MID-II Examinations April 2018 Course: B.Tech Branch: CSE Year: III Subject: Information Security Semester: II Date of Exam: 06-04-2018 AN Max Marks:30 Time: 02:00 To 03:00PM Answer ANY TWO of the following 2 x 15 = 30 Marks SCHEME OF EVALUATION 1) a)What is Digital signature? Definition- 2M The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer. b) Explain the difference between Kerberos version 4 and 5? Version-4 -1½M Version-5 -1½M
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MID-II Examinations April 2018
Course: B.Tech Branch: CSE Year: III
Subject: Information Security Semester: II
Date of Exam: 06-04-2018 AN Max Marks:30 Time: 02:00 To 03:00PM
Answer ANY TWO of the following 2 x 15 = 30 Marks
SCHEME OF EVALUATION
1) a)What is Digital signature?
Definition- 2M
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
b) Explain the difference between Kerberos version 4 and 5?
Version-4 -1½M
Version-5 -1½M
Comparison between Kerberos version 4 and version 5:
Kerberos Version 4 Kerberos Version 5
Kerberos v4 was released prior to the version 5 in the
late 1980’s.
The version 5 was published in 1993, years after the appearance of
version 5.
Uses the principal name partially.
Uses the entire principal name.
Uses the “receiver-makes-right” encoding system.
Uses the ASN.1 coding system.
SatisfactoryWell extended. Facilitates forwarding, renewing and
postdating tickets.
Contains only a few IP addresses and other
addresses for types of network protocols.
Contains multiple IP addresses and other
addresses for types of network protocols.
No present support for the cause.
Reasonable support present for such authentication.
c) Describe X.509 Authentication service?
Description-6M
Diagram-4M
X.509 is based on the use of public-key cryptography and digital signatures. The standard does not dictate the use of a specific algorithm but recommends RSA. The digital signature scheme is assumed to require the use of a hash function. Again, the standard does not dictate a specific hash algorithm.
Public-Key Certificate Use
Certificates
o Version: Differentiates among successive versions of the certificate format; the default is version 1. If the Issuer Unique Identifier or Subject Unique Identifier are present, the value must be version 2. If one or more extensions are present, the version must be version 3.
o Serial number: An integer value, unique within the issuing CA, that is unambiguously associated with this certificate.
o Signature algorithm identifier: The algorithm used to sign the certificate, together with any associated parameters. Because this information is repeated in the Signature field at the end of the certificate, this field has little, if any, utility.
o Issuer name: X.500 name of the CA that created and signed this certificate.o Period of validity: Consists of two dates: the first and last on which the certificate is valid.o Subject name: The name of the user to whom this certificate refers. That is, this certificate certifies the
public key of the subject who holds the corresponding private key.o Subject's public-key information: The public key of the subject, plus an identifier of the algorithm for
which this key is to be used, together with any associated parameters.o Issuer unique identifier: An optional bit string field used to identify uniquely the issuing CA in the event
the X.500 name has been reused for different entities.o Subject unique identifier: An optional bit string field used to identify uniquely the subject in the event
the X.500 name has been reused for different entities.o Extensions: A set of one or more extension fields. Extensions were added in version 3 and are discussed
later in this section.o Signature: Covers all of the other fields of the certificate; it contains the hash code of the other fields,
encrypted with the CA's private key. This field includes the signature algorithm identifier.
X.509 Formats
2) a.Distinguish IP SEC Modes?Transport mode- 1 MTunnel Mode- 1M
IPSEC TRANSPORT MODE
IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.
Transport mode provides the protection of our data, also known as IP Payload, and consists of TCP/UDP header + Data, through an AH or ESP header. The payload is encapsulated by the IPSec headers and trailers. The original IP headers remain intact, except that the IP protocol field is changed to ESP (50) or AH (51), and the original protocol value is saved in the IPsec trailer to be restored when the packet is decrypted.
IPSEC TUNNEL MODE
IPSec tunnel mode is the default mode. With tunnel mode, the entire original IP packet is protected by IPSec. This means IPSec wraps the original packet, encrypts it, adds a new IP header and sends it to the other side of the VPN tunnel (IPSec peer).
