Chapter 1

2) Let us assume that a person A wants to send a check worth $100 to another person B.
Normally, what are the factors that A and B will think of, in such a case? A will write the
check for $100, put it inside an envelope, and send it to B.

9 A will like to ensure that no one except B gets the envelope, and even if someone
else gets it, she does not come to know about the details of the check. This is the
principle of confidentiality.

9 A and B will further like to make sure that no one can tamper with the contents of
the check (such as its amount, date, signature, name of the payee, etc.). This is the
principle of integrity.

9 B would like to be assured that the check has indeed come from A, and not from
someone else posing as A (as it could be a fake check in that case). This is the
principle of authentication.

9 What will happen tomorrow if B deposits the check in her account, the money is
transferred from A’s account to B’s account, and then A refuses having written/sent
the check? The court of law will use A’s signature to disallow A to refute this claim,
and settle the dispute. This is the principle of non-repudiation.

These are the main principles of security. In addition, the principles of access control and
availability are also considered many times.

3) Confidentiality helps achieve secure communication between two or more parties. It

facilitates the communicating parties to keep a message secret. This is required many times
in real-life communications. Hence, it is important.

4) Authentication helps identify an individual or an organization. This characteristic helps the

other party to trust that individual. It builds confidence level between the two parties.

5) Signing the appropriate piece of paper helps ensure message integrity in real life.

6) Repudiation is refusing a particular action. Paper-based signatures can help prevent/detect

repudiation claims in real life.

7) Access control specifies what privileges a user has. It is different from availability in the
sense that the former pertains to an individual user, and with the assumption that the
underlying system is up and running. Availability, on the other hand, ensures that a system
as a whole is available to all allowed users, and does not deal with what access rights an
individual has to the various sub-systems.

8) In passive attacks, an attacker does not modify the contents of a message, but is simply
interested in viewing the contents of the message. In contrast, an active attack involves
transformation of the message contents. Hence the names passive and active attacks for the
two.

9) Watching the contents of an email message when not authorized to do so is an example of

passive attacks.

10) Interruption attacks are called as masquerade attacks. Masquerade is caused when an
unauthorized entity pretends to be another entity. User C might pose as user A and send a
1
message to user B. User B might be led to believe that the message indeed came from user
A.

11) In replay attacks, the attacker repeats a message that was already sent by an authorized
user. For instance, if an authorized user A sends a Funds Transfer message to its bank B,
attacker C can watch this, and send another Funds Transfer message to B, posing as A.

12) In denial of service, the attacker prevents authorized users from accessing the
services/facilities that they are entitled for.

13) A worm is a self-propagating piece of software that consumes resources. Worms to not
alter system contents, viruses do.

17) A Trojan horse is a hidden piece of code, like a virus. However, the purpose of a Trojan
horse is different. Whereas the main purpose of a virus is to make some sort of modifications
to the target computer or network, a Trojan horse attempts to reveal confidential information
to an attacker.

18) Java applets are small pieces of software code, that are embedded inside HTML pages,
and which get executed on the client side.

19) Like Java applets, ActiveX controls are small pieces of software code, that are embedded
inside HTML pages, and which get executed on the client side. However, Java applets do not
have the privileges of reading from/writing to the user’s disk, but ActiveX controls have. Also,
applets get downloaded every time the page is accessed. On the other hand, ActiveX controls
are downloaded only once and then they remain on the client PC.

Chapter 2

1) Any communication in the language that you and I speak – that is the human language,
takes the form of plain text or clear text. That is, a message in plain text can be
understood by anybody knowing the language as long as the message is not codified in
any manner. In contrast, a cipher text message is not understandable. A plain text
message is converted into cipher text to hide its meaning. The following example shows
the difference.

Hi Amit, Kl Dplw,

Hope you are doing fine. How about Krsh brx duh grlqj ilqh. Krz derxw
meeting at the train station this Friday at 5 phhwlqj dw wkh wudlq vwdwlrq wklv
pm? Please let me know if it is ok with Iulgdb dw 5 sp? Sohdvh ohw ph nqrz li
you. lw lv rn zlwk brx.

Regards. Uhjdugv.

Plain text message Corresponding cipher text

2
2) Plain text can be transformed into cipher text using the substitution technique or
transposition technique.

3) In substitution cipher, one or more characters are replaced with one or more other
characters. On the other hand, in transposition cipher, the plain text is rearranged in
some other fashion to change it to cipher text.

4) In Caesar cipher, each alphabet is replaced by an alphabet, which is three places down.
Thus, each A will be replaced with D, each B with E, and so on.

6) Caesar cipher can be cracked by trying the various combinations of substitution (i.e.
trying the various replacement techniques, from A to Z).

7) In mono-alphabetic cipher, each character is replaced with a character n places down the
line, where n is not fixed. However, in contrast, in the case of Caesar cipher, n is always
3.

