UNIT-IV NETWORK SECURITY, FIREWALLS AND WEB SECURITY

SUBMITTED BY, M.SHENBAGAVALLI (111865) R.SUJITHA (111866) M.SUNDARA MAHALAKSHMI (111855) B.VANAJA (111867)

(2 MARKS) FIREWALL 1) DEFINE FIREWALL? 1. Acts as a security gateway between two networks Usually between trusted and untrusted networks (such as between a corporate network and the Internet) 2. Tracks and controls network communications Decides whether to pass, reject, encrypt, or log communications (Access Control) 2) WHY FIREWALLS ARE NEEDED? Prevent attacks from untrusted networks Protect data integrity of critical information Preserve customer and partner confidence

3) WHAT ARE THE DIFFERENT TYPES OF FIREWALL? hardware firewall software firewall

4) GIVE SOME GENERAL FEATURES OF FIREWALL? Port Control Network Address Translation Application Monitoring (Program Control) Packet Filtering

5) DEFINE HARDWARE FIREWALL? It is just a software firewall running on a dedicated piece of hardware or specialized device. Basically, it is a barrier to keep destructive forces away from property. to protect your home network and family from offensive Web sites and potential hackers.

6) WHAT ARE THE DIFFERENT TYPES OF HARDWARE FIREWALL? 1. Packet-filtering router 2. Stateful Inspection firewalls 3. Application-level gateway 4. Circuit-level gateway

5. Bastion host 7) WHAT IS PACKET FILTERING? Work at the network level of the OSI model Each packet is compared to a set of criteria before it is forwarded Packet filtering firewalls is low cost and low impact on network performance

8) WHAT IS CIRCUIT LEVEL PROXIES IN FIREWALL? Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP Monitor TCP handshaking between packets to determine whether a requested session is legitimate.

9) GIVE ABOUT APPLICATION LEVEL PROXIES? Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific Gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through

10) WRITE ABOUT STATEFUL MULTILAYER INSPECTION? Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer

11) WHAT ARE THE FUTURES OF FIREWALL? Firewalls will continue to advance as the attacks on IT infrastructure become more and more sophisticated More and more client and server applications are coming with native support for proxied environments Firewalls that scan for viruses as they enter the network and several firms are currently exploring this idea, but it is not yet in wide use

12) WHAT ARE THE LIMITATIONS OF FIREWALL? cannot protect from attacks bypassing it cannot protect against internal threats cannot protect against transfer of all virus infected programs or files

13) WHAT ARE THE ATTACKS ON PACKET FILTERS? IP address spoofing source routing attacks tiny fragment attacks

14) DEFINE BASTION HOST? highly secure host system runs circuit / application level gateways or provides externally accessible services potentially exposed to "hostile" elements hence is secured to withstand this hardened O/S, essential services, extra auth proxies small, secure, independent, non-privileged

15) WRITE ABOUT ACCESS CONTROL? determines what resources users can access general model is that of access matrix with subject - active entity (user, process) object - passive entity (file or resource) access right way object can be accessed can decompose by columns as access control lists rows as capability tickets

16) WHAT DO YOU MEANT BY TRUSTED COMPUTER SYSTEM? information security is increasingly important have varying degrees of sensitivity of information subjects (people or programs) have varying rights of access to objects (information) known as multilevel security want to consider ways of increasing confidence in systems to enforce these rights

17) WHAT ARE THE KEY POLICIES OF BLP MODEL? no read up (simple security property) no write down

18) WHAT ARE THE DESIGN GOALS OF FIREWALL? The design goals of firewall are: 1. All traffic from inside to outside, and vice versa, must pass through the firewall. 2. Only authorized traffic, as defined by the local security policy. Will be allowed to pass. 3. The firewall itself is immune to penetration.

IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY ASSOCIATION 1.What is IP Security? Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts ( host-tohost), between a pair of security gateways (network-to-network), or between a security gateway and a host. 2.List benefits in IP security? Benefits: In a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture 3.List IP security Protocols. IP security consist of two Protocols to provide security Authentication Header

AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. AH also provides optional anti-replay protection, which protects against unauthorized retransmission of packets. The authentication header is inserted into the packet between the IP header and any subsequent packet contents. Encapsulating Payload 1 provides message content confidentiality & limited traffic flow confidentiality 2 can optionally provide the same authentication services as AH. ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection. 4.What are the modes of operation in IPSecurity? 2 modes of operation Transport mode: transport mode is used to encrypt & optionally authenticate IP datadata protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic Tunnel mode: Tunnel Mode: protect the entire IP payload tunnel mode encrypts entire IP packetadd new header for next hop good for VPNs, gateway to gateway security 5.What is the purpose of security association? An IPsec security association (SA) specifies security properties that are recognized by communicating hosts. A single SA protects data in one direction. The protection is either to a single host or to a group (multicast) address. Because most communication is either peer-to-peer or client-server, two SAs must be present to secure traffic in both directions. The SAs allow an enterprise to control exactly what resources may communicate securely, according to security policy 6.What are services in IP security? Connectionless integrity Assurance that received traffic has not been modified. Integrity includes anti-reply defenses. Data origin authentication Assurance that traffic is sent by legitimate party or parties. Confidentiality (encryption) Assurance that users traffic is not examined by non-authorized parties. Access control Prevention of unauthorized use of a resource.

