CST434 NETWORK SECURITY

PROTOCOLS

Prepared By,
Ambily Mohan
Assistant Professor
CSE Dept
ASIET, Kalady
 SYLLABUS

Module-3 (Network Layer Security and Web Security): Internet Protocol

Security (IPSec) – Overview, IP security architecture, Authentication Header
(AH), Encapsulating Security Payload (ESP), Combining Security Associations,
Key management. Internet Key Exchange (IKE) - Phases. Web Security – Web
security considerations. Secure Socket Layer and Transport Layer Security
(SSL/TLS) – SSL Architecture, SSL protocols, Cryptographic computations,
Transport layer security.
INTERNET PROTOCOL SECURITY (IPSec)
 INTERNET PROTOCOL SECURITY (IPSec)
• IPSec (Internet Protocol Security) is a suite of protocols used to secure
IP communications by authenticating and encrypting each IP packet in
a communication session.
• It operates at the network layer and is commonly used in Virtual
Private Networks (VPNs) to provide secure communication over
untrusted networks like the internet.
• IP security (IPSec) is a capability that can be added to either current
version of the Internet Protocol (IPv4 or IPv6), by means of additional
headers.
• IPSec encompasses three functional areas:
• Authentication makes use of the HMAC message authentication code.
Authentication can be applied to the entire original IP packet (tunnel mode)
or to all of the packet except for the IP header (transport mode).
 • Confidentiality is provided by an encryption format known as encapsulating
security payload. Both tunnel and transport modes can be accommodated.
• IPSec defines a number of techniques for key management.
• Protocol
• AH (Authentication Header): Provides authentication and integrity but does
not encrypt the data.
• ESP (Encapsulating Security Payload): Provides encryption, authentication,
and integrity
• Modes of Operation
• Transport Mode: Encrypts only the payload of the IP packet, leaving the
header intact (used for end-to-end communication)
• Tunnel Mode: Encrypts the entire IP packet, encapsulating it within a new IP
packet (commonly used in VPNs).
• Key Exchange & Management
• IKE (Internet Key Exchange): A protocol used to negotiate security settings
and establish encryption keys.
• ISAKMP (Internet Security Association and Key Management Protocol):
Defines the framework for key exchange.
• Applications of IPSec
• Secure Branch Office Connectivity – Establishes a secure VPN over the
internet, reducing the need for private networks and lowering costs.
• Secure Remote Access – Allows employees to securely connect to the
company network via an ISP, minimizing toll charges for remote workers.
• Establishing Extranet & Intranet Security – Ensures secure communication
with business partners through authentication, confidentiality, and key
exchange mechanisms.
• Enhanced E-commerce Security – Strengthens existing security protocols in
web and e-commerce applications for improved protection.
AN IP SECURITY SCENARIO
• Benefits of IPSec
1.Strong Perimeter Security – When implemented in a firewall or router, IPSec secures
all traffic crossing the network perimeter without impacting internal traffic.
2.Bypass Resistance – Ensures all incoming traffic follows secure IP-based paths through
the firewall, preventing unauthorized access.
3.Application Transparency – Works below the transport layer (TCP/UDP), so no changes
are required in applications or user/server software.
4.User-Friendly Security – Does not require user training or manual key management,
making it easy to deploy and maintain.
5.Flexible User Security – Can secure remote workers or create isolated virtual networks
for sensitive applications within an organization
• Routing Applications
• In addition to supporting end users and protecting premises systems
and networks, IPSec can also used in the routing architecture required
for internetworking.
• IPSec can assure that
• A router advertisement (a new router advertises its presence) comes from an
authorized router
• A neighbor advertisement (a router seeks to establish or maintain a neighbor
relationship with a router in another routing domain) comes from an
authorized router.
• A redirect message comes from the router to which the initial packet was sent.
• A routing update is not forged.
• Routing protocols such as OSPF should be run on top of security
associations between routers that are defined by IPSec
 IPSec Documents
• The IPSec specification consists of numerous documents.
• RFC 2401: An overview of a security architecture
• RFC 2402: Description of a packet authentication extension to IPv4 and IPv6
• RFC 2406: Description of a packet encryption extension to IPv4 and IPv6
• RFC 2408: Specification of key management capabilities
• Support for these features is mandatory for IPv6 and optional for IPv4
• The security features are implemented as extension headers that follow
the main IP header.
• The extension header for authentication is known as the Authentication
