Tuesday, March 09, 2010

WEB TECHNOLOGY IN LAMP TECHNOLOGY




WEB TECHNOLOGY IN LAMP TECHNOLOGY


LAMP is a shorthand term for a web application platform consisting of Linux, Apache, My SQL and one of Perl or PHP. Together, these open source tools provide a world-class platform for deploying web applications. Running on the Linux operating system, the Apache web server, the My SQL database and the programming languages, PHP or Perl deliver all of the components needed to build secure scalable dynamic websites. LAMP has been touted as “the killer app” of the open source world.

With many LAMP sites running Ebusiness logic and Ecommerce site and requiring 24x 7 uptime, ensuring the highest levels of data and application availability is critical. For organizations that have taken advantage of LAMP, these levels of availability are ensured by providing constant monitoring of the end-to-end application stack and immediate recovery of any failed solution components. Some also supports the movement of LAMP components among servers to remove the need for downtime associated with planned system maintenance.

The paper gives an overview of LINUX, APACHE, MYSQL, and mainly on PHP and its advantage over other active generation tools for interactive web design and its interface with the advanced database like MYSQL and finally the conclusion is provided.








CONTENTS


 Introduction
 Linux
 Apache
 My SQL
 Feature included in my sql
 PHP
 Technologies on the client side
 Technologies on the server side
 The benefits of using PHP server side processing
 Browser and its issues
 Applying LAMP
 When not on to use LAMP?
 Advantages of LAMP
 Conclusion


















INTRODUCTION:
One of the great "secrets" of almost all websites (aside from those that publish static .html pages) is that behind the scenes, the web server is actually just one part of a two or three tiered application server system. In the open source world, this explains the tremendous popularity of the Linux-Apache-My SQL-PHP (LAMP) environment. LAMP provides developers with a traditional two tiered application development platform. There is a database, and a "smart" web server able to communicate with the database. Clients only talk to the web server , while the web server transparently talks to the database when required. The following diagram illustrates how a typical LAMP server works.
Fig. Example architecture of LAMP
By combining these tools you can rapidly develop and deliver applications. Each of these tools is the best in its class and a wealth of information is available for the beginner. Because LAMP is easy to get started with yet capable of delivering enterprise scale applications the LAMP software model just might be the way to go for your next, or your first application. Let’ take a look at the parts of the system.

LINUX:

LINUX is presently the most commonly used implementation of UNIX. Built from the ground up as a UNIX work-alike operating system for the Intel 386/486/pentium family of chips by a volunteer team of coders on the internet LINUX has revitalized the old-school UNIX community and added many new converts. LINUX development is led by Linux Torvalds. The core of the system is the LINUX kernel. On top of the kernel a LINUX distribution will usually utilize many tools from the Free Software Foundation’s GNU project. LINUX has gained a huge amount of momentum and support, both from individuals and large corporations such as IBM. LINUX provides a standards compliant robust operating system that inherits the UNIX legacy for security and stability. Originally developed for Intel x86 systems LINUX has been ported to small embedded systems on one end of the spectrum on up to large mainframes and clusters. LINUX can run on most common hardware platforms.

APACHE:

Apache is the most popular web server on the Internet. Apache like LINUX, My SQL and PHP is an open source project. Apache is based on the NCSA (National Center for Super Computing Applications) web server. In 1995-1996 a group of developers coalesced around a collection of patches to the original NCSA web server. This group evolved into the Apache Software foundation. With the release of Apache 2.0 apache has become a robust well documented multi-threaded web server. Particularly appealing in the 2.0 release is improved support for non-UNIX systems. Apache can run on a large number of hardware and software platforms. Since 1996 Apache has been the most popular web server on the Internet. Presently apache holds 67% of the market.

MySQL:

MySQL is a fast flexible Relational Database. My SQL is the most widely used Relational Database Management System in the world with over 4 million instances in use. MySQL is high-performance, robust, multi-threaded and multi user. MySQL utilizes client server architecture. Today, more than 4 million web sites create, use, and deploy MySQL-based applications. MySQL’ focus is on stability and speed. Supports for all aspects of the SQL standard that do not conflict with the performance goals are supported.

Features include:

 Portability. Support for a wide variety of Operating Systems and hardware
 Speed and Reliability
 Ease of Use
 Multi user support
 Scalability
 Standards Compliant
 Replication
 Low TCO (total cost of ownership)
 Quality Documentation
 Dual license (free and non-free)
 Full Text searching
 Support for transactions
 Wide application support


PHP:


What's next in the field of web design? It's already here. Today's webmasters are deluged with available technologies to incorporate into their designs. The ability to learn everything is fast becoming impossibility. So your choice in design technologies becomes increasingly important if you don't want to be the last man standing and left behind when everyone else has moved on. But before we get to that, lets do a quick review of the previous generation of web design.
In the static generation of web design, pages were mostly html pages that relied solely on static text and images to relay they information over the internet. Here the web pages lacked x and y coordinate positioning, and relied on hand coded tables for somewhat accurate placement of images and text. Simple, and straight to the point, web design was more like writing a book and publishing it online.
The second generation of web design (the one we are in now), would be considered the ACTIVE generation. For quite a while now the internet has been drifting towards interactive web designs which allow users a more personal and dynamic experience when visiting websites. No longer is a great website simply a bunch of static text and images. A great website is now one which allows, indeed, encourages user interaction. No longer does knowing HTML inside out make you a webmaster, although that does help a great deal!! Now, knowing how to use interactive technologies isn't just helpful, it's almost a requirement. Here are a few of the interactive technologies available for the webmasters of today.

Technologies on the client side:
1. Active X Controls: Developed by Microsoft these are only fully functional on the Internet Explorer web browser .This eliminates them from being cross platform, and thus eliminates them from being a webmasters number one technology choice for the future. Disabling Active X Controls on the IE web browser is something many people do for security, as the platform has been used by many for unethical and harmful things.

2. Java Applets: Java Applets are programs that are written in the Java Language. They are self contained and are supported on cross platform web browsers. While not all browsers work with Java Applets, many do. These can be included in web pages in almost the same way images can.

3. Dhtml and Client-Side Scripting: DHTML, java script, and vbscript. They all have in common the fact that all the code is transmitted with the original webpage and the web browser translates the code and create pages that are much more dynamic than static html pages. Vbscript is only supported by Internet Explorer. That again makes for a bad choice for the web designer wanting to create cross platform web pages. With Linux and other operating systems gaining in popularity, it makes little sense to lock you into one platform.
Of all the client side options available java script has proved to be the most popular and most widely used; once your an expert with HTML.

Technologies on the server side:
1. CGI: This stands for Common Gateway Interface. It wasn't all that long ago that the only dynamic solution for webmasters was CGI. Almost every webserver in use today supports CGI in one form or another. The most widely used CGI language is Perl. Python, C, and C++ can also be used as CGI programming languages, but are not nearly as popular as Perl. The biggest disadvantage to CGI for the server side is in it's lack of scalability. Although mod_perl for Apache and Fast CGI attempt to help improve performance in this department, CGI is probably not the future of web design because of this very problem.
2. ASP: Another of Microsoft's attempt's to "improve" things. ASP is a proprietary scripting language. Performance is best on Microsoft's own servers of course, and the lack of widespread COM support has reduced the number of webmasters willing to bet the farm on another one of Microsoft's silver bullets.

3. Java Server Pages and Java Servlets: Server side java script is Nets capes answer to Microsoft's ASP technology. Since this technology is supported almost exclusively on the Netscape Enterprise Sever, the likelihood that this will ever become a serious contender in the battle for the webmaster's attention is highly unlikely.

4. PHP: PHP is the most popular scripting language for developing dynamic web based applications. Originally developed by Rasmus Lerdorf as a way of gathering web form data without using CGI it has quickly grown and gathered a large collection of modules and features. The beauty of PHP is that it is easy to get started with yet it is capable of extremely robust and complicated applications. As an embedded scripting language PHP code is simply inserted into an html document and when the page is delivered the PHP code is parsed and replaced with the output of the embedded PHP commands. PHP is easier to learn and generally faster than PERL based CGI. However, quite unlike ASP, PHP is totally platform independent and there are versions for most operating systems and servers.

The benefits of using PHP server side processing include the following:
 Reduces network traffic.
 Avoids cross platform issues with operating systems and web browsers.
 Can send data to the client that isn't on the client computer.
 Quicker loading time. After the server interprets all the php code, the resulting page is transmitted as HTML.
 Security is increased, since things can be coded into PHP that will never be viewed from the browser.


BROWSER:

Since all the tools are in place to deliver html content to a browser it is assumed that control of the application will be through a browser based interface. Using the browser and HTML as the GUI (Graphical User Interface) for your application is frequently the most logical choice. The browser is familiar and available on most computers and operating systems. Rendering of html is fairly standard, although frustrating examples of incompatibilities remain. Using html and html-form elements displayed within a browser is easier than building a similarly configured user interface from the ground up. If your application is internal you may want to develop for a specific browser and OS combination. This saves you the problems of browser inconsistencies and allows you take advantage of OS specific tools.

APPLYING LAMP:

1. Storing our data: Our data is going to be stored in the MySQL Database. One instance of MySQL can contain many databases. Since our data will be stored in MySQL it will be searchable, extendable, and accessible from many different machines or from the whole World Wide Web.
2. User Interface: Although MySQL provides a command line client that we can use to enter our data we are going to build a friendlier interface. This will be a browser-based interface and we will use PHP as the glue between the browser and the Database.
3.Programming: PHP is the glue that takes the input from the browser and adds the data to the MySQL database. For each action add, edit, or delete you would build a PHP script that takes the data from the html form converts it into a SQL query and updates the database.

4.Security: The standard method is to use the security and authentication features of the apache web server. The tool mod_auth allows for password based authentication. You can also use allow/deny directives to limit access based on location. Using one or both of these apache tools you can limit access based on who they are or where they are connecting from. Other security features that you may want to use would be mod_auth_ldap, mod_auth_oracle, certificate based authentication provided by mod_ssl.


When not to use LAMP?

Applications not well suited for LAMP would include applications that have a frequent need for exchanging large amounts of transient data or that have particular and demanding needs for state maintenance. It should be remembered that at the core http is a stateless protocol and although cookies allow for some session maintenance they may not be satisfactory for all applications. If you find yourself fighting the http protocol at every turn and avoiding the “url as a resource mapped to the file system” arrangement of web applications then perhaps LAMP is not the best choice for that particular application.

