DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

SUBJECT : NETWORK SECURITY YEAR: III SEMESTER: V

SUBJECT CODE : U23CSE507 REGULATION: 2023
Prepared By : [Link] Christian St Hubert
Assistant Professor
Department of Computer Science and Engineering

UNIT-I
Security Attack - Non-cryptographic Protocol Vulnerabilities - Software Vulnerabilities -
The need for security - Security services - Security Mechanisms- Classical encryption:
Classical Techniques.

1. What is Security attack and Security service?

Security attack: Any action that compromises the security of information owned by an
organization. Security mechanism: A mechanism that is designed to detect, present or recover
from a security attack.
Security service: A service that enhances the security of the data processing systems and the
information transfer of an organization. Define Threat and attack.
 Threat is a possible danger that might exploit a vulnerability to breach security and
thus cause possible harm.
 Attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized
access to or make unauthorized use of an asset.

2. Define cryptanalysis.
The study of principles and methods of transforming an unintelligible message back into an
intelligible message without the knowledge of the key. It is also called code breaking.

3. Specify the four categories of security threats?

 Interruption
 Interception
 Modification C401.1 BTL 1
 Fabrication

4. Distinguish between passive attack and active attack.

Passive attacks: Passive attacks are in the nature of eavesdropping on, or monitoring
of,transmissions. It includes release of message contents and Traffic analysis. Passive attacks

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 are very difficult to detect because they do not involve any alteration of data. However, it is
feasible to prevent the success of these attacks, usually by means of encryption.
Active attacks: Active attack involves some modification of the data stream or the
creation of afalse data stream and can be subdivided into four categories namely as a
masquerade, replay, modification of messages and the denial of service attack.

5. Define Plaintext, Ciphertext

Plaintext: Refers to the original message that is created and sent into encryption method.
Ciphertext: It is the text that is now scrambled and ready to send. It may look like a random
stream of data, and is unreadable.

6. List the components involved in network security (i.e. Model for network security)
 Message
 Two principals (Source and Destination)
 Trusted third party
 Opponent

7. Define Denial-of-service attacks:

Attackers can overload network resources or disrupt communication by exploiting
vulnerabilities in protocols like TCP, UDP, and ICMP.

8. What is man in the middle attack.

Attackers can intercept and modify communication by exploiting weaknesses in protocols
like ARP and DNS.

9. What is Buffer overflow attack

A buffer overflow attack occurs when a program writes more data to a buffer (a temporary
storage area in memory) than it can hold. This overflow can overwrite adjacent memory,
potentially allowing attackers to inject malicious code, crash the system, or gain
unauthorized access.

10. What is Spoofing attack.

A spoofing attack is a type of cyberattack where a malicious actor disguises themselves as

a trusted entity by falsifying data, such as IP addresses, email headers, or identity
information. The goal is typically to gain access to sensitive data, bypass access controls, or
trick users into taking harmful actions.
 IP Spoofing
 Email Spoofing
 DNS Spoofing.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 11. Define Phishing atack.

A phishing attack is a type of social engineering where attackers trick victims into
revealing sensitive information—like passwords, credit card numbers, or login credentials—
by pretending to be a legitimate or trusted entity, often through email, websites, text
messages, or phone calls.

12. What is SQL injection attack?

An SQL Injection (SQLi) attack is a code injection technique where an attacker inserts
malicious SQL code into an application's input fields to manipulate the underlying database.
It can allow attackers to view, modify, or delete data, and in some cases, gain full control of
the database server.

13. What is software vulnerability ?

A software vulnerability is a weakness or flaw in a software system that can be exploited by
attackers to compromise the system's confidentiality, integrity, or availability. These
vulnerabilities often arise from coding errors, insecure configurations, or inadequate security
practices.

