A1 1106183005 Sivaranjini PDF

Preview

Summary

test...

Description

SUB: CNS SCB 3173

BRANCH: BCS

DUE DATE OF SUBMISSION: 28TH DEC 2020, 5 PM TURN IT IN AT: [email protected]

Assignment-1

Q1) For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. a. An organization managing public information on its Web server. The confidentiality of (a) as it is a web server and has public information is very low. It is authorized to be updated or altered by anyone. While the availability effect is also poor. The minimum chances of knowledge loss are present. Organization managing public information on its web server:  Confidentiality: Web server contains the public information. So everyone can access that information. So there is no confidentiality is provided. So impact of confidentiality level is low  Integrity: Server maintains public information. So there may be anyone can modify that is either authorized user or intruder. So impact of integrity level is moderate.  Availability: Loss of information is not a biggest issue in this server. So impact of availability level is moderate. b. A law enforcement organization managing extremely sensitive investigative information. The web server in (b) has high confidentiality rates. Thanks to private information, the data is secured at all costs. This can lead to an enormous loss of data by alteration. Meanwhile, at a particular location, it is readily accessible.  Confidentiality: Web server contains the sensitive information. If any of data loss is occurred then it gives high loss. So impact of the confidentiality level is high.  Integrity: Server maintains private information. If any modifications occurred it gives huge loss. So impact of integrity level is high.  Availability: Information is only available to organization that is stored at a single location. So impact of availability level is high. c. A financial organization managing routine administrative information (not privacyrelated information).

In option (c) the information is related to routinely matters hence anyone can access it therefore it has low levels of confidentiality. Loss data is not a big issue in this scenario. It has low availability too. Organization managing public information on its web server:  Confidentiality: Web server contains only routine information not privacy related information. So everyone can access that information. So there is no confidentiality is provided. So impact of confidentiality level is low  Integrity: Server maintains routine information. If data loss is occurred, it is not a big issue. So impact of integrity level is low.  Availability: Loss of information is not a biggest issue in this server. So impact of availability level is low. d. An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system. Security contact information: 





Confidentiality: Web server contains private information that is pre solicitation phase contract information only. So impact of confidentiality level is low Integrity: Loss data is not a huge problem. Therefore impact of integrity level is moderate. Availability: Loss of availability is not a huge. Therefore impact of availability level is low

Routine administrative information: 

 

Confidentiality: Web server does not contain private information. So impact of confidentiality level is low Integrity: Loss data is not a huge problem. Therefore impact of integrity level is low. Availability: Loss of availability is not a huge. Therefore impact of availability level is low.

e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system.

Real time sensor information: 

Confidentiality: Web server maintains real time information. So loss of confidentiality is not a big problem. So impact of confidentiality level is low



Integrity: Web server provides exact data is necessary. So there is no modification allowed. Therefore impact of integrity level is high.



Availability: Data availability is required at any time. Therefore impact of availability level is high.

Routine administrative information: 

Confidentiality: Web server does not contain private information. So impact of confidentiality level is low.



Integrity: Loss data is not a huge problem. Therefore impact of integrity level is low.



Availability: Loss of availability is not a huge. Therefore impact of availability level is low.

Q2) Draw a matrix like Table 1.4 (refer textbook) that shows the relationship between security services and attacks. Service Peer Entity Authentication Data Origin Authentication Access Control Confidentiality Traffic-Flow Confidentiality Data Integrity NonRepudiation Availability

Service

Encipherment Digital Signature Access Control Data Integrity Authentication Exchange Traffic Padding Routing Control Notarization

Release of Message

Traffic Analysis

Attack Masquerade Replay

Modification of Message

Denial of Service

Y Y Y Y Y Y

Y

Y Y

Release of Message Y

Y

Traffic Analysis

Y

Y

Attack Masquerade Replay

Y

Y

Y

Y

Y

Y Y

Modification of Message

Denial of Service

Y Y Y Y

Y Y

Y

Y Y

Mechanism

Y

Y

Service

Peer Entity Authenticati on Data-Origin Authenticati on Access Control Confidential ity TrafficFlow Confidential ity Data Integrity Nonrepudiat ion Availability

Encipherm ent

Digital Signat ure

Y

Y

Y

Y

Acce Data Authenticat ss Integri ion Contr ty Exchange ol Y

Traffi c Paddi ng

Y

Notarizat ion

Y

Y

Y

Y

Y

Routi ng Contr ol

Y

Y

Y

Y

Y

Y Y

Q3) in one of his cases, Sherlock Holmes was confronted with the following message. 534 C2 13 127 36 31 4 17 21 41 DOUGLAS 109 293 5 37 BIRLSTONE 26 BIRLSTONE 9 127 171 although Watson was puzzled, Holmes was able immediately to deduce the type of cipher. Can you? The cipher refers to the words in the page of a book, the first entry, 534 refers to page 534. The second entry, C2 refers to column two. The remaining numbers are words in the column. The names DOUGLAS, BIRLSTONE are simply words that do not appear on that page. Q4) a. using this Play fair matrix: M F H I/J K UNOPQ ZVWX Y E LA R G DSTBC Encrypt this message: Must see you over Cadogan West. Coming at once.

