Unit 4 5 MCQ PPT Combined

UNIT 4
MCQ
1. In terms of Web Security Threats, “Impersonation of another user” is a Passive Attack.
a) True b) False
View Answer
Answer: b
Explanation: Passive attacks include eavesdropping on network traffic between browser and server and gaining
access to information on a website that is supposed to be restricted. Active attacks include impersonating
another user, altering messages in transit between client and server, altering information on a website.
2 Which one of the following is not a higher –layer SSL protocol?
a) Alert Protocol b) Handshake Protocol c) Alarm Protocol d) Change Cipher Spec Protocol
View Answer
Answer: c
Explanation: Three higher –layer protocols are defined as part of SSL: The Handshake Protocol, The Change
Cipher Spec Protocol and The Alert Protocol.
3. Which one of the following is not a session state parameter?
a) Master Secret b) Cipher Spec c) Peer Certificate d) Server Write Key
View Answer
Answer: d
Explanation: Session state is defined by the following parameters – Session identifier, Peer certificate,
Compression method, Cipher spec, Master secret, Is resumable. Server Write Key falls under Connection State.
4. In the SSL Protocol, each upper layer message if fragmented into a maximum of __________ bytes.
a) 216 b) 232 c) 214 d) 212
View Answer
Answer: c
Explanation: In the fragmentation process we obtain blocks of 2^14 bytes which is compressed in the next step.
5. The difference between HMAC algorithm and SSLv3 is that pad1 and pad2 are ________ in SSLv3 whereas
________ in HMAC.
a) NANDed, XORed b) Concatenated, XORed c) XORed, NANDed d) XORed, Concatenated
View Answer
Answer: b
Explanation: The pads are concatenated in SSLv3 and XORed in HMAC algorithm.
6. The full form of SSL is
a) Serial Session Layer b) Secure Socket Layer c) Session Secure Layer d) Series Socket Layer
View Answer
Answer: b
Explanation: SSL stands for Secure Sockets Layer.
7. After the encryption stage in SSL, the maximum length of each fragment is
a) 214+1028 b) 214+2048 c) 216+1028 d) 216+2048
View Answer
Answer: b
Explanation: Encryption may not increase the content length by more than 1024 bytes, so the total length may
not exceed 214+2048.
8. Consider the following example –
Size of Plaintext – 48 bytes.
Size of MAC – 20 bytes.
Block Length – 8 bytes.
How many bytes of padding need to be added to the system?
a) 1 b) 2 c) 3 d) 4
View Answer
Answer: c
Explanation: 48 + 20 = 68 bytes. 72 is the next multiple of 8 (Block Length). 72 – 68 = 4. But we need to
compensate 1 byte for length of the padding. Therefore, we require only 3 Bytes padding.
UNIT- IV
18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SLO - 1 & 2 :
SSL/TLS BASIC PROTOCOL

Web Security ?
Web Security Threats
• Passive attacks
• Active Attacks
Web Security Threats
Another way to classify web security threats is in
terms of the location of the threats at
•Web Server
•Web browser
•Network traffic between browser and server.
Layers of Security

Web Security
• Secure Socket Layer Protocol

SSL History
• Evolved through
– Unreleased v1 (Netscape)
– Flawed-but-useful v2
– Version 3 from scratch
– Standard TLS1.0
» SSL3.0 with minor tweaks, hence Version field is 3.1
• Defined in RFC2246,
http://www.ietf.org/rfc/rfc2246.txt
• Open-source implementation at
http://www.openssl.org/

Overview
• Establish a session
– Agree on algorithms
– Share secrets
– Perform authentication
• Transfer application data
– Ensure privacy and integrity

Architecture
• Record Protocol to transfer application and TLS

information
• A session is established using a Handshake
Protocol
Handshake Protocol Change Alert Protocol

Cipher Spec
TLS Record Protocol

Secure Socket Layer
Architecture(1)
• SSL vs. TLS
– Layered on top of TCP to provide a
reliable end-to-end secure service
– SSL versions 1.0, 2.0, 3.0, 3.1
– Netscape protocol
– Later refitted as IETF standard TLS
– TLS 1.0 very close to SSLv3.1
• uses TCP to provide a reliable
end-to-end service. SSL is not
single protocol but, Two layers
of protocol
– SSL Record Protocol
– Three higher layer
» SSL Handshake protocol
» SSL Change Cipher Spec protocol
» SSL Alert protocol

Secure Socket Layer
Architecture(2) – Connection, Session

• Two important SSL concepts
– SSL connection
» A transport (in the OSI 7 layer) that provides a suitable type
of service
» Peer-to-peer relationships
» The connections are transient ( ie. Temporary )
» Every connection is associated with one session
– SSL session
» An association between a client and a server
» Sessions are created by the Handshake protocol
» Sessions define a set of cryptographic security parameters,
which can be shared among multiple connections
» Sessions are used to avoid the expensive negotiation of
new security parameters for each connection
• Between any pair of parties(applications such as HTTP
on client and server), there may be multiple secure
connections
Secure Socket Layer
Architecture(3)-States parameters
• There are actually a number of states associated with each
session
• Once session is established, there is a current operating
state for both read and write
• In addition, during the Handshake Protocol, pending read
and write states are created
• Upon successful conclusion of the Handshake Protocol, the
pending states become the current states
• Session state parameters
– Session Identifier ( server to identify an active or resumable session state)
– Peer Certificate ( X509.v3 certificate, may be null)
– Compression Method - Cipher spec ( hash size)
– Master secret ( 48 byte secret shared by client and server)
– Is resumable ( flag indicates , session can be used to initiate new conntections)
• Connection state parameters
– Server and client random (byte sequence chosen by server and client for each conntection)
– Server write MAC secret ( secret key used MAC operations sent by the server)
– Client write MAC secret( …by client) -
– Server write key ( conventional encry . Key by server and decry. by client)
– Client write key ( encry. Client and decry. Server) - Initialization vectors (IV)
– Sequence numbers ( Each party maintain a sequence number)
Secure Socket Layer
SSL Record Protocol(1)
• Two services for SSL

connections provided by SSL
Record protocol
– Confidentiality : conventional
encryption of SSL payloads
– Message Integrity : MAC
– Handshake protocol defines both
shared secret keys those are used for
conventional encryption of SSL
payloads and are used to form a
message authentication code.

Secure Socket Layer

Secure Socket Layer
• 1st : Fragmentation
– 214 bytes(16384 bytes)
or less
• 2nd : Compression
– Optionally applied
– Must be lossless
– May not increase the content length by more than 1024bytes
– In SSLv3, no compression algorithm is specified, so the default
compression algorithm is null

Secure Socket Layer

• 3rd : Add MAC
– A shared secret key used
hash(MAC_write_secretǁpad_2ǁ
hash(MAC_write_secretǁpad_1ǁseq_numǁSSLCompressed.typeǁ
SSLCompressed.length ǁSSLCompressed.fragment))
– Where
ǁ = concatenation
MAC_write_secret = shared secret key
hash = cryptographic hash algo; MD5 or SHA-1
pad_1 = the byte 0x36(0011 0110) repeated 48times(384 bits) for MD5
and 40times(320bits) for SHA-1
pad_2= the byte 0x5c(0101 1100) repeated
48times for MD5
and 40times for SHA-1
seq_num = the sequence number
for this message
SSLCompressed.type = the higher-level
protocol used to process this
fragment
SSLCompressed.length = the length of
the compressed fragment
SSLCompressed.fragment =
the compressed
fragment ( if compression
is not used,
the plaintext fragment)

Secure Socket Layer
• 4th : Encryption
– Symmetric encryption
– Algorithm used
» Stream cipher
• The compressed message plus
the MAC are encrypted
• RC4-40, RC4-128
» Block cipher
• Padding may be added
• IDEA, RC2-40, DES-40, DES, 3DES,Fortezza
• The total amount of padding is the smallest amount such that the total
size of the data to be encrypted is a multiple of the cipher’s block
length
ex) Plain text : 58 bytes with a MAC of 20 bytes that is encrypted
using a block length of 8 bytes = padding.length byte(1) + 1 byte
padding

Secure Socket Layer
• 5th : Append SSL record header

– Content type(8bits)
» change_cipher_spec
» alert
» handshake
» application_data
– Major version(8) – SSLv3
– Minor version(8) - SSLv3 value 0
– Compressed length(16) :
length in bytes less than 214 + 2048

Secure Socket Layer
Change Cipher Spec & Alert Protocol(1)

• Change Cipher Spec Protocol
– Simplest protocol
– Consists of a single message, which consists of
a single byte with the value 1
– To cause the pending state to be copied into the
current state, which updates the cipher suite to
be used on this connection
• Alert Protocol
– Used to convey SSL-related alerts to the peer
entity
– Consists of two bytes
» Level : conveys the severity of the message
• Warning(1)
• Fatal(2) – immed. terminates the connection, other
connection may continue, but no new connection
may be established.
» Alert : a code that indicates the specific
alert
Secure Socket Layer
Alert Protocol(2)
• Codes for alerts
– Alerts that are always fatal
» unexpected_message : An in appropriate message was received
» bad_record_mac : An incorrect MAC was received
» decompression_failure : The decompression function received improper
input
» handshake_failure : Sender was unable to negotiate an acceptable set of
security parameters given the options available
» illegal_parameter : A field in a handshake message was out of range or
inconsistent with other fields
– The remainder of alerts
» close_notify :Notifies the recipient that the sender will not send any more
messages on this connection
» no_certificate : May be sent in response to a certificate request if no
appropriate certificate is available
» bad_certificate : A received certificate was corrupt
» unsupported_certificate :The type of the received certificate is not supported
» certificate_revoked : revoked by its signer
» certificate_expired : has expired
» certificate_unknown : Some other unspecified issue arose in processing the
certificate, rendering it unacceptable

