Cybersecurity Essentials: Attacks, Encryption, and Protocols

Posted on Dec 24, 2025 in Computers

Common Types of Active Network Attacks

The various types of active attacks are described as follows:

  • Masquerade Attack: This occurs when an unauthorized entity pretends to be a legitimate user or system to gain access to resources. For example, an attacker sends a message to a user pretending to be someone else, and the recipient is unaware of the impersonation. A common scenario involves “Darth” sending a message to Alice while pretending to be Bob.
  • Replay Attack: This involves the unauthorized capture of data and its subsequent retransmission to produce an unauthorized effect. For instance, if Bob sends a message to Alice to add money to Darth’s account, Darth can capture the message and replay it later, causing Alice to add money again without authorization.
  • Modification of Message: Here, an unauthorized party alters the contents of a message during transmission. For example, Bob sends a message to Alice permitting access to a file, but Darth intercepts the message and changes it so that access is given to Darth instead.
  • Repudiation: The sender or receiver can deny having sent or received a communication. For instance, a client might send a bank transfer request and later deny making the request, causing confusion and potential loss.
  • Denial of Service (DoS): This attack focuses on fabricating or saturating a server with an overwhelming number of packets, making it impossible for legitimate users to access the server. The attacker floods the target with excessive traffic, resulting in denial of service for genuine requests.

These types of active attacks directly affect the integrity, availability, and authenticity of data. They are contrasted with passive attacks, which involve only the interception of data without modification.

Discussion on Various Types of Active Attacks

Active attacks represent a significant threat to network security because they involve the alteration of data streams or the creation of false streams.

Symmetric vs. Asymmetric Cryptography

Here is the differentiation between symmetric and asymmetric cryptography:

Symmetric Cryptography

  • In symmetric cryptography, the same secret key is used for both encryption and decryption of data.
  • It is also known as conventional or secret-key cryptography.
  • The main advantage is that it is simple and fast, making it suitable for encrypting large amounts of data.
  • The disadvantage is that the key must be securely shared between the sender and receiver; if the key is leaked, the security of the entire system is compromised.
  • Examples of symmetric algorithms include DES, 3DES, and AES.

Asymmetric Cryptography

  • In asymmetric cryptography, two different keys are used: a public key for encryption and a private key for decryption.
  • It is also known as public-key cryptography.
  • The main advantage is that it provides higher security because the private key is never shared. Even if the public key is known, the data remains protected.
  • The disadvantage is that it is slower and less efficient than symmetric cryptography, so it is typically used for secure key exchange and authentication rather than for encrypting large amounts of data.
  • Examples of asymmetric algorithms include RSA, Diffie-Hellman, and ECC.

Key Differences Comparison

FeatureSymmetric CryptographyAsymmetric Cryptography
Number of KeysOne key for both encryption/decryptionTwo keys (public and private)
SpeedFaster, efficient for large dataSlower, less efficient
Key DistributionRequires secure key sharingPublic key can be shared freely
SecurityLower (if key is compromised)Higher (private key remains secret)
Use CasesEncrypting large files, bulk dataSecure key exchange, digital signatures
ExamplesDES, 3DES, AESRSA, Diffie-Hellman, ECC

Differentiating Symmetric and Asymmetric Cryptography

The choice between these two methods depends on the specific security requirements, such as the need for speed versus the need for secure key distribution.

SOAP Web Service Architecture

A SOAP web service is described as follows:

  • SOAP (Simple Object Access Protocol) is a protocol used for exchanging structured information between web services in a network.
  • It uses XML (Extensible Markup Language) for message formatting, making it platform- and language-independent, so applications running on different systems can communicate with each other.
  • SOAP messages are typically sent over HTTP but can also work with other protocols like SMTP.
  • The structure of a SOAP message includes an envelope, header, body, and optional fault elements. The envelope defines the message structure, the header contains metadata (such as authentication or routing information), and the body contains the actual data or request/response.
  • SOAP web services are standardized and support advanced features like security, authentication, and extensibility, making them suitable for enterprise-level applications.

In summary, SOAP web services provide a reliable and secure way to exchange data between different systems using XML-based messages and are widely used in environments where interoperability and standardization are important.

Explaining SOAP Web Services

SOAP remains a cornerstone for formal contracts between API providers and consumers in enterprise environments.

