CNS UNIT-4

7/28/2019 CNS UNIT-4

1/51

UNIT-IV

NETWORK SECURITY, FIREWALLS AND WEB

SECURITY

SUBMITTED BY,

M.SHENBAGAVALLI (111865)

R.SUJITHA (111866)

M.SUNDARA MAHALAKSHMI (111855)

B.VANAJA (111867)

7/28/2019 CNS UNIT-4

2/51

(2 MARKS)

FIREWALL

1) DEFINE FIREWALL?

1. Acts as a security gateway between two networks

Usually between trusted and untrusted networks (such as between a

corporate network and the Internet)

2. Tracks and controls network communications

Decides whether to pass, reject, encrypt, or log communications

(Access Control)

2) WHY FIREWALLS ARE NEEDED?

Prevent attacks from untrusted networks Protect data integrity of critical information

Preserve customer and partner confidence

3) WHAT ARE THE DIFFERENT TYPES OF FIREWALL?

hardware firewall

software firewall

4) GIVE SOME GENERAL FEATURES OF FIREWALL?

Port Control

Network Address Translation

Application Monitoring (Program Control)

Packet Filtering

5) DEFINE HARDWARE FIREWALL?

It is just a software firewall running on a dedicated piece of hardware or

specialized device.

Basically, it is a barrier to keep destructive forces away from property.

to protect your home network and family from offensive Web sites andpotential hackers.

6) WHAT ARE THE DIFFERENT TYPES OF HARDWARE FIREWALL?

1. Packet-filtering router

2. Stateful Inspection firewalls3. Application-level gateway

4. Circuit-level gateway

7/28/2019 CNS UNIT-4

3/51

5. Bastion host

7) WHAT IS PACKET FILTERING?

Work at the network level of the OSI model

Each packet is compared to a set of criteria before it is forwarded

Packet filtering firewalls is low cost and low impact on network performance

8) WHAT IS CIRCUIT LEVEL PROXIES IN FIREWALL?

Circuit level gateways work at the session layer of the OSI model, or the TCP

layer of TCP/IP

Monitor TCP handshaking between packets to determine whether a requested

session is legitimate.

9) GIVE ABOUT APPLICATION LEVEL PROXIES?

Application level gateways, also called proxies, are similar to circuit-levelgateways except that they are application specific

Gateway that is configured to be a web proxy will not allow any ftp, gopher,telnet or other traffic through

10) WRITE ABOUT STATEFUL MULTILAYER INSPECTION?

Stateful multilayer inspection firewalls combine the aspects of the other three

types of firewalls

They filter packets at the network layer, determine whether session packetsare legitimate and evaluate contents of packets at the application layer

11) WHAT ARE THE FUTURES OF FIREWALL?

Firewalls will continue to advance as the attacks on IT infrastructure become

more and more sophisticated More and more client and server applications are coming with native support

for proxied environments

Firewalls that scan for viruses as they enter the network and several firms are

currently exploring this idea, but it is not yet in wide use

12) WHAT ARE THE LIMITATIONS OF FIREWALL?

cannot protect from attacks bypassing it

cannot protect against internal threats

cannot protect against transfer of all virus infected programs or files

7/28/2019 CNS UNIT-4

4/51

13) WHAT ARE THE ATTACKS ON PACKET FILTERS?

IP address spoofing

source routing attacks

tiny fragment attacks

14) DEFINE BASTION HOST?

highly secure host system runs circuit / application level gateways

or provides externally accessible services

potentially exposed to "hostile" elements hence is secured to withstand this

hardened O/S, essential services, extra auth

proxies small, secure, independent, non-privileged

15) WRITE ABOUT ACCESS CONTROL?

determines what resources users can access

general model is that of access matrix with

subject - active entity (user, process) object - passive entity (file or resource)

access right way object can be accessed

can decompose by

columns as access control lists

rows as capability tickets

16) WHAT DO YOU MEANT BY TRUSTED COMPUTER SYSTEM?

information security is increasingly important

have varying degrees of sensitivity of information subjects (people or programs) have varying rights of access to objects

(information)

known as multilevel security

want to consider ways of increasing confidence in systems to enforce theserights

17) WHAT ARE THE KEY POLICIES OF BLP MODEL?

no read up (simple security property)

no write down

7/28/2019 CNS UNIT-4

5/51

18) WHAT ARE THE DESIGN GOALS OF FIREWALL?

The design goals of firewall are:

1. All traffic from inside to outside, and vice versa, must pass through the

firewall.2. Only authorized traffic, as defined by the local security policy. Will be

allowed to pass.

3. The firewall itself is immune to penetration.

IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY

ASSOCIATION

1.What is IP Security?

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)communications by authenticating and encrypting each IP packet of a communication

session

IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet

Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security

gateway and a host.

2.List benefits in IP security?

Benefits:

In a firewall/router provides strong security to all traffic crossing theperimeter

in a firewall/router is resistant to bypass

is below transport layer, hence transparent to applications

can be transparent to end users

can provide security for individual users

secures routing architecture

3.List IP security Protocols.

IP security consist of two Protocols to provide security

Authentication Header

7/28/2019 CNS UNIT-4

6/51

AH provides authentication and integrity, which protect against data tampering, using the

same algorithms as ESP. AH also provides optional anti-replay protection, which protects

against unauthorized retransmission of packets. The authentication header is inserted intothe packet between the IP header and any subsequent packet contents.

Encapsulating Payload

1 provides message content confidentiality & limited traffic flow confidentiality

2 can optionally provide the same authentication services as AH. ESP provides

authentication, integrity, and confidentiality, which protect against data tampering and,

most importantly, provide message content protection.

4.What are the modes of operation in IPSecurity?

2 modes of operation

Transport mode:

transport mode is used to encrypt & optionally authenticate IP datadata protected

but header left in clear can do traffic analysis but is efficient

good for ESP host to host traffic

Tunnel mode:

Tunnel Mode: protect the entire IP payload

tunnel mode encrypts entire IP packetadd new header for next hop

good for VPNs, gateway to gateway security

5.What is the purpose of security association?

An IPsec security association (SA) specifies security properties that are recognized bycommunicating hosts. A single SA protects data in one direction. The protection is eitherto a single host or to a group (multicast) address. Because most communication is either

peer-to-peer or client-server, two SAs must be present to secure traffic in both directions.

The SAs allow an enterprise to control exactly what resources may communicatesecurely, according to security policy

6.What are services in IP security?

Connectionless integrity

Assurance that received traffic has not been modified. Integrity includesanti-reply defenses.

Data origin authentication

Assurance that traffic is sent by legitimate party or parties.

Confidentiality (encryption)

Assurance that users traffic is not examined by non-authorized parties.

Access control

Prevention of unauthorized use of a resource.

7/28/2019 CNS UNIT-4

7/51

7.Differnces between Transport mode and Tunnel mode

In transport mode, the outer header determines the IPsec policy that protects the inner

IP packet. , if the next header is an IP header, the outer header and the inner IP header canbe used to determine IPsec policy.

