What Is Network Security?

As we know, computer networks are distributed networks of

computers that are either strongly connected meaning that they share a
lot of resources from one central computer or loosely connected,
meaning that they share only those resources that can make the
network work. When we talk about computer network security, It is
no longer one computer but a network.
So computer network security is a broader study of computer security.
It is still a branch of computer science, but a lot broader than that of
computer security.
It involves creating an environment in which a computer network,
including all its resources, which are many; all the data in it both in
storage and in transit; and all its users are secure. Because it is wider
than computer security, this is a more complex field of study
involving more de tailed mathematical designs of cryptographic,
communication, transport, and exchange protocols and best practices.
How does network security work?
Network security combines multiple layers of defenses at the edge and
in the network. Each network security layer implements policies and
controls. Authorized users gain access to network resources, but
malicious actors are blocked from carrying out exploits and threats.

Securing the Computer Network

In short, we protect objects. System objects are either real or not real.
In a computer network model, the real objects are the hardware
resources in the system, and the not real object is the information and
data in the system, both in transition and static in storage.
1.Hardware
Protecting hardware resources include protecting :-
• End user objects that include the user interface hardware components
such as all client system input components, including a keyboard,
mouse, touch screen, light pens, and others.
• Network objects like firewalls, hubs, switches, routers and gateways
which are vulnerable to hackers.
• Network communication channels to prevent eavesdroppers from
intercepting network communications.
2.Software
Protecting software resources includes protecting hardware-based
software, operating systems, server protocols, browsers, application
software, and intellectual property ‫ فكرية ملكية‬stored on network storage
disks and databases.
It also involves protecting client software such as investment
portfolios, financial data, real estate records, images or pictures, and
other personal files commonly stored on home and business
computers.
Forms of Protection
survey ways and forms of protecting these objects. Prevention of
unauthorized access to system resources is achieved through a number
of services that include :-
1.access control,
2.authentication,
3.confidentiality and
4.integrity.

1.Access Control
is a service the system uses, together with a user pre-provided
identification
information such as a password, to determine who uses what of its
services. Let us
look at some forms of access control based on hardware and software.
1.1 Hardware Access Control Systems
Access control tools falling in this category include the following:
•Access terminal.
These activities can be done in a variety of ways including fingerprint
verification and real-time anti-break-in sensors.
• Visual event monitoring. This is a combination of many
technologies into one very useful and rapidly growing form of access
control using a variety of real time technologies including video and
audio signals, aerial photographs, and global positioning system
(GPS) technology to identify locations.
• Identification cards. Sometimes called proximity cards, these cards
have become very common these days as a means of access control in
buildings, financial institutions, and other restricted areas.
The cards come in a variety of forms, including magnetic, bar coded,
contact chip, and a combination of these.
• Biometric identification. This is perhaps the fastest growing form
of control access tool today. Some of the most popular forms include
fingerprint, iris, and voice recognition. However, fingerprint
recognition offers a higher level of security.
• Video surveillance. This is a replacement of CCTV of yester year,
and it is gaining popularity as an access control tool. With fast
networking technologies and digital cameras, images can now be
taken and analyzed very quickly, and action taken in minutes.
1.2 Software Access Control Systems
Software access control falls into two types:
a. point of access monitoring (POA), personal activities can be
monitored by a PC-based application. The application can even be
connected to a network or to machines.
b. In remote mode, the terminals can be linked in a variety of ways,
including the use of modems, telephone lines, and all forms of
wireless connections.

2.Authentication
Authentication is a service used to identify a user. User identity,
especially of remote users.
This service provides a system with the capability to verify that a user
is the very one he or she claims to be based on what the user is,
knows, and has.
Physically, we can authenticate users based on checking one or more
of the following user items:
• User name (sometimes screen name)
• Password

