What is Symmetric Cryptosystems and Asymmetric Cryptosystems?
Symmetric Cryptosystems: The same key is used for both encryption and decryption. The key need to be kept as private key, hence the SC can also be called as private key cryptography. The secure distribution of keys is the major challenge that is associated with symmetric key cryptosystems. Data Encryption Standard and Advanced Encryption Standards are the algorithms which uses common cryptosystems.
The reliability of security of exchange is based on the security of the symmetric key. A new cipher text can be created by an attacker’s interpretation which uses the symmetric key after reading the cipher text.
Asymmetric Cryptosystems: Both private key and public key are used in Asymmetric cryptosystems. One key is used for data encryption and another for data decryption. Asymmetric cryptography is used in solving the challenge of secure distribution of the secret keys. Asymmetric cryptography solves the challenge of secure distribution of secret keys. Authentication is another feature of Asymmetric Cryptosystems.
Disadvantages of Symmetric Cryptosystems.
The following are the disadvantages of Symmetric Cryptosystems:
- Key transportation is one disadvantage of Symmetric Cryptosystems. From the sending system to the receiving system the secret key is to be transmitted before the actual message transmission. Electronic communication, in every means is insecure as it is not guarantee that no tapping communication channels can be tapped. Personal exchanging of key exchange is the only source.
- repudiate digital signatures can not be provided
Disadvantages of Asymmetric Cryptosystems.
The following are the disadvantages of Asymmetric Cryptosystems:
-The encryption speed is the disadvantage of Asymmetric Cryptosystems. Popular secret-key encryption methods are available which are significantly faster than public-key encryption
- The sizes of keys must be larger than symmetric cryptosystems for the purpose of achieving the protection of the same level.
Explain the concept of PKI, Public Key Infrastructure.
Public Key Infrastructure: A set of hardware, software, people, policies and procedures comprises the Public Key Infrastructure (PKI) and digital certificates are revoked. The arrangement of public key binding with respective of identification of users by means of a Certificate Authority , is done in PKI. Every certificate authority should have a unique user identity. The registration and issuance process that is depending on the level of assurance is involved in binding, which may be carried out be software at a CA. The binding assurance portrayed by PKI is known as Registration Authority. The public key certificates issued by the CA are comprised unforgettable user identity, public key and their binding, validity conditions and other attributes.
Explain the different components of PKI - PKI Client, Certification authority (CA), Registration authority, Certificates, Certification distribution systems.
PKI Client: PKI Client is software which enables the USB of eToken operation and implementation of eToken solutions which are PKI based. Certificate-based strong two-factor authentication, encryption and digital signing are included in eToken solution. It is secure, portable and secure by using PKI client.
Certificate Authority: CA is an entity used for the purpose of issuing digital certificates which are used by the other parties. Many public key infrastructure schemes are used in characterizing CAs. The matching private key is available publicly. This key is kept under secret by the end user who is the generator of the key pair.
Registration Authority: A registration Authority verifies the requests of users for a digital certificates and communicates to the certificate authority to issue the certificate. RA is a part of PKI.
Certificates: Certificates are utilized for authentication of network access as strong security for authentication is provided by them for users and computers. Less secure password-based authentication methods are eliminated by the certificates.
Explain the concepts of digital certificates.
A digital certificate is a credential which validates the certificate owner’s identity. The information provided by the digital certificate is known as ‘the subject distinguished name’. Certificate Authority issues the digital certificates to the users or the organizations. The trust in the certificate as a valid credential is provided as the foundation by the Certificate Authority.
What is Tunneling?
A way in which data is transmitted between networks in a secured manner. The complete data is segmented into packets and then transmitted through the tunnel. Each packet passed through tunnel is encrypted with additional layer with tunneling encryption and is used for the purpose of routing the data packets to the right direction. The encapsulation is reverted for decryption at the receiving node.
What is VPN Tunneling Packets?
VPN Tunneling Packets are packets to transmit over VPN in a specific VPN protocol format. These packets are encapsulated within some other base or carrier protocol followed by transmission between VPN client and VPN server. Finally, at the receiving side, de-encapsulation takes place.
Explain the concept of Voluntary and Compulsory Tunnels.
Voluntary Tunnel: The user creates a voluntary tunnel model. This model is typically uses a L2TP enabled client. An L2TP packet is sent by user to the Internet Service Provider which will in turn forward them on to LNS. The support of L2TP support is not needed by ISP. The L2TP tunnel initiator resides on the same system effectively playing as a remote client.
Compulsory Tunnel: The tunnel creation in compulsory tunnel, no action from the user and without allowing the user any choice is performed. Internet service provider access concentrator receives a point-to-point protocol packets from the user. The encapsulation of packets in L2TP and sending them through a tunnel to the L2TP network server is performed by the ISP. It is mandatory that the ISP is L2TP-capable.
