Bullet Proof Cyber Space Security .pdf

Bullet Proof
Cyber Space Security
Through
The Four Pillars of
Cyber Space Governance
M.L. Venkataraman - Information Systems Auditor & Banking Veteran
CISA, CRISC, CISM, CGEIT; CEH; GDPR-CEP; ISO 27001 & 22301 LA; CAIIB, DIBF, CBCP; BA, PGDBA, MBA;

Bullet Proof Cyber Space Security through the Four Pillars of Cyber Space Governance
Page 2 of 70
Index :
I Introduction 3
II Cyber Space Security 3
III How things happen in the Cyber World vis-a-vis the Physical World 8
IV High Level Overview of the Internet in the form of Q & A 13
V Building Blocks of the Internet 25
VI Comparison of Network Communication Protocols used by different systems 28
VII IP/BGP Model of Internet 30
VIII Legal Perspective on Cyber Operatives, Cyber Crime, Cyber Jurisdiction and Extra
Territorial Jurisdiction
31
IX Movement of Cyber Operatives 34
X The Four Pillars of Cyber Space Governance 36
XI Use Cases 47
XII Conclusion 66
Annexure 1 67
Annexure 2 70

Page 3 of 70
I. Introduction:-
The 4 Pillars of Cyber Space Governance model was conceptualized in line with the 4 Pillars of
National Security model developed in 2002 as part of my MBA thesis “I.T. Based Banking Structural
Reforms - A Conceptual Model”. For more details, please see Annexure 1.
The 4 Pillars of National Security and their corresponding Pillars of Cyber Space Governance are
given below:-
The 4 Pillars of Cyber Space Governance were conceived in response to a TV program on Computer
Security Day on 30th
November 2014 in Melbourne, but finalized only during Sep - Dec 2022. While the
basic concepts remained the same, the names of the Pillars underwent several changes. Lots of refinements
were also done during the writing of this paper, especially defining the legal terms for “Cyber Space”,
“National Cyber Space”, “Cyber Civil Jurisdiction”, “Cyber Criminal Jurisdiction” and “Extra territorial
Cyber Jurisdiction”, and introducing the concepts of “Cyber Citizenship”, “IP Address Domicile” and
“Cyber Operatives” for foolproof identification of Cyber Persons and prosecution of Cyber Criminals.
II. Cyber Space Security:-
Cyber Space Security, or simply Cyber Security, has become one of the top concerns of the world.
How do we find a solution for Cyber Security problems?
To find a solution, we must first understand the problem, by defining & clarifying the problem, look
at the components, simplify complex issues, find the root causes, try to come up with different ideas, and
then choose the best solution. In many cases, when the problem is analysed in depth, the solution will
manifest itself automatically.
In order to find a solution for Cyber Security problems, we need to understand the basic concepts.
What is Cyber Security?
There are numerous definitions of Cyber Security, some of which overshadow the definition of
Information Security itself ! Please note Cyber Security is a subset of Information Security, not vice versa.
Let us look at definitions given by Indian IT Law, ISO 27701, NIST Cybersecurity framework,
ISACA and Webopedia.
No Definition of Cyber Security Source
1 "Cyber Security" means protecting information, equipment, devices, computer,
computer resource, communication device and information stored therein from
unauthorized access, use, disclosure, disruption, modification or destruction.
Indian IT Act 2000
Definitions (nb)
(Inserted Vide
ITAA 2008)
Four Pillars of National Security - 2002
1. Unique National Identity Number (UNIN)
2. Multi Application Smart Card (MASC)
3. Unique Single Transaction Account (USTA)
4. Transaction Bank Of India (TBI)
Four Pillars of Cyber Space Governance - 2022
1. Unique National Internet Address (UNIA) -> UGPSIPA
2. MASC with MAC and DC (MMD) -> UNDSC
3. Unique Single Internet Account (USIA) -> UNDN
(USIA removed and replaced by UNDN)
4. Internet Transaction Bank of India (ITBI) -> CBSC
ITBI-> ICH -> NIE -> NPEI -> CBSC
(Pls see Annexure I for details)

Page 4 of 70
No Definition of Cyber Security Source
2 Cybersecurity - Cyberspace security :-
Preservation of confidentiality, integrity and availability of information in the
Cyberspace.
ISO 27032 :- Cyber
Security – Security
Guidelines :- 4.20
3 a) The process of protecting information by preventing, detecting, and
responding to attacks.
b) The ability to protect or defend the use of cyberspace from cyber attacks.
NIST Framework
for Improving
Critical
Infrastructure
Cybersecurity Ver
1.1.
NISTIR 8170 under
Cybersecurity from
CNSSI 4009
4 The protection of information assets by addressing threats to information
processed, stored, and transported by internetworked information systems.
ISACA
CSX Glossary
5 The technologies and processes designed to protect computers, networks, and
data from unauthorized access, vulnerabilities, and attacks delivered via the
internet by cybercriminals.
https://www.webop
edia.com/definitions
/cyber/
By concatenating the highlighted words, we can arrive at a simple definition viz., “Cyber Security is
the process of protecting information assets in the Cyberspace from Cyber attacks delivered through the
Internet.”
What is Cyber Space and Internet? Both terms are used interchangeably, which is not correct.
Definition of Internet is very clear. Internet is the network of networks. It is a global system of
interconnected computer networks that exchange various types of data using standardized communication
protocols.
But definition of Cyber Space is not clear. There is a lot of ambiguity even among the countries of
the world and the United Nations.
Terms such as Cyber Space, Cyber Security, Cyber Threats, Cyber Attacks, Cyber Crimes etc., are
all derived from the term “Cyber” which means “of, relating to, or involving computers and computer
networks” (Merriam-Webster dictionary).
So, what is Cyber Space?
Let us look at some definitions from the same sources as above.
No Definition of Cyber Space Source
1 ---------- (No definition for Cyber Space)
(Also, no definition for Cyber Crime, Cyber Offence, Cyber Jurisdiction
because they are neither defined in UNCITRAL Model Law on Electronic
Commerce 1996 nor in UNCITRAL Model Law on Electronic Signatures 2001
which paved the way for Cyber Legislations in many countries including India.
Indian IT Act 2000
& 2008 -
Definitions
2 Complex environment resulting from the interaction of people, software and
services on the Internet by means of technology devices and networks
connected to it, which does not exist in any physical form.
ISO 27032 : 2012 :-
Cyber Security –
Security

Page 5 of 70
No Definition of Cyber Space Source
The Cyberspace belongs to no one; everyone can participate and has a stake in
it.
Guidelines:-
4.21 : the Cyberspace.
7.1 Overview
3 ---------
(No definition for Cyber Space)
NIST Framework
for Improving
Critical
Infrastructure
Cybersecurity Ver
1.1
4 ---------
(No definition for Cyber Space)
ISACA
CSX Glossary.
5 A metaphor for describing the non physical terrain created by computer
systems.
https://www.webop
edia.com/definitions
/cyberspace/
Nations have not arrived at a consensus on Cyber Space, Cyber Jurisdiction and regulation of Cyber
Space through International Law. The reason appears to be lack of clarity on Cyber Space.
Let me define it in a different way.
“Cyber Space is the virtual space created for computation and communication by the
underlying physical hardware together with software and power.”
As an analogy, it is similar to “Mind space” which is a virtual space derived from the underlying
physical human body together with knowledge and life.
Cyber Space cannot exist or continue to exist on its own when the underlying physical hardware is
dead.
Similarly “Mind Space” cannot continue to exist on its own when the underlying physical body is
dead.
Cyber Space may be limitless, but it is constrained by the capacity of the underlying hardware.
Just as limitless Mind Space is constrained by the capacity of the underlying physical body.
Each Cyber Space is distinct but inextricably intertwined with the underlying hardware.
Just as each Mind Space is distinct but inextricably intertwined with the underlying physical body.
One Cyber Space can communicate and positively influence or negatively affect other Cyber Spaces
through cyber-motivation, cyber-demotivation, cybe rbullying, cyber reward, cyber punishment etc., but
they can interact with each other only through the underlying physical medium of networks, but never
directly & virtually.
Similarly, one Mind Space can communicate and positively influence or negatively affect other
Mind Spaces through motivation, de-motivation, bullying, reward, punishment etc., but, they can interact

Page 6 of 70
with each other only through the underlying physical medium of human bodies, but never directly &
virtually.
Each Cyber Space can be tracked and traced back to its original owner viz., the physical hardware.
Similarly, each Mind Space can be tracked and traced back to its original owner viz., the physical
body.
Every device in the Information and Communication Technology (ICT) has its own Cyber Space.
Just as every human being in the physical world has his own Mind Space.
National Cyber Space is the sum aggregate of all Cyber Spaces derived from their underlying
physical devices deployed within the physical boundaries of the Nation.
Just as National Consciousness is the sum aggregate of all mind spaces derived from their
underlying physical bodies living within the physical boundaries of the Nation.
The conclusion is - each Nation State has its own National Cyber Space commensurating with its
geographical space.
However, the view of ISO 27032 is different.
It says “The Cyberspace belongs to no one; everyone can participate and has a stake in it”.
Since ISO 27032 became a Standard only after getting approval from 75 % of the Nations in the
world, we can safely conclude that the World in general believes that Cyber Space belongs to no one, which
is incorrect in my view.
Going by my definition, it is suggested to re-write as “The World Cyber Space belongs to respective
Nation States. Everyone can participate and have a stake in it with the approval of the respective Nation
States.”
The above definition gives control of National Cyber Space back to the Nations who can regulate
their Cyber Space in alignment with their National Security Policy. The 4th
Pillar of Cyber Space
Governance is based on this principle.
Another related legal concept is “Cyber Jurisdiction‟, which is still in the evolutionary stage in the
international domain. This will be examined and re-defined later in Section VIII.
Having defined Cyber Security and Cyber Space, the next step is to write down the problem
statement.
Problem Statement 1: How to prevent cyber threats from entering the National Cyber Space
through the Internet?
(Current practices : Anti Virus & Anti Malware, EDR, XDR, Network Access Control, Radius, Tactacs+,
Firewall, IDS, IPS, WAF, Email Security Appliance, Secure Internet Gateway, DPI, Threat Intelligence, ML,
AI etc.,
Proposed solution: - 4th Pillar of Cyber Space Governance.

