cns vini.docx

7/29/2019 Cns Vini.docx

1/23

CRYPTOGRAPHY

&

NETWORK SECURITY

ASSIGNMENT

SUBMITTED TO: SUBMITTED BY:

MR. Kamal Kant Geetika DayalCSE Dept. A2305208545

Roll No. 5128CS-5(X)


2/23

CRYPTOGRAPHY

&

NETWORK SECURITY

ASSIGNMENT


MR. Kamal Kant Kritika DayalCSE Dept. A2305208652

Roll No. 5908CS-5(Y)


3/23

CRYPTOGRAPHY

&

NETWORK SECURITY

ASSIGNMENT


MR. Kamal Kant Arushi NautiyalCSE Dept. A2305208522

Roll No. 4388CS-5(X)


4/23

Q1. Explain Telecommunication Network architecture with neat diagram?

A telecommunications network is a collection of terminals, links and nodes whichconnect to enable telecommunication between users of the terminals. Networks mayuse circuit switching ormessage switching. Each terminal in the network must have

a unique address so messages or connections can be routed to the correctrecipients. The collection of addresses in the network is called the address space.

The links connect the nodes together and are themselves built upon an

underlying transmission network which physically pushes the message across the

link.

Examples of telecommunications networks are:

computer networks

the Internet

the telephone network

All telecommunication networks are made up of five basic components that are

present in each network environment regardless of type or use. These basic

components include terminals, telecommunications processors, telecommunications

channels, computers, and telecommunications control software.

Terminals are the starting and stopping points in any telecommunication network

environment. Any input or output device that is used to transmit or receive data

can be classified as a terminal component.
http://collection/http://telecommunication/http://switching/http://switching/http://switching/http://address/http://space/http://network/http://internet/http://network/http://software/http://telecommunication/http://switching/http://switching/http://switching/http://switching/http://address/http://space/http://space/http://network/http://network/http://internet/http://network/http://network/http://software/http://collection/


5/23

Telecommunications processors support data transmission and reception

between terminals and computers by providing a variety of control and support

functions. (i.e. convert data from digital to analog and back)

Telecommunications channels are the way by which data is transmitted and

received. Telecommunication channels are created through a variety of media ofwhich the most popular include copper wires and coaxial cables (structured

cabling). Fiber - optic cables are increasingly used to bring faster and more robust

connections to businesses and homes.

In a telecommunication environment computers are connected through media to

perform their communication assignments.

Telecommunications control software is present on all networked computers and

is responsible for controlling network activities and functionality.

Q2. What are different TMN management layers?

The framework identifies four logical layers of network management:

Business management

Includes the functions related to business aspects, analyzes trends and quality

issues, for example, or to provide a basis for billing and other financial reports.

Service managementHandles services in the network: definition, administration and charging of services.

Network management

Distributes network resources, performs tasks of: configuration, control and

supervision of the network.

Element management

Handles individual network elements including alarm management, handling of

information, backup, logging, and maintenance of hardware and software.

A network element provides agent services, mapping the physical aspects of the

equipment into the TMN framework.

Q3. Describe TMN information model?

Basically there are two TMN information models which is based on objects specifiedin:
http://transmission/http://channel/http://wire/http://cabling/http://cabling/http://cable/http://element/http://transmission/http://transmission/http://channel/http://channel/http://wire/http://wire/http://cabling/http://cabling/http://cable/http://cable/http://cable/http://cable/http://element/http://element/


6/23

1. G.803

2. M.3100

G.803 :

The ever-popular Client/Server model is used as a paradigm for describing the

relationship between the layers of synchronous networks, with the client layer traffic

being carried over transport services provided by the Server Layer. Two important

types of transport entities, trails and connections, are used to transfer information

within the framework of the client and server layers. A trail is responsible for

managing the transfer of information through one or more client layers via "access

points." A trail consists of trail termination functions that interact via a network

connection. Connections, on the other hand, are used to transfer information

between connection points; multiple connections can be used to support a single trail

within a layer. A single layer can contain multiple connections that serve the

information transport needs of the related client layer.

There are several other components in the general framework defined by G.803. The

objects include:

CP - connection point, this is the point at which the end of a single trail is

bound to either another trail or another connection.

