Escolar Documentos
Profissional Documentos
Cultura Documentos
Ans
The application layer is the top-most layer of OSI model. It provides services directly to user
applications. It enables the to access the network. It provides user interfaces and support for
services such as email, remote file access and transfer, shared database management and other
types of distributed information services.
1 File Transfer: It allows a user to access, retrieve and manage files in a remote computer.
2 Mail services: It provides the basis for email forwarding and storage facilities.
3 Directory services: It provides distributes database sources and access for global information
about various objects and services.
2
Ans
Makes sure that the other party is identified and can be reached
If appropriate, authenticates either the message sender or receiver or both
Makes sure that necessary communication resources exist (for example, is there a modem
in the sender's computer?)
Ensures agreement at both ends about error recovery procedures, data integrity, and
privacy
Ans
Although there are several asymmetric-key cryptosystems, one of the common publickey
algorithms is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman).
RSA uses two exponents, e and d, where e is public and d is private. Suppose P is the plaintext and
e
C is the ciphertext. Alice uses C=P mod n to create cipher text C from plaintext P; Bob uses P=C
mod n to retrieve the plaintext sent by Alice. The modulus n, a very large number, is created
during the key generation process.
Procedure
Figure 2 shows the general idea behind the procedure used in RSA. Bob chooses two large
numbers, p and q, and calculates n=p*q and =(p-1)*(q-1). Bob then selects e and d such that
(e*d) mod *1. Bob advertises e and n to the community as the public key; Bob keeps d as the
private key. Anyone, including Alice, can encrypt a message and send the cipher text to Bob, using
C= (Pe) mod n; only Bob can decrypt the message, using P= (Cd) mod n. An intruder such as Eve
cannot decrypt the message if p and q are very large numbers (she does not know d).
Example :
For the sake of demonstration, let Bob choose 7 and 11 as p and q and calculate n=7*11=77.
The value of (n) (7 1)(11 -1), or 60. If he chooses e to be 13, then d is 37. Note that e d
mod 60 1.
Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to
encrypt 5. This system is not safe because p and q are small.
Ans
Electronic Mail:
Electronic mail (or e-mail) allows users to exchange messages. The nature of this application,
however, is different from other applications discussed so far. In an application such as HTTP or
FTP, the server program is running all the time, waiting for a request from a client. When the
request arrives, the server provides the service. There is a request and there is a response. In the
case of electronic mail, the situation is different. First, e-mail is considered a one-way transaction.
When Alice sends an email to Bob, she may expect a response, but this is not a mandate. Bob may
or may not respond. If he does respond, it is another one-way transaction .
Architecture
To explain the architecture of e-mail, we give a common scenario, as shown in Figure 26.12.
Another possibility is the case in which Alice or Bob is directly connected tothe corresponding
mail server, in which LAN or WAN connection is not required, but this variation in the scenario
does not affect our discussion. In the common scenario, the sender and the receiver of the e-mail,
Alice and Bob respectively, are connected via a LAN or a WAN to two mail servers. The
administrator has created one mailbox for each user where the received messages are stored. A
mailbox is part of a server hard drive, a special file with permission restrictions. Only the owner of
the mailbox has access to it. The administrator has also created a queue (spool) to store messages
waiting to be sent.
A simple e-mail from Alice to Bob takes nine different steps, as shown in the figure.
Alice and Bob use three different agents: a user agent (UA), a message transfer agent (MTA),
and a message access agent (MAA). When Alice needs to send a message to
Ans
Substitution Ciphers
A substitution cipher replaces one symbol with another. If the symbols in the plaintext are
alphabetic characters, we replace one character with another. For example, we can replace letter A
with letter D and letter T with letter Z. If the symbols are digits (0 to 9), we can replace 3 with 7
and 2 with 6. Substitution ciphers can be categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.
Monoalphabetic Ciphers In a monoalphabetic cipher, a character (or a symbol) in the plaintext
is always changed to the same character (or symbol) in the ciphertext regardless of its position in
the text. For example, if the algorithm says that letter A in the plaintext is changed to letter D,
every letter A is changed to letter D. In other words, the relationship between letters in the
plaintext and the ciphertext is one-to-one. The simplest monoalphabetic cipher is the additive
cipher (or shift cipher). Assume that the plaintext consists of lowercase letters (a to z), and that
the ciphertext consists of uppercase letters (A to Z). To be able to apply mathematical operations
on the plaintext and ciphertext, we assign numerical values to each letter (lowercase or
uppercase), as shown in Figure 31.4.
The result is WTAAD. Note that the cipher is monoalphabetic because two instances of the
same plaintext character (l) are encrypted as the same character (A).
Example 31.2
Use the additive cipher with key 15 to decrypt the message WTAAD.
Solution
We apply the decryption algorithm to the plaintext character by character:
The result is hello. Note that the operation is in modulo 26, which means that we need to add 26
to a negative result (for example 15 becomes 11). Additive ciphers are vulnerable to attacks
using exhaustive key searches (bruteforce attacks). The key domain of the additive cipher is very
small; there are only 26 keys. However, one of the keys, zero, is useless (the ciphertext is the same
as the plaintext). This leaves only 25 possible keys. Eve can easily launch a brute-force attack on
the ciphertext.
