Unit 03

What is kerberos authentication protocol what are its significance what are its step. what is TGT and its
component AS and TGS what are its steps authentication processes
Kerberos is a network authentication protocol. It provides a centralised authentication server whose function is to
authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client
authentication. Kerberos runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user
and service on the network is a principal.

The main components of Kerberos are:

 Ticket Granting Ticket (TGT) — A ticket-granting ticket is an authentication ticket used to request service
tickets from the TGS for specific resources from the domain.
 Key Distribution Center (KDC) — The Key Distribution Center is a service for issuing TGTs and service
tickets that consist of the Authentication Service and the Ticket Granting Service.
 Authentication Service (AS) — The Authentication Service issues TGTs to be used by the TGS in the domain
to request access to other machines and service tickets.
 Ticket Granting Service (TGS) — The Ticket Granting Service takes the TGT and returns a ticket to a
machine on the domain.
steps authentication processes

● Step-1:
User login and request services on the host. Thus user requests for ticket-granting service.
 ● Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and
session key. Results are encrypted using the Password of the user.

● Step-3:
The decryption of the message is done using the password then send the ticket to Ticket Granting Server. The
Ticket contains authenticators like user names and network addresses.

● Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request then creates the
ticket for requesting services from the Server.

● Step-5:
The user sends the Ticket and Authenticator to the Server.

● Step-6:
The server verifies the Ticket and authenticators then generate access to the service. After this User can access
the services.
Kerberos Limitations

● Service Modification: Each network service needs individual modification for Kerberos use.
● Timeshare Challenge: Not ideal for environments with shared workstations.
● Secured Server: Kerberos server must be securely maintained to avoid compromises.
● Always-On Requirement: The Kerberos server must be continuously available for authentication.
● Single-Key Encryption: All passwords are encrypted with a single master key, posing a security risk
if compromised.
● Assumed Workstation Security: Kerberos assumes workstation security; compromised
workstations can lead to unauthorized access.
● Loss of Trust Risk: Compromised Key Distribution Center (KDC) can lead to a loss of trust
throughout the network.
● Scalability Challenges: Difficulties in managing and scaling in very large or complex networks.

Significance of kerberos

 User Authentication: Kerberos simplifies user authentication by requiring users to enter their
username and password only once. The server then receives encrypted authentication data and
issues a Ticket Granting Ticket (TGT).
 Single Sign-On (SSO): With Kerberos, users benefit from Single Sign-On (SSO), logging in once to
access various network resources. Once authenticated, users can access authorized resources
without re-entering credentials.
 Mutual Authentication: Kerberos ensures mutual authentication between client and server. Using a
shared secret key, the client decrypts a challenge from the server to prove its identity before
accessing resources.
 Authorization: After authentication, Kerberos allows users to submit service tickets for specific
network resources. Users can only access resources they have permission for, based on privileges
and permissions in their service tickets.
  Network Security: Kerberos enhances network security with a central authentication server. This
server manages user credentials and access restrictions, preventing unauthorized access to sensitive
data and resources.

What is t o c t u explain it with an example related to cyber security. Explain is consequences for example route
access.
Time of Check to Time of Use (TOCTOU) error is a type of non malcious programm error.
Time of Check to Time of Use (TOCTOU) error is a type of software vulnerability that occurs in situations where a
resource or condition is checked at one point in time (time of check), but its status or value changes before it is used
(time of use). This time gap between checking and using can create a window of opportunity for attackers to
manipulate the system in malicious ways.
Time of Check (TOC): The program checks the status of a resource or condition, such as the existence of afile,
permissions.
Time of Use (TOU): between the time of the check and the time of use, the status or value of the resource may have
changed due to actions by other processes or users.
Example In Unix, the following C code, when used in a setuid program, has a TOCTOU bug:

Victim Attacker

if (access("file", W_OK) != 0) {
exit(1);
}

After the access check, before the open, the attacker replaces file with
a symlink to the Unix password file /etc/passwd:
symlink("/etc/passwd", "file");

fd = open("file", O_WRONLY);
write(fd, buffer, sizeof(buffer));

Actually writing over /etc/passwd

In this example, an attacker can exploit the race condition between the access and open to trick the setuid victim into
overwriting an entry in the system password database. TOCTOU races can be used for privilege escalation to get
administrative access to a machine.
examples of scenarios where TOCTOU vulnerabilities can occur

• File System Operations:

• File Existence Checks: A program checks if a file exists before performing an operation on it, such as
reading its contents. An attacker could create or delete the file between the existence check and the actual file
operation, causing unexpected behavior.
• File Permission Checks: Similarly, a program may check file permissions before allowing access. However,
permissions could change between the check and the actual access, potentially granting unauthorized users
access to sensitive files.
• Access Control Mechanisms:
• Authentication: An application checks a user's authentication status before granting access to restricted
resources. However, if an attacker gains access credentials after the check but before the resource is accessed,
they could bypass authentication and gain unauthorized access.
• Resource Allocation: A system checks resource availability before allocating them to a user or process.
However, if the availability changes before the allocation is made, the system could unintentionally
overcommit resources or allocate them improperly.
• Race Conditions:
• Interprocess Communication: In systems with interprocess communication, multiple processes may attempt
to access shared resources. Without proper coordination, race conditions can lead to TOCTOU vulnerabilities
where one process modifies the resource after another process checks its state.
• Environmental Checks:
• Network Connectivity: A network application may check for network connectivity before sending data.
However, network conditions could change between the check and the data transmission, resulting in failed or
insecure communications.