TCP - Termination Connection Point (not Transmission Control Protocol). This

is a special case of a connection point where a trail termination and an

adaptation function are bound.

Adaptation - provides a point of access between the client and server layers.

This function "defines the "server/client" association between the connection

point and access points.

Bi-directional reference point - refers to a point in the network in which a

pair of unidirectional connections or trails are combined to provide full-duplex

connections.

Network connection - defined by G.803 as a "transport entity" formed by a

series of "connections between "termination connection points". In our sample

figure, you can see that the server layer provides a network connection across

several connections to provide a service accessible by the client layer. This

network connection can be used to transfer client trail information.


7/23

AP - access point. Defined as a "reference point" where the output of an

"adaptation" source function is bound to an input of a "trail termination source"

or the output of a "trail termination sink" is bound to the input of an adaptation

sink function." In simpler terms, each layer's access point is the point at which

a server layer terminates the supporting trail service.

MC - matrix connection. Models the connection within a sub network that

consists of a connection that is transferred through a matrix function. This

matrix can either be a fixed matrix (for example, a permanent circuit through

some switching function, or dynamically, as in the case of an automatically

switched circuit).

Figure: G.803

M.3100 :

The M.3100 specification is organized into 6 "fragments" that combine to form the

Generic information model. There are both direct containment relationships between


8/23

the fragments along with associative peer relationships. The 6 fragments defined

within M.3100 are:

Network Fragment: defines the relationship between a managed network and

its related trails, connections, and managed elements. In this case, a network

fragment is shown to contain all elements.

Managed Element: defines the components and relationships contained in a

single managed element. In this case, a managed element is shown to

contain equipment (including software), along with trail termination points.

Termination Point: The termination point fragment contains the types of

terminations that a single piece of managed equipment may contain. Both trail

and connection termination points are included in this fragment.

Transmission Fragment: Provides a different, non-equipment oriented view of

communications through a network. In this case, two forms of transmission

entities are defined, trails and connections. The relationships between these

entities and references to their relative termination points are included in this

fragment. Termination points include termination point sources, sinks and bi-

directional termination points.

Cross Connection Fragment: helps in managing cross connect fabrictopologies. In this case, the cross connection fragment contains multipoint

cross connections, cross connections, generic termination points, and a pool

of termination points.

Functional Area Fragment: defines the classes of objects contained within a

managed element to provide additional management services. Object classes

contained in the functional area fragment include: Management Operations

Schedule, Logs (e.g., alarms, attribute value changes, object creation and

deletion records, state change records), alarm assignment profiles, event

forwarding discriminators and the current alarm summary control. Of these

object classes, with the exception of the Alarm Severity Assignment Profile, all

are defined either in X.721 or Q.821.


9/23

Figure: M.3100

Q4. Briefly explain services and functions of TMN?

TMN Services:

There are a number of specific areas covered by different TMN managementservices:

A. Customer administration

This management activity requires the network operator to exchange management

data and functions required by the customers to offer a telecommunication service

and to exchange with the network all the customer-related management data and

functions that the network needs to provide that service. This could involve

interactions which related to provisioning management, configuration administration,

fault administration, charging (billing) administration, complaints administration,

quality of service administration, traffic measurement administration, etc.

B. Traffic management

This deals with the management of traffic associated with circuit switched networks,

for example, Integrated Services Digital Network (ISDN) and Public Switched

Telephone Network (PSTN), and transmission networks.


10/23

The objective of traffic management is to enable as many calls as possible to be

successfully completed. This is done by maximising the use of all available

equipment and facilities in the traffic situation. It is also responsible to supervise the

performance of a network, and has to take action to control the flow of the traffic and

to optimise the utilisation of the network capacity.

C. Management of customer access

This includes all the equipment which associated with the customer access involving

multiplex equipment, network terminating units etc, regardless of its bandwidth

(narrow-band or broadband), analogue or digital.

Management describes quite a number of tasks, configuration, failure monitoring,

security and network performance of any part or piece of equipment associated with

the access. Separate requirements resulting from circuit-switched or packet-switched

environments must also be taken into account.

