Q. Difference Between RSA and Diffie Hellman. Q.

IP Security
Q. Caesar cipher, Hill cipher, and Playfair cipher.
Ans. RSA is used to exchange keys for asymmetric encryption Ans. IP Sec (Internet Protocol Security) is an Internet
Ans. Caesar Cipher:
while Diffie-Hellman is used for sharing the keys for Engineering Task Force (IETF) standard suite of protocols
• Substitution cipher that shifts each letter in the plaintext by a between two communication points across the IP network that
symmetric encryption. fixed number of positions down the alphabet.
Ephemeral Keys: Generating keys for each and every provide data authentication, integrity, and confidentiality. It
• It operates on individual letters. also defines the encrypted, decrypted, and authenticated
session(Ephemeral keys) in RSA is extremely difficult
• The key is the shift value. packets. The protocols needed for secure key exchange and
opposed to Diffie-Hellman, which provides an extremely easy
• Relatively simple and easy to understand. key management are defined in it.
generation of keys.
Security: RSA key generation algorithm is based on the • Limited security due to the small number of possible key Uses of IP Security
difficulty of integer factorization of numbers while the Diffie- values (26 in the case of the English alphabet). To encrypt application layer data.
Hellman key generation algorithm is based on the difficulty of • Vulnerable to frequency analysis attacks. To provide security for routers sending routing data across the
discrete logarithmic or modular arithmetic. • Fast and efficient for encryption and decryption. public internet.
Key Strength: RSA 1024 bits are less robust in comparison to Hill Cipher: To provide authentication without encryption, like to
Diffie-Hellman 1024 bits keys. • Polygraphic substitution cipher that operates on blocks of authenticate that the data originates from a known sender.
Authentication: RSA authenticates the parties involved in letters (typically pairs or triplets). To protect network data by setting up circuits using IPsec
communication while Diffie-Hellman does not authenticate • It uses matrix multiplication to encrypt and decrypt. tunnelling in which all data being sent between the two
either party involved in communication. • The key is a square matrix that must be invertible. endpoints is encrypted, as with a Virtual Private Network
Forward Secrecy: RSA doesn’t provide perfect forward • Provides stronger security compared to the Caesar cipher. (VPN) connection.
secrecy, that is, if the private key is leaked in RSA, then that • Resistant to simple frequency analysis attacks. Components of IP Security
key could be used by an attacker not only to decrypt future • Suitable for handling larger blocks of text. 1. Encapsulating Security Payload (ESP): It provides data
messages using it but also to decrypt past encrypted traffic • The key matrix size determines the complexity and security integrity, encryption, authentication, and anti-replay. It also
which relied on that key-pair. This is because the key pair is of the cipher. provides authentication for payload.
static, as it’s also used for server authentication and cannot be 2. Authentication Header (AH): It also provides data
• Slower compared to simpler substitution ciphers.
changed every time. Diffie-Hellman provides forward secrecy, integrity, authentication, and anti-replay and it does not
Playfair Cipher:
provide encryption. The anti-replay protection protects against
as it uses a different key for each session. • Substitution cipher that operates on pairs of letters
Diffie- Hellman RSA the unauthorized transmission of packets. It does not protect
(digrams).
data confidentiality.
Uses One Private Key.
Uses One Public and One • It uses a 5x5 matrix (usually a keyword) to generate the 3. Internet Key Exchange (IKE): It is a network security
Private Key. encryption and decryption rules. protocol designed to dynamically exchange encryption keys
Uses Exponential Uses Cryptographic • The key is the matrix or keyword. and find a way over Security Association (SA) between 2
Methods. Methods. • Handles digrams rather than individual letters. devices. The Key Management Protocol (ISAKMP) and
Symmetric Key Asymmetric Key • Provides better security compared to simple substitution Internet Security Association provides a framework for
Encryption Adopted. Encryption Adopted. ciphers like Caesar. authentication and key exchange. The algorithm’s IP sec users
Only allows authorized
Encryption can be • Resistant to frequency analysis attacks. produce a unique identifier for each packet. This identifier
performed by anyone, but • Offers a good balance between security and efficiency. then allows a device to determine whether a packet has been
people to access the
only authorized users to • Limited to only 26 * 26 = 676 possible digrams. correct or not. Packets that are not authorized are discarded
keys, perform Encryption
perform the activity of
& Decryption. • Requires special handling for certain letters and digram and not given to the receiver.
decryption.
repetitions. Q. SSL VS TLS VS SSH
RSA ensures secure
Does not authenticate the Q. Hmac vs Cmac algorithm. SSL (Secure TLS (Transport SSH (Secure
communication by
users participating in the HMAC (Hash-based Message CMAC (Cipher-based Message Sockets Layer) Layer Security) Shell)
authenticating the users and
key exchange. Authentication Code) Authentication Code) Secure Secure
all the communication.
