Network Security/Encryption

Techniques and Algorithms

 Security

• Freedom from risk or danger; safety.

• Freedom from doubt, anxiety, or fear;
confidence.
• Something that gives or assures safety.
• Security is a state of well-being of information
and infrastructures in which the possibility of
successful yet undetected theft, tampering,
and disruption of information and services is
kept low or tolerable
• Security rests on confidentiality, authenticity,
integrity, and availability
 The Basic Components
• Confidentiality is the concealment of information or
resources.
– E.g., only sender, intended receiver should “understand” message
contents
• Authenticity is the identification and assurance of the origin of
information.
• Integrity refers to the trustworthiness of data or resources in
terms of preventing improper and unauthorized changes.
• Availability refers to the ability to use the information or
resource desired.
 Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and operation.
• An attack is any action that violates security.
– Active adversary
• An attack has an implicit concept of “intent”
– Router mis-configuration or server crash can also cause
loss of availability, but they are not attacks
Friends and enemies: Alice, Bob, Trudy
• Bob, Alice want to communicate “securely”
• Trudy (intruder) may intercept, delete, add
messages
Alice Bob
data, control
channel
messages

data secure secure data

sender receiver

Trudy
 Eavesdropping - Message Interception
(Attack on Confidentiality)
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs

A B

Eavesdropper
Integrity Attack - Tampering With Messages

• Stop the flow of the message

• Delay and optionally modify the message
• Release the message again

A B

Perpetrator
 Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
identity

A B

Masquerader: from A
 Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit

A B

• Blatant denial of service (DoS):

