Upload
rmkumars
View
215
Download
0
Embed Size (px)
Citation preview
7/28/2019 CNS UNIT-4
1/51
UNIT-IV
NETWORK SECURITY, FIREWALLS AND WEB
SECURITY
SUBMITTED BY,
M.SHENBAGAVALLI (111865)
R.SUJITHA (111866)
M.SUNDARA MAHALAKSHMI (111855)
B.VANAJA (111867)
7/28/2019 CNS UNIT-4
2/51
(2 MARKS)
FIREWALL
1) DEFINE FIREWALL?
1. Acts as a security gateway between two networks
Usually between trusted and untrusted networks (such as between a
corporate network and the Internet)
2. Tracks and controls network communications
Decides whether to pass, reject, encrypt, or log communications
(Access Control)
2) WHY FIREWALLS ARE NEEDED?
Prevent attacks from untrusted networks Protect data integrity of critical information
Preserve customer and partner confidence
3) WHAT ARE THE DIFFERENT TYPES OF FIREWALL?
hardware firewall
software firewall
4) GIVE SOME GENERAL FEATURES OF FIREWALL?
Port Control
Network Address Translation
Application Monitoring (Program Control)
Packet Filtering
5) DEFINE HARDWARE FIREWALL?
It is just a software firewall running on a dedicated piece of hardware or
specialized device.
Basically, it is a barrier to keep destructive forces away from property.
to protect your home network and family from offensive Web sites andpotential hackers.
6) WHAT ARE THE DIFFERENT TYPES OF HARDWARE FIREWALL?
1. Packet-filtering router
2. Stateful Inspection firewalls3. Application-level gateway
4. Circuit-level gateway
7/28/2019 CNS UNIT-4
3/51
5. Bastion host
7) WHAT IS PACKET FILTERING?
Work at the network level of the OSI model
Each packet is compared to a set of criteria before it is forwarded
Packet filtering firewalls is low cost and low impact on network performance
8) WHAT IS CIRCUIT LEVEL PROXIES IN FIREWALL?
Circuit level gateways work at the session layer of the OSI model, or the TCP
layer of TCP/IP
Monitor TCP handshaking between packets to determine whether a requested
session is legitimate.
9) GIVE ABOUT APPLICATION LEVEL PROXIES?
Application level gateways, also called proxies, are similar to circuit-levelgateways except that they are application specific
Gateway that is configured to be a web proxy will not allow any ftp, gopher,telnet or other traffic through
10) WRITE ABOUT STATEFUL MULTILAYER INSPECTION?
Stateful multilayer inspection firewalls combine the aspects of the other three
types of firewalls
They filter packets at the network layer, determine whether session packetsare legitimate and evaluate contents of packets at the application layer
11) WHAT ARE THE FUTURES OF FIREWALL?
Firewalls will continue to advance as the attacks on IT infrastructure become
more and more sophisticated More and more client and server applications are coming with native support
for proxied environments
Firewalls that scan for viruses as they enter the network and several firms are
currently exploring this idea, but it is not yet in wide use
12) WHAT ARE THE LIMITATIONS OF FIREWALL?
cannot protect from attacks bypassing it
cannot protect against internal threats
cannot protect against transfer of all virus infected programs or files
7/28/2019 CNS UNIT-4
4/51
13) WHAT ARE THE ATTACKS ON PACKET FILTERS?
IP address spoofing
source routing attacks
tiny fragment attacks
14) DEFINE BASTION HOST?
highly secure host system runs circuit / application level gateways
or provides externally accessible services
potentially exposed to "hostile" elements hence is secured to withstand this
hardened O/S, essential services, extra auth
proxies small, secure, independent, non-privileged
15) WRITE ABOUT ACCESS CONTROL?
determines what resources users can access
general model is that of access matrix with
subject - active entity (user, process) object - passive entity (file or resource)
access right way object can be accessed
can decompose by
columns as access control lists
rows as capability tickets
16) WHAT DO YOU MEANT BY TRUSTED COMPUTER SYSTEM?
information security is increasingly important
have varying degrees of sensitivity of information subjects (people or programs) have varying rights of access to objects
(information)
known as multilevel security
want to consider ways of increasing confidence in systems to enforce theserights
17) WHAT ARE THE KEY POLICIES OF BLP MODEL?
no read up (simple security property)
no write down
7/28/2019 CNS UNIT-4
5/51
18) WHAT ARE THE DESIGN GOALS OF FIREWALL?
The design goals of firewall are:
1. All traffic from inside to outside, and vice versa, must pass through the
firewall.2. Only authorized traffic, as defined by the local security policy. Will be
allowed to pass.
3. The firewall itself is immune to penetration.
IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY
ASSOCIATION
1.What is IP Security?
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)communications by authenticating and encrypting each IP packet of a communication
session
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet
Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security
gateway and a host.
2.List benefits in IP security?
Benefits:
In a firewall/router provides strong security to all traffic crossing theperimeter
in a firewall/router is resistant to bypass
is below transport layer, hence transparent to applications
can be transparent to end users
can provide security for individual users
secures routing architecture
3.List IP security Protocols.
IP security consist of two Protocols to provide security
Authentication Header
http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Internet_Layerhttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Internet_Layerhttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Encryption7/28/2019 CNS UNIT-4
6/51
AH provides authentication and integrity, which protect against data tampering, using the
same algorithms as ESP. AH also provides optional anti-replay protection, which protects
against unauthorized retransmission of packets. The authentication header is inserted intothe packet between the IP header and any subsequent packet contents.
Encapsulating Payload
1 provides message content confidentiality & limited traffic flow confidentiality
2 can optionally provide the same authentication services as AH. ESP provides
authentication, integrity, and confidentiality, which protect against data tampering and,
most importantly, provide message content protection.
4.What are the modes of operation in IPSecurity?
2 modes of operation
Transport mode:
transport mode is used to encrypt & optionally authenticate IP datadata protected
but header left in clear can do traffic analysis but is efficient
good for ESP host to host traffic
Tunnel mode:
Tunnel Mode: protect the entire IP payload
tunnel mode encrypts entire IP packetadd new header for next hop
good for VPNs, gateway to gateway security
5.What is the purpose of security association?
An IPsec security association (SA) specifies security properties that are recognized bycommunicating hosts. A single SA protects data in one direction. The protection is eitherto a single host or to a group (multicast) address. Because most communication is either
peer-to-peer or client-server, two SAs must be present to secure traffic in both directions.
The SAs allow an enterprise to control exactly what resources may communicatesecurely, according to security policy
6.What are services in IP security?
Connectionless integrity
Assurance that received traffic has not been modified. Integrity includesanti-reply defenses.
Data origin authentication
Assurance that traffic is sent by legitimate party or parties.
Confidentiality (encryption)
Assurance that users traffic is not examined by non-authorized parties.
Access control
Prevention of unauthorized use of a resource.
7/28/2019 CNS UNIT-4
7/51
7.Differnces between Transport mode and Tunnel mode
In transport mode, the outer header determines the IPsec policy that protects the inner
IP packet. , if the next header is an IP header, the outer header and the inner IP header canbe used to determine IPsec policy.
In tunnel mode, the inner IP packet determines the IPsec policy that protects its
contents.the inner IP header, its next header, and the ports that the next header supports,
can enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does notdictate the policy of its inner IP datagram.
8.What are authentication and encryption algorithms used in IP Security?
Authentication Algorithms in IPsec
Authentication algorithms produce an integrity checksum value ordigest that is based on
the data and a key. The AH module uses authentication algorithms. The ESP module canuse authentication algorithms as well.
Encryption Algorithms in IPsec
Encryption algorithms encrypt data with a key. The ESP module in IPsec uses encryption
algorithms. The algorithms operate on data in units of a block size.
9.What is the purpose of using SPI in IP Security?
