day shemight spot a password. o it is out of the question for Alice to prove that sheknows the secret simply by saying it. To keep the password secret, she mustshow that she knows it without revealing it.

The Uerberos protocol solves this problem with secret key cryptography .+ather than sharing a password, communication partners share acryptographic key. They use knowledge of this key to verify one another$sidentity. 0or this method of authentication to work, the shared key must besymmetric J a single key must be capable of both encryption anddecryption. #ne party proves knowledge of the key by encrypting a piece of information, the other by decrypting it.

(%thenticators

A simple protocol that uses secret key authentication begins when someone isoutside a communications door and wants to go in. To gain entry, this person

 presents an authenticator  in the form of a piece of information encrypted inthe secret key. The information in the authenticator must be different eachtime the protocol is eecuted, otherwise an old authenticator could be reused

8/16/2019 725103 ISNS winter 2012

27/39

 by anyone who happens to overhear the communication. 9pon receiving anauthenticator, the person guarding the door decrypts it and knows from whatis inside it whether the decryption was successful. If it was successful, thedoorkeeper knows that the person presenting the authenticator has the correct

key. #nly two people have the key! the doorkeeper is one of them, so the person who presented the authenticator must be the other one.

If the person outside the door wants mutual authentication, the same protocolcan be eecuted in reverse, with a slight difference. The doorkeeper canetract part of the information from the original authenticator, encrypt it in anew authenticator, and then give the new authenticator to the person waitingoutside the door. The person outside the door can then decrypt thedoorkeeper$s authenticator and compare the result with the original. If there is

a match, the person outside the door knows that the doorkeeper was able todecrypt the original, so he must have the correct key.

It might help to walk through an eample. uppose Alice and =ob decide that before transferring any information between their computers, each will useknowledge of a shared secret key to verify the identity of the party at theother end of the connection. In situations where Alice is the wary guest and=ob is the suspicious host, they agree to follow this protocol'

. Alice sends =ob a message containing her name in plaintet and anauthenticator encrypted in the secret key she shares with =ob. In this protocol, the authenticator is a data structure with two fields. #ne fieldcontains information about Alice. 0or simplicity, let$s say this is her name. The second field contains the current time on Alice$sworkstation.

1. =ob receives the message, sees that it is from someone claiming to beAlice, and uses the key he shares with Alice to decrypt theauthenticator. Ne etracts the field that contains the time on Alice$sworkstation and evaluates the time.=ob$s task is easier if his clock is reasonably synchronized with Alice$sclock, so let$s suppose both Alice and =ob use a network time service tokeep their clock times fairly close. )et$s say the time skew is never more than five minutes. This way, =ob can compare the time from theauthenticator with the current time on his clock. If the difference is

8/16/2019 725103 ISNS winter 2012

28/39

8/16/2019 725103 ISNS winter 2012

29/39

e, istrib%tion

#ne problem with the simple protocol described in the preceding section isthat it does not eplain how or where Alice and =ob get a secret key to use in

their communications with each other. If they are people, Alice and =ob canmeet, perhaps in an alley, and agree on a secret key. =ut if Alice is a client program that is running on a workstation and =ob is a service that is runningon a computer somewhere across the network, that method does not work.There is the further problem that the client, Alice, might want to talk to manyservices and will need keys for each of them. )ikewise, the service, =ob,might talk to many clients and will need keys for each of them. If each clientneeds a key for every service and each service needs a key for every client,key distribution can quickly become a difficult problem to solve. The need to

store and protect so many keys on so many computers presents an enormoussecurity risk.

The name Uerberos suggests how the protocol resolves the problem of keydistribution. Uerberos %also known as (erberus& was a figure in classicalLreek mythology, a three8headed dog who kept living intruders from enteringthe underworld. )ike the mythical guard dog, the protocol has three heads,which in this case are a client, a server, and a trusted third party that mediates

 between the client and server. The trusted intermediary in the protocol is

known as the Uey Distribution (enter %UD(&.

The UD( is a service that runs on a physically secure server. It maintains adatabase with account information for all security principals in its realm J the protocol$s equivalent of a "indows 1/// domain. Along with other information about each security principal, the UD( stores a cryptographickey known only to the security principal and the UD(. This key is used inechanges between the security principal and the UD( and is known asalong-term key . In most implementations of the protocol, the long8term key

is derived from a user$s logon password.

"hen a client wants to talk to a server, the client sends a request to the UD(,and the UD( distributes a unique session key for the two parties to use whenthey authenticate each other, as illustrated in 0igure .1. The server$s copy of the session key is encrypted in the server$s long8term key. The client$s copy of the session key is encrypted in the client$s long8term key.

