CRYPTOGRAPHY

CSC-316
BSc CSIT 5th Semester
Unit-6

Santosh Sharma
College of Applied Business
 CRYPTOGRAPHY

Unit- 6
CSC-316
For BSc CSIT Fifth Semester
References:
W . Stalling , Cryptography & Network Security , Pearson Education
Mark Stamp , Information Security :Principles & Practices
 6. Network Security and Public Key Infrastructure(6Hrs)
6.1. Overview of Network Security

6.2. Digital Certificates and X.509 certificates, Certificate Life Cycle Management

6.3. PKI trust models, PKIX

6.4. Email Security: Pretty Good Privacy (PGP), Services provided by PGP

6.5. Secure Socket Layer (SSL) Protocol

6.6. Transport Layer Security (TLS) Protocol

6.7. IP Security (IPSec) Protocol

6.8. Firewalls, Firewall Characteristics, Types of Firewalls: Packet filtering firewall,

Circuit-level gateway, Stateful inspection firewall, Proxy firewall, Next-generation
6.1 Overview of Network Security
How does network security works?
 6.2. Digital Certificates

• A digital certificate is a digital form of identification, like a passport. A digital certificate

provides information about the identity of an entity. A digital certificate is issued by a

Certification Authority (CA). Examples of trusted CA across the world are Verisign,

Entrust, etc. The CA guarantees the validity of the information in the certificate.
Digital Certificate Example
 X.509 Certificates: Overview
• issued by a Certification Authority (CA), containing:

• version (1, 2, or 3)

• serial number (unique within CA) identifying certificate

• signature algorithm identifier

• issuer X.500 name (CA)

• period of validity (from - to dates)

• subject X.500 name (name of owner)

• subject public-key info (algorithm, parameters, key)

• issuer unique identifier (v2+)

• subject unique identifier (v2+)

• extension fields (v3)

• signature (of hash of all fields in certificate)

 X.509 Authentication Service

• X.509 is part of the X.500 series of recommendations that define a directory service, being
a server or distributed set of servers that maintains a database of information about users.
• X.509 defines a framework for the provision of authentication services by the X.500
directory to its users.
• The X.509 certificate format is widely used, in for example S/MIME, IP Security and
SSL/TLS and SET.
• part of CCITT X.500 directory service standards
• distributed servers maintaining user info database
• defines framework for authentication services
• directory may store public-key certificates
• with public key of user signed by certification authority
 X.509 Authentication Service

• also defines authentication protocols

• uses public-key crypto & digital signatures

• algorithms not standardised, but RSA recommended

• X.509 certificates are widely used

 Certificates

The heart of the X.509 scheme is the public-key certificate associated with each user.
These user certificates are assumed to be created by some trusted certification authority
(CA) and placed in the directory by the CA or by the user.
• Version:

Differentiates among successive versions of the certificate format; the default is version 1.
If the Issuer Unique Identifier or Subject Unique Identifier are present, the value must be
version 2. If one or more extensions are present, the version must be version 3.
• Serial number:

An integer value, unique within the issuing CA, that is unambiguously associated with this
certificate.
• Signature algorithm identifier:

The algorithm used to sign the certificate, together with any associated parameters.
Because this information is repeated in the Signature field at the end of the certificate, this
field has little, if any, utility.
• Issuer name:

X.500 name of the CA that created and signed this certificate.

• Period of validity:

Consists of two dates: the first and last on which the certificate is valid.

Subject name:

The name of the user to whom this certificate refers. That is, this certificate certifies the
public key of the subject who holds the corresponding private key.
Subject's public-key information:

The public key of the subject, plus an identifier of the algorithm for which this key is to be
used, together with any associated parameters.

• Issuer unique identifier:

An optional bit string field used to identify uniquely the issuing CA in the event the X.500
name has been reused for different entities.

• Subject unique identifier:

An optional bit string field used to identify uniquely the subject in the event the X.500
name has been reused for different entities.
• Extensions:

A set of one or more extension fields. Extensions were added in version 3 and are
discussed later in this section.
• Signature:

Covers all of the other fields of the certificate; it contains the hash code of the other fields,
encrypted with the CA's private key. This field includes the signature algorithm identifier.

