6. Protection &
Security
1. What are
two advantages of encrypting data shared in the computer system? [4]
ans :-- It is the process of taking data and
modifying it so that it cannot be read by untrust users. Encryption is an important tool in protection,
security and authentication. The process involves two steps (Figure 15.2):
·
Encryption:
the original message is changed to some other form
·
Decryption:
the encrypted message is restored back to the original
|
Plain Plain
|
|
|
|
Text Text
Cipher
text
Figure 15.2: Conventional Encryption
Data before encryption is called plain text
and after encryption is called cipher text. Usually the above operations are
performed by hardware.
Encryption
could be by one of the following two basic methods:
·
Transposition
ciphers
·
Substitution
ciphers
In transposition ciphers the contents of the
data are not changed but the order is changed. For example, a message could be
sent in reverse order like:
I
am fine à enif ma I
Railfence cipher is a method that belongs to
this class. The method is slow because the entire message is to be stored and
then encrypted. It also requires more storage space when messages are long.
Substitution ciphers work by sending a set
of characters different from the original like:
I
am fine à r zn ormv
Ceasar cipher is a popular method of this
type. This method is fast and requires less memory because characters can be
changed as they are read and no storage is required.
Variations
of this scheme are used for bit streams. Encryption in this case involves
adding a key to every bit stream and decryption is removing the key from the
cipher text.
Thus
every algorithm has a key. It must ensure restoration. Normally a single piece
of hardware is responsible for both encryption and decryption.
In
the conventional encryption scheme two parties A and B agree upon a key.
Someone say A or B or a third party has to decide upon this common key get
concurrence from concerned parties and initiate communication. This is called
key distribution. Each pair of nodes needs a unique key. If there are ‘n’ nodes
then there will be nx(n-1)/2 keys. If ‘n’ is large then the number of keys will
also be large. Deciding, conveying and storing these keys is a mammoth job.
Tapping can take place. This is the key distribution problem.
An
alternate is the public key encryption. Keys used for encryption and decryption
are not the same. Key K1 is used for encryption and another key K2 is used for decryption. A message encrypted using K1
can be decrypted only using K2 and not K1. One
of the keys is publicly known. Hence the name public key encryption. Decryption
is done using a private key and hence information cannot leak out. Interchange
of keys K1 and K2 is possible that is, K2 to encrypt
and K1 to decrypt.
Each
user has two keys, one public and one private (Figure 15.3). The private key is
a secret but the user publishes the public key to a central key database. The
database maintains public keys of different users.
 |
 |
B’s
public key B’s private key
Plain Plain
|
|
|
|
Text Text
Cipher
text
Figure 15.3: Public key Encryption
Encryption and decryption are as follows:
·
A wants
to send a message to B.
·
A
searches the database of public keys for the public key of B.
·
A
encrypts the data using B’s public key.
·
The
cipher text is sent to B.
·
B
receives this cipher text.
·
B
decrypts the received cipher text using its private key and reads the message.
The problem here is that of authentication.
B does not know who has sent the message to it because everybody knows B’s
public key. In the conventional encryption method a single key is used between
two parties and hence the receiver knows the sender. But it suffers from the
problem of key distribution. In public key encryption method, for ‘n’ nodes in
the network only 2xn keys (1 public and 1 private for each of the nodes) are
required. There need be no agreement. Private key is chosen and a public key is
made known. Key distribution is really not necessary. Key leakage and tapping
are minimal. Protection is ensured but authentication is not provided.
2 The list of all passwords
Is kept within the operating, system. Thus, If a user manages to read this
list, password protection is no longer provided. Suggest a scheme that will
avoid this problem. [5]
3. With
reference to Unix consider the following situation:
4. What protection problems may arise if a
shared stack is used for parameter passing?
[6]
5. What are the assets of a computer
system? What are the possible categories of attack on the security of a
computer system or network? [6]
6. A
password may become known to other user by any way. Is there a simple method
for detecting that such an event has occurred? Explain your answer. [5]
7 What are the advantages of public-key
encryption? [6]
ans :-- Symmetric-key
cryptosystems use the same key for encryption and decryption of a message,
though a message or group of messages may have a different key than others. A
significant disadvantage of symmetric ciphers is the key
management necessary to use them securely.
The public –key encryption sloved this problem by creating a set of two
different keys for anyone needing to transmit encrypted information. A precise
mathematical relationship exists information. A precise mathematical
relationship exists between the two keys, which together are called a key pair.
Both keys are produced at the same time using algorithm. As a result ,when
either one o he two keys is used to encrypted a message, the other can be used
to decrypt it.
The two keys in a key pair are as follows :
a) private key :-- a
private key is known only to the owner
b) public key :-- a
public key is distributed to any user who resust it. Because the public and
private keys are related mathematically ,someone could take another person’s
public key,perform complex mathe,atical calculations on it, and extract the corresponding
private key. Therefore use keys sufficiently long and with a sufficiently
complex mathematically relationship so that it is all but impossible to extract
the private key from the public one. Once a key pair is generated for someone,
that person can use it to enrypt messages and digitally sign messages so that the recipient can be
sure of the identity of the sender. The whole public key cryption system is
founded on trust. All persons who are issued key pairs must trust the third
party authority who provided the key pairs. This trusted authority is called a
certifitcate authority.