Tunnel mode is most commonly used between gateways (Cisco routers or ASA firewalls), or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.Tunnel mode is used to encrypt traffic between secure IPSec Gateways.
b.Explain 3 components of PGP
Description-3 M1.Session key:
Need a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES
Generated using ANSI X12.17 modeUses random inputs taken from previous uses and from keystroke timing of user
2.Message:Includes the data,filename and timestamp.
3.Signature:Includes message digest generated by the hash function,leading two octets of message digest,key ID of
sender’s public key along with timestamp.
c.Discuss IP SEC Authentication HeaderDescription-6 MDiagram- 4MThe Authentication Header provides support for data integrity and authentication of IP packets. The data integrity feature ensures that undetected modification to a packet's content in transit is not possible. The authentication feature enables an end system or network device to authenticate the user or application and filter traffic accordingly; it also prevents the address spoofing attacks observed in today's Internet. The AH also guards against the replay attack. Authentication is based on the use of a message authentication code (MAC), hence the two parties must share a secret key.
The Authentication Header consists of the following fields • Next Header (8 bits): Identifies the type of header immediately following this header. • Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2. For example, the default length of the authentication data field is 96 bits, or three 32- bit words. With a three-word fixed header, there are a total of six words in the header, and the Payload Length field has a value of 4. • Reserved (16 bits): For future use. • Security Parameters Index (32 bits): Identifies a security association. • Sequence Number (32 bits): A monotonically increasing counter value, discussed later. • Authentication Data (variable): A variable-length field (must be an integral number of 32-bit words) that contains the Integrity Check Value (ICV), or MAC, for this packet, discussed later.
3)A.Define key legitimacy and signature trustkey legitimacy Definition-1Msignature trust Definition-1M
key legitimacy- IT indicates the extent to which PGP will trust that this is a valid public key for this user.signature trust- IT indicates the degree to which this PGP user trust the signer to certify public keys.
b.List out and define ISAKMP payload types?Description -3 marksISAKMP defines procedures and packet formats to establish, negotiate, modify and delete Security Associations. SAs contain all the information required for execution of various network security services, such as the IP layer services (such as header authentication and payload encapsulation), transport or application layer services, or self-protection of negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data. These formats provide a consistent framework for transferring key and authentication data which is independent of the key generation technique, encryption algorithm and authentication mechanism.
ISAKMP is distinct from key exchange protocols in order to cleanly separate the details of security association management (and key management) from the details of key exchange. There may be many different key exchange protocols, each with different security properties. However, a common framework is required for agreeing to the format of SA attributes, and for negotiating, modifying, and deleting SAs. ISAKMP serves as this common framework.
ISAKMP can be implemented over any transport protocol.
All implementations must include send and receive capability for ISAKMP using UDP on port 500.
Initiator cookie. 8 bytes.The cookie of the entity that initiated SA establishment, SA notification, or SA deletion.
Responder cookie. 8 bytes.The cookie of the entity that is responding to an SA establishment request, SA notification, or SA deletion.
Next payload. 8 bits.Indicates the type of the first payload in the message.
Mjr version. 4 bits.The major version of the ISAKMP protocol in use.
Mnr version. 4 bits.The minor version of the ISAKMP protocol in use.
Exchange type. 8 bits.Indicates the type of exchange being used. This dictates the message and payload orderings in the ISAKMP exchanges.
Flags. 8 bits.Indicates the options that are set for the ISAKMP exchange.
A, Authentication only. 1 bit.Intended for use with the Informational Exchange with a Notify payload and will allow the transmission of information with integrity checking, but no encryption.
C, Commit. 1 bit.Used to signal key exchange synchronization. It is used to ensure that encrypted material is not received prior to completion of the SA establishment.
E, Encryption. 1 bit.If set, all payloads following the header are encrypted using the encryption algorithm identified in the ISAKMP SA.
Message ID. 4 bytes.A unique value used to identify the protocol state during Phase 2 negotiations. It is randomly generated by the initiator of the Phase 2 negotiation.
Length. 4 bytes.The total length of the ISAKMP header and the encapsulated payloads in bytes.
c.Explain TLS?
Description-6 M
Diagram-4M
Need for Transport Layer SecurityLet's discuss a typical Internet-based business transaction.
