CSS ASSIGNMENT 2 ANSWERS

Q1. Explain password-based authentication and challenge-response authentication with

examples.

Answer:

Authentication is the process of verifying the identity of a user or system. Two commonly used
authentication methods are password-based authentication and challenge-response
authentication.

1) Password-Based Authentication:

Password-based authentication is the simplest and most widely used method of authentication in
computer systems. In this method, the user provides a username and a password to prove their
identity.

When a user attempts to log in, the system compares the entered password with the stored
password in the database. If the credentials match, access is granted; otherwise, access is denied.
In modern systems, passwords are not stored in plain text but are stored as hashed values for
security.

For example, when a user logs into an email account such as Gmail, they enter their username
and password. The server verifies the password and allows access if it is correct.

However, this method has several limitations. It is vulnerable to attacks such as brute force
attacks, dictionary attacks, and phishing attacks. If a password is weak or reused, it becomes
easier for attackers to compromise the system.

2) Challenge-Response Authentication:

Challenge-response authentication is a more secure method in which the password is never

directly transmitted over the network.

In this method, when a user tries to log in, the server sends a random value known as a
"challenge" to the user. The user then encrypts this challenge using a secret key or password and
sends the response back to the server. The server performs the same operation and compares the
results. If they match, the user is authenticated.

This method prevents replay attacks because the challenge value changes every time.
A common example of challenge-response authentication is OTP (One-Time Password) used in
banking systems. Each time a user logs in, a new OTP is generated and must be entered for
authentication.

Thus, challenge-response authentication provides better security compared to simple

password-based authentication.

Q2. Define Firewall. What are various types of it?

Answer:

A firewall is a network security system that monitors and controls incoming and outgoing
network traffic based on predefined security rules. It acts as a barrier between a trusted internal
network and an untrusted external network such as the Internet.

The main purpose of a firewall is to prevent unauthorized access while allowing legitimate
communication.

Types of Firewalls:

1) Packet Filtering Firewall:

A packet filtering firewall operates at the network layer and examines packets based on
parameters such as source IP address, destination IP address, port number, and protocol. It allows
or blocks packets based on predefined rules.

2) Stateful Inspection Firewall:

A stateful inspection firewall keeps track of the state of active connections. It not only examines
individual packets but also considers the context of the traffic. This makes it more secure than
packet filtering.

3) Proxy Firewall (Application-Level Gateway):

A proxy firewall operates at the application layer and acts as an intermediary between the user
and the server. It hides the internal network from external users and provides higher security.

4) Next-Generation Firewall (NGFW):

A next-generation firewall includes advanced features such as intrusion detection, deep packet
inspection, and application awareness. It provides enhanced protection against modern threats.

Firewalls play a crucial role in protecting networks from cyber threats and unauthorized access.
Q3. Discuss in detail how Kerberos Authentication Protocol works.

Answer:

Kerberos is a network authentication protocol designed to provide strong authentication for

client-server applications using secret-key cryptography. It is widely used in distributed systems
to ensure secure communication.

Kerberos uses a ticket-based system and involves three main components: the Authentication
Server (AS), the Ticket Granting Server (TGS), and the Service Server.

Working of Kerberos Protocol:

1.​ Initially, the user logs into the system and sends a request to the Authentication Server
(AS) for authentication.
2.​ The AS verifies the user's credentials and sends back a Ticket Granting Ticket (TGT),
which is encrypted using the user's secret key.
3.​ The client then sends the TGT to the Ticket Granting Server (TGS) to request access to a
particular service.
4.​ The TGS verifies the TGT and issues a service ticket, which is encrypted using the
service server's key.
5.​ The client sends this service ticket to the service server.
6.​ The service server verifies the ticket and grants access to the requested service.

Diagram:
Client → AS : Request
AS → Client : TGT
Client → TGS : TGT + Request
TGS → Client : Service Ticket
Client → Server : Service Ticket
Server → Client : Access Granted

Kerberos ensures that passwords are never transmitted over the network, making it highly secure.

Q8. Describe the working of a digital signature process with a diagram.

Answer:

A digital signature is a cryptographic technique used to ensure the authenticity, integrity, and
non-repudiation of a message.
Working:

1.​ The sender first creates the message.

