UNIT IV -E-MAIL AND IP SECURITY

UNIT IV - E-MAIL AND IP SECURITY 9

E-mail and IP Security: Electronic mail security: Email Architecture -PGP – Operational
Descriptions- Key management- Trust Model- S/MIME.

IP Security: Overview- Architecture - ESP,AH Protocols IPSec Modes – Security association - Key
management.

1. Electronic mail security- Email Architecture

2. PGP
Operational Descriptions
Key management
Trust Model
3. S/MIME
4. IP Security: Overview- Architecture- ESP
5. AH Protocols
6. IPSec Modes
Security association
Key management

1. Electronic mail security- Email Architecture:

What is Email Security?

Email (short for electronic mail ) is a digital method by using it we exchange

messages between people over the internet or other computer networks. With the help of this, we
can send and receive text-based messages, often an attachment such as documents, images, or videos,
from one person or organization to another.

It was one of the first applications developed for the internet and has since become one of the most
widely used forms of digital communication. It has an essential part of personal and professional
communication, as well as in marketing, advertising, and customer support.

In this article, we will understand the concept of email security, how we can protect our email, email
security policies, and email security best practices, and one of the features of email is an email that
we can use to protect the email from unauthorized access.

Email Security:

Basically, Email security refers to the steps where we protect the email messages and the
information that they contain from unauthorized access, and damage. It involves ensuring the
confidentiality, integrity, and availability of email messages, as well as safeguarding against
phishing attacks, spam, viruses, and another form of malware. It can be achieved through a
combination of technical and non-technical measures.
Some standard technical measures include the encryption of email messages to protect their
contents, the use of digital signatures to verify the authenticity of the sender, and email filtering
systems to block unwanted emails and malware, and the non-technical measures may include
training employees on how to recognize and respond to phishing attacks and other email security
threats, establishing policies and procedures for email use and management, and conducting regular
security audits to identify and address vulnerabilities.

We can say that email security is important to protect sensitive information from unauthorized access
and ensure the reliability and confidentiality of electronic communication.

Steps to Secure Email:

We can take the following actions to protect our email.

 Choose a secure password that is at least 12 characters long, and contains uppercase and
lowercase letters, digits, and special characters.
 Activate the two-factor authentication, which adds an additional layer of security to your
email account by requiring a code in addition to your password.
 Use encryption, it encrypts your email messages so that only the intended receiver can
decipher them. Email encryption can be done by using the programs like PGP or S/MIME.
 Keep your software up to date. Ensure that the most recent security updates are installed on
your operating system and email client.
 Beware of phishing scams: Hackers try to steal your personal information by pretending as
someone else in phishing scams. Be careful of emails that request private information or
have suspicious links because these are the resources of the phishing attack.
 Choose a trustworthy email service provider: Search for a service provider that protects
your data using encryption and other security measures.
 Use a VPN: Using a VPN can help protect our email by encrypting our internet connection
and disguising our IP address, making it more difficult for hackers to intercept our emails.
 Upgrade Your Application Regularly: People now frequently access their email accounts
through apps, although these tools are not perfect and can be taken advantage of by
hackers. A cybercriminal might use a vulnerability, for example, to hack accounts and steal
data or send spam mail. Because of this, it’s important to update your programs frequently.

Email Security Policies

The email policies are a set of regulations and standards for protecting the privacy, accuracy, and
accessibility of email communication within the organization. An email security policy should
include the following essential components:

 Appropriate Use: The policy should outline what comprises acceptable email usage inside
the organization, including who is permitted to use email, how to use it, and for what purpose
email we have to use.
  Password and Authentication: The policy should require strong passwords and two-factor
authentication to ensure that only authorized users can access email accounts.
 Encryption: To avoid unwanted access, the policy should mandate that sensitive material be
encrypted before being sent through email.
 Virus Protection: The policy shall outline the period and timing of email messages and
attachment collection.
 Retention and Detection: The policy should outline how long email messages and their
attachments ought to be kept available, as well as when they should continue to be removed.
 Training: The policy should demand that all staff members take a course on email best
practices, which includes how to identify phishing scams and other email-based threats.
 Incident Reporting: The policy should outline the reporting and investigation procedures for
occurrences involving email security breaches or other problems.
 Monitoring: The policy should outline the procedures for monitoring email communications
to ensure that it is being followed, including any logging or auditing that will be carried out.
 Compliance: The policy should ensure compliance with all essential laws and regulations,
including the health
 Insurance rules, including the health portability and accountability act and the General Data
Protection Regulation (GDPR)(HIPPA).
 Enforcement: The policy should specify the consequences for violating the email security
policy, including disciplinary action and legal consequences if necessary.

2. Email Architecture:

Introduction:
Electronic mail, commonly known as email, is a method of exchanging messages over the
internet. Here are the basics of email:

1. An email address: This is a unique identifier for each user, typically in the format of
[email protected].
2. An email client: This is a software program used to send, receive and manage emails, such as
Gmail, Outlook, or Apple Mail.
3. An email server: This is a computer system responsible for storing and forwarding emails to
their intended recipients.

To send an email:

1. Compose a new message in your email client.

2. Enter the recipient’s email address in the “To” field.
3. Add a subject line to summarize the content of the message.
4. Write the body of the message.
5. Attach any relevant files if needed.
6. Click “Send” to deliver the message to the recipient’s email server.
7. Emails can also include features such as cc (carbon copy) and bcc (blind carbon copy) to send
copies of the message to multiple recipients, and reply, reply all, and forward options to
manage the conversation.
Electronic Mail (e-mail) is one of most widely used services of Internet. This service allows an
Internet user to send a message in formatted manner (mail) to the other Internet user in any part of
world. Message in mail not only contain text, but it also contains images, audio and videos data. The
person who is sending mail is called sender and person who receives mail is called recipient. It is
just like postal mail service. Components of E-Mail System : The basic components of an email
system are : User Agent (UA), Message Transfer Agent (MTA), Mail Box, and Spool file. These are
explained as following below.

1. User Agent (UA) : The UA is normally a program which is used to send and receive mail.
Sometimes, it is called as mail reader. It accepts variety of commands for composing,
receiving and replying to messages as well as for manipulation of the mailboxes.
2. Message Transfer Agent (MTA) : MTA is actually responsible for transfer of mail from one
system to another. To send a mail, a system must have client MTA and system MTA. It
transfer mail to mailboxes of recipients if they are connected in the same machine. It delivers
mail to peer MTA if destination mailbox is in another machine. The delivery from one MTA
to another MTA is done by Simple Mail Transfer Protocol.

3. Mailbox : It is a file on local hard drive to collect mails. Delivered mails are present in this
file. The user can read it delete it according to his/her requirement. To use e-mail system each
user must have a mailbox . Access to mailbox is only to owner of mailbox.
4. Spool file : This file contains mails that are to be sent. User agent appends outgoing mails in
this file using SMTP. MTA extracts pending mail from spool file for their delivery. E-mail
allows one name, an alias, to represent several different e-mail addresses. It is known as
 UNIT IV -E-MAIL AND IP SECURITY
mailing list, Whenever user have to sent a message, system checks recipient’s name against
alias database. If mailing list is present for defined alias, separate messages, one for each entry
in the list, must be prepared and handed to MTA. If for defined alias, there is no such mailing
list is present, name itself becomes naming address and a single message is delivered to mail
transfer entity.

Services provided by E-mail system :

 Composition – The composition refer to process that creates messages and answers. For
composition any kind of text editor can be used.
 Transfer – Transfer means sending procedure of mail i.e. from the sender to recipient.
 Reporting – Reporting refers to confirmation for delivery of mail. It help user to check
whether their mail is delivered, lost or rejected.
 Displaying – It refers to present mail in form that is understand by the user.
 Disposition – This step concern with recipient that what will recipient do after receiving mail
i.e save mail, delete before reading or delete after reading.