Secure Socket Layer
Handshake Protocol(1)
• The most complex part of SSL
• Allows sever and client
– To authenticate each other
– To negotiate an encryption and MAC algorithm and cryptographic keys
to be used to protect data sent in an SSL record
• Used before any application data is transmitted
• Consists of a series of messages exchanged by client
and server
• Three fields
– Type(1byte) : one of 10 messages
– Length(3byte)
– Content(>=1 byte) : parameters associated with this message

Secure Socket Layer

Secure Socket Layer
Phase 1
Phase 2
Phase 3
Phase 4

Secure Socket Layer
• Phase 1 –Establish Security Capabilities
– To initiate a logical connection and to establish the security capabilities
that will be associated with it
– The exchange is initiated by the client, which sends a “client_hello”
message
» Version :The highest SSL version
» Random : 32bit timestamp & 28bytes Secure Random Number
» SessionID : Variable-length session identifier
» Cipher Suite : A list that contains the combinations of cryptographic
algorithms supported by client, in decreasing order of preference
» Compression Method : The list of compression methods supported by client
– Server sends “server_hello” message with the same parameters
» Version : The lower of the version suggested by the client and the highest
supported by the server
» Random : Generated by server
» SessionID : If client is non-zero then,the same with the client. Otherwise, the
value for new session
» Cipher Suite : Single cipher suite selected by the server
» Compression Method : The one supported by server

Secure Socket Layer
• Phase 1 –(continues)
– Cipher Suite
» Key exchange methods supported
• RSA : The secret key is encrypted with the receiver’s public key. A
public key certificate for the receiver’s key should be available
• Fixed Diffie-Hellman (DH): Server’s certificate contains DH public
parameters signed by CA. Client provides its DH public key parameters
either in certificate or in a key exchange message
• Ephemeral DH : DH public keys are exchanged, signed using sender’s
private RSA or DSS key. The receiver can use the corresponding public
key to verify the signature(ONE TIME SECRET KEYS)
• Anonymous DH : The base DH algo is used with no authentication.
Vulnerable to man-in-the-middle attack
• Fortezza
» CipherSpec
• CipherAlgorithm : RC4, RC2, DES, 3DES, DES40, IDEA, Fortezza
• MACAlgorithm : MD5, SHA-1
• CipherType : Stream or block
• IsExportable : True or false
• HashSize : 0, 16(for MD5), or 20(for SHA-1) bytes
• Key Material : A sequence of bytes used in generating the write key
• IV Size : The size of IV for CBC

Secure Socket Layer
• Phase 2 –Server Authentication and Key Exchange
– The server begins by sending its certificate
– Certificate(X.509) : except anonymous Diffie-Hellman
– Server_key_exchange()
» Anonymous DH : prime + primitive root
» Ephemeral DH : prime + primitive root + signature
» RSA key exchange, in which the server is using RSA but has a
signature-only RSA key: temporary RSA public key + signature
» Fixed DH or RSA key exchange : No need
» Signature is created by taking the hash of a message and encrypting it
with the sender’s private key
• hash(ClientHello.random||ServerHello.random||ServerParams)
– Certificate request : Non-anonymous server(server not using
anonymous DH) can request certificate from the client
» Certificate_type : includes public key algorithm and its use
» Certificate_authorities : a list of the distinguished names of acceptable
certificate authorities
– Server_hello_done (no parameter)

Secure Socket Layer
• Phase 3 –Client Authentication and Key Exchange
– Client should verify that the server provided a vaild certificate
– Client_key_exchange()
» RSA key exchange
» Ephemeral or Anonymous DH
» Fixed DH
» Fortezza
– Finally , in this phase , the client may send a certificate_verify message
to provide explicit verification of a client certificate.

Secure Socket Layer
• Phase 4 – Finish
– This phase completes the setting up of a secure connection.
– Client sends a change_cipher_spec message and copies the pending
CipherSpec into the current CipherSpec.
– The client then immediately sends the finished message .
– The finished message verifies that the key exchange and
authentication processes were successful.

(Simplifed) SSL v3/ TLS
Session Resumption
Session initiation if no previous state
Session resumption if both sides remember session-id

Client Authentication
• In SSL/TLS the server can request the client for self authentication.
• Server send a “certificate request” in message.
• Upon seeing the request , client sends certificate & signature on a
hash of the handshake messages , proving to know the private key
associated with the pubic key in the certificate.
PKI as DEPLOYED BY SSL
• The user at the client machine can modify this list, adding or deleting
keys.
• The server sends a certificate to the client, and if it's signed by one of
the CAs on the client's list, the client will accept the certificate.
• If the server presents a certificate signed by someone not on the list
(such as a self-signed certificate), the user is typically presented with
a pop-up box informing him that the certificate couldn't be verified
because it was signed by an unknown authority.
• Another issue with the certificate request is that the name of a CA
may not be sufficient description, since there might be several keys
associated with a name, even possibly incorrectly associated with the
name.
Negotiating Cipher Suites
• A cipher suite is a complete package.

• Cipher suites are predefined and each is assigned a numeric value.
• In SSLv2 the value is 3 octets long, but in SSLv3 and TLS, it's 2 octets.
• There are about 30 defined cipher suites, and there are 256 values
reserved for private use.
ISSUE
• You can define your own suite and choose any number out of the 256
reserved numbers for describing it.
• But there's no guarantee someone else won't define their own
private suite and choose the same number.
• If two such systems attempt to talk, they'll think they are agreeing on
the same suite, but in fact they will not interoperate.
Who makes the Decision?
• In SSLv2, Bob returns the subset of Alice's suggested cipher suites

that he is willing to support, but lets Alice make the final choice and
announce it in message 3.
• In SSLv3 is that Bob does make the choice, from the list Alice sent. If
there's more than one that both he and Alice find acceptable, he
makes the decision.
Cipher Suites Names
• Although cipher suites have 2-octet (or 3-octet in SSLv2) identifiers,

they are referred to in the spec by names such as
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
• SSL means SSLv3, (the SSLv2 cipher suites have names starting with SSL2,
e.g., SSL2_RC4_128_WITH_MD5),
• RSA means RSA, EXPORT means it's exportable (i.e., weak crypto, exportable
before the rules were relaxed),
• WITH means the names weren't long enough,
• DES40 means DES with 40 bit keys,
• CBC means CBC-mode encryption, and
• SHA means HMAC-SHA is used for the MAC.
ATTACKS FIXED IN V3
DOWNGRADE ATTACK:
•In SSLv2
• There is no integrity protection for the initial handshake.
• so an active attacker can remove the cipher suites with strong encryption
from the list of requested cipher suites, causing Alice and Bob to agree upon
a weaker cipher.
•In SSLv3
• In SSLv3 this was fixed by adding a finished message to the end of the initial
handshake in which each side sends a digest of the messages in the
handshake.
Truncation Attack
• In a truncation attack, an attacker inserts into a message a TCP code

indicating the message has finished, thus preventing the recipient
picking up the rest of the message.
• To prevent this, SSL from version v3 onward has a closing handshake,

so the recipient knows the message has not ended until this has been
performed.
Exportability
• Exportability In SSL v2
• Exportability In SSL v3
ENCODING
• Packet encodings in the SSL/TLS specifications are expressed in a

pseudo-ASN.1 syntax.
Encrypted Records
Fig – Cryptographically protected record format

Handshake Message - ClientHello
Handshake Message – ServerHello
Handshake Message – ServerHelloDone
Handshake Message – ClientKey Exchange
Handshake Message – ServerKey Exchange
Handshake Message – CertificateRequest
Handshake Message – Certificate
Handshake Message – CertificateVerify
Handshake Message – HandshakeFinished
ChangeCipher Spec
Alerts
• An alert is sent to advise the other side of some condition.

• Most alerts are error messages, with a severity level of
either 1=warning, or 2=fatal.
Secure Electronic Transaction
(SET)
SMU CSE 5349/7349

Credit Cards on the Internet
• Problem: communicate credit card and purchasing

data securely to gain consumer trust
– Authentication of buyer and merchant
– Confidential transmissions
• Systems vary by
– Type of public-key encryption
– Type of symmetric encryption
– Message digest algorithm
– Number of parties having private keys
– Number of parties having certificates
SMU CSE 5349/7349

Credit Card Protocols
• SSL 1 or 2 parties have private keys
• TLS (Transport Layer Security)
– IETF version of SSL
• i KP (IBM)
• SEPP (Secure Encryption Payment Protocol)
– MasterCard, IBM, Netscape OBSOLETE
• STT (Secure Transaction Technology)
– VISA, Microsoft
• SET (Secure Electronic Transactions)

– MasterCard, VISA all parties have certificates VERY SLOW
ACCEPTANCE
SMU CSE 5349/7349

•
(SET)
Developed by Visa and MasterCard
• Designed to protect credit card transactions
• Confidentiality: all messages encrypted
• Trust: all parties must have digital certificates
• Privacy: information made available only when and where
necessary
SMU CSE 5349/7349

• SET
– Open encryption specification, credit card transactions
– SETv1
• by MasterCard and Visa in February 1996.
– A wide range of companies were involved
• IBM, Microsoft, Netscape, RSA, Terisa, and Verisign ….
– First products are available in 1998.
– is not a payment system.
– is security protocols, formats.
• SET provides
– A secure communication channel
– Trust by the use of X.509v3 digital certificates
– Ensures privacy
• SET is defined in
– Book1 : Business Description (80 pages)
– Book2 : Programmer’s Guide (629 pages)
– Book3 : Formal Protocol Definition (262 pages)

Participants in the SET System
SMU CSE 5349/7349

SET Business Requirements
• Provide confidentiality of payment and ordering

information
• Ensure the integrity of all transmitted data
• Provide authentication that a cardholder is a legitimate
user of a credit card account
• Provide authentication that a merchant can accept credit
card transactions through its relationship with a financial
institution
SMU CSE 5349/7349

SET Business Requirements (cont’d)
• Ensure the use of the best security

practices and system design techniques to
protect all legitimate parties in an
electronic commerce transaction
• Create a protocol that neither depends on
transport security mechanisms nor
prevents their use
• Facilitate and encourage interoperability
among software and network providers
SMU CSE 5349/7349

SET Transactions
SMU CSE 5349/7349

SET Transactions
• The customer opens an account with a card issuer.