• Retinal images: The user looks into an electronic device that maps
his or her eye retina image; the system then compares this map with a
similar map stored on the system.
• Fingerprints: The user presses on or sometimes inserts a particular
finger into a device that makes a copy of the user fingerprint and then
compares it with a similar image on the system user file.
• Physical location: The physical location of the system initiating an
entry request is checked to ensure that a request is actually originating
from a known and authorized location. In networks, to check the
authenticity of a client’s location a network or Internet protocol (IP)
address of the client machine is compared with the one on the system
user file.
This method is used mostly in addition to other security measures
because it alone cannot guarantee security. If used alone, it provides
access to the requested system to anybody who has access to the client
machine.
• Identity cards: Increasingly, cards are being used as authenticating
documents.
Whoever is the carrier of the card gains access to the requested
system.
card authentication is usually used as a second-level authentication
tool because whoever has access to the card
automatically can gain access to the requested system.
3. Confidentiality
The confidentiality service protects system data and information from
unauthorized disclosure.
This service uses encryption algorithms to ensure that nothing of the
sort(such as third party like a cryptanalysis or a man-in-the middle has
eavesdropped on the data) happened while the data was in the
network.
Encryption protects the communications channel from sniffers.
Sniffers are programs written for and installed on the communication
channels to eavesdrop on network traffic, examining all traffic on
selected network segments. Sniffers are easy to write and install and
difficult to detect. The encryption algorithm can either be symmetric
or asymmetric.
*Symmetric encryption or secret key encryption, as it is usually
called, uses a common key and the same cryptographic algorithm to
scramble and unscramble the message.
* Asymmetric encryption commonly known as public key encryption
uses two different keys: a public key known by all and a private key
known by only the sender and the receiver.
Both the sender and the receiver each has a pair of these keys, one
public and one private.
To encrypt a message, a sender uses the receiver’s public key which
was published. Upon receipt, the recipient of the message decrypts it
with his or her private key.
4. Integrity
The integrity service protects data against active threats such as those
that may alter it. Just like data confidentiality, data in transition
between the sending and receiving parties is susceptible ‫ تتعرض‬to
many threats from hackers, eavesdroppers, and cryptanalysts whose
goal is to intercept the data and alter it based on their motives.
This service, through encryption and hashing algorithms, ensures that
the integrity of the transient data is intact.
A hash function takes an input message M and creates a code from it.
The code is commonly referred to as a hash or a message digest.
A one-way hash function is used to create a signature of the message –
just like a human fingerprint.

The hash function is, therefore, used to provide the message’s

integrity and authenticity. The signature is then attached to the
message before it is sent by the sender to the recipient
ISO-OSI Reference Model:

The ISO (International Standards Organization) has developed OSI (Open

System Interconnect) model in 1982 for computer network connection. The OSI

reference model specifies the seven layers of functionality, as shown in

Figure(3).

Figure (3): OSI Reference Model.

The layers represent different actives performed in the actual transmission of a

message. Figure (4) shows a typical message that has been acted upon by the

seven layers to prepare it for transmission. Layer 6 breaks the original message

data into blocks. At the layer 5, a session header is added to show the sender,

the receiver and some sequencing information. Layer 4 adds information

concerning the logical connection between the sender and receiver. At the

layer 3 routing information is added, it also divides the message into unties

called 'packets' which are the standard units of communication in a network.

The layer 2 adds both a header and trailer to ensure correct sequencing of the

message blocks, and to detect and correct transmission errors. The individual

bits of the message and the control information are transmitted on the physical

medium by level 1.

**All the additions to the message are checked and removed by the

corresponding layer on the receiving side.

Figure (4): Message Prepared for Transmission

S: Session Header: Sequence Info.; Sender/Receiver Identification

T: Transport Header: Connection Info.

N: Network Header: Routing Info.

B: Data Link Header: Sequence Info.

E: Data Link Trailer: Error Correction Info

TCP/IP Model:

The TCP/IP four-layer model is created with reference to the seven-layer OSI

model,as shown in Figure (5). Both the OSI model and the TCP/IP layered

model are based on many similarities, but there are philosophical and practical

differences between the two models.

However, they both deal with communications among heterogeneous

computers.

Figure (5): TCP/IP model and its protocols

1.Network Access Layer:

The network access layer contains protocols that provide access to a

communication network.

2. Internet Layer:

The Internet layer provides a routing function. This layer consists of the Internet

Protocol (IP) and the Internet Control Message Protocol (ICMP).

3. Transport Layer:

The transport layer delivers data between two processes on different host

computers. This layer contains the Transmission Control Protocol (TCP) and the

User Datagram Protocol (UDP).

