Cyber Security (100004)

Ans 1.a
Open Source software is the software that is available to users with source code. Source code is
a part of a program or software. Users can modify, inspect and enhance it to improve the
software. Additional features can be added in the source code. Users use source code to copy,
learn and share it. An Open source software can either be free of cost or chargeable.

Freeware software is a software that is available free of cost. An user can download freeware
from internet and uses it. These softwares do not provide any freedom of modifying, sharing and
studying the program as in open source software. Freeware is closed source.

Shareware software is a software that are freely distributed to users on trial basis. There is a time
limit inbuilt in the software( for example- free for 30 days or 2 months). As the time limit gets
over, it will be deactivated. To use it after time limit, you have to pay for the software.

Ans 1.b
Cyberwarfare is a broad term describing the use of technological force within cyberspace.
Cyber warfare refers to the use of technology to launch attacks on nations, governments and
citizens, causing comparable harm to actual warfare using weaponry. The problem with cyber
warfare is that its very hard to work out who launched the attack in the first place. Although in
some cases, hacking groups are very quick to take responsibility for attacks, in most cases, no
one takes responsibility and because it's so easy for people to hide, rarely can the attacker ever be
uncovered.

Ans 1.c
Cyberstalking is a criminal practice where an individual uses the Internet to systematically harass
or threaten someone. This crime can be perpetrated through email, social media, chat rooms,
instant messaging clients and any other online medium. Cyberstalking can also occur in
conjunction with the more traditional form of stalking, where the offender harasses the victim
offline. There is no unified legal approach to cyberstalking, but many governments have moved
toward making these practices punishable by law. Cyberstalking is sometimes referred to as
Internet stalking, e-stalking or online stalking.

Cyber Espionage

Cyber spying or Cyber espionage is the act or practice of obtaining secrets without the
permission of the holder of the information (personal, sensitive, proprietary or of classified
nature), from individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage. It can be Done using exploitation methods on the
Internet, networks or individual computers through the use of cracking techniques and malicious
software including Trojan horses and spyware.

Ans 1.d

Cyber crimes are broadly categorized into three groups such as crime against

1. Individual
2. Property
3. Government

1. Individual:

This type of cybercrime can be in the form of cyber stalking, distributing pornography,
trafficking and “grooming”. In present situation, law enforcement agencies are considering
such cybercrime very serious and are joining forces worldwide to reach and arrest the
committers.

2. Property:

In this case, a person can steal a person’s bank details and drain off money; misuse the credit
card to make frequent purchases online; run a scam to get naive people to part with their hard
earned money; use malicious software to gain access to an organization’s website or disrupt
the systems of the organization.

3.Government:

Crimes against a government are denoted to as cyber terrorism. If criminals are successful, it
can cause devastation and panic amongst the citizen. In this class, criminals hack government
websites, military websites or circulate propaganda. The committers can be terrorist outfits or
unfriendly governments of other nations.

Types of Cyber Crimes:

There are many types of cybercrimes:

Hacking:

This is different from ethical hacking, which many organizations use to check their Internet
security protection. In hacking, the criminal uses a variety of software to enter a person’s
computer and the person may not be aware that his computer is being accessed from a remote
location. A hacker could install several programs on to their system without their knowledge.
Such programs could also be used to steal personal information such as passwords and credit
card information.

Theft:

This type of cybercrime occurs when a person violates copyrights and downloads music,
movies, games and software.

Cyber Stalking:

This is a type of online harassment wherein the victim is endangered to a barrage of online
messages and emails. Normally, these stalkers know their victims and instead of resorting to
offline stalking, they use the Internet to stalk.

Identity Theft:

This is a major problem with people using the Internet for cash transactions and banking
services. In this cybercrime, a criminal accesses data about a person’s bank account, credit
cards, Social Security, debit card, full name and other sensitive information to drain off money
or to buy things online in the victim’s name. The identity thief can use person’s information to
fraudulently apply for credit, file taxes, or get medical services. It can result in major financial
losses for the victim and even spoil the victim’s credit history.
Malicious Software:

This software, also called computer virus is Internet-based software or programs that are used
to disrupt a network. The software is used to gain access to a system to gather sensitive
information or data or causing damage to software present in the system.

Child soliciting and Abuse:

This is also a type of cybercrime in which criminals solicit minors via chat rooms for the
purpose of child pornography. The FBI has been spending a lot of time monitoring chat rooms
visited by children in order to reduce and prevent child abuse and soliciting.

Computer vandalism:

It is a type of cybercrime that Damages or destroys data rather than stealing. It transmits virus.

Software piracy: It is a theft of software through the illegal copying of genuine programs.

Prevention of cybercrimes:

Computer users can adopt various techniques to prevent cybercrime.