header(AH); that for encryption is known as the Encapsulating Security
Payload (ESP) header.
The IPSec documents are divided into seven groups
1. Architecture: Covers the general concepts, security requirements, definitions,
and mechanisms defining IPSec technology.
2. Encapsulating Security Payload (ESP): Covers the packet format and general
issues related to the use of the ESP for packet encryption and, optionally,
authentication.
3. Authentication Header (AH): Covers the packet format and general issues
related to the use of AH for packet authentication.
4. Encryption Algorithm: A set of documents that describe how various
encryption algorithms are used for ESP.
5. Authentication Algorithm: A set of documents that describe how various
authentication algorithms are used for AH and for the authentication option of
ESP.
6. Key Management: Documents that describe key management schemes.
7. Domain of Interpretation (DOI): Contains values needed for the other
documents to relate to each other. These include identifiers for approved
encryption and authentication algorithms, as well as operational parameters
such as key lifetime.
 IPSec SERVICES
• IPSec provides security services at the IP layer by enabling a system to select required security
protocols, determine the algorithm(s) to use for the service(s), and put in place any
cryptographic keys required to provide the requested services.
• Two protocols are used to provide security:
• An authentication protocol designated by the header of the protocol, Authentication Header (AH)
• a combined encryption/authentication protocol designated by the format of the packet for that
protocol, Encapsulating Security Payload (ESP)
• The IPSec services are
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets (a form of partial sequence integrity)
• Confidentiality (encryption)
• Limited traffic flow confidentiality
• Services are provided by the AH and ESP protocols
 SECURITY ASSOCIATIONS
• A Security Association (SA) in IPsec is a one-way relationship
between a sender and receiver that provides security services using
either Authentication Header (AH) or Encapsulating Security Payload
(ESP), but not both.
• For two-way secure communication, two SAs are required.
• Each SA is uniquely identified by a
• Security Parameters Index (SPI)
• destination IP address
• security protocol (AH or ESP).
• SAs manage cryptographic parameters and can be configured
manually or dynamically via Internet Key Exchange (IKE).
SA Parameters
• In an IPsec implementation, the Security Association Database (SAD)
defines parameters for each Security Association (SA).
• Key SA parameters include:
• Sequence Number Counter & Overflow Flag – Tracks packet sequences and
prevents overflow issues.
• Anti-Replay Window – Detects replayed packets.
• AH & ESP Information – Specifies authentication/encryption algorithms, keys,
and lifetimes.
• SA Lifetime – Defines when an SA should be replaced or terminated.
• IPsec Protocol Mode – Supports Tunnel or Transport mode.
• Path MTU – Tracks the maximum packet size allowed without fragmentation.
SA Selectors
• IPsec allows flexible and granular security policies for IP traffic. The
Security Policy Database (SPD) maps traffic to specific Security
Associations (SAs) or allows it to bypass IPsec.
• Each SPD entry defines a subset of traffic using selectors, which filter
outgoing packets and determine the required IPsec processing (AH or ESP).
• Key Selectors for SPD Entries:
• Destination & Source IP Address – Can be a single address, a range, or a wildcard.
• User ID – Identifies users if IPsec runs within the OS.
• Data Sensitivity Level – Categorizes traffic based on security classification.
• Transport Layer Protocol – Identifies traffic type (TCP, UDP, etc.).
• Source & Destination Ports – Matches specific port numbers or range
 TRANSPORT AND TUNNEL MODES
• Both AH and ESP support two modes of use: transport and tunnel mode
• Transport Mode
• Protects only the IP payload (e.g., TCP/UDP segments, ICMP messages).
• Used for end-to-end communication between two hosts (e.g., client-server).
• ESP encrypts and optionally authenticates the payload, while AH authenticates both
the payload and parts of the IP header.
• Tunnel Mode
• Protects the entire IP packet by encapsulating it inside a new IP packet with a new
outer IP header.
• Used when one or both ends are security gateways (e.g., firewalls, routers).
• ESP encrypts and optionally authenticates the inner packet (including its IP header).
• AH authenticates the entire inner packet and parts of the outer header.
• Tunnel mode is ideal for secure network-to-network communications via firewalls
or VPN gateways, hiding the original source and destination IPs.
• Transport and Tunnel Modes : Basic Operations
• Tunnel Mode and Transport Mode Functionality
 IPSec AUTHENTICATION HEADER(AH)
• Provides data integrity and authentication for IP packets.