Provides integrity and Provides integrity and communication communication Secure remote
Diffie-Hellman is authenticity to messages. authenticity to messages.
RSA is s vulnerable to between client between client login and file
vulnerable to discrete
integer factorization. HMAC requires a secret CMAC requires a secret key and server. and server. transfer.
logarithms.
key for computation. for computation. Designed
Q. ElGamal Cryptosystem Pre-image resistance, Confidentiality (if the key is It was the It succeeded SSL specifically for
Ans. The ElGamal cryptosystem is an asymmetric encryption second pre-image secret), integrity, and predecessor to and is the current secure remote
algorithm based on the computational difficulty of the discrete resistance, collision authenticity. TLS. standard. operations.
logarithm problem. It provides confidentiality for secure resistance. Enhanced
communication between two parties. Hash function-based Symmetric block cipher- Vulnerable to security with Strong security
Key Generation: authentication algorithm. based authentication several known regular updates with strong
A user selects a large prime number p and a primitive root g algorithm. security and encryption and
modulo p. Length of the secret key Length of the secret key vulnerabilities. improvements. key exchange.
The user generates a private key a as a random number depends on the specific depends on the specific TLS handshake
between 1 and p-1. HMAC variant. CMAC algorithm. SSL handshake includes server SSH handshake
The corresponding public key is computed as A = g^a mod p. Combines the input Uses a symmetric block involves server authentication, involves server
Encryption: message with the secret key cipher to generate the authentication key exchange, authentication
To encrypt a message m for the recipient with public key A, using a hash function. authentication code. and key and mutual and key
the sender: Fast computation using Slower than HMAC due to exchange. authentication. exchange.
Selects a random number k. hash functions. additional cipher operations. Typically uses Typically uses
Computes the ciphertext as (c₁, c₂) = (g^k mod p, A^k * m Network protocols (e.g., Network protocols, secure port 443 for port 443 for Typically uses
mod p). TLS), message storage systems, message HTTPS HTTPS port 22 for SSH
Sends (c₁, c₂) to the recipient. authentication, secure authentication. connections. connections. connections.
Decryption: communication. Used in various
The recipient, who knows the private key a, can compute the HMAC-MD5, HMAC- CMAC-AES, CMAC-DES, applications for
plaintext as m = (c₂ / c₁^a) mod p. SHA1, HMAC-SHA256, CMAC-TDEA, etc., Used primarily in secure Primarily used
The security of ElGamal relies on the computational etc., depending on the hash depending on the cipher web browsers for communication, for secure remote
infeasibility of the discrete logarithm problem. function used. used. secure web including web, access and
Q. Schnorr Signature Scheme communication. email, VPNs, etc. administration.
Ans. The Schnorr signature scheme is a digital signature Q. MD5 VS SHA512. SSL certificates TLS certificates
algorithm that provides authenticity, integrity, and non- MD5 (Message Digest SHA-512 (Secure Hash are issued by are issued by
repudiation of messages. It is based on the difficulty of the Algorithm 5) Algorithm 512) Certificate Certificate SSH uses host
discrete logarithm problem. Hash function Hash function Authorities Authorities keys for server
Key Generation: 128 bits (16 bytes) 512 bits (64 bytes) (CAs). (CAs). authentication.
A user selects a large prime number p and a primitive root g Weakened security due to Strong security with no Supports a range
modulo p. vulnerabilities and known practical of encryption
The user generates a private key x as a random number collisions vulnerabilities algorithms, Supports a
between 1 and p-1. Pre-image resistance, Pre-image resistance, including variety of strong Supports strong
The corresponding public key is computed as Y = g^x mod p. second pre-image second pre-image outdated and encryption encryption
Signing: resistance, resistance, weak ones. algorithms. algorithms.
To sign a message m with the private key x, the signer: and collision resistance and collision resistance TLS 1.0, TLS
Selects a random number k. Fast hashing speed Slower than MD5 due to SSL 2.0, SSL 1.1, TLS 1.2,
Computes r = g^k mod p. increased complexity and 3.0. TLS 1.3. SSH1, SSH2.
Computes e as a cryptographic hash of the message m and longer digest size
other relevant information. Used in legacy systems, Widely used in secure Q. Symmetric vs Asymmetric key encryption.