7.Differnces between Transport mode and Tunnel mode In transport mode, the outer header determines the IPsec policy that protects the inner IP packet. , if the next header is an IP header, the outer header and the inner IP header can be used to determine IPsec policy. In tunnel mode, the inner IP packet determines the IPsec policy that protects its contents.the inner IP header, its next header, and the ports that the next header supports, can enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does not dictate the policy of its inner IP datagram. 8.What are authentication and encryption algorithms used in IP Security? Authentication Algorithms in IPsec Authentication algorithms produce an integrity checksum value or digest that is based on the data and a key. The AH module uses authentication algorithms. The ESP module can use authentication algorithms as well. Encryption Algorithms in IPsec Encryption algorithms encrypt data with a key. The ESP module in IPsec uses encryption algorithms. The algorithms operate on data in units of a block size. 9.What is the purpose of using SPI in IP Security? In order to decide what protection is to be provided for an outgoing packet, IPsec uses the Security Parameter Index (SPI), uniquely identify a security association for that packet.

10.List the parameters ued in Authentication Header? Next Header(1 byte): Contains the protocol number of the next header after the AH. Used to link headers together. Payload Length(1 byte): Despite its name, this field measures the length of the authentication header itself, not the payload. It is measured in 32 bit units, with 2 subtracted for consistency with how header lengths are normally calculated in IPv6. Reserved(2 byte): Not used; set to zeroes. Security Parameter Index (SPI)(4 byte): A 32-bit value that when combined with the destination address and security protocol type (which here is obviously the one for AH) identifies the security association to be used for this datagram

Sequence Number(4 byte): This is a counter field that is initialized to zero when a security association is formed between two devices, and then incremented for each datagram sent using that SA. This uniquely identifies each datagram on an SA and is used to provide protection against replay attacks by preventing the retransmission of captured datagrams. Authentication Data(variable): This field contains the result of the hashing algorithm performed by the AH protocol, the Integrity Check Value (ICV). 11.List the parameters in ESP Security Parameters Index (32 bits) Arbitrary value used (together with the destination IP address) to identify the security association of the receiving party. Sequence Number (32 bits) A monotonically increasing sequence number (incremented by 1 for every packet sent) to protect against replay attacks. There is a separate counter kept for every security association. Payload data (variable) The protected contents of the original IP packet, including any data used to protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the Next Header field. Padding (0-255 octets) Padding for encryption, to extend the payload data to a size that fits the encryption's cipher block size, and to align the next field. Pad Length (8 bits) Size of the padding (in octets). Next Header (8 bits) Type of the next header. The value is taken from the list of IP protocol numbers. Integrity Check Value (multiple of 32 bits) Variable length check value. It may contain padding to align the field to an 8octet boundary for IPv6, or a 4-octet boundary for IPv4. 12.Explain ESP Process in Encryption and decryption? ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opposite process, called decryption, translates the message content from an unreadable format to a readable message. Encryption/decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has an option to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header.

13.Why ESP does not encrypt ESP Header? The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication.

14.What are the parameters used in Security association? The following three elements uniquely identify an IPsec SA:

The security protocol (AH or ESP) The destination IP address The security parameter index (SPI)

15.Explain security mechanism in Authentication header and ESP AH protects the packet's origin, destination, and contents from being tampered with, the identity of the sender and receiver is known. In addition, AH does not protect the data's confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together.

KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS LAYER 1. Define key management?

Key management is the management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols. Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher. 2. What are the types of key management? There are two types of key management 1.Manual key Management 2.Automated key Management 3. Define Manual Key management? A system administrator manuually configures each system with its own keys and with the keys of other communicating systems.This is practical for small relatively static environments. 4. Define Automated key Management? An automated system enables the on demand creation of keys for SAs and facilitates the use of keys in a large distributed system with a evolving configurations. 5.what are the default automated key management protocol for IP Sec? Oakley key determination protocol Internet security association and key management protocol(ISAKMP) 6.What are the features of Oakley? It employs a mechanism known as cookies to thwart clogging attacks. It uses nonces to ensure against replay attacks It enables the exchange of Diffie-Hellman public key values It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack 7.What are the authentication methods that can be used with Oakley? Digital Signnature Public Key Encryption Symmetric key Encryption

8.Define ISAKMP? ISAKMP defines procedures and packet format to establish, negotiate, modify and delete security associations. As part of SA establishment, ISAKMP defines payloads for exchanging key generation and authentication data. This payload format provide a consistent framework independent of the specific key exchange protocol, encryption algorithm, and authentication mechanism. 9.Define ISAKMP exchange? ISAKMP provides a framework for message exchange, with the payload types serving as the building blocks. The specification identifies five default exchange types that should be supported. SA refers to an SA payload with associated protocol and transform payloads. 10.What are the types of ISAKMP exchange? Base Exchange Identity Protection exchange Authentication only exchange Aggressive exchange Informational exchange SSL 1.Define SSL? Secure Socket Layer provides security services between TCP and applications that use TCP. The internet standard version is calles Transport Layer Service(TLS) SSL provides confidentiality using symmetric encryption and message integrity using a message authentication code. Two important SSL concepts are SSL session and SSL connection. 2. Define SSL session? An SSL session is an association between a client and a server, sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.