• Ensures packets are not modified in transit.
• Prevents address spoofing and filters traffic based on authentication.
• Guards against replay attacks using sequence numbers.
• Uses a Message Authentication Code (MAC) for verification,
requiring a shared secret key between parties.
• AH provides data integrity, data origin authentication, and
protection against replay attacks.
• Authentication Header
• The Authentication Header consists of the following fields
• Next Header (8 bits) – Identifies the type of header following AH.
• Payload Length (8 bits) – Specifies the AH length in 32-bit words minus 2.
• Reserved (16 bits) – Reserved for future use.
• Security Parameters Index (SPI) (32 bits) – Identifies the Security Association
(SA).
• Sequence Number (32 bits) – A counter to prevent replay attacks.
• Authentication Data (Variable) – Stores the Integrity Check Value (ICV) or
Message Authentication Code (MAC) for data integrity verification.
Anti-Replay Service in IPSec Authentication Header (AH)
• Replay Attack Prevention
• Attackers can capture and resend authenticated packets, causing
service disruptions.
• The Sequence Number field helps prevent such attacks.
• Sequence Number Generation
• A counter starts at 0 when a new Security Association (SA) is
established.
• It increments with each packet sent.
• First sequence number used is 1.If anti-replay is enabled (default
setting), the counter must not cycle past 2³² - 1.
• Once this limit is reached, a new SA and key must be negotiated.
• Anti reply Mechanism
• Receiver-Side Anti-Replay Window
• IPSec authentication requires a window of size W (default = 64).
• The right edge of the window is the highest sequence number N
received.
• Inbound Packet Processing
• If the received packet falls within the window and is new, the MAC is
checked. If the packet is authenticated, the corresponding slot in the
window is marked.
• If the received packet is to the right of the window and is new, the MAC
is checked. If the packet is authenticated, the window is advanced so
that this sequence number is the right edge of the window, and the
corresponding slot in the window is marked.
• If the received packet is to the left of the window, or if authentication
fails, the packet is discarded; this is an auditable event.
Integrity Check Value (ICV) in IPSec Authentication Header (AH)
• Definition & Purpose
1.The Authentication Data field holds the Integrity Check Value (ICV).
2.The ICV is a Message Authentication Code (MAC) or a truncated MAC
generated by a hash algorithm.
3.Used to verify the integrity and authenticity of a packet.
• Supported Hash Algorithms
1.HMAC-MD5-96 (Uses MD5 hash function)
2.HMAC-SHA-1-96 (Uses SHA-1 hash function)
• ICV Calculation Covers
• IP header fields that are immutable or predictable in transit.
• AH header, except the Authentication Data field (set to zero for calculation).
• Entire upper-level protocol data, assumed immutable in transit.
• Handling of IPv4 Fields
• Immutable fields: Internet Header Length, Source Address.
• Mutable but predictable: Destination Address (with routing options).
• Zeroed before calculation: Time to Live (TTL), Header Checksum
• Handling of IPv6 Fields
• Immutable fields: Version.
• Mutable but predictable: Destination Address.
• Zeroed before calculation: Flow Label.
• Security Benefit
• Protects source and destination addresses, preventing address spoofing.
Transport and Tunnel Modes in IPSec Authentication
• Transport Mode
• Authentication is end-to-end between two devices (server and workstation).
• Both devices must share a protected secret key for secure communication.
• Typically used for host-to-host communication within the same or different
networks.
• Only the IP payload (upper-layer protocol data) is authenticated, not the IP header.
• Tunnel Mode
• Authentication is between a workstation and a corporate firewall (or between two
security gateways).
• Used when the destination server does not support authentication or for remote
access to a secure network.
• The entire original IP packet (header + payload) is encapsulated inside a new IP
packet.
• Provides authentication at the gateway level, ensuring security for all internal
communications.
End-to-End(Transport) versus End-to-Intermediate(Tunnel) Authentication
• Figure shows two ways in which the IPSec authentication service can be
used.
• In case 1,
• authentication is provided directly between a server and client workstations;
• the workstation can be either on the same network as the server or on an
external network.
• As long as the workstation and the server share a protected secret key, the
authentication process is secure.
• This case uses a transport mode SA.
• In case2,
• a remote workstation authenticates itself to the corporate firewall, for access
to the entire internal network or two private network can be connected
through internet.
• This case uses a tunnel mode SA.
• Before applying AH

