Вы находитесь на странице: 1из 23


SUBMITTED TO: MR. Kamal Kant CSE Dept.

SUBMITTED BY: Geetika Dayal A2305208545 Roll No. 512 8CS-5(X)


SUBMITTED TO: MR. Kamal Kant CSE Dept.

SUBMITTED BY: Kritika Dayal A2305208652 Roll No. 590 8CS-5(Y)


SUBMITTED TO: MR. Kamal Kant CSE Dept.

SUBMITTED BY: Arushi Nautiyal A2305208522 Roll No. 438 8CS-5(X)

Q1. Explain Telecommunication Network architecture with neat diagram? A telecommunications network is a collection of terminals, links and nodes which connect to enable telecommunication between users of the terminals. Networks may use circuit switching or message switching. Each terminal in the network must have a unique address so messages or connections can be routed to the correct recipients. The collection of addresses in the network is called the address space. The links connect the nodes together and are themselves built upon an underlying transmission network which physically pushes the message across the link. Examples of telecommunications networks are: computer networks the Internet the telephone network

All telecommunication networks are made up of five basic components that are present in each network environment regardless of type or use. These basic components include terminals, telecommunications processors, telecommunications channels, computers, and telecommunications control software.

Terminals are the starting and stopping points in any telecommunication network environment. Any input or output device that is used to transmit or receive data can be classified as a terminal component.

Telecommunications processors support data transmission and reception between terminals and computers by providing a variety of control and support functions. (i.e. convert data from digital to analog and back) Telecommunications channels are the way by which data is transmitted and received. Telecommunication channels are created through a variety of media of which the most popular include copper wires and coaxial cables (structured cabling). Fiber-optic cables are increasingly used to bring faster and more robust connections to businesses and homes. In a telecommunication environment computers are connected through media to perform their communication assignments. Telecommunications control software is present on all networked computers and is responsible for controlling network activities and functionality.

Q2. What are different TMN management layers? The framework identifies four logical layers of network management: Business management Includes the functions related to business aspects, analyzes trends and quality issues, for example, or to provide a basis for billing and other financial reports. Service management Handles services in the network: definition, administration and charging of services. Network management Distributes network resources, performs tasks of: configuration, control and supervision of the network. Element management Handles individual network elements including alarm management, handling of information, backup, logging, and maintenance of hardware and software. A network element provides agent services, mapping the physical aspects of the equipment into the TMN framework.

Q3. Describe TMN information model? Basically there are two TMN information models which is based on objects specified in:

G.803 2. M.3100

G.803 : The ever-popular Client/Server model is used as a paradigm for describing the relationship between the layers of synchronous networks, with the client layer traffic being carried over transport services provided by the Server Layer. Two important types of transport entities, trails and connections, are used to transfer information within the framework of the client and server layers. A trail is responsible for managing the transfer of information through one or more client layers via "access points." A trail consists of trail termination functions that interact via a network connection. Connections, on the other hand, are used to transfer information between connection points; multiple connections can be used to support a single trail within a layer. A single layer can contain multiple connections that serve the information transport needs of the related client layer. There are several other components in the general framework defined by G.803. The objects include:

CP - connection point, this is the point at which the end of a single trail is bound to either another trail or another connection. TCP - Termination Connection Point (not Transmission Control Protocol). This is a special case of a connection point where a trail termination and an adaptation function are bound.

Adaptation - provides a point of access between the client and server layers. This function "defines the "server/client" association between the connection point and access points.

Bi-directional reference point - refers to a point in the network in which a pair of unidirectional connections or trails are combined to provide full-duplex connections.

Network connection - defined by G.803 as a "transport entity" formed by a series of "connections between "termination connection points". In our sample figure, you can see that the server layer provides a network connection across several connections to provide a service accessible by the client layer. This network connection can be used to transfer client trail information.

AP - access point. Defined as a "reference point" where the output of an "adaptation" source function is bound to an input of a "trail termination source" or the output of a "trail termination sink" is bound to the input of an adaptation sink function." In simpler terms, each layer's access point is the point at which a server layer terminates the supporting trail service.

MC - matrix connection. Models the connection within a sub network that consists of a connection that is transferred through a matrix function. This matrix can either be a fixed matrix (for example, a permanent circuit through some switching function, or dynamically, as in the case of an automatically switched circuit).

