1.

Three Security Goals in Cybersecurity

1. Confidentiality:-
Confidentiality ensures that sensitive information is accessed only by
authorized individuals and not disclosed to unauthorized parties.
Example:-Encryption is used to keep data confidential while transmitting
over the internet. Usernames and passwords also enforce confidentiality.
Purpose:
• Prevent unauthorized access to data.
• Maintain privacy.
• Protect personal or classified information.
2. Integrity:-
Integrity ensures that the information remains accurate, consistent, and
unaltered during storage, transmission, or processing.
Example:-Using checksums, hashes (like SHA-256), or digital signatures
to verify that data hasn’t been tampered with.
Purpose:
• Detect unauthorized changes.
• Maintain trustworthiness and correctness of data.
• Prevent data corruption or unauthorized modification.
3. Availability:-
Availability ensures that authorized users have reliable and timely
access to information and resources when needed.
Example:-Using backup systems, redundant networks, and protection
against Denial of Service (DoS) attacks to ensure data and services are
available.
Purpose:
• Prevent service disruptions.
• Ensure uptime and functionality.

1
2.Cryptography and Its Role in Secure Communication
1. Concept of Cryptography:
Cryptography is the science and art of converting plain text into an
unreadable format called ciphertext, and vice versa, using mathematical
algorithms. Its primary aim is to ensure secure communication over
potentially insecure channels.
• Plaintext: Original message
• Ciphertext: Encrypted message
• Encryption: Process of converting plaintext into ciphertext
• Decryption: Reversing ciphertext back into plaintext using a key
2. Importance of Cryptography in Secure Communication:
Cryptography plays a critical role in protecting data and ensuring privacy
and trust. Its importance includes:

• Protecting confidentiality of data

• Ensuring data integrity (no unauthorized changes)

• Authentication of users and sources

• Non-repudiation (sender cannot deny sending a message)

• Used in email security, online banking, digital signatures,

VPNs, and secure web browsing (HTTPS)

3. Cryptographic Services:
These are the security services that cryptography provides:

Service Description Example

Ensures only authorized parties AES encryption for

Confidentiality
can access information secure messaging

Detects unauthorized data Hash functions like

Integrity
modification SHA-256

2
Service Description Example

Verifies the identity of the Digital certificates in

Authentication
sender SSL/TLS

Non- Prevents sender from denying Digital signatures in

repudiation their action legal documents

4. Cryptographic Mechanisms:- Cryptographic mechanisms are

tools and techniques used to implement cryptographic services.
a) Symmetric Key Cryptography
• Same key for encryption and decryption
• Example: AES, DES
• Fast but key distribution is a challenge
b) Asymmetric Key Cryptography
• Uses a public-private key pair
• Example: RSA, ECC
• Used for secure key exchange and digital signatures
c) Hash Functions
• Converts data into fixed-size hash
• One-way, no decryption >Example: SHA-256, MD5
d) Digital Signatures
• Ensures integrity and non-repudiation
• Sender signs message with private key; receiver verifies with
public key
• Used in emails, software distribution
e) Message Authentication Code (MAC)
• Combines hashing and secret key
• Used for message integrity and authentication

3
3.(i) 72 mod 5
We divide 72 by 5:
• 72÷5=1472 \div 5 = 14 remainder 2
• So,
72mod 5=272 \mod 5 = \boxed{2}

(ii) 36 mod 12
We divide 36 by 12:
• 36÷12=336 \div 12 = 3 remainder 0
• So,
36mod 12=036 \mod 12 = \boxed{0}

(iii) –18 mod 14

Mod with negative number:
We want a result in the range 0 to 13 (because mod 14).
• −18÷14=−2-18 \div 14 = -2 remainder 10, because:
−18=(−2×14)+10-18 = (-2 \times 14) + 10
• So,
−18mod 14=10-18 \mod 14 = \boxed{10}

Final Answers:
• (i) 2\boxed{2}
• (ii) 0\boxed{0}
• (iii) 10\boxed{10}

4
4.Diference Bet Substitution Cipher & Transposition Cipher
In classical cryptography, substitution and transposition are two basic
types of encryption techniques. Both aim to hide the original content of a
message but use different methods.