The standard uses the following notation to define a certificate: CA<<A>> = CA {V, SN,
AI, CA, T A , A, Ap}

where Y <<X>> = the certificate of user X issued by certification authority Y Y {I} = the
signing of I by Y. It consists of I with an encrypted hash code appended
X.509 Certificates
 Authentication Procedures

X.509 includes three alternative authentication procedures:

• One-Way Authentication

• Two-Way Authentication

• Three-Way Authentication

• all use public-key signatures

1) One-Way Authentication

• 1 message ( A->B) used to establish

– the identity of A and that message is from A

 Authentication Procedures

2) Two-Way Authentication
• 2 messages (A->B, B->A) which also establishes
• identity of B and that replay is from B
• reply intended for A
• integrity & originality of reply
• reply includes original nonce from A, also timestamp and nonce from B
• may include additional info for A
 Authentication Procedures

3) Three-Way Authentication
• 3 messages (A->B, B->A, A->B) which enables
• as reply from A back to B containing signed copy of nonce from B
• means that timestamps need not be checked or relied upon
• above authentication without synchronised clocks
 Certificate Extensions

The certificate extensions fall into three main categories:

• key and policy information - convey additional information about the subject and issuer
keys, plus indicators of certificate policy

• subject and issuer attributes - support alternative names, in alternative formats, for a
certificate subject or certificate issuer and can convey additional information about the
certificate subject

• certification path constraints - allow constraint specifications to be included in certificates

issued for CA’s by other CA’s
 Certificate Lifecycle Management
• As network environments continue to expand, securing digital communications between components increases in
complexity. Digital certificates establish the credentials of network components and ensure the secure transmission
of sensitive information between client and server through identity authentication and data encryption.

• A large deployment of digital certificates and private keys must be managed and doing so taxes an organization's
time and resources. Managing multiple certificates with differing expiration dates issued by different vendors
challenges even the most sophisticated enterprise.

• Many organizations institute a Managed Public Key Infrastructure (MPKI) initiative to alleviate the strain.
However, much of an MPKI initiative involves tedious, resource-intensive tasks. Failing to complete those tasks
can result in the expiration of certificates that can put your network at risk, knock your organization out of
compliance, make servers and other network assets unavailable and damage your brand due to network downtime
 6.3 Public Key Infrastructure(PKI) [TU-2074,2076]

• A framework for managing digital certificates and public key encryption.

• The purpose of PKI is to facilitate the secure electronic transfer of information over the
Internet.

• It includes Message digest, Digital signatures and Encryption services.

• Such as online shopping, online banking and e-,mail communications.

• There are many policies, standards, procedures in PKI, but all is for building “trust”.

1) Direct Trust

2) Third Party Trust

 Public Key Infrastructure(PKI)

