UNI

T-4

NETWORKSECURI
TYPROTOCOL

Networksecurit
yprot
ocolsareatypenetworkprotocolt
hatensuresthesecuri
tyandintegr
it
yof
dataintr
ansitoveranet
wor kconnect
ion.Net
wor ksecur
itypr
otocolsdefi
netheprocessesand
methodologytosecurenetworkdataf
rom anyil
l
egi t
imateatt
empttor ev
ieworextractt
he
content
sofdat a
Networksecurit
yprot
ocolsarepr
imari
l
ydesignedt
oprev
entanyunauthor
izeduser,
appli
cati
on,
ser
viceordevicefr
om accessi
ngnetworkdat
a.Thi
sappl
iest
ovir
tual
lyall
datatypesregar
dless
oft
henetwor kmedium used.

Networ ksecuri
typr
otocolsgener al
l
yimpl ementcry ptogr
aphyandencr ypt
iont echni
questo
securethedatasot hatitcanonlybedecr ypt
edwithaspecialal
gor i
thm, l
ogicalkey,
mathemat ical
formulaand/ oracombi nationofallofthem.Someoft hepopularnetwork
securit
yprotocolsi
ncludeSecur eFil
eTr ansferPr
ot ocol(
SFTP),SecureHy pert
extTransfer
Protocol(HTTPS)andSecur eSocketLay er(SSL)
.

Secur
eSocketLay
er(
SSL)
Secur
eSocketLay
er(
SSL)pr
ovi
desecur
it
ytot
hedat
athati
str
ansf
err
edbet
weenweb
br
owserandser
ver
.SSLencr
yptt
hel
i
nkbet
weenawebser
verandabr
owserwhi
ch
ensur
est
hatal
ldat
apassedbet
weent
hem r
emai
npr
ivat
eandf
reef
rom at
tack.
Secur
eSocketLay
erPr
otocol
s:
 SSLr
ecor
dpr
otocol
 Handshakepr
otocol
 Change-
cipherspecpr
otocol
 Al
ertpr
otocol
 SSLPr
otocolSt
ack:
SSLRecor
dPr
otocol
:
SSLRecor
dpr
ovi
det
woser
vicest
oSSLconnect
ion.
 Conf
ident
ial
i
ty
 MessageI
nteger
it
y
I
nSSLRecor
dPr
otocol
appl
i
cat
iondat
aisdi
vi
dedi
ntof
ragment
s.Thef
ragmenti
s
compr
essedandt
henencr
ypt
edMAC(
MessageAut
hent
icat
ionCode)gener
atedby
al
gor
it
hmsl
i
keSHA(
Secur
eHashPr
otocol
)andMD5(
MessageDi
gest
)isappended.
Af
tert
hatencr
ypt
ionoft
hedat
aisdoneandi
nlastSSLheaderi
sappendedt
othedat
a.
HandshakePr
otocol
:
HandshakePr
otocol
isusedt
oest
abl
i
shsessi
ons.Thi
spr
otocol
all
owcl
i
entandser
ver
t
oaut
hent
icat
eeachot
herbysendi
ngaser
iesofmessagest
oeachot
her
.Handshake
pr
otocol
usesf
ourphasest
ocompl
etei
tscy
cle.
 Phase-
1:I
nPhase-
1bot
hCl
i
entandSer
versendhel
l
o-packet
stoeachot
her
.In
t
hisI
Psessi
on,
ciphersui
teandpr
otocol
ver
sionar
eexchangedf
orsecur
it
y
pur
pose.
 Phase-
2:Ser
versendhi
scer
ti
fi
cat
eandSer
ver
-key
-exchange.Ser
verendt
he
phase-
2bysendi
ngSer
ver
-hel
l
o-endpacket
.
 Phase-
3:I
nthi
sphaseCl
i
entr
epl
ytot
heser
verbysendi
nghi
scer
ti
fi
cat
eand
Cl
i
ent
-exchange-
key
.
 Phase-
4:I
nPhase-
4Change-
ciphersui
teoccur
redandaf
tert
hisHandshake
Pr
otocol
ends.
Change-
cipherPr
otocol
:
Thi
spr
otocol
usesSSLr
ecor
dpr
otocol
.Unl
essHandshakePr
otocol
iscompl
eted,
the
SSLr
ecor
dOut
putwi
l
lbei
npendi
ngst
ate.Af
terhandshakepr
otocol
thePendi
ngst
ate
i
sconv
ert
edi
ntoCur
rentst
ate.
Change-
cipherpr
otocol
consi
stsofsi
ngl
emessagewhi
chi
s1by
tei
nlengt
handcan
hav
eonl
yonev
alue.Thi
spr
otocol
pur
posei
stocauset
hependi
ngst
atet
obecopi
ed
i
ntocur
rentst
ate.

Al
ertPr
otocol
:
Thi
spr
otocol
isusedt
oconv
eySSL-
rel
atedal
ert
stot
hepeerent
it
y.Eachmessagei
n
t
hispr
otocol
cont
ain2by
tes.

Lev
eli
sfur
thercl
assi
fi
edi
ntot
wopar
ts:

 War
ning:
Thi
sAl
erthav
enoi
mpactont
heconnect
ionbet
weensenderandr
ecei
ver
.
 Fat
alEr
ror
:
Thi
sAl
ertbr
eakst
heconnect
ionbet
weensenderandr
ecei
ver
.
Si
lentFeat
uresofSecur
eSocketLay
er:
  Advant
ageoft
hisappr
oachi
sthatt
heser
vicecanbet
ail
oredt
othespeci
fi
cneeds
oft
hegi
venappl
i
cat
ion.
 Secur
eSocketLay
erwasor
igi
nat
edbyNet
scape.
 SSLi
sdesi
gnedt
omakeuseofTCPt
opr
ovi
der
eli
abl
eend-
to-
endsecur
eser
vice.
 Thi
sist
wo-
lay
eredpr
otocol

SHTP:
Secur
eHy
per
textTr
ansf
erPr
otocol(
S-HTTP)i
sanobsol
eteal
ter
nat
ivet
otheHTTPSpr
otocol
for
encr
ypt
ingwebcommuni
cat
ionscar
ri
edov
erHTTP.I
twasdev
elopedbyEr
icRescor
laandAl
l
anM.
Schi
ff
man,
andpubl
i
shedi
n1999asRFC2660.

