UNIT-IV

• E- Mail Security: Pretty Good Privacy, S/MIME.

• IP Security: IP overview, IP
Security architecture, Security Header,
security payload, combining security encapsulating
Authentication association,
Key management.
 Electronic mail Security
□ Email is one of the most widely used and best network service.

□ But according to some mail service providers, it is not secure.

□ Message may be observed by third party while transmission.

□ Email list is the list of destination mail addresses.

□ In implementation of email list , there are two exploring

mechanisms involved:

□ 1. Remote explorer : In this sender sends an email to the server who

keeps the email list and distribute emails to all members in the
list.
 Electronic mail Security
□ 2. Local explorer : Sender gets the list from server and distributes
email to the members in the list.

□ In both , there is the need of security services for these mails and
mailing list like :

□ Privacy , Proof of delivery of mail , Authentication ,

Confidentiality regarding message flow, Integrity , Security
from self destruct, Non repudiation, Proof of submission of
mail , Integrity regarding message sequence.

□ Threats to E-mail :
□ Loss of Confidentiality , Loss of integrity , Lack of Data
origin Authentication , Lack of non Repudiation , Lack of
notification of receipt .
 Electronic mail Security
□ Threats Enabled by E-mail :
□ 1. Exposure of systems to malicious code : Email is one of the tool by
which computer viruses spread.

□ Intruders using java script or VB script to the mails for spreading

viruses.

□ 2. Exposure of systems to denial of service attacks : Intruders use a

small program that sends mails to a client attack so there is a chance
of denial of service attack.

□ 3. Spamming : Spam wastes bandwidth and it decreases

productivity.

□ 4. Relaying and Blacklisting : Wrong configuration of relaying

 Electronic mail Security
□ Sometime all e-mails from vulnerable client get blocked by mail
server using blacklist

□ 5. Unauthorized Access to systems : Mail servers themselves are

vulnerable , because they are also attacked to external networks.

□ Sometimes it leads to your mail server is used as attack platform on

other system

□ To overcome these threats, secure e-mail standards provides two

important concepts : PGP and S/MIME.
 (PGP)
□ PGP was developed by Zimmermann in 1980 and first version was
released in 1991

□ PGP is high security cryptographic applications which allows people

to exchange messages or file with privacy ,confidentiality , integrity ,
and authentication.

□ PGP provides a confidentiality and authentication service that can

be used for e-mail and file storage applications.

□ PGP is used for signing , encrypting , and decrypting e-mails to

increase the security of e-mail communications.

□ PGP is mainly used to provide privacy that is to store and transmit

your data so that only selected people may view their contents .
 Pretty Good Privacy (PGP)
□ Objectives of PGP :
□ So many reasons are there for this growth :

□ It is available free worldwide and in commercial versions

□ Operating system independent that run on platforms like

windows
, unix etc.

□ Based on the popular algorithms that are considered more secure

like RSA,DSS , IDEA, 3-DES, SHA-1.

□ PGP is now an internet standards (RFC 3156)

□ It is not controlled by government or standards organization.
 Pretty Good Privacy (PGP)
□ Guidelines of PGP : Zimmerman developed PGP and he has done
the following :

□ Best available cryptographic algorithms used as building block.

□ Integrated these algorithms into a general –purpose application.

□ It is independent of operating system and processor and Simple

command to use.

□ Made total documentation including source code freely available via

internet.
 Pretty Good Privacy (PGP)
□ Notations :
□ Following are some notations and their symbols which are used :
□ Ks = session key used in symmetric encryption
□ PRa = private key of user A, used in public encryption
□ PUa = public key of user A ,used in public key encryption
□ EP = public key encryption
□ DP =public key decryption
□ EC = symmetric encryption
□ DC = symmetric decryption
□ H = hash function
□ l l = concatenation
□ Z = compression using zip algorithm
□ R64 = conversion to radix 64 ASCII format
 (PGP)
□ PGP services /operations :
□ The actual operation of PGP , as opposed to the management of
keys , consists of four services :

□ Authentication (digital signatures) , Confidentiality (message

encryption), compression and e-mail compatibility.

□ Authentication : Fig. illustrates the digital signature service provided

by PGP.