– MasterCard, Visa, etc.
• The customer receives a X.509 V3 certificate signed by a bank.

– X.509 V3
• A merchant who accepts a certain brand of card must possess two X.509 V3 certificates.
– One for signing & one for key exchange
• The customer places an order for a product or service with a merchant.
• The merchant sends a copy of its certificate for verification.
SMU CSE 5349/7349

SET Transactions
• The customer sends order and payment

information to the merchant.
• The merchant requests payment authorization
from the payment gateway prior to shipment.
• The merchant confirms order to the customer.
• The merchant provides the goods or service to
the customer.
• The merchant requests payment from the
payment gateway.
SMU CSE 5349/7349

Key Technologies of SET
• Confidentiality of information: DES

• Integrity of data: RSA digital signatures
with SHA-1 hash codes
• Cardholder account authentication:
X.509v3 digital certificates with RSA
signatures
• Merchant authentication: X.509v3 digital
certificates with RSA signatures
• Privacy: separation of order and payment
information using dual signatures
SMU CSE 5349/7349

Dual Signatures
• Links two messages securely but allows only one party to
read each.
MESSAGE 1 MESSAGE 2
HASH 1 & 2
WITH SHA
CONCATENATE DIGESTS
TOGETHER
DIGEST 1 DIGEST 2
HASH WITH SHA TO

CREATE NEW DIGEST
NEW DIGEST
ENCRYPT NEW DIGEST
PRIVATE KEY WITH SIGNER’S PRIVATE KEY
DUAL SIGNATURE
SMU CSE 5349/7349

Dual Signature for SET
• Concept: Link Two Messages Intended for Two Different Receivers:

– Order Information (OI): Customer to Merchant
– Payment Information (PI): Customer to Bank
• Goal: Limit Information to A “Need-to-Know” Basis:
– Merchant does not need credit card number.
– Bank does not need details of customer order.
– Afford the customer extra protection in terms of privacy by keeping
these items separate.
• This link is needed to prove that payment is intended for this order and not
some other one.
SMU CSE 5349/7349

Why Dual Signature?
• Suppose that customers send the merchant two messages:

• The signed order information (OI).
• The signed payment information (PI).
• In addition, the merchant passes the payment information (PI) to the
bank.
• If the merchant can capture another order information (OI) from this
customer, the merchant could claim this order goes with the payment
information (PI) rather than the original.
SMU CSE 5349/7349

Dual Signature Operation
• The operation for dual signature is as follows:

– Take the hash (SHA-1) of the payment and order information.
– These two hash values are concatenated [H(PI) || H(OI)] and
then the result is hashed.
– Customer encrypts the final hash with a private key creating the
dual signature.
DS = EKRC [ H(H(PI) || H(OI)) ]
SMU CSE 5349/7349

DS Verification by Merchant
• The merchant has the public key of the customer

obtained from the customer’s certificate.
• Now, the merchant can compute two values:
H(PIMD || H(OI))
DKUC[DS]
• Should be equal!
SMU CSE 5349/7349

DS Verification by Bank
• The bank is in possession of DS, PI, the message digest for

OI (OIMD), and the customer’s public key, then the bank
can compute the following:
H(H(PI) || OIMD)
DKUC [ DS ]
SMU CSE 5349/7349

What did we accomplish?
• The merchant has received OI and verified the signature.

• The bank has received PI and verified the signature.
• The customer has linked the OI and PI and can prove the
linkage.
SMU CSE 5349/7349

SET Supported Transactions
∙ card holder registration ∙ purchase notification
∙ merchant registration ∙ sale transaction
∙ purchase request ∙ authorization reversal
∙ payment authorization ∙ capture reversal
∙ payment capture ∙ credit reversal
∙ certificate query
∙ purchase inquiry
SMU CSE 5349/7349

Purchase Request
• Browsing, Selecting, and Ordering is Done
• Purchasing Involves 4 Messages:
– Initiate Request
– Initiate Response
– Purchase Request
– Purchase Response
SMU CSE 5349/7349

Purchase Request: Initiate Request
• Basic Requirements:
– Cardholder Must Have Copy of Certificates for Merchant and
Payment Gateway
• Customer Requests the Certificates in the Initiate Request Message
to Merchant
– Brand of Credit Card
– ID Assigned to this Request/response pair by customer
– Nonce
SMU CSE 5349/7349

Purchase Request: Initiate Response
• Merchant Generates a Response

– Signs with Private Signature Key
– Include Customer Nonce
– Include Merchant Nonce (Returned in Next Message)
– Transaction ID for Purchase Transaction
• In Addition …
– Merchant’s Signature Certificate
– Payment Gateway’s Key Exchange Certificate
SMU CSE 5349/7349

Purchase Request: Purchase Request
• Cardholder Verifies Two Certificates Using Their CAs and Creates the OI and PI.
• Message Includes:
– Purchase-related Information
– Order-related Information
– Cardholder Certificate
SMU CSE 5349/7349

Purchase Request
• The cardholder generates a one-time symmetric

encryption key, KS,
SMU CSE 5349/7349

Merchant Verifies Purchase Request
• When the merchant

receives the Purchase
Request message, it
performs the following
actions:
– Verify the cardholder
certificates by means
of its CA signatures.
– Verifies the dual

signature using the
customer’s public key
signature.
SMU CSE 5349/7349

Merchant Verification (cont’d)
– Processes the order

and forwards the
payment information
to the payment
gateway for
authorization.
– Sends a purchase
response to the
cardholder.
SMU CSE 5349/7349

Purchase Response Message
• Message that Acknowledges the Order and References Corresponding Transaction

Number
• Block is
– Signed by Merchant Using its Private Key
– Block and Signature Are Sent to Customer Along with Merchant’s Signature
Certificate
• Upon Reception
– Verifies Merchant Certificate
– Verifies Signature on Response Block
– Takes the Appropriate Action
SMU CSE 5349/7349

Payment Process
• The payment process is broken down into two steps:

– Payment authorization
– Payment capture
SMU CSE 5349/7349

Payment Authorization
• The merchant sends an authorization request message to the payment gateway

consisting of the following:
– Purchase-related information
• PI
• Dual signature calculated over the PI & OI and signed with customer’s
private key.
• The OI message digest (OIMD)
• The digital envelop
– Authorization-related information
– Certificates
SMU CSE 5349/7349

Payment Authorization (cont’d)
– Authorization-related information
• An authorization block including:
– A transaction ID
– Signed with merchant’s private key
– Encrypted one-time session key
– Certificates
• Cardholder’s signature key certificate
• Merchant’s signature key certificate
• Merchant’s key exchange certificate
SMU CSE 5349/7349

Payment: Payment Gateway
• Verify All Certificates

• Decrypt Authorization Block Digital Envelope to Obtain Symmetric Key and
Decrypt Block
• Verify Merchant Signature on Authorization Block
• Decrypt Payment Block Digital Envelope to Obtain Symmetric Key and Decrypt
Block
• Verify Dual Signature on Payment Block
• Verify Received Transaction ID Received from Merchant Matches PI Received
from Customer
• Request and Receive Issuer Authorization
SMU CSE 5349/7349

Authorization Response
• Authorization Response Message

– Authorization-related Information
– Capture Token Information
– Certificate
SMU CSE 5349/7349

SET Overhead
Simple purchase transaction:
• Four messages between merchant and customer
• Two messages between merchant and payment
gateway
• 6 digital signatures
• 9 RSA encryption/decryption cycles
• 4 DES encryption/decryption cycles
• 4 certificate verifications
Scaling:
• Multiple servers need copies of all certificates
SMU CSE 5349/7349

Ktr starts
• SET
– Open encryption specification, credit card transactions
– SETv1
» by MasterCard and Visa in February 1996.
– A wide range of companies were involved
» IBM, Microsoft, Netscape, RSA, Terisa, and Verisign ….
– First products are available in 1998.
– is not a payment system.
– is security protocols, formats.
• SET provides
– A secure communication channel
– Trust by the use of X.509v3 digital certificates
– Ensures privacy
• SET is defined in
– Book1 : Business Description (80 pages)
– Book2 : Programmer’s Guide (629 pages)
– Book3 : Formal Protocol Definition (262 pages)

Business Requirements for SET
• Provide confidentiality of payment and ordering
information.
• Ensure the integrity of all transmitted data.
• Provide authentication
– a cardholder is a legitimate user of a credit card account.
– a merchant can accept credit card transactions.
• Ensure the use of the best security practices and

system design
• Create a protocol that neither depends on transport
security mechanisms nor prevents their use.
• Facilitate and encourage interoperability among
software and network providers.
Key Features of SET
• Confidentiality of information
– Cardholder account and payment information is secured.
– Merchant can not learn the cardholder’s credit card number.
– Using DES for confidentiality.
• Integrity of data
– Type of data : Order information, personal data, payment instructions.
– RSA digital signatures using SHA-1 or HMAC using SHA-1.
• Cardholder account and Merchant authentication

– X.509v3 digital certificates with RSA signatures
• Interoperability
– SET uses specific protocols and message formats.

