__:__

**Mid-Sem Paper Solutions**__:__

**Question**
What are the different types of active security attack ?

**:**

__Answer__**: Any action that compromises the security of information owned by an organization. There are 2 types of attack as shown below.**

__Security Attack__**:**

__Active Attack__
An Active attack attempts to alter system resources or effect their operations. The attacker changes the data or harms the system.

__Passive Attacks:__
The attacker’s goal is to just obtain the information. The attack does not harm the system.

**:**

__Types of active attacks include__- It prevents normal use of communication facilities. Slowing down or totally interrupt the service of the system. E.g. multiple requests to bring an exam result server down.__Denial of service (DoS)__- Subsequent retransmission of a captured message to produce an unauthorized effect. E.g. Bill payment fake reminders.*Session replay*- Masquerade attack takes place when one entity pretends to be different entity. E.g. Hoax bank sites.*Masquerade*- It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorized effect.*Message modification*- Sender denies that it sent the message or the receiver denies that it received the message.*Repudiation*- A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.*Trojans*

**:**

__Types of passive attack include__- Data is intercepted by an unauthorized person. E.g. Tapping*Snooping*- May be the data is masked, so no information can be extracted but some patterns like - sender, receiver, message length, time of the message etc. can be extracted to make intelligent guesses.**Traffic Analysis**

__Question__:
Write the pseudo code of the RC4 stream generation part.

**:**

__Answer__RC4 is a stream cipher and variable length key algorithm. This algorithm encrypts one byte at a time (or larger units on a time). This algorithm involves three steps:

- Initialization of Vector S and key K
- Initial Permutation of vector S
- Stream Generation

**:**

__Below are the detailed steps for third part of RC4__

__Stream Generation__- Once the S vector is initially permuted, the input key (K) is no longer used.
- Stream generation involves cycling through all the elements of S[i], and for each S[i], swapping S[i] with another byte in S according to a scheme dictated by the current configuration of S.
- As an output a random stream bytes values (k) are generated.

__Pseudo Code__
/*

*Stream Generation**/
i, j = 0;

while (true)

{

i = (i + 1)
mod 256;

j = (j +
S[i]) mod 256;

swap (S[i],
S[j]);

t = (S[i] +
S[j]) mod 256;

k = S[t];

}

**NOTE:**As only stream generation step is asked in the question therefore only that step is explained in detail. Below is elaborated reference for the first two steps of RC4 encryption algorithm.

__Initialization of Vector S and key K__

__Steps__- S is a state vector to store 256 bytes, with elements S[0], S[1]........S[255].
- The entries of S are set equal to the values from 0 through 255 in ascending order; that is, S[0] = 0, S[1] = 1, ...... S[255] = 255.
- A key (K) of variable length <= 256 bytes is chosen.
- A temporary vector T of 256 bytes is filled with the values of K. If K = 256, then all of K is filled in T, else K is repeated as required to fill T.

__Pseudo Code__

/*

*Initialization**/
for i = 0 to
255 do

{

S[i] = i;

T[i] = K[i
mod key_length];

}

__Initial Permutation of vector S__

__Steps__- T is used to produce the initial permutation of S.
- This involves starting with S[0] and going through to S[255], and for each S[i], swapping S[i] with another byte in S according to a scheme dictated by T[i].

__Pseudo Code__
/*

*Initial Permutation of S**/
j = 0;

for i = 0 to
255 do

{

j = (j + S[i]
+ T[i]) mod 256;

swap (S[i],
S[j]);

}

__Question__:Using extended Euclidean algorithm compute

**19**mod 999

^{-1}

__Answer__:
Given as =>

**19**mod 999^{-1}
So compare with equation as d = e

**mod**^{-1 }**z**^{ }
Using Extended Euclidean Algorithm, e = 19 and z = 999

999 = 19*52+11 =>
11 = 999-19*52

19 = 11*1+8 =>
8 = 19-11*1

11 = 8*1+3 =>
3 = 11-8*1

8 = 3*2+2 =>
2 = 8-3*2

3 = 2*1+1 =>
1 = 3-2*1

2 = 1*2+0 =>
0

**.**

*/ * Comments - Pro Tip*
Now try to make all remainders look like a combo of 999
and 19, i.e. try to make them look like:

8 =19*_ + 999*_

3 =19*_ + 999*_

2 =19*_ + 999*_

11=19*_+ 999*_

1 =19*_ + 999*_

*/

Applying the Extended Euclidean Algorithm, we get:

11 =
999-19*52 Step 1

8 =
19-1*(999-19*52)

= 19-999+19*52

= 19*53-999 Step 2

3 = (999-19*52)-1*(19*53-999)

=
-19*105+999*2 Step 3

2 = (19*53-999)-2*(-19*105+999*2)

= 19*53-999
+19*210-999*4

=
19*263-999*5 Step 4

1 = (-19*105+999*2)
-1*(19*263-999*5)

= -19*105+999*2
- 19*263+999*5

=
-19*368+999*7 Step 5

The final equation means that d = 368 is the
multiplicative inverse of e = 19 mod 999, which can also be written as 368 =

**19**mod 999.^{-1}**:**

__Question__Draw g-function of AES. write the value of RC[7]. RC[8], RC [9] and RC [10] in hexadecimal ?

__Answer:____g-function of AES__

**The g function of the AES key schedule is illustrated in the Figure above. As shown, the operation consists of three stages: an S-Box transformation, a permutation, and an exclusive-or. The S-Box operation used in the AES key schedule is identical to the one used in the encryption phase as described previously. In the permutation phase of the g function, each byte of the word is shifted one position to the left. Finally, the leftmost byte is exclusive-ored with a round constant. The rounds constants in AES are the value of 2round_number modulo Galois Field 28.**

__Hexadecimal values__

**:**

__Question__
thank you for the blog....

ReplyDeleteBest Security Systems

Network security

Security Solutions

good blog....

ReplyDeleteUnified Communication Solutions

Communication Solutions

Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. Security Werribee

ReplyDelete