Computer System Security Quantum
Computer System Security Quantum
            To discover cyber attack scenarios to web browsers and web servers and to explain how to
 CO 2       mitigate such threats                                                                                  K2
            To discover and explain mobile software bugs posing cyber security threats, explain and
 CO 3       recreate exploits, and to explain mitigation techniques.                                               K3
            To articulate the urgent need for cyber security in critical computer systems, networks, and
 CO 4       world wide web, and to explain various threat scenarios                                                K4
            To articulate the well known cyber attack incidents, explain the attack scenarios, and explain
 CO 5       mitigation techniques.                                                                                K5, K6
        Confidentiality Policies: Confinement Principle ,Detour Unix user IDs process IDs and privileges
 II     , More on confinement techniques ,System call interposition ,Error 404 digital Hacking in India
        part 2 chase , VM based isolation ,Confinement principle ,Software fault isolation , Rootkits               08
        ,Intrusion Detection Systems
        Secure architecture principles isolation and leas: Access Control Concepts , Unix and windows
        access control summary ,Other issues in access control ,Introduction to browser isolation .
III     Web security landscape : Web security definitions goals and threat models , HTTP content                    08
        rendering .Browser isolation .Security interface , Cookies frames and frame busting, Major web
        server threats ,Cross site request forgery ,Cross site scripting ,Defenses and protections against XSS
        , Finding vulnerabilities ,Secure development.
IV      Basic cryptography: Public key cryptography ,RSA public key crypto ,Digital signature Hash
        functions ,Public key distribution ,Real world protocols ,Basic terminologies ,Email security               08
        certificates ,Transport Layer security TLS ,IP security , DNS security.
        Internet Infrastructure: Basic security problems , Routing security ,DNS revisited ,Summary of
 V                                                                                                                  08
        weaknesses of internet security ,.Link layer connectivity and TCP IP connectivity , Packet filtering
        firewall ,Intrusion detection.
              ST U D YZONE A D I T YA .COM
                www.studyzoneaditya.com
1 Introduction
                       CONTENTS
  Part-1   :   Introduction, What is ............................... 1–2W to 1–9W
               Computer Security and
               What to learn ?
Questions-Answers
Que 1.1.       Explain briefly computer security. How you will design
the policies for information security within an organization ?
 Answer
1.   Computer security is the protection of information systems from theft
     or damage to the hardware, software and to the information on them.
2.   It includes controlling physical access to the hardware, as well as
     protecting against harm that may come via network access, data and
     code injection, and due to malpractice by operators.
We can design the policies for information security within an organization by
providing :
1.   Confidentiality : Only authorized users can access the data resources
     and information.
2.   Integrity : Only authorized users should be able to modify the data
     when needed.
3.   Availability : Data should be available to users when needed.
4.   Authentication : Communicating with the authorized.
 Answer
The components of a computer system that needs to be protected are :
1.   Hardware : The physical part of the computer, like the system memory
     and disk drive.
2.   Firmware : Permanent software that is etched into a hardware device’s
     non-volatile memory and is mostly invisible to the user.
3.   Software : The programming that offers services, like operating system,
     word processor, internet browser to the user.
 Answer
Computer security has three main goals :
1.   Confidentiality : Making sure people cannot acquire information they
     should not (keeping secrets).
2.   Integrity : Making sure people cannot change information they should
     not (protecting data).
3.   Availability : Making sure people cannot stop the computer from doing
     its job.
 Answer
Problems related with computer security are :
1.   Phishing : Phishing is an attempt to obtain users sensitive information,
     including credit card details and banking information, by disguising as a
     trustworthy entity in an online communication (e-mail, social media,
     etc).
2.   Vishing : Vishing (voice phishing) is an attempt of fraudsters to persuade
     the victim to deliver personal information or transfer money over the
     phone.
3.   Smishing : Smishing (SMS phishing) is any case where sent text
     messages attempt to make potential victims pay money or click on
     suspicious links.
4.   Pharming :
     a.   Pharming is a cyber attack meant to redirect a website’s traffic to
          another, fake one.
     b.   Pharming can be done either by changing the hosts file on a victim’s
          machine or by exploiting a flaw in DNS server software.
     c.   In pharming, no conscious user interaction is required.
5.   Vulnerability :
     a.   Vulnerability is a software mistake that enables a bad actor to
          attack a system or network by directly accessing it.
     b.   Vulnerabilities can permit an attacker to act as a super-user or
          even a system admin and granting them full access privileges.
6.   Exposures :
     a.   It provides a malicious actor with indirect access to a system or a
          network.
     b.   An exposure could enable a hacker to harvest sensitive information
          in a secret manner.
Introduction                                           1–4 W (CC-Sem-3 & 4)
 Answer
To protect the system, security measures can be taken at the following
levels :
1.   Physical :
     a.   The sites containing computer systems must be physically secured
          against armed and malicious intruders.
     b.   The workstations must be carefully protected.
2.   Human :
     a.   Only appropriate users must have the authorization to access the
          system.
     b.   Phishing (collecting confidential information) and dumpster diving
          (collecting basic information so as to gain unauthorized access)
          must be avoided.
3.   Operating system : The system must protect itself from accidental or
     purposeful security breaches.
4.   Networking system :
     a.   Almost all of the information is shared between different systems
          via a network.
     b.   Intercepting these data could be just as harmful as breaking into a
          computer.
     c.   Henceforth, Network should be properly secured against such
          attacks.
 Answer
Five steps to protect computer system hardware are :
1.   Install firewall :
     a.   A firewall enacts the role of a security guard.
     b.   A firewall is the first step to provide security to the computer. It
          creates a barrier between the computer and any unauthorized
          program trying to come in through the Internet.
2.   Install antivirus software :
     a.   Antivirus is a software that helps to protect the computer from any
          unauthorized code or software that creates a threat to the system.
     b.   Unauthorized software includes viruses, keyloggers, Trojans etc.
Computer System Security                                  1–5 W (CC-Sem-3 & 4)
     c.   This might slow down the processing speed of our computer, delete
          important files and access personal information.
3.   Install anti-spyware software :
     a.   Spyware is a software program that collects personal information
          or information about an organization without their approval.
     b.   This information is redirected to a third party website.
     c.   Anti-Spyware software is solely dedicated to combat spyware.
     d.   Anti-spyware software offers real time protection.
     e.   It scans all the incoming information and helps in blocking the
          threat once detected.
4.   Use complex and secure passwords :
     a.   For maintaining system security we have to use strong and complex
          passwords.
     b.   Complex passwords are difficult for the hackers to find.
5.   Check on the security settings of the browser :
     a.   Browsers have various security and privacy settings that we should
          review and set to the level we desire.
     b.   Recent browsers give us ability to tell websites to not track our
          movements, increasing our privacy and security.
 Answer
Advantages of computer security :
1.   Protects system against viruses, worms, spyware and other unwanted
     programs.
2.   Protection against data from theft.
3.   Protects the computer from being hacked.
4.   Minimizes computer freezing and crashes.
5.   Gives privacy to users.
Disadvantages of computer security :
1.   Firewalls can be difficult to configure correctly.
2.   Makes the system slower.
3.   Need to keep updating the new software in order to keep security up to
     date.
4.   Could be costly for average user.
Introduction                                             1–6 W (CC-Sem-3 & 4)
Que 1.8.       Write short note on security policy used for computer
systems.
 Answer
General policies :
1.   This is the policy which defines the rights of the staff and access level to
     the systems.
2.   It is included even in the communication protocol as a preventive measure
     in case there are any disasters.
Server policies :
1.   This defines who should have access to the specific server and with
     what rights.
2.   It also includes which software’s should be installed, level of access to
     internet, how they should be updated.
Firewall access and configuration policies :
1.   It defines who should have access to the firewall and what type of
     access, like monitoring, rules change.
2.   It also includes which ports and services should be allowed.
Backup policies :
1.   It defines who is the responsible person for backup, what should be the
     backup, where it should be backed up, how long it should be kept and
     the frequency of the backup.
VPN policies :
1.   These policies generally go with the firewall policy, it defines those
     users who should have a VPN access and with what rights.
2.   For site-to-site connections with partners, it defines the access level of
     the partner to our network, type of encryption to be set.
 Answer
1.   The Bell-LaPadula Model (BLP) :
     a.   It is a state machine model used for enforcing access control in
          government and military applications.
     b.   This model is a formal state transition model of computer security
          policy that describes a set of access control rules which use security
          labels on objects and clearances for subjects.
     c.   Security labels range from the most sensitive down to the least
          sensitive.
Computer System Security                               1–7 W (CC-Sem-3 & 4)
 Answer
Advantages :
1.   It simple and easy to implement.
2.   It provides a number of different policies that can be selected based on
     need.
Disadvantages :
1.   The model does nothing to enforce confidentiality.
2.   The Biba model does not support the granting and revocation of
     authorization.
3.   To use this model all computers in the system must support the labeling
     of integrity for both subjects and objects. So there are problems with
     using the Biba model in a network environment.
 Answer
Security mechanisms used to provide security in computer system
are :
1.   Encipherment :
     a.   Encipherment is an algorithm used for performing encryption or
          decryption by converting information from plaintext to ciphertext.
     b.   Cryptography and steganography are used for enciphering.
2.   Data integrity :
     a.   Data integrity is the maintenance and the assurance of the accuracy
          of the data over its entire life-cycle.
     b.   Data integrity is preserved by comparing check value received to
          the check value generated.
3.   Digital signature :
     a.   A digital signature is a means by which the sender can electronically
          sign the data and the receiver can electronically verify the signature.
     b.   Public and private keys can be used.
4.   Authentication exchange : In authentication exchange, two entities
     exchange some messages to prove their identity to each other.
5.   Traffic padding : Traffic padding means inserting some fake data into
     the data traffic to prevent the unauthorized attempt to use the traffic
     analysis.
6.   Routing control : Routing control means selecting and continuously
     changing different available routes between sender and receiver to
     prevent the opponent from eavesdropping on a particular route.
7.   Notarization :
     a.   Notarization means selecting a third trusted party to control the
          communication between two entities.
     b.   The receiver can involve a trusted third party to store the sender
          request in order to prevent the sender from later denying that they
          made a request.
 Answer
Following are the components of security policy :
1.   Training : A strong training program that is contextually appropriate
     for each position gives staff members the knowledge they need to
     understand and properly respond to cyber threats.
2.   Passwords : Strong passwords is a line of defense - especially when
     hackers are trying to force their way into your network.
Computer System Security                               1–9 W (CC-Sem-3 & 4)
3.   Mobile devices :
     a.   Many companies have Bring Your Own Devices (BYOD) policies to
          manage and track the mobile devices brought in by employees.
     b.   These policies set expectations for which devices employees can
          use the security these devices require, and how the data on these
          devices will be managed.
4.   Internet use :
     a.   Certain types of internet usage can put our organization at a higher
          cyber security risk.
     b.   To prevent this risk, write clear policies that define how employees
          may use the internet, what types of content should be avoided, and
          what devices should be used to do so.
5.   Social media :
     a.   Hackers can leverage social media to distribute malware and gain
          access to user accounts.
     b.   In particular, the messenger functionality associated with many of
          these networking sites provides a convenient way for attackers to
          send compromised files or misleading messages.
                                 PART-2
     Sample Attacks, The Marketplace For Vulnerabilities, Error
             404 Hacking Digital India Part 1 Chase.
Questions-Answers
 Answer
Various attacks in computer security :
1.   Malware :
     a.   Malware is used to describe malicious software, including spyware,
          ransomware, viruses and worms.
     b.   Malware breaches a network through vulnerability typically when
          a user clicks a dangerous link or email attachment that then installs
          risky software.
2.   Macro viruses :
     a.   These viruses infect applications such as Microsoft Word or Excel.
Introduction                                           1–10 W (CC-Sem-3 & 4)
Que 1.14. Write short note on server-side attack and insider attack.
 Answer
Server-side attacks :
1.   Server-side attacks are launched directly from an attacker (the client)
     to a listening service.
2.   Server-side attacks seek to compromise and breach the data and
     applications that are present on a server.
3.   Server-side attacks exploit vulnerabilities in installed services.
Insider attacks :
1.   An insider attack is a malicious attack executed on a network or computer
     system by a person with authorized system access.
2.   Insiders that perform attacks have a distinct advantage over external
     attackers because they have authorized system access and also may be
     familiar with network architecture and system policies/procedures.
3.   In addition, there may be less security against insider attacks because
     many organizations focus on protection from external attacks.
Answer
 Answer
1.   Vulnerable consumers fail to understand their preferences and lack the
     knowledge, skills, or freedom to act on them.
2.   To protect them, we can censor information, restrict choices, and
     mandate behaviors.
3.   One-fifth of the public is functionally illiterate and substantial majority
     of consumers (adolescents included) appear to be marketplace literate.
4.   Rather than curtail consumer prerogatives to protect a vulnerable
     minority, education reform focused on the values, knowledge, and skills
     necessary to create and navigate responsive markets should be
     developed.
5.   Reformed adult and adolescent education can refine, expand, and
     accelerate learner’s informal and experiential understanding of
     marketplace fundamentals.
6.   The aim is to significantly replace trial and error with a robust
     understanding of markets, markets habitually governed by social virtues.
Computer System Security                                1–13 W (CC-Sem-3 & 4)
7.   Evidence suggests that these aims can be better achieved via adolescent
     choice and should be the focus of adult basic education reform.
 Answer
1.   A zero-day vulnerability is a computer software vulnerability that is
     unknown to, or unaddressed by, those who should be interested in
     mitigating the vulnerability (including the vendor of the target software).
2.   Until the vulnerability is mitigated, hackers can exploit it to adversely
     affect computer programs, data, additional computers or a network.
3.   An exploit directed at a zero-day is called a zero-day exploit, or zero-day
     attack.
4.   The term ‘zero-day’ referred to the number of days since a new piece of
     software was released to the public. So, ‘zero-day’ software was software
     that had been obtained by hacking into a developer’s computer before
     release.
5.   The term was applied to the vulnerabilities that allowed this hacking,
     and to the number of days that the vendor has had to fix them.
6.   Once the vendor learns of the vulnerability, the vendor will usually
     create patches or advise workarounds to mitigate it.
7.   The more recently that the vendor has become aware of the vulnerability,
     the more likely that no fix or mitigation has been developed.
8.   Even after a fix is developed, the fewer the days, the higher the probability
     that an attack against the afflicted software will be successful, because
     not every user of that software will have applied the fix.
9.   For zero-day exploits, unless the vulnerability is inadvertently fixed, For
     example, by an unrelated update that happens to fix the vulnerability,
     the probability that a user has applied a vendor-supplied patch that fixes
     the problem is zero, so the exploit would remain available. Zero-day
     attacks are a severe threat.
Que 1.18. Discuss error 404 hacking digital India part 1 chase.
 Answer
1.   In error 404 hacking digital India part 1 chase, the cyber crime and cyber
     attacks hack the information of users like bank detail and personal
     information.
2.   It is real time incident. In this, attacker or hacker creates an attractive
     video so that victim gets attracted and plays that video into system.
3.   When we clicked on video to play then at the time of buffering, hacker
     can know our current location and GPS history but also have complete
     access to our contacts, text messages, Facebook, Whatsapp and most
     importantly our bank details, including our CVV number.
Introduction                                           1–14 W (CC-Sem-3 & 4)
4.   Hackers are creating a kind Trojan file, and android apk files. The apk
     files that will be distributed all over the internet. Those who download
     this file will be hacked easily.
5.   Potential cyber attacks that is most common in error 404 hacking :
     a. Web application attacks :
           i.   A web application is a client-server computer program which
                uses web browsers and web technology to allow its visitors to
                store and retrieve data to/from the database over the internet.
           ii. If there is flaw in the web application, it allows the attacker to
                manipulate data using SQL injection attack.
     b. Network security attacks :
           i.   Network security attacks are unauthorized actions against
                private, corporate or governmental IT assets in order to destroy
                them; modify them or steal sensitive data.
           ii. As more enterprises invite employees to access data from
                mobile devices, networks become vulnerable to data theft or
                total destruction of the data or network.
     c. Mobile security attacks :
           i.   Mobile security, or mobile device security, has become
                increasingly important in mobile computing.
           ii. The security of personal and business information now stored
                on smartphones.
           iii. More and more users and businesses use smartphones to
                communicate, but also to plan and organize their users' work
                and also private life.
           iv. Within companies, these technologies are causing profound
                changes in the organization of information systems and
                therefore they have become the source of new risks.
           v. Indeed, smartphones collect and compile an increasing amount
                of sensitive information to which access must be controlled to
                protect the privacy of the user and the intellectual property of
                the company.
                                  PART-3
      Control Hijacking, More Control Hijacking Attacks Integer
         Overflow, More Control Hijacking Attacks Format
                        String Vulnerability.
Questions-Answers
 Answer
1.   Hijacking is a type of network security attack in which the attacker
     takes control of a communication.
2.   In hijacking (also known as a man in the middle attack), the perpetrator
     takes control of an established connection while it is in progress.
3.   The attacker intercepts messages in a public key exchange and then
     retransmits them, substituting their own public key for the requested
     one, so that the two original parties still appear to be communicating
     with each other directly.
4.   The attacker uses a program that appears to be the server to the client
     and appears to be the client to the server.
5.   This attack may be used simply to gain access to the messages, or to
     enable the attacker to modify them before retransmitting them.
6.   Attacker’s goal in control hijacking :
     a. Takeover target machine (for example web server)
     b. Execute arbitrary code on target by hijacking application control
          flow
7.   There are three types of control hijacking in computer security :
     a. Buffer overflow attacks
     b. Integer overflow attacks
     c. Format string vulnerabilities
 Answer
Control hijacking : Refer Q. 1.19, Page 1–15W, Unit-1.
Buffer overflow in Control Hijacking :
1.   Buffers are memory storage regions that temporarily hold data while it
     is being transferred from one location to another.
2.   A buffer overflow (or buffer overrun) occurs when the volume of data
     exceeds the storage capacity of the memory buffer.