14. Differentiate symmetric and asymmetric encryption?

Symmetric Asymmetric It is a form of cryptosystem in which It is a form of cryptosystem in
which encryption and decryption performed using encryption and decryption Performed using
the same key. Eg: DES, AES two keys. Eg:RSA,ECC.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 15. Define integrity and non repudiation.
Integrity: Service that ensures that only authorized person able to modify the message. Non
repudiation: This service helps to prove that the person who denies the transaction is true or
false.

16. Define steganography .

Hiding the message into some cover media. It conceals the existence of a message.

17. Why network need security?

When systems are connected through the network, attacks are possible during transmission
time.

18. Define confidentiality and authentication Confidentiality

It means how to maintain the secrecy of message. It ensures that the information in a
computer system and transmitted information are accessible only for reading by authorized
person. Authentication: It helps to prove that the source entity only has involved the
transaction.

19. Define cryptography.

It is a science of writing Secret code using mathematical techniques. The many schemes used
for enciphering constitute the area of study known as cryptography.

20. Compare Substitution and Transposition techniques.

SUBSTITUTION TRANSPOSITION
A substitution techniques is one in It means, different kind of mapping is which the letters of
plaintext are replaced by other letter or by number or symbols. achieved by performing some
sort of *Eg: Caeser cipher. permutation on the plaintext letters. *Eg: DES, AES.

21. Define integrity.

It assures that the data received is sent by an authorized entity and are not
modified/replayed/deleted/updated.

22. Compare stream cipher with block cipher with example.

Stream cipher: Processes the input stream continuously and producing one element at a time.
Example: Caeser cipher. Block cipher: Processes the input one block of elements at a time
producing an output block for each input block. Example: DES.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 23. Define cryptanalysis
Cryptanalysis is the study and practice of analyzing and breaking cryptographic systems. It
involves discovering weaknesses or vulnerabilities in encryption algorithms, with the goal of:
 Deciphering encrypted data without access to the key
 Finding flaws in cryptographic protocols
 Recovering plaintext or the encryption key.

24. Mention two requirements for secure conventional encryption.

Two requirements for secure conventional encryption are:
A strong encryption algorithm: The algorithm should be robust enough that even if an
attacker knows the algorithm and has access to the ciphertext, they should not be able to
decrypt the message or determine the key.
Secure key management: Both the sender and receiver must obtain copies of the secret key
in a secure manner and must keep the key confidential to prevent unauthorized access.

25. What is a transposition cipher? Give an example.

A transposition cipher is a type of classical encryption technique in which the positions of the
characters in the plaintext are rearranged according to a certain system, without altering the
actual characters.
Plaintext:
MEET ME AFTER THE TOGA PARTY
Write in a zigzag pattern (2 rows):
M E T M AT R T E O AAT
E E F E H G P Y
Then read row-wise:
Ciphertext: MEMATRHTGPRYETEFETEOAAT.

26. List out the ingredients of public key encryption scheme?

 Plaintext
 Encryption algorithm
 Public key
 Private key
 Cipher key
 Decryption key

27. Lit out the difference between virus and worms.

VIRUS: a computer virus is a program that loaded on your computer without your knowledge
and runs without your permission .A virus is designed to reproduce itself through legitimate
process in computer programs and operating systems therefore , a virus requires a host in

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 order to replicate .viruses are often cable ofmutating or changing while they are replicating
themselves.

28. Define malicious software?

Malicious software is any software that gives partial to full control of your computer to do
whatever the malware creator wants .Malware can be a virus ,worm, Trojan, adware ,spyware
,root kit etc.,

29. Write down the role of security standards?

Standards allow products from multiple vendors to communicate, giving the purchaser more
flexibility in equipment selection in use.

30. Define intrusion.

Intrusion is an illegal act of entering, sizeing or taking possession of another property.

31. Write down the system security standards .

Security standards development and publications re done by internet architecture board,
internet engineering task force and internet engineering steering group.

32. Point out the types of cryptanalytic attack

 Cipher text only,
 Known plain text,
 Chosen plaintext,
 Chosen cipher text.