Webbr
owser
sty
pical
l
yuseHTTPt
ocommuni
cat
ewi
thwebser
ver
s,sendi
ngandr
ecei
vi
ng
i
nfor
mat
ionwi
thoutencr
ypt
ingi
t.Forsensi
ti
vet
ransact
ions,
suchasI
nter
nete-
commer
ceoronl
i
ne
accesst
ofi
nanci
alaccount
s,t
hebr
owserandser
vermustencr
yptt
hisi
nfor
mat
ion.HTTPSandS-
HTTPwer
ebot
hdef
inedi
nthemi
d-1990st
oaddr
esst
hisneed.S-
HTTPwasusedbySpy
glass'
sweb
ser
ver
,[
1]
whi
l
eNet
scapeandMi
crosof
tsuppor
tedHTTPSr
athert
hanS-
HTTP,
leadi
ngt
oHTTPS
becomi hedef
ngt act
ost
andar
dmechani
sm f
orsecur
ingwebcommuni
cat
ions.

Secur
eEl
ect
roni
cTr
ansact
ion(
SET)Pr
otocol
Secur
eEl
ect
roni
cTr
ansact
ionorSETi
sasy
stem whi
chensur
essecur
it
yandi
ntegr
it
y
ofel
ect
roni
ctr
ansact
ionsdoneusi
ngcr
edi
tcar
dsi
nascenar
io.SETi
snotsome
sy
stem t
hatenabl
espay
mentbuti
tisasecur
it
ypr
otocol
appl
i
edont
hosepay
ment
s.I
t
usesdi
ff
erentencr
ypt
ionandhashi
ngt
echni
quest
osecur
epay
ment
sov
eri
nter
net
donet
hroughcr
edi
tcar
ds.SETpr
otocol
wassuppor
tedi
ndev
elopmentbymaj
or
or
gani
zat
ionsl
i
keVi
sa,
Mast
ercar
d,Mi
crosof
twhi
chpr
ovi
dedi
tsSecur
eTr
ansact
ion
Technol
ogy(
STT)andNet
Scapewhi
chpr
ovi
dedt
echnol
ogyofSecur
eSocketLay
er
(
SSL)
.
SETpr
otocol
rest
ri
ctsr
eveal
i
ngofcr
edi
tcar
ddet
ail
stomer
chant
sthuskeepi
ng
hacker
sandt
hiev
esatbay
.SETpr
otocol
incl
udesCer
ti
fi
cat
ionAut
hor
it
iesf
ormaki
ng
useofst
andar
dDi
git
alCer
ti
fi
cat
esl
i
keX.
509Cer
ti
fi
cat
e.

Bef
oredi
scussi
ngSETf
urt
her
,let
’sseeagener
alscenar
ioofel
ect
roni
ctr
ansact
ion,
whi
chi
ncl
udescl
i
ent
,pay
mentgat
eway
,cl
i
entf
inanci
ali
nst
it
uti
on,
mer
chantand
mer
chantf
inanci
ali
nst
it
uti
on.

Requi
rement
sinSET:
SETpr
otocol
hassomer
equi
rement
stomeet
,someoft
hei
mpor
tantr
equi
rement
sar
e:
 I
thast
opr
ovi
demut
ual
aut
hent
icat
ioni
.e.
,cust
omer(
orcar
dhol
der
)aut
hent
icat
ionby
conf
ir
mingi
fthecust
omeri
sint
endeduserornotandmer
chantaut
hent
icat
ion.
 I
thast
okeept
hePI(
Pay
mentI
nfor
mat
ion)andOI(
OrderI
nfor
mat
ion)conf
ident
ial
by
appr
opr
iat
eencr
ypt
ions.
 I
thast
ober
esi
sti
veagai
nstmessagemodi
fi
cat
ionsi
.e.
,nochangesshoul
dbeal
l
owedi
n
t
hecont
entbei
ngt
ransmi
tt
ed.
 SETal
soneedst
opr
ovi
dei
nter
oper
abi
l
ityandmakeuseofbestsecur
it
ymechani
sms.
Par
ti
cipant
sinSET:
I
nthegener
alscenar
ioofonl
i
net
ransact
ion,
SETi
ncl
udessi
mil
arpar
ti
cipant
s:
1.Car
dhol
der–cust
omer
2.I
ssuer–cust
omeR
 3.
4.Acqui
rer–Mer
chantf
inanci
al
5.Cer
ti
fi
cat
eaut
hor
it
y–Aut
hor
it
ywhi
chf
oll
owscer
tai
nst
andar
dsandi
ssues
cer
ti
fi
cat
es(
li
keX.
509V3)t
oal
lot
herpar
ti
cipant
s.

SETf
unct
ional
i
ties:

o Pr
ovi
deAut
hent
icat
ion
 Mer
chantAut
hent
icat
ion–Topr
eventt
hef
t,SETal
l
owscust
omer
stocheck
pr
evi
ousr
elat
ionshi
psbet
weenmer
chantandf
inanci
ali
nst
it
uti
on.St
andar
dX.
509V3
cer
ti
fi
cat
esar
eusedf
ort
hisv
eri
fi
cat
ion.
 Cust
omer/Car
dhol
derAut
hent
icat
ion–SETchecksi
fuseofcr
edi
tcar
disdoneby
anaut
hor
izeduserornotusi
ngX.
509V3cer
ti
fi
cat
es.
o Pr
ovi
deMessageConf
ident
ial
it
y:Conf
ident
ial
i
tyr
efer
stopr
event
inguni
ntendedpeopl
e
f
rom r
eadi
ngt
hemessagebei
ngt
ransf
err
ed.SETi
mpl
ement
sconf
ident
ial
i
tybyusi
ng
encr
ypt
iont
echni
ques.Tr
adi
ti
onal
l
yDESi
susedf
orencr
ypt
ionpur
pose.
o Pr
ovi
deMessageI
ntegr
it
y:SETdoesn’
tal
l
owmessagemodi
fi
cat
ionwi
tht
hehel
pof
si
gnat
ures.Messagesar
epr
otect
edagai
nstunaut
hor
izedmodi
fi
cat
ionusi
ngRSAdi
git
al
si
gnat
ureswi
thSHA-
1andsomeusi
ngHMACwi
thSHA-
1,
DualSi
gnat
ure:
Thedual
signat
urei
saconcepti
ntr
oducedwi
thSET,
whi
chai
msatconnect
ingt
wo
i
nfor
mat
ionpi
ecesmeantf
ort
wodi
ff
erentr
ecei
ver
s:
Or
derI
nfor
mat
ion(
OI)f
ormer
chant
Pay
mentI
nfor
mat
ion(
PI)f
orbank
Youmi
ghtt
hinksendi
ngt
hem separ
atel
yisaneasyandmor
esecur
eway
,butsendi
ng
t
hem i
naconnect
edf
ormr
esol
vesanyf
utur
edi
sput
epossi
ble.Her
eist
hegener
ati
on
ofdual
signat
ure:
Wher
e,

