804 : Security in Computing

Prof. Jayesh N. Modi.

Department of Computer Science,
HNGU, Patan.
Topics To be Discussed
What is security?
What is Computer Security?
What does Secure means?
What is intruder?
What is cryptography?
Cryptography
Strongest tool for providing Security
Terminology
Sender S
Recipient R
Channel T
Outsider O
Four types of Attacks
 Block – preventing to reach to destination
 Intercept – reading or listening to the message
 Modify – changing in some way
 Fabricate – authentic looking message delivered as
original sender
Terminology
Encryption(encode, Enciphering)
Decryption(Decoding, deciphering)
Cryptosystem
Plaintext
Cipher text
C=E(P)
P=D(C)
Encryption Algorithm
Encryption Key
Keyless Cipher
 Encryption Process

Plain CipherTe Plain

Text Encryption xt Decryption Text
 Two Types of Encryption Process
Key

Plain CipherTe
Text Encryption xt Decryption

(A) Symmetric Cryptography

Encryption Key KE Decryption Key KD

Plain CipherTe
Text Encryption xt Decryption

(A) Asymmetric Cryptography

 Cryptography means hidden writing and it refers
to the practice of using conventional text.
 Cryptanalyst studies encryption and encrypted
message, hopping to find the hidden message.
 An encryption algorithm is called breakable
when, given enough time and data, an analyst
can determine the algorithm.
The cryptanalysis' can perform
break a single message.
Recognize pattern n encrypted message
Deduce the key
Find weakness in general encryption algorithm
 Representing Character
Modulo 26-letter
Letter A B C D E F G H I J K L M N O P Q R S
T U V W X Y Z
Code 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
19 20 21 22 23 24 25

A+3=D K – 1 = J Y + 3 =B
Types of encryption
Substitution
Caesar cipher
One- time pad substitution
Vernam cipher
Book cipher
Vigenere cipher
Transposition (Permutation)
Columnar cipher
Cross cipher
Advantage s and disadvantage of cipher.
How to crack it.
Vigenere tableau
Shannon’s Characteristics of “Good”
Cipher
Secrecy needed amount of labor
Set of keys and algorithm should be free
from complexity
The implementation of the process should
be as simple as possible
Errors in ciphering should not propagate
and cause corruption of further information
in the message.
The size of the enciphered text should be
no longer than the text of the original
message.
Properties of trustworthy Encryption
System
It is based on sound Mathematics
It has been analyzed by competent experts
and found to be sound
It has stood the test of time.
Stream vs. Block Ciphers
 Comparison
Stream Encryption Block Encryption
Algorithm Algorithm
Advantages Speed of Transfer Faster High Diffusion
Low Error Propagation Immunity to insert of
symbol
Disadvantage Low Diffusion Slowness of Encryption
s Susceptibility to Malicious Error Propagation
Substitution
Compare Between Confusion and Diffusion
The Data Encryption Standard
Developed for us government in the early
1970.
Product Cipher
M

Original Message

E1(M)

After Applying Cipher E1

E2(E1(M)

After applying Product of Cipher E1. E2

AES (Advanced Encryption
Standard)
Symmetric algorithm
Designed by rijndael in 1997-1999.
Problem with DES
Unclassified
Publicly disclosed
Available for royalty free
Not usable with different keys
Contd…
128 bits block cipher
Key size 128,192,256 round required
10,12,14
Represented in blocks of 4 X 4 matrics
Operations on AES
Byte Substitution
Shift row
Mix columns
Add round key
Public Key Encryption
 Motivation

 Characteristics
P=D(KPRIV, E(KPUB,P)) P=D(KPUB, E(KPRIV,P))
RSA( Rivest-Shamir-Adelman) Algori
thm
The Application of Encryption
Hash Function
Key Exchange
Digital Signature
Check
Signature
Authentication
Cannot be reused
Not alterable
Certificate
What is Security?
Security is the protection of information,
systems and services against disasters,
mistakes and manipulation so that the
likelihood and impact of security incidents is
minimized. It consist of
Confidentiality
Integrity:
Availability:
Legal Compliance:.
A threat is a danger which could affect the
security (confidentiality, integrity, availability)
of assets, leading to a potential loss or
damage.
necessary?
Customer information or accounting
information could be disclosed, affecting
credibility.
This information could be used by (new)
competitors to launch more effective
marketing campaigns.
Virus development has continued at an
alarming rate in the last few years, leaving
few, if any companies untouched.
System interconnection increases security
risks significantly:
The following figures are included (source:
Datapro Research) as example, to give an idea
what is going on in the real world.
Common Causes of damage : Human Error 52%,
Dishonest people 10%, Technical Sabotage 10%,
Fire 15%, Water 10% and Terrorism 3%.
Who causes damage? Current employees 81%,
Outsiders 13%, Former employees 6%.
Types of computer crime: Money theft 44%,
Damage of software 16%, Theft of information
16%, Alteration of data 12%, Theft of services
10%.
IT security requirements
are often specified in
terms of
Assurance
Identification / Authentication
Accountability/Audit Trail
Access Control
Object Reuse
Accuracy
Non Repudation
needed?
A security policy is a preventative
mechanism for protecting important
company data and processes. It
communicates a coherent security
standard to users, management and
technical staff.
How to improving security?
Knowing what data & processes need to be
protected.
Recognizing the threats, judging possible
impacts.
Calculating the risks and deciding what risks
are acceptable.
 Counter measures: Developing a strategy to
reduce the risk to an acceptable level, then
implement, test and tune the strategy.
Keep it simple
Keep it coherent.
Keep to standards if possible.
Two Security Approach
Top – Down : more precise, but can be slow and
have high initial costs.
Bottom – Up : faster but not more precise.

