UNIT V

SECURITY PRACTICE AND SYSTEM SECURITY

ELECTRONIC MAIL SECURITY – PGP, S/MIME – IP security – Web Security

SYSTEM SECURITY: Intruders – Malicious software – viruses – Firewalls.

SECURITY SERVICES FOR ELECTRONIC MAIL

✓ Privacy—the ability to keep anyone but the intended recipient from reading the message.
✓ Authentication—reassurance to the recipient of the identity of the sender.
✓ Integrity—reassurance to the recipient that the message has not been altered since it was transmitted by
the sender.
✓ Non-repudiation—the ability of the recipient to prove to a third party that the sender really did send the
message. This feature is also sometimes called third party authentication. The term non-repudiation
means that the sender cannot later deny sending the message.
✓ Proof of submission—verification given to the sender that the message was handed to the mail delivery
system (the same basic idea as sending certified mail through the U.S. postal service). With certified
postal mail you just receive proof that you sent something to a particular address on a particular date, but
with electronic mail it is possible to have the mail system verify acceptance of the contents of a
particular message, perhaps by signing the message digest of the contents of the message.
✓ Proof of delivery—verification that the recipient received the message. Postal mail has a similar feature
(return receipt requested), but again it only verifies that something was delivered on a particular date to
the recipient. With electronic mail it is possible to verify the contents, as we mentioned under proof of
submission.
✓ Message flow confidentiality—an extension of privacy such that Carol not only cannot know the
content of the message Alice sent Bob, but cannot even determine whether Alice sent Bob a message.
Anonymity—the ability to send a message so that the recipient can’t find out the identity of the sender.
✓ Containment—the ability of the network to keep certain security levels of information from leaking out
of a particular region.
✓ Audit—the ability of the network to record events that might have some security relevance, such as that
Alice sent a message to Bob on a particular date. This would be fairly straightforward to implement, but
is not mentioned in any of the secure mail standards, so we don’t have a section on it.
✓ Accounting—the ability of the mail system to maintain system usage statistics. In addition to providing
clues for system resource management, this information allows the mail system to charge its clients
according to their usage. For example, the system might charge by number of messages sent, as long as
the system itself authenticates the source of each message to ensure that the proper party is billed. Again,
there’s not much to say about this, so we don’t have a separate section on it.
✓ Self destruct—an option allowing a sender to specify that a message should be destroyed after delivery
to the recipient. This allows Alice to send a message to Bob that Bob cannot forward or store. The mail
system will decrypt and display the message, but then delete it. (Good morning Mr. Phelps...). This can
be implemented by marking the message as a self-destruct message, and having the mail program at the
destination cooperate by deleting the message immediately after displaying it.
✓ Message sequence integrity—reassurance that an entire sequence of messages arrived in the order
transmitted, without any loss.

PGP (PRETTY GOOD PRIVACY):

➢ PGP provides a confidentiality and authentication service that can be used for electronic mail
and file storage applications.
➢ Developed by Phil Zimmermann.

PGP has grown explosively and is now widely used. A number of reasons can be cited for this
growth.
1. It is available free worldwide in versions that run on a variety of platforms.
2. The commercial version satisfies users who want a product that comes with vendor support.
 3. It is based on algorithms that have survived extensive public review and are considered
extremely secure.
4. It has a wide range of applicability.
5. It was not developed by, nor is it controlled by, any governmental or standards organization.
6. PGP is now on an Internet standards track (RFC 3156; MIME Security with OpenPGP).
Nevertheless, PGP still has an feeling of an antiestablishment endeavor.

Operational Description:
The actual operation of PGP, as opposed to the management of keys, consists of five services:
authentication, confidentiality, compression, e-mail compatibility, and segmentation.

Authentication:
1. Sender creates message
2. Generates a digital signature for the message
3. Use SHA-1 to generate 160-bit hash of message
4. Signed hash with RSA using sender's private key, and is attached to message
5. Receiver uses RSA with sender's public key to decrypt and recover hash code
6. Receiver verifies received message using hash of it and compares with decrypted hash code
Confidentiality:
1. Sender generates a message and encrypts it.
2. Generates a128-bit random number as session key
3. Encrypts the message using CAST-128 / IDEA / 3DES in CBC mode with session key
4. Session key encrypted using RSA with recipient's public key and attached to the message.
5. Receiver uses RSA with private key to decrypt and recover session key
6. Session key is used to decrypt message

Compression
✓ PGP compresses messages to save space for e-mail transmission and storage.
✓ By default PGP compresses message after signing but before encrypting
o so can store uncompressed message & signature for later verification
o Encryption after compression strengthens security (because compression has less
redundancy)
✓ Uses ZIP compression algorithm
✓ Message encryption is applied after compression to strengthen cryptographic security. Because the
compressed message has less redundancy than the original plaintext, cryptanalysis is more difficult.

E-mail Compatibility
✓ When using PGP will have binary data (8-bit octets) to send (encrypted message, etc)
✓ However email was designed only for text
✓ Hence PGP must encode raw binary data into printable ASCII characters
✓ Uses radix-64 algorithm
 ✓ Maps three octets of binary data are mapped into four ASCII characters and also append a CRC to
detect the transmission errors.

Segmentation and Reassembly

✓ E-mail facilities often are restricted to a maximum message length. For example, many of the facilities
accessible through the Internet impose a maximum length of 50,000 octets.
✓ Any message longer than that must be broken up into smaller segments, each of which is mailed
separately.
✓ To accommodate this restriction, PGP automatically subdivides a message that is too large into
segments that are small enough to send via e-mail. The segmentation is done after all of the other
processing, including the radix-64 conversion.

Cryptographic keys and key rings

Three separate requirements can be identified with respect to these keys:

• A means of generating unpredictable session keys is needed.
• It must allow a user to have multiple public key/private key pairs.
• Each PGP entity must maintain a file of its own public/private key pairs as well as a file of
public keys of correspondents.

Session key generation

Each session key is associated with a single message and is used only for the purpose of encryption
and decryption of that message. Random 128-bit numbers are generated using CAST-128 itself.
The input to the random number generator consists of a 128-bit key and two 64-bit blocks that are
treated as plaintext to be encrypted. Using cipher feedback mode, the CAST-128 produces two 64-bit cipher
text blocks, which are concatenated to form the 128-bit session key.
 Transmission and Reception of PGP messages

The plaintext input to CAST-128 is itself derived from a stream of 128-bit randomized numbers.
These numbers are based on the keystroke input from the user.

b. Key identifiers
• Each PGP user has a pair of keyrings:
– public-key ring contains all the public-keys of other PGP users known to this user, indexed
by key ID
– private-key ring contains the public/private key pair(s) for this user, indexed by key ID &
encrypted keyed from a hashed passphrase
• Security of private keys thus depends on the pass-phrase security

PGP MESSAGE FORMAT:

Message consists of three components:
• Message component – includes actual data to be transmitted, as well as the filename and a
timestamp that specifies the time of creation.
• Session key component – includes session key and the identifier of the recipient public key.
• Signature component – includes the following
• Timestamp – time at which the signature was made.
• Message digest – hash code.
• Two octets of message digest – to enable the recipient to determine if the correct public key
was used to decrypt the message.
• Key ID of sender’s public key – identifies the public key
 Notation:
EkUb= encryption with user B’s Public key
EKRa= encryption with user A’s private key
EKs = encryption with session key
ZIP = Zip compression function
R64 = Radix- 64 conversion function

PGP provides a pair of data structures at each node, one to store the public/private key pair owned by
that node and one to store the public keys of the other users known at that node. These data structures are
referred to as private key ring and public key ring.

The general structures of the private and public key rings are shown below:
Timestamp - the date/time when this entry was made.
Key ID - the least significant bits of the public key.
Public key - public key portion of the pair.
Private Key - private key portion of the pair.
User ID - the owner of the key
Key legitimacy field – indicates the extent to which PGP will trust that this is a valid public key for
this user.

General Format of PGP message (From A to B)

Signature trust field – indicates the degree to which this PGP user trusts the signer to certify public key.
Owner trust field - indicates the degree to which this public key is trusted to sign other public key
certificates.
PGP message generation
First consider message transmission and assume that the message is to be both signed and encrypted. The
sending PGP entity performs the following steps:
1. Signing the message
• PGP retrieves the sender’s private key from the private key ring using user ID as an index. If user ID
was not provided, the first private key from the ring is retrieved.
• PGP prompts the user for the passphrase (password) to recover the unencrypted private key.
• The signature component of the message is constructed.
2. Encrypting the message
• PGP generates a session key and encrypts the message.
• PGP retrieves the recipient’s public key from the public key ring using user ID as index.

PGP message generation

The receiving PGP entity performs the following steps:
1. Decrypting the message
• PGP retrieves the receiver’s private key from the private key ring, using the key ID field in the
session key component of the message as an index.
• PGP prompts the user for the passphrase (password) to recover the unencrypted private key.
• PGP then recovers the session key and decrypts the message.

2. Authenticating the message

• PGP retrieves the sender’s public key from the public key ring, using the key ID field in the
signature key component of the message as an index.
• PGP recovers the transmitted message digest.
• PGP computes the message digest for the received message and compares it to the transmitted
message digest to authenticate.

PGP message reception

S/MIME
Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancement to the MIME Internet
e-mail format standard.

MULTIPURPOSE INTERNET MAIL EXTENSIONS

Multipurpose Internet Mail Extension (MIME) is an extension to the RFC 5322 framework that is intended
to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP)
1. SMTP cannot transmit executable files or other binary objects.
2. SMTP cannot transmit text data that includes national language characters,
3. SMTP servers may reject mail message over a certain size.
4. SMTP gateways that translate between ASCII and the character code EBCDIC do not use a consistent set
of mappings, resulting in translation problems.
5. SMTP gateways to X.400 electronic mail networks cannot handle non textual data included in X.400
messages.
MIME – HEADER FILES
The five header fields defined in MIME are
✓ MIME-Version: Must have the parameter value 1.0. This field indicates that the message conforms
to RFCs 2045 and 2046.
✓ Content-Type: Describes the data contained in the body with sufficient detail that the receiving user
agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal
with the data in an appropriate manner.
✓ Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent
the body of the message in a way that is acceptable for mail transport.
✓ Content-ID: Used to identify MIME entities uniquely in multiple contexts.
✓ Content-Description: A text description of the object with the body; this is useful when the object is
not readable (e.g., audio data).
MIME CONTENT TYPES
Type Subtype Description
Text Plain Unformatted text; may be ASCII or ISO 8859.
Enriched Provides greater format flexibility.
Mixed The different parts are independent but are to be
transmitted together. They should be presented to the
receiver in the order that they appear in the mail message.
Parallel Differs from Mixed only in that no order is defined for
delivering the parts to the receiver.
Multipart Alternative The different parts are alternative versions of the same
information. They are ordered in increasing faithfulness to
the original, and the recipient's mail system should display
the "best" version to the user.
Digest Similar to Mixed, but the default type/subtype of each part
is message/rfc822.
rfc822 The body is itself an encapsulated message that conforms
to RFC 822.
Partial Used to allow fragmentation of large mail items, in a way
Message
that is transparent to the recipient.
External- Contains a pointer to an object that exists elsewhere.
body
jpeg The image is in JPEG format, JFIF encoding.
Image
Gif The image is in GIF format.
Video mpeg MPEG format.
 Basic Single-channel 8-bit ISDN mu-law encoding at a sample
Audio
rate of 8 kHz.
PostScript Adobe Postscript.
Application octet-stream General binary data consisting of 8-bit bytes.

