Information and Network Security 10cs835 Question Bank and Solution
Uploaded by
AlamInformation and Network Security 10cs835 Question Bank and Solution
Uploaded by
AlamInformation and network Security 10CS835
QUESTION BANK and SOLUTION
UNIT1: Introduction to Information Security
1. What is security and explain multiple layers of security in an organization?(10 Marks)
(Dec 2012) (June 2013)(Dec 2013)(June 2014)
Management Controls
– Program Management
– System Security Plan
– Life Cycle Maintenance
– Risk Management
– Review of Security Controls
– Legal Compliance
Operational Controls
– Contingency Planning
– Security ETA
– Personnel Security
– Physical Security
– Production Inputs and Outputs
– Hardware & Software Systems Maintenance
– Data Integrity
Technical Controls
– Logical Access Controls
– Identification, Authentication, Authorization, and Accountability
– Audit Trails
– Asset Classification and Control
– Cryptography
Defense in Depth
• One of the basic tenets of security architectures is the implementation of security in layers.
• This layered approach is called Defense in Depth
• Defense in depth requires that the organization establishes sufficient security controls and
safeguards so that an intruder faces multiple layers of control.
Security Perimeter
• A perimeter is the boundary of an area. A security perimeter defines the edge between the
outer limit of an organizations security and the beginning of the outside world.
Dept. of CSE, SJBIT Page 1
Information and network Security 10CS835
• A security perimeter is the first level of security that protects all internal systems from
outside threats , as pictured in Dia 6.19
• Unfortunately, the perimeter does not protect against internal attacks from employee threats
or on-site physical threats.
FIREWALLS
• A Firewall is a device that selectively discriminates against information following into or
out of the organization.
• A Firewall is usually a computing device , or a specially condiaured computer that allows or
prevents information from entering or exiting the defined area based on a set of predefined
rules.
• Firewalls are usually placed on the security perimeter, just behind or as part of a gateway
router.
• While the gateway router is primarily designed to connect the organization‘s systems to the
outside world, it too can be used as the front-line defense against attacks as it can be
condiaured to allow only a few types of protocols to enter.
2. List critical characteristics of information and explain in brief any five of them. (10
marks) (Dec 2012) (June 2013) (8 marks) (Dec 2013) (Dec 2014)
Critical Characteristics Of Information The value of information comes from the
characteristics it possesses. .
Availability
Enables users who need to access information to do so without interference or obstruction
and in the required format. The information is said to be available to an authorized user when
and where needed and in the correct format.
Accuracy
Free from mistake or error and having the value that the end-user expects. If information
contains a value different from the user‘s expectations due to the intentional or unintentional
modification of its content, it is no longer accurate.
Authenticity
The quality or state of being genuine or original, rather than a reproduction or fabrication.
Information is authentic when it is the information that was originally created, placed, stored,
or transferred.
Confidentiality
The quality or state of preventing disclosure or exposure to unauthorized individuals or
systems.
Integrity
Dept. of CSE, SJBIT Page 2
Information and network Security 10CS835
The quality or state of being whole, complete, and uncorrupted. The integrity of information
is threatened when the information is exposed to corruption, damage, destruction, or other
disruption of its authentic state.
Utility
The quality or state of having value for some purpose or end. Information has value when it
serves a particular purpose. This means that if information is available, but not in a format
meaningful to the end-user, it is not useful.
3. What are the policies present in NSTISSC security model. (8 marks) (Dec 2012) (June
2013) (10 marks ) (Dec 2014)
The National Security Telecommunications and Information Systems Security Committee
(NSTISSC) was established by President Bush under National Security Directive 42 (NSD
42) entitled, "National Policy for the Security of National Security Telecommunications and
Information Systems," dated 5 July 1990. It reaffirms the Secretary of Defense as the
Executive Agent and the Director, National Security Agency as the National Manager for
National Security Telecommunications and Information Systems Security. In addition, the
Directive establishes the NSTISSC.
The NSTISSC provides a forum for the discussion of policy issues, sets national policy, and
promulgates direction, operational procedures, and guidance for the security of national
security systems through the NSTISSC Issuance System. National security systems contain
classified information or:
a. involves intelligence activities;
b. involves cryptographic activities related to national security;
c. involves command and control of military forces;
d. involves equipment that is an integral part of a weapon or weapons system(s); or
e. is critical to the direct fulfillment of military or intelligence missions (not including routine
administrative and business applications). • Plans for events of this type are referred to in a
number of ways:
– Business Continuity Plans (BCPs)
– Disaster Recovery Plans (DRPs)
– Incident Response Plans (IRPs)
– Contingency Plans
Contingency Planning (CP)
– Incident Response Planning (IRP)
– Disaster Recovery Planning (DRP)
– Business Continuity Planning (BCP)
• The primary functions of these three planning types:
– IRP focuses on immediate response, but if the attack escalates or is disastrous the process
changes to disaster recovery and BCP.
– DRP typically focuses on restoring systems after disasters occur, and as such is closely
associated with BCP.
Dept. of CSE, SJBIT Page 3
Information and network Security 10CS835
– BCP occurs concurrently with DRP when the damage is major or long term, requiring more
than simple restoration of information and information resources.
4. What are approaches to information security implementation? Explain. (top down and
bottom up approaches) (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
The implementation of information security in an organization must begin somewhere, and
cannot happen overnight. Securing information assets is in fact an incremental process that
requires coordination, time, and patience. Information security can begin as a grassroots
effort in which systems administrators attempt to improve the security of their systems.
This is often referred to as a bottom-up approach. The key advantage of the bottom-up
approach is the technical expertise of the individual administrators.Working with information
systems on a day-to-day basis, these administrators possess in-depth knowledge that can
greatly enhance the development of an information security system. They know and
understand the threats to their systems and the mechanisms needed to protect them
successfully. Unfortunately, this approach seldom works, as it lacks a number of critical
features, such as participant support and organizational staying power.
The top-down approach, in which the project is initiated by upper-level managers who issue
policy, procedures and processes, dictate the goals and expected outcomes, and determine
accountability for each required action, has a higher probability of success. This approach has
strong upper-management support, a dedicated champion, usually dedicated funding, a clear
planning and implementation process, and the means of influencing organizational culture.
The most successful kind of top-down approach also involves a formal development strategy
referred to as a systems development life cycle. For any organization-wide effort to succeed,
however, management must buy into and fully support it. The role played in this effort by the
champion cannot be overstated.
Typically, this champion is an executive, such as a chief information officer (CIO), or the
vice president of information technology (VP-IT), who moves the project forward, ensures
that it is properly managed, and pushes for acceptance throughout the organization. Without
this high-level support, many of the mid-level administrators fail to make time for the project
or dismiss it as a low priority.
Also critical to the success of this type of project is the involvement and support of the end
users. These individuals are most directly affected by the process and outcome of the project
and must be included in the information security process. Key end users should be assigned
to a developmental team, known as the joint application development team (JAD).
Dept. of CSE, SJBIT Page 4
Information and network Security 10CS835
5. Explain the Security System Development Life Cycle. (8 marks) (June 2014) (10
marks)(Dec 2015)
knowledge about SDLC is very important for anyone who wants to understand S-SDLC. The
Following are some of the major steps which are common throughout the SDLC process,
regardless of the organization. Here is a photo representation of a Sample Software
Development Life Cycle:
Requirements Gathering
A Software Requirement Specification or SRS is a document which records expected
behavior of the system or software which needs to be developed.
Design
Software design is the blueprint of the system, which once completed can be provided to
developers for code development. Based on the components in design, they are translated into
software modules/functions/libraries, etc… and these pieces together form a software system.
Coding
During this phase, the blueprint of the software is turned to reality by developing the source
code of the entire application. Time taken to complete the development depends on the size
of the application and number of programmers involved.
Testing
Once the application development is completed, it is tested for various issues like
functionality, performance, and so on. This is to ensure that the application is performing as
expected. If there are any issues, these issues are fixed before/after going to production
depending on the nature of issue and the urgency to go live for the application.
Deployment
Once the application is ready to go live, it is deployed on a production server in this phase. If
it is developed for a client, the deployment happens in a client premise or datacenter where
there client wants to get the application installed.
6. List and briefly explain Information Security Terminologies.(8 marks)( June 2013)(Dec
2013) (5 marks) (Dec 2014)
IDS Terminology
Alert or Alarm: An indication that a system has just been attacked and/or continues to be
under attack. IDSs create alerts of alarms to notify administrators that an attack is or was or
occurring and may have been successful.
Dept. of CSE, SJBIT Page 5
Information and network Security 10CS835
False Attack Stimulus: An event that triggers alarms and causes a false positive when no
actual attacks are in progress.
False Negative: The failure of an IDS system to react to an actual attack event. Of all failures,
this is the most grievous, for the very purpose of an IDS is to detect attacks.
False Positive: An alarm or alert that indicates that an attack is in progress or that an attack
has successfully occurred when in fact there was no such attack.
Noise: The ongoing activity from alarm events that are accurate and noteworthy but not
necessarily significant as potentially successful attacks.
Site Policy: The rules and condiauration guidelines governing the implementation and
operationof IDSs within the organization.
Site Policy Awareness: An IDSs ability to dynamically modify its site policies in reaction or
response to environmental activity.
True Attack Stimulus: An event that triggers alarms and causes an IDS to react as if a real
attack is in progress. The event may be an actual attack, in which an attacker is at work on a
system compromise attempt, or it may be a drill, in which security personnel are using hacker
tools to conduct tests of a network segment.
Confidence Value: A value associated with an IDS's ability to detect and identify an attack
correctly. The confidence value an organization places in the IDS is based on experience and
past performance measurements.
Alarm Filtering: The process of classifying the attack alerts that an IDS produces in order to
distinguish/sort false positives from actual attacks more efficiently.
Alarm Clustering : A consolidation of almost identical alarms into a single higher-level
alarm.
Alarm Compaction: Alarm clustering that is based on frequency, similarity in attack
signature, similarity in attack target, or other similarities.
Dept. of CSE, SJBIT Page 6
Information and network Security 10CS835
7. Enlist the salient features drawbacks of ISO17799/BS 7799 security model. (6
marks)(June 2013)(Dec 2013)(Dec 2014)
Security Supports the Mission of the Organization
• Failure to develop an information security system based on the organization‘s mission,
vision and culture guarantees the failure of the information security program.
Security is an Integral Element of Sound Management
• Effective management includes planning, organizing, leading, and controlling.
• Security enhances these areas by supporting the planning function when information
security policies provide input into the organization initiatives.
• Information security specifically supports the controlling function, as security controls
support sound management by means of the enforcement of both managerial and security
policies.
Security should be Cost-effective
• The costs of information security should be considered part of the cost of doing business,
much like the cost of computers, networks, and voice communications systems.
• These are not profit-generating areas of the organization and may not lead to competitive
advantages.
• Information security should justify its own costs.
• Security measures that do not justify cost benefit levels must have a strong business case
(such as a legal requirement) to warrant their use.
Systems owners have security responsibilities outside their own organizations
• Whenever systems store and use information from customers, patients, clients, partners, and
others, the security of this information becomes a serious responsibility for the owner of the
systems.
Security Responsibilities and Accountability Should Be Made Explicit:
• Policy documents should clearly identify the security responsibilities of users,
administrators, and managers.
• To be legally binding, this information must be documented, disseminated, read,
understood, and agreed to.
Dept. of CSE, SJBIT Page 7
Information and network Security 10CS835
Security Responsibilities and Accountability Should Be Made Explicit:
• Policy documents should clearly identify the security responsibilities of users,
administrators, and managers.
• To be legally binding, this information must be documented, disseminated, read,
understood, and agreed to.
• Ignorance of law is no excuse, but ignorance of policy is.
• Regarding the law, the organization should also detail the relevance of laws to issue specific
security policies.
• These details should be distributed to users, administrators, and managers to assist them in
complying with their responsibilities
8. Describe an EISP and its components. (10 marks)(Dec 2015) (10 Marks) (June 2015)
Enterprise Information Security Policy (EISP)
A security program policy (SPP) or EISP is also known as
– A general security policy
– IT security policy
– Information security policy
EISP
– The EISP is based on and directly supports the mission, vision, and direction of the organization
and Sets the strategic direction, scope, and tone for all security efforts within the organization
– The EISP is an executive-level document, usually drafted by or with, the Chief Information
Officer (CIO) of the organization and is usually 2 to 10 pages long.
- The EISP does not usually require continuous modification, unless there is a change in the strategic
direction of the organization.
– The EISP guides the development, implementation, and management of the security program. It
contains the requirements to be met by the information security blueprint or framework.
– It defines then purpose, scope, constraints, and applicability of the security program in the
organization.
– It also assigns responsibilities for the various areas of security, including systems administration,
maintenance of the information security policies, and the practices and responsibilities of the users.
– Finally, it addresses legal compliance.