Aspect Substitution Cipher Transposition Cipher

Replaces each character or Rearranges the positions

1. Definition group of characters with of characters in the
another plaintext

Character substitution Permutation of character

2. Technique based on some fixed rule or positions without altering
key characters

Caesar Cipher,
Rail Fence Cipher,
3. Example Monoalphabetic Cipher,
Columnar Transposition
Vigenère Cipher

Characters or symbols Only the order of

4. Operation on
themselves are changed characters is changed

More secure than

Easier to break if frequency
5. Security substitution if used with
analysis is applied
multiple rounds

6. Preservation Original characters are Original characters are

of Characters replaced with others retained but shuffled

7. Frequency Frequency of letters is Frequency remains the

Pattern changed same as plaintext

Depends on a key to
8. Key Depends on a key to
determine the
Dependency substitute characters
permutation order

Vulnerable to frequency
More resistant to
9. Cryptanalysis analysis and known
frequency analysis
plaintext attacks

5
Aspect Substitution Cipher Transposition Cipher

Often used in
Forms the base of many
10. Use in combination with
modern symmetric
Modern Crypto substitution in block
encryption systems
ciphers

Illustrative Example:
Substitution Cipher (Caesar Cipher):
Plaintext: HELLO
Key: Shift by 3
Ciphertext: KHOOR
Transposition Cipher (Rail Fence - 2 rails):
Plaintext: HELLO
Step 1 (Zigzag):
H L O
EL
Step 2: Read line by line → HLOEL

6
5.Ring and the difference betn Ring and Commutative Ring
Definition of Ring
A Ring is an algebraic structure consisting of a non-empty set RR
equipped with two binary operations:
• Addition (+)
• Multiplication (×)

A set RR is called a Ring if:

1. (R,+)(R, +) is an abelian group (i.e., associative, has identity
element 0, and every element has an additive inverse).
2. (R,×)(R, ×) is associative: a×(b×c)=(a×b)×ca × (b × c) = (a × b) × c
for all a,b,c∈Ra, b, c \in R.
3. Distributive laws hold:
o a×(b+c)=a×b+a×ca × (b + c) = a × b + a × c
o (a+b)×c=a×c+b×c(a + b) × c = a × c + b × c
Rings may or may not have a multiplicative identity and may or may not
be commutative under multiplication.

Difference Between Ring and Commutative Ring

Aspect Ring Commutative Ring

A set with two operations A ring in which

1. Definition (addition and multiplication) multiplication is
satisfying ring properties commutative

Multiplication is
Multiplication may not be
2. Commutativity commutative:
commutative: ab≠baab ≠ ba
ab=baab = ba

Matrix ring
Set of integers
3. Example Mn(R)M_n(\mathbb{R})
Z\mathbb{Z}
(matrices of order nn)

7
Aspect Ring Commutative Ring

Used in linear algebra, Used in number

4. Application cryptography, matrix theory, algebraic
operations geometry

More specific –
Less restrictive – more includes extra
5. Structure
general property
(commutativity)

May or may not have Same – identity may

6. Identity element
multiplicative identity or may not exist

Multiplicative inverses not

7. Invertibility Same
required

8. Zero divisors May have zero divisors Same

9. Use in abstract Important subclass

General base structure
algebra with nicer properties

10. Ring is a superset of Commutative ring is

Superset/Subclass commutative ring a subclass of ring

8
6. What is DES (Data Encryption Standard)?
DES (Data Encryption Standard) is a symmetric key block cipher
encryption algorithm developed by IBM in the early 1970s and adopted
as a federal standard by NIST in 1977.
• It encrypts data in 64-bit blocks using a 56-bit key.
• DES uses the same key for both encryption and decryption.
• It is now considered insecure due to advances in computing power
but was foundational in cryptography.

Main Features of DES:

Feature Description

Type Symmetric block cipher

Block Size 64 bits

Key Size 56 bits (plus 8 parity bits, totaling 64 bits)

Rounds 16 rounds of processing

Structure Feistel network

Encryption/Decryption Same algorithm used (with reversed keys)

Working of DES Algorithm:

DES works in the following main steps:

1. Initial Permutation (IP):

The 64-bit plaintext is permuted using a fixed IP table.

2. Key Generation:
• From the 56-bit key, 16 subkeys (each 48-bit) are generated for the
16 rounds.
• Key scheduling involves permutations and left shifts.

3. 16 Rounds of Feistel Structure:

Each round performs:

9
 1. Divide 64-bit data into Left (L) and Right (R) halves
2. For each round ii:
o Li=Ri−1L_i = R_{i-1}
o Ri=Li−1⊕f(Ri−1,Ki)R_i = L_{i-1} \oplus f(R_{i-1}, K_i)
where:
o ff is the round function
o KiK_i is the round key
3. The function ff includes:
o Expansion of 32 bits to 48 bits
o XOR with subkey
o Substitution using S-boxes
o Permutation (P-box)

4. Final Permutation (IP⁻¹):

After 16 rounds, the two halves are combined and passed through the
inverse of the initial permutation.

Encryption Output:
A 64-bit ciphertext is generated.
For decryption, the same steps are followed in reverse order using the
subkeys in reverse.