The consequences of this TOCTOU vulnerability in cybersecurity can be severe:

1. Unauthorized Access: The system unintentionally grants access to resources that the user should not have
access to. In the example, User A gains access to confidential data despite not having permission initially.
2. Data Breaches: This vulnerability can lead to data breaches if sensitive information is accessed by
unauthorized users.
3. Escalation of Privileges: Attackers can exploit TOCTOU to escalate their privileges on a system. For
instance, an attacker might change permissions during the time gap to gain admin access.
4. Data Integrity Issues: If the resource being accessed is being modified, the user might access incomplete or
corrupted data, leading to integrity issues.
5. Security Bypass: In some cases, attackers can bypass security mechanisms by exploiting this timing gap,
allowing them to carry out malicious activities undetected.
To protect against toctou attack
1. Atomic Operations:
 Use atomic operations provided by the operating system or programming language. This ensures that the
check and the subsequent use of a resource are performed as a single, indivisible operation.
2. File Locking:
 Implement file locking mechanisms to prevent changes to the file's state between the time it is checked and
used.
 Use advisory or mandatory file locks based on the specific requirements.
3. Time-Sensitive Checks:
 Perform checks and use operations on the resource as close together in time as possible. Minimize the time
gap between the check and the use.
4. Transactional Models:
 Implement transactional models, similar to those used in databases, where checks and operations are part of a
single transaction. If the check fails, the operation should not proceed.
5. Access Controls:
 Enforce strict access controls and permissions. Even if the state of a resource changes, the user should not be
granted access unless they have the necessary permissions at the time of use.
6. Immutable Resources:
 Consider making critical resources immutable if possible. Immutable resources cannot be changed after
creation, eliminating the risk of TOCTOU attacks on those resources.

What is mitm attack and how to prevent it

A Man-in-the-Middle (MITM) attack is a type of cyber attack where an attacker intercepts and alters communications
between two parties who believe they are communicating directly with each other. In this attack, the attacker secretly
relays and possibly alters the communication between the two parties without their knowledge.
There are a number of techniques that attackers can use to carry out a MITM attack that exploits route hijacks or
leaks. Here are some of the most common techniques:
1. Border Gateway Protocol (BGP) hijacking: In this technique, the attacker announces a false route to the
BGP system, causing traffic intended for a specific IP address range to be redirected to the attacker’s
machine.
2. DNS spoofing: In this technique, the attacker sets up a fake DNS server that redirects traffic to a different IP
address. When users try to communicate with a specific IP address, their traffic is actually sent to the
attacker’s machine, which can intercept and manipulate the communication.
3. SSL stripping: In this technique, the attacker intercepts encrypted communication between two parties and
forces it to use an unencrypted connection. By doing this, the attacker can decrypt and read the traffic.
4. IP Spoofing:Many devices connected to the same network contains an IP address. In IP spoofing, the
attackers imitate an approved console's IP address. For a network, it appears just as the system is authorized.It
might be causing a network to be exploited by unauthorized access. In a Middle-in-the-man attack, IP
spoofing may also be used by placing between two devices.
5. Session Hacking:Usually, this form of MITM attack is often used to hack social media platforms. The
webpage contains a "session browser cookie" on the victim's machine for most social media platforms. when
the session is running, the cookie offers identity, exposure, and monitoring data.
A Session Hijack happens when a configuration cookie is stolen by an intruder. It can occur if a user exploits
an XSS cross-scripting intrusion, in which the hacker injects malicious script into a site that is commonly
visited.
6. Wi-fi Eavesdropping:You may have seen a notification that suggests, "This connection is not safe," while
using public wifi.
The unencrypted wi-fi networks are easy to watch. Some other Wi-Fi snooping attack occurs when an attacker
establishes his own "Evil Twin" wi-fi hotspot. Attacker make the link, through the network Address and
passwords, appear identical to the real ones. Users will link to the "evil twin" unintentionally or automatically,
enabling the attacker to intrude about their actions.

Once the attacker has intercepted the communication, they can read, modify, or inject messages to disrupt the
communication between the two parties. They can also use the opportunity to steal sensitive information, such as
usernames, passwords, or credit card numbers.
Preventions of Man-in-the-middle attack
1. WAP Encryption: Strong encryption on Wireless Access Points (WAPs) prevents unauthorized access by
those physically close to the network. Vulnerable encryption makes brute-force attacks easier, enabling
intruders to launch Man-in-the-Middle (MITM) attacks.
2. Use a VPN: Implementing a Virtual Private Network (VPN) encrypts web traffic, making it difficult for
hackers to read or modify data. This provides an added layer of security against MITM attacks.
3. Public Key Pair Authentication: Utilizing public key pair authentication, such as RSA, ensures that
communication partners are authentic and not spoofed, adding another layer of protection against MITM
attacks.
4. Strong Network User Credentials: Modifying primary email logins and router password hashes is essential.
Hackers who access router login details can redirect traffic to fraudulent servers or inject malware.
5. Communication Security: Enable two-factor authentication (2FA) for accounts, requiring an additional
verification factor alongside login credentials. This adds a robust layer of protection against unauthorized
access.
 6. Endpoint security These attacks combine with malware to gain unrestricted access to your device or IT
network.
7. strong endpoint security software to protect against these threats. The best security software, such as
Kaspersky Endpoint Security.Avoid Public Wi-Fi: Configure devices to require manual connections to
public Wi-Fi networks, reducing the risk of unwittingly connecting to malicious networks that could facilitate
MITM attacks.