PIst
andsf
orpay
menti
nfor
mat
ion

OIst
andsf
oror
deri
nfor
mat
ion

PI
MDst
andsf
orPay
mentI
nfor
mat
ionMessageDi
gest

OI
MDst
andsf
orOr
derI
nfor
mat
ionMessageDi
gest

POMDst
andsf
orPay
mentOr
derMessageDi
gest

Hst
andsf
orHashi
ng

Est
andsf
orpubl
i
ckeyencr
ypt
ion

KPci
scust
omer
'spr
ivat
ekey

|
|st
andsf
orappendoper
ati
on

Dual
signat
ure,
DS=E(
KPc,
[H(
H(PI
)|
|H(
OI)
)]
)

Pur
chaseRequestGener
ati
on:

Thepr
ocessofpur
chaser
equestgener
ati
onr
equi
rest
hreei
nput
s:

 PaymentI
nfor
mat
ion(
PI)
 DualSi
gnat
ure
 Or
derI
nfor
mat
ionMessageDi
gest(
OIMD)
Thepur
chaser
equesti
sgener
atedasf
oll
ows:
Her
e,

PI
,OI
MD,
OIal
lhav
ethesamemeani
ngsasbef
ore.

Thenewt
hingsar
e:

EPwhi
chi
ssy
mmet
ri
ckeyencr
ypt
ion

Ksi
sat
empor
arysy
mmet
ri
ckey

KUbanki
spubl
i
ckeyofbank

CAi
sCar
dhol
derorcust
omerCer
ti
fi
cat
e

Di
git
alEnv
elope=E(
KUbank,
Ks)

 
Pur
chaseRequestVal
idat
iononMer
chantSi
de:
TheMer
chantv
eri
fi
esbycompar
ingPOMDgener
atedt
hroughPI
MDhashi
ngwi
th
POMDgener
atedt
hroughdecr
ypt
ionofDual
Signat
ureasf
oll
ows:
Si
nceweusedCust
omerpr
ivat
ekeyi
nencr
ypt
ionher
eweuseKUcwhi
chi
spubl
i
ckey
ofcust
omerorcar
dhol
derf
ordecr
ypt
ion‘
D’.

3DSecur
epr
otocol
:

3DSecure(3-
domai nstr
uct ure)
,alsoknownasapay erauthent
icati
on,isasecurit
yprotocol
that
hel
pstopreventfr
audinonl inecreditanddebi
tcar
dt r
ansacti
ons.Thisaddit
ionalsecuri
tywas
i
nit
iat
edandcr eat
edbyVi saandMast erCar
dandit
’sbrandedas‘ Veri
fi
edbyVi sa’and
‘
MasterCar
dSecur eCode’respectivel
y.

Thepay eraut
henti
cationi
sathr
ee-
par
tprocess,
sotherear
ethreepart
iesi
nvol
vedinthe
process:thei
ssuer(suchasVi
saorMast
erCard)
,theacqui
rer
,andthei
nter
operabi
l
itydomai
n
(suchaspay mentsystem).

Wor
kingof3DSecur
ePr
otocol
:

Whenamerchant
,hav
e3DSecureenabl
edonawebsit
eandthecust
omerusest
hecar
dthati
s
enr
oll
edi
nthe3DSecurepr
ogr
am thepr
ocessl
ooksasfol
l
ows:

Thecust
omerent
erst
hei
rcr
edi
tordebi
tcar
dinf
ormat
ioni
nthepay
mentf
orm
Securi
onPaycont
act
sadi
rect
oryser
verandget
sthemessaget
hatt
hecar
disr
egi
ster
edi
nthe
progr
am

Thecust
omerseesthe3DSecur
epagewhent
heyneedt
oaut
hent
icat
ethemsel
vest
othe
i
ssui
ngbankbyenteri
ngt
hepasswor
doraoneti
mePIN

Theresul
toft
he3DSecureaut
hent
icat
iongoest
oSecur
ionPayandt
henwesubmi
ttr
ansact
ion
det
ail
stotheacqui
ri
ngbank

Thet
ransact
ioni
saut
hor
izedbyt
heacqui
rer

Thecust
omercanseet
her
esponseaboutwhet
hert
het
ransact
ioni
ssuccessf
ulorf
ail
ed

Adv
ant
agesof3DSecur
e:

Oneoftheadvant
agesof3DSecur eisthati
treducesfr
aud.I
tal
somakesshopping/commer
ce
saf
eronli
ne,
nouri
shesbrandloyal
ty,i
tiseasytouse,cust
omerconf
idencei
mproveson
websi
tesandther
efor
eincreasesspendingonli
ne.

Di
sadv
ant
agesof3DSecur
e:

3DSecur ehascert
ainli
mit
ations:f
ir
st,
notallcar
dsar
ecurrent
lyparti
cipat
ingi
ntheprogr
am
authent
icat
ionpayerschemeandsecondly,i
tdoesnotrest
ri
ctchargebackstohappenbut
reducesthecostoffr
audulentchar
gebacks.

El
ect
roni
cMoney
:

Electr
onicmoneyr eferstomoneyt hatexist
si nbanki ngcomputersyst
emst hatmaybeusedto
facil
it
ateelectr
onictransact
ions.Alt
houghitsv alueisbackedbyfiatcurr
encyandmay,
therefor
e,beexchangedi ntoaphy si
cal
,tangiblef or
m, el
ectr
oni
cmoneyi sprimari
l
yusedfor
electr
onictransact
ionsduet othesheerconv enienceoft hi
smethodology.