ADVANTAGES OF LAMP:

 Seamless integration with Linux, Apache and MySQL to ensure the highest levels of availability for websites running on LAMP.
 Full 32bit and 64bit support for Xeon, Itanium and Opteron-based systems runs on enterprise Linux distributions from Red Hat and SuSE.
 Supports Active/Active and Active/Standby LAMP Configurations of up to 32 nodes.
 Data can reside on shared SCSI, Fiber Channel, Network Attached Storage devices or on replicated volumes.
 Maximizes Ecommerce revenues, minimizes Ebusiness disruption caused by IT outages.
 Automated availability monitoring, failover recovery, and fail back of all LAMP application and IT-infrastructure resources.
• Intuitive JAVA-based web interface provides at-a-glance LAMP status and simple administration.
• Easily adapted to sites running Oracle, DB2, and PostgreSQL .
• Solutions also exist for other Linux application environments including Rational Clear Case, Send mail, Lotus Domino and my SAP.

CONCLUSION:
While Flash, Active X, and other proprietary elements will continue to creep in and entice webmasters, in the end, compatibility issues and price of development will dictate what eventually win out in the next generation of web design. However, for the foreseeable future PHP, HTML, and databases are going to be in the future of interactive web design, and that's where I'm placing my bets. Open Source continues to play an important role in driving web technologies. Even though Microsoft would like to be the only player on the field, Open Source, with its flexibility will almost certainly be the winner in the end. Betting the farm on LAMP (Linux, Apache, MySql, PHP) seems much wiser to me than the alternative (Microsoft, IIS, Asp) ... not to mention it's a much less expensive route to follow.

A NOVEL TECHNIQUE TO ENHANCE THE SECURITY IN SYMMETRIC KEY CRYPTOGRAPHY

ABSTRACT
Cryptography is the science of keeping private information private and safe. In today’s high-tech information economy the need for privacy is far greater. In this paper we describe a common model for the enhancement of all the symmetric key algorithm like AES, DES and the TCE algorithm. The proposed method combines the symmetric key and sloppy key from which the new key is extracted. The sloppy key is changed for a short range of packet transmitted in the network

INTRODUCTION

Code books and cipher wheels have given way to microprocessors and hard drives, but the goal is still the same: take a message and obscure its meaning so only the intended recipient can read it. In today's market, key size is increased to keep up with the ever-growing capabilities of today's code breakers. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. A standard cryptanalytic attack is to know some plaintext matching a given piece of cipher text and try to determine the key, which maps one to the other. This plaintext can be known because it is standard or because it is guessed. If text is guessed to be in a message, its position is probably not known, but a message is usually short enough that the cryptanalyst can assume the known plaintext is in each possible position and do attacks for each case in parallel. In this case, the known plaintext can be something so common that it is almost guaranteed to be in a message. A strong encryption algorithm will be unbreakable not only under known plaintext (assuming the enemy knows all the plaintext for a given cipher text) but also under "adaptive chosen plaintext" -- an attack making life much easier for the cryptanalyst. In this attack, the enemy gets to choose what plaintext to use and gets to do this over and over, choosing the plaintext for round N+1 only after analyzing the result of round N. For example, as far as we know, DES is reasonably strong even under an adaptive
chosen plaintext attack. Of course, we do not have access to the secrets of government cryptanalytic services. Still, it is the working assumption that DES is reasonably strong under known plaintext and triple-DES is very strong under all attacks.
To summarize, the basic types of cryptanalytic attacks in order of difficulty for the attacker, hardest first, are: Cipher text only: the attacker has only the encoded message from which to determine the plaintext, with no knowledge whatsoever of the latter. A cipher text only attack is usually presumed to be possible, and a code's resistance to it is considered the basis of its cryptographic security. Known plaintext: the attacker has the plaintext and corresponding cipher text of an arbitrary message not of his choosing. The particular message of the sender’s is said to be ‘compromised’.
In some systems, one known cipher text-plaintext pair will compromise the overall system, both prior and subsequent transmissions, and resistance to this is characteristic of a secure code. Under the following attacks, the attacker has the far less likely or plausible ability to ‘trick’ the sender into encrypting or decrypting arbitrary plaintexts or cipher texts. Codes that resist these attacks are considered to have the utmost security. Chosen plaintext: the attacker has the capability to find the cipher text corresponding to an arbitrary plaintext message of his choosing. Chosen cipher text: the attacker can choose arbitrary cipher text and find the corresponding decrypted plaintext. This attack can show in public key systems, where it may reveal the private key. Adaptive chosen plaintext: the attacker can determine the cipher text of chosen plaintexts in an interactive or iterative process based on previous results. This is the general name for a method of attacking product ciphers called ‘differential cryptanalysis. A common model for the enhancement of the existing symmetric algorithms has been proposed.

METHODOLOGY

Advantage of formulating mathematically:
In basic cryptology you can never prove that a cryptosystem is secure. A strong cryptosystem must have this property, but having this property is no guarantee that a cryptosystem is strong. In contrast, the purpose of mathematical cryptology is to precisely formulate and, if possible, prove the statement that a cryptosystem is strong. We say, for example, that a cryptosystem is secure against all (passive) attacks if any nontrivial attack against the system is too slow to be practical. If we can prove this statement then we have confidence that our cryptosystem will resist any (passive) cryptanalytic technique. If we can reduce this statement to some well-known unsolved problem then we still have confidence that the cryptosystem isn't easy to break. Other parts of cryptology are also amenable to mathematical definition. Again the point is to explicitly identify what assumptions we're making and prove that they produce the desired results. We can figure out what it means for a particular cryptosystem to be used properly: it just means that the assumptions are valid. The same methodology is useful for cryptanalysis too. The cryptanalyst can take advantage of incorrect assumptions.
Compression aids encryption by reducing the redundancy of the plaintext. This increases the amount of cipher text you can send encrypted under a given number of key bits. Nearly all-practical compression schemes, unless they have been designed with cryptography in mind, produce output that actually starts off with high redundancy. Compression is generally of value, however, because it removes other known plaintext in the middle of the file being encrypted. In general, the lower the redundancy of the plaintext being fed an encryption algorithm, the more difficult the cryptanalysis of that algorithm. In addition, compression shortens the input file, shortening the output file and reducing the amount of CPU required to do the encryption algorithm. Compression after encryption is silly. If an encryption algorithm is good, it will produce output, which is statistically in distinguishable from random numbers and no compression algorithm will successfully compress random numbers.

TRIANGULAR-CODED ENCRYPTION ALGORITHM:
According to the Triangular Algorithm while encryption, compression too is completed. Consider a triangle ABC sides ‘a’, ‘b’ and ‘c’ opposite respectively. ‘a’ and ‘b’ are the actual data and ‘c’, the cipher text. Angle ‘C’ is the symmetric key, which is used for both encryption and decryption in this algorithm. Angle ‘a’ keeps changing for different measurements of side ‘a’ and ‘b’. The level of encryption is increased to enhance the security of the cipher text.


Figure1. Triangle formed by the plain texts ‘a’ and ‘b’ with C and A as the angle.In the encryption phase, the transmitter knows the sides ‘a’, ‘b’ and the angle ‘C’. We get the cipher text, ‘c’ from the sides ‘a’ and ‘b’ and the angle ‘C’. The angle ‘A’ too is calculated from the parameters ‘a’, ‘b’ and ‘C’. ‘C’ and ‘A’ are the parameters to be transmitted. The formula used to calculate the cipher text, ‘c’ from the sides ‘a’, ‘b’ and the angle ‘C’ of the triangle is given below.



Where
a: plain text1
b: plain text2
C: the secret key
c: the cipher text

Where
A: varying angle
a: plain text1
c: cipher Text
C: secret key

Now in the decryption phase, the receiver knows the parameters ‘c’, ‘A’ and ‘C’, which are used to extract the actual data ‘a’ and ‘b’. So it is obvious that C is the known symmetric key by both the sender and receiver. But the side a, changes for the constant value of C. Naturally the angle A’ too changes.
B = 180 – (A+C)
Where
B: opposite angle of ‘b’
A: varying angle
C: secret key
Where
a: plain text1
c: cipher text
A: varying angle
C: secret key


Where
b: plain text2
c: cipher text
B: opposite angle of ‘b’
C: secret key

Thus the plain text ‘a’ and ‘b’ are retrieved by the above formula. The values of the plain text ‘a’ and ‘b’ are ound based on cipher text ‘c’, ‘C’ the secret key and A the varying angle.



THE CRYPT ANALYSIS:
The sum of angles in a Triangle is 180.
(i.e.) θ1 + θ2 + θ3 = 180
Since θof a particular side (which is opposite to the base) is considered to be the secret key. It can vary from 1 to 178 where other two sides will take 1 degree each when θ1 takes its maximum value.
Mθ<= (180 – 1 – 1)
If θ1 or the key takes 7 decimal parts the range between 1 and 2 will be 1 * 10 ^ 7 and the Range between 1 and n for 7 decimals will be as follows
Rn = n * 10 ^ 7
Rn = Range for n
PROPOSE MODEL (Universal Security Reinforcement Model):
The Sender and receiver should have one more key called Sloppy key in addition to their Conventional key. This Sloppy key is changed dynamically (Sk) based on the data contained in the Skth data transmitted over net. This key is then synthesized with a conventional encryption key ‘Symmetric key’ (Smk) and a Synergistic key (Sk) is created with the help of the Sloppy key generator, Ø.
Sk = Ø ((sk), Smk Vc)
Where,
Smk - symmetric key
sk - The new key
Vc - Validity Count
Ø - Sloppy Key Generator (this may be any operation like addition, subtract, log, sin, cos etc)
Smk is symmetric key(conventional key).
Sk is sloppy key
Lets we will take an example.
The Model works as illustrated.
Let the data to be transmitted is

21 52 43 15 75 26 17 28 99 10 45
94 72 03 62 96 92 63 34 20
38 19 45 30 28 52 92 51 80 23

Assume first new key is 4. then for first 4 data upto 15, the new key is 4.for eg.for 52, the new key is 4, symmetric key is say 5 means ,the sloppy key is calculated using 4and 5 (eg: addition). so sloppy is 9..for next 4 data , sloppy key is 9.Then next new key is 15.(at 4th position)...then for next 15 data, the new key is calculated same as before..
Then next new key is 63. (At 15th position).The process is repeated.
So block wise we are changing that sloppy key. If u want 2 reduce the block size, we have 2 set the validity count Vc. so that hacking is difficult.

