ISS Oral
Gave my ISS(Information Security Systems) oral today..so putting up the Q&A's.BTW the subject deals with things like cryptography & network security.Post your guess of how much marks do you think I'll get(out of 50) as a comment to this post.For your reference..I am giving this scale..
------------------------------------------------------------------------------------
44 to 48 : Best
Above 40 : Good
Below 40:OK
Passing marks:20
------------------------------------------------------------------------------------
Q) Can you explain me the Diffie-Hellman algorithm?
A--> 1.I explained the key exchange problem in case of symmetric key cryptography.
2.I explained the algorithm in detail with n,g,X and Y...assuming Alice as sender and Bob as receiver...explained that finally we get K=g [raised to (xy) ] mod n on both sides..and hence the key is exchanged successfully.
3.Then I talked about the vulnerability of DH algo ie the man-in-middle attack..told that an intruder Trudy sitting between Alice and Bob can intercept messages and cause havoc..explained that Alice and Bob would then be communicating with Trudy..instead of amongst them.
Q)So can a third person sit between Alice and Trudy and cause the middle-man attack again?
A-->Yes, that too can happen.
Q)So it is a recursive process...
A-->Yes.The process can be recursive to any level.
Q)Then is there any solution to this problem?
A-->Yes.The man in middle attack basically exploits the weakness of Diffie- Hellman algorithm, that it does not provide any authentication.There is another key distribution protocol called as the Oakley key distribution protocol..which uses cookies for authentication.The initiator sends a random cookie to the receiver..which must be accompanied in the receiver's first response.So both parties authenticate each other using cookies and are therefore assured of their identities.Oakley key distribution is a part of IPSec.
Q)There is something called as DES.What is it?
A-->DES is a symmetric key encrption algorithm. It is a modified version of IBM's Lucifer.The US govt adopted it as a standard in 1976. DES is a block cipher ..the block size being 64 bits.The key is 64 bits long,but different keys are generated from the main key and used for each round.
Basically there are 3 steps in DES.Initial permutation (scrambling) ,16 rounds and then final permutation. In each round there are 5 sub-steps..key transforamtion,expansion permutation, s-box substitution,p-box permutation and XOR-swap.(Then I explained these steps in brief..LPT/RPT..etc.I wanted to explain in detail..but I felt that he was expecting only basics..so I cut short).
Q)If you have to device your own encryption algorithm,what are the design
issues you will need to consider?
A-->Firstly we will need to decide whether it is to be a symetric or asymmetric key encryption algortithm.(Explained merits & demerits of both).Then we will need to decide factors like key-size,block-cipher or stream cipher etc.All this will depend on for what purpose the algorithm will be used. We will also need to consider whether the algorithm will be actually used as hardware implementation or software implmentation. (I think the last line was unecessary.)
------------------------------------------------------------------------------------
44 to 48 : Best
Above 40 : Good
Below 40:OK
Passing marks:20
------------------------------------------------------------------------------------
Q) Can you explain me the Diffie-Hellman algorithm?
A--> 1.I explained the key exchange problem in case of symmetric key cryptography.
2.I explained the algorithm in detail with n,g,X and Y...assuming Alice as sender and Bob as receiver...explained that finally we get K=g [raised to (xy) ] mod n on both sides..and hence the key is exchanged successfully.
3.Then I talked about the vulnerability of DH algo ie the man-in-middle attack..told that an intruder Trudy sitting between Alice and Bob can intercept messages and cause havoc..explained that Alice and Bob would then be communicating with Trudy..instead of amongst them.
Q)So can a third person sit between Alice and Trudy and cause the middle-man attack again?
A-->Yes, that too can happen.
Q)So it is a recursive process...
A-->Yes.The process can be recursive to any level.
Q)Then is there any solution to this problem?
A-->Yes.The man in middle attack basically exploits the weakness of Diffie- Hellman algorithm, that it does not provide any authentication.There is another key distribution protocol called as the Oakley key distribution protocol..which uses cookies for authentication.The initiator sends a random cookie to the receiver..which must be accompanied in the receiver's first response.So both parties authenticate each other using cookies and are therefore assured of their identities.Oakley key distribution is a part of IPSec.
Q)There is something called as DES.What is it?
A-->DES is a symmetric key encrption algorithm. It is a modified version of IBM's Lucifer.The US govt adopted it as a standard in 1976. DES is a block cipher ..the block size being 64 bits.The key is 64 bits long,but different keys are generated from the main key and used for each round.
Basically there are 3 steps in DES.Initial permutation (scrambling) ,16 rounds and then final permutation. In each round there are 5 sub-steps..key transforamtion,expansion permutation, s-box substitution,p-box permutation and XOR-swap.(Then I explained these steps in brief..LPT/RPT..etc.I wanted to explain in detail..but I felt that he was expecting only basics..so I cut short).
Q)If you have to device your own encryption algorithm,what are the design
issues you will need to consider?
A-->Firstly we will need to decide whether it is to be a symetric or asymmetric key encryption algortithm.(Explained merits & demerits of both).Then we will need to decide factors like key-size,block-cipher or stream cipher etc.All this will depend on for what purpose the algorithm will be used. We will also need to consider whether the algorithm will be actually used as hardware implementation or software implmentation. (I think the last line was unecessary.)
posted by Anup @ 9:19 AM
3 comments