33. List the security services.

 Authentication
 Peer entity authentication
 Integrity
 Non-repudiation
 Access Control
 Availability.

34. What is protocol Vulnerabilities.

Protocol vulnerabilities are weaknesses or flaws within the design or implementation
of communication protocols that can be exploited by attackers to compromise systems or
networks.
Example :
 Denial of service

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

  Man in the Middle attack
 HTTP request smuggling
35. Define software Vulnerabilities.
Software vulnerabilities are flaws or weaknesses in software code that can be exploited by
attackers to compromise the security and functionality of the system
Example : SQL Injection, Buffer Overflow , Broken Access Control.

PART-B
5 MARKS
1. Explain briefly about the various security attacks in details.
Computer security is security applied to computing devices such as computers and
smartphones, as well as computer networks such as private and public networks, including the whole
Internet.
The field covers all the processes and mechanisms by which digital equipment, information
and services are protected from unintended or unauthorized access, change or destruction, and are of
growing importance in line with the increasing reliance on computer systems of most societies
worldwide. It includes physical security to prevent theft of equipment, and information security to
protect the data on that equipment. It is sometimes referred to as "cyber security" or "IT security",
though these terms generally do not refer to physical security (locks and such).
Some important terms used in computer security are:
Vulnerability:
Vulnerability is a weakness which allows an attacker to reduce a system's information
assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker
access to the flaw, and attacker capability to exploit the flaw. To exploit vulnerability, an attacker must
have at least one applicable tool or technique that can connect to a system weakness. In this frame,
vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of
identifying, classifying, remediating, and mitigating [Link] practice generally refers to
software vulnerabilities in computing systems.

Backdoors :
A backdoor in a computer system, is a method of bypassing normal authentication, securing
remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain
undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be
a modification to an existing program or hardware device. It may also fake information about disk and
memory usage.

Denial-of-service attack:
Unlike other exploits, denials of service attacks are not used to gain unauthorized access or
control of a system. They are instead designed to render it unusable. Attackers can deny service to
individual victims, such as by deliberately entering a wrong password enough consecutive times to

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 cause the victim account to be locked, or they may overload the capabilities of a machine or network
and block all users at once. These types of attack are, in practice, very hard to prevent, because the
behaviour of whole networks needs to be analyzed, not only the behaviour of small pieces of code.
Distributed denial of service (DDoS) attacks are common, where a large number of compromised
hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a
worm, trojan horse, or backdoor exploit to control them) are used to flood a target system with
network requests, thus attempting to render it unusable through resource exhaustion.

Direct-access attacks: An unauthorized user gaining physical access to a computer (or part thereof)
can perform many functions, install different types of devices to compromise security, including
operating system modifications, software worms, key loggers, and covert listening devices. The
attacker can also easily download large quantities of data onto backup media, for instance CD-
R/DVD-R, tape; or portable devices such as key drives, digital cameras or digital audio players.
Another common technique is to boot an operating system contained on a CD-ROM or other bootable
media and read the data from the hard drive(s) this way. The only way to defeat this is to encrypt the
storage media and store the key separate from the system. Direct-access attacks are the only type of
threat to Standalone computers (never connect to internet), in most cases.

Eavesdropping :
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts
on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI
and NSA to eavesdrop on the systems of internet service providers.

Spoofing:
Spoofing of user identity describes a situation in which one person or program successfully
masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Tampering :
Tampering describes an intentional modification of products in a way that would make them harmful
to the consumer.

Repudiation:
Repudiation describes a situation where the authenticity of a signature is being challenged.