□ The sequence is as follows :

□ 1. Sender creates message

□ 2. SHA-1 is used to produce 160-bit hash code of message

 Pretty Good Privacy (PGP)
□ 3. Hash code is encrypted with RSA using senders private key and
result is pre-pended to the message

□ 4. Receiver decrypts & recovers hash code using RSA with senders
public key

□ 5. Receiver generates new hash code for message and compares it

with decrypted hash code and matches and verifies to be authentic.
Pretty Good Privacy (PGP)
 PGP Operation – Confidentiality
□ Confidentiality :
□ The another basic service provided by PGP is confidentiality.

□ The symmetric encryption algorithm CAST-128 may be used.

□ Alternatively ,IDEA or 3DES is used.

□ The 64-bit cipher feed back mode is used.

□ In PGP , each symmetric key is used only once.

□ A new key (session key) is generated as a random 128-bit number for

each message.
 PGP Operation –
Confidentiality
□ This session key is bound with the message and transmitted with it.

□ To protect the session key , it is encrypted with receiver’s public

key.

□ Fig. illustrates the sequence as follows :

□ 1. Sender generates a message and 128-bit random session key for
this message.

□ 2. The message is encrypted with session key using CAST-128 (or

IDEA or 3DES)

□ 3. The session key is encrypted with RSA using receiver’s public key
and pre-pended with message.
 PGP Operation – Confidentiality
□ 4.The receiver uses RSA with its private key to decrypt and recover
the session key.
□ 5. The session key is used to decrypt the message.
 PGP Operation – Confidentiality and
Authentication
□ Confidentiality and Authentication : To increase the trust of any
service, both confidentiality and authentication should be provided.

□ Figure illustrates both services may be used for same message.

□ Firstly , a signature is generated for the message and it is pre-pended

to the message according to authentication sequence.

□ Then message plus signature is encrypted using128-bit random

session key and CAST-128 (IDEA or 3DES) , and session key is
encrypted using RSA.

□ Receiver decrypts the signed message by using its private key and
recovers session key.
 PGP Operation – Confidentiality and Authentication
□ when both services are used, the sender first signs the message with
its own private key, then encrypt the message with a session key ,
and finally encrypts the session key with receiver’s public key.
 PGP Operation –
Compression ,email
compatibility
□ Compression:
□ By default , PGP compresses the message after applying the
signatures but before encryption.

□ 1. The signature is generated before compression for two

reasons :

□ A. It is more convenient to store uncompressed message along with

signature for future verification.

□ B. If one signed a compressed document , then it would be necessary

either to store a compressed version of message for later verification
or to recompress the message when verification is required.
 PGP Operation – Compression ,email
□ 2. The message encryption is applied
compatibility
after compression to
strengthen cryptographic security because :

□ A. The compressed message has less redundancy than original

plaintext.

□ B. Thus cryptanalysis is more difficult.

□ Email Compatibility :
□ In all above cases PGP sends message in encrypted form
(binary data)

□ However email systems was designed only for ASCII text

 PGP Operation –
Compression ,email
compatibility
□ PGP must encode raw binary data into printable ASCII characters for
transmission.

□ This is called e-mail compatible conversion.

□ It uses radix-64 conversion algorithm.

□ Maps 3 bytes to 4 printable ASCII characters output.

□ Also appends a CRC to find transmission errors.

□ PGP also segments messages if too big

 Key management of
PGP
□ PGP makes use of four types of Keys :
□ One time session symmetric keys
□ Public Keys
□ Private keys
□ Passphrase –based symmetric keys.
□ Three requirements are there with respect to these keys :
□ 1. A means of generating session keys is needed.

□ 2. Allow user to have multiple public –key/ private –key pairs because
user may change his key pair from time to time.
□ So some means is needed for identifying particular keys.

□ 3. Each PGP entity must maintain a file of its own public/private key
pairs as well as file of public keys of correspondents.
 Key management of
PGP
□ Session key generation :
□ Algorithm used for session key is CAST-128.

□ Input given to CAST -128 is a 128- bit random generated key

and here two 64 bits plaintexts are to be encrypted.

□ The cipher feedback mode generates two 64-bit ciphers that forms
session key.
□ Key Identifiers :
□ One important observation drawn in PGP is that it has multiple public
keys.