SET Participants(1)

SET Participants(2)
• Cardholder
– An authorized holder of a payment card (e.g., MasterCard, Visa).
• Merchant
– A person or organization that has goods or services to sell.
• Issuer
– provides the cardholder with the payment card.
– is responsible for the payment of the debt of the cardholder.
• Acquirer
– establishes an account with a merchant
– Processing payment card authorizations and payments.
• Payment Gateway
– Processing merchant payment messages.
– Interfaces between SET and bankcard payment networks.
• Certification Authority (CA)
– Issue X.509v3 public-key certificates.
– The success of SET will depend on the existence of a CA infrastructure
available.

Sequence of events for transaction
1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
• Two certificates : One for signing message, One for key exchange
4. The customer places an order.
• Merchant returns an order form containing the list of items, their price,
a total price, and an order number.
5. The merchant is verified.
• Customer verifies that a store is valid or not.
6. The order and payment are sent.
7. The merchant requests payment authorization.
• Merchant sends the payment information to the payment gateway,
requesting authorization.
8. The merchant confirms the order.
9. The merchant provides the goods or service.
10. The merchant requests payment.

Dual Signature(1)
• Dual Signature
– An Important innovation introduced in SET.
– Link two messages that are intended for two different recipients.
– Customer -> Merchant : Order Information (OI)
» Merchant does not need to know the details of the customer’s
credit card number
– Customer -> Bank : Payment Information (PI)
» the bank does not need to know the details of the customer’s
order
• The customer is afforded extra protection in terms of

privacy by keeping these two items separate.
• The two items must be linked.
– order information and payment information.

Dual Signature(2)

Dual Signature(3)
• Customer makes dual signature.
– DS = EKRc[H(H(PI)||H(OI))]
• Merchant verifies the signature.
– Use DS, OI, PIMD, and customer’s public key
– Merchant computes and Compares two quantities;
» H(PIMD||H(OI)) and DS = DKUc[DS]
• Bank verifies the signature.
– Use DS, OIMD, PI, and customer’s public key
– Merchant computes and Compares two quantities;
» H(H(PI)||H(OIMD)) and DS = DKUc[DS]
※ Customer has linked the OI and PI and can prove

the linkage.

SET Transaction Types(1)
• Cardholder registration
– Cardholders must register with a CA before they can send SET
messages to merchants.
• Merchant registration
– Merchants must register with a CA before they can exchange SET
messages with customers and payment gateways.
• Purchase request
– Message from customer to merchant containing OI for merchant and
PI for bank.
• Payment authorization
– Exchange between merchant and payment gateway to authorize a
given amount for a purchase on a given credit card account.
• Payment capture
– Allows the merchant to request payment from the payment gateway.



Purchase Request(1)

Purchase Request(2)
• All of the preceding occurs without the use of SET.
– Customer : visit the cyber store, browsing, selecting, and ordering.
– Merchant : sending order form to customer
• Purchase request exchange consists of 4 messages.
– Initiate Request, Initiate Response, Purchase Request, and Purchase Response
• Initiate Request message
– The customer requests the certificates of the merchant and the payment
gateway.
– Brand of the credit card that the customer is using.
– ID of customer and Nonce.
• Initiate Response message
– Merchant signs message with his private signature key.
– Nonce from the customer and another Nonce by merchant.
– Transaction ID for this purchase transaction.
– Merchant’s signature certificate and Payment gateway’s key exchange
certificate.

Purchase Request message(1)
Payment gateway’s public key-exchange key
Cardholder sends Purchase Request.

• Purchase-related information
– The merchant sends this information to the payment gateway.
– The PI
– The dual signature signed with the customer’s private signature key.
– The OI message digest (OIMD)
» The OIMD is needed for the payment gateway to verify the dual
signature.
– The digital envelope
» This is formed by encrypting Ks with the payment gateway’s
public key exchange key.
• Order-related information
– This information is needed by the merchant.
– The OI
– The dual signature
– The PI message digest (PIMD)
• Cardholder’s certificate

Merchant Verifies Customer Purchase Request.

• Merchant processes purchase request message.
– Verifies the cardholder certificates by means of its CA signatures.
– Verifies the dual signature using the customer’s public signature key.
– Processes the order and forwards the payment information to the
payment gateway for authorization.
– Sends a purchase response message to the cardholder.
• Purchase response message

– It contains that response block and merchant’s signature certificate.
– Response block is signed by the merchant using its private signature
key.
• Cardholder processes purchase response message.

– Verifies the merchant’s certificate and then verifies the signature on
the response block.

Payment Authorization

Authorization Request message
• Purchase-related information
– The PI
– The dual signature
– The OI message digest (OIMD)
• Authorization-related information
– An authorization block that includes the transaction ID
– A digital envelope
• Certificates.
– The cardholder’s signature key certificate : used to verify the dual
signature.
– The merchant’s signature key certificate : used to verify the
merchant’s signature in authorization block.
– The merchant’s key-exchange certificate : needed in the payment
gateway’s response.

Actions of the Payment Gateway
(after receiving authorization request message)
1. Verifies all certificates.
2. Decrypts the digital envelope of the authorization block
to obtain the symmetric key and then decrypts the
authorization block.
3. Verifies the merchant’s signature on the authorization
block.
4. Decrypts the digital envelope of the payment block to
obtain the symmetric key and then decrypts the
payment block.
5. Verifies the dual signature on the payment block.
6. Verifies that the transaction ID received from the
merchant matches that in the PI received (indirectly)
from the customer.
7. Requests and receives an authorization from the issuer.
Authorization Response message
• Authorization-related information
– An authorization block, signed with the payment gateway’s private
signature key and encrypted with a one-time symmetric key generated
by the payment gateway.
– A digital envelope that contains the one-time symmetric key encrypted
with the merchant’s public key-exchange key.
• Capture token information
– A capture token, signed with the payment gateway’s private key and
encrypted with a newly generated one-time symmetric key.
– A digital envelope that contains this one-time symmetric key and
cardholder account information encrypted with the payment gateway’s
public key-exchange key.
• Certificate
– The payment gateway’s signature key certificate.
※ With the authorization from the gateway, the merchant

can provide the goods or services to the customer.

Payment Capture(1)

Payment Capture(2)
• Capture Request message
– Capture request block, signed and encrypted.
» Payment amount, transaction ID
– The encrypted capture token received in the authorization response
for this transaction.
– Certificates
• Capture Response message
– Capture response block, signed and encrypted.
– Certificates
※ The merchant stores the capture response to be used

for reconciliation with payment received from the
acquirer.

UNIT- V
SLO : 1 & SLO :2
Wireless Security :IEEE 802.11 LAN
Security
18CSE354T – NETWORK SECURITY S-1 / UNIT - V

IEEE 802.11 WIRELESS LAN OVERVIEW
• IEEE 802 committee for LAN standards

• IEEE 802.11 formed in 1990’s
– charter to develop a protocol & transmission
specifications for wireless LANs (WLANs)
• since then demand for WLANs, at different
frequencies and data rates, has exploded
• hence seen ever-expanding list of standards issued

IEEE 802 Terminology

Wi-Fi Alliance
• 802.11b first broadly accepted standard
• Wireless Ethernet Compatibility Alliance
(WECA) industry consortium formed 1999
– to assist interoperability of products
– renamed Wi-Fi (Wireless Fidelity) Alliance
– created a test suite to certify interoperability
– initially for 802.11b, later extended to 802.11g
– concerned with a range of WLANs markets,
including enterprise, home, and hot spots

Wireless Network
Wireless networks are categorized into three groups based
on their coverage range:
▪ Wireless Wide Area Networks (WWAN)
WWAN includes wide coverage area technologies
such as 2G cellular, Cellular Digital Packet Data (CDPD),
Global System for Mobile Communications (GSM),
and Mobitex.
▪ Wireless Local Area Network (WLAN)
WLAN, representing wireless local area networks,
includes 802.11, HiperLAN, and several others.
▪ Wireless Personal Area Networks (WPAN)
WPAN, represents wireless personal area network
technologies such as Bluetooth and IR( Infrared (IR) remote controls).
Wireless Network
• Wireless LAN
• Adhoc Network
• Wireless devices
– Personal digital
assistants (PDA)
– Smart phone
• Wireless Standards
– IEEE 802.11
– IEEE 802.15
(Bluetooth)
7
Wireless security threats
• Security Self-Assessment Guide for Information
Technology Systems (SSAGIT) states that information
must be protected from unauthorized, unanticipated, or
unintentional modification.
• Authenticity
• Non-repudiation
• Accountability
• Availability
• Risks in wireless networks are equal to the sum of the
risk of operating a wired network (as in operating a
network in general) plus the new risks introduced by
weaknesses in wireless protocols

• All the vulnerabilities that exist in a conventional wired
network apply to wireless technologies.
• Malicious entities may gain unauthorized access to an
agency’s computer or voice (IP telephony) network through
wireless connections, potentially bypassing any firewall
protections
• Sensitive information that is not encrypted (or that is
encrypted with poor cryptographic techniques) and that is
transmitted between two wireless devices may be
intercepted and disclosed
• Denial of service (DoS) attacks may be directed at wireless
connections or devices.
• Malicious entities may steal the identity of legitimate users
and masquerade as them on internal or external corporate
networks
• Sensitive data may be corrupted during improper
synchronization
• Malicious entities may be able to violate the privacy of
legitimate users and be able to track their physical
movements.
• Malicious entities may deploy unauthorized equipment (e.g.,
client devices and access points) to secretly gain access to
sensitive information
• Handheld devices are easily stolen and can reveal sensitive
information
• Data may be extracted without detection from improperly
configured devices
• Viruses or other malicious code may corrupt data on a
wireless device and be subsequently introduced to a wired
network connection.