In order to decide what protection is to be provided for an outgoing packet, IPsec
uses the Security Parameter Index (SPI),
uniquely identify a security association for that packet.
10.List the parameters ued in Authentication Header?
Next Header(1 byte): Contains the protocol number of the next header after the AH.
Used to link headers together.
Payload Length(1 byte): Despite its name, this field measures the length of theauthentication header itself, not the payload. It is measured in 32 bit units, with 2
subtracted for consistency with how header lengths are normally calculated in IPv6.
Reserved(2 byte): Not used; set to zeroes.
Security Parameter Index (SPI)(4 byte): A 32-bit value that when combined with thedestination address and security protocol type (which here is obviously the one for AH)
identifies the security association to be used for this datagram
7/28/2019 CNS UNIT-4
8/51
Sequence Number(4 byte): This is a counter field that is initialized to zero when a
security association is formed between two devices, and then incremented for each
datagram sent using that SA. This uniquely identifies each datagram on an SA and is usedto provide protection against replay attacks by preventing the retransmission of captured
datagrams.
Authentication Data(variable): This field contains the result of the hashing algorithm
performed by the AH protocol, the Integrity Check Value (ICV).
11.List the parameters in ESP
Security Parameters Index (32 bits)
Arbitrary value used (together with the destination IP address) to identify the
security associationof the receiving party.
Sequence Number (32 bits)
A monotonically increasing sequence number (incremented by 1 for every packet
sent) to protect against replay attacks. There is a separate counter kept for everysecurity association.
Payload data (variable)
The protected contents of the original IP packet, including any data used to
protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm).The type of content that was protected is indicated by the Next Header field.
Padding (0-255 octets)
Padding for encryption, to extend the payload data to a size that fits theencryption's cipherblock size, and to align the next field.
Pad Length (8 bits)
Size of the padding (in octets).
Next Header (8 bits)Type of the next header. The value is taken from thelist of IP protocol numbers.
Integrity Check Value (multiple of 32 bits)
Variable length check value. It may contain padding to align the field to an 8-
octet boundary forIPv6, or a 4-octet boundary forIPv4.
12.Explain ESP Process in Encryption and decryption?
ESP also provides all encryption services in IPSec. Encryption translates a readable
message into an unreadable format to hide the message content. The opposite process,called decryption, translates the message content from an unreadable format to a readable
message.
Encryption/decryption allows only the sender and the authorized receiver to read the data.In addition, ESP has an option to perform authentication, called ESP authentication.
Using ESP authentication, ESP provides authentication and integrity for the payload and
not for the IP header.
http://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Monotonichttp://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Block_cipherhttp://en.wikipedia.org/wiki/Block_cipherhttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Monotonichttp://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Block_cipherhttp://en.wikipedia.org/wiki/List_of_IP_protocol_numbershttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv47/28/2019 CNS UNIT-4
9/51
13.Why ESP does not encrypt ESP Header?
The ESP header is inserted into the packet between the IP header and any subsequent
packet contents. However, because ESP encrypts the data, the payload is changed. ESPdoes not encrypt the ESP header, nor does it encrypt the ESP authentication.
14.What are the parameters used in Security association?
The following three elements uniquely identify an IPsec SA:
The security protocol (AH or ESP)
The destination IP address
The security parameter index (SPI)
15.Explain security mechanism in Authentication header and ESP
AH protects the packet's origin, destination, and contents from being tampered with, the
identity of the sender and receiver is known. In addition, AH does not protect the data's
confidentiality. If data is intercepted and only AH is used, the message contents can beread. ESP protects data confidentiality. For added protection in certain cases, AH and
ESP can be used together.
KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS
LAYER
1. Define key management?
http://docs.oracle.com/cd/E19963-01/html/821-1453/glossary-1.html#glossary-94http://docs.oracle.com/cd/E19963-01/html/821-1453/glossary-1.html#glossary-947/28/2019 CNS UNIT-4
10/51
Key management is the management of cryptographic keys in a cryptosystem.
This includes dealing with the generation, exchange, storage, use, and replacement of
keys. It includes cryptographic protocol design, key servers, user procedures, and other
relevant protocols.
Key management concerns keys at the user level, either between users or systems.
This is in contrast to key scheduling; key scheduling typically refers to the internal
handling of key material within the operation of a cipher.
2. What are the types of key management?
There are two types of key management
1.Manual key Management
2.Automated key Management
3. Define Manual Key management?
A system administrator manuually configures each system with its own keys and
with the keys of other communicating systems.This is practical for small relatively static
environments.
4. Define Automated key Management?
An automated system enables the on demand creation of keys for SAs and
facilitates the use of keys in a large distributed system with a evolving configurations.
5.what are the default automated key management protocol for IP Sec?
Oakley key determination protocol
Internet security association and key management protocol(ISAKMP)
6.What are the features of Oakley?
It employs a mechanism known as cookies to thwart clogging attacks.
It uses nonces to ensure against replay attacks
It enables the exchange of Diffie-Hellman public key values
It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack
7.What are the authentication methods that can be used with Oakley?
Digital Signnature
Public Key Encryption
Symmetric key Encryption
http://en.wikipedia.org/wiki/Key_(cryptography)http://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Key_server_(cryptographic)http://en.wikipedia.org/wiki/Key_schedulinghttp://en.wikipedia.org/wiki/Key_(cryptography)http://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Key_server_(cryptographic)http://en.wikipedia.org/wiki/Key_scheduling7/28/2019 CNS UNIT-4
11/51
8.Define ISAKMP?
ISAKMP defines procedures and packet format to establish, negotiate, modify
and delete security associations. As part of SA establishment, ISAKMP defines payloads
for exchanging key generation and authentication data. This payload format provide a
consistent framework independent of the specific key exchange protocol, encryption
algorithm, and authentication mechanism.
9.Define ISAKMP exchange?
ISAKMP provides a framework for message exchange, with the payload types
serving as the building blocks. The specification identifies five default exchange types
that should be supported. SA refers to an SA payload with associated protocol and
transform payloads.
10.What are the types of ISAKMP exchange?
Base Exchange
Identity Protection exchange
Authentication only exchange
Aggressive exchange
Informational exchange
SSL
1.Define SSL?
Secure Socket Layer provides security services between TCP and applications
that use TCP. The internet standard version is calles Transport Layer Service(TLS)
SSL provides confidentiality using symmetric encryption and message integrity
using a message authentication code.
Two important SSL concepts are SSL session and SSL connection.
2. Define SSL session?
An SSL session is an association between a client and a server, sessions are
created by the handshake protocol. Sessions define a set of cryptographic security
parameters, which can be shared among multiple connections.
Sessions are used to avoid the expensive negotiation of new security parameters
for each connection.
7/28/2019 CNS UNIT-4
12/51
3. Define SSL connection?
Connection is a transport that provides a suitable type of service. For SSL such
connections are peer to peer relationships. The connections are transient every connection
is associated with one session.
4.What are the parameter of SSL session state?
Session identifier
Peer Certificate
Compression method
Cipher spec
Master secret
Is resumable
5. What are the parameter of SSL connection state?
Server and client Random
Server write Mac secret
Client write Mac secret
Server Write key
Client write key
Sequence number
6. What are the two services provides by SSL record protocol?
Confidentiality
Message Integrity
WEB SECURITY REQUIREMENTS
1.Define web security?
7/28/2019 CNS UNIT-4
13/51
WS-Security (Web Services Security) is a proposed IT industry standard that
addresses security when data is exchanged as part of a Web service. WS-Security is one
of a series of specifications from an industry group that includes IBM, Microsoft..
WS-Security specifies enhancements to SOAP (Simple Object Access Protocol)
messaging aimed at protecting the integrity and confidentiality of a message and
authenticating the sender. WS-Security also specifies how to associate a security token
with a message, without specifying what kind of token is to be used. It does describe how
to encode X.509 certificates and Kerberos tickets. In general, WS-Security is intended to
be extensible so that new security mechanisms can be used in the future.
