Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Questions & Answers on Symmetric Block Cipher and Encryption Process

Verified

Added on 2023/04/21

AI Summary

This document provides answers to questions related to symmetric block cipher, encryption process, different encryption types, advantages and disadvantages of Cipher-Block Chaining (CBC) mode, ethical considerations of unbreakable encryptions, authentication mechanisms, importance of strong passwords, basics of cybersecurity, vulnerability scoring, and firewall rules.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

1QUESTIONS & ANSWERS
QUESTIONS & ANSWERS
Student Name
Institution Affiliation
Facilitator
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2QUESTIONS & ANSWERS
SECTION A
Answer ALL questions.
Question 1(a)
The “mode of operation” concept in a symmetric block cipher is an algorithm that
utilizes block cipher in order to provide information services such as authenticity and
confidentiality. This is because block ciphers when independent are only suitable for securing
cryptographic transformations i.e1 decryption and encryption of fixed-length bits also known
as blocks. Mode of operation, therefore, describes how single-block ciphers are applied
repeatedly in operations to transform larger amounts of data securely. Most of the modes
require unique binary sequences, commonly known as the initialization vector (IV) for
different encryption operations.
Cipher-Block Chaining (CBC) Mode
CBC encryption mode which was invented in 1976 mainly entails the addition
of XOR in any plaintext block to ciphertext block produced. The resulting text is then
encrypted by a cipher algorithm as usual. For that matter, subsequent ciphertext blocks
depend on the previous ones. XOR is added to the initial plaintext block’s random
initialization vector which has the same size as the plaintext block.
Cipher-Block Chaining (CBC) advantages
 With this mode, equal messages utilizing similar keys are encrypted to different
cryptograms
 Messages encrypted in this mode can be decrypted from any part
1MJ Dworkin. Recommendation for block cipher modes of operation: The CMAC mode for authentication. 2016 Oct 6.

3QUESTIONS & ANSWERS
 Its error multiplication features strengthen its security
Cipher-Block Chaining (CBC) disadvantages
 The message length under this mode must be aligned with its cipher block size
 After modification of message blocks, they cannot be re-encrypted
 Implementation of decryption is needed
 In case an attacker succeeds in inserting some parts into the message and gets the
ciphertext; parts of user messages are compromised.
Question 1(b)
Based on the communication layer where the encryption process takes place, there are
three different types of encryption namely SSL, TLS and HTTPS2
SSL stands for Secure Sockets Layer, a type of encryption operating at the
presentation layer to secure internet connections and safeguard sensitive data being sent
between two systems to prevent it from being read or modified in the course of transmission.
TSL which stands for Transport Layer Security, on the other hand, is an updated and
more secure version of SSL operating under the transport layer and which has the three
options of encryption: RSA, ECC or DSA
HTTPS which stands for Hyper Text Transfer Protocol Secure and operates under the
application layer is a form of encryption which appears on the URL of a website which has
been secured using an SSL certificate.
2 P.A Grassi, EM Newton, RA Perlner, AR Regenscheid, WE Burr, JP Richer, NB Lefkovitz, JM Danker, YY Choong, K
Greene, MF Theofanos. Digital identity guidelines: Authentication and lifecycle management. 2017 Jun 22.

4QUESTIONS & ANSWERS
Among the three, SSL and TLS are likely to raise ethical considerations because they
entail the security of private information which according to privacy policies should be kept
confidential.
Question 1(c) (i)
Government agencies and lawyers will definitely be against the idea of people being
allowed to create encryptions that cannot be broken by the argument. First of all, they will
argue that the approach will put national security under risk because terrorists will be able to
communicate from different places and make terror attacks whose success rate will be high
due to lack of intelligence3.
Secondly, they will argue that the approach will deter criminal investigations
especially investigations regarding online transactions. In this matter, they will argue that
most of the offenders will upgrade into online platforms like PayPal and Shrill where
evidence won’t be easily obtainable considering the fact that their communication will be on
an encrypted format which cannot break.
Question 1(c) (ii)
The advocates of free software and human rights will support the idea because they
will look at it from the privacy protection point of view. They will argue that government
agencies and their lawyers are normal human beings like any other and being granted an
opportunity to have access to private information is a compromise to privacy of other people.
Question 1(c) (iii)
According to me, individuals should not be allowed to create encryptions which
cannot be broken by the government. This is in consideration of the dangers which the idea is
3 P Mell, K Scarfone, S Romanosky. A complete guide to the common vulnerability scoring system version 2.0 (2007).
Διαθέσιμο On-line στο: http://www. first. org/cvss/cvss-guide. pdf [Accessed 20 March 2012]. 2017.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5QUESTIONS & ANSWERS
expected to pause to the whole country compared to the benefits. For instance, security which
is a very vital factor for the smooth running of a country will have been totally compromised
as well as the transparency in the government offices as far as resource utilization is
concerned.
Question 2(a)
Authentication has been defined as a process of determining whether something or
someone is what or who declares to be. Drawing from this definition, digital authentication,
therefore, denotes the process of putting suitable and secure mechanisms in place to ensure
online users are exactly what they say they are4. For that matter and in consideration to the
fact that at the first glance it appears abstract, the knowledge factor like the use of passwords,
possession factors like token cards and lastly biometric factors like fingerprints.
Single-Factor Authentication (SFA) is the identity verification requires the party
requesting for access to have a single identifier that is linked to its identity in order to be
granted access rights.
Multifactor authentication (MFA) on the other hand requires more than one methods
of authentication before the user can be granted access rights into the system. A good
example of MFA is where a user must enter a password, a token card and fingerprints to log
in. A good example of a suitable multi-factor authentication mechanism for an electronic
bank transaction is where an account owner has an ATM card which he must insert into an
ATM machine and enter a password to withdraw money.
Question 2(b)
4 A Singhal, X Ou. Security risk analysis of enterprise networks using probabilistic attack graphs. InNetwork Security
Metrics 2017 (pp. 53-73). Springer, Cham.

