__:__

**Mid-Sem Paper Solutions**__:__

**Question**
What are the different types of active security attack ?

**:**

__Answer__**: Any action that compromises the security of information owned by an organization. There are 2 types of attack as shown below.**

__Security Attack__**:**

__Active Attack__
An Active attack attempts to alter system resources or effect their operations. The attacker changes the data or harms the system.

__Passive Attacks:__
The attacker’s goal is to just obtain the information. The attack does not harm the system.

**:**

__Types of active attacks include__- It prevents normal use of communication facilities. Slowing down or totally interrupt the service of the system. E.g. multiple requests to bring an exam result server down.__Denial of service (DoS)__- Subsequent retransmission of a captured message to produce an unauthorized effect. E.g. Bill payment fake reminders.*Session replay*- Masquerade attack takes place when one entity pretends to be different entity. E.g. Hoax bank sites.*Masquerade*- It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorized effect.*Message modification*- Sender denies that it sent the message or the receiver denies that it received the message.*Repudiation*- A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.*Trojans*

**:**

__Types of passive attack include__- Data is intercepted by an unauthorized person. E.g. Tapping*Snooping*- May be the data is masked, so no information can be extracted but some patterns like - sender, receiver, message length, time of the message etc. can be extracted to make intelligent guesses.**Traffic Analysis**

__Question__:
Write the pseudo code of the RC4 stream generation part.

**:**

__Answer__RC4 is a stream cipher and variable length key algorithm. This algorithm encrypts one byte at a time (or larger units on a time). This algorithm involves three steps:

- Initialization of Vector S and key K
- Initial Permutation of vector S
- Stream Generation

**:**

__Below are the detailed steps for third part of RC4__

__Stream Generation__- Once the S vector is initially permuted, the input key (K) is no longer used.
- Stream generation involves cycling through all the elements of S[i], and for each S[i], swapping S[i] with another byte in S according to a scheme dictated by the current configuration of S.
- As an output a random stream bytes values (k) are generated.

__Pseudo Code__
/*

*Stream Generation**/
i, j = 0;

while (true)

{

i = (i + 1)
mod 256;

j = (j +
S[i]) mod 256;

swap (S[i],
S[j]);

t = (S[i] +
S[j]) mod 256;

k = S[t];

}

**NOTE:**As only stream generation step is asked in the question therefore only that step is explained in detail. Below is elaborated reference for the first two steps of RC4 encryption algorithm.

__Initialization of Vector S and key K__

__Steps__- S is a state vector to store 256 bytes, with elements S[0], S[1]........S[255].
- The entries of S are set equal to the values from 0 through 255 in ascending order; that is, S[0] = 0, S[1] = 1, ...... S[255] = 255.
- A key (K) of variable length <= 256 bytes is chosen.
- A temporary vector T of 256 bytes is filled with the values of K. If K = 256, then all of K is filled in T, else K is repeated as required to fill T.

__Pseudo Code__

/*

*Initialization**/
for i = 0 to
255 do

{

S[i] = i;

T[i] = K[i
mod key_length];

}

__Initial Permutation of vector S__

__Steps__- T is used to produce the initial permutation of S.
- This involves starting with S[0] and going through to S[255], and for each S[i], swapping S[i] with another byte in S according to a scheme dictated by T[i].

__Pseudo Code__
/*

*Initial Permutation of S**/
j = 0;

for i = 0 to
255 do

{

j = (j + S[i]
+ T[i]) mod 256;

swap (S[i],
S[j]);

}

__Question__:Using extended Euclidean algorithm compute

**19**mod 999

^{-1}

__Answer__:
Given as =>

**19**mod 999^{-1}
So compare with equation as d = e

**mod**^{-1 }**z**^{ }
Using Extended Euclidean Algorithm, e = 19 and z = 999

999 = 19*52+11 =>
11 = 999-19*52

19 = 11*1+8 =>
8 = 19-11*1

11 = 8*1+3 =>
3 = 11-8*1

8 = 3*2+2 =>
2 = 8-3*2

3 = 2*1+1 =>
1 = 3-2*1

2 = 1*2+0 =>
0

**.**

*/ * Comments - Pro Tip*
Now try to make all remainders look like a combo of 999
and 19, i.e. try to make them look like:

8 =19*_ + 999*_

3 =19*_ + 999*_

2 =19*_ + 999*_

11=19*_+ 999*_

1 =19*_ + 999*_

*/

Applying the Extended Euclidean Algorithm, we get:

11 =
999-19*52 Step 1

8 =
19-1*(999-19*52)

= 19-999+19*52

= 19*53-999 Step 2

3 = (999-19*52)-1*(19*53-999)

=
-19*105+999*2 Step 3

2 = (19*53-999)-2*(-19*105+999*2)

= 19*53-999
+19*210-999*4

=
19*263-999*5 Step 4

1 = (-19*105+999*2)
-1*(19*263-999*5)

= -19*105+999*2
- 19*263+999*5

=
-19*368+999*7 Step 5

The final equation means that d = 368 is the
multiplicative inverse of e = 19 mod 999, which can also be written as 368 =

**19**mod 999.^{-1}**:**

__Question__Draw g-function of AES. write the value of RC[7]. RC[8], RC [9] and RC [10] in hexadecimal ?

__Answer:____g-function of AES__

**The g function of the AES key schedule is illustrated in the Figure above. As shown, the operation consists of three stages: an S-Box transformation, a permutation, and an exclusive-or. The S-Box operation used in the AES key schedule is identical to the one used in the encryption phase as described previously. In the permutation phase of the g function, each byte of the word is shifted one position to the left. Finally, the leftmost byte is exclusive-ored with a round constant. The rounds constants in AES are the value of 2round_number modulo Galois Field 28.**

__Hexadecimal values__

**:**

__Question__
thank you for the blog....

ReplyDeleteBest Security Systems

Network security

Security Solutions

Great Article

DeleteNetwork Security Projects for CSE

JavaScript Training in Chennai

Project Centers in Chennai

JavaScript Training in Chennai

good blog....

ReplyDeleteUnified Communication Solutions

Communication Solutions

Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. Security Werribee

ReplyDeleteThis particular is usually apparently essential and moreover outstanding truth along with for sure fair-minded and moreover admittedly useful My business is looking to find in advance designed for this specific useful stuffs… CCTV Security Installers

ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Serious Security

ReplyDelete