11/25/2022

NETWORK LAYER SECURITY:

 IP Security (IPSec) is a collection of protocols designed by the
Internet Engineering Task Force (IETF) to provide security for a
packet at the network level.
 IPSec helps create authenticated and confidential packets for the
IP layer.
 Two Modes:
 IPSec operates in one of two different modes: transport mode
and tunnel mode.
Transport Mode
 In transport mode, IPSec protects what is delivered from the
transport layer to the network layer.
 Transport mode protects the payload to be encapsulated in the
network layer
 IPSec in transport mode does not protect the IP header; it only
protects the information coming from the transport layer.

 Transport mode is normally used when host-to-host (end-to-

end) protection of data is needed.
 The sending host uses IPSec to authenticate and/or encrypt the
payload delivered from the transport layer.
 The receiving host uses IPSec to check the authentication and/or
decrypt the IP packet and deliver it to the transport layer.

1
 11/25/2022

Tunnel Mode
In tunnel mode, IPSec protects the entire IP packet. It takes an IP
packet, including the header, applies IPSec security methods to the
entire packet, and then adds a new IP header.

Tunnel mode is normally used between two routers, between a host

and a router, or between a router and a host,

IPSec defines two protocols: Authentication Header (AH) Protocol

and the Encapsulating Security Payload (ESP) Protocol
Authentication Header (AH)
The Authentication Header(AH) Protocol is designed to authenticate
the source host and to ensure the integrity of the payload carried in
the IP packet.

2
 11/25/2022

Next header:The 8-bit next header field defines the type of payload
carried by the IP datagram (such as TCP, UDP, ICMP, or OSPF).
Payload length:The name of this 8-bit field is misleading. It does not
define the length of the payload; it defines the length of the
authentication header in 4-byte multiples.
Security parameter index:The 32-bit security parameter index (SPI)
field plays the role of a virtual circuit identifier and is the same for all
packets sent during a connection called a Security Association.
Sequence number: A 32-bit sequence number provides ordering
information for a sequence of datagrams. The sequence numbers
prevent a playback. value is from 0 to 232-1.
Authentication data: The authentication data field is the result of
applying a hash function to the entire IP datagram except for the
fields that are changed during transit (e.g., time-to-live).

 When an IP datagram carries an authentication header, the

original value in the protocol field of the IP header is replaced by
the value 51.
 A field inside the authentication header holds the original value of
the protocol field.
 The addition of an authentication header follows these steps:
1. An authentication header is added to the payload with the
authentication data field set to 0.
2. Padding may be added to make the total length even for a
particular hashing algorithm.
3. Hashing is based on the total packet. Only those fields of the IP
header that do not change during transmission are included in the
calculation of the message digest (authentication data).
4. The authentication data are inserted in the authentication header.
5. The IP header is added after changing the value of the protocol
field to 51.
The AH protocol provides source authentication and data integrity,
but not privacy.

3
 11/25/2022

Encapsulating Security Payload (ESP)

The AH protocol does not provide confidentiality, only source
authentication and data integrity.
IPSec later defined an alternative protocol, Encapsulating Security
Payload(ESP), that provides source authentication, integrity, and
confidentiality. ESP adds a header and trailer.

Security parameter index:The 32-bit security parameter index field

is similar to the one defined for the AH protocol.
Sequence number:The 32-bit sequence number field is similar to
the one defined for the AH protocol.
Padding: This variable-length field (0 to 255 bytes) of 0s serves as
padding.
Pad length: The 8-bit pad-length field defines the number of
padding bytes. The value is between 0 and 255.
Next header:The 8-bit next-header field is similar to that defined in
the AH protocol. It serves the same purpose as the protocol field in
the IP header before encapsulation.
Authentication data: Finally, the authentication data field is the
result of applying an authentication scheme to parts of the
datagram.