– Computer users must use a firewall to protect their computer from hackers. Most security
software comes with a firewall. Turn on the firewall that comes with their router as well.

– Computer users are recommended to purchase and install anti-virus software such as McAfee
or Norton Anti-Virus. AVG offers free anti-virus protection if they do not want to purchase
software.

– It is advised by cyber experts that users must shop only at secure websites. Look for a Truste
or VeriSign seal when checking out. They should never give their credit card information to a
website that looks suspicious or to strangers.
– Users must develop strong passwords on their accounts that are difficult to guess. Include
both letters and numerals in their passwords. They must continuously update passwords and
login details. By changing login details, at least once or twice a month, there are less chances
of being a target of cybercrime.

– It is suggested to monitor children and how they use the Internet. Install parental control
software to limit where they can surf.

– Make sure that social networking profiles such as Facebook, Twitter, YouTube, MSN are set
to private. Check their security settings and be careful what information users post online.
Once it is on the Internet, it is extremely difficult to remove.

Ans 1.e

Cyber-Vandalism accounts to the act of damaging someone’s data from the computer that in a
way disrupts the victim’s business or image due to editing the data into something invasive,
embarrassing or absurd. The thieves create malevolent programs that prove injurious to the hard
disk data or login credentials of the victim. Cyber-vandalism is different from computer viruses
that attach into the programs and Wikipedia being one of the famous sites, is prone to potential
damage of content because anyone can edit the site. However, Wikipedia has presently sustained
an equilibrium between the types of users that there are articles that cannot be edited by
unregistered or new users.

Today’s vandalism felony surrounds the computers and in some countries, new laws have also
been updated that has resulted in the punishment for vandalism. The gaming company networks
have paved a productive way for the computer-literate youth to indulge their knowledge and
talents into creating games rather than becoming malware designers. Cyber-Vandalism leads to
other risks also that could be dangerous for your computer system, your identity, your precious
personal data and your finances.

Genre of people who vandalise computer systems

1. Professional Developers

As the professional developers have experience and expertise in creating programs, they are
proficient enough to create computer viruses also.

2. Researchers

These are the people who can simply counterattack the actions of an antivirus software in a
computer and can discover methods to infect the computer.

3. Skilled and inexperienced youth

Those students who are skilled enough in creating malware they earn money by selling their
ideas to antivirus companies. While those young people who are still not thorough with the
ability to create malware, learn to create viruses through internet tutorials.

How can vandalism crime be a threat?

• It affects your digital identity and image

• If you have a business, it loses your customers
• It ruins your overall reputation
• Extra expenses, time and labour are involved
• Reduces your profits

2 a) Network Address Translation (NAT):

A NAT (Network Address Translation or Network Address Translator) is the
virtualization of Internet Protocol (IP) addresses. NAT helps improve security and
decrease the number of IP addresses an organization needs.
NAT gateways sit between two networks, the inside network and the outside network.
Systems on the inside network are typically assigned IP addresses that cannot be routed
to external networks (e.g., networks in the 10.0.0.0/8 block). A few externally valid IP
addresses are assigned to the gateway. The gateway makes outbound traffic from an
inside system appear to be coming from one of the valid external addresses. It takes
incoming traffic aimed at a valid external address and sends it to the correct internal
system. This helps ensure security, since each outgoing or incoming request must go
through a translation process that also offers the opportunity to qualify or authenticate
incoming streams and match them to outgoing requests, for example.
 NAT conserves the number of globally valid IP addresses a company needs, and in
combination with Classless Inter-Domain Routing (CIDR) has done a lot to extend the
useful life of IPv4 as a result.
The NAT mechanism ("natting") is a router feature, and is often part of a
corporate firewall. NAT gateways can map IP addresses in several ways:
• From a local IP address to one global IP address statically;
• From a local IP address to any of a rotating pool of global IP addresses a
company may have;
• From a local IP address plus a particular TCP port to a global IP address or one in
a pool of ports;
• From a global IP address to any of a pool of local IP addresses on a round-robin
basis.