What is a trap door what are its significance and vulnerability in context of cyber security.
a "trapdoor" refers to a hidden vulnerability intentionally inserted into a system, software, or cryptographic algorithm
by its creator so that an application, operating system (OS) or data can be accessed for troubleshooting or other
purposes
A trapdoor attack is a way to access a computer system or encrypted data that bypasses the system's customary
security mechanisms.. These attacks let attackers gain control of system resources, perform network reconnaissance
and install different types of malware. In some cases, attackers design a worm or virus to take advantage of an
existing backdoor created by the original developers or from an earlier attack.

Cause of backdoor
 Intentional Design:
 Developer Access: Trapdoors may be intentionally inserted into software or systems to provide developers
with a way to access the system for maintenance, debugging, or troubleshooting purposes.
 Law Enforcement or Governmental Requirements: In some cases, trapdoors are mandated by government
regulations or law enforcement agencies to provide access to encrypted data for national security or law
enforcement purposes.
 Programming Errors:
 Coding Mistakes: During the development process, coding mistakes or errors could inadvertently create
vulnerabilities that act as trapdoors. For example, a developer might inadvertently leave a password as a
default setting that can be easily exploited.
 Incomplete Testing: Insufficient testing of software can lead to undiscovered vulnerabilities that act as
unintentional trapdoors.
 Malicious Intent:
  Insider Threats: Malicious insiders, such as disgruntled employees or contractors, may intentionally create
trapdoors to gain unauthorized access to systems or data.
 External Attackers: Skilled attackers may exploit vulnerabilities in a system to create their own backdoors
for future access.
 Cryptographic Design:
 Weak Algorithms: In the realm of cryptography, poorly designed algorithms can unintentionally create
trapdoors. These weaknesses can be exploited to break encryption.
 Intentional Trapdoors: Cryptographic trapdoors are deliberately created for specific encryption or decryption
purposes, such as public-key cryptography where a private key acts as a trapdoor to decrypt messages.
 Outdated Systems:
 Legacy Systems: Older systems that have not been updated or maintained properly may contain
vulnerabilities that act as trapdoors. These systems may have been designed at a time when security practices
were not as robust as they are today.

Significance:
1. Access Control: Trapdoors can provide a way for authorized users to access a system without going through
normal authentication procedures. This can be useful for system administrators or developers who need a way
to troubleshoot or maintain the system.
2. Law Enforcement and Intelligence: In some cases, trapdoors are intentionally built into systems to allow law
enforcement or intelligence agencies to access information for investigations or national security purposes.
3. Encryption: In the context of cryptography, a trapdoor can be used to enable certain parties to decrypt data
that was encrypted with a specific key. This is the basis of public-key cryptography, where a private key acts
as a trapdoor to decrypt messages that were encrypted with the corresponding public key.
Vulnerabilities:
1. Unauthorized Access: The most significant vulnerability of trapdoors is that if they are discovered by
unauthorized parties, they can be exploited to gain unauthorized access to systems or data. This could lead to
data breaches, theft of sensitive information, or even complete system compromise.
2. Misuse: Trapdoors can be misused by insiders or attackers who gain access to the system. They can use the
trapdoor to perform actions that they should not be able to do, such as bypassing security controls or
manipulating data.
3. Lack of Transparency: The presence of a trapdoor often means that there is a lack of transparency in the
system. Users may not be aware that such a backdoor exists, which can erode trust in the system.
4. Security Risks: Intentional vulnerabilities like trapdoors go against the principles of security by design. They
introduce unnecessary risks into systems and can make it more difficult to maintain a secure environment.

Explain life cycle of a virus. What is a virus.

explanation
VIRUS: Vital Information Resources Under Seize
A computer virus is a type of malicious software (malware) that replicates itself by inserting its code into other
programs or files on a computer. It can spread from one computer to another, often causing damage to data, disrupting
system operations, and compromising the security of the infected computer. Here's an overview of the lifecycle of a
computer virus:

A computer virus first infact the computer. It enters a system through various means such as infected email
attachments, downloads from untrusted sources, infected removable media (USB drives), or vulnerabilities in
software. Once it enter the computer it life cycle start. .
The life cycle of a computer virus can be divided into four phases:
Dormant phase
The virus is idle in the dormant phase. It has accessed the target device but does not take any action.
Note: Not all viruses have the dormant phase.
Propagation phase
In the propagation phase, the virus starts propagating by replicating itself. The virus places a copy of itself into other
programs or accomplishes certain system areas on the disk. Each infected program will contain a clone of the virus,
which will enter its own propagation phase as well. During this phase virus employ tectics like encrypting its code, to
slightly changes its code to evade signature based detectin to remain undected by computer security
Triggering phase
The triggering phase starts when the dormant virus is activated. It will perform the actions it is supposed to
accomplish. This phase can be caused by various system events like the count of the times the virus has cloned or
after a set time interval has elapsed.
Execution phase
In the execution phase, the payload will be released. It can
Deleting files or corrupting data.
o Stealing sensitive information like passwords or financial data.
o Creating backdoors for remote access by attackers.
o Displaying unwanted messages or pop-ups.
What is salami attack what are its legal and ethical implication in context of cyber security and financial fraud
detection
In a salami attack, attackers make small, incremental changes to a system to steal small amounts of money or
resources. The changes are often so small that they go unnoticed, but they add up to a significant amount when
totaled.