Page 7 of 70
Problem Statement 2: How to eliminate the root cause of Cyber attacks viz., Anonymity of the
malicious hackers who are emboldened by (a) opportunities for stealth attacks and (b) lack of
prosecution due to cross border legal issues relating to extradition?
(Current practices; Identity & Access Management, Privileged Access Management, Multi Factor
Authentication, Zero Trust Architecture, Digital Trust ......
Proposed solution: - 1st
, 2nd
and 3rd
Pillars of Cyber Space Governance will eliminate anonymity, and 4th
Pillar will take care of stealth attacks and consequent prosecution and extradition of Cyber Criminals.)
Problem Statement 3: How to enable the common people to use the Internet in full trust
without requiring Security awareness training?
Current practices :- NONE.
(It is said that “Humans are the weakest link in Cyber Security. People are trusting in nature and so,
criminals exploit their trust. People are careless and click on links or attachments without thinking and then
end up downloading malwares, affecting their personal systems as well as enterprise networks. So, people
should be given proper Cyber security training”)
Proposed solution: - Cyber Security Awareness Training is a good to follow practice, but not mandatory.
Cyber Security is the primary responsibility of the Nation State and the four Pillars of Cyber Space
Governance will usher in a trusted internet eco system that would enable common people to use the Internet
in full trust without requiring Cyber Security Awareness Training).
Now, in order to find a good solution, we need to understand two things viz., :-
1. How things happen in the Cyber World vis-a-vis the Physical World. Please see section III.
2. How the Internet works :-
a. High Level Overview of the Internet in the form of Q & A. Please see Section IV.
b. Building Blocks of Internet. Please see Section V.
c. Comparison of Network Communication Protocols used by different systems. Please see
Section VI.
d. IP/BGP Model of Internet. Please see Section VII.
e. Legal Perspective on Cyber Operatives, Cyber Crime, Cyber Jurisdiction and Extra
Territorial Jurisdiction. Please see Section VIII.
f. Movement of Cyber Operatives. Please see Section IX.
- - -

Page 8 of 70
III. How things happen in the Cyber World vis-a-vis the Physical World.
Just as Cyber Space is a derivative of the underlying physical hardware, the Cyber World is also a
derivative of the physical World. Let us compare them:-
Physical World Cyber World
Physical World:
Our world has 196 countries, each having its
own defined boundaries and exercising
sovereignty. All countries big or small enjoy
equal status in International Law.
Cyber World :
Currently -
No Countries.
No defined national boundaries.
No Cyber sovereignty.
No International law for Cyber Space.
National Government:
The forms of Governments may differ viz.,
autocracy, Communist, Democracy, Monarchy,
Theocracy etc., but the common purpose is to
maintain law & order, protect people from
external attacks and promote welfare of the
people.
Cyber Government:
National governments have presence in Cyber
Space for e-governance for promoting welfare of
the people. Many advisories are routinely issued
to educate people on Cyber Security issues, but,
there are no pro-active or pre-emptive actions to
ensure protection to people from cyber attacks
and to maintain law & order in the Society.
National Governance:
Each Country has Leadership, Legislature,
Executive and Judiciary for governing the
country.
Cyber Governance:
Currently, there is no governance system in
Cyber Space in most Nation States.
National Territorial Protection:
Every Country protects its territorial space
through Army, Air Force, Navy and Para
Military forces.
National Cyber Protection:
Currently, there is no such protection in Cyber
Space in most Nation States.
National Law & Order:
Every Country maintains law and order through
Police and other law enforcement agencies.
Cyber Law & Order:
Currently, there is no such mechanism in Cyber
Space in most Nation States.
National Territorial Jurisdiction:
The concept is Clear and Settled.
Territorial Jurisdiction refers to the power of
the Court to decide or adjudicate or pass
judgement over cases arising in or involving
persons residing within the physical boundaries
of the Nation.
National Cyber Jurisdiction :
Concept is Still evolving in India and in other
Nations.
Cyber jurisdiction is the legal authority that
governs activities in Cyber Space, including the
internet and other networks. It defines the
boundaries in which a government or legal
entity has control and the power to enforce laws
and regulations related to computer and internet
usage. Currently, the issue of jurisdiction in
Cyber Space is complicated due to the global
nature of the internet and the absence of
physical borders, leading to challenges in
enforcing laws and prosecuting cybercrimes.
Extra Territorial Jurisdiction :
Yes (over any one irrespective of his nationality)
Extra Territorial Cyber Jurisdiction :
Yes (over any one irrespective of his nationality)
Extradition treaty system :
Yes (with some countries)
Extradition treaty system:
No

Page 9 of 70
National Laws: - (Eg. India)
Indian Penal Code 1860 for Crimes
Code of Civil Procedure 1908 for Civil Wrongs
Cyber Laws :- (Eg. India)
IT Act 2000 with 2008 Amendments deals with:
Cyber Offences (ie., Cyber Crimes)
Cyber Contraventions (ie., Cyber Wrongs)
National Assets:
Each country has its National Assets viz.,
Persons
(Individual Citizens & Non-individual Entities)
and
Things – both tangible and non- tangible
(Land & buildings, Machinery & Equipments, Inland
water sources, Rivers, Lakes, Sea water, Roadways,
Airways, Rail, waterways, Mineral resources, Flora &
Fauna, Agriculture, Energy, ICT infrastructure, Banking
& Economy, Medical facilities, Data & Information,
Patents, Copyrights, Knowledge repositories, Information
Assets, Goodwill, Religion, Culture, Language .....)
over which it has jurisdiction.
Cyber Assets:
Each country has its Cyber Assets which are the
digital form of National Assets, over which it
has jurisdiction.
Physical world people :
We deal with 3 types of people in the world. The
Good, the Bad and the Ugly.
The Good are those who are always law abiding
and would never do bad things even in the face
of misfortune or threat. Eg. Saints, Super
Heroes, etc.,
The Bad are those who would always break the
law and would never do good things even in the
face of punishment. Eg. Hardcore criminals,
mercenaries, terrorists etc.,
The Ugly are those who are generally law
abiding and right minded, but would be tempted
to do bad things, provided :-
a) they can justify it to themselves
b) they are assured of a sheath of anonymity
c) Probability of punishment is zero or near
zero.
Eg. Myself and most common people!
But we don‟t know whether the person we are
dealing with is good, bad or ugly. So, we use our
common sense to judge people.
We rely on Police and Judiciary when
something bad happens, which may be a Civil
Wrong (Tort) or a Crime.
Cyber World people :
We deal with the same 3 types of virtual people
in the Cyber world also.
Cyber people are digital embodiment of physical
people. So, we have the Cyber Good, the Cyber
Bad and the Cyber Ugly in the Cyber world.
But we don‟t know whether the person we are
dealing with is good, bad or ugly. So, we use our
common sense to judge people.
We rely on Police and Judiciary when
something bad happens, which may be a Cyber
contravention or Cyber Offence.
Physical Interactions & Transactions:
In the physical world, we interact with people in
a physical format involving physical objects.
Cyber Interactions & Transactions:
In Cyber World, we interact with people in an
electronic format involving digital objects.

Page 10 of 70
Interactions & Transactions in the Physical World:
The Good The Ugly The Bad
Physical Products & Services
Music Tapes/CD/DVD
Video Tapes/CD/DVD
Movie CD/DVD
Software CD/DVD
Application software CD/DVD
Art Paintings
Photograph Prints
Education (Books/CD/DVD)
Professional Services
Printed & Signed Documents
Deposit certificates
Loan Sanction Letter
Game Devices
Gambling Dices / Cards / Stakes
Anti – Government Tool Kits
Anti- establishment Literature
Anonymous Campaigns
Common interest groups
Liquor shops
Smoking Dens
Organ donation & sale
Verbal & written abuses
Plagiarism
Pornography books/CD/DVD
Drugs
Weapons
Bombs
Counterfeit Cash
Stolen goods
Forged passports
Smuggled goods
Banned books
Hacking CD/DVD
Terrorist toolkits (CD/DVD)
Clandestine dens
Trafficking of women & children
Physical products and services are delivered through people using people, animals and vehicles.
We can call them as “Physical Operatives”.
When things go wrong (Crime / Civil Wrong), the Physical Operatives have to be identified,
arrested and interrogated to catch the real culprits and to prosecute and punish them.
Physical User

Page 11 of 70
Interactions & Transactions in the Cyber World :-
The Good The Ugly The Bad
Cyber Products & Services
Audio files
Video files,
Movie files,
Software
Applications
Digital artwork
Digital Photography
Online Educational Courses
Online Professional Services
e-signed e-documents
e- Deposit certificates
e-loan sanction letter
Online Gaming
Online Gambling
Anti-government e-tool kits
Anti-establishment e-literatue
Anonymous e-Campaigns
Online Common interest groups
Online Liquor shops
Online E-Cigarette & E-Joint shops
Online Organ Sale
Online soft porn
Social Media (Twitter, Tinder, Telegram,
Whatsapp,
Online Plagiarism (ChatGPT)
Pirated Software
Malicious software
Logic bombs
Digital currency
Stolen Credit Card and PIN details
Stolen Identities and Passwords
Banned e-books
Extreme porn
e-guides for terrorists & hackers
Illegal online forums
Darkweb shopping for illegal and banned
products and services
Cyber products and services are delivered electronically through XXXXXXX
using hardware, software and networks.
We can call them as “Cyber Operatives”.
When things go wrong (Crime / Civil Wrong), the Cyber Operatives have to be identified,
arrested and interrogated to catch the real Cyber Culprits and to prosecute and punish them.
Virtual User

Page 12 of 70
The question is : Who are these XXXXXXX ie., the Cyber Operatives ?
How to identify, arrest and interrogate them?
The answer will reveal itself when we take a high level overview of the Internet and related concepts in the
following sections.
a. High Level Overview of the Internet in the form of Q & A. Please see Section IV.
b. Building Blocks of Internet. Please see Section V.
c. Comparison of Network Communication Protocols used by different systems. Please see
Section VI.
d. IP/BGP Model of Internet. Please see Section VII.
g. Legal Perspective on Cyber Operatives, Cyber Crime, Cyber Jurisdiction and Extra
Territorial Jurisdiction. Please see Section VIII.
e. Movement of Cyber Operatives. Please see Section IX.
- - -

Page 13 of 70
IV. High Level Overview of the Internet in the form of Q & A :-
1. What is the Internet ?
The Internet is the network of networks. It is a global system of interconnected computer networks that
exchange various types of data using standardized communication protocols.
2. What do we connect to the Internet?
Desktop Computers, Laptops, Servers (Web, Application, Database, Storage), Smart phones, Tablets,
Personal Digital Assistants, Wearable devices, IoT devices, Industrial Control Systems & Cyber Physical
Systems....
3. How do we connect to the Internet?
Through Telephone line (Dial-up PSTN), Integrated Services Digital Network (ISDN), Leased Line,
Digital Subscriber Line (DSL), Co-axial Cable, Ethernet, WiFi, 3G, 4G, 5G fixed wireless, Satellite.
4. How are the devices connected to other devices through the Internet ?
Through :- Guided transmission (ie., waves are guided along a solid medium):-
Twisted Pair Copper Wire
Co-axial Cable,
Fiber Optics
Unguided transmission (ie., waves are propagated in the atmosphere):-
Terrestrial Radio Spectrum
Satellite Radio Channels
5. How is the Internet structured ?
When two or more computers are connected together, they form a network viz., Local Area Network (LAN)
or Virtual Local Area Network (VLAN). Nodes (Computers/devices in the network) within the
LAN/VLAN can communicate with each other through their hardware address viz., Media Access Control
(MAC) address, with the help of Switches.
Nodes in one network can communicate with a node in a different network through Network address scheme
viz., Internet Protocol (IP) Address with the help of Routers.
LAN is limited in size, spanning an office, building or campus.
WAN (Wide Area Network) is not restricted by size, and it spans a wider geographical area, such as a city,
state, country or even the world.
LAN interconnects hosts whereas WAN interconnects connecting devices such as Switches, Routers or
Modems.
(Switches connect devices within a network; Routers connect one network with other networks; )
WAN may be :-
1. Point to Point, connecting two networks through a single transmission medium (cable or air).
2. Switched WAN, connecting multiple networks through multiple transmission medium and
using WAN Switches.
Routers connect multiple networks, creating an internetwork.
Internet is composed of thousands of interconnected networks ie., it is a Network of Networks.