b) Difference Between HTTP and HTTPS

Parameter HTTP HTTPS

It is hypertext transfer protocol with
Protocol It is hypertext transfer protocol.
secure.
It is designed to prevent hackers from
It is less secure as the data can
Security accessing critical information. It is
be vulnerable to hackers.
secure against such attacks.
Port It uses port 80 by default It was use port 443 by default.
Starts with HTTP URLs begin with http:// HTTPs URLs begin with https://
If the website needs to collect the
It's a good fit for websites
private information such as credit card
Used for designed for information
number, then it is a more secure
consumption like blogs.
protocol.
HTTPS scrambles the data before
HTTP does not scramble the
transmission. At the receiver end, it
data to be transmitted. That's
descrambles to recover the original
Scrambling why there is a higher chance
data. Therefore, the transmitted
that transmitted information is
information is secure which can't be
available to hackers.
hacked.
HTTPS does not have any separate
Protocol It operates at TCP/IP level. protocol. It operates using HTTP but
uses encrypted TLS/SSL connection.
Domain Name
HTTP website do not need SSL. HTTPS requires SSL certificate.
Validation
Data HTTP website doesn't use
HTTPS websites use data encryption.
encryption encryption.
 Search HTTP does not improve search HTTPS helps to improve search
Ranking rankings. ranking.
Speed Fast Slower than HTTP
It Is highly secure as the data is
Vulnerability Vulnerable to hackers encrypted before it is seen across a
network.
c) OSI stands for Open Systems Interconnection. It has been developed by ISO –
‘International Organization of Standardization‘, in the year 1974. It is a 7 layer
architecture with each layer having specific functionality to perform. All these 7 layers
work collaboratively to transmit the data from one person to another across the globe.

1. Physical Layer (Layer 1) :

The lowest layer of the OSI reference model is the physical layer. It is responsible for the
actual physical connection between the devices. The physical layer contains information
in the form of bits. It is responsible for the actual physical connection between the
devices..

2. Data Link Layer (DLL) (Layer 2) :

The data link layer is responsible for the node to node delivery of the message. The main
function of this layer is to make sure data transfer is error free from one node to another,
over the physical layer.

3. Network Layer (Layer 3) :

Network layer works for the transmission of data from one host to the other located in
different networks. It also takes care of packet routing i.e. selection of the shortest path to
transmit the packet, from the number of routes available.

4. Transport Layer (Layer 4) :

Transport layer provides services to application layer and takes services from network
layer. The data in the transport layer is referred to as Segments. It is responsible for the
End to End delivery of the complete message.

5. Session Layer (Layer 5) :

 This layer is responsible for establishment of connection, maintenance of sessions,
authentication and also ensures security.

6. Presentation Layer (Layer 6) :

Presentation layer is also called the Translation layer. The data from the application layer
is extracted here and manipulated as per the required format to transmit over the network.

7. Application Layer (Layer 7) :

At the very top of the OSI Reference Model stack of layers, we find Application layer
which is implemented by the network applications. These applications produce the data,
which has to be transferred over the network. This layer also serves as a window for the
application services to access the network and for displaying the received information to
the user.

Ans 2 d)

1. Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over the
same network before the signal becomes too weak or corrupted so as to extend the length to
which the signal can be transmitted over the same network. An important point to be noted about
repeaters is that they do not amplify the signal. When the signal becomes weak, they copy the
signal bit by bit and regenerate it at the original strength. It is a 2 port device.

2. Hub – A hub is basically a multiport repeater. A hub connects multiple wires coming from
different branches, for example, the connector in star topology which connects different stations.
Hubs cannot filter data, so data packets are sent to all connected devices. In other words,
collision domain of all hosts connected through Hub remains one. Also, they do not have
intelligence to find out best path for data packets which leads to inefficiencies and wastage.

Types of Hub
Active Hub :- These are the hubs which have their own power supply and can clean , boost and
relay the signal along the network. It serves both as a repeater as well as wiring center. These are
used to extend maximum distance between nodes.

Passive Hub :- These are the hubs which collect wiring from nodes and power supply from active
hub. These hubs relay signals onto the network without cleaning and boosting them and can’t be
used to extend distance between nodes.

3. Bridge – A bridge operates at data link layer. A bridge is a repeater, with add on functionality
of filtering content by reading the MAC addresses of source and destination. It is also used for
interconnecting two LANs working on the same protocol. It has a single input and single output
port, thus making it a 2 port device.

Types of Bridges

Transparent Bridges :- These are the bridge in which the stations are completely unaware of the
bridge’s existence i.e. whether or not a bridge is added or deleted from the network ,
reconfiguration of the stations is unnecessary. These bridges make use of two processes i.e.
bridge forwarding and bridge learning.

Source Routing Bridges :- In these bridges, routing operation is performed by source station and
the frame specifies which route to follow. The hot can discover frame by sending a specical
frame called discovery frame, which spreads through the entire network using all possible paths
to destination.

4. Switch – A switch is a multi port bridge with a buffer and a design that can boost its
efficiency(large number of ports imply less traffic) and performance. Switch is data link layer
device. Switch can perform error checking before forwarding data, that makes it very efficient as
it does not forward packets that have errors and forward good packets selectively to correct port
only. In other words, switch divides collision domain of hosts, but broadcast domain remains
same.

5. Routers – A router is a device like a switch that routes data packets based on their IP
addresses. Router is mainly a Network Layer device. Routers normally connect LANs and
WANs together and have a dynamically updating routing table based on which they make
decisions on routing the data packets. Router divide broadcast domains of hosts connected
through it.