– Crashing the server
– Overwhelm the server (use up its resource)
 Security Policy and Mechanism
• Policy: a statement of what is, and is not allowed.
• Mechanism: a procedure, tool, or method of
enforcing a policy.
• Security mechanisms implement functions that help
prevent, detect, and respond to recovery from
security attacks.
• Security functions are typically made available to
users as a set of security services through APIs or
integrated interfaces.
• Cryptography underlies many security mechanisms.
Model for Network Security
 Who is vulnerable?
• Financial institutions and banks
• Internet service providers
• Pharmaceutical companies
• Government and defense agencies
• Contractors to various government agencies
• Multinational corporations
• ANYONE ON THE NETWORK
 Problem
• Computer networks are typically a shared
resource used by many applications
representing different interests.
• The Internet is particularly widely shared,
being used by competing businesses,
governments, and opportunistic criminals.
• Unless security measures are taken, a network
conversation or a distributed application may
be compromised by an adversary.
• Consider some threats
– Suppose you are a customer using a credit card to order an
item from a website.
• An obvious threat is that an adversary would eavesdrop on your
network communication, reading your messages to obtain your
credit card information.
• It is possible and practical, however, to encrypt messages so as to
prevent an adversary from understanding the message contents. A
protocol that does so is said to provide confidentiality.
• Taking the concept a step farther, concealing the quantity or
destination of communication is called traffic confidentiality
• Even with confidentiality there still remain threats for
the website customer.
– An adversary who can’t read the contents of your encrypted
message might still be able to change a few bits in it,
resulting in a invalid order for, say, a completely different
item or perhaps 1000 units of the item.
– There are techniques to detect, if not prevent, such
tampering.
– A protocol that detects such message tampering provides
data integrity.
– The adversary could alternatively transmit an extra copy of
your message in a replay attack.
• To the website, it would appear as though you had simply
ordered another of the same item you ordered the first
time.
• A protocol that detects replays provides originality.
• Originality would not, however, preclude the adversary
intercepting your order, waiting a while, then transmitting it
—in effect, delaying your order.
• The adversary could thereby arrange for the item to arrive
on your doorstep while you are away on vacation, when it
can be easily snatched. A protocol that detects such delaying
tactics is said to provide timeliness.
• Another threat to the customer is unknowingly being directed
to a false website.
– This can result from a DNS attack, in which false information is entered
in a Domain Name Server or the name service cache of the customer’s
computer.
– This leads to translating a correct URL into an incorrect IP address—
the address of a false website.
– A protocol that ensures that you really are talking to whom you think
you’re talking is said to provide authentication.
• The owner of the website can be attacked as well. Some
websites have been defaced; the files that make up the
website content have been remotely accessed and
modified without authorization.
• That is an issue of access control: enforcing the rules
regarding who is allowed to do what. Websites have also
been subject to Denial of Service (DoS) attacks, during
which would-be customers are unable to access the
website because it is being overwhelmed by bogus
requests.
• Ensuring a degree of access is called availability.
• In addition to these issues, the Internet has notably
been used as a means for deploying malicious code that
exploits vulnerabilities in end-systems.
• Worms, pieces of self-replicating code that spread over
networks, have been known for several decades and
continue to cause problems, as do their relatives,
viruses, which are spread by the transmission of
“infected” files.
• Infected machines can then be arranged into botnets
which can be used to inflict further harm, such as
launching DoS attacks.
• Security attack – Any action that compromises the
security of information owned by an organization.
• Security mechanism – A mechanism that is designed
to detect, prevent or recover from a security attack.
• Security service – A service that enhances the
security of the data processing systems and the
information transfers of an organization. The
services are intended to counter security attacks and
they make use of one or more security mechanisms
to provide the service.
 SECURITY SERVICES
• Confidentiality: Ensures that the information in a computer system a n d
transmitted information are accessible only for reading by authorized parties. E.g.
Printing, displaying and other forms of disclosure.
• Authentication: Ensures that the origin of a message or electronic document is
correctly identified, with an assurance that the identity is not false.
• Integrity: Ensures that only authorized parties are able to modify computer system
assets and transmitted information. Modification includes writing, changing status,
deleting, creating and delaying or replaying of transmitted messages.
• Non repudiation: Requires that neither the sender nor the receiver of a message
be able to deny the transmission.
• Access control: Requires that access to information resources may be controlled by
or the target system.
• Availability: Requires that computer system assets be available to authorized
parties when needed.
 SECURITY MECHANISMS
• One of the most specific security mechanisms
in use is cryptographic techniques.
• Encryption or encryption-like transformations
of information are the most common means of
providing security. Some of the mechanisms are
• Encipherment
• Digital Signature
• Access Control
 SECURITY ATTACKS
Interruption
• An asset of the system is destroyed or becomes
unavailable or unusable. This is an attack on availability
e.g., destruction of piece of hardware, cutting of a
communication line or Disabling of file management
system.
Interception
• An unauthorized party gains access to an asset. This is an
attack on confidentiality. Unauthorized party could be a
person, a program or a computer. E.g., wire tapping to
capture data in the network, illicit copying of files
Modification
• An unauthorized party not only gains access to but
tampers with an asset. This is an attack on integrity. e.g.,
changing values in data file, altering a program,
modifying the contents of messages being transmitted in
a network.
Fabrication
• An unauthorized party inserts counterfeit objects into
the system. This is an attack on authenticity. e.g.,
insertion of spurious message in a network or addition of
records to a file.
 Passive Attacks
• Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted. Passive attacks are of two types:
• Release of message contents: A telephone conversation, an e-mail message
and a transferred file may contain sensitive or confidential information. We
would like to prevent the opponent from learning the contents of these
transmissions.
• Traffic analysis: If we had encryption protection in place, an opponent might
still be able to observe the pattern of the message. The opponent could
determine the location and identity of communication hosts and could
observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of communication that was
taking place.
• Passive attacks are very difficult to detect because they do not involve any
alteration of data.
• However, it is feasible to prevent the success of these attacks.
 Active attacks
• These attacks involve some modification of the data stream or the creation of a
false stream. These attacks can be classified in to four categories:
• Masquerade – One entity pretends to be a different entity.
• Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.
• Modification of messages – Some portion of message is altered or the messages
are delayed or recorded, to produce an unauthorized effect.
• Denial of service – Prevents or inhibits the normal use or management of
communication facilities. Another form of service denial is the disruption of an
entire network, either by disabling the network or overloading it with messages so
as to degrade performance.
• It is quite difficult to prevent active attacks absolutely, because to do so would
require physical protection of all communication facilities and paths at all times.
Instead, the goal is to detect them and to recover from any disruption or delays
caused by them.
Symmetric-key encryption and decryption
 Principles of Ciphers
• Encryption transforms a message in such a way that it
becomes unintelligible to any party that does not have the
secret of how to reverse the transformation.
• The sender applies an encryption function to the original
plaintext message, resulting in a ciphertext message that is
sent over the network.
• The receiver applies a secret decryption function–the
inverse of the encryption function–to recover the original
plaintext.
 Principles of Ciphers
• The ciphertext transmitted across the network is
unintelligible to any eavesdropper, assuming she doesn’t
know the decryption function.
• The transformation represented by an encryption function
and its corresponding decryption function is called a
cipher.
• The basic requirement for an encryption algorithm is that
it turn plaintext into ciphertext in such a way that only the
intended recipient—the holder of the decryption key—can
recover the plaintext.
 Principles of Ciphers
• It is important to realize that when a potential attacker
receives a piece of ciphertext, he may have more
information at his disposal than just the ciphertext itself.
• Known plaintext attack
• Ciphetext only attack
• Chosen plaintext attack
 Principles of Ciphers
• Most ciphers are block ciphers: they are defined to take as
input a plaintext block of a certain fixed size, typically 64 to
128 bits.
• Using a block cipher to encrypt each block independently
—known as electronic codebook (ECB) mode encryption—
has the weakness that a given plaintext block value will
always result in the same ciphertext block.
• Hence recurring block values in the plaintext are
recognizable as such in the ciphertext, making it much
easier for a cryptanalyst to break the cipher.
 Block Ciphers
• A common mode of operation is cipher block
chaining (CBC), in which each plaintext block is
XORed with the previous block’s ciphertext before
being encrypted.
• The result is that each block’s ciphertext depends in
part on the preceding blocks, i.e. on its context. Since
the first plaintext block has no preceding block, it is
XORed with a random number.
• That random number, called an initialization vector (IV), is
included with the series of ciphertext blocks so that the first
ciphertext block can be decrypted.
 Block Ciphers