Example Use Case:

Suppose you want to encrypt the 64-bit plaintext block
0x0123456789ABCDEF using DES with a 56-bit key. It will undergo 16
rounds of transformation, resulting in ciphertext like
0x85E813540F0AB405.

10
7.Field Using a Set of Residues
Definition of a Field:
A field is an algebraic structure (F,+,×)(F, +, \times) where:
• FF is a non-empty set
• Addition (+) and multiplication (×) are defined on FF
• Both operations satisfy the usual properties: associativity,
commutativity, distributivity
• There exist additive and multiplicative identities (0 and 1)
• Every element has an additive inverse
• Every non-zero element has a multiplicative inverse

Example: Field of Integers Modulo a Prime pp — Zp\mathbb{Z}_p

• Consider the set of integers modulo a prime number pp:
Zp={0,1,2,...,p−1}\mathbb{Z}_p = \{0, 1, 2, ..., p-1\}
• The operations are addition and multiplication modulo pp.
• For example, if p=7p = 7, then:
Z7={0,1,2,3,4,5,6}\mathbb{Z}_7 = \{0, 1, 2, 3, 4, 5, 6\}

Why is Zp\mathbb{Z}_p a Field?

1. Closure:
Addition and multiplication modulo pp produce results within
Zp\mathbb{Z}_p.
2. Associativity and Commutativity:
Both addition and multiplication modulo pp are associative and
commutative.
3. Additive Identity:
0 acts as the additive identity since a+0≡a(modp)a + 0 \equiv a
\pmod{p}.

11
 4. Multiplicative Identity:
1 acts as the multiplicative identity since a×1≡a(modp)a \times 1
\equiv a \pmod{p}.
5. Additive Inverse:
For every a∈Zpa \in \mathbb{Z}_p, there exists an −a-a such that
a+(−a)≡0(modp)a + (-a) \equiv 0 \pmod{p}.
6. Multiplicative Inverse:
For every non-zero a∈Zpa \in \mathbb{Z}_p, there exists an
inverse a−1a^{-1} such that a×a−1≡1(modp)a \times a^{-1} \equiv
1 \pmod{p}. This is true because pp is prime.
7. Distributive Law:
Multiplication distributes over addition modulo pp.

Example Calculation:
In Z7\mathbb{Z}_7:
• Addition: 5+4≡2(mod7)5 + 4 \equiv 2 \pmod{7} because 5+4=95 +
4 = 9 and 9mod 7=29 \mod 7 = 2.
• Multiplicative inverse of 3 is 5 since 3×5=15≡1(mod7)3 \times 5 =
15 \equiv 1 \pmod{7}.

Applications:
• Used in cryptography, such as RSA and ECC.
• Basis of arithmetic in computer science and coding theory.
• Helps in designing error-correcting codes.

12
8.Chinese Remainder Theorem (CRT)
The Chinese Remainder Theorem states that:
Given a system of simultaneous congruences:
{x≡a1(modm1)x≡a2(modm2)⋮x≡ak(modmk)\begin{cases} x \equiv a_1
\pmod{m_1} \\ x \equiv a_2 \pmod{m_2} \\ \vdots \\ x \equiv a_k
\pmod{m_k} \end{cases}
where m1,m2,…,mkm_1, m_2, \ldots, m_k are pairwise coprime (i.e.,
gcd⁡(mi,mj)=1\gcd(m_i, m_j) = 1 for all i≠ji \neq j),
then there exists a unique solution xx modulo M=m1m2⋯mkM = m_1
m_2 \cdots m_k.
In other words, there is a unique integer xx, 0≤x<M0 \leq x < M, that
simultaneously satisfies all the given congruences.

Explanation:
• CRT allows us to solve multiple modular equations simultaneously.
• It guarantees the existence and uniqueness of the solution under
the condition of pairwise coprime moduli.

Applications of Chinese Remainder Theorem:

1. Computer Science and Cryptography:
o Used in algorithms for fast modular arithmetic, such as RSA
encryption/decryption.
o Improves efficiency by working with smaller moduli instead of
a large modulus.
2. Solving System of Congruences:
o Used to find numbers that satisfy multiple modular conditions
in problems involving clocks, scheduling, and
synchronization.
3. Coding Theory:
o Helps in designing error detection and correction codes.
4. Algorithm Optimization:
13
 o Used in parallel computing and computations involving large
numbers by breaking the problem into smaller independent
tasks.

Example:
Solve for xx:
{x≡2(mod3)x≡3(mod5)x≡2(mod7)\begin{cases} x \equiv 2 \pmod{3} \\ x
\equiv 3 \pmod{5} \\ x \equiv 2 \pmod{7} \end{cases}
• m1=3,m2=5,m3=7m_1=3, m_2=5, m_3=7 are pairwise coprime.
• The solution is unique modulo 3×5×7=1053 \times 5 \times 7 =
105.
By applying CRT, the solution is x=23x = 23 (for example).

