UNIT-IV

Network Security: IP security overview, IP security architecture, Authentication header,

Encapsulating security payload-Web security considerations, Secure Sockets Layer, Secure
Electronic Transaction-Electronic Mail Security-PGP

IP security overview

Need for IP security

 To protect the secret information users on the net only. No other person should see or
access it.
 To protect the information from unwanted editing, accidently or intentionally by
unauthorized users.
 To protect the information from loss and make it to be delivered to its destination
properly.
 To manage for acknowledgement of message received by any node in order to protect
from denial by sender in specific situations.
 IPsec can be used to secure communication with other organizations, ensuring
authentication and confidentiality and providing a key exchange mechanism.
 It enhances the e-commerce security. Even though some web and electronic commerce
applications have built in security protocols, the use of IPsec enhances security.
 The principal feature of IP Security is that it is able to support all those applications and
can encrypt or authenticate all traffic at the IP level. This provides security for all
applications that you would use on a daily basis.

Applications of IP security

 IPsec provides the capability to secure communications across a LAN, across private
and public WANs, and across the Internet. Examples of its use include:
 Secure branch office connectivity over the Internet: A company can build a secure
virtual private network over the Internet or over a public WAN. This enables a business
to rely heavily on the Internet and reduce its need for private networks, saving costs and
network management overhead.
 Secure remote access over the Internet: An end user whose system is equipped with
IP security protocols can make a local call to an Internet Service Provider (ISP) and gain
secure access to a company network. This reduces the cost of toll charges for traveling
employees and telecommuters.
 Establishing extranet and intranet connectivity with partners: IPsec can be used to
secure communication with other organizations, ensuring authentication and
confidentiality and providing a key exchange mechanism.
 Enhancing electronic commerce security: Even though some Web and electronic
commerce applications have built-in security protocols, the use of IPsec enhances that
security. IPsec guarantees that all traffic designated by the network administrator is both
encrypted and authenticated, adding an additional layer of security to whatever is
provided at the application layer.
  The principal feature of IPsec that enables it to support these varied applications is that it
can encrypt and/or authenticate all traffic at the IP level. Thus, all distributed applications
(including remote logon, client/server, e-mail, file transfer, Web access, and so on) can
be secured.

IP security scenario

 Figure 4.1 is a typical scenario of IPsec usage. An organization maintains LANs at

dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite,
through some sort of private or public WAN, IPsec protocols are used.
 These protocols operate in networking devices, such as a router or firewall that connect
each LAN to the outside world.
 The IPsec networking device will typically encrypt and compress all traffic going into the
WAN and decrypt and decompress traffic coming from the WAN; these operations are
transparent to workstations and servers on the LAN.
 Secure transmission is also possible with individual users who dial into the WAN. Such
user workstations must implement the IPsec protocols to provide security.

Fig.4.1 IP security scenario

Benefits of IPsec

Some of the benefits of IPsec:

 When IPsec is implemented in a firewall or router, it provides strong security that can be
applied to all traffic crossing the perimeter. Traffic within a company or workgroup does
not incur the overhead of security-related processing.
  IPsec in a firewall is resistant to bypass if all traffic from the outside must use IP and the
firewall is the only means of entrance from the Internet into the organization.
 IPsec is below the transport layer (TCP, UDP) and so is transparent to applications.
There is no need to change software on a user or server system when IPsec is
implemented in the firewall or router. Even if IPsec is implemented in end systems,
upper-layer software, including applications, is not affected.
 IPsec can be transparent to end users. There is no need to train users on security
mechanisms, issue keying material on a per-user basis, or revoke keying material when
users leave the organization.
 IPsec can provide security for individual users if needed. This is useful for offsite workers
and for setting up a secure virtual subnetwork within an organization for sensitive
applications.