In tunnel mode, the inner IP packet determines the IPsec policy that protects its

contents.the inner IP header, its next header, and the ports that the next header supports,

can enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does notdictate the policy of its inner IP datagram.

8.What are authentication and encryption algorithms used in IP Security?

Authentication Algorithms in IPsec

Authentication algorithms produce an integrity checksum value ordigest that is based on

the data and a key. The AH module uses authentication algorithms. The ESP module canuse authentication algorithms as well.

Encryption Algorithms in IPsec

Encryption algorithms encrypt data with a key. The ESP module in IPsec uses encryption

algorithms. The algorithms operate on data in units of a block size.

9.What is the purpose of using SPI in IP Security?

In order to decide what protection is to be provided for an outgoing packet, IPsec

uses the Security Parameter Index (SPI),

uniquely identify a security association for that packet.

10.List the parameters ued in Authentication Header?

Next Header(1 byte): Contains the protocol number of the next header after the AH.

Used to link headers together.

Payload Length(1 byte): Despite its name, this field measures the length of theauthentication header itself, not the payload. It is measured in 32 bit units, with 2

subtracted for consistency with how header lengths are normally calculated in IPv6.

Reserved(2 byte): Not used; set to zeroes.

Security Parameter Index (SPI)(4 byte): A 32-bit value that when combined with thedestination address and security protocol type (which here is obviously the one for AH)

identifies the security association to be used for this datagram

7/28/2019 CNS UNIT-4

8/51

Sequence Number(4 byte): This is a counter field that is initialized to zero when a

security association is formed between two devices, and then incremented for each

datagram sent using that SA. This uniquely identifies each datagram on an SA and is usedto provide protection against replay attacks by preventing the retransmission of captured

datagrams.

Authentication Data(variable): This field contains the result of the hashing algorithm

performed by the AH protocol, the Integrity Check Value (ICV).

11.List the parameters in ESP

Security Parameters Index (32 bits)

Arbitrary value used (together with the destination IP address) to identify the

security associationof the receiving party.

Sequence Number (32 bits)

A monotonically increasing sequence number (incremented by 1 for every packet

sent) to protect against replay attacks. There is a separate counter kept for everysecurity association.

Payload data (variable)

The protected contents of the original IP packet, including any data used to

protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm).The type of content that was protected is indicated by the Next Header field.

Padding (0-255 octets)

Padding for encryption, to extend the payload data to a size that fits theencryption's cipherblock size, and to align the next field.

Pad Length (8 bits)

Size of the padding (in octets).

Next Header (8 bits)Type of the next header. The value is taken from thelist of IP protocol numbers.

Integrity Check Value (multiple of 32 bits)

Variable length check value. It may contain padding to align the field to an 8-

octet boundary forIPv6, or a 4-octet boundary forIPv4.

12.Explain ESP Process in Encryption and decryption?

ESP also provides all encryption services in IPSec. Encryption translates a readable

message into an unreadable format to hide the message content. The opposite process,called decryption, translates the message content from an unreadable format to a readable

message.

Encryption/decryption allows only the sender and the authorized receiver to read the data.In addition, ESP has an option to perform authentication, called ESP authentication.

Using ESP authentication, ESP provides authentication and integrity for the payload and

not for the IP header.

7/28/2019 CNS UNIT-4

9/51

13.Why ESP does not encrypt ESP Header?

The ESP header is inserted into the packet between the IP header and any subsequent

packet contents. However, because ESP encrypts the data, the payload is changed. ESPdoes not encrypt the ESP header, nor does it encrypt the ESP authentication.

14.What are the parameters used in Security association?

The following three elements uniquely identify an IPsec SA:

The security protocol (AH or ESP)

The destination IP address

The security parameter index (SPI)

15.Explain security mechanism in Authentication header and ESP

AH protects the packet's origin, destination, and contents from being tampered with, the

identity of the sender and receiver is known. In addition, AH does not protect the data's

confidentiality. If data is intercepted and only AH is used, the message contents can beread. ESP protects data confidentiality. For added protection in certain cases, AH and

ESP can be used together.

KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS

LAYER

1. Define key management?

7/28/2019 CNS UNIT-4

10/51

Key management is the management of cryptographic keys in a cryptosystem.

This includes dealing with the generation, exchange, storage, use, and replacement of

keys. It includes cryptographic protocol design, key servers, user procedures, and other

relevant protocols.

Key management concerns keys at the user level, either between users or systems.

This is in contrast to key scheduling; key scheduling typically refers to the internal

handling of key material within the operation of a cipher.

2. What are the types of key management?

There are two types of key management

1.Manual key Management

2.Automated key Management

3. Define Manual Key management?

A system administrator manuually configures each system with its own keys and

with the keys of other communicating systems.This is practical for small relatively static

environments.

4. Define Automated key Management?

An automated system enables the on demand creation of keys for SAs and

facilitates the use of keys in a large distributed system with a evolving configurations.

5.what are the default automated key management protocol for IP Sec?

Oakley key determination protocol

Internet security association and key management protocol(ISAKMP)

6.What are the features of Oakley?

It employs a mechanism known as cookies to thwart clogging attacks.

It uses nonces to ensure against replay attacks

It enables the exchange of Diffie-Hellman public key values

It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack

7.What are the authentication methods that can be used with Oakley?

Digital Signnature

Public Key Encryption

Symmetric key Encryption

7/28/2019 CNS UNIT-4

11/51

8.Define ISAKMP?

ISAKMP defines procedures and packet format to establish, negotiate, modify

and delete security associations. As part of SA establishment, ISAKMP defines payloads

for exchanging key generation and authentication data. This payload format provide a

consistent framework independent of the specific key exchange protocol, encryption

algorithm, and authentication mechanism.

9.Define ISAKMP exchange?

ISAKMP provides a framework for message exchange, with the payload types

serving as the building blocks. The specification identifies five default exchange types

that should be supported. SA refers to an SA payload with associated protocol and

transform payloads.

10.What are the types of ISAKMP exchange?

Base Exchange

Identity Protection exchange

Authentication only exchange

Aggressive exchange

Informational exchange

SSL

1.Define SSL?

Secure Socket Layer provides security services between TCP and applications

that use TCP. The internet standard version is calles Transport Layer Service(TLS)

SSL provides confidentiality using symmetric encryption and message integrity

using a message authentication code.

Two important SSL concepts are SSL session and SSL connection.

2. Define SSL session?

An SSL session is an association between a client and a server, sessions are

created by the handshake protocol. Sessions define a set of cryptographic security

parameters, which can be shared among multiple connections.

Sessions are used to avoid the expensive negotiation of new security parameters

for each connection.

7/28/2019 CNS UNIT-4

12/51

3. Define SSL connection?

Connection is a transport that provides a suitable type of service. For SSL such

connections are peer to peer relationships. The connections are transient every connection

is associated with one session.

4.What are the parameter of SSL session state?

Session identifier

Peer Certificate

Compression method

Cipher spec

Master secret

Is resumable

5. What are the parameter of SSL connection state?

Server and client Random

Server write Mac secret

Client write Mac secret

Server Write key

Client write key

Sequence number

6. What are the two services provides by SSL record protocol?

Confidentiality

Message Integrity

WEB SECURITY REQUIREMENTS

1.Define web security?