14
9.Digital Signature
A digital signature is a cryptographic technique that provides a secure
and authentic way to verify the origin and integrity of a digital message
or document. It acts like a handwritten signature or a stamped seal but
offers far more inherent security.
• It ensures that a message is genuinely from the claimed sender
(authentication).
• It guarantees that the message has not been altered (integrity).
• It provides non-repudiation, meaning the sender cannot deny
sending the message.

How Digital Signatures Work:

Digital signatures use asymmetric key cryptography, which involves:
• A private key (kept secret by the signer)
• A public key (shared openly)

Process of Creating and Verifying a Digital Signature:

1. Signing:
• The sender applies a hash function (like SHA-256) to the original
message, producing a fixed-length message digest.
• The sender encrypts this digest using their private key. This
encrypted digest is the digital signature.
• The digital signature is sent along with the original message.
2. Verification:
• The receiver applies the same hash function to the received
message to get a new digest.
• The receiver decrypts the digital signature using the sender's
public key to get the original digest.
• The receiver compares both digests:
If they match, the signature is valid, confirming authenticity and integrity.

15
If not, the message may have been altered or the signature forged.

Properties of Digital Signatures:

Property Explanation

Authentication Confirms the sender’s identity using the private key.

Integrity Ensures message is not altered after signing.

Non-repudiation Sender cannot deny sending the message.

Uniqueness Signature is unique to the message and signer.

Applications of Digital Signatures:

• Secure email communication (e.g., PGP, S/MIME)
• Software distribution to verify authenticity and prevent tampering
• Financial transactions and online banking
• Legal documents and contracts to provide digital proof
• Blockchain technology to sign transactions

16
10.RSA Algorithm: Overview
RSA is a widely used asymmetric key cryptosystem for secure data
transmission. It uses a public key for encryption and a private key for
decryption.

Key Generation Steps:

1. Choose two distinct prime numbers:
p=7p = 7, q=11q = 11
2. Compute n=p×qn = p \times q:
n=7×11=77n = 7 \times 11 = 77
nn is used as the modulus for both public and private keys.
3. Calculate Euler's Totient ϕ(n)=(p−1)(q−1)\phi(n) = (p-1)(q-1):
ϕ(77)=(7−1)(11−1)=6×10=60\phi(77) = (7 - 1)(11 - 1) = 6 \times 10 = 60
4. Choose public exponent ee:
Select ee such that 1<e<ϕ(n)1 < e < \phi(n) and
gcd⁡(e,ϕ(n))=1\gcd(e, \phi(n)) = 1.
Let’s choose e=7e = 7 (since gcd(7, 60) = 1)
5. Compute private exponent dd:
Find dd such that:
d×e≡1(modϕ(n))d \times e \equiv 1 \pmod{\phi(n)}
This means:
d×7≡1(mod60)d \times 7 \equiv 1 \pmod{60}
Using the extended Euclidean algorithm, we find:
d=43d = 43
(Because 7×43=3017 \times 43 = 301, and 301mod 60=1301 \mod 60 =
1)

Keys:
• Public key: (e,n)=(7,77)(e, n) = (7, 77)
• Private key: (d,n)=(43,77)(d, n) = (43, 77)

17
 Encryption:
Given plaintext M=9M = 9, encrypt to ciphertext CC using:
C=Memod n=97mod 77C = M^e \mod n = 9^7 \mod 77
Calculate 97mod 779^7 \mod 77:
• 91=9mod 77=99^1 = 9 \mod 77 = 9
• 92=9×9=81mod 77=49^2 = 9 \times 9 = 81 \mod 77 = 4
• 94=(92)2=42=16mod 77=169^4 = (9^2)^2 = 4^2 = 16 \mod 77 =
16
• 97=94×92×91=16×4×9=576mod 779^7 = 9^{4} \times 9^{2} \times
9^{1} = 16 \times 4 \times 9 = 576 \mod 77
Calculate 576mod 77576 \mod 77:
• 77×7=53977 \times 7 = 539
• 576−539=37576 - 539 = 37
So,
C=37C = 37

Decryption:
To recover plaintext MM from ciphertext CC, use:
M=Cdmod n=3743mod 77M = C^d \mod n = 37^{43} \mod 77
Calculating 3743mod 7737^{43} \mod 77 directly is tedious, but we can
use modular exponentiation or repeated squaring.
Let's do modular exponentiation by repeated squaring:
• 371≡37mod 7737^1 \equiv 37 \mod 77
• 372=37×37=1369mod 7737^2 = 37 \times 37 = 1369 \mod 77
Calculate 1369mod 771369 \mod 77:
• 77×17=130977 \times 17 = 1309
• 1369−1309=601369 - 1309 = 60
So, 372≡6037^2 \equiv 60