Information disclosure:
Information Disclosure (Privacy breach or Data leak) describes a situation where information, thought
as secure, is released in an untrusted environment. Elevation of privilege Elevation of Privilege
describes a situation where a person or a program want to gain elevated privileges or access to
resources that are normally restricted to him/it.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 Exploits
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a
software "bug" or "glitch" in order to cause unintended or unanticipated behaviour to occur on
computer software, hardware, or something electronic (usually computerized). This frequently
includes such things as gaining control of a computer system or allowing privilege escalation or a
denial of service attack. The term "exploit" generally refers to small programs designed to take
advantage of a software flaw that has been discovered, either remote or local. The code from the
exploit program is frequently reused in Trojan horses and computer viruses.

Indirect attacks An indirect attack is an attack launched by a third-party computer. By using someone
else's computer to launch an attack, it becomes far more difficult to track down the actual attacker.
There have also been cases where attackers took advantage of public anonymizing systems, such as
the tor onion router system.

Computer crime: Computer crime refers to any crime that involves a computer and a network.

2. Describe briefly about the various security services.

It is a processing or communication service that is provided by a system to give a specific
kind of production to system resources. Security services implement security policies and are
implemented by security mechanisms.
Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. It is used to prevent
the disclosure of information to unauthorized individuals or systems. It has been defined as ―ensuring
that information is accessible only to those authorized to have access‖.
The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit
card number has to be secured during online transaction.
Authentication
This service assures that a communication is authentic. For a single message transmission, its
function is to assure the recipient that the message is from intended source. For an ongoing interaction
two aspects are involved. First, during connection initiation the service assures the authenticity of
both parties. Second, the connection between the two hosts is not interfered allowing a third party to
masquerade as one of the two parties. Two specific authentication services defines in X.800 are
Peer entity authentication:
Verifies the identities of the peer entities involved in communication. Provides use at time of
Media connection estblishment and during data transmission. Provides confidence against a masquera
or replay attack Data origin authentication: Assumes the authenticity of source of data unit, but does
not provide protection against duplication or modification of data units. Supports applications like
electronic mail, where no prior interactions take place between communicating entities.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 Integrity:
Integrity means that data cannot be modified without authorization. Like confidentiality, it
can be applied to a stream of messages, a single message or selected fields within a message. Two
types of integrity services are available. They are:

Connection-Oriented Integrity Service: This service deals with a stream of messages, assures that
messages are received as sent, with no duplication, insertion, modification, reordering or replays.
Destruction of data is also covered here. Hence, it attends to both message stream modification and
denial of service.
Connectionless-Oriented Integrity Service: It deals with individual messages regardless of larger
context, providing protection against message modification only.

An integrity service can be applied with or without recovery. Because it is related to active
attacks, major concern will be detection rather than prevention. If a violation is detected and the
service reports it, either human intervention or automated recovery machines are required to recover.
Non-repudiation:
Non-repudiation prevents either sender or receiver from denying a transmitted message. This
capability is crucial to e-commerce. Without it an individual or entity can deny that he, she or it is
responsible for a transaction, therefore not financially liable.
Access Control
This refers to the ability to control the level of access that individuals or entities have to a
network or system and how much information they can receive. It is the ability to limit and control the
access to host systems and applications via communication links. For this, each entity trying to gain
access must first be identified or authenticated, so that access rights can be tailored to the individuals.

Availability
It is defined to be the property of a system Media or a system resource being accessible and
usable upon demand by an authorized system entity. This can significantly be affected by a variety of
attacks, some amenable to automated counter measures i.e authentication and encryption and others
need some sort of physical action to prevent or recover from loss of availability of elements of
distributed system.

3. Discuss in detail about the Security Mechanism.

According to X.800, the security mechanisms are divided into those implemented in a specific
protocol layer and those that are not specific to any particular protocol layer or security service. X.800
also differentiates reversible & irreversible encipherment mechanisms. A reversible encipherment
mechanism is simply an encryption algorithm that allows data to be encrypted and subsequently

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 decrypted, whereas irreversible encipherment include hash algorithms and message authentication
codes used in digital signature and message authentication applications

Specific Security Mechanisms

Incorporated into the appropriate protocol layer in order to provide some of the OSI
security services,
 Encipherment: It refers to the process of applying mathematical algorithms for converting
data into a form that is not intelligible. This depends on algorithm used and encryption keys.