Advantages Or Disadvantages:
Advantages of email:

1. Convenient and fast communication with individuals or groups globally.

2. Easy to store and search for past messages.
3. Ability to send and receive attachments such as documents, images, and videos.
4. Cost-effective compared to traditional mail and fax.
5. Available 24/7.

Disadvantages of email:

1. Risk of spam and phishing attacks.

2. Overwhelming amount of emails can lead to information overload.
3. Can lead to decreased face-to-face communication and loss of personal touch.
4. Potential for miscommunication due to lack of tone and body language in written messages.
5. Technical issues, such as server outages, can disrupt email service.
6. It is important to use email responsibly and effectively, for example, by keeping the subject
line clear and concise, using proper etiquette, and protecting against security threats.

3. PGP:

In 2013, when the NSA (United States National Security Agency) scandal was leaked to the public,
people started to opt for the services which can provide them a strong privacy for their data.
Among the services people opted for, most particularly for Emails, were different plug-ins and
extensions for their browsers. Interestingly, among the various plug-ins and extensions that people
started to use, there were two main programs that were solely responsible for the complete email
security that the p eople needed. One was S/MIME which we will see later and t
As said, PGP (Pretty Good Privacy), is a popular program that is used to provide confidentiality
and authentication services for electronic mail and file storage. It was designed by Phil
Zimmermann way back in 1991. He designed it in such a way, that the best cryptographic
algorithms such as RSA, Diffie-Hellman key exchange, DSS are used for the public-key encryption
(or) asymmetric encryption; PGP software is an open source one and is not dependent on either the
OS (Operating System) or the processor. The application is based on a few commands which are very
easy to use.

The following are the services offered by PGP:

1. Authentication
2. Confidentiality
3. Compression
4. Email Compatibility
5. Segmentation

In this article, we will see about Authentication and Confidentiality.

1. Authentication:
Authentication basically means something that is used to validate something as true or real. To
login into some sites sometimes we give our account name and password that is an authentication
verification procedure.

In the email world, checking the authenticity of an email is nothing but to check whether it actually
came from the person it says. In emails, authentication has to be checked as there are some people
who spoof the emails or some spams and sometimes it can cause a lot of inconvenience. The
Authentication service in PGP is provided as follows:
As shown in the above figure, the Hash Function (H) calculates the Hash Value of the message. For
the hashing purpose, SHA-1 is used and it produces a 160 bit output hash value. Then, using the
sender’s private key (KPa), it is encrypted and it’s called as Digital Signature. The Message is then
appended to the signature. All the process happened till now, is sometimes described as signing the
message . Then the message is compressed to reduce the transmission overhead and is sent over to the
receiver.

At the receiver’s end, the data is decompressed and the message, signatures are obtained. The
signature is then decrypted using the sender’s public key(PUa) and the hash value is obtained. The
message is again passed to hash function and it’s hash value is calculated and obtained.

Both the values, one from signature and another from the recent output of hash function are
compared and if both are same, it means that the email is actually sent from a known one and is
legit, else it means that it’s not a legit one.

2. Confidentiality:
Sometimes we see some packages labelled as ‘Confidential’, which means that those packages are
not meant for all the people and only selected persons can see them. The same applies to the email
confidentiality as well. Here, in the email service, only the sender and the receiver should be able to
read the message that means the contents have to be kept secret from every other person, except for
those two.

PGP provides that Confidentiality service in the following manner:

The message is first compressed and a 128 bit session key (Ks), generated by the PGP, is used to
encrypt the message through symmetric encryption. Then, the session key (Ks) itself gets
encrypted through public key encryption (EP) using receiver’s public key (KUb). Both the encrypted
entities are now concatenated and sent to the receiver.
As you can see, the original message was compressed and then encrypted initially and hence even
if any one could get hold of the traffic, he cannot read the contents as they are not in readable form
and they can only read them if they had the session key (Ks). Even though session key is transmitted
to the receiver and hence, is in the traffic, it is in encrypted form and only the receiver’s private key
(KPb)can be used to decrypt that and thus our message would be completely safe.