Page 14 of 70
6. Why do we connect to the Internet ?
 Communication services - E-mail, Internet Relay Chat, internet telephony, Instant Messaging,
 Web Services – Exchange of data between applications or systems, using protocols such as XML,
SOAP, REST, WSDL, HTTP, HTTPS, BEEP, FTP…
 World Wide Web – Accessing web pages from web site servers .
 E Commerce; Online Banking & cashless transactions; Recharging & Bill payments;
 Information Retrieval through Search Engines (topics, subjects, people, directory etc);
 Social Networking;
 Education ; Research; Collaboration; File Share;
 Audio, Video and Audio Visual Entertainment; Music;
 Job Search; Advertising & Marketing; E paper & News; Navigation; E Ticketing;
 Broadcasting; Blogging & publishing; Gaming; Gambling; Real time updates (weather, sports etc);
 Calendar & appointments;
 Etc.,
7. How are the above services facilitated in internet?
All the above services are fundamentally provided through data communications.
8. What is Data communications?
It is the exchange of data between two devices via a transmission medium such as Twisted Pair Copper
Wire, Co-axial Cable, Fiber Optics, Terrestrial Radio Spectrum and Satellite Radio Channels.
9. What is data?
Data refers to information presented in whatever form is agreed upon by the parties creating and using it.
Information comes in different forms such as text, number, images, audio or video. Data communications is
facilitated by Protocols.
10. What are Protocols?
For effective communication, both the sender device and receiver device and all intermediate devices have
to adhere to mutually accepted and implemented rules (“Protocols”) for proper exchange of information.
11. What do Protocols do?
A protocol defines the format and the order of messages exchanged between two or more communicating
entities, as well as the actions taken on the transmission and/or receipt of a message or other event.
Protocols allow connected devices to communicate with each other, regardless of any differences in their
internal processes, structure or design.
12. How do two nodes communicate with each other?
Nodes in the internet could be :
 different devices (Clients, Servers, Peers, Mobiles, IoT, etc., ), with a variety of operating systems
and application software,
 different network devices (Hubs, Bridges, Switches, Routers) with a variety of network operating
systems,
 from different networks (PAN, LAN, WLAN, MAN, WAN, CAN, GAN)
 with different transmission mediums viz., copper (wire), glass (fiber optic cable), or air (radio,
microwave, or satellite).
All the above have to work together through network protocols to successfully transfer a message between
two devices, which is a huge and complex task. The solution is to divide the complex task into several
smaller and simpler tasks.

Page 15 of 70
So, Data communication is accomplished by breaking the entire set of communications into a series of
layers, each of which can be defined separately, with its own protocols. In this way, vendors can develop
software and hardware to provide the functions of each layer separately. The software or hardware can work
in any manner and can be easily updated and improved, as long as the interface between that layer and the
ones around it remains unchanged. Each piece of hardware and software can then work together in the
overall network.
The modern internet is a “Transmission Control Protocol/Internet Protocol (TCP/IP)” protocol suite. It is a
hierarchical protocol made up of 5 interactive layers, each of which provides a specific functionality. The
term hierarchical means that each upper-level protocol is supported by the services provided by one or more
lower-level protocols.
A summary of the TCP/IP protocol suite with five layers is given below:
Layer 5 Application Layer
Layer 4 Transport Layer
Layer 3 Network Layer
Layer 2 Data Link Layer
Layer 1 Physical Layer
Layer
No.
Layer Name Purpose Connection
type
Protocol
Data Unit
Protocols in
use
Operating
Devices
Network
Security
Model
5 Application - Defines how an
application‟s processes,
running on different end
systems pass messages to
each other viz., Message
types, their syntax, field
semantics, rules for time
and methods for sending
and responding to
messages etc.,
Process to
Process
Addressing
Scheme :
Host
Names
Message HTTP,
HTTPS, FTP,
SMTP,
TELNET,
DNS, TLS,
QUIC, BGP,
..........
PCs,
Servers,
Gateways,
IPS, IDS
Authentication,
Access
Control,
Non-
repudiation
4 Transport - Logical communication
between application
processes running on
different hosts.
- Breaks application
messages into smaller
chunks, add header and
creates Segment /
datagram.
- Recombines them on
the computer that
receives the information.
- Provides Reliability and
end- to- end connections.
Socket to
Socket
Addressing
Scheme :
Port
Address
TCP
“Segment”
/
UDP
“Datagram”
TCP, UDP,
SCTP
Firewalls Data
Integrity
3 Network - Logical addressing
(adding sender‟s and
recipient‟s logical IP
addresses.
- Forwarding (transfer a
packet from input link
interface to output link
interface) and,
- Routing (sending a
packet on end to end path
from source to
destination).
Network to
Network
Addressing
Scheme :
IP
addresses
Packet IPv4, ICMP,
IGMP
IPv6, ICMPv6
Routers,
Brouters,
Firewalls
Confidentiality

Page 16 of 70
Layer
No.
Layer Name Purpose Connection
type
Protocol
Data Unit
Protocols in
use
Operating
Devices
Network
Security
Model
2 Data Link Logical link control and
media access control.
Transmits the frame onto
the Link.
Reliable delivery; Error
detection and correction.
Node to
Node
Addressing
Scheme :
MAC
addresses
Frame ARP Switches,
Bridges,
Access
Points
Assurance and
availability
1 Physical Provides electrical
specifications,
Transmission of bits over
various transmission
media
Link to
Link
Bits Ethernet,
802.11,
Network
Interface
Card,
Modem,
Cables
Notarization
and signature
(ISO7498-2)
When a network application wants to send data from one system to another, it breaks the data into smaller
blocks of data, applies encapsulation at different protocol layers and then transmits them through different
communication links, switches and routers.
On the receiving end, the reverse process of decapsulation takes place, where the additional headers are
stripped away until the original application data can be accessed.
This process ensures that data is transmitted across networks using different protocols and technologies, and
helps to maintain data integrity and security by ensuring that packets are processed correctly.
13. What is Encapsulation ?
Encapsulation of data refers to the process of adding control information to the data as it passes through the
networking stack from its origin to its destination.
Data encapsulation occurs at every layer.
At the application layer, data generated by an application is wrapped in a protocol header that contains
information about the application protocol being used, such as HTTP or FTP. The Protocol Data Unit here is
called “Message”.
At the transport layer, the data is further encapsulated in a transport layer header that includes information
about the port numbers of the source and destination systems, as well as the transport protocol being used,
such as TCP or UDP. The Protocol Data Unit here is called “Segment” (if TCP) or “Datagram (if UDP)”.
At the internet layer, the transport layer protocol data unit is encapsulated in an internet layer header that
contains information about the source and destination IP addresses. The Protocol Data Unit here is called
“Packet”.
At the Link layer, the internet layer protocol data unit is encapsulated with link-layer header that contains
information about the source and destination MAC (Media Access Control) addresses, as well as a trailer
that contains information necessary for the accurate transmission of the data over the network. The Protocol
Data Unit here is called “Frame”.
Finally, at the Physical layer, the frame is converted into raw bits of „0‟s and „1‟s and transmitted over the
physical medium.
When encapsulated in this way, the network packet can traverse various networking technologies and
protocols while still maintaining its integrity and ensuring delivery to the intended recipient.

Page 17 of 70
On the receiving end, the reverse process viz., decapsulation takes place, where the additional headers are
stripped away until the original application data can be accessed. This process ensures that data is
transmitted across networks using different protocols and technologies, and helps to maintain data integrity
and security by ensuring that packets are processed correctly.
Credit : Computer Networking - A Top-Down Approach - 7th Edition - James F. Kurose and Keith W. Ross
14. What is a network packet and why is it important?
Network packets are fundamental units of communication in computer networks. They are individual pieces
of data that are transmitted over a network.
A packet typically consists of two main parts: the header and the payload. The header contains control
information that is used to manage the transmission of the packet, including the sender and recipient address,
error detection and correction information, and other details required for proper delivery of the packet. The
payload consists of the actual data being transmitted.
As said earlier, packets are encapsulated at Link layer to create frames, which are then transmitted through
physical medium at the physical layer. At the receiving end, the reverse process takes place and the packets
are de-encapsulated to extract the data.

Page 18 of 70
The structure of a frame is as under :-
Credit : Head First Networking – by Al Anderson and Ryan Benedetti
A frame is a logical structure of bits that organizes network traffic in such a way that every device which
receives it knows how to read the information inside it. Inside the frame is the encapsulated packet, also
known as the “Payload”.

Page 19 of 70
The frame holds the data being sent in binary form i.e., “0”s and “1”s as under :

Page 20 of 70
The binary data is converted to hexadecimal numbers and parsed as per the applicable protocol (IP, TCP,
UDP, ICMP, ARP, DNS etc.,) :-

Page 21 of 70
Then, the hexadecimal is translated into ASCII characters as under, and the actual message is extracted from
the payload :-
Thus, the data in the payload of the above frame can be extracted to read “I have the secret documents. I
think we can sell them, they’re worth something”.

Page 22 of 70
But this manual process of de-encapsulating the frames is time consuming and prone to misinterpretation
due to the complexities involved in understanding various protocols used in transmission, including the
structure of the packet and the expected values of its fields. However, there are software applications which
make this job easier.
Wireshark is the most popular tool used for capturing and analyzing network packets. It displays the raw
data format in hexadecimal format along with an ASCII interpretation of the data. The hexadecimal data is
typically organized into columns, with each column representing a certain number of bytes of data. The
ASCII interpretation column displays the printable characters of the data, replacing non-printable characters
with periods.
To fully interpret a packet, Wireshark and similar tools use “protocol dissectors”. Protocol dissectors are
software that analyzes and decodes packet data by parsing the network traffic based on position, length and
values of each field within a protocol, and breaking the packet into its constituent parts, such as header
fields and payload data and presenting them in a labelled, human friendly text.
Credit : https://www.guru99.com/wireshark-passwords-sniffer.html
Packets can reveal all the information exchanged between two systems, including sensitive information such
as user name and password, unless secure protocols such as HTTPS, SFTP, TLS, IPSEC etc., are used.