Needs of management control facilities upon the customer access arises due to the

complexity. Customer access may be regarded as consisting of copper wires or

optical fibres with complex electronic equipment whose functions may need updating

or altering by the network provider, instead of merely consisted of copper wires and

network terminating equipment.

D. Common channel signalling system (CCSS) management

This covers all the aspects concerned with the management of CCSSs. During the

process of managing a CCSS, several things outside of the sphere of the MS has to

be considered as well. They are the events and information outside the MS, also

planning is needed.

It is necessary to have a network wide view of the availability of the signalling

network and the signalling traffic loading. The network wide view should at least

contain a number of relevant information such as, the configuration on the signalling

network, the availability of each signalling link set and its capacity, current loading of

each link set, and indication of the initiation of internal flow control procedures.

Those information will be used as a statistical measurements. They will be gathered

from both inside and outside of the signalling system concerned.


11/23

E. Staff Work Scheduling

This management service has no direct influence on NEs. However the quality of

telecommunication services depends very much on the network operator's staff, and

that effective staff work scheduling helps to maintain the economic level of the staff

effort. This is a management activity of the network operatorwhich aims at getting

the right staff member to carry out the work. This is valid for OAM of the NEs,

maintenance and installation work to be done at the customers' premises, and also

installation and repair work to be done in the field, such as installing cables.

The TMN management functions are usually grouped into five functional

areas:A. Performance management:

It includes all activities necessary to maintain the short term customer view of

quality of service. It gathers statistical data for monitoring and controlling the

effectiveness and behaviours of the network, NE or equipment.

Performance monitoring (PM)

PM involves the collection of data relating the performance of the NE. It

is designed to measure the overall quality using monitored parameters

and also to detect characteristic pattern before the quality of signal

drops below an acceptable level.

Performance controlling (PC)

B.Fault (Maintenance) Management:

It include all procedure necessary to handle system alarm, correct and test falling

equipment, and respond intelligently to customers complaints.

1. Alarm

TMN is able to monitor NE failures in near real time. Indication is made by the

NE when a failure occurs. TMN determines the nature and severity of the fault

basing on the indication. It may determine the effect of the fault on the

services supported by the fault equipment in two ways. The first one is that a

data base within a TMN may interpret binary alarm indication from the NE,

which requires little of the NE beyond self-monitoring capability. The second is
http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#alarmhttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#correcthttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#testhttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#alarmhttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#correcthttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#test


12/23

that it may transmit self- explanatory messages to a TMN if the NE has

sufficient intelligence, but requires additional support of message syntax for

the description of fault condition from both NE and TMN.

2. Correction

Automatic restoration report from NE to TMN indicates a specific line, service,

equipment or system that has been switched as part of NE's protection

procedures.

TMN requests NE to start/stop hot-standby procedures for system or service

so as to let a redundant unit to take over with minimum disruption to traffic.

Reload procedure involves a request from TMN to NE for reconstruction of a

service or a system from a particular dump record. A reload report is the

reporting of a reloaded service or system from a dump, from NE to TMN.

3. Testing

It can be done in two ways. The first way is that a TMN orders a NE to carry

out analysis of circuit or equipment characteristics, which is done entirely

within the NE. Results are reported to the TMN automatically and immediately

or on a delayed basis. Another way is that the analysis is done within the

TMN. It asks the NE to provide access to the circuit or equipment concerned

and no more messages are exchanged with the NE.

C. Configuration Management:

It provides functions for control over, identify, collect data from and provide data to

NEs.

1. Provisioning

It consists of procedures need to bring an equipment into service, excludinginstallation. When the unit is in service, supporting programs will be initialised

with the TMN. Status of the unit, for example, whether in service or not, may

be controlled by provisioning functions.

Use of provisioning functions differs in different NEs. Frequent use of these

functions is required in digital switching and cross-connect equipment as

circuits are put up and dropped. While only one usage is usually required in

small transmission elements.


13/23

2. Status and control of NE

TMN provides monitoring and controlling over the NE on request. A status

check is usually provided in conjunction with each control function so as to

check that the resulting action has taken place. These functions are corrective

when dealing with faulty conditions.