How a Salami Attack Works:

A user with high-level access to a network can carry out a salami attack by installing a Trojan Horse that
automatically rounds off a customer's funds during a transaction. Most customers assume the deductions are
transaction fees. This is because attackers make the round-off as low as possible to avoid detection
For example when during transaction $7.88 ( probably for buying an item) , attacker code round it off to $7.9 during
transaction the $0.02 goes to attacker and rest go to bank. This small amount goes unnoticed . and these tiny
transaction from many victims over a long period of time adds up to a significant amount.

Effect of salami attack

 Fraud: Salami attacks are considered fraudulent activities and are illegal in most jurisdictions .
 Data Breach: If the attack involves data theft, it could also lead to legal consequences under data protection
and privacy laws.
 Trust: Salami attacks erode trust in financial systems, as they exploit small loopholes to steal from many
individuals or organizations over time.
 Privacy: Ethically, it's a breach of privacy to access and use someone's financial data without their consent.
 Financial Stability: These attacks, though seemingly small in each instance, can collectively lead to
significant financial losses for individuals and institutions, impacting their stability and potentially leading to
broader economic issues.

Types of salami attack

• Salami Slicing Attack
A salami-slicing attack involves the theft of small amounts of money from a large number of accounts by
manipulating financial transactions.
For example, a malware program is installed on a system and begins making small changes to the system’s files or
settings, gradually increasing its control over the system and potentially allowing the attacker to access sensitive
information.

• Penny Shaving Attack

A penny-shaving attack is similar to a salami-slicing attack, but it involves the manipulation of financial transactions
in order to steal small amounts of money from a single account over a long period of time.
For example, a hacker infiltrates a company’s financial system and begins making small, unauthorized changes to the
amounts of financial transactions, such as rounding down the amount by a few cents or dollars and stealing a large
amount of money from several bank accounts
prevent salami attacks
 Strong passwords: Always try to combine letters, numbers, and symbols to make strong, unique passwords
that can help you prevent unauthorized access to your accounts.
 Enable two-factor authentication: Enabling two-factor authentication on your accounts can provide more
security to prevent unauthorized access.
 Use reputable financial institutions: Choosing reputable financial institutions can help to ensure the security of
your accounts.
 Regularly review your financial statements: Regularly reviewing your financial statements can help you to
spot any unusual activity on your accounts.
 Report suspicious activity: If you notice any suspicious activity on your accounts, it is important to report it to
your financial institution as soon as possible.

What is incomplete mediation link in respect to cyber security. ?

Incomplete mediattion is a type of non maliciout error,

" Incomplete Mediation Refers to the failure to properly validate and enforce access controls, allowing unauthorized
users or processes to access restricted resources or perform unauthorized actions.. When software does not properly
validate or identify user inputs, it may be susceptible to injection attacks, such as SQL injection or Cross-Site
Scripting (XSS).
Incomplete mediation is easy to exploit and attackers use it to cause security problems for example:
A malicious attacker may decide to exploit this peculiarity by supplying instead the following URL, where the price
has been reduced from $205 to $25:
http://www.things.com/order/final&custID=101&part=555A &qy=20&price=1&ship=boat&shipcost=5&total=25
The attacker could have ordered Objects from Things in any quantity at any price.

Consequences
 Unauthorized Access: Users or processes may gain access to resources they should not have access to.
 Data Breaches: If sensitive data is not properly protected by access controls, it could be exposed.
 Privilege Escalation: An attacker might gain higher levels of privilege than intended.
 Compromised Integrity: Data integrity can be compromised if unauthorized changes are made.
 System Compromise: Incomplete mediation can be an entry point for further system compromise.

Protect against incomplete meditation:

1.Principle of Least Privilege
 Grant users and processes only the minimum level of access needed.
  Reduces potential impact if incomplete mediation occurs.
2.Implement Proper Access Controls
 Use Authentication:: Always authenticate users before granting access to resources.Utilize
Authorization:
 Validate Access: Validate access rights every time a user or process attempts to access a resource,
rather than assuming it was already done.
3. Input Validation: Implement thorough input validation to prevent injection attacks that could bypass access
controls. This includes validating and sanitizing user inputs to prevent malicious inputs from causing
unauthorized access.
4. Regular Security Audits: Conduct regular security audits and reviews to identify any gaps or vulnerabilities
in the access control mechanisms. This can help catch incomplete mediation errors before they are exploited.
5.Secure Coding Practices
 Train developers in secure coding:
 Ensure access controls are implemented correctly.
 Understand common security vulnerabilities and mitigations.
6.Security Testing: Perform regular security testing, including penetration testing and vulnerability scanning, to
identify weaknesses in access controls

Unit 04

What is email security how to achieve email security in cyber security

Email security refers to various cybersecurity measures to secure the access and content of an email account and
service.Email security is important because malicious email is a popular medium for spreading ransomwares,
spywares, worms, different types of malware, social engineering attacks like phishing or spear phishing emails and
other cyber threats.