Cipher block chaining (CBC).

 Symmetric Key Ciphers
• In a symmetric-key cipher, both participants in a
communication share the same key. In other words, if a
message is encrypted using a particular key, the same key is
required for decrypting the message.
 Symmetric Key Ciphers
• The U.S. National Institute of Standards and Technology
(NIST) has issued standards for a series of symmetric-key
ciphers.
• Data Encryption Standard (DES) was the first, and it has
stood the test of time in that no cryptanalytic attack better
than brute force search has been discovered.
• Brute force search, however, has gotten faster. DES’s keys
(56 independent bits) are now too small given current
processor speeds.
 Symmetric Key Ciphers
• NIST also standardized the cipher Triple DES (3DES), which
leverages the cryptanalysis resistance of DES while in
effect increasing the key size.
• A 3DES key has 168 (= 3256) independent bits, and is used
as three DES keys;
• let’s call them DES-key1, DES-key2, and DES-key3.
• 3DES-encryption of a block is performed by first DES-encrypting
the block using DES-key1, then DES-decrypting the result using
DES-key2, and finally DES-encrypting that result using DES-key3.
• Decryption involves decrypting using DES-key3, then encrypting
using DES-key2, then decrypting using DES-key1
 Symmetric Key Ciphers
• 3DES is being superseded by the Advanced Encryption
Standard (AES) standard issued by NIST in 2001.
• The cipher selected to become that standard (with a few
minor modifications) was originally named Rijndael
(pronounced roughly like “Rhine dahl”) based on the
names of its inventors, Daemen and Rijmen.
• AES supports key lengths of 128, 192, or 256 bits, and the
block length is 128 bits.
 Public Key Ciphers
• An alternative to symmetric-key ciphers is asymmetric, or
public-key, ciphers.
• Instead of a single key shared by two participants, a public-
key cipher uses a pair of related keys, one for encryption
and a different one for decryption.
• The pair of keys is “owned” by just one participant.
• The owner keeps the decryption key secret so that only
the owner can decrypt messages; that key is called the
private key.
 Public Key Ciphers
• The owner makes the encryption key public, so that
anyone can encrypt messages for the owner; that key is
called the public key.
• Obviously, for such a scheme to work it must not be
possible to deduce the private key from the public key.
• Consequently any participant can get the public key and
send an encrypted message to the owner of the keys, and
only the owner has the private key necessary to decrypt it.
Public Key Ciphers