2.what are the requirements of web security?
Global approach
Local approach
Bi-directional and multiprotocol
Throughout the enterprise
Granular application control features
Multiprotocol data loss prevention
Flexible deployment options
Multifunction
Manageable
3. what are the steps to achieve compliance?
The five steps to achieve compliance are
Discover and learnFind all your sensitive data wherever it may be
Assess riskEnsure secure data handling procedures are in place
Define effective policiesCreate policies to protect data and test them for effectiveness
Apply controlsRestrict access to authorized people and limit transmission
Monitor, report and auditEnsure successful data security through alerting and
incident management
http://searchsoa.techtarget.com/definition/SOAPhttp://whatis.techtarget.com/definition/messaginghttp://searchsecurity.techtarget.com/definition/Kerberoshttp://searchsoa.techtarget.com/definition/SOAPhttp://whatis.techtarget.com/definition/messaginghttp://searchsecurity.techtarget.com/definition/Kerberos7/28/2019 CNS UNIT-4
14/51
TRANSPORT LAYER SECURITY
1. What is TLS/SSL?
TLS is the successor to Secure Sockets Layer (SSL), an older cryptographic
protocol. TLS/SSL can be used to create a secure environment for web browsing,
emailing, or other client-server applications.
TLS/SSL encryption requires the use of a digital certificate, which contains
identity information about the owner as well as a public key, used for encrypting
communications. These certificates are installed on a server; typically, a web server if the
intention is to create a secure web environment, although they can also be installed on
mail or other servers for encrypting other client-server communications
2. How to secure a web server with TLS/SSL?
This is the probably the most common application of TLS/SSL. If used with a
web server, TLS/SSL can encrypt online transactions and confidential data relayed
between a user's web browser and a website. A secured web server can be identified by a
padlock symbol at the bottom of the browser window or in the address bar, as well as by
a URL that begins with https rather than http.
3. How to Secure a mail server, database server, or directory server with TLS/SSL?
TLS/SSL can be used with mail servers to encrypt email messages. An email that
was sent with TLS/SSL encryption may display a ribbon or other icon in the recipient's
email client. TLS/SSL can similarly be used with database and directory servers to
encrypt server queries
4. How to secure a virtual private network (VPN) with TLS/SSL?
TLS/SSL can be used by a VPN appliance to encrypt the connection between a
remote user's computer and the network being accessed. For more information on how
7/28/2019 CNS UNIT-4
15/51
TLS/SSL works with VPN, see TechSoup's article Four Tools for Private
Communication.
5. How does TLS/SSL Works?
A TLS/SSL session is authenticated with what is known as a "handshake." The
client first sends the server a "hello" message that lists the client's supported
cryptographic capabilities. Being a well-mannered machine, the server send back a
"hello" message of its own with a choice of one of the listed cryptographic methods, to
ensure the client and server will be able to speak the same language.
The server then sends its TLS/SSL certificate, which contains its public key, and
may request a certificate from the client if client-authentication is necessary. The client
checks that the certificate from the server is valid (if an untrusted certificate was installed
on a web server, this is when a security warning would pop up in a web browser) and
sends its own certificate if necessary
The client then sends a random number that has been encrypted with the server's
public key. After this number is decrypted by the server, the client and server will have a
common key that can be used to the send and receive data that only the pair of them can
understand. Both the client and server then send messages notifying the other that all
further communication will be encrypted and both send final messages that are actually
encrypted, ending the handshake and allowing encrypted data exchange to begin.
6. What are the advantages of transport layer security?
Increased flexibility. Parts of the message, instead of the entire message, can be
signed or encrypted. This means that intermediaries can view the parts of the
message that are intended for them. An example of this is a Web service that
routes a SOAP message and is able to inspect unencrypted parts of the message to
determine where to send the message, while other parts of the message remain
encrypted. For an example of this, see the Perimeter Service Router pattern in
Chapter 6, "Service Deployment Patterns."
http://www.techsoup.org/learningcenter/internet/page6044.cfmhttp://www.techsoup.org/learningcenter/internet/page6044.cfmhttp://www.techsoup.org/learningcenter/internet/page6044.cfmhttp://www.techsoup.org/learningcenter/internet/page6044.cfm7/28/2019 CNS UNIT-4
16/51
Support for auditing. Intermediaries can add their own headers to the message and
sign them for the purpose of audit logging.
Support for multiple protocols. You can send secured messages over many
different protocols such as Simple Mail Transfer Protocol (SMTP), File Transfer
Protocol (FTP), and Transmission Control Protocol (TCP) without having to rely
on the protocol for security.
7. What are the uses of TLS?
TLS is used in e-commerce transactions
TLS prevents the server, client, or points in between, from accessing secure
information
Protecting access to secure information
For instance a company with 2 clients whom compete with one another might
want to ensure that neither could access each others information in web based
communications, or forums.
8. What are all the applications that Utilize TLS?
One of the biggest types of software to use TLS is Web Browsers. That said other
Internet applications, as well as intranet applications can take advantage of the
technology. FTP browsers, and Telnet or SSH clients can also use TLS. Operating
Systems can use TLS to make Virtual Private Networks
9. What are all the disadvantages of TLS?
Embedded in the application stack (some mis-implementation)
Protocol specific-need to duplicated for each transport protocol
Need to maintain context for connection (not currently implemented for UDP)
Doesnt protect IP addresses & headers
7/28/2019 CNS UNIT-4
17/51
10. Discuss about the Protection Scope Decision Matrix
Security
consideration
Message layer Transport layer
Your application
interacts directly
with the Web
service.
Message layer protection is
usually more CPU intensive than
transport layer protection.
Transport layer HTTPS
provides full message
protection.
Web services are
hosted on a
system that does
not support
Windows
Integrated
Security.
Authentication can be performed
by passing credentials in the
message.
Basic over HTTPS could be
implemented. However, it
would require manipulation of
message headers.
Your company has
a firewall in place
between
applications and
Web services.
Message layer security is not
affected by standard firewalls.
It is not uncommon for port 443
to be opened to support HTTPS.
You have
nonrepudiation
requirements.
Supports persistence of messages
that include digital signatures,
which can be used to support
nonrepudiation requirements.
You can use authentication with
X.509 client certificates to
support nonrepudiation.
11. What are the Mapping The Security Parts of TLS to Federal Standards
7/28/2019 CNS UNIT-4
18/51
Mechanism SSL (3.0) TLS 1.0 FIPS
Reference
Key
Establishment
RSA DH-RSA DH-DSS DHE-
RSA DHE-DSS DH-AnonFortezza-KEA
RSA DH-RSA
DH-DSS DHE-RSA DHE-DSS
DH-Anon
Confidentiality IDEA-CBC RC4-128 3DES-
EDE-CBC Fortezza-CBC
IDEA-CBC
RC4-128 3DES-
EDE-CBC
Kerberos AES
FIPS 46-3,
FIPS 81
FIPS 197
Signature RSA DSA RSA DSA EC* FIPS 186-2
FIPS 186-2
FIPS 186-2
Hash MD5 SHA-1 MD5 SHA-1 FIPS 180-2,
FIPS 198
DUAL SIGNATURE
1.What is dual signature?
The purpose of the dual signature is the same as the standardelectronic signature:
to guarantee the authentication and integrity of data. It links two messages that are
intended for two different recipients.
SECURE ELECTRONIC TRANSACTION
1. Define SET?
SET is a protocol designed to ensure that merchant and cardholders can conduct
business over insecure networks. SET uses cryptography to provide confidentiality and
http://en.wikipedia.org/wiki/Electronic_signaturehttp://en.wikipedia.org/wiki/Electronic_signaturehttp://en.wikipedia.org/wiki/Electronic_signature7/28/2019 CNS UNIT-4
19/51
security, ensure payment integrity, and authenticate both the merchant and the
cardholder.