Page 23 of 70
15. What are the broad types of information that can be revealed from Packet Analysis?
Packet analysis is the process of capturing, examining, interpreting and analyzing Packets for various
purposes such as network troubleshooting, performance optimization, security analysis and network
forensics.
Packet analysis reveals information, as under, that can be used as evidence in legal cases.
Credit : Packet analysis for network forensics: A Comprehensive survey – by Leslie F Sikos, Edith Cowan University, Australia.
All network security solutions (FW, IPS, IDS, WAF, DPI) basically depend on network packet analysis.
Why ? Because all the Cyber Good, the Cyber Bad and the Cyber Ugly have to interact and transact only
through packets.
More importantly, all Cyber attacks take place through packets. Virus, malware and ransomware are
sent through packets. Command & Control Centres remotely exploit systems through packets.
16. What are network security solutions ?
Network security solutions are hardware and software solutions, processes or rules, and configurations
designed to protect the integrity, confidentiality, and availability of computer networks and the data
transmitted over those networks. These solutions include a wide range of products and technologies, such as
firewalls, intrusion prevention systems (IPS), virtual private networks (VPN), data loss prevention (DLP)
solutions, security information and event management (SIEM), and network access control (NAC) solutions.
The exact solution or technology deployed may vary depending on the specific needs and requirements of
the network, the nature of the data being transmitted, and the risk level of potential threats. Network security
solutions are deployed in a “Defense in Depth” model to safeguard network resources from unauthorized
access, modification, and destruction, while also ensuring that the network remains available for legitimate
users.

Page 24 of 70
17. What is “Defense in Depth” ?
Network defense in depth refers to an approach to network security that involves layering multiple defense
mechanisms and controls at different levels (or layers) of the network to provide greater protection against
potential threats. This approach relies on the principle that a single security measure is not enough to provide
complete protection against attacks, and that multiple layers of defense are needed to ensure network
security. The layered approach of defense in depth may include technologies such as firewalls, intrusion
detection and prevention systems, encryption, virtual private networks (VPNs), and access controls, as well
as policies, procedures, and other security safeguards. The idea is that if one security mechanism fails, there
will be another layer of defense to prevent or limit the impact of an attack.
Courtesy : Internet sources
- - -

Page 25 of 70
V. Building Blocks of the Internet :-
Some important building blocks of Internet are :-
1. Internet Protocol Address (Version 4 / Version 6) :- The Internet Protocol (IP) address is
a unique identifier assigned to devices on the internet or the local network. All network packets
contain the Source IP address and Destination IP address for accurate and speedy data
communication.
2. Domain Name System :- It is the telephone book of the internet. It translates human
readable domain names such as Google.com into machine readable IP Addresses such as
172.217.7.8. It eliminates the need for humans to memorize these addresses.
3. Middle Boxes :- Middle Boxes are devices or software applications that are
deployed in computer networks to improve network performance, enhance security, or provide other
specialized network services. They are called "Middleboxes" because they are located in the middle
of the communication path between a source and destination in the network. Examples of Middle
Boxes include firewalls, intrusion detection and prevention systems, load balancers, and WAN
optimization devices. Middle Boxes can be implemented as hardware devices or as software running
on commodity servers, and can provide a wide range of network functions, often including deep
packet inspection, content modification, and network address translation (NAT).
4. Border Gateway Protocol :- Border Gateway Protocol (BGP) is the inter-
domain routing protocol used to facilitate communication between different Autonomous Systems
(AS) on the Internet by exchanging routing and reachability information. It is typically used by
Internet Service Providers (ISPs) and large organizations with multiple connections to the Internet to
achieve optimal routing of traffic between networks. BGP is a protocol that dynamically learns and
adapts to changes in network topology, and provides the ability to select paths based on policies such
as AS path length, network congestion, and other factors. It is a critical component in the functioning
of the Internet, as it enables the exchange of routing information between AS's, which helps to
ensure that data is sent along the most efficient path possible.
5. Digital Signature Certificates :- A Digital Signature is an e-signature that is backed by
a Digital Certificate issued by a Certifying Authority (CA) to validate and certify the identity of the
person holding the certificate. It serves as an electronic equivalent of a physical or paper certificate.
It contains information such as user's name, pin code, country, email address, date of issuance of the
certificate, and the name of the certifying authority. A digital signature is created by a pair of
encrypted numbers known as the public key and private key. It is used to authenticate and verify the
integrity of digital information, such as email messages, macros, or electronic documents. A digital
signature confirms that the information originated from the signer and has not been altered. It
provides assurances about the validity and authenticity of a digital document.

Page 26 of 70
Courtesy : https://vahid.blog/post/2020-12-15-how-the-internet-works-part-i-infrastructure/

Page 27 of 70
Who assigns Internet Protocol addresses to users in India ?
IRINN of NIXI. The assignment of Internet Protocol (IP) addresses to users in India is primarily handled by the National Internet Exchange of India
(NIXI), which is a not-for-profit organization that operates the National Internet Registry (NIR) in India. NIR was entrusted with the task of coordinating IP
Address allocation with other Internet resource management function at national level in the country. NIXI was recognized by APNIC in March 2012 to
become the NIR for the country. The NIR is now named as Indian Registry for Internet Names and Numbers (IRINN). It is now a division functioning under
NIXI and provides allocation and registration services of Internet Protocol addresses (IPv4 & IPv6) and Autonomous System numbers to its Affiliates, who in
turn assign IP addresses to their customers/users. The assignment of IP addresses is a global process that is coordinated by the Internet Assigned Numbers
Authority (IANA) and the Regional Internet Registries (RIRs) such as APNIC, ARIN, and RIPE NCC.
Who issues Digital Signature Certificates in India?
Digital Signature Certificates (DSC) in India are issued by Certifying Authorities (CA), which are licensed and regulated by the Controller of
Certifying Authorities (CCA). The CCA is the national regulatory body in India for issuing digital signatures, and oversees the issuing and management of
digital signature certificates by licensed CAs in India. Users in India who wish to obtain a digital signature certificate can apply to a licensed CA, who will then
verify the user's identity and issue the digital signature certificate. The current licensed CAs are Safescrypt, IDRBT, (n)Code Solutions, e-Mudhra, CDAC,
Capricorn, Protean (NSDL e-Gov), Vsign (Verasys), Indian Air Force, CSC, RISL, Indian Army, IDSign, CDSL Ventures, Panta Sign, xtra Trust, Indian Navy,
ProDigiSign, SignX, RPSL, Care 4 Sign, IGCAR.
Who assigns Domain Names to users in India?
Domain names in India are typically purchased from Domain Name Registrars, which are organizations accredited by the Internet Corporation for
Assigned Names and Numbers (ICANN) to sell and manage domain names. Users in India can purchase domain names from a variety of accredited registrars,
some of which are based in India and others which are international. The assignment of domain names is a global process that is coordinated by ICANN and the
top-level domain registries, and is not specific to any one country. Some of the Domain Name Registrars are Bluehost, Hostinger, Network Solutions,
GoDaddy, Namecheap, DreamHost, HostGator, Google Domains etc.,
NIXI (National Internet Exchange of India) is a domain name registrar for the .IN country code top-level domain (ccTLD) for India. Government of
India has authorized NIXI as .IN Registry, since January 2005. .IN is the allocated country code Top Level Domain (ccTLD). .IN registration is offered at
2nd level of Domain Name and also at the 3rd level in the globally popular zones of Domain registration, e.g., .co.in, .net.in and .org.in. .IN is India's top-level
domain on the Internet and .IN domain names are available to anyone on first-come-first-served basis. Like .COM, .IN can be used for e-mail, Web sites, and
other applications. But unlike other domains, .IN is a unique symbol of India and its role in the world.
- - -

Page 28 of 70
VI. Comparison of Network Communication Protocols used by different systems :-
Layer Web The Onion Routing
(TOR),
BitTorrents
Invisible Internet Project
(I2P)
SIGTRAN
(Signaling System 7
(SS7) over IP)
Voice over IP
(VoIP)
Application HTTP, HTTPS, DHCP,
DNS, SSL.TLS........
XMPP, BGP ....................
Bitcoin, BitTorrent,
Freenet, Tor,
Zeronet
I2CP
(I2P Client Protocol)
TCAP
SCCP
MTP3, ISDN
M3UA, M2UA, M2PA,
SUA, IUA
RTP, SDP, SIP, H.323
SRTP,IPSEC,
SDES, MIKEY, IKEv2
Transport UDP, TCP UDP, TCP UDP, TCP,
NTCP2, SSU
(Noise TCP, Secure
Semireliable UDP)
SCTP
(Stream Control
Transmission Protocol)
UDP, TCP, RTP
Network Internet Protocol
(IPv4, IPv6),
(Routed Protocols)
***
Routing protocols:
RIP, OSPF, ISIS, EIGRP,
BGP, RIPng, MPBGP
---
ARP, RARP, ICMP, IGMP,
ICMPv6
Internet Protocol
(IPv4, IPv6)
Internet Protocol
(IPv4, IPv6)
Internet Protocol
(IPv4, IPv6)
Internet Protocol
(IPv4, IPv6)
Data Link I02.3, DSL, ISDN, WLAN,
802.11
Wi-Fi,
I02.3, DSL, ISDN,
WLAN, 802.11
Wi-Fi
I02.3, DSL, ISDN, WLAN,
802.11
Wi-Fi
MTP2 Wi-Fi, Wibro,
3G. 4G
Physical SLIP, PPP, LAN, WLAN,
WAN
SLIP, PPP, LAN,
WLAN, WAN
SLIP, PPP, LAN, WLAN,
WAN
MTP1 Frame Relay (FR), ATM,
Ethernet, Multilink Point-to-
Point Protocol (MLPPP), Point-
to-Point Protocol (PPP), High-
Level Data Link Control
(HDLC)
*** Obsolete Protocols in the Network Layer :- IPX/SPX from Novell; AppleTalk from Apple; SNA from IBM ; XNS from Xerox; DECNET from DEC; X25 from ITU;
CLNP from Telecom ;