3. Define SSL connection? Connection is a transport that provides a suitable type of service. For SSL such connections are peer to peer relationships. The connections are transient every connection is associated with one session. 4.What are the parameter of SSL session state? Session identifier Peer Certificate Compression method Cipher spec Master secret Is resumable

5. What are the parameter of SSL connection state? Server and client Random Server write Mac secret Client write Mac secret Server Write key Client write key Sequence number

6. What are the two services provides by SSL record protocol? Confidentiality Message Integrity

WEB SECURITY REQUIREMENTS 1.Define web security?

WS-Security (Web Services Security) is a proposed IT industry standard that addresses security when data is exchanged as part of a Web service. WS-Security is one of a series of specifications from an industry group that includes IBM, Microsoft.. WS-Security specifies enhancements to SOAP (Simple Object Access Protocol) messaging aimed at protecting the integrity and confidentiality of a message and authenticating the sender. WS-Security also specifies how to associate a security token with a message, without specifying what kind of token is to be used. It does describe how to encode X.509 certificates and Kerberos tickets. In general, WS-Security is intended to be extensible so that new security mechanisms can be used in the future. 2.what are the requirements of web security? Global approach Local approach Bi-directional and multiprotocol Throughout the enterprise Granular application control features Multiprotocol data loss prevention Flexible deployment options Multifunction Manageable

3. what are the steps to achieve compliance? The five steps to achieve compliance are Discover and learnFind all your sensitive data wherever it may be Assess riskEnsure secure data handling procedures are in place Define effective policiesCreate policies to protect data and test them for effectiveness Apply controlsRestrict access to authorized people and limit transmission Monitor, report and auditEnsure successful data security through alerting and incident management

TRANSPORT LAYER SECURITY

1. What is TLS/SSL? TLS is the successor to Secure Sockets Layer (SSL), an older cryptographic protocol. TLS/SSL can be used to create a secure environment for web browsing, emailing, or other client-server applications. TLS/SSL encryption requires the use of a digital certificate, which contains identity information about the owner as well as a public key, used for encrypting communications. These certificates are installed on a server; typically, a web server if the intention is to create a secure web environment, although they can also be installed on mail or other servers for encrypting other client-server communications 2. How to secure a web server with TLS/SSL? This is the probably the most common application of TLS/SSL. If used with a web server, TLS/SSL can encrypt online transactions and confidential data relayed between a user's web browser and a website. A secured web server can be identified by a padlock symbol at the bottom of the browser window or in the address bar, as well as by a URL that begins with https rather than http. 3. How to Secure a mail server, database server, or directory server with TLS/SSL? TLS/SSL can be used with mail servers to encrypt email messages. An email that was sent with TLS/SSL encryption may display a ribbon or other icon in the recipient's email client. TLS/SSL can similarly be used with database and directory servers to encrypt server queries 4. How to secure a virtual private network (VPN) with TLS/SSL? TLS/SSL can be used by a VPN appliance to encrypt the connection between a remote user's computer and the network being accessed. For more information on how

TLS/SSL works with VPN, see TechSoup's article Four Tools for Private Communication. 5. How does TLS/SSL Works? A TLS/SSL session is authenticated with what is known as a "handshake." The client first sends the server a "hello" message that lists the client's supported cryptographic capabilities. Being a well-mannered machine, the server send back a "hello" message of its own with a choice of one of the listed cryptographic methods, to ensure the client and server will be able to speak the same language. The server then sends its TLS/SSL certificate, which contains its public key, and may request a certificate from the client if client-authentication is necessary. The client checks that the certificate from the server is valid (if an untrusted certificate was installed on a web server, this is when a security warning would pop up in a web browser) and sends its own certificate if necessary The client then sends a random number that has been encrypted with the server's public key. After this number is decrypted by the server, the client and server will have a common key that can be used to the send and receive data that only the pair of them can understand. Both the client and server then send messages notifying the other that all further communication will be encrypted and both send final messages that are actually encrypted, ending the handshake and allowing encrypted data exchange to begin. 6. What are the advantages of transport layer security?

Increased flexibility. Parts of the message, instead of the entire message, can be signed or encrypted. This means that intermediaries can view the parts of the message that are intended for them. An example of this is a Web service that routes a SOAP message and is able to inspect unencrypted parts of the message to determine where to send the message, while other parts of the message remain encrypted. For an example of this, see the Perimeter Service Router pattern in Chapter 6, "Service Deployment Patterns."

Support for auditing. Intermediaries can add their own headers to the message and sign them for the purpose of audit logging. Support for multiple protocols. You can send secured messages over many different protocols such as Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), and Transmission Control Protocol (TCP) without having to rely on the protocol for security.

7. What are the uses of TLS? TLS is used in e-commerce transactions TLS prevents the server, client, or points in between, from accessing secure information Protecting access to secure information For instance a company with 2 clients whom compete with one another might want to ensure that neither could access each others information in web based communications, or forums. 8. What are all the applications that Utilize TLS? One of the biggest types of software to use TLS is Web Browsers. That said other Internet applications, as well as intranet applications can take advantage of the technology. FTP browsers, and Telnet or SSH clients can also use TLS. Operating Systems can use TLS to make Virtual Private Networks 9. What are all the disadvantages of TLS? Embedded in the application stack (some mis-implementation) Protocol specific-need to duplicated for each transport protocol Need to maintain context for connection (not currently implemented for UDP) Doesnt protect IP addresses & headers

10. Discuss about the Protection Scope Decision Matrix

Security consideration Your application interacts directly with the Web service. Web services are hosted on a system that does not support Windows Integrated Security.

Message layer

Transport layer

Message layer protection is transport layer protection.