8) Since mono-alphabetic cipher has an unpredictable character replacing algorithm, it is not

easy to crack.

9) The Homophonic Substitution Cipher is very similar to Mono-alphabetic Cipher. Like

a plain substitution cipher technique, we replace one alphabet with another in this
scheme. However, the difference between the two techniques is that whereas the
replacement alphabet set in case of the simple substitution techniques is fixed (e.g.
replace A with D, B with E, etc.), in the case of Homophonic Substitution Cipher, one
plain text alphabet can map to more than one cipher text alphabet. For instance, A can
be replaced by D, H, P, R; B can be replaced by E, I, Q, S, etc.

14) In Polygram Substitution Cipher technique, rather than replacing one plain text
alphabet with one cipher text alphabet at a time, a block of alphabets is replaced with
another block. For instance, HELLO could be replaced by YUQQW, but HELL could be
replaced by a totally different cipher text block TEUI

To improve the basic Simple Columnar Transposition Technique, we can introduce more
complexity. The idea is to use the same basic procedure as used by the Simple Columnar
Transposition Technique, but do it more than once. That adds considerably more complexity
for the cryptanalyst.

The basic algorithm used in this technique is shown belwo.

1. Write the plain text message row-by-row in a rectangle of a pre-defined size.

2. Read the message column-by-column. However, it need not be in the order of
columns 1, 2, 3 etc. It can be any random order such as 2, 3, 1, etc.
3. The message thus obtained is the cipher text message of round 1.
4. Repeat steps 1 to 3 as many times as desired.

15) The Vernam Cipher, also called as One-Time Pad, is implemented using a random set
of non-repeating characters as the input cipher text. The most significant point here is
that once an input cipher text for transposition is used, it is never used again for any
other message (hence the name one-time).

3
16) The idea used in Book Cipher, also called as Running Key Cipher is quite simple, and
is similar in principle to the Vernam Cipher. For producing cipher text, some portion of
text from a book is used, which serves the purpose of a one-time pad.

17) In technical terms, the process of encoding plain text messages into cipher text messages
is called as encryption. Figure below illustrates the idea.

Hello Ifmmp Kpio

John

Plain text Encrypt Cipher

The reverse process of transforming cipher text messages back to plain text messages is
called as decryption.

Ifmmp Kpio Hello

John

Cipher Decrypt Plain text

18) In symmetric key cryptography, the same key is used for encryption and decryption. In
contrast, in asymmetric key cryptography, each party has a key pair: one key is used for
encryption, and the other corresponding key must only be used for decryption.

Chapter 3

1) In Stream Ciphers, the plain text is encrypted one bit at a time. In Block Ciphers,
rather than encrypting one bit at a time, a block of bits is encrypted at one go.
Suppose we have a plain text FOUR_AND_FOUR that needs to be encrypted. Using
block cipher, FOUR could be encrypted first, followed by _AND_ and finally FOUR.
Thus, one block of characters gets encrypted at a time.

2) An algorithm mode is a combination of a series of the basic algorithm steps on block

cipher, and some kind of feedback from the previous step. This is essential in order
to make the algorithm difficult to crack, and the resulting cipher text unpredictable
(i.e. hard to guess).

3) Merkle and Hellman introduced the concept of the meet-in-the-middle attack. This
attack involves encryption from one end, decryption from the other, and matching
the results in the middle, hence the name meet-in-the-middle attack. This attack can
crack cipher text generated by Double DES. In this approach, the attacker encrypts
the plain text message from one end with all possible keys, generates its table and
4
 then decrypts the cipher text from the other end with each possible key, matching
the plain text with each row in the table generated earlier. If the attacker finds a
match, she knows that the key used for encryption is found, and therefore, can try
and crack other cipher text messages generated with this key.

4) Triple DES with three keys is highly secure. It can be denoted in the form of equation as C
= EK3(EK2(EK1(P))). However, Triple DES with three keys also has the drawback of requiring 56
x 3 = 168 bits for the key, which can be slightly difficult to have in practical situations. A
workaround suggested by Tuchman uses just two keys for Triple DES. Here, the algorithm
works as follows:

1. Encrypt the plain text with key K1. Thus, we have EK1(P).
2. Decrypt the output of step 1 above with key K2. Thus, we have DK2(EK1(P)).
3. Finally, encrypt the output of step 2 again with key K1. Thus, we have
EK1(DK2(EK1(P))).

This is shown below.

5
 Original Cipher Text Final Cipher
Encrypt Text
Plain Text 1

Cipher Text
Decrypt 2 Encrypt
K1

K2 K1

5) In 1990, Eli Biham and Adi Shamir introduced the concept of differential cryptanalysis.
This method looks at pairs of cipher text whose plain texts have particular differences. The
technique analyses the progress of these differences as the plain texts travel through the
various rounds of DES. The idea is to choose pairs of plain text with fixed differences. The
two plain texts can be chosen at random, as long as they satisfy specific difference conditions
(which can be as simple as XOR). Then, using the differences in he resulting cipher texts,
assign different likelihood to different keys. As more and more cipher text pairs are analysed,
the correct key emerges.