18
11.Requirements of Hash Functions
A hash function takes an input (message) and produces a fixed-size
string of bytes, typically called a hash value or message digest. For
cryptographic applications, hash functions must satisfy the following
properties:
1. Deterministic
• For the same input, the hash function must always produce the
same output.
2. Fast Computation
• The hash value should be computed quickly for any given input.
3. Pre-image Resistance (One-way property)
• Given a hash value hh, it should be computationally infeasible to
find any input xx such that hash(x)=h\text{hash}(x) = h.
• This ensures the hash function is one-way.
4. Second Pre-image Resistance
• Given an input xx, it should be computationally infeasible to find
another input x′≠xx' \neq x such that hash(x)=hash(x′)\text{hash}(x)
= \text{hash}(x').
5. Collision Resistance
• It should be computationally infeasible to find any two distinct
inputs xx and yy such that hash(x)=hash(y)\text{hash}(x) =
\text{hash}(y).
6. Avalanche Effect
• A small change in the input should produce a completely different
hash value (changing even one bit of input should change about
half the bits of the output).
7. Fixed Output Length
• The output hash length is fixed, regardless of input size.

19
12.ElGamal Cryptosystem
ElGamal is a public-key cryptosystem based on the difficulty of solving
the discrete logarithm problem. It consists of three phases: key
generation, encryption, and decryption.
1. Key Generation (by Alice)
• Choose a large prime number pp.
• Choose a primitive root gg modulo pp (i.e., gg is a generator of the
multiplicative group Zp∗\mathbb{Z}_p^*).
• Choose a private key aa where 1≤a≤p−21 \leq a \leq p-2.
• Compute the public key component y=gamod py = g^a \mod p.
• Public key: (p,g,y)(p, g, y)
• Private key: aa
2. Encryption (by Bob)
To encrypt a message MM (where M∈Zp∗M \in \mathbb{Z}_p^*) using
Alice’s public key (p,g,y)(p, g, y):
• Choose a random kk such that 1≤k≤p−21 \leq k \leq p-2.
• Compute:
c1=gkmod pc_1 = g^k \mod p c2=M×ykmod pc_2 = M \times y^k \mod p
• The ciphertext is the pair:
(c1,c2)(c_1, c_2)
3. Decryption (by Alice)
Using her private key aa, Alice recovers MM from ciphertext (c1,c2)(c_1,
c_2) as:
M=c2×(c1a)−1mod pM = c_2 \times (c_1^a)^{-1} \mod p
Where (c1a)−1(c_1^a)^{-1} is the modular inverse of c1ac_1^a modulo
pp.

Given Data:

20
 • Prime modulus p=19p = 19
• Primitive root g=2g = 2
• Alice's private key a=5a = 5
• Bob’s public key y=8y = 8 (note: usually y=gamod py = g^a \mod
p, but here it is given)
• Message M=9M = 9
Step 1: Calculate Alice’s Public Key
Usually, Alice computes:
y=gamod p=25mod 19y = g^a \mod p = 2^5 \mod 19
Calculate:
• 25=322^5 = 32
• 32mod 19=32−19=1332 \mod 19 = 32 - 19 = 13
So, Alice’s public key is y=13y = 13.
Step 2: Encrypt Message M=9M = 9 Using Bob’s Public Key y=8y = 8
Bob wants to encrypt message M=9M = 9 using:
• p=19p = 19,
• g=2g = 2,
• y=8y = 8.
Bob selects a random integer kk, say k=7k = 7 (you can choose any
1≤k≤171 \leq k \leq 17).
Calculate:
• c1=gkmod p=27mod 19c_1 = g^k \mod p = 2^7 \mod 19
• c2=M×ykmod p=9×87mod 19c_2 = M \times y^k \mod p = 9 \times
8^7 \mod 19

21
13.E-mail Architecture
E-mail (Electronic Mail) architecture refers to the structure and
components that allow users to send, receive, and manage messages
over a network (like the Internet). It consists of clients, servers,
protocols, and storage systems working together.

Main Components of E-mail Architecture

1. User Agent (UA)
• Also called Mail User Agent (MUA).
• It is the software application used by users to compose, send,
receive, and read e-mails.
• Examples: Microsoft Outlook, Gmail, Thunderbird.
2. Mail Transfer Agent (MTA)
• Acts as a mail server that transfers e-mails from the sender to the
recipient.
• It relays messages between servers using the SMTP protocol.
• Examples: Sendmail, Postfix, Microsoft Exchange Server.
3. Mail Delivery Agent (MDA)
• Delivers e-mail to the recipient's mailbox on the server.
• Retrieves and stores messages for later access by the user.
• Examples: Procmail, Dovecot.