2. List out the participants that SET includes?
Cardholder
Merchant
Issuer
Acquirer
Payment gateway
Certification authority
3. What are the features of SET?
Confidentiality of information
Integrity of data
Cardholder account authentication
Merchant authentication
4. What is the role of Card Holder?
The cardholder is analogous to the average person who uses a payment card to
purchase goods or services
5. What is the role of Merchant?
This is the business or organization who sells goods or services to the cardholder
in the case of a SET transaction over the internet.
6. What is the role of Issuer?
The issuer is a financial institution that provides the cardholder with payment
card. The issuer responsibility to guarantee payment on behalf of its cardholder.
7. What is the role of the Acquirer?
http://en.wikipedia.org/wiki/Payment_gatewayhttp://en.wikipedia.org/wiki/Certification_authorityhttp://en.wikipedia.org/wiki/Payment_gatewayhttp://en.wikipedia.org/wiki/Certification_authority7/28/2019 CNS UNIT-4
20/51
The acquirer is the financial institution that processes payment card authorizations
and payment for the merchant. The acquirers responsibility is to obtain payment
authority from the cardholders issuer.
8. What is the role of the Payment Gateway?
A payment gateway is an institution that works on the behalf of the acquirer to
process the merchants payment messages, including payment instruction from the
cardholders. The gateway bridges communication between SET and the existing credit
card.
9. What is the role of Certificate Authority?
The certificate authority provides certification for the merchant, cardholder, and
payment gateway. Certification provides a means of assuring that the parties involved in
a transaction.
10. What are all the SET Software Components?
The Wallet the front end for the cardholder
The Merchant Server the merchants SET Software
The Certificate Authority handles the SET participants certificates
The Gateway bridges the merchant with its acquirer legacy systems
(16 marks)
FIREWALL
7/28/2019 CNS UNIT-4
21/51
1) WHAT ARE THE BASIC TYPES OF FIREWALLS?
Conceptually, there are two types of firewalls:
1. Network layer
2. Application layer
They are not as different as you might think, and latest technologies are blurring the
distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As
always, you need to be careful to pick the type that meets your needs.
Which is which depends on what mechanisms the firewall uses to pass traffic from one
security zone to another. The International Standards Organization (ISO) Open Systems
Interconnect (OSI) model for networking defines seven layers, where each layer provides
services that ``higher-level'' layers depend on. In order from the bottom, these layers arephysical, data link, network, transport, session, presentation, application.
The important thing to recognize is that the lower-level the forwarding mechanism, the
less examination the firewall can perform. Generally speaking, lower-level firewalls arefaster, but are easier to fool into doing the wrong thing.
Network layer firewalls
These generally make their decisions based on the source, destination addresses and ports
(see Appendix C for a more detailed discussion of ports) in individual IP packets. A
simple router is the ``traditional'' network layer firewall, since it is not able to makeparticularly sophisticated decisions about what a packet is actually talking to or where it
actually came from. Modern network layer firewalls have become increasingly
sophisticated, and now maintain internal information about the state of connectionspassing through them, the contents of some of the data streams, and so on. One thing
that's an important distinction about many network layer firewalls is that they route traffic
directly though them, so to use one you either need to have a validly assigned IP addressblock or to use a ``private internet'' address block [3]. Network layer firewalls tend to be
very fast and tend to be very transparent to users.
Application layer firewalls
These generally are hosts running proxy servers, which permit no traffic directly betweennetworks, and which perform elaborate logging and auditing of traffic passing through
them. Since the proxy applications are software components running on the firewall, it is
a good place to do lots of logging and access control. Application layer firewalls can be
used as network address translators, since traffic goes in one ``side'' and out the other,
7/28/2019 CNS UNIT-4
22/51
after having passed through an application that effectively masks the origin of the
initiating connection. Having an application in the way in some cases may impact
performance and may make the firewall less transparent. Early application layer firewallssuch as those built using the TIS firewall toolkit, are not particularly transparent to end
users and may require some training. Modern application layer firewalls are often fully
transparent. Application layer firewalls tend to provide more detailed audit reports andtend to enforce more conservative security models than network layer firewalls.
2) EXPLAIN THE DIFFERENT TYPES OF FIREWALLS?
Types of Firewalls
In order to gain a thorough understanding of firewall technology, it is important to
understand the various types of firewalls. These various types of firewalls provide more
or less the same functions that were outlined earlier. However, their methods of doing so
provide differentiation in terms of performance and level of security offered.
The firewalls discussed in this section are divided into five categories based on the
mechanism that each uses to provide firewall functionality:
Circuit-level firewalls
Proxy server firewalls
Nonstateful packet filters
Stateful packet filters
Personal firewalls
These various types of firewalls gather different types of information from the data
flowing through them to keep track of legitimate and illegitimate traffic and to protect
against unauthorized access. The type of information they use often also determines thelevel of security they provide.
Circuit-Level Firewalls
These firewalls act as relays for TCP connections. They intercept TCP connections being
made to a host behind them and complete the handshake on behalf of that host. Only afterthe connection is established is the traffic allowed to flow to the client. Also, the firewall
makes sure that as soon as the connection is established, only data packets belonging to
the connection are allowed to go through.
Circuit-level firewalls do not validate the payload or any other information in the packet,so they are fairly fast. These firewalls essentially are interested only in making sure that
the TCP handshake is properly completed before a connection is allowed. Consequently,
7/28/2019 CNS UNIT-4
23/51
these firewalls do not allow access restrictions to be placed on protocols other than TCP
and do not allow the use of payload information in the higher-layer protocols to restrict
access.
Proxy Server Firewalls
Proxy server firewalls work by examining packets at the application layer. Essentially a
proxy server intercepts the requests being made by the applications sitting behind it and
performs the requested functions on behalf of the requesting application. It then forwardsthe results to the application. In this way it can provide a fairly high level of security to
the applications, which do not have to interact directly with outside applications and
servers.
Proxy servers are advantageous in the sense that they are aware of application-levelprotocols and they can restrict or allow access based on these protocols. They also can
look into the data portions of the packets and use that information to restrict access.
However, this very capability of processing the packets at a higher layer of the stack cancontribute to the slowness of proxy servers. Also, because the inbound traffic has to be
processed by the proxy server as well as the end-user application, further degradation in
speed can occur. Proxy servers often are not transparent to end users who have to make
modifications to their applications in order to use the proxy server. For each newapplication that must go through a proxy firewall, modifications need to be made to the
firewall's protocol stack to handle that type of application.
Non stateful Packet Filters
Non stateful packet filters are fairly simple devices that sit on the periphery of a network
and, based on a set of rules, allow some packets through while blocking others. Thedecisions are made based on the addressing information contained in network layer
protocols such as IP and, in some cases, information contained in transport layerprotocols such as TCP or UDP headers as well.
Non stateful packet filters are fairly simple devices, but to function properly they require
a thorough understanding of the usage of services required by a network to be protected.
Although these filters can be fast because they do not proxy any traffic but only inspect itas it passes through, they do not have any knowledge of the application-level protocols or
the data elements in the packet. Consequently, their usefulness is limited. These filters
also do not retain any knowledge of the sessions established through them. Instead, they
just keep tabs on what is immediately passing through.. The use of simple and extendedaccess lists (without the established keyword) on routers are examples of such firewalls.
7/28/2019 CNS UNIT-4
24/51
Stateful Packet Filters
Stateful packet filters are more intelligent than simple packet filters in that they can block
pretty much all incoming traffic and still can allow return traffic for the traffic generatedby machines sitting behind them. They do so by keeping a record of the transport layer
connections that are established through them by the hosts behind them.
Stateful packet filters are the mechanism for implementing firewalls in most modern
networks. Stateful packet filters can keep track of a variety of information regarding thepackets that are traversing them, including the following:
Source and destination TCP and UDP port numbers
TCP sequence numbering
TCP flags
TCP session state based on the RFCed TCP state machine
UDP traffic tracking based on timers
Stateful firewalls often have built-in advanced IP layer handling features such asfragment reassembly and clearing or rejecting of IP options.