CONCLUSION:
In summary, a common model was suggested for the enhancement of all the crypto algorithms including the TCE algorithm emphasized in this paper. The main intention of this paper is to reinforce the Security of all Existing algorithms using the above said methodology. This model can be implemented where privacy in cryptanalysis is of much importance. The key concept of this approach is, that a sloppy key (Sk) is generated along with the symmetric key (Smk). This Sloppy key (Sk) is determined using the key adjuster (φ). The significance of the key adjuster (φ) is the breaking of the existing key. As far as the range within the Validity counter (Vc) is decreased; the breaking of the sloppy key (Sk) is frequent. This arises difficulty in hacking.

CRYPTOGRAPHY IN SMART CARDS

CRYPTOGRAPHY IN SMART CARDS

In the age of universal electronic connectivity, of viruses and hackers there is indeed no time at which security does not matter. The issue of security and privacy is not a new one however, and the age-old science of cryptography has been in use, since people had some information that they wish to hide. Cryptography has naturally been extended into realm of computers, and provides a solution electronic security and privacy issue.
As the technology increases, Smart Cards (e.g.: SIM cards, Bank cards, Health cards) play very important role in processing many transactions with high level of security.
This security level achieved by means of Cryptography. In this paper we are presenting an introduction to






1. INTRODUCTION

Cryptography comes from the Greek words for – “secret writing”. Cryptography is the science of enabling secure communications between a sender and one or more recipients. It deals with a process associated with scrambling plain text (ordinary text, or clear text) into cipher text (a process called encryption) then back again (known as decryption).









Fig:Encryption model
An intruder is hacker or cracker who hears and accurately copies down the complete cipher text. Passive intruder only listens to the communication channel. But, active intruder can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver.



Cryptography concerns itself with four objectives:
1. Confidentiality (the information cannot be understood by any one for whom it was unintended)
2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected).
3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information).
4. Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information).

2. TYPES OF ENCRYPTION
We have two variations
• Symmetric encryption
• Asymmetric encryption
In symmetric encryption, same key is used for both encryption and decryption. Consider a situation where Alice, a user from company A, is electronically communicating with Bob, a user of company B
In the figure of Symmetric communication between Alice and bob Alice would encrypt her message using a key, and then send a message to Bob. Alice would separately communicate the key to Bob to allow him to decrypt the message. To maintain security and privacy, Alice and Bob need to ensure that the key remains private to them.
Symmetric encryption can be implemented by
 DES – The Data Encryption Standard
 AES – The Advanced Encryption Standard
 Cipher modes
In Asymmetric encryption, separate keys are used for encryption and decryption

Fig: Asymmetric communication between Bob and Alice
Here, Alice is sending a message to Bob. Alice creates her message then encrypts it using Bob’s public key. When Bob receives the encrypted message, he uses his secret, private key to decrypt it. As long as Bob’s private key has not been
compromised then both Alice and Bob know that the message is secure.
Asymmetric Encryption can be implemented by
 RSA (Rivest, Shamir, Adleman)
Other public key Algorithms



3. APPLICATIONS OF CRYPTOGRAPHY:
The following are some of the applications of cryptography.
• Digital Signatures
• Digital Certificates.
• Message Digest.
• Secure Socket Layer.
• Secure E-Business
• Secure IP.
• Challenge/Response systems (Smart cards).
In this paper we are concentrating on Smart Cards.
4. SMART CARDS:
Smart cards are an ideal means to provide the required level of security. In recent years, smart card technology has quickly advanced and by now reached a state where smart cards easily integrate into public key infrastructures. Today's smart cards provide memory, and they have cryptographic coprocessors that allow them to generate digital signatures using the RSA.

a) Architecture:
A smart card is a credit card sized plastic card with an integrated circuit (IC) contained inside. The IC contains a microprocessor and memory, which gives smart cards the ability to process, as well as store more information.

Fig: Contact chip and Smart card architecture


The figure shows the architecture of smart card, which contains RAM, ROM, FLASH memory, and a Coprocessor. Smart cards uses RAM for temporary storage and ROM as a bootstrap for loading the operating system. FLASH memory allows much higher data storage capacity on the card. It has an on-chip dedicate Coprocessor called Crypto Processor with key generation and asymmetric algorithm acceleration.
Contact chip is a standard transistor that was created from a lithographic process as a series of etched and plated regions on a tiny sheet of silicon.
A smart card can be used for payment transactions, such as purchases, and non-payment transaction, such as information storage and exchange.

b) Role of Cryptography:
The smart card provides two types of security services user authentication and digital signature generation. Smart cards are specifically designed to perform these services with a high level of security. Authentication of users means proving that users are who they say they are. There are various ways to implement authentication using a smart card, but in this paper we are presenting smart cards with crypto processors.Smart cards data storage capability structure is comparable with directory structure of disk media.
The main structure is based on three component types:
• Master File (MF), the root directory
• Dedicated file (DF), application directories or sub-directories
• Elementary file (EF), data files.
On the smart card there is only one Master File that contains some data files with global information about the smart card and its holder.
Dedicated files are directories that can be set under the root directory. Each application has a directory of its own. An application directory can have one or more sub directories.
Each directory has some specific elementary files, which contains secret cryptographic keys. All Dedicated and Elementary files have access conditions to execute a command on a file.
c) Cryptographic computations by Smart Cards:
The maximal length of data that can be encrypted by the smart card and that is not stored on the smart card is 8 bytes. The command that provides the encryption is called INTERNAL AUTHENTICATION and is developed to authenticate the smart card to the outside world. The command requires a random number from the outside world and a secret key that is stored on the smart card. The random number is encrypted with a secret key by the smart card to access the information.
The smart card is also able to compute a Message Authentication Code (MAC) over data that is stored on the smart card. A MAC that is computed by the smart card is also called a stamp.
All data is stored unencrypted on a smart card. A smart card can encrypt data that is stored in specific files on the smart card. The encryption is possible for a file that has access condition ENC (ENCrypted) for the read command.
d) Storage of Secret keys on Smart Card
The architecture of smart cards allows storing secret cryptographic keys in safe manner. The stored keys can only be used to perform cryptographic computations but not for reading. The keys are stored in specific data files called EF_KEY. The initial secret keys are written on the smart card during the initialization process performed by the card issuer. To write a new secret key Knew on the smart card, secret keys are needed that are (already) stored in the smart card.
Smart card makes use of two kinds of secret keys
 Management key
 Operational key.
A management key is used to encrypt another management key or an operational key that have to be written on the smart card. A management key is also called a Key Encrypting Key (KEK).
An operational key is used by the smart card to perform data cryptographic operations

5. APPLICATIONS OF SMART CARD:
Smart cards are used for huge range of applications today. A few common examples of applications are briefly described here.

i) SIM cards:
A common application for Smart Cards is for mobile phones. The central security processor of a mobile phone is provided by a global system for mobile communication SIM (Subscriber Identity Module). The use of SIM cards has radically improved security of digital phones compared to the older analogue devices.


ii) Bank Cards:
Increasingly credit and debit cards are being used, using the contact chip rather than being swiped. The security feature offered by Smart Cards protect consumers from their cards being cloned as it is much more difficult to copy a chip protected cryptographically than a magnetic strip.
iii) Health Cards:
Increasingly, Smart Cards are being used to store a citizen’s medical data. The cards are carried by the citizen and can contain information such as list of allergies, current and past medications, past treatment history, disease history and doctors notes. This enables medical information to be easily accessed in an emergency.

Consider the scenario how a smart card works for banking.

Stage 1: This is the initial process where the enrollment of customer can takes place; the image and details of customer are saved on card.
 Evaluation Scenario of Smart cards
Stage 2: After the enrollment process money loaded and wallet value is updated.
Stage 3: When customer inserts the card for money, the system read the data from the card, to verify the validity of customer.
Stage 4: After verification the machine facilitates to credit or debit on the customer’s account. Finally the wallet value is updated.

6. MERITS AND DEMERITS:
High-level security can be achieved using cryptography in smart cards. Data present in the smart card is more secured and can be viewed only by the authorized persons only.
Although this system is very effective as protection, due to the large amount processing power needed to run this system it is impossible for use on older, slower computers without the necessary processing power to use such an extensive encryption system. Weak-authentication may break the security provided by the smart card.

7. CONCLUSION:
Cryptography provides a solution to the problem of security and privacy issues. The usage of cryptography in Smart Cards became very popular. Smart card technology can be implemented for multi-applications such as Bankcards, SIM cards, and Health cards.
As card technologies continue to develop we can expect to see advanced cards interacting directly with users through displays, biometric sensors and buttons. This will open up many exciting novel applications, and further increase the usability of Smart Cards.


Achieving higher QOS by GPRS, WLAN Integration

ABSTRACT:-
GPRS (General Packet Radio Service) is a packet based communication service for mobile devices that allows data to be sent and received across a mobile telephone network. GPRS is a step towards 3G and is often referred to as 2.5G. As the wireless technology evolves, one can access the Internet almost everywhere via many wireless access networks such as wireless LAN and GPRS. People would like to use the wireless networks with high data rate, large coverage and low cost. Some networks such as GPRS can provide large coverage, but they only provide low data rate; some networks like wireless LAN can provide high data rate, but the access points are not widely deployed. None of the wireless


Networks can meet all requirements of a mobile user. Heterogeneous networks solve parts of the problem. In heterogeneous networks, users can roam among different kind of networks such as 802.11 wireless LAN and GPRS through vertical handoffs. But in heterogeneous networks, each kind of wireless networks provide different quality of services. Users roaming among the wireless networks will suffer enormous change of quality of services. The paper proposed three access network selection strategies that keep mobile users staying in the wireless networks with higher quality services longer and thus improves the average available bandwidth and decreases the call blocking probability.