– According to NIST, the EISP typically addresses compliance in two areas:
– General compliance to ensure meeting the requirements to establish a program and the
responsibilities assigned therein to various organizational components and
– The use of specified penalties and disciplinary action.
9. With a neat diagram, explain briefly the major steps in contingency planning. (10 Marks)
(June 2015)
The policy administrator must be clearly identified on the policy document as the primary point of
contact for additional information or for revision suggestions to the policy.
Schedule of Reviews
– Policies are effective only if they are periodically reviewed for currency and accuracy and
modified to reflect these changes.
Dept. of CSE, SJBIT Page 8
Information and network Security 10CS835
– Policies that are not kept current can become liabilities for the organization, as outdated rules are
enforced or not, and new requirements are ignored.
– Organization must demonstrate with due diligence, that it is actively trying to meet the
requirements of the market in which it operates.
– A properly organized schedule of reviews should be defined (at least annually) and published as
part of the document.
Review Procedures and Practices
– To facilitate policy reviews, the policy manager should implement a mechanism by which
individuals can comfortably make recommendations for revisions.
UNIT2: Planning for Security
1. Why shaping an information security policy is difficult?(3 marks)(Dec 2014)
(1) Failure To Explicitly Define Long-Term Implications: While keeping presentations about
proposed policies both short and to the point is certainly desirable, sometimes information
security specialists go overboard with this objective. They may then leave out the important
long-term implications of adopting a specific policy. Management may later be dismayed to
discover that these implications contradict, or are otherwise in conflict with, other
organizational objectives.
(2) Full Cost Analysis Not Employed: With the severe economic pressure that so many IT shops
are facing these days, it can be tempting to only request the first step in a long
implementation process. For example, next year‘s budget proposal, in support of a newly
adopted policy, may request only the purchase of new security software and training for
operations staff to use that same software.
(3) User Training & Acceptance Efforts Not Undertaken: Failure to convince those who will be
affected by a policy that the new policy is indeed in their best interests is most likely going to
be a serious problem. As much as those responsible for meeting a deadline might like to
autocratically dictate that such-and-such a policy will be adopted by everyone — period, this
approach sets up a resistance dynamic that will interfere with the consistent implementation
of a new policy.
(4) Discovery Of Unforeseen Implementation Conflicts: Failure to research the cultural, ethical,
economic, and operational implications of the policy implementation process is often a
problem. This is particularly serious in multi-national organizations where the local way of
doing things may be at great variance from a newly adopted policy.
(5) Communications Gap Between Technologists & Management: In many instances, the
information systems technical infrastructure is modified regularly to respond to new security
threats, to adjust new software so that it operates better, to accommodate a new business
partner, to improve user response time, etc.
2. What is policy? How it can and should be used? Explain. (5 marks) (Dec 2012) (June
2013) (10 marks ) (June 2014) (10 marks)(Dec 2015)
Information Security Policy, Standards, and Practices
Dept. of CSE, SJBIT Page 9
Information and network Security 10CS835
– Management from all communities of interest must consider policies as the basis for all
information security efforts like planning, design and deployment.
– Policies direct how issues should be addressed and technologies used – Policies do not
specify the proper operation of equipments or software-this information should be placed in
the standards, procedures and practices of user‘s manuals and systems documentation.
– Security policies are the least expensive control to execute, but the most difficult to
implement properly.
– Shaping policy is difficult because: _ Never conflict with laws _ Stand up in court, if
challenged _ Be properly administered through dissemination and documented acceptance.
Enterprise Information Security Policy (EISP)
A security program policy (SPP) or EISP is also known as
– A general security policy
– IT security policy
– Information security policy
3. With a block diagram, explain how policies, standards, practices, procedures and
guidelines are related.(7 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
– Three approaches:
_ Independent ISSP documents, each tailored to a specific issue.
_ A single comprehensive ISSP document covering all issues.
_ A modular ISSP document that unifies policy creation and administration, while
maintaining each specific issue‗s requirements.
The independent document approach to take when creating and managing ISSPs typically has
a scattershot effect. Each department responsible for a particular application of technology
creates a policy governing its use, management, and control. This approach to creating ISSPs
may fail to cover all of the necessary issues, and can lead to poor policy distribution,
management, and enforcement.
The single comprehensive policy approach is centrally managed and controlled. With formal
procedures for the management of ISSPs in place , the comprehensive policy approach
establishes guidelines for overall coverage of necessary issues and clearly identifies processes
for the dissemination, enforcement, and review of these guidelines.
Dept. of CSE, SJBIT Page 10
Information and network Security 10CS835
– Usually, these policies are developed by those responsible for managing the information
technology resources. The optimal balance between the independent and comprehensive ISSP
approaches is the modular approach.It is also certainly managed and controlled but tailored to
the individual technology issues.
– The modular approach provides a balance between issue orientation and policy
management. The policies created with this approach comprise individual modules, each
created and updated by individuals responsible for the issues addressed. These individuals
report to a central policy administration group that incorporates specific issues into an overall
comprehensive policy.
Systems-Specific Policy (SysSP)
While issue-specific policies are formalized as written documents, distributed to users, and
agreed to in writing, SysSPs are frequently codified as standards and procedures to be used
When condiauring or maintaining systems
Systems-specific policies fall into two groups:
– Access control lists (ACLs) consist of the access control lists, matrices, and capability
tables governing the rights and privileges of a particular user to a particular system.
_ An ACL is a list of access rights used by file storage systems, object brokers, or other
network communications devices to determine which individuals or groups may access an
object that it controls.(Object Brokers are system components that handle message requests
between the software components of a system )
4. Define security policy. Briefly discuss three types of security policies.(8 marks)( June
2013)(Dec 2013) (5 marks) (Dec 2014)
Issue-Specific Security Policy (ISSP)
– As various technologies and processes are implemented, certain guidelines are needed to
use them properly
– The ISSP:
– addresses specific areas of technology like
– Electronic mail
– Use of the Internet
– Specific minimum condiaurations of computers to defend against worms and viruses.
– Prohibitions against hacking or testing organization security controls.
Dept. of CSE, SJBIT Page 11
Information and network Security 10CS835
– Home use of company-owned computer equipment.
– Use of personal equipment on company networks
– Use of telecommunications technologies (FAX and Phone)
– Use of photocopy equipment.
Enterprise Information Security Policy (EISP)
A security program policy (SPP) or EISP is also known as
– A general security policy
– IT security policy
– Information security policy
5. Explain information security blueprint and its major components. (7 marks)(Dec 2014)
• Designing a plan for security begins by creating or validating a security blueprint
• Then use the blueprint to plan the tasks to be accomplished and the order in which to
proceed
• Setting priorities can follow the recommendations of published sources, or from published
standards provided by government agencies, or private consultants
Information Security Blueprints
One approach is to adapt or adopt a published model or framework for information security A
framework is the basic skeletal structure within which additional detailed planning of the
blueprint can be placed as it is developed of refined
Experience teaches us that what works well for one organization may not precisely fit another
This security blueprint is the basis for the design, selection, and implementation of all
security policies, education and training programs, and technological controls.
The security blueprint is a more detailed version of the security framework, which is an
outline of the overall information security strategy for the organization and the roadmap for
planned changes to the information security environment of the organization.
6. Briefly describe management, operational and technical controls and explain when each
would be applied as part of a security framework? (10 marks) (June 2013) (Dec 2013) (
5 marks) (Dec 2014)
Management Controls
– Risk Management
– Review of Security Controls
Dept. of CSE, SJBIT Page 12
Information and network Security 10CS835
– Life Cycle Maintenance
– Authorization of Processing (Certification and Accreditation)
– System Security Plan
Operational Controls
– Personnel Security
– Physical Security
– Production, Input / Output Controls
– Contingency Planning
– Hardware and Systems Software
– Data Integrity
– Documentation
– Security Awareness, Training, and Education
– Incident Response Capability
Technical Controls
– Identification and Authentication
– Logical Access Controls
– Audit Trails
• However, because people can directly access ring as well as the information at the core of
the model, the side of the sphere of protection that attempts to control access by relying on
people requires a different approach to security than the side that uses technology.
• The ―sphere of protection‖ overlays each of the levels of the ―sphere of use‖ with a layer of
security, protecting that layer from direct or indirect use through the next layer
• The people must become a layer of security, a ―human firewall‖ that protects the
information from unauthorized access and use.
• The members of the organization must become a safeguard, which is effectively trained,
implemented and maintained or else they too will represent a threat to the information.
7. Explain information security architecture. (7 marks)(Dec 2014)(10 marks) (June
2014)(Dec 2013)
Information security
architecture: Goals
Provide structure, coherence and cohesiveness.
Must enable business-to-security alignment.
Defined top-down beginning with business strategy.
Dept. of CSE, SJBIT Page 13
Information and network Security 10CS835
Ensure that all models and implementations can be traced back to the business
strategy, specific business requirements and key principles.
Provide abstraction so that complicating factors, such as geography and technology
religion, can be removed and reinstated at different levels of detail only when
required.
Establish a common "language" for information security within the
organization Methodology
The practice of enterprise information security architecture involves developing an
architecture security framework to describe a series of "current", "intermediate" and "target"
reference architectures and applying them to align programs of change. These frameworks
detail the organizations, roles, entities and relationships that exist or should exist to perform a
set of business processes. This framework will provide a rigorous taxonomy and ontology
that clearly identifies what processes a business performs and detailed information about how
those processes are executed and secured. The end product is a set of artifacts that describe in
varying degrees of detail exactly what and how a business operates and what security
controls are required. These artifacts are often graphical.
Given these descriptions, whose levels of detail will vary according to affordability and other
practical considerations, decision makers are provided the means to make informed decisions
about where to invest resources, where to realign organizational goals and processes, and
what policies and procedures will support core missions or business functions.
A strong enterprise information security architecture process helps to answer basic questions
like:
What is the information security risk posture of the organization?
Is the current architecture supporting and adding value to the security of the
organization?
How might a security architecture be modified so that it adds more value to the
organization?
Based on what we know about what the organization wants to accomplish in the
future, will the current security architecture support or hinder that?
8. Describe the major steps in Plan_do_check_act method of information security
management system.(10 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014) (10
marks)(Dec 2015)
PDCA (plan–do–check–act or plan–do–check–adjust) is an iterative four-step management
method used in business for the control and continuous improvement of processes and
products. It is also known as the Deming circle/cycle/wheel, Shewhart cycle, control
circle/cycle, or plan–do–study–act (PDSA). Another version of this PDCA cycle is OPDCA.
The added "O" stands for observation or as some versions say "Grasp the current condition."
This emphasis on observation and current condition has currency with Lean
manufacturing/Toyota Production System literature
PLAN
Establish the objectives and processes necessary to deliver results in accordance with the
expected output (the target or goals). By establishing output expectations, the completeness
Dept. of CSE, SJBIT Page 14
Information and network Security 10CS835
and accuracy of the spec is also a part of the targeted improvement. When possible start on a
small scale to test possible effects.
DO
Implement the plan, execute the process, make the product. Collect data for charting and
analysis in the following "CHECK" and "ACT" steps.
CHECK
Study the actual results (measured and collected in "DO" above) and compare against the
expected results (targets or goals from the "PLAN") to ascertain any differences. Look for
deviation in implementation from the plan and also look for the appropriateness and
completeness of the plan to enable the execution, i.e., "Do". Charting data can make this
much easier to see trends over several PDCA cycles and in order to convert the collected data
into information. Information is what you need for the next step "ACT".
ACT
Request corrective actions on significant differences between actual and planned results.
Analyze the differences to determine their root causes. Determine where to apply changes
that will include improvement of the process or product. When a pass through these four
steps does not result in the need to improve, the scope to which PDCA is applied may be
refined to plan and improve with more detail in the next iteration of the cycle, or attention
needs to be placed in a different stage of the process.
9. Illustrate with diagram how information is under attack from variety of sources with
reference to the spheres of security. (10 marks) (Dec 2012) (June 2013) (8 marks) (Dec
2013) (Dec 2014)
The Sphere of Security
• The sphere of security (Dia 6.16) is the foundations of the security framework.
• The spheres of security illustrate how information is under attack from a variety of sources.
• The sphere of use illustrates the ways in which people access information; for example,
people read hard copies of documents and can also access information through systems.
• Information, as the most important asset in the model is at the center of the sphere.
• Information is always at risk from attacks through the people and computer systems that
have access to the information.
Dept. of CSE, SJBIT Page 15
Information and network Security 10CS835
• Networks and Internet represent indirect threats, as exemplified by the fact that a person
attempting to access information from the Internet must first go through the local networks
and then access systems that contain the information.
Sphere of Use
• Generally speaking, the concept of the sphere is to represent the 360 degrees of security
necessary to protect information at all times
• The first component is the ―sphere of use‖
• Information, at the core of the sphere, is available for access by members of the
organization and other computer-based systems:
– To gain access to the computer systems, one must either directly access the computer
systems or go through a network connection
– To gain access to the network, one must either directly access the network or go through an
Internet connection.