2.​ A hash function is applied to the message to generate a message digest.
3.​ The message digest is encrypted using the sender’s private key to create the digital
signature.
4.​ The message along with the digital signature is sent to the receiver.
5.​ The receiver decrypts the signature using the sender’s public key to obtain the original
hash.
6.​ The receiver also computes the hash of the received message.
7.​ If both hashes match, the signature is valid.

Diagram:
Sender Side:
Message → Hash Function → Message Digest → Encrypt with Private Key → Digital Signature

Receiver Side:
Digital Signature → Decrypt with Public Key → Message Digest
Message → Hash Function → Message Digest

Compare both digests → If equal → Valid

Q10. Explain the RSA digital signature scheme step-by-step.

Answer:

The RSA digital signature scheme is based on public-key cryptography and is used for secure
message authentication.

Steps:

1.​ The sender generates a pair of keys: a public key and a private key.
2.​ The sender creates a message and applies a hash function to generate a message digest.
3.​ The sender encrypts the message digest using their private key. This encrypted digest is
called the digital signature.
4.​ The sender sends the original message along with the digital signature to the receiver.
5.​ The receiver decrypts the digital signature using the sender’s public key to obtain the
original hash.
6.​ The receiver computes the hash of the received message.
7.​ The receiver compares both hashes. If they match, the message is authentic.
Diagram:
Sender:
Message → Hash → Encrypt with Private Key → Signature

Receiver:
Signature → Decrypt with Public Key → Hash
Message → Hash → Compare

Q4. Explain briefly with examples of DoS and phishing attacks.

Answer:

Cyber attacks are malicious attempts to disrupt, damage, or gain unauthorized access to
computer systems. Two common types of such attacks are Denial of Service (DoS) attacks and
phishing attacks.

1) Denial of Service (DoS) Attack:

A Denial of Service (DoS) attack is an attack in which an attacker attempts to make a computer
system, server, or network unavailable to its intended users by overwhelming it with a large
volume of traffic or requests.

In a DoS attack, the attacker sends a massive number of requests to a target server, consuming its
resources such as bandwidth, memory, or CPU. As a result, the server becomes slow or
completely unresponsive to legitimate users.

For example, an attacker may send thousands of fake requests to a banking website, causing it to
crash or become inaccessible to real customers.

2) Phishing Attack:

Phishing is a type of social engineering attack in which an attacker tries to trick users into
revealing sensitive information such as usernames, passwords, credit card details, or OTPs.

In a phishing attack, the attacker impersonates a trusted entity, such as a bank or a popular
website, and sends fraudulent emails or messages to the victim.

For example, a user may receive an email that appears to be from their bank, asking them to click
a link and enter their login credentials. The link leads to a fake website designed to steal the
user's information.
Phishing attacks are dangerous because they exploit human trust rather than technical
vulnerabilities.

Q5. Differentiate between IPsec Transport & Tunnel mode.

Answer:

IPsec (Internet Protocol Security) provides security at the network layer by encrypting and
authenticating IP packets. It operates in two modes: Transport mode and Tunnel mode.

Feature Transport Mode Tunnel Mode

Protection Only encrypts the payload (data part) Encrypts entire IP packet

Header Original IP header remains visible New IP header is added

Security Level Provides less security Provides higher security

Usage Used for end-to-end communication Used in VPNs (network-to-network)

Overhead Less overhead More overhead due to encapsulation

In summary, transport mode is suitable for direct communication between two hosts, while
tunnel mode is used for secure communication between networks.

Q6. Write short note on Intrusion Detection System.

Answer:

An Intrusion Detection System (IDS) is a security mechanism that monitors network or system
activities for malicious actions or policy violations.

The main purpose of an IDS is to detect unauthorized access attempts and alert administrators.

Types of IDS:

1.​ Network-based IDS (NIDS):​

It monitors network traffic and detects suspicious activities across the entire network.
2.​ Host-based IDS (HIDS):​
It monitors activities on a specific system such as file changes, login attempts, and system
calls.
Working:

An IDS analyzes data using predefined rules or signatures and identifies abnormal behavior.
When an intrusion is detected, it generates alerts.

Advantages:

●​ Early detection of attacks

●​ Helps in monitoring network traffic

However, IDS does not prevent attacks; it only detects them.

Q7. What is worm? What is difference between virus and worm?