□ How recipient know which of its public keys was used to encrypt the
session key.
 Key management of PGP
□ To solve this problem key identification is required.

□ There is a need of sending receiver's public key ID because it is used

for encrypting session key.

□ Other need is send the sender’s public key ID whose private key used
for signature.

□General format of PGP message :

□ A message consist of three components :

□ (a). Message component : Contains actual data to be stored or

transmitted , filename ,timestamp that specifies time of creation.
□ (b) . Signature component :
□ It Contains following :

□ Timestamp (the time at which signature was made)

□ Message digest that is a 160-bit SHA-1 digest encrypted with senders

private key

□ Leading two octets of message digest : makes the receiver to

determine if the correct public key was to decrypt the message digest
for authentication

□ Key ID of sender’s public key : Identifies public key that should be

used to decrypt message digest and identifies private key that was
used to encrypt message digest.
□ (c). The session key component : includes encrypted session key and
key ID of receiver’s public key. Figure : PGP Message Format
 Rings
□ To overcome the difficulty of sending key identifications with every
message each PGP user has a pair of key rings:

□ Public-key ring contains all the public-keys of other PGP users known
to this user, indexed by key ID

□ Private-key ring contains the public/private key pair(s) for this user,
indexed by key ID & encrypted keyed from a hashed passphrase.
PGP Key Rings
 PGP Trust
Model
□ PGP does not include any specification for establishing certifying
authorities pr for establishing trust, it provides a better way of using
trust ,associating trust with public keys and exploiting trust
information.

□ Figure shows public key ring structure regarding trust. Complete trust
is given for You , each other node in the key ring has OWNERTRUST
value.

□ A,B are partially trusted by You to sign keys , D,E,F are fully trusted by
You to sign keys, C,H,M ,N,O,P,Q are keys that are deemed legitimate
by You .G,I,J,K are not having trust.
Model
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)

□ It is a security enhancement to MIME internet e-mail standard .

□ Original Internet standard RFC822 email can be able to transfer

text content only.

□ MIME provided support for various content types and multi-part

messages.

□ It used encoding of binary data to textual form.

□ S/MIME added security enhancements.

 S/MIME ( Secure/Multipurpose Internet Mail Extensions)
□ S/MIME has support in many mail agents like MS Outlook, Mozilla,
Mac Mail etc.

□ It originated from RSA data security in1995.

□ Version 3 of S/MIME specified in RFC 2630-2634.

□ Before S/MIME ,we need to understand about underlying e-mail

format MIME that is used by S/MIME.

□ But to understand it ,we need to go back to traditional e-mail format

standard i.e. RFC 822 which is still in common use.
 S/MIME (Secure/Multipurpose Internet Mail Extensions)
□ The most recent version of this format is RFC 5322 (Internet massage
format).

□ It is one of the commonly used internet based standard.

□ In this standard text mail messages that are transmitted by internet is

defined.
□ These message consist of envelope and contents.
□ Envelope has the information required for performing transmission
and delivery

□ Content contain object that is to be delivered to actual receiver.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
□ Message structure of RFC 5322 consist of following two
fields :
□ Header field : Used by user agent who is part of mail system.
□ It consist of header lines that starts with keywords like from ,to ,date,
and subject.
□ Keyword are followed by colon, which is followed by arguments of
keyword.
□ Body field : It consist of unrestricted ASCII text.
□ It is separated from header file by a blank line.
 (Secure/Multip
urpose
Internet Mail
□ Another field is commonly found in RFC5322 is Message ID .
Extensions)
□ It contains unique identifier associated with the message.

□ MIME (Multipurpose Internet Mail Extensions ) :

□ It was developed to overcome the problems of SMTP.

□ Some of the limitations and problems are :

□ SMTP cannot transmit executable file, cannot transmit data that

contains uni-code characters, cannot transfer over a size limit ,
cannot handle non-textual data.
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
□ Common problems are :
□ Wrapping of lines longer than 76 characters.

□ Removal of trailing white space.

□ Padding of lines in a message to same length.

□ Conversion of tab characters into space characters.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
□ Overview of MIME :
□ The MIME specification includes the following component :
□ 1. Five new message header fields that provide information about
the body of the message.