Bob visits Alice’s website for selling goods. In a form on the website, Bob enters the type of good and quantity desired, his address and payment card details. Bob clicks on Submit and waits for delivery of goods with debit of price amount from his account. All this sounds good, but in absence of network security, Bob could be in for a few surprises.
If transactions did not use confidentiality (encryption), an attacker could obtain his payment card information. The attacker can then make purchases at Bob's expense.
If no data integrity measure is used, an attacker could modify Bob's order in terms of type or quantity of goods.
Lastly, if no server authentication is used, a server could display Alice's famous logo but the site could be a malicious site maintained by an attacker, who is masquerading as Alice. After receiving Bob's
order, he could take Bob's money and flee. Or he could carry out an identity theft by collecting Bob's name and credit card details.
Transport layer security schemes can address these problems by enhancing TCP/IP based network communication with confidentiality, data integrity, server authentication, and client authentication.
The security at this layer is mostly used to secure HTTP based web transactions on a network. However, it can be employed by any application running over TCP.
Philosophy of TLS DesignTransport Layer Security (TLS) protocols operate above the TCP layer. Design of these protocols use popular Application Program Interfaces (API) to TCP, called “sockets" for interfacing with TCP layer.
Applications are now interfaced to Transport Security Layer instead of TCP directly. Transport Security Layer provides a simple API with sockets, which is similar and analogous to TCP's API.
In the above diagram, although TLS technically resides between application and transport layer, from the common perspective it is a transport protocol that acts as TCP layer enhanced with security services.
TLS is designed to operate over TCP, the reliable layer 4 protocol (not on UDP protocol), to make design of TLS much simpler, because it doesn't have to worry about ‘timing out’ and ‘retransmitting lost data’. The TCP layer continues doing that as usual which serves the need of TLS.
Why TLS is Popular?The reason for popularity of using a security at Transport Layer is simplicity. Design and deployment of security at this layer does not require any change in TCP/IP protocols that are implemented in an operating system. Only user processes and applications needs to be designed/modified which is less complex.
Secure Socket Layer (SSL)In this section, we discuss the family of protocols designed for TLS. The family includes SSL versions 2 and 3 and TLS protocol. SSLv2 has been now replaced by SSLv3, so we will focus on SSL v3 and TLS.
TLS modified the cryptographic algorithms for key expansion and authentication. Also, TLS suggested use of open crypto Diffie-Hellman (DH) and Digital Signature Standard (DSS) in place of patented RSA crypto used in SSL. But due to expiry of RSA patent in 2000, there existed no strong reasons for users to shift away from the widely deployed SSLv3 to TLS.
Salient Features of SSLThe salient features of SSL protocol are as follows −
SSL provides network connection security through −
o Confidentiality − Information is exchanged in an encrypted form.o Authentication − Communication entities identify each other through the use of digital
certificates. Web-server authentication is mandatory whereas client authentication is kept optional.
o Reliability − Maintains message integrity checks. SSL is available for all TCP applications. Supported by almost all web browsers. Provides ease in doing business with new online entities. Developed primarily for Web e-commerce.
Architecture of SSLSSL is specific to TCP and it does not work with UDP. SSL provides Application Programming Interface (API) to applications. C and Java SSL libraries/classes are readily available.
SSL protocol is designed to interwork between application and transport layer as shown in the following image −
SSL itself is not a single layer protocol as depicted in the image; in fact it is composed of two sub-layers.
o SSL Handshake Protocolo Change Cipher Spec Protocolo Alert Protocol.
These three protocols manage all of SSL message exchanges and are discussed later in this section.
Functions of SSL Protocol ComponentsThe four sub-components of the SSL protocol handle various tasks for secure communication between the client machine and the server.
Record Protocolo The record layer formats the upper layer protocol messages.o It fragments the data into manageable blocks (max length 16 KB). It optionally compresses the
data.o Encrypts the data.
o Provides a header for each message and a hash (Message Authentication Code (MAC)) at the end.
o Hands over the formatted blocks to TCP layer for transmission.