Answer:

A worm is a type of malicious software (malware) that can replicate itself and spread across
networks without requiring any user interaction or host file.

Worms exploit vulnerabilities in operating systems or networks to propagate automatically.

For example, the WannaCry ransomware worm spread rapidly across the world by exploiting a
vulnerability in Windows systems.

Difference between Virus and Worm:

Feature Virus Worm

Dependency Requires a host file/program Does not require a host

Spread Method Spreads through infected files Spreads through networks

User Interaction Required Not required

Speed of Spread Slower Faster

Damage Corrupts files Consumes bandwidth and resources

Thus, worms are generally more dangerous due to their ability to spread quickly without user
intervention.

Q8. (Already Covered Above)

Q9. Explain different attacks on digital signatures.

Answer:

Digital signatures are used to ensure authentication and integrity, but they can still be targeted by
various attacks.

Types of Attacks:

1.​ Forgery Attack:​

In this attack, an attacker creates a fake signature without possessing the private key.
2.​ Replay Attack:​
The attacker captures a valid signed message and retransmits it later to deceive the
receiver.
3.​ Key Compromise Attack:​
If the sender’s private key is stolen, the attacker can generate valid signatures.
4.​ Chosen Message Attack:​
The attacker tricks the signer into signing specific messages and uses them to forge
signatures.
5.​ Man-in-the-Middle Attack:​
The attacker intercepts communication and alters messages before forwarding them.

These attacks highlight the importance of secure key management and strong cryptographic
practices.

Q10. (Already Covered Above)

Q11. Discuss TCP/IP layer-wise vulnerabilities in detail.

Answer:

The TCP/IP model consists of multiple layers, and each layer has its own vulnerabilities.

1) Application Layer Vulnerabilities:

This layer is vulnerable to attacks such as phishing, malware injection, and SQL injection.

2) Transport Layer Vulnerabilities:

This layer is vulnerable to SYN flooding and session hijacking attacks.

3) Network Layer Vulnerabilities:

Attacks such as IP spoofing and routing attacks occur at this layer.

4) Data Link Layer Vulnerabilities:

ARP spoofing and MAC flooding attacks occur at this layer.

These vulnerabilities can compromise the confidentiality, integrity, and availability of network
systems.

Q12. Explain the following network attacks:

Answer:

1) Packet Sniffing:

Packet sniffing involves capturing and analyzing network traffic. Attackers use it to intercept
sensitive data such as passwords.

2) ARP Spoofing:

In ARP spoofing, an attacker sends fake ARP messages to associate their MAC address with a
legitimate IP address, enabling data interception.

3) Port Scanning:

Port scanning is the process of scanning a system to identify open ports and services running on
it, which can be exploited.

4) IP Spoofing:

IP spoofing involves creating packets with a fake source IP address to hide the attacker’s
identity.

Q13. Explain different types of flooding attacks:

Answer:

Flooding attacks are a type of DoS attack where the attacker overwhelms the system with
excessive traffic.
1) ICMP Flood:

The attacker sends a large number of ICMP (ping) requests to exhaust network resources.

2) SYN Flood:

Diagram:
Attacker → Server : SYN
Server → Attacker : SYN-ACK
Attacker → (No Response)

→ Server resources get exhausted

In this attack, incomplete TCP connections fill the server’s queue.

3) UDP Flood:

The attacker sends numerous UDP packets to random ports, causing the system to waste
resources processing them.

Q14. Discuss the working of security protocols: PGP, SSL, IPsec

Answer:

1) PGP (Pretty Good Privacy):

PGP is used for securing email communication. It uses a combination of symmetric and
asymmetric encryption.

Working:

●​ Message is encrypted using a symmetric key

●​ Symmetric key is encrypted using receiver’s public key
●​ Both are sent together

2) SSL (Secure Sockets Layer):

Diagram:
Client → Server : Hello
Server → Client : Certificate
Client → Server : Session Key (Encrypted)
Secure Communication Established

SSL provides secure communication over the internet using encryption and digital certificates.

3) IPsec (Internet Protocol Security):

IPsec provides security at the network layer using authentication and encryption.

It uses two protocols:

●​ AH (Authentication Header)
●​ ESP (Encapsulating Security Payload)

IPsec ensures secure communication between networks, especially in VPNs.