Page 29 of 70
Comparison of Network Communication Protocols used by different systems :- (Continued)..
Layer Industrial Control Systems (ICS),
Cyber Physical Systems (CPS)
Internet of Things (IoT),
IP Smart Objects,
Internet of Drones (IoD),
Unmanned Aerial Vehicles (UAV)
S7 Communication for
Programmable Logic
Controllers (Siemens)
SCADA over TCP/IP
IEC 60870-5-104
Application PROFINET, MODBUS TCP/IP,
CIP (Common Industrial Protocol),
Ethernet/Industrial Protocol, DNP3,
CoAP (Constrained Application
Protocol), HTTP, FTP...
CoAP, (Constrained Application Protocol)
MQTT, SMQTT, CoRE, DDS, AMQP, XMPP
S7 Communication IEC 60870–5-5
(Application Procedures)
IEC 60870-5-104 APDU,
HTTP, NTP, APCI,Telnet,
SNMP
Transport UDP, TCP UDP COTP (Connection Oriented
Transport Protocol)
UDP, TCP
Network Internet Protocol
(IPv4, IPv6)
RPL,
ARP
ICMP
Internet Protocol (IPv4, IPv6)
6LoWPAN, 6TiSCH
RPL, CORPL, CARP ,
FANET, VANET, MANET
A2G routing
Model based routing
Internet Protocol
(IPv4, IPv6)
Internet Protocol
(IPv4, IPv6)
ICMP, ARP
Data Link 802.3
802.1
802.11ah, 802.15.4 MAC, WiFi, Bluetooth LE,
Z-Wave, ZigBee Smart, DECT/ULE, 3G/LTE,
NFC, Weightless, HomePlug GP, G9959,
Wireless HART, DASH7, ANT+, LTE-A,
LoRaWAN...
Ethernet Ethernet driver
Physical TIA - 1005 802.15.4, PHY/Physical Radio, FDM, TDM,
SDM, Ethernet, Wi-Fi, GSM, LTE-M, Lora,
SigFox,
Ethernet Ethernet 10/100Base-Tx/Fx
Explanation: - Routed protocols and routing protocols are two different types of protocols used in computer networking.
- A routed protocol is a protocol that is used to send user data packets between different networks. It defines the format of the data packet, how it is addressed, and how it is
transmitted between networks. Example of a routed protocol is Internet Protocol (IP v4/v6).
- A routing protocol, on the other hand, is used by routers to communicate with each other and learn information about the network topology. These protocols enable routers
to determine the most efficient path for data packets to follow through a network. Examples of routing protocols include Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), Border Gateway Protocol (BGP), Interior Gateway Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol (EIGRP), Intermediate System to Intermediate
System (IS-IS), Routing Information Protocol Next Generation (RIPng), Multi-Protocol Border Gateway Protocol (MP-BGP).
- - -

Page 30 of 70
VII - IP/BGP Model of Internet
The modern internet is referred to as “TCP/IP” stack. However, I would like to refer to it as “IP/BGP” stack, because these are the only two unique
protocols that power the internet. While there are several protocols at various layers of the Internet Protocol stack , there is only one Routed Protocol viz.,
“Internet Protocol” (v4/v6) at the Network layer* and only one Routing Protocol viz., “Border Gateway Protocol” at the application layer**, that
together make the internet possible. Please see the table above for the common Protocol (highlighted in green) for all systems.
While Internet Protocol provides communication between devices over the internet by delivering packets from the source host to the destination host
based on IP addresses in the packet headers, Border Gateway Protocol maintains connections between Autonomous System Border Routers (ASBR) and
exchanges routing information between Autonomous Systems (AS)***. Together, they form the pivot on which the entire internet spins.
Credit : Computer Networking - A Top-Down Approach - 8th Edition - James F. Kurose and Keith W. Ross.
* “................“IP hourglass,” illustrates the “narrow waist” of the layered Internet architecture. While the Internet has many protocols in the physical, link, transport, and
application layers, there is only one network layer protocol—the IP protocol. This is the one protocol that must be implemented by each and every of the billions of Internet-
connected devices. This narrow waist has played a critical role in the phenomenal growth of the Internet. The relative simplicity of the IP protocol, and the fact that it is the
only universal requirement for Internet connectivity has allowed a rich variety of networks—with very different underlying link-layer technologies, from Ethernet to WiFi to
cellular to optical networks to become part of the Internet.”- Computer Networking - A Top-Down Approach - 8th Edition - James F. Kurose and Keith W. Ross.
** Border Gateway Protocol (BGP) is a routing protocol used for exchanging routing information and determining the best routes for delivering Internet traffic between
Autonomous Systems (AS) belonging to various Internet Service Providers. BGP plays a crucial role in the functioning of the Internet by enabling communication between
different networks.
*** (An AS is a large network or a group of networks that are all managed and supervised by a single Organization or an Internet Service Provider).
- - -

Page 31 of 70
VIII. Legal Perspective on Cyber Operatives, Cyber Crime, Cyber
Jurisdiction and Extra Territorial Jurisdiction.:-
A high level review of the Internet has revealed that interactions and transactions take place in the
Cyber Space through Packets who are the real Cyber Operatives!
When interactions and transactions go wrong, the normal course of action is to approach the Court
for legal remedies.
Parties to legal cases :-
 The Good, the Bad and the Ugly together
constitute the Physical People, which term
includes all Individual Citizens (IC) and Non
individual Entities (NIE) resident in the
National Territorial Space.
 The Good, the Bad and the Ugly together constitute
the Cyber People, which term includes Individual
Citizens (IC) and Non individual Entities (NIE)
having their digital embodiment in the National
Cyber Space.
 Physical Operatives are the people who deliver
physical goods and services to the Physical
Users.
 Cyber Operatives are the network packets that
deliver digital goods and services to Cyber
Users.
 The Plaintiff is a person who initiates a lawsuit
before a court, seeking a legal remedy for a
Civil Wrong / Tort.
 Cyber Plaintiff is a person who initiates a lawsuit
before a court, seeking a legal remedy for a Cyber
Civil Wrong / Contravention.
 The Defendant is a person against whom
criminal or civil charges are brought in a
lawsuit.
 Cyber Defendant is a person against whom cyber
criminal or cyber civil charges are brought in a
Cyber lawsuit.
 The Advocate is a person who argues for
the cause of another person in front of a judicial
authority in a Civil or a Criminal matter.
 The Cyber Advocate is a person who argues for
the cause of another person in front of a judicial
authority in a Cyber Civil or Cyber Criminal
matter.
 The Complainant is a person who files a written
accusation with the police charging a suspect
with the commission of a Crime.
 Cyber Complainant is a person who files a written
accusation with the police charging a suspect with
the commission of a Cyber Crime.
 The Victim is a person who has suffered harm,
injury or loss which may be physical, mental or
economical, due to illegal activities of
Criminals. (The Complainant and the Victim
may be same or different persons.)
 Cyber Victim is a person who has suffered harm,
injury or loss which may be physical, mental or
economical, due to illegal activities of Cyber
Criminals. (Cyber Complainant and Cyber Victim
may be same or different persons.)
 The Accused is a person who has been arrested
for or formally charged with a Crime. (Also
known as the Defendant.)
 Cyber Accused is a person who has been arrested
for or formally charged with a Cyber Crime. (Also
known as Cyber Defendant.)
 The Prosecutor is a government official charged
with bringing defendants in Criminal cases to
justice in the name of the state.
 Cyber Prosecutor is a government official charged
with bringing defendants in Cyber Criminal
cases to justice in the name of the state.
Having described various parties involved in Cyber cases, let us examine “Cyber Jurisdiction”.
“Cyber Jurisdiction” is not defined conclusively by UN or other countries because Cyber Space is
incorrectly perceived as “a limitless virtual space with no boundaries in which different data packets travel
in different paths through different network nodes situated in different Nation States to reach the destination
where they are finally reassembled, and hence, no single Nation State can claim jurisdiction on the grounds

Page 32 of 70
that the entire activity has taken place within its borders”. This wrong perception had led to wrong
conclusions.
In the physical world, “Territorial Jurisdiction” refers to the power of the Court to decide or
adjudicate or pass judgement over cases arising in or involving real Persons residing within the physical
boundaries of the Nation State.
As we have already defined “Cyber Space” and “National Cyber Space”, we can define “Cyber
Jurisdiction” in a similar way:-
Cyber Jurisdiction is the power of the Court to decide or adjudicate or pass judgement over cases
arising in or involving Cyber Persons residing within the physical boundaries of the Nation State.
(Explanation : A Cyber Person is the digital embodiment of a real person from the physical world as manifested in the Cyber
Space. A real person is an Individual Citizen or a Non-individual Entity of the Nation State.)
Based on the above definition, we can also specify the boundaries of Cyber Jurisdiction in alignment
with Civil and Criminal laws of the Nation States.
For example, in India,
Legal Jurisdiction: Well established.
Civil :-
As per simple interpretation of Sections 15 to 20
of the Code of Civil Procedure, 1908,
A Civil Suit can be filed in a Court at :-
(i) the place where the immovable property is
located,
or
(ii) the place of residence or place of the work of
the defendants
or
(iii) the place where the cause of action has arisen.
Cyber Jurisdiction: Not clearly defined.
However, we can suggest to define it in alignment with
Legal Jurisdiction as under :-
Cyber Civil:
A Cyber Civil Suit can filed in a Court at :-
(i) the place where the Cyber Asset is located,
or
(ii) the place of residence or place of the work of the
Cyber Defendants
or
(iii) the place where the cause of Cyber action has
arisen.
(Explanation :-
(i) The IP Address domicile of the Cyber Asset is the
place where it is located.
(ii)The IP Address domicile of the Cyber Defendant is
his place of residence or work.
(ii) The IP Address domicile of the Cyber Plaintiff is
the place where the cause of Cyber action has arisen,
(Please refer to Pillar 1 for the concept of IP
Address domicile)

Page 33 of 70
Criminal:-
As per simple interpretation of Sections 177 to
186 of Criminal Procedure Code 1973,
A Criminal Suit can be filed in a Court at :-
(i) The place where the offence was committed
or
(ii) Any of such places in respect of offence
committed at more than one place or where it is
continuing or continues to be committed in more
than one local area or where the offence consists
of several acts done in different local areas,
or
(iii) The place where a consequence has ensued.
Cyber Criminal:-
A Cyber Criminal Suit can filed in a Court at :-
(i) the place where the Cyber Offence was committed,
or
(ii) Any of such places in respect of Cyber offence
committed at more than one place or where it is
continuing or continues to be committed in more than
one local area or where the Cyber offence consists of
several acts done in different local areas,
or
(iii) the place where a Cyber consequence has ensued.
(Explanation :-
(i) The Destination IP Address domicile is the place of
commission of Cyber Offence which is also the place of
IP Address domicile of the Cyber Victim.
(ii) The Transit IP Address domiciles are the multiple
places where Cyber Offence is committed or continues
to be committed.(Transit IP Address domiciles are the
places of IP Address domiciles of the intermediate
nodes (ie.,Cyber Accomplices) between the Source IP
Address domicile and the Destination IP Address
domicile).
(iii) The Destination IP address domicile is the place
where a Cyber Consequence has ensued, which is also
the place of IP Address domicile of the Cyber Victim.
(iv) The Source IP Address domicile is the place of IP
Address domicile of the Cyber Accused.
Extra Territorial Jurisdiction under IT Act
2000:-
Section 75 - Act to apply for offence or
contraventions committed outside India
(1) Subject to the provisions of sub-section (2),
the provisions of this Act shall apply also to any
offence or contravention committed outside India
by any person irrespective of his nationality.
(2) For the purposes of sub-section (1), this
Act shall apply to an offence or contravention
committed outside India by any person if the act
or conduct constituting the offence or
contravention involves a computer, computer
system or computer network located in India.
Extra Territorial Jurisdiction under IT Act 2000:-
Suggested to re-write as under :-
Section 75 - Act to apply for offence or contraventions
committed outside India
1) Subject to the provisions of sub-section (2), the
provisions of this Act shall apply also to any offence or
contravention committed outside India by any person
irrespective of his nationality.
(2) For the purposes of sub-section (1), this Act
shall apply to an offence or contravention
committed outside India by any person if the act or
conduct constituting the offence or contravention
involves an IP address domiciled in India.
- - -

