COMPUTER NETWORKS

UNIT – 6

QNo. 1 to 12 is of 10 marks
QNo. 13 to 24 is of 2 marks
QNo. 25 to 42 is of 6 marks

Contributed By—
MOHNISH VEDI (1741135)
POOJA SHAH (1741137)
RAHUL P VINISH (1741138)
RAHUL PRADEEP KELUSKAR (1741139)
RAJESH N PATEL (1741140)
RASHI KHANDELWAL (1741141)
RATANDEEP KAUR SODHI (1741142)
RECHETHAS C (1741143)
RIYA RAJESH (1741144)
S ANISHA (1741145)
1. Write a short note on FTP. How does it maintain connection using TCP and Port? Draw
clear figure explaining architecture using control and data connection.

FTP File Transfer Protocol (FTP) is the standard protocol provided by TCP/IP for copying a
file from one host to another. Although transferring files from one system to another seems
simple and straightforward, some problems must be dealt with first. For example, two systems
may use different file name conventions. Two systems may have different ways to represent
data. Two systems may have different directory structures. All of these problems have been
solved by FTP in a very simple and elegant approach. Although we can transfer files using
HTTP, FTP is a better choice to transfer large files or to transfer files using different formats.
Figure 26.10 shows the basic model of FTP.

The client has three components: the user interface, the client control process, and the client
data transfer process. The server has two components: the server control process and the server
data transfer process. The control connection is made between the control processes. The data
connection is made between the data transfer processes.
Separation of commands and data transfer makes FTP more efficient. The control connection
uses very simple rules of communication. We need to transfer only a line of command or a line
of response at a time. The data connection, on the other hand, needs more complex rules due to
the variety of data types transferred.
Two Connections
The two connections in FTP have different lifetimes. The control connection remains
connected during the entire interactive FTP session. The data connection is opened and then
closed for each file transfer activity. It opens each time commands that involve transferring
files are used, and it closes when the file is transferred. In other words, when a user starts an
FTP session, the control connection opens. While the control connection is open, the data
connection can be opened and closed multiple times if several files are transferred. FTP uses
two well-known TCP ports: port 21 is used for the control connection, and port 20 is used for
the data connection.
Control Connection
For control communication, FTP uses the same approach as TELNET (discussed later). It uses
the NVT ASCII character set as used by TELNET. Communication is achieved through
commands and responses. This simple method is adequate for the control connection because
we send one command (or response) at a time. Each line is terminated with a two-character
(carriage return and line feed) end-of-line token. During this control connection, commands are
sent from the client to the server and responses are sent from the server to the client.
Commands, which are sent from the FTP client control process, are in the form of ASCII
uppercase, which may or may not be followed by an argument. Some of the most common
commands are shown in Table 26.4.
Data Connection
The data connection uses the well-known port 20 at the server site. However, the creation of a
data connection is different from the control connection. The following shows the steps: 1. The
client, not the server, issues a passive open using an ephemeral port. This must be done by the
client because it is the client that issues the commands for transferring files. 2. Using the PORT
command the client sends this port number to the server. 3. The server receives the port
number and issues an active open using the well known port 20 and the received ephemeral
port number.
Communication over Data Connection
The purpose and implementation of the data connection are different from those of the control
connection. We want to transfer files through the data connection. The client must define the
type of file to be transferred, the structure of the data, and the transmission mode. Before
sending the file through the data connection, we prepare for transmission through the control
connection. The heterogeneity problem is resolved by defining three attributes of
communication: file type, data structure, and transmission mode.
File Type FTP can transfer one of the following file types across the data connection: ASCII
file, EBCDIC file, or image file.
Data Structure FTP can transfer a file across the data connection using one of the following
interpretations of the structure of the data: file structure, record structure, or page structure. The
file structure format (used by default) has no structure. It is a continuous stream of bytes. In the
record structure, the file is divided into records. This can be used only with text files. In the
page structure, the file is divided into pages, with each page having a page number and a page
header. The pages can be stored and accessed randomly or sequentially.
Transmission Mode FTP can transfer a file across the data connection using one of the
following three transmission modes: stream mode, block mode, or compressed mode. The
stream mode is the default mode; data are delivered from FTP to TCP as a continuous stream
of bytes. In the block mode, data can be delivered from FTP to TCP in blocks. In this case,
each block is preceded by a 3-byte header. The first byte is called the block descriptor; the next
two bytes define the size of the block in bytes.
 File Transfer File transfer occurs over the data connection under the control of the commands
sent over the control connection. However, we should remember that file transfer in FTP
means one of three things: retrieving a file (server to client), storing a file (client to server), and
directory listing (server to client).

2. What is WWW? Explain the architecture of WWW. Also explain the terms Browser,
Server, URL, Cookies with clear figures.

The World Wide Web (WWW) is a repository of all resources and users on the Internet that are
using the Hypertext Transfer Protocol (HTTP).
Architecture: The WWW today is a distributed client-server service, in which a client using a
browser can access a service using a server. However, the service provided is distributed over
many locations called sites.
Each site holds one or more documents called web pages. Each web page, however, can
contain some links to other web pages in the same or other sites. In other words, a web page
can be simple or composite. A simple web page has no links to other web pages; a composite
web page has one or more links to other web pages. Each web page is a file with a name and
address.
Assume we need to retrieve a scientific document that contains one reference to another text
file and one reference to a large image. The main document and the image are stored in two
separate files (file A and file B) in the same site; the referenced text file (file C) is stored in
another site. Since we are dealing with three different files, we need three transactions if we
want to see the whole document. The first transaction (request/response) retrieves a copy of the
main document (file A), which has references (pointers) to the second and third files. When a
copy of the main document is retrieved and browsed, the user can click on the reference to the
image to invoke the second transaction and retrieve a copy of the image (file B). If the user
needs to see the contents of the referenced text file, she can click on its reference (pointer)
invoking the third transaction and retrieving a copy of file C. Note that although files A and B
both are stored in site I, they are independent files with different names and addresses. Two
transactions are needed to retrieve them. A very important point we need to remember is that
file A, file B, and file C are independent web pages, each with independent names and
addresses. Although references to file B or C are included in file A, it does not mean that each
of these files cannot be retrieved independently. A second user can retrieve file B with one
transaction. A third user can retrieve file C with one transaction.
A variety of vendors offer commercial browsers that interpret and display a web page, and all
of them use nearly the same architecture. Each browser usually consists of three parts: a
controller, client protocols, and interpreters.

Web Server: The web page is stored at the server. Each time a request arrives, the
corresponding document is sent to the client. To improve efficiency, servers normally store
requested files in a cache in memory; memory is faster to access than a disk. A server can also
become more efficient through multithreading or multiprocessing. In this case, a server can
answer more than one request at a time. Some popular web servers include Apache and
Microsoft Internet Information Server.
Uniform Resource Locator (URL): A web page, as a file, needs to have a unique identifier to
distinguish it from other web pages. To define a web page, we need three identifiers: host, port,
and path. However, before defining the web page, we need to tell the browser what client
server application we want to use, which is called the protocol. This means we need four
identifiers to define the web page. The first is the type of vehicle to be used to fetch the web
page; the last three make up the combination that defines the destination object (web page). To
combine these four pieces together, the uniform resource locator (URL) has been designed; it
uses three different separators between the four pieces as shown below:
Example:
 Cookies: The original purpose of the Web, retrieving publicly available documents, exactly fits
this design. Today the Web has other functions that need to remember some information about
the clients. For these purposes, the cookie mechanism was devised. When a client sends a
request to a server, the browser looks in the cookie directory to see if it can find a cookie sent
by that server. If found, the cookie is included in the request. When the server receives the
request, it knows that this is an old client, not a new one. Note that the contents of the cookie
are never read by the browser or disclosed to the user. It is a cookie made by the server and
eaten by the server.

3. Categorize the documents used in WWW. Explain static, dynamic and active documents
with details and clear figures.

Three basic types of web documents are:

Static.
A static web document resides in a file that it is associated with a web server. The author of a
static document determines the contents at the time the document is written. Because the contents
do not change,
each request for astatic document results in exactly the same response.

Dynamic.
A dynamic web document does not exist in a predefined form. When a request arrives, the
webserver runs an application program that creates the document. The server returns the output of
the program as a response to the browser that requested the document. Because a fresh document
is created or each request,
the contents of a dynamic document can vary from one request to another.
Active
An active web document consists of a computer program that the server sends to the browser and
that the browser must run locally. When it runs, the active document program can interact with
the user change the display continuously.

Advantages and disadvantages of each document type

Static

Advantages: simplicity, reliability and performance. The browser can place a copy in a cache on a
local disk".

Disadvantages: inflexibility, changes are time consuming because they require a human to edit
the file.

Dynamic

Advantages: ability to report current information (current stocks prices, current weather
conditions, current availability of tickets or a concert%. Because, both static and dynamic
documents use HTML, a browser does not know whether the server extracted the page from a
disk file or obtained the page dynamically from a computer program.

Disadvantages: increased cost and, like a static document, a dynamic document does not change
after a browser retrieves a copy.
Thus, information in a dynamic document begins to age as soon as it has been sent to the browser
(stock prices).
Server push. The server runs the programs periodically and sends the new document to the
browser

Active

Advantages: ability to update information continuously. for example, only an active document
can change the display quickly enough to show an animated image.More important, an active
document can access sources of information directly and update the display continuously. For
example, an active document that displays stock prices can continue to retrieve stock information
and change the display without requiring any action from the user.
4. Describe asymmetric key cryptography.

Asymmetric cryptography, also known as public key cryptography, uses public and private keys
to encrypt and decrypt data. The keys are simply large numbers that have been paired together but
are not identical (asymmetric). One key in the pair can be shared with everyone; it is called the
public key. The other key in the pair is kept secret; it is called the private key. Either of the keys
can be used to encrypt a message; the opposite key from the one used to encrypt the message is
used for decryption.
Many protocols like SSH, Open PGP, S/MIME, and SSL/TLS rely on asymmetric cryptography
for encryption and digital signature functions. It is also used in software programs, such as
browsers, which need to establish a secure connection over an insecure network like the internet
or need to validate a digital signature. Encryption strength is directly tied to key size and doubling
key length delivers an exponential increase in strength, although it does impair performance. As
computing power increases and more efficient factoring algorithms are discovered, the ability to
factor larger and larger numbers also increases.
For asymmetric encryption to deliver confidentiality, integrity, authenticity and non-repudiation,
users and systems need to be certain that a public key is authentic, that it belongs to the person or
entity claimed and that it has not been tampered with or replaced by a malicious third party. There
is no perfect solution to this public key authentication problem. A public key infrastructure (PKI),
where trusted certificate authorities certify ownership of key pairs and certificates, is the most
common approach, but encryption products based on the Pretty Good Privacy (PGP) model
(including Open PGP), rely on a decentralized authentication model called a web of trust, which
relies on individual endorsements of the link between user and public key.

5. Write the short note on Headers of HTTP. How many types of header exist? Explain at
least 10 of them in one statement each.

HTTP header fields provide required information about the request or response, or about the
object sent in the message body.
General header: Headers applying to both requests and responses but with no relation to the
data eventually transmitted in the body.
Request header: Headers containing more information about the resource to be fetched or about
the client itself.
Response header: Headers with additional information about the response, like its location or
about the server itself (name and version etc.).
 Entity header: Headers containing more information about the body of the entity, like its
content length or its MIME-type.
End-to-end headers: These headers must be transmitted to the final recipient of the message;
that is, the server for a request or the client for a response. Intermediate proxies must retransmit
end-to-end headers unmodified and caches must store them.
Hop-by-hop headers: These headers are meaningful only for a single transport-level connection
and must not be retransmitted by proxies or cached. Such headers are: Connection, Keep-Alive,
Proxy-Authenticate, Proxy-Authorization, TE, Trailer, Transfer-Encoding and Upgrade.

6. Classify modes of operation for block ciphers. Explain each with valid figures and
examples.

Encryption algorithms are divided into two categories based on input type, as block cipher and
stream cipher. Block cipher is an encryption algorithm which takes fixed size of input
say b bits and produces a ciphertext of b bits again. If input is larger than b bits it can be
divided further. For different applications and uses, there are several modes of operations for a
block cipher.

Electronic Code Book (ECB) –

Electronic code book is the easiest block cipher mode of functioning. It is easier because of
direct encryption of each block of input plaintext and output is in form of blocks of encrypted
ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into
bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:

Advantages of using ECB –

  Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
 Simple way of block cipher.
Disadvantages of using ECB –
 Prone to cryptanalysis since there is a direct relationship between plaintext and
ciphertext.

Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some
security requirements. In CBC, previous cipher block is given as input to next encryption
algorithm after XOR with original plaintext block. In a nutshell here, a cipher block is
produced by encrypting a XOR output of previous cipher block and present plaintext block.
The process is illustrated here:

Advantages of CBC –
 CBC works well for input greater than b bits.
 CBC is a good authentication mechanism.
 Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
 Parallel encryption is not possible since every encryption requires previous cipher.

Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption with some new
specifications: first an initial vector IV is used for first encryption and output bits are divided as
set of s and b-s bits the left-hand side s bits are selected and are applied an XOR operation with
plaintext bits. The result given as input to a shift register and the process continues. The
encryption and decryption process for the same is shown below, both of them use encryption
algorithm.

Advantages of CFB –
 Since, there is some data loss due to use of shift register, thus it is difficult for applying
cryptanalysis.

Output Feedback Mode –

The output feedback mode follows nearly same process as the Cipher Feedback mode except
that it sends the encrypted output as feedback instead of the actual cipher which is XOR output.
In this output feedback mode, all bits of the block are sent instead of sending selected s bits.
The Output Feedback mode of block cipher holds great resistance towards bit transmission
errors. It also decreases dependency or relationship of cipher on plaintext.
Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time
a counter initiated value is encrypted and given as input to XOR with plaintext which results in
ciphertext block. The CTR mode is independent of feedback use and thus can be implemented
in parallel.
Its simple implementation is shown below:
7. What is DNS Protocol? How does it work for Internet? Explain Generic, country and
inverse domains with examples.

A Domain Name System is a hierarchical decentralized naming system for computers and other
resources connected to the internet or private networks. In use since 1985, it associates
information with domain names assigned to participating entities and translates domain names
to their numerical IP addresses. It's considered an essential component of the functionality of
the internet.

Working of DNS for the Internet

A frequently used analogy is that DNS functions as the phonebook for the internet; it stores the
long numerical IP addresses by an easier to remember website address. The hierarchy of
domain is read from right to left; a domain name is divided into separate parts, or labels,
separated by dots (ex: Google.com) with the farthest right demarking the dominant domain. (In
this case, .com) When a user types a domain name into a URL or web address, the computer
uses a DNS server to look up the domain name and redirect the page to the correct IP address.
Types of domains:
DNS is a protocol that can be used in different platforms. In the Internet, the domain name
space (tree) was originally divided into three different sections: generic domains, country
domains, and the inverse domains. However, due to the rapid growth of the Internet, it became
extremely difficult to keep track of the inverse domains, which could be used to find the name
of a host when given the IP address. The inverse domains are now deprecated (see RFC 3425).
Generic Domains
The generic domains define registered hosts according to their generic behaviour. Each node in
the tree defines a domain, which is an index to the domain name space database.

Looking at the tree, we see that the first level in the generic domains section allows 14 possible
labels. These labels describe the organization types as listed in Table.
Country Domains
The country domains section uses two-character country abbreviations (e.g., us for United
States). Second labels can be organizational, or they can be more specific national
designations. The United States, for example, uses state abbreviations as a sub-division of us
(e.g., ca.us.). Figure shows the country domains section. The address uci.ca.us. can be
translated to University of California, Irvine, in the state of California in the United States.

Inverse Domains

 Inverse domain is used to map an address to a name.

 For example, a client send a request to the server for performing a particular task, server
finds a list of authorized client. The list contains only IP addresses of the client.
 The server sends a query to the DNS server to map an address to a name to determine if the
client is on the authorized list.
 This query is called an inverse query.
 This query is handled by first level node called arpa.
8. Explain the architecture of Email. Provide the format of Email and Email Address.

Electronic mail(e-mail) allows users to exchange messages.

Architecture

To explain the architecture of e-mail, we give a common scenario, as shown below

In the common scenario, the sender and the receiver of the e-mail, Alice and Bob respectively,
are connected via a LAN or a WAN to two mail servers. The administrator has created one
mailbox for each user where the received messages are stored. A mail-box is part of a server
hard drive, a special file with permission restrictions. Only the owner of the mailbox has access
to it. The administrator has also created a queue (spool) to store messages waiting to be sent. A
simple e-mail from Alice to Bob takes nine different steps, as shown in the figure. Alice and
Bob use three different agents: a user agent (UA), a message transfer agent (MTA), and a
message access agent (MAA).
USER AGENT:
The first component of an electronic mail system is the user agent (UA). It provides service to
the user to make the process of sending and receiving a message easier. A user agent is a
software package (program) that composes, reads, replies to, and forwards messages. It also
handles local mailboxes on the user computers.
There are two types of user agents: command-driven and GUI-based.
Command driven user agents belong to the early days of electronic mail. They are still present
as the underlying user agents. Some examples of command driven user agents are mail, pine,
and elm. Modern user agents are GUI-based. They contain graphical user interface
(GUI)components that allow the user to interact with the software by using both the keyboard
and the mouse. Some examples of GUI-based user agents are Eudora and Outlook.

MESSAGE TRANSFER AGENT: The formal protocol that defines the MTA client and server
in the Internet is called Simple Mail Transfer Protocol (SMTP). SMTP is used two times,
between the sender and the sender’s mail server and between the two mail servers. As we will
see shortly, another protocol is needed between the mail server and the receiver. SMTP simply
defines how commands and responses must be sent back and forth.
Commands and Responses SMTP uses commands and responses to transfer messages between
an MTA client and an MTA server. The command is from an MTA client to an MTA server;
the response is from an MTA server to the MTA client. Each command or reply is terminated
by a two-character (carriage return and line feed) end-of-line token. Commands are sent from
the client to the server. Responses are sent from the server to the client. A response is a three-
digit code that may be followed by additional textual information.
MESSAGE ACCESS AGENT
The first and second stages of mail delivery use SMTP. However, SMTP is not involved in the
third stage because SMTP is a push protocol; it pushes the message from the client to the
server. In other words, the direction of the bulk data (messages) is from the client to the server.
On the other hand, the third stage needs a pull protocol; the client must pull messages from the
server. The direction of the bulk data is from the server to the client. The third stage uses a
message access agent. Currently two message access protocols are available: Post Office
Protocol, version 3 (POP3) and Internet Mail Access Protocol, version 4 (IMAP4).
POP3 is simple but limited in functionality. The client POP3 software is installed on the
recipient computer; the server POP3 software is installed on the mail server.Another mail
access protocol is Internet Mail Access Protocol, version 4 (IMAP4). IMAP4 is similar to
POP3, but it has more features; IMAP4 is more powerful and more complex.
 Format of email:

Format of email address:

To deliver mail, a mail handling system must use an addressing system with unique addresses.
In the Internet, the address consists of two parts: a local part and a domain name, separated by
an @ sign.

9. Explain the internal and external network security issues you can visualize in a network.

Few internal network security issues are:

a) Malicious cyber-attacks:
The most likely perpetrators of cyber-attacks are system administrators or the other IT staff
with privileged system access. Technically proficient employees can use their system access to
open back doors into computer systems, or leave programs on the network to steal information
or wreak havoc.
The best protection against this sort of attack is to monitor employees closely and be alert for
disgruntled employees who might abuse their positions. In addition, experts advise
immediately cancelling network access and passwords when employees leave the company, to
avoid those using passwords to remotely access the network in future.
b) Social engineering:
Perhaps one of the most common ways for attackers to gain access to a network is by
exploiting the trusting nature of your employees.

c) Downloading malicious internet content:

Some reports suggest the average employee in a small business spends up to an hour a day
surfing the web for personal use — perhaps looking at video or file-sharing websites, playing
games or using social media websites such as Facebook.
It's not just time that this activity could cost you. Analyst reports show that the number of
malware and virus threats is increasing by more than 50 percent each year, and many of these
destructive payloads can be inadvertently introduced to the network by employees.
The best advice is to constantly update and patch your IT systems to ensure you are protected.

d) Information leakage:
There are now a staggering number of ways that information can be taken from your computer
networks and released outside the organisation. Whether it's an MP3 player, a CD-ROM, a
digital camera or USB data stick, today's employees could easily take a significant chunk of
your customer database out of the door in their back pocket.

e) Illegal activities:
It's important to remember that, as an employer, you are responsible for pretty much anything
your employees do using your computer network — unless you can show you have taken
reasonable steps to prevent this.
To protect yourself, experts advise a two-pronged approach. First, use monitoring software to
check email and internet traffic for certain keywords or file types. You might also choose to
block certain websites and applications completely.
Few internal network security issues are:
a) Economic threats:
The economy can be considered an external threat to businesses because, no matter how hard a
company works or how good its products are, economic conditions dictate a business's profit
and success. Economic downturns can decrease the demand for goods or services on the
consumer market. On the other hand, a robust economy will inspire more consumer spending
and business growth. According to the Economic Development Research and Training Centre,
studying economic trends, such as household spending or consumer demand reports, can help
companies track economic patterns in their external environments.

b) Competitors:
Competition is a significant external threat to businesses and is a product of the marketplace. A
competitive market requires knowing who your competitors are. Competition serves as an
external threat because businesses compete with other organizations for the same customers. In
turn, this challenge can cause one company to flourish and the other to flop.

c) Global Environment:
 The global environment can be risky for companies that rely on horticulture, agriculture or
other types of natural resources. Weather patterns are examples of global environmental threats
that can impact a company’s resources, projects and profitability. Businesses track and trend
weather patterns and global changes to monitor what types of environmental risks are out there.

d) Political factors:
Political decisions or changes can threaten businesses. Foreign investments, for instance, can
be threatened by political decisions to go to war with other countries. Or government-funded
agencies can have their businesses impacted by budget cuts or budget deficits.

e) New technology:
The technological field, with all of its advancements, can serve as a potential external threat to
businesses. Technological changes can give companies a competitive advantage, leaving others
behind. For instance, travel agencies were exposed to a technological threat when the Internet
gave customers the ability to do their own research and make their own travel plans from their
computers, thereby eliminating the need for travel agencies. Technological changes should be
monitored to determine if there are any direct threats to a business.

10. Explain Email architecture with a neat diagram

E-mail system normally consists of two sub systems

1. the user agents
2. the message transfer agents
The user agents allow people to read and send e-mails. The message transfer agents move the
messages from source to destination. The user agents are local programs that provide a
command based, menu-based, or graphical method for interacting with e-mail system. The
message transfer agents are daemons, which are processes that run-in background. Their job is
to move datagram e-mail through system.
A key idea in e-mail system is the distinction between the envelope and its contents. The
envelope encapsulates the message. It contains all the information needed for transporting the
message like destinations address, priority, and security level, all of which are distinct from the
message itself. The message transport agents use the envelope for routing. The message inside
the envelope consists of two major sections:
11. Explain RSA Public key algorithm with suitable example.

There are several asymmetric-key cryptosystems, one of the common public key algorithms is
the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman). RSA uses two
exponents, e and d, where e is public and d is private. Suppose P is the plaintext and C is the
ciphertext. Alice uses C = Pe mod n to create ciphertext C from plaintext P; Bob uses P = Cd
mod n to retrieve the plaintext sent by Alice. The modulus n, a very large number, is created
during the key generation process.

Procedure

Bob chooses two large numbers, p and q, and calculates n = p × q and φ = (p − 1) × (q − 1).
Bob then selects e and d such that (e × d) mod φ = 1. Bob advertises e and n to the community
as the public key; Bob keeps d as the private key. Anyone, including Alice, can encrypt a
message and send the ciphertext to Bob, using C = (Pe) mod n; only Bob can decrypt the
message, using P = (Cd) mod n. An intruder such as Eve cannot decrypt the message if p and q
are very large numbers (she does not know d).
 Applications
Although RSA can be used to encrypt and decrypt actual messages, it is very slow if the
message is long. RSA, therefore, is useful for short messages. In particular, we will see that
RSA is used in digital signatures and other cryptosystems that often need to encrypt a small
message without having access to a symmetric key. RSA is also used for authentication.

12. Write a short note on DES with clear figures. Also list its limitations.

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size
is 64- bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of
the 64 bits of the key are not used by the encryption algorithm (function as check bits only).
General Structure of DES is depicted in the following illustration.
Since DES is based on the Feistel Cipher, all that is required to specify DES is: -
 1. Round function
2. Key schedule
3. Any additional processing − Initial and final permutation
Initial and Final Permutation
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations
are shown as follows: -
 Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.

Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration: - The graphically depicted permutation logic is generally described as table in DES
specification illustrated as shown: -

XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration: -
 T
he S-box rule is illustrated below: -

Th
ere are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32
bit section.

Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:
KeyGeneration The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
The process of key generation is depicted in the following illustration: -

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
  Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key
selected are weak keys. These keys shall be avoided.
DES has proved to be a very well-designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
Disadvantages:
1. Experts have found a weakness in the design of the cipher.
2. S box creates same output with two chosen input.
3. The initial and final permutation is not exactly clear and seems confusing.

13. Define World Wide Web.

The Web, or World Wide Web (W3), is basically a system of Internet servers that support
specially formatted documents. The documents are formatted in a mark-up language called
HTML (Hyper Text Mark-up Language) that supports links to other documents, as well as
graphics, audio, and video files. This means you can jump from one document to another
simply by clicking on hot spots. Not all Internet servers are part of the World Wide Web.

14. Explain beginning and ending tags. Provide example.

<html> is the opening tag that kicks things off and tells the browser that everything between
that and the </html> closing tag is an HTML document. The stuff between <body> and
</body> is the main content of the document that will appear in the browser window. Not all
tags have closing tags like this (<html></html>) some tags, which do not wrap around content
will close themselves. The line-break tag for example, looks like this: <br>.

15. Explain GET and POST method of HTTP.

The GET method requests a representation of the specified resource. Requests using GET
should only retrieve data. The POST method is used to submit an entity to the specified
resource, often causing a change in state or side effects on the server.
 ENCRYPTION DECRYPTION

16. Define Encryption and Decryption.

Conversion of a human understandable Conversion of an unintelligible message into a

message into an unintelligible and obscure comprehensible form which could be easily
form that cannot be interpreted. understood by a human.

17. Classify cryptography.

18. Define HTTP.

HTTP means Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the
World Wide Web and this protocol defines how messages are formatted and transmitted, and
what actions Web servers and browsers should take in response to various commands.
19. What is a cipher text?
Ciphertext is encrypted text. Plaintext is what you have before encryption, and ciphertext is
the encrypted result. The term cipher is sometimes used as a synonym for ciphertext, but it
more properly means the method of encryption rather than the result.

20. Why is poly-alphabetic substitution superior to mono-alphabetic substitution?

- More secure than monoalphabetic substitutions.

- Multiple ciphertext letters for each plaintext letter, one for each unique letter of the
keyword.

21. Define Network Security.

Network security is protection of the access to files and directories in a computer network
against hacking, misuse and unauthorized changes to the system.

22. What is the relationship between plain text and cipher text?
Plaintext is the input to an encryption algorithm. Ciphertext is the unreadable output of an
encryption algorithm. Plain-Text is what you have before encryption, and Cipher Text is the
encrypted result.

23. What is Decryption?

Decryption is the process of taking encoded or encrypted text or other data and converting it
back into text that you or the computer can read and understand. This term could be used to
describe a method of unencrypting the data manually or unencrypting the data using the proper
codes or keys.

24. What are the two categories of cryptography methods?

There are two basic types of cryptographic systems: symmetric ("private key") and asymmetric
("public key").

25. Describe the hierarchy of name servers.

Hierarchy of Name Servers

 1. Root name servers – It is contacted by name servers that cannot resolve the name. It
contacts authoritative name server if name mapping is not known. It then gets the mapping
and return the IP address to the host.

2. Top level server – It is responsible for com, org, edu, etc and all the top level country
domains like UK, Fr, ca, in etc. They have info about authoritative domain servers and know
names and IP addresses of each authoritative name server for the second level domains.

3. Authoritative name servers This is organization’s DNS server, providing authoritative

hostname to IP mapping for organization servers. It can be maintained by organization or
service provider. In order to reach cse.dtu.in we have to ask the root DNS server, then it will
point out to the top level domain server and then to authoritative domain name server which
actually contains the IP address. So, the authoritative domain server will return the
associative IP address.

The client machine sends a request to the local name server, which, if root does not find
the address in its database, sends a request to the root name server, which in turn, will route
the query to an intermediate or authoritative name server. The root name server can also
contain some hostname to IP address mappings. The intermediate name server always knows
who the authoritative name server is. So finally the IP address is returned to the local name
server which in turn returns the IP address to the host.

26. Explain the terms: name space, domain name space, domains and zones.

Name space
A Name space is a context within which the names of all objects must be unambiguously
resolvable. Name spaces can be flat or hierarchical.

1. Flat Name Spaces

Flat name spaces do not scale well because they can grow only so large before all available
names are used up. Once a name is used more than once in a name space, the name space
violates the unambiguously resolvable requirement.
2. Hierarchical Name Space
A hierarchical name space is divided into different areas, which can be thought of as sub name
spaces. Each area is its own sub name space within the overall name space. Therefore, each
object must have a unique name only within its sub name space in order to have an
unambiguously resolvable name within the name space hierarchy. Hierarchical name spaces,
then, can scale to extremely large networks — as you add more objects to the overall name
space, you have to find unique names for them within only the sub name space to which they
belong.

Domain Name Space

To have a hierarchical name space, a domain name space was designed. In this design the
names are defined in an inverted-tree structure with the root at the top.

Domain
A domain is a subtree of the domain name space. The name of the domain is the name of the
node at the top of the subtree.
 Zone

Since the complete domain name hierarchy cannot be stored on a single server, it is divided
among many servers. What a server is responsible for or has authority over is called a zone. We
can define a zone as a contiguous part of the entire tree.

27. Write about FILE transfer.

File transfer is the process of copying or moving a file from one computer to another over a
network or Internet connection. It enables sharing, transferring or transmitting a file or a logical
data object between different users and/or computers both locally and remotely.
A file transfer can be an upload or download. File Transfer Protocol (FTP), Hypertext Transfer
Protocol (HTTP), BitTorrent and Simple File Transfer Protocol are the most common file
transfer protocols used in computer networks and online.

There are two main types of file transfer:

 Pull-Based: The file transfer request is initiated by the receiver.

 Push Based: The file transfer request is initiated by the sender.
 Moreover, other than network or Internet, file transfer can be performed manually by copying a
file to a new folder/drive in the same computer or by copying it on a USB pen drive, CD or
other portable storage device to be transferred to another computer.

28. Explain FILE transfer protocol with an example.

File Transfer Protocol (FTP) is the standard protocol provided by TCP/IP for copying a file
from one host to another. Although we can transfer files using HTTP, FTP is a better choice to
transfer large files or to transfer files using different formats. The basic model of FTP has a
client and a server. The client has three components: the user interface, the client control
process, and the client data transfer process. The server has two components: the server control
process and the server data transfer process. The control connection is made between the
control processes. The data connection is made between the data transfer processes. Separation
of commands and data transfer makes FTP more efficient.

The control connection uses very simple rules of communication. We need to transfer only a
line of command or a line of response at a time. The data connection, on the other hand, needs
more complex rules due to the variety of data types transferred.
The two connections in FTP have different lifetimes. The control connection remains
connected during the entire interactive FTP session. The data connection is opened and then
closed for each file transfer activity. It opens each time commands that involve transferring
 files are used, and it closes when the file is transferred. In other words, when a user starts an
FTP session, the control connection opens. While the control connection is open, the data
connection can be opened and closed multiple times if several files are transferred. FTP uses
two well-known TCP ports: port 21 is used for the control connection, and port 20 is used for
the data connection.

29. Write down the step by step procedure of maintaining an FTP Session.

File transfer in FTP means one of three things:

o A file is to be copied from the server to the client. This is called retrieving aft/e. It
is done under the supervision of the RETR command,
o A file is to be copied from the client to the server. This is called storing aft/e. It is
done under the supervision of the STOR command.
o A list of directory or file names is to be sent from the server to the client. This is
done under the supervision of the LIST command.

The following shows an actual FTP session for retrieving a list of items in a directory.
$ ftp voyager.deanza.tbda.edu Connected to voyager.deanza.tbda.edu.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
Name (voyager.deanza.tbda.edu:forouzan): forouzan
 331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> Is reports
227 Entering Passive Mode (153,18,17,11,238,169)
150 Here comes the directory listing.

226 Directory send OK.

ftp>quit
221 Goodbye.
1. After the control connection is created, the FIP server sends the 220 (service ready) response
on the control connection.
2. The client sends its name.
3. The server responds with 331 (user name is OK, password is required).
4. The client sends the password (not shown).
5. The server responds with 230 (user log-in is OK).
6. The client sends the list command OS reports) to find the list of files on the directory named
report.
7. Now the server responds with 150 and opens the data connection.
8. The server then sends the list of the files or directories (as a file) on the data connection.
9. When the whole list (file) is sent, the server responds with 226 (closing data connection)
over the control connection.
10. The client now has two choices. It can use the QUIT command to request the closing of the
control connection, or it can send another command to start another activity (and eventually
open another data connection). In our example, the client sends a QUIT command.
11. After receiving the QUIT command, the server responds with 221 (service closing) and
then closes the control connection.

30. Explain HTTP Transaction with request and response messages.

The Hyper-Text Transfer Protocol (HTTP) is used to define how the client-server programs can
be written to retrieve web pages from the Web. An HTTP client sends a request; an HTTP
server returns a response. The server uses the port number 80; the client uses a temporary port
number. HTTP uses the services of TCP, which, as discussed before, is a connection-oriented
and reliable protocol. This means that, before any transaction between the client and the server
can take place, a connection needs to be established between them. After the transaction, the
connection should
 be terminated. The client and server, however, do not need to worry about errors in messages
exchanged or loss of any message, because the TCP is reliable and will take care of this matter.
As we discussed in the previous section, the hypertext concept embedded in web page
documents may require several requests and responses. If the web pages, objects to be
retrieved, are located on different servers, we do not have any other choice than to create a new
TCP connection for retrieving each object. However, if some of the objects are located on the
same server, we have two choices: to retrieve each object using a new TCP connection or to
make a TCP connection and retrieve them all. The first method is referred
to as a non-persistent connection, the second as a persistent connection. HTTP, prior to version
1.1, specified non-persistent connections, while persistent connections are the default in
version 1.1, but it can be changed by the user.

31. List the methods and its related action for HTTP protocol.

The Hyper Text Transfer Protocol (HTTP) is used to define how the client-server programs can
be written to retrieve web pages from the Web. An HTTP client sends a request; an HTTP
server returns a response. The server uses the port number 80; the client uses a temporary port
number.
Methods
The method field defines the request types. In version 1.1 of HTTP, several methods are
defined. Most of the time, the client uses the GET method to send a request. In this case, the
body of the message is empty. The HEAD method is used when the client needs only some
information about the web page from the server, such as the last time it was modified. It can
also be used to test the validity of a URL. The response message in this case has only the
header section; the body section is empty. The PUT method is the inverse of the GET method;
it allows the client to post a new web page on the server (if permitted). The POST method is
similar to the PUT method, but it is used to send some information to the server to be added to
the web page or to modify the web page. The TRACE method is used for debugging; the client
asks the server to echo back the request to check whether the server is getting the requests. The
DELETE method allows the client to delete a web page on the server if the client has
permission to do so. The CONNECT method was originally made as a reserve method; it may
be used by proxy servers, as discussed later. Finally, the OPTIONS method allows the client to
ask about the properties of a web page.
32. Classify traditional cipher. Explain Transpositional Cipher with an example.

The two types of traditional symmetric ciphers are Substitution Cipher and Transposition
Cipher. The following flowchart categories the traditional ciphers:

1.SubstitutionCipher:
Substitution Ciphers are further divided into Mono-alphabetic Cipher and Poly-alphabetic
Cipher.
First, let’s study about mono-alphabetic cipher.
1. Mono-alphabeticCipher–
In mono-alphabetic ciphers, each symbol in plain-text (eg; ‘o’ in ‘follow’) is mapped to one
cipher-text symbol. No matter how many times a symbol occurs in the plain-text, it will
 correspond to the same cipher-text symbol. For example, if the plain-text is ‘follow’ and the
mapping is :

 f -> g
 o -> p
 l -> m
 w -> x
The cipher-text is ‘gpmmpx’.
Types of mono-alphabetic ciphers are:

(a) Additive Cipher (Shift Cipher / Caesar Cipher) –

The simplest mono-alphabetic cipher is additive cipher. It is also referred to as ‘Shift
Cipher’ or ‘Caesar Cipher’. As the name suggests, ‘addition modulus 2’ operation is
performed on the plain-text to obtain a cipher-text.
C = (M + k) mod n
M = (C – k) mod n
where,
C -> cipher-text
M -> message/plain-text
k -> key
The key space is 26. Thus, it is not very secure. It can be broken by brute-force attack.
For more information and implementation see Caesar Cipher
(b) MultiplicativeCipher –
The multiplicative cipher is similar to additive cipher except the fact that the key bit is
multiplied to the plain-text symbol during encryption. Likewise, the cipher-text is
multiplied by the multiplicative inverse of key for decryption to obtain back the plain-
text.
C=(M*k)modn
 M = (C * k-1) mod n
where,
k-1 -> multiplicative inverse of k (key)

The key space of multiplicative cipher is 12. Thus, it is also not very secure.
(c) AffineCipher –
The affine cipher is a combination of additive cipher and multiplicative cipher. The key
space is 26 * 12 (key space of additive * key space of multiplicative) i.e. 312. It is
relatively secure than the above two as the key space is larger.
Here two keys k1 and k2 are used.
C=[(M*k1)+k2]modn
M = [(C – k2) * k1-1 ] mod n
For more information and implementation, see Affine Cipher
Now, let’s study about poly-alphabetic cipher.
2. Poly-alphabetic Cipher –
In poly-alphabetic ciphers, every symbol in plain-text is mapped to a different cipher-text
symbol regardless of its occurrence. Every different occurrence of a symbol has different
mapping to a cipher-text. For example, in the plain-text ‘follow’, the mapping is :
f -> q
o -> w
l -> e
l -> r
o -> t
w -> y
Thus, the cipher text is ‘qwerty’.
Types of poly-alphabetic ciphers are:
 2.TranspositionCipher:
The transposition cipher does not deal with substitution of one symbol with another. It
focuses on changing the position of the symbol in the plain-text. A symbol in the first
position in plain-text may occur in fifth position in cipher-text.
Two of the transposition ciphers are:

1. Columnar Transposition Cipher –

For information and implementation, see Columnar Transposition Cipher
2. Rail-Fence Cipher –
For information and implementation, see Rail-Fence Cipher

Transposition Cipher with example:

 2. It is another type of cipher where the order of the alphabets in the plaintext is
rearranged to create the ciphertext. The actual plaintext alphabets are not replaced.
3. An example is a ‘simple columnar transposition’ cipher where the plaintext is written
horizontally with a certain alphabet width. Then the ciphertext is read vertically as
shown.
4. For example, the plaintext is “golden statue is in eleventh cave” and the secret
random key chosen is “five”. We arrange this text horizontally in table with number
of column equal to key value. The resulting text is shown below.

5. The ciphertext is obtained by reading column vertically downward from first to last
column. The ciphertext is ‘gnuneaoseenvltiltedasehetivc’.
6. To decrypt, the receiver prepares similar table. The number of columns is equal to
key number. The number of rows is obtained by dividing number of total ciphertext
alphabets by key value and rounding of the quotient to next integer value.
7. The receiver then writes the received ciphertext vertically down and from left to right
column. To obtain the text, he reads horizontally left to right and from top to bottom
row.

33. Explain AES architecture with clear figures.

The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than
triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was
designed to overcome this drawback but it was found slow.

The features of AES are as follows −

 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation
network’. It comprises of a series of linked operations, some of which involve replacing inputs
by specific outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats
the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and
four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.
The schematic of AES structure is given in the following illustration −

Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of
four sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.
Shift rows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.
Mix Columns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.
Add round key
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting
128 bits are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −

 Add round key

  Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they are
very closely related.
AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-
proofing’ against progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and
good key management is employed.

34. Illustrate about symmetric key cryptography.

Confidentiality can be achieved using ciphers. Ciphers can be divided into two broad
categories: symmetric key and asymmetric-key.
Symmetric-Key Ciphers
A symmetric-key cipher uses the same key for both encryption and decryption, and the key can
be used for bidirectional communication, which is why it is called symmetric.
general idea behind a symmetric-key cipher is mentioned in the figure given below.

the symmetric-key encipherment uses a single key (the key itself may be a set of values) for
both encryption and decryption. In addition, the encryption and decryption algorithms are
 inverses of each other. If P is the plaintext, C is the ciphertext, and K is the key, the encryption
algorithm Ek(x) creates the ciphertext from the plaintext; the decryption algorithm Dk(x)
creates the plaintext from the ciphertext. We assume that Ek(x) and Dk(x) are inverses of each
other: they cancel the effect of each other if they are applied one after the other on the same
input. We have
in which, Dk(Ek(x)) = Ek(Dk(x)) = x. We need to emphasize that it is better to make the
encryption and decryption public but keep the shared key secret.
This means that Alice and Bob need another channel, a secured one, to exchange the secret
key. Alice and Bob can meet once and exchange the key personally. The secured channel here
is the face-to-face exchange of the key. They can also trust a third party to give them the same
key. They can create a temporary secret key using another kind of cipher⎯asymmetric-key
ciphers⎯which will be described later. Encryption can be thought of as locking the message in a
box; decryption can be thought of as unlocking the box. In symmetric-key encipherment, the
same key locks and unlocks, as shown in Figure 31.3. Later sections show that the asymmetric-
key encipherment needs two keys, one for locking and one for unlocking.
The symmetric-key ciphers can be divided into traditional ciphers and modern ciphers.
Traditional ciphers are simple, character-oriented ciphers that are not secure based on today’s
standard. Modern ciphers, on the other hand, are complex, bit oriented ciphers that are more
secure. We briefly discuss the traditional ciphers to pave the way for discussing more complex
modern ciphers.
Traditional Symmetric-Key Ciphers Traditional ciphers belong to the past. However, we
briefly discuss them here because they can be thought of as the components of the modern
ciphers. To be more exact, we can divide traditional ciphers into substitution ciphers and
transposition ciphers.

35. Explain domain name space with neat diagram.

Alternatively referred to as a namespace, a domain namespace is a name service provided by
the Internet for Transmission Control Protocol networks/Internet Protocol (TCP/IP). DNS is
broken up into domains, a logical organization of computers that exist in a larger network.
Below is an example of the hierarchy of domain naming on the Internet.
 I
n the above example, all websites are broken into regional sections based on the top-level
domain (TLD). In the example of http://support.computerhope.com it has a ".com" TLD, with
"computer hope" as its second level domain that is local to the .com TLD, and "support" as its
subdomain, which is determined by its server.

36. Explain poly alphabetic substitution with a suitable example.

In a polyalphabetic cipher, each occurrence of a character may have a different substitute. The
relationship of a character in the plaintext to a character in the ciphertext is one-to-many. For
example, “a” could be enciphered as “D” at the beginning of the text, but as “N” in the middle.
Polyalphabetic ciphers have the advantage of hiding the letter frequency of the underlying
language. Even single-letter frequency statistics cannot be used to break the ciphertext. To
create a polyalphabetic cipher, we need to make each ciphertext character dependent on both
the corresponding plaintext character and the position of the plaintext character in the message.
This implies that our key should be a stream of subkeys, in which each subkey depends
somehow on the position of the plaintext character that uses that subkey for encipherment. In
other words, we need to have a key stream k = (k1, k2, k3, …) in which ki is used to encipher
the ith character in the plaintext to create the ith character in the ciphertext. To see the position
dependency of the key, let us discuss a simple polyalphabetic cipher called the autokey cipher.
In this cipher, the key is a stream of subkeys, in which each subkey is used to encrypt the
corresponding character in the plaintext. The first subkey is a predetermined value secretly
 agreed upon by Alice and Bob. The second subkey is the value of the first plaintext character
(between 0 and 25). The third subkey is the value of the second plaintext character, and so on.
The name of the cipher, autokey, implies that the subkeys are automatically created from the
plaintext cipher characters during the encryption process. Example: Assume that Alice and Bob
agreed to use an autokey cipher with initial key value k1 = 12. Now Alice wants to send Bob
the message “Attack is today”. Enciphering is done character by character. Each character in
the plaintext is first replaced by its integer value. The first subkey is added to create the first
ciphertext character. The rest of the key is created as the plaintext characters are read. Note that
the cipher is polyalphabetic because the three occurrences of “a” in the plaintext are encrypted
differently. The three occurrences of “t” are also encrypted differently 39 Write a note on
network security. Network security consists of the policies and practices adopted to prevent
and monitor unauthorized access, misuse, modification, or denial of a computer network and
networkaccessible resources. Only network security can remove Trojan horse viruses if it is
activated. Network security involves the authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are assigned an ID and password or
other authenticating information that allows them access to information and programs within
their authority. Network security covers a variety of computer networks, both public and
private, that are used in everyday jobs; conducting transactions and communications among
businesses, government agencies and individuals. Networks can be private, such as within a
company, and others which might be open to public access. Network security is involved in
organizations, enterprises, and other types of institutions. It does as its title explains: It secures
the network, as well as protecting and overseeing operations being done. The most common
and simple way of protecting a network resource is by assigning it a unique name and a
corresponding password. Security management for networks is different for all kinds of
situations. A home or small office may only require basic security while large businesses may
require high-maintenance and advanced software and hardware to prevent malicious attacks
from hacking and spamming. Once authenticated, a firewall enforces access policies such as
what services are allowed to be accessed by the network users. Though effective to prevent
unauthorized access, this component may fail to check potentially harmful content such as
computer worms or Trojans being transmitted over the network. Anti-virus software or an
intrusion prevention system (IPS) help detect and inhibit the action of such malware. An
anomaly-based intrusion detection system may also monitor the network like wire shark traffic
and may be logged for audit purposes and for later high-level analysis. Newer systems
combining unsupervised machine learning with full network traffic analysis can detect active
network attackers from malicious insiders or targeted external attackers that have compromised
a user machine or account.

37. Write a note on network security.

 Network security is the security provided to a network from unauthorized access and risks. It is
the duty of network administrators to adopt preventive measures to protect their networks from
potential security threats.
Computer networks that are involved in regular transactions and communication within the
government, individuals, or business require security. The most common and simple way of
protecting a network resource is by assigning it a unique name and a corresponding password.
Types of Network Security Devices
Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and
content filtering devices are the examples of such devices.
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection
appliances.
Preventative Devices
These devices scan the networks and identify potential security problems. For example,
penetration testing devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples include firewalls, content
filtering, web caching, etc.

38. Explain the following with an example. a) Web documents. b) WWW.

a) A web page (also written as webpage) is a document that is suitable to act as a web resource
on the World Wide Web. When accessed by a web browser it may be displayed as a web page
on a monitor or mobile device. The documents on the web are called web pages. The web page
usually means what is visible, but the term may also refer to a computer file, usually hypertext
written in HTML or a comparable mark-up language. Web browsers coordinate various web
resource elements for the written web page, such as style sheets, scripts, and images, to present
the web page. Typical web pages provide hypertext that includes a navigation bar or a sidebar
menu linking to other web pages via hyperlinks, often referred to as links.

b) The World Wide Web (WWW), commonly known as the Web, is an information space
where documents and other web resources are identified by Uniform Resource Locators
(URLs, such as https://www.example.com/), which may be interlinked by hypertext, and are
accessible via the Internet. The resources of the WWW may be accessed by users via a
software application called a web browser.
39. Explain monoalphabetic substitution with suitable examples

A substitution cipher replaces one symbol with another. If the symbols in the plaintext are
alphabetic characters, we replace one character with another. For example, we can replace
letter A with letter D and letter T with letter Z. If the symbols are digits (0 to 9), we can replace
3 with 7 and 2 with 6. Substitution ciphers can be categorized as either monoalphabetic ciphers
or polyalphabetic ciphers.
Monoalphabetic Ciphers In a monoalphabetic cipher, a character (or a symbol) in the plaintext
is always changed to the same character (or symbol) in the ciphertext regardless of its position
in the text. For example, if the algorithm says that letter A in the plaintext is changed to letter
D, every letter A is changed to letter D. In other words, the relationship between letters in the
plaintext and the ciphertext is one-to-one. The simplest monoalphabetic cipher is the additive
cipher (or shift cipher). Assume that the plaintext consists of lowercase letters (a to z), and that
the ciphertext consists of uppercase letters (A to Z). To be able to apply mathematical
operations on the plaintext and ciphertext, we assign numerical values to each letter (lowercase
or uppercase), as shown in Figure 31.4.

40. Encrypt the following message using mono alphabetic substitution with key=4. I AM
FROM CHRIST UNIVERSITY

Key=4
c=p+e MOD 26

where,

c= Ciphertext
p=Plaintext
e=Encryption key

A=0, B=1, C=2, D=3, E=4, F=5, G=6, H=7, I=8, J=9, K=10, L=11, M=12, N=13, O=14,
P=15, Q=16, R=17, S=18, T=19, U=20, V=21, W=22, X=23, Y=24, Z=25

p p+e p+e MOD 26 c

I=8 8+4=12 12 MOD 26=12 12=M
 A=0 0+4=4 4 MOD 26=4 4=E
M=12 12+4=16 16 MOD 26=16 16=Q
F=5 5+4=9 9 MOD 26=9 9=J
R=17 17+4=21 21 MOD 26=21 21=V
O=14 14+4=18 18 MOD 26=18 18=S
M=12 12+4=16 16 MOD 26=16 16=Q
C=2 2+4=6 6 MOD 26=6 6=G
H=7 7+4=11 11 MOD 26=11 11=L
R=17 17+4=21 21 MOD 26=21 21=V
I=8 8+4=12 12 MOD 26=12 12=M
S=18 18+4=22 22 MOD 26=22 22=W
T=19 19+4=23 23 MOD 26=23 23=X
U=20 20+4=24 24 MOD 26=24 24=Y
N=13 13+4=17 17 MOD 26=17 17=R
I=8 8+4=12 12 MOD 26=12 12=M
V=21 21+4=25 25 MOD 26=25 25=Z
E=4 4+4=8 8 MOD 26=8 8=I
R=17 17+4=21 21 MOD 26=21 21=V
S=18 18+4=22 22 MOD 26=22 22=W
I=8 8+4=12 12 MOD 26=12 12=M
T=19 19+4=23 23 MOD 26=23 23=X
Y=24 24+4=28 28 MOD 26=2 2=C

Therefore the Encrypted Mono alphabetic substitution message is M EQ JVSQ

GLVMWX YRMZIVWMXC.

41. Decrypt the following message using Monoalphabetic substitution with key=4.
IRGVCTXMSR MW JYR.

Key=4
m=c+d MOD 26

where,

c= Ciphertext
d=Decryption key

d=-key mod 26
 = (-4) mod 26
d=22

A=1, B=2, C=3, D=4, E=5, F=6, G=7, H=8, I=9, J=10, K=11, L=12, M=13, N=14, O=15,
P=16, Q=17, R=18, S=19, T=20, U=21, V=22, W=23, X=24, Y=25, Z=26

Therefore the Decrypted Mono alphabetic substitution message is ENCRYPTION IS FUN

42. Explain the following: a) HTTP. b) FTP

HTTP
FTP
Figure 26.21