3.   As a result, the program attempting to write the data to the buffer
     overwrites adjacent memory locations.
4.   Attackers exploit buffer overflow issues by overwriting the memory of
     an application. This changes the execution path of the program, triggering
     a response that damages files or exposes private information.
Introduction                                           1–16 W (CC-Sem-3 & 4)
 Answer
Buffer overflow attack can be prevented using :
1. Address Space Randomization (ASLR) :
    a. It randomly moves around the address space locations of data
         regions.
    b. Buffer overflow attacks need to know the locality of executable
         code, and randomizing address spaces makes this virtually
         impossible.
2. Data execution prevention :
    a. It flags certain areas of memory as non-executable or executable,
         which stops an attack from running code in a non-executable region.
3. Structured Exception Handler Overwrite Protection (SEHOP) :
    a. It helps to stop malicious code from attacking Structured Exception
         Handling (SEH), a built-in system for managing hardware and
         software exceptions.
    b. It prevents an attacker from being able to make use of the SEH
         overwrite exploitation technique.
    c. At a functional level, an SEH overwrite is achieved using a stack-
         based buffer overflow to overwrite an exception registration record,
         stored on a thread’s stack.
 Answer
1.   An integer overflow attack occurs when an attacker causes a value in
     the program to be large enough to overflow unexpectedly.
2.   A common form of this attack is to cause a buffer to be allocated that is
     too small to hold data copied into it later, thus enabling a buffer overflow
     attack.
3.   We are able to detect buffer overflow attacks in the same way as a
     normal buffer overflow attack.
4.   An integer overflow is the condition that occurs when the result of an
     arithmetic operation, such as multiplication or addition, exceeds the
     maximum size of the integer types used to store it.
Computer System Security                              1–17 W (CC-Sem-3 & 4)
 Answer
Integer overflow can be prevented by :
1. Avoidance :
    a. By allocating variables with data types that are large enough to
        contain all values that may possibly be computed and stored in
        them, it is always possible to avoid overflow.
    b. Static analysis tools and formal verification techniques can be used
        to ensure that overflow does not occur.
2. Handling :
    a. If it is anticipated that overflow may occur, then tests can be inserted
        into the program to detect when it happens and do other processing
        to mitigate it.
3. Propagation :
    a. If a value is too large to be stored it can be assigned a special value
        indicating that overflow has occurred.
    b. This is useful so that the problem can be checked for once at the
        end of a long calculation rather than after each step.
    c. This is often supported in floating point hardware called FPUs.
 Answer
1.   A format string vulnerability is a bug where user input is passed as the
     format argument to printf, scanf, or another function in that family.
2.   The format argument has many different specifies which could allow an
     attacker to leak data if they control the format argument to printf. Since
     printf and scanf are variadic functions, they will continue popping data
     off of the stack according to the format.
3.   For example, if we can make the format argument “%x.%x.%x.%x”,
     printf will pop off four stack values and print them in hexadecimal,
     potentially leaking sensitive information.
4.   Printf can also index to an arbitrary “argument” with the following
     syntax: “%n$x” (where n is the decimal index of the argument we want).
Answer
Preventing format string vulnerabilities :
1. Always specify a format string as part of program, not as an input. Most
   format string vulnerabilities are solved by specifying “%s” as format
   string and not using the data string as format string.
2. Make the format string a constant.
3. If the above two practices are not possible, use defenses such as
   Format_Guard.
                                        PART-4
    Defense Against Control Hijacking-Platform Defense, Defense
           Against Control Hijacking-Run-Time Defense,
               Advanced Control Hijacking Attacks.
Questions-Answers
Answer
Hijacking attack is controlled through :
i.  Platform defense : Through platform defense we can prevent target
    machine by using :
    1. Fixed the bug :
        a. Audit software through automated tools.
        b. Rewrite software in a safe language.
        c. Concede overflow, but prevent code execution.
        d. Add run-time code to detect overflows exploits.
             i.   Halt process when overflow exploit detected
             ii. Stackguard
    2. Marking memory as non-execute :
        a. Prevent attack code execution by marking stack and heap as
             non-executable.
ii. Run-time defense :
    1. In run-time defense, we tests for stack integrity.
    2. We embed “canaries” in stack frames and verify their integrity
        prior to function return. There are two types of canaries :
               Frame 2                                 Frame 1
                                                                                Top of
     Local canary   sfp   ret     str        Local canary    sfp    ret   str
                                                                                stack
                                        Fig. 1.26.1.
Computer System Security                                 1–19 W (CC-Sem-3 & 4)
     a. Random canary :
        i.   In random canary, random string is chosen at program startup.
        ii. Insert canary string into every stack frame.
        iii. Verify canary before returning from function :
             a. Exit program if canary changed.
             b. Turns potential exploit into DoS.
        iv. To corrupt, attacker must learn current random string.
     b. Terminator canary :
        i.   String functions will not copy beyond terminator.
        ii. Attacker cannot use string functions to corrupt stack.
iii. Heap protection :
     a. It protects function pointers and setjump buffers by encrypting
        them.
     b. It has less effective and more noticeable performance effects.
 Answer
a.   Heap spraying is a technique used in exploits to facilitate arbitrary code
     execution.
b.   In heap spray attack, we put number of copy of exploit(shell) code in
     various places of heaps.
c.   It is reliable method for exploiting heap overflows as shown :
                                         FP1               method #1
                                         FP2               method #2
                ptr                      FP3               method #3
                                        vtable
               data
             Object T
                                 Fig. 1.27.1.
d.   After overflow of buf (buffer).
                                                        shell
                                                        code
                                                            data
                                                  ptr
buf[256] vtable
                                                        Object T
                                 Fig. 1.27.2.
e.   Here, attacker does not know where browser places shell code on the
     heap.
Introduction                                             1–20 W (CC-Sem-3 & 4)
???
                                                         shell
                 buf[256]       vtable
                                                         code
                                  Fig. 1.27.3.
free blocks
                                 Object O
                                  Fig. 1.27.4.
                                    
Computer System Security                                  2–1 W (CC-Sem-3 & 4)
      2                                     Confidentiality
                                                   Policies
                       CONTENTS
  Part-1   :   Confidentiality Policies, ........................... 2–2W to 2–6W
               Confinement Principle
Questions-Answers
 Answer
1.   A confidentiality policy is a security policy dealing only with confidentiality.
2.   Confidentiality is one of the factors of privacy, an issue recognized in the
     laws of many government entities.
3.   It put constraint on what information can legally be obtained from
     individuals. Also it place constraints on the disclosure and use of that
     information.
4.   Unauthorized disclosure can result in penalties that include jail or fines.
5.   Confidentiality policies place no trust in objects.
6.   The policy statement dictates whether that object can be disclosed. It
     says nothing about whether the object should be believed.
 Answer
Issues with Bell-LaPadula model :
1. The transfer of information from a high-sensitivity document to
     lower-sensitivity document may happen in the Bell-LaPadula model via
    the concept of trusted subjects.
2. Trusted subjects are not restricted by the property.
3. This model only addresses confidentiality, control of writing (one form
    of integrity).
4. Covert channels such as Trojan horses and requesting system resources
    to learn about other users that are mentioned but are not addressed
    comprehensively
5. The tranquility principle of the Bell-LaPadula model states that the
    classification of a subject or object does not change while it is being
    referenced.
6. This principle limits its applicability to systems where security levels do
    not change dynamically.
Computer System Security                               2–3 W (CC-Sem-3 & 4)
 Answer
1.   Discretionary access control (DAC) is a type of security access control
     that grants or restricts object access via an access policy determined by
     an object’s owner group and/or subjects.
2.   DAC mechanism controls are defined by user identification with supplied
     credentials during authentication, such as username and password.
3.   In DAC, each system object has an owner, and each initial object owner
     is the subject that causes its creation.
4.   DACs are discretionary because the subject (owner) can transfer
     authenticated objects or information access to other users. In other
     words, the owner determines object access privileges.
 Answer
Issues related with DAC are :
1. Difficult to enforce a system-wide security policy i.e., a user can leak
    classified documents to an unclassified user.
2. Only support coarse-grained privileges i.e., CGA is the top-level
    authorization decision that is made at the perimeter of a system. This
    decision will be based upon the requested resource and action being tied
    to the user.
3. Unbounded privilege escalation.
4. Only based on users identity and ownership, ignoring security relevant
    information such as :
     a.   Users role
     b.   Function of the program
     c.   Trustworthiness of the program :
          i. Compromised program can change access to the user object.
          ii. Compromised program inherit all the permission granted to the
              user.
     d.   Sensitivity of the data
     e.   Integrity of the data
Que 2.5.      Describe Mandatory Access Control (MAC).
 Answer
1.   Mandatory Access Control (MAC) is a type of access control by which
     the operating system constraints the ability of a subject to access or
     perform some sort of operation on an object.
Confidentiality Policies                               2–4 W (CC-Sem-3 & 4)
 Answer
Following are the different problems in MAC :
1.   Requirement of new security levels :
     a.   In MAC, there is no security level for common people (people outside
          organization) where they can access certain data or information to
          know organization or business and hence marketing of organization
          or business is not possible in traditional MAC.
     b.   Hence, an organization cannot have efficient growth by adopting
          MAC.
     c.   Hence, an update is required to alter the security levels and include
          this functionality in proposed model which is an alternate to MAC.
2.   Filtration :
     a.   The security levels are assigned to both subjects and objects.
     b.   These levels are assigned to values inside each attribute.
     c.   The Bell-LaPadula model form the basis of MAC.
3.   Polyinstantiation :
     a.   In polyinstantiation, multiple instances of a tuple are created.
     b.   Consider the example, where user with security level confidential
          can view attributes which are at lower level or equal level as
          compared to this user.
     c.   Other values are displayed as NULL. These values can be accesses
          and changed by this user by taking a key which is at lowest level in
Computer System Security                                    2–5 W (CC-Sem-3 & 4)
              this relation and any attribute can be accessed using this key or
              value.
Que 2.7.             What are the advantage and disadvantages of DAC and
MAC ?
 Answer
Advantages of Discretionary Access Control (DAC) :
a.       Intuitive
b.       Easy to implement
Disadvantages of Discretionary Access Control (DAC) :
a.       Inherent vulnerability
b.       Maintenance of ACL (Access Control List) of capability lists
c.       Maintenance of Grant/Revoke.
d.       Limited power of negative authorized.
Advantages of Mandatory Access Control (MAC) :
a.       Ensure a high degree of protection; prevent any illegal flow of
         information.
b.       Suitable for military and high security types of applications.
Disadvantages of Mandatory Access Control (MAC) :
a.       Require strict classification of subjects and objects.
b.       Applicable to few environments.
Answer
 Answer
1.   The confinement principle is the principle of preventing a server from
     leaking information that the user of the service considers confidential.
2.   The confinement principle deals with preventing a process from taking
     disallowed actions.
3.   Consider a client/server situation: the client sends a data request to the
     server; the server uses the data, performs some function, and sends the
     results (data) back to the client.
4.   In confinement principle, access control affects the function of the server
     in two ways :
     a.   Goal of service provider : The server must ensure that the
          resources it accesses on behalf of the client include only those
          resources that the client is authorized to access.
     b.   Goal of the service user : The server must ensure that it does not
          reveal the client’s data to any other entity which is not authorized
          to see the client’s data.
                                 PART-2
          Detour Unix User IDs Process IDs and Privileges,
     More on Confinement Techniques, System Call Interposition,
          Error 404 Digital Hacking in India Part 2 Chase.
Questions-Answers
Que 2.10. Describe detour used in Unix user ids and process ids.
 Answer
1.   Detour is defined as few words about Unix user IDs and IDs associated
     with Unix processes.
2.   Every user in Unix like operating system is identified by different integer
     number, this unique number is called as UserID.
3.   There are three types of UID defined for a process, which can be
     dynamically changed as per the privilege of task.
4.   The three different types of UIDs defined are :
Computer System Security                               2–7 W (CC-Sem-3 & 4)
 Answer
Every file and directory in our UNIX/Linux system has following three
permissions :
1. Read : This permission gives us the authority to open and read a file.
    Read permission on a directory gives us the ability to lists it’s content.
2. Write :
    a. The write permission gives us the authority to modify the contents
         of a file.
    b. The write permission on a directory gives us the authority to add,
         remove and rename files stored in the directory.
3. Execute :
    a. In Windows, an executable program usually has an extension “.exe”
         and which we can easily run.
    b. In Unix/Linux, we cannot run a program unless the execute
         permission is set.
    c. If the execute permission is not set, we might still be able to see/
         modify the program code (provided read & write permissions are
         set), but not run it.
Que 2.12. Define SUID, SGID and sticky bits with basic difference.
Confidentiality Policies                                2–8 W (CC-Sem-3 & 4)
 Answer
1.  There are three special permissions that are available for executable
    files and directories.
2. These permissions allow the file being executed to be executed with
    the privileges of the owner or the group. These are :
    a. SUID permission :
          i. SUID is set user identification. SUID is a special permission
              assigned to a file.
          ii. These permissions allow the file being executed to be executed
              with the privileges of the owner.
    b. SGID permission :
          i. SGID is set group identification.
          ii. When the Set Group ID bit is set, the executable is run with
              the authority of the group.
    c. Sticky bit : When the sticky bit is set on a directory, only the root
          user, the owner of the directory, and the owner of a file can
          remove files within the directory.
Difference :
 Answer
Following are the various confinement techniques :
1. Chroot (change root) :
    a. A chroot on Unix operating systems is an operation that changes
        the apparent root directory for the current running process and its
        children.
    b. The programs that run in this modified environment cannot access
        the files outside the designated directory tree. This essentially limits
        their access to a directory tree and thus they get the name chroot
        jail.
    c. The idea is that we create a directory tree where we copy or link in
        all the system files needed for a process to run.
Computer System Security                                   2–9 W (CC-Sem-3 & 4)
     d.  We then use the chroot system call to change the root directory to
         be at the base of this new tree and start the process running in that
         chrooted environment.
     e. Since it cannot actually reference paths outside the modified root,
         it cannot maliciously read or write to those locations.
2.   Jailkits :
     a. Jailkit is a set of utilities to limit user accounts to specific files using
         chroot() or specific commands.
     b. Setting up a chroot shell, a shell is limited to some specific command
         and can be automated using these utilities.
     c. Jailkit is a specialized tool that is developed with a focus on security.
     d. It will abort in a secure way if the configuration is not secure, and
         it will send useful log messages that explain what is wrong to system
         log.
     e. Jailkit is known to be used in network security appliances.
3.   FreeBSD jail :
     a. FreeBSD is a popular free and open source operating system that is
         based on the Berkeley Software Distribution (BSD) version of the
         Unix operating system.
     b. It runs on processors such as the Pentium that are compatible with
         Intel's x86.
     c. FreeBSD is an alternative to Linux that will run Linux applications.
     d. The jail mechanism is an implementation of FreeBSD's OS-level
         virtualization that allows system administrators to partition a
         FreeBSD-derived computer system into several independent mini-
         systems called jails, all sharing the same kernel, with very little
         overhead.
     e. The need for the FreeBSD jails came from a small shared-
         environment hosting provider's desire to establish a clean, clear-
         cut separation between their own services and those of their
         customers, mainly for security and ease of administration.
4.   System call interposition :
     a. System call interposition is a powerful technique for regulating and
         monitoring program behaviours.
     b. It gives security systems the ability to monitor all of the application’s
         interaction with network, file system and other sensitive system
         resources.
Que 2.14.     Explain error 404 digital hacking in India part 2 chase.
 Answer
1.   In error 404 digital hacking in India part 2 chase experts discuss about
     some attack related to cyber attack and the attacker can control the
     overall system if proper security is not provided to the system.
2.   Some attacks discuss in error 404 digital hacking India part 2 chase are :
Confidentiality Policies                                2–10 W (CC-Sem-3 & 4)
     a.   Israel’s power grid hit by a big hack attack. It is one of the worst
          cyber attacks ever.
     b.   In 2014 a hydropower plant in upstate New York got hacked.
     c.   Iran’s infrastructure including its main nuclear power plant is being
          targeted by a new and dangerous powerful cyber worm.
     d.   Bangladesh best group hacked into nearly 20,000 Indian website
          including the Indian Border Security Force.
     e.   First virus that could crash power grid or destroy pipeline is available
          online for anyone to download and tinker with.
     f.   India’s biggest data breach when the SBI debit card branch happens.
          When this happened bank where initially in a state of denial but
          subsequently they had to own up cyber security breach that took
          place in Indian history.
                                  PART-3
      VM Based Isolation, Confinement Principle, Software Fault
          Isolation, Rootkits, Intrusion Detection Systems.
Questions-Answers
 Answer
1.   A VM is an isolated environment with access to a subset of physical
     resources of the computer system.
2.   Each VM appears to be running on the bare hardware, giving the
     appearance of multiple instances of the same computer, though all are
     supported by a single physical system.
3.   A process VM is a virtual platform created for an individual process and
     destroyed once the process terminates.
4.   Virtually all operating systems provide a process VM for each one of the
     applications running, but the more interesting process VMs are those
     which support binaries compiled on a different instruction set.
5.   A system VM supports an OS together with many user processes. When
     the VM runs under the control of a normal OS and provides a platform-
     independent host for a single application we have an application VM, for
     example, Java Virtual Machine (JVM).
 Answer
Confinement principle : Refer Q. 2.9, Page 2–6W, Unit-2.
Confinement principles techniques : Refer Q. 2.13, Page 2–8W, Unit-2.
 Answer
Following are the types of Virtual Machine based isolation :
a. Process virtual machines :
     1.   Process virtual machines support individual processes or a group of
          processes and enforce isolation between the processes and operating
          system environment.
     2.   Process virtual machines can run processes compiled for the same
          Instruction Set Architecture based (ISA) or for a different ISA as
          long as the virtual machine runtime supports the translation.
     3.   Isolation policies are provided by a runtime component which runs
          the processes under its control.
     4.   Isolation is guaranteed because the virtual machine runtime does
          not allow direct access to the resources.
b.   System virtual machines (Hypervisor virtual machines) :
     1.   System virtual machines provide a full replica of the underlying
          platform and thus enable complete operating systems to be run
          within it.