Computes s = (k - x*e) mod (p-1). checksums, and non-critical applications, digital Symmetric Key Encryption Asymmetric Key
The signature is (r, s). applications signatures, password It requires two keys, a public
Verification: hashing, etc. It only requires a single key key and a private key, one to
Given a signature (r, s) and the public key Y, the verifier: for both encryption and encrypt and the other one to
Vulnerable to length Not vulnerable to length decryption. decrypt.
Computes e as a cryptographic hash of the message m and extension attacks extension attacks
other relevant information. The size of cipher text is the The size of cipher text is the
Weaker compared to SHA- Stronger resistance against same or smaller than the same or larger than the
Computes v₁ = g^(s*e) * Y^r mod p. 512 brute force attacks original plain text. original plain text.
The signature is valid if v₁ = r. Considered insecure and Widely accepted and secure The encryption process is The encryption process is
The Schnorr signature scheme is known for its simplicity, obsolete for cryptographic cryptographic standard very fast. slow.
efficiency, and provable security when used with a secure hash purposes It is used when a large
function.
Represented as a 32- Represented as a 128- amount of data is required to It is used to transfer small
character hexadecimal character hexadecimal transfer. amounts of data.
string string It provides confidentiality,
It only provides authenticity, and non-
confidentiality. repudiation.
The length of key used is 128 The length of key used is
or 256 bits 2048 or higher
It is efficient as it is used for It is comparatively less
handling large amount of efficient as it can handle a
data. small amount of data.
Security is less as only one It is more secure as two keys
key is used for both are used here- one for
encryption and decryption encryption and the other for
purpose. decryption.
Q. Hash vs MAC. Q. What is Intrusion Detection System (IDS) and its type. Q. difference between SSL and TLS.
Hash Function Message Authentication Code Ans. A system called an intrusion detection system (IDS) SSL TLS
(MAC) observes network traffic for malicious transactions and sends SSL stands for Secure Socket TLS stands for Transport
Hashes are primarily used MACs provide data integrity Layer. Layer Security.
immediate alerts when it is observed. It is software that checks
to verify data integrity. and authenticity. SSL (Secure Socket Layer) TLS (Transport Layer
a network or system for malicious activities or policy
Can accept arbitrary-length Accepts both input data and a supports Security) does not support
violations. Each illegal activity or violation is often recorded the Fortezza algorithm. the Fortezza algorithm.
input data. secret key. either centrally using a SIEM system or notified to an SSL (Secure Socket Layer) is TLS (Transport Layer
Produces a fixed-size Produces a fixed-size output administration. IDS monitors a network or system for the 3.0 version. Security) is the 1.0 version.
output (digest). (tag). malicious activity and protects a computer network from In TLS(Transport Layer
Typically, unkeyed, but unauthorized access from users, including perhaps insiders. In SSL( Secure Socket Layer), Security), a Pseudo-random
Requires a secret key for
can be used in HMAC The intrusion detector learning task is to build a predictive the Message digest is used to function is used to create a
computation.
constructions. model (i.e., a classifier) capable of distinguishing between create a master secret. master secret.
Pre-image resistance, ‘bad connections’ (intrusion/attacks) and ‘good (normal) In TLS(Transport Layer
Confidentiality (if the key is
second pre-image connections. In SSL( Secure Socket Layer), Security), Hashed Message
secret), integrity, and
resistance, collision IDS are classified into 5 types: the Message Authentication Authentication Code
authenticity. Code protocol is used. protocol is used.
resistance. Network Intrusion Detection System (NIDS): Network
Length of the secret key is Length of the secret key intrusion detection systems (NIDS) are set up at a planned SSL (Secure Socket Layer) is
null as no key required depends on the specific MAC. point within the network to examine traffic from all devices on more complex than
the network. It performs an observation of passing traffic on TLS(Transport Layer TLS (Transport Layer
Generally faster than public-key
Fast computation. the entire subnet and matches the traffic that is passed on the Security). Security) is simple.
cryptography.
subnets to the collection of known attacks. Once an attack is SSL (Secure Socket Layer) is
Data integrity checks, less secured as compared to TLS (Transport Layer
Network protocols (e.g., TLS), identified or abnormal behavior is observed, the alert can be
password storage (hashed TLS(Transport Layer Security) provides high
authentication protocols. sent to the administrator. Host Intrusion Detection System
passwords). Security). security.
(HIDS): Host intrusion detection systems (HIDS) run on TLS is highly reliable and
Q. difference between MD5 vs SHA1. independent hosts or devices on the network. A HIDS SSL is less reliable and upgraded. It provides less
MD5 SHA1 monitors the incoming and outgoing packets from the device slower. latency.