Transport layer HTTPS protection.

usually more CPU intensive than provides full message

Authentication can be performed Basic over HTTPS could be by passing credentials in the message. implemented. However, it would require manipulation of message headers.

Your company has Message layer security is not a firewall in place affected by standard firewalls. between applications and Web services. You have nonrepudiation requirements.

It is not uncommon for port 443 to be opened to support HTTPS.

Supports persistence of messages You can use authentication with that include digital signatures, which can be used to support nonrepudiation requirements. X.509 client certificates to support nonrepudiation.

11. What are the Mapping The Security Parts of TLS to Federal Standards

Mechanism Key Establishment

SSL (3.0) RSA DH-RSA DH-DSS DHERSA DHE-DSS DH-Anon Fortezza-KEA

TLS 1.0 RSA DH-RSA DH-DSS DHERSA DHE-DSS DH-Anon IDEA-CBC EDE-CBC Kerberos AES

FIPS Reference

Confidentiality

IDEA-CBC RC4-128 3DESEDE-CBC Fortezza-CBC

FIPS 46-3,

RC4-128 3DES- FIPS 81 FIPS 197 FIPS 186-2 FIPS 186-2 FIPS 186-2

Signature

RSA DSA

RSA DSA EC*

Hash

MD5 SHA-1

MD5 SHA-1

FIPS 180-2, FIPS 198

DUAL SIGNATURE
1. What is dual signature? The purpose of the dual signature is the same as the standard electronic signature: to guarantee the authentication and integrity of data. It links two messages that are intended for two different recipients.

SECURE ELECTRONIC TRANSACTION

1. Define SET? SET is a protocol designed to ensure that merchant and cardholders can conduct business over insecure networks. SET uses cryptography to provide confidentiality and

security, ensure payment integrity, and authenticate both the merchant and the cardholder. 2. List out the participants that SET includes?

Cardholder Merchant Issuer Acquirer Payment gateway Certification authority

3. What are the features of SET?

Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication

4. What is the role of Card Holder? The cardholder is analogous to the average person who uses a payment card to purchase goods or services 5. What is the role of Merchant? This is the business or organization who sells goods or services to the cardholder in the case of a SET transaction over the internet.

6. What is the role of Issuer? The issuer is a financial institution that provides the cardholder with payment card. The issuer responsibility to guarantee payment on behalf of its cardholder. 7. What is the role of the Acquirer?

The acquirer is the financial institution that processes payment card authorizations and payment for the merchant. The acquirers responsibility is to obtain payment authority from the cardholders issuer. 8. What is the role of the Payment Gateway? A payment gateway is an institution that works on the behalf of the acquirer to process the merchants payment messages, including payment instruction from the cardholders. The gateway bridges communication between SET and the existing credit card. 9. What is the role of Certificate Authority? The certificate authority provides certification for the merchant, cardholder, and payment gateway. Certification provides a means of assuring that the parties involved in a transaction. 10. What are all the SET Software Components? The Wallet the front end for the cardholder The Merchant Server the merchants SET Software The Certificate Authority handles the SET participants certificates The Gateway bridges the merchant with its acquirer legacy systems

(16 marks) FIREWALL

1) WHAT ARE THE BASIC TYPES OF FIREWALLS? Conceptually, there are two types of firewalls: 1. Network layer 2. Application layer They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs. Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing. Network layer firewalls These generally make their decisions based on the source, destination addresses and ports (see Appendix C for a more detailed discussion of ports) in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block [3]. Network layer firewalls tend to be very fast and tend to be very transparent to users.

Application layer firewalls These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other,

after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. 2) EXPLAIN THE DIFFERENT TYPES OF FIREWALLS? Types of Firewalls In order to gain a thorough understanding of firewall technology, it is important to understand the various types of firewalls. These various types of firewalls provide more or less the same functions that were outlined earlier. However, their methods of doing so provide differentiation in terms of performance and level of security offered. The firewalls discussed in this section are divided into five categories based on the mechanism that each uses to provide firewall functionality:

Circuit-level firewalls Proxy server firewalls Nonstateful packet filters Stateful packet filters Personal firewalls

These various types of firewalls gather different types of information from the data flowing through them to keep track of legitimate and illegitimate traffic and to protect against unauthorized access. The type of information they use often also determines the level of security they provide. Circuit-Level Firewalls These firewalls act as relays for TCP connections. They intercept TCP connections being made to a host behind them and complete the handshake on behalf of that host. Only after the connection is established is the traffic allowed to flow to the client. Also, the firewall makes sure that as soon as the connection is established, only data packets belonging to the connection are allowed to go through. Circuit-level firewalls do not validate the payload or any other information in the packet, so they are fairly fast. These firewalls essentially are interested only in making sure that the TCP handshake is properly completed before a connection is allowed. Consequently,