Important E-mail Protocols

Protocol Full Form Role

Simple Mail
Used to send e-mail from client to server or
SMTP Transfer
between servers.
Protocol

Post Office Used to download e-mail from server to

POP3 Protocol version client. Messages are usually deleted from
3 server after download.

22
Protocol Full Form Role

Internet Allows users to access and manage e-mail

IMAP Message Access on the server without downloading. Keeps
Protocol messages on the server.

E-mail Transmission Flow

1. Composition
User writes an e-mail using a Mail User Agent (e.g., Gmail).
2. Submission
The e-mail is sent to the Mail Transfer Agent using SMTP.
3. Relaying
If the recipient is on a different domain, the message is forwarded
through one or more MTAs.
4. Delivery
The final MTA hands the message off to a Mail Delivery Agent (MDA),
which stores it in the recipient’s mailbox.
5. Access
The recipient uses their Mail User Agent to access messages using
POP3 or IMAP.

23
14.S/MIME: Summary of Cryptographic Algorithms
S/MIME is a standard for public key encryption and digital signing of
MIME data. It is used to ensure confidentiality, authentication, message
integrity, and non-repudiation in email communication.
S/MIME uses a combination of:
1. Symmetric Encryption Algorithms (for message encryption)
• Purpose: To encrypt the actual email content (message body)
efficiently.
• Algorithms used:
o AES (Advanced Encryption Standard)
o Triple DES (3DES)
o RC2 (historical use)

The symmetric key is randomly generated and used to encrypt the

message.
This key is later encrypted with the recipient's public key (asymmetric
encryption).
2. Asymmetric Encryption Algorithms (for key encryption and digital
signatures)
• Purpose:
o To encrypt the symmetric key (confidentiality)
o To digitally sign the message (authentication & integrity)
• Algorithms used:
o RSA (Rivest-Shamir-Adleman)
o Elliptic Curve Cryptography (ECC) (in modern versions)

Sender signs the message using their private key.

Recipient verifies the signature using the sender’s public key.
The symmetric key (used for encrypting the message) is encrypted
with the recipient’s public key.

24
3. Hash Functions (for message digest in digital signatures)
• Purpose:
To create a unique digest of the message to ensure data integrity.
• Algorithms used:
o SHA-1 (legacy)
o SHA-256, SHA-384, SHA-512 (preferred in modern use)

The hash is computed over the message and then signed by the
sender.

Summary Table

Function Algorithm Type Examples Used in S/MIME

Message encryption Symmetric AES, Triple DES, RC2

Key encryption & signing Asymmetric RSA, ECC

Message integrity Hash Function SHA-1, SHA-256, SHA-512

25
15.SSL Architecture (Secure Sockets Layer)
SSL is a cryptographic protocol that provides secure communication
over a computer network, especially the Internet. It ensures
confidentiality, authentication, and data integrity between client and
server.
SSL has been succeeded by TLS (Transport Layer Security), but the
architecture remains conceptually similar.

Objectives of SSL:
• Encrypt data for confidentiality
• Authenticate both parties (typically server-side)
• Detect tampering for integrity
• Prevent replay attacks

Main Components of SSL Architecture:

SSL is composed of two layers:

1. SSL Record Protocol

• Ensures secure and reliable transmission of data.
• It fragments the data, applies compression (optional), adds a MAC
(Message Authentication Code), and encrypts the data.
• Operates on top of TCP.
• Provides:
o Confidentiality (via symmetric encryption like AES or 3DES)
o Integrity (via MAC using hash functions like SHA)

2. SSL Handshake Protocol

• Manages authentication and key exchange before any secure data
is sent.
• Establishes a secure session between client and server.
• Performs:

26
 o Exchange of protocol version, cipher suites
o Server authentication (digital certificate)
o Key exchange (e.g., RSA or Diffie-Hellman)
o Symmetric session key generation

3. Other Protocols within SSL

Protocol Purpose

Handshake Protocol Establishes secure connection and keys

Change Cipher Spec Signals change in encryption settings

Alert Protocol Sends error/warning messages

Record Protocol Securely transmits application data

SSL Working Process (Simplified Steps)

1. Client Hello:
o Client sends version, supported cipher suites, random
number.
2. Server Hello:
o Server responds with chosen cipher, random number, and
certificate.
3. Key Exchange:
o Client verifies server and generates a pre-master key,
encrypts it using server’s public key, and sends it.
4. Session Key Creation:
o Both sides use the same method to generate a shared
symmetric key.
5. Finished:
o Both sides confirm with encrypted “Finished” messages.
o Secure communication begins using the symmetric key.