1) Direct Trust
 Public Key Infrastructure(PKI)
2) Third Party Trust
 Public Key Infrastructure
• RFC 2822 (Internet Security Glossary) defines public-key infrastructure
(PKI) as the set of hardware, software, people, policies, and procedures
needed to create, manage, store, distribute, and revoke digital certificates
based on asymmetric cryptography.
• The IETF Public Key Infrastructure X.509 (PKIX) working group has setup a
formal (and generic) model based on X.509 that is suitable for deploying a
certificate-based architecture on the Internet.
• Figure below shows the interrelationship among the key elements of the
PKIX model, and lists the various management functions needed.
Public Key Infrastructure
PKI trust models , PKIX
Purpose of PKI
• To distribute public keys securely
• Requires
- Certificates and Certification Authorities
- Method for retrieving certificates
- Method for revoking certificates
- Method for evaluating certificates from trust anchors
PKI trust models, PKIX
Chain of Certificates
• A needs D’s public key
• A trusts B
• A receives C’s certificate from B and signed by B
• C signs D’s certificate
• A accepts D’s certificate signed by C since its trust anchor B has vouched
for C
PKI trust models, PKIX
Terminology in PKIs
• A is the subject of its own certificate
• If A’s certificate is signed by B, then B is the issuer
• A chain of certificates is evaluated by the verifier or relying party
• Any owner of a public key is a principal
• A verifier trusts a trust anchor to sign certificate
PKI Trust Models[TU-
• Monopoly
• Monopoly plus registration authorities
• Delegated Certification Authorities
• Oligarchy
• Anarchy
• Name Constraints
• Bottom-up with Name Constraints
• Name Constraints in Certificates
• Policies in Certificates
 PKI trust models
1) Monopoly
• One CA acts as trust anchor for all principals
• Public key of CA embedded in all principal hardware
• Problem of finding single object of trust
• Secure registration problematic
• CA private key compromise presents severe security problem
 PKI trust models
2) Monopoly plus Registration Authorities
• Single CA signs all certificates but registration authorities verify registration
details
• Like monopoly model requires single object of trust
• CA private key compromise presents severe security problem
 PKI trust models
3) Delegated CAs
• Single trusted CA issues certificates for delegates
• Certificates confirm delegate keys and their suitability to act as delegated Cas
• Still requires a single object of trust
• Similar security issues to monopoly model
 PKI trust models
4) Oligarchy
• Principals are configured with many potential trust anchors
• Any certificates issued by configured trust anchors would be accepted
• Less secure than monopoly model since total security compromised if any
configured trust anchor is compromised
• Exposure to rogue trust anchors
• Used by web browsers
 PKI trust models
5) Anarchy
• Each principal configures own trust anchors
• To find path to distant party search database for links
• Problem with scale
• Problem of trust in loose chain
• Used in Pretty Good Privacy (PGP)
 PKI trust models
6) Name Constraints
• CA trusted for subset of users
• e.g. Imperial CA would be trusted for
name@imperial.ac.uk but not for
name@eng.oxon.ac.uk
• User might have several names but one public key confirmed by each CA
• May be configured top-down like monopoly with delegates with each delegate
with own namespace
 PKI trust models
7) Name Constraints (Bottom-up)
• Use common ancestor or cross-links
• e.g. name@imperial.ac.uk to name@eng.oxon.ac.uk could use common
ancestor (.ac.uk) or a crosslink from imperial to oxon
• Proposed by Digital (Compaq) and similar to that used by Lotus Notes
• A root service may be used to link organisations in absence of cross-links
 PKI trust models
8) Name Constraints and Policies in Certificates
• Name Constraints – PKIX allows issuer to specify what names subject can be
trusted to certify
• Policies in Certificates –used by Privacy Enhanced Mail (PEM) in which
single root CA issued certificates to multiple hierarchies each with its own
security policy
 PKI trust models
9) Revocation
• Revocation of certificate required if
- private key compromised
- principal no longer in position of trust
• Certificates have expiration times so that certificate revocation list (CRL) is
manageable
 PKI trust models
10) Revocation Mechanisms
• Delta CRLs – publish latest revocations and not complete list
• On-line Revocation Server (OLRS) for complete list of revocations
• OLRS could issue “not revoked at time” certificate to ease congestion at
server
PKIX and X.509
• X.500 is ITU-T Directory Service
• PKIX specifies options in X.509
• IETF based certificate format on X.509
• S/MIME and SSL use X.509 certificates
 PKIX
• The PKIX Working Group was established in the fall of 1995 with the
goal of developing Internet standards to support X.509-based Public
Key Infrastructures (PKIs). Initially PKIX pursued this goal by
profiling X.509 standards developed by the CCITT (later the ITU-T).
Later, PKIX initiated the development of standards that are not
profiles of ITU-T work, but rather are independent initiatives
designed to address X.509-based PKI needs in the Internet. Over time
this latter category of work has become the major focus of PKIX work,
i.e., most PKIX-generated RFCs are no longer profiles of ITU-T X.509
documents.
• PKIX has produced a number of standards track and informational RFCs.
RFC 3280 (Certificate and CRL Profile), and RCF 3281 (Attribute
Certificate Profile) are recent examples of standards track RFCs that
profile ITU-T documents. RFC 2560 (Online Certificate Status