these firewalls do not allow access restrictions to be placed on protocols other than TCP and do not allow the use of payload information in the higher-layer protocols to restrict access. Proxy Server Firewalls Proxy server firewalls work by examining packets at the application layer. Essentially a proxy server intercepts the requests being made by the applications sitting behind it and performs the requested functions on behalf of the requesting application. It then forwards the results to the application. In this way it can provide a fairly high level of security to the applications, which do not have to interact directly with outside applications and servers. Proxy servers are advantageous in the sense that they are aware of application-level protocols and they can restrict or allow access based on these protocols. They also can look into the data portions of the packets and use that information to restrict access. However, this very capability of processing the packets at a higher layer of the stack can contribute to the slowness of proxy servers. Also, because the inbound traffic has to be processed by the proxy server as well as the end-user application, further degradation in speed can occur. Proxy servers often are not transparent to end users who have to make modifications to their applications in order to use the proxy server. For each new application that must go through a proxy firewall, modifications need to be made to the firewall's protocol stack to handle that type of application. Non stateful Packet Filters Non stateful packet filters are fairly simple devices that sit on the periphery of a network and, based on a set of rules, allow some packets through while blocking others. The decisions are made based on the addressing information contained in network layer protocols such as IP and, in some cases, information contained in transport layer protocols such as TCP or UDP headers as well. Non stateful packet filters are fairly simple devices, but to function properly they require a thorough understanding of the usage of services required by a network to be protected. Although these filters can be fast because they do not proxy any traffic but only inspect it as it passes through, they do not have any knowledge of the application-level protocols or the data elements in the packet. Consequently, their usefulness is limited. These filters also do not retain any knowledge of the sessions established through them. Instead, they just keep tabs on what is immediately passing through.. The use of simple and extended access lists (without the established keyword) on routers are examples of such firewalls.

Stateful Packet Filters Stateful packet filters are more intelligent than simple packet filters in that they can block pretty much all incoming traffic and still can allow return traffic for the traffic generated by machines sitting behind them. They do so by keeping a record of the transport layer connections that are established through them by the hosts behind them. Stateful packet filters are the mechanism for implementing firewalls in most modern networks. Stateful packet filters can keep track of a variety of information regarding the packets that are traversing them, including the following:

Source and destination TCP and UDP port numbers TCP sequence numbering TCP flags TCP session state based on the RFCed TCP state machine UDP traffic tracking based on timers

Stateful firewalls often have built-in advanced IP layer handling features such as fragment reassembly and clearing or rejecting of IP options. Many modern stateful packet filters are aware of application layer protocols such as FTP and HTTP and can perform access-control functions based on these protocols' specific needs. Personal Firewalls Personal firewalls are firewalls installed on personal computers. They are designed to protect against network attacks. These firewalls are generally aware of the applications running on the machine and allow only connections established by these applications to operate on the machine. A personal firewall is a useful addition to any PC because it increases the level of security already offered by a network firewall. However, because many of the attacks on today's networks originate from inside the protected network, a PC firewall is an even more useful tool, because network firewalls cannot protect against these attacks. Personal firewalls come in a variety of flavors. Most are implemented to be aware of the applications running on the PC. However, they are designed to not require any changes from the user applications running on the PC, as is required in the case of proxy servers.

IP SECURITY, ARCHITECTURE, AUTHENTICATION HEADER, SECURITY ASSOCIATION IP Security Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session End-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. Two traffic security protocols: authentication header (AH) and encapsulating security payload (ESP), The IP AH protocol provides data origin authentication, connectionless integrity, and an optional anti-replay service. The ESP protocol provides data confidentiality, limited traffic flow confidentiality, connectionless integrity, data origin authentication, and antireplay service. There are two modes of operation of both AH and ESP: transport mode and tunnel mode .

IP Security Architecture:

IP header checksum is calculated over the IP header To compute the checksum, the 16-bit checksum field is first set to zero, and then the ones complement sum of the header is computed; When an IP datagram is received, the receiver calculates the 16-bit ones complement sum of the header. The first 4 bits of an IP datagram are the version field. The next field, the IHL (Internet header length) field, is the length of the header in 32-bit words.

Authentication Header AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. Also provides optional anti-replay protection. The authentication header is inserted into the packet between the IP header and any subsequent packet contents.

Does not protect the data's confidentiality ESP protects data confidentiality. AH and ESP can be used together.

Authentication Data field is variable . AH provides support for data integrity & authentication of IP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence numbers based on use of a MACHMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret key

Figure 18-3 Unprotected IP Packet Carrying TCP Information

Figure 18-4 Protected IP Packet Carrying TCP Information

Figure 18-5 Packet Protected by an Authentication Header

Figure 18-6 IPsec Packet Protected in Tunnel Mode

Encapsulating Security Payload (ESP) provides message content confidentiality & limited traffic flow confidentiality can optionally provide the same authentication services as AH supports range of ciphers, modes, paddingincl. DES, Triple-DES, RC5, IDEA, CAST etc padding needed to fill blocksize, fields, for traffic flow 3 Also provides all encryption services. Encryption translates a readable message into an unreadable format to hide the message content. Decryption, translates the message content from an unreadable format to a readable message. Encryption/decryption allows only the sender and the authorized receiver to read the data., 4 Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header. 0

ESP header is inserted into the packet between the IP header and any subsequent packet contents. because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. Protections Provided by AH and ESP in IPsec:

Protocol Packet Coverage Protection Against Attacks AH Protects packet from the Provides strong integrity, data Replay, cut-andIP header to the authentication: paste transport header Ensures that the receiver receives exactly what the sender sent

Is susceptible to replay attacks when an AH does not enable replay protection

ESP

Protects packet With encryption option, encrypts Eavesdropping following the beginning the IP datagram. Ensures of ESP in the datagram. confidentiality With authentication option, Replay, cut-andprovides the same protection as paste AH With both options, provides strong integrity, data authentication, and confidentiality Replay, cut-andpaste, eavesdropping

Security Association: SA is an agreement between communicating peers on factors such as the IPSec protocol, mode of operation of the protocols (transport mode or tunnel mode), cryptographic algorithms, cryptographic keys, and lifetime of the keys Two sets of SAs are required: an SA for AH and one for ESP.