• Transport Mode AH
• IPv4:
• AH is inserted after the original IP header and before the IP payload (e.g.,
TCP segment).
• Authentication covers the entire packet, except for mutable fields (set to
zero for MAC calculation).
• IPv6:
• AH is treated as an end-to-end payload (not processed by intermediate
routers).
• AH is placed after the IPv6 base header and follows hop-by-hop, routing,
and fragment extension headers.
• Destination options header may appear before or after AH, depending on
desired behavior.
• Authentication covers the entire packet, excluding mutable fields (zeroed
for MAC calculation).
• Tunnel Mode AH
• AH is inserted between the original (inner) IP header and a new outer IP
header.
• The inner IP header holds the original source and destination IP addresses.
• The outer IP header may contain different IP addresses (e.g., those of security
gateways or firewalls).
• Authentication Scope:
• The entire inner IP packet (including the inner IP header) is authenticated.
• The outer IP header is protected except for mutable fields (which are zeroed).
IPSec ENCAPSULATING SECURITY PAYLOAD(ESP)
• Encapsulating Security Payload (ESP) is a core component of the
IPsec (Internet Protocol Security) suite.
• It provides confidentiality, integrity, and authentication for network
traffic at the IP layer.
• ESP is widely used for securing VPNs (Virtual Private Networks) and
other encrypted communications over untrusted networks.
ESP Packet Format
• Security Parameters Index (32 bits): Identifies a security association.
• Sequence Number (32 bits): A monotonically increasing counter value; this
provides an anti replay function, as discussed for AH.
• Payload Data (variable): This is a transport-level segment (transport mode) or
IP packet (tunnel mode) that is protected by encryption.
• Padding (0255 bytes): Used for block cipher alignment and to obtaining
payload length.
• Pad Length (8 bits): Indicates the number of pad bytes immediately preceding
this field.
• Next Header (8 bits): Identifies the type of data contained in the payload data
field by identifying the first header in that payload (for example, an extension
header in IPv6, or an upper-layer protocol such as TCP
• Authentication Data (variable): A variable-length field (must be an integral
number of 32-bit words) that contains the Integrity Check Value computed
over the ESP packet minus the Authentication Data field
Encryption and Authentication Algorithms
• ESP provides confidentiality, integrity, and authentication for IP packets. It
encrypts the Payload Data, Padding, Pad Length, and Next Header fields,
ensuring data protection during transmission.
• Encryption is used to protect the payload from eavesdropping. If an
encryption algorithm requires an Initialization Vector (IV), it is typically
included at the beginning of the Payload Data field (but remains
unencrypted).
• Supported Encryption Algorithms:
• DES (Data Encryption Standard) in Cipher Block Chaining (CBC) Mode (Mandatory in
older specifications, but now considered weak).
• Triple DES (3DES) – Uses three DES keys for stronger encryption.
• RC5 – A symmetric block cipher with variable key sizes.
• IDEA (International Data Encryption Algorithm) – A strong symmetric encryption
algorithm.
• Triple IDEA – A stronger version of IDEA using multiple keys.
• CAST – A block cipher known for its security and speed.
• Blowfish – A fast, flexible cipher with variable key length.
• Modern ESP implementations commonly use AES (Advanced
Encryption Standard), which has replaced older algorithms like DES
and 3DES.
• ESP optionally supports Message Authentication Codes (MACs) to
ensure data integrity and authenticity.
• Supported Authentication Algorithms:
• HMAC-MD5-96 – Uses the MD5 hashing algorithm with HMAC (producing a
96-bit digest).
• HMAC-SHA-1-96 – Uses SHA-1 with HMAC (also producing a 96-bit digest).
• Modern implementations prefer HMAC-SHA-256, HMAC-SHA-384,
and HMAC-SHA-512 due to stronger security.
IPSec ESP Services: Transport and Tunnel Modes
• IPsec ESP can operate in two different modes: Transport Mode and Tunnel Mode.
These modes determine how encryption and authentication are applied to
network traffic.
• Transport Mode (Host-to-Host Security)
• Encryption and authentication are applied directly between two hosts
(endpoints).
• Only the payload (Transport Layer segment, e.g., TCP, UDP data) is encrypted
and/or authenticated.
• The original IP header remains unchanged (not encrypted).
• Used when both sender and receiver support IPsec.
• Tunnel Mode (Gateway-to-Gateway Security, VPNs)
• Entire original IP packet (header + payload) is encrypted.
• A new IP header is added, encapsulating the original packet.
• Used in VPNs (Virtual Private Networks) where end-hosts do not need to
implement IPsec.
• Transport-Mode vs. Tunnel-Mode Encryption
• Transport Mode ESP
• Transport mode operation may be summarized as follows:
• Step 1: Encryption at the Source
• The ESP Trailer + Transport Layer Segment (TCP/UDP payload) is encrypted.
• The plaintext transport segment is replaced with ciphertext.
• If authentication is enabled, an ESP Authentication Data field is added.
• The original IP header remains unchanged.
• Step 2: Packet Routing
• The packet is forwarded through the network like a regular IP packet.
• Routers process the IP header to determine where to send the packet.
• The ESP-encrypted payload remains hidden from routers.
• Step 3: Decryption at the Destination