Advanced Firewall Configurations

The different firewall configurations are as follows:

Firewall Configurations

  • Screened Host Firewall (Single-Homed Bastion): This configuration uses a packet-filtering router and an application gateway (bastion host). The packet filter only allows traffic to and from the bastion host, while the bastion host performs authentication and proxy functions. The main advantage is that it combines both packet-level and application-level filtering, increasing security. If the packet filter is compromised, internal hosts are still protected by the application gateway.
  • Screened Host Firewall (Dual-Homed Bastion): In this configuration, the bastion host has two network interfaces: one connected to the internal network and the other to the external network. The bastion host acts as a gateway, and all traffic between the two networks must pass through it. If the bastion host is compromised, the internal network is still protected because there is no direct connection between the internal and external networks.
  • Screened Subnet Firewall: This configuration uses two packet-filtering routers—one between the bastion host and the internet, and another between the bastion host and the internal network. This creates a screened subnet, which can include additional servers and provides three levels of defense. The internal network is isolated from the internet, and traffic across the screened subnet is blocked. This is considered the most secure firewall configuration.

Roles of Firewall Components

  • Packet Filtering Firewall: Filters packets based on predefined rules, such as IP addresses and port numbers. It can be static or stateful, where the latter maintains the state of active connections for better security.
  • Application Gateway (Proxy): Acts as an intermediary for application-level traffic, examining every packet and providing authentication and logging. It is more secure than packet filtering but introduces additional processing overhead.
  • Bastion Host: A specialized system that acts as the application gateway and is configured to allow only essential services. It is hardened and monitored to provide a strong security point.

Discussion on Different Firewall Configurations

The choice of configuration depends on the required level of security and the specific network environment, ranging from simple filtering to complex multi-layer setups.

Message Authentication Code (MAC)

MAC (Message Authentication Code) is discussed as follows:

  • A Message Authentication Code (MAC) is a cryptographic technique used to ensure the integrity and authenticity of a message. It is a short piece of information used to authenticate a message and confirm that it has not been altered during transmission.
  • MAC is generated using a secret key and the message content. The sender computes the MAC and sends it along with the message. The receiver recomputes the MAC using the same key and compares it with the received MAC. If they match, the message is considered authentic and unaltered.
  • MAC provides protection against unauthorized modification of messages and helps in detecting any tampering or replay attacks. It is commonly used in network security protocols to ensure that the data received is exactly what was sent by the legitimate sender.
  • MAC is an essential part of integrity services, which are designed to protect data from unauthorized change, insertion, deletion, and replay.

Discussion on MAC

In summary, MAC is a security mechanism that uses a secret key to generate a code for a message, ensuring that the message is authentic and has not been tampered with during transmission.

SSL Protocols and Security

SSL (Secure Sockets Layer) is explained as follows:

  • SSL is a security protocol that provides privacy, authentication, and data integrity for online communications. It is used to secure connections between web clients and servers, ensuring that data transmitted over the network is encrypted and protected from unauthorized access.
  • SSL operates using three main protocols:
    • SSL Handshake Protocol: This protocol is responsible for establishing a secure session between the client and server. It involves the exchange of cryptographic keys and authentication of both parties. The handshake process ensures that the communication is secure before any data is transmitted.
    • SSL Record Protocol: This protocol is used to encapsulate application data, providing confidentiality and message integrity. It divides the data into fragments, optionally compresses them, appends a Message Authentication Code (MAC), and then encrypts the data for transmission.
    • SSL Alert Protocol: This protocol is used to communicate error messages and alerts between the client and server. It helps in detecting and handling any security issues or errors that occur during the communication.

Explaining SSL and Its Three Protocols

In summary, SSL ensures secure communication by encrypting data, authenticating the communicating parties, and maintaining data integrity through its three protocols: Handshake, Record, and Alert.

Digital Certificate Revocation

Digital certificates are revoked when they can no longer be trusted for secure communication. This typically happens for several reasons:

  • Reasons for Revocation: Certificates are revoked when the private key is compromised, lost, suspected to be stolen, or misused. Other reasons include the certificate holder changing affiliation or organizational status, the certificate being superseded by a new one, or operation ceases (i.e., the owner of the certificate does not need it anymore).
  • Process: The Certificate Authority (CA) invalidates the certificate prior to its expiration date if any of these conditions are met, ensuring that it cannot be used for authentication, encryption, or digital signatures anymore.

How Revocation Status is Checked

  • Certificate Revocation List (CRL): The revocation status of a digital certificate can be checked using a CRL, which is a list published by the CA containing details of all revoked certificates. Systems or clients can download and check this list to verify whether a certificate is still valid or has been revoked.
  • Online Certificate Status Protocol (OCSP): Alternatively, revocation status may be checked in real-time using OCSP. Here, the client sends a query to an OCSP responder provided by the CA to get the current status of the certificate. This method does not require downloading the entire list and provides immediate feedback about the certificate’s validity.

Revoking digital certificates and checking their status is crucial to maintaining the integrity and security of electronic communications.