A single SA protects data in one direction. Because most communication is either peer-to-peer or client-server, two SAs must be present to secure traffic in both directions.

The following three elements uniquely identify an IPsec SA: The security protocol (AH or ESP) The destination IP address The security parameter index (SPI)

The SPI, an arbitrary 32-bit value, is transmitted with an AH or ESP packet. An integrity checksum value is used to authenticate a packet. If the authentication fails, the packet is dropped. Security associations are stored in a security associations database (SADB). 2 modes of operation: Transport mode Tunnel mode

Transport and tunnel mode:

Transport mode: Transport Mode: protect the upper layer protocols transport mode is used to encrypt & optionally authenticate IP datadata protected but header left in clear

 can do traffic analysis but is efficient good for ESP host to host traffic

Tunnel mode: Tunnel Mode: protect the entire IP payload tunnel mode encrypts entire IP packetadd new header for next hop good for VPNs, gateway to gateway security

Tunnel mode works only for IP-in-IP datagrams.

The inner IP header, its next header, and the ports that the next header supports, can enforce a policy. Unlike transport mode, in tunnel mode the outer IP header does not dictate the policy of its inner IP datagram. IPsec policy can be specified for subnets of a LAN behind a router and for ports on those subnets. KEY MANAGEMENT, WEB SECURITY MANAGEMENT, SECURE SOCKETS LAYER WEB SECURITY REQUIREMENTS Web security must be global, local, bidirectional, multi protocol, and work despite users connecting to the Internet and then connecting to the enterprise network. The web security requirements are, Global approach Local approach Bi-directional and multiprotocol Throughout the enterprise Granular application control features Multiprotocol data loss prevention Flexible deployment Multifunction Manageable. Requirement 1: Global approach Deploy proactive, real-time, reputation-based URL filtering, powered by in the cloud global threat intelligence Because legacy URL filtering solutions are only as accurate as their most recent update, enterprises need extra help determining which sites are risky. What is needed is a reputation system that assigns global reputations to URLs and IP addresses, working alongside categorized databases to provide an additional layer of protection far stronger than URL filtering alone. Requirement 2: Local approach

Deploy anti-malware protection utilizing real-time, local intent-based analysis of code Effective local malware solutions utilize intent-based analysis to examine code that will execute in the browser. By analyzing the code at the gatewaya gateway located physically at the enterprise or in the cloud as a hosted servicemalware can be detected and blocked before it reaches the endpoint or other networked assets. Gateway-based malware protection should: Determine the actual file type based on a magic number or checksum analysis Decrypt and de-obfuscate to safeguard against files that are disguised Disallow media types that are potentially hazardous (like unknown ActiveX) Check active code for valid digital signatures Analyze behavior to determine if the malware will act in a known manner Analyze scripts to determine if they are trying to exploit vulnerabilities on the client Neutralize attacks as needed

Requirement 3: Bidirectional and multiprotocol Implement bidirectional filtering at the gateway for all web traffic, including web protocols such as FTP, HTTP, HTTPS, IM, and streaming media Applications that communicate over encrypted and unencrypted protocols need to be controlled in both directions. This includes controlling access to websites, blogs, wikis, IM, streaming media, and other applications, as well as monitoring the connections for malware coming in and sensitive data going out. For example, Instant Messaging applications need to be proxied. Proxies allow granular control over who uses an application and what they can do with it, such as send links, receive links, or send files, and lets IT filter outbound content for sensitive data. These controls are as important as filtering what is posted or received via social networking sites (including Facebook and Twitter), or blogs and wikis. With a high percentage of corporate web traffic now being encrypted (HTTPS), it is imperative to be able to selectively decrypt this content at the

gateway, providing security while respecting privacy for access to sensitive sites, such as personal finance or healthcare sites. Requirement 4: Throughout the enterprise Protect from the corporate network to the branch office to mobile users on laptops, smartphones, or tablets, safeguarding against malware collected directly from the Internet Study your employees that connect to the Internet and then connect to your network. Laptop users connecting to the public internet risk infection. Are you filtering their access even when not on your network? More and more organizations wish to allow their employees to use personally owned devices to connect to their network and applications. Your web security should allow you to filter their access and prevent malware from entering the enterprise network. Requirement 5: Granular application control features Move beyond a binary block or allow approach to provide selective, policy-based access to Web 2.0 sites, such as blocking a specific social networking game (such as Mafia Wars) while allowing a general category called games Legacy Web 1.0 security solutions use a binary block or allow approach to web access. However, todays enterprises need to have bidirectional filtering that controls what a user can do on Web 2.0 sites and also protects against data loss. Within web security gateways, controlling what a user can do on a site is known as application control. Because Web 2.0 sites are bidirectional in nature users can both access and contribute contentdata loss prevention needs to be part of this control as well. In addition to allowing sensitive content to escape, user contributed content is a common insertion point for malware. Finally, many of these sites contain bandwidth-hogging streaming media. Requirement 6: Multiprotocol data loss prevention Monitor for and protect against data leaks on all web protocols Data loss protection on content exiting via either the web or email requires five steps. From defining corporate and regulatory policies to detecting and enforcing them, to proving compliance to auditors, this process is the surest way to ensure that no inappropriate information ever leaves your gateway. The five steps to achieve compliance are