• The receiving destination host reads the Security Parameters Index (SPI) from
the ESP Header.
• The ESP payload is decrypted, restoring the original transport-layer segment.
• If authentication is enabled, integrity is verified before decryption.
• Tunnel Mode ESP
• Tunnel mode ESP operation may be summarized as follows
• Step 1: Packet Preparation (At the Source)
• The original IP packet (IP Header + Transport Data) is created.
• The ESP header is added before encryption.
• The entire inner IP packet (IP Header + ESP Header + Encrypted Data + ESP Trailer) is
encrypted.
• If authentication is enabled, an ESP Authentication Data field is added.
• A new outer IP header is added, allowing the packet to be routed.
• Step 2: Packet Routing (Through the Internet)
• The packet is routed across the public network to the destination gateway.
• Routers process only the outer IP header (they cannot inspect the encrypted inner IP
packet).
• Traffic analysis is countered because the original IP addresses and data remain hidden.
• step 3: Decryption at the Security Gateway
• The receiving firewall (or VPN gateway) processes the outer IP header and decrypts the
ESP payload.
• The original inner IP packet is extracted and sent into the internal network.
 COMBINING SECURITY ASSOCIATIONS
• IPsec uses Security Associations (SAs) to define how security
services (AH, ESP) are applied to traffic.
• However, a single SA can only implement either AH or ESP, not
both.
• In cases where both authentication and confidentiality are
required, SA bundling is used.
• A Security Association Bundle refers to a sequence of multiple SAs
applied to the same traffic flow to provide layered security. These SAs
can either:
• Terminate at different endpoints (e.g., host-to-firewall and then
firewall-to-host).
• Terminate at the same endpoints but apply multiple layers of security.
Methods of Combining Security Associations
• IPsec provides two ways to combine SAs:
1. Transport Adjacency (Multiple Security Protocols on the Same IP
Packet)
• AH and ESP are both applied to a packet, without tunneling.
• ESP encrypts the payload, while AH authenticates more of the packet
(including the IP header).
• Only one level of combination is possible because both protocols operate at
the same IPsec instance.
• Example:
• ESP Transport Mode is applied first → Encrypts the payload.
• AH Transport Mode is applied second → Authenticates the ESP-encrypted payload and
the IP header.
• Advantage: More fields are authenticated (source/destination IPs are
included).
• Disadvantage: Higher overhead due to two security protocols.
2.Iterated Tunneling (Multiple Layers of Security via IP
Tunneling)
• Multiple nested tunnels are used, where each tunnel applies a
security layer.
• Each tunnel may originate or terminate at different security
gateways or hosts.
• Example:
• A VPN uses ESP Tunnel Mode between firewalls to encrypt entire IP
packets.
• Inside the tunnel, another ESP or AH SA is applied for end-to-end security
between hosts.
• Advantage: Multiple layers of encryption and authentication
protect against attacks.
• Disadvantage: More computational overhead and processing
time.
Authentication Plus Confidentiality (Combining Encryption & Authentication)
• Encryption (ESP) and authentication (AH) can be combined in different ways
to secure IP packets.
1. ESP with Authentication Option
• ESP encrypts the payload and adds authentication for integrity verification.
• Authentication applies to the ciphertext (not the plaintext).
• Modes
• ESP Transport Mode: Encrypts only the payload; authentication covers
encrypted data.
• ESP Tunnel Mode: Encrypts the entire IP packet; authentication applies
to the entire encrypted packet.
• Benefit: Protects against tampering and ensures confidentiality in one
protocol.
2. Transport Adjacency (ESP + AH)
• Uses two transport-mode SAs:
• Inner SA: ESP (without authentication) → Encrypts the payload.
• Outer SA: AH → Authenticates the ESP packet plus the original IP header.
• Benefit:
• Stronger authentication (since AH covers the IP header).
• Drawback:
• More overhead (two SAs instead of one).
3. Transport-Tunnel Bundle (AH Transport + ESP Tunnel)
• AH is applied first in Transport Mode → Authenticates the payload and IP
header.
• ESP Tunnel Mode is applied next → Encrypts the entire authenticated
packet and encapsulates it in a new IP header
• Benefit:
• Authentication data is protected by encryption, preventing alteration.
• Ideal for VPNs where authentication is needed before encryption.
WEB SECURITY
 WEB SECURITY CONSIDERATIONS
• The Web operates on a client/server model over the Internet and
TCP/IP intranets.
• Web security is crucial to protect data, users, and business operations.
• Unique Web Security Challenges
• Two-Way Nature of the Internet : Unlike traditional publishing, Web servers
can be attacked over the Internet.
• High Visibility & Business Risk : Security breaches can damage reputations and
cause financial losses.
• Complexity of Web Software : Complex systems may hide security
vulnerabilities.
• Web Servers as Attack Entry Points : A compromised web server can expose an
entire organization's IT infrastructure.
• Untrained Users & Security Risks : Many users are unaware of security threats
and lack the tools to mitigate them.
Web Security Threats
• Security Threat Classification
1. Passive Attacks:
• Eavesdropping – Monitoring network traffic between browser and server.