     2.   The virtual machine monitor (also called the hypervisor) runs at
          the highest privilege level and divides the platforms hardware
          resources amongst multiple replicated guest systems.
     3.   All accesses by the guest systems to the underlying hardware
          resources are then mediated by the virtual machine monitor.
     4.   This mediation provides the necessary isolation between the virtual
          machines.
     5.   System virtual machines can be implemented in a pure-isolation
          mode in which the virtual systems do not share any resources
          between themselves or in a sharing-mode in which the VM Monitor
          multiplexes resources between the machines.
     6.   Pure-isolation mode virtual machines are as good as separate
          physical machines.
c.   Hosted virtual machines :
     1.   Hosted Virtual Machines are built on top of an existing operating
          system called the host.
     2.   The virtualization layer sits above the regular operating system
          and makes the virtual machine look like an application process.
Confidentiality Policies                               2–12 W (CC-Sem-3 & 4)
 Answer
1.   A rootkit is a computer program designed to provide continued privileged
     access to a computer while actively hiding its presence.
2.   Rootkit is a collection of tools that enabled administrator-level access to
     a computer or network.
3.   Root refers to the Admin account on Unix and Linux systems, and kit
     refers to the software components that implement the tool.
4.   Rootkits are generally associated with malware such as Trojans, worms,
     viruses that conceal their existence and actions from users and other
     system processes.
5.   A rootkit allows us to maintain command and control over a computer
     without the computer user/owner knowing about it.
6.   Once a rootkit has been installed, the controller of the rootkit has the
     ability to remotely execute files and change system configurations on
     the host machine.
7.   A rootkit on an infected computer can also access log files and spy on the
     legitimate computer owner’s usage.
Computer System Security                             2–13 W (CC-Sem-3 & 4)
Que 2.19.    Explain the purpose of rootkit. What are the examples
of rootkits ?
 Answer
Purpose of rootkits :
1. The purpose of a rootkit is for a malware to give its owner, a (often)
   permanent, hidden remote access to our computer.
2. To avoid detection, they tamper with the system to conceal the presence
   of the malware (for example, hide files) and its activities (for example,
   running processes).
Examples of rootkits :
1. NTRootkit : One of the first malicious rootkits targeted at Windows OS.
2. HackerDefender : This early Trojan altered/augmented the OS at a
   very low level of functions calls.
3. Machiavelli : The first rootkit targeting Mac OS X. This rootkit creates
   hidden system calls and kernel threads.
4. Greek wiretapping : This rootkit targeted Ericsson’s AXE PBX.
 Answer
Following are the various types of rootkits :
1. Application rootkits :
     a. Application rootkits replace legitimate files with infected rootkit
         files on our computer.
     b. These rootkits infect standard programs like Microsoft Office,
         Notepad, or Paint.
     c. Attackers can get access to our computer every time we run those
         programs.
     d. Antivirus programs can easily detect them since they both operate
         on the application layer.
2. Kernel rootkits :
     a. Attackers use these rootkits to change the functionality of an
         operating system by inserting malicious code into it.
     b. This gives them the opportunity to easily steal personal information.
3. Bootloader rootkits :
     a. The bootloader mechanism is responsible for loading the operating
         system on a computer.
     b. These rootkits replace the original bootloader with an infected one.
     c. This means that bootloader rootkits are active even before the
         operating system is fully loaded.
4. Hardware and firmware rootkits :
Confidentiality Policies                             2–14 W (CC-Sem-3 & 4)
 Answer
Following are the method to prevent rootkits :
1.   Avoid opening suspicious emails :
     a.   Statistics shows that malware, including rootkits, are distributed
          through emails.
     b.  This means that the chances of getting infected with a rootkit via
         email are high.
     c. Using another type of malware, hackers collect email addresses on
         the internet, which they flood with spam emails.
     d. The rootkit installs silently in the background when the user opens
         the infected email.
     e. To prevent rootkits from infiltrating our computer, avoid opening
         suspicious emails, especially if the sender is unfamiliar to us.
2.   Avoid downloading cracked software :
     a. Cracked software may be free but it is also unsafe.
     b. Cracked software is commonly used by hackers to install rootkits
         on victims’ computers.
     c. Cracked software is sometimes bundled with Adware (a software),
         which generates stubborn and annoying pop-ups on the computer.
     d. To prevent rootkits and other types of malware, download legitimate
         software only.
3.   Install software updates :
     a. Through system vulnerabilities, a rootkit can get through to our
         computer.
     b. System vulnerabilities are inevitable. In fact, programmers are
         often only able to discover a bug after the software is released. The
         solution is a software update.
     c. Unfortunately, some users ignore the importance of software
         updates. But the fact is that installing software updates enhances
         our cyber security, preventing malware like rootkits from getting
         onto our computer.
     d. When software updates become available, do not delay their
         installation.
Computer System Security                             2–15 W (CC-Sem-3 & 4)
 Answer
1.   An Intrusion Detection System (IDS) is a network security technology
     originally built for detecting vulnerability exploits against a target
     application or computer.
2.   Intrusion Prevention Systems (IPS) extended IDS solutions by adding
     the ability to block threats in addition to detecting them and has become
     the dominant deployment option for IDS/IPS technologies.
3.   An IDS needs only to detect threats and as such is placed out-of-band on
     the network infrastructure, meaning that it is not in the true real-time
     communication path between the sender and receiver of information.
4.   IDS solutions will often take advantage of a SPAN (Switched Port
     Analyzer) port to analyze a copy of the inline traffic stream
5.   The IDS monitors traffic and report its results to an administrator, but
     cannot automatically take action to prevent a detected exploit from
     taking over the system.
6.   Attackers are capable of exploiting vulnerabilities very quickly once
     they enter the network, rendering the IDS an inadequate deployment
     for prevention device.
 Answer
Following are the types of intrusion detection system :
1. Network Intrusion Detection System (NIDS) :
    a. It is an independent platform that identifies intrusions by examining
        network traffic and monitors multiple hosts.
    b. It gains access to network traffic by connecting to a network hub, a
        network switch configured for port mirroring, or a network tap.
    c. In a NIDS, sensors are placed at choke points in the network to
        monitor, often in the Demilitarized Zone (DMZ) or at network
        borders.
    d. Sensors capture all network traffic and analyze the content of
        individual packets for malicious traffic.
    e. An example of a NIDS is Snort.
Confidentiality Policies                              2–16 W (CC-Sem-3 & 4)
 Answer
1.   A network intrusion detection system (NIDS) is crucial for network
     security because it enables us to detect and respond to malicious traffic.
2.   The primary purpose of an intrusion detection system is to ensure IT
     personnel is notified when an attack or network intrusion might be
     taking place.
3.   A network intrusion detection system (NIDS) monitors both inbound
     and outbound traffic on the network, as well as data traversing between
     systems within the network.
4.   The network IDS monitor network traffic and triggers alerts when
     suspicious activity or known threats are detected, so IT personnel can
     examine more closely and take the appropriate steps to block or stop an
     attack.
Que 2.25. Explain advantages and disadvantages of different types
of IDS.
 Answer
Advantages of HIDS :
1. HIDS can analyze encrypted data and communications activity.
Computer System Security                            2–17 W (CC-Sem-3 & 4)
 Answer
Features of an intrusion detection system are :
1. It monitors and analyzes the user and system activities.
2. It performs auditing of the system files and other configurations and the
    operating system.
3. It assesses the integrity of system and data files.
4. It conducts analysis of patterns based on known attacks.
5. It detects errors in system configuration.
6. It detects and cautions if the system is in danger.
 Answer
Components of intrusion detection system are :
     Internet     Packet
                  decoder
                                               Logging and
                Preprocessors   Detection
                                                 alerting
                                 engine
                                                 system
                                                             Output alert or
                                                              log to a file
                                Packet is
                                                   Output
                                dropped
                                                   modules
                                     Fig. 2.27.1
1.     A packet decoder : It takes packets from different networks and
       prepares them for preprocessing or any further action. It basically
       decodes the coming network packets.
2.     A preprocessor : It prepares and modifies the data packets and also
       performs defragmentation of data packets, decodes the TCP streams.
3.     A detection engine : It performs the packet detection on basis of
       Snort rules. If any packet matches the rules, appropriate action is
       taken, else it is dropped.
4.     Logging and alerting system : The detected packet is either logged
       in system files or incase of threats, the system is alerted.
5.     Output modules : They control the type of output from the logging
       and alert system.
Que 2.28.         What is an intrusion detection system ? What are the
 Answer
Intrusion detection system : Refer Q. 2.22, Page 2–15W, Unit-2.
Difficulties in anomaly detection :
1. It increases the false alarm rate.
2. Developing a general methodology or a set of parameters that can be
    used to evaluate the intrusion detection system.
3. When new patterns are identified in anomaly detection intrusion
    detection system (ANIDS) updating the database without reducing the
    performance.
4. It increases the computational complexities of data preprocessing in
    the training phase and also in the deployment phase.
5. Developing a suitable method for selecting the attributes for each
    category of attacks.
Que 2.29.         Why is security hard ?           AKTU 2019-20, Marks 10
Computer System Security                                2–19 W (CC-Sem-3 & 4)
 Answer
1.   Today in computers and on the internet attack is easier than defense.
     There are many reasons for this, but the most important is the complexity
     of these systems.
2.   Complexity is the worst enemy of security. The more complex a system
     is, the less secure it is.
3.   A hacker typically targets the “attack surface” of a system. The attack
     surface of a system contains all the possible points that a hacker might
     target.
4.   A complex system means a large attack surface, and that means a huge
     advantage for the hacker.
5.   The hacker just has to find one vulnerability. He can also attack
     constantly until successful.
6.   At the same time, the defender has to secure the entire attack surface
     from every possible attack all the time.
7.   Also the cost to attack a system is only a fraction of the cost to defend it.
8.   This is one of the reasons why security is so hard, even though over the
     years there is significant improvement in security technologies.
Que 2.30.     What is Access Control list (ACL) and also define what
are the technologies used in access control ?
                                                  AKTU 2019-20, Marks 10
 Answer
Access control list :
a. An access-control list is a list of permissions attached to an object.
b. An ACL specifies which users or system processes are granted access to
    objects, as well as what operations are allowed on given objects.
c. Each entry in a typical ACL specifies a subject and an operation.
d. An access control list (ACL) is a table that tells a computer operating
    system which access rights each user has to a particular system object,
    such as a file directory or individual file.
e. Each object has a security attribute that identifies its access control list.
Access control technology includes :
1. Access Technology Architectures :
    a. Internet of Things (IoT) access control
    b. Physical Access Control System (PACS)
2. Communications technologies :
    a. Radio Frequency Identification (RFID) access control
    b. Near Field Communication (NFC) access control
    c. Bluetooth Access Control (BAC) access control
    d. Wireless access control technology.
3. Authentication technologies :
    a. Biometric access control technology
    b. Smart card access control technology
Confidentiality Policies                               2–20 W (CC-Sem-3 & 4)
 Answer
Goal and solution :
1.   Software Fault Isolation (SFI) is an alternative for unsafe languages,
     example C, where memory safety is not granted but needs to be enforced
     at runtime by program instrumentation.
2.   SFI is a program transformation which confines a software component
     to a memory sandbox. This is done by pre-fixing every memory access
     with a carefully designed code sequence which efficiently ensures that
     the memory access occurs within the sandbox.
     SFI approach :
1.   Traditionally, the SFI transformation is performed at the binary level
     and is followed by an a posteriori verification by a trusted SFI verifier.
2.   Because the verifier can assume that the code has undergone the SFI
     transformation, it can be kept simple, thereby reducing both verification
     time and the Trusted Computing Base.
3.   This approach is a simple instance of Proof Carrying Code where the
     complier is untrusted and the binary verifier is either trusted or verified.
4.   Traditional SFI is well suited for executing binary code from an
     untrusted origin.
                                   
Computer System Security                                     3–1 W (CC-Sem-3 & 4)
      3                          Secure Architecture
                                 Principles Isolation
                                            and Leas
                        CONTENTS
  Part-1   :   Access Control Concepts, Unix .............. 3–2W to 3–8W
               and Windows Access Control
               Summary, Other Issues in
               Access Control
Questions-Answers
 Answer
1.   Access control is a method of limiting access to a system, physical or
     virtual resources.
2.   It is a process by which users can access and are granted certain privilege
     to systems, resources or information.
3.   Access control is a security technique that has control over who can
     view different aspects, what can be viewed and who can use resources
     in a computing environment.
4.   It is a fundamental concept in security that reduces risk to the business
     or organization.
5.   Access control systems perform identification, authentication, and
     authorization of users and entities by evaluating required login
     credentials that may include passwords, pins, bio-metric scans or other
     authentication factors.
6.   There is multi-factor authentication which requires two or more
     authentication factors which is an important part of the layered defense
     to protect access control systems.
Que 3.2.       Describe different models of access control.
 Answer
Following are the models of access control :
1.   Discretionary Access Control (DAC) : Refer Q. 2.3, Page 2–3W,
     Unit-2.
2.   Role-Based Access Control (RBAC) :
     i.     RBAC, (also known as a non-discretionary access control), is used
            when system administrators need to assign rights based on
            organizational roles instead of individual user accounts within an
            organization.
Computer System Security                                  3–3 W (CC-Sem-3 & 4)
 Answer
Implementation of RBAC :
1.   Windows and Linux environments use for implementation process.
2.   Each group has individual file permissions and each user is assigned to
     groups based on their work role.
3.   RBAC assigns access based on roles. This is different from groups since
     users can belong to multiple groups but should only be assigned to one
     role.
4.   Example roles are : accountants, developer, among others.
Implementation of MAC :
1.   Windows Vista-8 used a variant of MAC which is also called Mandatory
     Integrity Control (MIC).
2.   This type of MAC system added Integrity Levels (IL) to process/files
     running in the login session.
3.   The IL represented the level of trust the object would have.
4.   Subjects were assigned an IL level, which was assigned to their access
     token.
5.   IL levels in MIC were: low, medium, high, and system.
6.   Under this system, access to an object was prohibited unless the user
     had the same level of trust, or higher than the object.
7.   Windows limited the user to not being able to write or delete files with a
     higher IL.
8.   It first compared IL levels, then moved on to checking the ACLs to make
     sure the correct permissions are in place.
9.   This system took advantage of the Windows DAC system ACLs and
     combined it with integrity levels to create a MAC environment.
 Answer
1.   Access control system is used to control access into certain areas located
     within the interior of buildings.
Secure Architecture Principles Isolation & Leas         3–4 W (CC-Sem-3 & 4)
 Answer
Basics components of access control system are :
1.   Access cards :
     i.     The access card may be thought of as an electronic key.
     ii.    The access card is used by persons to gain access through the doors
            secured by the access control system.
     iii.   Each access card is uniquely encoded. Most access cards are
            approximately the same size as a standard credit card, and can
            easily be carried in a wallet or purse.
2.   Card readers :
     i.     Card readers are the devices used to electronically read the access
            card.
     ii.    Card readers may be of the insertion type (which requires insertion
            of the card into the reader).
     iii.   Card readers are usually mounted on the exterior (non-secured)
            side of the door that they control.
3.   Access control keypads :
     i.     Access control keypads are devices which may be used in addition
            to or in place of card readers.
     ii.    The access control keypad has numeric keys which look similar to
            the keys on a touch-tone telephone.
     iii.   The access control keypad requires that a person desiring to gain
            access must enter a correct numeric code.
     iv.    When access control keypads are used in addition to card readers,
            both a valid card and the correct code must presented before entry
            is allowed.
Computer System Security                                  3–5 W (CC-Sem-3 & 4)
 Answer
Access control principles :
1.   Principle of least privilege : It states that if nothing has been
     specifically configured for an individual or the groups, he/she belongs to,
     the user should not be able to access that resource i.e., default no access.
Secure Architecture Principles Isolation & Leas        3–6 W (CC-Sem-3 & 4)
 Answer
Characteristics of Unix :
1.   Memory allocation : It keeps tracks of primary memory i.e., which
     part of it is in use or not and by whom, as well as it allocates memory
     when a program requests.
2.   Processor management : It allocates the CPU for a process or
     deallocates if not required.
3.   Device management : It keeps tracks of all devices it decides for how
     much time and to whom should be given the priority.
4.   File management : It allocates and deallocates the resources; it also
     decides to whom the resources should be given.
5.   Security : By means of password and some other techniques, preventing
     unauthorized access to program and data.
Features of Unix :
1.   Portable : Unix can be installed on many hardware platforms.
2.   Multi-user : The Unix users allow multiple users to concurrently share
     hardware and software.
3.   Multi-tasking : Unix allows a user to run more than one program at a
     time.
Computer System Security                                      3–7 W (CC-Sem-3 & 4)
4.        Organized file system : Unix has organized file and directory system
          that allows users to organize and maintain files.
5.        Device independence : Unix treats input output devices as ordinary
          files. The destination of file input and output is easily controlled through
          Unix design feature called redirection.
6.        Utilities : Unix provides a rich library of utilities that can increase
          user’s productivity.
Que 3.8.             Differentiate between Unix and Windows.
Answer
 Answer
Issues related to access control are :
1.        Appropriate role-based access :
          i.     Users should only be given access to systems that they need to
                 access, and at a level that’s appropriate to their role.
          ii.    Good practice is to ensure that access privileges (and changes) are
                 approved by a sufficiently senior director or manager.
          iii. Finally, access privileges should be reviewed regularly and amended
               as part of a process of security governance.
2.        Poor password management :
          i.   Password management is most common mistakes when it comes to
               access control.
          ii. When there are a lot of different systems that require a password
               to access then it is not uncommon for employees and even business
               owners to use the same password across the board.
          iii. Even when employees are required to change their password
               regularly though, there is still the problem of using passwords that
               are weak and easy to crack.
Secure Architecture Principles Isolation & Leas        3–8 W (CC-Sem-3 & 4)
Questions-Answers
 Answer
1.   Browser isolation is a cyber security model for web browsing that can be
     used to physically separate an internet user’s browsing activity from
     their local machine, network and infrastructure.