4
 11/25/2022

When an IP datagram carries an ESP header and trailer, the value of

the protocol field in the IP header is 50.
A field inside the ESP trailer (the next-header field) holds the
original value of the protocol field (the type of payload being
carried by the IP data-gram, such as TCP or UDP).
The ESP procedure follows these steps:
1. An ESP trailer is added to the payload.
2. The payload and the trailer are encrypted.
3. The ESP header is added.
4. The ESP header, payload, and ESP trailer are used to create the
authentication data.
5. The authentication data are added to the end of the ESP trailer.
6. The IP header is added after changing the protocol value to 50.

Services Provided by IPSec

5
 11/25/2022

Security Association
 Security Association is a very important aspect of IPSec.
 IPSec requires a logical relationship, called a Security Association
(SA), between two hosts.
 A Security Association is a contract between two parties; it creates
a secure channel between them.

Security Association Database (SAD)

A Security Association can be very complex. This is particularly true if
Alice wants to send messages to many people and Bob needs to
receive messages from many people.
In addition, each site needs to have both inbound and outbound SAs
to allow bidirectional communication.

The data-base can be thought of as a two-dimensional table with

each row defining a single SA.
Normally, there are two SADs, one inbound and one outbound.

6
 11/25/2022

Security Policy(SP)
Security Policy (SP) defines the type of security applied to a packet
when it is to be sent or when it has arrived.
Security Policy Database(SPD)
Each host that is using the IPSec protocol needs to keep a Security
Policy Database. Again, there is a need for an inbound SPD and an
outbound SPD.

Outbound processing

7
 11/25/2022

Inbound processing

Internet Key Exchange (IKE)

IKE is a protocol designed to create both inbound and outbound
Security Associations.

The Internet Security Association and Key Management Protocol

(ISAKMP) is a protocol designed by the National Security Agency
(NSA) that actually implements the exchanges defined in IKE.

8
 11/25/2022

It defines several packets, protocols, and parameters that allow the

IKE exchanges to take place in standardized, formatted messages to
create SAs.

TRANSPORT LAYER SECURITY

Two protocols are dominant today for providing security at the
transport layer: the Secure Sockets Layer (SSL) protocol and the
Transport Layer Security (TLS) protocol.

9
 11/25/2022

SSL Architecture
• SSL is designed to provide security and compression services to
data generated from the application layer.
• SSL can receive data from any application layer protocol, but
usually the protocol is HTTP.
• The data received from the application is compressed (optional),
signed, and encrypted.
• The data is then passed to a reliable transport layer protocol such
as TCP.

SSL provides several services on data received from the application

layer.
❑ Fragmentation: First, SSL divides the data into blocks of 214 bytes
or less.
❑ Compression: Each fragment of data is compressed using one of
the lossless compression methods negotiated between the client and
server. This service is optional.
❑ Message Integrity: To preserve the integrity of data, SSL uses a
keyed-hash function to create a MAC.
❑ Confidentiality: To provide confidentiality, the original data and
the MAC are encrypted using symmetric-key cryptography.
❑ Framing: A header is added to the encrypted payload. The payload
is then passed to a reliable transport layer protocol.

10
 11/25/2022

Key Exchange Algorithms

To exchange an authenticated and confidential message, the client
and the server each need a set of cryptographic secrets.
However, to create these secrets, one pre-master secret must be
established between the two parties. SSL defines several key-
exchange methods to establish this pre-master secret.
Encryption/Decryption Algorithms
The client and server also need to agree to a set of encryption and
decryption algorithms.
Hash Algorithms
SSL uses hash algorithms to provide message integrity.
Cipher Suite
The combination of key exchange, hash, and encryption algorithms
defines a cipher suite for each SSL session.
Compression Algorithms
Compression is optional in SSL. No specific compression algorithm is
defined.