8 Discuss
a means by which managers of system connected to the Internet could have
designed their systems to limit or eliminate the damage done by the worm. What
are the drawbacks of making the change that you suggest? [7]
9. What
protection problems may arise if a shared stack is used for parameter passing? [4]
10.
What is the main
difference between worm and virus? [4]
Ans :-- a worm is a variation on the theme of the
virus;instead of attaching itself to another program, a worm is an independent
process which spawns copies of itself. The effect of this is to clog up a
system with spurious execution of these processes,preventing legitimate
processes from running property. In addition, like a virus, the worm may
perform some other destructve activity. Worm are usually associate with
propagation through network systems. A major incidence of the worm was reported
in 1988 when one propagated itself through thousand of UNIX computer time and
rendering many of these machines temporarity useless.
VIRUS:A computer virus is written with an
intention of infecting other programs. It is a part of a program that
piggybacks on to a valid program. It differs from the worm in the following
ways:
·
Worm is
a complete program by itself and can execute independently whereas virus does
not operate independently.
·
Worm
consumes only system resources but virus causes direct harm to the system by
corrupting code as well as data.
There are several types of computer viruses.
New types get added every now and then. Some of the common varieties are:
·
Boot
sector infectors
·
Memory
resident infectors
·
File
specific infectors
·
Command
processor infectors
11. What
is meant by a domain and rights on it? Describe a Capability list and
ways of protecting it from user tampering. [9]
ans :--
a capability list for a domain is a list of objects together with the operation
allowed on those objects. An object is often represented by its physical name
or address, called a capability. The capability list is associated with a
domain, but it is never directly accessible to a proess executing in that
domain. Rather , the capability list is itself a protected object, maintained
by the OS and accessed by the user nly
indirectly. Capability based protection relies on the fact that capabilities are never allowed to migrate
into any address space directly accessaible by a user process. If all
capabilityes are secure, the object they protect is also secure againt
unauthoriezed access. Capabilities wrer originally propoed that was foreseen as
multiprogrammed comuter ssystem came of age. The idea of an inherently
protected pinter provides a foundation for protection that can be extended up
to the applications level. To provide inherent protection,we must distinguish
capabilities from other kinds of
objects, and they must be interpreted by an abstract machnine on which
higher-level program run. Capabilities are sueually distinguished from other
data .several capabilities based protection system have been developed.
12 Access Matrix is used for user
authentication which can be implemented by Access List and Capability List.
Briefly explain the two implementations. [4]
13 Distinguish
between different divisions of classification as per US Department of Defence
Trusted Computer System Evaluation Criteria. [6]
14. Describe the public-key encryption scheme
and mention how is it advantageous to the data-encryption standard.
[10]
15. What is protection domain? What are the
various methods of storing a protection matrix?
Ans :-- a
computer system is a collection of processes and object . by object ,we mean
both hardware objet (such a CPU, MEMORY SEGMENT,PRINTER, DISKS AND TAPE DRIVES)
and software objects (such as FILES, PROGRAM AND SEMAPHORES) . Each object has
a unique name that differentiates it from all other object in the system, and each can be
accessed only through well defined and meaningful operations .object are
essentially abstract data types. To facilities the scheme just described, a
process operates within a protection domain,which specifies the resourse that
the process may access. Each domain defines a set of object and the types of
operations on an object is an access right. A domain is a collection od access
rights, each of which is an ordered pair <object_name,right_set>. A domain can be realized in a varity of ways
:--
è each user may be
a domain.in this case, the set of objcect that can be accessed depended on the
identifity of the user. Domain switching occurs when the user is changed.
è each process may
be a domain. In this case , the set of object that can be accessed depending on
the identity of the process. Domain switching occurs when one process sends a
message to another process and then waits for a respose.
è each procedure
may be a domain. In set of objects that can be accessed corresponds to the locl
variable defined eithin the procedure.
Method of
protection matrix:--
A LOCK KEY
MECHANISM:-- the lock key scheme is a compromise between access lists and
capability lists. Each object has a list of unique bit pattern,called locks.
[3]
16.
How an access matrix is used for implementing protection policies? [4]
ANS :--
the rows of the access matrix represent
domains, and the olumns represent object. Each entry in the matrix consists of
a set of access rights. Because the column defines objects explicitly,we can
omit the object name from the access right.the entry access (I,j) defines the
set of operations that a process executing in domain Di can invoke
on object O j . the matrix
scheme provides us with the mechanism for specifying a variety of policies. The
machanism consists of implementing the access matrix and ensuring that the
semantic properties we have outlined hold.
The matrix can implement policy decisions concerning protection. The
policy decisions involve which rights should be include in the (I,j) th entry.
The user normally decide the consists of the aceess matrix entries. When a user
creates a new object oj , the column oj is added to the
acess matrix with the appropriate initialization entries, as dictated by the
creator. The access matrix provides an appropriate mechanism for defined and
implementing strick control for both the static and dynamic associaton etween
processes and domains. When we switch a
process from one domain to another, wea re executing an operation(switch) on an
object (the domain) . w can control domain switching by including domains among
the object s of the accesss matrix.
|
Object
domain
|
F1
|
F2
|
F3
|
Printer
|
|
D1
|
READ
|
|
READ
|
|
|
D2
|
|
|
|
PRINT
|
|
D3
|
|
READ
|
EXECUTE
|
|
|
D4
|
READ
WRITE
|
|
READ
WRITE
|
|
No comments:
Post a Comment