2.   With this model, individual browser sessions are abstracted away from
     hardware and direct internet access, trapping harmful activity inside
     the disposable environment.
3.   Browser isolation may also be referred to as remote browser isolation,
     web isolation or remote browsing.
4.   A major weakness in popular security tools is protection from web or
     browser-based attacks, malware and ransomware.
5.   By separating browsing activity from endpoint hardware, the device’s
     attack surface is reduced, sensitive data is protected and malware or
     other known and unknown security threats are minimized.
6.   This is an evolution of the cyber security concepts of security through
     physical isolation and air-gapping.
 Answer
1.     Browser isolation works by providing users with a disposable, non-
       persistent environment for browsing.
2.     This can be executed through a variety of methods but involves
       virtualization, containerization or cloud browsing.
3.     When a user closes the browsing session or the session is timed out, the
       isolated environment is reset or discarded.
4.     Any malicious code or harmful traffic is discarded as well, preventing it
       from ever reaching the endpoint device or network.
5.     The browser isolation method treats all websites, files and content equally
       by labeling them as untrusted or blacklisted unless otherwise specified.
6.     Within the isolated environment, files can be rendered remotely or
       sanitized without the need to download them.
7.     This is different from other security methods that do not treat information
       equally and filter content based on potential threatening signs.
 Answer
Browser isolation technology : Browser isolation technology is a
technology delivered to customers through a cloud browser, a container, a
virtual machine or browser isolation technology hosted on a server.
Following are the browser isolation vendors :
i.     Apozy
ii.    Authentic
iii.   Ericom
iv.    Menlo security
v.     Symantec
vi.    WEBGAP
 Answer
Advantages of browser isolation :
1.     The primary benefit to browser isolation is reducing the spread of
       malware through web browsers.
Secure Architecture Principles Isolation & Leas      3–10 W (CC-Sem-3 & 4)
Questions-Answers
 Answer
1.   Web security is the process of securing confidential data stored online
     from unauthorized access and modification.
2.   This is accomplished by enforcing strict policy measures.
3.   Websites are scanned for any possible vulnerabilities and malware
     through website security software. This software can scan for backdoor
     hacks, redirect hacks, Trojans, and many other threats.
4.   A website security software notifies the user if the website has any
     issue and provides solutions to address them.
5.   It is the cumulative phrase for all of the methods and measure that we
     can use and enforce to keep the files behind our website and any data of
     our customers safe.
6.   Security should be built into our website from beginning, but certain
     systems, the likes of WordPress, allow us to easily install security
     measures at any time at little or no cost.
7.   The goal of web security is to identify the following :
     i.   Critical assets of the organization
     ii. Genuine users who may access the data
     iii. Level of access provided to each user
     iv. Various vulnerabilities that may exist in the application
     v. Data criticality and risk analysis on data exposure.
     vi.   Appropriate remediation measures.
Computer System Security                               3–11 W (CC-Sem-3 & 4)
 Answer
1.   Threat modelling is a procedure for optimizing network security by
     identifying objectives and vulnerabilities, and then defining counter
     measures to prevent, or mitigate the effects of threats to the system.
2.   In this context, a threat is a potential or actual adverse event that may
     be malicious (such as a denial-of-service attack) or incidental (such as
     the failure of a storage device), and that can compromise the assets of
     an enterprise.
3.   The key to threat modelling is to determine where the most effort
     should be applied to keep a system secure.
4.   Threat modelling is an iterative process that consists of defining
     enterprise assets, identifying what each application does with respect to
     these assets, creating a security profile for each application, identifying
     potential threats, prioritizing potential threats, and documenting adverse
     events and the actions taken in each case.
5.   Threat modelling is a structured approach to identifying, quantifying,
     and addressing threats.
6.   It allows system security staff to communicate the potential damage of
     security flaws and prioritize remediation efforts.
Purpose of threat modelling :
1.   The purpose of threat modelling is to identify, communicate, and
     understand threats and mitigation to the organisation’s stakeholder’s as
     early as possible.
2.   Documentation from this process provides system analyst and defenders
     with a complete analysis of probable attacker profile.
 Answer
Following are the threat modelling methodologies :
1.   STRIDE : STRIDE is a methodology that provides a mnemonic for
     security threats in six categories :
     a.   Spoofing : An adversary posing as another user, component, or
          other system that has an identity in the system being modelled.
     b.   Tampering : The modification of data within the system to achieve
          a malicious goal.
     c.   Repudiation : The ability of an adversary to deny performing
          some malicious activity in absence of sufficient proof.
Secure Architecture Principles Isolation & Leas         3–12 W (CC-Sem-3 & 4)
 Answer
Tools used for threat modelling :
1.   Microsoft’s threat modelling tool : This tool identifies threats based
     on STRIDE threat classification scheme and it is based on Data Flow
     Diagram (DFD).
2.   My App security :
     a.     It offers the first commercially available threat modeling tool i.e.,
            Threat Modeler.
     b.     It uses VAST threat classification scheme and it is based on Process
            Flow Diagram (PFD).
3.   IriuRisk :
     a.     It offers both a community and a commercial version of the tool.
     b.     This tool is primarily used to create and maintain live threat model
            through the entire SDLC.
Secure Architecture Principles Isolation & Leas        3–14 W (CC-Sem-3 & 4)
 Answer
All threat modelling process start with creating visual representation of
application or system being analyzed. There are two ways to create visual
representation :
a.   Visual representation using data flow diagram :
     1.   The Microsoft methodology, PASTA and Trike each develop a visual
          representation of the application-infrastructure utilizing data flow
          diagrams (DFD).
     2.   DFDs are used to provide a high-level visualization of how an
          application works within a system to move, store, and manipulate
          data.
     3.   The concept of trust boundaries was added by security professionals
          in an attempt to make them applicable for threat modelling.
     4.   DFDs are used to identify broad categories usually using STRIDE
          threat classification scheme.
     5.   The list of threats identifies through such methods is limited and
          thus a poor starting point for the modelling.
     6.   DFD based approach uses three main steps :
          i.   View system as an adversary
Computer System Security                                 3–15 W (CC-Sem-3 & 4)
 Answer
i.     Rendering or image synthesis is the automatic process of generating a
       photorealistic or non-photorealistic image from a 2D or 3D model by
       means of computer programs. Also, the result of displaying such a model
       is called a render.
ii.    A rendering engine is often used interchangeably with browser engines.
       It is responsible for the layout of our website on our audience’s screen.
iii.   A rendering engine is responsible for the paint, and animations used on
       our website.
iv.    It creates the visuals on the screen or brightens the pixels exactly how
       they are meant to be to give the feel of the website like how it was made
       to be.
v.     Steps for what happens when we surf the web :
       1.   We type an URL into address bar in our preferred browser.
       2.   The browser parses the URL to find the protocol, host, port, and
            path. It forms a HTTP request.
       3.   To reach the host, it first needs to translate the human readable
            host into an IP number, and it does this by doing a DNS lookup on
            the host.
       4.   Then a socket needs to be opened from the user’s computer to that
            IP number, on the port specified (most often port 80).
       5.   When a connection is open, the HTTP request is sent to the host.
       6.   The host forwards the request to the server software configured to
            listen on the specified port.
       7.   The server inspects the request and launches the server plugin
            needed to handle the request.
       8.   The plugin gets access to the full request, and starts to prepare a
            HTTP response.
       9.   The plugin combines that data with some meta data and sends the
            HTTP response back to the browser.
       10. The browser receives the response, and parses the HTML in the
           response. A DOM tree is built out of the broken HTML.
       11. New requests are made to the server for each new resource that is
           found in the HTML source (typically images, style sheets, and
           JavaScript files).
       12. Stylesheets are parsed, and the rendering information in each gets
           attached to the matching node in the DOM tree.
       13. JavaScript is parsed and executed, and DOM nodes are moved and
           style information is updated accordingly.
Computer System Security                               3–17 W (CC-Sem-3 & 4)
     14. The browser renders the page on the screen according to the DOM
         tree and the style information for each node.
     15. We see the page on the screen.
List of rendering engines produced by major web browser vendors :
1.   Blink : It is used in Google Chrome, and Opera browsers.
2.   WebKit : It is used in Safari browsers.
3.   Gecko : It is used in Mozilla Firefox browsers.
4.   Trident : It is used in Internet Explorer browsers.
5.   EdgeHTML : It is used in Edge browsers.
6.   Presto : Legacy rendering engine for Opera.
 Answer
Refer Q. 3.10, Page 3–8W, Unit-3.
Questions-Answers
 Answer
1.   The security interface framework is a set of Objective-C classes that
     provide user interface elements for programs that implement security
     features such as authorization, access to digital certificates, and access
     to items in keychains.
2.   User Interface (UI) defines the way humans interact with the information
     systems.
3.   User Interface (UI) is a series of pages, screens, buttons, forms and
     other visual elements that are used to interact with the device. Every
     app and every website has a user interface.
4.   User Interface (UI) design is the creation of graphics, illustrations, and
     use of photographic artwork and typography to enhance the display and
     layout of a digital product within its various device views.
Secure Architecture Principles Isolation & Leas        3–18 W (CC-Sem-3 & 4)
 Answer
Cookies :
1. These are small text files that the web browser stores on the computer.
2. The first time we visit a page on the internet, a new cookie is created,
   which collects the information that can be accessed by the website
   operator.
3. However, some browsers store all cookies in a single file.
4. The information in this text file is in turn subdivided into attributes that
   are included individually.
Frame busting :
1. Frame busting refers to code or annotation provided by a web page
   intended to prevent the web page from being loaded in a sub-frame.
2. Frame busting is the recommended defense against click-jacking and is
   also required to secure image-based authentication such as the sign-in
   seal used by Yahoo.
3. Sign-in seal displays a user-selected image that authenticates the Yahoo
   login page to the user.
4. Without frame busting, the correct image is displayed to the user, even
   though the top page is not the real Yahoo login page.
5. New advancements in click jacking techniques using drag and drop to
   extract and inject data into frames makes frame busting even more
   critical.
 Answer
Major web server threats are :
1. Injection flaws :
   a. Injection flaws, such as SQL, OS injection occur when untrusted
       data is sent to an interpreter as part of a command or query.
   b. The attacker’s hostile data can trick the interpreter into executing
       unintende d commands or accessing data witho ut pro per
       authorization.
2. Sensitive data exposure :
   a. Many web applications and APIs do not properly protect sensitive
       data such as financial, healthcare.
Computer System Security                              3–19 W (CC-Sem-3 & 4)
Questions-Answers
 Answer
1.      Cross-site request forgery (CSRF) is an attack that forces an end user to
        execute unwanted actions on a web application in which they are
        currently authenticated.
2.      CSRF attacks specifically target state-changing requests, not theft of
        data, since the attacker has no way to see the response to the forged
        request.
3.      With the help of social engineering (such as sending a link via email or
        chat), an attacker may trick the users of a web application into executing
        actions of the attacker’s choosing.
                  2                              Website                  3
                                                 visitor
                                                                              A visitor clicks
     Perpetrator embeds                                                       on the link,
     the request into a                                                       inadvertently
     hyperlink and sends                                                      sending the
     it to visitors who may                                                   request to the
     be logged into the site     4    Website validates request               website
                                      and transfers funds from
                                      the visitors account to the
                                      perpetrator
                   Perpetrator                                           Website
       1
       Perpetrator forges a request for
       a fund transfer to a website
                                             Fig. 3.24.1.
4.      If the victim is a normal user, a successful CSRF attack can force the
        user to perform state changing requests like transferring funds, changing
        their email address, and so forth.
5.      If the victim is an administrative account, CSRF can compromise the
        entire web application.
6.      Cross-Site Request Forgery (CSRF) is an attack vector that tricks a web
        browser into executing an unwanted action in an application to which a
        user is logged in.
7.      A successful CSRF attack can be devastating for both the business and
        user. It can result in damaged client relationships, unauthorized fund
Secure Architecture Principles Isolation & Leas        3–22 W (CC-Sem-3 & 4)
 Answer
We can prevent CSRF attack in two ways :
1.   On user side : User side prevention is very inefficient in terms of
     browsing experience, prevention can be done by browsing only a single
     tab at a time and not using the remember-me functionality.
2.   On server side :
     a.   There are many proposed ways to implement CSRF protection on
          server side, among which the use of CSRF tokens is most popular.
     b.   A CSRF token is a string that is tied to a user’s session but is not
          submitted automatically.
     c.   A website proceeds only when it receives a valid CSRF token along
          with the cookies, since there is no way for an attacker to know a
          user specific token, the attacker cannot perform actions on user’s
          behalf.
 Answer
For a CSRF attack to be possible, three key conditions must be followed :
1.   A relevant action :
     a.   There is an action within the application that the attacker has a
          reason to induce.
     b.   This might be a privileged action (such as modifying permissions
          for other users) or any action on user-specific data (such as changing
          the user’s own password).
2.   Cookie-based session handling :
     a.   Performing the action involves issuing one or more HTTP requests,
          and the application relies solely on session cookies to identify the
          user who has made the requests.
     b.   There is no other mechanism in place for tracking sessions or
          validating user requests.
Computer System Security                                3–23 W (CC-Sem-3 & 4)
 Answer
1.   Cross-site scripting (XSS) is vulnerability in a web application that allows
     a third party to execute a script in the user’s browser on behalf of the
     web application.
2.   Cross-site scripting is one of the most prevalent vulnerabilities present
     on the web.
3.   The exploitation of XSS against a user can lead to various consequences
     such as account compromise, account deletion, privilege escalation,
     malware infection and many more.
4.   It allows an attacker to masquerade as a victim user, to carry out any
     actions that the user is able to perform and to access any of the user’s
     data.
5.   If the victim user has privileged access within the application then the
     attacker might be able to gain full control over all of the applications
     functionality and data.
Que 3.28.       Describe the types of cross-site scripting.
 Answer
Depending on the context, there are two types of XSS :
1.   Reflected XSS :
     i.     If the input has to be provided each time to execute, such XSS is
            called reflected.
     ii.    These attacks are mostly carried out by delivering a payload directly
            to the victim.
     iii.   Victim requests a page with a request containing the payload and
            the payload comes embedded in the response as a script.
     iv.    An example of reflected XSS is XSS in the search field.
Secure Architecture Principles Isolation & Leas               3–24 W (CC-Sem-3 & 4)
     2
 Perpetrator injects the                      Website         3   For each visit to the
 website with a malicious                                         website, the malicious
 script that steal each                                           script is activated
 visitor's session
 cookies
                                                              Website
                   Perpetrator     Visitor's session cookie
                                                              visitor
                                    is sent to perpetrator
          1   Perpetrator discovers a
              website having a
              vulnerability that enables
              script injection
                                           Fig. 3.28.1.
2.       Stored XSS :
         a.   When the response containing the payload is stored on the server
              in such a way that the script gets executed on every visit without
              submission of payload, then it is identified as stored XSS.
         b.   An example of stored XSS is XSS in the comment thread.
                                                                          3. Bad app
                       2. Entirely innocent request                       retrieves
                     4. Response includes malicious                       malicious
         Website                                              Website     data and
                         data as active content
                                                                          uses it
                                                                          verbatim
Fig. 3.28.2.
 Answer
i.       Refer Q. 3.27, Page 3–23W, Unit-3.
Computer System Security                                3–25 W (CC-Sem-3 & 4)
 Answer
The protection methods used for CSRF are :
1.    Anti CSRF Token :
      a.   This is a cryptographically strong string that is submitted to the
           website separately from cookies.
      b.   This can be sent as a request parameter or as an HTTP header.
      c.   The server checks for the presence and correctness of this token
           when a request is made and proceeds only if the token is correct
           and the cookies are valid.
2.    HTTP PUT method :
      a.   The PUT method is used to create instances of a resource on the
           server.
      b.   It is similar to POST except that sending the same PUT requests
           multiple times does not do anything extra.
      c.   If the server is using PUT method for sensitive actions then there
           is no need for any additional CSRF protection (unless Cross-Origin
           Resource Sharing is enabled) at that endpoint.
      d.   It is because the PUT request cannot be duplicated through a web
           page like POST request (HTTP forms do not allow PUT requests).
3.    HTTP bearer authentication :
      a.   This is a type of HTTP authentication where the user is identified
           through a token that is submitted in authorization header of each
           request.
      b.   This mechanism solves CSRF because unlike cookies it is not
           submitted by the browser automatically.
      c.   There are problems and potential bypasses to each of these methods.
      d.   Anti CSRF tokens do not have a fixed standard so their generation
           mechanism and use depends solely on how developers intended it
           to be.
Secure Architecture Principles Isolation & Leas        3–26 W (CC-Sem-3 & 4)
 Answer
Different ways used to prevent XSS are :
1.   Escaping :
     a.   The first method used to prevent XSS vulnerabilities from appearing
          in our applications is by escaping user input.
     b.   Escaping data means taking the data an application has received
          and ensuring it is secure before rendering it for the end user.
     c.   By escaping user input, key characters in the data received by a
          web page will be prevented from being interpreted in any malicious
          way.
     d.   In essence, we are censoring the data our web page receives in a
          way that will disallow the characters especially <and> characters
          from being rendered, which otherwise could cause harm to the
          application and/or users.
2.   Validating input :
     a.   Validating input is the process of ensuring an application is rendering
          the correct data and preventing malicious data from doing harm to
          the site, database, and users.
     b.   While whitelisting and input validation are more commonly
          associated with SQL injection, they can also be used as an additional
          method of prevention for XSS.
     c.   Whereas blacklisting, or disallowing certain, predetermined
          characters in user input, disallows only known bad characters,
          whitelisting only allows known good characters and is a better
          method for preventing XSS attacks as well as others.
     d.   Input validation is especially helpful and good at preventing XSS in
          forms, as it prevents a user from adding special characters into the
          fields, instead refusing the request.
