Information security system

What is the OSI certification architecture? Ans) A Systematic way of defining the requirements for security and characterizing the approaches to satisfying them is generally defined as OSI security architecture. This was developed as an international standard. Focuses of OSI Security Architecture 1) Security attacks action that compromises the security of information owned by an organization. 2) Security apparatus designed to detect, prevent, or recover from a security attack. ) Security usefulness intended to counter security attacks. 1. ) What the difference between passive and active security threats? Ans) Passive Threats makes attempt to learn or make use of information from the system but does not affect any system resources whereas active threats embarrass modification of the data stream. So in passive attack a machine politician intrudes your system, and waits for some valuable information. In an active attack a hacker tries to get the valuable information by using his abilities rather than depending on the stupidity of the victim.Example for passive attack A report logger which sends the input disposed by the victim to a hacker via a network (LAN). Example for Active attack Using Brute force to crack the password of a system. 1. 5) List and briefly define categories of security service Ans) The major categories of security service be namely Confidentially The protection of data from unauthorized divine revelation by encryption and decryption-preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.Authentication The assurance that the communicating entity is the one that it claims to be. The bother of authorization is often thought to be identical to hat of authentication many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. Integrity The assurance that data posed are exactly as sent by an authorized entity.End user go out receive what is sent-guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity Access control The prevention of unauthorized use of a resource means this service controls that have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do.Ability Time for access-ensuring timely and reliable access to and use of information handiness The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, tally to performance specifications for the system. Nonrepudiation Provides protection against denial by one of the entities involved in Chapter 2 2. 2) How many learns are required for 2 people to communicate via a symmetric cipher? Ans ) Only one key is required for 2 people to communicate via a symmetric cipher. The key distribution will send the same key/ single key for encryption and ecryption process. . 9) List and briefly defines three uses of a general key cryptosystem Ans) Encryption/decryption The transmitter encrypts a message with the recipients public key. Digital signature The sender signs a message with its private key. Signing is achieved by a cryptographic algorithm utilise to the message or to a small block of data that is a function of the message. Key exchange Two sides cooperate to exchange a sitting key. Several different approaches are possible, involving the private key(s) of one or both parties. 2. 10) What is the difference between private key and a secret key?Ans) secret key is used in symmetric encryption. Both sender and receiver have obtained copies of a secret key in secure fashion and fete the key secured. The private key is used with public key in asymmetric encryption. The sender will send encryption document with the receiver public key, then the receiver will decrypt the document with his/ her private k ey. The private key is not shared with anyone. The secret key must be transfer to or shared with all parties by a method outside the communications link it is intended to secure. 2. 13) How can public key encryption be used to distribute a secret key?Ans) Several different pproaches are possible, involving the private key(s) of one or both parties. One approach is Diffle-Hellman key exchange. Another approach is for the sender to encrypt a secret key with the recipients public key. The key distribution uses the asymmetric encryption to send secret key to the receiver by her/ his public key. Then the receiver will use his/ her private key to decrypt to get her/ his secret key. Problem 2. 9)Construct a kind similar to figure 2. 9 that includes a digital signature to authenticate the message in the digital envelope. Sol) We can Show the creation of digital envelope as a solution.