Proper email security can protect sensitive information in email communications, prevent phishing attacks, spear
phishing, email spoofing, and protect against unauthorized access, loss or compromise of one or more email
addresses.
There are three email security implementation (authorization) methods with sender authentication and
they’re SPF, DKIM, and DMARC.

Sender Policy Framework (SPF)

SPF is an email verification protocol that specifies who can send emails using a particular domain. The SPF uses the
Domain Name System (DNS) entries to check a sender against a list of authorized IP addresses. SPF is one of the
authentication techniques on which DMARC is based.
DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) is a system for authenticating email that works with modern Message Transfer
Agent (MTA) systems. This resource was created to help fight spam, and uses a digital signature to help email
recipients determine whether an email is legitimate.
DomainKeys Identified Mail a protocol that allows an organization to take responsibility for transmitting a message
by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through
cryptographic authentication.
Domain-Based Message Authentication, Reporting and Conformance (DMARC)
Domain-Based Message Authentication Reporting and Conformance DMARC is an email authentication protocol that
helps to detect and prevent email spoofing by verifying the sender’s identity. It works by combining the SPF and
DKIM protocols to create a more comprehensive authentication system. DMARC also provides feedback to the
sender about the emails that are sent from their domain.
Email encryption protocol likes: S/MIME: Secure/Multipurpose Internet Mail Extensions that uses digital
certificates to secure email communication and OpenPGP: Pretty Good Privacy protocol that uses a combination
of symmetric and asymmetric encryption algorithms. Can also be implemented.
Futrher more we can also implement email security policies and best practices like
 Strong password requirements: Email account passwords should be complex, difficult to guess, and changed
regularly. Employees should not use the same password for multiple accounts.
 Multifactor authentication: MFA adds an additional layer of security to email accounts. It requires users to
provide multiple forms of identification to access their accounts, such as a password and a fingerprint or a
password and a code sent to their phone.
 Email encryption: An email encryption solution reduces the risks associated with regulatory violations, data
loss, and corporate policy violations while enabling essential business communications.
 Email attachments: Create policies regarding acceptable file types for attachments and implement scanning
tools to detect malware before it enters the network.
 Regular software updates: Implemented a patch management strategy. Email security software should be
updated regularly to protect against new threats.
 Secure email gateway: An SEG safeguards an organization’s stream of email to block unwanted inbound
messages, like spam, phishing attacks, or malware, all while analyzing outgoing messages to prevent sensitive
data from leaving the organization.

What is the purpose of SSL and TLS

SSL Protocol stands for Secure Sockets Layer protocol, which is an encryption-based Internet security protocol that
protects confidentiality and integrity of data.
SSL is used to ensure the privacy and authenticity of data over the internet.
SSL is located between the application and transport layers.
At first, SSL contained security flaws and was quickly replaced by the first version of TLS that’s why SSL is the
predecessor of the modern TLS encryption.
Transport Layer Security, or TLS, is a security protocol designed to facilitate privacy and data security for
communications over the Internet.
TLS/SSL website has “HTTPS” in its URL rather than “HTTP”.
The main use of TLS is to encrypt the communication between web applications and servers, like web browsers
loading a website.
Component of TLS
 Encryption − It is used to hide the data being transferred from third parties.
 Authentication − It always ensures that the parties exchanging information are who they claim to be.
 Integrity − Integrity verifies that the data has not been tampered with.
Tls handshake working
1. Client Hello: Client (browser) requests a secure connection to the server, indicating supported TLS versions
and cipher suites.
2. Server Hello: Server responds with chosen TLS version and cipher suite.
3. Certificate: Server sends its digital certificate, including its public key.
4. Certificate Verification: Client verifies server's certificate for authenticity.
5. Pre-master Secret: Client generates a random pre-master secret, encrypts it with server's public key, and
sends it.
6. Session Key: Both client and server derive a session key from the pre-master secret.
7. Finished Messages: Both parties exchange "Finished" messages to confirm successful key exchange and
establish secure connection.
8. Encrypted Data Exchange: Data exchanged using the agreed-upon encryption algorithm and session key.
SSL / TLS Charateristics :
Cryptographic Algorithms:
● TLS uses various cryptographic algorithms for encryption, key exchange, and authentication.
● These algorithms ensure that data transmitted over the network is secure and confidential.
Cipher Suites:
 ● A cipher suite is a combination of cryptographic algorithms used for encryption, key exchange, and
authentication.
● The server selects the cipher suite during the handshake, and both the client and server use it for secure
communication.
Certificate Authorities (CAs):
● CAs are trusted entities that issue digital certificates to servers.
● These certificates contain the server's public key and other information, and they are used during the
handshake process to establish trust..
Secure Communication:
● TLS provides secure communication over the internet by using cryptographic algorithms, cipher suites,
and digital certificates.
● It ensures that data transmitted between the client and server remains confidential, secure, and tamper-
proof.
Key Exchange:
● During the handshake process, a shared secret key is established between the client and server using
asymmetric encryption.
● This key is used for encrypting and decrypting data, ensuring that only the intended recipient can read
the transmitted information.
Data Integrity:
● TLS provides integrity protection, ensuring that transmitted data has not been modified or tampered
with during transmission.
● This is achieved using cryptographic hash functions and message authentication codes (MACs).