□ 2. A number of content types (formats)

□ 3. Transfer encoding techniques that enable conversion of any

format into the form that is protected from any change in mail
system.

□ The five message header fields defined in MIME

 S/MIME (Secure/Multipurpose Internet
Mail Extensions)
□ b. Content Type : Describe data contained in body with sufficient
details that receiver agent use to pick agent to represent data to
user.
□ c. Content- transfer –encoding : Indicate type of transformation used
to represent body of message that acceptable for mail transport.
□ d. Content –ID : Used to identify MIME entities in multiple contexts.
□ e. Content – Description : A text description of object with the body,
this is useful when object is not readable.
□ MIME content Type (formats) :
□ Content type declares general type of data , and subtype specify
particular format for that type of that data.
MIME content type
table :
Encodings :
Other major component of the MIME specification is transfer
encoding techniques.
There are six different MIME transfer encoding techniques.
 S/MIME :
In term of functionality , S/MIME is similar to PGP.
Digital signature , confidentiality , integrity services are provided by
both.

Following are the functions of S/MIME :

1.Enveloped data : It contains encrypted content of any type along with
encrypted keys for one or more receivers

2.Signed Data : To create a digital signature, the hash code of the

content is signed and then encrypted using signer’s private key.

Later on signature and content are encoded using base64

encoding.

3.Clear-signed data : A digital signature of the content is formed. But in

□ 4. Signed and enveloped data :
□ Entities that are signed-only ,encrypted –only be nested to sign the
encrypted data and encrypt the signed or clearly –signed data.

□ S/MIME Cryptographic Algorithms :

• Digital signatures: DSS & RSA

• Hash functions: SHA-1 & MD5
• Session key encryption: ElGamal & RSA
• Message encryption: AES, Triple-DES, RC2/40 and others
• MAC: HMAC with SHA-1
• Have process to decide which algorithms to use.
□ S/MIME Messages :
□ S/MIME secures a MIME entity with a signature, encryption, or both

□ Forming a MIME wrapped PKCS object

□ Have a range of content-types:

□ Enveloped data

□ Signed data

□ Clear-signed data

□ Registration request

□ Certificate only message

□ S/MIME Certificate Processing :
□ S/MIME uses X.509 v3 certificates

□ Managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of

trust.

□ Each client has a list of trusted CA’s certificates

□ Own public/private key pairs & certificates

□ Certificates must be signed by trusted CA’s

□ Certificate Authorities :
□ Have several well-known CA’s
• VeriSign one of most widely used.

• VeriSign issues several types of Digital IDs

• Increasing levels of checks & hence increased trust.

□ S/MIME Enhanced Security Services :

□ 3 proposed enhanced security services:
□ Signed receipts

□ Security labels

□ Secure mailing lists

 IP Security
□ IP security is a set of services and not a protocol.

□ IPSec is a capability that can be added to either current version of

Internet Protocol (IPv4 or IPv6 ) by means of additional headers.

□ IPSec covers three areas of functionality that is authentication ,

confidentiality and key management.

□ IPSec encrypts and authenticates all data traffic at the IP level.

□ Have a range of application specific security mechanisms for

application areas like e-mail (S/MIME, PGP), client server (Kerberos),
Web access (SSL/HTTPS)
 y
□ However there are security concerns that cut across protocol layers.

□ By implementing security at the IP level , an organization can ensure

networking not only for applications that have security mechanisms
but for security –ignorant applications.

□ Applicable to use over LANs, across public & private WANs, & for the
Internet

□ IP Security Overview :
□ In 1994, Internet Architecture Board (IAB) issued report “security in
the Internet Architecture “RFC 1636.

□ IAB decided that authentication , integrity , encryption must be a part

of next generation version of IP protocol IPv6.
□ Fortunately these security designed to be used with the current IPv4
and IPv6.

□ The outcome of the study and IAB’s report is the protocol for
providing security at the IP levels called as IP security.

□ Applications of IP Security :
□ IPSec provided the capability to provide secure communication
across LAN, WAN and internet.
□ Following are the examples of uses/applications of
IPSec :
□ Creation of virtual private network :
□ Using IPSec, any organization can develop its own secure ,VPN on
internet.
□ So ,need of private network is reduced and it enables to rely on
internet saving costs and overhead.
□ Secure Remote access over internet :
□ IPSec enables ‘remote user to securely access company’s network.

