Q 1. What is E-Commerce? What are various features ... · o Online book store (e.g. amazon.com) o...

160702 – Information Security (IS) Unit-6 E-Commerce

Darshan Institute of Engineering & Technology

Q 1. What is E-Commerce? What are various features, advantages and disadvanages of E-Commerce.

Any activity of exchanging goods and services with some kind of payment and which uses electronic

technology in order to do business can be termed as E-Commerce.

It inclues many diverse activities including electronic trading of goods and services, on-line delivery

of digital content, electronic fund transfer, electronic share trading etc.

Three main transaction types of E-Commerce are:

o Business to consumer (B2C): Offers services directly to the customer like an online book store

o Business to business (B2B): Includes financial or commercial activities by companies over the

Internet. Example is e-marketplace

o Consumer to consumer (C2C): includes the consumers who run negotations with other

consumers sometimes utilizing a company as intermediary. Example is Ebay

Other types often include Business to government (B2G) and Mobile Commerce.

Typical examples are:

o Online book store (e.g. amazon.com)

o Online car purchasing (e.g. automall.com)

o Booking and purchase of airline tickets (e.g. ryanair.com)

Features of E-Commerce:

Automation of commercial transactions using computer and communication technologies.

Easy, global access, 24 hour availability

Customized products and services

Globalization

Back Office integration

Additional revenue stream



Advantages of E-Commerce:

Lower Cost: There is no need of physical company set-ups. All you need is an idea, a unique

product, and a well–designed web storefront to reach your customers.

Better Customer Service: E–commerce means better and quicker customer service. Online

customer service makes customers happier. In brief, E-Commerce provides Low operational costs

and better quality of services.

Quick Comparison Shopping Customers can easily select products from different providers without

moving around physically.

Buying/selling 24/7.

There are no geographic limitations.

Information Sharing, Convenience, And Control: Eletronic marketplaces improve information

sharing between merchants and customers and promote quick, just–in–time deliveries. Customers

and merchants save money; are online 24 hours a day, 7 days a week; experience no traffic jams, no

crowds, and do not have to carry heavy shopping bags.

Issues/ Disadvantages of E-Commerce:

Secure transfer across internet is a must.

Since, startup is easy and economical, any one, good or bad, can easily start a business. And there

are many bad sites which eat up customers’ money.

High reliability is needed: no single failure point should be there.

Atomic transactions: Any transaction should either complete entirely or the changes made by

transactions should roll-back in case of transaction failure.

System Scalability: A business develops an interactive interface with customers via a website. If the

company expects 2 million customers and 6 million shows up, website performance is bound to

experience degradation, slowdown, and eventually loss of customers. To stop this problem from

happening, a website must be scalable, or upgradable on a regular basis.

Products People won't buy online: Some products need the conventional methods of shopping and

E-Commerce won’t work in that case. Imagine a website selling furniture. In the case of a sofa, you

would want to sit on it, feel the texture of the fabric etc. and would not prefer a website to select a

sofa or other furniture.

Quality: There is no guarantee regarding the quality of a product.

Q 2. What are security threats to E-Commerce transactions?

Security is a crucial feature in E-Commerce transactions because:

o Most transactions take place in a fully automated way.

o Restricted or confidential data are transmitted through a public network.

Various threats to E-Commerce systems on customer’s as well as merchant’s side are listed below:

Customer's risks

o Stolen credentials or password

o Dishonest merchant

o Disputes over transaction

o Inappropriate use of transaction details

Merchant’s risk

o Forged or copied instruments

o Disputed charges

o Insufficient funds in customer’s account



o Unauthorized redistribution of purchased items

Main issue: Secure payment scheme

o Most transactions take place in a fully automated way

o Restricted data are transmitted through a public network

Q 3. Why is security required in E-Commerce? What are various measures for security in E-Commerce?

E-Commerce refers to the exchange of goods and services over the Internet.

Applications that handle payments (online banking, electronic transactions or using debit cards,

credit cards, PayPal or other tokens) have more compliance issues and are at increased risk.

Anyone with the capability, technology, opportunity, and intent to do harm is a threat to E-

Commerce. Potential threats can be foreign or domestic, internal or external. Terrorists, insiders,

disgruntled employees, and hackers are included in this profile.

Thus security is a foremost concern in E-Commerce.

Various areas where security can be compromised in E-Commerce are:

o Intellectual property threats: use existing materials found on the Internet without the owner's

permission, e.g., music downloading, software pirating etc.

o Client computer threats: Trojan horse, Active contents, viruses etc.

o Communication channel threats: Sniffer program, Backdoor, Spoofing, Denial-of-service

o Server threats: Privilege setting, CGI, file transfer, Spamming etc.

COUNTERMEASURES

Following measures are needed to fight security threats:

o Integrity: prevention against unauthorized data modification.

o Non-repudiation: prevention against any one party from reneging on an agreement after the

fact.

o Authenticity: authentication of data source. Digital signatures and SSL Certificates provide

authentication.

o Confidentiality: protection against unauthorized data disclosure obtained by encryption of data.

o Privacy: provision of data control and disclosure

o Availability: prevention against data delays or removal

Threats to E-commerce

Malicious code

o Viruses

o Worms

o Trojan horses

o Bots, botnets

Unwanted programs

o Browser parasites

o Adware

o Spyware

Credit card fraud/theft

o Fear of stolen credit card information deters online purchases

o Hackers target merchant servers; use data to establish credit under false identity

o Online companies at higher risk than offline

Spoofing: misrepresenting self by using fake e-mail address

Pharming: spoofing a Web site

o Redirecting a Web link to a new, fake Web site

Spam/junk Web sites



Splogs

Denial of service (DoS) attack

o Hackers flood site with useless traffic to overwhelm network

Distributed denial of service (DDoS) attack

o Hackers use multiple computers to attack target network

Sniffing

o Eavesdropping program that monitors information traveling over a network

Q 4. What are various steps in an E-commerce transaction?

The following steps occur when an E-Commerce transaction takes place:

o The consumer places an order: A customer visits your website. The customer sees something

of interest and places an order at your storefront by entering information, such as their name,

address and credit card information.

o The transaction processes in real-time: The payment gateway provides secure, real-time

connectivity from your storefront to the payment gateway platform. A payment Gateway

securely transacts customer data to and from the credit card issuing banks. The banks approve

or decline a credit card.

o The transaction is approved or declined: If the bank approves the transaction, the payment

gateway confirms it. As proof of the securely processed transaction, both the customer and the

merchant receive a transaction confirmation number.

o The transaction is settled: The approved accumulated transactions from the current day,

known as a batch, are sent to the merchant processor which submits credit card information to

credit card institutions and is responsible for payment carried out between credit card

customers and merchants.

160702 – Information Security (IS) Unit-7 Network Security

Darshan Institute of Engineering & Technology Page 1

Q 1. Write a note on Digital Signature/ Explain digital signature in detail.

Digital signature is needed in the situations where there is not complete trust between sender and

receiver.

A digital signature must have the following properties:

o It must verify the author and date and time of the signature.

o It must authenticate the contents at the time of signature.

o It must be verifiable by the third parties, to resolve disputes.

Digital signature fall into two categories: Direct and Arbitrated

Direct Digital Signature

The direct digital signature involves only the communicating parties.

Digital signature may be formed by either encrypting the entire message or the hash code of the message

with the sender’s private key.

If confidentiality is also needed, then the message plus digital signature is encrypted using the receiver’s

public key.

Generally, it is preferred that the digital signature is an inner operation (performed directly on message)

so that message and signature can be stored for use in case of dispute.

The validity of the above scheme depends on the security of sender’s private key.

If a sender wants to deny a message, he can claim that his private key was lost or stolen and that

someone else has forged his signature.

For such issues administrative controls are needed.

A timestamp can also be included in the message.

Compromised keys should be immediately reported to the authority.

Arbitrated Digital Signature

This type of signature uses an arbiter as a central and dispute resolving authority.

In an arbitrated digital signature scheme,

o Every signed message from X to Y is sent to arbiter A first.

o The arbiter checks the content and origin of the message.

o The message is dated and sent to Y with an indication that it has been verified by the arbiter.

There must be a great deal of trust on the arbiter.

One of the scenario where arbitrated digital signature is used is listed below:

X →A: IDx || E(PRx, [IDx || E(PUy, E(PRx, M))])

A → Y: E(PRa, [IDx || E(PUy, E(PRx, M)) || T ])

o Initially, X signs the message and then encrypts it with Y’s public for confidentiality.

o The entire block is then encrypted again with X’s private key. This is done so that the arbiter can

verify the genuineness of the message.

o The arbiter signs the message with his private key. This assures Y that the message has been verified

by the arbiter.

o The arbiter also adds a timestamp to the message so that it can be used in case of dispute.

Timestamp also protects against replay attacks.

Q 2. Explain authentication protocols in detail.

Authentication protocols enable communicating parties assure them about each other’s identity and to

exchange session keys.

Two main type of authentication that can be obtained by authentication protocols are:



o Mutual Authentication

o One-way authentication

Mutual Authentication

Two central issues to key exchange are: Confidentiality and Timeliness.

Confidentiality is needed to prevent masquerade and compromise of session keys.

Timeliness is required to prevent replay attacks.

Symmetric encryption: One approach is to use the Needham-Schroeder protocol which is stated below:

A → KDC: IDA || IDB || N1

KDC → A: E(Ka, [Ks || IDB || N1 || E(Kb, [ Ks || IDA])])

A → B : E(Kb, [ Ks || IDA])

B →A : E(Ks, N2)

A → B : E(Ks, f(N2))

o However, one type of replay attack is still possible.

o Suppose an attacker has been able to find an old session key.

o The attacker would simply replay the third step.

o To prevent this attack, B needs to remember all its previous session keys to determine whether the

message is original or a replay, which is impractical.

o This attack can be prevented by:

Including timestamps in the message (Denning’s protocol)

Using an extra nonce ( Neuman’s protocol)

Public key Encryption: A protocol using timestamps is as given below:

A → AS: IDA || IDB

AS → A: E(PRas, [IDA || PUA || T]) || E(PRas, [ IDb || PUB || T])

A → B : E(PRas, [IDA || PUA || T]) || E(PRas, [ IDb || PUB || T]) || E(PUb, E(PRa [

Ks || T])

o Here, the authentication server sends the public certificates of the two communicating parties A and

B to A.

o A sends the two certificates plus the session key encrypted with B’s public key to B.

o However, this method requires synchronization between sender’s and receiver’s clocks.

o So, an extra nonce or handshaking protocol is used if synchronization is not desired.

