ptrel Acin Virued

Ihe man purpase of tia

this Vis (s to sedicata and
take actien when it is executid when

Condition is met the virus otll go nto Cctuon and int eet

that aNe specifid tn td AUTOexEC- GAT

th ler in dircto

le PATH

8. Overwnte viruses

Vinu o hi knd i's charatrtSe by He fact that

St deletes tthe informatn Co otaned in the iles

licate it that it infeeti , sendeig them þatially

totay weles ence

ce they hare been iofected.

H. Boot Viruses

Tha type af virus fects the Boot áector of a 4lope

lisk. Tt eeates pobleu at the
a þoblen
disk or hard

Hour systim Bostag state

tine whew

5 Directoy Viruses

Viruces change the paths that to di cate the

Dinrctond
locato of a {ile By eNeclbig a pogam (4le coih
ex tensonExE or:co) which has been nfe tiol
s Enengpti Viuses
hii type o viu Consista enerytd maliiow
Co le The uses wwe
encrytd code teehnie thich
Make euntivin ofhoase tasdly to detect ttunm.

Companton Viuses

Companion iuses can be conidercd frle infector

vinuses ike nesident ctowtoper hey

aekon a

Companion vinses becae That get cnto te

Sytz they" acconpany" he oher files that alady
exist.

Netoork Vinuses

Neook Viuses repiy preal haough a tocal

Nehode lLAN) and Sometine heouyhout Hhe

Area

iternet Gqenerally nehoode ì nucs mel py thioyh

ghae hesources ire shaned elie and oldlers.

 6ome otheu tipes of Viuses.

rep Doors}
erty poiot ota o progam that
Trap dleor is bauteally
ollos &omeone oho is Quoe of toapdoor to

secuity purposes end

oLeeeK, it îs baically used for

Weed to debg
oebg and teat pogram,
by pro9*ammers
method
lo word necenay setup end outhenticatirg
withh
to activ ale poga.m cf some thing
autheticatiow poceduei
oloor s a Secret entoy poiot Loto o paogoam
Ca) A tap loos
of Hhe toa
hat allows Some one that is auoane

thuouyh the wma

acces oithout

Secuily accers procedue.

have been wed legithimately tor mang geas

4 tet ogam
to delg
bt pogramnmes
beeome
2co me threata whew thet
mes to gainintHorised
gauw
un sorupulous programmes
OLeeers.

hat aoganto eheeut

ca) lap oleos res
 Bomb

Jut ke a heal bemb, a Logie bonmb noill ie dormont

wtil toigered by some eent The tiger
The tiger can be

Speei ie olate the numbr of tines exeeuctad, a sandam

nember or eren e specuc eent Such as deletioo

Of

an(employee's payoll aecoel

ta) T îs co cde ebe oleled i eom

legimate prga
that is set to exptole ohew Cetaia o nditiona

C5) Examples of condli ions eue the bresen ce

absence of ran fikty a partular elay o the

week or dat

3. Tojantorses
eplicate itsely wRen load.d
A eojan hore doesn't

a Trojan tose copture ioformdin

en your machihe
Paswods or
from your system -Sueh
maious haeler to remotely control
coulel ollow a

Types o f Trojan torse Viuses

Re mote Acces Trojans

Setting orojans
Passuoord

estMetue Toojans
Jenial o} eni ce Attace Toojns
 A oorm program plicate Hsely and
netoore

aonhechin t infect any machine on the netoone and

vepleate oith ih it yeating up storage and aoug

lon the Compter But w0rms olonot clter or
delet fles

A worm is gimilar to a vins by dexy

Ond is c0derel to be a Subclas of a uis Wotms

com puter to compter but wnlike e viny

Spead on
without
eton
it has a capabilk to toavel er
 FIREWAUS

Ffreuoalls ae efective mean of poteig a local

or netoovk of om netwok based

cysterns

Securtt threata vohde aordig vacces to the outside

world vìa WAN or Hhe Intenet

Ln other worda "A Cire uoall ís a

ensure that the inside in forma

mechanism ohic

also revent the outsider

-tion remain inside nd

attac ken hom entering dosider ca corpordh netose .