3.   Sanitizing :
     a.   A third way to prevent cross-site scripting attacks is to sanitize user
          input.
     b.   Sanitizing data is a strong defense, but should not be used alone to
          battle XSS attacks.
     c.   Sanitizing user input is especially helpful on sites that allow HTML
          markup, to ensure data received can do no harm to users as well as
          our database by scrubbing the data clean of potentially harmful
          markup, changing unacceptable user input to an acceptable format.
Computer System Security                               3–27 W (CC-Sem-3 & 4)
 Answer
Following are XSS vulnerabilities :
1.   Stored XSS vulnerabilities :
     a.   Stored attacks are those where the injected script is permanently
          stored on the target servers, such as in a database, in a message
          forum, visitor log, comment field, etc.
     b.   The victim then retrieves the malicious script from the server when
          it requests the stored information. Stored XSS is also referred to as
          Persistent or Type-I XSS.
2.   Reflected XSS vulnerabilities :
     a.   Reflected attacks are those where the injected script is reflected off
          the web server, such as in an error message, search result, or any
          other response that includes some or all of the input sent to the
          server as part of the request.
     b.   Reflected attacks are delivered to victims via another route, such
          as in an e-mail message, or on some other website.
     c.   When a user is tricked into clicking on a malicious link, submitting
          a specially crafted form the injected code travels to the vulnerable
          web site, which reflects the attack back to the user’s browser.
     d.   The browser then executes the code because it came from a trusted
          server.
     e.   Reflected XSS is also referred to as Non-Persistent or Type-II XSS.
3.   Server-side versus DOM-based vulnerabilities :
     a.   XSS vulnerabilities were first found in applications that performed
          all data processing on the server side.
     b.   User input (including an XSS vector) would be sent to the server,
          and then sent back to the user as a web page.
     c.   The need for an improved user experience resulted in popularity of
          applications that had a majority of the presentation logic working
          on the client-side that pulled data, on-demand, from the server
          using AJAX.
     d.   As the JavaScript code was also processing user input and rendering
          it in the web page content, a new sub-class of reflected XSS attacks
          started to appear that was called DOM-based cross-site scripting.
     e.   In a DOM-based XSS attack, the malicious data does not touch the
          web server. Rather, it is being reflected by the JavaScript code,
          fully on the client side.
                                   
Computer System Security                                     4–1 W (CC-Sem-3 & 4)
4 Basic Cryptography
                        CONTENTS
  Part-1   :   Public Key Cryptography, ........................ 4–2W to 4–8W
               RSA Public Key Crypto
Questions-Answers
 Answer
1.   In public key cryptography, there are two keys : a private key and a
     public key.
2.   The private key is kept by the receiver. The public key is announced to
     the public.
3.   In Fig. 4.1.1 imagine Aaditya wants to send a message to Jyoti. Aaditya
     uses the public key to encrypt the message. When the message is
     received by Jyoti, the private key is used to decrypt the message.
4.   In public key encryption/decryption, the public key that is used for
     encryption is different from the private key that is used for decryption.
                                          To the public
                                                            Jyoti’s public key
                                                            Jyoti’s private key
             Aaditya                                      Jyoti
     Plaintext                   Ciphertext
                  Encryption                  Decryption     Plaintext
 Answer
Principle of public key cryptography :
1.   The concept of public key cryptography evolved from an attempt to
     solve the most difficult problems associated with symmetric encryption :
     i.     Two communicants already share a key, which has been distributed
            to them.
Computer System Security                                      4–3 W (CC-Sem-3 & 4)
Answer
 Answer
RSA algorithm :
1.   RSA is a public key encryption algorithm, named for its inventors (Rivest,
     Shamir and Adleman).
2.   The RSA algorithm is based on the mathematical part that it is easy to
     find and multiply large prime numbers together, but it is extremely
     difficult to factor their product.
3. The RSA algorithm is shown as :
   a. Choose two large prime numbers p and q.
   b. Calculate n = p × q.
   c. Select the public key (i.e., the encryption key) e such that it is not a
       factor of (p – 1) and (q – 1).
   d. Select the private key (i.e., the decryption key) d such that the
       following equation is true :
                     (d × e) mod (p – 1) × (q – 1) = 1
   e. For encryption, calculate the cipher text C from the plain text M as
       follows :
                              C = Me mod n
   f.  Send C as the cipher text to the receiver.
   g. For decryption, calculate the plain text C from the cipher text C as
       follows :
                              M = Cd mod n
Numerical :
1. Translate the numbers into letters : M = 12 and E = 4
2.   Encrypt each block M using, C  M7 (mod 3)
3.   For M = 12
                         C = 127 (mod 3)
                            = 124 × 123 (mod 3)
                            = (122)2 × 122 × 12 (mod 3) = 0
     For E = 4
                         C = E7 (mod 3)
                            = 47 (mod 3)
                            = 4 (mod 3) = 1
      The encrypted ciphertext is : 0 and 1.
Que 4.5.      Explain RSA algorithm. Perform encryption and
decryption using RSA algorithm for p = 11, q = 13, e = 7, m = 9.
                              OR
Explain RSA using example.
Computer System Security                               4–5 W (CC-Sem-3 & 4)
 Answer
RSA algorithm : Refer Q. 4.4, Page 4–3W, Unit-4.
Numerical :
   Step 1 : p = 11, q = 13
   Step 2 : n = p × q = 11 × 13 = 143
   Step 3 : Calculate
                      (n) = (p – 1) (q – 1)
                           = (11 – 1) (13 – 1) = 10 × 12 = 120
   Step 4 : Determine d such that de  1 (mod 160)
                         d = e – 1 mod 160
   Using extended Euclidean algorithm we calculate d.
        q          r1       r2           r     t1        t2       t
        17        120        7           1      0         1      – 17
         7         7         1           0      1       – 17     120
                   1         0                – 17      120
                            = – 17 mod 120
                          d = 103
                 Public key = {7, 143}
                Private key = {103, 143}
             Encryption (C) = Me (mod n)
                         M= 9
                          C = 97 mod 143
                            = [(94 mod 143) × (92 mod 143)
                                                       (91 mod 143)] mod 143
                            = (126 × 81 × 9) mod 143
                            = 91854 mod 143 = 48
             Decryption (M) = 13103 mod 143
 Answer
Public key cryptography : Refer Q. 4.1, Page 4–2W, Unit-4.
RSA algorithm : Refer Q. 4.4, Page 4–3W, Unit-4.
Numerical :
   Step 1 : p = 17, q = 11
Basic Cryptography                                     4–6 W (CC-Sem-3 & 4)
    Step 2 : n = p × q = 17 × 11 = 187
    Step 3 : Calculate (n) = (p – 1) (q – 1) = 16 × 10 = 160
    Step 4 : d = 23 and e = 7
    Public key is {7, 187}
    Private key is {23, 187}
    Encryption : Ciphertext is
    C = Me mod n = 887 mod 187 = (882 mod 187) (885 mod 187)
                           = [77 × (77 × 77) × 88] mod 187 = 11
                         C = 11
    Decryption : Plaintext is
    M = Cd mod n = 1123 mod 187 = (115 mod 187) (1118 mod 187)
                           = [44 × (44 × 44 × 44) (113 mod 187)] mod 187
                           = [444 × 22] mod 187 = 88
 Answer
Advantages of RSA :
1. Convenience : It solves the problem of distributing the key for
    encryption.
2. Provides message authentication : Public key encryption allows
    the use of digital signatures which enables the recipient of a message to
    verify that the message is from a particular sender.
3. Detection of tampering : The use of digital signatures in public key
    encryption allows the receiver to detect if the message was altered in
    transit. A digitally signed message cannot be modified without invalidating
    the signature.
4. Provides non-repudiation : Digitally signing a message is related to
    physically signing a document. It is an acknowledgement of the message
    and thus, the sender cannot deny it.
Disadvantages of RSA :
1. Public keys should/must be authenticated : No one can be
    absolutely sure that a public key belongs to the person it specifies and so
    everyone must verify that their public keys belong to them.
2. Slow : Public key encryption is slow compared to symmetric encryption.
    Not feasible for use in decrypting bulk messages.
3. Uses more computer resources : It requires a lot more computer
    supplies compared to single-key encryption.
4. Widespread security compromise is possible : If an attacker
    determines a person’s private key, his or her entire messages can be
    read.
5. Loss of private key may be irreparable : The loss of a private key
    means that all received messages cannot be decrypted.
Computer System Security                               4–7 W (CC-Sem-3 & 4)
 Answer
Three possible approaches and securities of the RSA algorithm are :
1. Brute force :
   a. This involves trying all possible private keys.
   b. The defense against the brute force approach is to use a large key space.
2. Mathematical attacks :
   a. There are several approaches used for factoring the product of two
        primes.
   b. The defense against mathematical attacks is to use factoring
        performance as a benchmark against which to evaluate the security
        of RSA.
3. Timing attacks : These depend on the running time of the decryption
   algorithm. Counter-measures that can be used, includes the following :
   a. Constant exponentiation time : Ensure that all exponentiation
        take the same amount of time before returning a result. This is a
        simple fix but does degrade performance.
   b. Random delay : Better performance could be achieved by adding
        a random delay to the exponentiation algorithm to confuse the
        timing attack.
   c. Blinding : Multiply the ciphertext by a random number before
        performing exponentiation. This process prevents the attacker from
        knowing what ciphertext bits are being processed inside the
        computer and therefore prevents the bit-by-bit analysis essential
        to the timing attack.
Numerical : Refer Q. 4.6, Page 4–5W, Unit-4.
 Answer
i.     A hybrid cryptosystem is a protocol using multiple ciphers of different
       types together.
ii.    In hybrid cryptosystem, we generate a random secret key for a symmetric
       cipher, and then encrypt this key via an asymmetric cipher using the
       recipient’s public key.
iii.   The message itself is then encrypted using the symmetric cipher and
       the secret key.
iv.    Both the encrypted secret key and the encrypted message are then sent
       to the recipient.
Basic Cryptography                                     4–8 W (CC-Sem-3 & 4)
v.    The recipient decrypts the secret key first, using his/her own private
      key, and then uses that key to decrypt the message.
vi.   The steps of hybrid encryption are :
      1.   Generate a symmetric key. The symmetric key needs to be kept a
           secret.
      2.   Encrypt the data using the secret symmetric key.
      3.   The person to whom we wish to send a message will share her
           public key and keep the private key a secret.
      4.   Encrypt the symmetric key using the public key of the receiver.
      5.   Send the encrypted symmetric key to the receiver.
      6.   Send the encrypted message text.
      7.   The receiver decrypts the encrypted symmetric key using her
           private key and gets the symmetric key needed for decryption.
      8.   The receiver uses the decrypted symmetric key to decrypt the
           message, getting the original message.
                                  PART-2
      Digital Signature Hash Functions, Public Key Distribution.
Questions-Answers
 Answer
1.    A digital envelope is a secure electronic data container that is used to
      protect a message through encryption and data authentication.
2.    A digital envelope allows users to encrypt data with the speed of secret
      key encryption and the convenience and security of public key encryption.
3.    Rivest, Shamir and Adleman (RSA) Public-Key Cryptography Standard
      (PKCS) governs the application of cryptography to data for digital
      envelopes and digital signatures.
4.    A digital envelope is also known as a digital wrapper.
5.    Following methods may be used to create a digital envelope :
      a.   Secret key encryption algorithms, for message encryption.
      b.   Public key encryption algorithm from RSA for secret key encryption
           with a receiver’s public key.
Computer System Security                                           4–9 W (CC-Sem-3 & 4)
 Answer
1.    Digital signature is a mathematical scheme used for verifying the
      authenticity of digital message or documents.
2.    Digital signature uses three algorithms :
      a.    Key generation : This algorithm selects a private key uniformly
            at random from a set of possible private keys. Output of this
            algorithm is private key and its corresponding public key.
      b.    Signing algorithm : It produce signature by using message and
            private key.
      c.    Signature verifying algorithm : For a given message, signature
            and public key, either accepts or rejects the messages claim to
            authenticity.
3.    Fig. 4.11.1 shows the concept of digital signature.
 Answer
1.    Key generation algorithms :
      a.    Digital signatures are electronic signatures, which assures that the
            message was sent by a particular sender.
      b.    While performing digital transactions authenticity and integrity
            should be assured, otherwise the data can be altered or someone
            can also act as if he was the sender and expect a reply.
Basic Cryptography                                     4–10 W (CC-Sem-3 & 4)
2.   Signing algorithms :
     a.   To create a digital signature, signing algorithms like email programs
          create a one-way hash of the electronic data which is to be signed.
     b.   The signing algorithm then encrypts the hash value using the private
          key (signature key).
     c.   This encrypted hash along with other information like the hashing
          algorithm is the digital signature.
     d.   This digital signature is appended with the data and sent to the
          verifier.
     e.   The reason for encrypting the hash instead of the entire message
          or document is that a hash function converts any arbitrary input
          into a much shorter fixed length value.
     f.   This saves time as instead of signing a long message a shorter hash
          value has to be signed and moreover hashing is much faster than
          signing.
3.   Signature verification algorithms :
     a.   Verifier receives digital signature along with the data.
     b.   It then uses verification algorithm to process on the digital signature
          and the public key (verification key) and generates some value.
     c.   It also applies the same hash function on the received data and
          generates a hash value. Then the hash value and the output of the
          verification algorithm are compared. If they both are equal, then
          the digital signature is valid else it is invalid.
 Answer
The steps followed in creating digital signature are :
1.   Message digest is computed by applying hash function on the message
     and then message digest is encrypted using private key of sender to
     form the digital signature.
2.   Digital signature is then transmitted with the message.
3.   Receiver decrypts the digital signature using the public key of sender.
4.   The receiver now has the message digest.
5.   The receiver can compute the message digest from the message.
6.   The message digest computed by receiver and the message digest got by
     decryption needs to be same for ensuring integrity.
Que 4.14. Write a short note on Message Digest (MD) hash function.
Computer System Security                                  4–11 W (CC-Sem-3 & 4)
 Answer
1.   The MD hashing algorithm is a one-way cryptographic function that
     accepts a message of any length as input and returns as output a fixed
     length digest value to be used for authenticating the original message.
2.   The MD hash function can be use as a secure cryptographic hash
     algorithm for authenticating digital signatures.
3.   MD has been deprecated for uses other than as a non-cryptographic
     checksum to verify data integrity and detect unintentional data
     corruption.
4.   The goal of any message digest function is to produce digests that appear
     to be random.
5.   To be considered cryptographically secure, the hash function should
     meet two requirements :
     i.    It is impossible for an attacker to generate a message matching a
           specific hash value.
     ii.   It is impossible for an attacker to create two messages that produce
           the same hash value.
 Answer
Digital Signature Algorithm (DSA) : DSA is an asymmetric encryption
algorithm that works on two different key i.e., one public and one private to
produce digital signature.
1.   The sender generates a random number k, which is less than q.
2.   The sender now calculates :
     a.    r = (gk mod p) mod q
     b.    s = (K – 1(H(m) + xr)) mod q
     The values r and s are the signatures of the sender.
3.   The sender sends these values to the receiver. To verify the signature,
     the receiver calculates :
          w = s– 1 mod q
           u1 = (H(m) * w) mod q
           u2 = (rw) mod q
           v = ((gu1* yu2) mod p) mod q
           If v = r, the signature is said to be verified. Otherwise, it is rejected.
Basic Cryptography                                    4–12 W (CC-Sem-3 & 4)
         where,
         p = A prime number of length L bits
         q = A 160-bits prime factor of (p – 1)
         g = h(p – 1)/q mod p
         x = A number less than q.
         y = gx mod p.
         H = Message Digest algorithm.
If same secret (k1, k2) is used for signing two different messages, it will
generate two different signatures (r1, s1) and (r1, s2) :
1.       s1 = k1 – 1(h1k2 + d(r1 + r2))
2.       s2 = k1 – 1(h2k2 + d(r1 + r2))
         where h1 = SHA512(m1) and h2 = SHA512(m2)
3.       k1s1 – k1s2 = h1k2 + dr – h2k2 – dr
4.       k1(s1 – s2) = k2(h1 – h2)
5.   We cannot obtain k1, k2 from this equation and so this scheme is more
     secure than original ECDSA (Elliptical Curve Digital Signature
     Algorithm) scheme.
Que 4.16.     What are the properties and requirements for a digital
signature ?
 Answer
Properties of digital signature :
1.   It must be able to verify the author, the date and time of the signature.
2.   It must be able to authenticate the contents of the message at the time
     of the signature.
3.   There must be third (trusted) party who can verify the digital signature
     to resolve disputes between the sender and receiver.
Requirements for a digital signature :
1.   The signature must be in the form of a bit pattern and relative to the
     message being signed.
2.   The signature must contain information that is unique to the sender, so
     that forgery and denial can be avoided.
3.   The process of creating, recognizing and verifying the digital signature
     must also be comparatively easy.
4.   A high computational effort must be required to forge a digital signature.
6.   The copy of a digital signature must be retained in storage mechanism.
 Answer
Variants of digital signature are :
1.   Timestamped signature :
     a.  Timestamped digital signatures include a timestamp value in order
         to prevent replay attack.
     b. In a replay attack, the documents can be replayed by a third party.
2.   Blind signature :
     a. Blind signature is used when the sender does not want to reveal
         the contents of the message to the signer and just wishes to get the
         message signed by the signer.
     b. Blind signatures are used in situations where the signer message
         authors are completely different parties.
     c. Blind signatures scheme can be implemented by using a number of
         public-key digital signature schemes such as RSA and DSS.
3.   Undeniable digital signature :
     a. This scheme is a non self-authenticating signature scheme in which
         no signatures can be verified without the signer’s cooperation and
         notification.
     b. This scheme has three components :
         i.   Signing algorithm : This allows the signer to sign a message.
         ii. Verification (or confirmation) protocol : This allows the
              signer to limit the users who can verify his or her signature.
          iii. Disavowal (or denial) protocol : Since the verification
               process requires the involvement of the signer, it is quite
               possible that the signer can freely decline the request of the
               verifier. This protocol prevents the signer from proving that a
               signature is invalid when it is valid and vice-versa.