Routing Applications
 In addition to supporting end users and protecting premises systems and networks,
IPsec can play a vital role in the routing architecture required for internetworking. IPsec
can assure that
 A router advertisement comes from an authorized router.
 A neighbor advertisement comes from an authorized router.
 A redirect message comes from the router to which the initial IP packet was sent.
 A routing update is not forged.
 Without such security measures, an opponent can disrupt communications or divert
some traffic. Routing protocols such as Open Shortest Path First (OSPF) should be run
on top of security associations between routers that are defined by IPsec.

IPsec Documents
 IPsec encompasses three functional areas: authentication, confidentiality, and key
management. The documents can be categorized into the following groups.
 Architecture: Covers the general concepts, security requirements, definitions, and
mechanisms defining IPsec technology.
 Authentication Header (AH): AH is an extension header to provide message
authentication. Because message authentication is provided by ESP, the use of AH is
deprecated.
 Encapsulating Security Payload (ESP): ESP consists of an encapsulating header and
trailer used to provide encryption or combined encryption/authentication.
 Internet Key Exchange (IKE): This is a collection of documents describing the key
management schemes for use with IPsec.
 Cryptographic algorithms: This category encompasses a large set of documents that
define and describe cryptographic algorithms for encryption, message authentication,
pseudorandom functions (PRFs), and cryptographic key exchange.

IPsec Services
  IPsec provides security services at the IP layer by enabling a system to select required
security protocols, determine the algorithm(s) to use for the service(s), and put in place
any cryptographic keys required to provide the requested services.
 Two protocols are used to provide security: an authentication protocol designated by the
header of the protocol Authentication Header (AH); and a combined encryption/
authentication protocol designated by the format of the packet for that protocol,
Encapsulating Security Payload (ESP).

RFC 4301 lists the following services:

 Access control
 Connectionless integrity
 Data origin authentication
 Rejection of replayed packets (a form of partial sequence integrity)
 Confidentiality (encryption)
 Limited traffic flow confidentiality

IP security architecture

Fig.4.2 IPsec architecture

Authentication Header:
AH provides only authentication and not confidentiality it is a fairly simple protocol, creating just
a header and no trailer. The header contains the SPI, the sequence number and the
authentication data.

Fig.4.3 Authentication header

This latter field contains the Integrity Check Value, which offers assurance that the
packet has not been altered during its transmission. The SA specifies the algorithm used
to calculate this value. A family of suitable algorithms is the MAC such as MD5 or SHA-
1. The Next Header is an 8-bit field indicating what protocol follows the AH header.
When IPSec is running in tunnel mode, the value of this field will be 4 (IP-in-IP). In
transport mode, it will be the upper-layer protocol being protected (usually UDP or TCP).

This protocol must be used when data encryption is required. Because it is an IPSec
header, ESP provides SPI and sequence numbers. Padding (to a maximum of 255
bytes) is used by ESP to preserve byte boundaries. If an encryption algorithm is
employed that requires the plaintext to be a multiple of some number of bytes (for
example the block size of a block cipher), the padding field is used to fill the plaintext to
the requisite size. Padding may also be required, irrespective of encryption algorithm
requirements, to ensure that the resulting ciphertext terminates on a 4-byte boundary,
thereby right-aligning the trailer.

Domain of Interpretation (DOI): Contains values needed for the other documents to relate to
each other. These include identifiers for approved encryption and authentication algorithms, as
well as operational parameters such as key lifetime.

Encryption Algorithm: A set of documents that describe how various encryption algorithms are
used for ESP.

Authentication Algorithm: A set of documents that describe how various authentication

algorithms are used for AH and for the authentication option of ESP.

Key Management: Documents that describe key management schemes.

Authentication header, Encapsulating security payload

  Authentication Header (AH) provides:
Connection-less integrity
Data origin authentication
Protection against replay attacks
 Encapsulating Security Payload (ESP) provides:
Confidentiality (encryption)
Connection-less integrity
Data origin authentication
Protection against reply attacks

Various fields of AH and ESP.

Authentication Header: Because AH provides only authentication and not confidentiality it is a

fairly simple protocol, creating just a header and no trailer. The header contains the SPI, the
sequence number and the authentication data.