Introduction:

IEEE 802.11 wireless LAN is the most popular high data rate wireless network. But the coverage of an access point is too small, and the access points are not widely deployed and well organized. Users cannot receive the WLAN services ubiquitously and have to change their settings when they are in different WLAN.
On the other way, cellular systems like GPRS can provide services almost everywhere, but they cannot have a data rate like WLAN. Vertical handoffs in the heterogeneous works let users can get service from both GPRS and WLAN. Users who leave the coverage of an access point can vertically handover to the GPRS networks, and the Internet service. IEEE 802.11g has a 54 Mbps transmission rate while GPRS has only 171 kbps for optimal transmission rates for the users will not be terminated. The paper proposes new


Mobility strategies to extend the time mobile hosts staying in higher quality networks in the heterogeneous network environment by using ad hoc network. In an ad hoc network, mobile hosts relay messages for other mobile hosts. Such characteristic helps to extend the service range of an access point while there are mobile hosts available to form a path that are able to relay messages to the access point.
Interworking mechanisms:-



The integration of WLAN into GPRS will provide users in “hot-spot” areas to use the high-speed wireless network, and when outside a hot-spot coverage area, use the cellular data network. This is however not simple to implement as it must provide services such as: session continuity, integrated billing and authentication between networks, inter-carrier roaming, and most importantly, provide a seamless user experience.
Some Existing coupling methods:
1. Tight coupling methods:


In general, the proposed tight coupling architecture provides a novel solution for internetworking between 802.11 WLANs3 and GPRS, and features many benefits, such as:
• Seamless service continuation across WLAN and GPRS. The users are able to maintain their data sessions as they move from WLAN to GPRS and vice versa.
• Reuse of GPRS AAA.
• Reuse of GPRS infrastructure (e.g., core network resources, subscriber databases, billing systems) and protection of cellular operator’s investment.
• Support of lawful interception for WLAN subscribers.
• Increased security, since GPRS authentication and ciphering can be applied on top of WLAN ciphering.
• Common provisioning and customer care.
2.Loose Coupling Methods:


Loose coupling is another approach that provides internetworking between GPRS and WLAN. As can be seen, the WLAN network is coupled with the GPRS network in the operator’s IP network. Note that, in contrast to tight coupling, the WLAN data traffic does not pass through the GPRS core network but goes directly to the operator’s IP network.
Disadvantage of Existing Methods:


• After coupling between WLAN and GPRS Network cannot easily support third-party WLANs.
• Throughput capacities are very less.

• More important, tight coupling cannot support legacy WLAN terminals, which do not implement the GPRS protocols.
• Cost is more to implemententation.
The Proposed Strategies:


In the paper, the heterogeneous network is composed of WLAN, ad hoc WLAN and GPRS network. With the use of ad hoc WLAN network, mobile hosts can access Internet with others’ relaying to a WLAN AP. In original heterogeneous network environment, mobile hosts will prefer WLAN. But if no WLAN AP available, the mobile hosts will handover to the GPRS networks to keep the connections alive. With the use of ad hoc WLAN, mobile hosts have another alternative when there is no WLAN AP available. They can choose ad hoc WLAN. However, there may be more than one mobile host can relay packets to more than one access points. Mobile hosts may select one of the best relay mobile hosts, or decide not to use the ad hoc network. One of the best relay mobile hosts, or decides not to use the ad hoc network.


Mobile wireless network is the infrastructure less mobile network, commonly known as an ad hoc Network. Infrastructures less networks have no fixed routers. All nodes are capable of movement and can be connected dynamically in an arbitrary manner. Nodes of these networks function as routers which discover and maintain routes to other nodes in the network.
Selection strategies:-
Making such decisions will be a problem, and three selection strategies are proposed. The selection strategies are detailed below,
A. Fixed hop counts (FHC)
In the strategy, the ad hoc route cannot be longer than n hops; the mobile host first finds the access points, if no access point available, the mobile host will try to find a mobile host has a route shorter than n – 1 hops away from an access point. If more than one route shorter than n – 1 hops, select the shortest one. If more than one route is the shortest hop counts, select the AP has same IP range with itself. If no AP has same IP range, select arbitrary one. If no route is shorter than n – 1 hops, try to select GPRS network.


B. Any available route (AAR)
In the strategy, any ad hoc route will be chosen if there are no higher service networks available, the mobile host will try to find a mobile host that has a shortest route to an access point. If no route is available, try to select GPRS network.
C. Bandwidth pre-evaluation (BPE)
In the third strategy, the network status will be measured before selection; ad hoc networks will be select only if they have a higher quality of service than the GPRS network. In the proposed strategy, when a mobile host tries to initiate a call, it will look for WLAN AP, ad hoc WLAN relay host and GPRS networks sequently. And if none of the network can be selected, the connection is rejected. When a user leaves the coverage of a GPRS cell or an access point, a handoff occurred. The cases are more complicated than call initiation, and we discussed the three cases separately.


Call initiation in network:-

In the proposed strategy, when a mobile host tries to initiate a call, it will look for WLAN AP, ad hoc WLAN relay host and GPRS networks sequently. And if none of the network can be selected, the connection is rejected. When a user leaves the coverage of a GPRS cell or an access point, a handoff occurred. The cases are more complicated than call initiation, and we discussed the three cases separately.
A. Handoff from WLAN:-
First, try to find another WLAN AP. If no other AP is available, try to select an ad hoc WLAN network. And if no ad hoc WLAN is qualified, try to select the GPRS network. Finally, if no GPRS network is available, the connection will be forced terminated.
B. Handoff from ad hoc WLAN:-
First, try to find a WLAN AP. If no AP is available, try to select an ad hoc WLAN network. And if no ad hoc WLAN is qualified, try to select the GPRS network. Finally, if no GPRS network is available, the connection will be forced terminated.
C. Handoff from GPRS:-
First, try to find another GPRS base station. If no other base station is available, try to find a WLAN AP. If no AP is available, try to select an ad hoc WLAN network. And if no ad hoc WLAN is qualified, the connection will be forced terminated.
Conclusions:-
Proposed strategies can reduce the times a user changes his/her IP address. The advantage disappears with the increase of mobility, because the route cannot be maintained in a high mobility network. Here, three mobility strategies are proposed to improve the service quality for mobile hosts in heterogeneous networks by using ad hoc routing. Using the proposed strategies, the average available bandwidth can be two times more than no strategy applied, and the request-blocking rate can have a 94% reduction at most and a 50% reduction in average. The change of IP address is a serious problem for mobile users, and the proposed strategies can have a 9% improvement in the times of IP address changing. It helps to ease the impact of the mobile IP protocols to the real time applications.
However, the drawback of the ad hoc networks is inherited in the proposed strategies. The handoff opportunity rises due to the unstable of relaying host. This can be prevented by using an ad hoc routing protocol that considered the stability or reducing the length of an ad hoc route.

NETWORK SECURITY Honeypot Solutions




NETWORK SECURITY






Honeypots are an exciting new technology.In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities.
A honeypot is a security resource whose value lies in being probed, attacked, or compromised. The key point with this definition is honeypots are not limited to solving only one problem; they have a number of different applications. To better understand the value of honeypots, we can break them down into two different categories:
1.Production
2.Research..
A properly constructed honeypot is put on a network, which closely monitors the traffic to and from the honeypot. This data can be used for a variety of purposes
 Forensics - analyzing new attacks and exploits
 Trend analysis - look for changes over time of types of attacks, techniques, etc
 Identification - track the bad guys back to their home machines to figure out who they are
 Sociology - learn about the bad guys as a group by snooping on email, IRC traffic, etc which happens to traverse the honeypot.Traditionally, honeypots have been physical systems on a dedicated network that also contains multiple machines for monitoring the honeypot and collecting logs from it.
This paper throws further light on the advantages and the disadvantages of honeypots and on some honeypots solutions. For sure, Honeypots are a boon to the field of Network Security.






Introduction:
Many people have their own definition of what a honeypot is, or what it should accomplish. Some feel its a solution to lure or deceive attackers, others feel its a technology used to detect attacks, while other feel honeypots are real computers designed to be hacked into and learned from. In reality, they are all correct.
Definitions and Value of Honeypots:
Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology; they were first explained by a couple of very good papers by several icons in computer security. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues.
We may define a honeypot as "a security resource whose value lies in being probed, attacked or compromised." This means that whatever we designate as a honeypot, it is our expectation and goal to have the system probed, attacked, and potentially exploited. Keep in mind, honeypots are not a solution. They do not 'fix' anything. Instead, honeypots are a tool. How you use that tool is up to you and depends on what you are attempting to achieve. A honeypot may be a system that merely emulates other systems or applications, creates a jailed environment, or may be a standard built system. Regardless of how you build and use the honeypot, it's value lies in the fact that it is attacked.
We will break honeypots into two broad categories
1.Production Honeypot
2.Research Honeypot
Production Honeypot:
The purpose of a production honeypot is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization. Traditionally, commercial organizations use production honeypots to help protect their networks. It adds value to the security of production resources. Lets cover how production honeypots apply to the three areas of security, Prevention, Detection, and Reaction.