The Sphere of Protection
• Dia illustrates that between each layer of the sphere of use there must exist a layer of
protection to prevent access to the inner layer from the outer layer.
• Each shaded band is a layer of protection and control.
• For example, the items labeled ― Policy & law‖ and ―Education & Training‖ are located
between people and the information.
• Controls are also implemented between systems and the information, between networks and
the computer systems, and between the Internet and Internal networks.
10. Explain the implementation of Virtual Private Networks (VPN) in different method (10
marks) (June 2015)
The VPNC defines three VPN technologies: trusted VPNs, secure VPNs, and hybrid VPNs A trusted
VPN, also known as legacy VPN, uses leased circuits from a service provider and conducts packet
switching over these leased circuits . The organization must trust the service provider, who provides
contractual assurance that no one else is allowed to use these circuits and that the circuits are properly
maintained and protectedhence the name trusted VPN. Secure VPNs use security protocols and encrypt
traffic transmitted across unsecured public networks like the internet . A hybrid VPN combines the two
providing encrypted transmissions (as in secure VPN ) over some or all of a trusted VPN network.
A VPN that proposes to offer a secure and reliable capability while relying on public networks must
accomplish the following, regardless of the specific technologies and protocols being used:
Encapsulating of incoming and outgoing data, wherein the native protocol of the client is embedded
Dept. of CSE, SJBIT Page 16
Information and network Security 10CS835
within the frames of a protocol that can be routed over the public network as well as be usable by
the server network environment.
-Encryption of incoming and outgoing data to keep the data contents private while in transit over the
public network but usable by the client and server computers and/or the local networks on both ends of
the VPN connection.
-Authentication of the remote computer and, perhaps, the remote user as well.
-Authentication and the subsequent authorization of the user to perform specific options are
predicated on accurate and reliable identification of the remote system and/or user. In the most
common implementation, a VPN allows a user to turn the Internet in private network. As you know,
the Internet is anything but private.
UNIT 3: Security Technology
1. Define and identify the various types of firewalls. (10 marks) (Dec 2012) (June 2013) (8
marks) (Dec 2013) (Dec 2014)
• A Firewall is a device that selectively discriminates against information following into or
out of the organization.
• A Firewall is usually a computing device , or a specially condiaured computer that allows or
prevents information from entering or exiting the defined area based on a set of predefined
rules.
Dept. of CSE, SJBIT Page 17
Information and network Security 10CS835
• Firewalls are usually placed on the security perimeter, just behind or as part of a gateway
router.
• While the gateway router is primarily designed to connect the organization‘s systems to the
outside world, it too can be used as the front-line defense against attacks as it can be
condiaured to allow only a few types of protocols to enter.
• There are a number of types of firewalls, which are usually classified by the level of
information they can filter.
• Firewalls can be packet filtering , stateful packet filtering, proxy or application level.
• A firewall can be a single device or a firewall subnet, which consists of multiple firewalls
creating a buffer between the outside and inside networks.
• Thus, firewalls can be used to create to security perimeters like the one shown in Dia. 6.19
DMZs
• A buffer against outside attacks is frequently referred to as a Demilitarized Zone (DMZ).
• The DMZ is a no-mans land between the inside and outside networks; it is also where some
organizations place web servers .
• These servers provide access to organizational web pages, without allowing web requests to
enter the interior networks.
Proxy Servers
• An alternative approach to the strategies of using a firewall subnet or a DMZ is to use a
proxy server, or proxy firewall.
• A proxy server performs actions on behalf of another system
• When deployed, a proxy server is condiaured to look like a web server and is assigned the
domain name that users would be expecting to find for the system and its services.
• When an outside client requests a particular web page, the proxy server receives the
requests as if it were the subject of the request, then asks for the same information from the
true web server (acting as a proxy for the requestor), and then responds tot eh request as a
proxy for the true web server.
• This gives requestors the response they need without allowing them to gain direct access to
the internal and more sensitive server.
• The proxy server may be hardened and become a bastion host placed in the public area of
the network or it might be placed within the firewall subnet or the DMZ for added protection.
• For more frequently accessed web pages, proxy servers can cache or temporarily store the
page, and thus are sometimes called cache servers.
Dept. of CSE, SJBIT Page 18
Information and network Security 10CS835
• Dia 6.20 shows a representative example of a condiauration using a proxy .
2. Describe how the various types of firewalls interact with the network traffic at various
levels of the OSI model. (7 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
Firewalls fall into four broad categories: packet filters, circuit level gateways, application
level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of
TCP/IP. They are usually part of a router. A router is a device that receives packets from one
network and forwards them to another network. In a packet filtering firewall each packet is
compared to a set of criteria before it is forwarded. Depending on the packet and the criteria,
the firewall can drop the packet, forward it or send a message to the originator. Rules can
include source and destination IP address, source and destination port number and protocol
used. The advantage of packet filtering firewalls is their low cost and low impact on network
performance. Most routers support packet filtering. Even if other firewalls are used,
implementing packet filtering at the router level affords an initial degree of security at a low
network layer. This type of firewall only works at the network layer however and does not
support sophisticated rule based models (see Figure 5). Network Address Translation (NAT)
routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of
computers behind the firewall, and offer a level of circuit-based filtering.
3. Identify and describe the two categories of intrusion detection systems. (10 marks)
(June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
Intrusion Detection Systems (IDSs)
• In an effort to detect unauthorized activity within the inner network or an individual
machines, an organization may wish to implement Intrusion Detection Systems (IDSs) • IDSs
come in TWO versions, with Hybrids possible.
Host Based IDS
• Host based IDSs are usually installed on the machines they protect to monitor the status of
various files stored on those machines.
• The IDS learns the condiauration of the system , assigns priorities to various files depending
on their value, and can then alert the administrator of suspicious activity.
Network Based IDS
• Network based IDSs look at patterns of network traffic and attempt to detect unusual
activity based on previous baselines.
Dept. of CSE, SJBIT Page 19
Information and network Security 10CS835
• This could include packets coming into the organization‘s networks with addresses from
machines already within the organization(IP Spoofing).
• It could also include high volumes of traffic going to outside addresses(As in a Denial of
Service Attack)
• Both Host and Network based IDSs require a database of previous activity.
• In the case of host based IDSs, the system can create a database of file attributes, as well as
maintain a catalog of common attack signatures.
• Network-based IDSs can use a similar catalog of common attack signatures and develop
databases of ― normal ― activity for comparison with future activity.
• IDSs can be used together for the maximum level of security for a particular network and
set of systems.
4. According to the NIST’s documentation on industry best practices, what are the six
reasons to acquire and use IDS? Explain(7 marks) (Dec 2012) (June 2013) (10 marks )
(June 2014) (10 marks)(Dec 2015)
Why Use an IDS?
According to the NIST's documentation on industry best practices, there are several
compelling reasons to acquire and use an IDS:
1. To prevent problem behaviors by increasing the perceived risk of discovery and
punishment for those who would attack or otherwise abuse the system
2. To detect attacks and other security violations that are not prevented by other security
measures
3. To detect and deal with the preambles to attacks (commonly experienced as network
probes and other 'doorknob rattling' activities)
4. To document the existing threat to an organization.
5. To act as quality control for security design and administration, especially of large and
complex enterprises.
6. To provide useful information about intrusions that do take place, allowing improved
diagnosis, recovery, and correction of causative factors.
5. Explain the features of NIDS. List merits and demerits of the same. (3 marks)(Dec 2014)
.(7 marks) (Dec 2012) (June 2013)
Network-Based IDS
A network-based IDS (NIDS) resides on a computer or appliance connected to a segment of
an organization's network and monitors network traffic on that network segment, looking for
Dept. of CSE, SJBIT Page 20
Information and network Security 10CS835
indications of ongoing or successful attacks. When a situation occurs that the NIDS is
programmed to recognize as an attack, it responds by sending notifications to administrators.
When examining the packets "transmitted through an organization's networks, a NIDS looks
for attack patterns within network traffic such as large collections of related items that are of
a certain type, which could indicate that a denial-of service attack is underway, or the
exchange of a series of related packets in a certain pattern, which could indicate that a port
scan is in progress. A NIDS can detect many more types of attacks than a host-based IDS, but
to do so, it requires a much more complex condiauration and maintenance program. A NIDS
is installed at a specific place in the network (such as on the inside of an edge router) from
where it is possible to watch the traffic going into and out of a particular network segment
The NIDS can be deployed to watch a specific grouping of host computers on a specific
network segment, or it may be installed to monitor all traffic between the systems that make
up an entire network. When placed next to a hub, switch, or other key networking device, the
NIDS may use
that device's monitoring port. The monitoring port, also known as a switched port analysis
(SPAN) port or mirror port, is a specially condiaured connection on a network device that is
capable of viewing all of the traffic that moves through the entire device. In the early '90s,
before switches became the popular choice for connecting networks in a shared-collision
domain, hubs were used. Hubs received traffic from one node, and retransmitted it to all other
nodes. This condiauration allowed any device connected to the hub to monitor all traffic
passing through the hub. Unfortunately, it also represented a security risk, since anyone
connected to the hub could monitor all the traffic that moved through that network segment.
More recently, switches have been deployed on most networks, and they, unlike hubs, create
dedicated point-to-point links between their ports. These links create a higher level of
transmission security and privacy, and effectively prevent anyone from being able to capture,
and thus eavesdrop on, the traffic passing through the switch. Unfortunately, however, this
ability to capture the traffic is necessary for the use of an IDS. Thus, monitoring ports are
required. These connections enable network administrators to collect traffic from across the
network for analysis by the IDS as well as for occasional use in diagnosing network faults
and measuring network performance. Diaure 7-2 shows a sample screen from Demark Pure
Secure (see www.demarc.com) displaying events generated by the Snort Network IDS
Engine (see www.snort.org).
Dept. of CSE, SJBIT Page 21
Information and network Security 10CS835
6. Explain the features of HIDS. List merits and demerits of the same. (3 marks)(Dec 2014)
.(7 marks) (Dec 2012) (June 2013) (07 marks)(Dec 2015)
Host-Based IDS
A host-based IDS (HIDS) works differently from a network-based version of IDS. While a
network-based IDS resides on a network segment and monitors activities across that segment,
a host-based IDS resides on a particular computer or server, known as the host, and monitors
activity only on that system. HIDSs are also known as system integrity verifiers5 as they
benchmark and monitor the status of key system files and detect when an intruder creates,
modifies, or deletes monitored files. A HIDS is also capable of monitoring system
condiauration databases, such as Windows registries, in addition to stored condiauration files
like .ini, .cfg, and .dat files. Most HIDSs work on the principle of condiauration or change
management, which means they record the sizes, locations, and other attributes of system
files. The HIDS then triggers an alert when one of the following changes occurs: file
attributes change, new files are created, or existing files are deleted. A HIDS can also monitor
systems logs for predefined events. The HIDS examines these files and logs to determine if
an attack s Underway or has occurred, and if the attack is succeeding or was successful. The
HIDS will maintain its own log file so that even when hackers successfully modify files on
the target system to cover their tracks, the HIDS can provide an independent audit trail of the
attack. Once properly condiaured, a HIDS is very reliable. The only time a HIDS produces a
false positive alert is when an authorized change occurs for a monitored file. This action can
be quickly reviewed by an administrator and dismissed as acceptable. The administrator ma y
choose then to disregard subsequent changes to the same set of files. If properly condiaured, a
HIDS can also detect when an individual user attempts to modify or exceed his or her access
authorization and give him or herself higher privileges. A HIDS has an advantage over NIDS
in that it can usually be installed in such a way that it can access information that is encrypted
when traveling over the network. For this reason, a HIDS is able to use the content of
otherwise encrypted communications to make decisions about possible or successful attacks.
Since the HIDS has a mission to detect intrusion activity on one computer system, all the
traffic it needs to make that decision is coming to the system where the HIDS is running. The
nature of the network packet delivery, whether switched or in a shared-collision
domain, is not a factor.
A HIDS relies on the classification of files into various categories and then applies various
notification actions, depending on the rules in the HIDS condiauration. Most HIDSs provide
only a few general levels of alert notification. For example, an administrator can condiaure a
HIDS to treat the following types of changes as reportable security events: changes in a
Dept. of CSE, SJBIT Page 22
Information and network Security 10CS835
system folder (e.g., in C:\Windows or C:\WINNT); and changes within a security-related
application (such as C:\TripWire). In other words, administrators can condiaure the system to
alert on any changes within a critical data folder. The condiauration rules may classify
changes to a specific application folder (e.g., C:\Program Files\Office) as being normal, and
hence unreportable. Administrators can condiaure the system to log all activity but to page
them or e-mail them only if a reportable security event occurs. Although this change-based
system seems simplistic, it seems to suit most administrators, who, in general, become
concerned only if unauthorized changes occur in specific and sensitive areas of the host file
system. Applications frequently modity their internal files, such as dictionaries and
condiauration templates, and users are constantly updating their data files. Unless a HIDS is
very specifically condiaured, these actions can generate a large volume of false alarms.