 Digital Signature: The appended data or a cryptographic transformation applied to any data
unit allowing to prove the source and integrity of the data unit and protect against forgery.

 Access Control: A variety of techniques used for enforcing access permissions to the
system resources.
 Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream
of data units.

 Authentication Exchange: A mechanism intended to ensure the identity of an entity by

means of information exchange.

 Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.

 Routing Control: Enables selection of particular physically secure routes for certain data
and allows routing changes once a breach of security is suspected.

 Notarization: The use of a trusted third party to assure cert in properties of a data exchange

Pervasive Security Mechanisms

These are not specific to any particular OSI security service or protocol layer.
 Trusted Functionality: That which is perceived to be correct with respect to some criteria
 Security Level: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
 Event Detection: It is the process of detecting all the events related to network security.
 Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is
an independent review and examination of system records and activities. Security Recovery: It
deals with requests from mechanisms, such as event handling and management functions, and
takes recovery actions.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 4. Why we need security ? Explain.
Threats :
A threat is an object, person, or other entity that represents a constant danger to an asset
The 2020 CSI survey
 494 computer security practitioners
 46% suffered security incidents
 29% reported to law enforcement
 Average annual loss $350,424 3
 1/5 suffered ‗targeted attack‗
 The source of the greatest financial losses?
 Most prevalent security problem
 Insider abuse of network access

Email Threat Categories

 Acts of human error or failure
 Compromises to intellectual property
 Deliberate acts of espionage or trespass
 Deliberate acts of information extortion
 Deliberate acts of sabotage or vandalism
 Deliberate acts of theft
 Deliberate software attack
 Forces of nature
 Deviations in quality of service
 Technical hardware failures or errors
 Technical software failures or errors
 Technological obsolesce

Definitions
 Computer Security – generic name for the collection of tools designed to protect data and to
thwart hackers
 Network Security – measures to protect data during their transmission 
 Internet Security - measures to protect data during their transmission over a collection of
interconnected networks  our focus is on Internet Security

PART -C
10 MARKS
1. Describe in detail about the Non-cryptographic Protocol Vulnerabilities.
Non-cryptographic protocol vulnerabilities are flaws within network communication protocols
that, unlike cryptographic failures, don't involve weaknesses in encryption or hashing

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 algorithms. They can be exploited to compromise network security, allowing attackers to perform
actions like denial-of-service attacks, man-in-the-middle attacks, and identity spoofing.
Denial-of-service attack:
A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the device's normal
functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with
requests until normal trafÏc is unable to be processed, resulting in denial-of-service to addition users.
A DoS attack is characterized by using a single computer to launch the attack.

The Denial of Service Attack is of two types:

Buffer overflow attack:

An attack type in which a memory*buffer overflow*can cause a machine toconsume all
available hard disk space, memory, or CPU time. This form of exploit often results in sluggish
behavior, system crashes, or other deleterious server behaviors, resulting in denial-of-service.

Flood attacks:
By saturating a targeted server with an overwhelming amount of packets, a malicious actor is
able to oversaturate server capacity, resulting in denial-of-service. In order for most DoS flood attacks
to be successful, the malicious actor must have more available bandwidth than the target.

A distributed denial-of-service (DDoS)

This attack is a malicious attempt to disrupt the normal trafÏc of a targeted server, service or
network by overwhelming the target or its surrounding infrastructure with a flood of Internet trafÏc.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources
of attack trafÏc. Exploited machines can include computers and other networked resources such as IoT
devices.

How does a DDoS attack work?