Invented by Mitsuru Matsui, the linear cryptanalysis attack is based on linear

approximations. If we XOR some plain text bits together, XOR some cipher text bits together
and then XOR the result, we will get a single bit, which is the XOR of some of the key bits.

Chapter 4

1) In the mid-1970s, Whitfield Diffie, a student at the Stanford University met with Martin
Hellman, his professor, and the two began to think about the problem of key exchange. After
some research and complicated mathematical analysis, they came up with the idea of
asymmetric key cryptography. Many experts believe that this development is the first – and
perhaps the only – truly revolutionary concept in the history of cryptography. Diffie and
Hellman can, therefore, be regarded as the fathers of asymmetric key cryptography.

However, there is a lot of debate regarding who should get the credit for asymmetric key
cryptography. It is believed that James Ellis of the British Communications Electronic Security
Group (CSEG) proposed the idea of asymmetric key cryptography in the 1960s. His ideas
were based on an anonymous paper written at the Bell Labs during the Second World War.
However, Ellis could not devise a practical algorithm based on his ideas. He then met with
Clifford Cocks, who joined the CSEG in 1973. After a short discussion between Ellis and
Cocks, Cocks came up with a practical algorithm that could work! Next year, Malcolm
Williamson, another employee at the CSEG developed an asymmetric key cryptographic
algorithm. However, since the CSEG was a secret agency, these findings were never
published, and therefore, it is believed that these people never got the credit that they
deserved.

Simultaneously, the US National Security Agency (NSA) was also working on asymmetric key
cryptography. It is believed that the NSA system based on the asymmetric key cryptography
was operational in the mid 1970s.

6
Based on the theoretical framework of Diffie and Hellman, in 1977, Ron Rivest, Adi Shamir
and Len Adleman at MIT developed the first major asymmetric key cryptography system, and
published their results in 1978. This method is called as RSA algorithm. The name RSA
comes from the first letters of the surnames of the three researchers. Actually, Rivest was
working as a professor at the MIT. He had recruited Shamir and Adleman to work on the
concept of asymmetric key cryptography.

2) If A wants to send a message securely to B, A would encrypt the message with B’s public
key, and send it to B. Since only B’s private key can decrypt this message, only B would be
able to do so. This will protect the contents of the message.
3) It might appear that in RSA, anyone (say an attacker) knowing about the public key E and
the number N could find the private key D by trial and error. What does the attacker need to
do? The attacker needs to first find out the values of P and Q using N (because we know that
N = P x Q). Suppose that in our example, P and Q are quite small numbers (7 and 17,
respectively). Therefore, it is quite easy to find out P and Q, given N. However, in the actual
practice, P and Q are chosen as very large numbers. Therefore, factoring N to find P and Q is
not at all easy. It is quite complex and time-consuming. Since the attacker cannot find out P
and Q, she cannot proceed further to find out D, because D depends on P, Q and E.
Consequently, even if the attacker knows N and E, she cannot find D, and therefore, cannot
decrypt the cipher text.

Mathematical research suggests that it would take more than 70 years to find P and Q if N is
a 100-digit number! This is the crux of RSA.

4) The following table summarizes the advantages and disadvantages of symmetric and
asymmetric key cryptography.

Characteristic Symmetric Key Asymmetric Key

Cryptography
Key used for encryption / Same key is used for
decryption encryption and decryption
Speed of encryption / Very fast
decryption
Size of resulting encrypted Usually same as or less than
text the original clear text size
Key agreement / exchange A big problem
Number of keys required as Equals about the square of the
compared to the number of number of participants, so
participants in the message scalability is an issue
exchange
Usage Mainly for encryption and
decryption (confidentiality),
cannot be used for digital
signatures (integrity and non-
repudiation checks)
Cryptography
One key used for encryption
and another, different key is
used for decryption
Slower
More than the original clear
text size
No problem at all
Same as the number of
participants, so scales up quite
well
Can be used for encryption
and decryption
(confidentiality) as well as for
digital signatures (integrity
and non-repudiation checks)

5) Asymmetric key encryption can be expensive and time-consuming. Therefore, the

trick is to encrypt the original message with a one-time symmetric key, and then
encrypt that key with the recipient’s public key. This is called as key wrapping, and is
much faster than encrypting the original plain text message with the recipient’s public
key.

7
 6) The key requirements of a message digest are:

• Given a message, it should be very easy to find its corresponding message

digest.
• Given a message digest, it should be very difficult to find the original message for
which the digest was created.
• Given any two messages, if we calculate their message digests, the two message
digests must be different.