Note: The message is from the Sherlock Holmes story, The Adventure of the Bruce Parrington Plans. Must see you over Cadogan West. Coming at once we will take the plaintext two letter at a time to encrypt. MU: - M & U are in the same row hence will be replaced by the letter beneath them in the same row. So, M will be replaced by U and U will be replaced by Z. ST: S & T are in the same column hence will be replaced by the letter next to them in the same column. So, S will be replaced by T and T will be replaced by B. SE: - S & E are in the different rows and column. So S will be replaced by the letter in the same row and column of letter E. Hence S will be replaced by D and similarly E will be replaced by L. These rules will be used to encrypt the whole plain text and the result is as follows: UZTBDLGZPNNWLGTGTUEROVLDBDUHFPERHWQSRZ b. Repeat part (a) using the Play fair matrix from Problem 2.10a. Key Matrix for problem 2.10 and L A R G E S T B C D F H I/J K M N O P Q U V W X Y Z Plain Text: - Must see you over Cadogan West. Coming at once we will take the plaintext two letter at a time to encrypt. MU: - M & U are in the same row hence will be replaced by the letter beneath them in the same row. So, M will be replaced by U and U will be replaced by Z. ST: - S & T are in the same column hence will be replaced by the letter next to them in the same column. So, S will be replaced by T and T will be replaced by B. c. How do your account for the results of this problem? Can you generalize your conclusion? SE: - S & E are in the different rows and column. So S will be replaced by the letter in the same row and column of letter E. Hence S will be replaced. Q5) Encrypt the message “meet me at the usual place at ten rather than eight o’clock” using the Hill cipher with the key a 9 4 57 Show your calculations and the result. Show the calculations for the corresponding decryption of the cipher text to recover the original plaintext mathematically give each letter a number 1) a b c d e f g h I j k

l m n

o p q r

s

t u v w x y

z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Hence the plain text is “me”

Q6) The 32-bit swap after the sixteenth iteration of the DES algorithm is needed to make the encryption process invertible by simply running the cipher text back through the algorithm with the key order reversed. This was demonstrated in class. However, it still may not be entirely clear why the 32-bit swap is needed. To demonstrate why, solve the following problem. First, some notation:

For a DES weak key, each of C0 and D0 is equal to all ones or all zeros. Each Ci is a permutation of C0, so each Ci equals C0. Each Di is a permutation of D0, so each Di equals D0. Ki depends only on Ci and Di , so all Ki’s are equal. So the sequence K1, K2, ⋅⋅⋅, K16 is the same as the sequence K16, K15, ⋅⋅⋅, K1. So the encryption operation is the same as the decryption operation (because decryption is the same as encryption but with the keys in reverse order). Explanation of the hint: In case the hint is not clear, here are more details (from slides): DES_encryption {

initial permutation to get L0|R0 from data block for n=1, 2, ⋅⋅⋅, 16 do Ln|Rn := En(Kn, Ln-1|Rn-1), where En denotes the computation of encryption round n. swap left and right halves, yielding R16|L16 inverse of initial permutation, yielding cipher block } DES_decryption { initial permutation of cipher block, yielding R16|L16 for n = 16, 15, ⋅⋅⋅, 1 do Rn-1|Ln-1 := Dn(Kn, Rn|Ln), where Dn denotes the computation of decryption round n. swap left and right halves, yielding L0|R0 inverse of initial permutation, yielding data block. } In book it explains that decryption round n is identical to encryption round n with Ln and Rn swapped, i.e., Dn (Kn, Rn|Ln) equals En (Kn, Ln|Rn). Substituting this in DES_decryption, we see that the only difference between encryption and decryption is that the Kn’s are used in the opposite order. So there is no difference if all the Ki’s are the same.

SCHOOL OF SCIENCE AND ENGINEERING DEPARTMENT OF COMPUTER ENGINEEIRNG AND COMPUTER SCIENCE Assignment – I Couse code: SCB 3173

Course title: CNS

LECTURER: Mr. S V P K SATYA DEV

Program: Bachelor of Computer Science (Hons.) Due Date: 28th DEC 2020

Max Marks: 10 Name of the student: Sivaranjini Sivaraman Matric ID: 1106183005 QUESTION NO.

CLO/CO MAPPED

1

CLO

2

CLO

3

CLO

4

CLO

5

CLO

6

CLO

PLO/PO MAPPED

MAX MARKS ALLOTED

MARKS OBTAINED

TOTAL:

Lecturer Signature...