Prevention:
Honeypots will not help keep the bad guys out. What will keep the bad guys out is best practices, such as disabling unneeded or insecure services, patching what you do need, and using strong authentication mechanisms. It is the best practices and procedures such as these that will keep the bad guys out. A honeypot, a system to be compromised, will not help keep the bad guys out. In fact, if incorrectly implemented, a honeypot may make it easier for an attacker to get in.
Some individuals have discussed the value of deception as a method to deter attackers. The concept is to have attackers spend time and resource attacking honeypots, as opposed to attacking production systems. The attacker is deceived into attacking the honeypot, protecting production resources from attack. Deception may contribute to prevention, but you will most likely get greater prevention putting the same time and effort into security best practices.
Detection:
While honeypots add little value to prevention, they add extensive value to detection. For many organizations, it is extremely difficult to detect attacks. Intrusion Detection Systems (IDS) are one solution designed for detecting attacks. However, IDS administrators can be overwhelmed with false positives. False positives are alerts that were generated when the sensor recognized the configured signature of an "attack", but in reality was just valid traffic. The problem here is that system administrators may receive so many alerts on a daily basis that they cannot respond to all of them. Also, they often become conditioned to ignore these false positive alerts as they come in day after day.The very IDS sensors that they were depending on to alert them to attacks can become ineffective unless these false positives are reduced. This does not mean that honeypots will never have false positives, only that they will be dramatically less than with most IDS implementations.
Another risk is false negatives, when IDS systems fail to detect a valid attack. Many IDS systems, whether they are signatures based, protocol verification, etc can potentially miss new or unknown attacks. It is likely that a new attack will go undetected by currently IDS methodologies. Also, new IDS evasion methods are constantly being developed and distributed. It is possible to launch a known attack that may not be detected, such as with K2's ADM Mutate. Honeypots address false negatives as they are not easily evaded or defeated by new exploits. In fact, one of their primary benefits is that they can most likely detect when a compromise occurs via a new or unknown attack by virtue of system activity, not signatures. Administrators also do not have to worry about updating a signature database or patching anomaly detection engines. Honeypots happily capture any attacks thrown their way. As discussed earlier though, this only works if the honeypot itself is attacked.
Reaction:
Often when a system within an organization is compromised, so much production activity has occurred after the fact that the data has become polluted. Incident response team cannot determine what happened when users and system activity have polluted the collected data.
The second challenge many organizations face after an incident is that compromised systems frequently cannot be taken off-line. The production services they offer cannot be eliminated. As such, incident response teams cannot conduct a proper or full forensic analysis.
Honeypots can add value by reducing or eliminating both problems. They offer a system with reduced data pollution, and an expendable system that can be taken off-line. For example, let’s say an organization had three web servers, all of which were compromised by an attacker. However, management has only allowed us to go in and clean up specific holes. As such, we can never learn in detail what failed, what damage was done, is there attacker still had internal access, and if we were truly successful in cleanup.
However, if one of those three systems were a honeypot, we would now have a system we could take off-line and conduct a full forensic analysis. Based on that analysis, we could learn not only how the bad guy got in, but also what he did once he was in there. These lessons could then be applied to the remaining webservers, allowing us to better identify and recover from the attack.
Research Honeypot:
One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat, why do they attack, how do they attack, what are their tools, and possibly when will they attack? It is questions like these the security community often cannot answer. For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we have little such information.
Honeypots can add value in research by giving us a platform to study the threat. What better way to learn about the bad guys then to watch them in action, to record step-by-step as they attack and compromise a system. Of even more value is watching what they do after they compromise a system, such as communicating with other blackhats or uploading a new tool kit. It is this potential of researches that is one of the most unique characteristics of honeypots. Also, research honeypots are excellent tools for capturing automated attacks, such as auto-rooters or Worms. Since these attacks target entire network blocks, research honeypots can quickly capture these attacks for analysis.
In general, research honeypots do not reduce the risk of an organization. The lessons learned from a research honeypot can be applied, such as how to improve prevention, detection or reaction. However, research honeypots contribute little to the direct security of an organization. If an organization is looking to improve the security of their production environment, they may want to consider production honeypots, as they are easy to implement and maintain. If organizations, such as universities, governments, or extremely large corporations are interested in learning more about threats, then this is where research honeypots would apply. The Honeynet Project is one such example of an organization using research honeypots to capture information on the blackhat community.

Honeypot Solutions:
Now that we have been discussing the different types of honeypots and and their value, lets discuss some examples.Simply put, the more an attacker can interact with a honeypot, the more information we can potentially gain from it, however the more risk it most likely has.The more a honeypot can do and the more an attacker can do to a honeypot, the more information can be derived from it. However, by the same token, the more an attacker can do to the honeypot, the more potential damage an attacker can do. For example, a low interaction honeypot would be one that is easy to install and simply emulates a few services. Attackers can merely scan, and potentially connect to several ports. Here the information is limited (mainly who connected to what ports when) however there is little that the attacker can exploit. On the other extreme would be high interaction honeypots. These would be actual systems. We can learn far much more, as there is an actual operating system for the attacker to compromise and interact with, however there is also a far greater level of risk, as the attacker has an actual operating system to work with. Neither solution is a better honeypot. It all depends on what you are attempting to achieve. Remember that honeypots are not a solution. Instead, they are a tool. Their value depends on what your goal is, from early warning and detection to research. Based on 'level of interaction', lets compare some possible honeypot solutions.
For this article, we will discuss four honeypots. There are a variety of other possible honeypots, however this selection covers a range of options. We will cover BackOfficer Friendly, Specter, Honeyd, and Homemade honeypots. This article is not meant to be a comprehensive review of these products. It only highlights some of their features. Instead, It hopes to cover the different types of honeypots, how they work, and demonstrate the value they add and the risks involved.
• BackOfficer Friendly:
BOF (as it is commonly called) is a very simple but highly useful honeypot.BOF is a program that runs on most Window based operating system. All it can do is emulate some basic services, such as http, ftp, telnet, and mail. Whenever some attempts to connect to one of the ports BOF is listening to, it will then log the attempt. BOF also has the option of "faking replies", which gives the attacker something to connect to. This way you can log http attacks, telnet brute force logins, or a variety of other activities. It can monitor only a limited number of ports, but these ports often represent the most commonly scanned and targeted services.
• Specter:
Specter is a commercial product similar to BOF in that it emulates services, but it can emulate a far greater range of services and functionality. In addition, not only can it emulate services, but emulate a variety of operating systems. Similar to BOF, it is easy to implement and low risk. Specter works by installing on a Windows system. The risk is reduced, as there is no real operating system for the attacker to interact with. For example, Specter can emulate a webserver or Telnet server of the operating system of your choice. When an attacker connects, it is then prompted with an http header or login banner. The attacker can then attempt to gather web pages or login to the system. This activity is captured and recorded by Specter, however there is little else the attacker can do. There is no real application for the attacker to interact with, instead just some limited, emulated functionality. Specter value lies in detection. It can quickly and easily determine who is looking for what. As a honeypot, it reduces both false positives and false negatives, simplifying the detection process.
• Home made Honeypots:
Another common honeypot is homemade. These honeypots tend to be low interaction. Their purpose is usually to capture specific activity, such as Worms or scanning activity. These can be used as production or research honeypots, depending on their purpose. Once again, there is not much for the attacker to interact with, however the risk is reduced because there is less damage the attacker can do. One common example is creating a service that listens on port 80 (http) capturing all traffic to and from the port. This is commonly done to capture Worm attacks. One such implementation would be using netcat, as follows:
netcat -l -p 80 > c:\honeypot\worm
In the above command, a Worm could connect to netcat listening on port 80. The attacking Worm would make a successful TCP connection and potentially transfer its payload. This payload would then be saved locally on the honeypot, which can be further analyzed by the administrator, who can assess the threat of the Worm.

• Honeyd:
Honeyd is an extremely powerful, OpenSource honeypot. Designed to run on Unix systems, it can emulate over 400 different operating systems and thousands of different computers, all at the same time. Honeyd introduces some exciting new features. First, not only does it emulate operating systems at the application level, like Specter, but it also emulates operating systems at the IP stack level. This means when someone Naps your honeypot, both the service and IP stack behave as the emulated operating system. Currently no other honeypot has this.Second, Honeyd can emulate hundreds if not thousands of different computers all at the same time. While most honeypots can only emulate one computer at any point in time, Honeyd can assume the identity of thousands of different IP addresses. Third, as an OpenSource solution, not only is it free to use, but it will exponentially grow as members of the security community develop and contribute code.

Value of Honeypots:
Honeypots have certain advantages (and disadvantages) as security tools. It is the advantages that help define the value of a honeypot. The beauty of honeypots lies in its simplicity. It is a device intended to be compromised, not to provide production services. This means there is little or no production traffic going to or from the device. Any time a connection is sent to the honeypot, this is most likely a probe, scan, or even attack. Any time a connection is initiated from the honeypot, this most likely means the honeypot was compromised. As there is little production traffic going to or from the honeypot, all honeypot traffic is suspect by nature. Now, this is not always the case. Mistakes do happen, such as an incorrect DNS entry or someone from accounting inputting the wrong IP address. But in general, most honeypot traffic represents unauthorized activity.
Advantages :
The advantages of honeypots include:
 Small Data Sets: Honeypots only collect attacks or unauthorized activity, dramatically reducing the amount of data they collect. Organizations that may log thousands of alerts a day may only log a hundred alerts with honeypots. This makes the data honeypots collect much easier to manage and analyze.
 Reduced False Positives: Honeypots dramatically reduce false alerts, as they only capture unauthorized activity.
 Catching False Negatives: Honeypots can easily identify and capture new attacks never seen before.
 Minimal Resources: Honeypots require minimal resources, even on the largest of networks. This makes them an extremely cost effective solution.
 Encryption: Honeypots can capture encrypted attacks.
 In-depth Information: Honeypots can capture data no other technology can, including the identity of your attacker, their motives, and whom they are potentially working with.
 IPv6: IPv6 is the new IP protocol that represents the future of the Internet and IP based networking. Most technologies cannot detect, capture, nor analyze IPv6 based traffic. Honeypots are one of the few technologies that can operate in any IPv6 (or IPv6 tunneled) environments.
Disadvantages:
• Single data point:
Honeypots all share one huge drawback; they are worthless if no one attacks them. Yes, they can accomplish wonderful things, but if the attacker does not send any packets to the honeypot, the honeypot will be blissfully unware of any unauthorized activity.
• Risk:
Honeypots can introduce risk to your environment. As we discuss later, different honeypots have different levels of risk. Some introduce very little risk, while others give the attacker entire platforms from which to launch new attacks. Risk is variable, depending on how one builds and deploys the honeypot.
It is because of these disadvantages that honeypots do not replace any security mechanisms. They can only add value by working with existing security mechanisms. Now that we have reviewed the overall value of honeypots, lets apply them to security.
Conclusion :
A honeypot is just a tool. How we use that tool is up to us. There are a variety of honeypot options, each having different value to organizations. We have categorized two types of honeypots, production and research. Production honeypots help reduce risk in an organization. While they do little for prevention, they can greatly contribute to detection or reaction. Research honeypots are different in that they are not used to protect a specific organization. Instead they are used as a research tool to study and identify the threats in the Internet community. You will have to determine what is the best relationship of risk to capabilities that exist for you. Honeypots will not solve an organization's security problems. Only best practices can do that. However, honeypots may be a tool to help contribute to those best practices.