Status and control functions form part of routine maintenance which is done

on a periodic or automatic basis. TMN will stop the operation of a faulty

equipment and may rearrange equipment or re-route traffic. It can also enable

entering of proposed configuration to analyse the feasibility of the design

before its implementation.

D. Accounting Management :

It includes the measurement and control of costs and customers billing.

It provides a function set which enable the use of the network service to be

measured and determine the cost of it. It also collects the accounting record and

1. Billing

Some NEs is used to determine charges to customer accounts and it will send

to the OS within TMN if it requires these data. To enable the maintaining of

the record of billing, this type of function needs highly efficient and redundant

data transport. Processing must be carried out in near real time for large

number of customers.

E. Security Management:

It is responsible for controlling access to customers, network data and resources.

It is concerned not with the provision and use of encryption or authenticationtechniques themselves but rather with their management, including reports

concerning attempts to breach system security. There are two important function,

first one is managing the security and maintaining security audits. The other one is

performing the network management task in a secure way.

Q5. Write down the functions provided by S/MIME?

S/MIME (Secure/Multipurpose Internet Mail Extension) is a security enhancement

to the MIME Internet e-mail format standard.
http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#billhttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol2/tkl1/#bill


14/23

The Functions provided by S/MIME are:

1.Enveloped data:

This consists of encrypted content of any type and encrypted content encryption

keys for one or more users. This functions provides privacy and data security.

2.Signed data:

A digital signature is formed by signing the message digest and then encrypting that

with the signer private key. The content and the signature are then encoded using

base64 encoding.

This function provides authenticity, message integrity and non-repudiation of origin.

3.SignerInfo: allows the inclusion of unsigned and signed attributes to be included

along with a signature.

-Signing Time

-SMIME Capabilities

-SMIME Encryption Key Preference

4.Clear signed data:

In this case a digital signature of the content is formed, However only the signature is

encoded with base64.

5.Signed and enveloped data:

Because of S/MIME encapsulating capability (multipart type), signed only and

encrypted only entities may be nested, so that encrypted data may be signed and

signed data may be encrypted.

Q6. Explain firewall design principles, characteristics, and types of firewalls

Firewall is a single point of defence between two networks. A firewall can be simply arouter that is used to filter the packets or a complex multi computer, multi routersolution that performs filtering of packets along with application level proxy services.A firewall can be through of as a pair of mechanisms: allow, which permits traffic anddeny, which blocks traffic.

Types of firewalls:


15/23

1. Packet filters: A packet filter is one of the earliest firewall technologies that

analyze network traffic at the transport protocol layer. Each ip network packet

is examined to see if it matches one of a set of rules which defines the nature

of allowable data flow.

2. Circuit level firewalls: Circuit level firewalls are similar to packet filtering

firewalls, but they operate at transport and session layer of the OSI model.

The biggest difference between a packet filtering firewall and circuit level

firewall is that circuit level firewall validates TCP and UDP sessions before

opening a connection through the firewall.

3. Application layer firewalls: An application layer firewall is a third generation

firewall technology that evaluates network packets for valid data at the

application layer before allowing a connection. It examines the data in all

network packets at the application layer and maintains a complete list of

connection states and sequencing information.

4. Dynamic packet filter: Dynamic packet filter firewalls are a fourth generation

firewalls that allow modifications of the security rules on the fly. This

technology is most suitable for providing limited support for UDP transport

protocol

Q7.Define man in the middle attack

Internet connections can be attacked in various ways. A general type of attack is

called

Man-inthe-middle. The idea behind this attack is to get in between the sender and

the recipient, access the traffic, modify it and forward it to the recipient.

The term Man-in-the-middle have been used in the context of computer security

The man-in-the-middle attack is a form of active eavesdropping in which the attacker

makes independent connections with the victims and relays messages between

them, making them believe that they are talking directly to each other over a private

connection, when in fact the entire conversation is controlled by the attacker. The

attacker must be able to intercept all messages going between the two victims and

inject new ones, which is straightforward in many circumstances .
http://eavesdropping/http://eavesdropping/


16/23

A man-in-the-middle attack can succeed only when the attacker can impersonate

each endpoint to the satisfaction of the otherit is an attack on (or lack of) mutual

authentication. Most cryptographic protocols include some form of

endpoint authentication specifically to prevent MITM attacks. For example, SSL can

authenticate one or both parties using a mutually trusted certification authority.