• Unauthorized Access – Gaining information meant to be restricted.

2. Active Attacks:
• Impersonation – Pretending to be another user.

• Message Tampering – Altering messages between client and server.

• Content Modification – Changing information on a Web site.

• A Comparison of Threats on the Web
Web Traffic Security Approaches
• Relative Location of Security Facilities in the TCP/IP Protocol Stack

1. Network Level
• One way to provide Web security is to use IP security (IPsec)
• Advantage of using IPsec: it is transparent to end users and
applications and provides a general-purpose solution
• IPsec includes a filtering capability so that only selected
traffic need incur the overhead of IPsec processing
2. Transport level
• Secure Sockets Layer (SSL) and the follow-on
Internet standard known as Transport Layer
Security (TLS)
• At this level, there are two implementation
choices
• For full generality, SSL (or TLS) could be provided
as part of the underlying protocol suite and
therefore be transparent to applications
• Alternatively, SSL can be embedded in specific
packages
3. Application level
• Application-specific security services are embedded within the particular
application
• Advantage: service can be tailored to the specific needs of a given
application
 SECURE SOCKET LAYER AND TRANSPORT LAYER
SECURITY (SSL/TLS)
• Secure socket layer (SSL) provides security services between TCP and
applications that use TCP.
• The Internet standard version is called transport layer service (TLS).
• SSL/TLS provides confidentiality using symmetric encryption and
message integrity using a message authentication code.
• SSL/TLS includes protocol mechanisms to enable two TCP users to
determine the security mechanisms and services they will use.
SSL Architecture
• SSL is designed to make use of TCP to provide a reliable end-to-end
secure service.
• SSL is not a single protocol but rather two layers of protocols.
• The SSL Record Protocol provides basic security services to various
higher-layer protocols.
• Hypertext Transfer Protocol (HTTP), which provides the transfer
service for Web client/server interaction, can operate on top of SSL.
• Three higher-layer protocols are defined as part of SSL:
• The Handshake Protocol,
• The Change Cipher Spec Protocol,
• The Alert Protocol.
• SSL Protocol Stack
• Two important SSL concepts
• SSL Connection
• A connection is a transport (in the OSI layering model definition) that provides a suitable
type of service.
• Each connections are peer-to-peer relationships.
• The connections are transient.
• Every connection is associated with one session.
• SSL Session
• An SSL session is an association between a client and a server.
• Sessions are created by the Handshake Protocol.
• Sessions define a set of cryptographic security parameters, which can be shared among
multiple connections.
• Sessions are used to avoid the expensive negotiation of new security parameters for
each connection.
• A session state is defined by the following parameters.
• Session identifier: An arbitrary byte sequence chosen by the server to
identify an active or resumable session state.
• Peer certificate: An X509.v3 certificate of the peer. This element of the state
may be null.
• Compression method: The algorithm used to compress data prior to
encryption.
• Cipher spec: Specifies the bulk data encryption algorithm (such as null, AES,
etc.) and a hash algorithm (such as MD5 or SHA-1) used for MAC calculation.
It also defines cryptographic attributes such as the hash_size.
• Master secret: 48-byte secret shared between the client and server.
• Is resumable: A flag indicating whether the session can be used to initiate
new connections.
• A connection state is defined by the following parameters:
• Server and client random: Byte sequences that are chosen by the server and client
for each connection.
• Server write MAC secret: The secret key used in MAC operations on data sent by the
server.
• Client write MAC secret: The secret key used in MAC operations on data sent by the
client.
• Server write key: The conventional encryption key for data encrypted by the server