DDoS attacks are carried out with networks of Internet-connected machines. These networks
consist of computers and other devices (such as IoT devices)which have been infected with*malware,
allowing them to be controlled remotely by an attacker. These individual devices are referred to
as*bots*(or zombies), and a group of bots is called botnet. Once a botnet has been established, the
attacker is able to direct an attack by sending remote instructions to each bot.
When a victim‘s server or network is targeted by the botnet, each bot sends requests to the target‘s*IP
address, potentially causing the server or network to become overwhelmed, resulting in a*denial-of-
service*to normal traffic.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 Session hijacking
It refers to the malicious act of taking control of a user‘s web session. A session, in the context
of web browsing, is a series of interactions between two communication endpoints, sharing a unique
session token to ensure continuity and security.
It‘s a form of attack where a bad actor steals or manipulates the session token to gain
unauthorized access to information or services. The hijacking process typically begins when an
attacker intercepts this token, which can be likened to a secret handshake between the user and the
website. Once in possession of this token, the attacker gains the ability to masquerade as the
legitimate user, potentially causing havoc. The methods of interception can vary, ranging from
network eavesdropping to sophisticated phishing attack.

There are three primary techniques for hijacking sessions:

1. Brute Force -the attacker tries multiple IDs until successful.
2. Calculate – in many cases, IDs are generated in a non-random manner and can be calculated.
3. Steal – using different types of techniques, the attacker can acquire the Session ID.

Spoofing attack Spoofing:

It is a technique through which a cybercriminal disguises themselves as a known or trusted source.
Spoofing can take many forms, such as spoofed emails, IP spoofing, DNS Spoofing, GPS spoofing,
website spoofing, and spoofed calls.
In so doing, the adversary is able to engage with the target and access their systems or devices with
the ultimate goal of stealing information, extorting money or installing malware or other harmful
software on the device.
 IP Spoofing
 Email Spoofing
 Caller ID Spoofing
 GPS Spoofing

1. ✅ IP Spoofing

 The attacker sends IP packets with a false source IP address to disguise their identity.
 Purpose:
o To impersonate a trusted system.
o To bypass IP-based authentication.
o Often used in DoS/DDoS attacks.
 Impact:
o Man-in-the-middle attacks.
o Session hijacking.
o Network trust exploitation.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 2. ✅ Email Spoofing

 Forging the ―From‖ address in an email to make it appear from a trusted sender.
 Purpose:
o Phishing attacks.
o Malware distribution.
o Social engineering.
 Impact:
o Identity theft.
o Financial fraud.
o Spread of misinformation.

3. ✅ Caller ID Spoofing

 Changing the caller ID displayed on the recipient‘s device to mislead or impersonate

someone.
 Purpose:
o Telemarketing scams.
o Voice phishing (vishing).
o Bypassing phone call blocking.
 Impact:
o Trust exploitation.
o Fraudulent transactions.
o Privacy breaches.

4. ✅ GPS Spoofing

Transmitting fake GPS signals to deceive a GPS receiver about its actual location.

 Purpose:
o Misguide drones, ships, or vehicles.
o Avoid tracking or geofencing.
 Impact:
o Navigation disruption.
o Loss of control in autonomous systems.
o Military and aviation risks.

2. Explain in detail about the software Vulnerabilities.

Software Vulnerability‘ refers to a flaw or weakness in a software system that could be
exploited to compromise the system‘s security or functionality. This vulnerability can exist in the
operating system, in a software application, or in the network protocols that the software uses. The

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 exploitation of a software vulnerability can lead to unauthorized access, data theft, denial of service,
or even system takeover.

Buffer overflows

Buffer overflows occur when a program writes more data to a fixed-size memory buffer than
it can accommodate, causing that data to spill into adjacent memory. This can overwrite variables,
corrupt return addresses, or disrupt control flow. The issue is especially common in low-level
languages like C and C++, which lack built-in memory safety features.

While often considered an ―old-school‖ vulnerability, buffer overflows remain a real threat,
especially in embedded systems, firmware, and legacy code. They can lead to remote code execution,
crashes, or full system compromise when exploited, potentially allowing attackers to take full control
of the system.