Keyt
akenaway
:

*
Elect
roni
cmoneyi
scur
rencyt
hati
sst
oredi
nbanki
ngcomput
ersy
stems.

*
Elect
roni
cmoneyi
sbackedbyf
iatcur
rency
,whi
chdi
sti
ngui
shesi
tfr
om cr
ypt
ocur
rency
.

*Var
iouscompani
esal
l
owf
ort
ransact
ionst
obemadewi
thel
ect
roni
cmoney
,suchasSquar
e
orPayPal
.

*
Thepr
eval
enceofel
ect
roni
cmoneyhasl
edt
othedi
mini
shi
nguseofphy
sical
cur
rency
.

*Al
thoughel
ect
roni
cmoneyisoftenconsi
der
edsaf
erandmor
etr
anspar
entt
hanphy
sical
cur
rency,
iti
snotwit
houti
tsr
isks.

Wor
kingofEl
ect
roni
cMoney:

Electr
onicmoneyisusedf ortr
ansacti
onsonaglobalbasi
s.Whil
eitmaybeexchangedforf
iat
currency(whi
ch,i
ncident
ally
,dist
ingui
shesi
tfr
om cry
ptocurr
enci
es),el
ect
roni
cmoneyismost
commonl yuti
li
zedthroughelectr
onicbanki
ngsyst
emsandmoni tor
edthroughel
ect
roni
c
processing.Becauseamerefr
acti
onofthecurr
encyisut
il
izedi
nphysicalf
orm,
thev
ast
percentageofitishousedi
nbankvaul
tsandisbackedbycentr
albanks.

Forthisreason,apri
mar yfuncti
onoftheU.S.Feder
alReser
veandit
s12support
ingbanksist
o
managet hef i
atcur
rencyinphy si
calf
orm andcontr
olthemoneysuppl
ythr
oughmonetary
pol
iciesandopenmar ketoperati
ons.

Becauseofthet
ranspar
encythati
sinherentt
oelectr
onicmoney,manyhavespecul
atedt
hat
thei
ncreaseofi
tsusecoul
dleadtoasi gni
fi
cantdecreasei
ninf
lat
ionr
isk.

Emai
lsecur
it
y:

Emailsecurit
ydescr i
besdiff
erenttechniquesforkeepingsensiti
veinformationi
nemai l
communi cati
onandaccount ssecureagainstunauthorizedaccess,lossorcompr omise.Email
i
sof t
enusedt ospr eadmalwar e,spam andphishingattacks.Att
acker susedeceptiv
e
messagest oent i
cereci
pientstopar twi
thsensiti
veinformation,openattachmentsorcl i
ckon
hyperl
inksthatinst
allmalwareont hev i
cti
m’sdev i
ce.Emai li
salsoacommonent rypointfor
att
ackerslookingtogainaf ootholdinanenterpri
senet workandobt ainval
uablecompanydat a.

Email
encrypt
ioni
nvolv
esencrypt
ing,ordisguisi
ng,t
hecont
entofemai
lmessagestopr otect
pot
enti
all
ysensi
ti
veinf
ormati
onfrom beingr eadbyany
oneothert
hani
ntendedreci
pients.
Email
encrypt
ionoft
enincl
udesauthenti
cation.

HowSecur
eIsEmai
l
:

Emailwasdesi gnedtobeasopenandaccessi bl
easpossi ble.Ital
lowspeopl einorganizations
tocommuni catewitheachot herandwit
hpeopl einotherorganizati
ons.Thepr oblem isthat
emailisnotsecure.Thisall
owsat t
acker
stouseemai lasawayt ocausepr oblemsi nattempt
toprofi
t.Whetherthroughspam campaigns,mal wareandphi shingattacks,sophi
sticat
ed
tar
getedattacks,orbusinessemailcompromise( BEC),at
tackerstrytot akeadvantageoft he
l
ackofsecur i
tyofemai ltocarr
youtthei
racti
ons.Si ncemostor ganizati
onsr el
yonemai lt
odo
busi
ness,
att
acker
sexpl
oitemai
li
nanat
temptt
ost
eal
sensi
ti
vei
nfor
mat
ion.

Becauseemai li
sanopenf ormat,i
tcanbev i
ewedbyany onewhocaninter
ceptit
.Thisbecame
ani ssueasorgani
zati
onsbegansendingconfident
ialorsensit
ivei
nfor
mati
onthroughemai l
.An
attackercoul
deasil
yreadthecontentsofanemai l
byi nt
ercepti
ngit
.Overt
heyears,
organizati
onshavebeenincr
easingemailsecuri
tymeasur estomakeithar
derforatt
ackersto
gett hei
rhandsonsensit
iveorconfi
denti
ali
nformation.

Emai
lSecur
it
yPol
i
cies:

Becauseemail
issocri
ti
cali
ntoday
’sbusinessworld,or
ganizati
onshaveest
abl
ishedpoli
ces
aroundhowtohandl
ethisi
nfor
mati
onf l
ow.* Oneofthefi
rstpoli
ciesmostor
ganizat
ions
establ
ishi
sar
oundviewi
ngthecontent
sofemai lsf
lowingthroughthei
remai
lserver
s.

*
Thei
mpor
tantt
ounder
standwhati
sint
heent
ir
eemai
li
nor
dert
oactappr
opr
iat
ely
.

Aft
erthesebaseli
nepoli
ciesar
eputi
ntoef
fect
,anor
gani
zat
ioncanenactv
ari
oussecur
it
y
pol
ici
esontheiremail
s.

Wi
rel
essAppl
i
cat
ionPr
otocol
:

WAPst andsforWir el
essApplicati
onProtocol.Iti
sapr otocol desi
gnedformicro-
browsersand
i
tenablest heaccessofi nter
netinthemobi l
edev ices.Itusest hemark-
uplanguageWML
(Wirel
essMar kupLanguageandnotHTML) ,WMLi sdefinedasXML1. 0appli
cati
on.I
tenables
creati
ngwebappl icationsformobi l
edevi
ces.I n1998, WAPFor um wasfoundedbyEricson,
Mot or
ola,NokiaandUnwi r
edPl anetwhoseaim wast ost andardi
zethevari
ouswirel
ess
technologiesvi
apr otocol
s.