Public-key encryption
 Public Key Ciphers
• An important additional property of public-key ciphers is
that the private “decryption” key can be used with the
encryption algorithm to encrypt messages so that they
can only be decrypted using the public “encryption” key.
• This property clearly wouldn’t be useful for confidentiality
since anyone with the public key could decrypt such a
message.
• This property is, however, useful for authentication since it
tells the receiver of such a message that it could only have
been created by the owner of the keys.
Public Key Ciphers

Authentication using public keys

 Public Key Ciphers
• The concept of public-key ciphers was first published in
1976 by Diffie and Hellman.
• The best-known public-key cipher is RSA, named after its
inventors: Rivest, Shamir, and Adleman.
• RSA relies on the high computational cost of factoring large
numbers.
• Another public-key cipher is ElGamal.
• Like RSA, it relies on a mathematical problem, the discrete
logarithm problem, for which no efficient solution has been found,
and requires keys of at least 1024 bits.
 Authenticator
• An authenticator is a value, to be included in a transmitted
message, that can be used to verify simultaneously the
authenticity and the data integrity of a message.
• One kind of authenticator combines encryption and a
cryptographic hash function.
• Cryptographic hash algorithms are treated as public knowledge, as
with cipher algorithms.
• A cryptographic hash function (also known as a cryptographic
checksum) is a function that outputs sufficient redundant
information about a message to expose any tampering.
 Authenticator
• Just as a checksum or CRC exposes bit errors introduced by
noisy links, a cryptographic checksum is designed to
expose deliberate corruption of messages by an adversary.
• The value it outputs is called a message digest and, like an
ordinary checksum, is appended to the message.
• All the message digests produced by a given hash have the same
number of bits regardless of the length of the original message.
• Since the space of possible input messages is larger than the space
of possible message digests, there will be different input messages
that produce the same message digest, like collisions in a hash
table.
 Authenticator
• There are several common cryptographic hash algorithms,
including MD5 (for Message Digest 5) and Secure Hash
Algorithm 1 (SHA-1). MD5 outputs a 128-bit digest, and
SHA-1 outputs a 160-bit digest
• A digest encrypted with a public key algorithm but using
the private key is called a digital signature because it
provides nonrepudiation like a written signature.
 Authenticator
• Another kind of authenticator is similar, but instead of
encrypting a hash, it uses a hash-like function that takes a
secret value (known to only the sender and the receiver)
as a parameter.
• Such a function outputs an authenticator called a message
authentication code (MAC).
• The sender appends the MAC to her plaintext message.
• The receiver recomputes the MAC using the plaintext and
the secret value, and compares that recomputed MAC to
the received MAC.
 Authenticator
• A common variation on MACs is to apply a cryptographic
hash (such as MD5 or SHA-1) to the concatenation of the
plaintext message and the secret value.
• The resulting digest is called a hashed message
authentication code (HMAC) since it is essentially a MAC.
• The HMAC, but not the secret value, is appended to the
plaintext message.
• Only a receiver who knows the secret value can compute
the correct HMAC to compare with the received HMAC.
 Authenticator