Where security needs to be "urgently"

improved, it is suggested to use both methods
in parallel i.e. use the bottom up approach for
important "well known" systems and the top
down approach to have a long term, precise
policy, strategy and vision on security that is
supported and understood by management.
Bottom Up Security Approach
 Understand what current policies, network topology, operating
procedures and user practices are in use.
 Consider creating an attack profile. i.e. if you were an attacker, how
would you go about attacking the company? What networks/systems
are visible via external network connections, modems etc.? Where are
important systems kept, how physically accessible are they? How would
you persuade employees to give you passwords? Trying to think like an
attacker will open surprising possibilities (and hence weaknesses)!
 Summaries weaknesses in the previous 2 points, make a short list of
what weaknesses and future threats are to be countered.
 Define an information policy (if not already existing). Classify
information. Recognize what information is most important. Distribute it
and educate users.
 Create a user policy, distribute it and educate users.
 Create technical guidelines for the secure installation, maintenance and
production of your servers and networks (or other perceived weak
points). Audit sensitive systems regularly.
Top Down Security
Approaches
Asset Analysis
Analyse current security rules/policies/practices
(if any).
Define basic Security Objectives:.
Threat Analysis:
Impact Analysis:
Calculate Risk:
 Constraints Analysis:
 Decide on a counter strategy:
 Implementation:
 Assurance:
 Security Policy
A security policy is a statement of management
strategy as regards security. The policy statements
are grouped under the following headings:
Corporate Policy
Information Security Policy
Personnel Security Policy
Physical and environmental security policy
Computer & Networks Security Policy
System Administration
Network Policy
Application Development Policy
Business Continuity Planning
Critical Success factors
Successful implementation of information security depends
on:
Security objectives and activities must be based on
business objectives and requirements, and led by
business management.
There must be visible support and commitment from top
management.
There must be a good understanding of security risks
(threats and vulnerabilities) to Company assets, and the
level of security inside the organization.
Security must be effectively marketed to all managers
and employees.
Comprehensive guidance on security policy and standards
must be distributed to all employees and contractors.
Corporate Policy
Information Security
All major information assets shall have an
owner.
The owner shall classify the information into
one of the sensitivity levels , depending on legal
obligations, costs, corporate policy and
business needs. He/she is responsible for
protection of this information.
The owner shall declare who is allowed access
to the data.
The owner is responsible for this data and shall
secure it or have it secured according to it's
sensitivity.
Classification of Information
Public / non classified Information
Internal Information
Confidential Information
Secret Information

Guidelines for Storage, transmission and

destruction.
Personal Security Policy
Ethics
Password Policy
Content
* mixture of numbers, capital letters, small letters,
punctuation.
* easy to remember (don't need to write it down).
* easy to type quickly (difficult for an observer).
 Examples
* choose a line or two of a poem, song etc. and
use just the first letters.
* join two small words with a strange character.
* invent an acronym.
Cntd..
 Bad examples
* name of your spouse, parent, colleague, friend, pet, towns,
months, days.
* number of car/motorbike registration, telephone.
* common dictionary words (French, German, English, Italian..).
* a series of identical numbers/letters.
* Obvious keyboard sequences.
* Any of the above in inverse or with a number before or after.
 Guidelines
* don't write it down, or disclose via email.
* Default passwords should not be used.
* Don't give your password to others.
* If passwords are disclosed on a system, change them immediately.
* Avoid sharing the administrator (or root) password. Use user
groups or utilities such a su instead.
 The user will probably choose better passwords if he only has to
remember one single password.
Cntd..
 Inform users in detail of cracking dangers/successes. A well educated user is the best way to
ensure good choice of passwords.
* All vendor defined default passwords must be changed before the system is used.
* Passwords should be stored in encrypted form. The encryption should be strong, resisting brute
force decryption for at weeks on a powerful workstation.
* Passwords should not be displayed when being entered, neither should a "*" be shown for each
character.
* A user should not be able to read other users (encrypted) passwords (from the password file).
* Embedding of clear-text passwords into software should be avoided at all costs. Embedded
encrypted passwords are also to be avoided where possible.
* A password minimum age, maximum age, minimum length & history list should be specified. E.g.
 Minimum age = 2 days, Maximum age = 6 months, Minimum length = 6 characters.
Minimum age = 2 days, Maximum age = 30 days, Minimum length = 6 characters.
Password history: the use of the last 5 passwords should be prohibited.
 * The allowed password content should be specified. The system should check the password
content according to these rules, before accepting the password. E.g. see section bad examples
above.
* Users should not be able to change other user's passwords, but the account operator can change
user passwords.
* When special application accounts (e.g. oracle under UNIX), their passwords should be blocked
to prevent interactive logon.
* Force change of password on first login, if possible.
* Consider the use of stronger authentication (e.g. smart tokens, Chip Cards, biometrics etc.).
* If possible provide automatic password generation (to help the user).
* A password checker should regularly ( once per week) check for weak passwords.
General Software Policy
Unlicensed software should not be used.
Games are allowed on the system, if the system
administrator can ensure that they will not use
more that 5% (for example) of resources
(disk/memory/CPU) and they are not abused.
Unix: set-user-id (SUID) and set-group-id (SGID)
scripts are not allowed on the system. Use tainted
perl or compiled programs instead.
Public domain software may be used on class &
systems with a TCB (i.e. not DOS/Windows), if the
system administrator responsible for the
installation is convinced of the integrity of the
author / sources
Networks
 Confidential information:
 Confidential data transmitted over public networks shall be encrypted.
 Connection to networks:
 A User may not connect a machine to any network except the corporate LAN.
 Access to external (public & private) networks shall occur over a Firewall. All
Firewalls shall be installed and maintained by corporate security.
 Modems:
 Users may not have modems on their machines.
 Dial-in access to the corporate LAN is allowed for certain users. All Dial-in access
shall occur via secured Servers with one-time-password mechanisms.
 Email
 Users should be aware that conventional email systems often guarantee neither
privacy or proof of origin or receipt. In many systems the system administrator can
read all email.
 Class data may be sent internally within the company without encryption. Class
should be encrypted. Class data may not be transmitted via email.
 Only Class data and information specifically allowed for projects with external
entities may be emailed outside the company.
 Users should be aware of the risks of opening documents with macros, postscript
files, and installing programs received via email.
Internet
The Internet offers many risks such as:
 Disclosure of confidential information.
 The corporate network may be penetrated by hackers from the Internet.
 Information may be changed or deleted.
 Access to systems could be denied due to system overload.

A specific Internet policy should exist, be well known and be enforced.