Fig.4.4 Authentication Header

This latter field contains the Integrity Check Value, which offers assurance that the packet has
not been altered during its transmission. The SA specifies the algorithm used to calculate this
value. A family of suitable algorithms is the MAC such as MD5 or SHA-1. The Next Header is an
8-bit field indicating what protocol follows the AH header. When IPSec is running in tunnel
mode, the value of this field will be 4 (IP-in-IP). In transport mode, it will be the upper-layer
protocol being protected (usually UDP or TCP).

This protocol must be used when data encryption is required. Because it is an IPSec header,
ESP provides SPI and sequence numbers whose purposes have been discussed in the
preceding section. Padding (to a maximum of 255 bytes) is used by ESP to preserve byte
boundaries. If an encryption algorithm is employed that requires the plaintext to be a multiple of
some number of bytes (for example the block size of a block cipher), the padding field is used to
fill the plaintext to the requisite size. Padding may also be required, irrespective of encryption
algorithm requirements, to ensure that the resulting ciphertext terminates on a 4-byte boundary,
thereby right-aligning the trailer.
Encapsulating Security Payload: The first subfield is Security Parameters Index (SPI) which
now specifies (i.e., uniquely identifies) the encryption algorithm. The second subfield "Sequence
Number" has the same meaning as that in an AH. The third subfield "Payload Data" has a
variable length which is the ciphertext of the confidential data. Since an IP (v6) packet must
have a length as a multiple of 32 bits, the plaintext "Payload Data" of variable length must be
padded, and the paddings are given in "Padding". The Padding bytes are initialized with a series
of (unsigned, 1-byte) integer values.

Fig.4.5 Encapsulating Security Payload

Web security considerations:

The World Wide Web is fundamentally a client/server application running over the Internet and
TCP/IP intranets.

Security Considerations

Updated Software

It is mandatory to keep you software updated. It plays vital role in keeping your website secure.

SQL Injection

It is an attempt by the hackers to manipulate your database. It is easy to insert rogue code into
your query that can be used to manipulate your database such as change tables, get
information or delete data.

Cross Site Scripting (XSS)

It allows the attackers to inject client side script into web pages. Therefore, while creating a form
It is good to endure that you check the data being submitted and encode or strip out any HTML.
Error Messages

You need to be careful about how much information to be given in the error messages. For
example, if the user fails to log in the error message should not let the user know which field is
incorrect: username or password.

Validation of Data

The validation should be performed on both server side and client side.

Passwords

It is good to enforce password requirements such as of minimum of eight characters, including

upper case, lower case and special character. It will help to protect user’s information in long
run.

Upload files

The file uploaded by the user may contain a script that when executed on the server opens up
your website.

Web security threats:

 One way to group these threats is in terms of passive and active attacks. Passive
attacks include eavesdropping on network traffic between browser and server and
gaining access to information on a Web site that is supposed to be restricted.

 Active attacks include impersonating another user, altering messages in transit between
client and server, and altering information on a Web site.

 Another way to classify Web security threats is in terms of the location of the threat: Web
server, Web browser, and network traffic between browser and server.

Web traffic security approach:

 One way to provide Web security is to use IP security (IPsec). The advantage of using
IPsec is that it is transparent to end users and applications and provides a general-
purpose solution.

 Furthermore, IPsec includes a filtering capability so that only selected traffic need incur
the overhead of IPsec processing. Another relatively general-purpose solution is to
implement security just above TCP.

 The foremost example of this approach is the Secure Sockets Layer (SSL) and the
follow-on Internet standard known as Transport Layer Security (TLS). At this level, there
are two implementation choices.