Pirtwall
Corporae nehsork

Fireuoall.
 anacteristi es of hood fireoall

Atl taie hom incide to outside mut pass though

firesall.

the tratie authoni3ed

authon 3ed cs per the locat secui
poliey shoulad be alo wed to þass Hhuouy

3 The fituwall tteey ut be stong enouthy soto

render attacds on it usele

frRELOALLS

PACKET CIRCUIT APPLICATIDN

PILTERING LE VEL LEVEL
GATEJAY UATE w AY.
PIREJALL

As the name
1 Packel Filter: sa
sggea, packet filter appliea
eu Set of sules to each packet and en the
outcome oleei dles to either forward or iscard th packel
or sercenig router:
Lt Ls also called Sereening Prltey

A Packet filter performs the follouoiag funcian'

ORecei ve each packet a it auires.

Pase the packet theough a sel of hules, based on

he contents of he TP and tansp ort heaoler lelda

 of the pa chet T( there is a Match wih one of
Hhe set of ules )
y decile ahether to accept or

dis carel patket besed on tha tule

coud pecify olisallow all

A ule tocaming

from an îP cdde 1s 2419:o

VbP header as the

or lisallo uw all tayie Hhat wses

iyhr laer fotecol:

IHB29:to -o| 2ource

addes
IP;-|ST 29-1

11229-Jo 02

Thominp packet.
Phecket
)1B29-)o 'o3, ! tey

STOP

Packet filterig deeatig the

Le addres attack
hoofup

Adventage

Linplicilq

to uses.
Disaduantoges

Diffical ty of sott fng op patket fillesvules

2. lactk of Au thenticatuog

Gireuit deel cateaas

The Second generation of firuoall erhiteetures sith

Called as
reearch in ciruit nelays which uce
eircit leuel
gateaony
Cue el as Tep
cireuit level gateoa
connectin to ob seve handhakng beoeeo the packelt

to ensure Ses (slegibim ate

The ire uoall hen cheeke o see ef the

host has permission to Send to the destinatin

sandig
host has perission to e ceive
and thal the He
neceivig
He connectien is a cceplabley
from the Sender. T

are hiouyh fieoal oith

all packets houted

testa
mee secuily

des bap two TcP Connections

itsely aud anner Ter Vser,

> Gne betoeen
t sely a outsie Tep tost.
Second between

Tee feos
Ca) The sclays gment
gateuony typicalay the contant.
hoithowt exnininy
Lon to the other
Conne cton examinig
29
9) The seeuuil funeton ista of determing cahieh

conneetion il be alouoed

Cruut level yaleo

Outside
Connechi

Out
Owtside
tHost
Dut)
Ineide
Out
-
Tnsidle Hot
Circuit kerel aateay

ddwantae.
is that they ae
The advanlage of i reit level gatuoy
fatr thaw appicatui lerel gatesays oue
bee they befom

Lez
þroceing
(les eualuations )and eanthey poteet

natvook by connections beteen Lntena

blockug

Sources and taternal hosta

isadantag

cireuit aetay
leel ae Hal Can't

heehic acees 4o protoco) Aubeta other han tep.

& Applicahion leel aatways
-i The thind genetatow offreuoall arehitectures callee

Alali catow teiel pticalin leel gateoay

or proxy feualls ave softunre applieations wth

thoo primany modes Cpoxy seyer or proxy cliny

want to connet
When a ueer n a tusted netook
Tnterret,
to a sevice On an untusteo netwok &ueh as

to proxy Serr
Serer on the firet
He hequt is directed

to
to be the eal senver On
3- The proxy sener prtends
he Tnternet . Tt checes the egest and decioles whth

based an a set of ules

to pernit the seaeat

the sener penes the eyet

4. T; He vequeat is qppovedy

to thee þroxy cient , ohich contacts the yeal

Qe
seer tn
made to
Tnternet Conneetion faom Tnternel

poxy clit

method ensures tHhat all

This
iocomng
Conneetions ae aloga made toih the clienty

cloays made
coi
eonneetuons CUle
wohile

Prox ener:
 Atblcatn -lere ateay.
otlde
wnneeti Tnclde
Tel net Connechior

PTP
SMTP
Outside
HTTP Jnside
Host
Host

a- Apblkeationv leel cateoay

Adyantages
bens.
} Higher seeuny then peket
scrutinize aa feo
sCrutinize alloable applieatuons
Only nee d -to

3 Easy to Log and audit al

Disadsantye

tddlitional poesing oerhead on eachcon necton

phoceing
286 Cryptography and Network Security

Client
TSA

SETS
Onginal Message Message
message Digest Digest
Algorithm

EFig. 6.24 Client calculates a message digest of the original message

Client
Step 2: Time Stamping Request
TSA
Message
Digest

EFig.6.25 Time stamping request

Clien TSA
Step 3: Time Stamping Response

EFig. 6.26"Time stamping response

The PKIX model mandates a number of requirements on a TSA. The TSA must use a trustworthy

time source. It must time stamp a message digest. It must not include any identification of the
requesting entity (client) in the timestamp.