Many modern stateful packet filters are aware of application layer protocols such as FTP
and HTTP and can perform access-control functions based on these protocols' specific
needs.
Personal Firewalls
Personal firewalls are firewalls installed on personal computers. They are designed to
protect against network attacks. These firewalls are generally aware of the applications
running on the machine and allow only connections established by these applications tooperate on the machine.
A personal firewall is a useful addition to any PC because it increases the level of
security already offered by a network firewall. However, because many of the attacks on
today's networks originate from inside the protected network, a PC firewall is an evenmore useful tool, because network firewalls cannot protect against these attacks. Personal
firewalls come in a variety of flavors. Most are implemented to be aware of theapplications running on the PC. However, they are designed to not require any changes
from the user applications running on the PC, as is required in the case of proxy servers.
7/28/2019 CNS UNIT-4
25/51
IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY
ASSOCIATION
IP Security
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating andencrypting each IP packet of a communication
session
End-to-end security scheme operating in the Internet Layerof the Internet Protocol Suite.
Two traffic security protocols: authentication header (AH) and encapsulating security
payload (ESP),The IP AH protocol provides data origin authentication, connectionless integrity, and an
optional anti-replay service. The ESP protocol provides data confidentiality, limitedtraffic flow confidentiality, connectionless integrity, data origin authentication, and anti-
replay service. There are two modes of operationof both AH and ESP: transport
mode and tunnelmode .
http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Internet_Layerhttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Internet_Layerhttp://en.wikipedia.org/wiki/Internet_Protocol_Suite7/28/2019 CNS UNIT-4
26/51
IP Security Architecture:
IP header checksum is calculated over the IP header
To compute the checksum, the 16-bit checksum field is first set to zero, and then
the ones complement sum of the header is computed;
When an IP datagram is received, the receiver calculates the 16-bit ones
complement sum of the header.
The first 4 bits of an IP datagram are the version field. The next field, the IHL
(Internet header length) field, is the length of the header in 32-bit words.
Authentication Header
AH provides authentication and integrity, which protect against data tampering,
using the same algorithms as ESP.
Also provides optional anti-replay protection.
The authentication header is inserted into the packet between the IP header and
any subsequent packet contents.
7/28/2019 CNS UNIT-4
27/51
Does not protect the data's confidentiality ESP protects data confidentiality. AH and ESP
can be used together.
Authentication Data field is variable .
AH provides support for data integrity & authentication of IP packets
end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers
based on use of a MACHMAC-MD5-96 or HMAC-SHA-1-96
parties must share a secret key
Figure 18-3 Unprotected IP Packet Carrying TCP Information
7/28/2019 CNS UNIT-4
28/51
Figure 18-4 Protected IP Packet Carrying TCP Information
Figure 18-5 Packet Protected by an Authentication Header
Figure 18-6 IPsec Packet Protected in Tunnel Mode
Encapsulating Security Payload (ESP)
provides message content confidentiality & limited traffic flow confidentiality
can optionally provide the same authentication services as AH
supports range of ciphers, modes, paddingincl. DES, Triple-DES, RC5, IDEA,
CAST etc padding needed to fill blocksize, fields, for traffic flow
3 Also provides all encryption services. Encryption translates a readable messageinto an unreadable format to hide the message content. Decryption, translates the message
content from an unreadable format to a readable message. Encryption/decryption allows
only the sender and the authorized receiver to read the data.,
4 Using ESP authentication, ESP provides authentication and integrity for thepayload and not for the IP header.
0
7/28/2019 CNS UNIT-4
29/51
ESP header is inserted into the packet between the IP header and any subsequent packet
contents. because ESP encrypts the data, the payload is changed. ESP does not encryptthe ESP header, nor does it encrypt the ESP authentication.
Protections Provided by AH and ESP in IPsec:
Protocol Packet Coverage Protection Against Attacks
AH Protects packet from the
IP header to the
transport header
Provides strong integrity, data
authentication:
Ensures that the receiver
receives exactly what thesender sent
Is susceptible to replay
attacks when an AH does not
enable replay protection
Replay, cut-and-
paste
ESP Protects packetfollowing the beginning
of ESP in the datagram.
With encryption option, encryptsthe IP datagram. Ensures
confidentiality
Eavesdropping
With authentication option,
provides the same protection as
AH
Replay, cut-and-
paste
With both options, provides
strong integrity, dataauthentication, and
confidentiality
Replay, cut-and-
paste, eavesdropping
Security Association:
SA is an agreement between communicating peers on factors such as the IPSec
protocol, mode of operation of the protocols (transport mode or tunnel mode),
cryptographic algorithms, cryptographic keys, and lifetime of the keys
Two sets of SAs are required: an SA for AH and one for ESP.
7/28/2019 CNS UNIT-4
30/51
A single SA protects data in one direction. Because most communication is either
peer-to-peer or client-server, two SAs must be present to secure traffic in both
directions.
The following three elements uniquely identify an IPsec SA:
The security protocol (AH or ESP)
The destination IP address
The security parameter index (SPI)
The SPI, an arbitrary 32-bit value, is transmitted with an AH or ESP packet. An integritychecksum value is used to authenticate a packet. If the authentication fails, the packet is
dropped.
Security associations are stored in a security associations database (SADB).
2 modes of operation:
Transport mode
Tunnel mode
Transport and tunnel mode:
Transport mode:
Transport Mode: protect the upper layer protocols
transport mode is used to encrypt & optionally authenticate IP datadata protected
but header left in clear
http://docs.oracle.com/cd/E19963-01/html/821-1453/glossary-1.html#glossary-94http://docs.oracle.com/cd/E19963-01/html/821-1453/glossary-1.html#glossary-947/28/2019 CNS UNIT-4
31/51
can do traffic analysis but is efficient
good for ESP host to host traffic
Tunnel mode:
Tunnel Mode: protect the entire IP payload tunnel mode encrypts entire IP packetadd new header for next hop
good for VPNs, gateway to gateway security
Tunnel mode works only for IP-in-IP datagrams.
7/28/2019 CNS UNIT-4
32/51
The inner IP header, its next header, and the ports that the next header supports, can
enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does not
dictate the policy of its inner IP datagram.
IPsec policy can be specified for subnets of a LAN behind a router and for ports on those
subnets.
KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS
LAYER
WEB SECURITY REQUIREMENTS
Web security must be global, local, bidirectional, multi protocol, and work despite
users connecting to the Internet and then connecting to the enterprise network. The web
security requirements are, Global approach
Local approach
Bi-directional and multiprotocol
Throughout the enterprise
Granular application control features
Multiprotocol data loss prevention
Flexible deployment
Multifunction
Manageable.
Requirement 1: Global approach
Deploy proactive, real-time, reputation-based URL filtering, powered by in the cloud
global threat intelligence
Because legacy URL filtering solutions are only as accurate as their most recent
update, enterprises need extra help determining which sites are risky. What is needed is a
reputation system that assigns global reputations to URLs and IP addresses, working
alongside categorized databases to provide an additional
layer of protection far stronger than URL filtering alone.
Requirement 2: Local approach
7/28/2019 CNS UNIT-4
33/51
Deploy anti-malware protection utilizing real-time, local intent-based analysis of
code
Effective local malware solutions utilize intent-based analysis to examine code that will
execute in the browser. By analyzing the code at the gatewaya gateway located
physically at the enterprise or in the cloud as a hosted servicemalware can be detected
and blocked before it reaches the endpoint or other networked assets.