• Malicious entities may, through wireless connections, connect
to other agencies for the purposes of launching attacks and
concealing their activity
• Interlopers, from inside or out, may be able to gain

connectivity to network management controls and thereby
disable or disrupt operations.
• Malicious entities may use a third party, untrusted wireless

network services to gain access to an agency’s network
resources.
• Internal attacks may be possible via ad hoc transmissions.

Wireless LAN Characteristics
Benefits of WLAN
User mobility, Rapid installation, Flexibility, Scalability

IEEE 802 Protocol Architecture

Network Components & Architecture

Wireless LAN Architecture
• Infrastructure WLAN
– Access Point
– Basic Service Set (BSS)
– Extended Service Set (ESS)
– Remote Authentication Dial in User service
(RADIUS)
Functionality – Authentication/Authorization/Accounting

Wireless LAN Security
• It is largely provided by the Wired Equivalent Privacy
(WEP) protocol to protect link level data during
wireless transmission between clients and access
points

Three basic security services provided by the IEEE 802.11 WEP
– Authentication – verifying the identity of client stations
– Confidentiality or privacy – preventing the information
compromise
– Integrity – Ensuring the content of message is not modified
Weakness of WEP
– Weakness in key management – Single key for all access
points and client radios, Authentication and encryption keys
are same
– Shared key authentication failure – no knowledge of secret to
gain network access
– Weakness in encryption – short 24 bit IV, Short 40 bit
encryption scheme
– Given c1 and c2 with same IV, c1⊕ c2= p1⊕p2 [p1⊕ S ⊕ p2 ⊕ S],
leading to statistical attacks to recover plaintexts
• In order to solve the weakness of WEP, Wi-Fi Protected
Access (WPA) was developed.
• The current state of 802.11i standard is referred to as
Robust Security Network
802.11i RSN defines the following services with high
complexity
– Authentication – Mutual authentication, temporary
keys between client and AP
– Access Control – enforces authentication function,
routes the message properly, facilitates key exchanges
– Privacy with message integrity – MAC level data are
encrypted along with a message integrity code

Comparison of WEP and WPA
WEP WPA
Encryption Flawed Fixes all WEP flaws
40-bit keys 128-bit keys
Static-same keys Dynamic session keys.
used by everyone on Per-user, per-session,
network per-packet keys
Manual distribution Automatic Distribution
Authentication Flawed, uses WEP Strong user
key itself authentication using
802.1X and EAP

Comparison of WPA and 802.11i (WPA2)
802.11i
802.1X
Key management
WPA
Cipher & Authentication negotiation
TKIP
AES

CBC-MAC Cipher
block chaining
message
authentication code
CCM – Counter mode
with cipher block
chaining message
authentication code
CCMP – Counter
mode with cipher
block chaining MAC
protocol
TKIP – Temporal Key
Integrity Protocol

IEEE 802.11i Phases of Operation

Possible message exchanges in WLAN
• Two wireless stations in the same BSS
communicating via the access point (AP) for that
BSS.
• Two wireless stations (STAs) in the same ad hoc
Independent BSS (IBSS) communicating directly
with each other
• Two wireless stations in different BSSs
communicating via their respective APs across a
distribution system
• A wireless station communicating with an end
station on a wired network via its AP and the
distribution system.

802.11i Phases of Operation

802.11i Discovery and Authentication Phases
The purpose of this

phase is for an STA
and an AP to
recognize each other,
agree on a set of
security capabilities,
and establish an
association for future
communication using
those security
capabilities.

Discovery Phase
• security capabilities between STA and AP
– Confidentiality protocol
– MAC protocol data unit (MPDU) integrity
protocols
– Authentication methods
– Cryptographic key management approach
• Three type of message exchanges in discovery
phase (MPDU Exchanges)
– Network and security capability discovery
– Open system authentication
– Association

Mobile Station (MS) and AP connection
• Discovery process
– AP broadcasts beacon from periodically to discover the mobile nodes
in its coverage area
– Beacon frame contains the SSID (Service Set ID) of
broadcasting AP, its data rates etc.
– Mobile node sends a probe request frame
• Station association
– A station willing to have association with AP will send Associate
request frame
– AP will send the Associate response frame if it accepts the request
– Before association, it requires authentication
– A station can have the association with only one AP
• Protocols
– Wired Equivalent Privacy (WEP)
– WiFi Protocol Access (WPA) – also called Temporal key integrity
protocol (TKIP)
– IEEE 802.11i – WPA2
Authentication phase

EAP – Extensible Authentication Protocol
• This standard defines the Extensible Authentication

Protocol (EAP), which uses a central authentication
server to authenticate each user on the network.
• EAP is an 802.1x standard that allows developers to
pass security authentication data between
authentication server, access point (AP) and wireless
client

EAP – Protocol supporting
• EAP – MD5
– AS challenges the MS to transmit the MD5 of the user’s password. User
can send hash of password to AP. But attacker could eavesdrop on such
message exchange and replay the hashed password, thus impersonates
like the owner of the password
– No support for authentication of AP to the station
• EAP – TLS
– It provides mutual authentication and agreement on a master session
key.
– It requires AP and MS to have digital certificates
• EAP – TTLS (Tunneled TLS)
– First the AP authenticates itself to MS
– Second Both AP and MS construct the secure tunnel between then
– Third, Over the secure tunnel, the MS authenticates itself to AP by
sending its user name and password
• EAP – PEAP
– (protected EAP) proposed by microsoft, Cisco and RSA security
– Similar to EAP-TTLS

3. Key management
• Two types of Keys
– Pairwise key – to protect the traffic between MS and AP
– Group key – To protect the broadcast and multicast traffic between an AP and
multiple MS
• Master Session Key
– The MS and AS agrees on MSK as part of authentication
• Pairwise Master key (PMK)
– AS supplies the MSK to both MS and AP
– AP and MS will derive PMK from MSK
• Pairwise Transient Key (PTK)
– 256 bit PMK is used to derive 384 bit PTK.
– PTK is pseudo random function of PMK, two nonce chosen by AP and MS,
MAC address of MS
– From 384 bit PTK, 128 bit chunks are extracted to generate Temporal Key (TK),
Key Confirmation Key (KCK) and Key Encryption Key (KEK)
• Temporal key
– Used for both encryption and integrity protection of data between the AP and
MS
• Key Confirmation Key
– Used to integrity-protect some messages which carries group keys
• Key Encryption Key (KEK)
– Used to encrypt the message containing the group key

Pairwise key

Group key

Key Hierarchy

Four way handshake
MIC – Message Integrity Check

4. Protected data transfer phase
• Two methods to protect the data transmitted

in 802.11
– Temporal Key Integrity Protocol (TKIP)
– Counter Mode – CBC MAC Protocol (CCMP)

Temporal Key Integrity Protocol (TKIP)

TKIP

Counter mode with CBC MAC Protocol
(CCMP)

SLO : 1 & SLO :2
AUTHENTICATION and
CONFIDENTIALITY

AUTHENTICATION
1. Pre-WEP Authentication
a. Early versions of 802.11 use naïve approaches:
knowledge of SSID sufficed for a station to be
authenticated to the AP
➢ Drawbacks: An attacker could easily sniff the value of SSID
from frames such as the beacon or probe response and then
use it for authentication.
b. Another approach was to restrict admission to the
WLAN by MAC address.
✓ The AP would maintain a list of MAC addresses (access
control list) of stations permitted to join the WLAN.
✓ valid MAC addresses could be obtained by sniffing the
wireless medium.
✓ The attacker could then modify his network card to spoof a
valid MAC address. So, neither of these approaches was truly
secure.
18CSE354T – NETWORK SECURITY S- 2/ UNIT - V

Authentication in WEP
2. Authentication in WEP
➢ In WEP, the station authenticates itself to the AP using a
challenge—response protocol.
➢ Basically, the AP generates a challenge (nonce) and sends it
to the station.
➢ The station encrypts the challenge and sends it to the AP.
➢ The stream cipher, RC4, is used for encryption.
➢ Response From Station: the station computes a key stream,
which is a function of a 40-bit shared secret, S, and a 24-bit
Initialization Vector (IV).
➢ The challenge is then XORed with the keystream to create
the response.
RESPONSE = CHALLENGE (XOR) KEYSTREAM(S, IV)
18CSE354T – NETWORK SECURITY S- 2/ UNIT - V

Authentication in WEP
➢ The response together with the IV is sent by the station to the
AP.
➢ The shared secret, S, is common to all stations authorized to
use the WLAN.
Drawbacks:
➢ All an attacker needs to do is to monitor a
challenge—response pair.
➢ From this, he can compute the keystream.
➢ To authenticate himself to the AP, he needs to XOR the
challenge from the AP with the computed keystream.
➢ It may also be possible for an attacker to obtain S itself.
➢ By eavesdropping on several challenge—response pairs
between the AP and various stations, an attacker could launch a
dictionary attack and eventually obtain S.
Authentication and key agreement in 802.11
3. Authentication and key agreement in 802.11
Authentication
➢ 802.11i uses IEEE 802.1x — a protocol that supports authentication at the
link layer.
Three entities are involved:
1. Supplicant (the wireless station).
2. Authenticator (the AP in our case).
3. Authentication server.
➢ Different authentication mechanisms and message types are defined by
the Extensible authentication Protocol (EAP) standardized by Internet
Engineering Task Force (IETF).
➢ EAP is not really an authentication protocol but rather a framework upon
which various authentication protocols can be supported.
➢ EAP exchanges are mostly comprised of requests and responses.
➢ For example one party requests the ID of another party.
➢ The latter responds with its username or e-mail address.
➢ EAP also defines messages that may contain challenges and responses
used in authentication protocols.
➢ The AP broadcasts its security capabilities in the Beacon or Probe
Response frames.