EXAMPAPERS123.BLOGSPOT.COM

Mobile Computing Mobile Voice Communication

Mobile Computing Mobile Voice Communication
“MOBILE COMPUTING” means computing done by intermittently-connected users who access network resources. It requires a wireless medium such as cellular radio, radio nets and low-orbit satellites. It incorporates wireless adapters using cellular telephone technology to connect portable computers with the cabled network.
Mobile voice communication is widely established throughout the world and has had a very rapid increase in the number of subscribers to the various cellular networks over the last few years. An extension of this technology is the ability to send and receive data across these cellular networks. This is the principle of mobile computing.
Mobile data communication has become a very important and rapidly evolving technology as it allows users to transmit data from remote locations to other remote or fixed locations. This proves to be the solution to the biggest problem of business people on the move-mobility.
Our mobile system architecture supports applications by a middleware stub. Mobile Computing evolved during the last few years as a result of shrinking portables and growing wireless networks. It enlarges the usability of computers, but raises demanding challenges.
INTRODUCTION
The architecture consists of a Mobility Service Architecture, describing the way we implement our mobility services in a computer system, and a Mobility Environment Architecture describing how data are transmitted between computers in mobile environments and what tasks the different stations fulfill in our architecture
Mobility Services Architecture:
Mobility services can be classified into three groups. First there are services designed to overcome common restrictions of mobile computing, which arise mainly from the slowness, insecurity and instability of wireless or analogous connection lines utilized by the mobile user. These services are called common mobility services (CMS). Examples are connection management, caching or encryption services. The second group of services handles the management and administration of mobile users moving around and connecting their portables to networks at different places. These mobility management services (MMS) include tasks such as the authentication of users, accounting and billing
issues or profiling of the users' habits. The tasks necessary to adapt certain existing applications to mobile usage are implemented by high level services, which are called special mobility services (SMS). Special mobility services adapt existing services to the mobile conditions. For example to allow remote database access over a wireless connection line one has to take special care of possible frequent connection losses especially in the context of the state of the database. Viewing services as distinct building blocks, we are able to sketch architecture for a "mobility services enhanced system".
Mobility Environment Architecture:
To overcome restrictions in mobile computing the above architecture was designed; the architecture consists of the following parts: The network environment consists of mobile hosts fixed hosts and certain access points. The fixed hosts are all connected to a backbone (i.e. the Internet). Mobile hosts usually don't contact them directly, but use physically closer located hosts as access points to the backbone for means of minimizing the distance which has to be bridged by a mobile connection line. In addition to the users carrying a portable computer with them, also mobile users traveling between fixed hosts are considered in our system.
Problems in Wireless industry
o Handheld mobile devices could access network based content but the technologies were incompatible
o Not much use of existing internet infrastructure.
o No single global standard for data access for all handheld mobile devices.
METHODOLOGY
WAP
Wireless application protocol (WAP) is an application environment and set of communication protocols for wireless devices designed to enable to manufacturer vendor, and technology-independent access to the Internet and advanced telephony services .
WAP is designed for
􀂾 Primarily included mobile phones, pagers, PDA’s.
􀂾 Low bandwidth &high latency environments.
􀂾 Unpredictable stability & availability.
􀂾 Limited processing power & battery life.
􀂾 Less memory (ROM & RAM).
􀂾 Smaller displays.
WAP Applications
“At first, the most popular mobile Internet service is likely to be e-mail. SMS (short message service) messages have proved a big success in the Nordic nations and volumes are growing rapidly throughout western Europe”
One of the most significant advantages of Internet access from mobile rather that your PC is the ability to instantly identify users geographic location. This opens up a huge opportunity for highly customized services.
As Ericsson puts it, “the content providers will know where their users are geographically and will be able to direct them to specific destinations - restaurants or theaters, for example handheld devices are mobile, but their position is instantly identifiable. So think of content that knows where the user is, and offers content tailored to that geography. Weather forecasts, restaurant locations (with table availability and instant reservations fast food delivery, finding and booking a plumber, dating services (with pre-recorded video profiles and e-mail or voicemail exchanges) any service where physical proximity is important can migrate a vital part of its value-added to the new devices.”
The Problem areas One of the problem, basically to do with infrastructure (and not WAP) is that as the
mobile Internet access, thanks to WAP, increases it is likely to put ever greater demands on existing technology infrastructures as it encourages higher m-commerce volumes. A live example is I-mode services in Japan, where the mobile data access has seen a unprecedented rate of growth. So, unless the infrastructure is geared up to expect unexpected volumes, this can have significant impact on these data services since most of these systems are simply inadequate for big volumes. So there is a possibility of unsatisfactory performances observed by mobile data users.
Another problem area is that the delay in the delivery of long-promised terminals and service launches are narrowing the window of opportunity for WAP, while the proposed developments in faster mobile networks and more sophisticated terminals come closer. Further developments in WAP are still required and in the meantime, other solutions will emerge.
Also as with many other technologies what matters most and what guides the development of a technology is the emergence of “killer applications”. So, unless some killer applications hit the market, which influence the mood of the enduser, WAP just like other technologies has a difficult path ahead. Already due to lots of hype WAP proponents find them selves in a little tight position. So, this presents a big opportunity for the developer community to develop new and innovative applications that can realize the advantage of WAP. There is going to be big appetite for WAP applications in the very near future.
IMPLEMENTATION
J2ME
The Java 2 Platform, Micro Edition (J2ME) is the Java 2 platform targeted at consumer electronics and embedded devices like wireless phones, pagers, personal digital assistants, camcorders, game devices, small retail payment terminals and smart cards.
J2ME delivers the power and benefits of Java technology to consumer and embedded devices. It includes flexible user interfaces, a robust security model, a broad range of built-in network protocols, and extensive support for networked and offline applications that can be downloaded dynamically. Applications based on J2ME specifications are written once for a wide range of devices, yet exploit each device's native capabilities.
J2ME platform technology has three components which, taken together, form a compliant Java application environment:
􀂃 A Configuration is a combination of a Java virtual machine and a set of application support APIs that are shared across a class of devices.
􀂃 A Profile is a set of APIs (designed for a specific configuration) that address the needs of a narrower device category.
􀂃 An Optional Package is a set of technology-specific APIs that extends the capabilities of a Java application environment.
A J2ME-compliant Java application environment requires both a configuration and a profile. Optional Packages provide device designers and other JCP participants with a standards-based extension framework.
DIFFERENT TYPES OF CONFIGURATIONS
CLDC:
The CLDC configuration was designed to bring the many advantages of the Java platform to connected devices that are limited in available resources. Targeted devices include cellular phones, pagers, mobile point-of-sale terminals, and any other device constrained in processing power, memory, and graphical capability.
CDC:
The Connected Device Configuration is a standards-based framework for building and delivering mobile applications that can be shared across a range of network-connected personal mobile devices. Typically, these devices include a 32-bit microprocessor/controller and require about 2 MB of RAM and 2.5 MB of ROM for the Java application environment.
DIFFERENT TYPES OF PROFILES
Foundation Profile:
Foundation Profile is a set of Java APIs that support resource-constrained devices without a standards-based GUI system. Combined with the Connected Device Configuration
(CDC), Foundation Profile provides a complete J2ME application environment for consumer products and embedded devices.
Personal Basis Profile:
J2ME Personal Basis Profile is a set of Java APIs that support resource-constrained devices with a standards-based GUI framework. Combined with the Connected Device Configuration (CDC), J2ME Personal Basis Profile provides a complete J2ME application environment for consumer products and embedded devices.
Personal Profile:
J2ME Personal Profile is a set of Java APIs that supports resource-constrained devices with a GUI toolkit based on AWT. Combined with the Connected Device Configuration (CDC), J2ME Personal Profile provides a complete J2ME application environment for consumer products and embedded devices.

INFOSYS NEW 2010 QUESTION PAPER



1. There is a merry-go-round race going on.One person says,"1/3 of those in front of me and 3/4
of those behind me, give the total number of children in the race". Then the number of children
took part in the race? (repeated from previous papers)
Ans : 13

[ Assume there are x participants in the race.In a round race,no: of participants in front of a person wil be
x-1 an that behind him wil b x-1. i.e, 1/3(x-1) + 3/4(x-1) = x ; solving x = 13 ]

2. In an Island the natives lie and visitors speak truth. A man wants to know whether a salesman beside
him in a bar is a native or visitor. He asked him to ask a woman beside him whether she is a native or
visitor. He replied "she says she is a visitor". Then he knew that the salesman is a native or visitor.
salesman is in which category , native or visitor?

Ans : Native

[ Draw table and see ]

3.A man fixed an appointment to meet the manager, Manager asked him to come two days after the day before
the day after tomorrow. Today is Friday. When will the manager expect him? (repeated from previous papers)

Ans: Monday

[Don't confuse it with Tuesday.the correct answer is Monday]



5.A man said he spent 1/6 of his as a child, 1/12 as salesman in a liquor shop, 1/7 and 5 years as a politician
and a good husband respectively. At that time Jim was born. Jim was elected as Alderman four years back.when he
was half of his age. What is his age? (repeated from previous papers)

Ans: 84 years

[Assume that he lived x years.
X/6 + x/12 + x/7 + 5 + 4 + x/2 = x. Solving x= 84, Same as Question in Shakundala Devi book]

6.Jack,Doug and Ann, 3 children had a running race while returning from school.Mom asked who won the race.
Then Jack replied" I wont tell u.I wil give u a clue,When Ann takes 28 steps Doug takes 24 steps, meantime
I take 21 steps. Jack explained that his 6 steps equals Droug's 7 steps and Ann's 8 steps. Who won the race? (repeated from previous papers)

Ans: Doug

[ Ann steps = 8,16,24,28 --- finished by 3 & half full steps
Doug steps=7,14,21,24 --- finished before 3 & half full steps
Jack steps= 6,12,18,21 --- finished by 3 & half full steps
So Doug won the race ]

7. Every day a cyclist meets a car at the station.The road is straight and both are travelling in the same direction.
The cyclist travels with a speed of 12 mph.One day the cyclist comes late by 20 min. and meets the car 5miles before
the Station. What is the speed of the car?