Internal Structure of a DES Round

The structure of one round in the DES (Data Encryption Standard) algorithm is as follows:

DES Round Structure

  • Initial Permutation: Before rounds start, the 64-bit plaintext undergoes an initial permutation, rearranging its bits.
  • Division: The block is then divided into two halves: Left (L) and Right (R), each 32 bits.

Steps in One DES Round

  • Expansion: The 32-bit right half (R) is expanded to 48 bits using an expansion permutation. This is done to match the size of the round key.
  • Key Mixing: The expanded 48-bit R is XORed with the 48-bit round key generated for that round.
  • Substitution: The result from the previous step goes through 8 S-boxes, each producing a 4-bit output from a 6-bit input. This step introduces non-linearity and confusion.
  • Permutation: The 32 bits from the S-boxes are permuted using a fixed permutation table (P-box), further diffusing the bits.
  • Function and Swap: The outcome of the permutation is XORed with the left half (L). For the next round, the left half becomes the right half, and the newly computed value becomes the new left half.

The process for one round can be represented as:

  • hLy63Z+Ae8Y9CTfBTwHAAAAAElFTkSuQmCC
  • N90VQH5DPwDqZLAZOnkDOgAAAAASUVORK5CYII=

Where TCDYIbDgmgJt0+9oxBistVbA5dyZaM6ZvR3IkDoejmAk16c6tKwjLgDanBXgi+xYRAsg+Q3UXxOEI3+J2ONgyZN+jBSzITdu7C47hTwzg8IEAnI5iHKqJjqg0DgDjcNN6YZYt3wAAAABJRU5ErkJggg== is the combination of expansion, key mixing, substitution, and permutation, and mcaN+OjWwv+f9uo4jbO6gJb7mGdAb1PB+TqKztyrrB+OWAOIVfOMCAAAAAElFTkSuQmCC is the round key.

Each round ensures that after 16 such iterations, the resulting data is thoroughly mixed, making decryption extremely difficult without the correct key.

Rootkits and the Sony XCP Case Study

  • A rootkit is a malicious software toolset that enables an attacker to gain root or administrator-level access to a computer system and remain hidden from detection.
  • Once installed, rootkits can allow unauthorized users to control the system, modify files, hide their presence, and conceal other malicious activities. Rootkits are difficult to detect and remove because they operate at a deep level within the operating system or even at the hardware/firmware level.
  • Rootkits often replace system utilities and files to ensure the attacker’s privileged access remains undetected.

Sony XCP Rootkit

  • The Sony XCP rootkit is a well-known case in which Sony BMG included a rootkit program as part of the DRM mechanism on certain music CDs.
  • When the CD was played on a Windows computer, the XCP software was automatically installed, which modified the operating system to restrict copying of the CD. The rootkit concealed its presence and activities from the user and traditional security tools.
  • The XCP rootkit created vulnerabilities by hiding files related to itself and allowing other malware to exploit its hiding capabilities. This raised major security and privacy concerns and led to widespread criticism, legal actions, and the recall of affected CDs.

In summary, rootkits are dangerous because they enable persistent, concealed control over a system; the Sony XCP rootkit is a notorious example that was distributed through music CDs and made systems vulnerable to further exploitation.

GCD Calculation via Euclidean Algorithm

Let’s compute the greatest common divisor (GCD) using the Euclidean algorithm.

a) GCD of 401 and 700

  • Step 1: wdeNmOyvwtSXl5hf4unGznfUP5uqu7g4H9XwAAAAASUVORK5CYII= remainder f16n1dhHZB1m+tfYAUjCPkMQAAAABJRU5ErkJggg==
  • Step 2: g+e4ptowntmTQAAAABJRU5ErkJggg== remainder +ytYr+tc5QNuQnK4haSL6gAAAABJRU5ErkJggg==
  • Step 3: v9kAEkRKpnfCPICtmZ+A0iKUMn8RpAXsDXzG0BShMofjZtMxOUCYwoAAAAASUVORK5CYII= remainder qAAAAABJRU5ErkJggg==
  • Step 4: D9Wj1eCPrnxwPnS79y6F+FKXCjiL+fZUkbPitQc7Z6FLAg4J6DET47AhHB0AqJCEYEQxEI1Y81GIrgf8SHGBk4jtlnAAAAAElFTkSuQmCC remainder AyNySkAAAAAElFTkSuQmCC
  • Step 5: 4+BL2phsPfQAAAABJRU5ErkJggg== remainder a9+wAAAABJRU5ErkJggg==
  • Step 6: MkLmyzfPrs8AAAAASUVORK5CYII= remainder BxOvb0BB8LTpnEu6REAAAAASUVORK5CYII=
  • Step 7: NKp04A58BwjMDdhzii+R8atWN9Ckq+Qtg446rYaSPEwAAAABJRU5ErkJggg== remainder gYASyxPIn7cSX0AAAAASUVORK5CYII=
  • Step 8: hJtTuyQHW5QAAAABJRU5ErkJggg== remainder FnHggAAAABJRU5ErkJggg==