Authentication and key agreement in
802.11
➢ The station uses the Associate Request frame to
communicate its security capabilities.
➢ 802.11i authentication takes place after the station
associates with an AP. IEEE 802.11i
➢ The generic authentication messages in IEEE 802.11i are
shown in Fig.(next slide)
➢ The protocol used between the station and the AP is EAP
but that used between the AP and the authentication server
depends upon the specifics.
➢ For example, the authentication server is often a RADIUS
server which uses its own message types and formats.
(RADIUS stands for Remote Authentication Dial in User
Service. It is a client—server protocol used for authentication,
authorization, and accounting.)

Authentication messages in IEEE
802.11i

Authentication Methods
➢ The main authentication methods supported by EAP
include the following:
1. EAP-MDS
2. EAP-TLS
3. EAP-TTLS
4. EAP-PEAP

EAP-MDS, EAS-TLS
1. EAP-MDS
✓ This is most basic of the EAP authentication methods.
✓ Here, the authentication server challenges the station to transmit the MD5
hash of the user's password.
✓ The station prompts the user to type his/her password.
✓ It then computes the hash of the password and sends this across.
✓ This method is insecure since an attacker could eavesdrop on such a
message exchange and then replay the hashed password thus impersonating
the owner of the password.
✓ Also, this method does not support authentication of the AP to the station.
2. EAP-TLS
✓ EAP-TLS is based on the SSL/TLS protocol
✓ most secure and provides mutual authentication and agreement on a
master session key.
✓ It requires the AP as well as the user (station) to have digital certificates.
✓ It is relatively straightforward to equip each AP with a digital certificate
and a corresponding private key but extending the via to each user of the
WLAN may not be feasible.

EAP-TTLS, PEAP
3. EAP-TTLS
✓ (tunnelled TLS) requires certificates only at the AP end.
✓ The AP authenticates itself to the station and both sides
construct a secure tunnel between themselves.
✓ Over this secure tunnel, the station authenticates itself to the
AP.
✓ The station could transmit attribute-value pairs such as
user_name = akshay
password = 4rP#mNaS&7
4 Protected EAP (PEAP)
✓ This was proposed by Microsoft, Cisco, and RSA Security, is very
similar to EAPTTLS.
✓ In PEAP, the secure tunnel is used to start a second EAP
exchange where in the station authenticates itself to the
authentication server.
CONFIDENTIALITY
CONFIDENTIALITY
Data Protection in WEP (wired equivalent privacy).
➢ WEP was designed to provide message confidentiality,
integrity, and access control but it failed on all three
counts.
➢ In this section, we show how plaintext can be
recovered and messages can be modified due to flawed
design decisions in WEP. ➢ There are many lessons to be
learned from WEP — the most important being how not
to design protocols for security.

CONFIDENTIALITY
WEP Encryption
➢ WEP uses the stream cipher, RC4, for encrypting messages.
➢ It generates a pseudo-random keystream, KS, which is a
function of a static secret shared between the two
communicating parties.
➢ In order to have KS vary from message to message, a
random per-message initialization vector, IV, is also used to
generate KS.
➢ Early implementations of WEP used a 40-bit secret, S,
concatenated with a 24-bit IV to create, in effect, a "64-bit
key."
➢ KS is xored with the plaintext, P, to obtain the ciphertext, C
or
CONFIDENTIALITY
• The plaintext includes

– Message to be send
– Integrity: which is a 32 bit checksum computed on
the message.
– The IV chosen by the sender is included in each
frame as shown below

CONFIDENTIALITY
• The plaintext p is obtained as follows:
The receiver will generates KS from the shared secret Sand the IV
retrieved from the received frame. It recovers the plain text from the
following equation
Known plaintext attack

➢ The first problem with WEP is the possibility of keystream re-use.
➢ Since the IV is 24 bits in length, there are only 224 distinct
keystreams that could be constructed given a secret S.
➢ Suppose an attacker finds two frames which were encrypted using
the same IV.
➢ Let their ciphertexts be C and C'.
➢ Let the corresponding plaintexts be P and P'. using
➢ Thus knowing c,c’, and p, we can obtain p’
which is called as known plaintext attack.
SLO :1
Cellphone Security
18CSE354T – NETWORK SECURITY S- 3 / UNIT - V

SLO :2
GSM (2G) Security

SLO : 1 & SLO : 2
Security in UMTS (3G)

UMTS PROS & CONS

SLO :1
Wireless LAN vulnerablities

SLO :2
Phishing

Vulnerabilities
• A vulnerability is a weakness or lacuna in a

policy, procedure, protocol, hardware or
software within an organization that has the
potential to cause it damage or loss.

Vulnerability Types
• Human Vulnerabilities
– Induced by careless/unthinking human behaviour
– Ex. clicking on a link in an e-mail message from a
questionable source
– Related to phishing and cross-site scripting
attacks

Vulnerability Types…
• Protocol Vulnerabilities
– Attacks on commonly used networking protocols such as
TCP, IP, ARP, ICMP and DNS
– Ex. Connection hijacking caused by ARP spoofing, etc.
– Denial of Service Attacks (DoS) which exploit the 3-way
TCP handshake
– Pharming attacks exploit vulnerabilities in DNS

Vulnerability Types…
• Software Vulnerabilities
– Caused by sloppy software
– Software may perform as expected under normal

conditions but when provided with a specific input, it turns
malicious
– Examples include Buffer Overflow vulnerability, Cross-site

Scripting (XSS) vulnerability and SQL Injection vulnerability

Phishing
• Phishing is the fraudulent attempt to obtain sensitive
information such as usernames, passwords and credit
card details by disguising oneself as a trustworthy
entity in an electronic communication.
• Typically carried out by email spoofing or instant
messaging it often directs users to enter personal
information at a fake website which matches the look
and feel of the legitimate site.
• Email spoofing is one of the easiest types of phishing
used to get data from users without their knowledge.
It can be done in different ways:
– Sending an email through a familiar username,
– Impersonating the identity of an organization and asking
employees to share internal data.
Phishing
• Here is an example
Just by seeing the company’s name and the urgency of action,

some users may click on the link.
Phishing
• How to prevent email phishing? The best way

to prevent these attacks is by carefully reading
the sender’s email address.
• If you are not sure about the characters in an
email address, then copy and paste it in the
notepad to check the use of numeric or
special characters.

Phishing
• Misspelled URL Hackers buy domains that sound similar to
popular websites.
• Then, they phish users by creating an identical website, where
they ask targets to log in by submitting personal information.
• In the example below, you can see that there’s a typo in the
link that people can easily miss: “www.citiibank.com…”
instead of “www.citibank.com…

Phishing
• Pop-Up Messages: In-Session Phishing Pop-up messages are the
easiest way to run a successful phishing. Through pop-up
messages, attackers get a window to steal the login credentials
by redirecting them to a fake website. This technique of phishing
is also known as “In-session phishing.” Look at the pop-up
window given below. In this example, doesn’t the foreground
pop-up seem legitimate enough to mislead customers?

SLO : 1 & SLO : 2
Buffer Overflow

Buffer Overflow (BOF)
• The BOF vulnerability is one of the oldest and, by far,

the most common of software vulnerabilities.
• As early as 1988, the Morris worm was one of the

first to exploit this vulnerability.
• Since then, many creative ways of converting such a

vulnerability into an exploit have been devised.

Buffer Overflow (BOF) …
• A buffer overflow (BOF) occurs when the space allocated
to a variable (typically an array or string variable) is
insufficient to accommodate the variable in its entirety.
• For example, a certain amount of buffer space is

allocated for an array. If array bounds are not checked
while populating it, the array may overflow into
contiguous memory and corrupt it.
• Interestingly, this could cause an attacker to subvert the

normal flow of a program. Malicious code supplied by
the attacker in the buffer could be executed.

Exploiting Stack Overflows
• Provide input to a buffer on the stack which includes

malicious code (often called shellcode)
• Overflow the buffer so that the return address to the

calling program is overwritten with the address of
the malicious code
• That way, when the called function terminates, it will

not return to the calling program. Instead, the
malicious code will be executed

Buffer Overflow Defences
There are many defences against BOF.
Some of the best known are
– Make the stack non-executable. This prevents
malicious code on the stack from being executed.
However, exploits like return into LibC are still
possible
– Compiler-based option: Place a “canary variable”
on the stack between the local variables and the
return address. If a BOF modifies the return
address, the canary will be corrupted. This will be
detected by the compiler and the program will be
aborted.

Related Attacks
• Heap Overflow: A program’s dynamically allocated

variable are stored on the heap. Buffers in this area
may also be overflown leading to Heap buffer
overflow attacks.
• Format String Attacks:

C language printf( ), for example, uses a format
string as function parameter. An attacker may pass a
malicious string as input parameter enabling the
attacker to read or write arbitrary locations in
memory.

SLO : 1 & SLO : 2
Format String Attacks, Cross-site
Scripting(XSS)

Format String
Format String Attacks:

C language printf( ), for example, uses a
format string as function parameter. An
attacker may pass a malicious string as input
parameter enabling the attacker to read or
write arbitrary locations in memory.

Cross-site Scripting Attacks
• A web site is said to have a cross-site scripting
vulnerability if it inadvertently includes malicious scripts
crafted by an attacker in pages returned by it.
• For example,
<SCRIPT> Malicious Code </SCRIPT>
• The malicious code may, for example, read browser

cookies on the victim’s machine and ship these off to an
attacker’s web server

Persistent XSS Attack
• The malicious code (scripts) on a web page is saved
on the web server.
• When an innocent user downloads the web page,

the malicious scripts execute on that user’s browser.
• Example: Users update their profile on a social

networking site. These profiles may be read
(downloaded) by other users through their browsers

Non-persistent XSS Attack
• Exploits the fact that some servers echo back certain
user input back to the client without validating it
• For example, a user may be asked for personal

details in an HTML form. Suppose he enters his name
as “Prashant”. The server then responds with “Hello
Prashant”
• Note that the server has echoed back his name
• Now, what would happen if, instead of Prashant, the

user enters
<SCRIPT>alert(‘Fire!’)</SCRIPT>

Overcoming XSS
• Validate and filter all user input. (Should this be

done at the client or server?)
• One strategy is to make a blacklist of all user input

that should be filtered out. For example,
single/double quotes, angular brackets, etc. should
not appear in an e-mail address input from the user.
• A better solution in most cases is the equivalent of a

whitelist approach - specify precisely what user
input is expected. This is often accomplished by the
use of a regular expression.