 All outgoing access to the Internet must go over approved company gateways
which have been certified as conforming to the corporate security policy.
 Who is allowed standard (WWW) Internet access? (e.g. administrators, research
units)
 Who is allowed Internet email access? (e.g. everyone!)
 When is access not allowed? (e.g. not from class servers).
 What Internet client software are allowed (e.g. corporate standards)?
 What may Internet clients not be used for? (e.g. Pornographic material,
downloading dangerous or unlicensed software, excessive private use etc.)
 Who may provide Internet services? Under what conditions (e.g. approved
Firewall policy, only publicly classified information may be published).
Laptops and portable
computers
Some issues are:
 Educate users as to the risks of Laptop usage.
 Password protection in office applications such as Winword is not a protection against the informed attacker.
 Removable hard disks allow the user to easily protect the most important component by putting it in his pocket. On the
other hand, it makes it easier to steal information.
Possible policies are:
 Have laptops prepared and installed by professional IT staff. Have knowledgeable staff who can offer sound advice on
the choice of laptop model.
 If possible install a file encryption program which provides strong encryption[5] and is easy to use. A disk encryption
program is also an alternative, but may require more administrative overhead and affect performance and
compatibility.
 Consider using an operating system (such as UNIX or NT) where a normal user does not have full access to the system.
 Users are responsible for their Laptops outside the corporate buildings.
 Automatic screen locking mechanisms and boot passwords should be used where possible. Boot passwords offer a
protection against the curious, but not a informed attacker.
 An active virus scanner must be installed (provide it free of charge to all corporate users).
 Carry Laptops as hand baggage on public transport.
 Class data should not be transported on laptops unless it is encrypted.
 Switch off the computer when not in use.
 Never store passwords on the Laptop which allow access to corporate network systems.
 Communication:
 Do not transmit class data across insecure networks (such as Internet, Mobile-GSM, Infrared etc.) unless encrypted.
 Dial-in access to the corporate network should be specified in the Network access policy.
 Turn off modems when not in use.
Computer & Network Policy
System Administrator Policy
 The following need to be defined:
 Who/where updates administration policies ?
 Who is authorized to grant access and approve usage? Who may have system administrator privileges? [6]
 What are the rights and responsibilities of an administrator?
 Are users to be allowed root/administrator access to their workstations?
 The current directory should never be in the directory search path for administrative users (prevention of trojan horses). `

Physical Security
 A Physical Security policy document should exist detailing the measures taken to protect buildings as regards
disasters (flooding, fire, earthquakes, explosions, power outage), theft, access control, safes, computer rooms
& wiring cabinets.

Access control
 All users should be authorised.
 Users should be able to set the privileges of objects belonging to them in their environment.
 Users should be prevented from deleting others user's files in shared directories[7].
 Consider allowing root login only via the console.
 It should be possible to control user access to all objects on the system (files, printers, devices, databases, commands,
applications etc.) according to a stated policy.
 Users should not be able to examine the Access Control granted to other users.
 It should be possible to label data with a classification to .
 Mandatory access control should be provided.
Logon Policy
 Accounts should only exist for authorised persons.
 Each user must be identified by a name or number and belong to a group.
 Username and group name structure should be standardised enterprise wide (number of characters, composition) if
possible.
 User and groups must be managed by the administrator (or equivalent), not by users themselves.
 Group accounts are to be avoided (class forbidden).
 Each user should have only one account on the system.
 If guest accounts are used, their working environment should be very restricted
 Guest accounts are not allowed.
 Usernames and passwords should not be distributed in the same communication.
 When a user is transferred or terminates employment, his account should be blocked or deleted immediately. Procedures
should exist whereby the personnel administration automatically informs system administrators.
 A screenlock should be activated after 15mins idle time with password protection.
 The current directory should not be included in the users search path.
 User application & system configuration should only be writable by the user and not be world readable[8].
 The users file creation mask ("umask" on UNIX) should not give world read or write access to new files created.
 Users should be informed of actions that violate security. Likewise they must inform their security administrator if they
suspect a security violation.
 If an account is subjected to continuous login failures in short period of time (e.g. 20 attempts in 1 hour), block the account
and notify the user. Don't do this for administrative accounts (open a denial of service attack weakness)!
 When a user logs on the following should be displayed:
 a legal notice informing the user of implications of system abuse.
 the time & device of last successful and unsuccessful login (user should check that they are correct).
 Logons should only be enabled when necessary (e.g. between 06:00 and 22:00 Monday to Friday.
Accountability and Audit
 Audit trail logs and programs/utilities must be protected. They should only
be accessible by security personnel.
 Logs should not contain passwords.
 System administrator activity (especially use of su in UNIX) should be
logged.
 Unsuccessful login attempts should be logged (and possibly notified).
 Important events should raise an alarm (high priority message)
automatically.
 It should be possible to specify auditing on a per subject and per object
basis.
 Each entry in the audit log should contain at least: Username or UID, date
& time, terminal id, error level (success or failure) and event description.
 Logs should be kept on read-only media if possible (paper, WORM). Logs
should also be forwarded to a specially secure machine instead of locally
on each machine, if possible. Avoid storing logs on shared filesystems.
 All machines should have their clocks synchronised to guarantee the
validity of audit log timestamps.
Reliability of Service
 Backup & Restore Policy
 Backups should be made regularly and some backup media
should be stored regularly off-site.
 Class backups should be stored in a locked safe. All media must
be accounted for. Old tapes must be destroyed, not thrown away.
 Change Management (sw/hw installations or updates)
 Only system administrators should install or update software on
servers. Users may not install software on class workstations.
 Systems should be cleanly installed according to vendor
instructions.
 A change log, detailing all changes to a system should be kept on
EVERY server. It is suggested that as a minimum, a simple text
file be created (e.g. /etc/mods) containing: Date, sysadmin name,
files changed and reason/comment.
 OS installations should include installation of all recommended
patches.
Software Development
Policy
General Guidelines
Separate development and production environments
and data.
Consider security to be an integral part of application
development.
Test data should not contain confidential information.
Consider using a secured language (e.g. Java rather
than C, Tainted Perl rather than Perl).
Consider having major new systems ITSEC approved.
Production Guidelines
What documentation is to delivered with an
application? E.g. Operating, Installation,
Administration, Security, User Manuals.
Business Continuity Planning
Security crisis/disasters
If a serious attack or disaster occurs:
 The Firecall team should take charge.
 The concerned machine should be disconnected from the
network.
 Document every single action taken, events, evidence found
(with time & date).
 Analyse the system: what files changed? What
programs/accounts were added or modified? If modifications
are found, check for these modifications on similar systems.
 Notify administrators, management and law enforcement
authorities as required.
 If you discuss details of the attack with anyone via email, use
encrypted email with signatures.
 Report the incident to a CERT/FIRST if necessary .
Enforcement
Users who do not adhere to this policy shall
be warned and the corresponding line
manager informed. A user who continues to
ignore warnings may be removed from his
function.
Physical Security
Buildings
Transport of Data
Backups
Disks
Laptops / mobile computers
Printers
Computers
"Clean desk"
 Buildings
 Zones should be defined, for example:
 Zone 1: Areas open to the public.
 Zone 2: Areas not open to the public, open to company staff.
 Zone 3: Protected areas. Only accessible with identification, access strictly
controlled. Don't allow externals unaccompanied access.
 Buildings should always be locked, except for access via a reception area during office
hours.
 Public areas shouldn't have any computers with access to the internal Data Network,
unless through a Firewall.
 Server rooms must be locked, if possible with electronic card access (Audit list).
 Consider protect sensitive computers against radiation.
 Consider protecting systems against Electromagnetic Pulses.
 Server rooms must be locked, with electronic card access (Audit list). Very few people
should have access.
 Buildings must be monitored 24 hrs x 7 days by security personnel.
 Access to server rooms should be recorded on Video.
 Contingency plans should exist which cover events such as power cuts, theft, fire,
flooding, explosions, earthquakes (where necessary) etc.
8.2 Transport of Data
What is the company policy on the use of
public, private, company transport as respects
the transport of Information (paper, diskettes,
disks, tapes, computers..)?
8.3 Backups
Backup media should be stored in locked safes
or locked rooms.
Regular backups (at least once per month)
should be stored off site.
Backups should only be transported by secure
methods (like money transport).
 8.4 Disks
 Floppy and removable disks are often a source of virus and illegal software (as is Email).
They may be also used to illegally copy confidential data. When data is erased from
diskettes, it must be completely erased (a standard product should be recommended for
PCs). Floppy drives are rarely needed when users have reliable networked printers, file
servers and email available.
 Removable hard disks and floppy disks should only be used where absolutely necessary.
 Avoid copying data to floppy disk.
 Floppy drives should be removed, unless the internal network is considered too insecure.
Removable disks can be more secure than using a network server since all data is kept
locally. In this case disks must be kept carefully in a locked safe.
 Confidential data should be encrypted. If the network server is not considered secure
enough, files may be treated locally, encrypted (using DES for example) and then saved
on the network server. This is preferable to the use of removable disks since regular
backups will be made. The risk of losing data is minimised (unless the DES key is lost or
forgotten).
 Forbid repair of confidential disks, they must be destroyed unless it is 100% sure that the
disk has been written with nulls or 1s. Products which promise this feature presumably
require that the disk can still be accessed..
 All disks should be classified and the classification level should be written on the disks.
 Consider protecting media against Electromagnetic Pulses.
8.5 Laptops / mobile computers
Protect (encrypt) Laptop hard disks or individual
files/directories (a standard software should be
defined).
8.6 Printers
Only Printers in directors offices or restricted access
rooms should be used for printing confidential
information.
8.7 Computers
EPROM passwords should be used on PCs and
workstations.
Screens not used for 15 min should be blanked
automatically with password protection.
Computer housings should be locked if possible
Key Points
Unauthorized intrusion into a computer system or
network is one of the most serious threats to computer
security.
Intrusion detection systems have been developed to
provide early warnings of an intrusion so that
defensive action can be taken to prevent or minimizing
damage.
Intrusion detection involves detecting unusual patterns
of activity or patterns of activity that are known to
correlate with intrusions.
One important element of intrusion prevention is
password management, with the goal of preventing
unauthorized users from having access to the
passwords of others.
Intruders
Unauthorized intrusion into a computer
system or network is one of the most
serious threat to computer system. Types
of computer intruders are as follows:
Masquerader : to be outsider
Misfeasor : to be insider
Clandestine User : either Outsider or insider
Some of the Frequent attack on
Computer
Reported by Bell Labs
Attempts to copy the password file at a rate
exceeding once per every other day
Suspicious remote procedure call request at a
rate exceeding once per week
Attempts to connect to nonexistent “bait”
machines at least every two weeks.
Two levels of Hacker: High Level and Low Level
One of the result of the growing awareness of
the intruder problem has been the
establishment of a number of computer
emergency response team(CERT).
Intrusion Techniques
The password file can be protected in one of two ways:
 One-way function
 Access control