□ Means user having IP security protocols can make a local call to an

ISP and get secure access to company’s network and reduce
transport charges.

□ Establishing extranet and intranet connectivity with partners :

□ IPSec issues like authentication, confidentiality , key management

will provide secure and reliable communication among various
organizations whether communication is intranet or extranet.

□ Improving E-commerce security :

□ Some e-commerce and web applications have in-built security
protocols, but IPSec enhance that security.
 Security
□ The principal feature of IPSec which allow it to support various
applications is that it can encrypt and authenticate all traffic at IP
level.

□ So all applications (remote login ,client server ,email ,file transfer ,

web access) can be secured.

□ Some of the Benefits of IPSec are :

□ 1. IPSec can be implemented in firewall.

□ It provide powerful security check on all incoming and outgoing

packets.

□ 2. Firewall uses IPSec to restrict all those incoming packets which are
not using IP.
 Security
□ Since firewall is the only way to enter from the internet into the
organization , restricted packets cannot enter.

□ 3. All the operation of IPSec are transparent to other applications

because it is present below transport layer and at the IP layer.

□ 4. IPSec can be easily implemented in a firewall and does not require

any changes on the client or server system software.

□ 5. IPSec does not require additional training to be given to the users

because IPSec can be transparent to end users.

□ 6.IPSec can provide security for individual users if needed.

 Architecture
□ IPSec (IP Security) architecture uses two protocols to secure
the traffic or data flow.
□ These protocols are ESP (Encapsulation Security Payload) and
AH (Authentication Header).
□ IPSec Architecture includes protocols, algorithms, DOI, and
Key Management.
□ All these components are very important in order to provide
the three main services:
□ IP Security is a mechanism which includes various components.
□ The whole IPSec architecture involves three components :
□ IPSec Documents
□ IPSec Services
□ Security Associations (SA)
IP Security
Architecture:
 Architecture
❑ IPSec Documents : IPSec can be defined by using number of
documents including RFC’s 2401,2402,2406,2408
□ Released in 1998 to describe extension of packet Authentication
Header(AH) packet encryption (ESP) to describe security architecture.
□ The IPSec specification is divided into RFC’s and IETF documents
making it most difficult and complex.
□ The document can be categorized into following
groups :
□ Architecture : Covers general concepts security requirements
,definitions, mechanisms, notations/rules defining IPSec technology
with requirements for providing security.

□ Authentication Header (AH): AH is an extension Header to provide

message authentication.
□ Current specification is RFC 4301 (security architecture for Internet
 Architecture
□ Encapsulating Security Payload : ESP consist of an encapsulating
header and trailer used to provide encryption or combined
encryption/authentication.

□ Current specification is RFC 4303(IP encapsulating security

payload)

□ Internet Key Exchange (key management) :

□ This is a collection of documents describing the key management
schemes used with IPSec.

□ The main specification is Internet key exchange IKEv2 protocol.

□ Cryptographic Algorithms : It includes set of documents that define

and describe implementation procedure of encryption algorithms for
encryption ,message authentication ,key exchange.
 Architecture
□ Domain of interpretation :
□ It contains the relational values between the different documents
including identifiers and parameters needed for encryption and
authentication algorithms

2. IP Security Services :
□ IPSec provides security services at the IP layer by a system
which select required security protocols
□
□ Determine algorithms and cryptographic keys required to provide the
requested services.
 Architecture
□ IPSec architecture use two protocols to provide security at
IP level :
□ Authentication Header (AH): an authentication protocol
designated by header of protocol.

□ Encapsulating security payload (ESP) : a combined

encryption/authentication protocol designated by the format of the
packet of that protocol.
 Architecture
□ The IPSec services are as follows :
□ Access Control : Here cryptographic keys are distributed and traffic
flow is controlled in both AH and ESP protocols.

□ Connectionless Integrity : Data integrity service is provided by IPSec

through AH which prevents data from any alteration(change) during
transmission.

□ Data origin Authentication: This IPSec service prevents the

occurrence of replay attacks ,address spoofing etc.