Computing a MAC versus computing an

HMAC
 Key Pre Distribution
• To use ciphers and authenticators, the communicating
participants need to know what keys to use.
• In the case of a symmetric-key cipher, how does a pair
of participants obtain the key they share?
• In the case of a public-key cipher, how do participants
know what public key belongs to a certain participant?
• The answer differs depending on whether the keys are
short-lived session keys or longer-lived pre-distributed
keys.
• A session key is a key used to secure a single, relatively
short episode of communication: a session.
– Each distinct session between a pair of participants uses a
new session key, which is always a symmetric-key key for
speed.
– The participants determine what session key to use by
means of a protocol—a session key establishment protocol.
– A session key establishment protocol needs its own security
(so that, for example, an adversary cannot learn the new
session key); that security is based on the longer-lived pre-
distributed keys.
• There are several motivations for this division of
labor between session keys and pre-distributed keys:
– Limiting the amount of time a key is used results in less
time for computationally intensive attacks, less ciphertext
for cryptanalysis, and less information exposed should the
key be broken.
– Pre-distribution of symmetric keys is problematic.
– Public key ciphers are generally superior for authentication
and session key establishment but too slow to use
encrypting entire messages for confidentiality.
 Pre-Distribution of Public Keys
• The algorithms to generate a matched pair of public and
private keys are publicly known, and software that does it
is widely available.
• So if Alice wanted to use a public key cipher, she could
generate her own pair of public and private keys, keep the
private key hidden, and publicize the public key.
• But how can she publicize her public key— assert that it
belongs to her—in such a way that other participants can
be sure it really belongs to her?
• A complete scheme for certifying bindings between public
keys and identities— what key belongs to who—is called a
Public Key Infrastructure (PKI).
• A PKI starts with the ability to verify identities and bind
them to keys out of band. By “out of band,” we mean
something outside the network and the computers that
comprise it, such as in the following scenarios.
• If Alice and Bob are individuals who know each other, then
they could get together in the same room and Alice could
give her public key to Bob directly, perhaps on a business
card.
• If Bob is an organization, Alice the individual could present
conventional identification, perhaps involving a
photograph or fingerprints.
• If Alice and Bob are computers owned by the same
company, then a system administrator could configure Bob
with Alice’s public key.
• A digitally signed statement of a public key binding is called
a public key certificate, or simply a certificate
• One of the major standards for certificates is known as
X.509. This standard leaves a lot of details open, but
specifies a basic structure. A certificate clearly must
include
• the identity of the entity being certified
• the public key of the entity being certified
• the identity of the signer
• the digital signature
• a digital signature algorithm identifier (which cryptographic hash
and which cipher)
• Certification Authorities
• A certification authority or certificate authority (CA) is an entity
claimed (by someone) to be trustworthy for verifying identities and
issuing public key certificates.
• There are commercial CAs, governmental CAs, and even free CAs.
• To use a CA, you must know its own key. You can learn that CA’s
key, however, if you can obtain a chain of CA-signed certificates
that starts with a CA whose key you already know.
• Then you can believe any certificate signed by that new CA
Pre-Distribution of Symmetric Keys
• If Alice wants to use a secret-key cipher to communicate with
Bob, she can’t just pick a key and send it to to him because,
without already having a key, they can’t encrypt this key to
keep it confidential and they can’t authenticate each other.
• As with public keys, some pre-distribution scheme is needed.
• Pre-distribution is harder for symmetric keys than for public
keys for two obvious reasons:
• While only one public key per entity is sufficient for authentication and
confidentiality, there must be a symmetric key for each pair of entities who
wish to communicate. If there are N entities, that means N(N − 1)/2 keys.
• Unlike public keys, secret keys must be kept secret.
• Authentication Protocols

A challenge-response protocol
• Public Key Authentication Protocols

A public-key authentication protocol that

depends on synchronization
• Public Key Authentication Protocols

A public-key authentication protocol that does not depend on synchronization.

Alice checks her own timestamp against her own clock, and likewise for Bob.
• Symmetric Key Authentication Protocols