Some of techniques to learn password by hacker.

1. Try default password.
2. Exhaustively try all short password.
3. Try word’s in system directory.
4. Collect information about user, full names, names of their
spouse and children, pictures in the office, etc.
5. Try user’s phone number.
6. Try all license plate number.
7. Use trojan horse.
8. Tap the line between a remote user and the host system.
Intrusion Detection
Motivation of the intrusion detection.
If an intrusion is detected quickly, the intruder can be
identified and ejected from the system before any
damage is done or compromised. Even if the detection is
not sufficient timely to preempt the intruder, the less the
amount of damage.
An effective intrusion detection system can serve as a
deterrent
Detection technique enables the collection of information
about techniques strengthen the intrusion prevention
facility.

It is based on the assumption that the behavior of the

intruder differs from that of a legitimate user in ways that
can be quantified.
Intrusion Detection
Statistical anomaly detection : collection of data
relating behavior of legitimate user over a
period of time.
Threshold detection
Profile based
Rule based detection : set of rules that is used
for the behavior of is that of an intruder.
Anomaly detection
Penetration identification
Audit Record
Native audit records
Detection-Specific audit records
Sample format of Audit
Records
Subject
Action
Object
Exception-Condition
Resource-Usage
Time-Stamp
Example of metrics that are useful for profile
based
Counter : a non-negative integer that may be
incremented or decremented until it is reset by
management action.
Guage : a non-negative number that is increment or
decrement.
Interval time:
Resources Utilization :
Based on some measurement :
Mean and standard deviation
Multivariate
Markov Process : Transits Probability.
Time Series
Operational Model.
The Base-Rate Fallacy
False alarm rate an acceptable level.
Distributed Intrusion
Detection
Three issues
Native audit
One or more node serve as collection and
analysis point
Centralized or decentralized
A Good example
Host Agent Module : audit collection module
LAN monitor agent Module : It Analyze the Lan traffic
Central Manager Module: Receive Reports from both
host agent and LAN Monitor