A → B : IDA, Na

B → KDC: IDB || Nb || E(Kb, (IDA || Na || Tb])

KDC → A: E(Ka, [IDB || Na || Ks || Tb) || E(Kb, [IDA || Ks || Tb]) || Nb

A → B : E(Kb, [IDA || Ks || Tb]) || E(Ks, Nb)

o Nonce sent by A to KDC is returned to A which proves that the message is not a replay attack.

o Also, Tb denotes the time of validity of message.

One Way Authentication

This type of authentication is needed when it is not necessary for the sender and receiver to be online at

the same time. Example email.

Here, the header must be in clear, so that it can be handled by the store-and-forward email protocol. At

the same time, it is desirable that the protocol does not have access to the plaintext message.

Also, authentication of the sender is also required.

Symmetric Encryption: following key distribution can take place:

A → KDC: IDA || IDB || N1



KDC → A: E( Ka, [Ks || IDB || N1 || E(Kb, [ Ks || IDA])])

A → B : E(Kb, [ Ks || IDA]) || E(Ks, M)

o This approach does not use the last 2 steps of the Needham-Schroeder protocol.

o Here, receiver can read the message as the third step itself contains the session key and the message

is encrypted using that key.

o Also, session key is encrypted using B’s master key with KDC. Hence, no one will be able to know Ks.

o Since the message is encrypted is encrypted with Ks so no one would be able to decrypt the message

too.

Public Key Encryption: depending on whether confidentiality is needed or authentication or both, various

schemes are:

o If only confidentiality is needed, then message is encrypted using secret key which is encrypted using

B’s public key.

A → B : E(PUb, Ks) || E(Ks, M)

o If authentication is needed, then digital signature would suffice.

A → B : M || E(PRa, H(M))

o If both authentication and confidentiality are needed, then the message is first signed and then

encrypted with receiver’s public key.

A → B : E(PUb, [M || E(PRa, H(M))])

o In addition to the signature, A’s certificate could also be attached.

Q 3. Write the Digital Signature Algorithm/ Digital Signature Standard.

DSS makes use of SHA and can be used for digital signature only.

The signature depends on a random number k, sender’s private key and a global public key.

Signature has two components r and s.

DSS or DSA is based on the difficulty of computing discrete logarithms.

Receiver performs verification by calculating v which is a function of global public key components, public

key of sender and hash code of the message received. v should equal r.

The steps of the algorithm are:

1. Select a 160-bit prime number q.

2. Select another prime number p where 512 ≤ p ≤ 1024 and q divides q-1.

3. Choose g of the form of h(p-1)/ q mod p where h is an integer between 1 and (p-1). g must be greater

than 1.

4. Select private key x where 0 < x < q and generate public key y = gx mod p.

5. Generate a secret number k such that k = random or pseudorandom integer with 0 < k < q.

6. Calculate two quantities r and s that form the sign of the message.

r = (gk mod p) mod q

s =[k-1 (H(M) + xr)] mod q



7. Signature is verified in the following way. Calculate:

w=(s’)-1 mod q

u1=*H(M’)w+ mod q

u2=(r’)w mod q

v=[(gu1 yu2) mod p] mod q where M’, r’, s’ = received version of M, r, s.

8. V is compared with r’.

Q 4. Explain X.509 authentication service. / Explain the one –way and two way authentication in X.509.

X.509 provides authentication services and defines authentication protocols.

X.509 uses X.500 directory which contains:

o Public key certificates

o Public key of users signed by certification authority

X.509 certificate format is used in S/MIME, IP Security, and SSL/TLS.

X.509 is based on the use of public-key cryptography (preferably RSA) and digital signatures.

X.509 includes the following elements.

Version: Differentiates among successive versions of the certificate format; the default is version 1. Two

other versions (2 and 3) are also available as shown in the figure.

Serial number: An integer value, unique within the issuing CA, different for each certificate.

Signature algorithm identifier: The algorithm used to sign the certificate, together with any associated

parameters.

Issuer name: X.500 name of the CA that created and signed this certificate.

Period of validity: Consists of two dates: the first and last on which the certificate is valid.

Subject name: The name of the user to whom this certificate refers.

Subject's public-key information: The public key of the subject, plus an identifier of the algorithm for

which this key is to be used, together with any associated parameters.

Issuer unique identifier: An optional bit string field used to identify uniquely the issuing CA in the event

the X.500 name has been reused for different entities.

Subject unique identifier: An optional bit string field used to identify uniquely the subject in the event the

X.500 name has been reused for different entities.

Extensions: A set of one or more extension fields.

F2

F1

H

M

K

p q g

x q

r

s

M’ s’

r’ F4

y q g

F3

H

q

Compare

v

(a) Signing (b) Verifying



Signature: Covers all of the other fields of the certificate; it contains the hash code of the other fields,

encrypted with the CA's private key. This field includes the signature algorithm identifier.

The certificates have an expiry time.

However, certificates need to be revoked if, o The user’s private key has been compromised. o The user’s certificate has been compromised. o The user is no longer certified by the CA.

The certificate revocation list is shown in the figure.

Every user must check the CRL before using other user’s public key.

Authentication Procedures

X.509 supports three types of authenticating using public key signatures. The types of authentication are 1. One-way authentication

2. Two- way authentication

3. Three- way authentication

One-way authentication

It involves single transfer of information from one user (say A) to other (B).



This method authenticates the identity of A to B and the integrity of message.

Here, message in the {} is signed by A.

sgnData is the information that needs to be conveyed.

tA is timestamp and rA is the nonce.

Two- way authentication

Two- way authentication allows both parties to communicate and verify the identity of each other.

Three- way authentication

Three- way authentication is used where synchronized clocks are not available.

This method includes an additional message from A.

Q 5. How certificates are obtained in X.509?

Any user can verify a certificate if he has the public key of the CA that issued the certificate.

Since certificates are unforgeable, they are simply stored in the directory.

The directory entry for each CA includes two types of certificates: o Forward certificates: Certificates of X generated by other CAs. o Reverse certificates: Certificates generated by X that are the certificates of other CAs.

Users subscribed to same CA can obtain certificate from the directory.

A user may directly send the certificate to the user.

However, multiple CAs are there and users subscribed to different CAs may want to communicate with each other.

Suppose, A has obtained a certificate from certification authority X1 and B has obtained a certificate from CA X2.

If A does not know the public key of X2, then B's certificate, issued by X2, is useless to A because A can read B's certificate, but A cannot verify the signature.

But if the two CAs have securely exchanged their own public keys, the following procedure will enable A to obtain B's public key: o A obtains the certificate of X2 signed by X1 from the directory. A securely knows X1's public key, so A

A{rB}

B{tB, rB, IDA, sgnData, E(PUb, Kba}

A{tA, rA, IDB, sgnData, E(PUb, Kab}

User A

User B

B{tB, rB, IDA, sgnData, E(PUb, Kba}


User A

User B


User A

User B



can obtain X2's public key from its certificate and verify X1's signature on the certificate. o A then obtains the certificate of B signed by X2. A now has a copy of X2's public key, so A can verify

the signature and securely obtain B's public key. o In this case, A has used a chain of certificates to obtain B's public key. In the notation of X.509, this

chain is expressed as:

X1<<X2>> X2 <<B>> Any level of hierarchy can be followed to produce a chain in this way. For example, in the figure given

below, A can establish a certification path to B in the following way:

X<<W>> W <<V>> V <<Y>> <<Z>> Z <<B>> When A has obtained these certificates, it can decrypt the certification path in sequence to recover a

copy of B's public key.

Using this public key, A can send encrypted messages to B.

If B requires A's public key, it can be obtained in the similar way.

Z<<Y>> Y <<V>> V <<W>> W <<X>>X <<A>>

Q 6. Explain Kerberos in detail. / Explain the ticket granting server(TGS) scheme in Kerberos.

Kerberos is an authentication protocol.

It provides a way to authenticate clients to services to each other through a trusted third party.

Overview of Kerberos

The overview of Kerberos is shown and described below:



User logs onto workstation and request on host for TGT.

AS verifies user’s access right in database, creates ticket-granting ticket and session key. Results are encrypted using key derived from user’s password.

Workstation prompts the user for password and uses password to decrypt incoming message, then sends ticket and authentication that contain user’s name, network address and time to TGS.

TGS decrypts the ticket and authenticator, verifies request, then creates ticket for requested server.

Workstation sends ticket and authentication to server.

Server verifies that ticket and if the authenticator matches, then grants access to service. If mutual authentication is required, server returns an authenticator.

The figure shows the above exchange. Kerberos Authentication Dialogue

The following message exchanges take place for authentication through Kerberos:

Authentication service exchange to obtain Ticket granting ticket (TGT)

This exchange takes place only once per a user logon session.

User obtains a Ticket Granting Ticket from the authentication server. This ticket is sent to the Ticket

Granting Server to obtain service tickets.

C → AS: IDc || IDtgs || TS1

AS → C: E(Kc, [Kc, tgs || IDtgs || TS2 || Lifetime2 || Tickettgs])

Tickettgs = E(Ktgs, [Kc, tgs || IDC || ADC ||IDtgs || TS2 || Lifetime2])

Ticket-Granting service exchange to obtain Service Granting Ticket

This exchange takes place for each type of service.

Here, the user presents the TGT to the ticket granting server. The TGS return a Service Granting Ticket to the user after proper authentication.

An authenticator is added in the message which is encrypted using the key shared by the user and TGS



C → TGS: IDv || Tickettgs || Authenticatorc

TGS → C: E(Kc, tgs, [Kc, v || IDV || TS4 || Lifetime4 || Ticketv])

Ticketv = E(Kv, [Kc, v || IDC || ADC ||IDV || TS4 || Lifetime4])

Authenticatorc = E(Kc, tgs, [IDC ||ADC || TS3])

Client-Server authentication exchange to obtain service

The user sends the Service Granting Ticket to the application server (of which the service is needed).