Page 34 of 70
IX. Movement of Cyber Operatives:-
Now that we know that the Cyber Operatives are the Packets, let us look at how packets travel in
the Cyber World vis-a-vis how people travel in Physical World.
Physical Travellers Cyber Operatives
Physical Operatives (people) travel from place to
place nationally and internationally.
Cyber Operatives (Packets) travel from node to
node nationally and internationally.
They travel through various media (Air, Land,
Water) and modes of transport (Planes, Ships,
Buses, Cars, Motorbikes, Cycles, animals, and on
foot.)
They travel through various media (Twisted Pair
Copper Wire, Co-axial Cable, Fiber Optics,
Terrestrial Radio Spectrum and Satellite Radio
Channels) and modes of transmission (Simplex,
Half-duplex, Full-duplex, Broadcast)
There are very few restrictions for travel within
one‟s own country.
There are no restrictions for local travel.
International travel is subject to several restrictions
and security checks, which differ from country to
country.
There are no restrictions for international travel.
Traveller only needs an identity proof for domestic
travel, but for international travels, a Passport and a
Visa are required.
There is no requirement for identity proof, exit
permit or entry permit.
Special treatment is given to international
passengers on arrival depending on their nationality.
Packets are given special treatment based on QoS.
(Quality of Service)
There is no Customs check for domestic travels, but
it is mandatory for international travels.
There is no Customs control for packet travels.
Both check-in luggage and cabin luggage will be
subject to security check for both local and
international travels. (Eg. Outward travel –
Dangerous goods, Prohibited goods, Restricted
goods, etc., Inward travel – Dutiable goods,
prohibited items, Local Currency notes, Satellite
Phone etc.,)
There is no security check for packets entering or
exiting the National Cyber Space, by any National
Security Agency.
However, security check for international travel is
subject to enhanced checks ie., break-opening the
locks, physically examining the baggage, power to
detain/arrest the passenger etc.,
However, enterprises perform their own security
checks for all packets entering or exiting their
networks through Firewalls, IPS, IDS, WAF, DPI,
threat intelligence etc., by manual /automated
process.
In airports, there will be separate lounges for
domestic travellers and international travellers.
There will also be a separate way for passengers
who are only transiting through the airport.
There is currently no such differentiation of
packets based on destination IP Addresses.
Travellers (ie., Physical Operatives) are verified
against various alert lists to identify criminals,
fugitives, and illegal travellers.
Packets (ie., Cyber Operatives) are verified against
various access lists and firewall rule sets to identify
potentially harmful packets (in enterprises).
The suspicious/criminal Physical Operatives can be
identified, arrested, interrogated, prosecuted, jailed
or deported by the Border Security and Law
Enforcement Agencies.
Cyber Operatives can be identified, captured,
analysed, investigated, quarantined or dropped by
the Security Middle Boxes at the 4th
Pillar viz.,
CBSC. The 4th
Pillar can also be described as the
“Airport model of Internet security”.

Page 35 of 70
We have understood the importance of the Packets in the Cyber Space Security. But, how can we identify,
stop, track, monitor, arrest and interrogate the Packets to catch the real Cyber Criminals in order to prosecute
and punish them?
It is simple.
1. Give irrefutable, globally recognized, legal Identity to the Packets.
2. Link the identity of the Packet with the identity of the Cyber Person.
3. Link the identity of the Cyber Person with the identity of associated real person in the physical
world.
4. Get the identity of the real person guaranteed by the Nation State.
5. Let the Nation State investigate, interrogate, prosecute and punish the Cyber Criminals.
It may be reiterated here that a Cyber Person is the digital embodiment of a real person from the physical
world as manifested in the Cyber Space. A real person is an Individual Citizen or a Non-individual Entity of
the Nation State.
There will be only one Cyber Person for every single real person. As a corollary, there will be NO
Cyber Person in the National Cyber Space without a corresponding real person in the physical world.
It is the sovereign duty of the Nation State to facilitate a secure Cyber Space ecosystem in which Cyber
Persons can interact freely in full trust without having to worry about cyber threats, and in full assurance of
Protection, Security, Justice and Rule of Law by the Nation State.
In other words, Nation States have to ensure that Cyber Persons are able to mind their own business and
invest in self growth and development, without having to waste their resources (men, money and materials)
on defending themselves from invisible Cyber Adversaries.
The question now is :- How can the Nation States ensure security within their National Cyber Spaces?
The answer is:- Each Nation State can enforce bullet proof, secure Internet Eco-system within its National
Cyber Space, by establishing the 4 Pillars of Cyber Space Governance, which are described in the next
section.
- - -

Page 36 of 70
X. The Four Pillars of Cyber Space Governance:-
CYBER SPACE
GOVERNANCE
U
G
P
S
I
P
A
U
N
D
S
C
U
N
D
N
C
B
S
C
HOME LAND SECURITY
(UNIN, MASC, USTA, TBI)

Page 37 of 70
I Pillar - UGPSIPA
Unique Global Public Static Internet Protocol Address :-
Every Nation State should establish its own National Internet Registry (NIR), as a statutory body,
which will procure IPv6 address blocks from their corresponding Regional Internet Registries, who in turn
obtained them from ICANN->IANA->PTI. NIRs will reserve and allocate the address blocks in contiguous
geographical areas eg. States/Districts/Taluks/Villages/Wards as in India, or States / Provinces / Counties /
Cities / Towns / Wards, or any other units of local government as prevalent in the Nation State. It will also
sub-allocate address blocks based on generic Top Level Domain names viz., .edu, .org, .com, .net, .gov, .mil,
.int, .biz, .info, .coop, .aero, .name, .pro etc.,
Every Individual Citizen (IC) and Non-Individual Entities (NIE) viz., business entities and legal
persons such as Proprietary concerns, Partnership firms, Limited companies, Trusts, Associations, Societies,
Government Organisations, Statutory bodies, Regulatory authorities etc., would be required to register and
obtain a Unique, Global, Public, Static, Internet Protocol Address (UGPSIPA) from NIR for internetwork
usage.
NIR will directly assign the IP addresses to the ICs and NIEs.
NIR will assign each IC/NIE an IPv6 address which will be :-
 Unique – It will serve as Unique Host Identifier for internet communication.
 Global – It will have global scope for internetwork connectivity.
 Permanent – Its validity is permanent and will run concurrent to the lifespan of IC/NIE. There
will be no provision to change the IP address or for issue of multiple IP addresses. There will be
no requirement for periodic renewal.
 Static – The IP Address will be static and not dynamic. (Dynamic Host Configuration Protocol (DHCP),
Network Address Translation (NAT) and Privacy Extensions for SLAAC (PrivExt) will be prohibited)
NIR will assign the IPv6 address only after verifying the credentials of the applicant through UNIN
(as in my 2002 model) / Aadhaar (as in India) / National Identity (as established in the Nation States).
IPv6 addresses use 128 bits to represent an address which includes bits to be used for subnetting.
Second half of the address (least significant 64 bits) is used for Hosts only.
Routing Prefix Subnet ID Interface ID IPv6 Address
48 bits 16 bits 64 bits 128 bits
Routing Prefix + Subnet ID = Network Prefix
Network Prefix + Interface ID = IPv6 Address
In order to implement Static IPv6 address configuration. Stateless Address Auto Configuration
(SLAAC) shall be used with the Modified EUI-64 format to generate the unique Interface Identifier (IID)
from the MAC address. The IID will combine with the network prefix to form the complete IPv6 address.
Privacy Extensions for SLAAC (which generate temporary IPv6 addresses to avoid online tracking) will be
prohibited.
NIR will assign /64 IPv6 address to ICs and /48 IPv6 address to NIEs, in line with ICANN‟s
recommendation of /48 for Corporates and /64 for Individuals. However, Nation States may assign different
slash addresses as per their national interests. Whatever be the scheme, the Network Prefix will become the
permanent address owned by the IC/NIE.

Page 38 of 70
Each /64 Individual Citizen, with 0 bits for Subnet ID, will have 1 subnet with provision for
18,446,744,073,709,551,616 hosts, which is more than sufficient to include every internet device and IoT
device owned by him/her. (In fact, every cell in the human body of the IC, amounting to about 100 trillion cells, can
be mapped to this IP address as proposed in the Human Genome project of 1990s to create a cellular map of the
body).
Similarly, each /48 Non Individual Entity with 16 bits for Subnet ID will have upto a maximum of
65536 subnets with provision for 1,208,925,819,614,629,174,706,176 hosts, which is more than sufficient to
include every internet node and IoT device owned by it as well BYOD of its Employees (first party) / its
Customers (second party) and Suppliers & Contractors (third party).
Each IC will get only one UGPSIPA. Similarly, each NIE will get only one UGPSIPA. NIEs who
have registered in different territories as different legal entities may be assigned one UGPSIPA per legal
entity as registered in that territory.
UGPSIPA is a Proof of Cyber Citizenship in the National Cyber Space of the
Nation State. It is also a proof of IP Address domicile.
Every UGPSIPA should be linked to UNIN, MASC and USTA for irrefutable Proof of Identity,
Proof of Address, Proof of Ownership and also Proof of Cyber Citizenship.
Where UNIN, MASC and USTA are not implementable, Nation States shall link the UGPSIPA with
National Identity Card / Citizen Card / Passport / Certificate of Citizenship / Naturalization Certificate/ Birth
Certificate or equivalent of the IC, as per laws prevailing in the Nation State.
In respect of NIEs, UGPSIPA shall be linked to Global Legal Entity Identifier (GLEI) / Corporate
Identification Number (CIN) / Certificate of Incorporation (COI) / Business Employer Identification
Number (EIN) / Taxpayer Identification Number (TIN) / Tax Deduction & Collection Account (TAN) /
Goods & Services Tax Identification Number (GSTIN) / Social Security Number (SSN) / Doing Business
As (DBA), Shop & Establishment Certificate / Trade Licence / Occupational Licence / Business
Registration Certificate issued by Appropriate Authorities etc., as per laws prevailing in the Nation State.
NIR will maintain a National Register of IP Addresses which will be continually updated in real time
for addition, modification, suspension, reactivation, revocation and deletion. The Register will be made
accessible to other national Statutory Bodies.
ICs and NIEs having dual addresses viz., IPv4 and IPv6 would be required to discard their IPv4
address with immediate effect. Those not having IPv6 addresses will be required to migrate to IPv6 with
immediate effect. After the expiry of the Cut Off date, as determined by the Nation State, Switching,
Routing and Forwarding will not be permitted for IPv4 addresses in LAN, WAN and the Internet within the
National Cyber Space of the Nation State.
In summary, IP address allocation will be made in such a way that, just by looking at an IP address,
one can determine its Country of Origin, its specific location and its generic function.
- - -