While SHA1 stands for only and will alert the administrator if suspicious or malicious
MD5 stands for Message Digest. Secure Hash Algorithm. activity is detected. It takes a snapshot of existing system files SSL has been depreciated. TLS is still widely used.
MD5 can have 128 bits length of Whereas SHA1 can have 160 and compares it with the previous snapshot. If the analytical SSL uses port to set up TLS uses protocol to set up
message digest. bits length of message digest. system files were edited or deleted, an alert is sent to the explicit connection. implicit connection.
While the speed of SHA1 is administrator to investigate.
The speed of MD5 is fast in slow in comparison of Protocol-based Intrusion Detection System (PIDS): Q. Difference Between PGP VS S/MIME
comparison of SHA1’s speed. MD5’s speed. Protocol-based intrusion detection system (PIDS) comprises a PGP S/MIME
To make out the initial message the On the opposite hand, in system or agent that would consistently reside at the front end While it is designed to process
It is designed for
aggressor would want 2^128 SHA1 it’ll be 2^160 that of a server, controlling and interpreting the protocol between a email as well as many
processing the plain texts
operations whereas exploitation the makes it quite troublesome to multimedia files.
user/device and the server. It is trying to secure the web server
MD5 algorithmic program. seek out. PGP is less costly as While S/MIME is
by regularly monitoring the HTTPS protocol stream and compared to S/MIME. comparatively expensive.
While SHA1 is more
MD5 is simple than SHA1. complex than MD5. accepting the related HTTP protocol. PGP is good for personal as While it is good for industrial
MD5 provides indigent or poor While it provides balanced or Application Protocol-based Intrusion Detection System well as office use. use.
security. tolerable security. (APIDS): An application Protocol-based Intrusion Detection PGP is less efficient than While it is more efficient than
In MD5, if the assailant needs to System (APIDS) is a system or agent that generally resides S/MIME. PGP.
seek out the 2 messages having Whereas in SHA1, assailant within a group of servers. It identifies the intrusions by Whereas it relies on a
monitoring and interpreting the communication on It depends on user key
identical message digest, then would need to perform 2^80 hierarchically valid certificate
application-specific protocols. For example, this would exchange.
assailant would need to perform operations which is greater for key exchange.
2^64 operations. than MD5. monitor the SQL protocol explicitly to the middleware as it While it is more convenient
MD5 was presented in the year While SHA1 was presented transacts with the database in the web server. PGP is comparatively less than PGP due to the secure
1992. in the year 1995. Hybrid Intrusion Detection System: Hybrid intrusion convenient. transformation of all the
detection system is made by the combination of two or more applications.
Q. difference between IPv4 and IPv6. approaches to the intrusion detection system. In the hybrid PGP contains 4096 public While it contains only 1024
IPv4 IPv6 intrusion detection system, the host agent or system data is keys. public keys.
IPv4 has a 32-bit address IPv6 has a 128-bit address length combined with network information to develop a complete While it is also the standard for
PGP is the standard for
length view of the network system. strong encryption but has some
strong encryption.
It Supports Manual and It supports Auto and drawbacks.
Detection Method of IDS
DHCP address configuration renumbering address PGP is also be used in While it is not used in VPNs, it
Signature-based Method: Signature-based IDS detects the
configuration VPNs. is only used in email services.
attacks on the basis of the specific patterns such as the number
In IPv4 end to end, connection In IPv6 end-to-end, connection PGP uses Diffie hellman While it uses Elgamal digital
integrity is Unachievable integrity is Achievable of bytes or a number of 1s or the number of 0s in the network digital signature. signature.
It can generate The address space of IPv6 is traffic. It also detects on the basis of the already known In S/MIME Trust is established
malicious instruction sequence that is used by the malware. In PGP Trust is established
4.29×109 address space quite large it can produce using Public Key
The detected patterns in the IDS are known as signatures. using Web of Trust.
3.4×1038 address space Infrastructure.
The Security feature is IPSEC is an inbuilt security Anomaly-based Method: Anomaly-based IDS was PGP doen’t provides S/MIME provides
dependent on the application feature in the IPv6 protocol introduced to detect unknown malware attacks as new authentication. authentication.
Address representation of Address Representation of IPv6 malware is developed rapidly. In anomaly-based IDS there is
IPv4 is in decimal is in hexadecimal the use of machine learning to create a trustful activity model PGP is used for Securing S/MIME is used for Securing
Fragmentation performed by In IPv6 fragmentation is and anything coming is compared with that model and it is text messages only. Messages and attachments.