The message also contains authenticator which proves the sender’s identity to the server. Moreover, the

server replies with the timestamp present in the authenticator. This authenticates the server to the user.

C → V: Ticketv || Authenticatorc

V → C: E(Kc, v, TS5 +1)

Authenticatorc = E(Kc, v, [IDC ||ADC || TS5])

Kerberos Realm

A Kerberos realm is a set of managed nodes that share the same Kerberos database.

The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room.

A read-only copy of the Kerberos database might also reside on other Kerberos computer systems.

However, all changes to the database must be made on the master computer system using Kerberos master password.

A Kerberos principal is a service or user that is known to the Kerberos system. Each Kerberos principal is identified by its principal name

Networks of clients and servers under different administrative organizations constitute different realms.

For inter realm communication, the Kerberos servers in the two realms must be authenticated and registered to each other.

A user wishing service on a server in another realm obtains a ticket for that server as given below:

1. C →AS: IDc||IDtgs||TS1



2. AS→ C: E(Kc, [Kc,tgs||IDtgs||TS2||Lifetime2||Tickettgs]

3. C→ TGS: IDtgsrem||Tickettgs||Authenticatorc

4. TGS→ C: E(Kc,tgs, [Kc,tgsrem||IDtgsrem||TS4||Tickettgsrem])

5. C→ TGSrem: IDvrem||Tickettgsrem||Authenticatorc

6. TGSrem→ C: E(Kc,tgsrem , [Kc,vrem||IDvrem||TS6||Ticketvrem])

7. C→ Vvrem: Ticketvrem||Authenticatorc

where IDtgsrem is the identity of remote TGS,

Tickettgsrem is the TGT for remote TGS,

IDvrem is the identity of remote server and

Ticketvrem is the Service granting ticket for remote server.

Q 7. Define the terms in Kerberos. Also state the requirements of Kerberos.

Kerberos protocol Terminology

1. Authentication Server (AS): A server that issues tickets for a desired service which are in turn given

to users for access to the service.

2. Client: An entity on the network that can receive a ticket from Kerberos.

3. Credentials: A temporary set of electronic credentials that verify the identity of a client for a

particular service. It also called a ticket.

4. Credential cache or ticket file: A file which contains the keys for encrypting communications between

a user and various network services.

5. Crypt hash: A one-way hash used to authenticate users.

6. Key: Data used when encrypting or decrypting other data.

7. Key distribution center (KDC): A service that issue Kerberos tickets and which usually run on the

same host as the ticket-granting server (TGS).

8. Realm: A network that uses Kerberos composed of one or more servers called KDCs and a potentially

large number of clients.

9. Ticket-granting server (TGS): A server that issues tickets for a desired service which are in turn given

to users for access to the service. The TGS usually runs on the same host as the KDC.

10. Ticket-granting ticket (TGT) : A special ticket that allows the client to obtain additional tickets

without applying for them from the KDC.

Requirements of Kerberos

Secure: Kerberos should be strong enough that a potential opponent does not find it to be the weak link.

Reliable: For all services that rely on Kerberos for access control, lack of availability of the Kerberos

service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and

should employ distributed server architecture, with one system able to back up another.

Transparent: Ideally, the user should not be aware that authentication is taking place, beyond the

requirement to enter a password.

Scalable: The system should be capable of supporting large numbers of clients and servers. This suggests

a modular, distributed architecture.



Q 8. Differentiate Kerberos version 4 and version 5.

The environmental shortcomings of Kerberos version 4 and their corresponding improvements in version 5 are listed below: 1. Encryption system dependence: Version 4 requires the use of DES whereas version 5 includes a

ciphertext tag with an encryption type identifier so that any encryption technique may be used. 2. Internet protocol dependence: Version 4 requires the use of Internet Protocol (IP) addresses. Version

5 allows any network address type to be used. 3. Message byte ordering: In version 4, the sender of a message employs a byte ordering of its own

choosing but in version 5, all message structures are defined using Abstract Syntax Notation One (ASN.1) and Basic Encoding Rules (BER), which provide an unambiguous byte ordering.

4. Ticket lifetime: Lifetime values in version 4 are encoded in an 8-bit, each unit of 5 minutes. Thus, the maximum lifetime that can be expressed is 28 x 5 = 1280 minutes, or a little over 21 hours. In version 5, tickets include an explicit start time and end time, allowing tickets with arbitrary lifetimes.

5. Authentication forwarding: Version 4 does not allow credentials issued to one client to be forwarded to some other host and used by some other client. For example, a client issues a request to a print server that then, cannot access the client's file from a file server, using the client's credentials for access. Version 5 provides this capability.

6. Inter realm authentication: In version 4, interoperability among realms requires many Kerberos-to-Kerberos relationships but version 5 supports a method that requires fewer relationships.

Technical deficiencies of version 4 and its alternate in version 5 are: 1. Double encryption: The tickets provided to clients are encrypted twice, once with the secret key of

the target server and then again with a secret key known to the client. The second encryption is not necessary and is computationally wasteful.

2. PCBC encryption: Encryption in version 4 makes use of a nonstandard mode of DES known as propagating cipher block chaining (PCBC) which is vulnerable to attack. Version 5 allows the standard CBC mode to be used for encryption.

3. Session keys: Each ticket includes a session key used for encrypting messages. However, because the same ticket may be used repeatedly, replay attack is possible. In version 5, it is possible for a client and server to negotiate a subsession key, which is to be used only for that one connection.

4. Password attacks: Both versions are vulnerable to a password attack. The message from the AS to the client includes material encrypted with a key based on the client's password. An opponent can capture this message and attempt to decrypt it by trying various passwords. Thus the opponent can discover the client's password and may subsequently use it to gain authentication credentials from Kerberos.

Q 9. Write a note on Active Directory Service of Windows NT

Active Directory Service of Windows NT will be the next generation of NT Directory Services.

This extends the previous Windows-based directory services and will provide a single administration point for locating and managing all system resources.

It is designed to scale to the largest of enterprises and contain millions of items that could be distributed over many thousands of computers.

It is more secure, stable and scalable domain infrastructure.

Active Directory supports a fully integrated public key infrastructure and Internet secure protocols, such as LDAP over SSL, to let organizations securely extend selected directory information beyond their firewall to extranet users. Thus, Active Directory strengthens security.

Active Directory makes it easier for administrators to manage and deploy network changes and policies to all of the machines connected to the domain.

The Microsoft Active Directory system is a replacement for the domain system used to manage administrative data in Windows NT 4.0. Active Directory is built on top of the Domain Name System.

An Active Directory domain also stores user names and passwords. To authenticate users, Active Directory is built on top of Kerberos 5.

Kerberos uses encrypted communication to avoid transmitting passwords in the clear.

160702 – Information Security (IS) Unit-8 IP Security Email Security


Q 1. Explain modes of operations of IPsec and applications of IPsec

Both AH and ESP support two modes of operations: transport and tunnel mode.

Transport Mode

Transport mode provides protection primarily for upper-layer protocols.

Examples include a TCP or UDP segment or an ICMP packet.

Transport mode is used for end-to-end communication between two hosts (e.g., a client and a server,

or two workstations).

The payload is the data that normally follows the IP header.

ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP header.

AH in transport mode authenticates the IP payload and selected portions of the IP header.

Tunnel Mode

Tunnel mode provides protection to the entire IP packet.

Tunnel mode is used when one or both ends of an SA are a security gateway, such as a firewall or router

that implements IPSec.

With tunnel mode, a number of hosts on networks behind firewalls may engage in secure

communications without implementing IPSec.

The hosts simply generate unprotected packets. These packets are secured by tunnel mode SA set up

by the IPSec in firewall router at the boundary of the network. This packet is then tunneled (transmitted

securely) through external networks.

ESP in tunnel mode encrypts and optionally authenticates the entire inner IP packet, including the inner

IP header.

AH in tunnel mode authenticates the entire inner IP packet and selected portions of the outer IP

header.

Tunnel mode is used to create Virtual Private Networks (VPN) for network-to-network communications

(e.g. between routers to link sites), host-to-network communications (e.g. remote user access), and

host-to-host communications (e.g. private chat)



Applications of IPSec

Secure branch office connectivity over the Internet: A company can build a secure virtual private

network over the Internet or over a public WAN.

Secure remote access over the Internet: An end user whose system is equipped with IP security

protocols can make a local call to an Internet service provider (ISP) and gain secure access to a company

network.

Establishing extranet and intranet connectivity with partners: IPSec can be used to secure

communication with other organizations, ensuring authentication and confidentiality and providing a

key exchange mechanism.

Enhancing electronic commerce security: IPSec enhances the security of already secure web and

electronic commerce applications for extra security.

IPSec enables varied applications to support services like encrypt and/or authenticate all traffic at the IP

level.

All distributed applications, including remote logon, client/server, e-mail, file transfer, Web access, and

so on, can be secured.

Q 2. What parameters characterize the nature of a particular security association in IPSec.

A security association is a one-way relationship between a sender and a receiver that provides security

services to the traffic carried on it.

A security association is normally defined by the following parameters:

o Security Parameters Index (SPI): A bit string carried in AH and ESP headers to enable the receiving

system to select the SA under which a received packet will be processed.

o Sequence Number Counter: A 32-bit value used to generate the Sequence Number field in AH or

ESP headers.

o Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number Counter

should generate an auditable event and prevent further transmission of packets on this SA

o Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay.



o AH Information: Authentication algorithm, keys, key lifetimes, and related parameters being used

with AH.

o ESP Information: Encryption and authentication algorithm, keys, initialization values, key lifetimes,

and related parameters being used with ESP.

o Lifetime of This Security Association: A time interval or byte count after which an SA must be

replaced with a new SA or terminated, plus an indication of which of these actions should occur.

o IPSec Protocol Mode: Tunnel, transport, or wildcard.

o Path MTU: Any observed path maximum transmission unit (maximum size of a packet that can be

transmitted without fragmentation) and aging variables.

Q 3. List the benefits of using IPSec and also give a brief overview of IPSec documents.

The benefits of IPSec are given below:

o When IPSec is implemented in a firewall or router, it secures all the traffic crossing the perimeter.