6. Gateway – A gateway, as the name suggests, is a passage to connect two networks together
that may work upon different networking models. They basically works as the messenger agents
that take data from one system, interpret it, and transfer it to another system. Gateways are also
called protocol converters and can operate at any network layer. Gateways are generally more
complex than switch or router.

Ans 2 e)

Network Topologies

The arrangement of a network which comprises of nodes and connecting lines via sender and
receiver is referred as network topology. The various network topologies are :

a) Mesh Topology :

In mesh topology, every device is connected to another device via particular channel. Every
device is connected with another via dedicated channels. These channels are known as links.

If suppose, N number of devices are connected with each other in mesh topology, then total
number of ports that is required by each device is N-1. In the Figure 1, there are 5 devices
connected to each other, hence total number of ports required is 4.

If suppose, N number of devices are connected with each other in mesh topology, then total
number of dedicated links required to connect them is NC2 i.e. N(N-1)/2. In the Figure 1, there
are 5 devices connected to each other, hence total number of links required is 5*4/2 = 10.

Advantages of this topology :

• It is robust. Fault is diagnosed easily. Data is reliable because data is transferred among
the devices through dedicated channels or links.
• Provides security and privacy.
• Problems with this topology :
• Installation and configuration is difficult.
• Cost of cables are high as bulk wiring is required, hence suitable for less number of
devices.
• Cost of maintenance is high.
b) Star Topology :

In star topology, all the devices are connected to a single hub through a cable. This hub is the
central node and all others nodes are connected to the central node. The hub can be passive in
nature i.e. not intelligent hub such as broadcasting devices, at the same time the hub can be
intelligent known as active hubs. Active hubs have repeaters in them.

A star topology having four systems connected to single point of connection i.e. hub.

Advantages of this topology :

• If N devices are connected to each other in star topology, then the number of cables
required to connect them is N. So, it is easy to set up.
• Each device require only 1 port i.e. to connect to the hub.
• Problems with this topology :
• If the concentrator (hub) on which the whole topology relies fails, the whole system will
crash down.
• Cost of installation is high.
• Performance is based on the single concentrator i.e. hub.
c) Bus Topology :

Bus topology is a network type in which every computer and network device is connected to
single cable. It transmits the data from one end to another in single direction. No bi-directional
feature is in bus topology. A bus topology with shared backbone cable. The nodes are connected
to the channel via drop lines.

Advantages & limitations of this topology :

• If N devices are connected to each other in bus topology, then the number of cables
required to connect them is 1 which is known as backbone cable and N drop lines are
required.
• Cost of the cable is less as compared to other topology, but it is used to built small
networks.
• If the common cable fails, then the whole system will crash down.
• If the network traffic is heavy, it increases collisions in the network. To avoid this,
various protocols are used in MAC layer known as Pure Aloha, Slotted Aloha,
CSMA/CD etc.

d) Ring Topology :

In this topology, it forms a ring connecting a devices with its exactly two neighbouring devices.

A ring topology comprises of 4 stations connected with each forming a ring. The following
operations takes place in ring topology are :

One station is known as monitor station which takes all the responsibility to perform the
operations. To transmit the data, station has to hold the token. After the transmission is done, the
token is to be released for other stations to use. When no station is transmitting the data, then the
token will circulate in the ring.

There are two types of token release techniques : Early token release releases the token just after
the transmitting the data and Delay token release releases the token after the acknowledgement is
received from the receiver.

Advantages and Limitations of this topology :

• The possibility of collision is minimum in this type of topology.

• Cheap to install and expand.
• Troubleshooting is difficult in this topology.
• Addition of stations in between or removal of stations can disturb the whole topology.

Ans 3 a)

Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. Cryptanalysis
uses mathematical formulas to search for algorithm vulnerabilities and break into cryptography
or information security systems.

Known-Plaintext Analysis (KPA): Attacker decrypt ciphertexts with known partial plaintext.

Chosen-Plaintext Analysis (CPA): Attacker uses ciphertext that matches arbitrarily selected
plaintext via the same algorithm technique.

Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.

Man-in-the-Middle (MITM) Attack: Attack occurs when two parties use message or key sharing
for communication via a channel that appears secure but is actually compromised. Attacker
employs this attack for the interception of messages that pass through the communications
channel. Hash functions prevent MITM attacks.
Adaptive Chosen-Plaintext Attack (ACPA): Similar to a CPA, this attack uses chosen plaintext
and ciphertext based on data learned from past encryptions.

Ans 3.b

Steganography is the technique of hiding secret data within an ordinary, non-secret, file or
message in order to avoid detection; the secret data is then extracted at its destination. The use of
steganography can be combined with encryption as an extra step for hiding or protecting data.