7) SHA produces 160-bit message digests, in comparison with the 128-bit message
digests produced by MD5. Thus, cracking SHA requires 2160 operations as compared
to 2128 for MD5. Hence, it is more secure.

8) In a simple message digest, there is no encryption, and therefore, no need for a key.
In contrast, in the case of a MAC, encryption using key is needed.

9) The fact that the sender encrypts the original message digest with its private key
makes it significant.

10) Suppose A sends her public key to B over the Internet. An attacker C could trap this
message, replace A’s key with its own, and send this altered message forward to B. B
would assume that the message came from A, and that the key belongs to A, and
use that key. This should not happen.

Chapter 5

1) A important details of a digital certificate are the subject name, its public key,
start and end dates of the validity of the certificate, and the CA’s identification
and signature.

2) A CA is responsible for setting up the infrastructure for registering users and after
credential checks, issuing them digital certificates. A RA helps the CA in its task,
and acts like an associate. Since the CA can be too tied up with a number of
activities, it can subcontract some of its activities to a RA. The RA commonly
provides the following services:

• Accepting and verifying registration information about new users

• Generating keys on behalf of the end users
• Accepting and authorizing requests for key backups and recovery
• Accepting and authorizing the requests for certificate revocation

3) The important steps in the creation of a digital certificate are: key generation,
registration, user verification and certificate issuance.

4) The RA can ask the user to sign the certificate request with her private key to
ensure that she really possesses the private key corresponding to the public key
certificate.

5) CA hierarchy allows decentralized control and certificate management. In its

absence, there would be a great load on a single CA, who would find it very
difficult to cater to so many users simultaneously. This works on the concept of
delegation in any good organization.

8
 6) Since the trust of chain has to end somewhere, a CA signs its own certificate.
The browser automatically trusts this self-signed certificate. In the absence of
such a certificate, there would be no end to the problem of establishing the chain
of trust hierarchy, and it would become endless.

7) Cross-certification allows users in different domains/countries/regions to trust

each other, based on the cross-trust established between their respective CAs. If
there is no cross-certification, there is no direct mechanism for the two CAs to
trust each other, and therefore, for the users under these CAs to trust each
other.

8) Some common causes for revoking a certificate are:

• The holder of the digital certificate reports that the private key corresponding
to the public key specified in the digital certificate is compromised (i.e.
someone has stolen it).

• The CA realizes that it had made some mistake while issuing a certificate.

• The certificate holder leaves a job, and the certificate was issued specifically
while the person was employed in that job.

9) CRL is an offline check. So, one is not sure if the certificate is valid at this point in
time. OCSP is an online, up-to-date check. But it does not provide any additional
information, e.g. whether the chain of certificates can be trusted. SCVP is also
online, but provides these additional checks unlike OCSP.

10) A user’s private key can be protected by using mechanisms, such as

passwords/PINs, or by storing the key inside a hardware device/token such as a
smart card.

11) Password Based Encryption (PBE) can be used to protect the keys used in
cryptographic operations. Here, the data to be encrypted with a key, as usual.
This key is encrypted with another key. The outer key can be retrieved by using
three inputs, namely the password, the salt and the iteration count. The salt and
the iteration count make the dictionary attacks on the key infeasible.

12) XML security is devised to come over the incompatibility issues in PKI, as well as
because XML is a world wide standard for information exchange, anyway. XML
security aspects on the application side relate mainly to XML encryption and XML
digital signatures. The main difference between a normal encryption/signature
process, versus an XML encryption/signature process is that whereas the former
always applies to a complete document, the latter can be used for specific
portions of a document, or to the complete document as a whole. Other
protocols in XML security provide for public/private key creation, exchange,
storage and retrieval.

Chapter 6

1) If SSL has to encrypt all the headers, it must be positioned below the data link layer.
That would serve no purpose at all. In fact, it would lead to problems. If SSL
encrypted all the lower layer headers, even the IP and physical addresses of the
computers (sender, receiver, and intermediate nodes) would be encrypted, and
become unreadable. Thus, where to deliver the packets would be a big question. To
9
 understand the problem, imagine what would happen if we put the address of the
sender and the receiver of a letter inside the envelope! Clearly, the postal service
would not know where to send the letter! This is also why there is no point in
encrypting the lower layer headers. Therefore, SSL is required between the
application and the transport layers.

2) In SSL, when either the client or the server detects an error, the detecting party
sends an alert message to the other party. If the error is fatal, both the parties
immediately close the SSL connection (which means that the transmission from both
the ends is terminated immediately). Both the parties also destroy the session
identifiers, secrets and keys associated with this connection before it is terminated.
Other errors, which are not so severe, do not result in the termination of the
connection. Instead, the parties handle the error and continue.

3) SHTTP applies to individual messages. In contrast, SSL applies to a whole session. In

other words, SSL encrypts a link or connection between a client and a server, unlike
SHTTP.