Traffic within a company or workgroup does not need to be secured and hence reduces the

overhead.

o IPSec is implemented below the transport layer (TCP, UDP) and so it is transparent to applications.

There is no need to change software on a user or server system when IPSec is implemented in the

firewall or router.

o When IPSec is implemented in firewall, it is resistant to bypass.

o IPSec can be transparent to end users. There is no need to train users on security mechanisms.

o IPSec can also provide security for individual users if needed. This is useful for offsite workers and

for setting up a secure virtual sub-network within an organization for sensitive applications.

o IPSec, when implemented in router, gives authorization of various packets coming from other

routers.

IPSec Documents

The IPSec documents are divided into seven groups:

o Architecture: Covers the general concepts, security requirements, definitions, and mechanisms

defining IPSec technology.

o Encapsulating Security Payload (ESP): Covers the packet format and general issues related to the

use of the ESP for packet encryption and, optionally, authentication.

o Authentication Header (AH): Covers the packet format and general issues related to the use of AH

for packet authentication.

o Encryption Algorithm: A set of documents that describe how various encryption algorithms are

used for ESP.

o Authentication Algorithm: A set of documents that describe how various authentication algorithms

are used for AH and for the authentication option of ESP.

o Key Management: Documents that describe key management schemes.

o Domain of Interpretation (DOI): Contains values needed for the other documents to relate to each

other. These include identifiers for approved encryption and authentication algorithms, as well as

operational parameters such as key lifetime.



IPSec documents

Q 4. List IPSec services and how are the services applied to IP traffic.

Following services are provided by IPSec:

o Access control

o Connectionless integrity

o Data origin authentication

o Rejection of replayed packets (using a form of partial sequence integrity)

o Confidentiality (using encryption)

o Limited traffic flow confidentiality

If IPSec protection is to be provided, then IP traffic is related to specific SAs. The means by which IP

traffic is related to specific SAs is the Security Policy Database (SPD).

Each SPD entry is defined by a set of IP and upper-layer protocol field values, called selectors. These

selectors are used to filter outgoing traffic in order to map it into a particular SA.

The following selectors determine an SPD entry:

o Destination IP Address: This may be a single IP address or a list of addresses, or a wildcard (mask)

address. The latter two are required to support more than one destination system sharing the same

SA (e.g., behind a firewall).

o Source IP Address: This may be a single IP address, a list of addresses, or a wildcard (mask) address.

o UserID: A user identifier from the operating system. It is available if IPSec is running on the same

operating system as the user.

o Data Sensitivity Level: Used for systems providing information flow security (e.g., Secret or

Unclassified).



o Transport Layer Protocol: Obtained from the IPv4 Protocol or IPv6 Next Header field. This may be

an individual protocol number, a list of protocol numbers, or a range of protocol numbers.

o Source and Destination Ports: These may be individual TCP or UDP port values, a list or a wildcard

port.

Processing of packet obeys the following sequence for each IP packet:

o Compare the values of the appropriate fields in the packet (the selector fields) against the SPD to

find a matching SPD entry. The entry will point to zero or more SAs.

o Determine the SA (if any) for this packet and its associated SPI.

o Do the required IPSec processing (i.e., AH or ESP processing).

Q 5. What is the difference between transport mode and tunnel mode?

Transport Mode Tunnel Mode

Authenticates IP payload and selected portions

of IP header and IPv6 extension headers.

Authenticates entire inner IP packet (inner

header plus IP payload) plus selected portions

of outer IP header and outer IPv6 extension

headers.

Encrypts IP payload and any IPv6 extension

headers following the ESP header.

Encrypts entire inner IP packet.

Encrypts IP payload and any IPv6 extension

headers following the ESP header.

Authenticates IP payload but not IP header.

Encrypts entire inner IP packet. Authenticates

inner IP packet.

Transport mode provides protection primarily

for upper-layer protocols.

Tunnel mode provides protection to the entire

IP packet.

Transport mode is used for end-to-end

communication between two hosts.

With tunnel mode, a number of hosts on

networks behind firewalls may engage in

secure communications without implementing

IPSec.

Q 6. Explain Authentication header in detail.

Authentication Header

The Authentication Header provides support for data integrity and authentication of IP packets.

Authentication is based on the use of a message authentication code (MAC), hence the two parties

must share a secret key.

The Authentication Header consists of the following fields:

Authentication Header format



o Next Header (8 bits): Identifies the type of header immediately following this header.

o Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2.

o Reserved (16 bits): For future use.

o Security Parameters Index (32 bits): Identifies a security association.

o Sequence Number (32 bits): A monotonically increasing counter value.

o Authentication Data (variable): A variable-length field (must be an integral number of 32-bit

words) that contains the Integrity Check Value (ICV), or MAC, for this packet

The Authentication Header provides two services:

1. Anti-replay service 2. Data Integrity Check

Anti-Replay Service

The Sequence Number field is designed to prevent replay attacks.

When a new SA is established, the sender initializes a sequence number counter to 0 which is

incremented by 1 for every message sent this SA.

If anti-replay functionality is required, the sender must not allow the sequence number after 232 - 1 to

cycle back to zero. Otherwise, there would be multiple valid packets with the same sequence number.

If the limit of 232 - 1 is reached, the sender should terminate this SA and negotiate a new SA with a new

key.

Moreover, an anti-replay window is maintained with default size 64 bits.

The right edge of the window represents the highest sequence number, N, so far received.

The packets that have been received with sequence number in the range from N – W + 1 to N have a

marked slot in the window.

Anti-replay window

When a new packet arrives:

o If the received packet falls within the window and is new, the MAC is checked. If the packet is

authenticated, the corresponding slot in the window is marked.

o If the received packet is to the right of the window and is new, the MAC is checked. If the packet is

authenticated, the window is advanced and the corresponding slot is marked.

o If the received packet is to the left of the window, or if authentication fails, the packet is discarded;

this is an auditable event.

Data Integrity Check

The Authentication Data field holds a value called the Integrity Check Value.

The ICV contains the first 96 bits of message authentication code.



HMAC-MD5 or HMAC-SHA is used for MAC.

The MAC is calculated over IP header fields that either do not change in transit (immutable) or that are

predictable in value upon arrival at the endpoint for the AH SA.

Transport and Tunnel Modes in AH

There are two ways in which the IPSec authentication service can be used.

o Authentication is provided directly between a server and client workstations; the workstation can

be either on the same network as the server or on an external network with workstation and server

sharing a secret key. Such authentication is achieved by using a transport mode SA.

o A remote workstation authenticates itself to the corporate firewall, either for access to the entire

internal network or because the requested server does not support the authentication feature. This

uses a tunnel mode SA.

End-to-End authentication by transport mode

End-to-intermediate authentication by tunnel mode

Transport Mode-AH



Tunnel Mode-AH

Q 6. What is the general format of an ESP? Also explain the ESP services can be used.

Encapsulating Security Payload

The Encapsulating Security Payload provides confidentiality services, including confidentiality of

message contents and a limited traffic flow confidentiality.

ESP can also provide an authentication service, if required.

An ESP packet contains the following fields:

ESP Packet

o Security Parameters Index (32 bits): Identifies a security association.

o Sequence Number (32 bits): A counter value. It provides an anti-replay function just as in AH.

o Payload Data (variable): This is a transport-level segment (transport mode) or IP packet (tunnel

mode) that is protected by encryption.

o Padding (0-255 bytes): The reasons for padding are discussed later.

o Pad Length (8 bits): Indicates the number of pad bytes.

o Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying

the first header in that payload.

o Authentication Data (variable): A variable-length field (must be an integral number of 32-bit

words) that contains the Integrity Check Value of the ESP packet minus the Authentication Data

field.

The Payload Data, Padding, Pad Length, and Next Header fields are encrypted by the ESP service.

Currently, DES in cipher block chaining (CBC) mode must be supported for encryption.



However, other algorithms like Three-key triple DES, RC5, IDEA etc can also be used.

ESP also supports the use of a MAC (using HMAC-SHA or HMAC-MD5) of length 96 bits.

The Padding field is required for the following reasons:

o If an encryption algorithm requires the plaintext to be a multiple of some number of bytes, the

Padding field is used to expand the plaintext to the required length.

o The ESP format requires that the Pad Length and Next Header fields be right aligned within a 32-bit

word. The Padding field is used to assure this alignment.

o Additional padding can also be used to provide partial traffic flow confidentiality by concealing the

actual length of the payload.

Transport and Tunnel modes in ESP

Transport and Tunnel Modes show two ways in which the IPSec ESP service can be used.

Using transport mode, encryption is provided directly between two hosts.

Transport mode ESP is used to encrypt and optionally authenticate the data carried by IP.

Transport mode operation provides confidentiality for any application that uses it, thus avoiding the

need to implement confidentiality in every individual application.

This mode of operation is also reasonably efficient, adding little to the total length of the IP packet.

One drawback to this mode is that it is possible to do traffic analysis on the transmitted packets.

Transport mode

Tunnel mode operation can be used to set up a virtual private network.

Tunnel mode ESP is used to encrypt an entire IP packet.

In the figure given below, an organization has four private networks interconnected across the Internet.

Tunnel mode

Hosts on the internal networks use the Internet for transport of data but do not interact with other

Internet-based hosts.

By terminating the tunnels at the security gateway to each internal network, the configuration allows

the hosts to avoid implementing the security capability.

In this mode, the ESP header is prefixed to the packet and then the packet plus the ESP trailer is



encrypted. Thus, this method can be used to counter traffic analysis.

Transport Mode-ESP

Tunnel Mode-ESP

Q 7. What are the features of PGP? Also, explain the services provided by PGP.

The reasons for the wide use of PGP are its features which are cited below:

o It is freely available worldwide and runs a variety of platforms, like Windows, UNIX, Macintosh, and

many more.

o A low cost commercial version is also available.

o It is based on algorithms like RSA, DSS, Diffie-Hillman, CAST-128, IDEA, 3DES SHA-1 that have

survived extensive public review and are considered extremely secure. In other words, PGP uses

best available algorithms.

o It has a wide range of applicability, from corporations to individuals with different types and levels

of service and security.

o It was not developed by, nor is it controlled by, any governmental or standards organization.

o PGP is now an Internet standard.