27
16.Pretty Good Privacy (PGP) is a data encryption and decryption
program that provides cryptographic privacy and authentication for
securing e-mail communication. It uses a combination of symmetric
encryption, asymmetric encryption, hashing, and compression.
Message Generation in PGP (Sender Side)
Steps:
1. Message Creation:
o The user creates a plaintext message (M).
2. Hashing (Message Digest):
o A hash function (e.g., SHA-1) is applied to the message to
create a message digest (MD).
MD = H(M)
3. Digital Signature Generation:
o The message digest is encrypted with the sender’s private
key to create a digital signature.
Signature = Encrypt(MD, PrivateKey_sender)
4. Append Signature:
o The digital signature is attached to the original message to
form a signed message.
5. Compression (Optional):
o The signed message is compressed to reduce size and
improve efficiency.
6. Symmetric Key Generation:
o A random symmetric session key is generated.
7. Encryption (Message Encryption):
o The compressed message is encrypted using the symmetric
session key.
8. Encrypt the Session Key:

28
 o The symmetric key is encrypted using the recipient’s public
key.
9. Output the Final Package:
o The final PGP message contains:
▪ Encrypted message
▪ Encrypted session key
▪ Sender's public key ID
▪ Signature

Block Diagram: PGP Message Generation

Plaintext Message (M)
↓
Hash Function
↓
Message Digest (MD)
↓ ↓
Encrypt with Private Key Original Message
↓ ↓
Digital Signature Append Signature
↘ ↙
Signed Message (M + Signature)
↓
Compression
↓
Compressed Message
↓
Symmetric Key Generation

29
 ↓
Encrypt Message with Symmetric Key
↓
Encrypt Symmetric Key with Recipient's Public Key
↓
Final PGP Package

Message Reception in PGP (Receiver Side)

Steps:
1. Receive PGP Message:
o The receiver receives the PGP message package.
2. Decrypt Symmetric Key:
o The encrypted session key is decrypted using the recipient's
private key.
3. Decrypt Message:
o The encrypted message is decrypted using the recovered
symmetric key.
4. Decompression:
o The decrypted message is decompressed to retrieve the
original signed message.
5. Separate Message and Signature:
o The message and the digital signature are separated.
6. Hash the Message:
o A hash function is applied to the message to produce a new
message digest.
7. Verify Signature:
o The digital signature is decrypted using the sender’s public
key to retrieve the original message digest.

30
8. Compare Digests:
o If the calculated digest matches the one from the signature,
authenticity and integrity are verified.

Block Diagram: PGP Message Reception

Received PGP Package
↓
Decrypt Symmetric Key using Private Key
↓
Decrypt Message using Symmetric Key
↓
Decompression
↓
Extract Message + Signature
↓ ↓
Hash Function Decrypt Signature using Sender’s Public Key
↓ ↓
Message Digest (From Signature)
↓ ↓
Compare Message Digests
↓
If Match → Message Verified
If Not Match → Tampered / Invalid

31
17.What is a Firewall?
A firewall is a network security system—either hardware, software, or a
combination of both—that monitors and controls incoming and outgoing
network traffic based on predefined security rules.

Purpose of a Firewall:-A firewall acts as a barrier between a trusted

internal network (like your computer or organization’s LAN) and an
untrusted external network (like the internet).

Key Functions of a Firewall:

1. Packet Filtering – Inspects packets and allows or blocks them
based on IP addresses, ports, and protocols.
2. Stateful Inspection – Tracks the state of active connections and
allows packets that are part of an established session.
3. Proxy Services – Acts as an intermediary for requests from clients
seeking resources from other servers.
4. Network Address Translation (NAT) – Hides internal IP addresses
from the outside world.
5. Logging and Alerts – Records suspicious activity and alerts
administrators.
Firewall Placement Ex:[Internet] ↔ [Firewal] ↔ [Router] ↔
[InternalNetwor]

Type Description

Packet Filtering Firewall Basic type, inspects each packet individually.

Stateful Firewall Tracks connection state and context.

Proxy Firewall Filters traffic at the application level.

Next-Generation Firewall Combines deep packet inspection, intrusion

(NGFW) prevention, and more.

32
18.Purpose of Encapsulating Security Payload
Encapsulating Security Payload (ESP) is a protocol within the IPsec
(Internet Protocol Security) suite that provides confidentiality, data
integrity, and authentication for IP packets.