8/16/2019 725103 ISNS winter 2012

30/39

Ci&%re 11.2 e, istrib%tion in Theor,A

In theory, the UD( can fulfill its role as a trusted intermediary by sending thesession key directly to each of the security principals involved, as illustratedin 0igure .1. =ut, in practice, that procedure would be etremely difficult toimplement. 0or one thing, it would mean that the server would have to retainits copy of the session key in memory while it waited for the client to call.oreover, the server would need to remember a key not Bust for this client

 but for every client who might ask for service. Uey management would

consume considerable resources on the server and would thus limit itsscalability. In addition, given the vagaries of network traffic, a client$s requestfor service might reach the server before the UD($s message arrived therewith the session key. The server would have to suspend its reply to the clientwhile it waited to hear from the UD(. This would require the server to savestate, imposing still another burden on the server$s resources. "hat actuallyhappens in the Uerberos protocol is considerably more efficient.

Top #f :age 

ession Tickets

The UD( responds to the client$s request to talk to a server by sending bothcopies of the session key to the client, as shown in 0igure .6. The client$scopy of the session key is encrypted with the key that the UD( shares withthe client. The server$s copy of the session key is embedded, along withauthorization data for the client, in a data structure called a session ticket  .The entire structure is then encrypted with the key that the UD( shares withthe server. The session ticket J with the server$s copy of the session key

safely inside J becomes the client$s responsibility to manage until it contactsthe server.

https://technet.microsoft.com/en-us/library/cc961976.aspx#mainSectionhttps://technet.microsoft.com/en-us/library/cc961976.aspx#mainSection

8/16/2019 725103 ISNS winter 2012

31/39

Ci&%re 11.8 e, istrib%tion in /racticeA

 ;ote that the UD( is simply providing a ticket8granting service. It does notkeep track of its messages to make sure they reach the intended address. ;o

harm is done if the UD($s messages fall into the wrong hands. #nly someonewho knows the client$s secret key can decrypt the client$s copy of the sessionkey. #nly someone who knows the server$s secret key can read what is insidethe ticket.

"hen the client receives the UD($s reply, it etracts the ticket and the client$scopy of the session key, putting both aside in a secure cache, which is locatedin volatile memory, not on disk. "hen the client wants admission to theserver, it sends the server a message that consists of the session ticket, which

is still encrypted with the server$s secret key, and an authenticator, which isencrypted with the session key, as illustrated in 0igure .. The sessionticket and authenticator together are the client$s credentials to the server.

Ci&%re 11.9 M%t%al (%thentication lient@ererA

"hen the server receives credentials from a client, it decrypts the sessionticket with its secret key, etracts the session key, and uses the session key todecrypt the client$s authenticator. If everything checks out, the server knowsthat the client$s credentials were issued by a trusted authority, the UD(. If theclient has asked for mutual authentication, the server responds by using thesession key to encrypt the timestamp from the client$s authenticator. Theserver then returns the encrypted timestamp to the client, Bust as =ob returnedthe encrypted timestamp to Alice in the communication illustrated in0igure ..

#ne benefit of using session tickets is that the server does not have to storethe session key that it uses with this client. It is the client$s responsibility tohold a session ticket for the server in its credentials cache and present theticket each time it wants access to the server. "henever the server receives asession ticket from a client, it can use its secret key to decrypt the ticket and

8/16/2019 725103 ISNS winter 2012

32/39

etract the session key. "hen the server no longer needs the session key, itcan discard it.

Another benefit of using session tickets is that the client does not have to go

 back to the UD( each time it wants access to a particular server. essiontickets can be reused. As a precaution against the possibility that someonemight steal a copy of a ticket, session tickets have an epiration time that isspecified by the UD( in the ticket$s data structure. Now long a session ticketis valid depends on the Uerberos policy for the domain. Tickets usually aregood for no longer than eight hours, about the length of a normal logonsession. "hen the user logs off, the credentials cache is flushed and allsession tickets J as well as all session keys J are destroyed.

b. *+"lain the difference bet!een "assie attacks and actie attacks [9

Marks]

:assive Attack' :assive attack attempts to learn information but does not

affect resources. In this type of attack there is always monitoring of transmit

information. :assive attack is of two types'

+elease of message contents is easily understood. A telephone conversation,

an electronic mail message, and a transferred may contain sensitive or confidential information. In this opponent is preventing from learning this

type of information.

econd type of passive attack is traffic analysis .In this type masking of 

message has occurred so that opponent cannot read the transmitted message.