SSL Handshake Protocolo It is the most complex part of SSL. It is invoked before any application data is transmitted. It
creates SSL sessions between the client and the server.o Establishment of session involves Server authentication, Key and algorithm negotiation,
Establishing keys and Client authentication (optional).o A session is identified by unique set of cryptographic security parameters.o Multiple secure TCP connections between a client and a server can share the same session.o Handshake protocol actions through four phases. These are discussed in the next section.
ChangeCipherSpec Protocolo Simplest part of SSL protocol. It comprises of a single message exchanged between two
communicating entities, the client and the server.o As each entity sends the ChangeCipherSpec message, it changes its side of the connection into
the secure state as agreed upon.o The cipher parameters pending state is copied into the current state.o Exchange of this Message indicates all future data exchanges are encrypted and integrity is
protected. SSL Alert Protocol
o This protocol is used to report errors – such as unexpected message, bad record MAC, security parameters negotiation failed, etc.
o It is also used for other purposes – such as notify closure of the TCP connection, notify receipt of bad or unknown certificate, etc.
Establishment of SSL SessionAs discussed above, there are four phases of SSL session establishment. These are mainly handled by SSL Handshake protocol.
Phase 1 − Establishing security capabilities.
This phase comprises of exchange of two messages – Client_hello and Server_hello.
Client_hello contains of list of cryptographic algorithms supported by the client, in decreasing order of preference.
Server_hello contains the selected Cipher Specification (CipherSpec) and a new session_id. The CipherSpec contains fields like −
o Cipher Algorithm (DES, 3DES, RC2, and RC4)o MAC Algorithm (based on MD5, SHA-1)o Public-key algorithm (RSA)o Both messages have “nonce” to prevent replay attack.
Phase 2 − Server authentication and key exchange.
Server sends certificate. Client software comes configured with public keys of various “trusted” organizations (CAs) to check certificate.
Server sends chosen cipher suite. Server may request client certificate. Usually it is not done. Server indicates end of Server_hello.
Phase 3 − Client authentication and key exchange.
Client sends certificate, only if requested by the server. It also sends the Pre-master Secret (PMS) encrypted with the server’s public key. Client also sends Certificate_verify message if certificate is sent by him to prove he has the private key
associated with this certificate. Basically, the client signs a hash of the previous messages.
Phase 4 − Finish.
Client and server send Change_cipher_spec messages to each other to cause the pending cipher state to be copied into the current state.
From now on, all data is encrypted and integrity protected. Message “Finished” from each end verifies that the key exchange and authentication processes were
successful.
All four phases, discussed above, happen within the establishment of TCP session. SSL session establishment starts after TCP SYN/ SYNACK and finishes before TCP Fin.
Resuming a Disconnected Session It is possible to resume a disconnected session (through Alertmessage), if the client sends
a hello_request to the server with the encrypted session_id information. The server then determines if the session_id is valid. If validated, it exchanges ChangeCipherSpec
and finished messages with the client and secure communications resume. This avoids recalculating of session cipher parameters and saves computing at the server and the client
end.
SSL Session KeysWe have seen that during Phase 3 of SSL session establishment, a pre-master secret is sent by the client to the server encrypted using server’s public key. The master secret and various session keys are generated as follows −
The master secret is generated (via pseudo random number generator) using −o The pre-master secret.o Two nonces (RA and RB) exchanged in the client_hello and server_hello messages.
Six secret values are then derived from this master secret as −o Secret key used with MAC (for data sent by server)o Secret key used with MAC (for data sent by client)o Secret key and IV used for encryption (by server)o Secret key and IV used for encryption (by client)
TLS ProtocolIn order to provide an open Internet standard of SSL, IETF released The Transport Layer Security (TLS) protocol in January 1999. TLS is defined as a proposed Internet Standard in RFC 5246.
Salient Features TLS protocol has same objectives as SSL. It enables client/server applications to communicate in a secure manner by authenticating, preventing
eavesdropping and resisting message modification. TLS protocol sits above the reliable connection-oriented transport TCP layer in the networking layers
stack. The architecture of TLS protocol is similar to SSLv3 protocol. It has two sub protocols: the TLS Record
protocol and the TLS Handshake protocol. Though SSLv3 and TLS protocol have similar architecture, several changes were made in architecture
and functioning particularly for the handshake protocol.