At the receiver’s end, the encrypted session key is decrypted using receiver’s private key (KPb) and
the message is decrypted with the obtained session key. Then, the message is decompressed to
obtain the original message (M).

RSA algorithm is used for the public-key encryption and for the symmetric key encryption; CAST-
128(or IDEA or 3DES) is used.

Practically, both the Authentication and Confidentiality services are provided in parallel as follows:

Note:
M – Message
H – Hash Function
Ks – A random Session Key created for Symmetric Encryption purpose
DP – Public-Key Decryption Algorithm
EP – Public-Key Encryption Algorithm
DC – Asymmetric Decryption Algorithm
EC – Symmetric Encryption Algorithm
KPb – A private key of user B used in Public-key encryption process
KPa – A private key of user A used in Public-key encryption process
PUa – A public key of user A used in Public-key encryption process
PUb – A public key of user B used in Public-key encryption process
|| – Concatenation
Z – Compression Function
Z-1 – Decompression Function
1. Pretty Good Privacy (PGP) : PGP is an open source software package that is designed for the
purpose of email security. Phil Zimmerman developed it. It provides the basic or fundamental needs
of cryptography. In this multiple steps such are taken to secure the email, these are,

1. Confidentiality
2. Authentication
3. Compression
4. Resemble
5. Segmentation
6. E-mail compatibility

2. Secure/Multipurpose Internet Mail Extension (S/MIME) : S/MIME is a security-enhanced

version of Multipurpose Internet Mail Extension (MIME). In this, public key cryptography is used for
digital sign, encrypt or decrypt the email. User acquires a public-private key pair with a trusted
authority and then makes appropriate use of those keys with email applications.

Difference between PGP and S/MIME :

S/MIME:

S/MIME or Secure/Multipurpose Internet Mail Extension is a technology widely used by corporations

that enhances email security by providing encryption, which protects the content of email messages
from unwanted access.

What Is S/MIME?

S/MIME or Secure/Multipurpose Internet Mail Extension is a technology widely used by

corporations that enhances email security by providing encryption, which protects the content of
email messages from unwanted access. It also adds digital signatures, which confirm that you are
the authentic sender of the message, making it a powerful weapon against many email-based attacks.
In a nutshell, S/M and digitally-signed
IME is a commonly-used protocol for sending encrypted
email messages a
nd is implemented using S/MIME certificates.
 S/MIME Uses

S/MIME can be used to:

 Check that the email you sent has not been tampered with by a third party.
 Create digital signatures to use when signing emails.
 Encrypt all emails.
 Check the email client you’re using.

How Does S/MIME Work?

To operate, S/MIME employs mathematically related public and private keys. This technology is
based on asymmetric cryptography. Because the two keys are mathematically related, a message
that was encrypted with the public key (which is, of course, published) can only be decrypted
using the private key (which is kept secret).
When someone clicks “send” on an email, S/MIME sending agent software encrypts the message
with the recipient’s public key, and the receiving agent decrypts it with the recipient’s private key.
Needless to say, both the sender and the recipient must support S/MIME.
The email message decryption process can only be done with the private key associated with it, which
is supposed to be in sole possession of the recipient. Unless the private key is compromised, users can
be confident that only the intended recipient will have access to the confidential information
contained in their emails.
Simply put, S/MIME encryption muddles emails so that they can only be viewed by receivers who
have a private key to decrypt them. It prevents others, particularly malicious actors, from intercepting
and reading email messages as they are sent from senders to recipients.
You may be aware that SMTP-based Internet email does not provide message security. An SMTP
(Simple Mail Transfer Protocol) internet email message can be read by anyone who sees it as it
Message encryption provides two distinct security benefits:

Confidentiality

The purpose of message encryption is to keep the contents of an email message safe. The contents are
only visible to the intended recipient, and they remain private and inaccessible to anyone else who
might obtain or view the message. Encryption ensures message confidentiality while in transit and
storage.