Steganography can be used to conceal almost any type of digital content, including text, image,
video or audio content; the data to be hidden can be hidden inside almost any other type of
digital content. The content to be concealed through steganography called hidden text is often
encrypted before being incorporated into the innocuous-seeming cover text file or data stream. If
not encrypted, the hidden text is commonly processed in some way in order to increase the
difficulty of detecting the secret content.

One use of steganography includes watermarking which hides copyright information within a
watermark by overlaying files not easily detected by the naked eye. This prevents fraudulent
actions and gives copyright protected media extra protection.

The size or quality of carrier image is changed therefore Steganography files are identified

Ans 3.c

Confidentiality:

Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality

are designed to prevent sensitive information from reaching the wrong people, while making sure
that the right people can in fact get it: Access must be restricted to those authorized to view the
data in question. A good example of methods used to ensure confidentiality is an account number
or routing number when banking online. Data encryption is a common method of ensuring
confidentiality. User IDs and passwords constitute a standard procedure; two-factor
authentication is becoming the norm.

Integrity:

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its
entire life cycle . Data must not be changed in transit, and steps must be taken to ensure that data
cannot be altered by unauthorized people (for example, in a breach of confidentiality). These
measures include file permissions and user access controls. Version control maybe used to
prevent erroneous changes or accidental deletion by authorized users becoming a problem.
Authentication

Authentication is the process of determining whether someone or something is, in fact, who or
what it declares itself to be. Authentication technology provides access control for systems by
checking to see if a user's credentials match the credentials in a database of authorized users or in
a data authentication server. Users are usually identified with a user ID, and authentication is
accomplished when the user provides a credential, for example a password, that matches with
that user ID.

Nonrepudation

Non-repudiation is the assurance that someone cannot deny the validity of something. on-
repudiation is a legal concept that is widely used in information security and refers to a service,
which provides proof of the origin of data and the integrity of the data. In other words, non-
repudiation makes it very difficult to successfully deny who/where a message came from as well
as the authenticity of that message.

Digital signatures (combined with other measures) can offer non-repudiation when it comes to
online transactions, where it is crucial to ensure that a party to a contract or a communication
can't deny the authenticity of their signature on a document or sending the communication in the
first place. In this context, non-repudiation refers to the ability to ensure that a party to a contract
or a communication must accept the authenticity of their signature on a document or the sending
of a message.

Ans 3 d)

Symmetrical Encryption
This is the simplest kind of encryption that involves only one secret key to cipher and decipher
information. Symmetrical encryption is an old and best-known technique. It uses a secret key
that can either be a number, a word or a string of random letters. It is a blended with the plain
text of a message to change the content in a particular way. The sender and the recipient should
know the secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4,
DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric
algorithm is AES-128, AES-192, and AES-256.

The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.

Asymmetrical Encryption

Asymmetrical encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a
plain text. Secret keys are exchanged over the Internet or a large network. It ensures that
malicious persons do not misuse the keys. It is important to note that anyone with a secret key
can decrypt the message and this is why asymmetrical encryption uses two related keys to
boosting security. A public key is made freely available to anyone who might want to send you a
message. The second private key is kept a secret so that you can only know.
A message that is encrypted using a public key can only be decrypted using a private key, while
also, a message encrypted using a private key can be decrypted using a public key. Security of
the public key is not required because it is publicly available and can be passed over the internet.
Asymmetric key has a far better power in ensuring the security of information transmitted during
communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially over

the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA,
Elliptic curve techniques, PKCS.
Difference Between Symmetric and Asymmetric Encryption
▪ Symmetric encryption uses a single key that needs to be shared among the people who need
to receive the message while asymmetrical encryption uses a pair of public key and a private
key to encrypt and decrypt messages when communicating.
▪ Symmetric encryption is an old technique while asymmetric encryption is relatively new.
▪ Asymmetric encryption was introduced to complement the inherent problem of the need to
share the key in symmetrical encryption model, eliminating the need to share the key by
using a pair of public-private keys.
▪ Asymmetric encryption takes relatively more time than the symmetric encryption.

Ans 3 e)

Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction or SET is a system which ensures security and integrity of
electronic transactions done using credit cards in a scenario. SET is not some system that enables
payment but it is a security protocol applied on those payments. It uses different encryption and
hashing techniques to secure payments over internet done through credit cards. SET protocol was
supported in development by major organizations like Visa, Mastercard, Microsoft which
provided its Secure Transaction Technology (STT) and NetScape which provided technology of
Secure Socket Layer (SSL).

SET protocol restricts revealing of credit card details to merchants thus keeping hackers and
thieves at bay. SET protocol includes Certification Authorities for making use of standard Digital
Certificates like X.509 Certificate.
Before discussing SET further, let’s see a general scenario of electronic transaction, which
includes client, payment gateway, client financial institution, merchant and merchant financial
institution.