Ans: 60 mph

[Very similar to Shakuntala Devi puzzles to puzzle you problem no: 38 ]


9.A lady goes for shopping. She bought some shoestrings. 4 times the number of shoestrings, she bought pins and 8 times,
handkerchiefs. She paid each item with their count as each piece's cost. She totally spent Rs. 3.24.How many handkerchiefs
did she buy? (repeated from previous papers)

10. Complete the series :

a) 3,6,13,26,33,66,____(repeated from previous papers)
b) 364,361,19,16,4,1,___( " " " )

Ans : a) 63
b) 1



11. Lucia is a wonderful grandmother. Her age is between 50 and 70.Each of her sons have
as many sons as they have brothers. Their combined number gives Lucia�s age. What is the age?

Ans: 64

12.There are two towers A and B. Their heights are 200ft and 150ft respectively and the
foot of the towers are 250ft apart. Two birds on top of each tower fly down with the same
speed and meet at the same instant on the ground to pick a grain. What is the distance
between the foot of tower A and the grain?

Ans:90ft

13 Grass in lawn grows equally thick and in a uniform rate.
It takes 40 days for 40 cows and 60 days for 30 cows to eat the whole of the grass.
How many days does it take for 20 cows to do the same?

Ans: 120

13. Four tourists A,B,C,D and four languages English, German, French and Italian.
They are not able to converse among themselves in one language.
Though A does not know English he can act as an interpreter between B and C.
No one spoke both French and German. A knows German and was able to converse with D
who doesn�t know a word in German. Only one language was spoken by more than two persons.
Each spoke two languages. Find who spoke what.

Ans : A- German,Italian
B- French,Italian
c- German,English
D- Italian,English



14. There is a five digit number. It has two prime digits (1 is not a prime number).
Third digit is the highest. Second digit is the lowest. First digit is one less
than the third digit. The fifth digit is half of the fourth. The sum of 4th and 5th is
less than the first. Find the number.

Ans � 71842

15.6. Four persons A, B, C and D are playing cards. Each person has one card, laid down
on the table below him, which has two different colours on either side.
No card has the same color on both sides. The colours visible on the table are Red,
Green, Red and Blue respectively. They see the color on the reverse side and give the
following comment.

A: Yellow or Green
B: Neither Blue nor Green
C: Blue or Yellow
D: Blue or Yellow

Given that out of the 4 people 2 always lie find out the colours on the cards each person.

Ans: A- Yellow
B- Yellow
C- Green
D- Red

16. A 1 k.m. long wire is held by n poles. If one pole is removed, the length of the gap
becomes 12/3m. What is the number of poles initially?


Ans:6km

17. Find the digits X,Y,Z
X X X X
Y Y Y Y +
Z Z Z Z
--------------
Y X X X Z
----------------
Ans: X Y Z
9 1 8

18. A man starts walking at 3 pm . ha walks at a speed of 4 km/hr on level ground and at a speed of
3 km/hr on uphill , 6 km/hr downhill and then 4 km/hr on level ground to reach home at 9 pm.
What is the distance covered on one way?

Ans: 12 km

19. A grandma has many sons; each son has as many sons as his brothers. What is her age if it�s the product
of the no: of her sons and grandsons plus no: of her sons?(age b/w 70 and 100).

Ans: 81

20. An electric wire runs for 1 km b/w some no: of poles. If one pole is removed the distance b/w each pole
increases by 1 2/6 (mixed fraction). How many poles were there initially?

21. There is a church tower 150 feet tall and another catholic tower at a distance of 350 feet from it which
is 200 feet tall. There is one each bird sitting on top of both the towers. They fly at a constant speed
and time to reach a grain in b/w the towers at the same time. At what distance from the church is the grain?

Ans: 90

22. A person wants to meet a lawyer and as that lawyer is busy he asks him to come three days after the before day
of the day after tomorrow? on which day the lawyer asks the person to come?

ans: thursday

23. A person is 80 years old in 490 and only 70 years old in 500 in which year is he born?

ans: 470

24.A person says that their speed while going to a city was 10mph however while returning as there is no much
traffic they came with a speed of 15mph. what is their average speed?

ans: 12mph

25. There is a peculiar island where a man always tells truth and a women never says two 2 consecutive truth
or false statements that is if she says truth statement then she says false statement next and vice versa.
A boy and girl also goes in the same way. one day i asked a child " what r u a boy or a girl" however the
child replied in their language that i dint understand but the parents knew my language and one parent replied
that " kibi is a boy" the other one said that "no kibi is a girl, kibi lied".
a: is kibi a boy or a girl
b: who ansered first mother or father?

ans: kibi is a girl and mother answered first.

26. The boy goes to school reaches railway station at his 1/3 of his journey& mill at 1/4 of his journey the time
taken him to walk between railway station & mill is 5 mins. Also he reaches railway station at 7.35amwhen he
started from house& when he reaches school?

Ans: 7:15to8.15

27. if a person is sitting in a exam having 30 questions (objective type)
the examiner use the formula to calculate the score is S=30+4c-w here c is number
of correct answer and w is number of wrong answer , the examiner find the score
is more than 80, tell how may questions are correct ? if the score is little less
but still more than 80 then u wont be able to answer.

ans :- 16


28. if a person having 1000 rs and he want to distribute this to his five children
in the manner that ecah son having 20 rs more than the younger one , what will
be the share of youngest child

ans- 160

29.raju having some coins want to distribute to his 5 son , 5 daughter and driver
in a manner that , he gave fist coin to driver and 1/5 of remaining to first
son he again gave one to driver and 1/5 to 2nd son and so on....
at last he equally distributed all the coins to 5 daughters.
how many coins raju initially have???

ans:-881

30.if ravi binded his book and the binder cut the pages of the book , ravi
decided to mark the pages by himself own , what he found that number of three
appears 61 times find of number of pages answer

ans - 300

31. a painter went in a exhibition to purchases some pictures where T,U,V,W,X,Y,Z
pictures were remaining , he want to buy only five in the condition on that
if T is there then X should not be there,
if U is there than y should be there
if if v is there then X should be there

which is the combination the painter can have
(a) T,U,V,W,Y
(b)T,Z,U,W,X
(c)T,X,U,V,W
(d)T,U,Y,W,Z

ans (d)

32.There are 100 men in town. Out of which 85% were married, 70% have a phone, 75% own a car, 80% own
a house. What is the maximum number of people who are married, own a phone, own a car and own a house ? ( 3 marks)

Sol: 15%

33. There are 10 Red, 10 Blue, 10 Green, 10 Yellow, 10 White balls in a bag. If you are blindfolded
and asked to pick up the balls from the bag, what is the minimum number of balls required to get a
pair of atleast one colour ? ( 2 Marks)

Sol :6 balls.

34. Triplet who usually wear same kind and size of shoes, namely, Annie, Danny, Fanny. Once one of them
broke a glass in kitchen and their shoe prints were there on floor of kitchen. When their mother asked
who broke Annie said, �I didn�t do it�; Fanny said �Danny did it�; Danny said �Fanny is lieing�;
here two of them are lieing, one is speaking truth. Can you find out who broke it ? (3 Marks)

Sol : Annie

35. 4 players were playing a card game. Cards had different colours on both sides. Neither of cards had
same colour on both sides. Colours were 2 Red, 2 Blue, 2 Green, 2 Yellow. Cards were lying in front of
each player. Now, each player knew the colour on other side of his card. They are required to tell their colour.
Statement given by each of them was :
Annie : Blue or Green
Bobby : Neither Blue nor Green
Cindy : Blue or Yellow
Danny : Blue or Yellow
colours of cards that are visible to all were Red, Blue, Green, Blue in order of their names.
Exactly two of them are telling truth and exactly two of them are lieing. Can you tell the colour
on other face of card for each player ? (6 Marks)

Sol : Annie : Yellow (Lieing)
Bobby : Yellow (Telling truth)
Cindy : Blue (Telling truth)
Danny : Green (Lieing)

36. In a game i won 12 games, each game if i loose i will give u one chocolate, You have 8 chocolates how
many games played.

Ans : 32

38. 75 persons Major in physics, 83 major in chemistry, 10 not at major in these subjects
u want to find number of students majoring in both subjects

Ans 68.

39. if A wins in a race against B by 10 mts in a 100 Meter race. If B is behind of A by 10 mts.
Then they start running race, who will won?

Ans A

40. A+B+C+D=D+E+F+G=G+H+I=17
given A=4.Find value of G and H?

Ans : G = 5 E=1

41. One guy has Rs. 100/- in hand. He has to buy 100 balls. One football costs Rs. 15/, One Cricket ball
costs Re. 1/- and one table tennis ball costs Rs. 0.25 He spend the whole Rs. 100/- to buy the balls.
How many of each balls he bought?

ans :F=3,T=56,C=41


42. The distance between Station Atena and Station Barcena is 90 miles. A train starts from Atena towards
Barcena. A bird starts at the same time from Barcena straight towards the moving train. On reaching the
train, it instantaneously turns back and returns to Barcena. The bird makes these journeys from Barcena to
the train and back to Barcena continuously till the train reaches Barcena. The bird finally returns to Barcena and rests. Calculate the total distance in miles the bird travels in the following two cases:
(a) The bird flies at 90 miles per hour and the speed of the train is 60 miles per hour.
(b) the bird flies at 60 miles per hour and the speed of the train is 90 miles per hour

Ans: time of train=1hr.so dist of bird=60*1=60miles


43. A tennis championship is played on a knock-out basis, i.e., a player is out of the tournament when
he loses a match.
(a) How many players participate in the tournament if 15 matches are totally played?
(b) How many matches are played in the tournament if 50 players totally participate?

Ans: (a)16
(b)49

44.When I add 4 times my age 4 years from now to 5 times my age 5 years from now, I get 10 times my
current age. How old will I be 3 years from now?

Ans:Age=41 years.

45.A rich merchant had collected many gold coins. He did not want anybody to know about them.
One day, his wife asked, "How many gold coins do we have?" After pausing a moment, he replied,
"Well! If I divide the coins into two unequal numbers, then 37 times the difference between the
two numbers equals the difference between the squares of the two numbers." The wife looked puzzled.
Can you help the merchant's wife by finding out how many gold R

Ans:37

46. A set of football matches is to be organized in a "round-robin" fashion, i.e., every participating
team plays a match against every other team once and only once. If 21 matches are totally played,
how many teams participated?

Ans :7

47. Glenn and Jason each have a collection of cricket balls. Glenn said that if Jason would give him
2 of his balls they would have an equal number; but, if Glenn would give Jason 2 of his balls,
Jason would have 2 times as many balls as Glenn. How many balls does Jason have?