Comparison of TLS and SSL ProtocolsThere are main eight differences between TLS and SSLv3 protocols. These are as follows −
Protocol Version − The header of TLS protocol segment carries the version number 3.1 to differentiate between number 3 carried by SSL protocol segment header.
Message Authentication − TLS employs a keyed-hash message authentication code (H-MAC). Benefit is that H-MAC operates with any hash function, not just MD5 or SHA, as explicitly stated by the SSL protocol.
Session Key Generation − There are two differences between TLS and SSL protocol for generation of key material.
o Method of computing pre-master and master secrets is similar. But in TLS protocol, computation of master secret uses the HMAC standard and pseudorandom function (PRF) output instead of ad-hoc MAC.
o The algorithm for computing session keys and initiation values (IV) is different in TLS than SSL protocol.
Alert Protocol Message −o TLS protocol supports all the messages used by the Alert protocol of SSL, except No
certificate alert message being made redundant. The client sends empty certificate in case client authentication is not required.
o Many additional Alert messages are included in TLS protocol for other error conditions such as record_overflow, decode_error etc.
Supported Cipher Suites − SSL supports RSA, Diffie-Hellman and Fortezza cipher suites. TLS protocol supports all suits except Fortezza.
Client Certificate Types − TLS defines certificate types to be requested in a certificate_request message. SSLv3 support all of these. Additionally, SSL support certain other types of certificate such as Fortezza.
CertificateVerify and Finished Messages −o In SSL, complex message procedure is used for the certificate_verify message. With TLS, the
verified information is contained in the handshake messages itself thus avoiding this complex procedure.
o Finished message is computed in different manners in TLS and SSLv3. Padding of Data − In SSL protocol, the padding added to user data before encryption is the minimum
amount required to make the total data-size equal to a multiple of the cipher’s block length. In TLS, the padding can be any amount that results in data-size that is a multiple of the cipher’s block length, up to a maximum of 255 bytes.
4)a.Write about virus and worms?Virus definition-1M
Worm definition-1 M
A computer virus is a program which can replicate and attach itself to a program or files infecting the system without its knowledge. A Computer virus can be spread from one host to another by sharing infected file or by downloading infected files from un-trusted sources .All computer viruses are man-made, they spread only with human assistance and support.
A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time.
b.What are Web security threats?Any 3 threats , each-1 M
Acive and Passive AttacksDenial of Service Attacks A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report. A standard approach is to overload the resource with illegitimate requests for service.
Brute Force Attacks Brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any inventive techniques.
Identity Spoofing IP spoofing, also known as IP address forgery. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the regular host appears to be the source. An attacker might also use special programs to construct IP packets that seem to originate from valid addresses inside the corporate intranet.
Browser Attacks Browser-based attacks target end users who are browsing the internet which in turn can spread in the whole enterprise network. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Malicious and compromised websites can also force malware onto visitors’ systems.
SSL/TLS Attacks Transport layer security (TLS) ensures the integrity of data transmitted between two parties (server and client) and also provides strong authentication for both sides. SSL/TLS attacks aim to intercept data that is sent over an encrypted connection.
c.Explain the types of firewalls in detail
Description-7 M
Diagrams-3M
Packet filtering firewalls
This, the original type of firewall, operates inline at junction points where devices such as routers and switches do their work.However, this firewall doesn't route packets, but instead compares each packet received to a set of established criteria -- such as the allowed IP addresses, packet type, port number, etc. Packets that are flagged as troublesome are, generally speaking, unceremoniously dropped -- that is, they are not forwarded and, thus, cease to exist.
Circuit-level gateways Using another relatively quick way to identify malicious content, these devices monitor the TCP handshakes across the network as they are established between the local and remote hosts to determine whether the session being initiated is legitimate -- whether the remote system is considered trusted. They don't inspect the packets themselves, however.
Application-level gateways This kind of device, technically a proxy, and sometimes referred to as a proxy firewall, combines some of the attributes of packet filtering firewalls with those of circuit-level gateways. They filter packets not only according to the service for which they are intended -- as specified by the destination port -- but also by certain other characteristics, such as the HTTP request string.While gateways that filter at the application layer provide considerable data security, they can dramatically affect network performance.
Related Documents