6.7 Secure Electronic Transaction (SET)

6.7.1 Introduction

The Secure Electronic Transaction (SET),s an open encryption and security

specification that is
designed for protecting creditcard transactions onthe Internet. The pioneering work in this area was
 Internet Security Protocols 287

done in 1996 by MasterCard and Visa jointly. They were joined by IBM,Microsoft, Netscape, RSA,
Terisa and VeriSign. Starting from that time,there have been many tests of the concept and by 1998 the
first generation of SET-compliant products appeared in the market.

The need for SET came from the fact that MasterCard and Visa realized that for e-commerce
payment processing, software vendors were coming up with new and conflicting standards.Microsoft
mainly drove these on one hand, and IBM on the other. To avoid all sorts of future
incompatibilities,
MasterCard and Visa decided to come up with a standard,ignoring all their competition issues and in the
process, involving all the major software manufacturers.

SET is not a payment systemeInstead, it is a set of security protocolsand formats that enable the
users toemploy the existing credit card payment on the Internet in a secure manner.
infrastructure SET
seryices can be summarized as follows:

1. It provides a secure communication channel among all the parties involved in an e-commerce
transaction.

2: It provides authentication by the use of digital certiffcates.

3It ensures because the information is only available
confidentiality, to the parties involved in a
transaction and that too only when and where necessary.

SET is a very complex specification. In fact, when released, it took 971 pages to describe SET
across three books! (Just for the record, SSL Version 3 needs 63 pages
to describe). Thus, it is not
possible to discuss it in great dejail. However,we shall summarize the key points.

6.7.2 "SET Participntg

Before we discuss SET, let ús summarize the participants in the SET system.
Cardholder: Using the Internet, consumers
and corporate purchasers interact with merchants for
buying goods and services. A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer (discussed subsequently).
• Merchant: A merchant is a person or an organization that wants to sell goods or services to
cardholders. A merchant must have a relationship with an Acquirer (discussed subsequently) for
accepting payments on the Internet.

• Issuer: The issuer is a financial institution (such as a bank) that provides a paymentcard to a
cardholder. The most critical point is that issuer is the ultimately responsible forthe payment of the
cardholder's debt.
• Acquirer: This is a financial institution
relationship has a
with merchants for processing
that
payment card authorizations and payments. The
reason for having acquirers is that merchants
accept credit cards of more than one brand, but are
e not interested in dealing with so many
bankcard organizations or issuers. Instead, an acquirer
provides the merchant an assurance (with
the help of the issuer) that a particular cardholder account is active and that the purchase amount
does not exceed the credit limits, etc. The acquirer also
provides electronic funds transfer to the
merchant account. Later, the issuer reimburses the
acquirer using some paymentnetwork.
• Payment Gateway: This can be taken up by the acquirer or an
organization as a dedicated
function. The payment gateway processes the payment messages on
behalf of the merchant.
Specifically in SET, the payment gateway acts as an interface
between SET and the existingcard
payment networks for payment authorizations.The merchant exchanges
SET messages with the
the Payment tansaction the tanfer
faupoenl oluusay -fouiaes
iofofmation be'we en paymenw pnll and the faltend
oY acnainng bonk,
 288
Cryptography and Netvork Security

A2 payment gateway over the Internet. The payment

gateway, in turn, connects to the acquirer's
s systems using a dedicated network line in most cases.
. Certification Authority(CA): Aswe know, this is
an authority that is trusted to provide
key certificates to cardholders, public
merchants and payment gateways.In fact,
the success of SET. CAs are very crucial t

6Z3 The SET Process

Met us nowtake a simplistic look at the SET process before we delrbe

ribe the:technical
the details of the SET
process.