6QUESTIONS & ANSWERS
Password-based authentication is still among the popular authentication mechanisms
because it’s easy and cheap to implement. Some of the advantages of this authentication
mechanism are:
 Simple to use
 Easy to deploy
 Generic passwords use SSH Tectia Connector
Disadvantages
 Its security is based entirely on confidentiality and password strength.
 It does not provide strong identity checks
Question 2(c)
Due to the current trend where the proliferation of social engineering and phishing
attacks are becoming rampant, use of strong passwords is very vital because it will minimize
the risk of individual passwords being compromised or landing into a third party.
SECTION B
Question 3(a)
 Cybersecurity entails protecting internet-connected systems right from
software, hardware, and data against cyber attacks.

7QUESTIONS & ANSWERS
 An asset in systems security is any device, data or other components
of the environment that support information-based activities.
 The vulnerability is a flaw in systems that leave it open to attacks. It
may also denote weaknesses in a computer a system that exposes it to
threats.
 Threats are things that have the potential of causing serious harm to
computer systems.
 Controls are countermeasures put in place to counter, avoid, detect, or
minimize security risks to information, computer systems, and other
assets
Vulnerabilities in information systems expose it to threats which can be mitigated
through security controls. For that matter, when formulating basic methodology in computer
security the first step should be the identification of system vulnerabilities followed by the
threats which can result from such vulnerabilities and then come up with controls. This
results in a turgid system which cannot be easily compromised.
Question 3(b)
Risk which is formulated as risk= probability x loss, it gauges the expected loss which
is connected to an occurrence of an event and which is also a subject to the disruption
expected from the event. It can also be rephrased as; risk = failure probability x damage
related to the failure.
For instance, assuming that a person has chosen 2 different investments A and B
where A is subject to disruption with a probability of 1% with a relative loss of 1000, while B
is subject to disruption with a probability of 2% and a loss of 800. Using the formula risk=
probability x loss,
Risk (A) = 0.01 x 1000 = 10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

8QUESTIONS & ANSWERS
Risk (B) = 0.02 x 800 = 16
So, if the investor is risk averse, he is likely to prefer A over B.
According to the above calculation, plans for disaster recovery will be advisable to be
made when the probability of the risk is high as well as the loss. This is because in case a risk
occurs, getting to the normal operational state would be hard, in fact very had because the
business would have suffered a huge loss.
Question 3(b) (i)
Information asset: People working within an organization have control and access over all
the information being handled with the organization.
Physical assets and hardware: These refer to all the assets that can be used by people within
the organization to manipulate information
Intangible asset: The intellectual property of an organization, reputation, and brand.
Question 3(b) (ii)
As an information asset within an organization, people may disclose passwords to
enter company servers to the attacker who uses them to compromise the organization data. In
this case, disclosure becomes the vulnerability while compromise to the organization data
becomes the threat.
Question 3(b) (iii)
One time passwords will act as an appropriate control to the information asset. This is
because even if the password is disclosed, the attackers won’t be able to access organization
systems and thus cannot compromise the systems.
Question 3(b) (iv)
My security awareness level is high because I understand that passwords can be
leaked to a third party and because organization workers cannot be restricted from accessing

9QUESTIONS & ANSWERS
organization systems, one time passwords would be effective because even if shared won’t be
useful to the attackers.
Question 4(a)
Vulnerability scoring is a standard used to assess the severity of a system security
vulnerability. This technique allows respondents to prioritize resources and responses
according to threats.
Question 4(b) (i)
The three main CVSS metric groups are Environmental, Base and Temporal, each
consisting of its own metrics.
 Base: it entails the intrinsic and fundamental characteristics of vulnerabilities that are
constant over time and user environments.
 Temporal: it entails the characteristics of vulnerabilities that change over time but not
among the user environments.
 Environmental: it entails the characteristics of vulnerabilities that are unique and
relevant to particular user's environment.
Question 4(b) (ii)
Function 𝜇𝐼𝑚𝑝 describes the potential impacts an exploit has on
systems while function 𝜇𝐸𝑥𝑝 describes the means and ease of exploiting
vulnerabilities. Each of these two functions contributes in an additive
fashion of final numerical score which ranges from 0 to 10.
Question 4(b) (iii)
AV:N/AC:L/Au:N/C:P/I:N/A:N denotes a vulnerability can allow an attacker to
traverse a file system and read any file accessible by the web server for a total score of 5.0.