Insecure deserialization

Insecure deserialization is when an application accepts serialized data like JSON, XML, or
binary objects and converts it into code or objects without proper validation. If an attacker modifies
that data, they can inject malicious code, escalate privileges, or trigger remote code execution during
deserialization.

Because serialization is used behind the scenes in many frameworks, insecure deserialization
is often overlooked—yet it remains one of the most powerful and dangerous software security
vulnerabilities.

SQL injection

SQL Injection (SQLi) remains one of the most widely exploited software vulnerabilities. It‘s
dangerous because it often enables attackers to extract confidential information, escalate privileges, or
gain full administrative control, especially in systems lacking proper input validation and privilege
controls.

Despite widespread awareness, SQL injection is still common in 2025 due to legacy
codebases, insecure development practices, and inconsistent input validation in many web
applications.

Cross-site scripting (XSS)

Cross-site scripting (XSS) occurs when an attacker injects malicious JavaScript into a web page,
which then executes in another user‘s browser. It‘s used to impersonate users, deliver malware, or
exploit browser extensions. XSS typically targets web apps that fail to properly handle user input in
HTML or JavaScript contexts. This can lead to session hijacking, cookie theft, user redirection, or a
spoofed interface that appears to come from a trusted source.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 Broken access control

Broken access control occurs when an application fails to properly enforce restrictions on what
authenticated users are allowed to do. These flaws can result in unauthorized access to data, actions,
or system functionality. They often stem from misconfigured permissions, missing authorization
logic, or predictable object references (e.g., userId=123 in a URL). Common examples include:

 Accessing admin-only endpoints without role verification.

 Viewing or modifying another user‘s data by changing URL parameters or API calls.
 Performing privileged actions outside a role, such as a regular user being able to delete
records or change permissions.

Insecure APIs

As apps become increasingly API-first, insecure endpoints can serve as backdoors to otherwise
protected systems, leading to unauthorized access, data leaks, or service disruption. APIs are prime
targets for attackers due to their access to large volumes of sensitive information, lack of
documentation, and reliance on open-source components with known vulnerabilities.

Identification and authentication failures

This category covers flaws in how users are identified and authenticated, such as weak login
mechanisms, missing multi-factor authentication (MFA), exposed session tokens, or poor password
policies. These failures frequently lead to credential stuffing, brute-force attacks, or session hijacking.

Software and data integrity failures

Software and data integrity failures occur when code, configuration, or update mechanisms are
susceptible to tampering. These vulnerabilities are part of supply chain attacks where trust in open-
source packages, CI/CD workflows, or updates is exploited. Examples include insecure package
downloads, unverified third-party dependencies, or unsigned updates that are deployed regardless.

Cryptographic failures

Cryptographic failures or ―sensitive data exposure‖ occur when sensitive data isn‘t properly protected
in transit or at rest. It differs from missing encryption in that these issues usually stem from how
cryptography is applied, managed, or integrated. Common examples include using broken or outdated
algorithms like SHA-1 or MD5 for hashing passwords, storing API tokens in plain text, or hardcoding
cryptographic keys directly into source code.

Server-side request forgery (SSRF)

Server-side request forgery (SSRF) happens when an attacker tricks a server into making
unauthorized HTTP requests (often to internal services) by submitting a malicious or user-controlled

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 URL. This vulnerability turns a server into a proxy, allowing attackers to reach internal-only
endpoints or cloud metadata APIs.

Unlike broader API flaws, SSRF is network-oriented. It exploits the trust that backend systems place
in each other, not in external callers.

3. Explain in Detail about Classical Encryption Technique.

A symmetric encryption scheme has five ingredients:
 Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
 Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
 Secret key: The secret key is also input to the encryption algorithm. The key is a value independent
of the plaintext and of the algorithm. The algorithm will produce a different output depending
on the specific key being used at the time.
 Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the
secret key.
 Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the secret key and produces the original plaintext. There are two requirements
for secure use of conventional encryption.
1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that
an opponent who knows the algorithm and has access to one or more ciphertexts would be
unable to decipher the ciphertext or figure out the key.
2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep
the key secure.

