Scribd
Upload
19 views8 pages

Ipsec SSL Tls

The document outlines the architecture and services of IP Security (IPSec), detailing its mechanisms such as Security Associations, Transport Mode, and Tunnel Mode, along with the Authentication Header (AH) and Encapsulating Security Payload (ESP) for data integrity and confidentiality. It also discusses key management methods and the importance of web security, specifically through SSL/TLS protocols, which provide secure communication over the Internet. The SSL architecture includes handshake, change cipher spec, and alert protocols to establish secure connections between clients and servers.

Uploaded by

kubendranrani50
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views8 pages

Ipsec SSL Tls

The document outlines the architecture and services of IP Security (IPSec), detailing its mechanisms such as Security Associations, Transport Mode, and Tunnel Mode, along with the Authentication Header (AH) and Encapsulating Security Payload (ESP) for data integrity and confidentiality. It also discusses key management methods and the importance of web security, specifically through SSL/TLS protocols, which provide secure communication over the Internet. The SSL architecture includes handshake, change cipher spec, and alert protocols to establish secure connections between clients and servers.

Uploaded by

kubendranrani50
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

IP SECURITY:

•​ The Architecture deals with the general concepts, definitions, mechanism etc.,
•​ IPSec Services
–​ Access control
–​ Data origin authentication
–​ Confidentiality( encryption) etc.,
SA( Security Associations)
–​ Key concept for IPSec
–​ One-way relationship between a sender and a receiver
–​ Identified by three Parameters
•​ Security parameters Index(SPI)
•​ IP Destination Address
•​ Security Protocol Identifier
Transport Mode
–​ Protection extents to the payload to an IP packet
–​ It is used for end-to-end communication
Tunnel Mode
–​ Provides protection to the entire IP packet
–​ A new outer IP header

Authentication Header (AH):


•​ Provides support for data integrity and authentication of IP packets

•​ Next Header(8bits)
–​ Identifies the type of header immediately following this header
•​ Payload Length(8bits)
–​ Length of AH in 32-bit words minus 2
•​ Reserved(16bits)
•​ Security Parameters Index(32bits)
–​ Identifies a security association
•​ Sequence Number(32bits)
–​ A monotonically increasing counter value
•​ Authentication Data(variable)
–​ Contains ICV( Integrity Check value) or MAC
Transport mode and Tunnel mode:

Encapsulating Security Payload (ESP):


●​ Provides confidentiality services
•​ Security Parameters Index(32bits)
–​ Identifies a security association
•​ Sequence Number(32bits)
–​ A monotonically increasing counter value
•​ Payload Data(variable)
–​ Transport-level segment or IP packet
•​ Padding(0-255bytes)
•​ Pad Length(8bits)
–​ the number of pad bytes immediately preceding
•​ Next Header(8bits)
–​ Identifies the type of data contained in the payload data field by identifying the
first header in that payload
•​ Authentication Data(variable)
–​ Contains ICV computed over the ESP packet
Encryption and Authentication Algorithm:
•​ Encryption
–​ Three-key triple DES
–​ RC5
–​ IDEA
–​ Three-key triple IDEA
–​ CAST
–​ Blowfish
•​ Authentication
–​ HMAC-MD5-96
–​ HMAC-SHA-1-96
Transport mode versus Tunnel mode:
Key Management:
•​ Determination and distribution of secret keys
–​ Manual
•​ Practical for small, relatively static environments
–​ Automated
•​ On-demand creation of keys in large distributed system
•​ ISAKMP(Internet Security Association and Key Management Protocol)

WEB SECURITY
Virtually all businesses, most governments agencies, and many individuals now have
Web sites, the number of sites expanding rapidly. As a result, businesses are setting up facilities
on the web for electronic commerce. This explosive growth of the Internet and the World Wide
Web has brought with it a need to securely protect sensitive communications sent over this open
network.​
SSL / TLS
SSL (Secure Socket Layer):
•​ SSL provides security services between TCP and application that use TCP.
•​ The internet standard version is called transport layer service(TLS).
SSL Architecture:
•​ It is a layer of protocol use TCP to provide reliable end to end secure service.
3 layers of SSL
•​ Handshake protocol
•​ Change cipher spec protocol
•​ Alert protocol
SSL architecture:
Two important SSL concepts
•​ SSL connection
–​ a peer-to-peer, communications link
–​ associated with a session
•​ SSL session
–​ an association between client & server
–​ created by the Handshake Protocol
–​ define a set of cryptographic parameters
SSL Protocol stack:

SSL change cipher specification protocol:


•​ one of 3 SSL specific protocols which use the SSL record protocol
•​ a single message
•​ causes pending state to become current
SSL alert protocol:
•​ conveys SSL-related alerts to peer entity
•​ specific alert
•​ unexpected message, bad record mac, decompression failure, handshake
failure, illegal parameter
•​ compressed & encrypted like all SSL data
SSL handshake protocol:
Phase 1
C S: Client hello (to establish security enhancement capabilities)
–​ random challenge, which algorithms are supported
–​ server chooses encryption, compression algorithms
S C: Server hello:
–​ acknowledges algorithms
–​ established random connection id
Phase 2
S C: Server certificate
–​ server returns a X.509 certificate chain
Phase 3
•​ Client key exchange
–​ client verifies certificate chain against that in web browser
–​ if not in list of CAs, may trust the new certificate
–​ client generates 48 byte pre-secret
C S: session key exchange
S C
Phase 4:
•​ Finished message exchange, encrypted with session key
–​ verifies success of key exchange and authentication processes
Phase 5​ ​
•​ Now encrypted application data exchanged between C, S

You might also like