□ Confidentiality : It is obtained by using en encryption technique in

which all data packets are transformed into cipher text.
 Architecture
□ Limited traffic flow confidentiality : This service ensures that
confidentiality is maintained on number of packets transferred or
received.
□ Rejection of replayed packets : The duplicate or replayed packets are
rejected using sequence number field in both AH and ESP.

3. Security Association (SA) :

□ Security Association is one-way logical relationship or connection
between sender and receiver.

□ The connection provided by SA is one way only , so two SA’s are

needed for bi-directional communication i.e. one for each direction.
 Architecture
□ The Security Association is uniquely identified by three essential
parameters :

□ 1. Security parameter index (SPI) : This parameter used to indicate

the type of SA.

□ The AH and ESP include this field in their respective header which
allow the receiving system to select type of SA under which received
packet is processed.

□ Destination IP Address : This parameter represents the IP address of

the destination of SA. Destination can be firewall or router.

□ Security protocol Identifier :This parameter or this field

indicates type of association i.e. either AH security association or
ESP security association.
 Architecture
□Security Association Database :
□ The implementation of IPSec contains SA database which defines
parameters related with each SA.

□ Following are parameters on which SA depends or by

which SA is defined in Security Association Database :

□ Sequence number counter : The AH and ESP header use this

parameter to generate 32-bit sequence number field.

□ Sequence counter overflow : If sequence counter overflows due to

more packets received , an event is generated by flag which stops
further transmission
 Architecture
□ Anti-replay window : This window is used to avoid impact of a replay
attack i.e. this window is used to determine whether incoming packet
is duplicate copy or new.

□ AH Information : Consist information used for AH implementation

like types of authentication algorithm ,keys, Lifetime of keys and
related parameters.

□ ESP Information : Consist information about authentication and

encryption algorithms ,keys ,lifetime for keys, values initialized used
for ESP implementation.

□ Lifetime of security Association : Represents duration of time

assigned to SA i.e. Once the time expires , SA is terminated or
replaced
 Authentication Header
The authentication header AH is a protocol and a part of IPSec , which
authenticates the origin of IP Packets and generates integrity.

It provides integrity and authentication of IP packets.

It makes end users to authenticate opposite users to take decision

whether to accept or reject the packets.

The Authentication Header consist of following fields :

Next Header : This field is of 8 bits in size and is used to determine type
of succeeding header

Payload length : It is also of 8 bits in size and specifies length of AH

 Authentication Header
Reserved : AH contains 16 bits reserved for future
use.

Security parameter Index :32 bit used to represent SA with this packet.

Sequence number : Represents repetitive increasing counter value used

to protect against replay attacks.

Authentication Data : This field is not fixed length field and contains
Integrity check value used for authentication of AH packet.
 (ESP)
It is a protocol which provides data confidentiality, also provides origin
authentication , data integrity checking and replay protection.

It consist of following fields :

Security parameter index : A 32 bit field which determines the security
association

Sequence Number : This field is used to represent a monotonically

increasing number assigned to each received packet to avoid replay
attacks.

Payload Data : This field represents the encrypted data which is to be

transferred.
□ Padding (0-255 bits): Padding field is used to make length of
plaintext to be the multiple of desired number of bytes.

□ Padding Length (8 bits): This field represents length of padding

applied to the data.

□ Next Header : 8-bit in size and represents type of header which

follows this header.

□ Some default values are assigned to protocol headers i.e. value of

TCP is 6,UDP is 17 and IP is 4.

□ Authentication Data : It is of variable length (length depends on SA )

and contains an Integrity check value.
□ IPSec protocol mode : It represents type of mode used for IPSec
implementation

□ Mode can be tunnel mode or transport mode.

□ Path MTU : Represents maximum allowable size for a packet i.e.

maximum data packet can hold during transmission.
□ IP Security modes :
□ We know that there are two IP security protocols , one is AH and ESP.
□ Both AH and ESP supports two modes of use :

□ Transport mode and Tunnel mode

□ There are four possible combination of modes and protocol :

□ AH in transport mode , AH in tunnel mode

□ ESP in transport mode , ESP in tunnel mode

□ AH in tunnel mode is not used because it protects same data that AH

protects in transport mode.
□ Transport mode :
□ Provide protection for upper layer protocols.