MIME TRANSFER ENCODINGS

S/MIME FUNCTIONALITY
✓ Enveloped data: This consists of encrypted content of any type and encrypted content encryption
keys for one or more recipients.
✓ Signed data: A digital signature is formed by taking the message digest of the content to be signed
and then encrypting that with the private key of the signer. The content plus signature are then
encoded using base64 encoding.
✓ Clear-signed data: As with signed data, a digital signature of the content is formed. However, in
this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME
capability can view the message content, although they cannot verify the signature.
✓ Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that
encrypted data may be signed and signed data or clear-signed data may be encrypted.
CRYPTOGRAPHIC ALGORITHMS
✓ Create message digest to form digital signature
o Must use SHA-1, Should support MD5
✓ Encrypt message digest to form signature
o Must support DSS, Should support RSA
✓ Encrypt session key for transmission
o Should support Diffie-Hellman, Must support RSA
✓ Encrypt message for transmission with one-time session key
o Must support triple DES, Should support AES, Should support RC2/40
✓ Create a message authentication code
o Must support HMAC with SHA-1, Should support HMAC with SHA-1
S/MIME – ENHANCED SECURITY SERVICES
✓ Signed receipts --The receiver returns a signed receipt back to the sender to verify the message
arrived
✓ Security labels --Permission, priority or role of message being sent
✓ Secure mailing lists--Sending to multiple recipients at once securely by using a public key for the
whole mailing list

S/MIME CERTIFICATE PROCESSING

✓ S/MIME uses X.509 v3 certificates
✓ managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
✓ each client has a list of trusted CA’s certs
✓ and own public/private key pairs & certs
✓ certificates must be signed by trusted CA’s
S/MIME Messages
Table 2: S/MIMEContent Types
Type Subtype SMIME Description
Parameter
Multipart Signed A clear-signed message in two
parts: one is the message and the
other is the signature.
PKCS 7- Signed Data A signed S/MIME entity.
MIME
PKCS 7- Enveloped An encrypted S/MIME entity.
MIME Data
PKCS 7- degenerate An entity containing only public-
//Application MIME signed Data key certificates.
PKCS 7- Compressed A compressed S/MIME entity
MIME Data
PKCS 7- signed Data The content type of the signature
SIGNATURE subpart of a multipart/signed
message.

SECURING A MIME ENTITY

✓ S/MIME secures a MIME entity with a signature, encryption, or both.
✓ A MIME entity may be an entire message or if the MIME content type is multipart, then a MIME
entity is one or more of the subparts of the message.
✓ The MIME entity is prepared according to the normal rules for MIME message preparation.

ENVELOPED DATA
The steps for preparing an envelopedData MIME entity are
1. Generate a pseudorandom session key for a particular symmetric encryption algorithm (RC2/40 or
triple DES).
2. For each recipient, encrypt the session key with the recipient’s public RSA key.
3. For each recipient, prepare a block known as RecipientInfo that contains an identifier of the
recipient’s public-key certificate, for an identifier of the algorithm used to encrypt the session key,
and the encrypted session key.
4. Encrypt the message content with the session key.
The RecipientInfo blocks followed by the encrypted content constitute the envelopedData. This information
is then encoded into base64.

SIGNED DATA
The signedData smime-type can be used with one or more signers. The steps for preparing a signedData
MIME entity are
1. Select a message digest algorithm (SHA or MD5).
2. Compute the message digest (hash function) of the content to be signed.
3. Encrypt the message digest with the signer’s private key.
4. Prepare a block known as SignerInfo that contains the signer’s public key certificate, an identifier
of the message digest algorithm, an identifier of the algorithm used to encrypt the message digest,
and the encrypted message digest.
✓ The signedData entity consists of a series of blocks, including a message digest algorithm identifier, the
message being signed, and SignerInfo. The signedData entity may also include a set of public-key
certificates sufficient to constitute a chain from a recognized root or top-level certification authority to
the signer. This information is then encoded into base64.
Clear Signing
• Achieved using the multipart content type with a signed subtype
• This signing process does not involve transforming the message to be signed
• Recipients with MIME capability but not S/MIME capability are able to read the incoming message

REGISTRATION REQUEST
The certification request includes certification RequestInfo block, followed by an identifier of the public-key
encryption algorithm, followed by the signature of the certificationRequestInfo block made using the
sender’s private key.
The certificationRequestInfo block includes a name of the certificate subject (the entity whose public key is
to be certified) and a bit-string representation of the user’s public key.

CERTIFICATES-ONLY MESSAGE
A message containing only certificates or a certificate revocation list (CRL) can be sent in response to a
registration request. The message is an application/pkcs7-mime type/subtype with ansmime-type parameter
of degenerate. The steps involved are the same as those for creating a signedData message, except that there
is no message content and the signerInfo field is empty.

USER AGENT ROLE

An S/MIME user has several key-management functions to perform.
✓ Key generation: The user of some related administrative utility (e.g., one associated with LAN
management) MUST be capable of generating separate Diffie-Hellman and DSS key pairs and
SHOULD be capable of generating RSA key pairs. Each key pair MUST be generated from a good
source of nondeterministic random input and be protected in a secure fashion. A user agent
SHOULD generate RSA key pairs with a length in the range of 768 to 1024 bits and MUST NOT
generate a length of less than 512 bits.
✓ Registration: A user’s public key must be registered with a certification authority in order to receive
an X.509 public-key certificate.
✓ Certificate storage and retrieval: User requires access in order to verify incoming signatures and
outgoing messages. Such list is maintained by the user or some administrator.

IP SECURITY

OVERVIEW OF IPSEC

Applications of IPSec
IPSec provides the capability to secure communications across a LAN, across private and public
WANs, and across the Internet. Examples of its use include the following:
• Secure branch office connectivity over the Internet
• 2 Secure remote access over the Internet
• Establishing extranet and intranet connectivity with partners
• Enhancing electronic commerce security

Benefits of IPSec:
• When IPSec is implemented in a firewall or router, it provides strong security
• IPSec in a firewall is resistant to bypass if all traffic from the outside must use IP, and the
firewall is the only means of entrance from the Internet into the organization.
• IPSec is below the transport layer (TCP, UDP) and so is transparent to applications. There is
no need to change software on a user or server system when IPSec is implemented in the
firewall or router.
• IPSec can be transparent to end users. There is no need to train users on security mechanisms
• IPSec can provide security for individual users if needed.
Routing Applications
IPSec can play a vital role in the routing architecture required for internet working.
The following are examples of the use of IPSec. IPSec can assure that
• A router advertisement (a new router advertises its presence) comes from an authorized
router
• A neighbor advertisement (a router seeks to establish or maintain a neighbor relationship with
a router in another routing domain) comes from an authorized router.
• A redirect message comes from the router to which the initial packet was sent.
• A routing update is not forged.

ARCHITECTURE OF IP SECURITY
✓ Fundamental to the operation of IPsec is the concept of a security policy applied to each IP packet that
transits from a source to a destination.
✓ IPsec policy is determined primarily by the interaction of two databases, the security association
database (SAD) and the security policy database (SPD).
✓ Security Associations: A key concept that appears in both the authentication and confidentiality
mechanisms for IP is the security association (SA).
✓ An association is a one-way logical connection between a sender and a receiver that affords security
services to the traffic carried on it. If a peer relationship is needed for two-way secure exchange, then
two security associations are required.
✓ Security services are afforded to an SA for the use of AH or ESP, but not both.

IP Sec Architecture
A security association is uniquely identified by three parameters.
✓ Security Parameters Index (SPI): A bit string assigned to this SA and having local significance only.
The SPI is carried in AH and ESP headers to enable the receiving system to select the SA under which a
received packet will be processed.
✓ IP Destination Address: This is the address of the destination endpoint of the SA, which may be an
end-user system or a network system such as a firewall or router.
✓ Security Protocol Identifier: This field from the outer IP header indicates whether the association is an
AH or ESP security association. Hence, in any IP packet, the security association is uniquely identified
by the Destination Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH
or ESP).
SECURITY ASSOCIATION DATABASE
A security association is normally defined by the following parameters in an SAD entry.
✓ Security Parameter Index: A 32-bit value selected by the receiving end of an SA to uniquely
identify the SA. SPI is used to construct the packet’s AH or ESP header.
✓ Sequence Number Counter: A 32-bit value used to generate the Sequence Number field in AH or
ESP headers.
✓ Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number Counter
should generate an auditable event and prevent further transmission of packets on this SA.
✓ Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay.
✓ AH Information: Authentication algorithm, keys, key lifetimes, and related parameters being used
with AH.
✓ ESP Information: Encryption and authentication algorithm, keys, initialization values, key
lifetimes, and related parameters being used with.
✓ Lifetime of this Security Association: A time interval or byte count after which an SA must be
replaced with a new SA (and new SPI) or terminated, plus an indication of which of these actions
should occur.
✓ IPsec Protocol Mode: Tunnel, transport, or wildcard.
✓ Path MTU: Any observed path maximum transmission unit (maximum size of a packet that can be
transmitted without fragmentation) and aging.

SECURITY POLICY DATABASE

The means by which IP traffic is related to specific SAs (or no SA in the case of traffic allowed to bypass
IPsec) is the nominal Security Policy Database (SPD).
The following selectors determine an SPD entry:
✓ Remote IP Address: This may be a single IP address, an enumerated list or range of addresses, or a
wildcard (mask) address. The latter two are required to support more than one destination system
sharing the same SA (e.g., behind a firewall).
✓ Local IP Address: This may be a single IP address, an enumerated list or range of addresses, or a
wildcard (mask) address. The latter two are required to support more than one source system sharing
the same SA (e.g., behind a firewall).
✓ Next Layer Protocol: The IP protocol header (IPv4, IPv6, or IPv6 Extension) includes a field
(Protocol for IPv4, Next Header for IPv6 or IPv6 Extension) that designates the protocol operating
over IP. This is an individual protocol number, ANY, or for IPv6 only, OPAQUE. If AH or ESP is
used, then this IP protocol header immediately proceeds the AH or ESP header in the packet.
✓ Name: A user identifier from the operating system. This is not a field in the IP or upper-layer headers
but is available if IPsec is running on the same operating system as the user.
 ✓ Local and Remote Ports: These may be individual TCP or UDP port values, an enumerated list of
ports, or a wildcard port.

IP TRAFFIC PROCESSING
IPsec is executed on a packet-by-packet basis. When IPsec is implemented, each outbound IP packet is
processed by the IPsec logic before transmission, and each inbound packet is processed by the IPsec logic
after reception and before passing the packet contents on to the next higher layer.

OUTBOUND PACKETS
A block of data from a higher layer, such as TCP, is passed down to the IP layer and an IP packet is formed,
consisting of an IP header and an IP body. Then the following steps occur:
✓ IPsec searches the SPD for a match to this packet.
✓ If no match is found, then the packet is discarded and an error message is generated.
✓ If a match is found, further processing is determined by the first matching entry in the SPD. If the policy
for this packet is DISCARD, then the packet is discarded. If the policy is BYPASS, then there is no
further IPsec processing; the packet is forwarded to the network for transmission.
✓ If the policy is PROTECT, then a search is made of the SAD for a matching entry. If no entry is found,
then IKE is invoked to create an SA with the appropriate keys and an entry is made in the SA.
✓ The matching entry in the SAD determines the processing for this packet. Either encryption,
authentication, or both can be performed, and either transport or tunnel mode can be used. The packet is
then forwarded to the network for transmission.

Processing Model for Outbound Packets

INBOUND PACKETS
An incoming IP packet triggers the IPsec processing. The following steps occur:
1. IPsec determines whether this is an unsecured IP packet or one that has ESP or AH headers/trailers,
by examining the IP Protocol field (IPv4) or Next Header field (IPv6).
2. If the packet is unsecured, IPsec searches the SPD for a match to this packet. If the first matching
entry has a policy of BYPASS, the IP header is processed and stripped off and the packet body is
delivered to the next higher layer, such as TCP. If the first matching entry has a policy of PROTECT
or DISCARD, or if there is no matching entry, the packet is discarded.
3. For a secured packet, IPsec searches the SAD. If no match is found, the packet is discarded.
Otherwise, IPsec applies the appropriate ESP or AH processing. Then, the IP header is processed and
stripped off and the packet body is delivered to the next higher layer, such as TCP.
IP Security Header:
1)Authentication Header(AH)
2) Encapsulating Security Payload(ESP)

Authentication Header
➢ The Authentication Header provides support for data integrity and authentication of IP packets.
➢ The Authentication Header consists of the following fields:
• Next Header (8 bits): Identifies the type of header immediately following this header.
• Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2.
• Reserved (16 bits): For future use.
• Security Parameters Index (32 bits): Identifies a security association.
• Sequence Number (32 bits): A monotonically increasing counter value. This can recognize
replayed packets and discard them.
• Authentication Data (variable): A variable-length field (must be an integral number of 32-bit
words) that contains the Integrity Check Value (ICV) or MAC produced by MAC algorithm.

IPSec Authentication Header

Anti-Replay Service
A replay attack is one in which an attacker obtains a copy of an authenticated packet and later
transmits it to the intended destination.
When a new SA is established, the sender initializes a sequence number counter to 0. Each time that
a packet is sent on this SA, the sender increments the counter and places the value in the Sequence Number
field. Thus, the first value to be used is 1.
If anti-replay is enabled (the default), the sender must not allow the sequence number to cycle past
32
2 -1 back to zero. Otherwise, there would be multiple valid packets with the same sequence number. If the
limit of 232-1 is reached, the sender should terminate this SA and negotiate a new SA with a new key.