Cryptography
Cryptographic systems are characterized along three independent dimensions:
1. The type of operations used for transforming plaintext to ciphertext. Mention two requirements for
secure conventional [Link] encryption algorithms are based on two general principles:
substitution, inwhich each element in the plaintext (bit, letter, group of bits or letters)
ismapped into another element, and transposition, in which elements in the plaintext are
rearranged. The fundamental requirement is that no information be lost.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 2. The number of keys [Link] both sender and receiver use the same key, the system is referred to as
symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use
different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
3. The way in which the plaintext is processed.A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipherprocesses
the input elements continuously, producing output one element at a time, as it goes along.
Cryptanalysis
There are two general approaches to attacking a conventional encryption scheme:

Cryptanalysis:
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general
characteristics of the plaintext.
Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average, half of all possible keys must be tried to
achieve success.
An encryption scheme is unconditionally secureif the ciphertext generated by the scheme does not
contain enough information to determine uniquely the corresponding plaintext, no matter how
much ciphertext is available.
 The cost of breaking the cipher exceeds the value of the encrypted information.
 The time required to break the cipher exceeds the useful lifetime of the information. An encryption
scheme is said to be computationally secureif either of the foregoing two criteria are met.

Substitution Techniques:
The two basic building blocks of all encryption techniques are substitution and transposition.
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols.
Caesar Cipher: The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.
For example, plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
C = E(3,p)= (p + 3) mod 26
C = E(k,p) = (p + k) mod 26, p=D(k,C) mod 26
Three important characteristics of this problem enabled us to use a brute-force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
Monoalphabetic Ciphers:
If, instead, the "cipher" line can be any permutation of the 26 alphabetic characters, then there are 26!
Possible keys. This is referred to as a monoalphabetic substitution cipher, because a single
cipher alphabet (mapping from plain alphabet to cipher alphabet) is used per message.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 Playfair Cipher: The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed
using a keyword.

Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that
balloon would be treated as ba lx lo on.
 Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
 Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. mu is encrypted as CM.
 Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM
(or JM, as the encipherer wishes)
Polyalphabetic Ciphers:

To encrypt a message, a key is needed that is as long as the message. Usually, the key is a repeating
keyword. For example, if the keyword is deceptive, the message "we are discovered save yourself"
is encrypted as follows:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Decryption is equally simple. The key letter again identifies the row. The position of the ciphertext letter in
that row determines the column, and the plaintext letter is at the top of that column.

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

 One-Time Pad:
The key is to be used to encrypt and decrypt a single message, and then is discarded. Each new message
requires a new key of the same length as the new message. Such a scheme, known as a one-time
pad, is unbreakable.
The one-time pad offers complete security but, in practice, has two fundamental difficulties:
1. There is the practical problem of making large quantities of random keys.
2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key
of equal length is needed by both sender and receiver.
Transposition Techniques: A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher. The
simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of rows. For example, to encipher the message "meet me
after the toga party" with a rail fence of depth 2, we write the following:

The encrypted message is MEMATRHTGPRYETEFETEOAAT A more complex scheme is to write the

message in a rectangle, row by row, and read the message off, column by column, but permute the
order of the columns. The order of the columns then becomes the key to the algorithm. For example

Steganography:
 Character marking: Selected letters of printed or typewritten text are overwritten in pencil. The marks
are ordinarily not visible unless the paper is held at an angle to bright light.
 Invisible ink: A number of substances can be used for writing but leaveno visible trace until heat or
some chemical is applied to the paper.
 Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is
held up in front of a light.
 Typewriter correction ribbon: Used between lines typedwith a black ribbon, the results of typing with
the correction tape are visible only under a strong light

SMVEC| DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING