Cryptography Unit IV

Unit – IV

Network Security

1.Why does PGP generate a signature before applying compression?

The signature is generated before compression due to 2 reasons:
•It is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification.
• Even if one were willing to generate dynamically a recompressed message for verification, PGP’s compression algorithm presents a difficult.

2.Why is R 64 conversion useful for email generation?

The Radix 64 conversion is performed before the segmentation of the messages take place. The use of radix 64 is that it converts he input stream to 33%. The radix 64 converts the input stream to radix 64 format.

3.What is MIME?
Multipurpose Internet Mail Extension (MIME) is an extension to the RFC 822 framework that is intended to address some of the problems and limitations of these uses of SMTP.

4.What is S/MIME?
Secure / Multipurpose Internet Mail Extension is a security enhancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. It is ability to sign and / or encrypt messages.

5.What services are provided by IPSec?
Services provided by IPSec.
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets.

6.What is the difference between Transport mode and Tunnel mode?

Transport mode
1. It provides protection for upper layer protocols.
2.Used for end-to-end communication between two host.
3.Authenticates IP payload and selected portions of IP header and IPV6 extension header.
Tunnel mode
1.It provides protection to the entire IP packet.
2.It is used when one or both ends of an SA is a security gateway, such as firewall or router that implement IPSec
3.Authenticates entire inner IP packet plus selected portions of outer IP header and outer IPV6 extension header.

7.What is replay attack?
A replay attack is one which an attacker obtains a copy of an authenticated packet and the later transmits it to the intended destination.

8.What is the difference between an SSL connection and an SSL session?
A connection is a transport that provides a suitable type of service. For SSL,
Such connections are peer-to-peer relationships. The connections are transient. An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections.

9.Why does ESP include a padding field?
Padding field is added to the ESP to provide partial traffic flow confidentiality by concealing the actual length of the payload.

10.What problem was Kerberos designed to address?
The problem that Kerberos addresses is this assumes an open distributed environment in which users at workstations wish to access services on servers distributed throughput the network. We would like for servers to be able to restrict access to authorized users and to be able to authenticate requests for service. In this environment a workstation cannot be trusted to identify its users correctly to network services.

11.What are the requirements of Kerberos?
Requirements for Kerberos are : Secure, Reliable, Transparent and Scalable.

12.What entities constitute a full-service Kerberos environment?
A full service environment consists of a Kerberos server, a number of clients and a number of application servers.

13.What is the need of segmentation and reassembly function in PGP?
E-mail facilities often are restricted to a maximum message length. To accommodate this restriction,PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. This segmentation is done after all of the other processing, including the radix-64 conversion. Thus, the session key component and signature component appear only once, at the beginning of the first segment.

14.How does PGP use the concept of trust?
PGP provide a convenient means of using trust, associating trust with public keys, and exploiting trust information. Each entry in the pubic key ring is a public key certificate. Associated with each such entry is a key legitimate field that indicates the extent to which PGP will trust that this is a valid public key for this user; the higher level of trust, the stronger is the binding of this user ID to this key.

15.What are the technical deficiencies encountered in Kerberos version 4?
The technical deficiencies encountered in Kerberos version 4 are
• Double encryption
• PCBC encryption
• Session keys
• Password attacks

16.Write about X.509.
X.509 is based on the use of public key cryptography and digital signatures. It does not insist a specific algorithm but recommends RSA.

17.What is meant by Certificate policies?
Certificate may be used in environments where multiple policies apply. This extension lists policies that the certificate is recognized as supporting together with optional qualifier information.

18.Mention the elements of the Certificate.
Elements of the certificate are,
• Version
• Serial number
• Signature algorithm identifier
• Issuer name.

19.What are policy mappings?
Policy mappings are used only in certificates for CA’s issued by other CA’s. Policy mappings allow an issuing CA to indicate that one or more of that issuer’s policies can be considered equivalent to another policy used in the subject CA’s domain.

20.Describe about content type.
Content type explains the data contacted in the body with sufficient detail that the receiving user or otherwise deal with the data in an appropriate manner.

Part-B


1.Explain in detail, how the Kerberos version 5 is advantageous over Kerberos version 4.
2.Explain in detail, S/MIME & MIME.
3.Explain in detail, how electronic mail security is done.
4.Explain in detail about PGP?
5. Explain in detail, how web security is achieved?