Gateway-based malware protection should:
Determine the actual file type based on a magic number or checksum analysis
Decrypt and de-obfuscate to safeguard against files that are disguised
Disallow media types that are potentially hazardous (like unknown ActiveX)
Check active code for valid digital signatures
Analyze behavior to determine if the malware will act in a known manner
Analyze scripts to determine if they are trying to exploit vulnerabilities on the client
Neutralize attacks as needed
Requirement 3: Bidirectional and multiprotocol
Implement bidirectional filtering at the gateway for all web traffic, including web
protocols such as FTP, HTTP, HTTPS, IM, and streaming media
Applications that communicate over encrypted and unencrypted protocols need to be
controlled in both directions. This includes controlling access to websites, blogs, wikis,
IM, streaming media, and other applications, as well as monitoring the connections for
malware coming in and sensitive data going out. For example, Instant Messaging
applications need to be proxied. Proxies allow granular control over who uses an
application and what they can do with it, such as send links, receive links, or send files,
and lets IT filter outbound content for sensitive data. These controls are as important as
filtering what is posted or received via social networking sites (including Facebook and
Twitter), or blogs and wikis. With a high percentage of corporate web traffic now being
encrypted (HTTPS), it is imperative to be able to selectively decrypt this content at the
7/28/2019 CNS UNIT-4
34/51
gateway, providing security while respecting privacy for access to sensitive sites, such as
personal finance or healthcare sites.
Requirement 4: Throughout the enterprise
Protect from the corporate network to the branch office to mobile users on laptops,
smartphones, or tablets, safeguarding against malware collected directly from the Internet
Study your employees that connect to the Internet and then connect to your network.
Laptop users connecting to the public internet risk infection. Are you filtering their access
even when not on your network?
More and more organizations wish to allow their employees to use personally owned
devices to connect to their network and applications. Your web security should allow you
to filter their access and prevent malware from entering the enterprise network.
Requirement 5: Granular application control features
Move beyond a binary block or allow approach to provide selective, policy-based
access to Web 2.0 sites, such as blocking a specific social networking game (such as
Mafia Wars) while allowing a general category called games
Legacy Web 1.0 security solutions use a binary block or allow approach to web
access. However, todays enterprises need to have bidirectional filtering that controls
what a user can do on Web 2.0 sites and also protects against data loss. Within web
security gateways, controlling what a user can do on a site is known as application
control. Because Web 2.0 sites are bidirectional in nature users can both access and
contribute contentdata loss prevention needs to be part of this control as well. In
addition to allowing sensitive content to escape, user contributed content is a common
insertion point for malware. Finally, many of these sites contain bandwidth-hogging
streaming media.
Requirement 6: Multiprotocol data loss prevention
Monitor for and protect against data leaks on all web protocols
Data loss protection on content exiting via either the web or email requires five steps.
From defining corporate and regulatory policies to detecting and enforcing them, to
proving compliance to auditors, this process is the surest way to ensure that no
inappropriate information ever leaves your gateway.
The five steps to achieve compliance are
7/28/2019 CNS UNIT-4
35/51
Discover and learnFind all your sensitive data wherever it may be
Assess riskEnsure secure data handling procedures are in place
Define effective policiesCreate policies to protect data and test them for effectiveness
Apply controlsRestrict access to authorized people and limit transmission
Monitor, report and auditEnsure successful data security through alerting and
incident management
For data in motion, data loss prevention should be provided over encrypted and
unencrypted protocols for both messaging and web traffic. As with application control,
this includes managing access to websites, social networking sites, blogs, wikis, IM, P2P,
and other applications, as well as monitoring connections for data leakage. And as with
application control, it is imperative to be able to selectively
decrypt encrypted traffic at the gateway to provide security while respecting privacy for
access to sensitive sites.
Requirement 7: Flexible deployment options
Provide options that match your strategic needs: on site, in the cloud or a hybrid mix
of both
With employees accessing your network and the Internet from anywhere in the world,
not just from the confines of your network, the solution must be flexible. It should secure
headquarters, remote offices, and home offices, as well as the hotels, airports and coffee
shops where mobile workers expose their laptops and other mobile devices to attack. This
coverage requires solutions with a range of
Implementation foot prints. Some enterprises want equipment to live on their premises.
You should be able to choose from appliances, blade servers, and software deployment
options (including the choice of virtualization to leverage existing hardware investments).
Others will want to choose the cloud and provide web security via Software as a Service
Yet others desire a hybrid approach that mixes appliances at major offices and SaaS for
remote offices and home office workers. The Forrester study predicts a growing interest
in moving to cloud based and hybrid deployments.17
7/28/2019 CNS UNIT-4
36/51
Requirement 8: Multifunction
Reduce cost and simplify management by consolidating legacy point applications into
an integrated solution
To cost-effectively manage risk, todays web gateway requires a single-solution that
houses the security and caching engines in the same application, tightly integrated. In
addition to having fewer vendors to deal with, you get added protection by replacing
point solutions with integrated, multifunction solutions
that provide best-of-breed functionality. Since the cache can be security-aware, malware
detection can be integrated with reputation-based filtering, and so on. Solutions that
manage both inbound and outbound risk reduce costs and increase security by providing
additional opportunities for consolidation and efficiency.
Requirement 9: Manageable
Use comprehensive access, management, and reporting tools
Since constant web access is so critical to business today, enterprises should deploy
solutions that provide at-a-glance reporting on the status and health of their web
gateways. They also need both real-time and forensic reporting that allows them to drill
down into problems for remediation and post-event analysis. Robust and extensible
reporting is the cornerstone of your ability to understand risk, refine policy, and measure
compliance.
KEY MANAGEMENT
Key management is the management of cryptographic keys in a cryptosystem.
This includes dealing with the generation, exchange, storage, use, and replacement of
keys. It includes cryptographic protocol design, key servers, user procedures, and other
relevant protocols.
Key management concerns keys at the user level, either between users or
systems. This is in contrast to key scheduling; key scheduling typically refers to the
internal handling of key material within the operation of a cipher
There are two types of key management
1.Manual key Management
http://en.wikipedia.org/wiki/Key_(cryptography)http://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Key_server_(cryptographic)http://en.wikipedia.org/wiki/Key_schedulinghttp://en.wikipedia.org/wiki/Key_(cryptography)http://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Key_server_(cryptographic)http://en.wikipedia.org/wiki/Key_scheduling7/28/2019 CNS UNIT-4
37/51
2.Automated key Management
Manual Key management:
A system administrator manuually configures each system with its own keys and
with the keys of other communicating systems. This is practical for small relatively static
environments.
Automated key Management:
An automated system enables the on-demand creation of keys for SAs and
facilitates the use of keys in a large distributed system with a evolving configurations
The default automated key management protocol for IP Sec
Oakley key determination protocol
Internet security association and key management protocol(ISAKMP)
features of Oakley:
It employs a mechanism known as cookies to thwart clogging attacks.
It uses nonces to ensure against replay attacks
It enables the exchange of Diffie-Hellman public key values
It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack
The authentication methods that can be used with Oakley
Digital Signnature
Public Key Encryption
Sy mmetric key Encryption
ISAKMP
ISAKMP defines procedures and packet format to establish, negotiate, modify
and delete security associations. As part of SA establishment, ISAKMP defines payloads
for exchanging key generation and authentication data. This payload format provide a
consistent framework independent of the specific key exchange protocol, encryption
algorithm, and authentication mechanism.
ISAKMP exchange:
ISAKMP provides a framework for message exchange,with the payload types
serving as the building blocks. The specification identifies five default exchange types
that should be supported. SA refers to an SA payload with associated protocol and
transform payloads.
7/28/2019 CNS UNIT-4
38/51
The types of ISAKMP exchange:
Base Exchange
Identity Protection exchange
Authentication only exchange
Aggressive exchange
Informational exchange
SSL (Secure Socket Layer)
Secure Socket Layer provides security services between TCP and applications that use
TCP. The internet standard version is calles Transport Layer Service(TLS)
SSL provides confidentiality using symmetric encryption and message integrityusing a message authentication code.