 For full generality, SSL (or TLS) could be provided as part of the underlying protocol
suite and therefore be transparent to applications. Alternatively, SSL can be embedded
in specific packages.
Secure socket layer and transport layer security

SSL Architecture: SSL Architecture SSL is designed to make use of TCP to provide a
reliable end-to-end secure service. SSL is not a single protocol but rather two layers of
protocols. The SSL Record Protocol provides basic security services to various higher
layer protocols. In particular, the Hypertext Transfer Protocol (HTTP), which provides the
transfer service for Web client/server interaction, can operate on top of SSL. Three higher-
layer protocols are defined as part of SSL: the Handshake Protocol, The Change Cipher
Spec Protocol, and the Alert Protocol. These SSL-specific protocols are used in the
management of SSL exchanges. Two important SSL concepts are the SSL session and
the SSL connection, which are defined in the specification as follows.
• Connection: A connection is a transport that provides a suitable type of service. For
SSL, such connections are peer-to-peer relationships. The connections are transient.
Every connection is associated with one session.
• Session: An SSL session is an association between a client and a server. Sessions are
created by the Handshake Protocol.

Fig.4.6 SSL protocol stack

A session state is defined by the following parameters.

Session identifier: An arbitrary byte sequence chosen by the server to identify an active or
resumable session state.

Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null.

Compression method: The algorithm used to compress data prior to encryption.

Cipher spec: Specifies the bulk data encryption algorithm (such as null,AES, etc.) and a hash
algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines cryptographic
attributes such as the hash size.

Master secret: 48-byte secret shared between the client and server.

Server and client random: Byte sequences that are chosen by the server and client for each
connection.

Server write MAC secret: The secret key used in MAC operations on data sent by the server. •
Client write MAC secret: The secret key used in MAC operations on data sent by the client.

Server write key: The secret encryption key for data encrypted by the server and decrypted by
the client.
 Client write key: The symmetric encryption key for data encrypted by the client and decrypted
by the server.

Initialization vectors: When a block cipher in CBC mode is used, an Initialization Vector (IV) is
maintained for each key. This field is first initialized by the SSL Handshake Protocol. Thereafter,
the final cipher text block from each record is preserved for use as the IV with the following
record.

Sequence numbers: Each party maintains separate sequence numbers for transmitted &
received messages for each connection. When a party sends or receives a change cipher spec
message, the appropriate sequence number is set to zero.

SSL Record Protocol: The SSL Record Protocol provides two services for SSL connections:

• Confidentiality: The Handshake Protocol defines a shared secret key that is used for
conventional encryption of SSL payloads.

• Message Integrity: The Handshake Protocol also defines a shared secret key that is used to
form a message authentication code (MAC). The Record Protocol takes an application message
to be transmitted, fragments the data into manageable blocks, optionally compresses the data,
applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.
Received data are decrypted, verified, decompressed, and reassembled before being delivered
to higher-level users.

Transport Layer Security:

 Transport Layer Security (TLS) is a protocol that provides privacy and data integrity
between two communicating applications. It's the most widely deployed security protocol
used today, and is used for Web browsers and other applications that require data to be
securely exchanged over a network, such as file transfers, VPN connections, instant
messaging and voice over IP.
 TLS evolved from Secure Sockets Layer (SSL) protocol and has largely superseded it,
although the terms SSL or SSL/TLS are still sometimes used. Key differences between
SSL and TLS that make TLS a more secure and efficient protocol are message
authentication, key material generation and the supported cipher suites, with TLS
supporting newer and more secure algorithms. TLS and SSL are not interoperable,
though TLS currently provides some backward compatibility in order to work with legacy
systems.

 According to the protocol specification, TLS is composed of two layers: the TLS Record
Protocol and the TLS Handshake Protocol. The Record Protocol provides connection
security, while the Handshake Protocol allows the server and client to authenticate each
other and to negotiate encryption algorithms and cryptographic keys before any data is
exchanged.

Compression: Pretty Good Protocol (PGP) compresses the message after applying the
signature but before encryption.

The signature is generated before compression for two reasons:

a. It is preferable to sign an uncompressed message so that one can store only the
uncompressed message together with the signature for future verification. If one signed a
compressed document, then it would be necessary either to store a compressed version of
the message for later verification or to recompress the message when verification is
required.

b. Message encryption is applied after compression to strengthen cryptographic security.