Honeypots : a relative new detection technique that

include:
Divert an attacker from accessing critical system.
Collect information about the attacker’s activity.
Encourage the attacker to stay on the system long
enough for administrator to respond.
Password Management
Introduction:
Id determine whether user is authorized or not.
Id determine the privilege.
It also referred as discretionary access control.
Unix password management system.
Salt value is used of 12 bits
 It prevents duplication.
 It effectively increase the length without requiring to
user remember extra bits
 It prevents the use of hardware implementation of
DES
Password Selection
Strategies:
User education : guidelines provided for
selecting password
Computer-generated password : quite
random in nature, user will not able to
remember it.
Reactive password checking : the system run
password checker to find guessable
password.
Proactive password checking : user is allowed
to select her or his password still at the time
of selection some guidelines‘
Key Points
 Malicious software is a software that is intentionally included
or inserted in a system for a harmful purpose.
 A virus is a piece of software that can infect other programs
by modifying them: the modification includes a copy of the
virus program which can then go on to infect the other
programs.
 A worm is a program that replicate itself and send copies
from computer to computer across network connections.
Upon arrival, the worm may be activated to replicate and
propagates again. In addition to propagations, the worm
usually performs some unwanted function.
 A denial of attack is an attempt to prevent legitimate users of
a service from using that services.
 A distributed denial of services attack is launched from
multiple coordinated sources.
Malicious code
Two types : those that need a host program
example virus , logic bombs and trapdoors
and those that are independent example
worms and zombie programs.
Name Description
Virus Attaches itself to a program and propagates copies of
itself to other program
Worm Program that propagates copies of itself to other
computer
Logic bomb Triggers action when condition occurs
Trojan horse Program that contains unexpected additional
functionality
Backdoor(Trapd Program modification that allows unauthorized access
oor) to functionality
Exploits Code specific to a single vulnerabilities or set of
vulnerabilities
Downloader Program that install other items on a machine that is
under attack. Usually, a downloader is sent in an e-mail.
Auto-rooter Malicious hacker tools used to break into new machine
remotly
Kit(Virus Set of tools generating new virus automatically
Generator)
Spammer Used to send large volumes of unwanted e-mail
programs
Flooders Used to attack networked computer system with a large
During its life time virus goes through the
following four phases:
Dormant phase : Ideal
Propagation phase : Each infected program
has identical copy
Triggering phase : it can cause variety of
action invent
Execution phase : the function is performed.
A Simple Virus
Program V:=

[goto main;
1234567;

subroutine infect-executable
:=
{loop
file :=get-random-
executable-file;
if(first-line-of-
file=1234567)
then goto
loop
else prepend
V to file; }
subroutine do-damage :=
{ whatever damage is
to be done }
subroutine trigger-pulled : =
{ return true if some
Cntd..
When this program is invoked, control passes
to its virus, which perform the following steps;
For each uninfected file P2 that is found, the
virus first compresses that file to produce P2
which is shorter than the original program by
the size of the virus.
A copy of the virus is prep-ended to the
compressed program.
The compressed version of the original infected
program p1 is uncompressed.
The uncompressed original program is
executed.
Types of Viruses
Parasitic virus : most common form of virus.
Attaches to file and replicates itself.
Memory-resident virus : lodges in memory
Boot sector virus : infects a master boot record
Stealth virus : a virus explicitly designed to
hide itself from detection by antivirus software.
Polymorphic virus : a virus that mutates with
every infection, making detection by the
signature of the virus impossible.
Metamorphic virus : this virus exactly same as
polymorphic virus only difference is it change
their behavior as well as their appearance.
Macro viruses
It is really treating for following reason:
A micro virus is platform independent. Macro
virus infect Microsoft word and and infect all
the hardware and operating system.
Macro virus infect document not exe file.
Macro virus easily spread. A common way by
electronic mail.
E-mail viruses
If the recipient opens the email attachment
, the word macro is activated and then
The e-mail virus sends itself to every one on
the mailing list in the user’s e-mail package.
The virus does local damage.
worms
A worms has same four phase as viruses ,
only the difference is in propagation phase
as below:
Search for other systems to infect by
examining host tables or similar repositories
of remote system addresses.
Establish a connection with a remote system.
Copy itself to the remote system and cause
the copy to be run.
State of worm Technology
Multiplatform
Multi-exploit
Ultrafast spreading
Polymorphic
Metamorphic
Transport vehicles
Zero-day exploit
Virus countermeasure
Best solution is : prevention
Detection:
Identification:
Removal:
Generation of Antivirus
First generation: simple scanners
Second generation: heuristic scanners
Third generation: activity traps
Fourth generation: full-featured protection
Advanced Antivirus
Techniques
Generic Decryption(GD)
CPU emulator:
Virus signature scanner:
Emulation control module:
Digital Immune system
Behavior-Blocking
Software
Attempts to open, view, delete, and/or
modify files;
Attempts to format disk drives and other
unrecoverable disk operations;
Modifications to the logic of executable files
or macros;
Modification of critical system settings, such
as start-up settings;
Scripting of e-mail and instant messaging
clients to send executable content; and
Initiation of network communications.
Distributed Denial of Service
attack
DDOS countermeasure
Attack prevention and preemption
(before the attack):
Attack detection and filtering (during
the attack):
Attack source trace-back and
identification (during and after the
attack):
Key Points - Firewall
 A firewall forms a barrier through which the traffic
going in each direction must pass. A firewall
security policy dictates which traffic is authorized
to pass in each direction.
 A firewall may be designed to operate as a filter at
the level of IP packets, or may operate at a higher
protocol layer.
 A trusted system is a computer and operating
system that can be verified to implement a given
security policy. Typically, the focus of a trusted
system is access control. A policy is implemented
that dictates what objects may be accessed by
what subjects.
Firewall Characteristics
 All traffic from inside to outside, and vice versa, must
pass through the firewall.
 Only authorized traffic, as defined by the local
security policy, will be allowed to pass.
 The firewall itself is immune to penetration. This
implies that use of a trusted system with a secure
operating system.
 A firewall defines a single choke point.
 A firewall provides a location for monitoring security-
related events.
 A firewall is a convenient platform for several
Internet functions that are not security related.
 A firewall can serve as the platform for IPSec.
four general techniques that firewalls use
to control access and enforce the site's
security policy.
Service control:
Direction control
User control:
Behavior control:
Limitation of firewall
The firewall cannot protect against attacks
that bypass the firewall.
The firewall does not protect against
internal threats
The firewall cannot protect against the
transfer of virus-infected programs or files.
Types of Firewall
Packet-Filtering Router
Source IP address:
Destination IP address:
Source and destination transport-level
address:
IP protocol field:
Interface:
disadvantage:
Because packet filter firewalls do not examine
upper-layer data.
Because of the limited information available
to the firewall, the logging functionality
present in packet filter firewalls is limited.
Most packet filter firewalls do not support
advanced user authentication schemes.
Finally, due to the small number of variables
used in access control decisions.

