SlideShare a Scribd company logo
Cryptography and network security by Stallings. Question 4.
(a) Is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If
so, explain how it can be done. If not, why not?
(b) For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the
packet encrytion?
Solution
a) SSL relies on an underlying reliable protocol TCP to assure that bytes are not lost or inserted.
There was some discussion of reengineering the future TLS protocol to work over datagram
protocols such as UDP, in which case out-of-order blocks cannot be handled. So it depends on
the transport layer protocol SSL/TLS runs on.
b)
As alluded to by Palo Ebermann's comment, the word authentication has a different meaning in
the two scenarios you mentioned.
In the key exchange phase of SSH, the purpose of authentication is to ensure to both parties that
they are indeed talking to the right peer (if using mutual authentication). Typically, the server
authenticates itself using its public key and the client uses a username and password.
In the SSH record layer phase (i.e., the sending of the actual application data), the purpose of
authentication is to protect each individual data packet from tampering. This is achieved using
the MAC. To encrypt application data SSH typically uses either AES in counter mode or in CBC
mode. Neither of these modes of operation provides protection against tampering of the
ciphertext. Thus they need to be accompanied with a MAC in order to detect this.
Consider e.g., the silly example where Alice sends the following message encrypted using AES
in counter mode, but without any MAC: Transfer 100 USD from Alice to Bob. Then someone
(Bob?) could flip a few strategically placed bits in the ciphertext, so that it would actually
decrypt to Transfer 10 000 USD from Alice to Bob. instead. Note that without any MAC, it
would be impossible for the recipient to notice that this ciphertext had been tampered with. Also,
observe that this fact is completely independent of any key exchange that has been done prior to
the tampering.

More Related Content

Similar to Cryptography and network security by Stallings- Question 4- (a) Is it.docx

Answer die following questions with short answers Explain the d.pdf
Answer die following questions with short answers  Explain the d.pdfAnswer die following questions with short answers  Explain the d.pdf
Answer die following questions with short answers Explain the d.pdf
calderoncasto9163
 
Chapter 8Secure Transport LayerIn the early days of th
Chapter 8Secure Transport LayerIn the early days of thChapter 8Secure Transport LayerIn the early days of th
Chapter 8Secure Transport LayerIn the early days of th
JinElias52
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured  CommunicationsTLS/SSL - Study of Secured  Communications
TLS/SSL - Study of Secured Communications
Nitin Ramesh
 
Q1) Show what part of SSL that protects against the following attack.pdf
Q1) Show what part of SSL that protects against the following attack.pdfQ1) Show what part of SSL that protects against the following attack.pdf
Q1) Show what part of SSL that protects against the following attack.pdf
arishmarketing21
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overview
ppd1961
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
Vlad Garbuz
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
Vishal Kumar
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
CSCJournals
 
Unit 6
Unit 6Unit 6
Group slide presentation week12
Group slide presentation week12Group slide presentation week12
Group slide presentation week12
s1190091
 
SSLtalk
SSLtalkSSLtalk
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper)
BeeBryte | Energy Intelligence & Automation
 
Https bicycle-attack
Https bicycle-attackHttps bicycle-attack
Https bicycle-attack
Andrey Apuhtin
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)
Mumbai Academisc
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
Kimberly Thomas
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
Hrudya Balachandran
 

Similar to Cryptography and network security by Stallings- Question 4- (a) Is it.docx (20)

Answer die following questions with short answers Explain the d.pdf
Answer die following questions with short answers  Explain the d.pdfAnswer die following questions with short answers  Explain the d.pdf
Answer die following questions with short answers Explain the d.pdf
 
Chapter 8Secure Transport LayerIn the early days of th
Chapter 8Secure Transport LayerIn the early days of thChapter 8Secure Transport LayerIn the early days of th
Chapter 8Secure Transport LayerIn the early days of th
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured  CommunicationsTLS/SSL - Study of Secured  Communications
TLS/SSL - Study of Secured Communications
 
Q1) Show what part of SSL that protects against the following attack.pdf
Q1) Show what part of SSL that protects against the following attack.pdfQ1) Show what part of SSL that protects against the following attack.pdf
Q1) Show what part of SSL that protects against the following attack.pdf
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overview
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 
Unit 6
Unit 6Unit 6
Unit 6
 
Group slide presentation week12
Group slide presentation week12Group slide presentation week12
Group slide presentation week12
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper)
 
Https bicycle-attack
Https bicycle-attackHttps bicycle-attack
Https bicycle-attack
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 

More from earleanp

Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docx
earleanp
 
Determine the valuation of long-term liabilities- Donald Lennon is the.docx
Determine the valuation of long-term liabilities- Donald Lennon is the.docxDetermine the valuation of long-term liabilities- Donald Lennon is the.docx
Determine the valuation of long-term liabilities- Donald Lennon is the.docx
earleanp
 