Ans: 14

48. Suppose 8 monkeys take 8 minutes to eat 8 bananas.
a) How many minutes would it take 3 monkeys to eat 3 bananas?
(b) How many monkeys would it take to eat 48 bananas in 48 minutes

Ans: a)48
B)6

49. It was vacation time, and so I decided to visit my cousin's home. What a grand time we had!
In the mornings, we both would go for a jog. The evenings were spent on the tennis court. Tiring
as these activities were, we could manage only one per day, i.e., either we went for a jog or played
tennis each day. There were days when we felt lazy and stayed home all day long. Now, there were 12
mornings when we did nothing, 18 evenings when we stayed at home, and a total of 14 days when we jogged
or played tennis. For how many days did I stay at my cousin's place?

Ans : 22 days

50 A 31" x 31" square metal plate needs to be fixed by a carpenter on to a wooden board. The carpenter
uses nails all along the edges of the square such that there are 32 nails on each side of the square.
Each nail is at the same distance from the neighboring nails. How many nails does the carpenter use?

Ans :124

Top

51. A man starts his walking at 3PM from point A, he walks at the rate of 4km/hr in plains and 3km/hr in hills to reach the point B.
During his return journey he walks at the rate of 6km/hr in hills and 4km/hr in plains and reaches the point A at 9PM.
What is the distance between A and B?

Ans: 12km

52.2. A boy asks his father, " what is the age of grand father?". Father replied " He is x years old in x^2 years", and also said, "we are talking
about 20th century". what is the year of birth of grand father?

Ans: 1892

53. A boy travels in a scooter after covering 2/3rd of the distance the wheel got punctured he covered the remaining distance by walk.
Walking time is twice that of the time the boy�s riding time. How many times the riding speed as that of the walking speed?

Ans: 4 times.

54. In a Knockout tournament 51 teams are participated, every team thrown out of the tournament if they lost twice. How many matches to
be held to choose the winner?

Ans: 101 matches

55. A man sold 2 pens. Initial cost of each pen was Rs. 12. If he sell it together one at 25% profit and another 20% loss. Find the amount of loss
or gain, if he sells them seperately.

Ans: 60 Paise gain

56. Find the 3 digit no. whose last digit is the squareroot of the first digit and second digit is the sum of the other two digits.

Ans: 462

57. Meera was playing with her brother using 55 blocks.She gets bored playing and starts arranging the blocks such that the no. of blocks in each row is
one less than that in the lower row. Find how many were there in the bottom most row?

Ans: 10

58. Two people are playing with a pair of dies. Instead of numbers, the dies have different colors on theirsides. The first person wins if the same color
appears on both the dies and the second person wins if the colors are different. The odds of their winning are equal. If the first dice has 5 red sides
and 1 blue side, find the color(s) on the second one.

Ans: 3 Red, 3 Blue

59. A person travels in a car with uniform speed. He observes the milestone,which has 2 digits. After one hour he observes another milestone
with same digits reversed. After another hour he observes another milestone with same 2 digits separated by 0. Find the speed of the car?

Ans : 45

60. Three persons A, B &C went for a robbery in different directions and they theft one horse, one mule and one camel.
They were caught by the police and when interrogated gave the following statements
A: B has stolen the horse

B: I didn't rob anything.

C: both A & B are false and B has stolen the mule.

The person who has stolen the horse always tell the truth and

The person who has stolen the camel always tell the lie.

Find who has stolen which animal?

Ans:

A- camel

B- mule

C- horse

61. One quarter of the time till now from midnight and half of the time

remaining from now up to midnight adds to the present time. What is the present time?

Ans: 9:36AM

62. After world war II three departments did as follows First department gave some tanks to 2nd &3rd departments equal to the
number they are having. Then 2nd department gave some tanks to 1st & 3rd departments equal to the number they are having.
Then 3rd department gave some tanks to 2nd &1st departments equal to the number they are having. Then each department has 24 tanks.
Find the initial number of tanks of each department?

Ans ;

A-39

B-21

C-12

63. A, B, C, D&E are having their birthdays on consecutive days of the week not ecessarily in the same order. A 's birthday comes before G's
as many days as B's birthday comes after E's. D is older than E by 2 days. This time G's birthday came on wednesday. Then find the day
of each of their birthdays?

Ans:

Birthday of D on SUNDAY

Birthday of B on MONDAY

Birthday of E on TUESDAY

Birthday of G on WEDNESDAY

Birthday of A on THURSDAY

64. A girl 'A' told to her friend about the size and color of a snake she has seen

in the beach. It is one of the colors brown/black/green and one of the sizes 35/45/55.

If it were not green or if it were not of length 35 it is 55.

If it were not black or if it were not of length 45 it is 55.

If it were not black or if it were not of length 35 it is 55.

a) What is the color of the snake?

b) What is the length of the snake?

Ans:

a) brown

b) 55

65. There are 2 pesons each having same amount of marbles in the

beginning. after that 1 person gain 20 more from second person n he

eventually lose two third of it during the play n the second person

now have 4 times marble of what 1st person is having now.

find out how much marble did each had in the beginning.

ANSWER - 100 each

66. A lady was out for shopping. she spent half of her money in buying A

and gave 1 doller to bagger. futher she spent half of her remaining

money and gave 2 doller to charity. futher she spent half of

remaining money n gave 3 dollor to some childrans. now she has left

with 1 doller. how much she had in the beginning?

Ans $42

67. There are certain diamonds in a shop.

1 thief stole half of diamonds and 2 more.

2 thief stole half of remaining and 2 more

3. same as above

4 same as above.

5 came nothing was left for that.

how many dimands was there???

Ans 60 diamonds

68. There are three frens A B C.

1. Either A or B is oldest

2. Either C is oldest or A is youngest.

Who is Youngest and who is Oldest?

Ans A is youngest n B is oldest.

69. Father says my son is five times older than my daughter. my wife is 5

times older that my son. I am twice old from my wife and altogether

(sum of our ages) is equal to my mother 's age and she is celebrating

her 81 birthday. so what is my son's age?

Ans - 5 years.

70.. In Mulund, the shoe store is closed every Monday, the boutique is closed every Tuesday, the grocery store is closed every Thursday
and the bank is open only on Monday, Wednesday and Friday. Everything is closed on Sunday.

One day A, B, C and D went shopping together, each with a different place to go. They made the following statements:

A D and I wanted to go earlier in the week but there wasn�t day when we could both take care of our errands.
B I did not want to come today but tomorrow I will not be able to do what I want to do.
C I could have gone yesterday or the day before just as well as today.
D Either yesterday or tomorrow would have suited me.

Which place did each person visit ?

Ans : A-BOUTIQUE

B-BANK

C-GROCERY

D-SHOE

71. Fodder, pepsi and cereale often eat dinner out.

each orders either coffee or tea after dinner.
if fodder orders coffee, then pepsi orders the drink that cereale orders
if pepsi orders coffee, then fodder orders the drink that cereale doesnot oder
if cereale orders tea, then fodder orders the drink that pepsi orders
which person/persons always orders the same drink after dinner ?

Ans:Fodder

72. At a recent birthday party there were four mothers and their children. Aged 1,2,3 and 4. from the clues below can you work out whose
child is whose and their relevant ages ?

It was jane�s child�s birthday party.
Brian is not the oldest child.
Sarah had Anne just over a year ago.
Laura�s Child will be next birthday.
Daniel is older than Charlie is.
Teresa�s child is the oldest.
Charlie is older than Laura�s child.
Ans: Jane � Charlie -3

Laura � Brian � 2

Teresa � Daniel � 4

Sarah � Anne - 1

73. We are given 100 pieces of a puzzle. If fixing two components together is counted as 1 move ( a component can be one piece or an already fixed set of pieces),
how many moves do we need to fix the entire puzzle.

Ans: 99

74. Two guys work at some speed...After some time one guy realises he has done only half of the other guy completed which is equal to half of
what is left !!! #$%#$ So how much faster than the other is this guy supposed to do to finish with the first.
Ans: one and half times or 3/2

75. There is a square cabbage patch.He told his sister that i have a larger patch than last year and hence
more cabbages thios year.Then how many cabbages i have this year.?

Ans:106*106=11236

76. There are three guesses on the color of a mule

1 says:itz not black

2 says:itz brown or grey

3 says: itz brown

Atlest one of them is wrong and one of them is

true.....Then whatz the color of mule?

Ans: Grey

77. Jim,Bud and sam were rounded up by the police yesterday. because one

of them was

suspected of having robbed the local bank. The three suspects made

the following statements

under intensive questioning.

Jim: I'm innocent

Bud: I'm innocent

Sam: Bud is the guilty one.

If only one of the statements turned out to be true, who robbed the

bank?

Ans:BUD.

78. There are two containers on a table. A and B . A is half full of

wine, while B, which is twice A's size,

is onequarter full of wine . Both containers are filled with water

and the contents are poured into a

third container C. What portion of container C's mixture is wine ?

Ans:33.33%

79. A man was on his way to a marriage in a car with a constant speed.

After 2 hours one of the tier is punctured and it took 10 minutes to replace it.

After that they traveled with a speed of 30 miles/hr and reached the marriage

30 minutes late to the scheduled time. The driver told that they would be

late by 15 minutes only if the 10 minutes was not waste.

Find the distance between the two towns?

Ans: 120 miles

80. A bargainhunter bought some plates for $ 1.30 from a sale on saturday,where price 2cents was marked off at each article .On monday she went to return them at regular prices,and bought some cups and saucers from that much amount of money only.the normal price of plate were equal to the price of 'one cup and one saucer'.

In total she bought 16 items more than previous. saucers were only of 3 cents hence she brought 10 saucers more than the cups,

How many cups and saucers she bought and at what price?

Ans: 8,18 Price: 12,3.

81. Mr. T has a wrong weighing pan.One arm is lengthier than other.1

kilogram on left balances 8 melons on right.1 kilogram on right

balances 2 melons on left.If all melons are equal in weight,what is

the weight of a single melon?

Ans:200 gms

82. A card boarb of 34 * 14 has to be attached to a wooden box and a total

of 35 pins are to be used on the each side of the cardbox.Find the total

number of pins used .

Ans: 210