Figure: G.803

M.3100 : The M.3100 specification is organized into 6 "fragments" that combine to form the Generic information model. There are both direct containment relationships between

the fragments along with associative peer relationships. The 6 fragments defined within M.3100 are:

Network Fragment: defines the relationship between a managed network and its related trails, connections, and managed elements. In this case, a network fragment is shown to contain all elements.

Managed Element: defines the components and relationships contained in a single managed element. In this case, a managed element is shown to contain equipment (including software), along with trail termination points.

Termination Point: The termination point fragment contains the types of terminations that a single piece of managed equipment may contain. Both trail and connection termination points are included in this fragment.

Transmission Fragment: Provides a different, non-equipment oriented view of communications through a network. In this case, two forms of transmission entities are defined, trails and connections. The relationships between these entities and references to their relative termination points are included in this fragment. Termination points include termination point sources, sinks and bidirectional termination points.

Cross Connection Fragment: helps in managing cross connect fabric topologies. In this case, the cross connection fragment contains multipoint cross connections, cross connections, generic termination points, and a pool of termination points.

Functional Area Fragment: defines the classes of objects contained within a managed element to provide additional management services. Object classes contained in the functional area fragment include: Management Operations Schedule, Logs (e.g., alarms, attribute value changes, object creation and deletion records, state change records), alarm assignment profiles, event forwarding discriminators and the current alarm summary control. Of these object classes, with the exception of the Alarm Severity Assignment Profile, all are defined either in X.721 or Q.821.

Figure: M.3100

Q4. Briefly explain services and functions of TMN? TMN Services: There are a number of specific areas covered by different TMN management services: A. Customer administration This management activity requires the network operator to exchange management data and functions required by the customers to offer a telecommunication service and to exchange with the network all the customer-related management data and functions that the network needs to provide that service. This could involve interactions which related to provisioning management, configuration administration, fault administration, charging (billing) administration, complaints administration, quality of service administration, traffic measurement administration, etc.

B. Traffic management This deals with the management of traffic associated with circuit switched networks, for example, Integrated Services Digital Network (ISDN) and Public Switched Telephone Network (PSTN), and transmission networks.

The objective of traffic management is to enable as many calls as possible to be successfully completed. This is done by maximising the use of all available equipment and facilities in the traffic situation. It is also responsible to supervise the performance of a network, and has to take action to control the flow of the traffic and to optimise the utilisation of the network capacity. C. Management of customer access This includes all the equipment which associated with the customer access involving multiplex equipment, network terminating units etc, regardless of its bandwidth (narrow-band or broadband), analogue or digital. Management describes quite a number of tasks, configuration, failure monitoring, security and network performance of any part or piece of equipment associated with the access. Separate requirements resulting from circuit-switched or packet-switched environments must also be taken into account. Needs of management control facilities upon the customer access arises due to the complexity. Customer access may be regarded as consisting of copper wires or optical fibres with complex electronic equipment whose functions may need updating or altering by the network provider, instead of merely consisted of copper wires and network terminating equipment.

D. Common channel signalling system (CCSS) management This covers all the aspects concerned with the management of CCSSs. During the process of managing a CCSS, several things outside of the sphere of the MS has to be considered as well. They are the events and information outside the MS, also planning is needed. It is necessary to have a network wide view of the availability of the signalling network and the signalling traffic loading. The network wide view should at least contain a number of relevant information such as, the configuration on the signalling network, the availability of each signalling link set and its capacity, current loading of each link set, and indication of the initiation of internal flow control procedures. Those information will be used as a statistical measurements. They will be gathered from both inside and outside of the signalling system concerned.

E. Staff Work Scheduling This management service has no direct influence on NEs. However the quality of telecommunication services depends very much on the network operator's staff, and that effective staff work scheduling helps to maintain the economic level of the staff effort. This is a management activity of the network operator which aims at getting the right staff member to carry out the work. This is valid for OAM of the NEs, maintenance and installation work to be done at the customers' premises, and also installation and repair work to be done in the field, such as installing cables.

The TMN management functions are usually grouped into five functional areas:

Performance management: It includes all activities necessary to maintain the short term customer view of quality of service. It gathers statistical data for monitoring and controlling the effectiveness and behaviours of the network, NE or equipment.

Performance monitoring (PM) PM involves the collection of data relating the performance of the NE. It is designed to measure the overall quality using monitored parameters and also to detect characteristic pattern before the quality of signal drops below an acceptable level.

