COMPUTER SECURITY AND CRYPTOGRAPHY

Name: Kin’gola Raphael

Reg_No: BIT/2021/94797

(1) Discuss the following intrusion detection mechanisms

i. NIDS
A Network-based Intrusion Detection System, or NIDS, is a security tool designed to
scrutinize network traffic and pinpoint any potential breaches or harmful activities. It
functions at the network level and examines network packets to identify any behavior that
may be suspicious or not authorized.

ii. Signature Based

Signature-based intrusion detection is a method employed by intrusion detection systems
(IDS) to spot familiar attack patterns, also referred to as signatures, within network traffic.
This technique leverages a catalog of predefined signatures that depict unique features of
recognized attacks. If the network traffic corresponds to a signature present in the
database, the IDS raises an alarm or initiates suitable measures to counteract the potential
risk.

iii. HIDS
A Host-based Intrusion Detection System, abbreviated as HIDS, is a security system
structured to observe and dissect actions taking place on specific host machines, like
servers or personal workstations, with the aim of detecting potential breaches or harmful
operations. In contrast to Network-based Intrusion Detection Systems (NIDS) that scrutinize
network traffic, HIDS concentrates on the operations carried out directly on the host system.

(2) List and discuss the two types of Firewalls

1. Network Firewalls:

Network Firewalls, also known as hardware firewalls, are typically positioned at the
edge of a network to regulate and monitor incoming and outgoing network traffic. They
operate by adhering to predefined security rules to either accept or reject specific traffic
data. These firewalls can protect an entire local network and are commonly used by
businesses. They filter packets based on IP addresses, domain names, protocols, ports,
1
and other criteria. Examples of network firewalls include packet filtering firewalls,
stateful inspection firewalls, and next-generation firewalls (NGFWs).

2. Host-based Firewalls:

Host-based firewalls, also known as software firewalls, run on individual servers or

computers and control network traffic to and from those machines. These firewalls
provide a layer of software on the host that can restrict incoming and outgoing network
traffic for a single machine. They are particularly beneficial in controlling outbound
connections and can be tailored to specific user requirements. They operate by defining
rules for processes, applications, and users to limit network connections. Windows
Firewall and Zone Alarm are examples of host-based firewalls.

(3) Explain the main characteristics of the Kerberos authentication scheme.

i. Symmetric Key System: Kerberos uses symmetric encryption, which means the
same key is used to encrypt and decrypt messages. This choice for symmetric
encryption is because it's generally faster than asymmetric encryption, which is
crucial for a system like Kerberos that may need to handle thousands or millions
of requests per minute.

ii. Ticket-Based Authentication: Instead of sending passwords over the network,

Kerberos uses tickets, which are encrypted data that confirm the user's identity.
Once a user's identity is confirmed by the KDC, the user receives a ticket-
granting ticket (TGT). This TGT can then be used to obtain additional tickets for
specific services, preventing repeated logins.

iii. Key Distribution Center (KDC): The KDC is the trusted third party that validates
clients' identities. It consists of the Authentication Server (AS) and the Ticket-
Granting Server (TGS). The AS verifies the client's identity and provides a TGT,
while the TGS issues service tickets based on the TGT.

iv. Mutual Authentication: Both the user and the server verify each other's identity.
This process helps to ensure that users don't expose their credentials to impostor
servers and that servers don't provide data to unauthorized users.

v. Time-Sensitive: The tickets provided by Kerberos have a time limit for enhanced
security. If a ticket expires, the user must re-authenticate to get a new ticket.

vi. Single Sign-On (SSO): One of the main benefits of Kerberos is its ability to
provide single sign-on. Once users authenticate initially and receive their TGT,
they can access multiple services that trust the KDC without needing to reenter
their credentials.

2
(4) Discuss the following types of security threats
A. Bots
Bots are software programs or scripts that perform automated tasks on the Internet.
i. Malware bots; These bots can be used for various malicious activities, such as
distributed denial-of-service (DDoS) attacks, spam distribution, spreading malware,
data exfiltration, and credential theft.
ii. Web scrapping bots; While web scraping itself is not malicious, some bots may
engage in scraping activities with malicious intent, such as scraping sensitive
information, violating website terms of service, or stealing intellectual property.
iii. Spam bots; Spam bots are bots that automatically generate and distribute spam
emails or messages across various communication platforms. They are used by
spammers to flood inboxes with unsolicited and often malicious content, including
phishing attempts, scams, and malware distribution.
B. Rootkit

A rootkit is a category of malicious software engineered to secure unauthorized entry

and command over a computer system while eluding detection by conventional security
measures. Rootkits infiltrate critical components of an operating system, like the kernel
or system libraries, in order to attain privileged access and manipulate the system as a
whole. Attackers can deploy rootkits on vulnerable systems by exploiting weaknesses or
leveraging social engineering tactics.
Rootkits are designed to be invisible and untraceable by standard security provisions,
including antivirus programs and intrusion detection systems. They utilize sophisticated
strategies to hide their existence, such as integrating into system operations, altering
system binaries, or tampering with system call tables.

(5) With the aid of a suitable example describe how the following can be used to
protect email systems.

i.
Antivirus Software: Antivirus software can help protect an email system by
scanning incoming and outgoing emails for known threats, such as malware or
phishing attempts. For example, Norton Antivirus will scan your emails for
suspicious attachments and links. If it finds a potential threat, it will remove the
suspicious item or quarantine the email.

ii. Spam Filters: Spam filters can protect email systems by preventing spam emails
from reaching your inbox. These spam emails often contain phishing attempts,
malware, or other security threats. For instance, Gmail has a robust spam filter
that uses machine learning and community reporting to keep spam emails out of
your inbox.