The common technique used for masking is encryption of the plain message

into some unreadable form.

A(TIS* ATTA(U' Active Attacks involve some modification of the datastream or the creation of a false stream and can be subdivided into four 

categories' masquerade, replay, modification of messages and denial of 

service.

A masquerade occurs when one entity pretends to be a different entity. A

masquerade attack usually includes one of the other forms of active attack.

8/16/2019 725103 ISNS winter 2012

33/39

+eplay involves the passive capture of a data unit and its subsequent

retransmission to produce an unauthorized effect.

odification of message includes the altering of a message.

The denial of service prevents the normal use or management of 

communications facilities.This attack may have a specific target.

A passive attack is one in which the intruder eavesdrops but does not modifythe message stream in any way. An active attack is one in which the intruder may transmit messages, replay old messages, modify messages in transit, or 

delete selected messages from the wire. A typical active attack is one inwhich an intruder impersonates one end of the conversation, or acts as a man8in8the8middle

Q. No. F a. escribe the ste"s in the creation of a di&ital certificate. [E

Marks]

• Now is a digital certificate created]

• In creating digital certificates a unique cryptographic key pair isgenerated. #ne of these keys is referred to as a public key and the other as a private key. Then the certification authorityJgenerally on your campusJcreates a digital certificate by combining information aboutyou and the issuing organization with the public key and digitallysigning the whole thing.

• This is very much like an organization

8/16/2019 725103 ISNS winter 2012

34/39

individual memorizes! rather, the private key must be stored on somedevice, such as a laptop computer, :DA, or 9= key ring.

• If you send a copy of your certificate to another computer to

authenticate yourself, what keeps someone with access to that computer 

from reusing it later to pretend to be you] 9nlike an ID card which isvaluable by itself, the digital certificate is useless without the associated

 private key. That is why protecting the private key is so important.

• The private key must never be given to anyone else nor left somewhere

outside of control by the owner.

  An added value of digital certificates is that they provide a higher level

of security than what we currently have with :I; and passwordcombinations. 9sers still use passwords, but only on their localcomputer to protect their digital certificates.

If one loses the device on which a digital certificate is stored, a person

holding the certificate would still need the password to unlock thecertificate.

b. What are the ke, re$%ire#ents of #essa&e di&ests? escribe the

sec%re hash al&orith#[E #arks]

8/16/2019 725103 ISNS winter 2012

35/39

The ec%re 3ash (l&orith# is a family of cryptographic hashfunctions published by the ;ational Institute of tandards andTechnology %;IT& as a 9.. 0ederal Information :rocessingtandard %0I:&, including'

• 3(0' A retronym applied to the original version of the H/8bit hash

function published in GG6 under the name KNAK. It was withdrawnshortly after publication due to an undisclosed Ksignificant flawK andreplaced by the slightly revised version NA8.

• 3(1' A H/8bit hash function which resembles the

earlier D2 algorithm. This was designed by the ;ational ecurityAgency %;A& to be part of the Digital ignature Algorithm.

(ryptographic weaknesses were discovered in NA8, and the standardwas no longer approved for most cryptographic uses after 1//.

• 3(2' A family of two similar hash functions, with different block 

sizes, known as SA-2!"  and SA-!#2. They differ in the word size!NA812H uses 618bit words where NA821 uses H8bit words. There arealso truncated versions of each standard, known as SA-22, SA-3, SA-!#2&22 and SA-!#2&2!" . These were also designed by the

 ;A.

• 3(8' A hash function formerly called 'eccak , chosen in 1/1 after a

 public competition among non8;A designers. It supports the same hashlengths as NA81, and its internal structure differs significantly from therest of the NA family.

Q. No. a. *+"lain the ario%s risk #iti&ation #ethods !ith s%itable

e+a#"les? [10 Marks]

A. (oidance %Terminating the risk&=. Transfer %Transferring the risk&(. Miti&ation %Treating the risk&D. (cce"tance %Tolerating the risk&

)et

8/16/2019 725103 ISNS winter 2012

36/39

 A. Avoidance (Terminating the risk)

The best risk management strategy of all is avoidance or elimination, so weshould invest the most effort into investigating this option wherever possible.

Avoidance usually means not doing a task or proBect at all in the future but itcan also mean redesigning work or a process so that the risky step no longer has to be taken.

In reality avoidance is often much more possible than many people think  because many risks are Cintroduced by particular decisions and can be Cun8introduced or removed by different decisions %especially if the leader or manager who introduced the risk is the one responsible for making thedecision to avoid the risk&.