Services provided by PGP

Basically, PGP provides 5 types of services:

o Authentication

o Confidentiality

o Compression

o E-mail compatibility

o Segmentation

Authentication

Authentication is provided by the digital signature service provided by PGP.

The sequence is as follows:

o The sender creates a message.

o SHA-1 is used to generate a 160-bit hash code of the message.

o The hash code is encrypted with RSA using the sender's private key, and the result is prepended to

the message.

o The receiver uses RSA with the sender's public key to decrypt and recover the hash code and

compares it with the hash code calculated from the message.

Signatures can also be generated using DSS/SHA-1.

Detached signatures are also supported in PGP. A detached signature may be stored and transmitted

separately from the message it signs.

Confidentiality

Confidentiality is provided by encrypting messages to be transmitted or to be stored locally as files.

CAST-128, IDEA or 3DES may be used for encryption. The 64-bit cipher feedback (CFB) mode is used.

In PGP, each symmetric key is used only once. The session key is bound to the message and transmitted

with it.

To protect the key, it is encrypted with the receiver's public key.

To reduce encryption time, the combination of symmetric and public-key encryption is used rather than

using RSA to encrypt the message directly.

The use of the public-key algorithm solves the session key distribution problem.

Also, the use of one-time symmetric keys strengthens what is already a strong symmetric encryption

approach.

Confidentiality and Authentication



When both confidentiality and authentication are needed, first a signature is generated for the

plaintext message and prepended to the message.

Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES), and the

session key is encrypted using RSA (or Diffie-Hillman).

Compression

PGP compresses a message after applying the signature but before encryption.

The signature is generated before compression for two reasons:

o If an uncompressed message is signed, then one has to store only the uncompressed message

together with the signature for future verification.

o PGP's compression algorithm presents a difficulty. The algorithm is not deterministic; various

implementations of the algorithm produce different compressed forms.

Message encryption is applied after compression to strengthen cryptographic security.

Because the compressed message has less redundancy than the original plaintext, cryptanalysis is more

difficult.

The compression algorithm used is ZIP.

E-mail Compatibility

When PGP is used, at least part of the block to be transmitted is encrypted.

If only the signature service is required, then the message digest is encrypted (with the sender's private

key).

If the confidentiality service is required, the message plus signature (if present) are encrypted (with a

one-time symmetric key).

The resulting block consists of a stream of arbitrary 8-bit octets.

However, many electronic mail systems only permit the use of blocks consisting of ASCII text.

To overcome this restriction, PGP provides the service of converting the raw 8-bit binary stream to a

stream of printable ASCII characters. The scheme used for this purpose is radix-64 conversion.

Each group of three octets of binary data is mapped into four ASCII characters.

This format also appends a CRC to detect transmission errors.

Radix-64 algorithm blindly converts the input stream to radix-64 format regardless of content, even if

the input happens to be ASCII text. Thus, if a message is signed but not encrypted and the conversion is

applied to the entire block, the output will be unreadable to the casual observer, which provides a

certain level of confidentiality.

Optionally, PGP can be configured to convert to radix-64 format only the signature portion of signed

plaintext messages. This enables the human recipient to read the message without using PGP.

PGP would be required only to verify the signature.



Segmentation and Reassembly

E-mail facilities are restricted to a maximum message length.

For example, many of the facilities accessible through the Internet impose a maximum length of 50,000

octets.

Any message longer than that must be broken up into smaller segments, each of which is mailed

separately.

PGP automatically subdivides a message that is too large into segments that are small enough to send

via e-mail.

The segmentation is done after all of the other processing, including the radix-64 conversion.

Thus, the session key component and signature component appear only once, at the beginning of the

first segment.

At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block.

Q 8. Explain Pretty Good Privacy in detail.

PGP makes use of three types of keys: one-time session symmetric keys, public - private key pairs, and

passphrase-based symmetric keys.

Session keys

Session keys are used for one message only.

These are generated from the algorithm itself for which the keys are to be used.

For example, if CAST-128 is being used for encryption, then 2 64-bit blocks are encrypted with CAST-128

using cipher feedback mode and joined to form the 128-bit key for the algorithm.

The plaintext input to the algorithm is derived randomized numbers based on the user’s keystroke.

Key Identifiers

A user may have multiple public-private key pairs. Hence, a field named KeyID is included in the PGP

message to identify which key is to be used for decryption.



The KeyID field contains the least significant 64 bits of the public key. (i.e. ID of PUA = PUA mod 264).

This ID has a high probability of being unique within a UserID.

Key Rings

Every PGP user has to maintain 2 data-structures: public key ring and private key ring.

The fields of a private key ring are:

o Timestamp: The date/time when this key pair was generated.

o Key ID: The least significant 64 bits of the public key for this entry.

o Public key: The public-key portion of the pair.

o Private key: The private-key portion of the pair; this field is encrypted.

o User ID: Typically, this will be the user’s e-mail address. A user may associate a different name with

each pair.

Passphrase-based key symmetric key: The private key itself is not stored in the key ring.

It is encrypted using CAST-128 (or IDEA or 3DES).

The procedure is as follows:

o The user selects a passphrase to be used for encrypting private keys.

o When the system generates a new public/private key pair using RSA, it asks the user for the

passphrase. Using SHA-1, a 160-bit hash code is generated from the passphrase, and the passphrase

is discarded.

o The system encrypts the private key using CAST-128 with the 128 bits of the hash code as the key.

The hash code and private key is then discarded, and the encrypted private key is stored in the

private-key ring.

When a user retrieves a private key, he or she must supply the passphrase.

PGP will generate the hash code of passphrase and use it as a key to CAST-128 (or the algorithm used)

to decrypt the private key.

The fields of a public key ring are:

o Timestamp: The date/time when this entry was generated.

o Key ID: The least significant 64 bits of the public key for this entry.

o Public Key: The public key for this entry.

o User ID: Identifies the owner of this key. Multiple user IDs may be associated with a single public

key.

o Owner trust: Indicates the degree to which this public key is trusted to sign other public-key

certificates

o Key legitimacy: indicates the extent to which PGP will trust that this is a valid public key for this

user.

o Signature: Signatures of CA that the key ring owner has collected to sign this certificate.

o Signature trust: Indicates the degree to which this PGP user trusts the signer to certify public keys.

Message generation and Reception

Consider message transmission from A to B and assume that the message is to be both signed and

encrypted. The PGP performs the following steps.

Transmitting a message

o Signing the message:

PGP retrieves the sender’s private key from the private-key ring using your_userid as an index.

If your_userid was not provided in the command, the first private key on the ring is retrieved.

PGP prompts the user for the passphrase to recover the unencrypted private key.

The signature component of the message is constructed.



o Encrypting the message:

PGP generates a session key and encrypts the message.

PGP retrieves the recipient’s public key from the public-key ring using her_userid as an index.

The session key component of the message is constructed.

Message Transmission

The receiving PGP entity performs the following steps:

o Decrypting the message:

PGP retrieves the receiver’s private key from the private-key ring using the Key ID field in the

session key component of the message as an index.

PGP prompts the user for the passphrase to recover the unencrypted private key.

PGP then recovers the session key and decrypts the message.

o Authenticating the message:

PGP retrieves the sender’s public key from the public-key ring using the KeyID field in the

signature key component of the message as an index.

PGP recovers the transmitted message digest.

PGP computes the message digest for the received message and compares it to the transmitted

message digest to authenticate.



Message Reception

Revoking Public Keys

A user may wish to revoke his or her current public key because

o A compromise is suspected. That is the opponent has somehow obtained the unencrypted private

key or the passphrase.

o To avoid the use of the same key for an extended period.

To revoke a public key, the owner issues a key revocation certificate, signed with the corresponding

private key by the owner.

This certificate has the same form as a normal signature certificate but includes an indicator that the

purpose of this certificate is to revoke the use of this public key.

The owner should then attempt to disseminate this certificate as widely and as quickly as possible so

that the potential correspondents update their public-key rings.

Q 9. Why is the segmentation and reassembly function in PGP (Pretty Good Privacy) needed?

PGP provides a confidentiality and authentication service that can be used for electronic mail and file

storage applications.

E-mail facilities are restricted to a maximum message length. Any message longer than a certain fixed

size must be broken up into smaller segments, each of which is mailed separately.

Hence, PGP automatically subdivides a message that is too large into segments that are small enough to

send via e-mail.

The segmentation is done after all of the other processing, including the radix-64 conversion. Thus, the

session key component and signature component appear only once, at the beginning of the first

segment.

At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block

before performing the steps. Reassembly is needed for the recovery of entire message as it had been



divided into parts at the time of segmentation.

Q 10. Explain the general format of PGP (Pretty Good Privacy) message. Assume that message is going from A

to B.

The general format of a PGP message from A to B is shown in the figure below:

A message consists of three components:

o The message component

o A signature (optional)

o A session key component (optional).

The message component includes the actual data to be stored or transmitted, as well as a filename and

a timestamp that specifies the time of creation.

The signature component includes the following.

o Timestamp: The time at which the signature was made.

o Message digest: The 160-bit SHA-1 digest encrypted with the sender’s private key. The digest is

calculated over the signature timestamp plus the data portion of the message component. The

inclusion of the signature timestamp in the digest thwarts replay attacks.

o Leading two octets of message digest: These octets are compared with the first two octets of the

decrypted digest. This enables the recipient to determine if the correct public key was used to decrypt

the message digest.

o Key ID of sender’s public key: Identifies the public key that should be used to decrypt the message

digest.

The message component and optional signature component may be compressed using ZIP and may be

encrypted using a session key.

The session key component includes the session key and the identifier of the recipient’s public key that

was used by the sender to encrypt the session key.

The entire block is usually encoded with radix-64 encoding.



Q 11. Explain S/MIME in detail.

Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancement to the MIME Internet

e-mail format standard.

S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages.

S/MIME is used in several mail agents like MS Outlook, Mozilla, MAC Mail etc.

Functions of S/MIME

S/MIME provides the following functions:

o Enveloped data: This consists of encrypted content of any type and encryption.

o Signed data: A digital signature is formed by taking the message digest of the content to be signed

and then encrypting that with the private key of the signer.