Managed HIDSs can monitor multiple computers simultaneously. They do this by creating a
condiauration fiJe on each monitored host and by making each HIDS report back to a master
console system, which is usually located on the system administrator's computer. This master
console monitors the information provided from the managed hosts and notifies the
administrator when it senseS recognizable attack conditions.
7. Discuss scanning, analysis tools, and content filters. (10 marks) (Dec 2012) (June2013) (8
marks) (Dec 2013) (Dec 2014)
Scanning and Analysis Tools
In order to secure a network, it is imperative that someone in the organization knows exactly
where the network needs securing. This may sound like a simple and intuitive statement;
however, many companies skip this step. They install a simple perimeter firewall, and then,
lulled into a sense of security by this single layer of defense, they rest on their laurels. To
truly assess the risk within a computing environment, one must deploy technical controls
using a strategy of defense in depth. A strategy based on the concept of defense in depth is
likely to include intrusion detection systems (IDS), active vulnerability scanners, passive
vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred
to as sniffers). As you've learned, the first item in this list, the IDS, helps to secure networks
by detecting intrusions; the remaining items in the list also help secure networks, but they do
this by helping administrators identify where the network needs securing. More specifically,
scanner and analysis tools can find vulnerabilities in systems, holes in security components,
and unsecured aspects of the network. Although some information security experts may not
perceive. them as defensive tools, scanners, sniffers, and other such vulnerability analysis
tools can be invaluable to security administrators because they enable administrators to see
what the attacker sees. Some of these tools are extremely complex and others are rather
simple. The tools can also range from being expensive commercial products to those that are
freely available at no cost. Many of the best scanning and analysis tools .are those that the
attacker community has developed, and are available free on the Web. Good administrators
should have several hacking Web sites' bookmarked and should try to keep up with chat room
discussions on new vulnerabilities, recent conquests, and favorite assault techniques. There is
nothing wrong with a security administrator using the tools that potential attackers use in
order to examine his or her defenses and find areas that require additional attention. In the
military, there is a long and distinguished history of generals inspecting the troops under their
Dept. of CSE, SJBIT Page 23
Information and network Security 10CS835
command before battle, walking down the line checking out the equipment and mental
preparedness of each soldier. In a similar way, the security administrator can use
vulnerability analysis tools to inspect the units (host computers and network devices) under
his or her command. A word of caution, though, should be heeded: many of these scanning
and analysis tools have distinct signatures, and Some Internet service providers (ISPs) scan
for these signatures. If the ISP discovers someone using hacker tools, it can pull that person's
access privileges. As such, it is probably best for administrators first to establish a working
relationship with their ISPs and notify the ISP of their plans.
8. Discuss the process of encryption and define key terms. (10 marks) (Dec 2014)
Basic Encryption Definitions
To understand the fundamentals of cryptography, you must become familiar with the
following definitions:
-Algorithm: The programmatic steps used to convert an unencrypted message into an
encrypted sequence of bits that represent the message; sometimes used as a reference to the
programs that enable the cryptographic processes
-Cipher or cryptosystem: An encryption method or process encompassing the algorithm,
key(s) or cryptovariable(s), and procedures used to perform encryption and decryption -
Ciphertext or cryptogram: The unintelligible encrypted or encoded message resulting from an
encryption
-Code: The process of converting components (words or phrases) of an unencrypted message
into encrypted components
-Decipher: To decrypt or convert ciphertext into the equivalent plaintext
-Encipher: To encrypt or convert plaintext into the equivalent ciphertext
-Key or cryptovariable: The information used in conjunction with an algorithm to create the
ciphertext from the plaintext or derive the plaintext from the ciphertext; the key can be a
series of bits used by a computer program, or it can be a passphrase used by humans that is
then converted into a series of bits for use in the computer program
-Keyspace: The entire range of values that can possibly be used to construct an individual key
-Link encryption: A series of encryptions and decryptions between a number of
systems,wherein each system in a network decrypts the message sent to it and then reencrypts
it using different keys and sends it to the next neighbor, and this process continues until the
message reaches the final destination
-Plaintext or cleartext: The original unencrypted message that is encrypted; also the name
given to the results of a message that has been successfully decrypted
Dept. of CSE, SJBIT Page 24
Information and network Security 10CS835
-Steganography: The process of hiding messages-for example, messages can be hidden
within the digital encoding of a picture or graphic
-Work factor: The amount of effort (usually in hours) required to perform cryptanalysis on an
encoded message so that it may be decrypted when the key or algorithm (or both) are
unknown
Cipher Methods
A plaintext can be encrypted through one of two methods, the bit stream method or the block
cipher method. With the bit stream method, each bit in the plaintext is transformed into a
cipher bit one bit at a time. In the case of the block cipher method, the message is divided
into blocks, for example, sets of 8-,16-,32-, or 64-bit blocks, and then each block of plaintext
bits is transformed into an encrypted block of cipher bits using an algorithm and a key. Bit
stream methods most commonly use algorithm functions like the exclusive OR operation
(XOR), whereas block methods can use substitution, transposition, XOR, or some
combination of these operations, as described in the following sections. As you read on, you
should note that most encryption methods using computer systems will operate on data at the
level of its binary digits (bits), but SOme operations may operate at the byte or character
level.
UNIT 4: Cryptography
1. What are the fundamental differences between symmetric and asymmetric encryption.
(6 marks) (June 2013)(Dec 2013) (10 marks)(Dec 2015)
Symmetric Encryption
Symmetric encryption is the oldest and best-known technique. A secret key, which can be a
number, a word, or just a string of random letters, is applied to the text of a message to
change the content in a particular way. This might be as simple as shifting each letter by a
number of places in the alphabet. As long as both sender and recipient know the secret key,
they can encrypt and decrypt all messages that use this key.
Asymmetric Encryption
The problem with secret keys is exchanging them over the Internet or a large network while
preventing them from falling into the wrong hands. Anyone who knows the secret key can
decrypt the message. One answer is asymmetric encryption, in which there are two related
keys--a key pair. A public key is made freely available to anyone who might want to send
you a message. A second, private key is kept secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted by using the public key can
Dept. of CSE, SJBIT Page 25
Information and network Security 10CS835
only be decrypted by applying the same algorithm, but by using the matching private key.
Any message that is encrypted by using the private key can only be decrypted by using the
matching public key.
This means that you do not have to worry about passing public keys over the Internet (the
keys are supposed to be public). A problem with asymmetric encryption, however, is that it is
slower than symmetric encryption. It requires far more processing power to both encrypt and
decrypt the content of the message.
2. Explain the different categories of attackers on the cryptosystem.(8 marks)( June
2013)(Dec 2013) (5 marks) (Dec 2014)
Attacks on Cryptosystems
Historically, attempts to gain unauthorized access to secure communications have used brute
force attacks in which the ciphertext is repeatedly searched for clues that can lead to the
algorithm's structure. These attacks are known as ciphertext attacks, and involve a hacker
searching for a common text structure, wording, or syntax in the encrypted message that can
enable him or her to calculate the number of each type of letter used in the message. This
process, known as frequency analysis, can be used along with published frequency of
occurrence patterns of various languages and can allow an experienced attacker to crack
almost any code quickly if the individual has a large enough sample of the encoded text. To
protect against this, modern algorithms attempt to remove the repetitive and predictable
sequences of characters from the cirhertext.
Occasionally, an attacker may obtain dup icate texts, one in ciphertext and one in plaintext,
which enable the individual to reverse-engineer the encryption algorithm in a known-
plaintext attack scheme. Alternatively, attackers may conduct a selected- plaintext attack by
sending potential victims a specific text that they are sure the victims will forward on to
others. When the victim does encrypt and forward the message, it can be used in the attack if
the attacker can acquire the outgoing encrypted version. At the very least, reverse engineering
can usually lead the attacker to discover the cryptosystem that is being employed. Most
publicly available encryption methods are generally released to the information and computer
security communities for testing of the encryption algorithm's resistance to cracking. In
addition, attackers are kept informed of which methods of attack have failed. Although the
purpose of sharing this information is to develop a more secure algorithm, it has the danger of
keeping attackers from wasting their time--that is, freeing them up to find new weaknesses in
the cryptosystem or new, more challenging means of obtaining encryption keys.
Dept. of CSE, SJBIT Page 26
Information and network Security 10CS835
In general, attacks n cryptosystems fall into four general categories: man-in-the-middle,
correlation, dictionary, and timing. Although many of these attacks were discussed in Chapter
2, they are reiterated here in the context of cryptosystems and their impact on these systems
3. Define the following terms i) algorithm ii) Key iii) Plaintext iv) steganography v) Work
factor vi) key space. (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
Basic Encryption Definitions
To understand the fundamentals of cryptography, you must become familiar with the
following definitions:
-Algorithm: The programmatic steps used to convert an unencrypted message into an
encrypted sequence of bits that represent the message; sometimes used as a reference to the
programs that enable the cryptographic processes
-Cipher or cryptosystem: An encryption method or process encompassing the algorithm,
key(s) or cryptovariable(s), and procedures used to perform encryption and decryption -
Ciphertext or cryptogram: The unintelligible encrypted or encoded message resulting from an
encryption
-Code: The process of converting components (words or phrases) of an unencrypted message
into encrypted components
-Decipher: To decrypt or convert ciphertext into the equivalent plaintext
-Encipher: To encrypt or convert plaintext into the equivalent ciphertext
-Key or cryptovariable: The information used in conjunction with an algorithm to create the
ciphertext from the plaintext or derive the plaintext from the ciphertext; the key can be a
series of bits used by a computer program, or it can be a passphrase used by humans that is
then converted into a series of bits for use in the computer program
-Keyspace: The entire range of values that can possibly be used to construct an individual key
-Link encryption: A series of encryptions and decryptions between a number of
systems,wherein each system in a network decrypts the message sent to it and then reencrypts
it using different keys and sends it to the next neighbor, and this process continues until the
message reaches the final destination
-Plaintext or cleartext: The original unencrypted message that is encrypted; also the name
given to the results of a message that has been successfully decrypted
-Steganography: The process of hiding messages-for example, messages can be hidden
within the digital encoding of a picture or graphic
Dept. of CSE, SJBIT Page 27
Information and network Security 10CS835
-Work factor: The amount of effort (usually in hours) required to perform cryptanalysis on an
encoded message so that it may be decrypted when the key or algorithm (or both) are
unknown
4. Describe the terms: authentication, integrity, privacy, authorization and non-
repudiation. (5 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
1. AUTHENTICATION: The assurance that the communicating entity is the one that it
Introduction to Network Security, Authentication Applications, claims to be.
_ Peer Entity Authentication: Used in association with a logical connection to provide
confidence in the identity of the entities connected.
_ Data Origin Authentication: In a connectionless transfer, provides assurance that the source
of received data is as claimed.
2. ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and what
those accessing the resource are allowed to do).
3. DATA CONFIDENTIALITY: The protection of data from unauthorized disclosure. _
Connection Confidentiality: The protection of all user data on a connection. _ Connectionless
Confidentiality: The protection of all user data in a single data block _ Selective-Field
Confidentiality: The confidentiality of selected fields within the user Data on a connection or
in a single data block. _ Traffic Flow Confidentiality: The protection of the information that
might be
Derived from observation of traffic flows.
4. DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay).
5. Discuss the “man-in-the-middle’ attack. ?(7 marks) (June 2013)(Dec 2013)(10
marks)(Dec 2014)
Man-in-the-Middle Attack
A man-in-the-middle attack, as discussed in Chapter 2, is designed to intercept the
transmission of a public key or even to insert a known key structure in place of the requested
public key. Thus, attackers attempt to place themselves between the sender and receiver, and
once they've intercepted the request for key exchanges, they send each participant a valid
public key, which is known only to them. From the perspective of the victims of such attacks,
their encrypted communication appears to be occurring normally, but in fact the attacker is
receiving each encrypted message and decoding it (with the key given to the sending party),
and then encrypting and sending it to the originally intended recipient. Establishment of
public keys with digital signatures can prevent the traditional man-in-the-middle attack, as
the attacker cannot duplicate the signatures.
Dept. of CSE, SJBIT Page 28
Information and network Security 10CS835
6. Explain Vernam Ciphere with an example. (10 marks)(Dec 2015) (10 Marks) (June 2015)
Also known as the one-time pad, the Vernam dpher, which was developed at AT&T, uses a set of characters
only one time for each encryption process (hence, the name one-time pad). The pad in the name comes from-
the days of manual encryption and decryption when the key values for each ciphering session were prepared
by hand and bound into an easy-to-use form-i.e., a pad of paper. To peiform the Yernam cipher encryption
operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted.