What are Static and Dynamic Tunnels?
Static Tunnel: The manually created tunnels are called Static Tunnels. Static tunnels creation is the only choice when global discovery of hosts and tunnel partners are disabled by enhancing Xpress tunnels into manually created tunnels. The priority is higher when compared with static tunnel.
Dynamic Tunnel: The tunnels that are auto-discovered are known as dynamic tunnels. Dynamic tunnels are created quickly and automatically after the Packet Shaper is reset. At the time of preventing automatic tunnel, dynamic tunnels are allowed to setup the situation.
What is PPP Protocol?
Point-to-Point Protocol is known as data link protocol. This protocol is most commonly for establishment of direct connection among network nodes, usually between 2 nodes. Authentication of connection, privacy for transmission encryption and compression are provided by Point-to-Point Protocol. It has three fields – Protocol field, to indicate the type of payload packet. Information field contains the PPP payload, and a Padding field, if at all a particular protocol can be padded to distinguish information from padding.
Explain PPP Packet Format.
The following are the fields in the format of PPP packet. The fields transmission is from left to right.
Code Field: The code field is one octet, which identifies the kind of LCP packet. A code-reject packet is transmitted, when a packet is received with an unknown code field. In the most recent Assigned Numbers RFC, the LCP code field’s up-to-date field values are specified.
Identifier: The identifier field supports as an aid for matching requests and responses. When an invalid identifier field is available in a received packet, the packet discarding occurs without affecting the automation silently.
Length: It has two octets which indicate the length of the LCP packet, including the Code, Identifier, and Data fields. The length is not supposed to exceed the MRU of the specified link. On reception, the octets outside the range of the Length field are treated as padding and are ignored.
Data: It has zero or more octets. This was indicated by the Length field. The Code field identifies the format of Data field.
Explain Point-To-Point Tunneling Protocol, PPTP.
PPTP is one of the methods to implement Virtual Private Networks. Confidentiality or encryption does not provided by PPTP. The reliability of PPTP is being tunneled for the purpose of providing privacy. PPTP works by sending Point-to-Point Protocol to the peer with the Generic Encapsulation protocol. Because of its easy way of configuration, it is most popular protocol used in VPNs. It was the first protocol for VPNs and was supported by Dial-up network of Microsoft.
What is GRE (Generic Routing Encapsulation) in PPTP?
Generic Routing Encapsulation is a protocol for Point-to-Point Protocol. The encapsulation of a variety of network layer protocol packet types inside IP tunnels is done by GRE. This is done by creating virtual point-to-point link to routers which are pointed over an IP internetwork. It is completely stateless protocol based. Soon after it is configured, the GRE tunnel interface comes up and stays up until a valid tunnel resource address or interface is up.
What is CHAP (Challenge-Handshake Authentication protocol)?
Challenge-Handshake Authentication Protocol authenticates to an authenticating entity of a user or network. The entity can be an Internet access provider. CHAP is used by Point-to-Point Protocol that servers for the validation of identifying of remote clients. The identity of the client is verified by CHAP periodically with the use of a three-way handshake. This situation occurs when an initial link is established and maybe repeated after at any time. The shared secret is the base for verification. CHAP protection to play back attack by the peer. This is done by using an incrementally changing identifier and of a variable challenge-value. Both client and server need to know about the plain text of secret which uses CHAP.
What is PAP (Password Authentication Protocol)?
Password Authentication Protocol is one of the simple authentication protocols which are used for the purpose of authenticating a user to a network access server. This is used by Internet service providers. Point-to-Point Protocol uses PAP. Validating a user is the process of authenticating a user to access the server resources. The remote servers of network operating system remote servers support PAP. Unencrypted ASCII passwords are transmitted by Password Authentication Protocol over a network and are treated as insecure. In case of non-supporting a stronger authentication protocol, like CHAP, the PAP is used for the purpose of authentication.
What is Authentication header (AH) protocol?
Data origin authentication, data integrity and replay protection are provided by the Authentication Header protocol. Data confidentiality is not provided by Authentication Header. Data integrity with checksum which is a message authentication code is ensured by AH protocol. A secrete shared key is included by AH protocol for the purpose of ensuring data origin authentication. AH protocol uses a sequence number field for ensuring replays protection, within the header of AH protocol.
What is ESP (Encapsulating Security Payload)?
Encapsulating Security Payload is a protocol for the inter security architecture. It is the key protocol, which is targeted to provide a mixed service of security in IPv4 and IPv6. The ESP seeks for providing confidentiality and integrity by implementing protecting data using encryption and places this data in the portion that is assigned for data of IP ESP. The same mechanism can be used based on the requirements of security of the user. The process can be utilized for encrypting either a transport-layer segment or an entire IP datagram. The protected data encapsulation is used for providing necessary confidentiality for the entire original datagram.
No comments:
Post a Comment