Q 8. Write short notes on following

a) Kerberos-

Kerberos is a network authentication protocol. It is designed to provide strong

authentication for client/server applications by using secret-key cryptography.

It is a computer network authenticationprotocol which works on the basis of "tickets"

to allow nodes communicating over a non-secure network to prove their identity to

one another in a secure manner. Its designers aimed primarily at a client

server model, and it provides mutual authenticationboth the user and the server

verify each other's identity. Kerberos protocol messages are protected

against eavesdropping and replay attacks. Kerberos builds on symmetric key

cryptography and requires a trusted third party, and optionally may use public - key

cryptography by utilizing asymmetric key cryptography during certain phases of

authentication.

b) Virus and Worms-

A computer virus is a computer program that can replicate itself and spread from one

computer to another. The term "virus" is also commonly, but erroneously used, to

refer to other types of malware, including but not limited

to adware and spywareprograms that do not have a reproductive ability.

Viruses can increase their chances of spreading to other computers by infecting files

on a network file system or a file system that is accessed by other computers. [2][3]

Malware includes computer viruses,computer worms, Trojan horses,

most rootkits, spyware, dishonest adware and other malicious or unwanted software,

including true viruses. Viruses are sometimes confused with worms and Trojan

horses, which are technically different. A worm can exploit security vulnerabilities to

spread itself automatically to other computers through networks, while a Trojan

horse is a program that appears harmless but hides malicious functions. Worms and
http://authentication/http://authentication/http://authentication/http://authentication/http://security/http://authority/http://network/http://authentication/http://protocol/http://authentication/http://authentication/http://en.wikipedia.org/wiki/Computer_insecurity#insecurityhttp://attack/http://attack/http://cryptography/http://cryptography/http://party/http://cryptography/http://cryptography/http://cryptography/http://program/http://adware/http://spyware/http://spyware/http://system/http://en.wikipedia.org/wiki/Computer_virus#cite_note-1http://en.wikipedia.org/wiki/Computer_virus#cite_note-2http://malware/http://worm/http://worm/http://rootkit/http://spyware/http://adware/http://authentication/http://authentication/http://authentication/http://security/http://authority/http://authority/http://network/http://network/http://authentication/http://protocol/http://authentication/http://authentication/http://en.wikipedia.org/wiki/Computer_insecurity#insecurityhttp://attack/http://attack/http://cryptography/http://cryptography/http://cryptography/http://party/http://party/http://party/http://cryptography/http://cryptography/http://cryptography/http://cryptography/http://cryptography/http://cryptography/http://cryptography/http://program/http://program/http://adware/http://spyware/http://system/http://system/http://system/http://en.wikipedia.org/wiki/Computer_virus#cite_note-1http://en.wikipedia.org/wiki/Computer_virus#cite_note-2http://malware/http://worm/http://worm/http://rootkit/http://spyware/http://adware/


17/23

Trojan horses, like viruses, may harm a computer system's data or performance.

Some viruses and other malware have symptoms noticeable to the computer user,

but many are surreptitious or simply do nothing to call attention to themselves. Some

viruses do nothing beyond reproducing themselves.

A computer worm is a standalone malwarecomputer program that replicates itself in

order to spread to other computers. Often, it uses a computer network to spread

itself. This is due to security shortcomings on the target computer. Unlike a computer

virus, it does not need to attach itself to an existing program. Worms almost always

cause at least some harm to the network, even if only by consuming bandwidth,

whereas viruses almost always corrupt or modify files on a targeted computer.

c) Honeypot-

A honeypot is an information system resource whose value lies in unauthorized or

illicit use of that resource. Honeypots are an exciting new technology with enormous

potential for the security community. a honeypot is a trap set to detect, deflect, or in

some manner counteract attempts at unauthorized use ofinformation systems.

Generally it consists of a computer, data, or a network site that appears to be part of

a network, but is actually isolated and monitored, and which seems to contain

information or a resource of value to attackers.