Requirements in SET :

SET protocol has some requirements to meet, some of the important requirements are :

It has to provide mutual authentication i.e., customer (or cardholder) authentication by

confirming if the customer is intended user or not and merchant authentication.

It has to keep the PI (Payment Information) and OI (Order Information) confidential by

appropriate encryptions.

It has to be resistive against message modifications i.e., no changes should be allowed in the
content being transmitted.

SET also needs to provide interoperability and make use of best security mechanisms.

Participants in SET :

In the general scenario of online transaction, SET includes similar participants:

• Cardholder – customer
• Issuer – customer financial institution
• Merchant
• Acquirer – Merchant financial
• Certificate authority – Authority which follows certain standards and issues
certificates(like X.509V3) to all other participants.

SET functionalities:

Provide Authentication

Merchant Authentication – To prevent theft, SET allows customers to check previous

relationships between merchant and financial institution. Standard X.509V3 certificates are used
for this verification.
Customer / Cardholder Authentication – SET checks if use of credit card is done by an
authorized user or not using X.509V3 certificates.

Provide Message Confidentiality : Confidentiality refers to preventing unintended people from

reading the message being transferred. SET implements confidentiality by using encryption
techniques. Traditionally DES is used for encryption purpose.

Provide Message Integrity : SET doesn’t allow message modification with the help of signatures.
Messages are protected against unauthorized modification using RSA digital signatures with
SHA-1 and some using HMAC with SHA-1,

Dual Signature :

The dual signature is a concept introduced with SET, which aims at connecting two information
pieces meant for two different receivers :

Order Information (OI) for merchant

Payment Information (PI) for bank

Q.4. (a)

Threats are potentials for vulnerabilities to turn into attacks on computer systems, networks, and more.
They can put individuals’ computer systems and business computers at risk, so vulnerabilities have to be
fixed so that attackers cannot infiltrate the system and cause damage.

Threats can include everything from viruses, trojans, back doors to outright attacks from hackers. Often,
the term blended threat is more accurate, as the majority of threats involve multiple exploits.

Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain
unauthorized access to an asset.A vulnerability is a weakness or gap in our protection efforts.

(b)
The Process of attempting to gain or successfully gaining, unauthorized access to computer resources is
called Hacking.

A white hat hacker is a computer security specialist who breaks into protected systems and
networks to test and asses their security. White hat hackers use their skills to improve security by
exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and
exploit them. Although the methods used are similar, if not identical, to those employed by
malicious hackers, white hat hackers have permission to employ them against the organization
that has hired them.

A black hat hacker is a person who attempts to find computer security vulnerabilities and exploit
them for personal financial gain or other malicious reasons. This differs from white hat hackers,
which are security specialists employed to use hacking methods to find security flaws that black
hat hackers may exploit.

Black hat hackers can inflict major damage on both individual computer users and large
organizations by stealing personal financial information, compromising the security of major
systems, or shutting down or altering the function of websites and networks.

A gray hat hacker (also spelled grey hat hacker) is someone who may violate ethical standards or
principles, but without the malicious intent ascribed to black hat hackers. Gray hat hackers may engage in
practices that seem less than completely above board, but are often operating for the common good. Gray
hat hackers represent the middle ground between white hat hackers, who operate on behalf of those
maintaining secure systems, and black hat hackers who act maliciously to exploit vulnerabilities in
systems.

(d)

Viruses are malicious programs that can cause damage to computer. A computer virus attaches itself to a
program or file enabling it to spread from one computer to another leaving infections as it travels.
Almost all viruses are attached to an executable file which means the virus may exist on computer but it
actually infect our systems unless we run or open the malicious program. A virus cannot be spread
without a human action (such as running an infected file or program) to keep it going. A virus is spread
by sharing files or sending emails with viruses as attachments in the email.

A worm is similar to view by design and is considered to be a sub-class of a virus.Worms spread from
one computer to another it has the capability to travel without any human action.It is an independent
program that does not modify other programs, but reproduces itself over and over again until it slows
down or shuts down a computer system or network.It uses computer network to spread itself. It consumes
too much system memory Infects the environment rather than specific objects .Worms send a copy of
itself to everyone listed on your email address book.

Spyware is software that is installed on a computing device without the end user's knowledge. Any
software can be classified as spyware if it is downloaded without the user's authorization.Anti-spyware
tools can be used to prevent or remove spyware. Anti-spyware tools can either provide real-time
protection by scanning network data and blocking malicious data, or detect and remove spyware already
on a system by executing scans.

Malicious software, commonly known as malware, is any software that brings harm to a computer
system. Malware can be in the form of worms, viruses, trojans, spyware, adware and rootkits, etc., which
steal protected data, delete documents or add software not approved by a user.