The content plus signature are then encoded using base64 encoding.

A signed data message can only be viewed by a recipient with S/MIME capability.

o Clear-signed data: A digital signature of the content is formed. However, only the digital signature

is encoded using base64.

Message is transmitted in text form.

Hence, recipients without S/MIME capability can view the message content, although they

cannot verify the signature.

o Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that

encrypted data may be signed and signed data or clear-signed data may be encrypted.

Cryptographic Algorithms

The following algorithms are supported by S/MIME. The first algorithm in each type must be supported

by an S/MIME implementation.

o Hash: SHA, MD5

o Digital Signature: DSS, RSA

o Session key encryption: RSA, Diffie-Hillman (El-Gamal)

o Message encryption: Triple DES, AES, RC2/40

The following rules should be followed by a sending agent in choosing encryption algorithm.

o If the sending agent has a list of preferred algorithms of intended recipient, it SHOULD choose the

first algorithm on the list that it is capable of using.

o If the sending agent has no such list, then the outgoing message SHOULD use the same encryption

algorithm as was used in the last message received from that intended recipient.

o If the sending agent has no such knowledge and is willing to risk that the recipient may not be able

to decrypt the message, then the sending agent SHOULD use triple DES.

o If the sending agent has no such knowledge and is not willing to risk that the recipient may not be

able to decrypt the message, then the sending agent MUST use RC2/40.

S/MIME Messages

A MIME entity may be an entire message or one or more sub-parts (if the MIME content type is

multipart).

Securing A Mime Entity

o S/MIME secures a MIME entity with a signature, encryption, or both.

o Then the MIME entity plus some security-related data, such as algorithm identifiers and certificates,

are processed by S/MIME to produce a PKCS object.



o A PKCS object is then treated as message content and a MIME header is added to it.

o The message to be sent is converted to canonical form. Canonical form is a format that is

standardized for use between systems.

o Transfer encoding (base64) is then applied to the message. The use of transfer encoding requires

special attention.

S/MIME Content Types

Signed data

Enveloped data

Clear-signed data: these have been described earlier.

Compressed data: a compressed S/MIME entity.

Degenerate signed data (Certificates only message): a signed data containing only public key

certificates. This message is same as a signed Data message, except that there is no message content

and the signer Info field is empty.

Registration Request: an application or user has to apply to a certification authority for a public-key

certificate. The certification request includes certification Request Info block, identifier of the public-key

encryption algorithm, signature of the certification Request Info block made using the sender’s private

key.

o The certification Request Info block includes a name of the certificate subject and a bit-string

representation of the user’s public key.

S/MIME Certificate Processing

S/MIME uses X.509 version 3 certificates.

The responsibility is local for maintaining the certificates needed to verify incoming signatures and to

encrypt outgoing messages.

User Agent Role: An S/MIME user has several key-management functions to perform.

o Key generation: The user must be capable of generating separate Diffie-Hellman, RSA and DSS key

pairs. Each key pair must be totally random and protected in secure manner.

o Registration: A user’s public key must be registered with a certification authority in order to receive

an X.509 public-key certificate.

o Certificate storage and retrieval: A user requires access to a local list of certificates in order to

verify incoming signatures and to encrypt outgoing messages.

VeriSign Certificates: VeriSign issues X.509 certificates with the product name VeriSign Digital ID.

o The Digital ID generally contains owner’s public key, name, expiration date of the Digital ID, serial

number of the Digital ID, name of the CA that issued the Digital ID, digital signature of the CA that

issued the Digital ID.

o Digital IDs can also contain other user-supplied information, including address, E-mail address, basic

registration information (country, zip code, age, and gender), etc.

o VeriSign provides three levels of security for public-key certificates:

For Class 1 Digital IDs, VeriSign confirms the user’s e-mail address by sending a PIN and Digital

ID pick-up information to the e-mail address provided in the application.

For Class 2 Digital IDs, VeriSign verifies the information in the application through an automated

comparison with a consumer database plus all of the checking associated with a Class 1 Digital

ID. Finally, confirmation is sent to the specified postal address alerting the user that a Digital ID

has been issued in his or her name.

For Class 3 Digital IDs, VeriSign requires a higher level of identity assurance. An individual must



prove his or her identity by providing notarized credentials or applying in person.

Enhanced Security Services

Three enhanced security services have been proposed:

o Signed receipts: The recipient signs the original message plus sender’s signature and sends the

message back to sender. A signed receipt

Provides proof of delivery.

Allows the sender to demonstrate to a third party that the recipient received the message in

case of disputes.

o Security labels: A security label is a set of security information regarding the sensitivity of the

content.

The labels may be used for access control, by indicating which users are permitted access to an

object.

They can also include priority (secret, confidential, restricted, and so on)

Role based access control, describing which kind of people can see the information.

o Secure mailing lists: When a user sends a message to multiple recipients, per-recipient processing

is required, including the use of each recipient’s public key. This processing is handles by the

S/MIME Mail List Agent (MLA).

Q 12. Explain the trust model of PGP.

The figure shows the structure of a public-key ring.

The user has acquired a number of public keys, some directly from their owners and some from a third

party such as a key server.

PGP trust model

The node labelled “You” refers to owner of the public-key ring.

The key of this user is legitimate, and the OWNERTRUST value is ultimate trust.



Each other node in the key ring has an OWNERTRUST value of undefined unless some other value is

assigned by the user.

In this example, this user has specified that it always trusts the following users to sign other keys: D, E,

F, L.

This user partially trusts users A and B to sign other keys as shown in the figure.

The tree structure indicates which keys have been signed by which other users. The arrow in the figure

is from the signed key to the signatory.

If the key is signed by a user whose key is not present in this key ring, the arrow joins the signed key to

a question mark, indicating that the signatory is unknown to this user.

Most users sign the keys of owner they trust.

A key is considered legitimate if:

o The key has been signed by the owner of the key ring. Examples include A, B, C, D, E and F.

o The key is signed by at least by one fully trusted user or a combination of partially trusted users

such that the combination of the trust value is 1. Hence, the key for user H is deemed legitimate by

PGP because it is signed by A and B, both of whom are partially trusted.

If a key is determined to be legitimate because it is signed by one fully trusted or two or more partially

trusted signatories, then its user may not be trusted to sign other keys. For example, N’s key is

legitimate because it is signed by E, whom this user trusts, but N is not trusted to sign other keys

because this user has not assigned N that trust value.

Therefore, although R’s key is signed by N, PGP does not consider R’s key legitimate.

A node is said to be a detached “orphan” node if it has certificates with unknown signatories. For

example node S.

Such a key may have been acquired from a key server.PGP cannot assume that this key is legitimate

simply because it came from a reputable server.

Q 13. Which algorithms are used for key management in IPSec.

The key management involves the determination and distribution of secret keys.

The IPsec Architecture document supports two types of key management:

o Manual: A system administrator manually configures each system with its own keys and with the

keys of other communicating systems. This is practical for small, relatively static environments.

o Automated: An automated system enables the on-demand creation of keys for Sas and is

advantageous in a large distributed system. The default automated key management protocol for

Ipsec is referred to as ISAKMP/Oakley protocol.

Oakley Key Determination Protocol: Oakley is a key exchange protocol based on the Diffie-Hillman

algorithm but providing added security. Oakley does not dictate specific formats.

Internet Security Association and Key Management Protocol (ISAKMP): ISAKMP provides a framework

for Internet key management and provides the specific protocol support, including formats, for

negotiation of security attributes. ISAKMP consists of a set of message types that enable the use of a

variety of key exchange algorithms.

Q 14. How various security associations can be combined?

A single SA can implement either the AH or ESP protocol but not both.

When both of these services are needed, multiple SAs must be used to achieve desired IPSec services.

A security association bundle is a sequence of SAs through which traffic must be processed to provide a

desired set of IPsec services.

Security associations may be combined into bundles in two ways:

o Transport adjacency: More than one security protocol is applied to the same IP packet without

invoking tunneling. This approach allows only one level of combination. Here, all the processing is



done at the final destination only.

o Iterated tunneling: Multiple layers of security protocols are applied through IP tunneling. This

approach allows for multiple levels of nesting, since each tunnel can originate or terminate at a

different IPsec site along the path.Authentication Plus Confidentiality

Encryption and authentication can be combined in any order to transmit an IP packet providing both

confidentiality and authentication between hosts. Several approaches are:

Authentication after encryption

o ESP with authentication option: The user first applies ESP to the data to be protected and then

appends the authentication data field. There are two subcases:

Transport mode ESP: Authentication and encryption apply to the IP payload delivered to the

host, but the IP header is not protected.

Tunnel mode ESP: Authentication applies to the entire IP packet delivered to the outer IP

destination address and authentication is performed at that destination.

o Transport adjacency: Two bundled transport SAs can be used, with the inner being an ESP SA and

the outer being an AH SA. The advantage of this approach is that the authentication covers more

fields, including the source and destination IP addresses. The disadvantage is the overhead of two

SAs versus one SA.

Encryption after authentication

o Transport-Tunnel bundle: The use of authentication before encryption is preferable. This can be

attained by a bundle consisting of an inner AH transport SA and an outer ESP tunnel SA. In this case,

authentication is applied to the IP payload plus the IP header except for mutable fields. The resulting IP

packet is then processed in tunnel mode by ESP.

Basic Combinations of Security Associations

The IPsec Architecture document lists four examples of combinations of SAs that must be supported.

For host-to-host SAs, the mode may be either transport or tunnel; otherwise it must be tunnel mode.

Case 1: All security is provided between end systems that implement IPsec. AH and ESP can be used in

transport and tunnel mode and in any combination.

Case 2: Security is provided only between gateways (routers, firewalls, etc.) and no hosts implement

IPsec. This case can be used to provide simple virtual private network. Nested tunnels are not required,

because the IPsec services apply to the entire inner packet.



Case 3. This builds on case 2 by adding end-to-end security. The gateway-to-gateway tunnel provides

either authentication, confidentiality, or both for all traffic between end systems.

Case 4. This provides support for a remote host that uses the Internet to reach an organization’s

firewall and then to gain access to some server or workstation behind the firewall. Only tunnel mode is

required between the remote host and the firewall. One or two SAs may be used between the remote

host and the local host.