Cryptographic Parameter Generation

• To achieve message integrity and confidentiality, SSL needs six
cryptographic secrets: four keys and two IVs (initialization vectors).
• The client needs one key for message authentication, one key for
encryption, and one IV as original block in calculation.
• The server needs the same.
• SSL requires that the keys for one direction be different from those
for the other direction.
• If there is an attack in one direction, the other direction is not
affected.
The parameters are generated using the following procedure:
1. The client and server exchange two random numbers; one is
created by the client and the other by the server.
2. The client and server exchange one pre-master secret using one of
the predefined key- exchange algorithms.
3. A 48-byte master secret is created from the pre-master secret by
applying two hash functions (SHA-1 and MD5)

11
 11/25/2022

Calculation of master secret from pre-master secret

4. The master secret is used to create variable-length key material

by applying the same set of hash functions and prepending with
different constants. The module is repeated until key material of
adequate size is created.
Calculation of key material from master secret

12
 11/25/2022

5. Six different secrets are extracted from the key material,

Four SSL protocols

13
 11/25/2022

• The Record Protocol is the carrier.

• It carries messages from three other protocols as well as the data
coming from the application layer.
• Messages from the Record Protocol are payloads to the transport
layer, normally TCP.
• The Handshake Protocol provides security parameters for the
Record Protocol.
• It establishes a cipher set and provides keys and security
parameters.
• It also authenticates the server to the client and the client to the
server if needed.
• The ChangeCipherSpec Protocol is used for signaling the readiness
of cryptographic secrets.
• The Alert Protocol is used to report abnormal conditions.

Handshake Protocol
The Handshake Protocol uses messages to negotiate the cipher suite,
to authenticate the server to the client and the client to the server if
needed, and to exchange information for building the cryptographic
secrets. The handshaking is done in four phases

14
 11/25/2022

Phase I: Establishing Security Capability In Phase I, the client and the

server announce their security capabilities and choose those that are
convenient for both. In this phase, a session ID is established and the
cipher suite is chosen. The parties agree upon a particular
compression method. Finally, two random numbers are selected, one
by the client and one by the server, to be used for creating a master
secret.
Phase II: Server Key Exchange and Authentication In Phase II, the
server authenticates itself if needed. The sender may send its
certificate, its public key, and may also request certificates from the
client.
Phase III: Client Key Exchange and Authentication Phase III is
designed to authenticate the client.
Phase IV: Finalizing and Finishing In Phase IV, the client and server
send messages to change cipher specification and to finish the
handshaking protocol.

15
 11/25/2022

ChangeCipherSpec Protocol
The ChangeCipherSpec protocol exists to signal transitions in
ciphering strategies.
The protocol consists of a single message, which is encrypted and
compressed under the current connection state.
The message consists of a single byte of value 1.
The sole purpose of this message is to cause the pending state to be
copied into the current state, which updates the cipher suite to be
used on this connection.

Alert Protocol
SSL uses the Alert Protocol for reporting errors and abnormal
conditions.
It uses only one message that describes the problem and its level
(warning or fatal).
Record Protocol
SSL Record provides two services to SSL connection.
1. Confidentiality
2. Message Integrity
The Record Protocol carries messages from the upper layer.
The message is fragmented and optionally compressed; a MAC is
added to the compressed message using the negotiated hash
algorithm.
The compressed fragment and the MAC are encrypted using the
negotiated encryption algorithm. Finally, the SSL header is added to
the encrypted message.

16
 11/25/2022

Processing done by the Record Protocol

Application layer security

Secure email:
Sending an e-mail is a one-time activity.
In IPSec or SSL, we assume that the two parties create a session
between themselves and exchange data in both directions.
In e-mail, there is no session.
Cryptographic Algorithms
The protocol defines a set of algorithms for each operation that the
user used in his/her system. The sender of the message needs to
include the name or identifiers of the algorithms used in the
message.
Cryptographic Secrets
In e-mail security, the encryption/decryption is done using a
symmetric-key algorithm, but the secret key to decrypt the
message is encrypted with the public key of the receiver and is sent
with the message.

17
 11/25/2022

Certificates
It is obvious that some public-key algorithms must be used for e-
mail security. To encrypt the secret key, Alice needs Bob’s public
key; to verify a signed message, Bob needs Alice’s public key. So, for
sending a small authenticated and confidential message, two public
keys are needed. How can Alice be assured of Bob’s public key, and
how can Bob be assured of Alice’s public key? Each e-mail security
protocol has a different method of certifying keys.
Pretty Good Privacy (PGP)
PGP was invented by Phil Zimmermann to provide e-mail with
privacy, integrity, and authentication.
PGP can be used to create a secure e-mail messages.
PGP uses:
public keys for encrypting session keys / verifying signatures.
private keys for decrypting session keys / creating signatures.