1. The customer opens an account The customer opens a credit card accountksuch as
MasterCard or Visa) with a bank (issuer) that
supports electronic payment mechanisms and the
SET protocos
2. The customer receives a certificate Afterthe cstomer's identity is
verified(with the help of
details such as passport, business documents etc.), the customer receives a
a CA,The certificate digital certificate, from
also contains details such as the customer's public key and its expiration
dáte.

3.The merchant receives a certificate= Amerchant žhat wants to accept a certain brand of credit
cards must possess a digital certificate.
4. The customer places an order This is a - shopping cart process wherein the customer
typical
browses the list of items available, searches for specific
items, selects one or more of them
places the order. The merchant, in turn, sends back and
details such as the list of items
selected, their
quantities, prices, total bill, etc..back to the customer for his record,
with the help of an order
form.
5. The merchant is verified (The merchant also.sends its digital certificate tothe customer. This
assures the customer that he is dealing with a valid merchant
The order and payment
details are sent -The-customer sends both the order
6.
and payment
detaits to
the merchant along with the customer's digital
certificate) The order confirims the
purchase transaction with reference to the items mentioned in the
contains
order formThe payment
creditcard
details.However,the payment information is so encrypted that the
cannot read it. The customer's certificate merchant
assures the merchant of the customer's identity.
7. The merchant requests payment
authorization -<The merchant forwards the payment details
sent by the customer to the payment
gateway via the acquirer (or to the acquirer if the acquirer
also acts as the payment gateway) and
requests the payment gatewaý to authorize the payment
(i.e. ensure that the credit card is valid
and that the credit limits are not breached).
8. The paymentgateway authorizes the payment Using
information receivedthe credit card
from the merchant, the payment gateway verifies the details ofthe
customer's credit card with the
ohelp of the issuer, and either authorizes or rjects the payment
9. The merchant confirms the order -Assuming that the
payment gateway authorizes the
payment, the merchant sends a confirmationof the order to the customer
10. The merchant provides goods or services (Themerchant now
ships the goods or provides the
services as per the customer's order.)
11. The merchant requests payment-The payment gateway receives a
request from the merchant
for making the payment. The payment gateway interacts with the various
financial institutions
 to dink
unk tioo messageuhat
signatiues
is
is

he Purpose of bual users.

dor twb olifferent (or)
iatended nformaton
ale the oreler
outa to Send
bank
the castomer (PI) t the
infornaion
and Payment eatomer's
to the
merchant knoo the
oloes
ut seqie to
mot egie
merchant oloes
The bank
3
number and tte
eard
Veiedit order
of eusto mers
the details
signalue gnatues
Theu clual of Bual
ai generatun Dwner's peival)
earo
steps
PRe

PIHPIMD HPoMDe Sual

(Hasth funtin)

-
Paoceig
Aaps

0 Purehau Repest
Authonatin
fagmnt
Paymnt captur
O furehae Requst - Merchaul

furchase Request, it
heceives Hhe
when the metcha
a) Veriies the card hol der's eartifieates buy ueans o it
CA cinatie
b) Veifie the signatue eeated over PI cund oT
order ha
Cared holdr's publie key Thes ensures thal
that boad
not bee tampered oi, while tansot
n andl

the card fholder's ivate key

Payment Pnfor
and for woard s the
Proceenes the orcer
4or authoiBatis
- cotiew (PI) the for
lagmat gatemy
to

back to the ardholder.

d) Sends a Purehae Reoponse
Reeust
PI
Mesage

Passed B
fo
merehaut

+
Juat' ijnal
bnvelope

gesiof
key
+ fagnl
batay
PIMD

ToL

Recived

RSAO'
Sual by merchant

Payment noalus
PI-OHcler Card holders
o1:- Cnormaion Cet eal

PIMD:- Payment nyormaion

westage diget
01MD Oderffmatin meye

ksi- Tenporary &ymmeli key

PUg!- Bank 's Publi ky.

tow custoer Sends fureha Resueat

 Paxed on b merehant to

Paymnt aateusng.

PoMD

+
Compane
OTmD

POMD
Decy ptin Rad
Caelhedy

Plg:- Merthant vevi ies Customer Purehase Requet.