4. Application Layer:

This layer provides a direct interface with users or applications. Some of the

important application protocols are File Transfer Protocol (FTP) for file

transfers,Hypertext Transfer Protocol (HTTP) for the World Wide Web, Simple

Network Management Protocol (SNMP) for controlling network devices, Simple

Mail Transport Protocol (SMTP), Post Office Protocol (POP), Internet Mail

Access Protocol (IMAP), Internet Control Message Protocol (ICMP) for email,

Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP) and Secure

Multimedia Internet Mail Extensions (S/MIME) for e-mail security.

========================================================

IP Addresses:

IP address is the address of a computer which attached to a TCP/IP network

(e.g. the Internet). Every client device (defined as a requester device of

services) and server device (defined as the provider of services) must have a

unique IP address.
Client workstations have either a static address or a dynamic address which

assigned to them each dial-up session. IP addresses version 4 (IPv4)are written

as four sets of numbers separated by periods; for example, (192.168.111.222)

or (10.123.1.102) or (172.16.4.30), etc.

Ports:

A port represents an endpoint in the establishment of a connection between

two or more computers. For the computer acting as the client, the destination

port number will typically identify the type of application/service being hosted

by the server.

For example:

TCP port 21 is the destination port number used when communicating with an FTP server.

TCP port 22 is the destination port number used when communicating with an SSH server.

TCP port 23 is the destination port number used when communicating with an Telnet server.

TCP port 25 is the destination port number used when communicating with an SMTP server.

TCP port 80 is the destination port number used when communicating with an HTTP server.

TCP port 110 is the destination port number used when communicating with a POP3 server.

TCP port 5190 is the destination port number used when communicating with an AOLIM server.

TCP port 6667 is the destination port number used when communicating with an IRC server.

The above is a small selection from a possible 65,535 (64K) port numbers.

The port numbers are divided into three ranges: the Well Known Ports (from 0

through 1023), the Registered Ports (from 1024 through 49151), and the

Dynamic and/or Private Ports (from 49152 through 65535).

Networks are System :-

The computer network is a large computing system containing other computing

systems. The computing networks have similar characteristics.

Figure (6): Distributed Computing System.

Computer networks offer several advantages over single processor system:

1- Resource Sharing: Users of a network can access a variety of resources

through the network.

2- Increased Reliability: The failure of one system in the network (which

consists of more than one computing system) not block users from continuing
to computer. If similar systems exist, users can move their computing tasks to

other when one system fails.

3- Distributing the Workload: The workload can be shifted from a heavily

loaded system to an underutilized one.

4- Expandability: Network systems can be expanded easily by adding new

nodes.

=========================================================

The OSI Security Architecture:-

The OSI security architecture focuses on security attacks, mechanisms, and

1.Security attack: Any action that compromises the security of information

owned by an organization.

2.Security mechanism: A process (or a device incorporating such a process)

that is designed to detect, prevent, or recover from a security attack.

3.Security service: A processing or communication service that enhances the

security of the data processing systems and the information transfers of an

organization. The services are intended to counter security attacks, and they

make use of one or more security mechanisms to provide the service.

** the terms threat and attack are commonly used to mean more or less the

same thing. provides definitions taken from RFC 2828, Internet Security

Glossary.
Threat

A potential for violation of security, which exists when there is a circumstance,

capability, action, or event that could breach ‫ ينتهك‬security and cause harm.

That is, a threat is a possible danger that might exploit a vulnerability.

Attack

An assault ‫ اعتداء‬on system security that derives from an intelligent threat; that

is, an intelligent act that is a deliberate ‫ متعمدة‬attempt (especially in the sense

of a method or technique) to escape security services and violate the security

policy of a system.

Security Mechanisms

Table 1.3 lists the security mechanisms defined in X.800. As can be seen the

mechanisms are divided into those that are implemented in a specific protocol

layer. X.800 distinguishes between reversible encipherment mechanisms and

irreversible encipherment mechanisms. A reversible encipherment mechanism

is simply an encryption algorithm that allows data to be encrypted and

subsequently decrypted. Irreversible encipherment mechanisms include hash

algorithms and message authentication codes, which are used in digital

signature and message authentication applications.

