Network Security

Digvijaysinh Mahida, Assistant Professor

Computer science and Engineering Department
 CHAPTER-6
Network Security & Security at Network
Layer
Introduction to TCP/IP protocol stack
OSI Reference Model

Application Layer Application

Presentation Layer

SNMP
SMTP
HTTP

DNS

NFS
FTP

FTP
Session Layer
Transport Layer TCP, UDP
Network Layer IP
Logical Link Layer Device Driver
Physical Layer Network Adapter
Cont...
▪ HTTP: Hypertext Transfer Protocol. an application-layer protocol for
transmitting hypermedia documents, such as HTML.
▪ SMTP: Simple Mail Transfer Protocol. method to transfer mail from one user
to another.
▪ FTP: File Transfer Protocol. used for transmitting the files from one host to
another.
▪ DNS: Domain Name System. translates human readable domain names to
machine readable IP addresses
▪ SNMP: Simple Network Management Protocol. is an Internet Standard
protocol for collecting and organizing information about managed devices on
IP networks
▪ NFS: Network File System. mechanism for storing files on a network
Types of Network
▪ A computer network is a connection between two or more network devices,
like computers, routers, and switches, to share network resources.
▪ Types of Network
▪ According to the communication requirements, multiple types of network
connections are available.
Local Area Network (LAN)
▪ The Local Area Network (LAN) is designed to connect multiple network devices
and systems within a limited geographical distance.
▪ The devices are connected using multiple protocols for properly and efficiently
exchanging data and services.
▪ The data transmit speed in the LAN network is relatively higher than the other
network types, MAN and WAN.
▪ LAN uses private network addresses for network connectivity for data and
service exchange, and it uses cable for network connection, decreasing error
and maintaining data security.
Metropolitan Area Network (MAN)
▪ The Metropolitan Area Network (MAN) is a network type that covers the
network connection of an entire city or connection of a small area.
▪ The area covered by the network is connected using a wired network, like data
cables.
▪ Network covers an entire town area or a portion of a city.
▪ Data transmission speed is relatively high due to the installation of optical
cables and wired connections.
Wide Area Network (WAN)
• The Wide Area Network (WAN) is designed to connect devices over large
distances like states or between countries.
• The connection is wireless in most cases and uses radio towers for
communication.
• The WAN network can be made up of multiple LAN and MAN networks.
• The speed of the WAN data transfer is lower than in comparison to LAN and
MAN networks due to the large distance covered.
• The WAN network uses a satellite medium to transmit data between multiple
locations and network towers.
SSL and TLS
▪ SSL was originated by Netscape
▪ TLS working group was formed within IETF
▪ First version of TLS can be viewed as an SSLv3.1
▪ SSL/TLS encrypts communications between a client and server, primarily web
browsers and web sites/applications.
▪ SSL (Secure Sockets Layer) encryption, and its more modern and secure
replacement, TLS (Transport Layer Security) encryption, protect data sent
over the internet or a computer network.
▪ SSL/TLS uses both asymmetric and symmetric encryption to protect the
confidentiality and integrity of data-in-transit.
▪ Asymmetric encryption is used to establish a secure session between a client
and a server, and symmetric encryption is used to exchange data within the
secured session.
SSL Architecture
SSL Architecture
Secure Socket Layer Protocols:
SSL record protocol:
◻ SSL Record provides two services to SSL connection.
1. Confidentiality
2. Message Integrity
◻ In the SSL Record Protocol application data is divided into fragments.
◻ The fragment is compressed and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended.
◻ After that encryption of the data is done and in last SSL header is appended to
the data.
SSL Architecture
Handshake protocol
◻ Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each
other. Handshake protocol uses four phases to complete its cycle.
◻ Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purposes.
◻ Phase-2: Server sends his certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.
◻ Phase-3: In this phase, Client replies to the server by sending his certificate and
Client-exchange-key.
◻ Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake
Protocol ends.
SSL Architecture
Change-cipher spec protocol
◻ Unless Handshake Protocol is completed, the SSL record Output will be in a
pending state. After the handshake protocol, the Pending state is converted into
the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and
can have only one value. This protocol’s purpose is to cause the pending state to
be copied into the current state.
Alert protocol
◻ This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.
SSL Record Format
SSL Record Format
SSL Record Protocol Payload