Describe three of the following attack types in the Operation Security.docx
Describe three of the following attack types in the Operation Security.docxDescribe three of the following attack types in the Operation Security.docx
Describe three of the following attack types in the Operation Security.docx
earleanp
 
Describes the concept of ADTS and illustrates the concept with three o.docx
Describes the concept of ADTS and illustrates the concept with three o.docxDescribes the concept of ADTS and illustrates the concept with three o.docx
Describes the concept of ADTS and illustrates the concept with three o.docx
earleanp
 
Describe- manage- and install Active Directory replication- federation.docx
Describe- manage- and install Active Directory replication- federation.docxDescribe- manage- and install Active Directory replication- federation.docx
Describe- manage- and install Active Directory replication- federation.docx
earleanp
 
Describe the process to start and restart apache on CENTOS command lin.docx
Describe the process to start and restart apache on CENTOS command lin.docxDescribe the process to start and restart apache on CENTOS command lin.docx
Describe the process to start and restart apache on CENTOS command lin.docx
earleanp
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
earleanp
 
Describe the process of creating and exporting a schedule report for t.docx
Describe the process of creating and exporting a schedule report for t.docxDescribe the process of creating and exporting a schedule report for t.docx
Describe the process of creating and exporting a schedule report for t.docx
earleanp
 
Describe the principal technologies that have shaped contemporary tele.docx
Describe the principal technologies that have shaped contemporary tele.docxDescribe the principal technologies that have shaped contemporary tele.docx
Describe the principal technologies that have shaped contemporary tele.docx
earleanp
 
Describe the typical duties of a security manager that are strictly ma.docx
Describe the typical duties of a security manager that are strictly ma.docxDescribe the typical duties of a security manager that are strictly ma.docx
Describe the typical duties of a security manager that are strictly ma.docx
earleanp
 
Describe the four categories of international airports in the federal.docx
Describe the four categories of international airports in the federal.docxDescribe the four categories of international airports in the federal.docx
Describe the four categories of international airports in the federal.docx
earleanp
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
earleanp
 
Describe the different metrics that BGP can use in building a routing.docx
Describe the different metrics that BGP can use in building a routing.docxDescribe the different metrics that BGP can use in building a routing.docx
Describe the different metrics that BGP can use in building a routing.docx
earleanp
 
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docx
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docxDescribe the ethnic city and the benefit of ethnic communiti- (-I need.docx
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docx
earleanp
 
Describe the different types of qualitative analysis and indicate whic.docx
Describe the different types of qualitative analysis and indicate whic.docxDescribe the different types of qualitative analysis and indicate whic.docx
Describe the different types of qualitative analysis and indicate whic.docx
earleanp
 
Describe neo-evolution- What is it and what are its primary tenets- Pr.docx
Describe neo-evolution- What is it and what are its primary tenets- Pr.docxDescribe neo-evolution- What is it and what are its primary tenets- Pr.docx
Describe neo-evolution- What is it and what are its primary tenets- Pr.docx
earleanp
 
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docxDescribe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
earleanp
 
Describe core competencies and their relationship to operations manage.docx
Describe core competencies and their relationship to operations manage.docxDescribe core competencies and their relationship to operations manage.docx
Describe core competencies and their relationship to operations manage.docx
earleanp
 
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docxDescribe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
earleanp
 
Describe events that led to the signing of the Homeland Security Act 2.docx
Describe events that led to the signing of the Homeland Security Act 2.docxDescribe events that led to the signing of the Homeland Security Act 2.docx
Describe events that led to the signing of the Homeland Security Act 2.docx
earleanp
 

More from earleanp (20)

Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docx
 
Determine the valuation of long-term liabilities- Donald Lennon is the.docx
Determine the valuation of long-term liabilities- Donald Lennon is the.docxDetermine the valuation of long-term liabilities- Donald Lennon is the.docx
Determine the valuation of long-term liabilities- Donald Lennon is the.docx
 
Describe three of the following attack types in the Operation Security.docx
Describe three of the following attack types in the Operation Security.docxDescribe three of the following attack types in the Operation Security.docx
Describe three of the following attack types in the Operation Security.docx
 
Describes the concept of ADTS and illustrates the concept with three o.docx
Describes the concept of ADTS and illustrates the concept with three o.docxDescribes the concept of ADTS and illustrates the concept with three o.docx
Describes the concept of ADTS and illustrates the concept with three o.docx
 
Describe- manage- and install Active Directory replication- federation.docx
Describe- manage- and install Active Directory replication- federation.docxDescribe- manage- and install Active Directory replication- federation.docx
Describe- manage- and install Active Directory replication- federation.docx
 