 Discover and learnFind all your sensitive data wherever it may be Assess riskEnsure secure data handling procedures are in place Define effective policiesCreate policies to protect data and test them for effectiveness Apply controlsRestrict access to authorized people and limit transmission Monitor, report and auditEnsure successful data security through alerting and incident management For data in motion, data loss prevention should be provided over encrypted and unencrypted protocols for both messaging and web traffic. As with application control, this includes managing access to websites, social networking sites, blogs, wikis, IM, P2P, and other applications, as well as monitoring connections for data leakage. And as with application control, it is imperative to be able to selectively decrypt encrypted traffic at the gateway to provide security while respecting privacy for access to sensitive sites. Requirement 7: Flexible deployment options Provide options that match your strategic needs: on site, in the cloud or a hybrid mix of both With employees accessing your network and the Internet from anywhere in the world, not just from the confines of your network, the solution must be flexible. It should secure headquarters, remote offices, and home offices, as well as the hotels, airports and coffee shops where mobile workers expose their laptops and other mobile devices to attack. This coverage requires solutions with a range of Implementation foot prints. Some enterprises want equipment to live on their premises. You should be able to choose from appliances, blade servers, and software deployment options (including the choice of virtualization to leverage existing hardware investments). Others will want to choose the cloud and provide web security via Software as a Service Yet others desire a hybrid approach that mixes appliances at major offices and SaaS for remote offices and home office workers. The Forrester study predicts a growing interest in moving to cloud based and hybrid deployments.17

Requirement 8: Multifunction Reduce cost and simplify management by consolidating legacy point applications into an integrated solution To cost-effectively manage risk, todays web gateway requires a single-solution that houses the security and caching engines in the same application, tightly integrated. In addition to having fewer vendors to deal with, you get added protection by replacing point solutions with integrated, multifunction solutions that provide best-of-breed functionality. Since the cache can be security-aware, malware detection can be integrated with reputation-based filtering, and so on. Solutions that manage both inbound and outbound risk reduce costs and increase security by providing additional opportunities for consolidation and efficiency. Requirement 9: Manageable Use comprehensive access, management, and reporting tools Since constant web access is so critical to business today, enterprises should deploy solutions that provide at-a-glance reporting on the status and health of their web gateways. They also need both real-time and forensic reporting that allows them to drill down into problems for remediation and post-event analysis. Robust and extensible reporting is the cornerstone of your ability to understand risk, refine policy, and measure compliance. KEY MANAGEMENT Key management is the management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols. Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher There are two types of key management 1.Manual key Management

2.Automated key Management Manual Key management: A system administrator manuually configures each system with its own keys and with the keys of other communicating systems. This is practical for small relatively static environments. Automated key Management: An automated system enables the on-demand creation of keys for SAs and facilitates the use of keys in a large distributed system with a evolving configurations The default automated key management protocol for IP Sec Oakley key determination protocol Internet security association and key management protocol(ISAKMP) features of Oakley: It employs a mechanism known as cookies to thwart clogging attacks. It uses nonces to ensure against replay attacks It enables the exchange of Diffie-Hellman public key values It authenticates the Diffie-Hellman exchange to thwart Man-in the middle attack The authentication methods that can be used with Oakley Digital Signnature Public Key Encryption Sy mmetric key Encryption ISAKMP ISAKMP defines procedures and packet format to establish, negotiate, modify and delete security associations. As part of SA establishment, ISAKMP defines payloads for exchanging key generation and authentication data. This payload format provide a consistent framework independent of the specific key exchange protocol, encryption algorithm, and authentication mechanism. ISAKMP exchange: ISAKMP provides a framework for message exchange,with the payload types serving as the building blocks. The specification identifies five default exchange types that should be supported. SA refers to an SA payload with associated protocol and transform payloads.

The types of ISAKMP exchange: Base Exchange Identity Protection exchange Authentication only exchange Aggressive exchange Informational exchange

SSL (Secure Socket Layer) Secure Socket Layer provides security services between TCP and applications that use TCP. The internet standard version is calles Transport Layer Service(TLS) SSL provides confidentiality using symmetric encryption and message integrity using a message authentication code. Two important SSL concepts are SSL session: An SSL session is an association between a client and a server, sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection. SSL connection: Connection is a transport that provides a suitable type of service. For SSL such connections are peer to peer relationships. The connections are transient every connection is associated with one session. parameter of SSL session state: Session identifier Peer Certificate Compression method SSL session SSL connection.

Cipher spec Master secret Is resumable

parameter of SSL connection state: Server and client Random Server write Mac secret Client write Mac secret Server Write key Client write key Sequence number

Two services provides by SSL record protocol Confidentiality Message Integrity Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.
[1]

TLS and SSL encrypt the segments of network connections at the Application Layer

for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, and is based on the earlier SSL specifications developed by Netscape Communications.[2] The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. Since most protocols can be used either with or without TLS (or SSL) it is necessary to indicate to the server whether the client is making a TLS connection or not. There are two

main ways of achieving this, one option is to use a different port number for TLS connections (for example port 443 for HTTPS). The other is to use the regular port number and have the client request that the server switch the connection to TLS using a protocol specific mechanism (for example STARTTLS for mail and news protocols). Once the client and server have decided to use TLS they negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security. 1. The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL. 2. The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client's certificate. 3. The client uses the information sent by the server to authenticate the server (see Server Authentication for details). If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to step 4. 4. Using all data generated in the handshake thus far, the client (with the cooperation of the server, depending on the cipher being used) creates the pre-master secret for the session, encrypts it with the server's public key (obtained from the server's certificate, sent in step 2), and then sends the encrypted pre-master secret to the server. 5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret.