Avoidance or elimination strategies includes the option of not performing anactivity that could carry risk at all. An eample would be not buying a

 property or business in order to not take on the liability that comes with it.Another would be not flying in order to avoid the risk of being on8board if the airplane was hiBacked.

Avoidance may appear to be the best solution to all risks. Nowever, avoidingrisks also means losing out on the potential gain that accepting %retaining& therisk may have allowed. ;ot entering a business to avoid the risk of loss alsoavoids the possibility of earning profits. *qually not flying means either notgetting to your destination %if you stay home& or having to choose another mode of travel %which may have different risks to consider&.

 B. Transfer (Transferring the risk)

Transfer is not always available to the manager as an option but after lookingat avoidance strategies this may be the net best choice.

Transfer means causing another party to accept the risk, typically by contractor by hedging. Insurance is one type of risk transfer that uses contracts. #ther times it may involve contract language that transfers a risk to another partywithout the payment of an insurance premium. )iability among constructionor other contractors is often transferred this way. Another eample would be

8/16/2019 725103 ISNS winter 2012

37/39

taking offsetting positions in derivative securities. This is typically how brokerage firms or fund managers use hedging for financial risk management.

ome of the ways in which risk is potentially transferred falls into several

categories. +isk retention pools are technically retaining the risk for all participations, but spreading it over the whole group involves transfer amongindividual members of the group. This is different from traditional insurance,in that no premium is echanged between members of the group up front, butinstead losses are assessed to all members of the group. In many ways,transfer may sound simply like Epassing on< the risk to someone else totackle. Nowever, if another party or a group of people or even a differententerprise can manage a specific risk better than we can, it is a legitimateoption to pursue.

C. Mitigation (Treating the risk)

itigation %or treating@lessening the risk in some way& is essentiallyconcerned with lessening the impact that a particular risk might have. Inconsidering this strategy, we have usually accepted that the risk cannot bereadily avoided or transferred and are therefore now only trying to keep theepected loss or damage to acceptable levels.

#f course, Cacceptable is a subBective term and has to do with how muchrisk the organization may be comfortable in taking from task to task or 

 proBect to proBect. Nowever, in all cases, the aim is to either lower or increasethe likelihood %depending upon whether the risk is positive and negative&and@or decrease or increase the impact.

In most cases, mitigation involves achieving a reduction of the risk impact.This means that our mitigation strategies should either reduce the probabilitythat the risk will occur or lessen the overall severity %damage or loss&eperienced when it happens. 0or eample, I can potentially lower my needto go for medical checks for high blood pressure but changing my diet andeercising more %and thereby lower the possibility of having a heart attack and the severity of it if it does occur&.

8/16/2019 725103 ISNS winter 2012

38/39

 D. Acceptance (Tolerating the risk)

+isk +etention or tolerance is the level of risk an organization is willing toaccept in order to achieve its business goals or obBectives. *very individual

and every organization has a different level of risk tolerance %often called itsrisk appetite&, with corporate culture and values being a primary driver  behind acceptable tolerance levels. 0or instance, the nuclear industry mayhave a very conservative, low risk tolerance culture for everything that it does%and often spends a lot of time and money on risk management Xand safetymeasures&. An advertising agency, on the other hand, may have a very highrisk tolerance culture and therefore is willing to make Criskier decisionsabout a lot of things it does.

+isk tolerance then is the result of making a deliberate decision to endure theconsequences of an event should it occur. Tolerance of the risk can take oneof two forms, passive and active.

/assie acce"tance occurs when no action is taken to resolve the risk, copewith it, or otherwise manage it.

"ith actie acce"tance, action is taken to manage the impact of the eventshould the event occur. In these circumstances, contingency or fallback plansare followed only when the event occurs.

+isk tolerance is the lowest form of control, in as much as it is typically onlya good choice when all other strategies are not viable. As such we either livewith the risk and its loss consequences or we use the only available protectionwe can as a barrier or final line of defense.

A good eample of this is in the area of noise. In some industries, oldequipment is too epensive to replace immediately so the noise risk %anddamage to potential hearing& is tolerated %by both regulatory authorities and

the management team in an organization&. The best and only form of defenseagainst the risk in these circumstances is in personal protective equipment%::*& like ear plugs %although they may not work completely in long periodsof eposure&.

8/16/2019 725103 ISNS winter 2012

39/39

Nence, risk tolerance is finally a matter of choice for the organization, butsuch choices should always be made wisely and based on the circumstancesfaced at a given time %e.g. it may be tolerable risk now but is this going to bethe case H or 1 months from now&]