So, each character of the plaintext is turned into a number and a pad value for that position is added to it. The
resulting sum for that character is then converted back to a ciphertext letter for transmission. If the sum of the.
Two values exceeds 26, then 26 is subtracted from the total (Note that the process of keeping a computed
number within a specific range is called a modulo; thus, requiring that all numbers be in the range 1-26 is
referred to as Modulo 26. In Modulo 26, if a number is larger than 26, then 26 is repeatedly subtracted from it
until the number is in the proper range.) To examine the Yernam cipher and its use of modulo, consider the
following example, which uses the familiar "SACK GAUL SPARE NO ONE" as plaintext. In the first step of
this encryption process, the letter "S" will be converted into the number 19 (because it is the 19th letter of the
alphabet), and the same conversion will be applied to the rest of the letters of the
Plain ext message, as shown below.
Plain Text: S A C K G A U L S P A R E N O O N E
Plain Text Value: 19 01 03 11 07 01 21 12 19 16 01 18 05 14 15 15 14 05
One-Time Pad text: F P Q R N S B I E H T Z L A C D G J
One-Time Pad
Value:
06 16 17 18 14 19 02 09 05 08 20 26 12 01 03 04 07 10
Sum of Plaintext and 25 17 20 29 21 20 23 21 24 24 21 44 17 15 18 19 21 15
Pad: After Modulo Substraction:
03 18
Ciphertext: Y Q P C U T W U X X U R Q O R S U O
Rows three and four in the example above show, respectively, the one-time pad textthat was chosen for this
encryption and the one time pad value. As you can see, the padvalue is, like the plaintext value, derived by
considering the position of each pad text letter in the alphabet, thus the pad text letter "F" is assigned the
position number of 06. This conversion process is repeated for the entire one-time pad text. Next, the plaintext
value and the one time pad value are added together-the first suchsum is 25. Since 25 is in the range of 1 to
26, no Modulo- 26 subtraction is required. The sum remains 25, and yields the cipher text "Y'; as shown
above. Skipping ahead to the fourth character of theplaintext, "K'; we find that the plaintext value for it is 11.
The pad text is "R" and the padvalue is 18. Adding 11 and 18 will result in a sum of 29. Since 29 is larger
than 26, 26 isSubtracted from it, which yields the value 3. The cipher text for this plaintext character will then
be the third letter of the alphabet, "C‖ Decryption of any cipher text generated from a one-time pad will
require either knowledge of th pad values or theuse of elaborate and (the encrypting party hopes)very difficult
cryptanalysis. Using the pad values and the cipher text, the decryption process would happen as follows; "Y"
becomes the number 25 from which we subtract the pad value for the first letter of the message, 06. This
yields a value of 19, or the letter ―S‖. This pattern continuous until the fourth letter of the cipher text where
the cipher text letter is ―c‖ and the pad value is 18. Subtracting 18 from 3 will give a difference of negative
15. Since modulo-26 is employed, it requires that all numbers are in the range of that fourth letter of the
message is ―K‖.
Dept. of CSE, SJBIT Page 29
Information and network Security 10CS835
7. Discuss the tools that are used in cryprography. (10 Marks) (June 2015)
Digital signatures
Digital signatures were created in response to the rising need to verify information transferred using
electronic system. Currently, asymmetric encryption processes are used to create digital signatures.
When an asymmetric cryptographic process uses the sender;s private key to encrypt a message, the
sender‘s public key must be used to decrypt the message –when the decryption happens successfully,
it provides verification that the message was sent by the sender and cannot be refued.This process is
known as nonrepudiation and is the principle of cryptography that gives credence to the
authentication
mechanism collectively kn wn as a digital signature. Digital signatures are, therefore, encrypted
messages that can be mathematically proven to be authentic. The management of digital
signatures has been built into most web browsers . As an example, the Internet Explorer digital
management screen is shown in Diaure 8-5.
Digital Certificates
Digital certificates are electronic documents that can be part of a process of identification associated
with the presentation of a public key. Unlike digital signatures, which help authenticate the origin of
a message, digital certificates authenticate the cryptographic key that is embedded in the certificate.
When used properly these certificates enable diligent users to verify the authenticity of any
organization's certificates. This is much like what happens when the Federal Deposit Insurance
Corporation issues its "FDIC" logo to banks to help assure bank customers that their bank is
authentic. Different client-server applications use different types of digital certificates to accomplish
their assigned functions:
-The CA application suite issues and uses certificates that identify and establish a trust relationship
with a CA to determine what additional certificates can be authenticated. -Mail applications use
Secure/Multipurpose Internet Mail Extension (S/MIME) certificates for signing and encrypting e-
mail as well as for signing forms.
-Development applications use object-signing certificates to identify signers of objectoriented code
and scripts.
-Web servers and Web application servers use Secure Socket Layer (SSL) certificates to authenticate
servers via the SSL protocol (which is described in an upcoming section) in order to establish an
encrypted SSL session.
-Web clients use client SSL certificates to authenticate users, sign forms, and participate in single
sign-on solutions via SSL.
Two popular certificate types in use today are those created using Pretty Good Privacy (PGP) and
those created using applications that conform to International Telecommunication Union's (ITU-T)
x.509 version 3. You should know that X.S09 v3, whose structure is outlined in Table 8- 8, is an
ITU-T recommendation that essentially defines a directory service that maintains a database (also
known as a repository) of information about a group of users holding X.SOY v3 certificates. An
X.S09 v3 certificate binds a distinguished name (DN), which uniquely identifies a certificate entity,
to a user's public key. The certificate is signed and placed in the directory by the CA for retrieval and
verification by the user's associated public key. X.S09 v3 does not specify an encryption algorithm;
however, RSA with its hashed digital signature is recommended.
Dept. of CSE, SJBIT Page 30
Information and network Security 10CS835
UNIT 5 : Authentication Applications
1. Discuss active security attacks.(10 marks)(Dec 2012)(7 marks)( Dec2013)
Security Attacks:
Security attacks, used both in X.800 and RFC 2828, are classified as passive attacks and
active attacks.
A passive attack attempts to learn or make use of information from the system but does not
affect system resources.
An active attack attempts to alter system resources or affect their operation. Passive attacks
are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are
release of message contents and traffic analysis.
Confidential information. To prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler (Diaure 1.3b). Suppose that we had
a way of masking the contents of messages or other information traffic so that opponents,
even if they captured the message, could not extract the information from the message. The
common technique for masking contents is encryption. If we had encryption protection in
place, an opponent might still be able to observe the pattern of these messages. The opponent
could determine the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place. Passive attacks are very
difficult to detect because they do not involve any alteration of the data. Typically, the
message traffic is sent and received in an apparently normal fashion and neither the sender
nor receiver is aware that a third party has read the messages or observed the traffic pattern.
However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
Active Attacks:
Active attacks involve some modification of the data stream or the creation of a false stream
and can be subdivided into four categories: Masquerade, Replay, Modification of messages,
and Denial of service.
2. Describe briefly the security attacks and specific security mechanismz covered by
X.800. (5 marks)(Jun 2013)(7 marks) (Dec 2013) (10 marks)(Dec 2015)
Security attacks, used both in X.800 and RFC 2828, are classified as passive attacks and
active attacks.
A passive attack attempts to learn or make use of information from the system but does not
affect system resources.
An active attack attempts to alter system resources or affect their operation. Passive attacks
are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are
release of message contents and traffic analysis.
Dept. of CSE, SJBIT Page 31
Information and network Security 10CS835
Confidential information. To prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler (Diaure 1.3b). Suppose that we had
a way of masking the contents of messages or other information traffic so that opponents,
even if they captured the message, could not extract the information from the message. The
common technique for masking contents is encryption. If we had encryption protection in
place, an opponent might still be able to observe the pattern of these messages. The opponent
could determine the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place. Passive attacks are very
difficult to detect because they do not involve any alteration of the data. Typically, the
message traffic is sent and received in an apparently normal fashion and neither the sender
nor receiver is aware that a third party has read the messages or observed the traffic pattern.
However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
3. Describe the authentication procedures covered by X.809.(10 marks)(Jun 2014)
X.800 divides these services into five categories and fourteen specific services as shown in
the below Table.
Table: Security Services (X.800)
1. AUTHENTICATION: The assurance that the communicating entity is the one that it
Introduction to Network Security, Authentication Applications, claims to be.
_ Peer Entity Authentication: Used in association with a logical connection to provide
confidence in the identity of the entities connected.
_ Data Origin Authentication: In a connectionless transfer, provides assurance that the source
of received data is as claimed.
2. ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and what
those accessing the resource are allowed to do).
3. DATA CONFIDENTIALITY: The protection of data from unauthorized disclosure. _
Connection Confidentiality: The protection of all user data on a connection. _ Connectionless
Confidentiality: The protection of all user data in a single data block _ Selective-Field
Confidentiality: The confidentiality of selected fields within the user Data on a connection or
in a single data block. _ Traffic Flow Confidentiality: The protection of the information that
might be
Derived from observation of traffic flows.
4. DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay).
_ Connection Integrity with Recovery: Provides for the integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any data
within an entire data sequence, with recovery attempted.
4. Explain the general x. 509 public key certificate.(6 marks)( Dec 2013)(8 marks)(Dec
2014)
X.509
The Standardization Process:
Dept. of CSE, SJBIT Page 32
Information and network Security 10CS835
The decision of which RFCs become Internet standards is made by the IESG, on the
recommendation of the IETF. To become a standard, a specification must meet the following
criteria:
_ Be stable and well understood
_ Be technically competent
_ Have multiple, independent, and interoperable implementations with substantial operational
experience
_ Enjoy significant public support
_ Be recognizably useful in some or all parts of the Internet
The key difference between these criteria and those used for international standards from ITU
is the emphasis here on operational experience.The left-hand side of Diaure1.1 shows the
series of steps, called the standards track, that aspecification goes through to become a
standard; this process is defined in RFC 2026. The steps involve increasing amounts of
scrutiny and testing. At each step, the IETF must make a recommendation for advancement
of the protocol, and the IESG must ratify it. The process begins when the IESG approves the
publication of an Internet Draft document as an RFC
with the status of Proposed Standard.
Diaure 1.1 Internet RFC Publication Process
The white boxes in the diagram represent temporary states, which should be occupied for the
minimum practical time. However, a document must remain a Proposed Standard for at least
six months and a Draft Standard for at least four months to allow time for review and
comment. The gray boxes represent long-term states that may be occupied for years.
For a specification to be advanced to Draft Standard status, there must be at least two
independent and interoperable implementations from which adequate operational experience
has been obtained. After significant implementation and operational experience has been
obtained, a specification may be elevated to Internet Standard. At this point, the Specification
is assigned an STD number as well as an RFC number. Finally, when a protocol becomes
obsolete, it is assigned to the Historic state.
5. Compare active and passive attacks.(5 marks)(Jun 2013)(10 marks)(Jun 2013)(6
marks)(Dec 2014)
Security Attacks:
Security attacks, used both in X.800 and RFC 2828, are classified as passive attacks and
active attacks.
A passive attack attempts to learn or make use of information from the system but does not
affect system resources.
An active attack attempts to alter system resources or affect their operation. Passive attacks
are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are
release of message contents and traffic analysis.
Confidential information. To prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler (Diaure 1.3b). Suppose that we had
a way of masking the contents of messages or other information traffic so that opponents,
even if they captured the message, could not extract the information from the message. The
common technique for masking contents is encryption. If we had encryption protection in
place, an opponent might still be able to observe the pattern of these messages. The opponent
Dept. of CSE, SJBIT Page 33
Information and network Security 10CS835
could determine the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place. Passive attacks are very
difficult to detect because they do not involve any alteration of the data. Typically, the
message traffic is sent and received in an apparently normal fashion and neither the sender
nor receiver is aware that a third party has read the messages or observed the traffic pattern.
However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
Active Attacks:
Active attacks involve some modification of the data stream or the creation of a false stream
and can be subdivided into four categories: Masquerade, Replay, Modification of messages,
and Denial of service.
Introduction to Network Security, Authentication Applications,
A masquerade takes place when one entity pretends to be a different entity (Diaure 1.4a).
A masquerade attack usually includes one of the other forms of active attack. For example,
uthentication sequences can be captured and replayed after a valid authentication sequence
has taken place, thus enabling an authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect .
Modification of messages simply means that some portion of a legitimate message is altered,
or that messages are delayed or reordered, to produce an unauthorized effect (Diaure 1.4c).
For example, a message meaning "Allow John Smith to read confidential file accounts" is
modified to mean "Allow Fred Brown to read confidential file accounts."
The denial of service prevents or inhibits the normal use or management of communications
facilities (Diaure 1.4d). This attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network, either by disabling the
network or by overloading it with messages so as to degrade performance.