7/28/2019 CNS UNIT-4

13/51

WS-Security (Web Services Security) is a proposed IT industry standard that

addresses security when data is exchanged as part of a Web service. WS-Security is one

of a series of specifications from an industry group that includes IBM, Microsoft..

WS-Security specifies enhancements to SOAP (Simple Object Access Protocol)

messaging aimed at protecting the integrity and confidentiality of a message and

authenticating the sender. WS-Security also specifies how to associate a security token

with a message, without specifying what kind of token is to be used. It does describe how

to encode X.509 certificates and Kerberos tickets. In general, WS-Security is intended to

be extensible so that new security mechanisms can be used in the future.

2.what are the requirements of web security?

Global approach

Local approach

Bi-directional and multiprotocol

Throughout the enterprise

Granular application control features

Multiprotocol data loss prevention

Flexible deployment options

Multifunction

Manageable

3. what are the steps to achieve compliance?

The five steps to achieve compliance are

Discover and learnFind all your sensitive data wherever it may be

Assess riskEnsure secure data handling procedures are in place

Define effective policiesCreate policies to protect data and test them for effectiveness

Apply controlsRestrict access to authorized people and limit transmission

Monitor, report and auditEnsure successful data security through alerting and

incident management

7/28/2019 CNS UNIT-4

14/51

TRANSPORT LAYER SECURITY

1. What is TLS/SSL?

TLS is the successor to Secure Sockets Layer (SSL), an older cryptographic

protocol. TLS/SSL can be used to create a secure environment for web browsing,

emailing, or other client-server applications.

TLS/SSL encryption requires the use of a digital certificate, which contains

identity information about the owner as well as a public key, used for encrypting

communications. These certificates are installed on a server; typically, a web server if the

intention is to create a secure web environment, although they can also be installed on

mail or other servers for encrypting other client-server communications

2. How to secure a web server with TLS/SSL?

This is the probably the most common application of TLS/SSL. If used with a

web server, TLS/SSL can encrypt online transactions and confidential data relayed

between a user's web browser and a website. A secured web server can be identified by a

padlock symbol at the bottom of the browser window or in the address bar, as well as by

a URL that begins with https rather than http.

3. How to Secure a mail server, database server, or directory server with TLS/SSL?

TLS/SSL can be used with mail servers to encrypt email messages. An email that

was sent with TLS/SSL encryption may display a ribbon or other icon in the recipient's

email client. TLS/SSL can similarly be used with database and directory servers to

encrypt server queries

4. How to secure a virtual private network (VPN) with TLS/SSL?

TLS/SSL can be used by a VPN appliance to encrypt the connection between a

remote user's computer and the network being accessed. For more information on how

7/28/2019 CNS UNIT-4

15/51

TLS/SSL works with VPN, see TechSoup's article Four Tools for Private

Communication.

5. How does TLS/SSL Works?

A TLS/SSL session is authenticated with what is known as a "handshake." The

client first sends the server a "hello" message that lists the client's supported

cryptographic capabilities. Being a well-mannered machine, the server send back a

"hello" message of its own with a choice of one of the listed cryptographic methods, to

ensure the client and server will be able to speak the same language.

The server then sends its TLS/SSL certificate, which contains its public key, and

may request a certificate from the client if client-authentication is necessary. The client

checks that the certificate from the server is valid (if an untrusted certificate was installed

on a web server, this is when a security warning would pop up in a web browser) and

sends its own certificate if necessary

The client then sends a random number that has been encrypted with the server's

public key. After this number is decrypted by the server, the client and server will have a

common key that can be used to the send and receive data that only the pair of them can

understand. Both the client and server then send messages notifying the other that all

further communication will be encrypted and both send final messages that are actually

encrypted, ending the handshake and allowing encrypted data exchange to begin.

6. What are the advantages of transport layer security?

Increased flexibility. Parts of the message, instead of the entire message, can be

signed or encrypted. This means that intermediaries can view the parts of the

message that are intended for them. An example of this is a Web service that

routes a SOAP message and is able to inspect unencrypted parts of the message to

determine where to send the message, while other parts of the message remain

encrypted. For an example of this, see the Perimeter Service Router pattern in

Chapter 6, "Service Deployment Patterns."

7/28/2019 CNS UNIT-4

16/51

Support for auditing. Intermediaries can add their own headers to the message and

sign them for the purpose of audit logging.

Support for multiple protocols. You can send secured messages over many

different protocols such as Simple Mail Transfer Protocol (SMTP), File Transfer

Protocol (FTP), and Transmission Control Protocol (TCP) without having to rely

on the protocol for security.

7. What are the uses of TLS?

TLS is used in e-commerce transactions

TLS prevents the server, client, or points in between, from accessing secure

information

Protecting access to secure information

For instance a company with 2 clients whom compete with one another might

want to ensure that neither could access each others information in web based

communications, or forums.

8. What are all the applications that Utilize TLS?

One of the biggest types of software to use TLS is Web Browsers. That said other

Internet applications, as well as intranet applications can take advantage of the

technology. FTP browsers, and Telnet or SSH clients can also use TLS. Operating

Systems can use TLS to make Virtual Private Networks

9. What are all the disadvantages of TLS?

Embedded in the application stack (some mis-implementation)

Protocol specific-need to duplicated for each transport protocol

Need to maintain context for connection (not currently implemented for UDP)

Doesnt protect IP addresses & headers

7/28/2019 CNS UNIT-4

17/51

10. Discuss about the Protection Scope Decision Matrix

Security

consideration

Message layer Transport layer

Your application

interacts directly

with the Web

service.

Message layer protection is

usually more CPU intensive than

transport layer protection.

Transport layer HTTPS

provides full message

protection.

Web services are

hosted on a

system that does

not support

Windows

Integrated

Security.

Authentication can be performed

by passing credentials in the

message.

Basic over HTTPS could be

implemented. However, it

would require manipulation of

message headers.

Your company has

a firewall in place

between

applications and

Web services.

Message layer security is not

affected by standard firewalls.

It is not uncommon for port 443

to be opened to support HTTPS.

You have

nonrepudiation

requirements.

Supports persistence of messages

that include digital signatures,

which can be used to support

nonrepudiation requirements.

You can use authentication with

X.509 client certificates to

support nonrepudiation.

11. What are the Mapping The Security Parts of TLS to Federal Standards

7/28/2019 CNS UNIT-4

18/51

Mechanism SSL (3.0) TLS 1.0 FIPS

Reference

Key

Establishment

RSA DH-RSA DH-DSS DHE-

RSA DHE-DSS DH-AnonFortezza-KEA

RSA DH-RSA

DH-DSS DHE-RSA DHE-DSS

DH-Anon

Confidentiality IDEA-CBC RC4-128 3DES-

EDE-CBC Fortezza-CBC

IDEA-CBC

RC4-128 3DES-

EDE-CBC

Kerberos AES

FIPS 46-3,

FIPS 81

FIPS 197

Signature RSA DSA RSA DSA EC* FIPS 186-2

FIPS 186-2

FIPS 186-2

Hash MD5 SHA-1 MD5 SHA-1 FIPS 180-2,

FIPS 198

DUAL SIGNATURE

1.What is dual signature?