4) The Time Stamping Protocol (TSP) provides proof that a certain piece of data
existed at a particular time. This PKI service is provided by an authority called as
Time Stamping Authority (TSA).

Digital signatures provided via the use of PKI can lead to disputes, if the signer of an
important document (e.g. a funds transfer order) later wants to repudiate her digital
signature. She can dishonestly claim later that her private key was compromised, and
that it should be revoked. In such situations, it may be difficult to prove whether the
document was signed before the signer reported the key compromise or not. Using
the time stamping technique, we can ascertain whether an electronic document was
created or signed at or before a particular date and time. This can have serious legal
implications, now that digital signatures are almost as good as pen-and-paper
signatures. The TSA acts like a trusted third-party notary in this scheme.

5) Following parties are the key participants in SET.

• Cardholder: Using the Internet, consumers and corporate purchasers interact with
merchants for buying goods and services. A cardholder is an authorized holder of a
payment card such as MasterCard or Visa that has been issued by an Issuer.

• Merchant: A merchant is a person or an organization that wants to sell goods or

services to cardholders. A merchant must have a relationship with an Acquirer for
accepting payments on the Internet.

• Issuer: The issuer is a financial institution (such as a bank) that provides a payment
card to a cardholder. The most critical point is that the issuer is the ultimately
responsible for the payment of the cardholder’s debt.

• Acquirer: This is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. The reason for having
acquirers is that merchants accept credit cards of more than one brand, but are not
interested in dealing with so many bankcard organizations or issuers. Instead, an
acquirer provides the merchant an assurance (with the help of the issuer) that a
particular cardholder account is active and that the purchase amount does not
exceed the credit limits, etc. The acquirer also provides electronic funds transfer to

10
 the merchant account. Later, the issuer reimburses the acquirer using some payment
network.

• Payment Gateway: This is a task can be taken up by the acquirer or it can be

taken up by an organization as a dedicated function. The payment gateway
processes the payment messages on behalf of the merchant. Specifically in SET, the
payment gateway acts as an interface between SET and the existing card payment
networks for payment authorizations. The merchant exchanges SET messages with
the payment gateway over the Internet. The payment gateway, in turn, connects to
the acquirer’s systems using a dedicated network line in most cases.

• Certification Authority (CA): This is an authority that is trusted to provide public

key certificates to cardholders, merchants and payment gateways. In fact, CAs are
very crucial to the success of SET.

6) SET uses the concept of digital envelopes to protect the cardholder’s payment
information from the merchant. For this, the SET software on the cardholder’s PC
encrypts the payment information with an auto-generated one-time symmetric key. It
then encrypts this one-time symmetric key with the payment gateway’s public key.
This means that only the payment gateway can obtain the one-time symmetric key
using its private key, and therefore, access the payment information. The merchant
does not have access to the payment gateway’s private key, and therefore, it cannot
access the payment information.

7) The main steps in a typical SET transaction are as follows:

1. The customer opens an account – The customer opens a credit card account
(such as MasterCard or Visa) with a bank (issuer) that supports electronic
payment mechanisms and the SET protocol.

2. The customer receives a certificate – After the customer’s identity is verified

(with the help of details such as passport, business documents etc.), the
customer receives a digital certificate from a CA. The certificate also contains
details such as the customer’s public key and its expiration date.

3. The merchant receives a certificate – A merchant that wants to accept a

certain brand of credit cards must possess a digital certificate.

4. The customer places an order – This is a typical shopping cart process

wherein the customer browses the list of items available, searches for specific
items, selects one or more of them, and places the order. The merchant, in turn,
sends back details such as the list of items selected, their quantities, prices, total
bill etc. back to the customer for his record, with the help of an order form.

5. The merchant is verified – The merchant also sends its digital certificate to
the customer. This assures the customer that he is dealing with a valid merchant.

6. The order and payment details are sent – The customer sends both the
order and payment details to the merchant along with the customer’s digital
certificate. The order confirms the purchase transaction with reference to the
items mentioned in the order form. The payment contains credit card details.
However, the payment information is so encrypted that the merchant cannot
read it. The customer’s certificate assures the merchant of the customer’s
identity.
11
 7. The merchant requests payment authorization – The merchant forwards
the payment details sent by the customer to the payment gateway via the
acquirer (or to the acquirer if the acquirer also acts as the payment gateway) and
requests the payment gateway to authorize the payment (i.e. ensure that the
credit card is valid and that the credit limits are not breached).

8. The payment gateway authorizes the payment – Using the credit card
information received from the merchant, the payment gateway verifies the details
of the customer’s credit card with the help of the issuer, and either authorizes or
rejects the payment.

9. The merchant confirms the order – Assuming that the payment gateway
authorizes the payment, the merchant sends a confirmation of the order to the
customer.

10. The merchant provides goods or services – The merchant now ships the
goods or provides the services as per the customer’s order.