 Answer
Hash function :
1.   A cryptographic hash function is a transformation that takes an input
     and returns a fixed-size string, which is called the hash value.
2.   A hash value h is generated by a function H of the form :
                         h = H (M)
     where M is the variable length message and H(M) is the fixed length
     hash value.
3.   The hash value is appended to the message at the source at a time
     when message is assumed or known to be correct.
Basic Cryptography                                    4–14 W (CC-Sem-3 & 4)
                                 Message Registers
                     Length
                     Counter
                                                       Round Registers
     Input message
Hash Registers
                                                                                                Data Output
                                   SHA1 Round                            +
                                    Operations
                     Padding
                      Unit
Fig. 4.18.1.
 Answer
Characteristics (requirements) of secure hash function :
1.           The hash function should be applicable on a block of data of any size.
2.           The output produced by the hash function should always be of fixed
             length.
3.           For any given message or block of data, it should be easier to generate
             the hash code.
4.           Given a hash code, it should be nearly impossible to determine the
             corresponding message or block of data.
5.           Given a message or block of data, it should not be computationally
             feasible to determine another message or block of data generating the
             same hash code as that of the given message or block of data.
6.           No two messages or blocks of data, even being almost similar, should
             be likely to have the same hash code.
 Answer
1.           In public key cryptography, the key distribution of public keys is done
             through public key servers.
2.           When a person creates a key-pair, they keep one key private and the
             other known as the public-key is uploaded to a server where it can be
             accessed by anyone to send the user a private, encrypted, message.
Basic Cryptography                                     4–16 W (CC-Sem-3 & 4)
 Answer
X.509 certificates :
1. In cryptography, X.509 is an ITU-T standard for a Public Key
    Infrastructure (PKI) for single sign-on and Privilege Management
    Infrastructure (PMI).
2. X.509 specifies, standard formats for public key certificates, certificate
    revocation lists, attribute certificates and a certification path validation
    algorithm.
3. X.509 defines a framework for the provision of authentication services
    by the X.500 directory to its user.
Computer System Security                                                        4–17 W (CC-Sem-3 & 4)
 Answer
Format of X.509 certificate :
The general format of a X.509 digital certificate is shown in Fig. 4.22.1.
                                  Version
                              Certificate serial
                                  number
                                                       Version 1
               Signature         Algorithm
               algorithm         Parameters
                                                                         Version 2
identifier
                               Issuer name
                                                                                     Version 3
                Period of
                Validity
Subject name
             Subject's        Algorithms
             public key       Parameters
             information      Key
                               Subject unique
                                 identifier
                                 Extensions
                                                               all versions
                                Algorithms
               Signature        Parameters
                                Encrypted
 Answer
PGP :
1.   PGP (Pretty Good Privacy) is an encryption algorithm that provides
     cryptographic privacy and authentication for data communication.
2.   PGP uses a combination of public-key and conventional encryption to
     provide security services for electronic mail message and data files.
3.   PGP provides five services related to the format of messages and data
     files : authentication, confidentiality, compression, e-mail compatibility
     and segmentation.
Computer System Security                             4–19 W (CC-Sem-3 & 4)
Application of PGP :
1.   PGP provides secure encryption of documents and data files that even
     advanced super computers are not able to crack.
2.   For authentication, PGP employs the RSA public-key encryption scheme
     and the MD5, a one-way hash function to form a digital signature that
     assures the receiver that an incoming messages is authentic (that it
     comes from the alleged send and that it has not been altered).
Que 4.24. Discuss the steps that are followed for the transmission
and reception of PGP messages.
 Answer
The PGP messages are transmitted from the sender to receiver using
following steps :
1.   If signature is required, the hash code of the uncompressed plaintext
     message is created and encrypted using the sender’s private key.
2.   The plaintext message and the signature are compressed using the ZIP
     compression algorithm.
3.   The compressed plaintext message and compressed signature are
     encrypted with a randomly generated session key to provide
     confidentiality. The session key is then encrypted with the recipient’s
     public key and is added to the beginning of the message.
4.   The entire block is converted to radix-64 format.
On receiving the PGP message, the receiver follows the following steps :
1.   The entire block is first converted back to binary format.
2.   The recipient recovers the session key using his or her private key, and
     then decrypts the message with the session key.
3.   The decrypted message is then decompressed.
4.   If the message is signed, the receiver needs to verify the signature. For
     this, he or she computes a new hash code and compares it with the
     received hash code. If they match, the message is accepted; otherwise, it
     is rejected.
                                 PART-3
              Real World Protocols, Basic Terminologies.
Questions-Answers
 Answer
Following are the real world protocols :
1.   SSL architecture :
     i.     The Secure Socket Layer (SSL) protocol provides exchange of
            information between a web browser and a web server in a secure
            manner.
     ii.    Its main aim is to provide entity authentication, message integrity
            and confidentiality.
     iii.   SSL is an additional layer located between the application layer and
            the transport layer of the TCP/IP protocol suite. All the major web
            browsers support SSL.
2.   S/MIME :
     i.     A secure version of MIME, S/MIME (Secure/Multipurpose Internet
            Mail Extensions), is used to support encryption of email messages.
     ii.    It is based on the MIME standard and provides the security services
            for electronic messaging applications : authentication, message
            integrity and data security.
     iii.   S/MIME uses public key cryptography to sign and encrypt e-mail.
     iv.    Every participant has two keys :
            a.   A private key, which is kept secret.
            b.   A public key, which is available to everyone.
     iv.    The following steps are taken in order to create a signed message :
            a.   The user writes the message as clear-text.
            b.   The message digest is being calculated using SHA-1 or MD5.
            c.   The message digest is being encrypted using the signer’s private
                 key (DSS or RSA).
3.   PGP : Refer Q. 4.23, Page 4–18W, Unit-4.
4.   SET :
     i.     Secure Electronic Transaction (SET) is a standard protocol for
            securing credit card transactions over insecure networks, i.e., the
            internet.
     ii.    SET is not a payment system but rather a set of security protocols
            and formats that enables users to employ the existing credit card
            payment infrastructure on an open network in a secure fashion.
     iii.   SET is based on X.509 certificates with several extensions.
     iv.    SET makes use of cryptographic techniques such as digital
            certificates and public key cryptography to allow parties to identify
            themselves to each other and exchange information securely.
Computer System Security                              4–21 W (CC-Sem-3 & 4)
 Answer
Some basic terminology used in cryptography :
1.   Plaintext : Plaintext is a readable, plain message that anyone can read.
2.   Cipher text : The transformed message or coded message
3.   Cipher : An algorithm for transforming an intelligible message into one
     that is unintelligible by transposition and/or substitution methods.
4.   Key : Some critical information used by the cipher, known only to the
     sender and receiver
5.   Encoding/Encryption : The process of converting plaintext to cipher
     text using a cipher and a key.
6.   Decoding/Decryption : The process of converting cipher text back
     into plaintext using a cipher and a key.
7.   Cryptanalysis (code breaking) : The study of principles and methods
     of transforming an unintelligible message back into an intelligible
     message without knowledge of the key.
8.   Cryptology : The combination of cryptography and cryptanalysis.
9.   Code : An algorithm for transforming an intelligible message into an
     unintelligible one using a code-book.
10. Substitution : Replacing one entity with other.
11. Transposition : Shuffling the entities.
12. Block cipher : Processes the input one block element and produce one
    output block.
13. Stream Cipher : Processes the one input element and outputs one
    element at a time.
Basic Cryptography                                    4–22 W (CC-Sem-3 & 4)
 Answer
The basic functionalities of S/MIME are :
1.   Enveloped data : S/MIME supports enveloped data, which consists of
     the message containing any type of contents in encrypted form and the
     encryption key encrypted with receiver’s public key.
2.   Signed data : This consists of the message digest encrypted using the
     sender's private key. This signed message can only be viewed by the
     receivers who have S/MIME capability.
3.   Clear-signed data : This functionality is similar to the signed data that
     allows the receivers to view the contents of the message even if they do
     not have S/MIME capability. However, they cannot verify the signature.
4.   Signed and enveloped data : In this, S/MIME allows nesting of signed-
     only and encrypted-only entities, so that the encrypted data can be
     signed, and signed or clear-signed data can be encrypted.
                                 PART-4
                 Email Security Certificates, Transport
                   Layer Security TLS, IP Security.
Questions-Answers
 Answer
1.   Email security refers to the collective measures used to secure the
     access and content of an email account or service.
2.   It allows an individual or organization to protect the overall access to
     one or more email addresses/accounts.
3.   Email security is a term that encompasses multiple techniques used to
     secure an email service.
4.   It also implements firewall and software-based spam filtering applications
     to restrict unsolicited, untrustworthy and malicious email messages
     from delivery to a user’s inbox.
5.   SSL, TLS refers to the standard protocol used to secure email
     transmission.
Computer System Security                                   4–23 W (CC-Sem-3 & 4)
 Answer
1.   Email certificates (S/MIME certificates), are digital certificates that can
     be used to sign and encrypt email messages.
2.   When we encrypt an email using an email certificate, only the person
     that we sent it to can decrypt and read the email. The recipient can also
     be sure that the email has not been changed in any way.
3.   An email certificate is a digital file that is installed to our email application
     to enable secure email communication.
4.   S/MIME (Secure/Multipurpose Internet Mail Extension) is a certificate
     that allows users to digitally sign their email communications as well as
     encrypt the content and attachments included in them.
5.   An S/MIME email certificate allows us to :
     a.   Encrypt our emails so that only our intended recipient can access
          the content of the message.
     b.   Digitally sign our emails so the recipient can verify that the email
          was, in fact, sent by you and not a phisher posing as you.
 Answer
1.   Transport Layer Security (TLS) is a protocol that provides communication
     security between client/server applications that communicate with each
     other over the Internet.
2.   It enables privacy, integrity and protection for the data that is transmitted
     between different nodes on the Internet.
3.   TLS is a successor to the Secure Socket Layer (SSL) protocol.
4.   Transport Layer Security (TLS) is a protocol that provides authentication,
     privacy, and data integrity between two communicating computer
     applications.
5.   It is the most widely-deployed security protocol used for web browsers
     and other applications that require data to be securely exchanged over
     a network, such as web browsing sessions, file transfers, VPN
     connections, remote desktop sessions, and Voice over IP (VoIP).
6.   TLS is a cryptographic protocol that provides end-to-end communications
     security over networks and is widely used for internet communications
     and online transactions.
7.   TLS primarily enables secure Web browsing, applications access, data
     transfer and most Internet-based communication.
Basic Cryptography                                     4–24 W (CC-Sem-3 & 4)
Que 4.31.     What are the components of TLS ? Explain the working
of TLS.
 Answer
1.   TLS is used on top of a transport layer security protocol like TCP.
2.   There are three main components to TLS :
     a.   Encryption : It hides the data being transferred from third parties.
     b.   Authentication : It ensures that the parties exchanging
          information are who they claim to be.
     c.   Integrity : It verifies that the data has not been forged or tampered
          with.
Working of TLS :
1.   A TLS connection is initiated using a sequence known as the TLS
     handshake.
2.   The TLS handshake establishes a cipher suite for each communication
     session.
3.   The cipher suite is a set of algorithms that specifies details such as which
     shared encryption keys, or session keys, will be used for that particular
     session.
4.   TLS is able to set the matching session keys over an unencrypted channel
     known as public key cryptography.
5.   The handshake also handles authentication, which usually consists of
     the server proving its identity to the client. This is done using public
     keys.
6.   Public keys are encryption keys that use one-way encryption, meaning
     that anyone can unscramble data encrypted with the private key to
     ensure its authenticity, but only the original sender can encrypt data
     with the private key.
Computer System Security                                4–25 W (CC-Sem-3 & 4)
 Answer
i.     IP Security (IPSec) is a collection of protocols designed by the Internet
       Engineering Task Force (IETF) to provide security for a packet at the
       network layer.
ii.    IPSec is a capability that can be added to either version of the Internet
       Protocol (IPv4 or IPv6), by means of additional headers.
iii.   IPSe c e nco mpasses three functional are as : authe nticatio n,
       confidentiality, and key management.
       a. The authentication mechanism assures that a received packet
            was transmitted by the party identified as the source in the packet
            header.
       b. The confidentiality facility enables communicating nodes to
            encrypt messages to prevent eavesdropping by third party.
       c. The key management facility is concerned with the secure
            exchange of keys.
iv.    IPSec has two modes of operation :
       a. Transport mode : It is the default mode of IPSec which provide
            end-to-end security. It can secure communication between a client
            and a server.
       b. Tunnel mode : Tunnel mode is used between two routers, between
            a host and a router, or between a router and a host. It is used when
            either the sender or the receiver is not a host.
v.     IPSec uses two protocols for message security :
       a. Authentication Header (AH) : It covers the packet format and
            general issues related to the use of AH for packet authentication.
       b. Encapsulating Security Payload (ESP) : It covers the packet
            format and general issues related to the use of the ESP for packet
            encryption and, optionally, authentication.
 Answer
Applications of IP security :
1.     Secure remote Internet access : Using IPSec, we can make a local
       call to our Internet Service Provider (ISP) so as to connect to our
       organization’s network in a secure manner from our home or hotel.
Basic Cryptography                                    4–26 W (CC-Sem-3 & 4)
Answer
1.   IPSec is transparent to the end users. There is no need for user training,
     key revocation.
2.   When IPSec is configured to work with a firewall, it becomes the only
     entry-exit point for all traffic making it extra secure.
3.   IPSec works at the network layer. Hence, no changes are needed to the
     upper layers i.e., application and transport.
4.   When IPSec is implemented in a firewall or a router, all the outgoing
     and incoming traffic gets protected.
5.   IPSec can allow traveling staff to have secure access to the corporate
     network.
6.   IPSec allows interconnectivity between branches/offices in a very
     inexpensive manner.
 Answer
IPsec can be used :
1.   To encrypt application layer data.
2.   To provide security for routers sending routing data across the public
     internet.
3.   To provide authentication without encryption, like to authenticate that
     the data originates from a known sender.
4.   To protect network data by setting up circuits using IPsec tunneling in
     which all data is being sent between the two endpoints is encrypted, as
     with a Virtual Private Network (VPN) connection.
Answer
Components of IP security :
1.   Encapsulating Security Payload (ESP) : It provides data integrity,
     encryption, authentication and anti replay. It also provides authentication
     for payload.
2.   Authentication Header AH :
     a.   It also provides data integrity, authentication and anti-replay and it
          does not provide encryption.
     b.   The anti-replay protection protects against unauthorized
          transmission of packets. It does not protect data’s confidentiality.
3.   Internet Key Exchange (IKE) :
     a.   It is a network security protocol designed to dynamically exchange
          encryption keys and find a way over Security Association (SA)
          between two devices.
     b.   The Security Association (SA) establishes shared security attributes
          between two network entities to support secure communication.
     c.   Internet Security Association and Key Management Protocol
          (ISAKMP) provide a framework for authentication and key
          exchange.
     d.   It tells how the set up of the Security Associations (SAs) and how
          direct connections between two hosts that are using IPsec.
     e.   Internet Key Exchange (IKE) provides message content protection
          and also an open frame for implementing standard algorithms such
          as SHA and MD5.
 Answer
Working of IP security :
1.   The host checks if the packet should be transmitted using IPsec or not.
     These packet traffic triggers the security policy for themselves. This is
     done when the system sending the packet apply an appropriate
     encryption. The incoming packets are also checked by the host that they
     are encrypted properly or not.
2.   Then the IKE Phase I starts in which the two hosts (using IPsec)
     authenticates themselves to each other to start a secure channel. It has
     two modes. The main mode which provides the greater security and the
     aggressive mode which enables the host to establish an IPsec circuit
     more quickly.
Basic Cryptography                                     4–28 W (CC-Sem-3 & 4)
3.   The channel created in the last step is then used to securely negotiate
     the way the IP circuit will encrypt data across the IP circuit.
4.   Now, the IKE Phase 2 is conducted over the secure channel in which
     the two hosts negotiate the type of cryptographic algorithms to use on
     the session and agreeing on secret keying material to be used with
     those algorithms.
5.   Then the data is exchanged across the newly created IPsec encrypted
     tunnel. These packets are encrypted and decrypted by the hosts using
     IPsec SAs.
6.   When the communication between the hosts is completed or the session
     times out then the IPsec tunnel is terminated by discarding the keys by
     both the hosts.
                                  PART-5
                                DNS Security.
Questions-Answers
 Answer
1.   Domain Name Server is a prominent building block of the Internet. It is
     developed as a system to convert alphabetical names into IP addresses,
     allowing users to access websites and exchange emails.
2.   DNS is organized into a tree-like infrastructure where the first level
     contains topmost domains, such as .com and .org.
3.   The second level nodes contain general, traditional domain names.
4.   The leaf nodes on this tree are known as hosts.
5.   DNS works similar to a database which is accessed by millions of computer
     systems in trying to identify which address is most likely to solve a user’s
     query.
5.   In DNS attacks, hackers will target the servers which contain the domain
     names.
7.   In other cases, these attackers will try to determine vulnerabilities within
     the system itself and exploit them for their own benefits.
Que 4.39.     How DNS security works ?
 Answer
1.   The DNS turns domain names, or website names, into internet protocol
     (IP) addresses.
Computer System Security                           4–29 W (CC-Sem-3 & 4)
2.   These are unique identifiers that help computers around the world
     access the information quickly.
3.   DNS security adds a set of extensions for increased protection.
4.   These security extensions include :
     a. Origin authentication of DNS data : This ensures that the
         recipient of the data can verify the source.
     b. Authenticated denial of existence : This tells a resolver.
     c. Data integrity : This assures the data recipient that the data has
         not been changed in transit.
Que 4.40.    Explain the DNS security threats.
 Answer
Common DNS security threats are :
1. Distributed Denial of service (DDoS) :
   a. The attacker controls an overwhelming amount of computers
       (hundreds or thousands) in order to spread malware and flood the
       victim’s computer with unnecessary and overloading traffic.
   b. Eventually, unable to harness the power necessary to handle the
       intensive processing, the systems will overload and crash.