Profile), RFC 3779 (IP Address and AS Number Extensions), and RFC
3161 (Time Stamp Authority) are examples of standards track RFCs that
are IETF-initiated. RFC 4055 (RSA) and RFC 3874 (SHA2) are examples
of informational RFCs that describe how to use public key and hash algorithms in PKIs.
 X.509 and PKIX Certificates
• Version – 3 versions defined
• Serial number – integer and CA name is unique ID
• Signature – specifies algorithm
• Issuer – X.500 name of CA
• Validity – start-time and end-time
• Subject – X.500 name of subject
• Subject Public Key – algorithm used and public key
• Encrypted (PKIX Signature Value) – signature on above fields
 X.509 and PKIX CRLs
• Signature – as in certificate
• Issuer – as in certificate
• This Update – time CRL was issued
• User Certificate –serial no. of revoked certificate
• Revocation Date – time certificate was revoked
• Encrypted – the signature on above fields
Contents
6.4. Email Security: Pretty Good Privacy (PGP)
6.5. Secure Socket Layer (SSL) Protocol
6.6 Transport Layer Security (TLS) Protocol
6.7. IP Security (IPSec) Protocol
6.8. Firewalls, Firewall Characteristics, Types of Firewalls: Packet
filtering firewall, Circuit-level gateway, Stateful inspection firewall,
Proxy firewall, Next-generation firewall
ISO/OSI
Model
Security at Different Layers
6.4 Security at the Application Layer: E-Mail
• In virtually all distributed environments, electronic mail is the most
heavily used network-based application.
• Users expect to be able to, and do, send e-mail to others who are
connected directly or indirectly to the Internet, regardless of host
operating system or communications suite.
• With the explosively growing reliance on e-mail, there grows a demand
for authentication and confidentiality services.
• Two schemes stand out as approaches that enjoy widespread use: Pretty
Good Privacy (PGP) and S/MIME. We discuss in detail the PGP approach.
Pretty good privacy:(PGP) [TU- 2067,068,069,076]
• PGP is a public key encryption package to protect e-mail and data files.
• It lets you communicate securely with people you've never met, with no
secure channels needed for prior exchange of keys.
• It's well featured and fast, with sophisticated key management, digital
signatures, data compression, and good ergonomic design.
• PGP is a remarkable phenomenon.
• Largely the effort of a single person, Phil Zimmermann,
• PGP provides a confidentiality and authentication service that can be used
for electronic mail and file storage applications.
Pretty good privacy:
The steps involved in PGP are:
• Select the best available cryptographic algorithms as building blocks.
• Integrate these algorithms into a general purpose application that is
independent of operating system and processor and that is based on a
small set of easy-to-use commands.
• Make the package and its documentation, including the source code,
freely available via the internet, bulletin boards and commercial networks.
• Enter into an agreement with a company to provide a fully compatible,
low cost commercial version of PGP.
Pretty good privacy:
PGP has grown explosively and is now widely used. A number of
reasons can be cited for this growth.
• It is available free worldwide in versions that run on a variety of
platform.
• It was not developed by, nor it is controlled by, any governmental or
standards organization.
• It is based on algorithms that have survived extensive public review and
are considered extremely secure.
• e.g.: RSA, DSS and Diffie Hellman for public key encryption CAST-
128, IDEA and 3DES for conventional encryption SHA-1 for hash
coding.
Operational description
The actual operation of PGP consists of five services: authentication,
confidentiality, compression, e-mail compatibility and segmentation.
1. Authentication: The sequence for authentication is as follows:
• The sender creates the message
• SHA-1 is used to generate a 160-bit hash code of the message
• The hash code is encrypted with RSA using the sender’s private key and
the result is prepended to the message
• The receiver uses RSA with the sender’s public key to decrypt and recover
the hash code.
• The receiver generates a new hash code for the message and compares it
with the decrypted hash code. If the two match, the message is accepted as
authentic.
2. Confidentiality : In PGP, each conventional key is used only once.
That is, a new key is generated as a random 128-bit number for each
message. Thus although this is referred to as a session key, it is in reality a
one time key. To protect the key, it is encrypted with the receiver’s public
key.
The sequence for confidentiality is as follows:
• The sender generates a message and a random 128-bit number to be used
as a session key for this message only.
• The message is encrypted using CAST-128 with the session key.
• The session key is encrypted with RSA, using the receiver’s public key
and is prepended to the message.
• The receiver uses RSA with its private key to decrypt and recover the
session key.
• The session key is used to decrypt the message.
3) Compression:
• As a default, PGP compresses the message after applying the signature but
before encryption. This has the benefit of saving space for both e-mail
transmission and for file storage.
• The signature is generated before compression for two reasons:
1) It is preferable to sign an uncompressed message so that one can
store only the uncompressed message together with the signature for future
verification.
2) Even if one were willing to generate dynamically a recompressed
message for verification, PGP’s compression algorithm presents a
difficulty.
• Message encryption is applied after compression to strengthen
cryptographic security. Because the compressed message has less