Advantage : fast and easy implimentation

attacks that can be made on packet-
filtering routers
IP address spoofing:
Source routing attacks:
Tiny fragment attacks:
Application-Level
Gateway
Known as Proxy Server – act as a relay of
application level traffic.
It is more secure than packet filters.
Disadvantage : additional Processing
overhead on each connection.
Circuit Level Gateway
Two TCP Connection
Bastion Host
 The bastion host hardware platform executes a secure version of
its operating system, making it a trusted system.
 Only the services that the network administrator considers
essential are installed on the bastion host.
 The bastion host may require additional authentication before a
user is allowed access to the proxy services.
 Each proxy is configured to support only a subset of the
standard application's command set.
 Each proxy is configured to allow access only to specific host
systems.
 Each proxy maintains detailed audit information by logging all
traffic, each connection, and the duration of each connection.
 Each proxy module is a very small software package specifically
designed for network security.
 Each proxy is independent of other proxies on the bastion host
Firewall Configuration
Trojan Horse
Key Points -
DigitalSignatureSignature
A digital signature is an authentication
mechanism that enables the creator of a
message to attach a code that acts as a
signature.
 The signature is formed by taking the hash of
the message and encrypting the message with
the creator's private key. The signature
guarantees the source and integrity of the
message.
 The digital signature standard (DSS) is an NIST
standard that uses the secure hash algorithm
(SHA).
Digital signature
Requirements
Message authentication protects two parties who
exchange messages from any third party. However, it
does not protect the two parties against each other.
Several forms of dispute between the two are possible.
The digital signature is analogous to the
handwritten signature
It must verify the author and the date and time of the
signature.
It must to authenticate the contents at the time of the
signature.
It must be verifiable by third parties, to resolve
disputes.
The following requirements for a digital signature:
The signature must be a bit pattern that depends on the
message being signed.
The signature must use some information unique to the
sender, to prevent both forgery and denial.
It must be relatively easy to produce the digital
signature.
It must be relatively easy to recognize and verify the
digital signature.
It must be computationally infeasible to forge a digital
signature, either by constructing a new message for an
existing digital signature or by constructing a fraudulent
digital signature for a given message.
It must be practical to retain a copy of the digital
signature in storage.
Types of Digital Signature
Direct Digital Signature

Arbitrated Digital Signature

Digital Signature
Standard
The National Institute of Standards and Technology (NIST)
has published Federal Information Processing Standard FIPS
186, known as the Digital Signature Standard (DSS).
The DSS makes use of the Secure Hash Algorithm (SHA)
and presents a new digital signature technique, the Digital
Signature Algorithm (DSA).
The DSS was originally proposed in 1991 and revised in
1993 in response to public feedback concerning the
security of the scheme.
There was a further minor revision in 1996. In 2000, an
expanded version of the standard was issued as FIPS 186-2.
This latest version also incorporates digital signature
algorithms based on RSA and on elliptic curve
cryptography.
Key Points – Electronic Mail
Security
PGP is an open-source freely available software
package for e-mail security. It provides
authentication through the use of digital signature;
confidentiality through the use of symmetric block
encryption; compression using the ZIP algorithm; e-
mail compatibility using the radix-64 encoding
scheme; and segmentation and reassembly to
accommodate long e-mails.
PGP incorporates tools for developing a public-key
trust model and public-key certificate management.
S/MIME is an Internet standard approach to e-mail
security that incorporates the same functionality as
PGP.
Pretty Good Privacy
PGP is a remarkable phenomenon, the effort of a
single person, Phil Zimmermann. PGP provides a
confidentiality and authentication service that can be
used for electronic mail and file storage applications.
Selected the best available cryptographic algorithms as
building blocks.
Integrated these algorithms into a general-purpose application
that is independent of operating system and processor and
that is based on a small set of easy-to-use commands.
Made the package and its documentation, including the source
code, freely available via the Internet, bulletin boards, and
commercial networks such as AOL (America On Line).
Entered into an agreement with a company (Viacrypt, now
Network Associates) to provide a fully compatible, low-cost
commercial version of PGP
Reason for growth of PGP
It is available free worldwide in versions
that run on a variety of platforms
It is based on algorithms that have survived
extensive public review and are considered
extremely secure.
It has a wide range of applicability.
It was not developed by, nor is it controlled
by, any governmental or standards
organization.
 PGP is now on an Internet standards
track (RFC 3156).
Notation
Ks =session key used in symmetric encryption scheme
PRa =private key of user A, used in public-key
encryption scheme
PUa =public key of user A, used in public-key encryption
scheme
EP = public-key encryption
DP = public-key decryption
EC = symmetric encryption
DC = symmetric decryption
H = hash function
|| = concatenation
Z = compression using ZIP algorithm
R64 = conversion to radix 64 ASCII format
Operation
Authentication
Confidentiality
(Confidentiality and authentication)
Compression
E-mail Compatibility
Segmentation and Reassembly
Authentication & Confidentiality
Compression
PGP compresses the message after
applying the signature but before
encryption, having advantage as follows:
It is preferable to sign an uncompressed
message so that one can store only the
uncompressed message together with the
signature for future verification.
Even if one were willing to generate
dynamically a recompressed message for
verification, PGP's compression algorithm
presents a difficulty.
E-Mail Compatibility
The scheme used for this purpose is radix-
64 conversion.
Each group of three octets of binary data is
mapped into four ASCII characters.
This format also appends a CRC to detect
transmission errors
Segmentation and
Reassembly
 E-mail facilities often are restricted to a maximum
message length. For example, many of the facilities
accessible through the Internet impose a maximum
length of 50,000 octets. Any message longer than that
must be broken up into smaller segments, each of which
is mailed separately.
 To accommodate this restriction, PGP automatically
subdivides a message that is too large into segments
that are small enough to send via e-mail. The
segmentation is done after all of the other processing,
including the radix-64 conversion. Thus, the session key
component and signature component appear only once,
at the beginning of the first segment. At the receiving
end, PGP must strip off all e-mail headers and reassemble
the entire original block before performing the steps.
S/MIME
S/MIME (Secure/ Multipurpose Internet Mail
Extension) is a security enhancement to
the MIME Internet e-mail format standard,
based on technology from RSA Data
Security.
Both are on IETF track, but S/MIME will
emerge as the industry standard for
commercial and organizational use, while
PGP will remain the choice for personal e-
mail security
Format of E-mail (RFC822)
Date: Tue, 16 Jan 1998 10:37:17 (EST)
From: "William Stallings" <[email protected]>
Subject: The Syntax in RFC 822
To: [email protected]
Cc: [email protected]