SLO : 1 & SLO : 2
SQL Injection

SQL Injection
• SQL is standard query language for accessing and
manipulating databases.
What does SQL do?
• Executes queries
• Insert update and delete record
• Create new database
• Create new tables
• Create stored procedures
• Create Views
• Set permission on tables, procedures, and views

SQL Injection
• SQL injection is a code injection technique, used to
attack datadriven applications, in which malicious SQL
statements are inserted into an entry field for
execution.
• This is a method to attack web applications that have
a data repository.
• The attacker would send a specially crafted SQL
statement that is designed to cause some malicious
action.

Attack Intent
Determining database schema
• Extracting data
• Adding or modifying data
• Bypassing authentication
• In August 17, 2009, the United States Justice
Department charged an American citizen Albert
Gonzalez and two Russians with the theft of 130
million credit card numbers using an SQL
injection attack.

SQL Injection

SQL Injection
• Form parameters may be passed as a query string in
an extended URL to the server as in
www.iitb.ac.in?s_ID=08935710&passwd=4ep*NdF
• The server application retrieves the form parameters

and uses them to build an SQL query such as
select s_ID, gpa

from students09
where s_ID = 08935710 and passwd = ‘4ep*NdF’

Constructing an SQL query directly
from user input (Example 1)
select s_ID, gpa
from students09
where s_ID = 123 and passwd = ‘abc’ or ‘x’ = ‘x’

Constructing an SQL query directly from
user input (Example 2)
select s_ID, gpa
from students09
where s_ID = 123 or 1=1 - - and passwd = ‘ abc ’

Constructing an SQL query directly from
user input (Example 3)
select s_ID, gpa

from students09
where s_ID = 123; DROP TABLE students09; - - and passwd
= ‘ abc ’

SQL Injection

SQL Injection

SQL Injection

9. Which protocol is used to convey SSL related alerts to the peer entity?
a) Alert Protocol b) Handshake Protocol
c) Upper-Layer Protocol d) Change Cipher Spec Protocol
View Answer
Answer: a
Explanation: The Alert protocol is used to convey SSL related alerts to the peer entity.
10. Which protocol consists of only 1 bit?
View Answer
Answer: d
Explanation: The change cipher spec protocol is bit long.
11. Which protocol is used for the purpose of copying the pending state into the current state?
View Answer
Answer: d
Explanation: The Change Cipher Spec Protocol is used for this action.
12. Which of the following are possible sizes of MACs?
i) 12 Bytes
ii) 16 Bytes
iii) 20 Bytes
iv) 24 Bytes
a) i and iii b) ii only