and decrypted by the client.
• Client write key: The conventional encryption key for data encrypted by the client
and decrypted by the server.
• Initialization vectors: When a block cipher in CBC mode is used, an initialization
vector (IV) is maintained for each key. This field is first initialized by the SSL
Handshake Protocol. Thereafter the final ciphertext block from each record is
preserved for use as the IV with the following record.
• Sequence numbers: Each party maintains separate sequence numbers for
transmitted and received messages for each connection. When a party sends or
receives a change cipher spec message, the appropriate sequence number is set to
zero. Sequence numbers may not exceed 264 1
1. SSL Record Protocol
• The SSL Record Protocol provides two services for SSL connections:
• Confidentiality:
• The Handshake Protocol defines a shared secret key that is used
for conventional encryption of SSL payloads.
• Message Integrity:
• The Handshake Protocol also defines a shared secret key that is
used to form a message authentication code (MAC).
• SSL Record Protocol operation
• The Record Protocol takes an application
message to be transmitted.
• First step is fragmentation. Each upper-
layer message is fragments the data into
manageable blocks of214 bytes.
• Next optionally compresses the data,
Compression must be lossless and may
not increase the content length by more
than 1024 bytes.
• applies a MAC, encrypts, adds a header,
and transmits the resulting unit in a TCP
segment.
• Received data are decrypted, verified,
decompressed, and reassembled and
then delivered to higher-level users.
• The calculation is defined as
hash(MAC_write_secret || pad_2 ||
hash(MAC_write_secret || pad_1 || seq_num ||
SSLCompressed.type ||
SSLCompressed.length ||
SSLCompressed.fragment))
• SSL Record Format
2. SSL Change Cipher Spec Protocol
• The Change Cipher Spec Protocol is one of the three SSL-specific protocols
(alongside the Handshake Protocol and the Alert Protocol) that operate within
the SSL Record Protocol.
• It plays a crucial role in transitioning from the initial handshake phase to an
encrypted session.
• The Change Cipher Spec message is a single byte with a value of 1.
• It is sent by both the client and server during the SSL/TLS handshake after the
handshake parameters (like encryption keys and algorithms) have been
agreed upon.
• The purpose of this message is to copy the pending security parameters
(negotiated during the handshake) into the current security state.
• This means that all subsequent messages sent over the connection will be
encrypted using the newly established cipher suite.
3. Alert Protocol
• Purpose: Sends SSL-related alerts between client and server.
• Encryption: Alerts are compressed and encrypted as per the current session
state.
• Message Structure

• First byte → Severity level:

• Warning (1): Connection can continue.
• Fatal (2): Connection is immediately terminated.
• Second byte → Alert code (indicates the specific issue).
• Fatal Alerts:
• Handshake failure
• Bad record MAC
• Decryption failure
• Illegal parameter
• Unexpected message

• Impact of Fatal Alerts:

• The affected connection closes immediately.
• Other connections in the same session may continue.
• No new connections can be established in that session.
4. Handshake Protocol
• The most complex part of SSL is the Handshake Protocol.
• This protocol allows the server and client to authenticate each other and to
negotiate an encryption and MAC algorithm and cryptographic keys to be
used to protect data sent in an SSL record.
• The Handshake Protocol is used before any application data is transmitted.
• The Handshake Protocol consists of a series of messages exchanged by client
and server.
• Each message has three fields:
• Type (1 byte): Indicates one of 10 messages.
• Length (3 bytes): The length of the message in bytes.
• Content ( 17.2. 0 bytes): The parameters associated with this message
• SSL Handshake Protocol Message Types
• Handshake Protocol Action
 TUTORIAL 4
• SSL Cryptographic computations
• Transport layer security.