Honeypots can be classified based on their deployment and based on their level of

involvement. Based on deployment, honeypots may be classified as production

honeypots

research honeypots.

d) Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is a public key cryptography. Elliptic curves are

also used in several integer factorization algorithms that have applications in

cryptography, such as Lenstra elliptic curve factorization.

Early public-key systems are secure assuming that it is difficult to factor a large

integer composed of two or more large prime factors. For elliptic-curve-based

protocols, it is assumed that finding the discrete logarithm of a random elliptic curve

element with respect to a publicly-known base point is infeasible. The size of the

elliptic curve determines the difficulty of the problem. The primary benefit promised
http://malware/http://program/http://network/http://virus/http://virus/http://systems/http://computer/http://network/http://factorization/http://algorithm/http://factorization/http://logarithm/http://malware/http://program/http://program/http://network/http://network/http://virus/http://virus/http://systems/http://systems/http://computer/http://network/http://factorization/http://factorization/http://algorithm/http://factorization/http://factorization/http://factorization/http://factorization/http://logarithm/http://logarithm/


18/23

by ECC is a smaller key size, reducing storage and transmission requirementsie.

that an elliptic curve group could provide the same level of security afforded by an

RSA-based system with a large modulus and correspondingly larger keyeg, a

256bit ECC public key should provide comparable security to a 3072bit RSA public

key

For current cryptographic purposes, an elliptic curve is a plane curve which consists

of the points satisfying the equation

e) IDS -

An intrusion detection system (IDS) is a device orsoftware application that monitorsnetwork and/or system activities for malicious activities or policy violations and

produces reports to a Management Station. Some systems may attempt to stop an

intrusion attempt but this is neither required nor expected of a monitoring

system. Intrusion detection and prevention systems (IDPS) are primarily focused on

identifying possible incidents, logging information about them, and reporting

attempts. In addition, organizations use IDPSes for other purposes, such as

identifying problems with security policies, documenting existing threats, and

deterring individuals from violating security policies. IDPSes have become a

necessary addition to the security infrastructure of nearly every organization.

f) Hash Algorithm -

A hashing algorithm takes a variable length data message and creates a fixed size

message digest. When a one-way hashing algorithm is used to generate the

message digest the input cannot be determined from the output.

The key in public-key encryption is based on a hash value. This is a value that is

computed from a base input number using a hashing algorithm. Essentially, the hash

value is a summary of the original value. The important thing about a hash value is

that it is nearly impossible to derive the original input number without knowing the

data used to create the hash value.
http://application/http://application/http://application/


19/23

Q9. In network security what we will do first compression or encryption?

Encryption is counterproductive for compression if the two features aren't used

together correctly. Generally, you want to compress first and then encrypt. This is the

order that naturally happens when you compress at the encoding level and encrypt

at the transport level. You tend to get disadvantageous results if you encrypt first and

then compress. This order can happen when you encrypt early on, such as when

you use message security with transport compression, or if you attempt to apply

compression from outside the system after encryption has already taken place.

Statistical tendencies in the resulting encryption output could be a way to attack the

encryption mechanism, possibly revealing the original content or even the secrets

used for encryption. Therefore, the encrypted output tends to be more random than

the original content. If the original content was fairly predictable, then this can cause

a significant decline in compression effectiveness. This makes encrypted content a

poor candidate for compression.

Q10. Difference between SSL and TLS?

SSL

SSL is designed to allow an accessing device or application to connect through ports

associated with SSL for verification. Logging into the destination is handled then

routed for verification then allowed in based on whether or not the key is the same

for the request. Not all web browsers will alert users of changes in security

measures such as those.

TLS

TLS works in a similar fashion but helps to prevent eavesdropping and tampering

with information that is sent between the two locations. The server does a large

amount of encrypting of data being transferred and pulls information for the digital

certificate. If the information is correct the TLS will continue until the connection is

completed.

Q11. What is the segment size of different e-mail providers. Segment size

should be small or large? It depends on what parameters?