WAPprotocolwasresul
tedbyt
hejoi
nteff
ort
soft
hevar
iousmembersofWAPFor
um.In2002,
WAPforum wasmer gedwit
hvar
iousot
herfor
umsoft
heindust
ryr
esul
ti
ngi
nthef
ormati
onof
OpenMobileAl
li
ance(OMA).

WAPModel
:

Theuseropensthemini
-browseri
namobil
edevi
ce.Heselect
sawebsi
tet
hathewantst
ovi
ew.
Themobiledevi
cesendstheURLencodedr
equestvi
anetworktoaWAPgatewayusi
ngWAP
prot
ocol
.
TheWAPgat ewayt ransl
atesthisWAPr equestint
oaconv ent
ionalHTTPURLr equestand
sendsitovertheinternet
.Ther equestr
eachest oaspecif
iedWebser v
eranditprocessesthe
requestj
ustasi twouldhav eprocessedanyotherrequestandsendstheresponsebacktot he
mobiledevicethroughWAPgat ewayinWMLf il
ewhichcanbeseeni nthemicro-br
owser.

WAPPr
otocol
stack:

Appl
i
cat
ionLay
er:

Thisl
ayercont
ainst
heWirel
essAppl
i
cati
onEnvi
ronment(
WAE) .I
tcont
ainsmobi
l
edev
ice
speci
fi
cati
onsandcont
entdevel
opmentpr
ogr
ammi ngl
anguagesli
keWML.

Sessi
onLay
er:

Thi
slayercont
ainsWi
rel
essSessi
onPr
otocol
(WSP)
.Itpr
ovi
desf
astconnect
ionsuspensi
on
andreconnect
ion.

Tr
ansact
ionLay
er:

Thislayercont
ainsWi
rel
essTr
ansact
ionProt
ocol(
WTP).Itrunsont
opofUDP(
UserDat
agr
am
Protocol)andi
sapartofTCP/
IPandoffer
str
ansact
ionsupport
.

Secur
it
yLay
er:

Thi
slay
ercontai
nsWir
elessTr
ansact
ionLay
erSecur
it
y(WTLS)
.Itof
fer
sdat
aint
egr
it
y,pr
ivacy
andaut
hent
icati
on.

Tr
anspor
tLay
er:

Thi
slay
ercont
ainsWi r
elessDatagr
am Pr
otocol
.Itpr
esent
sconsi
stentdat
afor
matt
ohi
gher
l
ayer
sofWAPpr otocolstack.
Secur
it
yinGSM:

TheGl obalSyst
em forMobi l
eCommuni cati
onorGSM i sawirelesscommuni cationt hatuses
digi
taltechnol
ogyandiswi delydepl
oyedacrosst heglobeformobi lecommuni cations, suchas
mobi l
ephones.Thistechnologyutil
i
zesmicrowav es,andit
ssi gnaltransmissionisdi videdby
ti
me, most l
yknownasTi meDi vi
sionMult
ipleAccess( TDMA) .Inthisarti
cle,Iwil
l bediscussing
themet hodthatcoul
dbeusedt oseethetraffi
conaGSM net wor kandhowanat tackercoul d
abuset heGSM network.
Mobi l
ecommuni cationtechnologywasal readydev elopedandwi del
y
usedint heearl
y1980s

GSM start
edit
scommer cialoperat
ionatthebegi
nningofthelastquart
erof1992becauseGSM
i
sacompl extechnologyandneededmor eassessmenttobeusedasst andar
dprotocol
.In
September1992,ty
peappr ovalst
andardsformobi
leagreedtoconsiderandincor
poratedozens
oftesti
temsforGSM pr oduction.

I
nEurope,GSM wasorigi
nal
l
ydesignedtooperat
eatthefr
equencyof900MHz.Inthi
s
fr
equency
,theupl
inksusefr
equenci
esbetween890MHzt o915MHz, andfr
equencybet
ween
935MHzt o960MHzi susedfordownli
nks.Thebandwi
dthusedis25MHz, wi
thachannel
widt
hof200kHz.

GSM Net
wor
kAr
chi
tect
ure:

Ty
pical
GSM net
wor
kar
chi
tect
urei
sdi
vi
dedi
nto3par
ts:

Mobi
l
eSt
ati
on(
MS)

BaseSt
ati
onSub-
syst
em (
BSS)

Net
wor
kSub-
syst
em (
NSS)

Andal
lel
ement
soft
henet
wor
katt
het
opf
orm aPLMN(
Publ
i
cLandMobi
l
eNet
wor
k).

Mobil
eStat
ionorMSi
sadev
iceusedbyt
hecust
omerf
ormaki
ngphonecal
l
s.Thi
sdev
ice
consi
stsof
:
Mobil
eEquipment(ME)ort hehandset(UM)isaGSM dev i
cet
hatisl
ocatedontheuser
’sor
cust
omer’sendthatservesasaterminalt
ranscei
ver(
transmi
tt
erandrecei
ver
)tocommunicat
e
wit
hotherGSM devices.

Subscri
berIdenti
tyModul
e(SIM)orSIM car
disacardt
hatcont
ainsal
lcustomeri
nfor
mati
on
andsomei nformati
onaboutser
vices.MEcan’
tbeusedwit
houtSIMini
t,exceptf
oremer
gency
cal
ls.Thedatastoredi
ntheSIMingeneralar
e:

I
nter
nat
ional
Mobi
l
eSubscr
iberI
dent
it
y(I
MSI
).

Mobi
l
eSubscr
iberI
SDN(
MSI
SDN)
.

Encr
ypt
ionmechani
sm.

BaseSt
ati
onSy
stem orBSSconsi
stsof
:

BaseTranscei
verSt
ati
on(
BTS)i
saGSM dev
icet
hati
sdi
rect
lyr
elat
edt
oMSandser
vesast
he
senderandrecei
ver
.

BaseSt
ati
onCont
rol
l
er(
BSC)i
sacont
rol
l
erdev
icef
orbasest
ati
onsl
ocat
edbet
weent
heBTS
andMSC.