10QUESTIONS & ANSWERS
The two flaws obviously introduce different risks, yet according to CVSSv2 standards, they
are not different 5. This denotes the problem with single or ‘Partial’ category ranging from
“just a bit” to “almost everything but not quite”. A score of 5.0 is enough to fail an
organization for PCI DSS compliance
Question 4(c)
Vulnerability scoring does not statistically influence the time delays, which are
strongly affected by the decreasing annual trends. Controlling the annual trends can be a
remedy to this limitation.
Question 5(a) (i)
The packet will be allowed. This is because none of its headers has been set to be denied
when it traverses the firewall.
Question 5(a) (ii)
The packet will be denied. This is because its destination IP has been set to be denied
when it traverses the firewall.
Question 5(a) (iii)
The packet will be denied. This is because none of its headers is recognizable through
the firewall and hence will be denied by default.
Question 5(b) 6
5 P Mell, K Scarfone, S Romanosky. A complete guide to the common vulnerability scoring system version 2.0 (2007).
Διαθέσιμο On-line στο: http://www. first. org/cvss/cvss-guide. pdf [Accessed 20 March 2012]. 2017.
6 K Osuga, DN Page. Qubit transport model for unitary black hole evaporation without firewalls. Physical Review D. 2018
Mar 26;97(6):066023.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

11QUESTIONS & ANSWERS
In this scenario, none of the packet headers will be recognized by the firewall and
hence denied automatically. The situation can be solved by reconfiguring the packet headers
to correspond with the port number, source IP, destination Ip or the port number.
Question 5(b) 7
Firewall IDS
It’s a hardware or software that blocks
unauthorized access in a networked
environment while permitting the authorized
communications
Is a software or hardware installed on
network or host to detect and report intrusion
attempts
Firewalls can block unauthorized access IDS just report intrusion but can’t block
Firewalls cannot detect network security
breaches
IDS help in collecting information which can
be used to signify security breaches
Firewalls don’t inspect content from
permitted traffic
IDS keep check of the overall network
No manpower is used in managing firewalls An administrator is required to respond to
IDS threats
Firewalls are visible to outsiders IDS cannot be spotted easily
Organizations which benefit from IDS are Intelligence based organizations while those which
benefit from firewalls are those which operate in networked environments.
References
7 D Spanos. Intrusion Detection Systems for Mobile Ad Hoc Networks.

12QUESTIONS & ANSWERS
Can O, Sahingoz OK. A survey of intrusion detection systems in wireless sensor networks.
InModeling, Simulation, and Applied Optimization (ICMSAO), 2015 6th International
Conference on 2015 May 27 (pp. 1-6). IEEE.
Dworkin MJ. Recommendation for block cipher modes of operation: The CMAC mode for
authentication. 2016 Oct 6.
Grassi PA, Newton EM, Perlner RA, Regenscheid AR, Burr WE, Richer JP, Lefkovitz NB,
Danker JM, Choong YY, Greene K, Theofanos MF. Digital identity guidelines:
Authentication and lifecycle management. 2017 Jun 22.
Mell P, Scarfone K, Romanosky S. A complete guide to the common vulnerability scoring
system version 2.0 (2007). Διαθέσιμο On-line στο: http://www. first. org/cvss/cvss-guide. pdf
[Accessed 20 March 2012]. 2017.
Nakamura ET, Ribeiro SL. A Privacy, Security, Safety, Resilience, and Reliability Focused
Risk Assessment Methodology for IIoT Systems Steps to Build and Use Secure IIoT
Systems. In2018 Global Internet of Things Summit (GTS) 2018 Jun 4 (pp. 1-6). IEEE.
Osuga K, Page DN. Qubit transport model for unitary black hole evaporation without
firewalls. Physical Review D. 2018 Mar 26;97(6):066023.
Singhal A, Ou X. Security risk analysis of enterprise networks using probabilistic attack
graphs. InNetwork Security Metrics 2017 (pp. 53-73). Springer, Cham.
Spanos D. Intrusion Detection Systems for Mobile Ad Hoc Networks.

1 out of 12

+13062052269

info@desklib.com

Questions & Answers on Symmetric Block Cipher and Encryption Process

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Enhancing Cyber Security of Networked Control Systems using Encryption

Analysis of Ciphers Techniques

Article | EVALUATION OF AES AND DES

Cryptography and Steganography Techniques

Security in IT and Information Technology: Techniques for Deciphering Messages

Energy Harvesting for Wireless Sensor Networks