Malware is software designed to cause harm to a computer and user. Some forms of malware “spy” on
user Internet traffic. Examples include spyware and adware. Spyware monitors a user’s location and if
enabled, it can capture sensitive information, e.g., credit card numbers, promoting identity theft. Adware
also acquires user information, which is shared with advertisers and then integrated with unwanted,
triggered pop-up ads. Anti-malware should determine if there are threats by scanning a computer and
removing them, if found. Prevention is better than corrective action after infection. Although anti-virus
 programs should be continually enabled and updated, certain types of threats, like spyware, often make
their way into a computer system.

At all times, a firewall should be in place for additional security. Multiple, compatible protective sources
are encouraged as additional insurance against malware.

(e)

Denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate
users from accessing the service. In a DoSattack, the attacker usually sends excessive messages asking the
network or server to authenticate requests that have invalid return addresses.
The network or server will not be able to find the return address of the attacker when sending the
authentication approval, causing the server to wait before closing the connection.When the server closes
the connection, the attacker sends more authentication messages with invalid return addresses.The process
of authentication and server wait will begin again, keeping the network or server busy.

A DoS attack can be done in a several ways. The basic types of DoS attack include:
• Flooding the network to prevent legitimate network traffic.
• Disrupting the connections between two machines, thus preventing access to a service.
• Preventing a particular individual from accessing a service.
• Disrupting a service to a specific system or individual
• Disrupting the state of information, such resetting of TCP sessions.

A SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make a server
unavailable to legitimate traffic by consuming all available server resources. By repeatedly sending initial
connection request (SYN) packets, the attacker is able to overwhelm all available ports on a targeted
server machine, causing the targeted device to respond to legitimate traffic sluggishly or not at all.

Smurf is a network layer distributed denial of service (DDoS) attack, named after the DDoS.Smurf
malware that enables it execution.

Smurf attacks are somewhat similar to ping floods, as both are carried out by sending a slews of ICMP
Echo request packets.Unlike the regular ping flood, however, Smurf is an amplification attack vector that
boosts its damage potential by exploiting characteristics of broadcast networks.

1. Smurf malware is used to generate a fake Echo request containing a spoofed source IP, which is actually
the target server address.
2. The request is sent to an intermediate IP broadcast network.
3. The request is transmitted to all of the network hosts on the network.
4. Each host sends an ICMP response to the spoofed source address

Q.5 (a) Patent –

A patent is an exclusive right or rights granted by a government to an inventor for a limited time period
in exchange for the public disclosure of an invention. Examples of classes of patents include business
method patents, software patents, biological patents and chemical patents. In general, the granting of a
patent is dependent on passing tests of patentability: patentable subject matter, novelty (i.e. new),
inventive step or non-obviousness and industrial applicability (or utility).

Business Method Patents: These are species of patents regarding a claim on, and public disclosure of, a
new method(s) of operating any aspect of an economic enterprise. Examples include e-commerce,
banking, insurance, tax compliance and other business methods.

Software Patents: There is no generally accepted or universally accepted definition of a software patent.
The Foundation for a Free Information Infrastructure defines software patent as "a patent on any
performance of a computer realized by means of a computer program.

Copyright –

Copyright is a legal term describing ownership of control of the rights to the use and distribution of
certain works of creative expression, including books, video, movies, music and computer programs.
Historically, copyright law has been enacted to balance the desire of cultures to use and reuse creative
works (thus creating "derivative work") against the desire of the creators of art, literature, music and the
like to monetize their work by controlling who can make and sell copies of the work.

Trademark –

A Trademark is a Graphical representation that is used to distinguish the goods and services of one party
from those of others. A Trademark can be a letter, number, word, phrase, logo, graphic, shape, smell,
sound or combination of these things.

Registration of Trademarks in India governed by the Indian Trade Marks Act, 1999 & Indian Trade Marks
Rules, 2002 (and amendments thereof). The Trademark Act & Trademark Rules seeks to provide for the
registration of trademarks relating to goods and services in India. The rights granted under the Act, are
operative in the whole of India.

Q.5 (b)

Intellectual property rights are the legal rights that cover the privileges given to individuals who are the
owners and inventors of a work, and have created something with their intellectual creativity.
Individuals related to areas such as literature, music, invention, etc., can be granted such rights, which
can then be used in the business practices by them.

The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior
information. However, the rights are granted for a limited period of time to maintain equilibrium.

The following list of activities which are covered by the intellectual property rights are laid down by the
World Intellectual Property Organization (WIPO) −

• Industrial designs
• Scientific discoveries
• Protection against unfair competition
• Literary, artistic, and scientific works
• Inventions in all fields of human endeavor
• Performances of performing artists, phonograms, and broadcasts
• Trademarks, service marks, commercial names, and designations
• All other rights resulting from intellectual activity in the industrial, scientific, literary, or artistic
fields

Types of Intellectual Property Rights

• Intellectual Property Rights can be further classified into the following categories −
• Copyright
• Patent
• Patent
• Trade Secrets, etc.