2. DNS spoofing (also known as DNS cache poisoning) :
   a. Attacker will drive the traffic away from real DNS servers and
       redirect them to a pirate server, unrecognized to the users.
   b. This may cause in the corruption/theft of a user’s personal data.
3. Fast flux :
   a. Fast flux is a technique to constantly change location-based data in
       order to hide where exactly the attack is coming from.
   b. This will mask the attacker’s real location, giving him the time
       needed to exploit the attack.
   c. Flux can be single or double or of any other variant. A single flux
       changes address of the web server while double flux changes both
       the address of web server and names of DNS serves.
4. Reflected attacks :
   a. Attackers will send thousands of queries while spoofing their own
       IP address and using the victim’s source address.
   b. When these queries are answered, they will all be redirected to the
       victim himself.
5. Reflective amplification DoS :
   a. When the size of the answer is considerably larger than the query
       itself a flux is triggered, causing an amplification effect.
   b. This generally uses the same method as a reflected attack, but this
       attack will overwhelm the user’s system’s infrastructure further.
 Answer
Measures against DNS attacks :
1. Use digital signatures and certificates to authenticate sessions in order
   to protect private data.
2. Update regularly and use the latest software versions, such as BIND.
   BIND is open source software that resolves DNS queries for users.
3. Install appropriate patches and fix faulty bugs regularly.
4. Replicate data in a few other servers, so that if data is corrupted/ lost in
   one server, it can be recovered from the others. This could also prevent
   single point failure.
5. Block redundant queries in order to prevent spoofing.
6. Limit the number of possible queries.
Que 4.42.     Explain SSL encryption. What are the steps involved in
 Answer
SSL encryption :
1. SSL (Secure Sockets Layer), is an encryption-based Internet security
    protocol.
2. It is used for the purpose of ensuring privacy, authentication, and data
    integrity in Internet communications.
3. In order to provide a high degree of privacy, SSL encrypts data that is
    transmitted across the web. This means that anyone who tries to
    intercept this data will only see a garbled mix of characters.
4. SSL initiates an authentication process called a handshake between
    two communicating devices to ensure that both devices are really who
    they claim to be.
5. SSL also digitally signs data in order to provide data integrity, verifying
    that the data is not tampered, before reaching its intended recipient.
Steps involved in SSL server authentication are :
1. The client requests access from the server to a specific user account,
    and also sends the user’s certificate containing a public key to the
    server.
2. The server checks the CA (Certification of Authority) signature in the
    certificate and consults a local database to see if the CA is trusted. If
    not, the certificate is rejected and the user is not authenticated.
3. The server checks the validity of the certificate, for example, by
    consulting a Certificate Revocation List (CRL) published by the CA. If
    the certificate has been revoked or has expired, the certificate is rejected.
4. The client signs a value with the user’s private key.
5. The server verifies the signature with the user’s public key.
6. If the signature is successfully verified, the user is authenticated, and
    the server can move on to authorizing the user, or giving access to the
    relevant parts of the system.
Computer System Security                             4–31 W (CC-Sem-3 & 4)
 Answer
Asymmetric algorithms : Refer Q. 4.1, Page 4–2W, Unit-4.
Advantages and disadvantages : Since RSA is an asymmetric algorithm.
Hence for advantages and disadvantages Refer Q. 4.7, Page 4–6W, Unit-4.
Que 4.44.    What is DES ? Why were double and triple DES created
 Answer
DES :
1. The DES has a 64-bit block size and uses a 56-bit key during execution
    (8 parity bits are stripped off from full 64-bit key). DES is a symmetric
    cryptosystem, specifically a 16-round Feistel cipher.
2. A block to be enciphered is subjected to an initial permutation IP and
    then to a complex key-dependent computation and finally to a
    permutation which is the inverse of the initial permutation IP–1.
3. Permutation is an operation performed by a function, which moves an
    element at place j to the place k.
4. The key-dependent computation can be simply defined in terms of a
    function f, called the cipher function, and a function KS, called the key
    schedule.
Reason for creation :
1. Since DES uses 56 bit key to encrypt any plain text which can easily be
    cracked by using modern technologies.
2. To prevent this from happening, double DES and triple DES were
    created which are much more secured than the original DES because
    it uses 112 and 168 bit keys respectively. They offer much more security
    than DES.
Double DES :
1. Double DES is an encryption technique which uses two instance of
    DES on same plain text. In both instances it uses different keys to
    encrypt the plain text.
2. Both keys are required at the time of decryption. The 64 bit plain text
    go es into first DES instance which than conve rte d into a
    64 bit middle text using the first key and then it goes to second DES
    instance which gives 64 bit cipher text by using second key.
3. However double DES uses 112 bit key but gives security level of 256 not
    2112 and this is because of meet-in-the middle attack which can be used
    to break through double DES.
Triple DES :
1. In triple DES, three stages of DES are used for encryption and
    decryption of messages.
Basic Cryptography                                                  4–32 W (CC-Sem-3 & 4)
2.   This increases the security of DES. Two versions of triple DES are :
     a. Triple DES with two keys :
         1. In triple DES with two keys, there are only two keys K1 and
              K2. The first and the third stages use the key K1 and the
              second stage uses K2.
         2. The middle stage of triple DES uses decryption (reverse cipher)
              in the encryption site and encryption cipher in the decryption
              site.
                       P    64-bit plaintext            P     64-bit plaintext
                                                                                      Decryption
          Encryption
Que 4.45.      Write short note on secret key cryptography. Also list
its advantages, disadvantages and examples.
                                                 AKTU 2019-20, Marks 10
 Answer
1.   Secret key cryptography refers to cryptographic system that uses the
     same key to encrypt and decrypt data.
2.   This means that all parties involved have to know the key to be able to
     communicate securely i.e., decrypt encrypted messages to read them
     and encrypt messages they want to send.
3.   Therefore the key, being shared among parties, but having to stay
     secret to third parties in order to keep communications private is
     considered as a shared secret.
Advantages of secret key cryptography :
1.   It is efficient.
2.   In secret key cryptography, encrypted data can be transferred on the
     link even if there is a possibility that the data will be intercepted. Since
     there is no key transmitted with the data, the chances of data being
     decrypted are null.
3.   It uses password authentication to prove the receiver’s identity.
4.   A system only which possesses the secret key can decrypt a message.
Disadvantages of secret key cryptography :
1.   It has a problem of key transportation.
2.   It cannot provide digital signatures that cannot be repudiated.
Examples of secret key cryptography are :
1.   Data Encryption Standard (DES)
2.   Triple-strength DES (3DES)
3.   Rivest Cipher (RC2)
4.   Rivest Cipher 4 (RC4)
                                   
Computer System Security                                     5–1 W (CC-Sem-3 & 4)
5 Internet Infrastructure
                        CONTENTS
  Part-1   :   Internet Infrastructure, ........................... 5–2W to 5–4W
               Basic Security Problems
Questions-Answers
 Answer
1.   Internet infrastructure is the physical hardware, transmission media,
     and software used to interconnect computers and users on the Internet.
2.   Internet infrastructure is responsible for hosting, storing, processing,
     and serving the information that makes up websites, applications, and
     content.
Different internet infrastructure :
1.   Dial-up Internet Access :
     a.   Using a modem connected to our PC, users connect to the Internet
          when the computer dials a phone number (which is provided by our
          ISP) and connects to the network.
     b.   Dial-up is an analog connection because data is sent over an analog,
          public-switched telephone network.
     c.   The modem converts received analog data to digital and vice versa.
2.   Integrated Services Digital Network (ISDN) : Integrated services
     digital network (ISDN) is an international communications standard for
     sending voice, video, and data over digital telephone lines or normal
     telephone wires.
3.   Broadband ISDN (B-ISDN) :
     a.   Broadband ISDN is similar in function to ISDN but it transfers data
          over fiber optic telephone lines, not normal telephone wires.
     b.   SONET (Synchronous Optical Networking) is the physical transport
          backbone of B-ISDN.
     c.   Broadband ISDN has not been widely implemented.
4.   Digital Subscriber Line (DSL) : DSL is frequently referred to as an
     “always on” connection because it uses existing 2-wire copper telephone
     line connected to the premise so service is delivered simultaneously
     with wired telephone service.
Computer System Security                               5–3 W (CC-Sem-3 & 4)
 Answer
Advantages of TCP/IP model are :
1.   It is an industry-standard model that can be effectively deployed in
     practical networking problems.
2.   It allows cross-platform communications among heterogeneous
     networks.
3.   It is an open protocol suite.
4.   It is a scalable, client-server architecture. This allows networks to be
     added without disrupting the current services.
5.   It assigns an IP address to each computer on the network, thus making
     each device to be identifiable over the network.
Disadvantages of the TCP/IP model are :
1.   It is not generic in nature. So, it fails to represent any protocol stack
     other than the TCP/IP suite. For example, it cannot describe the Bluetooth
     connection.
2.   It does not clearly separate the concepts of services, interfaces, and
     protocols. So, it is not suitable to describe new technologies in new
     networks.
3.   It does not distinguish between the data link and the physical layers,
     which has very different functionalities. The data link layer should
     concern with the transmission of frames. On the other hand, the physical
     layer should lay down the physical characteristics of transmission.
4.   It was originally designed and implemented for wide area networks. It is
     not optimized for small networks like LAN (Local Area Network) and
     PAN (Personal Area Network).
 Answer
Following are the functions of internet protocols :
1.   Addressing :
     a. In order to perform the job of delivering datagrams, IP must know
        where to deliver them to. For this reason, IP includes a mechanism
        for host addressing.
     b. Since IP operates over internetworks, its system is designed to
        allow unique addressing of devices across arbitrarily large networks.
Internet Infrastructure                                5–4 W (CC-Sem-3 & 4)
Routing Protocols.
Questions-Answers
 Answer
1.   A routing protocol specifies how routers communicate with each other,
     distributing information that enables them to select routes between any
     two nodes on a computer network.
2.   Routers perform the traffic directing functions on the Internet, data
     packets are forwarded through the networks of the internet from router
     to router until they reach their destination computer.
3.   Routing algorithms determine the specific choice of route. Each router
     has a prior knowledge only of networks attached to it directly.
4.   A routing protocol shares this information first among immediate
     neighbours, and then throughout the network. This way, routers gain
     knowledge of the topology of the network.
Computer System Security                                 5–5 W (CC-Sem-3 & 4)
 Answer
Various types of routing protocols are :
1.   Routing Information Protocols (RIP) :
     a.   RIP is dynamic routing protocol which uses hop count as a routing
          metric to find best path between the source and destination
          network.
     b.   RIP (Routing Information Protocol) is a forceful protocol type used
          in local area network and wide area network.
     c.   RIP is categorized as an interior gateway protocol within the use of
          distance vector algorithm.
     d.   It prevents routing loops by implementing a limit on the number of
          hops allowed in the path.
2.   Interior Gateway Routing Protocol (IGRP) :
     a.   It is distance vector Interior Gateway Routing Protocol (IGRP).
     b.   It is used by router to exchange routing data within an independent
          system.
     c.   Interior gateway routing protocol created in part to defeat the
          confines of RIP in large networks.
     d.   It maintains multiple metrics for each route as well as reliability,
          delay load, and bandwidth.
     e.   It measured in classful routing protocol, but it is less popular because
          of wasteful of IP address space.
3.   Open Shortest Path first (OSPF) :
     a.   Open Shortest Path First (OSPF) is an active routing protocol used
          in internet protocol.
     b.   It is a link state routing protocol and includes into the group of
          interior gateway protocol.
     c.   It operates inside a distinct autonomous system.
     d.   It is used in the network of big business companies.
4.   Exterior Gateway Protocol (EGP) :
     a. The absolute routing protocol for internet is exterior gateway
         protocol.
     b. EGP (Exterior Gateway Protocol) is a protocol for exchanging
         routing table information between two neighbour gateway hosts.
     c. The Exterior Gateway Protocol (EGP) is unlike distance vector and
         path vector protocol.
Internet Infrastructure                                5–6 W (CC-Sem-3 & 4)
 Answer
Advantages of RIP :
1.   Easy to configure and use.
2.   Supported by all routers.
3.   Support load balancing.
Disadvantages of RIP :
1.   Limited to a hop count of 15 i.e., it can transmit packet through 15
     routers only.
2.   Does not support a Variable-Length Subnet Mask (VLSM), which means
     that it sends routing updates based only on a fixed-length subnet mask
     (FLSM) or routes that fall on classful boundaries.
3.   Converges slowly, especially on large networks.
4.   Does not have knowledge of the bandwidth of a link.
5.   Does not support multiple paths for the same route.
6.   Routing updates can require significant bandwidth, as the entire routing
     table is sent when a link’s status changes.
7.   Prone to routing loops.
Advantages of IGRP :
1.   Easy to configure and use.
2.   Uses the delay, bandwidth, reliability, and load of a link as its metric.
     This makes it very accurate in selecting the proper route.
Disadvantages of IGRP :
1.   It is not an Internet standard; all routers must be from Cisco Systems.
2.   Converges slowly, slower than RIP.
Computer System Security                                 5–7 W (CC-Sem-3 & 4)
Questions-Answers
 Answer
DNS : Refer Q. 4.38, Page 4–28W, Unit-4.
DNS rebinding attack :
1.   DNS rebinding is a form of computer attack.
2.   In this attack, a malicious web page causes visitors to run a client-side
     script that attacks machines elsewhere on the network.
Internet Infrastructure                                 5–8 W (CC-Sem-3 & 4)
 Answer
DNS rebinding works as :
1.   The attacker registers a domain (such as attacker.com) and delegates it
     to a DNS server that is under the attacker’s control.
2.   The server is configured to respond with a very short Time-To-Live
     (TTL) record, preventing the DNS response from being cached. When
     the victim browses to the malicious domain, the attacker’s DNS server
     first responds with the IP address of a server hosting the malicious
     client-side code.
3.   For instance, they could point the victim’s browser to a website that
     contains malicious JavaScript or Flash scripts that are intended to execute
     on the victim’s computer.
4.   The malicious client-side code makes additional accesses to the original
     domain name (such as attacker.com).
5.   These are permitted by the same-origin policy. However, when the
     victim’s browser runs the script it makes a new DNS request for the
     domain, and the attacker replies with a new IP address.
6.   For instance, they could reply with an internal IP address or the IP
     address of a target somewhere else on the Internet.
 Answer
Features of DNS rebinding attacks :
1.   Custom DNS server that allows rebinding the DNS name and IP address
     of the attacker’s web server to the target victim machine’s address.
2.   HTTP server serves HTML pages and JavaScript code to targeted users
     and to manage the attacks.
Computer System Security                                5–9 W (CC-Sem-3 & 4)
3.   Several sample attack payloads, ranging from grabbing the home page
     of a target application to performing remote code execution. These
     payloads can be easily adapted to perform new and custom attacks.
4.   Supports concurrent users.
5.   Provides several DNS rebinding strategies, including sequential mapping
     from the attacker to the target IP address and random mapping, to
     minimize the impact of IDS interfering with the attack.
6.   A number of technical controls to maximize the reliability and speed of
     attacks :
     a.   Disabling HTTP keep alive, caching, DNS prefetching.
     b.   Aggressive DNS response TTLs.
7.   Ability to allocate HTTP servers at startup or dynamically thereafter :
     a.   A convenience feature to avoid restarting singularity to listen on a
          different HTTP port.
     b.   To lay the ground work to attack vulnerable ports discovered after
          a scan.
 Answer
1.   DNS rebinding attacks can be prevented by validating the Host HTTP
     header on the server-side to only allow a set of whitelisted values.
2.   For services listening on the loopback interface, this set of whitelisted
     host values should only contain localhost and all reserved numeric
     addresses for the loopback interface, including 127.0.0.1.
3.   For instance, let’s say that a service is listening on address 127.0.0.1,
     TCP port 3000. Then, the service should check that all HTTP request
     Host header values strictly contain “127.0.0.1 : 3000” and/or “localhost :
     3000”.
4.   If the host header contains anything else, then the request should be
     denied.
5.   Depending on the application deployment model, we may have to
     whitelist other or additional addresses such as 127.0.0.2, another reserved
     numeric address for the loopback interface.
6.   For services exposed on the network (and for any services in general),
     authentication should be required to prevent unauthorized access.
7.   Filtering DNS responses containing private, link-local or loopback
     addresses, both for IPv4 and IPv6, should not be relied upon as a primary
     defense mechanism against DNS rebinding attacks.
8.   Singularity can bypass some filters in certain conditions, such as
     responding with a localhost record when targeting an application via the
     Google Chrome browser.
Internet Infrastructure                                5–10 W (CC-Sem-3 & 4)
 Answer
1.   Key management protocol refers to the collection of processes used for
     the generation, storage, installation, transcription, recording, change,
     disposition, and control of keys that are used in cryptography.
2.   It is essential for secure ongoing operation of any cryptosystem.
3.   The various functions of key management protocol are :
     a.   Generation : This process involves the selection of a key that is
          used for encrypting and decrypting the messages.
     b.   Distribution : This process involves all the efforts made in carrying
          the key from the point where it is generated to the point where it is
          to be used.
     c.   Installation : This process involves getting the key into the storage
          of the device or the process that needs to use this key.
     d.   Storage : This process involves maintaining the confidentiality of
          stored or installed keys while preserving the integrity of the storage
          mechanism.
     e.   Change : This process involves ending with the use of the key and
          starting with the use of another key.
     f.   Control : This process refers to the ability to implement a directing
          influence over the content and use of the key.
 Answer
Advantages :
1.   In key management protocol, less than N – 1 keys are stored.
2.   It is scalable.
Disadvantages :
1.   It lacks authentication process and does not clearly define any process
     for revoking or refreshing keys.
2.   The dynamic handshaking process prevents any form of data
     aggregation.
3.   No support for collaborative operations.
4.   No node is guaranteed to have common key with all of its neighbours
     there is a chance that some nodes are unreachable.
5.   Fails to satisfy security requirement authentication and operational
     requirement accessibility.
Computer System Security                             5–11 W (CC-Sem-3 & 4)
Que 5.13. What are the security and operational requirements for
key management protocol ?