A Model for Network Security

in Figure 1.5. A message is to be transferred from one party to another across

some sort of internet. The two parties, who are the principals(headmaster ) in
this transaction, must cooperate for the exchange to take place. A logical

information channel is established by defining a route through the internet

from source to destination and by the cooperative use of communication

protocols (e.g., TCP/IP) by the two principals.

Figure 1.5. Model for Network Security

Security aspects come into play when it is necessary or desirable to protect the

information transmission from an opponent ‫ العدو‬who may present a threat to

confidentiality, authenticity, and so on. All the techniques for providing security

have two components:

● A security-related transformation on the information to be sent. Examples

include the encryption of the message, which scrambles the message so that it

is unreadable by the opponent, and the addition of a code based on the

contents of the message, which can be used to verify the identity of the sender
● Some secret information shared by the two principals and, it is hoped,

unknown to the opponent. An example is an encryption key used in

conjunction with the transformation to scramble the message before

transmission and unscramble it on reception. [5]

A trusted third party may be needed to achieve secure transmission. For

example, a third party may be responsible for distributing the secret

information to the two principals while keeping it from any opponent. Or a

third party may be needed to arbitrate disputes between the two principals

concerning the authenticity ‫ اصالة‬of a message transmission.

This general model shows that there are four basic tasks in designing a

particular security service:

1. Design an algorithm for performing the security-related transformation. The

algorithm should be such that an opponent cannot defeat its purpose.

2.Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret information.

4.Specify a protocol to be used by the two principals that makes use of the

security algorithm and the secret information to achieve a particular security

service.
KEY DISTRIBUTION AND USER AUTHENTICATION

In most computer security contexts, user authentication is the fundamental

building block and the primary line of defense. User authentication is the
basis for most types of access control and for user accountability. RFC4949
(Internet Security Glossary )defines user authentication.

4.1 Symmetric Key Distribution Using Symmetric Encryption

For symmetric encryption to work, the two parties to an exchange must

share the same key, and that key must be protected from access by others.
Furthermore, frequent key changes are usually desirable to limit the
amount of data compromised if an attacker learns the key. Therefore, the
strength of any cryptographic system rests with the key distribution
technique, a term that refers to the means of delivering a key to two parties
that wish to exchange data, without allowing others to see the key. Key
distribution can be achieved in a number of ways. For two parties A and B,
following options are:
1. A key could be selected by A and physically delivered to B.
2. A third party could select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party could
transmit thenew key to the other, using the old key to encrypt the new key.
4. If A and B each have an encrypted connection to a third party C, C could
deliver a key on the encrypted links to A and B.
4.2 Kerberos
Kerberos is a key distribution and user authentication service
developed at Massachusetts Institute of Technology(MIT)RFC
4120. The problem that Kerberos addresses is this: Assume an
open distributed environment in which users at workstations
wish to access services on servers distributed throughout the
network. We would like for servers to be able to restrict access to
authorized users and to be able to authenticate requests for
service. In this environment, a workstation cannot be trusted to
identify its users correctly to network services.
In particular, the following three threats exist:

1. A user may gain access to a particular workstation and pretend to be

another user operating from that workstation.
2. A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the
impersonated ‫انتحال‬workstation.
3. A user may eavesdrop on exchanges and use a replay attack to gain
entrance ‫مدخم‬to a server or to disrupt operations.

In any of these cases, an unauthorized user may be able to gain access to

services and data that he or she is not authorized to access. Rather than
building elaborate ‫ مفصم‬authentication protocols at each server, Kerberos
provides a centralized authentication server whose function is to
authenticate users to servers and servers to users. Kerberos relies
exclusively on symmetric encryption, making no use of public-key
encryption.

**Two versions of Kerberos are in use. Version 4 [MILL88, STEI88]

implementations still exist, although this version is being phased out.
Version 5 [KOHL94] corrects some of the security deficiencies of version 4
and has been issued as a proposed Internet Standard (RFC 4120).
Kerberos Version 4

Version 4 of Kerberos makes use of DES, in protocol, to provide the

authentication service. In an unprotected network environment, any client
can apply to any server for service. An opponent can pretend ‫ يتظاهر‬to be
another client and obtain unauthorized privileges on server machines. To
counter this threat, servers must be able to confirm‫ تأكيد‬the identities of
clients who request service.