NETWORKSECURI
TY

Br
iefi
ntr
oduct
iont
oTCP/
IP:

TCP/ I
PmeansTr ansmissi
onCont r
ol Prot
ocolandInternetProt
ocol
.Iti
sthenetwor
kmodel
usedinthecurr
entInt
ernetarchi
tectureaswell.Pr
otocolsaresetofrul
eswhichgover
never
y
possibl
ecommuni cat
ionoveranet work.Theseprotocolsdescr
ibethemovementofdata
betweenthesourceanddesti
nationort heint
ernet
.Theyal sooff
ersimpl
enamingand
addressi
ngschemes.

Di
agr
am Repr
esent
ati
onofTCP/
IPModel
:
Pr
otocol
sandnet
wor
ksi
ntheTCP/
IPmodel
:

Ov
erv
iewofTCP/
IPr
efer
encemodel

TCP/IPthati
sTr
ansmi ssi
onControlProtocol
andInter
netProtocolwasdev
elopedby
Depart
mentofDefence'sProj
ectResearchAgency(ARPA,laterDARPA)asapartofaresear
ch
pr
ojectofnet
workint
erconnecti
ontoconnectr emot
emachi nes.

Thefeat
uresthatst
oodoutdur
ingt
her
esear
ch,
whi
chl
edt
omaki
ngt
heTCP/
IPr
efer
ence
modelwere:

*
Suppor
tforaf
lexi
blear
chi
tect
ure.Addi
ngmor
emachi
nest
oanet
wor
kwaseasy
.

*
Thenetwor
kwasrobust
,andconnect
ionsr
emai
nedi
ntactunt
il
lthesour
ceanddest
inat
ion
machi
nesweref
unct
ioni
ng.

Theover
alli
deawastoal
lowoneappli
cat
ionononecomput
ert
otal
kto(
senddat
apacket
s)
anot
herappl
icat
ionr
unni
ngondif
fer
entcomputer
.
Di
ff
erentLay
ersofTCP/
IPRef
erenceModel
:

Bel
owwehav
edi
scussedt
he4l
ayer
sthatf
ormt
heTCP/
IPr
efer
encemodel
:

Lay
er1:
Host
-t
o-net
wor
kLay
er

1.
Lowestl
ayeroft
heal
l
.

2.
Prot
ocol
isusedt
oconnectt
othehost
,sot
hatt
hepacket
scanbesentov
eri
t.

3.
Var
iesf
rom hostt
ohostandnet
wor
ktonet
wor
k.

Lay
er2:
Int
ernetl
ayer

1.
Select
ionofapacketswit
chingnet
wor
kwhi
chi
sbasedonaconnect
ionl
essi
nter
net
wor
k
l
ayeriscal
ledai
nternetl
ayer
.

2.
Iti
sthel
ayerwhi
chhol
dst
hewhol
ear
chi
tect
uret
oget
her
.

3.
Ithel
pst
hepackett
otr
avel
independent
lyt
othedest
inat
ion.

4.
Orderi
nwhi
chpacket
sar
erecei
vedi
sdi
ff
erentf
rom t
hewayt
heyar
esent
.

5.
IP(
Int
ernetPr
otocol
)isusedi
nthi
slay
er.

6.
Thev
ari
ousf
unct
ionsper
for
medbyt
heI
nter
netLay
erar
e:

●Del
i
ver
ingI
Ppacket
s

●Per
for
mingr
out
ing

●Av
oidi
ngcongest
ion

Lay
er3:
Transpor
tLay
er

1.
Itdeci
desi
fdat
atr
ansmi
ssi
onshoul
dbeonpar
all
elpat
horsi
ngl
epat
h.

2.
Funct
ionssuchasmul
ti
plexi
ng,
segment
ingorspl
i
tti
ngont
hedat
aisdonebyt
ranspor
tlay
er.

3.
Theappl
i
cat
ionscanr
eadandwr
it
etot
het
ranspor
tlay
er.

4.
Transpor
tlay
eraddsheaderi
nfor
mat
iont
othedat
a.

5.
Transpor
tlayerbr
eaksthemessage(
dat
a)i
ntosmal
luni
tssot
hatt
heyar
ehandl
edmor
e
ef
fi
cient
lybythenetwor
klayer
.

6.
Transpor
tlay
eral
soar
ranget
hepacket
stobesent
,insequence.

Lay
er4:
Appl
i
cat
ionLay
er

TheTCP/I
Pspecifi
cat
ionsdescr
ibedalotofappli
cat
ionst
hatwer
eatt
het
opoft
hepr
otocol
st
ack.Someofthem wereTELNET,FTP,SMTP, DNSetc.
1.TELNETi
sat wo-waycommuni
cat
ionpr
otocol
whi
chal
l
owsconnect
ingt
oar
emot
emachi
ne
andrunappl
icat
ionsonit
.

2.FTP(
Fil
eTr
ansferProt
ocol)i
sapr ot
ocol,t
hatal
l
owsFilet
ransf
eramongstcomput
eruser
s
connect
edoveranetwork.I
tisrel
i
able,si
mpleandef
fi
cient
.

3.
SMTP(Si
mpleMailTr
ansportProtocol
)isaprot
ocol,
whi
chi
susedt
otr
anspor
tel
ect
roni
cmai
l
bet
weenasourceanddest
inati
on,dir
ectedvi
aaroute.

4.
DNS(
Domai
nNameSer
ver
)resol
vesanI
Paddr
essi
ntoat
ext
ual
addr
essf
orHost
sconnect
ed
ov
eranet
wor
k.

5.
Ital
l
owspeerent
it
iest
ocar
ryconv
ersat
ion.

6.
Itdef
inest
woend-
to-
endpr
otocol
s:TCPandUDP

◆TCP(Tr
ansmissionCont
rolPr
otocol
):I
tisarel
i
abl
econnecti
on-
ori
ent
edprot
ocol
whi
ch
handl
esbyt
e-st
ream fr
om sour
cetodesti
nati
onwit
houter
rorandfl
owcont
rol
.

◆UDP(User
-Dat
agr
am Pr
otocol
):I
tisanunreli
ableconnecti
on-l
essprotocolt
hatdonotwant
TCPs,
sequenci
ngandfl
owcontrol
.Eg:One-shotrequest
-r
eplykindofservi
ce.

