Siddharta Saha

Client: (Deleted for confidentiality) Project: Information Security and encryption Questions

Date: 05/10/10 Submitted by:Siddharta Saha

Downloaded from http://siddhartasaha.weebly.com

 Siddharta Saha

1. Security properties: a. Develop an example where confidentiality is more important than integrity. Ans: In a hospital all the medical records are kept confidential because the case history and other details should only be available to the patient parties and concerned doctors. But any medical professional of the hospital may have to change/update the records. So in this case the confidentiality is more important than the integrity. b. Develop an example where usability is more important than non-repudiation. Ans:

c. Give an example where availability and integrity are more important than confidentiality. Ans: In case of online payment through credit cards we issue our credit card number and other details. These details are then verified by the payment gateways from the credit card companys database. So the server should be available in order to perform this process. On successful verification we are able to make the payment i.e. modify our credit balance. So the integrity is ensured so that the right credit card is able to use right account. Since we are ourselves supplying the credit card numbers and other details, confidentiality is not the most important. 2. Discuss the security of the following ciphers: a. Shift cipher Ans: Shift cipher is the simplest form of encryption techniques. Each alphabet of the string is shifted to a fixed distance and corresponding alphabet in that position replaces the original one. For example if A is shifted by 5 then it would be replaced by F. So if the word BAT is encrypted using this method and 5 positions shifts then the encrypted word would be GFY (B G , AF , T Y). This can be expressed by arithmetic expression Ex = ( x + n) mod 26 . Where Ex = encrypted alphabet x = position of alphabet in dictionary (a being 0 and z being 25 ) n = number of fixed shifts The receiver how knows the shifting value again shifts the encrypted alphabet backward to decrypt the text. And this can be expressed as Dx = (x - n) mod 26 There are total 26 alphabets in the letter series. So one letter may be shifted to maximum 26 positions. If an attacker takes the entire encrypted string and shifts one by one then it would take

Downloaded from http://siddhartasaha.weebly.com

 Siddharta Saha
him maximum 26 such trials to find the plain text. So the maximum brute force attack trial would be 26. b. Substitution Cipher Ans:

c. Transposition Cipher (Single, Double) Ans: In Transposition Ciphering the plain texts are written in blocks ( row wise with the number of columns fixed as number of alphabets in the substitution alphabet ). Then individual columns are sent as words at random orders. This jumbles up the extire message and diffucult to understand by any one other than intended receiver. Suppose sender would use CARPET as the substitution word and wants to send TODAY IS SUNDAY to the receiver. We have 6 letters in CARPET so our block should have 6 columns mark the columns as per the original alphabetical order with 6 being highest. We write the words row wise to create the block.

d. One-time pad Ans: This is the strongest type of encryption techniques available. It uses randomly generated keys to encrypt the message. The keys are truly random and never repeated in the entire session. So it is not possible for anyone to understand the value of the key and thus decrypt the message. Suppose the sender makes a pad where each page contains a sting of number or letters or both (keys). Now he shared a copy of the pad with the receiver. During actual transmission he randomly opens up any page from the pad and uses the key in it to encrypt the original letter. The page is then torn off from the pad and not used again. The receiver on the other hand opens up the corresponding page from his pad and uses the key to decrypt the message. The random nature of the key makes this method impossible to break. 3. Explain confusion and diffusion in cryptography. Explain how these apply to the following ciphers: Confusion: The process of making relationship between the cipher text and secret key so complex such that even when the attacker has access to both he can not reproduce the plaintext.

Downloaded from http://siddhartasaha.weebly.com

 Siddharta Saha

Diffusion: Sometimes attackers try to exploit the occurrence of certain letters from the ciphered text to generate the key by analyzing the statistical nature of it.. The process of diffusion removes the statistical nature of the ciphered text so that a key can not be generated from it.

Type of ciphering Shift Cipher No confusion

Confusion

Diffusion

Substitution Cipher Weak confusion

Double Transposition Cipher

Weak confusion

One-time pad

Very strong confusion

4. Explain how usability can affect computer security. Why setting a complex password strategy is not enough for ensuring security? Ans: Usability of a computer system defines how easily an end user can use the system or how user friendly the system is. But to make the system user-friendly often the developers or the administrators do not takes adequate security policies. Or tries to lose the security knot. This leaves the entire computer system vulnerable. For example to make the system less annoying than the previous version windows vista MS has features of overriding the user Account Control without users intervention in Windows 7.

Downloaded from http://siddhartasaha.weebly.com

 Siddharta Saha
a. What are the advantages and disadvantages of secret key cryptography compared to public key cryptography? Ans: Advantages and disadvantages of secret key cryptology and public key cryptology a comparison Secret key cryptology It is significantly faster than any available Public key method. The secret key is transmitted over communication channel between both parties. This makes it open to the interception. Public key cryptology Significant improvement has been made to increase speed but not as fast as the secret key The private key of this technique is kept with the individual client and never disclosed to anyone. So even if the public key is known there is no threat to the client.

b. How many secret keys are needed to setup a communication system for a group of six users, such that private (peer to peer) encrypted communication between any two members of the group would be possible? Ans: Total number of clients = 6 Each client should have shared keys with others so number of such key stored in each client = 5 So total number of keys for 6 users in domain = (6*5)/2 = 15 c. Is it possible to reduce the number of keys required by introducing a trusted key distribution center? If so, how. How many keys are needed in this case? Ans:

Downloaded from http://siddhartasaha.weebly.com