 Answer
Security and operational requirements for key management
protocol :
1. Confidentiality : Nodes should not reveal data to any unintended
    recipients.
2.   Integrity : Data should not be changed between transmissions due to
     environment or malicious activity.
3.   Data freshness : Old data should not be used as new.
4.   Authentication : Data used in decision making process should originate
     from correct source.
5.   Robustness : When some nodes are compromised, the entire network
     should not be compromised.
6.   Self-organization : Nodes should be flexible enough to be self-
     organizing (autonomous) and self-healing (failure tolerant).
7.   Availability : Network should not fail frequently.
8.   Time synchronization : Protocols should not be manipulated to produce
     incorrect data.
9.   Secure localization : Nodes should be able to accurately and securely
     acquire location information.
10. Accessibility : Intermediate nodes should be able to perform data
    aggregation by combining data from different nodes.
 Answer
Virtual Private Network (VPN) :
1.   A Virtual Private Network (VPN) is a technology that creates a safe and
     encrypted connection over a less secure network, such as the internet.
2.   It is a way to extend a private network using a public network such as
     internet.
3.   The name only suggests that it is Virtual private network i.e., user can
     be the part of local network sitting at a remote location.
4.   It makes use of tunneling protocols to establish a secure connection.
Tunnel mode :
1.   In IPSec tunnel mode, the original IP packet (IP header and the Data
     payload) is encapsulated within another packet.
Internet Infrastructure                              5–12 W (CC-Sem-3 & 4)
Questions-Answers
 Answer
1.   The link layer in the TCP/IP model is a descriptive field networking
     protocols that operate only on the local network segment (link) that a
     host is connected to. Such protocol packets are not routed to other
     networks.
2.   The link layer includes the protocols that define communication between
     local (on-link) network nodes which fulfill the purpose of maintaining
     link states between the local nodes, such as the local network topology,
     and that usually use protocols that are based on the framing of packets
     specific to the link types.
3.   The core protocols specified by the Internet Engineering Task Force
     (IETF) in this layer are the Address Resolution Protocol (ARP), the
     Reverse Address Resolution Protocol (RARP), and the Neighbour
     Discovery Protocol (NDP).
4.   The link layer of the TCP/IP model is often compared directly with the
     combination of the data link layer and the physical layer in the Open
     Systems Interconnection (OSI) protocol stack. Although they are
     congruent to some degree in technical coverage of protocols, they are
     not identical.
5.   In general, direct or strict comparisons should be avoided, because the
     layering in TCP/IP is not a principal design criterion and in general is
     considered to be harmful.
 Answer
1.   A firewall defines a single choke point that keeps unauthorized users
     out of the protected network, prohibits potentially vulnerable services
     from entering or leaving the network, and provides protection from
     various kinds of IP spoofing and routing attacks.
2.   The use of a single choke point simplifies security management because
     security capabilities are consolidated on a single system or set of systems.
3.   A firewall provides a location for monitoring security-related events.
     Audits and alarms can be implemented on the firewall system.
4.   A firewall is a convenient platform for several Internet functions that
     are not security related. These include a network address translator,
     which maps local addresses to Internet addresses, and a network
     management function that audits or logs Internet usage.
5.   A firewall can serve as the platform for IPSec. Using the tunnel mode
     capability, the firewall can be used to implement virtual private
     networks.
 Answer
Packet filtering firewall :
1.   Packet filtering firewall is a technique used to control network access by
     monitoring outgoing and incoming packets.
2.   Packet filtering firewall allows packet to pass or halt based on the source
     and destination Internet Protocol (IP) address, protocols and ports.
Advantages :
1.   They are simple, since a single rule is enough to indicate whether to
     allow or deny the packet.
2.   They are transparent to the users i.e., the users need not know the
     existence of packet filters.
3.   They operate at a fast speed as compared to other techniques.
4.   The client computers need not be configured specially while
     implementing packet-filtering firewalls.
5.   They protect the IP addresses of internal hosts from the outside network.
Disadvantages :
1.   They are unable to inspect the application layer data in the packets and
     thus, cannot restrict access to FTP services.
2.   It is a difficult task to set up the packet-filtering rules correctly.
3.   They lack support for authentication and have no alert mechanisms.
Internet Infrastructure                                5–14 W (CC-Sem-3 & 4)
4.   Being stateless in nature, they are not well suited to application layer
     protocols.
 Answer
1.   Telnet is a user command and an underlying TCP/IP protocol for
     accessing remote computers.
2.   Through Telnet, an administrator or another user can access someone
     else’s computer remotely.
3.   With Telnet, we log on as a regular user with whatever privileges we
     may have been granted to the specific application and data on that
     computer.
4.   At the Telnet client, a character that is typed on the keyboard is not
     displayed on the monitor, but, instead, is encoded as an ASCII character
     and transmitted to a remote Telnet server.
5.   At the server, the ASCII character is interpreted as if a user had typed
     the character on the keyboard of the remote machine. If the keystroke
     results in any output, this output is encoded as (ASCII) text and sent to
     the Telnet client, which displays it on its monitor.
6.   The output can be just the (echo of the) typed character or it can be the
     output of a command that was executed at the remote Telnet server.
 Answer
1.   Fragmentation is done by the network layer when the maximum size of
     datagram is greater than maximum size of data that can be held a frame
     i.e., it’s Maximum Transmission Unit (MTU).
2.   The network layer divides the datagram received from transport layer
     into fragments so that data flow is not disrupted.
3.   It is done by network layer at the destination side and is usually done at
     routers.
4.   Source side does not require fragmentation due to segmentation by
     transport layer i.e., the transport layer looks at datagram data limit and
     frame data limit and does segmentation in such a way that resulting
     data can easily fit in a frame without the need of fragmentation.
5.   Receiver identifies the frame with the identification (16 bits) field in IP
     header. Each fragment of a frame has same identification number.
6.   Receiver identifies sequence of frames using the fragment offset
     (13 bits) field in IP header.
7.   An overhead at network layer is present due to extra header introduced
     due to fragmentation.
Computer System Security                               5–15 W (CC-Sem-3 & 4)
 Answer
1.   Proxy firewalls are the most secure types of firewalls, as they can limit
     which applications our network can support.
2.   The enhanced security of a proxy firewall is because information packets
     do not pass through a proxy. Instead the proxy acts as an intermediary;
     computers make a connection to the proxy which then initiates a new
     network connection based on the request.
3.   This prevents direct connections and packet transfer between either
     sides of the firewall, which makes it harder for intruders to discover
     where the location of the network is from packet information.
4.   A firewall proxy provides internet access to computers on a network but
     is mostly deployed to provide safety or security by controlling the
     information going in and out of the network.
5.   Firewall proxy servers filter, cache, log, and control requests coming
     from a client to keep the network secure and free of intruders and
     viruses.
 Answer
1.   Intrusion detection refers to the process of identifying attempts to
     penetrate a system and gain unauthorized access.
2.   An intrusion detection system is a software/hardware designed to detect
     unwanted attempts at accessing of target application or system.
3.   If an intrusion is detected quickly enough, the intruder can be identified
     and ejected from the system before any damage is done or any data are
     compromised.
4.   Even if the detection is not sufficiently time to preempt the intruder, the
     sooner that the intrusion is detected, the less the amount of damage and
     more quickly recovery can be achieved.
5.   An effective intrusion detection system can serve as a barrier to
     intrusions.
6.   Intrusion detection enables the collection of information about intrusion
     techniques that can be used to strengthen the intrusion prevention
     facility.
 Answer
Two approaches for intrusion detection are :
1.   Statistical anomaly detection : In this category, the behaviour of
     legitimate users is evaluated over some time interval. It can be achieved
     by two ways :
     a.   Threshold detection :
          i.     In threshold detection, thresholds are defined for all users as a
                 group, and the total numbers of events that are attributed to
                 the user are measured against these threshold values.
          ii.    The number of events is assumed to round upto a number that
                 is most likely to occur, and if the event count exceeds this
                 number, then intrusion is said to have occurred.
     b.   Profile-based detection :
          i.     In profile-based detection, profiles for all users are created,
                 and then matched with available statistical data to find out if
                 any unwanted action has been performed.
          ii.    A user profile contains several parameters. Therefore, change
                 in a single parameter is not a sign of alert.
2.   Rule-based detection : In this category, certain rules are applied on
     the actions performed by the users. It is classified into two types :
     a.   Anomaly-based detection :
          i.     In anomaly-based detection, the usage patterns of users are
                 collected, and certain rules are applied to check any deviation
                 from the previous usage patterns.
          ii.    The collected patterns are defined by the set of rules that
                 includes past behaviour patterns of users, programs, privileges,
                 time-slots, terminals, etc.
          iii.   The current behaviour patterns of the user are matched with
                 the defined set of rules to check whether there is any deviation
                 in the patterns.
     b.   Penetration identification :
          i.     In penetration identification, an expert system is maintained
                 that looks for any unwanted attempts.
          ii.    This system also contains rules that are used to identify the
                 suspicious behaviour and penetrations that can exploit known
                 weaknesses.
Que 5.23. What is domain name system and explain what is DNS
 Answer
Domain name system :
1.   The Domain Name System (DNS) is a hierarchical and decentralized
     naming system for computers, services, or other resources connected
     to the Internet or a private network.
2.   It associates various information with domain names assigned to each
     of the participating entities.
3.   The domain name system resolves the names of websites with their
     underlying IP addresses adding efficiency and even security in the
     process.
4.   Web browsing and most other internet activities depend on DNS to
     quickly provide the information necessary to connect users to remote
     hosts.
5.   DNS mapping is distributed throughout the internet in a hierarchy of
     authority.
6.   For example, if we type www.google.com into a web browser, a server
     behind the scenes will map that name to the corresponding IP address,
     something similar in structure to 172.217.24.228.
DNS cache poisoning : DNS cache poisoning also known as 'DNS spoofing',
is a form of computer security hacking in which corrupt domain name
system data is introduced into the DNS resolver’s cache causing the name
server to return an incorrect result record. For example, an IP address.
                                
Computer System Security                             SQ–1 W (CC-Sem-3 & 4)
      1                                 Introduction
                                 (2 Marks Questions)
  1.15. Define the term server - side attack and insider attack.
  Ans. Server-side attack : Server-side attacks are launched directly
            from an attacker (the client) to a listening service.
            Insider attack : An insider attack is a malicious attack executed
            on a network or computer system by a person with authorized
            system access.
                                 
Computer System Security                           SQ–5 W (CC-Sem-3 & 4)
      2                              Confidentiality
                                            Policies
                                 (2 Marks Questions)
  Ans. Effective user ID is same as real user ID, but sometimes it is changed
          to enable a non-privileged user to access files that can only be
          accessed by root.
                                  
Computer System Security                            SQ–9 W (CC-Sem-3 & 4)
Secure Architecture
      3
      UNIT
                               Principles Isolation
                                          and Leas
                               (2 Marks Questions)
                                  
Computer System Security                              SQ–13 W (CC-Sem-3 & 4)
       4
       UNIT
                                  Basic Cryptography
                                  (2 Marks Questions)
    4.5. What are the requirements for the use of a public key
         certificates scheme ?
2 Marks Questions                                    SQ–14 W (CC-Sem-3 & 4)
  4.16. Write down the different ways the public key can be
          distributed.
  Ans. Different ways the public key can distributed are :
       i. Public announcement
      ii. Publically available directory
     iii. Public key authority
                                 
2 Marks Questions                                  SQ–18 W (CC-Sem-3 & 4)
      3
      5
      UNIT
                        Internet Infrastructure
                           (2 Marks Questions)
  5.14. What are the difference between HTTPs, SSL and TLS ?
                                               AKTU 2019-20, Marks 02
  Ans.
 S. No.       HTTPs                   SSL                  TLS
  1.      It is hype rte xt     It is secure socket   It is transport layer
          transfer protocol     layer.                security.
          with secure.
  2.      It is se cure and     The SSL versions      TLS is more secure
          reliable.             are less secure.      than SSL.
  3.      It uses port number   It uses port number   It uses port number
          443 by default.       25.                   465.
                                  
Computer System Security                      SP–1 W (CC-Sem-3 & 4)
                    B.Tech.
      (SEM. III) ODD SEMESTER THEORY
            EXAMINATION, 2019-20
        COMPUTER SYSTEM SECURITY
Section-A
Section-B
     c. What is Access Control list (ACL) and also define what are
        the technologies used in access control ?
Solved Paper (2019-20)                       SP–2 W (CC-Sem-3 & 4)
Section-C
                             
Computer System Security                              SP–3 W (CC-Sem-3 & 4)
Section-A
Section-B
     6. At the same time, the defender has to secure the entire attack
        surface from every possible attack all the time.
     7. Also the cost to attack a system is only a fraction of the cost to
        defend it.
     8. This is one of the reasons why security is so hard, even though over
        the years there is significant improvement in security technologies.
    c. What is Access Control list (ACL) and also define what are
       the technologies used in access control ?
  Ans. Access control list :
    a. An access-control list is a list of permissions attached to an object.
    b. An ACL specifies which users or system processes are granted
       access to objects, as well as what operations are allowed on given
       objects.
    c. Each entry in a typical ACL specifies a subject and an operation.
    d. An access control list (ACL) is a table that tells a computer operating
       system which access rights each user has to a particular system
       object, such as a file directory or individual file.
    e. Each object has a security attribute that identifies its access control
       list.
       Access control technology includes :
    1. Access Technology Architectures :
       a. Internet of Things (IoT) access control
       b. Physical Access Control System (PACS)
    2. Communications technologies :
       a. Radio Frequency Identification (RFID) access control
       b. Near Field Communication (NFC) access control
       c. Bluetooth Access Control (BAC) access control
       d. Wireless access control technology.
    3. Authentication technologies :
       a. Biometric access control technology
       b. Smart card access control technology
       c. Mobile Access Control (MAC) access control
       d. Two Factor Authentication in access control .
    4. Infrastructure technologies :
       a. Internet switches for access technology
       b. CAT6 Cable access control technology
       c. Power over Ethernet (PoE) access control
       d. IP based Access Control.
              2                             Website                  3
                                            visitor
                                                                         A visitor clicks
 Perpetrator embeds                                                      on the link,
 the request into a                                                      inadvertently
 hyperlink and sends                                                     sending the
 it to visitors who may                                                  request to the
 be logged into the site     4   Website validates request               website
                                 and transfers funds from
                                 the visitors account to the
                                 perpetrator
               Perpetrator                                          Website
   1
    Perpetrator forges a request for
    a fund transfer to a website
                                        Fig. 1.
       4. If the victim is a normal user, a successful CSRF attack can force
          the user to perform state changing requests like transferring funds,
          changing their email address, and so forth.
       5. If the victim is an administrative account, CSRF can compromise
          the entire web application.
       6. Cross-Site Request Forgery (CSRF) is an attack vector that tricks a
          web browser into executing an unwanted action in an application
          to which a user is logged in.
       7. A successful CSRF attack can be devastating for both the business
          and user. It can result in damaged client relationships, unauthorized
          fund transfers, changed passwords and data theft-including stolen
          session cookies.
       8. As the unsuspecting user is authenticated by their application at
          the time of the attack, it is impossible to distinguish a legitimate
          request from a forged one.
          Defense against cross site request forgery :
          We can prevent CSRF attack in two ways :
       1. On user side : User side prevention is very inefficient in terms of
          browsing experience, prevention can be done by browsing only a
          single tab at a time and not using the remember-me functionality.
       2. On server side :
       a. There are many proposed ways to implement CSRF protection on
          server side, among which the use of CSRF tokens is most popular.
       b. A CSRF token is a string that is tied to a user’s session but is not
          submitted automatically.
Solved Paper (2019-20)                              SP–8 W (CC-Sem-3 & 4)
Section-C
     2. The private key is kept by the receiver. The public key is announced
        to the public.
     3. In Fig. 2 imagine Aaditya wants to send a message to Jyoti. Aaditya
        uses the public key to encrypt the message. When the message is
        received by Jyoti, the private key is used to decrypt the message.
     4. In public key encryption/decryption, the public key that is used for
        encryption is different from the private key that is used for
        decryption.
                                       To the public
                                                         Jyoti’s public key
                                                         Jyoti’s private key
           Aaditya                                     Jyoti
   Plaintext                  Ciphertext
                 Encryption                Decryption     Plaintext
                                                                                  Decryption
      Encryption
Single Kernel
Hardware
                                     Fig. 5.
    B. Guest OS :
    1. Virtual machines run within an application that is running as a
       standard application under the operating system that executes on
       the physical host system.
    2. This application manages the virtual machines, mediates access to
       the hardware resources on the physical host system, and intercepts
       and handles any privileged or protected instructions issued by the
       virtual machines.
    3. Fig. 6 illustrates this approach to virtualization.
    4. This type of virtualization typically runs virtual machines whose
       operating system, libraries, and utilities have been compiled for
       the same type of processor and instruction set as the physical
       machine on which the virtual systems are running.
Virtualization Application
Hardware
                                     Fig. 6.
    C. Hypervisor :
    1. A hypervisor is a low-level virtual machine monitor that loads
       during the boot process, before the virtual machines, and runs
       directly on the physical hardware, as shown in Fig. 7.
Solved Paper (2019-20)                                          SP–16 W (CC-Sem-3 & 4)
                               Virtual
                              Machine       Virtual   Virtual
                             or Console     Machine   Machine
                                with
                           Administrative
                              Control
Hypervisor
Hardware
                                       Fig. 7.
     2. The hypervisor handles requests for access to hardware resources
        on the physical host system, traps and handles protected or
        privileged instructions, and so on.
     3. Hypervisor-based virtualization runs virtual machines whose
        operating system, libraries, and utilities have been compiled for
        the same hardware and instruction set as the physical machine on
        which the virtual systems are running.
     4. Hype rvisors are use d to suppo rt virtual machine s in
        “paravirtualization,” “full virtualization,” and “hardware
        virtualization” environments.
                                 
              ST U D YZONE A D I T YA .COM
                www.studyzoneaditya.com