The segment size of different email providers are as follows:


20/23

Gmail, RediffMail, Excite, AOL Mail, Blue Tie 25 MB

Fastmail -10 MB to 50 MB

GMX Mail, Hushmail, india.com Email, Ovi Mail- 20 MB

Mail.com -50 MB

Runbox-100 MB

If the maximum segment size is sufficient to allow all segments of data to be

transferred without fragmenting the segments, the web page is likely to fulfill

relatively quickly. However, if the data segment is too large for the maximum

segment size established between the ISP and the end users computer, then the

segment will have to be broken down into smaller fragments that will pass throughthe routing process. The end result is that the web page will fulfill at a noticeably

slower rate.

Q12. Explain DES in detail. Write advancement in DES in short.

DES is a block cipher--meaning it operates on plaintext blocks of a given size (64-

bits) and returns ciphertext blocks of the same size. Thus DES results in

a permutation among the 2^64 (read this as: "2 to the 64th power") possible

arrangements of 64 bits, each of which may be either 0 or 1. Each block of 64 bits is

divided into two blocks of 32 bits each, a left half block L and a right half R.
http://www.wisegeek.com/what-is-a-data-segment.htmhttp://www.wisegeek.com/what-is-an-isp.htmhttp://www.wisegeek.com/what-is-a-data-segment.htmhttp://www.wisegeek.com/what-is-an-isp.htm


21/23

Step 1: Create 16 subkeys , each of which is 48-bits long.

The 64-bit key is permuted according to the permutation table, PC-1. Note only 56

bits of the original key appear in the permuted key.

Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.

With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1


22/23

Triple-DES

Triple-DES is just DES with two 56-bit keys applied. Given a plaintext message, the

first key is used to DES- encrypt the message. The second key is used to DES-

decrypt the encrypted message. (Since the second key is not the right key, this

decryption just scrambles the data further.) The twice-scrambled message is then

encrypted again with the first key to yield the final ciphertext. This three-step

procedure is called triple-DES.

Triple-DES is just DES done three times with two keys used in a particular order.

(Triple-DES can also be done with three separate keys instead of only two. In either

case the resultant key space is about 2^112.)

Q13. Write steps of Diffie Hellmen with example.

The steps of Diffie Hellmen are:

1. Alice and Bob agree to use a prime number p=23 and base g=5.

2. Alice chooses a secret integer a=6, then sends Bob A = ga mod p

A = 56 mod 23

A = 15,625 mod 23

A = 8

3. Bob chooses a secret integer b=15, then sends Alice B = gb mod p

B = 515 mod 23

B = 30,517,578,125 mod 23

B = 19

4. Alice computes s = B a mod p

s = 196 mod 23

s = 47,045,881 mod 23

s = 2

5. Bob computes s = A b mod p
http://en.wikipedia.org/wiki/Alice_and_Bobhttp://en.wikipedia.org/wiki/Alice_and_Bob


23/23

s = 815 mod 23

s = 35,184,372,088,832 mod 23

s = 2

6. Alice and Bob now share a secret: s = 2. This is because 6*15 is the same

as 15*6. So somebody who had known both these private integers might alsohave calculated s as follows:

s = 56*15 mod 23

s = 515*6 mod 23

s = 590 mod 23

s = 807,793,566,946,316,088,741,610,050,849,573,099,185,363,389,5

51,639,556,884,765,625 mod 23

s = 2

Both Alice and Bob have arrived at the same value, because (ga)b and (gb)a are equalmod p. Note that only a, b and gab = gba mod p are kept secret. All the other values

p, g, ga mod p, and gb mod p are sent in the clear. Once Alice and Bob computethe shared secret they can use it as an encryption key, known only to them, for

sending messages across the same open communications channel. Of course,

much larger values of a, b, and p would be needed to make this example secure,since it is easy to try all the possible values of gab mod 23. There are only 23possible integers as the result of mod 23. If p were a prime of at least 300 digits,

and a and b were at least 100 digits long, then even the best algorithms known todaycould not find a given only g, p, gb mod p and ga modp, even using all of mankind's

computing power. The problem is known as the discrete logarithm problem. Notethat g need not be large at all, and in practice is usually either 2 or 5.
http://en.wikipedia.org/wiki/Discrete_logarithm_problemhttp://en.wikipedia.org/wiki/Discrete_logarithm_problem

cns vini.docx

Documents