Solution

So, use an authentication server (AS) that knows the passwords of all
users and stores these in a centralized database. In addition, the AS shares
aAS shares a unique secret key unique secret key with each server with
each server. These keys have been distributed physically or in some other
secure manner.

The heart of the first problem is the lifetime associated with the ticket-
granting ticket.
If this lifetime is very short (e.g., minutes), then the user will be repeatedly
asked for a password. If the lifetime is long (e.g., hours), then an opponent
has a greater opportunity ‫ فرصة‬for replay. An opponent could eavesdrop on
the network and capture a copy of the ticket-granting ticket TGT and then
wait for the legitimate user to log out.
Then the opponent could forge ‫ صياغة‬the legitimate user’s network address
and send the message of step (3) to the TGS. This would give the opponent
unlimited access to the resources and files available to the legitimate user.

Similarly, if an opponent captures a service-granting ticket ‫ انخدمة منح بطاقة‬and

uses it before it expires, the opponent has access to the corresponding
service. Thus, we arrive at an additional requirement. A network service
(the TGS or an application service) must be able to prove that the person
using a ticket is the same person to whom that ticket was issued.

The second problem is that there may be a requirement for servers to

authenticate themselves to users. Without such authentication, an opponent
could sabotage ‫تخريب‬the configuration so that messages to a server were
directed to another location. The false server would then be in a position to
act as a real server and capture any information from the user and deny the
true service to the user.

Consider the following hypothetical dialogue:

(1) C →AS: IDC ||PC ||IDV
(2) AS →C: Ticket
(3) C →V: IDC ||Ticket Ticket = E( Kv, [IDC ||ADC ||IDV])

*In this scenario, the user logs on to a workstation and requests access to server V.
The client module C in the user’s workstation requests the user’s password
and then sends a message to the AS that includes the user’s ID, the server’s
ID, and the user’s password.

**The AS checks its database to see if the user has supplied the proper
password for this user ID and whether this user is permitted access to
server V . If both If both tests are tests are passed, passed, the AS accepts
the user as authentic and must now convince ‫ إقناع‬the server that this user is
authentic.
C =client
AS =authentication server
V = server
ID

C = identifier of user on C
IDV = identifier of V
PC =password of user on C
ADC =network address of C
key shared by AS and V
To do so, the AS creates a ticket that contains the user’s ID and network
address and the server’s ID. This ticket is encrypted using the secret key
shared by the AS and this server. This ticket is then sent back to C.
**Because the ticket is encrypted, it cannot be altered by C or by an
opponent.
With this ticket, C can now apply to V for service. C sends a message to V
containing C’s ID and the ticket.
V decrypts the ticket and verifies that the user ID in the ticket is the same as
the unencrypted user ID in the message. If these two match, the server
considers the user authenticated and grants ‫ منح‬the requested service.
Kerberos Realms ‫العوالم‬ : A full-service Kerberos environment
consisting of a Kerberos server, a number of clients, and a number of
application servers requires the following:
1. The Kerberos server must have the user ID and hashed passwords of all
participating users in its database. All users are registered with the
Kerberos server.
2. The Kerberos server must share a secret key with each server. All servers
are registered with the Kerberos server.
A Kerberos realm is a set of managed nodes that share the same Kerberos
database. The Kerberos database resides on the Kerberos master
computer system, which should be kept in a physically secure room. A
read-only copy of the Kerberos database might also reside on other
Kerberos computer systems.
**However, all changes to the database must be made on the master
computer system. Changing or accessing the contents of a Kerberos
database requires the
Kerberos master password. For two realms to support interrealm
authentication, a third requirement is added:
3. The Kerberos server in each interoperating realm shares a secret key
with the server in the other realm. The two Kerberos servers are registered
with each other.

In this (Figure 15.3): A user wishing service on a server in another realm

needs a ticket for that server. The user’s client follows the usual
procedures to gain access to the local TGS and then requests a ticket-
granting ticket for a remote TGS (TGS in another realm). The client can then
apply to the remote TGS for a service-granting ticket for the desired server
in the realm of the remote TGS.