Data integrity

Message encryption, like digital signatures, offers data integrity services as a result of the operations
that make encryption possible.
As I mentioned before, S/MIME also adds a digital signature to an email. This guarantees that the
sender has permission to send emails from a specific domain.

S/MIME Digital Signatures

Digital signatures are the most commonly used service of S/MIME. As the name indicates, they are
the digital equivalent of the conventional, legal signature on a paper document. S/MIME digital
signatures protect against email spoofing attempts by confirming the sender’s identity, making sure
that the message content has not been tampered with, and verifying that the sender actually sent the
email message.
Security capabilities offered by digital signatures:

Authentication

A signature validates the answer to the question “who are you?” by allowing that entity to be
distinguished from all others and proving its uniqueness. Authentication ensures that a message was
sent by the individual or organization claiming to have sent it. This reduces the likelihood of email
spoofing, which is common in phishing scams.

Nonrepudiation

A signature’s uniqueness prevents the sender from denying that they sent the message. This is useful
for purchases and transactions, legal documentation, and criminal investigations, among other things.

Data integrity

When the receiver of a digitally signed email validates the digital signature, the recipient is assured
that the received email message is the same one that was signed and sent and that has not been
tampered with while it traveled.
 What Is a S/MIME Certificate and How Does It Work?

An email signing certificate, which you can obtain from a certificate authority, is required to sign and
encrypt your email. This certificate can be used to digitally sign your emails. Once you purchase it, it
will automatically get added to your email.
All senders and receivers must have a digital certificate that binds their identity to a public key.
Typically, an administrator is in charge of configuring S/MIME and issuing digital certificates.

Why Need a S/MIME Certificate?

 S/MIME certificates ensure that the emails you send are only accessible by the intended recipient.
 They employ asymmetric encryption.
 Public and private keys will be used to encrypt and decrypt emails, ensuring that the emails you
send cannot be read by anyone other than the receiving party.
 S/MIME certificates protect emails by preventing hackers from accessing or changing their
contents.
 Offer both digital signatures and encryption.
 While asymmetric encryption keeps your data private, digital signatures provide authentication and
message integrity.
 S/MIME certificates are installed on email clients.

How to Send a S/MIME Encrypted Mail

Gmail
When a user composes a message in Gmail, a lock icon shows up next to each receiver who has
S/MIME configured. If the user intends to send the email to more than one recipient, and each of
those recipients supports a distinct level of encryption, Gmail will use the lowest level of encryption
supported by all recipients.

Outlook

When writing a single message in Outlook, users can choose “Encrypt with S/MIME” from the
Options menu. To digitally sign or encrypt every email by default, users can select encryption, sign,
or both from the Settings menu.