6. Explain Kerberos version 4 message exchanges.(10 marks) (Dec 2012)(6 marks Dec
2014)
Kerberos:
Kerberos is an authentication service developed by MIT. The problem that Kerberos
addresses is this: Assume an open distributed environment in which users at workstations
wish to access services on servers distributed throughout the network. We would like for
servers to be able to restrict access to authorized users and to be able to authenticate requests
for service. In this environment, a workstation cannot be trusted to identify its users correctly
to network services. In particular, the following three threats exist:
_ A user may gain access to a particular workstation and pretend to be another user
operating from that workstation.
_ A user may alter the network address of a workstation so that the requests sent from
the altered workstation appear to come from the impersonated workstation.
_ A user may eavesdrop on exchanges and use a replay attack to gain entrance to
a server or to disrupt operations.
Dept. of CSE, SJBIT Page 34
Information and network Security 10CS835
In any of these cases, an unauthorized user may be able to gain access to services and
data that he or she is not authorized to access.
Rather than building in elaborate authentication protocols at each server, Kerberos provides
a centralized authentication server whose function is to authenticate users to servers and
servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on
symmetric encryption, making no use of public-key encryption.
Two versions of Kerberos are in common use. Version 4 implementations still exist. Version
5 corrects some of the security deficiencies of version 4 and has been issued as a proposed
Internet Standard (RFC 1510).
Today the more commonly used architecture is a distributed architecture consisting of
dedicated user workstations (clients) and distributed or centralized servers. In this
environment, three approaches to security can be envisioned:
_ Rely on each individual client workstation to assure the identity of its user or users
and rely on each server to enforce a security policy based on user identification (ID).
_ Require that client systems authenticate themselves to servers, but trust the client
system concerning the identity of its user.
Introduction to Network Security, Authentication Applications,
_ Require the user to prove his or her identity for each service invoked. Also
require that servers prove their identity to clients.
7. List out differences between Kerberos version 4 and version 5.(10 marks)(Jun 2013)
Kerberos Version 4:
Version 4 of Kerberos makes use of DES, to provide the authentication service. Viewing the
protocol as a whole, it is difficult to see the need for the many elements contained
therein.Therefore, we adopt a strategy used by Bill Bryant of Project Athena and build up to
the fullprotocol by looking first at several hypothetical dialogues. Each successive dialogue
adds additional complexity to counter security vulnerabilities revealed in the preceding
dialogue.
The Version 4 Authentication Dialogue:
The first problem is the lifetime associated with the ticket-granting ticket. If this lifetime is
very short (e.g., minutes), then the user will be repeatedly asked for a password. If the
lifetime is long (e.g., hours), then an opponent has a greater opportunity for replay. The
second problem is that there may be a requirement for servers to authenticate themselves to
users. Without such authentication, an opponent could sabotage the condiauration so that
messages to a server were directed to another location. The false server would then be in a
position to act as a real server and capture any information from the user and deny the true
service to the user.
Kerberos Version 5 is specified in RFC 1510 and provides a number of improvements over
version 4.
Differences between Versions 4 and 5:
Version 5 is intended to address the limitations of version 4 in two areas: environmental
shortcomings and technical deficiencies. Let us briefly summarize the improvements in each
area.
Kerberos Version 4 was developed for use within the Project Athena environment and,
accordingly, did not fully address the need to be of general purpose. This led to the following
environmental shortcomings:
Version 4 Version 5
Dept. of CSE, SJBIT Page 35
Information and network Security 10CS835
Encryption system dependence It requires the use of DES. Export restriction on DES as well
as doubts about the strength of DES were thus of concern ciphertext is tagged with an
encryption type identifier so that any encryption technique may be used.
8. Explain briefly OS1 security architecture. (10 marks)(Dec 2015) (12 marks)(June 2015)
The International Telecommunication Union (ITU) Telecommunication Standardization Sector
(ITU-T) Recommends X.800, Security Architecture for OSI, defines a systematicapproach. The
OSI security architecture provides overview of many of the concepts and it focuses on security
attacks, mechanisms, and services.
Introduction to Network Security, Authentication Applications,
Security attack: Any action that compromises the security of information owned by an
organization.
Security mechanism: A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.
Security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service.
The terms threat and attack are commonly used to mean more or less the same thing and the
actual definitions are
Threat: A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit vulnerability.
Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade security
services and violate the security policy of a system.
Security Attacks:
Security attacks, used both in X.800 and RFC 2828, are classified as passive attacks and active
attacks.
A passive attack attempts to learn or make use of information from the system but does not affect
system resources.
An active attack attempts to alter system resources or affect their operation. Passive attacks are in
the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to
obtain information that is being transmitted. Two types of passive attacks are release of message
contents and traffic analysis.
Dept. of CSE, SJBIT Page 36
Information and network Security 10CS835
UNIT 6 : Electronic Mail Security
1. Explain the PGP message generation and reception processes. .(5 marks)(Jun 2013)(10
marks)(Jun 2013) (7 marks)( Dec2013)
1 Digital signature DSS/SHA or RSA/SHA A hash code of a message is created using SHA-
1. This message digest is encrypted using DSS or RSA with the sender's private key and
included with the
message.
2 Message encryption CAST or IDEA or Threekey Triple DES with Diffie-Hellman or RSA
A message is encrypted using CAST-128 or IDEA or 3DES with a one-time session key
generated by the sender. The session key is encrypted using Diffie- Hellman or RSA with the
recipient's public key and included with the message.
3 Compression Zip A message may be compressed, for storage or transmission, using ZIP.
4 Email compatibility Radix 64 conversion To provide transparency for email applications,
an
encrypted message may be converted to an ASCII string using radix 64 conversion. 5
Segmentation To accommodate maximum message size limitations, PGP performs
segmentation and reassembly.
Authentication:
Diaure 1.1a illustrates the digital signature service provided by PGP and the sequence is as
follows:
[Digital signatures provide the ability to:
– verify author, date & time of signature
– authenticate message contents
– be verified by third parties to resolve disputes
Hence include authentication function with additional capabilities]
1. The sender creates a message.
2. SHA-1 is used to generate a 160-bit hash code of the message.
3. The hash code is encrypted with RSA using the sender's private key, and the result is
prepended to the message.
4. The receiver uses RSA with the sender's public key to decrypt and recover the hash code.
2. Describe the steps involved in providing aythentication and confidentiality by PGP. (10
marks)(Dec 2012) (6 marks)(Dec 2014) (10 marks)(Dec 2015)
The receiver generates a new hash code for the message and compares it with the decrypted hash
code. If the two match, the message is accepted as authentic. Diaure: 1.1 PGP Cryptographic
Functions The combination of SHA-1 and RSA provides an effective digital signature scheme.
Because of the strength of RSA, the recipient is assured that only the possessor of the matching
private key can generate the signature. Because of the strength of SHA-1, the recipient is assured
that no one else could generate a new message that matches the hash code and, hence, the
signature of the original message. Although signatures normally are found attached to the
message or file, this is not always the case: Detached signatures are
Dept. of CSE, SJBIT Page 37
Information and network Security 10CS835
also supported. A detached signature may be stored and transmitted separately from the
message it signs.Detached Signatures are useful in several contexts.
_ A user may wish to maintain a separate signature log of all messages sent or received. _ A
detached signature of an executable program can detect subsequent virus infection.
_ A detached signature can be used when more than one party must sign a document, such as
a legal contract. Each person's signature is independent and therefore is applied only to the
document. Otherwise, signatures would have to be nested, with the second signer signing
both the document and the first signature, and so on.
Confidentiality:
Confidentiality is provided by encrypting messages to be transmitted or to be stored locally
as files. In both cases, the symmetric encryption algorithm CAST-128 (Carlisle Adams and
Stafford Tavares) may be used. Alternatively, IDEA (International Data Encryption
Algorithm) or 3DES (Data Encryption Standards) may be used. The 64-bit cipher feedback
(CFB) mode is used. As always, one must address the problem of key distribution. In PGP,
each symmetric key is used only once. That is, a new key is generated as a random 128-bit
number for each message. Thus, although this is referred to in the documentation as a session
key, it is in reality a one-time key. Because it is to be used only once, the session key is
bound to the message and transmitted with it. To protect the key, it is encrypted with the
receiver's public key. Diaure 1.1b illustrates the sequence, which can be described as follows:
3. Discuss limitations of SMTP/RFC 822 and how MIME overcomes these limitations. (6
marks Dec 2014)
Multipurpose Internet Mail Extensions( MIME):
MIME is an extension to the RFC 822 framework that is intended to address some of the
problems and limitations of the use of SMTP (Simple Mail Transfer Protocol) or some other
mail transfer protocol and RFC 822 for electronic mail. The following are the limitations of
the SMTP/822 scheme:
1.SMTP cannot transmit executable files or other binary objects. A number of schemes are in
use for converting binary files into a text form that can be used by SMTP mail systems,
including the popular UNIX UUencode/UUdecode scheme. However, none of these is a
standard or even a de facto standard.
2. SMTP cannot transmit text data that includes national language characters because these
are represented by 8-bit codes with values of 128 decimal or higher, and SMTP is limited to
7-bit ASCII.
3. SMTP servers may reject mail message over a certain size.
4. SMTP gateways that translate between ASCII and the character code EBCDIC do not use
a consistent set of mappings, resulting in translation problems.
5. SMTP gateways to X.400 electronic mail networks cannot handle nontextual data included
in X.400 messages.
6. Some SMTP implementations do not adhere completely to the SMTP standards defined in
RFC 821. Common problems include:
-Deletion, addition, or reordering of carriage return and linefeed
-Truncating or wrapping lines longer than 76 characters -
Removal of trailing white space (tab and space characters) -
Padding of lines in a message to the same length
-Conversion of tab characters into multiple space characters
Dept. of CSE, SJBIT Page 38
Information and network Security 10CS835
4. Explain different MIME content types. (5 marks)(Jun 2013)(7 marks) (Dec 2013) (10
marks) (Dec 2012) (10 marks)(Dec 2015)
MIME-Version: Must have the parameter value 1.0. This field indicates that the message
conforms to RFCs 2045 and 2046.
Content-Type: Describes the data contained in the body with sufficient detail that the
receiving user agent can pick an appropriate agent or mechanism to represent the data to the
user or otherwise deal with the data in an appropriate manner.
Content-Transfer-Encoding: Indicates the type of transformation that has been used to
represent the body of the message in a way that is acceptable for mail transport.
Content-ID: Used to identify MIME entities uniquely in multiple contexts. Content-
Description: A text description of the object with the body; this is useful when the object is
not readable (e.g., audio data).
MIME Content Types:
The bulk of the MIME specification is concerned with the definition of a variety of content
types. This reflects the need to provide standardized ways of dealing with a wide variety of
information representations in a multimedia environment.Table 1.3 lists the content types
specified in RFC 2046. There are seven different major types of content and a total of 15
subtypes. In general, a content type declares the general type of data, and the subtype
specifies a particular format for that type of data.
5. Explain S/MIME certificate processing method. (10 marks)(Jun 2013)
S/MIME Functionality:
In terms of general functionality, S/MIME is very similar to PGP. Both offer the ability to
sign and/or encrypt messages. In this subsection, we briefly summarize S/MIME capability.
We then look in more detail at this capability by examining message formats and message
preparation.
Functions
S/MIME provides the following functions:
Enveloped data: This consists of encrypted content of any type and encrypted-content
encryption keys for one or more recipients.
Signed data: A digital signature is formed by taking the message digest of the content to be
signed and then encrypting that with the private key of the signer. The content plus signature
are then encoded using base64 encoding. A signed data message can only be viewed by a
recipient with S/MIME capability.
Clear-signed data: As with signed data, a digital signature of the content is formed.
However, in this case, only the digital signature is encoded using base64. As a
result,recipients without S/MIME capability can view the message content, although they
cannotverify the signature.
Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that
encrypted data may be signed and signed data or clear-signed data may be encrypted.
Cryptographic Algorithms:
Table 1.6 summarizes the cryptographic algorithms used in S/MIME. S/MIME uses the
following terminology, taken from RFC 2119 to specify the requirement level:
Must: The definition is an absolute requirement of the specification. An implementation
must include this feature or function to be in conformance with the specification.
Should: There may exist valid reasons in particular circumstances to ignore this feature or
function, but it is recommended that an implementation include the feature or function.
Dept. of CSE, SJBIT Page 39
Information and network Security 10CS835
UNIT 7: IP Security
1. Mention the application of IPsec. (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec
2014)
Applications of IPSec:
IPSec provides the capability to secure communications across a LAN, across private and
public WANs, and across the Internet. Examples of its use include the following:
-Secure branch office connectivity over the Internet: A company can build a secure virtual
private network over the Internet or over a public WAN. This enables a business to rely
heavily on the Internet and reduce its need for private networks, saving costs and network
management overhead.
-Secure remote access over the Internet: An end user whose system is equipped with IP
security protocols can make a local call to an Internet service provider (ISP) and gain secure
access to a company network. This reduces the cost of toll charges for traveling employees
and telecommuters.