Kerberos Version 5

Kerberos version 5 is specified in RFC 4120 and provides a

number of improvements over version 4 [KOHL94]. To begin, we
provide an overview of the changes from version 4 to version 5
and then look at the version 5 protocol.
DIFFERENCES BETWEEN VERSIONS 4 AND 5 Version 5 is intended
to address the limitations of version 4 in two areas: environmental
shortcomings and technical deficiencies. We briefly summarize the
improvements in each area. Kerberos version 4 did not fully address the
need to be of general purpose. This led to the following

environmental shortcomings.

1. Encryption system dependence: Version 4 requires the use of

DES. Export restriction on DES as well as doubts ‫ انشكىك‬about the
strength of DES were thus of concern. In version 5, ciphertext is
tagged with an encryption-type identifier so that any encryption
technique may be used. Encryption keys are tagged with a type
and a length, allowing the same key to be used in different
algorithms and allowing the specification of different variations
on a given algorithm.
2. Internet protocol dependence: Version 4 requires the use of
Internet Protocol (IP) addresses. Other address types, such as the
ISO network address, are not accommodated ‫ تستىعب ال‬. Version 5
network addresses are tagged with type and length, allowing any
network address type to be used.

3. Message byte ordering: In version 4, the sender of a message employs a

byte ordering of its own choosing and tags the message to indicate least
significant byte in lowest address or most significant byte in lowest address.
This techniques works but does not follow established conventions ‫االتفاقيات‬
‫ بها انمعمىل‬. In version 5, all message structures are defined using Abstract
Syntax Notation One (ASN.1) and Basic Encoding Rules (BER), which
provide an unambiguous byte ordering.

4. Ticket lifetime: Lifetime values in version 4 are encoded in an 8-bit

quantity in units of five minutes. Thus, the maximum lifetime that can be
expressed is 28 × 5 =1280 minutes (a little over 21 hours). This may be
inadequate for some applications (e.g., a long-running simulation that
requires valid Kerberos credentials throughout execution). In version 5,
tickets include an explicit start time and end time, allowing tickets with
arbitrary lifetimes.
5. Authentication forwarding: Version 4 does not allow credentials‫وثائق‬
issued to one client to be forwarded to some other host and used by some
other client. This capability would enable a client to access a server and
have that server access another server on behalf of the client. For example,
a client issues a request to a print server that then accesses the client’s file
from a file server, using the client’s credentials for access. Version 5
provides this capability.
6. Interrealm authentication: In version 4, interoperability among N
realms requires on the order of N2 Kerberos-to-Kerberos relationships,
Version 5 supports a method that requires fewer relationships, as described
shortly.
Table 1 Notable encryption and authentication methods
Key Distribution Using Asymmetric Encryption

One of the major roles of public-key encryption is to address the

problem of key distribution. There are actually two distinct aspects to
the use of public-key encryption in this regard.

• The distribution of public keys.

• The use of public-key encryption to distribute secret keys.

1-Public-Key Certificates
public-key encryption is that the public key is public. Thus, if there is
some broadly accepted public-key algorithm, such as RSA, any
participant can send his or her public key to any other participant or
broadcast the key to the community at large. Although this approach is
convenient, it has a major weakness.
Anyone can forge such a public announcement. That is, some user
could pretend to be user A and send a public key to another participant
or broadcast such a public key. Until such time as user A discovers the
forgery and alerts other participants, the forger is able to read all
encrypted messages intended for A and can use the forged keys for
authentication.
The solution to this problem is the public-key certificate. a certificate
consists of a public key plus a user ID of the key owner, with the
whole block signed by a trusted third party.
*Typically, the third party is a certificate authority (CA) that is trusted
by the user community, such as a government agency or a financial
institution.
* A user can present his or her public key to the authority in a secure
manner and obtain a certificate. The user can then publish the
certificate.
*Anyone needing this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature. Figure
4.3 illustrates the process.
One scheme has become universally accepted for formatting ‫لصياغة‬
public-key certificates: the X.509 standard. X.509 certificates are
used in most network security applications, including IP security,
secure sockets layer (SSL), secure electronic transactions (SET), and
S/MIME.
2-Public-Key Distribution of Secret Keys