11. The merchant requests payment - The payment gateway receives a request
from the merchant for making the payment. The payment gateway interacts with
the various financial institutions such as the issuer, acquirer and the clearing
house to effect the payment from the customer’s account to the merchant’s
account.

8) The main difference between SET and 3-D Secure is that any cardholder who wishes
to participate in a payment transaction involving the usage of the 3-D Secure protocol
has to enroll on the issuer bank’s Enrollment Server. That is, before a cardholder
makes a card payment, she must enroll with the issuer bank’s Enrollment server. At
the time of an actual 3-D Secure transaction, when the merchant receives a payment
instruction from the cardholder, the merchant forwards this request to the issuer
bank through the Visa network. The issuer bank requires the cardholder to provide
the user id and password that were created at the time of user enrollment process.
The cardholder provides these details, which the issuer bank verifies against its 3-D
Secure enrolled users database (against the stored card number). Only after the user
is authenticated successfully that the issuer bank informs the merchant that it can
accept the card payment instruction. The rest of the process is pretty similar to SET.

9) Electronic money is money in the form of computer files. A user can instruct its bank
to transfer real money from its bank account to the electronic form. The bank sends
the electronic money to the user in the form of computer files, and debits the user’s
bank account with an amount equal to the electronic money. The user is free to
spend this money, just like real cash, to pay for online purchases over the Internet.

10) In anonymous offline electronic money, the bank is not actively involved in the
transaction. Secondly, this type of electronic money cannot be traced back to its
original form. Therefore, there is a good chance of fraud. In the double spending
problem, a customer could arrange for anonymous electronic money by using the
blinded money concept. Later on, he could spend it offline more than once in quick
succession (say in the same hour) with two different merchants. Since the bank is
not involved in any of the two online transactions, the fact that the same piece of
money is being spent cannot be prevented. Moreover, when it is realized that the
same piece of money is spent more than once (when both merchants send their daily
transaction lists to the bank), the bank cannot determine which customer spent it
12
 more than once, because of the blinding factor (recall our discussion of anonymous
electronic money).

11) The broad level steps in PEM are:

a. Canonical conversion
b. Digital signature
c. Encryption
d. Base-64 encoding

The broad-level steps in PGP are:

a. Digital signature
b. Compression
c. Encryption
d. Enveloping
e. Base-64 encoding

12) In WAP, the conversion between WTLS and SSL is a major point for debate. This is
because; the WAP gateway first converts WTLS text into plain text and then applies SSL
(or vice versa). Therefore, it has access to the non-encrypted message in its original
form! The WAP gateway performs this conversion in its memory and never stores any
portions of it on its disk. Clearly, if it stores it on its disk, it can be a major cause for
worry. However, even the fact that it performs this conversion in its memory has made
many people quite unhappy about the amount of security thus provided. They feel that
even a momentary lapse here could cause havoc.

Chapter 7

1) Clear-text passwords have two problems associated with them: (a) The user
database contains passwords in clear text; and (b) The password travels in clear
text from the user’s computer to the server, over the transmission network.
Therefore, an attacker has the opportunity of getting hold of the password at two
places.

2) The improvement over clear text passwords is to use something derived from the
passwords. This is usually in the form of the message digests of the passwords.
However, the problem with this scheme is that even if the attacker does not
know the original password, there is no problem for the attacker, as she can
simply try and obtain and then use the message digest of the password, posing
as the user. This is called as replay attack.

3) For using something derived from the password, in place of the password, a
message digest of the password is created and stored in the server’s user
database. When a user has to be authenticated, the client computer accepts the
password from the user, computes the message digest of the password, and
sends it to the server for verification. The server compares this received message
digest of the password with the one it had earlier stored in the user database,
and if the two match, authenticates the user as successful. The drawback of this
mechanism is the possibility of replay attacks, wherein an attacker can try to get
hold of the message digest of a user’s password, and use it to log on, in an
attack called as replay attack.

13
4) To add randomness to the mechanism of something derived from the password,
the server can create a random challenge, and send it to the user. The user’s
computer accepts the password from the user, calculates its message digest, and
uses that message digest to encrypt the random challenge. This encrypted
message digest is then sent to the server for verification. On the server side, this
encrypted random challenge is decrypted back to the original random challenge,
and compared with the version that the server has. If the two match, the user is
considered as authentic.

5) Since an authentication token is protected by a password/PIN, an unauthorized

user may not be able to access it.

6) The main factors of a three-factor authentication are:

i. Who you are

ii. What you have
iii. What you know

7) In time-based tokens, the server need not send any random challenge to the
user. The token need not have a keypad for entry. The theory behind this is the
usage of time as the variable input to the authentication process, in place of the
random challenge.

8) To prevent the misuse of someone else’s certificate in certificate-based

authentication, we can mandate that to access the private key file of the user,
the user must enter the password that protects the private file. This way, it can
ensure that only the correct user can access the private key, and prevent any
misuse of the same.