160702 – Information Security (IS) UNIT-9 Web Security


Q 1. Which parameters define session state and which parameters define connection state in SSL(secure

socket Layer)?

A connection state is defined by the following parameters:

o Server and client random: Byte sequences that are chosen by the server and client for each

connection.

o Server write MAC secret: The secret key used in MAC operations on data sent by the server.

o Client write MAC secret: The secret key used in MAC operations on data sent by the client.

o Server write key: The conventional encryption key for data encrypted by the server and

decrypted by the client.

o Client write key: The conventional encryption key for data encrypted by the client and

decrypted by the server.

o Initialization vectors: When a block cipher in CBC mode is used, an initialization vector (IV) is

maintained for each key. This field is initialized by the SSL Handshake Protocol.

o Sequence numbers: Each party maintains separate sequence numbers for transmitted and

received messages for each connection. When a party sends or receives a change cipher spec

message, the appropriate sequence number is set to zero.

A session state is defined by the following parameters.

o Session identifier: A random byte sequence chosen by the server to identify an active or

resumable session state.

o Peer certificate: An X509.v3 certificate of the peer. It may be null.

o Compression method: The algorithm used to compress data.

o Cipher spec: Specifies the data encryption algorithm (such as null, AES, etc.) and a hash

algorithm (such as MD5 or SHA-1) used for MAC calculation.

o Master secret: 48-byte secret shared between the client and server.

o Is resumable: A flag indicating whether or not the session can be used to initiate new

connections.

Q 2. Explain SSL protocol in detail.

SSL protocol is implemented just above the TCP to provide web security.

SSL is designed to make use of TCP to provide a reliable end-to-end secure service.

SSL is not a single protocol but two layers of protocols

SSL Protocol stack

The SSL Record Protocol provides basic security services to various higher layer protocols.

Three higher-layer protocols are defined in SSL:

o The Handshake Protocol

o The Change Cipher Spec Protocol

o The Alert Protocol



SSL Record Protocol

The SSL Record Protocol provides two services for SSL connections: Confidentiality and Message

Integrity.

SSL Record protocol Operation

The overall operation of Record Protocol is:

o Fragmentation: Each upper-layer message is fragmented into blocks of 214 bytes (16384 bytes)

or less.

o Compression: Compression is optionally applied. Compression must be lossless and may not

increase the content length by more than 1024 bytes.

o Add message authentication code: MAC is calculated over the compressed data by the following

expression.

(optional){ MAC = hash(MAC_write_secret || pad_2|| hash(MAC_write_secret

|| pad_1|| seq_num|| SSLCompressed.type||

SSLCompressed.length || SSLCompressed.fragment))

where

|| = concatenation,

MAC_write_secret = shared secret key,

hash = cryptographic hash algorithm,

pad_1 = the byte 0x36 (0011 0110),

pad_2 = the byte 0x5C (0101 1100),

seq_num = the sequence number for this message

SSLCompressed.type = the higher-level protocol used to

process this fragment

SSLCompressed.length = the length of the compressed

fragment

SSLCompressed.fragment = the compressed fragment or plain

text (if compression is not used) }

o Encryption: The compressed message plus the MAC are encrypted using symmetric encryption.

Algorithms supported are AES, RC4-40, IDEA, RC2, DES, 3DES and Fortezza.

o Add SSL Header: A header is prepared and added to the message. The header consists of the

following fields:

Content Type (8 bits): The higher-layer protocol used to process the fragment.

Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.



Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.

Compressed Length (16 bits): The length in bytes of the fragment.

SSL Record format

Change Cipher Spec Protocol

This protocol consists of a single message of a single byte with the value 1.

Change cipher spec protocol

The purpose of this message is to cause the pending state to be copied into the current state, which

updates the cipher suite to be used on this connection.

Alert Protocol

The Alert Protocol is used to convey SSL-related alerts to the peer entity.

Each message in this protocol consists of two bytes:

o The first byte takes the value warning (1) or fatal (2) to convey the severity of the

message.

o The second byte contains a code that indicates the specific alert.

Alert protocol

If the level is fatal, SSL immediately terminates the connection. Other connections on the same

session may continue, but no new connections are established.

Some of the alerts of fatal types are unexpected_message, bad_record_mac,

decompression_failure etc.

Alerts of level warning include close_notify, no_certificate, bad_certificate etc.

Handshake Protocol

This protocol allows the server and client to authenticate each other and to negotiate an encryption

and MAC algorithm and cryptographic keys.

The Handshake Protocol is used before any application data is transmitted.

A handshake message has the following format:



o Type (1 byte): Indicates one of 10 messages of handshake protocol.

o Length (3 bytes): The length of the message in bytes.

o Content ( bytes): The parameters associated with this message.

Handshake protocol

The algorithm has four phases.

Phase 1. Establish Security Capabilities: This phase is used to initiate a logical connection and to

establish the security capabilities that will be associated with it.

o The exchange is initiated by the client, which sends a client_hello message with the following

parameters:

Version: The highest SSL version understood by the client.

Random: A client-generated random number which serves as nonce.

Session ID: A variable-length session identifier. A nonzero value indicates that

the client wishes to update the parameters of an existing session. A zero value

indicates that the client wishes to establish a new connection on a new session.

CipherSuite: This is a list that contains the cryptographic algorithms (key

exchange, encryption and MAC) supported by the client, in decreasing order of

preference.

Compression Method: This is a list of the compression methods the client

supports.

o After sending the client_hello message, the client waits for the server_hello message, which

contains the same parameters as the client_hello message.the parameters contains the values

which client had sent to the server and the server has chosen to use.

Phase 2: Server Authentication and Key Exchange: This phase provides authentication of server to

the client.

o The server sends its certificate (one or more) if it needs to be authenticated.

o The server sends a server_key_exchange message which contains the list of secret keys to be

used for the subsequent data.

o The certificate_request message is sent next which includes two parameters: certificate_type

and certificate_authorities.

o The final message in phase 2, and one that is always required, is the server_done message,

which is sent by the server to indicate the end of the server hello and associated messages.

o After sending this message, the server will wait for a client response. This message has no

parameters.

Phase 3. Client Authentication and Key Exchange: This phase provides client authentication to the

server.

o The client verifies the server certificates and checks whether the server_hello parameters are

acceptable.

o If all is satisfactory, the client sends a certificate message if the server has requested a

certificate. If no suitable certificate is available, the client sends a no_certificate alert.

o Next is the client_key_exchange message which has the same parameters as the

server_key_exchange message.

o The client may send a certificate_verify message to provide explicit verification of a client

certificate. The client encrypts all the previous messages and master secret with its private key.

Phase 4. Finish: This phase completes the setting up of a secure connection.



o The client sends a change_cipher_spec message and copies the pending CipherSpec into the

current CipherSpec.

o The client then immediately sends the finished message.

o The server sends its own change_cipher_spec message, transfers the pending to the current

CipherSpec, and sends its finished message.

At this point, the handshake is complete and the client and server may begin to exchange

application-layer data.

Handshake protocol message exchange

Cryptographic Computations

Two further items are of interest:

o The creation of a shared master secret by means of the key exchange

The shared master secret is a 48-byte value unique to this session.

First, a pre_master_secret is exchanged.

Then, the master_secret is calculated by both parties.

o The generation of cryptographic parameters from the master secret.

The parameters include a client write MAC secret, a server write MAC secret, a client write



key, a server write key, a client write IV, and a server write IV, which are generated from

the master secret.

These parameters are generated from the master secret by hashing the master secret into

a sequence of secure bytes of sufficient length for all needed parameters.

Q 3. Why is web security required?

The web provides the following threats which makes web security a must:

o The Internet is two way. Even unimportant systems like electronic publishing systems, voice

response, or fax-back are vulnerable to attacks on the Web servers over the Internet.

o The Web is increasingly serving as a platform for corporate and product information and as the

platform for business transactions. Reputations can be damaged and money can be lost if the

Web servers are subverted.

o Although Web browsers, web servers are very easy to use and manage and web content is easy

to develop, the underlying software is extraordinarily complex. This complex software may hide

many potential security flaws and hence is more vulnerable to a variety of security attacks.

o A Web server can be exploited to gain access to data and systems not part of the Web itself but

connected to the server at the local site.

o Casual and untrained users are common clients for Web-based services. Such users are not

always aware of the security risks.

Q 4. What is dual signature and explain construction of dual signature.

The purpose of the dual signature is to link two messages that are intended for two different

receivers, order information (OI) and payment information (PI).

The bank does not have to know order information and the merchant does not have to know

payment information.

The dual signature ensures privacy by keeping the two things separate.

The operation of dual signature can be summarized as

DS = E(PRc, [H(H(PI) || H(OI)])

where, PRc is the customer's private signature key

PI = payment information

OI = order information

H = Hash function

|| = concatenation

E = encryption (RSA)

Dual Signature verification

The merchant has the public key of the customer, taken from the customer's certificate; dual



signature and message digest of payment information.

The merchant can thus verify the signature:

Calculate H(PIMD||H[OI])

Compare it with D(PUc, DS)

The bank is in possession of DS, PI, the message digest for OI (OIMD), and the customer's public

key, and verification is done in the following manner:

Calculate H(H[PI]||OIMD)

Compare it with D(PUc, DS)

Requirement of dual signature

Suppose the merchant wishes to substitute another OI with the given PI to his advantage.

In absence of dual signature bank has no way of knowing which payment is for which order.

With dual signature, if the merchant wishes to substitute OI, he would need OI with same hash

code as the original OI. This is considered infeasible.

Thus, the customer is prevented from cheating by merchant.

Q 5. What is SET? List the features and requirements of SET.

SET is set of protocols and formats designed to protect credit card transactions through Internet.

Services provided by SET

o A secure communication channel

o Provides trust by using X.509V3 digital certificates

o Ensures privacy

Requirements for SET

For secured payment processing over Internet, following are the requirements of SET:

o Provide confidentiality of payment and ordering information.

o Ensure the integrity of all transmitted data.

o Provide authentication about card holder.

o Provide authentication about merchant.

o Ensure use of best security practices and system design.

o Develop a protocol that does not depend on transport security.

o Facilitate interoperability between software and network.