The purpose of the dual signature is the same as the standardelectronic signature:

to guarantee the authentication and integrity of data. It links two messages that are

intended for two different recipients.

SECURE ELECTRONIC TRANSACTION

1. Define SET?

SET is a protocol designed to ensure that merchant and cardholders can conduct

business over insecure networks. SET uses cryptography to provide confidentiality and

7/28/2019 CNS UNIT-4

19/51

security, ensure payment integrity, and authenticate both the merchant and the

cardholder.

2. List out the participants that SET includes?

Cardholder

Merchant

Issuer

Acquirer

Payment gateway

Certification authority

3. What are the features of SET?

Confidentiality of information

Integrity of data

Cardholder account authentication

Merchant authentication

4. What is the role of Card Holder?

The cardholder is analogous to the average person who uses a payment card to

purchase goods or services

5. What is the role of Merchant?

This is the business or organization who sells goods or services to the cardholder

in the case of a SET transaction over the internet.

6. What is the role of Issuer?

The issuer is a financial institution that provides the cardholder with payment

card. The issuer responsibility to guarantee payment on behalf of its cardholder.

7. What is the role of the Acquirer?

7/28/2019 CNS UNIT-4

20/51

The acquirer is the financial institution that processes payment card authorizations

and payment for the merchant. The acquirers responsibility is to obtain payment

authority from the cardholders issuer.

8. What is the role of the Payment Gateway?

A payment gateway is an institution that works on the behalf of the acquirer to

process the merchants payment messages, including payment instruction from the

cardholders. The gateway bridges communication between SET and the existing credit

card.

9. What is the role of Certificate Authority?

The certificate authority provides certification for the merchant, cardholder, and

payment gateway. Certification provides a means of assuring that the parties involved in

a transaction.

10. What are all the SET Software Components?

The Wallet the front end for the cardholder

The Merchant Server the merchants SET Software

The Certificate Authority handles the SET participants certificates

The Gateway bridges the merchant with its acquirer legacy systems

(16 marks)

FIREWALL

7/28/2019 CNS UNIT-4

21/51

1) WHAT ARE THE BASIC TYPES OF FIREWALLS?

Conceptually, there are two types of firewalls:

1. Network layer

2. Application layer

They are not as different as you might think, and latest technologies are blurring the

distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As

always, you need to be careful to pick the type that meets your needs.

Which is which depends on what mechanisms the firewall uses to pass traffic from one

security zone to another. The International Standards Organization (ISO) Open Systems

Interconnect (OSI) model for networking defines seven layers, where each layer provides

services that ``higher-level'' layers depend on. In order from the bottom, these layers arephysical, data link, network, transport, session, presentation, application.

The important thing to recognize is that the lower-level the forwarding mechanism, the

less examination the firewall can perform. Generally speaking, lower-level firewalls arefaster, but are easier to fool into doing the wrong thing.

Network layer firewalls

These generally make their decisions based on the source, destination addresses and ports

(see Appendix C for a more detailed discussion of ports) in individual IP packets. A

simple router is the ``traditional'' network layer firewall, since it is not able to makeparticularly sophisticated decisions about what a packet is actually talking to or where it

actually came from. Modern network layer firewalls have become increasingly

sophisticated, and now maintain internal information about the state of connectionspassing through them, the contents of some of the data streams, and so on. One thing

that's an important distinction about many network layer firewalls is that they route traffic

directly though them, so to use one you either need to have a validly assigned IP addressblock or to use a ``private internet'' address block [3]. Network layer firewalls tend to be

very fast and tend to be very transparent to users.

Application layer firewalls

These generally are hosts running proxy servers, which permit no traffic directly betweennetworks, and which perform elaborate logging and auditing of traffic passing through

them. Since the proxy applications are software components running on the firewall, it is

a good place to do lots of logging and access control. Application layer firewalls can be

used as network address translators, since traffic goes in one ``side'' and out the other,

7/28/2019 CNS UNIT-4

22/51

after having passed through an application that effectively masks the origin of the

initiating connection. Having an application in the way in some cases may impact

performance and may make the firewall less transparent. Early application layer firewallssuch as those built using the TIS firewall toolkit, are not particularly transparent to end

users and may require some training. Modern application layer firewalls are often fully

transparent. Application layer firewalls tend to provide more detailed audit reports andtend to enforce more conservative security models than network layer firewalls.

2) EXPLAIN THE DIFFERENT TYPES OF FIREWALLS?

Types of Firewalls

In order to gain a thorough understanding of firewall technology, it is important to

understand the various types of firewalls. These various types of firewalls provide more

or less the same functions that were outlined earlier. However, their methods of doing so

provide differentiation in terms of performance and level of security offered.

The firewalls discussed in this section are divided into five categories based on the

mechanism that each uses to provide firewall functionality:

Circuit-level firewalls

Proxy server firewalls

Nonstateful packet filters

Stateful packet filters

Personal firewalls

These various types of firewalls gather different types of information from the data

flowing through them to keep track of legitimate and illegitimate traffic and to protect

against unauthorized access. The type of information they use often also determines thelevel of security they provide.

Circuit-Level Firewalls

These firewalls act as relays for TCP connections. They intercept TCP connections being

made to a host behind them and complete the handshake on behalf of that host. Only afterthe connection is established is the traffic allowed to flow to the client. Also, the firewall

makes sure that as soon as the connection is established, only data packets belonging to

the connection are allowed to go through.

Circuit-level firewalls do not validate the payload or any other information in the packet,so they are fairly fast. These firewalls essentially are interested only in making sure that

the TCP handshake is properly completed before a connection is allowed. Consequently,

7/28/2019 CNS UNIT-4

23/51

these firewalls do not allow access restrictions to be placed on protocols other than TCP

and do not allow the use of payload information in the higher-layer protocols to restrict

access.

Proxy Server Firewalls

Proxy server firewalls work by examining packets at the application layer. Essentially a

proxy server intercepts the requests being made by the applications sitting behind it and

performs the requested functions on behalf of the requesting application. It then forwardsthe results to the application. In this way it can provide a fairly high level of security to

the applications, which do not have to interact directly with outside applications and

servers.

Proxy servers are advantageous in the sense that they are aware of application-levelprotocols and they can restrict or allow access based on these protocols. They also can

look into the data portions of the packets and use that information to restrict access.

However, this very capability of processing the packets at a higher layer of the stack cancontribute to the slowness of proxy servers. Also, because the inbound traffic has to be

processed by the proxy server as well as the end-user application, further degradation in

speed can occur. Proxy servers often are not transparent to end users who have to make

modifications to their applications in order to use the proxy server. For each newapplication that must go through a proxy firewall, modifications need to be made to the

firewall's protocol stack to handle that type of application.

Non stateful Packet Filters

Non stateful packet filters are fairly simple devices that sit on the periphery of a network

and, based on a set of rules, allow some packets through while blocking others. Thedecisions are made based on the addressing information contained in network layer

protocols such as IP and, in some cases, information contained in transport layerprotocols such as TCP or UDP headers as well.