The Needham-Schroeder authentication protocol

• Symmetric Key Authentication Protocols

Kerberos Authentication
 Diffie-Hellman Key Agreement

• The Diffie-Hellman key agreement protocol establishes a session

key without using any pre-distributed keys.
• The messages exchanged between Alice and Bob can be read by
anyone able to eavesdrop, and yet the eavesdropper won’t
know the session key that Alice and Bob end up with.
• On the other hand, Diffie-Hellman doesn’t authenticate the
participants.
• Since it is rarely useful to communicate securely without being
sure whom you’re communicating with, Diffie-Hellman is usually
augmented in some way to provide authentication.
• One of the main uses of Diffie-Hellman is in the Internet Key
Exchange (IKE) protocol, a central part of the IP Security (IPSEC)
architecture
• The Diffie-Hellman protocol has two parameters, p and g, both
of which are public and may be used by all the users in a
particular system.
• Parameter p must be a prime number. The integers mod p (short
for modulo p) are 0 through p − 1, since x mod p is the
remainder after x is divided by p, and form what
mathematicians call a group under multiplication.
• Parameter g (usually called a generator) must be a primitive root
of p: for every number n from 1 through p − 1 there must be
some value k such that n = gk mod p.
• For example, if p were the prime number 5 (a real system
would use a much larger number), then we might choose 2 to
be the generator g since:
1 = 20 mod p
2 = 21 mod p
3 = 23 mod p
4 = 22 mod p
• Suppose Alice and Bob want to agree on a shared symmetric key.
Alice and Bob, and everyone else, already know the values of p and g.
• Alice generates a random private value a and Bob generates a random
private value b.
• Both a and b are drawn from the set of integers {1, ..., p−1}.
• Alice and Bob derive their corresponding public values—the values
they will send to each other unencrypted—as follows.
• Alice’s public value is ga mod p
• and Bob’s public value is gb mod p
• They then exchange their public values. Finally, Alice computes
• gab mod p = (gb mod p)a mod p
• and Bob computes
• gba mod p = (ga mod p)b mod p.
• Alice and Bob derive their corresponding public values—the
values they will send to each other unencrypted—as follows.
• Alice’s public value is ga mod p
• and Bob’s public value is gb mod p
• They then exchange their public values. Finally, Alice computes
• gab mod p = (gb mod p)a mod p
• and Bob computes
• gba mod p = (ga mod p)b mod p.
A man-in-the-middle attack
 Common security attacks and their
countermeasures
• Finding a way into the network
– Firewalls
• Exploiting software bugs, buffer overflows
– Intrusion Detection Systems
• Denial of Service
– Ingress filtering, IDS
• TCP hijacking
– IPSec
• Packet sniffing
– Encryption (SSH, SSL, HTTPS)
• Social problems
– Education
 Firewalls
• A firewall is a system that typically sits at some point of
connectivity between a site it protects and the rest of
the network.
• It is usually implemented as an “appliance” or part of a
router, although a “personal firewall” may be
implemented on an end user machine.
• Firewall-based security depends on the firewall being
the only connectivity to the site from outside; there
should be no way to bypass the firewall via other
gateways, wireless connections, or dial-up connections.
• In effect, a firewall divides a network into a more-
trusted zone internal to the firewall, and a less-trusted
zone external to the firewall.
• This is useful if you do not want external users to
access a particular host or service within your site.
• Firewalls may be used to create multiple zones of
trust, such as a hierarchy of increasingly trusted zones.
• A common arrangement involves three zones of trust:
the internal network; the DMZ (“demilitarized zone”);
and the rest of the Internet.
• Firewalls filter based on IP, TCP, and UDP information,
among other things.
• They are configured with a table of addresses that
characterize the packets they will, and will not, forward.
• By addresses, we mean more than just the destination’s
IP address, although that is one possibility.
• Generally, each entry in the table is a 4-tuple: It gives
the IP address and TCP (or UDP) port number for both
the source and destination.
A firewall filters packets flowing between
a site and the rest of the Internet
 Example Systems

• Example Systems
 Pretty Good Privacy (PGP)
• Pretty Good Privacy (PGP) is a widely used approach to providing
security for electronic mail. It provides authentication, confidentiality,
data integrity, and nonrepudiation.
• Originally devised by Phil Zimmerman, it has evolved into an IETF
standard known as OpenPGP
• PGP’s confidentiality and receiver authentication depend on the
receiver of an email message having a public key that is known to the
sender.
• To provide sender authentication and nonrepudiation, the sender
must have a public key that is known by the receiver.
• These public keys are pre-distributed using certificates and a web-of-
trust PKI.
• PGP supports RSA and DSS for public key certificates.
PGP’s steps to prepare a message for
emailing from Alice to Bob
 Secure Shell (SSH)
• The Secure Shell (SSH) protocol is used to provide a remote login
service, and is intended to replace the less-secure Telnet and rlogin
programs used in the early days of the Internet.
• SSH is most often used to provide strong client/server authentication/
message integrity—where the SSH client runs on the user’s desktop
machine and the SSH server runs on some remote machine that the
user wants to log into—but it also supports confidentiality.
• Telnet and rlogin provide none of these capabilities.
• Note that “SSH” is often used to refer to both the SSH protocol and
applications that use it; you need to figure out which from the context.
Using SSH port forwarding to secure other
TCP-based applications
Transport Layer Security (TLS, SSL, HTTPS)