≥
Handshake Protocol
▪ The most complex part of SSL.
▪ Allows the server and client to authenticate
each other.
▪ Negotiate encryption, MAC algorithm and
cryptographic keys.
▪ Used before any application data are transmitted.
SSL Handshake Protocol Message Types
Handshake Protocol Action
Transport Layer Security
▪ The same record format as the SSL record format.
▪ Defined in RFC 2246.
▪ Similar to SSLv3.
▪ Differences in the protocols:
▪ version number
▪ message authentication code
▪ pseudorandom function
▪ alert codes
▪ cipher suites
▪ client certificate types
▪ Certificate verify and finished message
▪ cryptographic computations
▪ padding
Types of Network Attacks
Malware. Malware is malicious software such as
spyware, ransomware, viruses and worms. ...
Emotet. ...
Denial of Service. ...
Man in the Middle. ...
Phishing. ...
SQL Injection. ...
Password Attacks.
IPSec Security Protocols
◻ Authentication Header (AH)
◻ Encapsulating Security Payload (ESP)
Authentication Header (AH)
◻ Authentication Header (AH) provides:
- Connectionless integrity
- Data origin authentication
-Protection against replay attacks
◻ There are two main advantages that Authentication
Header Message Integrity – It means, message is not
modified while coming from the source.
• Source Authentication – It means, the source is exactly
the source from whom we were expecting data
Encapsulating Security Payload (ESP)

◻ Encapsulating Security Payload (ESP) provides:

- Confidentiality (encryption)
- Connectionless integrity
- Data origin authentication
- Protection against reply attacks

- Both protocols may be used alone or applied in

combination with each other.

Real World Deployment Examples

◻ VPNs
Encrypted / Authenticated

Internet

SG

◻ Wireless
Internet
IPSec Internet Key Exchange (IKE)
Internet Key Exchange (IKE) is a secure key management
protocol that is used to set up a secure, authenticated
communications channel between two devices. IKE does
the following: Negotiates and manages IKE and IPsec
parameters. Authenticates secure key exchange.
Internet Key Exchange (IKE) is the standard used for
remote host, network access, and virtual private network
(VPN) access.
IPSec Internet Key Exchange (IKE)

IKE enables two parties on the Internet to communicate

securely. Specifically it is a key management protocol
used to set up a security association (SA) using Internet
Protocol Security (IPsec).
IKE uses X.509 certificates to authenticate, whether
pre-shared or distributed, and a Diffie–Hellman key
exchange to create a shared session secret through
which cryptographic keys are derived
.
IPSec Security Protocols

◻ IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header).
◻ IPSec Architecture includes protocols, algorithms, DOI, and Key Management. All
these components are very important in order to provide the three main services:
◻ Confidentiality
◻ Authentication
◻ Integrity
IPSec Security Protocols
IPSec Security Protocols

1. Architecture: Architecture or IP Security Architecture covers the general concepts,

definitions, protocols, algorithms, and security requirements of IP Security
technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service. Encapsulation Security Payload is implemented in either two ways:
◻ ESP with optional Authentication.
◻ ESP with Authentication.
IPSec Security Protocols

Packet Format:
IPSec Security Protocols

◻ Security Parameter Index(SPI): This parameter is used by Security Association. It

is used to give a unique number to the connection built between the Client and
Server.
◻ Sequence Number: Unique Sequence numbers are allotted to every packet so
that on the receiver side packets can be arranged properly.
◻ Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
◻ Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
◻ Next Header: Next header means the next payload or next actual data.
◻ Authentication Data This field is optional in ESP protocol packet format.
IPSec Security Protocols

◻ 3. Encryption algorithm: The encryption algorithm is the document that describes

various encryption algorithms used for Encapsulation Security Payload.
◻ 4. AH Protocol: AH (Authentication Header) Protocol provides both
Authentication and Integrity service. Authentication Header is implemented in
one way only: Authentication along with Integrity.
IPSec Security Protocols

Authentication Header covers the packet format and general issues related to the
use of AH for packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and
ESP protocols. It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how
the keys are exchanged between sender and receiver.
www.paruluniversity.ac.in