□ Transport mode protection extends to the payload of an IP packet

□ In transport mode , AH and ESP protect the transport header.

□ Transport mode is used for end-to-end connection between

two hosts i.e. Client and server or between two workstations.
□ Tunnel mode :
□ Tunnel mode provide protection to entire IP packet.
□ To achieve this , after the AH or ESP fields are added to the IP
packet

□ Entire packet plus security fields is treated as the payload of

new outer IP packet with a new outer IP header.
 Associations
□ It is mandatory to implement multiple SA’s for the same traffic flow
which requires both AH and ESP protocol services.

□ The combination of SA’s needed for processing a traffic flow to

provide the required IPSec services can be termed as SA bundle.

□ There are two ways in which SA bundle can be formed

:
□ Transport Adjacency : Single IP packet is provided with more than
one security protocol without applying tunnelling mechanism

□ AH and ESP protocols are combined and applied to a single IP

packet.

□ Repeated Tunnelling : An IP packet which has a particular security

 Associations
□ Basic Combinations of Security Associations :
□ As per documents of IPSec architecture , SA’s can be
combined in four different ways that are supported by all the
nodes in IPSec

□ The nodes may be individually work-stations or server or firewall.

□ First Combination : The individuals nodes must utilize their own

IPSec services to get appropriate security.

□ The two nodes can communicate with each other by sharing their
respective secret keys through SA.
 Associations
□ Second combination : In this combination , the security of individual
nodes cannot be achieved by implementing services of IPSec,
□ Instead the security is provided at the gateways.

□ According to SA document, only one tunnel (i.e. AH , ESP ) or (ESP

with authentication ) is needed for this combination.

□ Third Combination : This combination is almost similar to the second

combination
□ But in addition provides security even to the nodes.

□ This combination make use of two tunnels, first gateway to gateway

and second for node to node.
 Associations
□ Either authentication or encryption or both can be provided by using
the gateway to gateway tunnel.

□ An additional IPSec service is provided to the individual nodes by

using node-to-node tunnel.

□ Fourth combination : This combination is suitable for serving remote

users

□ The end users sitting anywhere in the world can use the internet to
access the organizational workstations by firewall.
 Key Management
□ Key Management is related to the identification and distribution of
the secret keys.

□ AH and ESP consists of both transmission and receiving pairs.

□ For providing communication between two applications, we need

four keys , each for transmitting and receiving pairs for both AH and
ESP.

□ IPSec architecture supports two types of key

management

□ Manual : System admin manually configures each system with its

own keys and keys of the other communicating system .
□ It is practical for small environment.
 Key Management
□ Advantage : temporary implementation is easier

□ Disadvantage : Not scalable , do not support anti-replay feature in

both AH and ESP.

□ Automated : This system enables on demand creation of keys for

SA’s and facilitates use of keys in large distributed system with an
evolving configuration.

□ Advantage : Scalable to large networks and across administrative

boundaries

□ Disadvantage : This system requires PKI for complete

authentication.
 Key Management
□ Internet Key Exchange (IKE): It is a tool which automates the key
management for IP security architecture.

□ IKE is a protocol designed to create both inbound and outbound

SA.

□ IKE protocol helps to negotiate the settings between two hosts that
implement IPSec.
 Key Management
□ IKE components :
□ Internet key exchange is based on three protocol shown:
□ Oakley :
□ It is based upon Diffie Hellman algorithm and uses mechanism
called cookies.

□ It specifies global parameters of the Diffie Hellman and provides

extra security.

□ Feature of Oakley :
□ Five important features of Oakley algorithm :
□ 1. It employs a mechanism known as “cookies” to oppose clogging
attacks.
 Key Management
□ In clogging attack, an opponent forges the source address of the
authenticated user and sends the public Diffie Hellman key to the
victim.

□ 2. It enables two parties to negotiate a group .

□ It supports the use of different groups for Diffie Hellman key

exchange.

□ 3. It uses nonce to ensure against replay attacks.

□ 4. It enables the exchange of Diffie Hellman public key

values.

