Information Security Homework: Cryptosystems, Attacks, and Defenses

Verified

Added on 2022/10/11

AI Summary

This document presents a comprehensive solution to an information security assignment, delving into the core concepts of cryptosystems. The solution begins by defining cryptosystems and their role in providing crucial information security services, including confidentiality, integrity, and non-repudiation. Confidentiality is explained as ensuring data is accessible only to authorized individuals, implemented through encryption methods like asymmetric and symmetric encryption. Integrity is described as safeguarding data from unauthorized alterations, achieved through data hashing techniques. Non-repudiation is discussed in the context of formal contracts and data transfers, utilizing digital signatures to prevent denial of document authenticity. The solution then addresses common attacks on cryptographic systems, specifically focusing on the brute force attack, its methodology, and how modern ciphers defend against it through the use of sufficiently long secret keys. The document references relevant academic sources to support the presented concepts.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SECURITY
Answer to question1:
A cryptosystems is an execution of the methods of cryptography and the infrastructure
in order to give services of information security. A cryptosystem is also known as a cipher
system (Simmons, 2019).
The cryptosystems are used to provide confidentiality, integrity and non-repudiation
to the information systems or the information that are stored in the information systems.
Confidentiality:
Confidentiality is a concept of making sure that the data is not made available to the
people that are not authorized. Confidentiality is established by encryption. Both the
asymmetric and symmetric encryption is used for confidentiality (Thillaiarasu et al.,2018).
The data confidentiality is achieved through algorithms of encryption that are strong and that
cannot be broken easily. A spy ring that is secret and doing substitution of character that is
simple is not a strong encryption. Confidentiality is essential when the communications of
network are of sensitive nature such as the secrets of trade, information of the client or the
strategies of business. The confidentiality is also essential for essential data that is at rest. The
procedure of encryption in transparent to the user.
Integrity:
Integrity of information is the protection of information from being changed by the
parties that are unauthorized. As with the confidentiality of data, cryptography plays an
important role in making sure the integrity of data. The methods that are used commonly in
order to protect the integrity of data consist of data hashing and then comparing it with the
hash of the message that was received originally. This means that the hash of the data that is
original must be given to the user in a fashion that is more secured. The techniques that are

2INFORMATION SECURITY
convenient those are to be used in the schemes that already exist are GPG in order to sign the
data digitally.
Non –repudiation
From the view of security of information, non-repudiation applies to the cases of
contract that are formal, data transfer or communication (Badra & Borghol, 2018). Its goal is
to make sure that a person or an organization is bound by the contract terms or the parties that
are involved in a specific communication or transfer of documents are not able to deny the
authenticity of the signatures on the documents of contract.
It is done using digital signatures in the cryptosystems. In this method, a certificate
authority that is trusted signs each of the certificates. ‘
Answer to question2:
A common attack on the cryptographic systems is the brute force attack.
The attack that is simplest on a cipher is the attack of brute force. In the attack of
brute force, the attacker tries to decrypt the message with the secret key that is possible and
then check the output of the decryption (Arzhakov & Silnov, 2016). Enough time and the
resources those are computational are given, this attack guarantees to work as the secret key
that is true should be within the set of secret keys that are possible and the attacker will try
and understand that the plaintext is the correct one.
The ciphers that are modern protect themselves against the attack of brute force using
a key that is secret and that is enough long in order to make guessing of the possibilities
impossible. Example: The longest length of key that is available of the cipher of AES is 256
bits that means there are 2256 keys of AES are possible.

3INFORMATION SECURITY
Several softwares should be installed in the computer system as these help in the
detection of the attack of brute force (Gong & Behar, 2018). The softwares that help in the
detection of the attack of brute force include John the Ripper, Ophcrack and Hashcat.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION SECURITY
References
Arzhakov, A. V., & Silnov, D. S. (2016). Analysis of Brute Force Attacks with Ylmf-pc
Signature. International Journal of Electrical & Computer Engineering (2088-
8708), 6(4).
Badra, M., & Borghol, R. (2018). Long-term integrity and non-repudiation protocol for
multiple entities. Sustainable cities and society, 40, 189-193.
Gong, C., & Behar, B. (2018). Understanding password security through password
cracking. Journal of Computing Sciences in Colleges, 33(5), 81-87.
Simmons, G. (2019). Secure communications and asymmetric cryptosystems. Routledge.
Thillaiarasu, N., Pandian, S. C., Balaji, G. N., Shierly, R. B., Divya, A., & Prabha, G. D.
(2018, August). Enforcing Confidentiality and Authentication over Public Cloud
Using Hybrid Cryptosystems. In International Conference on Intelligent Data
Communication Technologies and Internet of Things (pp. 1495-1503). Springer,
Cham.