Conclusion

S/MIME Secure/Multipurpose Internet Mail Extension protects sensitive and confidential information
from accidental and purposeful data leaks, and it informs the receiver if a malicious actor has
tampered with the digital signature in any way. The digital signature also verifies the identity of the
sender and protects the recipient from spoofing attempts.
The advantages listed above are important not only for businesses to protect their customers’ email
accounts and sensitive data but also for individuals. As you know, malicious software, such as
viruses, trojans, and other threats, is usually distributed via email.
S/MIME Certificate Characteristics
You receive a slew of cryptographic security features when you use an S/MIME certificate for email
apps.
 Authentication − It refers to the verification of a computer user's or a website's identity.
 Message consistency − This is a guarantee that the message's contents and data have not been
tampered with. The message's secrecy is crucial. The decryption procedure entails checking the
message's original contents and guaranteeing that they have not been altered.
 Use of digital signatures that invoke non-repudiation − This is a circumstance in which the
original sender's identity and digital signatures are validated so that there is no doubt about it.
 Protection of personal information − A data breach cannot be caused by an unintentional
third party.
 Encryption is used to protect data − It relates to the procedures described above, in which
data security is ensured by a mix of public and private keys representing asymmetric
cryptography.
The MIME type is designated by a S/MIME certificate. The enclosed data is referred to by the
MIME type. The MIME entity is completely prepared, encrypted, and packaged inside a digital
envelope.
Support for S/MIME
Some of the most popular email programs that support S/MIME are listed below.
 iPhone iOS Mail
 Apple Mail
 Gmail IBM Notes
 Mozilla Thunderbird MailMate Microsoft Outlook or Outlook on the Web
 CipherMail
Although an S/MIME certificate has been around for a long time and is supported by most email
clients, the disadvantages of using it include complicated implementation owing to the public and
private keys of the sender and receiver. As a result, it was restricted to highly classified government
communications and those started by techies.
The adoption trend has improved, thanks to the advent of automated solutions for deploying and
managing S/MIME certificates. The benefits of using S/MIME certificates to safeguard data in transit
and, at rest, have surpassed the disadvantages.
What is the Best Way to Send Encrypted Emails?
Secure email service providers are used by certain companies and individuals to send secure emails.
These services, such as ProtonMail, may allow you to send and receive private messages for free, but
the disadvantage is that both the sender and the recipient must have the same account. This is a
common disadvantage of endto-end encryption services.
Aside from this is of email services for
sue, there is a far more serious one that limits the usability
businesses. These vulnerable to cyber-
ostensibly safe email service companies are nonetheless
attacks. VFEMail is a classic example of a secure email service provider that, after 20 years of
operation, fell to a cyber-attack.
A method is to use a S/MIME certificate to digitally sign and send encrypted emails. This technology
is classified as secure public-key encryption by the Internet Engineering Task Force (IETF), and it is
also suggested by the National Institute of Standards and Technology (NIST) as a "protocol for email
end-to-end authentication and secrecy".

IPSec Architecture

IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These
protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec
Architecture includes protocols, algorithms, DOI, and Key Management. All these components are
very important in order to provide the three main services:
 Confidentiality
 Authentication
 Integrity
IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions,

protocols, algorithms, and security requirements of IP Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality service.
Encapsulation Security Payload is implemented in either two ways:
 ESP with optional Authentication.
 ESP with Authentication.

Packet Format:

 Security Parameter Index(SPI): This parameter is used by Security Association. It is used to

give a unique number to the connection built between the Client and Server.
 Sequence Number: Unique Sequence numbers are allotted to every packet so that on the
receiver side packets can be arranged properly.
 Payload Data: Payload data means the actual data or the actual message. The Payload data is in
an encrypted format to achieve confidentiality.
 Padding: Extra bits of space are added to the original message in order to ensure confidentiality.
Padding length is the size of the added bits of space in the original message.
 Next Header: Next header means the next payload or next actual data.
 Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: The encryption algorithm is the document that describes various
encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity
service. Authentication Header is implemented in one way only: Authentication along with
Integrity.
Authentication Header covers the packet format and general issues related to the use of AH for
packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of documents that
describe the authentication algorithm used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and ESP
protocols. It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how the keys are
exchanged between sender and receiver.

What is Encapsulating Security Payload ?

Cyber Security is the branch of computer technology that deals with the security of the virtual cloud
and internet. Any information that is stored or transmitted through the cloud needs to be secure and
safe. Cyber Networking plays a very important role in maintaining that the connection established
is secured and content goes through a secured/ safe channel for transmission.
Security in the network is very important and can’t be compromised in any situation. Security in
Networking particularly in IP Sec or IP Network Security is significant and has some characteristics
associated with it.
Characteristics Associated with IPSec:
1. The standardized algorithms present in IP Sec are SHA and MD5.
2. IPSec uniquely identifies every packet, and then authentication is carried out based on verifying
the same uniqueness of the packet.
3. IP network or IPSec has an ESP present in it for security purposes.
Here, we will discuss ESP, the structure of ESP, and its importance in security.
Encapsulation security payload, also abbreviated as ESP plays a very important role in network
security. ESP or Encapsulation security payload is an individual protocol in IPSec. ESP is
responsible for the CIA triad of security (Confidentiality, Integrity, Availability), which is
considered significant only when encryption is carried along with them. Securing all payload/
packets/ content in IPv4 and IPv6 is the responsibility of ESP.