Features of SET

Features of SET are:

o Confidentiality of information.

o Integrity of data.

o Account authentication of card holder.

o Merchant authentication.

Q 6. Explain Secure Electronic Transaction protocol.

The sequence of event in SET system is as follows

o Customer opens an account

o Customer receives a certificate

o Merchant's certificate

o Customer places an order

o Verification of merchant



o Order and payment sent

o Request for payment authorization by merchant

o Merchant confirms order

o Merchant provides goods or service

o Merchant requests payment.

Key Technologies of SET

o Confidentiality of information : DES

o Integrity of data : RSA digital signatures with SHA-l hash codes

o Cardholder account authentication : X.509v3 digital certificates with RSA signatures

o Merchant authentication : X.509v3 digital certificates with RSA signatures

o Privacy: Separation of order and payment information using dual signatures

Secure Electronic Transaction protocol

The cardholder browses, selects, and orders the goods or services.

Till now SET transactions are not used.

Once the goods have been ordered, the following transactions take place:

o Purchase Request

o Payment Authorization

o Payment Capture

Purchase Request

The purchase request exchange consists of four messages:

o Initiate Request: The customer requests the certificates of the merchant. This message includes

the brand of the credit card that the customer is using. The message also includes an ID

assigned to this request/response pair by the customer and a nonce used to ensure timeliness.

o Initiate Response: The merchant generates a response and signs it with its private signature

key. The response includes the nonce from the customer, another nonce for the customer to

return in the next message, and a transaction ID for this purchase transaction and merchant’s

certificates and gateway’s key exchange certificates.

o Purchase Request: The cardholder verifies the merchant and gateway certificates and then

creates the OI and PI. The cardholder then prepares the Purchase Request message and

encrypts it with a one-time symmetric encryption key, Ks. The message includes:

Purchase-related information: This information will be forwarded to the payment gateway

by the merchant. It consists of PI, dual signature, OI message digest (OIMD) and a digital

envelope formed by encrypting Ks with the payment gateway's public key.

Order-related information. This information is needed by the merchant and consists of OI,

dual signature and PI message digest (PIMD).

Cardholder certificate. This contains the cardholder's public key. It is needed by the

merchant and by the payment gateway.

o When the merchant receives the Purchase Request message, it verifies the cardholder

certificates and dual signature. The merchant processes the order and forwards the payment

information to the payment gateway.

o Purchase Response: The merchant sends a purchase response to the cardholder. The Purchase

Response message includes a response block that acknowledges the order and references the

corresponding transaction number. This block is signed by the merchant using its private key.

o When the cardholder software receives the purchase response message, it verifies the



merchant's certificate and then verifies the signature on the response block.

o Finally, it takes some action based on the response, such as displaying a message to the user or

updating a database with the status of the order.

Purchase request and verification

Payment Authorization

In this step, the merchant authorizes the transaction with the payment gateway. The payment

authorization ensures that the transaction was approved by the issuer.

The payment authorization exchange consists of two messages:

o Authorization Request: The merchant sends an Authorization Request message to the payment

gateway. It consists of:

Purchase-related information. This information obtained from the customer and

forwarded by the merchant.

Authorization-related information. This information is generated by the merchant and

consists of an authorization block that includes the transaction ID, signed with the

merchant's private key and encrypted with a one-time symmetric key generated by the

merchant and a digital envelope.

Certificates. The merchant includes the cardholder's signature key certificate, the

merchant's signature key certificate and the merchant's key-exchange certificate.

o The payment gateway verifies all certificates, decrypts the digital envelope of the authorization

block to obtain the symmetric key and then decrypts the authorization block. The gateway then

verifies the merchant's signature on the authorization block.

o The digital envelope of the payment block is then decrypted to obtain the symmetric key and

then dual signature is verified.

o Authorization Response: The gateway then requests and receives an authorization from the

issuer and returns an Authorization Response message to the merchant. It includes:

Authorization-related information: Includes an authorization block, signed with the

gateway's private signature key and a digital envelope.



Capture token information. This information will be used to effect payment later.

Certificate. The gateway's signature key certificate.

o With the authorization from the gateway, the merchant can provide the goods or service to the

customer.

Payment Capture

Payment is obtained in Payment Capture transaction.

It includes two messages:

o Capture Request: The merchant generates, signs, and encrypts a capture request block, which

includes the payment amount and the transaction ID. The message also includes the encrypted

capture token received earlier.

o When the payment gateway receives the capture request message, it decrypts and verifies the

capture request block and decrypts and verifies the capture token block. It then creates a

clearing request that is sent to the issuer over the private payment network.

o This request causes funds to be transferred to the merchant's account.

o Capture Response: The gateway then notifies the merchant of payment in a Capture Response

message. The message includes a capture response block that the gateway signs and encrypts.

PS: Digital Envelope means the one time symmetric is encrypted with the receiver’s public key.

Signature key certificate is the public key certificate.

Signature key is the sender’s private key with which it signs the message

Q 7. List the participants of secure electronic transaction.

Participants of SET are:

o Cardholder: A cardholder is an authorized holder of a payment card (e.g., MasterCard, Visa)

that has been issued by an issuer.

o Merchant: A merchant is a person or organization that has goods or services to sell to the

cardholder.

o Issuer: This is a financial institution, such as a bank, that provides the cardholder with the

payment card.

o Acquirer: This is a financial institution that establishes an account with a merchant and

processes payment card authorizations and payments.

o Payment gateway: The payment gateway interfaces between SET and the existing bankcard

payment networks for authorization and payment functions.

o Certification authority (CA): This is an entity that is trusted to issue X.509v3 public-key

certificates for cardholders, merchants, and payment gateways.



SET Components

Q 8. Write a short note on firewalls.

Internet connectivity is no longer optional for organizations.

Connection to the internet of the internal network of the organization is becoming more and

more common.

However, while Internet access provides benefits to the organization, it enables the outside

world to reach and interact with local network assets.

This creates a threat to the organization.

One probable solution can be to equip each workstation and server on the premises network

with strong security features, such as intrusion protection but this is not a practical approach.

Consider a network with thousands of systems running on a variety of platforms. When a

security flaw is discovered, each potentially affected system must be upgraded to fix that flaw

which can be really cumbersome.

The alternative is the firewall.

The firewall is inserted between the premises network and the Internet to establish a

controlled link and to provide an outer security wall or perimeter.

The aim of this perimeter is to protect the premises network from Internet-based attacks and

to provide a single entry point where security and audit can be imposed.

The firewall may be a single computer system or a set of two or more systems that cooperate

to perform the firewall function.

Limitations of Firewall

The firewall cannot protect against attacks that bypass the firewall.

The firewall does not protect against internal threats, such as a disgruntled employee.

The firewall cannot protect against the transfer of virus-infected programs or files.



Q 9. Write a short note on trusted systems.

A trusted system enhances the ability of a system to defend against intruders and malicious

programs.

Sometimes it is required to protect data or resources on the basis of levels of security.

One very common example is military, where information is categorized as unclassified (U),

confidential (C), secret (S), top secret (TS), or beyond.

Here, users are granted access to certain categories of data depending on the position of user.

Such requirement is termed as multilevel security.

In a multilevel secure system:

o The simple security policy: A subject can only read an object of less or equal security level.

o The * property: A subject can only write into an object of greater or equal security level.

These services are provided by a trusted system.

In other words the main aim of trusted systems is to provide access control of data based on

security level.

A secure trusted system can secure against Trojan horse attacks.

Q 10. List various firewall design principles.

Design goals of firewall are:

o All traffic from or to the internal network must pass through the firewall. This is

achieved by physically blocking all access to the local network except via the firewall.

o Only authorized traffic, as defined by the local security policy, will be allowed to pass.

This can be achieved by using the suitable firewall type.

o The firewall itself is immune to penetration.

Access controls by Firewall

Service control: Determines the types of Internet services that can be accessed, inbound or

outbound.

o The firewall filters traffic on the basis of IP address and TCP port number.

o Direction control: Determines the direction in which particular service requests may

be initiated and allowed to flow through the firewall.

o User control: Controls access to a service according to which user is attempting to

access it.

o Behavior control: Controls how particular services are used. For example, the firewall

may filter e-mail to eliminate spam, or it may enable external access to only a portion

of the information on a local Web server.

Types of Firewalls

Three common types of firewalls are:

o Packet filters

o Application-level gateway

o Circuit-level gateway

Packet Filters

A packet-filtering router applies a set of rules to each incoming and outgoing IP packet and

then forwards or discards the packet.

The router is typically configured to filter packets going in both directions.

Filtering rules are based on information contained in a network packet like Source IP address,



Destination IP address etc.

The advantage of a packet-filtering router is its simplicity.

Packet filters are transparent to users and are very fast.

However, a packet filtering router has limitations like:

o Since packet filter firewalls do not examine upper-layer data, they cannot prevent

attacks that employ application-specific vulnerabilities or functions.

o Most packet filter firewalls do not support advanced user authentication schemes.

o Due to the small number of variables used in access control decisions, packet filter

firewalls are susceptible to security breaches caused by improper configurations.

Application-Level Gateway

An application-level gateway, also called a proxy server, acts as a relay (data transmitter) of

application-level.

The user contacts the gateway and the gateway asks the user for the name of the remote host

to be accessed.

When the user responds and provides a valid user ID and authentication information, the

gateway contacts the application on the remote host and relays TCP segments containing the

application data between the two endpoints.

Application-level gateways are more secure than packet filters.

A prime disadvantage of this type of gateway is the additional processing overhead on each

connection

Circuit-Level Gateway

A circuit-level gateway can be a stand-alone system or it can be a specialized function

performed by an application-level gateway for certain applications.

A circuit-level gateway does not permit an end-to-end TCP connection but sets up two TCP

connections, one between itself and a TCP user on an inner host and one between itself and a

TCP user on an outside host.

Once the two connections are established, the gateway typically relays TCP segments from one

connection to the other without examining the contents.

The security function consists of determining which connections will be allowed.

Q 1. What is E-Commerce? What are various features ... · o Online book store (e.g. amazon.com) o...

Documents

Transcript of Q 1. What is E-Commerce? What are various features ... · o Online book store (e.g. amazon.com) o...