Non stateful packet filters are fairly simple devices, but to function properly they require

a thorough understanding of the usage of services required by a network to be protected.

Although these filters can be fast because they do not proxy any traffic but only inspect itas it passes through, they do not have any knowledge of the application-level protocols or

the data elements in the packet. Consequently, their usefulness is limited. These filters

also do not retain any knowledge of the sessions established through them. Instead, they

just keep tabs on what is immediately passing through.. The use of simple and extendedaccess lists (without the established keyword) on routers are examples of such firewalls.

7/28/2019 CNS UNIT-4

24/51

Stateful Packet Filters

Stateful packet filters are more intelligent than simple packet filters in that they can block

pretty much all incoming traffic and still can allow return traffic for the traffic generatedby machines sitting behind them. They do so by keeping a record of the transport layer

connections that are established through them by the hosts behind them.

Stateful packet filters are the mechanism for implementing firewalls in most modern

networks. Stateful packet filters can keep track of a variety of information regarding thepackets that are traversing them, including the following:

Source and destination TCP and UDP port numbers

TCP sequence numbering

TCP flags

TCP session state based on the RFCed TCP state machine

UDP traffic tracking based on timers

Stateful firewalls often have built-in advanced IP layer handling features such asfragment reassembly and clearing or rejecting of IP options.

Many modern stateful packet filters are aware of application layer protocols such as FTP

and HTTP and can perform access-control functions based on these protocols' specific

needs.

Personal Firewalls

Personal firewalls are firewalls installed on personal computers. They are designed to

protect against network attacks. These firewalls are generally aware of the applications

running on the machine and allow only connections established by these applications tooperate on the machine.

A personal firewall is a useful addition to any PC because it increases the level of

security already offered by a network firewall. However, because many of the attacks on

today's networks originate from inside the protected network, a PC firewall is an evenmore useful tool, because network firewalls cannot protect against these attacks. Personal

firewalls come in a variety of flavors. Most are implemented to be aware of theapplications running on the PC. However, they are designed to not require any changes

from the user applications running on the PC, as is required in the case of proxy servers.

7/28/2019 CNS UNIT-4

25/51

IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY

ASSOCIATION

IP Security

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)

communications by authenticating andencrypting each IP packet of a communication

session

End-to-end security scheme operating in the Internet Layerof the Internet Protocol Suite.

Two traffic security protocols: authentication header (AH) and encapsulating security

payload (ESP),The IP AH protocol provides data origin authentication, connectionless integrity, and an

optional anti-replay service. The ESP protocol provides data confidentiality, limitedtraffic flow confidentiality, connectionless integrity, data origin authentication, and anti-

replay service. There are two modes of operationof both AH and ESP: transport

mode and tunnelmode .

7/28/2019 CNS UNIT-4

26/51

IP Security Architecture:

IP header checksum is calculated over the IP header

To compute the checksum, the 16-bit checksum field is first set to zero, and then

the ones complement sum of the header is computed;

When an IP datagram is received, the receiver calculates the 16-bit ones

complement sum of the header.

The first 4 bits of an IP datagram are the version field. The next field, the IHL

(Internet header length) field, is the length of the header in 32-bit words.

Authentication Header

AH provides authentication and integrity, which protect against data tampering,

using the same algorithms as ESP.

Also provides optional anti-replay protection.

The authentication header is inserted into the packet between the IP header and

any subsequent packet contents.

7/28/2019 CNS UNIT-4

27/51

Does not protect the data's confidentiality ESP protects data confidentiality. AH and ESP

can be used together.

Authentication Data field is variable .

AH provides support for data integrity & authentication of IP packets

end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers

based on use of a MACHMAC-MD5-96 or HMAC-SHA-1-96

parties must share a secret key

Figure 18-3 Unprotected IP Packet Carrying TCP Information

7/28/2019 CNS UNIT-4

28/51

Figure 18-4 Protected IP Packet Carrying TCP Information

Figure 18-5 Packet Protected by an Authentication Header

Figure 18-6 IPsec Packet Protected in Tunnel Mode

Encapsulating Security Payload (ESP)

provides message content confidentiality & limited traffic flow confidentiality

can optionally provide the same authentication services as AH

supports range of ciphers, modes, paddingincl. DES, Triple-DES, RC5, IDEA,

CAST etc padding needed to fill blocksize, fields, for traffic flow

3 Also provides all encryption services. Encryption translates a readable messageinto an unreadable format to hide the message content. Decryption, translates the message

content from an unreadable format to a readable message. Encryption/decryption allows

only the sender and the authorized receiver to read the data.,

4 Using ESP authentication, ESP provides authentication and integrity for thepayload and not for the IP header.

0

7/28/2019 CNS UNIT-4

29/51

ESP header is inserted into the packet between the IP header and any subsequent packet

contents. because ESP encrypts the data, the payload is changed. ESP does not encryptthe ESP header, nor does it encrypt the ESP authentication.

Protections Provided by AH and ESP in IPsec:

Protocol Packet Coverage Protection Against Attacks

AH Protects packet from the

IP header to the

transport header

Provides strong integrity, data

authentication:

Ensures that the receiver

receives exactly what thesender sent

Is susceptible to replay

attacks when an AH does not

enable replay protection

Replay, cut-and-

paste

ESP Protects packetfollowing the beginning

of ESP in the datagram.

With encryption option, encryptsthe IP datagram. Ensures

confidentiality

Eavesdropping

With authentication option,

provides the same protection as

AH

Replay, cut-and-

paste

With both options, provides

strong integrity, dataauthentication, and

confidentiality

Replay, cut-and-

paste, eavesdropping

Security Association:

SA is an agreement between communicating peers on factors such as the IPSec

protocol, mode of operation of the protocols (transport mode or tunnel mode),

cryptographic algorithms, cryptographic keys, and lifetime of the keys

Two sets of SAs are required: an SA for AH and one for ESP.

7/28/2019 CNS UNIT-4

30/51

A single SA protects data in one direction. Because most communication is either

peer-to-peer or client-server, two SAs must be present to secure traffic in both

directions.

The following three elements uniquely identify an IPsec SA:

The security protocol (AH or ESP)

The destination IP address

The security parameter index (SPI)

The SPI, an arbitrary 32-bit value, is transmitted with an AH or ESP packet. An integritychecksum value is used to authenticate a packet. If the authentication fails, the packet is

dropped.

Security associations are stored in a security associations database (SADB).

2 modes of operation:

Transport mode

Tunnel mode

Transport and tunnel mode:

Transport mode:

Transport Mode: protect the upper layer protocols

transport mode is used to encrypt & optionally authenticate IP datadata protected

but header left in clear

7/28/2019 CNS UNIT-4

31/51

can do traffic analysis but is efficient

good for ESP host to host traffic

Tunnel mode:

Tunnel Mode: protect the entire IP payload tunnel mode encrypts entire IP packetadd new header for next hop

good for VPNs, gateway to gateway security

Tunnel mode works only for IP-in-IP datagrams.