Mer
it
sofTCP/
IPmodel
:

1.
Itoper
atedi
ndependent
ly.

2.
Iti
sscal
abl
e.

3.
Cli
ent
/ser
verar
chi
tect
ure.

4.
Suppor
tsanumberofr
out
ingpr
otocol
s.

5.
Canbeusedt
oest
abl
i
shaconnect
ionbet
weent
wocomput
ers.

Demer
it
sofTCP/
IP:

1.
Int
his,
thet
ranspor
tlay
erdoesnotguar
ant
eedel
i
ver
yofpacket
s.

2.
Themodel
cannotbeusedi
nanyot
herappl
i
cat
ion.

3.
Repl
aci
ngpr
otocol
isnoteasy
.

4.
Ithasnotcl
ear
lysepar
atedi
tsser
vices,
int
erf
acesandpr
otocol
s.

Fi
rewal
l
s:

Fir
ewall
scanbeei t
herhardwar
eorsoftwarebutt
hei dealconfigur
ati
onwi l
lconsi
stofboth.I
n
addit
iont
olimit
ingaccesstoyourcomputerandnetwork,af i
rewalli
salsouseful
foral
lowing
remoteaccesstoaprivat
enetworkthr
oughsecureauthenticati
oncerti
fi
catesandlogi
ns.
Hardwarefi
rewall
scanbepur chasedasast and-aloneproductbutaretypicall
yfoundin
broadbandr
outers,andshouldbeconsideredani mportantpartofyoursystem securi
tyand
networkset
-up.Mosthardwarefir
ewall
swi ll
hav eami ni
mum off ournetwor kport
stoconnect
othercomputer
s,butforl
argernetwor
ks, abusinessnetworkingfir
ewallsoluti
onisavail
abl
e.

Softwar
ef i
rewall
sareinst
all
edonyourcomput er
,li
keanysof
twareprogr
am, andyoucan
customizeit;
all
owingyousomecont r
oloverit
sfuncti
onandprot
ecti
onfeatures.Asof
twar
e
fi
rewall
willprot
ectyourcomputerf
rom outsi
deattemptst
ocontr
olorgainaccessyour
computer.

Fi
rewallsmayalsobeacomponentofyourcomputer'
soperat
ingsystem.Forexample,
WindowsFirewall
isaMicr
osof
tWi ndowsappl
icat
ionthatnot
ifi
esusersofanysuspici
ous
act
ivi
ty.Theappcandet
ectandblockvir
uses,
worms, andhackersf
rom harmfulact
ivi
ty.

Fi
rewal
lFi
l
ter
ingTechni
ques:

Fi
rewall
sar
eusedtoprot
ectbothhomeandcorporat
enetworks.Atypi
calfi
rewal
lpr
ogram or
hardwar
edevi
cef
il
ter
salli
nfor
mationcomi
ngthroughtheInt
ernett
oy ournetwor
korcomputer
system.

f
ir
ewal
li
con

Ther
earesev
eralt
ypesoff
ir
ewal
ltechni
quest
hatwi
l
lpr
eventpot
ent
ial
l
yhar
mful
inf
ormat
ion
fr
om get
ti
ngthr
ough:

●PacketFi
l
ter
:Looksateachpacketenter
ingorleavi
ngthenetwor
kandacceptsorr
ejectsi
t
basedonuser-
defi
nedrul
es.Packetfi
l
teri
ngisfair
lyef
fect
iveandt
ranspar
entt
ousers,buti
tis
di
ffi
cul
ttoconf
igur
e.Inaddi
ti
on,iti
ssuscepti
bletoIPspoofi
ng.
●Appl
icat
ionGateway:
Appli
essecurit
ymechani
smst
ospeci
fi
cappl
icat
ions,
suchasFTPand
Tel
netserver
s.Thi
sisver
yeffect
ive,
butcani
mposeaper
for
mancedegradat
ion.

?●Cir
cuit-
levelGat
eway:Appli
essecur
it
ymechani
smswhenaTCPorUDPconnecti
onis
est
ablished.Oncetheconnecti
onhasbeenmade,packet
scanf
lowbet
weent
hehostswit
hout
fur
therchecking.

●ProxySer
ver:I
nter
ceptsal
lmessagesenter
ingandl
eav
ingt
henet
wor
k.Thepr
oxyser
ver
ef
fecti
vel
yhidesthetr
uenetwor
kaddresses.

Inpracti
ce,manyfi
rewal
l
susetwoormoreoft
hesetechni
quesinconcert
.Af i
rewal
lis
consideredafi
rstl
i
neofdef
ensei
nprot
ecti
ngpri
vat
einfor
mation.Forgr
eatersecur
it
y,dat
acan
beencr y
pted.

◆NextGener
ati
onFi
rewal
l(NGFW)

Fir
ewall
scall
ednextgener at
ionf
ir
ewalls(NGFW),workbyfil
teri
ngnetworkandI nt
ernett
raff
ic
basedupontheappli
cationsortr
affi
ctypesusingspeci
fi
cpor t
s.NextGenerat
ionFirewal
ls
(NGFWs)blendthefeaturesofastandardfi
rewal
lwithqual
i
tyofservice(
QoS)f uncti
onal
iti
esin
ordert
oprovidesmarteranddeeperinspect
ion.

I
Psecur
it
y(I
PSec)
:

TheIPsecur i
ty(
IPSec)isanInternetEngineer
ingTaskForce(I
ETF)standardsui
teofpr ot
ocol
s
between2communi cat
ionpointsacrosst heI
Pnetworkthatprov
idedataauthent
icati
on,
i
ntegri
ty,andconfi
denti
ali
ty.I
talsodefinestheencrypt
ed,decr
yptedandauthenti
catedpacket
s.
Theprotocolsneededforsecurekeyexchangeandkeymanagementar edefi
nedinit.

UsesofI
PSecur
it
y–

I
Pseccanbeusedt
odot
hef
oll
owi
ngt
hings:

●Toencr
yptappl
i
cat
ionl
ayerdat
a.

●Topr
ovi
desecur
it
yforr
out
erssendi
ngr
out
ingdat
aacr
osst
hepubl
i
cint
ernet
.

●Toprov
ideaut
hent
icat
ionwi
thoutencr
ypt
ion,
li
ket
oaut
hent
icat
ethatt
hedat
aor
igi
nat
esf
rom
aknownsender
.
●Toprotectnetwor
kdatabysett
ingupcir
cuit
susi
ngIPsectunneli
nginwhichalldat
aisbei
ng
sentbet
weent hetwoendpoi
ntsisencr
ypted,
aswit
haVi r
tualPri
vateNet
wor k(
VPN)
connect
ion.