6. If the server has requested client authentication, the server attempts to authenticate the client (see Client Authentication for details). If the client cannot be authenticated, the session ends. If the client can be successfully authenticated, the server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. 7. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). 8. The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. 9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. The SSL handshake is now complete and the session begins. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity. This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes. If any one of the above steps fails, the TLS handshake fails and the connection is not created.

TRANSPORT LAYER SECURITY Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL). TLS is composed of two layers: The TLS Record Protocol The TLS Handshake Protocol

Description
The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. Once the client and server have decided to use TLS they negotiate a stateful connection by using a handshaking procedure.[3] During this handshake, the client and server agree on various parameters used to establish the connection's security. The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL. The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client's certificate. The client uses the information sent by the server to authenticate the server (see Server Authentication for details). If the server cannot be authenticated, the user is warned of the problem and informed that an

encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to step 4. Using all data generated in the handshake thus far, the client (with the cooperation of the server, depending on the cipher being used) creates the pre-master secret for the session, encrypts it with the server's public key (obtained from the server's certificate, sent in step 2), and then sends the encrypted pre-master secret to the server. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret. If the server has requested client authentication, the server attempts to authenticate the client (see Client Authentication for details). If the client cannot be authenticated, the session ends. If the client can be successfully authenticated, the server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished.

The SSL handshake is now complete and the session begins. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity.

Security
TLS has a variety of security measures: Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite. Numbering subsequent Application records with a sequence number and using this sequence number in the message authentication codes (MACs). Using a message digest enhanced with a key (so only a key-holder can check the MAC). The HMAC construction used by most TLS cipher suites is specified in RFC 2104 (SSL 3.0 used a different hash-based MAC). The message that ends the handshake ("Finished") sends a hash of all the exchanged handshake messages seen by both parties. The pseudorandom function splits the input data in half and processes each one with a different hashing algorithm (MD5 and SHA-1), then XORs them together to create the MAC. This provides protection even if one of these algorithms is found to be vulnerable. TLS only. SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication.

SECURE ELECTRONIC TRANSACTION SET is a protocol designed to ensure that merchant and cardholders can conduct business over insecure networks SET Roles The participants listed below plays an important role in a SET Transaction: Cardholder Merchant Issuer Acquirer Payment gateway Certification authority

1) The gateway obtains the certificates it need from the certificate authority. 2) The merchant obtain from the certificate authority. 3) The cardholder obtains its certificates from the certificate authority. 4) The cardholder shops at the merchants shopping experience and decides what goods or services he /she wishes to buy. 5) The merchant sends the cardholder certificates needed in the purchase transaction. 6) The cardholder sends a request to purchase the item that he/she has selected. This message contains information about and the cardholders order and the cardholders payment information such as the cardholders card information. The merchant gets the

order information and sends the cardholders payment card information onto the payment gateway. The merchant is never privy to the cardholders payment information and therefore has no way of obtaining the cardholders payment information payment card information. This security measure is designed to protect the cardholder. 7) The merchant and payment gateway share authorization information. This consists of the merchant sending the payment gateway information such as the cardholders payment card information and the amount the transaction. The payment gateway can either authorize or decline the transaction based on the information received from the merchant later, no money changes hands during the authorization phase. 8) The merchant sends a message to the cardholder finalizing the transaction. The cardholder sees this at the end of the transaction. 9) This step is optional but allows the merchant to change or eliminate money authorized in step #7. 10) The merchant and the gateway share capture information. A request is send from the merchant to the gateway to capture money that has been authorized- this capture request can be for a single authorization amount or multiple amounts. The gateway processes the capture request through its existing payment card financial network. 11) If an error has occurred capturing cardholder funds, messaging between the merchant and the gateway takes place in order to reverse the capture. This step is optional and only happens if there has been a capture error has been occurred. 12) The merchant and payment gateway exchange messages in order to credit a cardholders account. 13) If a credit has been granted by mistake the merchant and payment gateway can exchange message in order to reverse the granted credit.

DUAL SIGNATURES

Dual Signatures A new application of digital signatures is introduced in SET, namely the concept of dual signatures. Dual signatures is needed when two messages are need to be linked securely but only one party is allowed to read each. The following picture shows the process of generating dual signatures. In SET, dual signatures are used to link an order message sent to the merchant with the payment instructions containing account information sent to the acquirer (merchant bank). When the merchant sends an authorization request to the acquirer, it includes the payment instructions sent to it by the cardholder and the message digest of the order information. The acquirer uses the message digest from the merchant and computes the message digest of the payment instructions to check the dual signatures. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order. The link is needed so that the customer can prove that the payment is intended for this order. The message digest (MD) of the OI and the PI are independently calculated by the customer. The dual signature is the encrypted MD (with the customer's secret key) of the concatenated MD's of PI and OI. The dual signature is sent to both the merchant and the bank. The protocol arranges for the merchant to see the MD of the OI without seeing the PI itself, and the bank sees the MD of the PI but not the OI itself. The dual signature can be verified using the MD of the OI or PI. It doesn't require the OI or PI itself. Its MD does not reveal the content of the OI or PI, and thus privacy is preserved.