redundancy than the original plaintext, cryptanalysis is more difficult. The
compression algorithm used is ZIP.
4) E-mail compatibility:
• Many electronic mail systems only permit the use of blocks consisting of
ASCII texts.
• To accommodate this restriction, PGP provides the service of converting
the raw 8-bit binary stream to a stream of printable ASCII characters.
• The scheme used for this purpose is radix-64 conversion. Each group of
three octets of binary data is mapped into four ASCII characters.
• e.g., consider the 24-bit (3 octets) raw text sequence 00100011 01011100
10010001, we can express this input in block of 6-bits to produce 4 ASCII
characters.
• 001000 110101 110010 010001
I L Y R => corresponding ASCII
characters
5) Segmentation and reassembly:
• E-mail facilities often are restricted to a maximum length. E.g., many of
the facilities accessible through the internet impose a maximum length of
50,000 octets.
• Any message longer than that must be broken up into smaller segments,
each of which is mailed separately.
• To accommodate this restriction, PGP automatically subdivides a message
that is too large into segments that are small enough to send via e-mail.
The segmentation is done after all the other processing, including the
radix-64 conversion.
• At the receiving end, PGP must strip off all e-mail headers and reassemble
the entire original block before performing the other steps.
 b) Privacy Enhanced Mail (PEM):
The figure below shows a typical network mail service. The U (user agent)
interacts directly with the sender. When the message is composed, the U
hands it to the MT (message transport, or transfer, agent). The MT transfers
the message to its destination host, or to another MT, which in turn transfers
the message further. At the destination host, the MT invokes a user agent to
deliver the message.
PEM vs. PGP
• Use of different ciphers: PGP uses IDEA cipher but PEM uses DES in
CBC mode.
• Use of certificate models: PGP uses general “web of trust” but PEM uses
hierarchical certification structure
• Handling end of line: PGP remaps end of line if message tagged “text”,
but leaves them alone if message tagged “binary” whereas PEM always
remaps end of line.
6.5 Security at Transport layer: SSL/TSL
Secured Socket Layer (SSL) [TU-068,074,075,076]
• The Secure Socket Layer (SSL) is a standard developed by Netscape Corporation to provide
security in WWW browsers and servers.
• The current version SSLv3, is the basis for an Internet standard protocol under development.
• The newer protocol, the Transport Layer Security (TLS) protocol, is compatible with SSLv3
and has only minor changes.
• It has not yet been adopted formally.
SSL Main Goals:
1. Cryptography security:
2. Reliability:
3. Interoperability:
4. Extensibility:
5. Relative efficiency:
SSL Architecture
• Secure Socket Layer is designed to make use of TCP to provide a reliable
end-to-end secure service.
• The SSL Record Protocol provides basic security services to various
higher layer protocols.
• In particular, the Hypertext Transfer Protocol (HTTP), which provides the
transfer service for Web client/server interaction, can operate on top of
SSL.
• Three higher-layer protocols are defined as part of SSL: the Handshake
Protocol, The Change Cipher Spec Protocol, and the Alert Protocol.
Secure Socket Layer (SSL)
SSL Architecture:
SSL Concept
• Two important SSL concepts are the SSL session and the SSL connection,
which are defined in the specification as follows.
• Connection: A connection between Application layer and Transport
layer that provides a suitable type of service.
• For SSL, such connections are peer-to-peer relationships and are
transient(temp.) . Every connection associated with one session.
• Session: An SSL session is an association between a client and a server.
Sessions are created by the Handshake Protocol.
• Sessions define a set of cryptographic security parameters which can be
shared among multiple connections.
• Sessions are used to avoid the expensive negotiation of new security
parameters for each connection.
A session state is defined by the following parameters.
1) Session identifier : An arbitrary byte sequence chosen by the server to identify
an active or resemble session state.
2) Peer certificate: An X509.v3 certificate of the peer. This element of the state
may be null.
3) Compression method : The algorithm used to compress data prior to
encryption.
4) Cipher specification : Specifies the bulk data encryption algorithm (such as
null, AES, etc.) and a hash algorithm (such as MD5 or SHA-1) used for MAC
calculation. It also defines cryptographic attributes such as the hash size.
5) Master secret: 48-byte secret shared between the client and the server.
6) Is resemble : A flag indicating whether the session can be used to initiate new
connections.
A connection state is defined by the following parameters.
1) Server and client random: Byte sequences that are chosen by the server and client
for each connection.
2) Server write MAC secret: The secret key used in MAC operations on data sent by
the server.
3) Client write MAC secret: The secret key used in MAC operations on data sent by
the client.
4) Server write key: The secret encryption key for data encrypted by the server and
decrypted by the client.
5) Client write key: The symmetric encryption key for data encrypted by the client
and decrypted by the server.
6) Initialization vectors: When a block cipher in CBC mode is used, an initialization
vector (IV) is maintained for each key.
7) Sequence numbers: Each party maintains separate sequence numbers for
transmitted and received messages for each connection.
The SSL Handshake Protocol