Page 39 of 70
II Pillar : UNDSC
Unique National Digital Signature Certificate (DSC) :-
Every Nation State should establish its own Root Certificate Authority (RCA), as a statutory body
for management of a national Public Key Infrastructure system.
obtain Unique National Digital Signature Certificates (UNDSC) for electronic authentication of electronic
records.
RCA will directly assign the UNDSCs to the ICs and NIEs. However, Nation States may, at their
discretion and keeping their national interests in view, provide for additional layers viz., licensed Certifying
Authorities (CA) and licensed Registration Authorities (RA) to delegate the process of UNDSC issuance.
For ICs, RCA will assign the UNDSC only after verifying the credentials of the applicant through
UNIN (as in the model) / Aadhaar (as in India) / National Identity Card / Citizen Card / Passport / Certificate
of Citizenship / Naturalization Certificate/ Birth Certificate or equivalent, as per laws prevailing in the
Nation State.
For NIEs, RCA will assign the UNDSC to NIEs after verifying the credentials of the applicant
through UNIN (as in the model) / Global Legal Entity Identifier (GLEI) / Corporate Identification Number
(CIN) / Certificate of Incorporation (COI) / Business Employer Identification Number (EIN) / Taxpayer
Identification Number (TIN) / Tax Deduction & Collection Account (TAN) / Goods & Services Tax
Identification Number (GSTIN) / Social Security Number (SSN) / Doing Business As (DBA), Shop &
Establishment Certificate / Trade License / Occupational License / Business Registration Certificate issued
by Appropriate Authorities etc., as per laws prevailing in the Nation State.
RCA will assign each IC/NIE a UNDSC which will be :-
 Unique – A UNDSC will be unique to the IE/NIE. It cannot be cloned or duplicated. It cannot be
re-used on its expiry / suspension / revocation. It also cannot be re-issued.
 Global – RCA will issue UNDSCs specifically for digital signatures and authentication purpose.
It will also issue Digital Certificates for special purposes such as Encryption, Code Signing,
SSL/TLS Server, Device/System, Document Signing etc., These Digital Certificates will be
based on and linked to UNDSC of the IC/NIE. Together, they will have a global scope ie., they
can be used for Web browsing, personal email, filing online tenders, filing tax return, e-com
applications, e-transactions, e-services, authentication of Server & Client, Code Signing, Secure
Email, Time Stamping, IP Sec, Encryption, Decryption, License Verification, Smart Card Logon,
Application policies, Directory Service, Archival, OCSP signing, Kerberos KDC authentication,
Peer to Peer Trust, DNS Server & Client Trust, System Health Authentication etc.,
 Permanent – It will be issued for a maximum period of 100 years and its validity will run
concurrent to the lifespan of IC/NIE. There will be no requirement for periodic renewal.
Suspension, Re-activation and Revocation of UNDSCs as well as use of cryptographic
algorithms will be governed by the provisions contained in the RCA Statute of the Nation State.

Page 40 of 70
Each IC will get only one UNDSC. Similarly, each NIE will get only one UNDSC. NIEs who have
registered in different territories as different legal entities may be assigned one UNDSC per legal entity as
registered in that territory.
Every UNDSC will contain the UGPSIPA of the IC/NIE along with other details such as Certificate
serial number, Name of IC/NIE, Issuer, Validity period, Signature & its Algorithm, Public Key, Thumbprint
& its Algorithm etc.,
UNDSCs will be issued on a MASC (Multi Application Smart Card) or a Crypto Token with USB
interface or any other Crypto Device which meets the highest security standards of the Nation State or
atleast compliant to international Standards such as US FIPS 140-2 Level 3 or European CC EAL5+/PP
SSCD, and eIDAS.
RCA will maintain a National Register of UNDSCs which will be continually updated in real time
for addition, modification, suspension, reactivation, revocation and deletion. The Register will be made
accessible to other National Statutory Bodies.
- - -

Page 41 of 70
III Pillar : UNDN
UNIQUE NATIONAL DOMAIN NAME
Every Nation State should establish a National Domain Name Registry Authority (NDNRA) to carve
out its own domain name space through “country code Top Level Domain” (ccTLD), if not already done, in
co-ordination with ICANN -> CCNSO (The Country Code Names Supporting Organization).
NDNRA will provide for Second Level Sub Domains which correspond to gTLDs and further
additional higher level Sub Domains to make it more specific.
https://www.abc.def.xyz.gov.in
Protocol Host - Fourth Level Domain-Third Level Domain –Second Level Domain - SL Sub-Domain - ccTLD
obtain a Unique National Domain Name (UNDN) from NDNRA which will serve as a unique mnemonic
host identifier and a legal Trademark.
NDNRA will directly assign the Domain Names to the ICs and NIEs. However, Nation States may,
at their discretion and keeping their national interests in view, provide for additional layer viz., licensed DN
Registration Authorities (RA) to delegate the process of DSC issuance.
Domain Name will be assigned to each IC/NIE irrespective whether or not it will be used by IC/NIE.
NDNRA will assign each IC/NIE a Domain Name which will be:-
 Unique – It will serve as Unique Host Identifier for internet communication.
 Global – It will have global scope for internetwork connectivity.
 Permanent – Its validity is permanent and will run concurrent to the lifespan of IC/NIE.
However, there will be a provision to change the Domain Name, and for issue of multiple
Domain Names, if needed. There will be no requirement for periodic renewal.
 Purposeful – It will be indicate the primary function / generic behaviour of ICs/NIEs, apart from
the Country of Origin. Eg. .edu, .org, .com, .net, .gov, .mil, .int, .biz, .info, .coop, .aero, .name,
.pro, .museum, .nic, .ernet, .res etc., (See the latest list of gTLD at IANA website).
NDNRA will assign the Domain Name to IC/NIE only after UGPSIPA and UNDSC are assigned to
it.
NDNRA will ensure that Domain Names are globally unique so that trademark disputes do not arise.
Further, NDNRA will ensure that the applicants demonstrate a direct relationship to their desired Domain
Names by way of Names (ICs/NIEs) or nature of business/activity (NIEs). NDNRA will have the powers to
append UNIN or some other prefix / suffix to the domain name requested by IC/NIE in cases where multiple
applicants have similar names or multiple applicants claim a similar domain name. However, the applicants
will be accommodated to the maximum extent to get a domain name of their liking. Domain names will be
assigned on first come first served basis.

Page 42 of 70
Every Domain Name will contain its corresponding UGPSIPA of the IC/NIE in its “AAAA”
(Address) record and PTR (Pointer) record. The “CAA” (Certificate Authority Authorisation) record will
contain the name of the “RCA” of the Nation State or the name of a “Certificate Authority” authorised by
the Nation State. This will prohibit unauthorised Certificate Authorities from issuing certificates to the
domain.
NDNRA will enforce DNSSEC (Domain Name System Security Extensions) to ensure the security
of the DNS ecosystem and to eliminate DNS cache poisoning and DNS spoofing attacks.
NDNRA will maintain a National Register of Domain Names which will be continually updated in
real time for addition, modification, suspension, reactivation, revocation and deletion. This Register will be
the Authoritative DNS Server for all DNS queries relating to the domain name space of the Nation State.
NDNRA will neither permit IC / NIE to obtain Domain Names from external Domain Registry/
Registration Authorities nor register such external Domain Names in the National Register of Domain
Names.
- - -

Page 43 of 70
IV Pillar : CBSC
CYBER BORDER SECURITY CHECKPOINT:-
Every Nation State should establish its own National Cyber Space Authority (NCSA) as a statutory
body.
NCSA will be the designated authority to protect National Cyber Space from both external and
internal cyber attacks.
NCSA will have the powers equivalent to the combined powers of National Immigration,
Emigration, Border Control, Customs and Law Enforcement Authorities, in respect of National Cyber
Space.
Each Nation is accountable and responsible for its Cyber Citizens. NCSA will remain in constant
touch with its counterparts in other Nations for exchange of information relating to addition, modification,
suspension, revocation and deletion of IC/NIE Users, their UGPSIPA, Domain Names and Digital Signature
Certificates. This Identity information will constitute the “Passport” for Packets originating from one Nation
State against which “VISA” can be issued by the other Nation States.
NCSA will guarantee that all packets emanating from within its Cyber Jurisdiction are from trusted
entities whose identity details are instantly verifiable by other Nation States. NCSA will also guarantee co-
operation, on mutual basis, for prosecution and extradition of its resident entities whose malicious packets
have caused harm to other Nation States, subject however to its own Sovereign laws and universally
accepted International Laws.
NCSA will establish Cyber Border Security Checkpoints (CBSC) to control, monitor, analyze,
inspect, monitor and route all network packets entering and exiting the National Cyber Space.
CBSC may have a centralised or decentralised structure as decided by Nation States. The important
point is that CBSC should have adequate number of specialised middle boxes that can inspect, transform,
filter and manipulate and route network traffic based on various criteria such as destinations (domestic – region
wise, foreign – country wise), directions (North-South ie., inter-national traffic, and East-West ie., intra-national traffic), types
(Sensitive, Best-effort, Undesired), classes (Data, Voice, Video), visibility (Encrypted, Unencrypted), application
protocols (HTTP, HTTPS, QUIC, SIP, H323, DASH, FTP, SMTP, POP, S-MIME, DNS, IRC, BOOTP, TELNET, SSH, RDP, RPC, NFS,
LDAP, SNMP, DHCP, MODBUS, MQTT, CoAP etc.,), routing schemes (Unicast, Multicast, Broadcast, Anycast),
intermediaries (Operators / ISP/ other Service providers...) etc.,
All packets travelling in public internetworks in the Nation State should be routed through CBSC,
irrespective of the -
(a) Medium used viz., Twisted Pair Copper Wire, Co-axial Cable, Fiber Optics, Terrestrial Radio
Spectrum or Satellite Radio Channels..
(b) Operators and Service Providers viz., Inter Exchange Carriers (IXC), Point of Presence (POP),
Internet Service Providers (ISP), Internet Exchange Points (IXP), International Internet Gateways,
International Telecommunications Gateway, Submarine Cable Landing Stations, Satellite Ground
Stations, Internet IP Transit Provider, Content Provider Networks, Data Centre Networks or any
other Peering Points whatever be their nomenclature.