Handshake protocol to establish TLS session

 IP Security (IPSec)
• Support for IPsec, as the architecture is called, is optional in IPv4 but
mandatory in IPv6.
• IPsec is really a framework (as opposed to a single protocol or system)
for providing all the security services discussed throughout this
chapter.
• IPsec provides three degrees of freedom.
• First, it is highly modular, allowing users (or more likely, system administrators) to
select from a variety of cryptographic algorithms and specialized security protocols.
• Second, IPsec allows users to select from a large menu of security properties,
including access control, integrity, authentication, originality, and confidentiality.
• Third, IPsec can be used to protect “narrow” streams (e.g., packets belonging to a
particular TCP connection being sent between a pair of hosts) or “wide” streams
(e.g., all packets flowing between a pair of routers).
• When viewed from a high level, IPsec consists of two parts.
• The first part is a pair of protocols that implement the
available security services.
• They are the Authentication Header (AH), which provides access control,
connectionless message integrity, authentication, and antireplay
protection, and the Encapsulating Security Payload (ESP), which supports
these same services, plus confidentiality.
• AH is rarely used so we focus on ESP here.
• The second part is support for key management, which fits
under an umbrella protocol known as ISAKMP:
• Internet Security Association and Key Management Protocol.
• The abstraction that binds these two pieces together is the security
association (SA).
• An SA is a simplex (one-way) connection with one or more of the
available security properties.
• Securing a bidirectional communication between a pair of hosts—
corresponding to a TCP connection, for example—requires two SAs,
one in each direction.
• Although IP is a connectionless protocol, security depends on
connection state information such as keys and sequence numbers.
• When created, an SA is assigned an ID number called a security
parameters index (SPI) by the receiving machine
• IPsec supports a tunnel mode as well as the more
straightforward transport mode.
• Each SA operates in one or the other mode.
• In a transport mode SA, ESP’s payload data is simply a
message for a higher layer such as UDP or TCP.
• In this mode, IPsec acts as an intermediate protocol layer, much like
SSL/TLS does between TCP and a higher layer.
• When an ESP message is received, its payload is passed to the higher level
protocol.
• In a tunnel mode SA, however, ESP’s payload data is itself
an IP packet
IPsec’s ESP format
An IP packet with a nested IP packet encapsulated using ESP in
tunnel mode. Note that the inner and outer packets have different
addresses
Wireless Security (IEEE 802.11i)
• The IEEE 802.11i standard provides authentication, message integrity,
and confidentiality to 802.11 (Wi-Fi) at the link layer.
• WPA2 (Wi-Fi Protected Access 2) is often used as a synonym for
802.11i, although it is technically a trademark of The Wi-Fi Alliance
that certifies product compliance with 802.11i.
• 802.11i authentication supports two modes. In either mode, the end
result of successful authentication is a shared Pairwise Master Key.
• Personal mode, also known as Pre-Shared Key (PSK) mode, provides weaker security
but is more convenient and economical for situations like a home 802.11 network.
• The wireless device and the Access Point (AP) are preconfigured with a shared
passphrase—essentially a very long password—from with the Pairwise Master Key
is cryptographically derived.
Use of an Authentication Server in 802.11i
• Reference
• Computer Networks: A Systems Approach, 5e
• Larry L. Peterson and Bruce S. Davie
• Computer Networks: A Systems Approach, 5e
• Larry L. Peterson and Bruce S. Davie