The SSL Handshake Protocol uses the SSL Record Protocol to exchange a
series of messages between an SSL-enabled server and an SSL-enabled
client when they first establish an SSL connection .
This exchange of messages is designed to enable the following actions:
1. Authenticate the server to the client.
2. Negotiation of common cryptographic algorithms, that both server and
client support.
3. Authenticate the client to the server (optional).
4. Using public-key encryption to exchange cryptography parameters
(shared secrets).
5. Establish an encrypted SSL connection.
6.6 TRANSPORT LAYER SECURITY (TLS)
• TLS is an IETF standardization initiative whose goal is to produce an Internet
standard version of SSL.
• Moreover, TLS is defined as a Proposed Internet Standard in RFC 5246.
Which is very similar to SSLv3.
• We highlight the differences.
• Version Number: The one difference is in version values. For the current
version of TLS, the major version is 3 and the minor version is 3.
• Message Authentication Code: (Transport Layer Security)
 There are two differences between the SSLv3 and TLS MAC schemes:
 The actual algorithm and the scope of the MAC calculation.
 TLS makes use of the HMAC algorithm defined in RFC 2104.
6.7 Security at the Network Layer
IPSec (Internet Protocol Security) [Tu-2071]
• IPSec is a suite of authentication and encryption protocols developed by the
Internet Engineering Task Force (IETF) and designed to address the inherent
lack of security for IP-based networks.
• It is a collection of protocols and mechanisms that provide confidentiality,
authentication, message integrity, and replay detection at the IP layer. In the
data transmission IPsec protect all messages sent along a path.
• If the IPsec mechanisms reside on an intermediate host (for example, a
firewall or gateway), that host is called a security gateway.
• The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard
suite of protocols between 2 communication points across the IP network that
provide data authentication, integrity, and confidentiality. It also defines the
encrypted, decrypted and authenticated packets. The protocols needed for
secure key exchange and key management are defined in it.
• Usesof IP Security:–
IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which
all data is being sent between the two endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
Security at the Network Layer
IPSec (Internet Protocol Security)
• Architecture: Two protocols are implemented
1) Encapsulating Security Protocol (ESP) protocol: Encryption algorithm
2) Authentication Header(AH) Protocol: Authentication Algorithm
• Key Management process
Components of IP Security
It has the following components:
• Encapsulating Security Payload (ESP)
It provides data integrity, encryption, authentication and anti replay. It
also provides authentication for payload.
• Authentication Header (AH)
It also provides data integrity, authentication and anti replay and it does
not provide encryption. The anti replay protection, protects against
unauthorized transmission of packets. It does not protect data’s
confidentiality
• Internet Key Exchange (IKE)
It is a network security protocol designed to dynamically exchange encryption keys and
find a way over Security Association (SA) between 2 devices. The Security Association
(SA) establishes shared security attributes between 2 network entities to support secure
communication. The Key Management Protocol (ISAKMP) and Internet Security
Association which provides a framework for authentication and key exchange. ISAKMP
tells how the set up of the Security Associations (SAs) and how direct connections
between two hosts that are using IPsec.
• Internet Key Exchange (IKE) provides message
content protection and also an open frame for
implementing standard algorithms such as SHA and
MD5. The algorithm’s IP sec users produces a unique
identifier for each packet. This identifier then allows a
device to determine whether a packet has been correct
or not. Packets which are not authorized are discarded
and not given to receiver.
Working of IP Security
• The host checks if the packet should be transmitted using IPsec or not. These packet traffic triggers the
security policy for themselves. This is done when the system sending the packet apply an appropriate
encryption. The incoming packets are also checked by the host that they are encrypted properly or not.
• Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start
a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive
mode which enables the host to establish an IPsec circuit more quickly.
• The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data
accross the IP circuit.
• Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of
cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those
algorithms.
• Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and
decrypted by the hosts using IPsec SAs.
• When the communication between the hosts is completed or the session times out then the IPsec tunnel is
terminated by discarding the keys by both the hosts.
IPsec VPN and IPsec modes
IPsec protocols can be used to assemble a VPN connection, to encrypt
and/or authenticate all traffic between two or more points. IPsec
circuits, including VPNs, can be set up to use two modes:
• Tunnel mode: Usually used between secured network gateways, IPsec
tunnel mode enables hosts behind one of the gateways to communicate
securely with hosts behind the other gateway. For example, any users
of systems in an enterprise branch office can securely connect with any
systems in the main office if the branch office and main office have
secure gateways to act as IPsec proxies for hosts within the respective
offices. The IPsec tunnel is established between the two gateway hosts,
but the tunnel itself can carry traffic from any hosts inside the protected
networks. Tunnel mode is useful for setting up a mechanism for
protecting all traffic between two networks, from disparate hosts on
either end.
• Transport mode: When two individual hosts set up a
directly connected IPsec VPN connection, the circuit can be
said to be an example of a transport mode IPsec circuit. For
example, a transport mode IPsec circuit might be set up to
allow a remote IT support technician to log in to a remote
server to do maintenance work. Transport mode IPsec is used
in cases where one host needs to interact with another host;
the two hosts negotiate the IPsec circuit directly with each
other, and the circuit is usually torn down after the session is
complete.
 6.8 Firewall
• Firewall is software applications that act as filters between a company’s