As the name suggests, it involves encapsulation of the content/ payload encrypts it to suitable form
and then there a security check or authentication takes place for payload in IP Network.
Encryption/ encapsulation and security/ authentication make the payload extremely secure and safe
from any kind of harm or threat to content/ data/ payload being stolen by any third party. The
encryption process is performed by authenticated user, similarly, the decryption process is carried
out only when the receiver is verified, thus making the entire process very smooth and secure. The
entire encryption that is performed by ESP is carried on the principle of the integrity of payload and
not on the typical IP header.

Working of ESP:

1. Encapsulating Security Payload supports both main Transport layer protocols: IPv4 and IPv6
protocols.
2. It performs the functioning of encryption in headers of Internet Protocol or in general say, it
resides and performs functions in IP Header.
3. One important thing to note here is that the insertion of ESP is between Internet Protocol and
other protocols such as UDP/ TCP/ ICMP.

Modes in ESP:

Encapsulating Security Payload supports two modes, i.e. Transport mode, and tunnel mode.
Tunnel mode:
1. Mandatory in Gateway, tunnel mode holds utmost importance.
2. Here, a new IP Header is created which is used as the outer IP Header followed by ESP.
Transport mode:
1. Here, IP Header is not protected via encryption or authentication, making it vulnerable to threats
2. Less processing is seen in this mode, so the inclusion of ESP is preferred

Advantages:

Below listed are the advantages of Encapsulating Security Payload:

1. Encrypting data to provide security
2. Maintaining a secure gateway for data/ message transmission
3. Properly authenticating the origin of data
4. Providing needed data integrity
5. Maintaining data confidentiality
6. Helping with antireplay service using authentication header

Disadvantages:

Below listed are the disadvantages of Encapsulating Security Payload:

1. There is a restriction on the encryption method to be used
2. For global use and implementation, weaker encryptions are mandatory to use
Components of ESP:

An important point to note is that authentication and security are not provided for the entire IP
packet in transport mode. On the other hand for the tunnel mode, the entire IP packet along with the
new packet header is encapsulated.
ESP structure is composed of the following parts as shown below :

The diagrammatic representation of ESP has the below-mentioned components :

1. Security Parameter :
 Security parameters are assigned a size of 32 bits for use
 Security Parameter is mandatory to security parameter in ESP for security links and associations
2. Sequence Number:
 The sequence number is 32 bits in size and works as an incremental counter.
 The first packet has a sequence number 1 assigned to it whenever sent through SA
3. Payload Data:
 Payload data don’t have fixed size and are variable in size to use
 It refers to the data/ content that is provided security by the method of encryption
4. Padding:
 Padding has an assigned size of 0-255 bytes assigned to it.
 Padding is done to ensure that the payload data which needs to be sent securely fits into the
cipher block correctly, so for this padding payloads come to the rescue.
5. Pad Length:
 Pad Length is assigned the size of 8 bits to use
 It is a measure of pad bytes that are preceding
6. Next Header:
 The next header is associated with a size of 8 bits to use
 It is responsible for determining the data type of payload by studying the first header of the
payload
7. Authentication Data:
 The size associated with authentication data is variable and never fixed for use-case
 Authentication data is an optional field that is applicable only when SA is selected. It serves the
purpose of providing integrity

What is Authentication Header (AH) format?

Authentication Header (AH) is used to provide integrity and authentication to IP datagrams. Replay
protection is also possible. The services are connectionless, that means they work on a per-packet
basis.