What is SET protocol and how it protect sensitive information and what SET participant.
● Secure Electronic Transaction (SET) is a method that assures the security and integrity of electronic
transactions made using credit cards.
● SET is not a payment system; rather, it is a secure transaction protocol that is used via the internet.
● The SET protocol provides the following services:
○ It establishes a safe channel of communication between all parties engaged in an e-commerce
transaction.
○ It provides confidentiality since the information is only available to the parties engaged in a transaction
when and when it is needed.
● The SET protocol includes the following participants:
● Cardholder: An authorized holder of a payment card issued by an issuer.
 ● Merchant: An organization that offers goods or services through a website.
● Issuer: A financial institution that provides the payment cards to cardholders. The issuer is responsible for
issuing the payment cards (such as credit cards or debit cards) to customers.
● Acquirer: A financial institution that establishes an account with the merchant and processes payment card
authorizations and captures. When a customer makes a purchase, the acquirer processes the transaction on
behalf of the merchant.
● Payment Gateway: A function operated by the acquirer to interface between the SET protocol and existing
bankcard payment networks for authorization operations. The payment gateway acts as a secure intermediary
between the merchant's website and the payment networks to facilitate transactions.
● Certification Authority: A trusted entity that issues X.509v3 public key certificates to cardholders,
merchants, and payment gateways. These certificates are used to authenticate the identity of the parties
involved in the transaction and ensure the security of the communication.

SET working
 The customer opens an account with a card issuer. MasterCard, Visa, etc .
 The customer receives a digital certificate signed by a bank.
 A merchant who accepts a certain brand of card must possess two digital certificates. – One for signing & one for key
exchange
 The customer places an order for a product or service with a merchant.
 The merchant sends a copy of its certificate for verification.
 The customer sends order and payment information to the merchant.
 The merchant requests payment authorization from the payment gateway prior to shipment.
 The merchant confirms order to the customer.
 The merchant provides the goods or service to the customer.
 The merchant requests payment from the payment gateway.
Below are the main SET protocols which protect sensitive information regarding participants :
SET functionalities:
 Provide Authentication
  Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between
merchants and financial institutions. Standard X.509V3 certificates are used for this verification.
 Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user
or not using X.509V3 certificates.
 Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the message
being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for
encryption purposes.
 Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are
protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with
SHA-1,

What is WAP stack what are it uses.

WAP stands for Wireless Application Protocol. It is a protocol designed for micro-browsers and it enables mobile
device to acess internet. It uses the markup language WML (Wireless Markup Language ) which enables the creation
of web applications for mobile devices. In 1998,
o The WAP model consists of 3 levels known as Client, Gateway and Origin Server.
o The user opens the mini-browser in a mobile device. He selects a website that he wants to view. The mobile
device sends the URL encoded request via network to a WAP gateway using WAP protocol.
o The request he/she sends via mobile to WAP gateway is called as encoding request.

o The WAP gateway translates this WAP request into a conventional HTTP URL request and sends it over the
internet.
o When the Web server, the server processes the request just as it would handle any other request and sends the
response back to the request reaches a specified mobile device through WAP gateway.
o Now, the WML file's final response can be seen in the browser of the mobile users.
following are some most used applications of Wireless Application Protocol or WAP:
o WAP facilitates you to access the Internet from your mobile devices.
o It facilitates you to access E-mails over the mobile Internet..
o Online mobile banking is very popular nowadays.
o It can also be used in multiple Internet-based services such as geographical location, Weather forecasting,
Flight information, Movie & cinema information, Traffic updates etc. All are possible due to WAP technology.
Advantages of Wireless Application Protocol (WAP)
Following is a list of some advantages of Wireless Application Protocol or WAP:
o WAP is a very fast-paced technology.
o It is an open-source technology and completely free of cost.
o It can be implemented on multiple platforms.
o It is independent of network standards.
o It provides higher controlling options.
o It is implemented near to Internet model.
o By using WAP, you can send/receive real-time data.
o Nowadays, most modern mobile phones and devices support WAP.
Disadvantages of Wireless Application Protocol (WAP)
Following is a list of some disadvantages of Wireless Application Protocol or WAP:
o The connection speed in WAP is slow, and there is limited availability also.
o In some areas, the ability to connect to the Internet is very sparse, and in some other areas, Internet access is
entirely unavailable.
o It is less secured.
o WAP provides a small User interface (UI).

WAP Protocol Stack

WAP is designed in a layered fashion, so that it can be extensible, flexible, and scalable. As a result, the WAP protocol
stack is divided into five layers −
specifies the different communications and data transmission layers used in the WAP model:
Application Layer: This layer consists of the Wireless Application Environment (WAE), mobile device
specifications, and content development programming languages, i.e., WML.
Session Layer: The session layer consists of the Wireless Session Protocol (WSP). It is responsible for fast
connection suspension and reconnection.
Transaction Layer: The transaction layer consists of Wireless Transaction Protocol (WTP) and runs on top of UDP
(User Datagram Protocol). This layer is a part of TCP/IP and offers transaction support.
Security Layer: It contains Wireless Transaction Layer Security (WTLS) and responsible for data integrity, privacy
and authentication during data transmission.
Transport Layer: This layer consists of Wireless Datagram Protocol (WDP). It provides a consistent data format to
higher layers of the WAP protocol stack.
Each of these layers provides a well-defined interface to the layer above it. This means that the internal workings of
any layer are transparent or invisible to the layers above it.