9) Smart cards have small amounts of memory and processing power. Furthermore,
the data transfer between a PC and a smart card is quite slow. Therefore, if a
smart card has to perform cryptographic operations on large amounts of data,
the process would be quite slow.

10) The problems with smart cards are as follows.

Smart card readers are not yet a part of a desktop

computer, unlike a hard disk drive or a floppy disk
drive
Non-availability of smart card reader driver software
Non availability of smart card aware cryptographic
services software
Cost of smart cards and card readers is high

11) The important idea in biometrics is that the sample produced during every
authentication process can vary slightly. This is because the physical
characteristics of the user may change for a number of reasons. For instance,
suppose the finger print of the user is captured and used for authentication every
time. The sample taken every authentication may not be the same, because the
finger can be dirty, can have cuts, other marks or the finger’s position on the
reader can be different, and so on. Therefore, an exact match of the sample
need not be required. An approximate match can be acceptable. Thus, during the

14
 user registration process, many such samples are taken, and their average is
stored in the user database.

12) An organization typically has many resources, networks and applications that
have their own authentication mechanisms. However, for a single user to
authenticate so many times is cumbersome and not friendly. Hence, the
mechanism of Single Sign On (SSO) allows a user to authenticate only once, and
then use these authentication credentials for other applications/resources. Thus,
a user logs on only once, and internally, the SSO server maps this log on to all
the other applications/resources that the user has the privelege to access.

Chapter 8

1) Java Cryptography Architecture (JCA) is a set of classes that provide cryptographic

capabilities to Java programs. Most significantly, JCA is a part of the default Java application
development environment, i.e. Java Development Kit (JDK) itself. This means that when you
have JDK, you automatically have JCA. JCA was introduced for the first time in JDK version
1.1, and was significantly enhanced in JDK version 1.2 (which is more commonly known as
Java 2).

Java Cryptography Extension (JCE), on the other hand, is not a part of the core Java
JDK per se. Instead, it is an additional piece of software that requires special licensing. The
reason for separating JCE from JCA is the export restrictions imposed by the US government.

2) In order to achieve abstraction, the JCA package consists of a number of classes, called as
engine classes. An engine class is a logical representation of a cryptographic functionality
(such as a message digest or a digital signature). For example, there are many algorithms
available to perform digital signatures, which differ vastly from one another in terms of
implementation. However, at a broad level, all provide the same abstracted functionality of a
digital signature. Therefore, there will be only a single java.security.Signature class in JCA,
which represents all the possible variations of the digital signature algorithms. Another class,
called as provider, does the actual implementation of these algorithms. The provider class
may be supplied by a number of vendors.

3) In order to achieve abstraction, the JCA package consists of a number of

classes, called as engine classes. An engine class is a logical representation
of a cryptographic functionality (such as a message digest or a digital
signature). For example, there are many algorithms available to perform
digital signatures, which differ vastly from one another in terms of
implementation. However, at a broad level, all provide the same abstracted
functionality of a digital signature. Therefore, there will be only a single
java.security.Signature class in JCA, which represents all the possible
variations of the digital signature algorithms.

4) When JCA and JCE were designed, the US government used to put strict
export restrictions on cryptographic software. Since Sun Microsystems is
located in the US, the JCE software developed by them falls in the category.
The reason for the restriction is that the US wanted to be able to prevent
outside terrorist and anti-national elements from using strong cryptography
(e.g. 128-bit encryption) for illegal means. Thus, earlier JCE could be used
only within the US and Canada. However, this stance of the US government
is now changed. Other countries want to be able to freely use this
technology. At the other extreme, some people want the strong
15
 cryptographic technologies to be banned even within the US. As per the
current state of affairs, the US government now allows strong cryptography
to be used outside of the US and Canada. However, this was not the case,
and that is why originally, JCE was separated from JCA.

5) MS-CAPI is likely to become popular because of three reasons: (a) It is free,

(b) It comes bundled with popular software products, such as Internet
Explorer and Windows operating systems, and (c) It is developed and
marketed by Microsoft.

6) The following factors need to be considered while using a cryptographic

toolkit:

• Using toolkits requires both client and server side licenses, which can be
quite expensive (thousands of dollars).

• Also, how do we provide licenses to browser-based clients? After all,

theoretically, any person in the world is a potential browser-based client!
How do we provide licenses to such clients?

• Toolkit-interoperability is also a major issue, because of which the middle

layer is almost mandatory. Developing this middle layer can also be quite
challenging, because of the interoperability issues involved therein.

Chapter 9

1) The two main attacks on corporate networks can be listed as follows.

• Most corporations have large amounts of valuable and confidential data in their
networks. Leaking of this critical information to competitors can be a great
setback.

• Apart from the danger of the insider information leaking out, there is a great
danger of the outside elements (such as viruses and worms) entering a corporate
network to create havoc.

2) The main features of a good firewall design are as follows.

