Question

HOMEWORK 1: CS 386 (Cryptography) Due Date: January 25, 2018 1. Write short answers for each one of them a) Method of concealing data including messages, files, keys and passwords is known as: b) Method to protect blocks of data from being altered is known as c) What are three parts of CIA triad? d) What is the main difference between accountability and availability e) What is the ITU-T recommended security architecture for OSI called? 2. Explain the differences between active and passive attacks. Give suitable examples. 3. What are the four categories of active attack? Write short notes for each of them. 4. Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement 5. Make a sketch of model for network security and show how cryptography plays an important role in it.

Answer 1

1)

a) method of concealing data including messages, files, keys and passwords is known as symmetric encryption

b) method to protect blocks of data from being altered is known as data protection

c) three parts of CIA triad - Confidentiality, Integrity, availability

d)

Accountability	Availability
specifically applying the traceability of actions to the system entity	It maintains the hardware by providing the function of repair whenever it it necessaryand also maintains the operating systems functioning.

e) itu-t recommended security architecture for OSI called X800

2.

Active Attack	Passive attack
Detection is tends to be easiier	Detection is tends to be difficult
It harms the system	It does not harms the system
The main aim of an attacker is to alter the information or original message	The main aim of an attacker is to retrive the provided information
Attacks cannot be prevented easily	Attacks can be prevented
Types: Masquerade Replay Denial of service Modification of message	Types: Release of message Content Analysing traffic
Ex: Making an attempt to entry into other account.	Ex: Eves dropping

3) Categories of Active attack

• Masquerade - Making to attempt to enter in a particular system for retrieving information
• Replay - accessing information from the authorised user system by using their session ID
• Denial of service - Blocking the service of accessing to the authorized users.
• Modification of message - attacker attacks the address of the packet header to transfer the data to some other destination address.