7/28/2019 CNS UNIT-4

32/51

The inner IP header, its next header, and the ports that the next header supports, can

enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does not

dictate the policy of its inner IP datagram.

IPsec policy can be specified for subnets of a LAN behind a router and for ports on those

subnets.

KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS

LAYER

WEB SECURITY REQUIREMENTS

Web security must be global, local, bidirectional, multi protocol, and work despite

users connecting to the Internet and then connecting to the enterprise network. The web

security requirements are, Global approach

Local approach

Bi-directional and multiprotocol

Throughout the enterprise

Granular application control features

Multiprotocol data loss prevention

Flexible deployment

Multifunction

Manageable.

Requirement 1: Global approach

Deploy proactive, real-time, reputation-based URL filtering, powered by in the cloud

global threat intelligence

Because legacy URL filtering solutions are only as accurate as their most recent

update, enterprises need extra help determining which sites are risky. What is needed is a

reputation system that assigns global reputations to URLs and IP addresses, working

alongside categorized databases to provide an additional

layer of protection far stronger than URL filtering alone.

Requirement 2: Local approach

7/28/2019 CNS UNIT-4

33/51

Deploy anti-malware protection utilizing real-time, local intent-based analysis of

code

Effective local malware solutions utilize intent-based analysis to examine code that will

execute in the browser. By analyzing the code at the gatewaya gateway located

physically at the enterprise or in the cloud as a hosted servicemalware can be detected

and blocked before it reaches the endpoint or other networked assets.

Gateway-based malware protection should:

Determine the actual file type based on a magic number or checksum analysis

Decrypt and de-obfuscate to safeguard against files that are disguised

Disallow media types that are potentially hazardous (like unknown ActiveX)

Check active code for valid digital signatures

Analyze behavior to determine if the malware will act in a known manner

Analyze scripts to determine if they are trying to exploit vulnerabilities on the client

Neutralize attacks as needed

Requirement 3: Bidirectional and multiprotocol

Implement bidirectional filtering at the gateway for all web traffic, including web

protocols such as FTP, HTTP, HTTPS, IM, and streaming media

Applications that communicate over encrypted and unencrypted protocols need to be

controlled in both directions. This includes controlling access to websites, blogs, wikis,

IM, streaming media, and other applications, as well as monitoring the connections for

malware coming in and sensitive data going out. For example, Instant Messaging

applications need to be proxied. Proxies allow granular control over who uses an

application and what they can do with it, such as send links, receive links, or send files,

and lets IT filter outbound content for sensitive data. These controls are as important as

filtering what is posted or received via social networking sites (including Facebook and

Twitter), or blogs and wikis. With a high percentage of corporate web traffic now being

encrypted (HTTPS), it is imperative to be able to selectively decrypt this content at the

7/28/2019 CNS UNIT-4

34/51

gateway, providing security while respecting privacy for access to sensitive sites, such as

personal finance or healthcare sites.

Requirement 4: Throughout the enterprise

Protect from the corporate network to the branch office to mobile users on laptops,

smartphones, or tablets, safeguarding against malware collected directly from the Internet

Study your employees that connect to the Internet and then connect to your network.

Laptop users connecting to the public internet risk infection. Are you filtering their access

even when not on your network?

More and more organizations wish to allow their employees to use personally owned

devices to connect to their network and applications. Your web security should allow you

to filter their access and prevent malware from entering the enterprise network.

Requirement 5: Granular application control features

Move beyond a binary block or allow approach to provide selective, policy-based

access to Web 2.0 sites, such as blocking a specific social networking game (such as

Mafia Wars) while allowing a general category called games

Legacy Web 1.0 security solutions use a binary block or allow approach to web

access. However, todays enterprises need to have bidirectional filtering that controls

what a user can do on Web 2.0 sites and also protects against data loss. Within web

security gateways, controlling what a user can do on a site is known as application

control. Because Web 2.0 sites are bidirectional in nature users can both access and

contribute contentdata loss prevention needs to be part of this control as well. In

addition to allowing sensitive content to escape, user contributed content is a common

insertion point for malware. Finally, many of these sites contain bandwidth-hogging

streaming media.

Requirement 6: Multiprotocol data loss prevention

Monitor for and protect against data leaks on all web protocols

Data loss protection on content exiting via either the web or email requires five steps.

From defining corporate and regulatory policies to detecting and enforcing them, to

proving compliance to auditors, this process is the surest way to ensure that no

inappropriate information ever leaves your gateway.

The five steps to achieve compliance are

7/28/2019 CNS UNIT-4

35/51

Discover and learnFind all your sensitive data wherever it may be

Assess riskEnsure secure data handling procedures are in place

Define effective policiesCreate policies to protect data and test them for effectiveness

Apply controlsRestrict access to authorized people and limit transmission

Monitor, report and auditEnsure successful data security through alerting and

incident management

For data in motion, data loss prevention should be provided over encrypted and

unencrypted protocols for both messaging and web traffic. As with application control,

this includes managing access to websites, social networking sites, blogs, wikis, IM, P2P,

and other applications, as well as monitoring connections for data leakage. And as with

application control, it is imperative to be able to selectively

decrypt encrypted traffic at the gateway to provide security while respecting privacy for

access to sensitive sites.

Requirement 7: Flexible deployment options

Provide options that match your strategic needs: on site, in the cloud or a hybrid mix

of both

With employees accessing your network and the Internet from anywhere in the world,

not just from the confines of your network, the solution must be flexible. It should secure

headquarters, remote offices, and home offices, as well as the hotels, airports and coffee

shops where mobile workers expose their laptops and other mobile devices to attack. This

coverage requires solutions with a range of

Implementation foot prints. Some enterprises want equipment to live on their premises.

You should be able to choose from appliances, blade servers, and software deployment

options (including the choice of virtualization to leverage existing hardware investments).

Others will want to choose the cloud and provide web security via Software as a Service

Yet others desire a hybrid approach that mixes appliances at major offices and SaaS for

remote offices and home office workers. The Forrester study predicts a growing interest

in moving to cloud based and hybrid deployments.17

7/28/2019 CNS UNIT-4

36/51

Requirement 8: Multifunction

Reduce cost and simplify management by consolidating legacy point applications into

an integrated solution

To cost-effectively manage risk, todays web gateway requires a single-solution that

houses the security and caching engines in the same application, tightly integrated. In

addition to having fewer vendors to deal with, you get added protection by replacing

point solutions with integrated, multifunction solutions

that provide best-of-breed functionality. Since the cache can be security-aware, malware

detection can be integrated with reputation-based filtering, and so on. Solutions that

manage both inbound and outbound risk reduce costs and increase security by providing

additional opportunities for consolidation and efficiency.

Requirement 9: Manageable

Use comprehensive access, management, and reporting tools

Since constant web access is so critical to business today, enterprises should deploy

solutions that provide at-a-glance reporting on the status and health of their web

gateways. They also need both real-time and forensic reporting that allows them to drill

down into problems for remediation and post-event analysis. Robust and extensible

reporting is the cornerstone of your ability to understand risk, refine policy, and measure

compliance.

KEY MANAGEMENT

Key management is the management of cryptographic keys in a cryptosystem.