Primary Purpose of ESP

ESP is designed to secure IP packets by:
1. Encrypting the payload to ensure confidentiality
2. Authenticating the packet to verify integrity and origin
3. Preventing replay attacks (optionally)
4. Providing limited traffic flow confidentiality (by hiding packet
content)

How ESP Works:

ESP encapsulates data in a secure format before transmission. Here's
how it contributes to each aspect of security:

1. Confidentiality (Encryption):
• ESP encrypts the payload (e.g., TCP/UDP segment) using
symmetric encryption algorithms like AES or 3DES.
• This prevents unauthorized users from reading the data during
transmission.

2. Integrity and Authentication:

• ESP optionally adds a Message Authentication Code (MAC) over
the payload and ESP header using HMAC (e.g., HMAC-SHA256).
• This ensures the data has not been altered and verifies the identity
of the sender.

3. Replay Protection (Optional):

• ESP includes a sequence number to defend against replay
attacks.
• The receiver checks for duplicates and ignores old packets.

33
 ESP Packet Structure (Simplified)
[IP Header] [ESP Header] [Encrypted Payload + ESP Trailer] [ESP
Authentication Data (optional)]
• ESP Header: Contains SPI (Security Parameters Index) and
sequence number
• Encrypted Payload: Contains original transport layer segment
(TCP/UDP), encrypted
• ESP Authentication Data: MAC to verify integrity (optional)

Modes of ESP Operation

1. Transport Mode:
o Only the payload is encrypted/authenticated.
o IP header remains unchanged.
o Used in end-to-end communication (host-to-host).
2. Tunnel Mode:
o Entire IP packet is encrypted and encapsulated in a new IP
packet.
o Used in gateway-to-gateway or VPN scenarios.
o Provides full packet protection.

34
19.(i) Virus
A computer virus is a type of malicious software (malware) designed to
replicate itself and spread from one computer to another, often without
the user's knowledge. It attaches itself to legitimate programs or files and
executes when the host file is run.

Key Features:
• Requires user action (e.g., opening an infected file) to activate.
• Can corrupt or delete data, slow down systems, or crash them.
• Spreads via infected files, USBs, emails, or downloads.

Example:
• ILOVEYOU virus, which spread through email and caused
widespread damage.

(ii) Adware
Adware (short for advertising-supported software) is software that
automatically displays or downloads advertisements when a user is
online. While not always malicious, some adware can track user
behavior and compromise privacy.

Key Features:
• Displays unwanted pop-ups or banners.
• Often bundled with free software.
• May collect personal data (e.g., browsing history) for targeted ads.

Risks:
• Slows down system performance.
• May lead to more dangerous malware if not handled properly.

Solution:
• Use reliable antivirus or adware removal tools to clean the system.

35
An Intrusion Detection System (IDS) is a security tool used to
monitor and analyze network or system activity to identify suspicious
behavior, policy violations, or unauthorized access attempts.

Key Components of an IDS

Component Function

Collect data (e.g., network packets, system logs)

Sensor(s)
from the monitored system or network.

Analyzer Examines the collected data for signs of intrusion

(Detection Engine) using various techniques.

Signature Stores known patterns of attack (signatures) used

Database in detection.

User Interface / Displays alerts and logs, allows administrators to

Console configure rules and respond to threats.

Stores detected events and activities for further

Logger (Database)
analysis or auditing.

Takes automated or manual action when a threat is

Response Module
detected (e.g., alerts, blocking, logging).

Techniques Used in IDS

IDS uses one or more of the following detection techniques:
1. Signature-Based Detection
• Matches activity against a known pattern or signature of an attack.
• Fast and accurate for known threats.

• Cannot detect new or unknown attacks (zero-day).

2. Anomaly-Based Detection
• Learns normal behavior of the system/network and flags deviations
as suspicious.
• Can detect unknown threats or zero-day attacks.

36
 • May produce false positives if the baseline is not well-defined.
3. Stateful Protocol Analysis
• Understands the protocol behavior (e.g., TCP/IP) and detects
deviations from expected usage patterns.
• More context-aware than simple pattern matching.
4. Heuristic-Based Detection
• Uses rules, AI, or fuzzy logic to detect malicious activity.
• Balances between signature and anomaly detection.
• Useful for evolving threats and adaptive systems.

Types of IDS

Type Description

Network-based IDS Monitors network traffic (placed at strategic points

(NIDS) like routers or firewalls).

Host-based IDS Monitors activity on a single host (file integrity,

(HIDS) logs, processes).

IDS Response Mechanisms

Although traditional IDS is passive (detects and alerts), modern systems
can integrate with prevention systems:
Passive Response:
• Logs the incident
• Sends alerts to admin
• Reports via dashboard or email
Active Response (in IPS or Hybrid systems):
• Drops malicious packets
• Blocks suspicious IP addresses

37