Alice wants to send confidential e-mail, m, to Bob.

KS

m KS( ) . KS(m ) KS(m )

KS( ) . m

+ Internet
- KS

KS
+
KB( ). + +
-
KB( ) .
KB(KS ) KB(KS )
+ -
KB
KB

Alice:
 generates random symmetric private key, KS.
 encrypts message with KS (for efficiency)
 also encrypts KS with Bob’s public key.
 sends both KS(m) and KB(KS) to Bob.

18
 11/25/2022

KS

m KS( ). KS(m ) KS(m )

KS( ) . m

+ Internet
- KS

KS
+
KB( ). + +
-
KB( ) .
KB(KS ) KB(KS )
+
KB
-
KB

Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m

Alice wants to provide sender authentication message integrity.

K-A K+A
. . - - .
- K (H(m)) KA(H(m)) + H(m )
m H( ) KA( ) A KA( )
+ - compare
Internet .
m H( ) H(m )
m

 Alice digitally signs message.

 sends both message and digital signature.

19
 11/25/2022

Key Rings
 Alice may need to send messages to many people; she needs key
rings.
 In this case, Alice needs a ring of public keys, with a key belonging
to each person with whom Alice needs to correspond (send or
receive messages).
 In addition, the PGP designers specified a ring of private/public
keys.
 One reason is that Alice may wish to change her pair of keys from
time to time.
 Another reason is that Alice may need to correspond with
different groups of people (friends, colleagues, and so on).
 Alice may wish to use a different key pair for each group.
Therefore, each user needs to have two sets of rings: a ring of
private/public keys and a ring of public keys of other people.

PGP Certificates
 In PGP, there is no need for CAs; anyone in the ring can sign a
certificate for anyone else in the ring.
 In PGP, there can be multiple paths from fully or partially trusted
authorities to any subject.
 In PGP, the issuer of a certificate is usually called an introducer.
 The entire operation of PGP is based on introducer trust, the
certificate trust, and the legitimacy of the public keys.
Introducer Trust Levels
PGP allows different levels of trust. The number of levels is mostly
implementation dependent, but for simplicity, let us assign three
levels of trust to any introducer: none, partial, and full .

20
 11/25/2022

Trust Model in PGP

We can create a trust model for any user in a ring with the user as the
center of activity.

S/MIME
Another security service designed for electronic mail is
Secure/Multipurpose Internet Mail Extension (S/MIME).
The protocol is an enhancement of the Multipurpose Internet Mail
Extension (MIME) protocol.
Cryptographic Message Syntax (CMS)
To define how security services, such as confidentiality or integrity,
can be added to MIME content types, S/MIME has defined CMS.
The syntax in each case defines the exact encoding scheme for each
content type.
Data Content Type: This is an arbitrary string. The object created is
called Data.
Signed-Data Content Type: This type provides only integrity of data.
It contains any type and zero or more signature values.
The encoded result is an object called signed-Data.

21
 11/25/2022

Enveloped-Data Content Type: used to provide privacy for the

message. It contains any type and zero or more encrypted keys and
certificates. The encoded result is an object called envelopedData.

22
 11/25/2022

Digested-Data Content Type: used to provide integrity for the

message. The result is used as the content for the enveloped-data
content type. The encoded result is an object called digestedData.

Encrypted-Data Content Type: used to create an encrypted version of

any content type. It can be used to store the encrypted data instead
of transmit-ting it. The process is very simple; the user employs any
key (normally driven from the password) and any algorithm to encrypt
the content. The encrypted content is stored with-out including the
key or the algorithm. The object created is called encryptedData.

Authenticated-Data Content Type: This type is used to provide

authentication of the data. The object is called authenticatedData.

