Chapter 32

Security in the Internet:

IPSec, SSL/TLS

32.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
 Web Security
• Web now widely used by business, government,
individuals
• but Internet & Web are vulnerable
• have a variety of threats
• integrity
• confidentiality
• denial of service
• authentication
• need added security mechanisms

32.2
 32-2 SSL/TLS

Two protocols are dominant today for providing

security at the transport layer: the Secure Sockets
Layer (SSL) Protocol and the Transport Layer
Security (TLS) Protocol. The latter is actually an
IETF version of the former.
Topics discussed in this section:
SSL Services
Security Parameters
Sessions and Connections
Four Protocols
Transport Layer Security

32.3
 SSL Services
• Fragmentation

• Compression

• Message Integrity

• Confidentiality

• Server Authentication (Client Authentication is

optional)

32.4
 Figure 32.14 Location of SSL and TLS in the Internet model

32.5
 Figure 32.16 Four SSL protocols

32.6
 Figure 32.17 Handshake Protocol + ChangeCipherSpec Protocol

32.7
Figure 32.17 Handshake Protocol + ChangeCipherSpec Protocol
Figure 32.17 Handshake Protocol + ChangeCipherSpec Protocol
 Table 32.3 SSL cipher suite list

32.10
 Table 32.3 SSL cipher suite list (continued)

32.11
 Figure 32.17 Alert Protocol
 conveys SSL-related alerts to peer entity
 severity

warning or fatal
 specific alert

fatal (terminate conn.): unexpected
message, bad record mac, decompression
failure, handshake failure, illegal parameter

warning: close notify, no certificate, bad
certificate, unsupported certificate,
certificate revoked, certificate expired,
certificate unknown
 compressed & encrypted like all SSL data
32.12
 Figure 32.18 Processing done by the Record Protocol

32.13
 Note

The client and the server have six

different cryptography secrets.

32.14
 Figure 32.15 Creation of cryptographic secrets in SSL

32.15
 Figure 32.15 Creation of cryptographic secrets in SSL

32.16
 Figure 32.15 Creation of cryptographic secrets in SSL

32.17
 Figure 32.15 Creation of cryptographic secrets in SSL

32.18
 Connection vs Session

• SSL session
 an association between client & server
 created by the Handshake Protocol
 define a set of cryptographic parameters
 may be shared by multiple SSL connections
 Session State: Session identifier, Peer certificate, Compression method, Cipher
spec, Master secret, Is resumable

• SSL connection
 a transient, peer-to-peer, communications link
associated with 1 SSL session
 connection state: Server and client random, key materials, Seq. no.

32.19
 Connection vs Session

• Multiple “connections” (TCP) can be supported

under the same SSL session.
• To start a connection, Alice can send an existing
session ID.
• If Bob doesn’t remember the session ID Alice sent,
he responds with a different value.

32.20
TLS (Transport Layer Security)
 IETF standard RFC 2246 similar to SSLv3
 with minor differences
 in record format version number
 uses HMAC for MAC
 a pseudo-random function expands secrets
 has additional alert codes
 some changes in supported ciphers
 changes in certificate negotiations
 changes in use of padding

32.21
 Question

32.22
 32-1 IPSecurity (IPSec)

IPSecurity (IPSec) is a collection of protocols designed

by the Internet Engineering Task Force (IETF) to
provide security for a packet at the network level.

Topics discussed in this section:

Two Modes
Two Security Protocols
Security Association
Internet Key Exchange (IKE)
Virtual Private Network

32.23
 Figure 32.2 TCP/IP protocol suite and IPSec

32.24
 Figure 32.3 Transport mode and tunnel modes of IPSec protocol

32.25
 Note

IPSec in the transport mode does not

protect the IP header; it only protects
the information coming from the
transport layer.

32.26
 Figure 32.4 Transport mode in action

32.27
 Figure 32.5 Tunnel mode in action

32.28
 Note

IPSec in tunnel mode protects the

original IP header.

32.29
 IPSec Protocols

• Authentication Header (AH)

Goals: Source authentication & Msg. Integrity

• Encapsulating Security Payload (ESP)

Goals: Source authentication & Msg. Integrity &
Confidentiality

• Internet Key Exchange (IKE)

Goals: Establishing IPSec SA (Security Association)

32.30
 Figure 32.6 Authentication Header (AH) Protocol in transport mode

32.31
 Note

The AH Protocol provides source

authentication and data integrity,
but not privacy.

32.32
 Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode

32.33
 Note

ESP provides source authentication,

data integrity, and privacy.

32.34
 Scope of ESP

Transport Mode

Tunnel Mode

32.35
 Table 32.1 IPSec services

32.36
 Figure 32.8 Simple inbound and outbound security associations

32.37
 Note

IKE creates SAs for IPSec.

32.38
 Figure 32.9 IKE components

32.39
 IKE/ISAKMP Phases
Phase 1:
– does authenticated DH, establishes session key & “IKE SA”
– two possible modes: Main & Aggressive
– two keys are derived from the session key:
• SKEYID_e: to encrypt Phase 2 messages
• SKEYID_a: to authenticate Phase 2 messages
Phase 2:
– IPsec SA & session key established; messages encrypted &
authenticated with Phase 1 keys
– Additional DH exchange is optional

32.40
 Phases 1

Two possible modes:

• Main mode: 6 rounds
• Aggressive mode: 3 rounds

Types of authentication:
• MAC with pre-shared secret key
• digital signatures
• public key encryption
• original: all public key encryption
• revised: public + secret key encryption

32.41
 Phase 1 – Main Mode (generic)

32.42
 Phase 1 – Aggressive Mode (generic)

32.43
 Phase 2

• Establishes IPsec SA & session key

• Runs over the IKE SA established in Phase 1.
(message are encrypted/authenticated with Phase 1
keys)
• Key generation: based on Phase 1 key, SPI, nonces.
• DH exchange: Optional (for PFS).
• IPsec Traffic Selector: Established optionally.
Specifies what traffic is acceptable. (e.g., What
local/remote address and port numbers are allowed
to use this SA.)

32.44
 Phase 2

• X: pair of cookies generated in Phase 1

• Y: session identifier
• traffic: IPsec traffic selector (optional)
• CP: Cryptographic Parameters
32.45
 Table 32.2 Addresses for private networks

32.46
 Figure 32.10 Private network

32.47
 Figure 32.11 Hybrid network

32.48
 Figure 32.12 Virtual private network

An IPsec VPN is a VPN that uses the IPsec protocol suite to establish and
maintain the privacy of communication between devices, apps or
networks over the public internet. IPsec VPN uses "tunneling" to encrypt the
data that is being sent between the device and the VPN server.

32.49
 Figure 32.13 Addressing in a VPN

32.50
 Question

32.51