Hello. This section begins the actual

message body, which is delimited from the
message heading by a blank line.
MIME
limitations of the SMTP/822 scheme:
SMTP cannot transmit executable files or other binary
objects.
SMTP cannot transmit text data that includes national
language.
 SMTP servers may reject mail message over a certain
size.
SMTP gateways that translate between ASCII and the
character code EBCDIC do not use a consistent set of
mappings, resulting in translation problems.
SMTP gateways to X.400 electronic mail networks cannot
handle non-textual data included in X.400 messages.
Some SMTP implementations do not adhere completely
to the SMTP standards defined in RFC 821.
MIME includes:
Five new message header fields are defined,
which may be included in an RFC 822 header.
These fields provide information about the body
of the message.
2. A number of content formats are
defined, thus standardizing representations
that support multimedia electronic mail.
Transfer encodings are defined that enable the
conversion of any content format into a form that
is protected from alteration by the mail system.
The five header fields defined in MIME are as
follows:
MIME-Version: Must have the parameter value
1.0.
Content-Type: Describes the data contained in
the body with sufficient detail
Content-Transfer-Encoding: Indicates the type of
transformation that has been used.
Content-ID: Used to identify MIME entities
uniquely in multiple contexts.
Content-Description: A text description of the
object with the body; this is useful when the
object is not readable (e.g., audio data).
MIME Content Type
Extended Email format
From: Nathaniel Borenstein <[email protected]>
To: Ned Freed <[email protected]>
Subject: Formatted text mail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=boundary42
--boundary42
Content-Type: text/plain; charset=us-ascii
... plain text version of message goes here....
--boundary42
Content-Type: text/enriched
.... RFC 1896 text/enriched version of same message
goes here ...
boundary42
MIME transfer Encoding
Scheme
S/MIME Functionality
S/MIME is very similar to PGP. Both offer
the ability to sign and/or encrypt messages
Functions
Enveloped data: This consists of encrypted content of
any type and encrypted-content encryption keys for
one or more recipients.
Signed data: A digital signature is formed by taking the
message digest of the content to be signed and then
encrypting that with the private key of the signer.
Clear-signed data: As with signed data, a digital
signature of the content is formed. However, in this
case, only the digital signature is encoded using
base64
Signed and enveloped data: Signed-only and
encrypted-only entities may be nested, so that
encrypted data may be signed and signed data or
clear-signed data may be encrypted.
Algorithm Used
Key Points – IP Security
IP security (IPSec) is a capability that can be added to
either current version of the Internet Protocol (IPv4 or
IPv6), by means of additional headers.
IPSec encompasses three functional areas:
authentication, confidentiality, and key management.
Authentication makes use of the HMAC message
authentication code. Authentication can be applied to
the entire original IP packet ( tunnel mode) or to all of
the packet except for the IP header (transport mode).
Confidentiality is provided by an encryption format
known as encapsulating security payload.
IPSec defines a number of techniques for key
management.
Applications of IPSec
IPSec provides the capability to secure
communications across a LAN, across
private and public WANs, and across the
Internet.
Secure branch office connectivity over
the Internet
Secure branch office connectivity over
the Internet
Establishing extranet and intranet
connectivity with partners
Enhancing electronic commerce security
Benefits of IPSec
When IPSec is implemented in a firewall or router, it
provides strong security that can be applied to all
traffic crossing the perimeter.
IPSec in a firewall is resistant to bypass if all traffic
from the outside must use IP.
IPSec is below the transport layer (TCP, UDP) and so
is transparent to applications.
IPSec can be transparent to end users. There is no
need to train users on security mechanisms.
IPSec can provide security for individual users if
needed. This is useful for offsite workers and for
setting up a secure virtual subnetwork within an
organization for sensitive applications.
IP Security Architecture
Its too complex.
IPSec Documents
RFC 2401: An overview of a security
architecture
RFC 2402: Description of a packet
authentication extension to IPv4 and IPv6
RFC 2406: Description of a packet encryption
extension to IPv4 and IPv6
RFC 2408: Specification of key management
capabilities
IPSec Services
Security Associations
A security association is uniquely identified
by three parameters:
Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
SA Parameters
Sequence Number Counter: A 32-bit value
used to generate the Sequence Number field
in AH or ESP headers.
Sequence Counter Overflow
Anti-Replay Window
AH Information
ESP Information
Lifetime of This Security Association
IPSec Protocol Mode: Tunnel, transport, or
wildcard
Path MTU(Maximum transmission Unit)
SA Selectors
Each SPD(Security Policy Database) entry is
defined by a set of IP and upper-layer
protocol field values, called selectors.
The following selectors determine an SPD
entry:
Destination IP Address
Source IP Address
User ID
Data Sensitivity Level
Transport Layer Protocol
Source and Destination Ports
Authentication Header
The Authentication Header consists of the
following fields
Next Header (8 bits)
Payload Length (8 bits)
Reserved (16 bits)
Security Parameters Index (32 bits)
Sequence Number (32 bits)
Authentication Data (variable)
Anti-Replay Attack
Encapsulating Security
Payload
ESP Formats
Security Parameters Index (32 bits)
Sequence Number (32 bits)
Payload Data (variable)
Padding (0255 bytes)
Pad Length (8 bits)
Next Header (8 bits)
Authentication Data (variable):
Padding Fields
If an encryption algorithm requires the plaintext to
be a multiple of some number of bytes ,the Padding
field is used to expand the plaintext to the required
length.
The ESP format requires that the Pad Length and
Next Header fields be right aligned within a 32-bit
word. The Padding field is used to assure this
alignment.
Additional padding may be added to provide partial
traffic flow confidentiality by concealing the actual
length of the payload.

