Explore topic-wise InterviewSolutions in Current Affairs.

Ransomware:

Ransomware is a type of malware that usually encrypt all the files in a target’s computer and threatens to publish the critical data unless a ransom (money) is paid.

The most common Cryptographic protocol is Secure Sockets Layers (SSL). SSL is a hybrid encryption protocol for securing transactions over the Internet. It is based on a public key cryptography process.

A proxy server acts as an intermediary between the end users and a web server. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resources available from a different server. The proxy server examines the request, checks authenticity and grants the request based on that. Proxy servers typically keep the frequently visited site addresses in its cache which leads to improved response time.

(b) Public Key Infrastructure

Answer is (a) (i),(ii)

There are 2 kinds of security authentication protocols widely used in E-commerce.

(a) u, v = 5, 5

(c) goggle.com

Hacking is intruding into a computer system to steal personal data without the owner’s permission or knowledge (like to steal a password). It is also gaining unauthorized access to a computer system, and altering its contents.

Secure Socket Layer

(b) Proxy server

Answer is (c) i + j = 0

(c) Parallelogram

(b) Compound Statements

1. A programming language is a notation for expressing algorithms to be executed by computers. 

2. Programs must obey the grammar of the programming language exactly.

Ex. C, C++, python.

The iterative statement is commonly known as a loop

(c) Iteration

(c) Programming languages

(b) Pseudo code

There are 3 notations for representing algorithms.

Answer is (b) S2

(d) both b & c

Encryption technology:

Encryption technology is an effective information security protection. It is defined as converting a Plaintext into meaningless Ciphertext using encryption algorithm thus ensuring the confidentiality of the data. The encryption or decryption process use a key to encrypt or decrypt the data. At present, two encryption technologies are widely used. They are symmetric key encryption system and an asymmetric key encryption system.

Symmetric key encryption:

The Data Encryption Standard (DES) is a Symmetric key data encryption method. It was introduced in America in the year 1976, by Federal Information Processing Standard (FIPS).

DES is the typical block algorithm that takes a string of bits of cleartext (plaintext) with a fixed length and, through a series of complicated operations, transforms it into another encrypted text of the same length. DES also uses a key to customize the transformation, so that, in theory, the algorithm can only be deciphered by people who know the exact key that has been used for encryption. The DES key is apparently 64 bits, but in fact the algorithm uses only 56. The other eight bits are only used to verify the parity and then it is discarded.

Today, it is considered that DES is not safe for many applications, mainly because of its relatively smaller key size (56-bit). But the key length can be easily increased by multiple use of the DES, described as Triple-DES, also known as TDES, 3DES or DESede.

Asymmetric or Public key encryption:

Asymmetric encryption also called as RSA (RivestShamir-Adleman) algorithm. It uses public- key authentication and digital signatures. Until 1970s, there were only symmetric cryptosystems in which transmitter and receiver must have the same key. This raises the problem of key exchange andJcey management.

Unlike a symmetric encryption, the communicating parties need not know other’s private- key in asymmetric encryption. Each user generates their own key pair, which consists of a private key and a public key. A public-key encryption method is a method for converting a plaintext with a public key into a ciphertext from which the plaintext can be retrieved with a private key.

Conditional Statement:

• Statements are executed only once when the condition is true.
• If condition statement.

Iterative Statement:

• Iterative statement repeatedly evaluates a condition and executes a statement until it becomes false.
• While condition statement

Minimum (a, b)

– – inputs : a, b

– – outputs : result = a >1 b

Answer is (a) S1 ; S3

(a) Sequential

5 times the loop is iterated

(a) (1) only

NS2 is the abbreviation of NETWORK SIMULATOR version 2. It was considered explicitly for exploration in network communication and event-driven opensource simulator in computer.

A significant output of simulation is the trace files. Trace files can document every incident that happened in the simulation and are used for examination.

C++ and Object-oriented Tool Command Language (OTCL) and network monitoring.

(i) Information leakage:

The leakage of trade secrets in E-Commerce mainly includes two aspects:

(a) the content of the transaction between the vendor and customer is stolen by the third party; 

(b) the documents provided by the merchant to the customer or vice versa are illegally used by the another. This intercepting and stealing of online documents is called information leakage.

(ii) Tampering:

E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.

(iii) Payment frauds:

Payment frauds have subsets like Friendly fraud (when customer demands false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase Triangulation fraud (fake online shops offering cheapest price and collect credit card data) etc.

(iv) Malicious code threats:

Within an E-Commerce site, there are multiple vulnerable areas that can serve as an intrusion point for a hacker to gain payment and user information. Using malware, Cross Site Scripting or SQL Injection, an attacker will extract the credit card information and sell the acquired data on black markets. Fraud is then committed to extract the greatest value possible through E-Commerce transactions or ATM withdrawals, etc.

(v) Distributed Denial of Service (DDoS) Attacks:

It is a process of taking down an E-Commerce site by sending continious overwhelming request to its server. This attack will be conducted from numerous unidentified computers using botnet. This attack will slow down and make the server inoperative. DDoS attacks is also called as network flooding.

(vi) Cyber Squatting:

Cybers quatting is the illegal practice of registering an Internet domain name that might be wanted by another person in an intention to sell it later for a profit.

The following are some of the security elements involved in E-Commerce:

1. Authenticity: conforming genuineness of data shared.

2. Availability: prevention against data delay or removal.

3. Completeness: unification of all business information. 

4. Confidentiality: protecting data against unauthorized disclosure. 

5. Effectiveness: effective handling of hardware, software and data.

6. Integrity: prevention of the data being unaltered or modified.

7. Non-repudiation: prevention against violation agreement after the deal.

8. Privacy: prevention of customers’ personal data being used by others.

9. Reliability: providing a reliable identification of the individuals or businesses.

10. Review ability: capability of monitoring activities to audit and track the operations.

Information leakage:

The leakage of trade secrets in E-Commerce mainly includes two aspects:

1. The content of the transaction between the vendor and customer is stolen by the third party;

2. The documents provided by the merchant to the customer or vice versa are illegally used by the another. This intercepting and stealing of online documents is called information leakage.

3D secure is a secure payment protocol on the Internet.

Pretty Good Privacy (PGP):

Phil Zimmermann developed PGP in 1991. It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography and asymmetric-key cryptography and works on the concept of “web of trust”.

3-D Secure is a secure payment protocol on the Internet. It was developed by Visa to increase the level of transaction security, and it has been adapted by MasterCard. It gives a better authentication of the holder of the payment card, during purchases made on websites. The basic concept of this (XML-based) protocol is to link the financial authorization process with an online authentication system.

This authentication model comprise 3 domains (hence the name 3D) which are:

1. The Acquirer Domain

2. The Issuer Domain

3. The interoperability Domain.

(c) (i) (iii) (iv)

“Web of trust”

(c) Netscape

(a) (i) and (ii)

SSL was renamed as TLS in 2001

8 bits are used for parity check

Rivest-Shamir-Adleman

Digital certificates are issued by recognized Certification Authorities (CA). When someone requests a digital certificate, the authority verifies the identity of the requester, and if the requester fulfills all requirements, the authority issues it. When the sender uses a certificate to sign a document digitally, receiver can trust the digital signature because he trusts that CA has done their part verifying the sender’s identity.

(a) Pretty Good Privacy

In https://, ‘s’ stands for secure

Hacking to unauthorized intrusion into a computer or a network

(a) (i)-2 (ii)-1 (iii)-4 (iv)-3

(c) Completeness