Friday, March 8, 2019
Information security system
What is the OSI security department computer architecture? Ans) A Systematic way of delineate the requirements for security and characterizing the blastes to satisfying them is generally desexualized as OSI security architecture. This was developed as an international standard. Focuses of OSI Security Architecture 1) Security rapes achieve that compromises the security of tuition owned by an organization. 2) Security mechanism knowing to detect, prevent, or recover from a security flame. ) Security service intend to counter security attacks. 1. ) What the difference between passive and sprightly security threats? Ans) Passive Threats makes attempt to learn or make use of information from the system but does not affect any system picks whereas active threats involve modification of the data stream. So in passive attack a cyber-terrorist intrudes your system, and waits for some valuable information. In an active attack a hacker tries to get the valuable information by use his abilities rather than depending on the stupidity of the victim.Example for passive attack A separate logger which stations the input given by the victim to a hacker via a network (LAN). Example for Active attack Using animal force to crack the password of a system. 1. 5) List and briefly define categories of security service Ans) The major categories of security service argon viz. Confidentially The protection of data from unauthorized disclosure by encoding and decryption-preserving authorized restrictions on information approach and disclosure, including means for protecting ain privacy and proprietary information.Authentication The assurance that the communicating entity is the hotshot that it claims to be. The problem of federal agency is often thought to be identical to hat of authentication many widely adopted standard security protocols, obligatory regulations, and even statutes be based on this assumption. Integrity The assurance that data received are ex actly as sent by an authorized entity.End user willing receive what is sent-guarding against improper information modification or destruction, including ensuring information nonrepudiation and legitimacy Access control The prevention of unauthorized use of a resource means this service controls that have inlet to a resource, under what conditions access sack occur, and what those accessing the resource are allowed to do.Ability Time for access-ensuring timely and reliable access to and use of information Availability The property of a system or a system resource being accessible and usable upon pauperism by an authorized system entity, according to performance specifications for the system. Nonrepudiation Provides protection against defending team by one of the entities involved in Chapter 2 2. 2) How many get words are required for 2 flock to communicate via a symmetric solve? Ans ) Only one headstone is required for 2 people to communicate via a symmetric cipher. The ke y distribution will distribute the same key/ single key for encryption and ecryption process. . 9) List and briefly defines three uses of a public key cryptosystem Ans) Encryption/decryption The transmitter encrypts a message with the recipients public key. Digital signature The sender signs a message with its private key. Signing is achieved by a cryptographic algorithmic program applied to the message or to a small block of data that is a function of the message. Key replace Two sides cooperate to exchange a session key. Several diverse approaches are possible, involving the private key(s) of one or both parties. 2. 10) What is the difference between private key and a out of sight key?Ans) Secret key is used in symmetric encryption. Both sender and pass recipient role have obtained copies of a cloistered key in secure fashion and keep the key secured. The private key is used with public key in asymmetric encryption. The sender will send encryption document with the receive r public key, then the receiver will decrypt the document with his/ her private key. The private key is not shared with anyone. The secret key must be transmitted to or shared with all parties by a method outside the communication theory link it is intended to secure. 2. 13) How can public key encryption be used to distribute a secret key?Ans) Several different pproaches are possible, involving the private key(s) of one or both parties. One approach is Diffle-Hellman key exchange. Another approach is for the sender to encrypt a secret key with the recipients public key. The key distribution uses the asymmetric encryption to send secret key to the receiver by her/ his public key. Then the receiver will use his/ her private key to decrypt to get her/ his secret key. Problem 2. 9)Construct a figure similar to figure 2. 9 that includes a digital signature to authenticate the message in the digital envelope. Sol) We can Show the creation of digital envelope as a solution.