Difference between a SET and SSL

S.
No. Secure Socket Layer Secure Electronic Transaction

Basics-
SSL is an encryption mechanism for order taking, Basics-
queries, and other applications and is available on SET is a very comprehensive protocol. It provides
the customer’s browser. privacy, integration, and authenticity.
It does not protect against all security hazards and is It is not used frequently due to its complexity and the
naturally simple and widely used. SSL is a protocol need for a special card reader by the user. It may be
for general-purpose secure message exchange. abandoned if it is not simplified.
1.
SSL protocol may use a certificate, but the payment SET is tailored to the credit card payment to the
gateway is not available. So, the merchant needs to merchant. SET protocols hide the customer’s credit
receive both the ordering information and credit card information from merchant and also hides the
card information because the capturing process order information from banks to protect privacy
should be generated by the merchant. called a dual signature. The SET protocol is
SSL protocol has been the industry standard for complex and more secure.
securing internet communication.

Working- Working-
SSL uses a combination of public-key and The dual signature mechanism is deployed by SET to
3. symmetric-key encryption to safeguard data safeguard a transaction. To use an e-commerce site,
transactions. SET requires the purchase of software. The design of
the protocol necessitates the client’s installation of an
The handshake technique is used by the SSL
e-wallet.
protocol, which permits the server to verify its
S.
No. Secure Socket Layer Secure Electronic Transaction

identity to the client. In case of unsuccessful

authentication, the connection will not be formed.

Integrity- Integrity-
4. The technique of Hash functions is used for this The technique of digital signatures is used for this
purpose. purpose.

Acceptability-
Acceptability-
5. SET acceptability is less because it’s necessary to
Its acceptability is more as compared to SET.
build an open PKI.

Functionality-
Functionality-
The Secure Sockets Layer (SSL) is not a payment
SET was created with the sole purpose of securing
protocol. SSL encrypts the communication channel
6. and ultimately guaranteeing a payment transaction.
between the cardholder and the merchant website
For example, increase in the possibilities for online
and is not backed by any financial institution. As a
retail growth only when consumer confidence grows
result, SSL is unable to ensure the security of a
in online shopping.
transaction.

Encryption- Encryption-
The purpose of SSL lies in prevention of data SET, which was created expressly to address the
7. tampering in client/server applications and has security of all parties involved in an electronic
considerably weaker encryption, with a maximum of payment transaction, uses 1024-bit encryption
128-bit encryption. throughout the transaction.

Authentication-
Authentication-
Here, all parties get authentication to the transaction
8. SSL certificates are not endorsed by any financial
because SET’s certificates are backed not just by a
institution or payment brand association, so they
Certificate Authority, but also by financial
cannot effectively validate all parties.
institutions and MasterCard International.

Security-
Security-
SET enables transaction security from the
9. SSL only protects the cardholder and the merchant, cardholder’s desktop to the merchant via bank
which is insufficient to prevent fraud. SSL approvals and back through the gateway, leaving an
transactions, in other words, are never assured. indisputable audit trail and, as a result, a guaranteed
transaction.
S.
No. Secure Socket Layer (SSL) Secure Electronic Transaction (SET)

1. Basics Basics

- Encryption mechanism for order taking, queries, - Comprehensive protocol for privacy, integration, and
etc. authenticity

- Not protect against all security hazards, simple

and widely used - Not used frequently due to complexity

- SSL protocol for general-purpose secure message

exchange - Tailored to credit card payment to merchant

- Industry standard for securing internet

communication - Complex and more secure

2. Developed by Developed by

- Netscape - MasterCard and Visa

3. Working Working

- Uses public-key and symmetric-key encryption - Uses dual signature mechanism

- Handshake technique for server identity

verification - Requires purchase of software

4. Integrity Integrity

- Uses Hash functions - Uses digital signatures

5. Acceptability Acceptability

- More acceptable compared to SET - Less acceptance due to building open PKI

6. Functionality Functionality

- Not a payment protocol, encrypts communication - Created to secure and guarantee payment transactions

- Growth in online retail with increased consumer

- Unable to ensure transaction security confidence

7. Encryption Encryption

- Weaker encryption (up to 128-bit) - 1024-bit encryption throughout transaction

8. Authentication Authentication

- SSL certificates not endorsed by financial

institutions - SET's certificates backed by financial institutions

9. Security Security
S.
No. Secure Socket Layer (SSL) Secure Electronic Transaction (SET)

- Only protects cardholder and merchant, no - Transaction security from cardholder to merchant,
assured transactions guaranteed transaction

WHAT IS 3D SECURE PROTOCOL AND EXPLAIN THE WORKING OF 3D SECURE PROTOCOL ?????
3D Secure is an authentication protocol that was developed by Visa to enhance the security of online payments.
This protocol was made to enhance the security of online payments and protect both the card issuer and the
cardholder from fraudulent activities
The 3D Secure protocol is used to verify the cardholder’s identity during an online transaction. This is done by
requiring the cardholder to provide an additional authentication code sent to their registered mobile number or email
address. The code is used to validate the transaction and ensure that the cardholder is indeed the authorised user of the
card.

3D Secure is so named due to the three-domain model that the technology relies on to provide extra security at online
checkout. These three domains are:

 Acquirer domain (the merchant’s bank)

 Issuer domain (the cardholder’s bank)
 Interoperability domain (the infrastructure provided by the card company to support 3D Secure)

How does 3D Secure work?