Q.5 (c)

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We
need such laws so that people can perform purchase transactions over the Net through credit cards
without fear of misuse. The Act offers the much-needed legal framework so that information is not
denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic
records.

In view of the growth in transactions and communications carried out through electronic records, the
Act seeks to empower government departments to accept filing, creating and retention of official
documents in the digital format. The Act has also proposed a legal framework for the authentication and
origin of electronic records / communications through digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive
aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now
be a valid and legal form of communication in our country that can be duly produced and approved in a
court of law.

• Companies shall now be able to carry out electronic commerce using the legal infrastructure
provided by the Act.

• Digital signatures have been given legal validity and sanction in the Act.

• The Act throws open the doors for the entry of corporate companies in the business of being
Certifying Authorities for issuing Digital Signatures Certificates.

• The Act now allows Government to issue notification on the web thus heralding e-governance.

• The Act enables the companies to file any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate Government in
electronic form by means of such electronic form as may be prescribed by the appropriate
Government.

• The IT Act also addresses the important issues of security, which are so critical to the success of
electronic transactions. The Act has given a legal definition to the concept of secure digital
signatures that would be required to have been passed through a system of a security
procedure, as stipulated by the Government at a later date.

• Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in
case if anyone breaks into their computer systems or network and causes damages or copies
data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1

Q.5 (d)

Digital evidence is defined as information and data of value to an investigation that is stored on,
received or transmitted by an electronic device. This evidence can be acquired when electronic devices
are seized and secured for examination. Digital evidence: Is latent (hidden), like fingerprints or DNA
evidence Crosses jurisdictional borders quickly and easily Can be altered, damaged or destroyed with
little effort Can be time sensitive. evidence can be found: Internet-based, stand-alone computers

or devices, and mobile devices.

Volatile (Non-persistent) Memory that loses its contents, as soon as power is turned off; e.g. Data stored
in RAM (semiconductor storage) (System BIOS: CMOS RAM -battery powered).
Non-volatile (Persistent) No change in contents, even if power is turned off; e.g. Data stored in a tape /
hard disk (magnetic storage), CD / DVD (optical storage), data cards, USB Thumb Drives –Flash memory).

The e-EVIDENCE can be found in e-mails, digital photographs, ATM transaction logs, word processing,
documents, instant message histories, files saved from accounting programs, spreadsheets, internet
browser histories databases, Contents of computer memory, Computer backups, Computer printouts,
Global Positioning System tracks, Logs from a hotel’s electronic door locks, Digital video or audio files.
Digital Evidence tends to be more voluminous, more difficult to destroy, easily modified, easily
duplicated, potentially more expressive and more readily available.

Q.5(e)

Following are the basic steps of computer forensics investigations

1. Preliminary Analysis:

It is essential for forensic investigators to initiate a preliminary analysis to figure out the critical details of
a cybercrime. The analysis must include a thorough assessment of the case to devise the best approach
to investigating its intricacies. The forensic analyst takes notes about the system under surveillance
taking into consideration factors such as the role of the system in the organizational structure and
network, configured operating system, custom specifications, RAM, and the system location. An In-
depth preliminary analysis helps in devising effective strategies for investigating the crime.

2. Evidence Acquisition:

Evidence acquisition refers to collecting the maximum amount of data (both volatile and non-volatile)
from all the likely sources and verifying the data integrity. Collection of volatile data is subject to
changes and requires special attention of the involved analysts. Volatile data includes login session
details, network connections, RAM content caches, and running processes. Nonvolatile data verification
calls for the hard disk investigation. Involving business owners at this stage proves helpful in
determining the business impact of the planned investigation strategy.
3. Evidence Identification:

This step calls for assessing and identifying the potential evidence and presenting it in a digital format so
that it can be easily understood. All the acquired raw data needs to be organized by using the Forensic
Tool Kit (FTK), Mobile Phone Examiner, and Search tools.

4. Evaluation:

This key step lets you decide if the gathered potential forensic investigation evidence can be used to
draw legal conclusions. Every collected evidence is assessed on various grounds to analyze if it can be
presented legally during a trial and if it can direct the case towards expected conclusions. To perform a
successful evaluation, you must preserve the collected data and create an event timeline, perform
media and artifact analysis, string search, and employ data recovery tools to authenticate the collected
evidence to complete the investigation

5. Reporting and Documentation:

Reporting and documenting the analyzed results involve communicating the details of the performed
actions, recommendations to improve the procedures, and the guidelines and tools used during the
investigation. Final reports are shared with the parties associated with the governing body of law.