This includes dealing with the generation, exchange, storage, use, and replacement of

keys. It includes cryptographic protocol design, key servers, user procedures, and other

relevant protocols.

Key management concerns keys at the user level, either between users or

systems. This is in contrast to key scheduling; key scheduling typically refers to the

internal handling of key material within the operation of a cipher

There are two types of key management

1.Manual key Management

7/28/2019 CNS UNIT-4

37/51

2.Automated key Management

Manual Key management:

A system administrator manuually configures each system with its own keys and

with the keys of other communicating systems. This is practical for small relatively static

environments.

Automated key Management:

An automated system enables the on-demand creation of keys for SAs and

facilitates the use of keys in a large distributed system with a evolving configurations

The default automated key management protocol for IP Sec

Oakley key determination protocol

Internet security association and key management protocol(ISAKMP)

features of Oakley:

It employs a mechanism known as cookies to thwart clogging attacks.

It uses nonces to ensure against replay attacks

It enables the exchange of Diffie-Hellman public key values

It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack

The authentication methods that can be used with Oakley

Digital Signnature

Public Key Encryption

Sy mmetric key Encryption

ISAKMP

ISAKMP defines procedures and packet format to establish, negotiate, modify

and delete security associations. As part of SA establishment, ISAKMP defines payloads

for exchanging key generation and authentication data. This payload format provide a

consistent framework independent of the specific key exchange protocol, encryption

algorithm, and authentication mechanism.

ISAKMP exchange:

ISAKMP provides a framework for message exchange,with the payload types

serving as the building blocks. The specification identifies five default exchange types

that should be supported. SA refers to an SA payload with associated protocol and

transform payloads.

7/28/2019 CNS UNIT-4

38/51

The types of ISAKMP exchange:

Base Exchange

Identity Protection exchange

Authentication only exchange

Aggressive exchange

Informational exchange

SSL (Secure Socket Layer)

Secure Socket Layer provides security services between TCP and applications that use

TCP. The internet standard version is calles Transport Layer Service(TLS)

SSL provides confidentiality using symmetric encryption and message integrityusing a message authentication code.

Two important SSL concepts are

SSL session

SSL connection.

SSL session:

An SSL session is an association between a client and a server, sessions are

created by the handshake protocol. Sessions define a set of cryptographic security

parameters, which can be shared among multiple connections.

Sessions are used to avoid the expensive negotiation of new security parameters

for each connection.

SSL connection:

Connection is a transport that provides a suitable type of service. For SSL such

connections are peer to peer relationships. The connections are transient every connection

is associated with one session.

parameter of SSL session state:

Session identifier

Peer Certificate

Compression method

7/28/2019 CNS UNIT-4

39/51

Cipher spec

Master secret

Is resumable

parameter of SSL connection state:

Server and client Random

Server write Mac secret

Client write Mac secret

Server Write key

Client write key

Sequence number

Two services provides by SSL record protocol

Confidentiality

Message Integrity

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer

(SSL), are cryptographic protocolsthat provide communication security over the Internet.

[1] TLS and SSL encrypt the segments ofnetworkconnections at the Application Layer

for the Transport Layer, using asymmetric cryptography for key exchange, symmetricencryptionfor confidentiality, andmessage authentication codes for message integrity.

Several versions of the protocols are in widespread use in applications such as web

browsing, electronic mail,Internet faxing,instant messaging and voice-over-IP (VoIP).

TLS is an IETFstandards trackprotocol, last updated in RFC 5246, and is based on the

earlier SSL specifications developed byNetscape Communications.[2]

The TLS protocol allows client-serverapplications to communicate across a network in a

way designed to prevent eavesdropping and tampering.

Since most protocols can be used either with or without TLS (or SSL) it is necessary to

indicate to the serverwhether the client is making a TLS connection or not. There are two

7/28/2019 CNS UNIT-4

40/51

main ways of achieving this, one option is to use a different port number for TLS

connections (for example port 443 for HTTPS). The other is to use the regular port

number and have the client request that the server switch the connection to TLS using a

protocol specific mechanism (for exampleSTARTTLS formailand newsprotocols).

Once the client and server have decided to use TLS they negotiate a stateful connection

by using a handshaking procedure. During this handshake, the client and server agree on

various parameters used to establish the connection's security.

1. The client sends the server the client's SSL version number, cipher settings,

session-specific data, and other information that the server needs to communicate

with the client using SSL.

2. The server sends the client the server's SSL version number, cipher settings,

session-specific data, and other information that the client needs to communicate

with the server over SSL. The server also sends its own certificate, and if the

client is requesting a server resource that requires client authentication, the server

requests the client's certificate.

3. The client uses the information sent by the server to authenticate the server (see

Server Authentication for details). If the server cannot be authenticated, the user is

warned of the problem and informed that an encrypted and authenticated

connection cannot be established. If the server can be successfully authenticated,

the client proceeds to step 4.

4. Using all data generated in the handshake thus far, the client (with the cooperation

of the server, depending on the cipher being used) creates the pre-master secret

for the session, encrypts it with the server's public key (obtained from the server's

certificate, sent in step 2), and then sends the encrypted pre-master secret to the

server.

5. If the server has requested client authentication (an optional step in the

handshake), the client also signs another piece of data that is unique to this

handshake and known by both the client and server. In this case, the client sends

both the signed data and the client's own certificate to the server along with the

encrypted pre-master secret.

7/28/2019 CNS UNIT-4

41/51

6. If the server has requested client authentication, the server attempts to

authenticate the client (see Client Authentication for details). If the client cannot

be authenticated, the session ends. If the client can be successfully authenticated,

the server uses its private key to decrypt the pre-master secret, and then performs

a series of steps (which the client also performs, starting from the same pre-master

secret) to generate the master secret.

7. Both the client and the server use the master secret to generate the session keys,

which are symmetric keys used to encrypt and decrypt information exchanged

during the SSL session and to verify its integrity (that is, to detect any changes in

the data between the time it was sent and the time it is received over the SSL

connection).

8. The client sends a message to the server informing it that future messages from

the client will be encrypted with the session key. It then sends a separate

(encrypted) message indicating that the client portion of the handshake is finished.

9. The server sends a message to the client informing it that future messages from

the server will be encrypted with the session key. It then sends a separate

(encrypted) message indicating that the server portion of the handshake is

finished.

The SSL handshake is now complete and the session begins. The client and the server use

the session keys to encrypt and decrypt the data they send to each other and to validate its

integrity.

This is the normal operation condition of the secure channel. At any time, due to internal

or external stimulus (either automation or user intervention), either side may renegotiate

the connection, in which case, the process repeats itself.

This concludes the handshake and begins the secured connection, which is encrypted and

decrypted with the key material until the connection closes.

If any one of the above steps fails, the TLS handshake fails and the connection is not

created.

7/28/2019 CNS UNIT-4

42/51

TRANSPORT LAYER SECURITY

Transport Layer Security (TLS) is a protocol that ensures privacy between

communicating applications and their users on the Internet.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL).

