Q. What is information security?

Ans:
Information security, sometimes shortened to InfoSec, is the practice of defending
information from unauthorized access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction. It is a general term that can be used
regardless of the form the data may take.
Q. What are the fundamental properties of security?
Ans:
The fundamental properties of information security are described in brief below:
Integrity
In information security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. This means that data cannot be modified in an
unauthorized or undetected manner. Information security systems typically provide
message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it
is needed. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it
must be functioning correctly. High availability systems aim to remain available at all times,
preventing service disruptions due to power outages, hardware failures, and system
upgrades.
Authenticity
In computing and information security, it is necessary to ensure that the data, transactions,
communications or documents (electronic or physical) are genuine. It is also important for
authenticity to validate that both parties involved are who they claim to be. Some
information security systems incorporate authentication features such as "digital
signatures", which give evidence that the message data is genuine and was sent by someone
possessing the proper signing key.
Non-repudiation
In law, non-repudiation denotes one's intention to fulfill their obligations to a contract. It
also implies that one party of a transaction cannot deny having received a transaction nor
can the other party deny having sent a transaction.

Q. What Caesar cipher?

Answer:
In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's
code or Caesar shift, is one of the simplest and most widely known encryption techniques. It
is a type of substitution cipher in which each letter in the plaintext is replaced by a letter
some fixed number of positions down the alphabet. For example, with a left shift of 3, D
would be replaced by A, E would become B, and so on. The method is named after Julius
Caesar, who used it in his private correspondence.

Q. What is substitution cipher?

Answer:
In cryptography, a substitution cipher is a method of encoding by which units of plaintext
are replaced with cipher-text, according to a regular system; the "units" may be single letters
(the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.
The receiver deciphers the text by performing an inverse substitution.
Substitution ciphers can be compared with transposition ciphers. In a transposition cipher,
the units of the plaintext are rearranged in a different and usually quite complex order, but
the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the
plaintext are retained in the same sequence in the cipher-text, but the units themselves are
altered.
There are a number of different types of substitution cipher. If the cipher operates on single
letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of
letters is termed poly-graphic. A mono-alphabetic cipher uses fixed substitution over the
entire message, whereas a polyalphabetic cipher uses a number of substitutions at different
positions in the message, where a unit from the plaintext is mapped to one of several
possibilities in the cipher-text and vice versa.

Q. What is symmetric key encryption & public key encryption system?

Answer:
An encryption system in which the sender and receiver of a message share a single, common
key that is used to encrypt and decrypt the message. Contrast this with public-key
cryptology, which utilizes two keys - a public key to encrypt messages and a private key to
decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two
parties must somehow exchange the key in a secure way. Public-key encryption avoids this
problem because the public key can be distributed in a non-secure way, and the private key
is never transmitted.
Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular
symmetric-key system is the Data Encryption Standard (DES).
Q. What is block cipher & stream cipher?
Answer:
A stream cipher is a symmetric key cipher where plaintext digits are combined with a
pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is
encrypted one at a time with the corresponding digit of the keystream, to give a digit of the
ciphertext stream. An alternative name is a state cipher, as the encryption of each digit is
dependent on the current state. In practice, a digit is typically a bit and the combining
operation an exclusive-or (XOR).
The pseudorandom keystream is typically generated serially from a random seed value using
digital shift registers. The seed value serves as the cryptographic key for decrypting the
ciphertext stream.
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups
of bits, called blocks, with an unvarying transformation that is specified by a symmetric key.

Block ciphers are important elementary components in the design of many cryptographic
protocols, and are widely used to implement encryption of bulk data.
Q. Describe One time pad and two time pad encryption.
One time pad:
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked
if used correctly. In this technique, a plaintext is paired with a random secret key (also
referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by
combining it with the corresponding bit or character from the pad using modular addition.
If the key is truly random, is at least as long as the plaintext, is never reused in whole or in
part, and is kept completely secret, then the resulting ciphertext will be impossible to
decrypt or break. It has also been proven that any cipher with the perfect secrecy property
must use keys with effectively the same requirements as OTP keys. However, practical
problems have prevented one-time pads from being widely used
Two time pad:
Q. Describe Shanons perfect secrecy.
Answer: No:2 Slide ,page 8.
Q. What is MAC in cryptography?
Answer:
In cryptography, a message authentication code (MAC) is a short piece of information used
to authenticate a message and to provide integrity and authenticity assurances on the
message. Integrity assurances detect accidental and intentional message changes, while
authenticity assurances affirm the message's origin.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input
a secret key and an arbitrary-length message to be authenticated, and outputs a MAC
(sometimes known as a tag). The MAC value protects both a message's data integrity as well
as its authenticity, by allowing verifiers (who also possess the secret key) to detect any
changes to the message content.
Q. What do you know about OTTP?
Answer:
In cryptography, a trusted third party (TTP) is an entity which facilitates interactions
between two parties who both trust the third party; The Third Party reviews all critical
transaction communications between the parties, based on the ease of creating fraudulent

digital content. In TTP models, the relying parties use this trust to secure their own
interactions.
An example
Suppose Alice and Bob wish to communicate securely they may choose to use
cryptography. Without ever having met Bob, Alice may need to obtain a key to use to encrypt
messages to him. In this case, a TTP is a third party who may have previously seen Bob (in
person), or is otherwise willing to vouch that this key (typically in an identity certificate)
belongs to the person indicated in that certificate, in this case, Bob. In discussions, this third
person is often called Trent. Trent gives it to Alice, who then uses it to send secure messages
to Bob. Alice can trust this key to be Bob's if she trusts Trent. In such discussions, it is simply
assumed that she has valid reasons to do so (of course there is the issue of Alice and Bob
being able to properly identify Trent as Trent and not someone impersonating Trent).