AH is used in two modes as follows −

 Transport mode
 Tunnel mode

AH authenticates are the same as IP datagram. In transport mode, some fields in the IP header change
en-route and their value cannot be predicted by the receiver. These fields are called mutable and they
are not protected by AH.

Mutable IPv4 fields

The mutable IPv4 fields are as follows −

 Type of service (TOS)

 Flags
 Fragment offset
 Time to live (TTL)
 Header checksum

To protect these fields, tunnelling must be used. The payload of the IP packet is considered
immutable and is always protected by AH.

 AH processing is applied only to non-fragmented IP packets. Whereas an IP packet with AH

applied can be fragmented by intermediate routers.
 In this case, the destination first reassembles the packet and then applies AH processing to it.
 If an IP packet that appears to be a fragment is input to AH processing, and it is discarded.
 This prevents the overlapping fragment attack, which misuses the fragment reassembly
algorithm to create forged packets and force them through a firewall.
 Packets that fail authentication are discarded and never delivered to upper layers.
 This mode of operation greatly reduces the chances of successful denial-of-service attacks.
AH format

The AH format is described in RFC 2402. The below shows the position of the Authentication Header
fields in the IP packet.

The fields are as follows −

Next header

It is an 8-bit field which identifies the type of what follows. The value of this field is chosen from the
set of IP header protocol fields, which is set to 51, and the value that would have gone in the protocol
field goes in the AH next header field.

Payload length

It is an 8 bits long field and contains the length of the AH header expressed in 32-bit words, minus 2.
It does not relate to the actual payload length of the IP packet. Suppose if default options are used, the
value is 4 (three 32-bit fixed words plus three 32-bit words of authentication data minus two).

Reserved

It is reserved for future use. Its length is 16 bits and it is set to zero.

Security parameter index (SPI)

It is 32 bits in length.

Sequence number

This 32-bit field is a monotonically increasing counter, which is used for replay protection. It is an
optional field. The sender always includes this field, and it is at the discretion of the receiver to
process it or not. Starting the sequence number is initialized to zero. The first packet transmitted using
the SA has a sequence number of 1. Sequence numbers are not allowed to repeat.
Authentication data

This is a variable-length field containing the Integrity Check Value (ICV), and is padded to 32 bits for
IPv4 or 64 bits for IPv6.

Authentication Header : The question may arise, that how IP header will know that adjacent
Extension header is Authentication Header. Well, there is protocol field in IP Header which
tells type of header that is present in packet. So, protocol field in IP Header should have value
of “51” in order to detect Authentication Header.

Modes of operations in Authentication Header:

There are two modes in the authentication header
 Authentication Header Transport Mode:
 Authentication Header Tunnel Mode:
1. Authentication Header Transport Mode: In the authentication header transport mode, it is
lies between the original IP Header and IP Packets original TCP header.
2. Authentication Header Tunnel Mode: In this authentication header tunnel mode, the original
IP packet is authenticated entire and the authentication header is inserted between the original
IP header and new outer IP header. Here, the inner IP header contains the ultimate source IP
address and destination IP address. whereas the outer IP header contains different IP address
that is IP address of the firewalls or other security gateways.

IPSec Security Associations (SAs)

The concept of a security association (SA) is fundamental to IPSec. An SA is a relationship between

two or more entities that describes how the entities will use security services to communicate
securely. IPSec provides many options for performing network encryption and authentication. Each
IPSec connection can provide encryption, integrity, authenticity, or all three. When the security
service is determined, the two IPSec peers must determine exactly which algorithms to use (for
example, DES or 3DES for encryption, MD5 or SHA for integrity). After deciding on the algorithms,
the two devices must share session keys. As you can see, there is quite a bit of information to manage.
The security association is the method that IPSec uses to track all the particulars concerning a given
IPSec communication session. You will need to configure SA parameters and monitor SAs on Cisco
routers and the PIX Firewall.