The GCD is gYASyxPIn7cSX0AAAAASUVORK5CYII= .

b) GCD of 1970 and 1066

  • Step 1: rWFAAAAAElFTkSuQmCC remainder EnTkPvF6r7ff6z3Y3pHrP9A40QX4me1hAAAAAElFTkSuQmCC
  • Step 2: AZieVxUPA0NJAAAAAElFTkSuQmCC remainder 2SIDlWcL4yYAAAAASUVORK5CYII=
  • Step 3: AXy6xeaGWVFVAAAAAElFTkSuQmCC remainder +oOuwPTbDZx7BUvkAAAAABJRU5ErkJggg==
  • Step 4: LjwYnXv9tvvsHaB39z8JPENjPoSuPM4MygKwOu9nMOujL4HxwdNF0i7CS4AAAAAElFTkSuQmCC remainder 184vhgpmRtOew7gAAAAASUVORK5CYII=
  • Step 5: 8E6v+7447F+kJ8gSNy3UfQT6CxkXQL5734datpt7vAAAAAElFTkSuQmCC remainder 512+erFK+3Bx6Xa+3CV83m+6y3ziRupbgoZfL83TkJXiJONC9J53UXmy9RQ9Y5uzhhgVGc+n8eHPqvmT++b8jCbudS+QAAAABJRU5ErkJggg==
  • Step 6: X2Gx3I0o5xRqLSKIX28bs0t2DIYPt3YTkPwZKf3cETjURlAja1vipglIFbaugP4LIzgjSIsOWAAAAAElFTkSuQmCC remainder 5+cMia90B17xEfzVznc+AAAAAElFTkSuQmCC
  • Step 7: 9uY+HfHwk8fBYoCbXOHmEExg7Zl0AMC8hcJvCOvsQAAAABJRU5ErkJggg== remainder CbfA+pp8GPOIFjSAAAAAElFTkSuQmCC
  • Step 8: DFD3fSzKz1c6XGT8yni+RLKWnJSeCpNHsRWQwiL7iAaPwiw0lVN0lDzlkGPVEuAZ0RBAk0exDKhfIbItdEdk1SZm2PiKoHznW580UdVXj9mBRmQvcl5d7Amc961jRXWM4K4H0UfjPOkUhwQ6x5e2kM23KqKnnHJY1Z9dPrTyr7YmNKH1EIGII+DPWm7NQZ+FQ95tAGSJgAAoAPJLEiGCLPzuYCqfpsMmxgkAAAAASUVORK5CYII= remainder PBby3MQVyJXMi7NYrclk3F1pmSFDCKD+5dsd7GEK3yOdTJIiwr1cyvtzvoZRetC6CdWizavU9Nb4P0WChKLir03WUxf7MOx8V8AQKTyTnaLvumAAAAAElFTkSuQmCC
  • Step 9: 7pKCDiNIt9o2oKk0aZSIUqVFt6sGBPhK2AZP+NR7l7wjKgeijlSED+ZxE8momRiIcAfYD4PuJ59bPYAAAAASUVORK5CYII= remainder a9+wAAAABJRU5ErkJggg==
  • Step 10: SIBc7eT6rbflTXHoQQ3fh6ZIAEhRTb35pvnZobuT8I75q3UjrHZcxM+m4of8W7gsScYsDuaUO+QAAAABJRU5ErkJggg== remainder QDjRDioFeHHxwSuQZxS+sMbuLhQYAda7rhVX0AS7ljt5qKetjaZFq8uSwcSnXM+TWYQNKsEvU0kAwNN1wB3Kg+0c8URJfiqS71YYRmkAZe7Ql05RRkjNGS3nccBPxXTQ5tiC8Q1zNwLynrRhrVPjzdzhmewDjwAQrrvEhdAAAAABJRU5ErkJggg==
  • Step 11: B9cUuh1Ky2fSgAAAABJRU5ErkJggg== remainder FnHggAAAABJRU5ErkJggg==

The GCD is QDjRDioFeHHxwSuQZxS+sMbuLhQYAda7rhVX0AS7ljt5qKetjaZFq8uSwcSnXM+TWYQNKsEvU0kAwNN1wB3Kg+0c8URJfiqS71YYRmkAZe7Ql05RRkjNGS3nccBPxXTQ5tiC8Q1zNwLynrRhrVPjzdzhmewDjwAQrrvEhdAAAAABJRU5ErkJggg== .

Summary of Results

  • GCD(401, 700) = 1
  • GCD(1970, 1066) = 2