-Establishing extranet and intranet connectivity with partners: IPSec can be used to secure
communication with other organizations, ensuring authentication and confidentiality and
providing a key exchange mechanism.
-Enhancing electronic commerce security: Even though some Web and electronic commerce
applications have built-in security protocols, the use of IPSec enhances that security.
The principal feature of IPSec that enables it to support these varied applications is that it
canencrypt and/or authenticate all traffic at the IP level. Thus, all distributed applications,
including remote logon, client/server, e-mail, file transfer, Web access, and so on, can be
secured. Diaure 1.1 is a typical scenario of IPSec usage. An organization maintains LANs at
dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite,
through somesort of private or public WAN, IPSec protocols are used. These protocols
operate in networking devices, such as a router or firewall, that connect each LAN to the
outside world. The IPSec networking device will typically encrypt and compress all traffic
going into the WAN, and decrypt and decompress traffic coming from the WAN; these
operations are transparent to workstations and servers on the LAN. Secure transmission is
also possible with individual users who dial into the WAN. Such user workstations must
implement the IPSec protocols to provide security.
2. Explain the security association selections that determine a security policy database
entry.( 6 marks)( Dec 2013)(8 marks)(Dec 2014)
Security Associations:
A key concept that appears in both the authentication and confidentiality mechanisms for IPis
the security association (SA). An association is a one-way relationship between asender and a
receiver that affords security services to the traffic carried on it. If a peer relationship is
needed, for two-way secure exchange, then two security associations are required. Security
services are afforded to an SA for the use of AH or ESP, but not both. A security association
is uniquely identified by three parameters:
Security Parameters Index (SPI): A bit string assigned to this SA and having local
significance only. The SPI is carried in AH and ESP headers to enable the receiving system
to select the SA under which a received packet will be processed. IP Destination Address:
Currently, only unicast addresses are allowed; this is the address of the destination endpoint
of the SA, which may be an end user system or a network system such as a firewall or router.
Dept. of CSE, SJBIT Page 40
Information and network Security 10CS835
Security Protocol Identifier: This indicates whether the association is an AH or ESP security
association.
Hence, in any IP packet, the security association is uniquely identified by the Destination
Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH or
ESP).
SA Parameters:
In each IPSec implementation, there is a nominal Security Association Database that
definesthe parameters associated with each SA. A security association is normally defined by
the following parameters:
-Sequence Number Counter: A 32-bit value used to generate the Sequence Number field in
AH or ESP headers.
-Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number
Counter should generate an auditable event and prevent further transmission of packets on
this SA (required for all implementations).
-Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay.
-AH Information: Authentication algorithm, keys, key lifetimes, and related parameters being
used with AH (required for AH implementations).
3. Describe SA parameters and SA selectors in detail.(5 marks)( June 2013)(10 marks)
(Dec 2013)(June 2014) (10 marks)(Dec 2015)
SA Selectors:
IPSec provides the user with considerable flexibility in the way in which IPSec services are
applied to IP traffic. SAs can be combined in a number of ways to yield the desired user
condiauration. Furthermore, IPSec provides a high degree of granularity in discriminating
between traffic that is afforded IPSec protection and traffic that is allowed to bypass IPSec, in
the former case relating IP traffic to specific SAs.The means by which IP traffic is related to
specific SAs (or no SA in the case of traffic allowed to bypass IPSec) is the nominal Security
Policy Database (SPD). In its simplest form, an SPD contains entries, each of which defines a
subset of IP traffic and points to an SA for that traffic. In more complex environments, there
may be multiple entries that potentially relate to a single SA or multiple SAs associated with
a single SPD entry. The reader is referred to the relevant IPSec documents for a full
discussion.
Each SPD entry is defined by a set of IP and upper-layer protocol field values, called
selectors. In effect, these selectors are used to filter outgoing traffic in order to map it into a
particular SA. Outbound processing obeys the following general sequence for each IP packet:
-Compare the values of the appropriate fields in the packet (the selector fields) against the
SPD to find a matching SPD entry, which will point to zero or more SAs.
-Determine the SA if any for this packet and its associated SPI.
-Do the required IPSec processing (i.e., AH or ESP
processing). The following selectors determine an SPD entry:
-Destination IP Address: This may be a single IP address, an enumerated list or range of
addresses, or a wildcard (mask) address. The latter two are required to support more than one
destination system sharing the same SA (e.g., behind a firewall).
-Source IP Address: This may be a single IP address, an enumerated list or range of
addressee, or a wildcard (mask) address. The latter two are required to support more than one
source system sharing the same SA (e.g., behind a firewall).
-User ID: A user identifier from the operating system. This is not a field in the IP or upper-
layer headers but is available if IPSec is running on the same operating system as the user.
Dept. of CSE, SJBIT Page 41
Information and network Security 10CS835
-Data Sensitivity Level: Used for systems providing information flow security (e.g., Secret or
Unclassified).
-Transport Layer Protocol: Obtained from the IPv4 Protocol or IPv6 Next Header field. This
may be an individual protocol number, a list of protocol numbers, or a range of protocol
numbers.
-Source and Destination Ports: These may be individual TCP or UDP port values,
an enumerated list of ports, or a wildcard port.
4. Explain IPsec and ESP format. (5 marks)(Jun 2013)(10 marks) (Dec 2013)
-Next Header (8 bits): Identifies the type of header immediately following this header. -
Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2.
For example, the default length of the authentication data field is 96 bits, or three 32- bit
words. With a three-word fixed header, there are a total of six words in the header, and the
Payload Length field has a value of 4.
-Reserved (16 bits): For future use.
-Security Parameters Index (32 bits): Identifies a security association.
-Sequence Number (32 bits): A monotonically increasing counter value, discussed later.
-Authentication Data (variable): A variable-length field (must be an integral number
of 32-bit words) that contains the Integrity Check Value (ICV), or MAC, for this packet,
discussed
5. Describe Transport tunnel modes used for IPsec AH authentication bringing out their
scope relevant to IPV4. (3 marks)(Dec 2014) .(19 marks) (Jun 2012) (June 2013)
-RFC 2401: An overview of a security architecture
-RFC 2402: Description of a packet authentication extension to IPv4 and IPv6
-RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 -
RFC 2408: Specification of key management capabilities
Support for these features is mandatory for IPv6 and optional for IPv4. In both cases, the
security features are implemented as extension headers that follow the main IP header. The
extension header for authentication is known as the Authentication header; that for
encryption is known as the Encapsulating Security Payload (ESP) header. In addition to these
four RFCs, a number of additional drafts have been published by the IP Security Protocol
Working Group set up by the IETF. The documents are divided into seven groups, as
depicted in Diaure 1.2 (RFC 2401).
-Architecture: Covers the general concepts, security requirements, definitions, and
mechanisms defining IPSec technology.
-Encapsulating Security Payload (ESP): Covers the packet format and general issues related
to the use of the ESP for packet encryption and, optionally, authentication.
-Authentication Header (AH): Covers the packet format and general issues related to the use
of AH for packet authentication.
-Encryption Algorithm: A set of documents that describe how various encryption algorithms
are used for ESP.
6. Mention important features of Oakley algorithm. (10 marks) (June 2013) (Dec 2013) (10
marks)(Dec 2015)
Dept. of CSE, SJBIT Page 42
Information and network Security 10CS835
-Oakley Key Determination Protocol: Oakley is a key exchange protocol based on the Diffie-
Hellman algorithm but providing added security. Oakley is generic in that it does not dictate
specific formats.
-Internet Security Association and Key Management Protocol (ISAKMP):
ISAKMP provides a framework for Internet key management and provides the specific
protocol support, including formats, for negotiation of security attributes. ISAKMP by itself
does not dictate a specific key exchange algorithm; rather, ISAKMP consists of a set of
message types that enable the
use of a variety of key exchange algorithms. Oakley is the specific key exchange algorithm
mandated for use with the initial version of ISAKMP.
Oakley Key Determination Protocol:
Oakley is a refinement of the Diffie-Hellman key exchange algorithm. Recall that Diffie-
Hellman involves the following interaction between users A and B. There is prior
agreementon two global parameters: q, a large prime number; and a a primitive root of q. A
selects a random integer XA as its private key, and transmits to B its public keyY A = aXA
mod q.
Similarly, B selects a random integer XB as its private key and transmits to A its public
keyYB = a XBmod q. Each side can now compute the secret session key:
The Diffie-Hellman algorithm has two attractive features:
-Secret keys are created only when needed. There is no need to store secret keys for a long
period of time, exposing them to increased vulnerability.
-The exchange requires no preexisting infrastructure other than an agreement on the global
parameters. However, there are a number of weaknesses to Diffie-Hellman.
UNIT 8: Web Security
1. Explain the parameters that define session state and connection state in SSL. (7 marks)(
Dec2013)
A session state is defined by the following parameters (definitions taken from the SSL
specification):
-Session identifier: An arbitrary byte sequence chosen by the server to identify an active or
resumable session state.
-Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null.
-Compression method: The algorithm used to compress data prior to encryption.
-Cipher spec: Specifies the bulk data encryption algorithm (such as null, AES, etc.) and a
hash algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines
cryptographic attributes such as the hash_size.
-Master secret: 48-byte secret shared between the client and server.
-Is resumable: A flag indicating whether the session can be used to initiate new connections.
A connection state is defined by the following parameters:
Dept. of CSE, SJBIT Page 43
Information and network Security 10CS835
-Server and client random: Byte sequences that are chosen by the server and client for each
connection.
-Server write MAC secret: The secret key used in MAC operations on data sent by the server.
-Client write MAC secret: The secret key used in MAC operations on data sent by the client.
-Server write key: The conventional encryption key for data encrypted by the server and
decrypted by the client.
-Client write key: The conventional encryption key for data encrypted by the client and
decrypted by the server.
-Initialization vectors: When a block cipher in CBC mode is used, an initialization vector
(IV) is maintained for each key. This field is first initialized by the SSL
Handshake Protocol. Thereafter the final ciphertext block from each record is preserved for
use as the IV with the following record.
2. Discuss SSL protocol stack. (10 marks)(Dec 2012)
SSL Protocol Stack
The SSL Record Protocol provides basic security services to various higher-layer protocols.
In particular, the Hypertext Transfer Protocol (HTTP), which provides the transfer service for
Web client/server interaction, can operate on top of SSL. Three higher-layer protocols are
defined as part of SSL: the Handshake Protocol, The Change Cipher Spec Protocol, and the
Alert Protocol. These SSL-specific protocols are used in the management of SSL exchanges
and are examined later in this section.
Two important SSL concepts are the SSL session and the SSL connection, which are defined
in the specification as follows:
-Connection: A connection is a transport (in the OSI layering model definition) that provides
a suitable type of service. For SSL, such connections are peer-to-peer relationships. The
connections are transient. Every connection is associated with one session.
-Session: An SSL session is an association between a client and a server. Sessions are created
by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which
can be shared among multiple connections. Sessions are used to avoid the expensive
negotiation of new security parameters for each connection. Between any pair of parties
(applications such as HTTP on client and server), there may be multiple secure connections.
In theory, there may also be multiple simultaneous sessions between parties, but this feature
is not used in practice. There are actually a number of states associated with each session.
Dept. of CSE, SJBIT Page 44
Information and network Security 10CS835
Once a session is established, there is a current operating state for both read and write (i.e.,
receive and send). In addition, during the Handshake Protocol, pending read and write states
are created. Upon successful conclusion of the Handshake Protocol, the pending states
becomes the current states.
3. What are the services provided by SSL record protocol?( 10 marks) (Dec 2012)(6 marks
Dec 2014)\
SSL Record Format
Change Cipher Spec Protocol:
The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL
Record Protocol, and it is the simplest. This protocol consists of a single message (Diaure
1.5a), which consists of a single byte with the value 1. The sole purpose of this message is to
cause the pending state to be copied into the current state, which updates the cipher suite to
be used on this connection.
Diaure 1.5. SSL Record Protocol
Payload Alert Protocol:
The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with other
applications that use SSL, alert messages are compressed and encrypted, as specified by the
current state. Each message in this protocol consists of two bytes (Diaure 17.5b). The first
byte takes the value warning(1) or fatal(2) to convey the severity of the message. If the level
is fatal, SSL immediately terminates the connection. Other connections on the same session
may continue, but no new connections on this session may be established. The second byte
contains a code that indicates the specific alert. First, we list those alerts that are always fatal
(definitions from the SSL specification):
-unexpected_message: An inappropriate message was
received. -bad_record_mac: An incorrect MAC was received.
-decompression_failure: The decompression function received improper input (e.g., unable to
decompress or decompress to greater than maximum allowable length).
-handshake_failure: Sender was unable to negotiate an acceptable set of security parameters
given the options available.
-illegal_parameter: A field in a handshake message was out of range or inconsistent with
other fields. The remainder of the alerts are the following:
Dept. of CSE, SJBIT Page 45
Information and network Security 10CS835
-close_notify: Notifies the recipient that the sender will not send any more messages on this
connection. Each party is required to send a close_notify alert before closing the write side of
a connection.