Encapsulating Security Payload

The Encapsulating Security Payload provides confidentiality services, including confidentiality of
message contents and limited traffic flow confidentiality. It allows for encryption and integrity protection.
 The diagram shows the format of an ESP packet. It contains the following fields:
➢ Security Parameters Index (32 bits): Identifies a security association.
➢ Sequence Number (32 bits): A monotonically increasing counter value; this provides an anti-replay
function, as discussed for AH.
➢ Payload Data (variable): This is a transport-level segment (transport mode) or IP packet (tunnel
mode) that is protected by encryption.
➢ Padding (0-255 bytes): is used for various purposes. Additional padding may be added to provide
partial traffic flow confidentiality by concealing the actual length of the payload.
➢ Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field.
➢ Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying
the first header in that payload (for example, an extension header in IPv6, or an upper-layer protocol
such as TCP).
➢ Authentication Data (variable): A variable-length field (must be an integral number of 32-bit
words) that contains the Integrity Check Value computed over the ESP packet minus the
Authentication Data field.

Modes of Transfer
Both AH and ESP support two modes of use: transport and tunnel mode.

Transport Mode:
Transport mode provides protection primarily for upper-layer protocols. That is, transport mode
protection extends to the payload of an IP packet.
Tunnel Mode:
Tunnel mode provides protection to the entire IP packet. To achieve this, after the AH or ESP fields
are added to the IP packet, the entire packet plus security fields is treated as the payload of new "outer" IP
packet with a new outer IP header.
The entire original, or inner, packet travels through a "tunnel" from one point of an IP network to
another; no routers along the way are able to examine the inner IP header. Because the original packet is
encapsulated, the new, larger packet may have totally different source and destination addresses, adding to
the security.

AH & ESP IN IPV4:

For transport mode AH using IPv4, the AH is inserted after the original IP header and before the IP
payload
For tunnel mode AH, the entire original IP packet is authenticated, and the AH is inserted between
the original IP header and a new outer IP header
AH & ESP USING IPV6

Transport Mode:
For this mode using IPv4, the ESP header is inserted into the IP packet immediately prior to the
transport-layer header (e.g., TCP, UDP, ICMP) and an ESP trailer (Padding, Pad Length, and Next Header
fields) is placed after the IP packet; if authentication is selected, the ESP Authentication Data field is added
after the ESP trailer.
The entire transport-level segment plus the ESP trailer are encrypted. Authentication covers all of the
cipher text plus the ESP header.
Transport mode operation provides confidentiality for any application that uses it, thus avoiding the
need to implement confidentiality in every individual application. This mode of operation is also reasonably
efficient, adding little to the total length of the IP packet. One drawback to this mode is that it is possible to
do traffic analysis on the transmitted packets.

Tunnel Mode ESP:

Tunnel mode ESP is used to encrypt an entire IP packet. For this mode, the ESP header is prefixed to
the packet and then the packet plus the ESP trailer is encrypted. This method can be used to counter traffic
analysis.
Because the IP header contains the destination address and possibly source routing directives and
hop-by-hop option information, it is not possible simply to transmit the encrypted IP packet prefixed by the
ESP header. Intermediate routers would be unable to process such a packet.
Therefore, it is necessary to encapsulate the entire block (ESP header plus cipher text plus
Authentication Data, if present) with a new IP header that will contain sufficient information for routing but
not for traffic analysis.

AH FORMAT IN IPV6:
ESP FORMAT IN IPV6:

Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding)

• is the protocol used to set up a secure, authenticated communications channel between
two parties.
• IKE typically uses X. 509 PKI certificates for authentication and the Diffie–
Hellman key exchange protocol to set up a shared session secret.

8 phase 1 IKE protocols :

1. Public Signature Keys, Main Mode

2. Public Signature Keys, Aggressive Mode
3. Public Encryption Key, Main Mode, Original
4. Public Encryption Key, Aggressive Mode, Original
5. Public Encryption Key, Main Mode, Revised
6. Public Encryption Key, Aggressive Mode, Revised
7. Shared Secret Key, Main Mode
8. Shared Secret Key, Aggressive Mode

In the first message, Alice transmits her “cookie” value. After that, all messages start with the cookie pair
(initiator cookie, responder cookie), and that pair serves as the IKE connection identifier.
✓ Note that in an IKE exchange between Alice and Bob, all messages start with the same cookie pair,
in the same order.
✓ If Alice initiated the IKE connection, her cookie value always appears in the “initiator cookie” field.
 ✓ To reduce clutter, we won’t write “(initiator cookie, responder cookie)” in the figures for the
messages. To reduce clutter, CP indicates crypto proposal, and CPA indicates crypto proposal
accepted.

1. Public Signature Keys, Main Mode

✓ In this mode, the two parties have public keys capable of doing signatures. Both endpoint identifiers
are hidden from an eavesdropper, but an active attacker can figure out the initiator’s identity.
✓ The reason for including nonces in messages 3 and 4 is so that Alice and/or Bob can save themselves
computation by using the same Diffie-Hellman private value for many exchanges.
✓ If they always use the same value, then there will not be perfect forward secrecy, so it’s a good idea
to change it periodically.

Figure: Public signature keys, main mode

2. Public Signature Keys, Aggressive Mode

Figure: Public signature keys, aggressive mode

Note that messages 2 and 3 are not encrypted, even though the same information is encrypted in the
main mode public signature key variant. The identities could have been encrypted and have the exchange
still be 3 messages

3. Public Encryption Key, Main Mode, Original

Figure: Public Encryption Keys, main mode, original protocol

✓ IKE specifies 4 different phase-1 protocols for public encryption keys, because the original protocols
(main mode and aggressive mode) were inefficient (separately encrypted multiple fields with public
 keys, requiring multiple private key operations). It’s astonishing that they left the original protocols
in the spec once they redesigned them.
✓ A problem with this variant is that in message 3 there are two fields separately encrypted with Bob’s
public key, so he needs to do two private key operations to decrypt it. Likewise Alice needs to do
two private key operations to decrypt message 4.

4. Public Encryption Key, Aggressive Mode, Original

Figure: Public Encryption Keys, aggressive mode, original protocol

✓ This protocol is almost the same as the main mode version except that messages 1 and 2 are removed
(and crypto suites other than Diffie-Hellman group are negotiated in parallel with the other
information in messages 1 and 2) and Bob provides his proof in message 2 rather than, as in main
mode, doing it after Alice presents her proof.
✓ The proof consists of a hash of the nonce presented by the other side (which requires knowledge of
the private key to decrypt), along with the Diffie-Hellman values and the cookie values.

5. Public Encryption Key, Main Mode, Revised

The public encryption protocol was revised to require only a single private key operation on each side
(rather than two in the original). This is done by encrypting with a secret key which is a function of the
nonce, and the nonce is encrypted with the other side’s public key. Thus the other side uses its private key to
retrieve the nonce, but then decrypts the other fields with a secret key.
The revised protocol allows Alice to optionally send Bob her certificate. It still has the problem that
Alice needs to know Bob’s public key.

Figure: Public Encryption Keys, main mode, revised protocol

6. Public Encryption Key, Aggressive Mode, Revised

Figure : Public Encryption Keys, aggressive mode, revised protocol

7. Shared Secret Key, Main Mode

✓ This is the one required protocol. And it is the most broken. One situation in which this protocol
might be useful is in the “road warrior” case, where an employee’s laptop is configured with a shared
secret with the company’s firewall.
✓ This would allow the employee to authenticate to the firewall and establish an encrypted tunnel. But
the way this mode is designed requires the identities to be the IP addresses. This makes it useless in
the road warrior case, because a road warrior’s IP address is dependent on where she is that day.
✓ The problem with this protocol is that Alice sends her identity in message 5 encrypted with a key K
which is a function of the shared secret J. Bob can’t decrypt message 5 in order to find out who he’s
talking to unless he knows J, which means he needs to know who he’s talking to. The working group
noticed this, and rather than fixing the protocol (which wouldn’t have been hard), they instead said
that in this mode Alice’s identity has to be her IP address! This makes it almost useless in practice,
and it certainly doesn’t hide identities.

8. Shared Secret Key, Aggressive Mode

This protocol doesn’t have the problem that the main mode shared secret protocol has, because the
identities are not sent encrypted.

Figure: Pre-shared secret, main mode

Figure: Pre-shared secret, aggressive mode

ISAKMP/IKE encoding

✓ Messages have a fixed header, and then a sequence of what ISAKMP refers to as payloads. Similar
in spirit to IPv6 extension headers, each payload starts with TYPE OF NEXT PAYLOAD and
LENGTH OF THIS PAYLOAD.
The payload types are:
✓ 0 = end (i.e., no next payload)
✓ 1 = SA (security association): contains DOI and “situation”, a modifier of DOI, and must include
payloads 2 and 3
✓ 2 = P (proposal): proposed SPI, or SPI in reverse direction
✓ 3 = T (transform): cryptographic choices
✓ 4 = KE (key exchange):, the Diffie-Hellman value
✓ 5 = ID (endpoint identifier in phase 1, traffic selector in phase 2)
✓ 6 = CERT (certificate)
✓ 7 = CR (certificate request) (can include the name of the certifier from whom you’d like a certificate)
✓ 8 = hash (some sort of checksum)
✓ 9 = signature
✓ 10 = nonce
✓ 11 = notification
✓ 12 = delete (subtype of notification, meaning you are closing this SPI)
✓ 13 = vendor ID (can be thrown in to show what implementation you’re using). To avoid dealing with
a registry of vendor IDs, and allowing the field to be fixed size, this is an MD of some sort of string
guaranteed to uniquely describe the vendor, such as its name and telephone number.
✓ 14–127 reserved for future use
✓ 128–255 = private use (i.e., so NSA can use it and not publish what they’re using it for)
ISAKMP FORMAT
Fixed Header
All messages start with a 28-octet fixed length header.
#
octets
8 initiator’s cookie
8 responder’s cookie
1 next payload
1 version number (major/minor)
1 exchange type
1 Flags
4 message ID
4 message length (in units of (after encryption)
octets)
The fields are:
✓ initiator’s cookie (8 octets)
✓ responder’s cookie (8 octets). Note this will =0 in the first message, since it is unknown at that point
✓ next payload type
✓ version (1 octet). This is worth ranting about. The version number field is divided into two 4-bit
fields. The intention is that the top nibble is the major version number and the bottom nibble is the
minor version number.
✓ exchange type (1 octet). The values defined are:
▪ 1 = base. An exchange type defined by ISAKMP but not used by IKE. This adds an extra
message to aggressive mode, so that Alice (the initiator) can send her proposed parameters
before sending her Diffie-Hellman value, so that the Diffie-Hellman group could also be
negotiated.
▪ 2 = identity protection. This is what is called “main mode” in IKE.
▪ 3 = authentication only. Not used by IKE.
▪ 4 = aggressive. Same as what’s called “aggressive mode” in IKE.
▪ 5 = informational. Not really an “exchange”, since it’s a single message without an
acknowledgment, used to tell the other side something such as that you are refusing the
connection because you don’t like the version number.
▪ 6–31 = reserved values by ISAKMP for assignment by IANA as new ISAKMP exchange
types
▪ 32–239 = to be defined within a particular DOI
▪ 240–255 = for private use
✓ flags:
o bit 0 (LSB): encrypted—whether the fields after the header are encrypted
o bit 1: commit—A flag so badly named, and so confusingly defined in ISAKMP, that IKE
wound up using the same bit and the same name for almost the opposite purpose.
o bit 2: authentication only—this means that the fields after the header are not encrypted. This
bit gives no additional information over merely not setting the “encrypted” flag.
✓ Message ID: Unique ID for this message.
✓ Message length: Length of entire message, in units of octets.

Payload Portion of ISAKMP Messages

After the fixed header comes a set of ISAKMP “payloads”, reminiscent of IPv6 “next headers”. Each
one starts with four octets consisting of:.
#
octets
1 type of next payload
1 reserved (unused, set to
zero)
2 length of this payload
The encoding would be more intuitive to have each payload indicate the type of that payload rather than the
following one, but this way works too. It’s this way because it looks more like IPv6.
SA Payload
✓ Assembly of SA payload requires great peace of mind. The SA payload for IKE includes the P
(proposal) and T (transform) payloads. The encoding is extremely confusing for no good reason.
✓ The SA, P and T each look like independent payloads, but ISAKMP defines Ts as being carried
inside a P, and Ps carried inside an SA payload. For example, if you have an SA payload that
includes 2 proposals, the first of which includes 4 transforms, and the second of which includes 2
transforms, you’d have the payloads SA, P, T, T, T, T, P, T, T.
Payload Length in SA, P, and T Payloads
✓ The PAYLOAD LENGTH in the SA payload is the length of the entire set of the payloads
consisting of the SA and all Ps and Ts associated with that SA. The payload length of each P is
the length of that P payload plus the T payloads that follow. The payload length of each T payload is
actually the length of that T payload.

WEB SECURITY CONSIDERATIONS

The World Wide Web is fundamentally a client/server application running over the Internet and
TCP/IP intranets.

Web Security Threats

A Comparison of Threats on the Web

Threats Consequences Countermeasures

Integrity Modification of user Loss of information Cryptographic
data Trojan horse Compromise of checksums
browser machine
Modification of Vulnerability to all
memory other threats
Modification of
message traffic in transit
Confidentiality Eavesdropping on the Loss of information Encryption, web proxies
Net Theft of info from Loss of privacy
server Theft of data
from client Info about
network configuration
Info about which client
talks to server
Denial of Killing of user threads Disruptive Annoying Difficult to prevent
Service Flooding machine with Prevent user from
Bogus requests getting work done
Filling up disk or
memory Isolating
machine by DNS
attacks
Authentication Impersonation of Misrepresentation of Cryptographic
legitimate users Data user Belief that false techniques
forgery information is valid

SECURE SOCKET LAYER AND TRANSPORT LAYER SECURITY

SSL:
SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
Two important SSL concepts are the SSL session and the SSL connection, which are defined in the
specification as follows:
Connection:
A connection is a transport (in the OSI layering model definition) that provides a suitable type of
service. For SSL, such connections are peer-to-peer relationships. The connections are transient. Every
connection is associated with one session.
Session:
An SSL session is an association between a client and a server. Sessions are created by the
Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared among
multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for
each connection.
A session state is defined by the following parameters
• Session identifier
• Peer certificate
• Compression method
• Cipher spec
• Master secret
• Is resumable
A connection state is defined by the following parameters:
• Server and client random
• Server write MAC secret
• Client write MAC secret
• Server write key
• Client write key.
• Initialization vectors
• Sequence numbers

SSL Architecture:

SSL itself is not a single layer protocol as depicted in the image; in fact it is composed of two sub-layers.
• Lower sub-layer comprises of the one component of SSL protocol called as SSL Record Protocol.
This component provides integrity and confidentiality services.
• Upper sub-layer comprises of three SSL-related protocol components and an application protocol.
Application component provides the information transfer service between client/server interactions.
Technically, it can operate on top of SSL layer as well. Three SSL related protocol components are
o SSL Handshake Protocol
o Change Cipher Spec Protocol
o Alert Protocol.
SSL Record Protocol
The SSL Record Protocol provides two services for SSL connections:
Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional
encryption of SSL payloads.
Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a
message authentication code (MAC).
The diagram indicates the overall operation of the SSL Record Protocol. The Record Protocol takes
an application message to be transmitted, fragments the data into manageable blocks, optionally compresses
the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.
Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level
users.
The first step is fragmentation. Each upper-layer message is fragmented into blocks of 214 bytes
(16384 bytes) or less. Next, compression is optionally applied. Compression must be lossless and may not
increase the content length by more than 1024 bytes. In SSLv3 (as well as the current version of TLS), no
compression algorithm is specified, so the default compression algorithm is null.
The next step in processing is to compute a message authentication code over the compressed data.

The final step of SSL Record Protocol processing is to prepend a header, consisting of the
following fields:
• Content Type (8 bits): The higher layer protocol used to process the enclosed fragment.
• Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.
• Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.
• Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed
fragment if compression is used). The maximum value is 214 + 2048.

Fig: SSL Record Protocol Operation

• ChangeCipherSpec Protocol
✓ Simplest part of SSL protocol. It comprises of a single message exchanged between two
communicating entities, the client and the server.
✓ As each entity sends the ChangeCipherSpec message, it changes its side of the connection into the
secure state as agreed upon.
✓ The cipher parameters pending state is copied into the current state.
✓ Exchange of this Message indicates all future data exchanges are encrypted and integrity is
protected.
• SSL Alert Protocol

✓ This protocol consists of a single message which consists of a single byte with the value Alert
Protocol
✓ The Alert Protocol is used to convey SSL-related alerts to the peer entity.
✓ Each message in this protocol consists of two bytes.
✓ The first byte takes the value warning(1) or fatal(2) to convey the severity of the message.
✓ The second byte contains a code that indicates the specific alert. This protocol is used to report
errors – such as unexpected message, bad record MAC, security parameters negotiation failed, etc.
✓ It is also used for other purposes – such as notify closure of the TCP connection, notify receipt of
bad or unknown certificate, etc.
 • SSL Handshake Protocol
✓ It is the most complex part of SSL. It is invoked before any application data is transmitted. It
creates SSL sessions between the client and the server.
✓ Establishment of session involves Server authentication, Key and algorithm negotiation,
Establishing keys and Client authentication (optional).
✓ A session is identified by unique set of cryptographic security parameters.
✓ Multiple secure TCP connections between a client and a server can share the same session.
✓ Handshake protocol actions through four phases. These are discussed in the next section.

Establishment of SSL Session

As discussed above, there are four phases of SSL session establishment. These are mainly handled by SSL
Handshake protocol.

Phase 1 − Establishing security capabilities.

• This phase comprises of exchange of two messages – Client_hello and Server_hello.

• Client_hello contains of list of cryptographic algorithms supported by the client, in decreasing order
of preference.
 • Server_hello contains the selected Cipher Specification (CipherSpec) and a new session_id.
• The CipherSpec contains fields like −
✓ Cipher Algorithm (DES, 3DES, RC2, and RC4)
✓ MAC Algorithm (based on MD5, SHA-1)
✓ Public-key algorithm (RSA)
✓ Both messages have “nonce” to prevent replay attack.
Phase 2 − Server authentication and key exchange.

• Server sends certificate. Client software comes configured with public keys of various “trusted”
organizations (CAs) to check certificate.
• Server sends chosen cipher suite.
• Server may request client certificate. Usually it is not done.
• Server indicates end of Server_hello.
Phase 3 − Client authentication and key exchange.

✓ Client sends certificate, only if requested by the server.

✓ It also sends the Pre-master Secret (PMS) encrypted with the server’s public key.
✓ Client also sends Certificate_verify message if certificate is sent by him to prove he has the
private key associated with this certificate. Basically, the client signs a hash of the previous
messages.
Phase 4 − Finish.
 ✓ Client and server send Change_cipher_spec messages to each other to cause the pending cipher
state to be copied into the current state.
✓ From now on, all data is encrypted and integrity protected.
✓ Message “Finished” from each end verifies that the key exchange and authentication processes
were successful.
All four phases, discussed above, happen within the establishment of TCP session. SSL session
establishment starts after TCP SYN/ SYNACK and finishes before TCP Fin.

SSL Session Keys

We have seen that during Phase 3 of SSL session establishment, a pre-master secret is sent by the client to
the server encrypted using server’s public key. The master secret and various session keys are generated as
follows −
✓ The master secret is generated (via pseudo random number generator) using −
▪ The pre-master secret.
▪ Two nonces (RA and RB) exchanged in the client_hello and server_hello messages.
✓ Six secret values are then derived from this master secret as −
▪ Secret key used with MAC (for data sent by server)
▪ Secret key used with MAC (for data sent by client)
▪ Secret key and IV used for encryption (by server)
▪ Secret key and IV used for encryption (by client)
TLS Protocol
In order to provide an open Internet standard of SSL, IETF released The Transport Layer Security (TLS)
protocol in January 1999. TLS is defined as a proposed Internet Standard in RFC 5246.

Salient Features
✓ TLS protocol has same objectives as SSL.
✓ It enables client/server applications to communicate in a secure manner by authenticating,
preventing eavesdropping and resisting message modification.
✓ TLS protocol sits above the reliable connection-oriented transport TCP layer in the networking
layers stack.
✓ The architecture of TLS protocol is similar to SSLv3 protocol. It has two sub protocols: the TLS
Record protocol and the TLS Handshake protocol.
✓ Though SSLv3 and TLS protocol have similar architecture, several changes were made in
architecture and functioning particularly for the handshake protocol.
Comparison of TLS and SSL Protocols
There are main eight differences between TLS and SSLv3 protocols. These are as follows −

1)Protocol Version − The header of TLS protocol segment carries the version number 3.1 to differentiate
between number 3 carried by SSL protocol segment header.
2)Message Authentication − TLS employs a keyed-hash message authentication code (H-MAC). Benefit is
that H-MAC operates with any hash function, not just MD5 or SHA, as explicitly stated by the SSL
protocol.
3)Session Key Generation − There are two differences between TLS and SSL protocol for generation of
key material. Method of computing pre-master and master secrets is similar. But in TLS protocol,
computation of master secret uses the HMAC standard and pseudorandom function (PRF) output instead of
ad-hoc MAC. The algorithm for computing session keys and initiation values (IV) is different in TLS than
SSL protocol.
4)Alert Protocol Message −TLS protocol supports all the messages used by the Alert protocol of SSL,
except No certificate alert message being made redundant. The client sends empty certificate in case client
authentication is not required.Many additional Alert messages are included in TLS protocol for other error
conditions such as record_overflow, decode_error etc.
5)Supported Cipher Suites − SSL supports RSA, Diffie-Hellman and Fortezza cipher suites. TLS protocol
supports all suits except Fortezza.

6)Client Certificate Types − TLS defines certificate types to be requested in a certificate_request message.
SSLv3 support all of these. Additionally, SSL support certain other types of certificate such as Fortezza.

7)CertificateVerify and Finished Messages −In SSL, complex message procedure is used for
the certificate_verify message. With TLS, the verified information is contained in the handshake messages
itself thus avoiding this complex procedure. Finished message is computed in different manners in TLS and
SSLv3.
8)Padding of Data − In SSL protocol, the padding added to user data before encryption is the minimum
amount required to make the total data-size equal to a multiple of the cipher’s block length. In TLS, the
padding can be any amount that results in data-size that is a multiple of the cipher’s block length, up to a
maximum of 255 bytes.
The above differences between TLS and SSLv3 protocols are summarized in the following table.

SET FOR E-COMMERCE TRANSACTIONS

✓ The Secure Electronic Transaction (SET) is a protocol designed for protecting credit card
transactions over the Internet.
✓ It is an industry-backed standard that was formed by MasterCard and Visa (acting as the governing
body) in February 1996.
✓ SET relies on cryptography and X.509 v3 digital certificates to ensure message confidentiality and
security.
✓ SET is the only Internet transaction protocol to provide security through authentication. It combats
the risk of transaction information being altered in transit by keeping information securely encrypted
at all times and by using digital certificates to verify the identity of those accessing payment details.
Business Requirements for SET
1. Confidentiality of information - provide confidentiality of payment and order information
2. Integrity of data - Ensure the integrity of all transmitted data
3. Cardholder account authentication - Provide authentication that a cardholder is a legitimate customer
of a branded payment card account
4. Merchant authentication - Provide authentication that a merchant can accept credit card transactions
through its relationship with an acquiring financial institution
5. Security techniques - Ensure the use of the best security practices and system design techniques to
protect all legitimate parties in an electronic commerce transaction
6. Creation of brand-new protocol - Create a protocol that neither depends on transport security
mechanisms nor prevents their use)
7. Interoperability - Facilitate and encourage interoperability among software and network providers).
It will be appropriate to introduce the TCP/IP model and Internet Protocol suite, including Electronic
Payment System in Figure.
COMPONENTS OF SET:

SET Transactions :
✓ The customer opens an account with a card issuer.
✓ MasterCard, Visa, etc.
✓ The customer receives a X.509 V3 certificate signed by a bank.
✓ X.509 V3
✓ It verifies the customer’s RSA public key and its expiration date.
✓ A merchant who accepts a certain brand of card must possess two X.509 V3 certificates.
✓ One for signing & one for key exchange
✓ The customer places an order for a product or service with a merchant.
✓ The merchant sends a copy of its certificate for verification.
These transactions are as shown in the following diagram

SET Transaction
• Customer opens account: The customer obtains a credit card account, such as MasterCard or Visa,
with a bank that supports electronic payment and SET.
• Customer receives a certificate: After verification the customer receives X.509V3, digital
certificate which is signed by the bank. This certificate verifies the customer’s RSA public key and
expiration date.
 • Merchants have their own certificates:
✓ Merchants who accepts card need to have 2 certificates for 2 public keys owned by them.
✓ One certificate is used for signing of message and the other is used for key exchange.
✓ The merchants also need the copy of payment gateway’s public key certificate.
• Customer places an order:
✓ The customer places the order containing the list of items to be purchased to the merchant.
✓ The merchant returns the order form having the items, price, total price and order number.
• Merchant is verified: The merchant along with the order form sends its certificate copy. The
customer can verify the same.
• Order and payment are sent:
✓ The customer sends order and payment information into the merchant along with customer’s
certificate.
✓ This is order conformation of the order form.
✓ The payment contains the card details. This is encrypted, so it cannot be read by the merchant.
✓ The certificate sent can be verified by the merchant.
• Merchant requests payment authorization: The merchant sends the payment information to the
payment gateway. The merchant requests for authentication of the customer, credit limit, validity.
• Merchant confirms order: The merchant sends conformation of the order to the customer.
• Merchant provides goods or service
• Merchant requests payment

Dual Signature
The purpose of the dual signature is to link two messages that are intended for two different
recipients. In this case, the customer wants to send the order information (OI) to the merchant and the
payment information (PI) to the bank. The merchant does not need to know the customer's credit card
number, and the bank does not need to know the details of the customer's order.
The customer takes the hash (using SHA-1) of the PI and the hash of the OI. These two hashes are
then concatenated and the hash of the result is taken. Finally, the customer encrypts the final hash with his or
her private signature key, creating the dual signature. The operation can be summarized as
DS = E(PRc, [ H ( H (PI) || H (O I )])
Where PRc is the customer's private signature key. Now suppose that the merchant is in possession
of the dual signature (DS), the OI, and the message digest for the PI (PIMD). The merchant also has the
public key of the customer, taken from the customer's certificate.

PI = Payment information PIMD = PI message digest

OI = Order information OIMD = OI message digest
H = Hash function(SHA-1) POMD = Payment order message digest
II = Concatenation E = Encryption(RSA)
PRC = Customer’s private signature key
Payment Processing
• Purchase request
• Payment authorization
• Payment capture
Purchase Request
Before the Purchase Request exchange begins, the cardholder has completed browsing, selecting,
and ordering. The end of this preliminary phase occurs when the merchant sends a completed order form to
the customer.
The purchase request exchange consists of four messages: Initiate Request, Initiate Response,
Purchase Request, and Purchase Response.
 • verifies cardholder certificates using CA sigs
• verifies dual signature using customer's public signature key to ensure order has not been tampered
with in transit & that it was signed using cardholder's private signature key
• processes order and forwards the payment information to the payment gateway for authorization
(described later)
• sends a purchase response to cardholder

Fig : Purchase Request – Customer

Payment Authorization

The payment authorization ensures that the transaction was approved by the issuer. This
authorization guarantees that the merchant will receive payment; the merchant can therefore provide the
services or goods to the customer. The payment authorization exchange consists of two messages:
Authorization Request and Authorization response.
• Verifies all certificates
• Decrypts digital envelope of authorization block to obtain symmetric key & then decrypts
authorization block
• Verifies merchant's signature on authorization block
• Decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment
block
• Verifies dual signature on payment block
• Verifies that transaction ID received from merchant matches that in PI received (indirectly) from
customer
• Requests & receives an authorization from issuer
• Sends authorization response back to merchant
 Fig: Purchase Request – Merchant
Payment Capture
To obtain payment, the merchant engages the payment gateway in a payment capture
transaction, consisting of a capture request and a capture response message.
• Merchant sends payment gateway a payment capture request
• Gateway checks request
• Then causes funds to be transferred to merchants account
• Notifies merchant using capture response

INTRUDER
One of the most publicized attacks to security is the intruder, generally referred to as hacker or
cracker. Three classes of intruders are as follows:
1. Masquerader – an individual who is not authorized to use the computer and who penetrates a
system’s access controls to exploit a legitimate user’s account.
2. Misfeasor – a legitimate user who accesses data, programs, or resources for which such access is not
authorized, or who is authorized for such access but misuse his or her privileges.
3. Clandestine user – an individual who seizes supervisory control of the system and uses this control
to evade auditing and access controls or to suppress audit collection.

The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine user
can be either an outsider or an insider.

Intrusion Techniques
The objective of the intruders is to gain access to a system or to increase the range of privileges
accessible on a system.
Typically, a system must maintain a file that associates a password with each authorized user. If such
a file is stored with no protection, then it is an easy matter to gain access to it. The password files can be
protected in one of the two ways:
1. One way encryption – The system stores only an encrypted form of user’s password. In practice,
the system usually performs a one way transformation (not reversible) in which the password is used
to generate a key for the encryption function and in which a fixed length output is produced.
2. Access control – Access to the password file is limited to one or a very few accounts.
The following techniques are used for learning passwords.
1. Try default passwords used with standard accounts that are shipped with the system. Many
administrators do not bother to change these defaults.
2. Exhaustively try all short passwords.
3. Try words in the system’s online dictionary or a list of likely passwords.
4. Collect information about users such as their full names, the name of their spouse and children,
pictures in their office and books in their office that are related to hobbies.
5. Try user’s phone number, social security numbers and room numbers.
6. Try all legitimate license plate numbers.
7. Use a torjan horse to bypass restriction on access.
8. Tap the line between a remote user and the host system.

Two principle countermeasures:

1. Detection – concerned with learning of an attack, either before or after its success.
2. Prevention – challenging security goal

INTRUSION DETECTION
Motivation
1. If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system
before any damage is done or any data are compromised.
2. An effective intrusion detection system can serve as a deterrent, so acting to prevent intrusions.
3. Intrusion detection enables the collection of information about intrusion techniques that can be used
to strengthen the intrusion prevention facility.

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a
legitimate user in ways that can be quantified.
Although the typical behavior of an intruder differs from the typical behavior of an authorized user, there
is an overlap in these behaviors. Thus, a loose interpretation of intruder behavior, which will catch more
intruders, will also lead to a number of "false positives," or authorized users identified as intruder.

Figure: Profiles of Behavior of Intruders and Authorized Users

Approaches to intrusion detection

Statistical anomaly detection
1)Threshold detection 2)Profile based

Rule-Based detection
1)Anomaly detection 2)Penetration identification

Distributed Intrusion Detection

Host agent module, LAN monitor agent module, Central manager module
1. Statistical anomaly detection:
Involves the collection of data relating to the behavior of legitimate users over a period of time. Then
statistical tests are applied to observed behavior to determine with a high level of confidence whether that
behavior is not legitimate user behavior.
The simplest statistical test is to measure the mean and standard deviation of a parameter over some
historical period. This gives a reflection of the average behavior and its variability.
A multivariate model is based on correlations between two or more variables.
A Markov process model is used to establish transition probabilities among various states.
A time series model focuses on time intervals.
An operational model is based on a judgment of what is considered abnormal, rather than an automated
analysis of past audit records.
a) Threshold detection: This approach involves defining thresholds, independent of user, for the
frequency of occurrence of various events.
b) Profile based: A profile of the activity of each user is developed and used to detect changes in the
behavior of individual accounts.
Examples of metrics that are useful for profile-based intrusion detection are the following:
• Counter: A nonnegative integer that may be incremented but not decremented until it is reset by
management action.
• Gauge: A nonnegative integer that may be incremented or decremented.
• Interval timer: The length of time between two related events.
• Resource utilization: Quantity of resources consumed during a specified period.

2. Rule-based detection:
Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of
an intruder.

a) Rule-based Anomaly detection: Rules are developed to detect deviation from previous usage
patterns.
✓ Analyze historical audit records to identify usage patterns & auto-generate rules for them
✓ Then observe current behavior & match against rules to see if conforms
✓ Like statistical anomaly detection does not require prior knowledge of security flaws

b) Rule-based penetration identification: An expert system approach that searches for suspicious
behavior.

3. Distributed Intrusion Detection

• Traditional focus is on single systems
• But typically have networked systems
• More effective defense has these working together to detect intrusions
Issues
o Dealing with varying audit record formats
o Integrity & confidentiality of networked data
o Centralized or decentralized architecture

Architecture for Distributed Intrusion Detection

Detection Three main components
1. Host agent module: An audit collection module operating as a background process on a monitored
system. Its purpose is to collect data on security-related events on the host and transmit these to the
central manager.
2. LAN monitor agent module: Operates in the same fashion as a host agent module except that it
analyzes LAN traffic and reports the results to the central manager.
3. Central manager module: Receives reports from LAN monitor and host agents and processes and
correlates these reports to detect intrusion.
 Figure : Architecture for Distributed Intrusion

Honeypots
Honeypots are decoy systems that are designed to lure a potential attacker away from critical
systems. Honeypots are designed to
➢
Divert an attacker from accessing critical systems
➢
Collect information about the attacker's activity
➢
Encourage the attacker to stay on the system long enough for administrators to respond

Audit Records

A fundamental tool for intrusion detection is the audit record. Some record of ongoing activity by
users must be maintained as input to an intrusion detection system. Basically, two plans are used:
1. Native audit records: Virtually all multiuser operating systems include accounting software that
collects information on user activity. The advantage of using this information is that no additional
collection software is needed. The disadvantage is that the native audit records may not contain the
needed information or may not contain it in a convenient form.
2. Detection-specific audit records: A collection facility can be implemented that generates audit
records containing only that information required by the intrusion detection system. One advantage
of such an approach is that it could be made vendor independent and ported to a variety of systems.
The disadvantage is the extra overhead involved in having, in effect, two accounting packages
running on a machine.

Each audit record contains the following fields:

• Subject: Initiators of actions. A subject is typically a terminal user but might also be a process
acting on behalf of users or groups of users.
• Action: Operation performed by the subject on or with an object; for example, login, read, perform
I/O, execute.
• Object: Receptors of actions. Examples include files, programs, messages, records,terminals,
printers, and user- or program-created structures
• Exception-Condition: Denotes which, if any, exception condition is raised on return.
• Resource-Usage: A list of quantitative elements in which each element gives the amount used of
some resource
• Time-Stamp: Unique time-and-date stamp identifying when the action took place.

MALICIOUS SOFTWARE
Malicious software is software that is intentionally included or inserted in a system for a harmful
purpose.
VIRUS AND RELATED
THREATS Malicious Programs
 Table: Terminology of Malicious Programs
Name Description
Virus Attaches itself to a program and propagates copies of itself to other programs
Worm Program that propagates copies of itself to other computers
Logic bomb Triggers action when condition occurs
Trojan horse Program that contains unexpected additional functionality
Backdoor (trapdoor) Program modification that allows unauthorized access to functionality
Exploits Code specific to a single vulnerability or set of vulnerabilities
Downloaders Program that installs other items on a machine that is under attack. Usually, a
downloader is sent in an e-mail.
Auto-rooter Malicious hacker tools used to break into new machines remotely
Kit (virus generator) Set of tools for generating new viruses automatically
Spammer programs Used to send large volumes of unwanted e-mail
Flooders Used to attack networked computer systems with a large volume of traffic to carry
out a denial of service (DoS) attack
Table: Terminology of Malicious Programs
Name Description
Keyloggers Captures keystrokes on a compromised system
Rootkit Set of hacker tools used after attacker has broken into a computer system and gained
root-level access
Zombie Program activated on an infected machine that is activated to launch attacks on other
machines

Malicious software can be divided into two categories:

Those that need a host

program, and those that
are independent.
Programs that
cannot exist independently
of some actual application
program, utility, or system
program. Viruses, logic
bombs, and backdoors are
examples.
Programs that can
be scheduled and run by
the operating system.
Worms and zombie
programs are examples.

We can also differentiate between those software threats that do not replicate and those that
do. A Programs or fragments of programs that are activated by a trigger.
Example: logic bombs, backdoors, and zombie programs.
A program fragment or an independent program that, when executed, may produce one or more
copies of itself to be activated later on the same system or some other system.
Example: Viruses and worms are examples.
Backdoor or Trapdoor
➢
Secret entry point into a program
➢
Allows those who know access bypassing usual security procedures
➢
Have been commonly used by developers
➢
A threat when left in production programs allowing exploited by attackers
➢
Very hard to block in O/S
➢
Requires good s/w development & update

Logic Bomb
➢
One of oldest types of malicious software
➢
Code embedded in legitimate program
➢
Activated when specified conditions met
• Eg presence/absence of some file
• Particular date/time
• Particular user
➢
When triggered typically damage system
• Modify/delete files/disks, halt machine, etc

Trojan Horse
➢
Program with hidden side-effects
➢
Which is usually superficially attractive
• Eg game, s/w upgrade etc
➢
When run performs some additional tasks
• Allows attacker to indirectly gain access they do not have directly
➢
Often used to propagate a virus/worm or install a backdoor
➢
Or simply to destroy data
Zombie
➢
Program which secretly takes over another networked computer
➢
Then uses it to indirectly launch attacks
➢
Often used to launch distributed denial of service (ddos) attacks
➢
Exploits known flaws in network systems

The Nature of Viruses

A virus is a piece of software that can "infect" other programs by modifying them; the modification
includes a copy of the virus program, which can then go on to infect other programs.
A virus can do anything that other programs do. The only difference is that it attaches itself to
another program and executes secretly when the host program is run. Once a virus is executing, it can
perform any function, such as erasing files and programs.
During its lifetime, a typical virus goes through the following four phases:
• Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a
date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not
all viruses have this stage.
• Propagation phase: The virus places an identical copy of itself into other programs or into certain
system areas on the disk. Each infected program will now contain a clone of the virus, which will
itself enter a propagation phase.
• Triggering phase: The virus is activated to perform the function for which it was intended. As with
the dormant phase, the triggering phase can be caused by a variety of system events, including a
count of the number of times that this copy of the virus has made copies of itself.
• Execution phase: The function is performed. The function may be harmless, such as a message on
the screen, or damaging, such as the destruction of programs and data files.

Virus Structure
A virus can be prepended or postpended to an executable program, or it can be embedded in some
other fashion. The key to its operation is that the infected program, when invoked, will first execute the
virus code and then execute the original code of the program.
An infected program begins with the virus code and works as follows.
• The first line of code is a jump to the main virus program. The second line is a special marker
 • That is used by the virus to determine whether or not a potential victim program has already been
infected with this virus.
• When the program is invoked, control is immediately transferred to the main virus program. The
virus program first seeks out uninfected executable files and infects them. Next, the virus may
perform some action, usually detrimental to the system.
• This action could be performed every time the program is invoked, or it could be a logic bomb that
triggers only under certain conditions.
• Finally, the virus transfers control to the original program. If the infection phase of the program is
reasonably rapid, a user is unlikely to notice any difference between the execution of an infected and
uninfected program.

A virus such as the one just described is easily detected because an infected version of a program is
longer than the corresponding uninfected one. A way to thwart such a simple means of detecting a virus is to
compress the executable file so that both the infected and uninfected versions are of identical length. We
assume that program P1 is infected with the virus CV. When this program is invoked, control passes to its
virus, which performs the following steps:
1. For each uninfected file P2 that is found, the virus first compresses that file to produce P'2, which is
shorter than the original program by the size of the virus.
2. A copy of the virus is prepended to the compressed program.
3. The compressed version of the original infected program, P'1, is uncompressed.
4. The uncompressed original program is executed.

Figure: A Compression Virus

In this example, the virus does nothing other than propagate. As in the previous example, the virus
may include a logic bomb.
Initial Infection
Once a virus has gained entry to a system by infecting a single program, it is in a position to infect
some or all other executable files on that system when the infected program executes. Thus, viral infection
can be completely prevented by preventing the virus from gaining entry in the first place.

Types of Viruses
Following categories as being among the most significant types of viruses:
1. Parasitic virus: The traditional and still most common form of virus. A parasitic virus attaches itself
to executable files and replicates, when the infected program is executed, by finding other executable
files to infect.
2. Memory-resident virus: Lodges in main memory as part of a resident system program. From that
point on, the virus infects every program that executes.
3. Boot sector virus: Infects a master boot record or boot record and spreads when a system is booted
from the disk containing the virus.
4. Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus software.
5. Polymorphic virus: A virus that mutates with every infection, making detection by the "signature"
of the virus impossible.
6. Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates with every
infection. The difference is that a metamorphic virus rewrites itself completely at each iteration,
increasing the difficulty of detection. Metamorphic viruses my change their behavior as well as their
appearance.
 7. Macro Viruses
• A macro virus is platform independent. Virtually all of the macro viruses infect Microsoft Word
documents. Any hardware platform and operating system that supports Word can be infected.
• Macro viruses infect documents, not executable portions of code. Most of the information
introduced onto a computer system is in the form of a document rather than a program.
• Macro viruses are easily spread. A very common method is by electronic mail.
Macro viruses take advantage of a feature found in Word and other office applications such
as Microsoft Excel, namely the macro. In essence, a macro is an executable program embedded in a
word processing document or other type of file.
8. E-mail Viruses
A more recent development in malicious software is the e-mail virus. The first rapidly
spreading e-mail viruses, such as Melissa, made use of a Microsoft Word macro embedded in an
attachment. If the recipient opens the e-mail attachment, the Word macro is activated. Then
1. The e-mail virus sends itself to everyone on the mailing list in the user's e-mail package.
2. The virus does local damage.
Worms
➢
Replicating but not infecting program
➢
Typically spreads over a network
➢
Using users distributed privileges or by exploiting system vulnerabilities
➢
Widely used by hackers to create zombie pc's, subsequently used for further attacks
➢
Major issue is lack of security of permanently connected systems
To replicate itself, a network worm uses some sort of network vehicle. Examples include the following:
• Electronic mail facility: A worm mails a copy of itself to other systems.
• Remote execution capability: A worm executes a copy of itself on another system.
• Remote login capability: A worm logs onto a remote system as a user and then uses
commands to copy itself from one system to the other.
The new copy of the worm program is then run on the remote system where, in addition to any
functions that it performs at that system, it continues to spread in the same fashion.
A network worm exhibits the same characteristics as a computer virus: a dormant phase, a
propagation phase, a triggering phase, and an execution phase. The propagation phase generally
performs the following functions:
1. Search for other systems to infect by examining host tables or similar repositories of remote
system addresses.
2. Establish a connection with a remote system.
3. Copy itself to the remote system and cause the copy to be run
As with viruses, network worms are difficult to counter.

The Morris Worm

➢
Best known classic worm
➢
Released by robert morris in 1988
➢
Targeted unix systems
➢
Using several propagation techniques
• Simple password cracking of local PW file
• Exploit bug in finger daemon
• Exploit debug trapdoor in send mail daemon
➢
If any attack succeeds then replicated self

Recent Worm Attacks

➢
New spate of attacks from mid-2001
➢
Code Red - used MS IIS bug
• probes random IPs for systems running IIS
• had trigger time for denial-of-service attack
• 2nd wave infected 360000 servers in 14 hours
➢
Code Red 2 - installed backdoor
➢
Nimda - multiple infection mechanisms
➢
SQL Slammer - attacked MS SQL server
➢
Sobig.f - attacked open proxy servers
➢
Mydoom - mass email worm + backdoor
Worm Technology
• Multiplatform: Newer worms are not limited to Windows machines but can attack a variety of
platforms, especially the popular varieties of UNIX.
• Multiexploit: New worms penetrate systems in a variety of ways, using exploits against Web
servers, browsers, e-mail, file sharing, and other network-based applications.
• Ultrafast spreading: One technique to accelerate the spread of a worm is to conduct a prior
Internet scan to accumulate Internet addresses of vulnerable machines.
• Polymorphic: To evade detection, skip past filters, and foil real-time analysis, worms adopt the
virus polymorphic technique. Each copy of the worm has new code generated on the fly using
functionally equivalent instructions and encryption techniques.
• Metamorphic: In addition to changing their appearance, metamorphic worms have a repertoire of
behavior patterns that are unleashed at different stages of propagation.
• Transport vehicles: Because worms can rapidly compromise a large number of systems, they are ideal
for spreading other distributed attack tools, such as distributed denial of service zombies.
• Zero-day exploit: To achieve maximum surprise and distribution, a worm should exploit an unknown
vulnerability that is only discovered by the general network community when the worm is launched.

VIRUS COUNTERMEASURES
Antivirus Approaches
The ideal solution to the threat of viruses is prevention: The next best approach is to be able to do the
following:
• Detection: Once the infection has occurred, determine that it has occurred and locate the virus.
• Identification: Once detection has been achieved, identify the specific virus that has infected a
program.
• Removal: Once the specific virus has been identified, remove all traces of the virus from the
infected program and restore it to its original state. Remove the virus from all infected systems so
that the disease cannot spread further.
If detection succeeds but either identification or removal is not possible, then the alternative is to discard the
infected program and reload a clean backup version.
There are four generations of antivirus software:
• First-generation - simple scanners
o Scanner uses virus signature to identify virus
o Or change in length of programs
• Second-generation - heuristic scanners
o Uses heuristic rules to spot viral infection
o Or uses crypto hash of program to spot changes
• Third-generation - activity traps
o Memory-resident programs identify virus by actions
• Fourth-generation - full-featured protection
o Packages with a variety of antivirus techniques
o Eg scanning & activity traps, access-controls

Advanced Antivirus Techniques

1. Generic Decryption
Generic decryption (GD) technology enables the antivirus program to easily detect even the most
complex polymorphic viruses, while maintaining fast scanning speeds. In order to detect such a structure,
executable files are run through a GD scanner, which contains the following elements:
• CPU emulator: A software-based virtual computer. Instructions in an executable file are interpreted
by the emulator rather than executed on the underlying processor. The emulator includes software
versions of all registers and other processor hardware, so that the underlying processor is unaffected
by programs interpreted on the emulator.
• Virus signature scanner: A module that scans the target code looking for known virus signatures.
• Emulation control module: Controls the execution of the target code.

At the start of each simulation, the emulator begins interpreting instructions in the target code, one at
a time. Thus, if the code includes a decryption routine that decrypts and hence exposes the virus, that code is
interpreted. In effect, the virus does the work for the antivirus program by exposing the virus. Periodically,
the control module interrupts interpretation to scan the target code for virus signatures.
2. Digital Immune System
• General purpose emulation & virus detection
• Any virus entering org is captured, analyzed, detection/shielding created for it, removed

Error! Hyperlink reference not valid. illustrates the typical steps in digital immune system operation

Figure: Digital Immune System

Steps
1. A monitoring program on each PC uses a variety of heuristics based on system behavior, suspicious
changes to programs, or family signature to infer that a virus may be present. The monitoring program
forwards a copy of any program thought to be infected to an administrative machine within the
organization.
2. The administrative machine encrypts the sample and sends it to a central virus analysis machine.
3. This machine creates an environment in which the infected program can be safely run for analysis.
Techniques used for this purpose include emulation, or the creation of a protected environment within
which the suspect program can be executed and monitored. The virus analysis machine then produces a
prescription for identifying and removing the virus.
4. The resulting prescription is sent back to the administrative machine.
5. The administrative machine forwards the prescription to the infected client.
6. The prescription is also forwarded to other clients in the organization.
7. Subscribers around the world receive regular antivirus updates that protect them from the new virus.

3. Behavior-Blocking Software
➢
Integrated with host O/S
➢
Monitors program behavior in real-time
• Eg file access, disk format, executable mods, system settings changes, network access
➢
For possibly malicious actions
• If detected can block, terminate, or seek ok
➢
Has advantage over scanners
➢
But malicious code runs before detection
Monitored behaviors can include the following:
• Attempts to open, view, delete, and/or modify files;
• Attempts to format disk drives and other unrecoverable disk operations;
• Modifications to the logic of executable files or macros;
• Modification of critical system settings, such as start-up settings;
• Scripting of e-mail and instant messaging clients to send executable content; and
• Initiation of network communications.
FIREWALLS DESIGN PRINCIPLES
Internet connectivity is no longer an option for most organizations. However, while
internet access provides benefits to the organization, it enables the outside world to reach and
interact with local network assets.
This creates the threat to the organization. While it is possible to equip each workstation
and server on the premises network with strong security features, such as intrusion protection,
this is not a practical approach.
The alternative, increasingly accepted, is the firewall. The firewall is inserted between
the premise network and internet to establish a controlled link and to erect an outer security
wall or perimeter.
The aim of this perimeter is to protect the premises network from internet based attacks
and to provide a single choke point where security and audit can be imposed.
The firewall can be a single computer system or a set of two or more systems that
cooperate to perform the firewall function.

Firewall Characteristics
• All traffic from inside to outside, and vice versa, must pass through the firewall.
This is achieved by physically blocking all access to the local network except via
the firewall.
• Only authorized traffic, as defined by the local security policy, will be allowed to
pass. Various types of firewalls are used, which implement various types of security
policies.
• The firewall itself is immune to penetration. This implies that use of a trusted
system with a secure operating system. This implies that use of a trusted system
with a secure operating system.
Four techniques that firewall use to control access and enforce the site’s security policy is
as follows:
• Service control – determines the type of internet services that can be accessed,
inbound or outbound. The firewall may filter traffic on this basis of IP address and
TCP port number; may provide proxy software that receives and interprets each
service request before passing it on; or may host the server software itself, such as
web or mail service.
• Direction control – determines the direction in which particular service request
may be initiated and allowed to flow through the firewall.
• User control – controls access to a service according to which user is attempting to
access it.
• Behavior control – controls how particular services are used.

Capabilities of Firewall
• A firewall defines a single choke point that keeps unauthorized users out of the
protected network, prohibits potentially vulnerable services from entering or leaving
the network, and provides protection from various kinds of IP spoofing and routing
attacks.
• A firewall provides a location for monitoring security related events. Audits and
alarms can be implemented on the firewall system.
• A firewall is a convenient platform for several internet functions that are not
security related.
• A firewall can serve as the platform for IPsec.
Limitations of Firewall
• The firewall cannot protect against attacks that bypass the firewall.
• The firewall does not protect against internal threats.
• The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the
perimeter, it would be impractical and perhaps impossible for the firewall to scan all
incoming files, e-mail, and messages for viruses.

INTERNET FIREWALLS FOR TRUSTED SYSTEMS

• A firewall is a device or group of devices that controls access between networks.
• A firewall generally consists of filters and gateway(s), varying from firewall to firewall.
• It is a security gateway that controls access between the public Internet and an intranet and
is a secure computer system placed between a trusted network and an untrusted Internet.
• A firewall is an agent that screens network traffic in some way, blocking traffic it believes
to be inappropriate, dangerous, or both.
• Firewalls act as an intermediate server in handling SMTP and HTTP connections in either
direction.

ROLES OF FIREWALLS
• The firewall imposes restrictions on packets entering or leaving the private network.
• All traffic from inside to outside, and vice versa, must pass through the firewall, but only
authorized traffic will be allowed to pass.
• Packets are not allowed through unless they conform to a filtering specification or unless
there is negotiation involving some sort of authentication.
• The firewall itself must be immune to penetration.
• Firewalls create checkpoints between an internal private network and an untrusted Internet.
Once the choke points established, the device can monitor, filter, and verify all inbound
and outbound traffic.
• The firewall may filter on the basis of IP source and destination addresses and TCP port
number.
• The firewall also enforces logging and provides alarm capacities as well. Placing logging
services at firewalls, security administrators can monitor all access to and from the Internet.
• Firewalls may block TELNET or RLOGIN connections from the Internet to the intranet. It
block SMTP and FTP connections to the Internet from internal systems not authorized to
send e-mail or to move files.
• The firewall provides protection from various kinds of IP spoofing and routing attacks. It
can also serve as the platform for IPsec.
• A firewall can limit network exposure by hiding the internal network systems and
information from the public Internet.
• A firewall provides a location for monitoring security-related events. Audits and alarms
can be implemented on the firewall system.

Four general techniques that firewalls use to control access and enforce the site's security
policy
1. Service control: Determines the types of Internet services that can be accessed, inbound or
outbound. The firewall may filter traffic on the basis of IP address and TCP port number;
may provide proxy software that receives and interprets each service request before passing
it on; or may host the server software itself, such as a Web or mail service.
2. Direction control: Determines the direction in which particular service requests may be
initiated and allowed to flow through the firewall.
3. User control: Controls access to a service according to which user is attempting to access
it. This feature is typically applied to users inside the firewall perimeter (local users).
4. Behavior control: Controls how particular services are used. For example, the firewall
may filter e-mail to eliminate spam, or it may enable external access to only a portion of the
information on a local Web server.

Firewall limitations
• It cannot protect against internal threats such as an employee who cooperates with an
external attacker.
• The firewall cannot protect against attacks that bypass the firewall.
• It is also unable to protect against the transfer of virus-infected programs or files because it
is impossible for it to scan all incoming files, e-mail, and messages for viruses.

FIREWALL-RELATED TERMINOLOGY
To design and configure a firewall, some familiarity with the basic terminology is
required.
1. Bastion Host
A bastion host is a publicly accessible device for the network's security, which has a
direct connection to a public network such as the Internet. The bastion host serves as a
platform for any one of the three types of firewalls: packet filter, circuit-level gateway, or
application-level gateway.
Bastion hosts must check all incoming and outgoing traffic and enforce the rules
specified in the security policy. They must be prepared for attacks from external and possibly
internal sources.
The bastion host's role falls into the following three common types:
1. Single-homed bastion host: This is a device with only one network interface, normally
used for an application-level gateway. The external router is configured to send all
incoming data to the bastion host, and all internal clients are configured to send all
outgoing data to the host.

2. Dual-homed bastion host: This is a firewall device with at least two network interfaces.
The advantage of using such hosts is that they create a complete break between the external
network and the internal network. This break forces all incoming and outgoing traffic to
pass through the host.
3. Multihomed bastion host: Used to allow the user to enforce strict security mechanisms.
When the security policy requires all inbound and outbound traffic to be sent through a
proxy server, a new proxy server should be created for the new streaming application.

2. Proxy Server
• Proxy servers are used to communicate with external servers on behalf of internal clients.
• A proxy service is set up and torn down in response to a client request, rather than existing
on a static basis.
• Application proxies forward packets only when a connection has been established using
some known protocol. When the connection closes, a firewall using application proxies
rejects individual packets, even if they contain port numbers allowed by a rule set.
• The audit log is an essential tool for detecting and terminating intruder attacks. Therefore,
each proxy maintains detailed audit information by logging all traffic, each connection, and
the duration of each connection.
• Each proxy is independent of other proxies on the bastion host. If there is a problem with
the operation of any proxy, or if future vulnerability is discovered, it is easy to replace the
proxy without affecting the operation of the proxy's applications.
• A proxy generally performs no disk access other than to read its initial configuration file.
This makes it difficult for an intruder to install Trojan horse sniffers or other dangerous
files on the bastion host.

3. SOCKS
• The SOCKS protocol version 4 provides for unsecured firewall traversal for TCP-based
client/server applications, including HTTP, TELNET, and FTP.
• The new protocol extends the SOCKS version 4 model to include UDP, allows the
framework to include provision for generalized strong authentication schemes, and extends
the addressing scheme to encompass domain name and IPv6addresses.
• SOCKS define how to establish authenticated connections, but currently, it does not
provide a clear-cut solution to the problem of encrypting the data traffic.

4. Choke Point
• A choke point is the point at which a public Internet can access the internal network.
• The most comprehensive and extensive monitoring tools should be configured on the choke
points.
• Proper implementation requires that all traffic be funneled through these choke points.
• All traffic is flowing through the firewalls, security administrators, as a firewall strategy,
need to create choke points to limit external access to their networks.
• Once these choke points have been clearly established, the firewall devices can monitor,
filter, and verify all inbound and outbound traffic.

5. Demilitarized Zone (DMZ)

• The DMZ is an expression that originates from the Korean War. It meant a strip of land
forcibly kept clear of enemy soldiers.
• In terms of a firewall, the DMZ is a network that lies between an internal private network
and the external public network.
• DMZ networks are sometimes called perimeter networks.
• A DMZ is used as an additional buffer to further separate the public network from the
internal network.
• A gateway is a machine that provides relay services to compensate for the effects of a filter.
• The network inhabited by the gateway is often called the DMZ.
• A gateway in the DMZ is sometimes assisted by an internal gateway.

6. Logging and Alarms

• Logging is usually implemented at every device in the firewall, but these individual logs
combine to become the entire record of user activity.
• Since a choke point is installed at the firewall, a prospective hacker will go through the
choke point.
• If so, the comprehensive logging devices will probably capture all hacker activities,
including all user activities as well.
• The user can then tell exactly what a hacker is doing and have such information available
for audit.
• The audit log is an essential tool for detecting and terminating intruder attacks.
• Many firewalls allow the user to preconfigure responses to unacceptable activities.
• The firewall should alert the user by several means.
• The two most common actions are for the firewall to break the TCP/IP connection or to
have it automatically set off alarms.

7. VPN
• VPNs are appropriate for any organization requiring secure external access to internal
resources.
• All VPNs are tunnelling protocols in the sense that their information packets or payloads
are encapsulated or tunnelled into the network packets.
• All data transmitted over a VPN is usually encrypted because an opponent with access to
the Internet could eavesdrop on the data as it travels over the public network.
• The VPN encapsulates all the encrypted data within an IP packet.
• Authentication, message integrity, and encryption are very important fundamentals for
implementing a VPN.
• Without such authentication procedures, a hacker could impersonate anyone and then gain
access to the network.

TYPES OF FIREWALLS
Firewalls are classified into three common types:
1. Packet filtering Router
2. Circuit-level gateways
3. Application-level gateways

1. Packet filtering Router

A packet filtering router applies a set of rules to each incoming IP packet and then
forwards or discards the packet. The router is typically configured to filter packets going in
both directions. Filtering rules are based on the information contained in a network packet:
Source IP address – IP address of the system that originated
the IP packet. Destination IP address – IP address of the
system, the IP is trying to reach.
Source and destination transport level address – transport level port number.
IP protocol field – defines the transport protocol.
Interface – for a router with three or more ports, which interface of the router the
packet come from or which interface of the router the packet is destined for.

The packet filter is typically set up as a list of rules based on matches to fields in the IP
or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether
to forward or discard the packet. If there is no match to any rule, then a default action is taken.
Two default policies are possible:
Default = discard: That which is not expressly permitted is
prohibited. Default = forward: That which is not expressly
prohibited is permitted.

Packet Filtering Rules

• A packet filter applies a set of rules to each incoming IP packet and then forwards or
discards the packet.
• The packet filter typically sets up a list of rules which may match fields in the IP or TCP
header.
• If there is a match to one of the rules, that rule is able to determine whether to forward or
discard the packet.
• If there is no match to any rule then two default actions (forward and discard) will be taken.
TELNET packet filtering
• TELNET is a simple remote terminal access that allows a user to log onto a computer
across an Internet.
• TELNET establishes a TCP connection and then passes keystrokes from the user's
keyboard directly to the remote computer as if they had been typed on a keyboard attached
to the remote machine.
• TELNET also carries output from the remote machine back to the user's screen.
• TELNET client software allows the user to specify a remote machine either by giving its
domain name or IP address.
Table: Telnet packet-filtering example

If a packet is passed through the filter and has a source port of 23, it will immediately be
discarded. If a packet with a destination port of 23 is passed through this filter, it is discarded
only after rule 2 has been applied. All other packets will be discarded.

FTP packet filtering

If the FTP service is to apply the same basic rule as applied to TELNET, the packet
filter to allow or block FTP would look like following Table. The FTP service is typically
associated with using TCP ports 20 and 21.
Table 11.2 FTP packet-filtering example

One approach to handling FTP connections is explained with the following rule set.
Rule 1 allows any host with the network address 192.168.10.0 to initiate a TCP session on any
destination IP address on port 21. Rule 2 blocks any packet originating from any remote
address with a source port of 20 and contacting a host with a network address 192.168.10.0 on
any port less than 1024. Rule 3 allows any remote address that has a source port of 20 and is
contacting any host with a network address of 192.168.10.0 on any port. Once a connection is
set up, the ACK flag ( ) of a TCP segment is set to acknowledge segments sent from
the other side. If any packet violates rule 2, it will be immediately discarded, and rule 3 will
never be executed.
Advantages of packet filter router
 • Simple
• Transparent to users
• Very fast

Weakness of packet filter firewalls

• Because packet filter firewalls do not examine upper-layer data, they cannot prevent
attacks that employ application specific vulnerabilities or functions.
• Because of the limited information available to the firewall, the logging functionality
present in packet filter firewall is limited.
• It does not support advanced user authentication schemes.
• They are generally vulnerable to attacks such as layer address spoofing.
Attacks
IP address spoofing – The intruders transmit packets from the outside with a source IP
address field containing an address of an internal host.
Countermeasure:
To discard packet with an inside source address if the packet arrives on an external
interface.
Source routing attacks – the source station specifies the route that a packet should take as it
crosses the internet; i.e., it will bypass the firewall.
Countermeasure:
To discard all packets that uses this option.
Tiny fragment attacks – the intruder create extremely small fragments and force the TCP
header information into a separate packet fragment. The attacker hopes that only the first
fragment is examined and the remaining fragments are passed through.
Countermeasure:
To discard all packets where the protocol type is TCP and the IP fragment offset is
equal to 1.
2. Application level gateway
An Application level gateway, also called a proxy server, acts as a relay of application
level traffic.
The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and
the gateway asks the user for the name of the remote host to be accessed.
When the user responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP segments containing
the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters. It is easy to log
and audit all incoming traffic at the application level. A prime disadvantage is the additional
processing overhead on each connection.

3. Circuit level gateway

Circuit level gateway can be a stand-alone system or it can be a specified function
performed by an application level gateway for certain applications.
A Circuit level gateway does not permit an end-to-end TCP connection; rather, the
gateway sets up two TCP connections, one between itself and a TCP user on an inner host and
one between itself and a TCP user on an outer host.
Once the two connections are established, the gateway typically relays TCP segments
from one connection to the other without examining the contents. The security function
consists of determining which connections will be allowed.
A typical use of Circuit level gateways is a situation in which the system administrator
trusts the internal users. The gateway can be configured to support application level or proxy
service on inbound connections and circuit level functions for outbound connections.

FIREWALL DESIGNS

Five best-practice steps to optimal firewall design

The primary step in designing a secure firewall is obviously to prevent the firewall
devices from being compromised by threats. To provide a certain level of security, the three
basic firewall designs are considered: a single-homed bastion host, a dual-homed bastion
host, and a screened subnet firewall. The first two options are for creating a screened host
firewall, and the third option contains an additional packet-filtering router to achieve another
level of security.
1. Screened Host Firewall (Single-Homed Bastion Host)
The first type of firewall is a screened host which uses a single-homed bastion host plus
a packet-filtering router.
Single-homed bastion hosts can be configured as either circuit-level or application-level
gateways. When using either of these two gateways, each of which is called a proxy server, the
bastion host can hide the configuration of the internal network.
In this configuration, the firewall consists of two systems: a packet filtering router and a
bastion host. Typically, the router is configured so that
• For traffic from the internet, only IP packets destined for the bastion host are allowed in.
• For traffic from the internal network, only IP packets from the bastion host are allowed out.
• The bastion host performs authentication and proxy functions. This configuration has
greater security than simply a packet filtering router or an application level gateway alone,
for two reasons:
• This configuration implements both packet level and application level filtering, allowing
for considerable flexibility in defining security policy.
2. Screened Host Firewall (Dual-Homed Bastion Host)
• The configuration of the screened host firewall using a dual-homed bastion host adds
significant security, compared with a single-homed bastion host.
• Dual-homed bastion host has two network interfaces.
• In the previous configuration, if the packet filtering router is compromised, traffic could
flow directly through the router between the internet and the other hosts on the private
network. This configuration physically prevents such a security break.
• This firewall implementation is secure due to the fact that it creates a complete break
between the internal network and the external Internet.

3. Screened Subnet Firewall

• The third implementation of a firewall is the screened subnet, which is also known as a
DMZ.
• This firewall is the most secure one among the three implementations, simply because it
uses a bastion host to support both circuit- and application-level gateways.
• All publicly accessible devices, including modem and server, are placed inside the DMZ.
• The screened subnet firewall contains external and internal screening routers. Each is
configured such that its traffic flows only to or from the bastion host.
• This arrangement prevents any traffic from directly traversing the DMZ subnetwork.
• The external screening router uses standard filtering to restrict external access to the bastion
host and rejects any traffic that does not come from the bastion host.
• This router also uses filters to prevent attacks such as IP spoofing and source routing.
• The internal screening router also uses rules to prevent spoofing and source routing.

This configuration offers several advantages:

• There are now three levels of defense to thwart intruders.
• The outside router advertises only the existence of the screened subnet to the internet;
therefore the internal network is invisible to the internet.
• Similarly, the inside router advertises only the existence of the screened subnet to the
internal network; therefore the systems on the internal network cannot construct direct
routes to the internet.

Part –A (2 Marks)

1. What are the services provided by PGP?

• Digital signature
• Message encryption
• Compression
• E-mail compatibility
• Segmentation
2. Explain the reasons for using PGP?
• It is available free worldwide in versions that run on a variety of platforms,
including DOS/windows, UNIX, Macintosh and many more.
• It is based on algorithms that have survived extensive public review and are
considered extremely secure.
• It has a wide range of applicability from corporations that wish to select and enforce
a standardized scheme for encrypting files and communication.
• It was not developed by nor is it controlled by any governmental or standards
Organization.
3. Why E-mail compatibility function in PGP needed?
Electronic mail systems only permit the use of blocks consisting of ASCII text.
To accommodate this restriction PGP provides the service converting the row 8- bit
binary stream to a stream of printable ASCII characters.
The scheme used for this purpose is Radix-64 conversion.
4. Name any cryptographic keys used in PGP?
• One-time session conventional keys.
 • Public keys
• Private keys
• Pass phrase based conventional keys.
5. Define key Identifier?
PGP assigns a key ID to each public key that is very high probability unique with a user
ID. It is also required for the PGP digital signature. The key ID associated with each public key
consists of its least significant 64bits.
6. List the limitations of SMTP/RFC 822?
• SMTP cannot transmit executable files or binary objects.
• It cannot transmit text data containing national language characters.
• SMTP servers may reject mail message over certain size.
• SMTP gateways cause problems while transmitting ASCII and EBCDIC.
• SMTP gateways to X.400 E-mail network cannot handle non textual data included
in X.400 messages.
5. Define S/MIME?
Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to
the MIME Internet E-mail format standard, based on technology from RSA Data Security.
6. What are the elements of MIME?
Five new message header fields are defined which may be included in an RFC 822
header.
A number of content formats are defined.
Transfer encodings are defined that enable the conversion of any content format into a
form that is protected from alteration by the mail system.
7. What are the headers fields define in MIME?
• MIME version
• Content type
• Content transfer encoding
• Content id
• Content description
8. What are the key algorithms used in S/MIME?
• Digital Signature Standards.
• Diffi Hellman.
• RSA Algorithm.
9. Give the steps for preparing envelope data MIME?
• Generate Ks.
• Encrypt Ks using recipient’s public key.
• RSA algorithm used for encryption.
• Prepare the ‘recipient info block’.
10. What are the function areas of IP security?[APRIL/MAY 2010]
• Authentication
• Confidentiality
• Key management.

11. Give the application of IP security?

• Provide secure communication across private & public LAN.
• Secure remote access over the Internet.
• Secure communication to other organization.
12. Give the benefits of IP security?
 • Provide security when IP security implement in router or firewall.
• IP security is below the transport layer is transparent to the application.
• IP security transparent to end-user.
• IP security can provide security for individual user.
13. What are the protocols used to provide IP security?
• Authentication header (AH) protocol.
• Encapsulating Security Payload (ESP).
14. Specify the IP security services?
• Access control
• Connectionless interpretty
• Data origin authentication
• Rejection of replayed packet
• Confidentiality
• Limited traffic for Confidentiality.
15. Give some threats or attacks on web
• Integrity
• Confidentiality
• Denial of service
• Authentication
16. Name some web traffic security approaches
• Networklevel or IPSec approach
• Transport level
• Application level
17. What do you mean by Secure Electronic Transaction?
SET is an open encryption and security specification designed to protect credit card
transactions on the Internet.SET is not itself a payment system. Rather it is a set of security
protocols and formats that enables users to employ the existing credit card payment
infrastructure on an open network, such as the Internet, in a secure fashion.
18. Give some key features of SET
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication
19. List the limitations of SMTP/RFC 822? [Nov’16]
• Transfers limited in size
• Gateways do not always map properly between EBCDIC and ASCII
• Cannot handle non-text data in X.400 messages
• Not all SMTP implementations adhere completely to RFC821 (tabs, truncation, etc)
20. Define Botnets? [Nov’16]
A botnet is a collection of internet-connected devices, which may include PCs, servers,
mobile devices and internet of things devices that are infected and controlled by a common
type of malware. Users are often unaware of a botnet infecting their system.

21.Define virus. Specify the types of viruses? [NOV2007][MAY 2014]

A virus is a program that can infect other program by modifying them the modification
includes a copy of the virus program, which can then go on to infect other program.
• Parasitic virus
• Memory-resident virus
 • Boot sector virus and Stealth virus
• Polymorphic virus

22. What are Honeypots in Intrusion Detection System? [April/May 2010] [Nov/Dec
2013][MAY 2011]
A relatively recent innovation in intrusion detection technology is the honeypot.
Honeypots are decoy systems that are designed to lure a potential attacker away from critical
systems. Honeypots are designed to
• Divert an attacker from accessing critical systems
• Collect information about the attacker's activity
• Encourage the attacker to stay on the system long enough for administrators to
respond

23. What is Polymorphic Virus? [Nov/Dec 2013][DEC 2012]

A virus that mutates with every infection, making detection by the "signature" of the
virus impossible.

24. What are the two types of audit records? [May/June 2012]
This audit record is a fundamental tool for intrusion detection. Here they record of
ongoing activity by users are maintained. This is an input to the intrusion detection system.
• Native Audit Record: This is maintained in multiuser operating system.
• Detection Specific Audit Record: A facility is implemented to generate the audit
record.

25. Define Worm? [MAY 2014]

Program that can replicate itself and send copies from computer to computer across
network connections. Upon arrival, the worm may be activated to replicate and propagate
again. In addition to propagation, the worm usually perform some unwanted function

26. What do you mean by Trojan horse?

Trojan horse is a computer virus and is from a link you have clicked and downloaded. Also it
can be passed on by e-mail so you have to be very careful whoever sends the mail to you. It
will steal your personal information from your computer

27. What is a DDoS? [MAY 2014]

A denial of service (DoS) attack is an attempt to prevent legitimate users of a service
from using that service. When this attack comes from a single host or network node, then it is
simply referred to as a DoS attack.
A more serious threat is posed by a DDoS attack. In a DDoS attack, an attacker is able
to recruit a number of hosts throughout the Internet to simultaneously or in a coordinated
fashion launch an attack upon the target.

28. List the three classes of intruders? [Nov’16]

• Masquerader : pretend to be someone one is not. An individual who is not authorized to
use the computer and who penetrates a system’s access controls to exploit a legitimate
user’s account
• Misfeasor: authentic user doing unauthorized actions. A legitimate user who accesses
data, programs, or resources for which such access is not authorized, or who is
authorized for such access but misuses his or her privileges
 • Clandestine user : done secretively, especially because illicit. An individual who seizes
supervisory control of the system and uses this control to evade auditing and access
controls or to suppress audit collection
29. Define Zombie? [Nov’16]
A zombie computer virus is a computer that's been infected by a computer virus or
compromised by a hacker. It can be controlled under remote direction to perform criminal
tasks, as well as infect other computers with viruses. A zombie computer can appear to be
performing normally, making it hard for you to know that your computer has been
compromised.
Part-B(16 Marks)
• Write about PGP in detail
• Write about S/MIME in detail
• Explain IP security architecture in detail
• Write about IPSec key management
• Write the applications and benefits of IPSec
• Explain about the threats on web and its consequences and countermeasures
• Write about different web security approaches
• Explain briefly about SSL and TLS
• Discuss the working of SET with neat diagram.[nov’16]
• Discuss the role of compression in the operation of a virus.(16)(MAY 2010)
• How does a worm propagate? Illustrate with an example.(8) (DEC 2010)
• Give the nature and the counter measures followed for the various viruses and related
threats.(16)(MAY 2011)
• Write down the four generations of antivirus software. (DEC 2011)
• Draw and discuss about the audit records and metrics used for profiling in intrusion
Detection system.(16) (May 2011)(Dec 2011)(MAY 2012)
• Describe in detail about software threats.(16)(Dec 2012)(MAY 2013)
• Write short notes on the following: Types of Viruses.(8) (DEC 2013)
• Explain the technical details of firewall design and describe any two types of firewall
with neat diagrams.(16)(Dec 2012)(Dec 2010)(Dec 2011) (DEC 2013) [NOV 2014]
• Explain the approaches used for Intrusion Detection.(8).(May 2011)(Dec 2011)(May
2012)(MAY 2014)(NOV 2014]
• Explain the characteristic of firewall and types of firewall.(11) (Dec 2010)(Dec 2011)
(Dec 2013)(Dec 2012) (MAY 2014)[NOV 2014]
• Discuss about various virus countermeasures.(5) (MAY 2014)
• Explain the technical details of firewall and describe any three types of firewall with
neat diagram?(Nov’16)
• Explain how secure electronic transaction (SET) protocol enables e-transactions in
details. Explain the components involved. (Nov/17)
• Discuss how firewalls help in the establishing a security framework for an
organization.(Nov/17)