Sender and forwarding routers performed only by the sender declared suspicious if it is not found in the model. There is less use of PGP in While S/MIME is widely used
In IPv4 Packet flow In IPv6 packet flow identification Q. What Is the OSI Model, its layers and advantages industry. in industry.
identification is not available are Available and uses the flow Ans. The Open Systems Interconnection (OSI) model describes Convenience of PGP is Convenience of S/MIME is
label field in the header seven layers that computer systems use to communicate over a low. High.
In IPv4 checksum field is In IPv6 checksum field is not network. It was the first standard model for network Administrative overhead of Administrative overhead of
available available communications, adopted by all major computer and PGP is high. S/MIME is low.
It has a broadcast Message In IPv6 multicast and anycast telecommunication companies in the early 1980s
Transmission Scheme message transmission scheme is OSI 7 layers
available Q. Kerberos, its components and its applications.
Application Layer
In IPv4 Encryption and In IPv6 Encryption and The application layer is used by end-user software such as web Ans. Kerberos is a widely used network authentication protocol that
Authentication facility not Authentication are provided provides secure authentication for client/server applications. It uses
browsers and email clients. It provides protocols that allow software
provided to send and receive information and present meaningful data to symmetric key cryptography and relies on a trusted third-party
authentication server.
IPv4 has a header of 20-60 IPv6 has a header of 40 bytes users
Presentation Layer Components of Kerberos:
bytes. fixed
Authentication Server (AS): The AS is the trusted third-party server
IPv4 can be converted to IPv6 Not all IPv6 can be converted to The presentation layer prepares data for the application layer. It
defines how two devices should encode, encrypt, and compress data responsible for initial authentication of users. It issues ticket-
IPv4
granting tickets (TGTs) to users upon successful authentication.
IPv4 consists of 4 fields IPv6 consists of 8 fields, which so it is received correctly on the other end.
Session Layer Ticket-Granting Server (TGS): The TGS is another server that
which are separated by are separated by a colon (:) issues service tickets based on valid TGTs. It acts as a ticket-
addresses dot (.) The session layer creates communication channels, called sessions,
between devices. It is responsible for opening sessions, ensuring granting authority for specific services.
IPv4’s IP addresses are IPv6 does not have any classes of Key Distribution Center (KDC): The KDC is a logical component
divided into five different the IP address. they remain open and functional while data is being transferred, and
closing them when communication ends. comprising both the AS and TGS. It handles the authentication and
classes. Class A , Class B, ticket-granting functions.
Class C, Class Da , Class E. Transport Layer
The transport layer takes data transferred in the session layer and Client: The client is the user or entity requesting access to network
IPv4 supports IPv6 does not support VLSM. services. It communicates with the AS and TGS to obtain tickets
VLSM(Variable Length breaks it into “segments” on the transmitting end. It is responsible
for reassembling the segments on the receiving end, turning it back and access resources.
subnet mask). Service Server: The service server hosts the network services that
Example of IPv4: Example of IPv6: into data that can be used by the session layer.
Network Layer the client wants to access. It verifies the authenticity of service
[Link] [Link] tickets presented by clients.
[Link] The network layer has two main functions. One is breaking up
segments into network packets, and reassembling the packets on the Applications of Kerberos:
Single Sign-On (SSO): Kerberos enables users to authenticate once
receiving end.
Q. Chinese Remainder Theorem. Data Link Layer and obtain tickets that can be used to access multiple services
Ans. The Chinese Remainder Theorem (CRT) is a fundamental without needing to re-authenticate for each service. This simplifies
The data link layer establishes and terminates a connection between
two physically-connected nodes on a network. It breaks up packets the login process and improves user convenience.
theorem in number theory that provides a solution to a system of
Network Authentication: Kerberos provides secure authentication
simultaneous congruences. It states that if you have a system of into frames and sends them from source to destination.
for client/server applications and protects against unauthorized
congruences with pairwise relatively prime moduli, then there Physical Layer
access to network resources. It ensures that only authenticated and
exists a unique solution within a certain range. The physical layer is responsible for the physical cable or authorized users can access specific services.
wireless connection between network nodes. Distributed File Systems: Kerberos is commonly used in
Advantages of OSI Model distributed file systems like the Andrew File System (AFS) and
The OSI model helps users and operators of computer Network File System (NFS) to authenticate users accessing remote
networks. file resources.
Determine the required hardware and software to build their Email Systems: Kerberos can be used to secure email systems,
network. allowing users to authenticate and access their email accounts
Understand and communicate the process followed by securely.
components communicating across a network. Directory Services: Kerberos is often integrated with directory
Perform troubleshooting, by identifying which network layer services like Active Directory to provide secure authentication and
is causing an issue and focusing efforts on that layer. authorization for users accessing directory information and
resources.