Page 44 of 70
For the purpose of mandatory routing through national CBSC, Source Routing or Path Addressing
should be implemented, by reinstating “Type 0” Source Routing which is currently in deprecated status.
Static Routing, Default Routing, Source Routing, Label Switching and Segment Routing should be used
instead of dynamic routing.
In respect of inter-national traffic, all outgoing packets should mandatorily include IP address of the
originating-domestic CBSC and the destination-foreign CBSC in routing extension header. Similarly, all
incoming packets should mandatorily include IP address of the originating-foreign CBSC and destination-
domestic CBSC in routing extension header.
In respect of intra-national traffic, both outgoing and incoming packets should mandatorily include
IP address of the domestic CBSC in their routing extension headers.
If packets are not routed through CBSC, or if packets are clandestinely introduced in the network
traffic post CBSC check, such acts will be treated as offences against the State, and the offending ICs /
NIEs/ ISPs / other Service Providers will be punished under the criminal laws of the Nation State.
Packet flows are of the following five types viz.,
1) Packets originating from domestic sources and destined for domestic destinations; Ex.
Bangalore to Delhi.
2) Packets originating from domestic sources and destined for foreign destinations; Bangalore to
Melbourne
3) Packets originating from domestic sources and destined for domestic destinations, transiting
through foreign transit sources; Bangalore to Shillong via Bangladesh (Cox Bazaar).
4) Packets originating from foreign sources and destined for domestic destinations; New York to
Mumbai
5) Packets originating from foreign sources and destined for foreign destinations, transiting
through domestic sources; Karachi to Singapore via Chennai.
Packets will be categorised into “Country risk” categories viz., Low risk, Medium risk, High risk and
Very High risk, depending on the Country of Origin, Country of Destination, their NCSAs and the
extradition treaties in force between them. For example, packets from & to countries not having extradition
treaties with India (eg. Myanmar, Maldives etc.,) will be classified as “High Risk”, packets from Pakistan
(India‟s perpetual enemy) and China (Pakistan‟s perpetual ally) will be classified as “Very High Risk”.
Packets from & to countries having extradition treaties / arrangements with India will come under “Medium
Risk”. All packets from & to domestic network nodes will come under “Low Risk”. Other factors such as
terror hubs, hacking hubs, State sponsored cyber war dens, Country‟s Crime Index ranking and other factors
as determined by the Nation State will also contribute to risk rating.
Packets will also be categorised into “Content risk” categories as Low risk, Medium risk, High risk
and Very High risk, primarily depending on Source IP address, Destination IP address, Source Port,
Destination Port, Application Protocol, Web application, Traffic class, direction of flow (inward or outward)
and use of encryption.
Based on the risk matrix, packets will be permitted, blocked, decrypted, inspected, re-encrypted,
dropped, quarantined, honey trapped or monitored, as per Cyber Risk Management Policy of the Nation
State.

Page 45 of 70
Each Nation State may establish its own Cyber Risk Management Policy in line with its Homeland
Security, National Laws, National Interests and citizens‟ aspirations. Thus, a country like Sweden may adopt
a very liberal policy while a country like China may take a very rigid stringent policy while others like India
may take the middle path.
Both outbound and inbound packets will be filtered and inspected to prevent harmful packets from
exiting and entering the National Cyber Space.
Also, in order to ensure highest security at the network layer, NCSA will make Internet Protocol
Security (IPsec) protocol mandatory for all nodes in the National Cyber Space to guarantee confidentiality,
source authentication, data integrity and replay-attack prevention for packets.
CBSC will setup Firewall Systems, Intrusion Detection & Prevention Systems, Web Application
Firewall Systems, Deep Packet Inspection Systems, Threat Intelligence Knowledgebase, and other Internet
Security Systems to pre-emptively protect National Cyber Space from network threats.
CBSC will maintain continually updated Redlists, Blacklists, Greylists, Allowlists, and Blocklists in
close co-ordination with CBSCs of other Nation States/ Interpol / Europol.
CBSC will also have necessary legal and technical infrastructure for Cyber Forensics, Cyber Law
Enforcement and Cyber Prosecution.
NCSA will require all Intermediaries (where “Intermediary” means Telecom Service Providers, Network
Service Providers, Internet Service Providers, Web Hosting Service Providers, Email Service Provider, Cloud Service
Providers, Search Engines, Online Payment Sites, Online Auction Sites, Online Market Places, Cyber Cafes, Social
Media Platforms, and any person (commercial or non commercial entity) who on behalf of another person receives,
stores or transmits electronic records or provides any service with respect to electronic records; and where
“electronic record” means data, record or data generated, image or sound stored, received, or sent in an electronic
form or microfilm or computer generated microfiche) to provide services only to their customers (ICs and NIEs)
whose credentials are 100 % verified on the basis of UGPSIPA, UNDSC and UNDN, and to purge all
unverified customers.
Further, the Intermediaries shall implement Egress traffic filtering to block / reject / drop packets
originating within its area of operation from illegal / unauthorised / blocked / suspended / deleted IP
addresses, bogon addresses, spoofed addresses, broadcast traffic, DNS queries directed to destinations other
than NDNRA, and all red / black / grey listed addresses as advised by NCSA from time to time, before they
are routed to Internet via CBSC, where similar Egress traffic filtering will take place as a defence in depth
strategy.
Similarly, the Intermediaries shall implement Ingress traffic filtering to block / reject / drop packets
destined within its area of operation to illegal / unauthorised / blocked / suspended / deleted IP addresses,
bogon addresses, spoofed addresses, broadcast traffic, DNS queries directed to destinations other than
NDNRA, and all red / black / grey listed addresses as advised by NCSA from time to time, after they are
received from Internet via CBSC, where similar Ingress traffic filtering had already taken place, as a defence
in depth strategy.
The Intermediaries will ensure that only registered & authorised nodes and network devices are
present in their infrastructure. They will be held accountable if rogue nodes and network devices are found
in their infrastructure. They shall comply with all directives issued by NCSA from time to time.

Page 46 of 70
NCSA will require all the Internet nodes and related software to implement Static IPv6 address
configuration. Stateless Address Auto Configuration (SLAAC) shall be used with the Modified EUI-64
format to generate the unique interface identifier (IID) from the MAC address. The IID will be combined
with the network prefix to form the complete IPv6 address. Privacy Extensions for SLAAC will be
prohibited.
Further, in the interests of national security, economy, data protection and data sovereignty, NCSA
will require all the Intermediaries to set up their Data Centres within the physical boundaries of the Nation
State, to ensure that data generated or located within the Nation State is processed and stored in Data
Centres within the Nation State, and not transferred or stored in Data Centres in other Nation States. Data
will be subject to the legal and regulatory framework of the Nation State where it resides, regardless of the
nationality or origin of the data owner or the organization that processes or stores the data.
NCSA will recommend that ICs/NIEs set up their own network perimeter protection by setting up
Firewalls, IPS, IDS, WAF etc., as appropriate to their risk perception and risk appetite, as a defence in depth
strategy, which, however, is optional, but not mandatory.
-x-
Summary of the 4 Pillars
Pillar Purpose Governance Authority Security Method
Pillar 1 Proof of Cyber Identity
Proof of Cyber Citizenship
Proof of IP Address Domicile
National Internet
Registry (NIR)
Unique Global Public Static
Internet Protocol Address
(UGPSIPA)
Pillar 2 Proof of Identity
Proof of Authenticity (of User,
Organization, Server, Device, Website…)
Proof of Trusted Encryption
Root Certificate
Authority (RCA)
Unique National Digital Signature
Certificate
(UNDSC)
Pillar 3 Proof of Domain Ownership
Proof of Intended Use of Domain
National Domain Name
Registry Authority
(NDNRA)
Unique National Domain Name
(UNDN)
Pillar 4 Defence of National Cyber Space National Cyber Space
Authority (NCSA)
Cyber Border Security Checkpoint
(CBSC)
- - -

Page 47 of 70
XI – Use Cases
After reading about the 4 Pillars of Cyber Space Governance, it is time to see how they can help in solving Cyber Security problems through
some important Use Cases. Readers are encouraged to come up with their own Use Cases, including Business Use Cases.
No. Cyber Security
Concerns
Description How the 4 Pillars of Cyber Security Governance can help
1 Digital Rights
Management
(DRM)
DRM protects digital content, such as music, videos, e-
books, and software, from unauthorized access, copying,
distribution, or modification, and prevents copyright
infringement.
DRM is implemented through software that
 restricts downloading, sharing, and modifying the
original content.
 permits accessibility to specific IP addresses, devices,
or locations.
 Limits views of the content to a certain period of time.
 Controls printing, screenshots, and screen scraping of
data.
 Uses watermarking on the digital assets to proclaim
ownership of the copyright material and to prevent
unauthorised re-use or modification.
The seller can grant licence to the buyer based on the latter‟s IP
Address range, which is a combination of :-
(1) Proof of Identity of IC/NIE,
(2) IP Address Domicile of IC/NIE,
(3) Identity of the specific Subnet and the specific
Interface/device.
Thus, UGPSIPA based DRM can be effectively used for
granting granular access to copyrighted cyber assets and thereby
preventing unauthorised access by other ICs/NIEs.
(Also see the next use case)
2 Software
Piracy
Software piracy is the illegal acts of copying, distributing,
sharing, selling, or using software in violation of copyright
laws. These illegal and unauthorized acts result in huge
financial losses. It also affects the rights and the reputation
of software developers, copyright holders, and software
vendors.
1. Software licences can be granted based on UGPSIPA.
2. UGPSIPA protected DRM solutions can be used for
protecting the intellectual property rights of the creators.
3. Targeted software distribution can be achieved by using
public key of the buyer to encrypt the licence to ensure that
no one other than the buyer is able to decrypt the licence
and use it.
4. Where feasible, the entire application codebase itself can be
encrypted using the buyer‟s public key to prevent
unauthorized distribution.

Bullet Proof Cyber Space Security .pdf

Bullet Proof Cyber Space Security .pdf

Recommended

Recommended

More Related Content

Similar to Bullet Proof Cyber Space Security .pdf

Similar to Bullet Proof Cyber Space Security .pdf (19)

Recently uploaded

Recently uploaded (20)

Bullet Proof Cyber Space Security .pdf