23
 11/25/2022

Virtual Private Network (VPN)

A virtual private network (VPN) is a technology that is gaining
popularity among large organizations that use the global Internet for
both intra-and inter-organization communication, but require privacy
in their intra-organization communication.
VPN is a network that is private but virtual.
It is private because it guarantees privacy inside the organization.
It is virtual because it does not use real private WANs; the network is
physically public but virtually private.

FIREWALLS
All previous security measures cannot prevent Eve from sending a
harmful message to a system. To control access to a system we need
firewalls. A firewall is a device (usually a router or a computer)
installed between the internal network of an organization and the
rest of the Internet. It is designed to forward some packets and filter
(not forward)

24
 11/25/2022

Packet-Filter Firewall
A firewall can be used as a packet filter. It can forward or block
packets based on the information in the network layer and transport
layer headers: source and destination IP addresses, source and
destination port addresses, and type of protocol (TCP or UDP).
A packet-filter firewall is a router that uses a filtering table to
decide which packets must be discarded (not forwarded). Figure
30.33 shows an example of a filtering table for this kind of a firewall.
According to the figure, the following packets are filtered:
1. Incoming packets from network 131.34.0.0. are blocked (security
precaution).
2. Incoming packets destined for any internal TELNET server (port 23)
are blocked.
3. Incoming packets destined for internal host 194.78.20.8. are
blocked. The organization wants this host for internal use only.
4. Outgoing packets destined for an HTTP server (port 80) are
blocked. The organization doesn’t want employees to browse the
Internet.

25
 11/25/2022

Proxy Firewall
The packet-filter firewall is based on the information available in the
network layer and transport layer headers (IP and TCP/UDP).
However, sometimes we need to filter a message based on the
information available in the message itself (at the application
layer). One solution is to install a proxy computer (sometimes called
an application gate-way ), which stands between the customer
computer and the corporation computer.
When the user client process sends a message, the application
gateway runs a server process to receive the request. The server
opens the packet at the application level and finds out if the request
is legitimate. If it is, the server acts as a client process and sends
the message to the real server in the corporation. If it is not, the
message is dropped and an error message is sent to the external user.
In this way, the requests of the external users are filtered based on
the contents at the application layer.

26
 11/25/2022

Intrusion Detection System (IDS)

It is a system that monitors network traffic for suspicious activity
and issues alerts when such activity is discovered. It is a software
application that scans a network or a system for the harmful activity
or policy breaching.

Network Intrusion Detection System (NIDS)

are set up at a planned point within the network to examine traffic
from all devices on the network.
It performs an observation of passing
traffic on the entire subnet and matches
the traffic that is passed on the subnets to
the collection of known attacks. Once an
attack is identified or abnormal behavior
is observed, the alert can be sent to the
administrator.

27
 11/25/2022

Host Intrusion Detection

System (HIDS) run on
independent hosts or
devices on the network. A
HIDS monitors the incoming
and outgoing packets from
the device only and will
alert the administrator if
suspicious or malicious
activity is detected.
Advantages
More accurate than NIDS
Less volume of traffic so
less overhead
Disadvantages
Deployment is expensive

Intrusion Detection System (IDS)

It is a system that monitors network traffic for suspicious activity
and issues alerts when such activity is discovered. It is a software
application that scans a network or a system for the harmful activity
or policy breaching.

28
 11/25/2022

1. Network-based:- These monitor the network traffic for a segment of the network. It also
analyzes the network & application protocol activity to identify suspicious activity.
Characteristics:
NIDS examine raw packets in the network passively and triggers alerts
-Advantages
Easy deployment
Unobtrusive
Difficult to evade if done at low level of network operation
-Disadvantages
Fail Open
Different hosts process packets differently
NIDS needs to create traffic seen at the end host
Need to have the complete network topology and complete host behavior
2. Host-based :- These IDs monitors the Host & events that occur within the host.
Characteristics:
Runs on single host
Can analyze audit-trails, logs, integrity of files and directories, etc.
Advantages
More accurate than NIDS
Less volume of traffic so less overhead
Disadvantages
Deployment is expensive

29