3
 iii. Secure Protocols (S/MIME): S/MIME (Secure/Multipurpose Internet Mail
Extensions) is a protocol that allows for encrypted and digitally signed emails.
This protects the confidentiality and integrity of emails. For example, Apple Mail
supports S/MIME, allowing users to send and receive encrypted emails.

iv. Two-Factor Authentication (2FA): 2FA adds an additional layer of security to

your email account. Even if your password is compromised, an attacker would
need the second factor (often a code sent to your mobile device) to gain access.
Services like Microsoft Outlook offer 2FA for email accounts.

v. Employee Education: This isn't a technical solution, but it's a vital part of any
cybersecurity strategy. By educating employees about common email threats
(like phishing emails or suspicious attachments), how to use security tools, and
the importance of good password hygiene, organizations can significantly reduce
the risk of an email-based attack.

b) Dicuss how Diffie–Hellman key exchange works

Setup:

Before the key exchange begins, both parties, often referred to as Alice and Bob, agree on
certain parameters:

A large prime number, usually denoted as p.

A primitive root modulo p, denoted as g.

These parameters are public and known to both Alice and Bob but are not secret.

Key Exchange Process:

The key exchange process involves the following steps:

a. Alice's Steps:

Alice selects a private random number, denoted as a.

Alice computes her public value, A, using the formula: A = g^a mod p.

4
Alice sends her public value, A, to Bob over the insecure communication channel.

b. Bob's Steps:

Bob selects a private random number, denoted as b.

Bob computes his public value, B, using the formula: B = g^b mod p.

Bob sends his public value, B, to Alice over the insecure communication channel.

Shared Secret Key Calculation:

After exchanging their public values, Alice and Bob perform the following calculations to
derive the shared secret key:

a. Alice's Calculation:

Alice uses Bob's public value, B, and her private key, a, to compute the shared secret key,
K, using the formula: K = B^a mod p.

b. Bob's Calculation:

Bob uses Alice's public value, A, and his private key, b, to compute the shared secret key,
K, using the formula: K = A^b mod p.
Both Alice and Bob now have the same shared secret key, K, which they can use for
symmetric encryption or other cryptographic operations.
(6)Distinguish the following
(a) Public-Key Cryptography and Secret-key encryption

i. Secret-Key Encryption: In secret-key encryption, the same secret key is used

for both encryption and decryption. The sender and receiver must share the
same secret key in advance, which requires a secure method of key distribution.
Once the key is distributed, it is kept confidential and used for encrypting and
decrypting the messages.
ii. Public-Key Cryptography: In public-key cryptography, each user has a pair of
mathematically related keys: a public key and a private key. The public key can
be freely shared with others, while the private key is kept secret. Users can

5
 encrypt messages using the recipient's public key and the recipient can decrypt
them using their corresponding private key. The public keys are distributed
openly, eliminating the need for secure key distribution.

(7)Encode the following message using Caesar's key value of 3 “I LOVE

ENCRYPTING MESSAGES
Each letter in the original message is shifted three positions to the right in the alphabet to
create the encoded message.
The Encoded Message will Be
L ORYH HQFUBSWLQJ PHVVDJHV

(8)Explain how the HILL cipher algorithm works. You may use the plaintext PLAY to
and the key SECRET to show its encipherment procedure.
The Hill cipher algorithm is a symmetric encryption technique that operates on blocks of
plaintext and uses matrix multiplication to achieve encryption and decryption.
Convert to 2 x 2 matrix
SE
CR
Divide the plain text into same length as the key matrix
PL
AY
Assign numerical values to each letter of the plaintext based on their positions in the
alphabet, starting from 0. In this case, P=15, L=11, A=0, and Y=24.
Multiply each block of the plaintext by the key matrix modulo 26.

Block 1: [15 11] x [19 2] mod 26 = [17 5]

Block 2: [0 24] x [19 2] mod 26 = [10 4]

Convert the resulting matrix back into alphabetical characters by mapping the numerical
values to their corresponding letters. In this case, 17=P, 5=F, 10=K, and 4=E.

Block 1: [17 5] => PE

Block 2: [10 4] => KE
Combine the blocks of ciphertext to obtain the final encrypted message. In this case, the
encrypted message using the Hill cipher algorithm with the key "SECRET" for the plaintext
"PLAY" is "PEKE".

(9)

6
1 Let f(a;b) & f(c;d) be two affine ciphers s/t
f(a;b)(x) (a:x + b) mod 26
f(c;d)(x) (c:x + d) mod 26
Is f(c;d) f(a;b) a stronger encryption scheme than f(a;b)?
f(c;d)(x) (c:x + d) mod 26

(10) Using Affine Cipher Theory and given;a=9 and b=4, Encrpt the word "MAZERAS"
and show the resulting cipher text.
Encryption formula is ax + b mod 26

E(M) = (9 * 12 + 4) mod 26 = 14 mod 26 = 14 -> Letter: O

E(A) = (9 * 0 + 4) mod 26 = 4 mod 26 = 4 -> Letter: E

E(Z) = (9 * 25 + 4) mod 26 = 11 mod 26 = 11 -> Letter: L

E(E) = (9 * 4 + 4) mod 26 = 40 mod 26 = 14 -> Letter: O

E(R) = (9 * 17 + 4) mod 26 = 157 mod 26 = 5 -> Letter: F

E(A) = (9 * 0 + 4) mod 26 = 4 mod 26 = 4 -> Letter: E

E(S) = (9 * 18 + 4) mod 26 = 166 mod 26 = 18 -> Letter: S

Encrypted word: "OELOEFU"

12) What is the key-space of an affine cipher?

The key-space of an affine cipher refers to the total number of possible combinations of key
values that can be used in the encryption process. In the case of an affine cipher, the key
consists of two values: a and b.