-no_certificate: May be sent in response to a certificate request if no appropriate certificate is
available.
-bad_certificate: A received certificate was corrupt (e.g., contained a signature that did not
verify).
-unsupported_certificate: The type of the received certificate is not supported.
-certificate_revoked: A certificate has been revoked by its signer. -
certificate_expired: A certificate has expired.
-certificate_unknown: Some other unspecified issue arose in processing the certificate,
rendering it unacceptable.
4. Describe the SET participants.(05 Marks) (Dec 2015)
Secure Electronic Transaction:
SET is an open encryption and security specification designed to protect credit card
transactions on the Internet. The current version, SETv1, emerged from a call for security
standards by MasterCard and Visa in February 1996. A wide range of companies were
involved in developing the initial specification, including IBM, Microsoft, Netscape, RSA,
Terisa, and Verisign. Beginning in 1996. SET is not itself a payment system. Rather it is a set
of security protocols and formats that enables users to employ the existing credit card
payment infrastructure on an open network, such as the Internet, in a secure fashion. In
essence, SET provides three services:
-Provides a secure communications channel among all parties involved in a
transaction -Provides trust by the use of X.509v3 digital certificates
-Ensures privacy because the information is only available to parties in a transaction
when and where necessary.
SET Overview:
A good way to begin our discussion of SET is to look at the business requirements for
SET, its key features, and the participants in SET transactions.
Requirements:
The SET specification lists the following business requirements for secure payment
processing with credit cards over the Internet and other networks:
Dept. of CSE, SJBIT Page 46
Information and network Security 10CS835
-Provide confidentiality of payment and ordering information: It is necessary to assure
cardholders that this information is safe and accessible only to the intended recipient.
Confidentiality also reduces the risk of fraud by either party to the transaction or by malicious
third parties. SET uses encryption to provide confidentiality.
5. Explain SSL handshake protocol with a neat diagram. (5 marks)(Jun 2013)(7 marks)
(Dec 2013) (06 marks)(Dec 2015)
SSL: the Handshake Protocol, The Change Cipher Spec Protocol, and the Alert Protocol.
These SSL-specific protocols are used in the management of SSL exchanges and are
examined later in this section.
Two important SSL concepts are the SSL session and the SSL connection, which are defined
in the specification as follows:
-Connection: A connection is a transport (in the OSI layering model definition) that provides
a suitable type of service. For SSL, such connections are peer-to-peer relationships. The
connections are transient. Every connection is associated with one session.
-Session: An SSL session is an association between a client and a server. Sessions are created
by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which
can be shared among multiple connections. Sessions are used to avoid the expensive
negotiation of new security parameters for each connection. Between any pair of parties
(applications such as HTTP on client and server), there may be multiple secure connections.
In theory, there may also be multiple simultaneous sessions between parties, but this feature
is not used in practice. There are actually a number of states associated with each session.
Once a session is established, there is a current operating state for both read and write (i.e.,
receive and send). In addition, during the Handshake Protocol, pending read and write states
are created. Upon successful conclusion of the Handshake Protocol, the pending states
becomes the current states.
6. Explain the construction of dual signature in SET. Also show its verification by the
merchant and the bank. (10 marks)(10)(Jun 2013)
merchant can accept credit card transactions
through its relationship with a financial institution: This is the complement to the preceding
requirement. Cardholders need to be able to identify merchants with whom they can conduct
secure transactions. Again, digital signatures and certificates are used.
Dept. of CSE, SJBIT Page 47
Information and network Security 10CS835
-Ensure the use of the best security practices and system design techniques to protect all
legitimate parties in an electronic commerce transaction: SET is a well-tested specification
based on highly secure cryptographic algorithms and protocols.
-Create a protocol that neither depends on transport security mechanisms nor prevents their
use: SET can securely operate over a "raw" TCP/IP stack. However, SET does not interfere
with the use of other security mechanisms, such as IPSec and SSL/TLS.
-Facilitate and encourage interoperability among software and network providers: The SET
protocols and formats are independent of hardware platform, operating system, and Web
software.
Key Features of SET
To meet the requirements just outlined, SET incorporates the following features: -
Confidentiality of information: Cardholder account and payment information is secured as it
travels across the network. An interesting and important feature of SET is that it prevents the
merchant from learning the cardholder's credit card number; this is only provided to the
issuing bank. Conventional encryption by DES is used to provide confidentiality.
7. List out the key features of secure electronic transaction and explain in detail. .(5
marks)(Jun 2013)(10 marks)(Jun 2013)(6 marks)(Dec 2014) (09 Marks) (Dec 2015)
Secure Electronic Transaction:
SET is an open encryption and security specification designed to protect credit card
transactions on the Internet. The current version, SETv1, emerged from a call for security
standards by MasterCard and Visa in February 1996. A wide range of companies were
involved in developing the initial specification, including IBM, Microsoft, Netscape, RSA,
Terisa, and Verisign. Beginning in 1996. SET is not itself a payment system. Rather it is a set
of security protocols and formats that enables users to employ the existing credit card
payment infrastructure on an open network, such as the Internet, in a secure fashion. In
essence, SET provides three services:
-Provides a secure communications channel among all parties involved in a
transaction -Provides trust by the use of X.509v3 digital certificates
-Ensures privacy because the information is only available to parties in a
transaction when and where necessary.
SET Overview:
A good way to begin our discussion of SET is to look at the business requirements for
SET, its key features, and the participants in SET transactions.
Dept. of CSE, SJBIT Page 48
Information and network Security 10CS835
Requirements:
The SET specification lists the following business requirements for secure payment
processing with credit cards over the Internet and other networks:
-Provide confidentiality of payment and ordering information: It is necessary to assure
cardholders that this information is safe and accessible only to the intended recipient.
Confidentiality also reduces the risk of fraud by either party to the transaction or by malicious
third parties. SET uses encryption to provide confidentiality.
-Ensure the integrity of all transmitted data: That is, ensure that no changes in content occur
during transmission of SET messages. Digital signatures are used to provide integrity. -
Provide authentication that a cardholder is a legitimate user of a credit card account: A
mechanism that links a cardholder to a specific account number reduces the incidence of
fraud and the overall cost of payment processing. Digital signatures and certificates are used
to verify that a cardholder is a legitimate user of a valid account.
Dept. of CSE, SJBIT Page 49
You might also like
- MSI GP62MVR 6RF Leopard Pro MS-16JB - MS-179B MS-16JB1 Rev 1.0 (0A) СхемаNo ratings yetMSI GP62MVR 6RF Leopard Pro MS-16JB - MS-179B MS-16JB1 Rev 1.0 (0A) Схема71 pages
- Sample Exam: Exam Name - Certified Information Systems Security Tester (CISST) ™ Exam Code - CISST-001No ratings yetSample Exam: Exam Name - Certified Information Systems Security Tester (CISST) ™ Exam Code - CISST-0014 pages
- An Overview of Computer Security PPT by Matt BishopNo ratings yetAn Overview of Computer Security PPT by Matt Bishop113 pages
- Privilege Escalation Attack Detection and Mitigation in Cloud Using Machine LearningNo ratings yetPrivilege Escalation Attack Detection and Mitigation in Cloud Using Machine Learning69 pages
- OceanofPDF.com Advanced Monitoring in P2P Botnets - Shankar KaruppayahNo ratings yetOceanofPDF.com Advanced Monitoring in P2P Botnets - Shankar Karuppayah143 pages
- Fostering Cyber Resilience in Europe An in Depth Exploration of The Cyber Resilience ActNo ratings yetFostering Cyber Resilience in Europe An in Depth Exploration of The Cyber Resilience Act16 pages
- Sample Exam Advanced Level Syllabus Security Testing: International Software Testing Qualifications BoardNo ratings yetSample Exam Advanced Level Syllabus Security Testing: International Software Testing Qualifications Board16 pages
- Catalyst 6000 Family Software Configuration GuideNo ratings yetCatalyst 6000 Family Software Configuration Guide880 pages
- A Survey On IoT Intrusion Detection Federated Learning Game Theory Social Psychology and Explainable ANo ratings yetA Survey On IoT Intrusion Detection Federated Learning Game Theory Social Psychology and Explainable A34 pages
- Information Security: Bhupendra Ratha, LecturerNo ratings yetInformation Security: Bhupendra Ratha, Lecturer38 pages
- Explainable AI For Cybersecurity Automation, Intelligence and Trustworthiness 5No ratings yetExplainable AI For Cybersecurity Automation, Intelligence and Trustworthiness 524 pages
- Lab 7 - Wireshark Ethernet ARP v8.1 PhuongVoNo ratings yetLab 7 - Wireshark Ethernet ARP v8.1 PhuongVo10 pages
- Installation and Configuration - SAS Enterprise MinerNo ratings yetInstallation and Configuration - SAS Enterprise Miner36 pages
- From ChatGPT To ThreatGPT Impact of Generative AI in Cybersecurity and PrivacyNo ratings yetFrom ChatGPT To ThreatGPT Impact of Generative AI in Cybersecurity and Privacy28 pages
- Lecture8 AES - The Advanced Encryption StandardNo ratings yetLecture8 AES - The Advanced Encryption Standard88 pages
- Towards Pentesting Automation Using The Metasploit FrameworkNo ratings yetTowards Pentesting Automation Using The Metasploit Framework8 pages
- Cryptography (CSC316) : Unit I: Introduction and Classical CiphersNo ratings yetCryptography (CSC316) : Unit I: Introduction and Classical Ciphers31 pages
- Approach To Hackiing in Cameroon:Overview and Mitigation TechniquesNo ratings yetApproach To Hackiing in Cameroon:Overview and Mitigation Techniques14 pages
- Installing and Configuring Active Directory (v2 (1) .10.14)100% (1)Installing and Configuring Active Directory (v2 (1) .10.14)51 pages
- SCADA Testbed For Vulnerability Assessments, Penetration Testing and Incident ForensicsNo ratings yetSCADA Testbed For Vulnerability Assessments, Penetration Testing and Incident Forensics6 pages
- Towards Resilient Machine Learning For Ransomware Detection - 1812.09400No ratings yetTowards Resilient Machine Learning For Ransomware Detection - 1812.0940010 pages
- Malware Detection and Evasion With Machine Learning Techniques: A SurveyNo ratings yetMalware Detection and Evasion With Machine Learning Techniques: A Survey9 pages
- StealthWatch 7 1 Downloading and Licensing Guide DV 1 0No ratings yetStealthWatch 7 1 Downloading and Licensing Guide DV 1 053 pages
- GrandStream GXV-3175 - User Manual EnglishNo ratings yetGrandStream GXV-3175 - User Manual English130 pages
- HP 3par Storeserv 7000 Storage Smartstart 1.2 Software User'S GuideNo ratings yetHP 3par Storeserv 7000 Storage Smartstart 1.2 Software User'S Guide63 pages
- Information Security BDCR Plan DRAFT Nov 2019No ratings yetInformation Security BDCR Plan DRAFT Nov 201911 pages
- 7 More Steps To Mastering Machine Learning With Python - Page1No ratings yet7 More Steps To Mastering Machine Learning With Python - Page18 pages
- Presentation de ABB Pour ONEE 2015-12-10No ratings yetPresentation de ABB Pour ONEE 2015-12-1029 pages
- Iiot and Industrial Control System (Ics) Security: Palo Alto Networks and Nozomi NetworksNo ratings yetIiot and Industrial Control System (Ics) Security: Palo Alto Networks and Nozomi Networks4 pages
- GlobalData - IP Edge Routing Landscape - July 2023No ratings yetGlobalData - IP Edge Routing Landscape - July 20235 pages
- RDL-3000 XP RAS-Elite Short-Form Datasheet 2023-09-22No ratings yetRDL-3000 XP RAS-Elite Short-Form Datasheet 2023-09-222 pages
- Password Recovery Procedure For The Wireless LAN Controller ModuleNo ratings yetPassword Recovery Procedure For The Wireless LAN Controller Module8 pages
- Ethernet/Ip Profile Switch Step by Step: Automation and Network SolutionsNo ratings yetEthernet/Ip Profile Switch Step by Step: Automation and Network Solutions31 pages
- datasheet-axis-m3086-v-dome-camera-en-US-378407No ratings yetdatasheet-axis-m3086-v-dome-camera-en-US-3784073 pages
- DNP Configuration Guide Using Afsuite: Abb IncNo ratings yetDNP Configuration Guide Using Afsuite: Abb Inc4 pages
- Configuring A VNC Server in Linux BobpeersNo ratings yetConfiguring A VNC Server in Linux Bobpeers5 pages
- Protecting Our Future, Volume 1: Educating a Cybersecurity WorkforceFrom EverandProtecting Our Future, Volume 1: Educating a Cybersecurity WorkforceNo ratings yet