• All traffic from inside to outside, and vice versa, must pass through the firewall.
To achieve this, all the access to the local network must first be physically
blocked, and access only via the firewall should be permitted.

• Only the traffic authorized as per the local security policy should be allowed to
pass through.

• The firewall itself must be strong enough, so as to render attacks on it useless.

3) The most likely attacks on a packet filter can be summarized as follows.

• IP address spoofing: An intruder outside the corporate network can

attempt to send a packet towards the internal corporate network, with the
source IP address set equal to one of the IP addresses of the internal users.

16
 • Source routing attacks: An attacker can specify the route that a packet
should take as it moves along the Internet. The attacker hopes that by
specifying this option, the packet filter can be fooled to bypass its normal
checks. Discarding all packets that use this option can thwart such an attack.

• Tiny fragment attacks: IP packets pass through a variety of physical

networks, such as Ethernet, Token Ring, X.25, Frame Relay, ATM, etc. All
these networks have a pre-defined maximum frame size (called as the
Maximum Transmission Unit or MTU). Many times, the size of the IP packet is
greater than this maximum size allowed by the underlying network. In such
cases, the IP packet needs to be fragmented, so that it can be
accommodated inside the physical frame, and carried further. An attacker
might attempt to use this characteristic of the TCP/IP protocol suite by
intentionally creating fragments of the original IP packet and sending them.
The attacker feels that the packet filter can be fooled, so that after
fragmentation, it checks only the first fragment, and does not check the
remaining fragments.

4) A circuit gateway performs some additional functions as compared to those

performed by an application gateway. A circuit gateway creates a new connection
between itself and the remote host. The user is not aware of this, and thinks that
there is a direct connection between itself and the remote host. Also, the circuit
gateway changes the source IP address in the packets from the end user’s IP address
to its own. This way, the IP addresses of the computers of the internal users are
hidden from the outside world.

5) The disadvantage of the Screened host firewall, Single-homed bastion is that the
internal users are connected to the application gateway, as well as to the packet
filter. Therefore, if the packet filter is somehow successfully attacked and its security
compromised, then the whole internal network is exposed to the attacker.

6) To overcome the drawback of a screened host firewall, single-homed bastion

configuration, another type of configuration, called as Screened host firewall, Dual-
homed bastion, exists. This configuration is an improvement over the earlier scheme.
Here, direct connections between the internal hosts and the packet filter are avoided.
Instead, the packet filter connects only to the application gateway, which, in turn,
has a separate connection with the internal hosts. Therefore, now even if the packet
filter is successfully attacked, only the application gateway is visible to the attacker.

7) The concept of a Demilitarized Zone (DMZ) networks is quite popular in firewall

architectures. Firewalls can be arranged to form a DMZ. DMZ is required only if an
organization has servers that it needs to make available to the outside world (e.g.
Web servers or FTP servers). For this, a firewall has at least three network interfaces.
One interface connects to the internal private network; the second connects to the
external public network (i.e. the Internet), and the third connects to the public
servers (which form the DMZ network).

8) The main limitations of a firewall can be described as follows.

1. Insider’s intrusion: A firewall system is designed to thwart outside attacks.

Therefore, if an inside user attacks the internal network in some way, the
firewall cannot prevent such an attack.

17
 2. Direct Internet traffic: A firewall must be configured very carefully. It is
effective only if it is the only entry-exit point of an organization’s network. If,
instead, the firewall is one of the entry-exit points, a user can bypass the
firewall and exchange information with the Internet via the other entry-exit
points. This can open up the possibilities of attacks on the internal network
through those points. The firewall cannot, obviously, be expected to take
care of such situations.

3. Virus attacks: A firewall cannot protect the internal network from virus
threats. This is because a firewall cannot be expected to scan every incoming
file or packet for possible virus contents. Therefore, a separate virus
detection and removal mechanism is required for preventing virus attacks.
Alternatively, some vendors bundle their firewall products with anti-virus
software, to enable both the features out of the box.

9) In the tunnel mode, an encrypted tunnel is established between two hosts. Suppose
X and Y are two hosts, wanting to communicate with each other using the IPSec
tunnel mode. What happens here is that they identify their respective proxies, say P1
and P2, and a logical encrypted tunnel is established between P1 and P2. X sends its
transmission to P1. The tunnel carries the transmission to P2. P2 forwards it to Y.

10) A VPN is a mechanism of employing encryption, authentication and integrity protection so

that we can use a public network (such as the Internet) as if it is a private network (such as a
physical network created and controlled by you). VPN offers high amount of security, and yet
does not require any special cabling on behalf of the organization that wants to use it. Thus,
a VPN combines the advantages of a public network (cheap and easily available) with those
of a private network (secure and reliable).

A VPN can connect distant networks of an organization, or it can be used to allow traveling
users to remotely access a private network (e.g. the organization’s intranet) securely over the
Internet.

18