Two important SSL concepts are
SSL session
SSL connection.
SSL session:
An SSL session is an association between a client and a server, sessions are
created by the handshake protocol. Sessions define a set of cryptographic security
parameters, which can be shared among multiple connections.
Sessions are used to avoid the expensive negotiation of new security parameters
for each connection.
SSL connection:
Connection is a transport that provides a suitable type of service. For SSL such
connections are peer to peer relationships. The connections are transient every connection
is associated with one session.
parameter of SSL session state:
Session identifier
Peer Certificate
Compression method
7/28/2019 CNS UNIT-4
39/51
Cipher spec
Master secret
Is resumable
parameter of SSL connection state:
Server and client Random
Server write Mac secret
Client write Mac secret
Server Write key
Client write key
Sequence number
Two services provides by SSL record protocol
Confidentiality
Message Integrity
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer
(SSL), are cryptographic protocolsthat provide communication security over the Internet.
[1] TLS and SSL encrypt the segments ofnetworkconnections at the Application Layer
for the Transport Layer, using asymmetric cryptography for key exchange, symmetricencryptionfor confidentiality, andmessage authentication codes for message integrity.
Several versions of the protocols are in widespread use in applications such as web
browsing, electronic mail,Internet faxing,instant messaging and voice-over-IP (VoIP).
TLS is an IETFstandards trackprotocol, last updated in RFC 5246, and is based on the
earlier SSL specifications developed byNetscape Communications.[2]
The TLS protocol allows client-serverapplications to communicate across a network in a
way designed to prevent eavesdropping and tampering.
Since most protocols can be used either with or without TLS (or SSL) it is necessary to
indicate to the serverwhether the client is making a TLS connection or not. There are two
http://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Secure_Sockets_Layer#cite_note-0%23cite_note-0http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/Web_browsinghttp://en.wikipedia.org/wiki/Web_browsinghttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Internet_faxhttp://en.wikipedia.org/wiki/Internet_faxhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Voice_over_Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_Engineering_Task_Forcehttp://en.wikipedia.org/wiki/Internet_standardhttp://en.wikipedia.org/wiki/Internet_standardhttp://tools.ietf.org/html/rfc5246http://en.wikipedia.org/wiki/Netscapehttp://en.wikipedia.org/wiki/Netscapehttp://en.wikipedia.org/wiki/Secure_Sockets_Layer#cite_note-1%23cite_note-1http://en.wikipedia.org/wiki/Client%E2%80%93server_modelhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Tamper-evidenthttp://en.wikipedia.org/wiki/Server_(computing)http://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Secure_Sockets_Layer#cite_note-0%23cite_note-0http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Transport_Layerhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Symmetric-key_algorithmhttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/Web_browsinghttp://en.wikipedia.org/wiki/Web_browsinghttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Internet_faxhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Voice_over_Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_Engineering_Task_Forcehttp://en.wikipedia.org/wiki/Internet_standardhttp://tools.ietf.org/html/rfc5246http://en.wikipedia.org/wiki/Netscapehttp://en.wikipedia.org/wiki/Secure_Sockets_Layer#cite_note-1%23cite_note-1http://en.wikipedia.org/wiki/Client%E2%80%93server_modelhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Tamper-evidenthttp://en.wikipedia.org/wiki/Server_(computing)http://en.wikipedia.org/wiki/Client_(computing)7/28/2019 CNS UNIT-4
40/51
main ways of achieving this, one option is to use a different port number for TLS
connections (for example port 443 for HTTPS). The other is to use the regular port
number and have the client request that the server switch the connection to TLS using a
protocol specific mechanism (for exampleSTARTTLS formailand newsprotocols).
Once the client and server have decided to use TLS they negotiate a stateful connection
by using a handshaking procedure. During this handshake, the client and server agree on
various parameters used to establish the connection's security.
1. The client sends the server the client's SSL version number, cipher settings,
session-specific data, and other information that the server needs to communicate
with the client using SSL.
2. The server sends the client the server's SSL version number, cipher settings,
session-specific data, and other information that the client needs to communicate
with the server over SSL. The server also sends its own certificate, and if the
client is requesting a server resource that requires client authentication, the server
requests the client's certificate.
3. The client uses the information sent by the server to authenticate the server (see
Server Authentication for details). If the server cannot be authenticated, the user is
warned of the problem and informed that an encrypted and authenticated
connection cannot be established. If the server can be successfully authenticated,
the client proceeds to step 4.
4. Using all data generated in the handshake thus far, the client (with the cooperation
of the server, depending on the cipher being used) creates the pre-master secret
for the session, encrypts it with the server's public key (obtained from the server's
certificate, sent in step 2), and then sends the encrypted pre-master secret to the
server.
5. If the server has requested client authentication (an optional step in the
handshake), the client also signs another piece of data that is unique to this
handshake and known by both the client and server. In this case, the client sends
both the signed data and the client's own certificate to the server along with the
encrypted pre-master secret.
http://en.wikipedia.org/wiki/Port_numberhttp://en.wikipedia.org/wiki/HTTPShttp://en.wikipedia.org/wiki/STARTTLShttp://en.wikipedia.org/wiki/STARTTLShttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Usenethttp://en.wikipedia.org/wiki/Usenethttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail%23TLS_handshake_in_detailhttp://en.wikipedia.org/wiki/Port_numberhttp://en.wikipedia.org/wiki/HTTPShttp://en.wikipedia.org/wiki/STARTTLShttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Usenethttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail%23TLS_handshake_in_detail7/28/2019 CNS UNIT-4
41/51
6. If the server has requested client authentication, the server attempts to
authenticate the client (see Client Authentication for details). If the client cannot
be authenticated, the session ends. If the client can be successfully authenticated,
the server uses its private key to decrypt the pre-master secret, and then performs
a series of steps (which the client also performs, starting from the same pre-master
secret) to generate the master secret.
7. Both the client and the server use the master secret to generate the session keys,
which are symmetric keys used to encrypt and decrypt information exchanged
during the SSL session and to verify its integrity (that is, to detect any changes in
the data between the time it was sent and the time it is received over the SSL
connection).
8. The client sends a message to the server informing it that future messages from
the client will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the client portion of the handshake is finished.
9. The server sends a message to the client informing it that future messages from
the server will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the server portion of the handshake is
finished.
The SSL handshake is now complete and the session begins. The client and the server use
the session keys to encrypt and decrypt the data they send to each other and to validate its
integrity.
This is the normal operation condition of the secure channel. At any time, due to internal
or external stimulus (either automation or user intervention), either side may renegotiate
the connection, in which case, the process repeats itself.
This concludes the handshake and begins the secured connection, which is encrypted and
decrypted with the key material until the connection closes.
If any one of the above steps fails, the TLS handshake fails and the connection is not
created.
7/28/2019 CNS UNIT-4
42/51
TRANSPORT LAYER SECURITY
Transport Layer Security (TLS) is a protocol that ensures privacy between
communicating applications and their users on the Internet.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL).
TLS is composed of two layers:
The TLS Record Protocol
The TLS Handshake Protocol
Description
The TLS protocol allows client-server applications to communicate across a
network in a way designed to prevent eavesdropping and tampering.
Once the client and server have decided to use TLS they negotiate a stateful
connection by using a handshaking procedure.[3] During this handshake, the client and
server agree on various parameters used to establish the connection's security.
The client sends the server the client's SSL version number, cipher
settings, session-specific data, and other information that the server needs
to communicate with the client using SSL.
The server sends the client the server's SSL version number, cipher
settings, session-specific data, and other information that the client needs
to communicate with the server over SSL. The server also sends its own
certificate, and if the client is requesting a server resource that requires
client authentication, the server requests the client's certificate.