TLS is composed of two layers:

The TLS Record Protocol

The TLS Handshake Protocol

Description

The TLS protocol allows client-server applications to communicate across a

network in a way designed to prevent eavesdropping and tampering.

Once the client and server have decided to use TLS they negotiate a stateful

connection by using a handshaking procedure.[3] During this handshake, the client and

server agree on various parameters used to establish the connection's security.

The client sends the server the client's SSL version number, cipher

settings, session-specific data, and other information that the server needs

to communicate with the client using SSL.

The server sends the client the server's SSL version number, cipher

settings, session-specific data, and other information that the client needs

to communicate with the server over SSL. The server also sends its own

certificate, and if the client is requesting a server resource that requires

client authentication, the server requests the client's certificate.

The client uses the information sent by the server to authenticate the server

(see Server Authentication for details). If the server cannot be

authenticated, the user is warned of the problem and informed that an

7/28/2019 CNS UNIT-4

43/51

encrypted and authenticated connection cannot be established. If the server

can be successfully authenticated, the client proceeds to step 4.

Using all data generated in the handshake thus far, the client (with the

cooperation of the server, depending on the cipher being used) creates the

pre-master secret for the session, encrypts it with the server's public key

(obtained from the server's certificate, sent in step 2), and then sends the

encrypted pre-master secret to the server.

If the server has requested client authentication (an optional step in the

handshake), the client also signs another piece of data that is unique to this

handshake and known by both the client and server. In this case, the client

sends both the signed data and the client's own certificate to the server

along with the encrypted pre-master secret.

If the server has requested client authentication, the server attempts to

authenticate the client (see Client Authentication for details). If the client

cannot be authenticated, the session ends. If the client can be successfully

authenticated, the server uses its private key to decrypt the pre-master

secret, and then performs a series of steps (which the client also performs,

starting from the same pre-master secret) to generate the master secret.

Both the client and the server use the master secret to generate the session

keys, which are symmetric keys used to encrypt and decrypt information

exchanged during the SSL session and to verify its integrity (that is, to

detect any changes in the data between the time it was sent and the time it

is received over the SSL connection).

The client sends a message to the server informing it that future messages

from the client will be encrypted with the session key. It then sends a

separate (encrypted) message indicating that the client portion of thehandshake is finished.

The server sends a message to the client informing it that future messages

from the server will be encrypted with the session key. It then sends a

separate (encrypted) message indicating that the server portion of the

handshake is finished.

7/28/2019 CNS UNIT-4

44/51

The SSL handshake is now complete and the session begins. The client and the

server use the session keys to encrypt and decrypt the data they send to each other and to

validate its integrity.

Security

TLS has a variety of security measures:

Protection against a downgrade of the protocol to a previous (less secure)

version or a weaker cipher suite.

Numbering subsequent Application records with a sequence number and using

this sequence number in the message authentication codes (MACs).

Using a message digest enhanced with a key (so only a key-holder can check

the MAC). The HMAC construction used by most TLS cipher suites is

specified in RFC 2104 (SSL 3.0 used a different hash-based MAC).

The message that ends the handshake ("Finished") sends a hash of all the

exchanged handshake messages seen by both parties.

The pseudorandom function splits the input data in half and processes each

one with a different hashing algorithm (MD5 and SHA-1), then XORs them

together to create the MAC. This provides protection even if one of these

algorithms is found to be vulnerable. TLS only.

SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support

for certificate authentication.

7/28/2019 CNS UNIT-4

45/51

SECURE ELECTRONIC TRANSACTION

SET is a protocol designed to ensure that merchant and cardholders can conduct business

over insecure networks

SET Roles

The participants listed below plays an important role in a SET Transaction:

Cardholder

Merchant

Issuer

Acquirer

Payment gateway

Certification authority

7/28/2019 CNS UNIT-4

46/51

7/28/2019 CNS UNIT-4

47/51

1) The gateway obtains the certificates it need from the certificate authority.

2) The merchant obtain from the certificate authority.

3) The cardholder obtains its certificates from the certificate authority.

4) The cardholder shops at the merchants shopping experience and decides what goods

or services he /she wishes to buy.

5) The merchant sends the cardholder certificates needed in the purchase transaction.

6) The cardholder sends a request to purchase the item that he/she has selected. This

message contains information about and the cardholders order and the cardholders

payment information such as the cardholders card information. The merchant gets the

7/28/2019 CNS UNIT-4

48/51

order information and sends the cardholders payment card information onto the payment

gateway. The merchant is never privy to the cardholders payment information and

therefore has no way of obtaining the cardholders payment information payment card

information. This security measure is designed to protect the cardholder.

7) The merchant and payment gateway share authorization information. This consists of

the merchant sending the payment gateway information such as the cardholders payment

card information and the amount the transaction. The payment gateway can either

authorize or decline the transaction based on the information received from the merchant

later, no money changes hands during the authorization phase.

8) The merchant sends a message to the cardholder finalizing the transaction. The card-

holder sees this at the end of the transaction.

9) This step is optional but allows the merchant to change or eliminate money authorized

in step #7.

10) The merchant and the gateway share capture information. A request is send from the

merchant to the gateway to capture money that has been authorized- this capture request

can be for a single authorization amount or multiple amounts. The gateway processes the

capture request through its existing payment card financial network.

11) If an error has occurred capturing cardholder funds, messaging between the merchant

and the gateway takes place in order to reverse the capture. This step is optional and only

happens if there has been a capture error has been occurred.

12) The merchant and payment gateway exchange messages in order to credit a

cardholders account.

13) If a credit has been granted by mistake the merchant and payment gateway can

exchange message in order to reverse the granted credit.

7/28/2019 CNS UNIT-4

49/51

DUAL SIGNATURES

Dual Signatures

A new application of digital signatures is introduced in SET, namely the concept

of dual signatures. Dual signatures is needed when two messages are need to

be linked securely but only one party is allowed to read each. The following

picture shows the process of generating dual signatures.

In SET, dual signatures are used to link an order message sent to the merchant

with the payment instructions containing account information sent to the acquirer

(merchant bank). When the merchant sends an authorization request to the

acquirer, it includes the payment instructions sent to it by the cardholder and the

message digest of the order information. The acquirer uses the message digest

from the merchant and computes the message digest of the payment instructions

to check the dual signatures.

In this case, the customer wants to send the order information (OI) to the

merchant and the payment information (PI) to the bank. The merchant does not need to

know the customer's credit card number, and the bank does not need to know the details

of the customer's order. The link is needed so that the customer can prove that the

payment is intended for this order.

The message digest (MD) of the OI and the PI are independently calculated by the

customer. The dual signature is the encrypted MD (with the customer's secret key) of the

concatenated MD's of PI and OI. The dual signature is sent to both the merchant and the

bank. The protocol arranges for the merchant to see the MD of the OI without seeing the

PI itself, and the bank sees the MD of the PI but not the OI itself. The dual signature can

be verified using the MD of the OI or PI. It doesn't require the OI or PI itself. Its MDdoes not reveal the content of the OI or PI, and thus privacy is preserved.

7/28/2019 CNS UNIT-4

50/51

7/28/2019 CNS UNIT-4

51/51