Component
sofI
PSecur
it
y–

I
thast
hef
oll
owi
ngcomponent
s:

●Encapsul
ati
ngSecur
it
yPay
load(
ESP)–

I
tprovi
desdataint
egr
ity
,encr
ypt
ion,
aut
hent
icat
ionandant
irepl
ay.I
tal
sopr
ovi
des
aut
henti
cat
ionforpay
load.

●Aut
hent
icat
ionHeader(
AH)–

I
talsoprovidesdataint
egri
ty,authent
icat
ionandant
i r
epl
ayandi
tdoesnotpr
ovideencry
pti
on.
Theantireplaypr
otecti
on,protect
sagainstunaut
hor
izedt
ransmi
ssi
onofpacket
s.Itdoesnot
prot
ectdata’sconfi
denti
ali
ty.

●I
nter
netKeyExchange(
IKE)–

Itisanet wor ksecurit

ypr otocol designedt ody nami call
yexchangeencr ypti
onkey sandf i
nda
wayov erSecur i
tyAssociation( SA)bet ween2dev ices.TheSecur i
tyAssociati
on( SA)
establi
shesshar edsecur i
tyat tr
ibutesbet ween2net workentit
iest osupportsecur e
communi cation.TheKeyManagementPr otocol (
ISAKMP)andI nternetSecurit
yAssoci ati
on
whi chpr ovidesaf r
amewor kf orauthenticationandkeyexchange.I SAKMPt ell
showt hesetup
oft heSecur i
tyAssoci at
ions( SAs)andhowdi rectconnectionsbet weent wohost sthatare
usingIPsec.I nternetKeyExchange( IKE)pr ovidesmessagecont entprotect
ionandal soan
openf ramef ori mplement i
ngst andardal gorit
hmssuchasSHAandMD5.Theal gorit
hm’ sIP
secuser spr oducesauni quei denti
fierforeachpacket .Thisident i
fi
erthenal l
owsadev iceto
determi newhet herapackethasbeencor rectornot .Packetswhi char enotaut hori
zedar e
discardedandnotgi vent or eceiver.
Vi
rt
ual
Pri
vat
eNet
wor
k(VPN):

VPNst andsf orvi

rtualpri
vatenetwork.Av irtualpr
ivat
enetwor k(VPN)i sat echnologythat
createsasafeandencr y
pt edconnectionov eralesssecurenet work,suchast heint
ernet
.
Virt
ualPrivat
enet workisawayt oext endapr i
vatenetworkusingapubl icnet worksuchas
i
nternet.Thenameonl ysuggeststhati ti
sVi rt
ual“pri
vat
enet work”i.
e.usercanbet hepartof
l
ocal networksit
tingatar emotelocation.Itmakesuseoft unneli
ngpr otocolst oest
abli
sha
secureconnect i
on.

Let
sunder
standVPNbyanexampl
e:

Thinkofasit
uati
onwher ecorporat
eoff
iceofabanki ssi
tuatedinWashi ngton,USA.Thi
sof f
ice
hasalocalnetworkconsi
sti
ngofsay100comput er
s.Supposeanotherbr anchesofbankar ein
Mumbai ,
Indi
aandToky o,Japan.Thetr
adit
ionalmethodofestabli
shingasecur econnect
ion
betweenheadoffi
ceandbr anchwastohav ealeasedli
nebetweent hebr anchesandhead
off
icewhichwasv er
ycostlyaswellastr
oublesomejob.VPNl etusov er
comet hisi
ssueinan
eff
ecti
vemanner .

Thesi
tuat
ioni
sdescr
ibedbel
ow:

All
100hundr
edcomput er
sofcorpor
ateoffi
ceatWashingtonar
econnect
edtot
heVPN
serv
er(
whi
chisawellconfi
guredser
vercontai
ningapubl
icIPaddr
essandaswi
tcht
oconnect
al
lcomput
erspr
esentinthelocal
networki
.e.i
nUSheadof fi
ce)
.

Theper
sonsitt
ingintheMumbaiof
ficeconnect
stoTheVPNserverusi
ngdial
upwi ndowand
VPNserverr
eturnanIPaddr
esswhichbelongst
otheser
iesofI
Paddressesbelongi
ngtol
ocal
net
workofcorporat
eoffi
ce.

Thusper
sonfrom Mumbaibr
anchbecomesl
ocal
tot
heheadof
fi
ceandi
nfor
mat
ioncanbe
shar
edsecur
elyovert
hepubl
ici
nter
net.

Sothisi
stheint
uit
ivewayofext
endi
ngl
ocal
net
wor
kev
enacr
osst
hegeogr
aphi
cal
bor
der
sof
thecount
ry.
Ty
pesofVPN

Vi
rt
ual
Pri
vat
eNet
wor
k(VPN)i
sbasi
cal
l
yof2t
ypes:

*
Remot
eAccessVPN:

RemoteAccessVPNper mitsausertoconnectt
oaprivat
enetworkandaccessal
li
tsservi
ces
andresour
cesremotely
.Theconnectionbet
weentheuserandthepri
vat
enetworkoccur
s
thr
oughtheInt
ernetandtheconnecti
onissecur
eandpriv
ate.RemoteAccessVPNisusefulf
or
homeusersandbusinessusersboth.

Si
tet
oSi
teVPN:

ASit
e-t
o-Sit
eVPNi sal
socall
edasRouter-
to-
RouterVPNandi scommonl yusedinthel
arge
compani
es.Companiesororgani
zati
ons,
withbranchof
ficesindif
ferentl
ocati
ons,
useSite-
to-
si
teVPNt oconnectt
henetworkofoneoff
icelocat
iont
ot henetworkatanotherof
fi
cel
ocation.

I
ntr
anetbasedVPN:Whenseveral
offi
cesofthesamecompanyar
econnect
edusi
ngSi
te-
to-
Si
teVPNtype,i
tiscal
l
edasInt
ranetbasedVPN.

Extr
anetbasedVPN:Whencompani
esuseSite-
to-
sit
eVPNt
ypet
oconnectt
otheof
fi
ceof
anothercompany
,iti
scal
l
edasExtr
anetbasedVPN.