Cyber Security And Cyber Law

 

CSCL Practice Paper

Definitions: 

(i) Cyber Threat : 

It is an attempt to exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.

(ii) Trojan Horse: 

It is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users' system acces with their software.

(iii) Passive attack: An attack against an authentication protocol where the Attacker intercepts data traveling along the network  between the Claimant and Verifier, but does not alter the data (i.e., eavesdropping).

(iv) Cryptography: Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.

(v) Encyption: It is the method by which information is converted into secret code that hides the information's true meaning.

(vi) Cipher Text: Ciphertext is encrypted text transformed from plaintext using an encryption algorithm. Ciphertext can't be read until it has been converted into plaintext (decrypted) with a key. The decryption cipher is an algorithm that transforms the ciphertext back into plaintext.

Questions:

Q1. What is the OSI security architecture? Explain in brief.

Ans. Security Architecture defines a  systematic approach to providing security at each layer. It defines security services and security mechanisms that can be used at each of the seven layers of the OSI model to provide security for data transmitted over a network. These security services and mechanisms help to ensure the confidentiality, integrity, and availability of the data.  OSI architecture is internationally acceptable as it lays the flow of providing safety in an organization. 

OSI Security Architecture focuses on these concepts:

• Security Attack: A security attack is an attempt by a person or entity to gain unauthorized access to disrupt or compromise the security of a system, network, or device. These are defined as the actions that put at risk an organization’s safety. They are further divided into passive attack and active attack.

• Security mechanism: A security mechanism is a means of protecting a system, network, or device against unauthorized access, tampering, or other security threats.

• Security Service: It refer to the different services available for maintaining the security and safety of an organization. It is divided into five types: Authentication, Access Control, Data Confidentiality, Data integrity and Non-repudiation.

Q2. Explain the difference between active & passive security attacks.

Ans. Active Attacks: Active attacks are the type of attacks in which, The attacker efforts to change or modify the content of messages. Active Attack is dangerous to Integrity as well as availability. Due to active attack system is always damaged and System resources can be changed. The most important thing is that, In an active attack, Victim gets informed about the attack.

Passive Attack : They are the attacks in which, The attacker observes the content of messages or copies the content of messages. Passive Attack is a danger to Confidentiality. Due to passive attack, there is no harm to the system. The most important thing is that In a passive attack, Victim does not get informed about the attack. 

Difference:

Q3. With the help of block diagram, explain the network security model.

Ans. A Network Security Model exhibits how the security service has been designed over the network to prevent the opponent from causing a threat to the confidentiality or authenticity of the information that is being transmitted through the network.

When we send our data from source side to destination side we have to use some transfer method like the internet or any other communication channel by which we are able to send our message. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. When the transfer of data happened from one source to another source some logical information channel is established between them by defining a route through the internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

Well, we are concerned about the security of the message over the network when the message has some confidential or authentic information which has a threat from an opponent present at the information channel. Any security service would have the three components discussed below:

1. A security-related transformation on the information to be sent.
2. Some secret information shared by the two principals and, it is hoped, unknown to the opponent.
3. A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission.

Model shows that there are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the security algorithm and the secret information to achieve a particular security service.

Q4. Discuss the essential ingredients of a symmetric key cryptography.

Ans. 

1. Plaintext: This is the original message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
3. Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts.
5. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.

Q5. Explain the difference between symmetric key & asymmetric key cryptography.

Ans. Symmetric Key Encryption: Encryption is a process to change the form of any message in order to protect it from reading by anyone. In Symmetric-key encryption the message is encrypted by using a key and the same key is used to decrypt the message which makes it easy to use but less secure. It also requires a safe method to transfer the key from one party to another.

Asymmetric Key Encryption: Asymmetric Key Encryption is based on public and private key encryption techniques. It uses two different key to encrypt and decrypt the message. It is more secure than the symmetric key encryption technique but is much slower.

Difference :

Q6. Define various kinds of active attacks generally encountered in cyber security.

Ans. 1. Session Hijacking Attack: A session hijacking attack is a form of active attack in which the attacker will take over your internet session. How? They will access the session information of previously authorized users over the internet and steal their session ID information. Once they have access to a user's session ID information they can successfully impersonate the user.

These attacks can happen as you are shopping online, making payments, or checking your credit card balance. The hijacker can use your session ID to fool the website into thinking you are surfing their site and making purchases or accessing the user's credit card information and bank accounts.

2. Message modification attack:  It is a type of active attack in which a hacker modifies, delays, or reorders communication content to his benefit. The attacker may change packet header addresses so they can send messages to a different target and alter information on a target device to gain access to the network system.

In this type of attack, an intruder will intercept messages being sent from one person to the second. The intruder can then perform three types of modifications to the message:

• They can change existing information in the message.
• They can insert new information.
• They can remove existing information entirely.

3. Masquerade attack: In a masquerade attack, the hacker will disguise himself as someone else and gain unauthorized access to the user's network system. The main motive behind these attacks is data theft and this type of attack is a consequence of identity theft since the attacker may also use someone else's identity to carry out cybercrimes.

These attacks compromise authorization processes in network security. The attackers may use a fake identity, sometimes in the form of a legitimate network to gain access to user information.

4. Denial-of-Service Attack: It is a type of active attack in which an attacker will make a network resource unavailable to its intended user. The affected users will not be able to access information systems, devices, or network resources. This can include emails, websites, online accounts, and any other services hosted on the network.

A denial of service attack is usually carried out by flooding the host network with more traffic than it can handle until it crashes, so legitimate users can't access the site. This is also known as a buffer overflow attack.

5. Trojan horse: It is a type of malware that appears harmless and is downloaded and installed onto a computer; however, like the Greek, it will instead wreak havoc on the targeted device. The malware can then damage, disrupt or steal your data.

You may unknowingly download a seemingly harmless attachment from an email or program from a credible source. Once downloaded, it will then go on to install malware on your device.