6
Ans
different substitute. The relationship of a character in the plaintext to a character in the ciphertext
is one-to-many. For example, a could be enciphered as D at the beginning of the text, but as
N in the middle. Polyalphabetic ciphers have the advantage of hiding the letter frequency of the
underlying language. Eve cannot use single-letter frequency statistics to break the ciphertext.
What is the purpose of FTP? What are the FTP transmission modes?
File Transfer Protocol (FTP) is the standard protocol provided by TCP/IP for copying a file from
one host to another. Although transferring files from one system to another seems simple and
straightforward, some problems must be dealt with first. For example, two systems may use
different file name conventions. Two systems may have different ways to represent data. Two
systems may have different directory structures. All of these problems have been solved by FTP in
a very simple and elegant approach. Although we can transfer files using HTTP, FTP is a better
choice to transfer large files or to transfer files using different formats. Figure 7: shows the
Figure 7: FTP
7
Ans
basic model of FTP. The client has three components: the user interface, the client control process,
and the client data transfer process. The server has two components: the server control process and
the server data transfer process. The control connection is made between the control processes.
The data connection is made between the data transfer processes. Separation of commands and
data transfer makes FTP more efficient. The control connection uses very simple rules of
communication. We need to transfer only a line of command or a line of response at a time. The
data connection, on the other hand, needs more complex rules due to the variety of data types
transferred.
Transmission Mode
FTP can transfer a file across the data connection using one of the following three transmission
modes: stream mode, block mode, or compressed mode. The stream mode is the default mode;
data are delivered from FTP to TCP as a continuous stream of bytes. In the block mode, data can
be delivered from FTP to TCP in blocks. In this case, each block is preceded by a 3-byte header.
The first byte is called the block descriptor; the next two bytes define the size of the block in
bytes.
Write short note on WWW and internet.
World Wide Web
The Web today is a repository of information in which the documents, called web pages, are
distributed all over the world and related documents are linked together. The popularity and
growth of the Web can be related to two terms in the above statement:
distributed and linked. Distribution allows the growth of the Web. Each web server in the world
can add a new web page to the repository and announce it to all Internet users without overloading
a few servers. Linking allows one web page to refer to another web page stored in another server
somewhere else in the world. The linking of web pages was achieved using a concept called
hypertext, which was introduced many years before the advent of the Internet. The idea was to use
a machine that automatically retrieved another document stored in the system when a link to it
appeared in the document. The Web implemented this idea electronically to allow the linked
document to be retrieved when the link was clicked by the user. Today, the term hypertext, coined
to mean linked text documents, has been changed to hypermedia, to show that a web page can be
a text document, an image, an audio file, or a video file.
Architecture
The WWW today is a distributed client-server service, in which a client using a browser can
access a service using a server. However, the service provided is distributed over many locations
called sites. Each site holds one or more web pages. Each web page, however, can contain some
links to other web pages in the same or other sites. In other words, a web page can be simple or
composite. A simple web page has no links to other web pages; a composite web page has one or
more links to other web pages. Each web page is a file with a name and address.
Ans
Asymmetric-Key Ciphers
Asymmetric key cryptography uses two separate keys: one private and one public. If encryption
and decryption are thought of as locking and unlocking padlocks with keys, then the padlock that
is locked with a public key can be unlocked only with the corresponding private key. Figure 31.13
shows that if Alice locks the padlock with Bobs public key, then only Bobs private key can
unlock it.
secret key instead of private key, we use the term secret key only for symmetric-key cryptography
and the terms private key and public key for asymmetrickey cryptography. We even use different
symbols to show the three keys. In other words, we want to show that a secret key is not
interchangeable with a private key; there are two different types of secrets.
Asymmetric-key ciphers are sometimes called public-key ciphers.
General Idea
Figure 31.14 shows the general idea of asymmetric-key cryptography as used for encipherment.
Ans
FIREWALLS
All previous security measures cannot prevent Eve from sending a harmful message to a system.
To control access to a system we need firewalls. A firewall is a device (usually a router or a
computer) installed between the internal network of an organization and the rest of the Internet. It
is designed to forward some packets and filter (not forward) others. Figure 11 shows a firewall.
For example, a firewall may filter all incoming packets destined for a specific host or a specific
server such as HTTP. A firewall can be used to deny access to a specific host or a specific service
in the organization. A firewall is usually classified as a packet-filter firewall or a proxy-based
firewall.
Packet-Filter Firewall
A firewall can be used as a packet filter. It can forward or block packets based on the information
in the network-layer and transport-layer headers: source and destination IP addresses, source and
destination port addresses, and type of protocol (TCP or UDP). A packet-filter firewall is a router
that uses a filtering table to decide which packets must be discarded (not forwarded). Figure 11
shows an example of a filtering table for this kind of a firewall.
10
Ans
a message to a DNS server with a query that gives the file transfer server name using the known
IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file transfer server.