The client uses the information sent by the server to authenticate the server
(see Server Authentication for details). If the server cannot be
authenticated, the user is warned of the problem and informed that an
http://searchnetworking.techtarget.com/definition/protocolhttp://searchsoftwarequality.techtarget.com/definition/applicationhttp://en.wikipedia.org/wiki/Client%E2%80%93server_modelhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Tamper-evidenthttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake_in_detail%23TLS_handshake_in_detailhttp://en.wikipedia.org/wiki/Transport_Layer_Security#cite_note-2%23cite_note-2http://searchnetworking.techtarget.com/definition/protocolhttp://searchsoftwarequality.techtarget.com/definition/applicationhttp://en.wikipedia.org/wiki/Client%E2%80%93server_modelhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Tamper-evidenthttp://en.wikipedia.org/wiki/State_(computer_science)http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake_in_detail%23TLS_handshake_in_detailhttp://en.wikipedia.org/wiki/Transport_Layer_Security#cite_note-2%23cite_note-27/28/2019 CNS UNIT-4
43/51
encrypted and authenticated connection cannot be established. If the server
can be successfully authenticated, the client proceeds to step 4.
Using all data generated in the handshake thus far, the client (with the
cooperation of the server, depending on the cipher being used) creates the
pre-master secret for the session, encrypts it with the server's public key
(obtained from the server's certificate, sent in step 2), and then sends the
encrypted pre-master secret to the server.
If the server has requested client authentication (an optional step in the
handshake), the client also signs another piece of data that is unique to this
handshake and known by both the client and server. In this case, the client
sends both the signed data and the client's own certificate to the server
along with the encrypted pre-master secret.
If the server has requested client authentication, the server attempts to
authenticate the client (see Client Authentication for details). If the client
cannot be authenticated, the session ends. If the client can be successfully
authenticated, the server uses its private key to decrypt the pre-master
secret, and then performs a series of steps (which the client also performs,
starting from the same pre-master secret) to generate the master secret.
Both the client and the server use the master secret to generate the session
keys, which are symmetric keys used to encrypt and decrypt information
exchanged during the SSL session and to verify its integrity (that is, to
detect any changes in the data between the time it was sent and the time it
is received over the SSL connection).
The client sends a message to the server informing it that future messages
from the client will be encrypted with the session key. It then sends a
separate (encrypted) message indicating that the client portion of thehandshake is finished.
The server sends a message to the client informing it that future messages
from the server will be encrypted with the session key. It then sends a
separate (encrypted) message indicating that the server portion of the
handshake is finished.
7/28/2019 CNS UNIT-4
44/51
The SSL handshake is now complete and the session begins. The client and the
server use the session keys to encrypt and decrypt the data they send to each other and to
validate its integrity.
Security
TLS has a variety of security measures:
Protection against a downgrade of the protocol to a previous (less secure)
version or a weaker cipher suite.
Numbering subsequent Application records with a sequence number and using
this sequence number in the message authentication codes (MACs).
Using a message digest enhanced with a key (so only a key-holder can check
the MAC). The HMAC construction used by most TLS cipher suites is
specified in RFC 2104 (SSL 3.0 used a different hash-based MAC).
The message that ends the handshake ("Finished") sends a hash of all the
exchanged handshake messages seen by both parties.
The pseudorandom function splits the input data in half and processes each
one with a different hashing algorithm (MD5 and SHA-1), then XORs them
together to create the MAC. This provides protection even if one of these
algorithms is found to be vulnerable. TLS only.
SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support
for certificate authentication.
http://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/HMAChttp://tools.ietf.org/html/rfc2104http://en.wikipedia.org/wiki/Pseudorandomnesshttp://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/SHA-1http://en.wikipedia.org/wiki/Exclusive_orhttp://en.wikipedia.org/wiki/Message_authentication_codehttp://en.wikipedia.org/wiki/HMAChttp://tools.ietf.org/html/rfc2104http://en.wikipedia.org/wiki/Pseudorandomnesshttp://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/SHA-1http://en.wikipedia.org/wiki/Exclusive_or7/28/2019 CNS UNIT-4
45/51
SECURE ELECTRONIC TRANSACTION
SET is a protocol designed to ensure that merchant and cardholders can conduct business
over insecure networks
SET Roles
The participants listed below plays an important role in a SET Transaction:
Cardholder
Merchant
Issuer
Acquirer
Payment gateway
Certification authority
http://en.wikipedia.org/wiki/Payment_gatewayhttp://en.wikipedia.org/wiki/Certification_authorityhttp://en.wikipedia.org/wiki/Payment_gatewayhttp://en.wikipedia.org/wiki/Certification_authority7/28/2019 CNS UNIT-4
46/51
7/28/2019 CNS UNIT-4
47/51
1) The gateway obtains the certificates it need from the certificate authority.
2) The merchant obtain from the certificate authority.
3) The cardholder obtains its certificates from the certificate authority.
4) The cardholder shops at the merchants shopping experience and decides what goods
or services he /she wishes to buy.
5) The merchant sends the cardholder certificates needed in the purchase transaction.
6) The cardholder sends a request to purchase the item that he/she has selected. This
message contains information about and the cardholders order and the cardholders
payment information such as the cardholders card information. The merchant gets the
7/28/2019 CNS UNIT-4
48/51
order information and sends the cardholders payment card information onto the payment
gateway. The merchant is never privy to the cardholders payment information and
therefore has no way of obtaining the cardholders payment information payment card
information. This security measure is designed to protect the cardholder.
7) The merchant and payment gateway share authorization information. This consists of
the merchant sending the payment gateway information such as the cardholders payment
card information and the amount the transaction. The payment gateway can either
authorize or decline the transaction based on the information received from the merchant
later, no money changes hands during the authorization phase.
8) The merchant sends a message to the cardholder finalizing the transaction. The card-
holder sees this at the end of the transaction.
9) This step is optional but allows the merchant to change or eliminate money authorized
in step #7.
10) The merchant and the gateway share capture information. A request is send from the
merchant to the gateway to capture money that has been authorized- this capture request
can be for a single authorization amount or multiple amounts. The gateway processes the
capture request through its existing payment card financial network.
11) If an error has occurred capturing cardholder funds, messaging between the merchant
and the gateway takes place in order to reverse the capture. This step is optional and only
happens if there has been a capture error has been occurred.
12) The merchant and payment gateway exchange messages in order to credit a
cardholders account.
13) If a credit has been granted by mistake the merchant and payment gateway can
exchange message in order to reverse the granted credit.
7/28/2019 CNS UNIT-4
49/51
DUAL SIGNATURES
Dual Signatures
A new application of digital signatures is introduced in SET, namely the concept
of dual signatures. Dual signatures is needed when two messages are need to
be linked securely but only one party is allowed to read each. The following
picture shows the process of generating dual signatures.
In SET, dual signatures are used to link an order message sent to the merchant
with the payment instructions containing account information sent to the acquirer
(merchant bank). When the merchant sends an authorization request to the
acquirer, it includes the payment instructions sent to it by the cardholder and the
message digest of the order information. The acquirer uses the message digest
from the merchant and computes the message digest of the payment instructions
to check the dual signatures.
In this case, the customer wants to send the order information (OI) to the
merchant and the payment information (PI) to the bank. The merchant does not need to
know the customer's credit card number, and the bank does not need to know the details
of the customer's order. The link is needed so that the customer can prove that the
payment is intended for this order.
The message digest (MD) of the OI and the PI are independently calculated by the
customer. The dual signature is the encrypted MD (with the customer's secret key) of the
concatenated MD's of PI and OI. The dual signature is sent to both the merchant and the
bank. The protocol arranges for the merchant to see the MD of the OI without seeing the
PI itself, and the bank sees the MD of the PI but not the OI itself. The dual signature can
be verified using the MD of the OI or PI. It doesn't require the OI or PI itself. Its MDdoes not reveal the content of the OI or PI, and thus privacy is preserved.
7/28/2019 CNS UNIT-4
50/51
7/28/2019 CNS UNIT-4
51/51