Because the compressed message has less redundancy than the original plaintext,
cryptanalysis is more difficult.

E-Mail Compatibility: When PGP is used, a part of the block to be transmitted is encrypted. If
only the signature service is used, then the message digest is encrypted (with the sender’s
private key). If the confidentiality service is used, the message plus signature are encrypted.
Thus, part or all of the resulting block consists of a stream of arbitrary 8-bit octets. Many
electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate
this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of
printable ASCII characters. The scheme used for this purpose is radix-64 conversion. Each
group of three octets of binary data is mapped into four ASCII characters. This format also
appends a CRC to detect transmission errors. The use of radix 64 expands a message by 33%.
The session key and signature portions of the message are relatively compact, and the plaintext
message has been compressed.
.

E-mail security

Email security deals with issues of unauthorized access and inspection of electronic mail.
This unauthorized access can happen while an email is in transit, as well as when it is stored on
email servers or on a user computer. In countries with a constitutional guarantee of the secrecy
of correspondence, whether email can be equated with letters and get legal protection from all
forms of eavesdropping comes under question because of the very nature of email. This is
especially important as more and more communication occurs via email compared to postal
mail.

Email has to go through potentially untrusted intermediate computers (email servers, ISPs
before reaching its destination, and there is no way to tell if it was accessed by an unauthorized
entity. This is different from a letter sealed in an envelope, where by close inspection of the
envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a
postcard whose contents are visible to everyone who handles it.

Encryption: A significant fraction of email communication is still unencrypted. In general,

encryption provides protection against malicious entities.

Transport level encryption: With the original design of email protocol, the communication
between email servers was plain text, which posed a huge security risk. Over the years,
various mechanisms have been proposed to encrypt the communication between email
servers. It is a TLS (SSL) layer over the plaintext communication, allowing email servers to
upgrade their plaintext communication to encrypted communication. Assuming that the
email servers on both the sender and the recipient side support encrypted communication,
an eavesdropper snooping on the communication between the mail servers cannot see the
 email contents. Similar extensions exist for the communication between an email client and
the email server.

End to end encryption: In end-to-end encryption, the data is encrypted and decrypted only
at the end points. In other words, an email sent with end-to-end encryption would be
encrypted at the source, unreadable to service providers like Gmail in transit, and then
decrypted at its endpoint. Crucially, the email would only be decrypted for the end user on
their computer and would remain in encrypted, unreadable form to an email service like
Gmail, which wouldn’t have the keys available to decrypt it.

Pretty Good Privacy

 PGP is an open-source, freely available software package for e-mail security.

 It provides authentication through the use of digital signature, confidentiality through the
use of symmetric block encryption, compression using the ZIP algorithm, and e-mail
compatibility using the radix-64 encoding scheme.

 PGP incorporates tools for developing a public-key trust model and public-key certificate
management.

 S/MIME is an Internet standard approach to e-mail security that incorporates the same
functionality as PGP.

 DKIM is a specification used by e-mail providers for cryptographically signing e-mail

messages on behalf of the source domain

 PGP is a data encryption standard that allows end-users to encrypt the email contents.
The PGP uses a Public Key Cryptography scheme where each email address is
associated with a public/private key pair.

 PGP provides a way for the end users to encrypt the email without any support from the
server and be sure that only the intended recipient can read it. However, there are
usability issues with PGP it requires users to set up public/private key pairs and make
the public keys available widely. Also, it protects only the content of the email, and not
meta data an untrusted party can still observe who sent an email to whom. A general
downside of end to end encryption schemes where the server does not have decryption
keys is that it makes server side search almost impossible, thus impacting usability.

Operational Description

The actual operation of PGP consists of four services: authentication, confidentiality,

compression, and e-mail compatibility

Authentication
Figure 4.7a illustrates the digital signature service provided by PGP. The sequence is as
follows.
1. The sender creates a message.
2. SHA-1 is used to generate a 160-bit hash code of the message.
3. The hash code is encrypted with RSA using the sender’s private key, and the result is
prepended to the message.
4. The receiver uses RSA with the sender’s public key to decrypt and recover the hash code.
5. The receiver generates a new hash code for the message and compares it with the decrypted
hash code. If the two match, the message is accepted as authentic.