private network and the internet.
• It protects networked computers from intentional hostile intrusion that
could compromise confidentiality or result in data corruption or denial of
service by enforcing an access control policy between two networks.
Characteristics of Firewall
 Firewalls provide several types of protection:
• They can block unwanted traffic.
• They can direct incoming traffic to more trustworthy internal systems.
• They hide vulnerable systems, which can’t easily be secured from the
Internet.
• They can log traffic to and from the private network.
• They can hide information like system names, network topology, network
device types, and internal user ID’s from the Internet.
• They can provide more robust authentication than standard applications
might be able to do.
Types of Firewall
There are 3 common types of firewalls.
• Packet filters
• Application-level gateways
• Circuit-level gateways
1) Packet filtering router
A packet filtering router applies a set of rules to each incoming IP packet and then
forwards or discards the packet. The router is typically configured to filter packets
going in both directions.
Filtering rules are based on the information contained in a network packet:
• Source IP address – IP address of the system that originated the IP packet.
• Destination IP address – IP address of the system, the IP is trying to reach.
• Source and destination transport level address – transport level port number.
• IP protocol field – defines the transport protocol.
• Interface – for a router with three or more ports, which interface of the router
the packet come from or which interface of the router the packet is destined
for.
Advantages of packet filter router
• Simple
• Transparent to users
• Very fast
Weakness of packet filter firewalls
• Because packet filter firewalls do not examine upper-layer data, they
cannot prevent attacks that employ application specific vulnerabilities or
functions.
• Because of the limited information available to the firewall, the logging
functionality present in packet filter firewall is limited.
• It does not support advanced user authentication schemes.
• They are generally vulnerable to attacks such as layer address spoofing.
2) Application Level gateway
• An Application level gateway, also called a proxy server, acts as a relay of
application level traffic.
• Application level gateways tend to be more secure than packet filters.
• The user contacts the gateway using a TCP/IP application, such as Telnet
or FTP, and the gateway asks the user for the name of the remote host to
be accessed.
• When the user responds and provides a valid user ID and authentication
information, the gateway contacts the application on the remote host and
relays TCP segments containing the application data between the two
endpoints.
• It is easy to log and audit all incoming traffic at the application level.
• A prime disadvantage is the additional processing overhead on each
connection.
Contd..
3) Circuit level gateway
• It creates a new connection between itself and destination.
• Circuit level gateway can be a stand-alone system or it can be a specified
function performed by an application level gateway for certain applications.
• A Circuit level gateway does not permit an end-to-end TCP connection; the
gateway sets up two TCP connections, one between itself and a TCP user on
an inner host and one between itself and a TCP user on an outer host.
• Once the two connections are established, the gateway typically relays TCP
segments from one connection to the other without examining the contents.
The security function consists of determining which connections will be
allowed.
• A typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users.
• The gateway can be configured to support application level or proxy service
on inbound connections and circuit level functions for outbound connections.
Contd..
Stateful inspection firewall
• Stateful inspection, also known as dynamic packet filtering, is a
firewall technology that monitors the state of active connections and
uses this information to determine which network packets to allow
through the firewall.
• Stateful inspection has largely replaced an older technology, static
packet filtering. In static packet filtering, only the headers of packets
are checked -- which means that an attacker can sometimes get
information through the firewall simply by indicating "reply" in the
header. Stateful inspection, on the other hand, analyzes packets down
to the application layer. By recording session information such as IP
addresses and port numbers, a dynamic packet filter can implement a
much tighter security posture than a static packet filter can.
• Stateful inspection monitors communications packets over a
period of time and examines both incoming and outgoing
packets. Outgoing packets that request specific types of
incoming packets are tracked and only those incoming packets
constituting a proper response are allowed through the firewall.
• In a firewall that uses stateful inspection, the network
administrator can set the parameters to meet specific needs. In a
typical network, ports are closed unless an incoming packet
requests connection to a specific port and then only that port is
opened. This practice prevents port scanning, a well-known
hacking technique.
• Check Point Software Technologies developed stateful
inspection in the early 1990s.
Proxy Firewall
• The rise in online hacking attempts and cyber attacks has
triggered the need for having highly robust security protocols.
At every second, the Netizens are vulnerable to being hacked
by malware or direct intrusions. Considering this scenario, the
tech security experts have developed various measures to
provide online privacy and security to the internet users. These
methods include having antimalware programs, HTTPS site
protocol, proxies, firewalls, VPNs, etc. One such method is the
application of a proxy firewall.
• A proxy firewall, as the term itself indicates, is a
comprehensive strategy to protect a user against malicious
content through firewall whilst hiding the user’s real IP
address and location as a proxy. The technique makes use of
a proxy server with firewall features that acts as a filter
between the client user and the internet servers. This proxy
firewall protects the user at the application level, securing the
application data which may tempt the hackers. It scans the
incoming traffic for layer 7 protocols like FTP and HTTP and
also offers “deep packet inspection” of the incoming data
packets for possible maliciousness.
Next-generation firewall