c) ii and iii d) ii iii and iv
View Answer
Answer: c
Explanation: MACs can be 0, 16 or 20 Bytes.
13. In the alert protocol the first byte takes the value 1 or 2 which corresponds to _________ and _________
respectively.
a) Select, Alarm b) Alert, Alarm
c) Warning, Alarm d) Warning, Fatal
View Answer
Answer: d
Explanation: The first byte takes the value warning(1) or fatal(2) to convey the severity of the message.
14. Number of phases in the handshaking protocol?
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: There are 4 phases in the handshaking protocol. These are –
Phase 1 : Establishing security capabilities
Phase 2 : Server Authentication and Key Exchange
Phase 3 : Client Authentication and Key Exchange
Phase 4 : Finish/ End.
15. In the SSL record protocol operation pad_2 is –
a) is the byte 0x36 repeated 40 times for MD5
b) is the byte 0x5C repeated 48 times for MD5
c) is the byte 0x5C repeated 48 times for SHA-1
d) is the byte 0x36 repeated 48 times for MD5
View Answer
Answer: b
Explanation: pad_2 = is the byte 0x5C repeated 48 times for MD5.
16.In the SSL record protocol operation pad_1 is –
a) is the byte 0x36 repeated 40 times for MD5
b) is the byte 0x5C repeated 40 times for MD5
c) is the byte 0x5C repeated 48 times for SHA-1
d) is the byte 0x36 repeated 48 times for MD5
View Answer
Answer: d
Explanation: pad_1 = is the byte 0x36 repeated 48 times for MD5.
17. In the Handshake protocol action, which is the last step of the Phase 2 : Server Authentication and Key
Exchange?
a) server_done b) server_key_exchange
c) certificate_request d) crtificate_verify
View Answer
Answer: a
Explanation: The last step of the Phase 2 is the server_done step.
18. Which is the key exchange algorithm used in CipherSuite parameter?
a) RSA b) Fixed Diffie-Hellman
c) Ephemeral Diffie-Hellman d) Any of the mentioned
View Answer
Answer: d
Explanation: We can use either of the following for the CipherSuite key exchange-
i) RSA ii) Fixed Diffie-Hellman
iii) Ephemeral Diffie-Hellman iv) Anonymous Diffie-Hellman
v) Fortezza.
19.The certificate message is required for any agreed-on key exchange method except _______________
a) Ephemeral Diffie-Hellman
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
View Answer
Answer: b
Explanation: The certificate message is required for any agreed-on key exchange method except Anonymous
Diffie-Hellman.
20. In the Phase 2 of the Handshake Protocol Action, the step server_key_exchange is not needed for which of
the following cipher systems?
a) Fortezza
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
View Answer
Answer: c
Explanation: The Fixed Diffie-Helmann does not require the server_key_exchange step in the handshake
protocol.
21. The DSS signature uses which hash algorithm?
a) MD5
b) SHA-2
c) SHA-1
d) Does not use hash algorithm
View Answer
Answer: c
Explanation: The DSS signature uses SHA-1.
22. The RSA signature uses which hash algorithm?
a) MD5
b) SHA-1
c) MD5 and SHA-1
d) None of the mentioned.
View Answer
Answer: c
Explanation: The MD5 and SHA-1 hash is concatenated together and the then encrypted with the server’s
private key.
23. What is the size of the RSA signature hash after the MD5 and SHA-1 processing?
a) 42 bytes
b) 32 bytes
c) 36 bytes
d) 48 bytes
View Answer
Answer: c
Explanation: The size is 36 bytes after MD5 and SHA-1 processing.
24. The certificate_request massage includes two parameters, one of which is-
a) certificate_extension
b) certificate_creation
c) certificate_exchange
d) certificate_type
View Answer
Answer: d
Explanation: The certificate_request massage includes two parameters : certificate_type and
certificate_authorities.
25. The client_key_exchange message uses a pre master key of size –
a) 48 bytes
b) 56 bytes
c) 64 bytes
d) 32 bytes
View Answer
Answer: a
Explanation: The client_key_exchange message uses a pre master key of size 48 bytes.
26. The certificate_verify message involves the process defined by the pseudo-code (in terms of MD5) –
CertificateVerify.signature.md5_hash = MD5(master_secret || pad_2 || MD5(handshake_messages ||
master_secret || pad_1).
Is there any error? If so, what is it?
a) Yes. pad_1 and pad_2 should be interchanged
b) Yes. pad’s should be present towards the end
c) Yes. master_key should not be used, the pre_master key should be used
d) No Error
View Answer
Answer: d
Explanation: The code is correct with no errors.
27. In the handshake protocol which is the message type first sent between client and server ?
a) server_hello b) client_hello c) hello_request d) certificate_request
View Answer
Answer: b
Explanation: Interaction between the client and server starts via the client_hello message.
28 In the SSLv3 the padding bits are ____________ with the secret key.
a) Padded b) XORed c) Concatenated d) ANDed
View Answer
Answer: c
Explanation: The padding bits are concatenated with the secret key.
29 Which of the following is not a valid input to the PRF in SSLv3?
a) secret value
b) identifying label
c) initialization vector
d) secret value
View Answer
Answer: c
Explanation: The PRF does not require an initialization vector.
30. Which of the following alert codes is not supported by SSLv3?
a) record_overflow b) no_certificate c) internal_error d) decode_error
View Answer
Answer: b
Explanation: no_certificate is not supported by the SSLv3.
31. We encounter the record_overflow error when the payload length exceeds –
a) 214 + 1024 b) 216 + 1024 c) 214 + 2048 d) 216 + 2048
View Answer
Answer: c
Explanation: The overflow error is encountered when the length exceeds 214 + 2048.
32. Which key exchange technique is not supported by SSLv3?
a) Anonymous Diffie-Hellman b) Fixed Diffie-Hellman
c) RSA d) Fortezza
View Answer
Answer: d
Explanation: Fortezza is not supported in SSLv3.
e-learning-project-cartoonifier
33. Calculation of the certificate_verify in TLS involves the use of a finished_label. The finished_label is the
string-
a) client finished for the client
b) client finished for the client, server finished for the server
c) server finished for the server
d) client finished for the server, server finished for the client
View Answer
Answer: b
Explanation: The finished_label is the string client finished for the client, server finished for the server.
34. In TLS padding cann be upto a maximum of –
a) 79 bytes b) 127 bytes c) 255 bytes d) none of the mentioned
View Answer
Answer: c
Explanation: Padding can be upto a maximum of 255 bytes.
35. URL stands for –
a) Universal Remote Locator b) Universal Resource Language
c) Uniform Resource Locator d) Uniform Resource Language
View Answer
36. HTTPS stands for Hypertext Transfer Protocol over TLS.
a) True b) False
View Answer
Answer: a
Explanation: The statement is true. HTTPS is HTTP invoked over SSL/TLS.
37. An HTTP connection uses port _________ whereas HTTPS uses port ____________ and invokes SSL.
a) 40; 80 b) 60; 620 c) 80; 443 d) 620; 80
View Answer
Answer: c
Explanation: HTTP uses 80 ports, whereas HTTPS uses 443 ports.
UNIT 5
1. Which layer in the IEEE 802.11 protocol stack has the function of flow control and error control?
a) Physical Layer
b) Logic Link Control Layer
c) Medium Access Layer
d) None of the mentioned
View Answer
Answer: b
Explanation: Logic Link Layer has the function of flow control and error control.
2. With respect to IEEE 802.11 Wireless LAN, MSDU stands for-
a) MAC service data unit.
b) Main server data user
c) Multiframe service datagram usage
d) MAC server device usage
View Answer
Answer: a
Explanation: MSDU stands for MAC service data unit.
3. Frequency band definition and Wireless signal encoding are functions of which layer?
a) Physical Layer
View Answer
Answer: a
Explanation: Frequency band definition and Wireless signal encoding are functions of the Physical Layer.
4. The correct order of the of the MAC header is-
a) MAC Control, Destination MAC Address, Source MAC Address
b) Destination MAC Address, Source MAC Address, MAC Control
c) Source MAC Address, Destination MAC Address, MAC Control
d) none of the mentioned
View Answer
Answer: a
Explanation: The correct order of arrangement is MAC Control, Destination MAC Address, Source MAC
Address.
advertisement
5. CRC is a component of the MAC trailer.
a) True
b) False
View Answer
Answer: a
Explanation: CRC is a component of the MAC trailer. The statement is true.
6. Reliable data delivery and Wireless access control protocols are functions of which layer?
a) Physical Layer
View Answer
Answer: c
Explanation: Reliable data delivery and Wireless access control protocols are functions of the Medium Access
Layer.
7. Which layer keeps track of the frames that have been transmitted and received?
a) Physical Layer
View Answer
Answer: b
Explanation: The LLC keeps track of the frames that have been transmitted and received.
8. The smallest building block of a wireless LAN is –
a) Unit server set
b) Unit service set
c) Basic server set
d) Basic service set
View Answer
Answer: d
Explanation: The smallest building block of a wireless LAN is Basic service set (BSS).
9. In an IBSS system all communications are done via access points (APs).
a) True
b) False
View Answer
Answer: b
Explanation: IBSS stands for Independent Basic Service Set.
10. __________ consists of two or more basic service sets interconnected by a distribution system.
a) Extended Service Set
b) Permuted Service Set
c) Complex Service Set
d) Multiplex Service Set
View Answer
Answer: a
Explanation: Extended Service Set consists of two or more basic service sets interconnected by a distribution
system.
11. IEEE 802.11 defines ___________ services that need to be provided by the wireless LAN to achieve
functionality equivalent to that which is inherent to wired LANs.
a) 4
b) 7
c) 5
d) 9
View Answer
Answer: d
Explanation: There are 9 services provided by IEEE 802.11.
12. ___________ services are used to control IEEE 302.11 LAN access and confidentiality.
a) 4
b) 5
c) 2
d) 3
View Answer
Answer: d
Explanation: Three of the services provided by IEEE 302.11 LAN are used to control access and confidentiality.
13.__________ services are used to control IEEE 302.11 LAN delivery of MDSUs between stations.
a) 5
b) 6
c) 3
d) 2
View Answer
Answer: b
Explanation: 6 services are used to control IEEE 302.11 LAN delivery of MDSUs between stations.
148
14. _________ services are implemented in every 802.11 station, including AP stations. _________ services are
provided between BSSs.
a) Station, Distribution
b) Distribution, Station
c) Extended, Basic
d) Basic, Extended
View Answer
Answer: a
Explanation: Station services are implemented in every 802.11 station, including AP stations. Distribution
services are provided between BSSs.
15. The _________ service enables transfer of data between a station on an IEEE 802.11 LAN and a station on
an integrated IEEE 802.x LAN.
a) extension
b) differentiation
c) integration
d) distribution
View Answer
Answer: c
Explanation: The integration service enables transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN.
16. When a station moves only within the direct communication range of the communication stations of a single
BSS, it is referred to as –
a) No transition
b) BSS transition
c) ESS transition
d) All of the mentioned
View Answer
Answer: a
Explanation: When a station moves only within the direct communication range of the communication stations
of a single BSS, it is referred to as No transition.
17. A station movement from one BSS in one ESS to a BSS within another ESS falls under –
a) No transition
b) BSS transition
c) ESS transition
View Answer
Answer: c
Explanation: A station movement from one BSS in one ESS to a BSS within another ESS falls under ESS
transition.
18. “Enables an established association to be transferred from one AP to another, allowing a mobile station to
move from one BSS to another.” This can be referred to as-
a) Association
b) Reassociation
c) Disassociation
View Answer
Answer: a
Explanation: This is known as association.
19. What was the security algorithm defined for the IEEE 802.11?
a) WEP
b) RSN
c) WPA
d) SSL
View Answer
Answer: a
Explanation: Wired Equivalency Privacy was the security algorithm defined for the IEEE 802.11.
20. The final form of the 802.11i standard is referred to as –
a) Wi-Fi Protected Access
b) Robust Security Network
c) Wired Equivalency Privacy
View Answer
Answer: b
Explanation: The final form of the 802.11i standard is the Robust Security Network (RSN).
21. EAP stands for –
a) Extended Application Protocol
b) Extensible Authentication Protocol
c) Embedded Application Protocol
d) Embedded Authentication Protocol
View Answer
Answer: b
Explanation: EAP stands for Extensible Authentication Protocol.
22. TKIP is an access control protocol.
a) True
b) False
View Answer
Answer: b
Explanation: TKIP stands for Temporal Key Integrity Protocol and falls under “Confidentiality, Data Origin
Authentication and Integrity and Replay Protection.”
23. In which phase of operation does the STA and AS prove their identities to each other?
a) Discovery
b) Authentication
c) Key generation and distribution
d) Protected data transfer
View Answer
Answer: b
Explanation: The STA and AS prove their identities to each other in the Authentication phase.ory Design
Pattern
24. The specification of a protocol, along with the chosen key length (if variable) is known as –
a) cipher suite
b) system suite
c) key set
d) service set
View Answer
Answer: a
Explanation: The specification of a protocol, along with the chosen key length (if variable) is known as cipher
suite.
25. Which the 3rd phase of operation in the IEEE 802.11i Protocol?
a) Protected Data Transfer
b) Discovery
c) Authentication
d) Key Management
View Answer
Answer: d
Explanation: Key management is the 3rd Phase of operation in the IEEE 802.11i Protocol.
26. Which phase uses the Extensible Authentication Protocol?
a) Discovery
b) Authentication
c) Key Management
d) Protected Data Transfer
View Answer
Answer: b
Explanation: EAP belongs to the Authentication Phase and is defined in the IEEE 802.1X standard.
27. There are a number of possible EAP exchanges that can be used during authentication phase. Typically the
message flow between the STA and AP employs the ___________ protocol.
a) RADUIS
b) EAPOL
c) TKIP
d) KSN
View Answer
Answer: b
Explanation: The message flow between the STA and AP employs the EAP over LAN (EAPOL) protocol.
28. Another name for the AAA key (Authentication, Authorization and Accounting Key) is –
a) pre-shared key
b) pairwise transient key
c) master session key
d) key conformation key
View Answer
Answer: c
Explanation: The AAA key (Authentication, Authorization and Accounting Key) is also known as master
session key.

Unit 4 5 MCQ PPT Combined

Uploaded by

Copyright:

Available Formats

Unit 4 5 MCQ PPT Combined

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 4 5 MCQ PPT Combined

Uploaded by

Copyright:

Available Formats

UNIT 4

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

• Secure Socket Layer Protocol

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

• Record Protocol to transfer application and TLS

Handshake Protocol Change Alert Protocol

TLS Record Protocol

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

Architecture(2) – Connection, Session

SSL Record Protocol(1)

• Two services for SSL

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SSL Record Protocol(2)

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SSL Record Protocol(3)

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SSL Record Protocol(4)

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SSL Record Protocol(5)

18CSE354T – NETWORK SECURITY S-1 / UNIV - IV

SSL Record Protocol(6)

• 5th : Append SSL record header

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

Change Cipher Spec & Alert Protocol(1)

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

18CSE354T – NETWORK SECURITY S-8 / UNIV - IV

Session initiation if no previous state

Session resumption if both sides remember session-id

• A cipher suite is a complete package.

• In SSLv2, Bob returns the subset of Alice's suggested cipher suites

• Although cipher suites have 2-octet (or 3-octet in SSLv2) identifiers,

• In a truncation attack, an attacker inserts into a message a TCP code

• To prevent this, SSL from version v3 onward has a closing handshake,

• Packet encodings in the SSL/TLS specifications are expressed in a

Fig – Cryptographically protected record format

• An alert is sent to advise the other side of some condition.

SMU CSE 5349/7349

• Problem: communicate credit card and purchasing

SMU CSE 5349/7349

• SET (Secure Electronic Transactions)

SMU CSE 5349/7349

SMU CSE 5349/7349

18CSE354T – NETWORK SECURITY S-9 / UNIV - IV

SMU CSE 5349/7349

• Provide confidentiality of payment and ordering

SMU CSE 5349/7349

• Ensure the use of the best security

SMU CSE 5349/7349

SMU CSE 5349/7349