What is the OSI security architecture? Ans) A Systematic way of defining the requirements for security and characterizing the approaches to satisfying them is generally defined as “OSI security architecture”. This was developed as an international standard. Focuses of OSI Security Architecture: 1) Security attacks – action that compromises the security of information owned by an organization. 2) Security mechanism – designed to detect, prevent, or recover from a security attack. ) Security service – intended to counter security attacks. 1. ) What the difference between passive and active security threats? Ans) Passive Threats makes attempt to learn or make use of information from the system but does not affect any system resources whereas active threats involve modification of the data stream. So in passive attack a hacker intrudes your system, and waits for some valuable information. In an active attack a hacker tries to get the valuable information by using his abilities rather than depending on the stupidity of the victim.
Example for passive attack: A key logger which sends the input given by the victim to a hacker via a network (LAN). Example for Active attack: Using Brute force to crack the password of a system. 1. 5) List and briefly define categories of security service Ans) The major categories of security service are namely: Confidentially: The protection of data from unauthorized disclosure by encryption and decryption-preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Authentication: The assurance that the communicating entity is the one that it claims to be. The problem of authorization is often thought to be identical to hat of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. Integrity: The assurance that data received are exactly as sent by an authorized entity.
End user will receive what is sent-guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity Access control: The prevention of unauthorized use of a resource means this service controls that have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do.
Ability: Time for access-ensuring timely and reliable access to and use of information Availability: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system. Nonrepudiation: Provides protection against denial by one of the entities involved in Chapter 2: 2. 2) How many keys are required for 2 people to communicate via a symmetric cipher? Ans ) Only one key is required for 2 people to communicate via a symmetric cipher. The key distribution will send the same key/ single key for encryption and ecryption process. . 9) List and briefly defines three uses of a public key cryptosystem Ans) Encryption/decryption: The sender encrypts a message with the recipient’s public key. Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties. 2. 10) What is the difference between private key and a secret key?
Ans) Secret key is used in symmetric encryption. Both sender and receiver have obtained copies of a secret key in secure fashion and keep the key secured. The private key is used with public key in asymmetric encryption. The sender will send encryption document with the receiver public key, then the receiver will decrypt the document with his/ her private key. The “private key” is not shared with anyone. The secret key must be transmitted to or shared with all parties by a method outside the communications link it is intended to secure. 2. 13) How can public key encryption be used to distribute a secret key?
Ans) Several different pproaches are possible, involving the private key(s) of one or both parties. One approach is Diffle-Hellman key exchange. Another approach is for the sender to encrypt a secret key with the recipient’s public key. The key distribution uses the asymmetric encryption to send secret key to the receiver by her/ his public key. Then the receiver will use his/ her private key to decrypt to get her/ his secret key. Problem: 2. 9)Construct a figure similar to figure 2. 9 that includes a digital signature to authenticate the message in the digital envelope. Sol) We can Show the creation of digital envelope as a solution.