Paypment tuthoizahion of toonanages

eonsiskt
Authonzation
ex
erchange
The Payment

D Authoi Sathien Requesti

Requet is prepaned by he
tuthaisatin
y ohick
to the Payment Cateuoay
merchant This ts sent

eletails
conist of tollooing
coain
relatedlto Hhe Purthael- This bloek
Ca) Dutormatio

, Caleelate o over PL
foyent ntormatun (P1)

by cad boldur ,(o)

dualignatue
Menae iet (otMO)an
d Authon 3atin Ralated Trformatini

Tn order that Payment Gateoay trutk the meas

mesag eomug
foro

Hh mechant , Hhe merchant takes hana attor id gsignitan4

key This key
it wih a one- time stmmese
encypts oikh Publie key of lane.
generated by nerhaut entnypto
also seud Bigital Eryelape.
Alomg oih Hhia the murehou

Thenee ded or neeetary cetifeais

Sigital Cortifi cale eehan
ae attacuel. For Hhis

eaholder's el'gital teshficale for vengg the

Sends the
ignatune andl the merehant'seligital
Cavd holdey's digilal

needed for verfying merchantls

vterhicate

(a) Purchae Infomt

(b)Author2ation In to
Ce) Card holdersand
y cestiicates Patpment
Merchant aatecay

Authoi3atin Requst:
fig:

Authi 3ahon Response

this

Tn step

baek
sler

en
, he payment
utho Bation
gateuy cenda
Response

uesage to he Merchant. Thu metage contana he

folteingi
a) Authon3atio helate ad bloek

The autthoi 3atim block prpaned by paty ment latesy

woih Hhe payment ateuoay's piuate key. Tn In addibiong

one -hime tandomly coeateol

key is genuated at
at un tne geneteo
Sym meie key. Th
Cn orer hat the me rchant be abl to ope
by the gateuoay
the ne- hne
Hhi ble clk y the payment gateway encype

)
)
Symmebne ky wih

Captue

gital
token informationi-

Certficale ll
the merchant s puli'e key.

The
SET
This

payment
block as

gateoay
hothing do in

Hfeate s C's a lso i cuded n te meesage

Authoization'
Informatlo
Token information

8My di'gi tal

Ceriicote
Patgoat
Merchan uateay

fia! Authoñ 2ahon Respome

the
we this authoizaon Romn the
payment ateayy
merchant can paovide the grod oY Serices to the

Cer l holoer.
 Pay ment Copliae

for Dbtaining payment , the meyhant enages the

Caplire taansacHon
payment

gateuoay iw Payment

It also eontaine too mesc agesi

Captiue Reaueat
Caphue Response

Step li Captue Request t

Here erchant erealEs Capte Reest bloce
wih the tansaction td
contana the aount to be paid
Por mon-repudli ation
prouidig toleen
contain entnypted caplre tol
is s Cgned as well as encryptedit also

At this gateusay eceives the

Alage Payment
Tt
Capue ret nmexage. It needs to

block
erify it
. It
Tt also denq pi
Capue Resueat
the
alve olemp Then puyment qate ay
captue tokew
aud veniho the
toleen
and Caplne token
ae
tat Caplue Request

Co nsistent wih eoeh other.

a
a phyment leaig
Tt then pre parcs
issuer beunk over
the
seperale a
to
ceest that is Sent
0etuook However it is

prioalz payment yste

to he merchants
to
thaheul a toto a tund toanter
equst
C ceo nt
 Amounl
Mydigita)
cepal Patymet
Merhant
Cuateny

f caplae Resueat

stepi Caphue Reaponse

In thi measage , the Payment

The
gateusay
me
noti fies

age ces
in
the
a
Merchant of the payment

"Captare Reyponye bleck" ,wheh is <igned and entgpteol

Hhe
Palgrment qaoy
For veificatuon purposes ,
thà menay eek

lso Contains he pattment gateny ligial eestfat

The eehant prote this menage aws stoea teinyomtn
pro tenes
pay ent Heeeved foomthe bane
theein ter tallg woi m Hh
Lalr

Caplne
Respen
tetijcatz

Merehau Paymen
sET Conclusion
Tt slhould bt cowe lear that although L and sET au boHu
Seure exchange of oformati
used tor faeilitat
Ther purposes e quate diffucnt

of doformatin of awy kind bethwetn

used tor Secure erehange

only thoo pasies (elienk serer), seT is & peeifi cally elesigned

e-coMmere tranAaeh'oy.
for conduting au a
called
SET aowe a third pag
issues as eredit
pagment aateay
) ohich is esponsible
for

ele.
the merchant
payment to

Cardl auhorizatusn
deals i h

too paries.
dlecgption of nformation betoeen

FiNTSH