• A next-generation firewall (NGFW) is a network security device that

provides capabilities beyond a traditional, stateful firewall.
• While a traditional firewall typically provides stateful inspection of
incoming and outgoing network traffic, a next-generation firewall
includes additional features like application awareness and control,
integrated intrusion prevention, and cloud-delivered threat
intelligence.
Next-generation firewall
• A traditional firewall provides stateful inspection of network traffic. It allows or
blocks traffic based on state, port, and protocol, and filters traffic based on
administrator-defined rules.
• A next-generation firewall (NGFW) does this, and so much more. In addition to
access control, NGFWs can block modern threats such as advanced malware and
application-layer attacks. According to Gartner's definition, a next-generation
firewall must include:
• Standard firewall capabilities like stateful inspection
• Integrated intrusion prevention
• Application awareness and control to see and block risky apps
• Threat intelligence sources
• Upgrade paths to include future information feeds
• Techniques to address evolving security threats
 Home Assignment Unit- 6
• How is the sender authentication carried out in PGP?[TU-2067]
• What is the role of the SSL Record Protocol in SSL/TLS? Explain.[TU-2068]
• How many layers are in the TCP/IP protocol suite for internet communications? Name the
layers. Name some of the protocols in each layer.[TU-2068]
• What does PGP stand for? What is it used primarily for? And what are the five services
provided by the PGP protocol?[TU-2068]
• Discuss the five principle services provided by PGP protocol.[TU-2069]
• What is difference between a connection & a session in SSL/TLS? Can a session include
multiple connections? Explain the nation connection states the session state in SSL/TLS .
What security features apply to each?[TU-2071]
• How transport Mode of IPSec Operation differs from the Tunnel Mode?[TU2071]
• What is role of the SSL Record Protocol in SSL/TLS? Explain.
• Define digital signature? How certificates are issued in PKI trust models? Explain.[TU2076]
• What is PKI trust model?[TU-2074]
• What is the role of SSL Handshake Protocol in secure socket layer protocol?
[TU-2074]
• What is the role of SSL protocol in SSL/TLS . Explain.[TU-2075]
• List five operation that PGP operation is based on?[TU-2076]
• What is roles of the SSL Record Protocol in SSL/TLS ? Explain.[TU-2076]
Thank you !