□ 5. It authenticates Diffie Hellman key exchange to oppose man in

 Key Management
□ ISAKMP (Internet Security Association and Key
management protocol) :
□ The SA’s can be initiated ,edited , negotiated or eliminated by
implementing the procedures and formats of ISAKMP.

□ Every ISAKMP message must follow UDP transport layer protocol for
its implementation and consist of the following two sections :

□ ISAKMP Header

□ ISAKMP Payload
 Key Management
□ ISAKMP Header format :
□ The fields of ISAKMP message are as :

□ Cookie (Initiator) : It is a 64-bit cookie which is responsible for

establishments, notification or deletion of SA’s.

□ Cookie (Responder): It is of 64 bits in size and is responsible for

replying to Sa establishments , SA notification or SA deletion.

□ Next Payload : This field is an 8-bit field which defines first payload
type in ISAKMP message

□ Major Version and Minor version : 4 bits in size and are

used to define major and minor versions of ISAKMP
respectively.
format
 Key Management
□ Exchange type : It is an 8-bit field and is used to define the type of
exchange implemented.

□ Flags : Every ISAKMP message exchange needs to set certain options

prior to its transmission , which can be done by using flag bits.

□ Message ID : Every ISAKMP message is assigned a unique message ID

which differentiates it from other messages.

□ Length (32 bits) : This field defines total length of ISAKMP

message which includes ISAKMP header and ISAKMP payload.
 Key Management
□ ISAKMP Payload types :
□ All ISAKMP payloads begin with generic payload header.

□ The generic payload header fields are as follows :

□ Next Payload (1 byte) : Identifies the payload type of next payload in
message.

□ Reserved (1 byte): Unused , set to 0.

□ Payload Length (2 bytes): Length of the current payload , including

generic payload
□ There are different ISAKMP payload types :
 Key Management
□ SA Payload : The SA Payload is used to negotiate security attributes
and to indicate Domain of Interpretation and situation under which
negotiation takes place

□ Proposal Payload : It contains information used during SA

negotiation.

□ Proposal consist of security mechanisms used to secure

communication channel.

□ Transform Payload : This payload consist of security

mechanism or transforms to be used to secure communication
channel.

□ It also contains SA attributes associated with specific transform.

 Key Management
□ Key Exchange Payload : This payload supports a variety of key
exchange technique.

□ Example are Oakley , Diffie Hellman ,Enhanced Diffie Hellman Key

exchange

□ Identification Payload : This payload contains DOI specific data used

to exchange identification information.

□ This information is used fro determining identities of communicating

peers.

□ Certificate Payload : This payload provides a means to

transport certificates or other certificate –relates information by
ISAKMP and appears in ISAKMP message
 Key Management
□ Key Exchange Payload : This payload supports a variety of key

□ Certificate Request Payload : This payload provides means

to request certificates by ISAKMP and appears in any
message.

□ Hash Payload : This payload contains data generated by the hash

function(selected during SA establishment exchange)

□ This payload may be used to verify the integrity of the data in an

ISAKMP message.
 Key Management
□ Signature Payload : It contains data generated by digital signature
function (selected during SA establishment exchange)

□ It is used for non repudiation services.

□ Nonce Payload : This Payload contains data used to guarantee

liveness during an exchange and protect against replay attacks.

□ Notification Payload : This Payload can obtain both ISAKMP and DOI
specific data and is used to transmit informational data such as error
conditions .

□ Delete Payload : This Payload contains a protocol –specific SA

identifier that sender has removed from its SA database and no
longer valid.
 Key Management
□ ISAKMP Exchanges :
□ An ISAKMP exchange type is defined by the ordering of ISAKMP
message and of payloads within these messages.

□ ISAKMP defines 5 default exchange types :

□ Base Exchange : Allows transmission of key exchange and

authentication data together.

□ Both are combined in one message reduces number of

round trips.
□ Disadvantage is that identities are not protected

□ Identity Protection Exchange : identity information is protected by

common shared which is established before.
□ Authentication Only Exchange : This exchange type transmits only
authentication data. Advantage is that no keys has to be
computed save time.

□ Aggressive Exchange : It allows SA , Key exchange and

authentication within only three messages.

□ Informational Exchange : It contains only one message which is

used for management purposes.

□ The initiator and responder can send a notification or delete

payload which is used for maintaining state of
communication.