Combining SA
Key Management
The key management portion of IPSec involves
the determination and distribution of secret keys.
The IPSec Architecture document mandates
support for two types of key management:
Manual
Automated
The default automated key management
protocol for IPSec is referred to as ISAKMP/Oakley
and consists of the following elements:
Oakley Key Determination Protocol
Internet Security Association and Key
Management Protocol (ISAKMP)
Features of Oakley
It employs a mechanism known as cookies to
thwart clogging attacks.
It enables the two parties to negotiate a group;
this, in essence, specifies the global parameters
of the Diffie-Hellman key exchange.
It uses auntheticate to ensure against
replay attacks.
It enables the exchange of Diffie-Hellman
public key values.
It authenticates the Diffie-Hellman
exchange to thwart man-in-the-middle
attacks.
ISAKMP
The cookie must depend on the specific
parties. This prevents an attacker from
obtaining a cookie using a real IP address
and UDP port.
It must not be possible for anyone other
than the issuing entity to generate cookies
that will be accepted by that entity.
The cookie generation and verification
methods must be fast so, attacker can not
intercept it.
ISAKMP Header Format
 Initiator Cookie (64 bits)
 Responder Cookie (64 bits)
 Next Payload (8 bits)
 Major Version (4 bits)
 Minor Version (4 bits)
 Exchange Type (8 bits)
 Flags (8 bits) : Encrypted Flag, Commit
 Message ID (32 bits)
 Length (32 bits)
 Exchange Type (8 bits)
 Message ID (32 bits):
 Length (32 bits)
Secure socket layer (SSL) provides security services
between TCP and applications that use TCP. The
Internet standard version is called transport layer
service (TLS).
SSL/TLS provides confidentiality using symmetric
encryption and message integrity using a message
authentication code.
SSL/TLS includes protocol mechanisms to enable two
TCP users to determine the security mechanisms
and services they will use.
Secure electronic transaction (SET) is an open
encryption and security specification designed to
protect credit card transactions on the Internet.
Secure Socket Layer
Netscape originated SSL. Version 3 of the
protocol was designed with public review
and input from industry and was published
as an Internet draft document.
SSL Architecture
Two concepts
Connection :
such connections are peer-to-peer relationships.
 The connections are transient.
 Every connection is associated with one session.
Session :
Sessions are created by the Handshake Protocol.
Sessions define a set of cryptographic security
parameters, which can be shared among multiple
connections.
 Sessions are used to avoid the expensive
negotiation of new security parameters for each
connection.
SSL Record Protocol
Confidentiality: The Handshake
Protocol defines a shared secret key
that is used for conventional
encryption of SSL payloads.
Message Integrity: The Handshake
Protocol also defines a shared secret
key that is used to form a message
authentication code (MAC).
SSL Record Header format
Content Type (8 bits)
Major Version (8 bits):the value is 3.
Minor Version (8 bits): the value is 0.
Compressed Length (16 bits):
Change Cipher Spec
Protocol
The Change Cipher Spec Protocol is one of
the three SSL-specific protocols that use
the SSL Record Protocol, and it is the
simplest.
This protocol consists of a single message,
which consists of a single byte with the
value 1.
The sole purpose of this message is to
cause the pending state to be copied into
the current state, which updates the cipher
suite to be used on this connection.
Alert Protocol
The Alert Protocol is used to convey SSL-related
alerts to the peer entity.
alert messages are compressed and encrypted.
 unexpected_message:
 bad_record_mac:
 decompression_failure:
 handshake_failure:
 illegal_parameter:
 close_notify:
 no_certificate:
 bad_certificate:
 unsupported_certificate:
 certificate_revoked:
 certificate_expired:
 certificate_unknown:
Handshake Protocol
The most complex part of SSL is the
Handshake Protocol.
This protocol allows the server and client to
authenticate each other and to negotiate
an encryption and MAC algorithm and
cryptographic keys to be used to protect
data sent in an SSL record.
The Handshake Protocol is used before any
application data is transmitted.
Transport Layer Security
TLS is an IETF standardization initiative whose
goal is to produce an Internet standard version
of SSL.
TLS is defined as a Proposed Internet Standard
in RFC 2246. RFC 2246 is very similar to SSLv3.
Differences
Version Number
 For the current version of TLS, the Major Version is 3 and
the Minor Version is 1.
Message Authentication Code
Pseudorandom Function
Alert Codes decryption_failed
record_overflow:
unknown_ca:
access_denied:
Secure Electronic transaction
(SET)
SET is an open encryption and security
specification designed to protect credit card
transactions on the Internet.
The current version, SETv1, emerged from a call
for security standards by MasterCard and Visa in
February 1996.
 A wide range of companies were involved in
developing the initial specification, including IBM,
Microsoft, Netscape, RSA, Terisa, and Verisign.
 Beginning in 1996, there have been numerous
tests of the concept, and by 1998 the first wave
of SET-compliant products was available.
SET Services
Provides a secure communications channel
among all parties involved in a transaction
Provides trust by the use of X.509v3 digital
certificates
Ensures privacy because the information is
only available to parties in a transaction
when and where necessary
SET Overview
A good way to begin our discussion of SET
is to look at the business requirements for
SET, its key features, and the participants
in SET transactions.
Requirements
 Provide confidentiality of payment and ordering
information:
 Ensure the integrity of all transmitted data:
 Provide authentication that a cardholder is a
legitimate user of a credit card account:
 Provide authentication that a merchant can accept
credit card transactions through its relationship with a
financial institution:
 Ensure the use of the best security practices and
system design techniques to protect all legitimate
parties in an electronic commerce transaction:
 Create a protocol that neither depends on transport
security mechanisms nor prevents their use:
 Facilitate and encourage interoperability among
software and network providers:
Key Features of SET
Confidentiality of information:
Integrity of data:
Cardholder account authentication:
Merchant authentication:
SET Participants
Cardholder:
Merchant:
Issuer:
Acquirer:
Payment gateway:
Certification authority (CA):
Acquire Payment
Gateway
Steps :
The customer opens an account.
The customer receives a certificate.
Merchants have their own certificates.
The customer places an order.
The merchant is verified.
The order and payment are sent.
The merchant requests payment
authorization.
The merchant confirms the order.
The merchant provides the goods or service.
The merchant requests payment.
Dual Signature
Payment Processing
Purchase request
Payment authorization
Payment capture