Fig.4.7 PGP Cryptographic function

 The combination of SHA-1 and RSA provides an effective digital signature scheme.
Because of the strength of RSA, the recipient is assured that only the possessor of the
matching private key can generate the signature. Because of the strength of SHA-1, the
recipient is assured that no one else could generate a new message that matches the
hash code and, hence, the signature of the original message.

 As an alternative, signatures can be generated using DSS/SHA-1.Although signatures

normally are found attached to the message or file that they sign, this is not always the
case: Detached signatures are supported.A detached signature may be stored and
transmitted separately from the message it signs.This is useful in several contexts.A
user may wish to maintain a separate signature log of all messages sent or received. A
detached signature of an executable program can detect subsequent virus infection.
Finally, detached signatures can be used when more than one party must sign a
document, such as a legal contract. Each person’s signature is independent and
therefore is applied only to the document. Otherwise, signatures would have to be
nested, with the second signer signing both the document and the first signature, and so
on.

Confidentiality
  Another basic service provided by PGP is confidentiality, which is provided by encrypting
messages to be transmitted or to be stored locally as files. In both cases, the symmetric
encryption algorithm CAST-128 may be used. Alternatively, IDEA or 3DES may be used.
The 64-bit cipher feedback (CFB) mode is used. As always, one must address the
problem of key distribution. In PGP, each symmetric key is used only once. That is, a
new key is generated as a random 128-bit number for each message. Thus, although
this is referred to in the documentation as a session key, it is in reality a one-time key.
Because it is to be used only once, the session key is bound to the message and
transmitted with it.To protect the key, it is encrypted with the receiver’s public key. Figure
4.7b illustrates the sequence, which can be described as follows.

1. The sender generates a message and a random 128-bit number to be used as a session key
for this message only.
2. The message is encrypted using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA using the recipient’s public key and is prepended to
the message.
4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.

Confidentiality and Authentication

 As Figure 4.7c illustrates, both services may be used for the same message. First, a
signature is generated for the plaintext message and prepended to the message. Then
the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES),
and the session key is encrypted using RSA (or ElGamal). This sequence is preferable
to the opposite: encrypting the message and then generating a signature for the
encrypted message. It is generally more convenient to store a signature with a plaintext
version of a message.
 Furthermore, for purposes of third-party verification, if the signature is performed first, a
third party need not be concerned with the symmetric key when verifying the signature.
 In summary, when both services are used, the sender first signs the message with its
own private key, then encrypts the message with a session key, and finally encrypts the
session key with the recipient’s public key.

Compression

 As a default, PGP compresses the message after applying the signature but before
encryption.This has the benefit of saving space both for e-mail transmission and for file
storage.The placement of the compression algorithm, indicated by Z for compression
and Z–1 for decompression is critical. The signature is generated before compression for
two reasons:

1. It is preferable to sign an uncompressed message so that one can store only the
uncompressed message together with the signature for future verification.If one signed a
compressed document, then it would be necessary either to store a compressed version
of the message for later verification or to recompress the message when verification is
required.
 Even if one were willing to generate dynamically a recompressed message for
verification, PGP’s compression algorithm presents a difficulty. The algorithm is not
deterministic; various implementations of the algorithm achieve different tradeoffs in
running speed versus compression ratio and, as a result, produce different compressed
forms. However, these different compression algorithms are interoperable because any
version of the algorithm can correctly decompress the output of any other version.
Applying the hash function and signature after compression would constrain all PGP
implementations to the same version of the compression algorithm.

2. Message encryption is applied after compression to strengthen cryptographic security.

Because the compressed message has less redundancy than the original plaintext,
cryptanalysis is more difficult

Table 4.1 Summary of PGP Services