Here are the steps involved in a typical 3D Secure payment:
1. The customer initiates an online transaction on the merchant's website.
2. The payment gateway checks whether the customer's card is enrolled in 3D Secure. If it is, the payment
gateway sends a request to the card issuer to verify the transaction.
3. The card issuer sends an authentication code to the customer's registered mobile number or email address.
4. The customer enters the authentication code on a page hosted by their card issuer.
5. The card issuer verifies the code and sends an authorisation response to the payment gateway.
6. If the authentication is successful, the payment gateway completes the transaction and sends a confirmation
message to the merchant's website.
7. If the authentication fails or the customer does not complete the process, the payment will not be authorised,
and the transaction will be declined.
8. If the 3D authentication fails, the transaction is declined, and the customer is not charged. The customer can
then contact their card issuer to resolve any issues and re-attempt the transaction.

WHAT IS TIME STAMP PROTOCOL AND HOW IT WORKS

The Trusted Timestamping Protocol is a method used to securely record the time at which certain data or documents
were created or modified. Its main goal is to provide a verifiable proof that the data existed at a specific point in time
and has not been altered since that time. This protocol is crucial for various applications, including legal evidence,
financial transactions, research data, and more.

Working of Trusted Timestamping Protocol

1. Creating a Timestamp:
 Data Hashing: The process starts with hashing the original data using a cryptographic hash function.
This hash serves as a unique fingerprint for the data.
  Sending Hash to TSA: The hashed data is sent to a Trusted Timestamping Authority (TSA).
 Timestamp Addition: The TSA appends a timestamp to the hash.
 Hashing the Combination: The TSA then calculates the hash of the combined timestamp and hash.
This new hash is unique to this specific data at that specific time.
2. Digital Signature:
 The TSA then signs this new hash with its private key. This signed hash, along with the timestamp, is
returned to the requester.
3. Storage:
 The requester stores this signed hash and timestamp along with the original data.

Checking the Timestamp:

 Hash Recalcula on: To verify the mestamp later, the requester recalculates the hash of the original data.

 Appending Timestamp: The mestamp from the TSA is appended to this recalculated hash.

 Hashing the Concatena on: The requester then hashes this combined value to get Hash A.

(Diagram source: Wikimedia Commons)

 Signature Verifica on:

 The requester uses the TSA's public key to decrypt the digital signature from the original mestamped data.

 This decryp on produces Hash B.

 Hash A and Hash B are compared. If they match, it means the mestamped data has not been altered, and the
mestamp was issued by the TSA.

Advantages:
  Tamper-Proof: Once a timestamp is generated and verified, it is nearly impossible to alter without detection.
 Verifiability: Timestamps can be easily verified by anyone using the public key of the TSA.
 Decentralization (Blockchain): Provides a decentralized and transparent way to timestamp data, making it
useful for a wide range of applications.
Limitations:
 Cost: Setting up and maintaining a trusted timestamping infrastructure can be costly.
 Dependence on TSA: Relies on the integrity and reliability of the Trusted Timestamping Authority.

Explain email security in contacts of cyber security and write how to achieve it.

WHAT IS EMONEY AND WHAT ARE ITS ADVANTAGES

Electronic money (e-money) is a form of digital currency stored on hardware or software products, facilitating
seamless payments. Unlike cryptocurrency, e-money is backed by traditional fiat currency. It resembles digital cash
with properties akin to physical currency. For instance, holding e-money doesn't accrue interest.
E-money exists in two forms:
Hardware-based e-money products don’t necessarily need online connections. Instead, the monetary value rests on
a physical device called a hardware wallet (i.e. a chip card or a prepaid app on a mobile phone). Top-up and
withdrawal typically proceed via a special device reader, while payment typically occurs at a specific physical point-
of-sale
Software-based e-money products would perhaps appear to be the “standard” e-money use case these days. Taking
this form, our electronic money is stored and transferred digitally via software that runs on personal computers,
tablets or smartphones. Via such emoney, we can conduct our electronic payment (or e-payment), using an e-wallet
provider (such as PayPal). Naturally, all this requires an online connection with a remote server

Here's a concise summary of the advantages of e-money:

1. Security: E-money is considered more secure than cash due to various factors such as encryption technology,
customer authentication (like multi-factor authentication), and regulatory standards. It reduces the risk of
misplacement or errors in transactions. Additionally, service providers implement KYC (Know Your
Customer), anti-fraud, anti-risk, and AML (Anti-Money Laundering) compliance measures to protect users'
funds and identities.
2. Convenience: E-money provides unparalleled convenience, especially for online transactions. With e-wallets,
users can store their payment information securely and make purchases with a simple click..
3. Fast Transactions: Transactions with e-money are lightning-fast. Whether it's at a point-of-sale terminal or an
online shop, payments happen instantly. Online transfers between accounts using e-money are much quicker
compared to traditional wire transfers, often taking only minutes instead of several days.
4. Reduced Fraud Risk: E-money transactions often come with additional layers of security, reducing the risk
of fraud. Features like real-time monitoring, transaction alerts, and secure authentication methods make it
more difficult for unauthorized parties to access funds.
5. Global Accessibility: E-money transcends borders, making it easy to send and receive money internationally
without the need for currency exchanges or lengthy processing times. This is particularly beneficial for
businesses with global operations or individuals who frequently travel or send money abroad.
6. Record-Keeping: E-money transactions leave a digital trail, providing users with detailed records of their
spending and transactions. This can be helpful for budgeting, tracking expenses, and financial planning.