Describe the process to start and restart apache on CENTOS command lin.docx
Describe the process to start and restart apache on CENTOS command lin.docxDescribe the process to start and restart apache on CENTOS command lin.docx
Describe the process to start and restart apache on CENTOS command lin.docx
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
 
Describe the process of creating and exporting a schedule report for t.docx
Describe the process of creating and exporting a schedule report for t.docxDescribe the process of creating and exporting a schedule report for t.docx
Describe the process of creating and exporting a schedule report for t.docx
 
Describe the principal technologies that have shaped contemporary tele.docx
Describe the principal technologies that have shaped contemporary tele.docxDescribe the principal technologies that have shaped contemporary tele.docx
Describe the principal technologies that have shaped contemporary tele.docx
 
Describe the typical duties of a security manager that are strictly ma.docx
Describe the typical duties of a security manager that are strictly ma.docxDescribe the typical duties of a security manager that are strictly ma.docx
Describe the typical duties of a security manager that are strictly ma.docx
 
Describe the four categories of international airports in the federal.docx
Describe the four categories of international airports in the federal.docxDescribe the four categories of international airports in the federal.docx
Describe the four categories of international airports in the federal.docx
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
Describe the different metrics that BGP can use in building a routing.docx
Describe the different metrics that BGP can use in building a routing.docxDescribe the different metrics that BGP can use in building a routing.docx
Describe the different metrics that BGP can use in building a routing.docx
 
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docx
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docxDescribe the ethnic city and the benefit of ethnic communiti- (-I need.docx
Describe the ethnic city and the benefit of ethnic communiti- (-I need.docx
 
Describe the different types of qualitative analysis and indicate whic.docx
Describe the different types of qualitative analysis and indicate whic.docxDescribe the different types of qualitative analysis and indicate whic.docx
Describe the different types of qualitative analysis and indicate whic.docx
 
Describe neo-evolution- What is it and what are its primary tenets- Pr.docx
Describe neo-evolution- What is it and what are its primary tenets- Pr.docxDescribe neo-evolution- What is it and what are its primary tenets- Pr.docx
Describe neo-evolution- What is it and what are its primary tenets- Pr.docx
 
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docxDescribe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
Describe ip protocol security pros and cons-SolutionIP Protocol Securi.docx
 
Describe core competencies and their relationship to operations manage.docx
Describe core competencies and their relationship to operations manage.docxDescribe core competencies and their relationship to operations manage.docx
Describe core competencies and their relationship to operations manage.docx
 
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docxDescribe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
Describe in detail a man-in-the-middle attack on the Diffie-Hellman ke.docx
 
Describe events that led to the signing of the Homeland Security Act 2.docx
Describe events that led to the signing of the Homeland Security Act 2.docxDescribe events that led to the signing of the Homeland Security Act 2.docx
Describe events that led to the signing of the Homeland Security Act 2.docx
 

Recently uploaded

How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
National Information Standards Organization (NISO)
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
BBR 2024 Summer Sessions Interview Training
BBR  2024 Summer Sessions Interview TrainingBBR  2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 

Recently uploaded (20)

How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
BBR 2024 Summer Sessions Interview Training
BBR  2024 Summer Sessions Interview TrainingBBR  2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 

Cryptography and network security by Stallings- Question 4- (a) Is it.docx

  • 1. Cryptography and network security by Stallings. Question 4. (a) Is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not? (b) For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the packet encrytion? Solution a) SSL relies on an underlying reliable protocol TCP to assure that bytes are not lost or inserted. There was some discussion of reengineering the future TLS protocol to work over datagram protocols such as UDP, in which case out-of-order blocks cannot be handled. So it depends on the transport layer protocol SSL/TLS runs on. b) As alluded to by Palo Ebermann's comment, the word authentication has a different meaning in the two scenarios you mentioned. In the key exchange phase of SSH, the purpose of authentication is to ensure to both parties that they are indeed talking to the right peer (if using mutual authentication). Typically, the server authenticates itself using its public key and the client uses a username and password. In the SSH record layer phase (i.e., the sending of the actual application data), the purpose of authentication is to protect each individual data packet from tampering. This is achieved using the MAC. To encrypt application data SSH typically uses either AES in counter mode or in CBC mode. Neither of these modes of operation provides protection against tampering of the ciphertext. Thus they need to be accompanied with a MAC in order to detect this. Consider e.g., the silly example where Alice sends the following message encrypted using AES in counter mode, but without any MAC: Transfer 100 USD from Alice to Bob. Then someone (Bob?) could flip a few strategically placed bits in the ciphertext, so that it would actually decrypt to Transfer 10 000 USD from Alice to Bob. instead. Note that without any MAC, it would be impossible for the recipient to notice that this ciphertext had been tampered with. Also,
  • 2. observe that this fact is completely independent of any key exchange that has been done prior to the tampering.