Performance controlling (PC)

B.Fault (Maintenance) Management: It include all procedure necessary to handle system alarm, correct and test falling equipment, and respond intelligently to customers complaints.

Alarm TMN is able to monitor NE failures in near real time. Indication is made by the NE when a failure occurs. TMN determines the nature and severity of the fault basing on the indication. It may determine the effect of the fault on the services supported by the fault equipment in two ways. The first one is that a data base within a TMN may interpret binary alarm indication from the NE, which requires little of the NE beyond self-monitoring capability. The second is

that it may transmit self- explanatory messages to a TMN if the NE has sufficient intelligence, but requires additional support of message syntax for the description of fault condition from both NE and TMN.

Correction Automatic restoration report from NE to TMN indicates a specific line, service, equipment or system that has been switched as part of NE's protection procedures. TMN requests NE to start/stop hot-standby procedures for system or service so as to let a redundant unit to take over with minimum disruption to traffic. Reload procedure involves a request from TMN to NE for reconstruction of a service or a system from a particular dump record. A reload report is the reporting of a reloaded service or system from a dump, from NE to TMN.


Testing It can be done in two ways. The first way is that a TMN orders a NE to carry out analysis of circuit or equipment characteristics, which is done entirely within the NE. Results are reported to the TMN automatically and immediately or on a delayed basis. Another way is that the analysis is done within the TMN. It asks the NE to provide access to the circuit or equipment concerned and no more messages are exchanged with the NE.

C. Configuration Management: It provides functions for control over, identify, collect data from and provide data to NEs.

Provisioning It consists of procedures need to bring an equipment into service, excluding installation. When the unit is in service, supporting programs will be initialised with the TMN. Status of the unit, for example, whether in service or not, may be controlled by provisioning functions. Use of provisioning functions differs in different NEs. Frequent use of these functions is required in digital switching and cross-connect equipment as circuits are put up and dropped. While only one usage is usually required in small transmission elements.


Status and control of NE TMN provides monitoring and controlling over the NE on request. A status check is usually provided in conjunction with each control function so as to check that the resulting action has taken place. These functions are corrective when dealing with faulty conditions. Status and control functions form part of routine maintenance which is done on a periodic or automatic basis. TMN will stop the operation of a faulty equipment and may rearrange equipment or re-route traffic. It can also enable entering of proposed configuration to analyse the feasibility of the design before its implementation.

D. Accounting Management : It includes the measurement and control of costs and customers billing. It provides a function set which enable the use of the network service to be measured and determine the cost of it. It also collects the accounting record and

Billing Some NEs is used to determine charges to customer accounts and it will send to the OS within TMN if it requires these data. To enable the maintaining of the record of billing, this type of function needs highly efficient and redundant data transport. Processing must be carried out in near real time for large number of customers.

E. Security Management: It is responsible for controlling access to customers, network data and resources. It is concerned not with the provision and use of encryption or authentication techniques themselves but rather with their management, including reports concerning attempts to breach system security. There are two important function, first one is managing the security and maintaining security audits. The other one is performing the network management task in a secure way. Q5. Write down the functions provided by S/MIME? S/MIME (Secure/Multipurpose Internet Mail Extension ) is a security enhancement to the MIME Internet e-mail format standard.

The Functions provided by S/MIME are: 1.Enveloped data: This consists of encrypted content of any type and encrypted content encryption keys for one or more users. This functions provides privacy and data security. 2.Signed data: A digital signature is formed by signing the message digest and then encrypting that with the signer private key. The content and the signature are then encoded using base64 encoding. This function provides authenticity, message integrity and non-repudiation of origin. 3.SignerInfo: allows the inclusion of unsigned and signed attributes to be included along with a signature. -Signing Time -SMIME Capabilities -SMIME Encryption Key Preference 4.Clear signed data: In this case a digital signature of the content is formed, However only the signature is encoded with base64. 5.Signed and enveloped data: Because of S/MIME encapsulating capability (multipart type), signed only and encrypted only entities may be nested, so that encrypted data may be signed and signed data may be encrypted. Q6. Explain firewall design principles, characteristics, and types of firewalls Firewall is a single point of defence between two networks. A firewall can be simply a router that is used to filter the packets or a complex multi computer, multi router solution that performs filtering of packets along with application level proxy services. A firewall can be through of as a pair of mechanisms: allow, which permits traffic and deny, which blocks traffic. Types of firewalls:


Packet filters: A packet filter is one of the earliest firewall technologies that analyze network traffic at the transport protocol layer. Each ip network packet is examined to see if it matches one of a set of rules which defines the nature of allowable data flow. Circuit level firewalls: Circuit level firewalls are similar to packet filtering firewalls, but they operate at transport and session layer of the OSI model. The biggest difference between a packet filtering firewall and circuit level firewall is that circuit level firewall validates TCP and UDP sessions before opening a connection through the firewall. Application layer firewalls: An application layer firewall is a third generation firewall technology that evaluates network packets for valid data at the application layer before allowing a connection. It examines the data in all network packets at the application layer and maintains a complete list of connection states and sequencing information. Dynamic packet filter: Dynamic packet filter firewalls are a fourth generation firewalls that allow modifications of the security rules on the fly. This technology is most suitable for providing limited support for UDP transport protocol




Q7.Define man in the middle attack Internet connections can be attacked in various ways. A general type of attack is called Man-inthe-middle. The idea behind this attack is to get in between the sender and the recipient, access the traffic, modify it and forward it to the recipient. The term Man-in-the-middle have been used in the context of computer security The man-in-the-middle attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances .

A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the otherit is an attack on (or lack of) mutual authentication. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. Q 8. Write short notes on following a) KerberosKerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. It is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client server model, and it provides mutual authenticationboth the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography by utilizing asymmetric key cryptography during certain phases of authentication. b) Virus and WormsA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of





to adware and spyware programs that do not have a reproductive ability. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers. [2][3] Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious or unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and

Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves. A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. c) HoneypotA honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Honeypots are an exciting new technology with enormous potential for the security community. a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. Honeypots can be classified based on their deployment and based on their level of involvement. Based on deployment, honeypots may be classified as production honeypots research honeypots. d) Elliptic Curve Cryptography Elliptic Curve Cryptography (ECC) is a public key cryptography. Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly-known base point is infeasible. The size of the elliptic curve determines the difficulty of the problem. The primary benefit promised

by ECC is a smaller key size, reducing storage and transmission requirementsie. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger keyeg, a 256bit ECC public key should provide comparable security to a 3072bit RSA public key For current cryptographic purposes, an elliptic curve is a plane curve which consists of the points satisfying the equation

e) IDS An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. f) Hash Algorithm A hashing algorithm takes a variable length data message and creates a fixed size message digest. When a one-way hashing algorithm is used to generate the message digest the input cannot be determined from the output. The key in public-key encryption is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value.

Q9. In network security what we will do first compression or encryption ? Encryption is counterproductive for compression if the two features aren't used together correctly. Generally, you want to compress first and then encrypt. This is the order that naturally happens when you compress at the encoding level and encrypt at the transport level. You tend to get disadvantageous results if you encrypt first and then compress. This order can happen when you encrypt early on, such as when you use message security with transport compression, or if you attempt to apply compression from outside the system after encryption has already taken place. Statistical tendencies in the resulting encryption output could be a way to attack the encryption mechanism, possibly revealing the original content or even the secrets used for encryption. Therefore, the encrypted output tends to be more random than the original content. If the original content was fairly predictable, then this can cause a significant decline in compression effectiveness. This makes encrypted content a poor candidate for compression. Q10. Difference between SSL and TLS? SSL SSL is designed to allow an accessing device or application to connect through ports associated with SSL for verification. Logging into the destination is handled then routed for verification then allowed in based on whether or not the key is the same for the request. Not all web browsers will alert users of changes in security measures such as those. TLS TLS works in a similar fashion but helps to prevent eavesdropping and tampering with information that is sent between the two locations. The server does a large amount of encrypting of data being transferred and pulls information for the digital certificate. If the information is correct the TLS will continue until the connection is completed. Q11. What is the segment size of different e-mail providers. Segment size should be small or large? It depends on what parameters? The segment size of different email providers are as follows:

Gmail, RediffMail, Excite, AOL Mail, Blue Tie 25 MB Fastmail -10 MB to 50 MB GMX Mail, Hushmail, india.com Email, Ovi Mail- 20 MB Mail.com -50 MB Runbox-100 MB If the maximum segment size is sufficient to allow all segments of data to be transferred without fragmenting the segments, the web page is likely to fulfill relatively quickly. However, if the data segment is too large for the maximum segment size established between the ISP and the end users computer, then the segment will have to be broken down into smaller fragments that will pass through the routing process. The end result is that the web page will fulfill at a noticeably slower rate.

Q12. Explain DES in detail. Write advancement in DES in short. DES is a block cipher--meaning it operates on plaintext blocks of a given size (64bits) and returns ciphertext blocks of the same size. Thus DES results in a permutation among the 2^64 (read this as: "2 to the 64th power") possible arrangements of 64 bits, each of which may be either 0 or 1. Each block of 64 bits is divided into two blocks of 32 bits each, a left half block L and a right half R.

Step 1: Create 16 subkeys , each of which is 48-bits long. The 64-bit key is permuted according to the permutation table, PC-1. Note only 56 bits of the original key appear in the permuted key. Next, split this key into left and right halves, C0 and D0, where each half has 28 bits. With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16. Each pair of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of the previous block. To do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the block. We now form the keys Kn, for 1<=n<=16, by applying the following permutation table to each of the concatenated pairs CnDn. Each pair has 56 bits, but PC-2 only uses 48 of these. Therefore, the first bit of Kn is the 14th bit of CnDn, the second bit the 17th, and so on, ending with the 48th bit of Kn being the 32th bit of CnDn Step 2: Encode each 64-bit block of data. There is an initial permutation IP of the 64 bits of the message data M. Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32 bits. We now proceed through 16 iterations, for 1<=n<=16, using a function f which operates on two blocks--a data block of 32 bits and a key Kn of 48 bits--to produce a block of 32 bits. Let + denote XOR addition, (bit-by-bit addition modulo 2). Then for n going from 1 to 16 we calculate Ln = Rn-1 Rn = Ln-1 + f(Rn-1,Kn) This results in a final block, for n = 16, of L16R16. That is, in each iteration, we take the right 32 bits of the previous result and make them the left 32 bits of the current step. For the right 32 bits in the current step, we XOR the left 32 bits of the previous step with the calculation f.

Triple-DES Triple-DES is just DES with two 56-bit keys applied. Given a plaintext message, the first key is used to DES- encrypt the message. The second key is used to DESdecrypt the encrypted message. (Since the second key is not the right key, this decryption just scrambles the data further.) The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext. This three-step procedure is called triple-DES. Triple-DES is just DES done three times with two keys used in a particular order. (Triple-DES can also be done with three separate keys instead of only two. In either case the resultant key space is about 2^112.)

Q13. Write steps of Diffie Hellmen with example. The steps of Diffie Hellmen are:
1. Alice and Bob agree to use a prime number p=23 and base g=5.

2. Alice chooses a secret integer a=6, then sends Bob A = ga mod p

A = 56 mod 23 A = 15,625 mod 23 A=8

3. Bob chooses a secret integer b=15, then sends Alice B = gb mod p

B = 515 mod 23 B = 30,517,578,125 mod 23 B = 19

4. Alice computes s = B a mod p

s = 196 mod 23 s = 47,045,881 mod 23 s=2

5. Bob computes s = A b mod p

s = 815 mod 23 s = 35,184,372,088,832 mod 23 s=2

6. Alice and Bob now share a secret: s = 2. This is because 6*15 is the same as 15*6. So somebody who had known both these private integers might also have calculated s as follows:

s = 56*15 mod 23 s = 515*6 mod 23 s = 590 mod 23 s = 807,793,566,946,316,088,741,610,050,849,573,099,185,363,389,5 51,639,556,884,765,625 mod 23 s=2

Both Alice and Bob have arrived at the same value, because (ga)b and (gb)a are equal mod p. Note that only a, b and gab = gba mod p are kept secret. All the other values p, g, ga mod p, and gb mod p are sent in the clear. Once Alice and Bob compute the shared secret they can use it as an encryption key, known only to them, for sending messages across the same open communications channel. Of course, much larger values of a, b, and p would be needed to make this example secure, since it is easy to try all the possible values of gab mod 23. There are only 23 possible integers as the result of mod 23. If p were a prime of at least 300 digits, and a and b were at least 100 digits long, then even the best algorithms known today could not find a given only g, p, gb mod p and ga modp, even using all of mankind's computing power. The problem is known as the discrete logarithm problem. Note that g need not be large at all, and in practice is usually either 2 or 5.