With conventional encryption, a fundamental requirement for two

parties to communicate securely is that they share a secret key. With
conventional encryption, Bob and his correspondent, say, Alice, must
come up with a way to share a unique secret key that no one else
knows. How are they going to do that? He could encrypt this key
using conventional encryption and e-mail it to Alice, but this means
that Bob and Alice must share a secret key to encrypt this new secret
key.
One approach is the use of Diffie-Hellman key exchange. This
approach is indeed widely used. However, it suffers the drawback
that, in its simplest form, Diffie-Hellman provides no authentication
of the two communicating partners.
A powerful alternative is the use of public-key certificates. When
Bob wishes to communicate with Alice, Bob can do the following:
1. Prepare a message.
2. Encrypt that message using conventional encryption with a one-
time conventional session key.
3. Encrypt the session key using public-key encryption with Alice’s
public key.

4. Attach the encrypted session key to the message and send it to

Alice.
Only Alice is capable of decrypting the session key and therefore of
recovering the original message. If Bob obtained Alice’s public key
by means of Alice’s publickey certificate, then Bob is assured that it is
a valid key.
X.509 Certificates
ITU-T recommendation X.509 (issued in 1988.) is part of the X.500
series of recommendations that define a directory service. The
directory is, a server or distributed set of servers that maintains a
database of information about users. The information includes a
mapping from user name to network address, as well as other
attributes ‫ السمات‬and information about the users.
X.509 defines a framework for the facility of authentication services
by the X.500 directory to its users. The directory may serve as a
repository ‫ مخزن‬of public-key certificates. Each certificate contains the
public key of a user and is signed with the private key of a trusted
certification authority.
In addition, X.509 defines alternative authentication protocols based
on the use of public-key certificates X.509 is an important standard
because the certificate structure and authentication protocols defined
in X.509 are used in a variety of contexts. For example, the X.509
certificate format is used in S/MIME, IP Security, and SSL/TLS
protocols.
X.509 is based on the use of public-key cryptography and digital
signatures. The standard does not dictate the use of a specific
algorithm but recommends RSA. The digital signature scheme is
assumed to require the use of a hash function. Again, the
standard does not dictate a specific hash algorithm. Figure 4.3
illustrates the generation of a public-key certificate.
Certificates
The heart of the X.509 scheme is the public-key certificate associated
with each user. These user certificates are assumed to be created by
some trusted certification
authority (CA) and placed in the directory by the CA or by the user.
The directory server itself is not responsible for the creation of public
keys or for the certification function; it merely provides an easily
accessible location for users to obtain certificates. Figure 4.4a shows
the general format of a certificate, which includes the following
elements.
• Version: Differentiates among successive versions of the certificate
format; the default is version 1. If the Issuer Unique Identifier or
Subject Unique Identifier are present, the value must be version 2. If
one or more extensions are present, the version must be version 3.
• Serial number: An integer value, unique within the issuing CA, that
is unambiguously ‫ فيه اللبس‬associated with this certificate.
• Signature algorithm identifier: The algorithm used to sign the
certificate, together with any associated parameters. Because this
information is repeated in
the Signature field at the end of the certificate, this field has little, if
any, utility.
• Issuer name: X.500 name of the CA that created and signed this
certificate.
• Period of validity: Consists of two dates: the first and last on which
the certificate is valid.
• Subject name: The name of the user to whom this certificate refers.
That is, this certificate certifies the public key of the subject who
holds the corresponding private key.
The CA signs the certificate with its private key. If the corresponding
public key is known to a user, then that user can verify that a
certificate signed by the CA is valid. This is the typical digital
signature approach, as illustrated in Figure 4.5.

OBTAINING A USER’S CERTIFICATE User certificates

generated by a CA have the following characteristics:
• Any user with access to the public key of the CA can verify the user
public key that was certified.
• No party other than the certification authority CA can modify the
certificate without this being detected.
Because certificates are unforgeable ‫ للتنفيذ قابلة غيز‬they can be placed in
a directory without the need to make special efforts to protect them.
If all users subscribe to the same CA, then there is a common trust of
that CA.
All user certificates can be placed in the directory for access by all
users. In addition,a user can transmit his or her certificate directly to
other users. In either case, once B is in possession of A’s certificate, B
has confidence that messages it encrypts with A’s public key will be
secure from eavesdropping and that messages signed with A’s private
key are unforgeable.
If there is a large community of users, it may not be practical for all
users to subscribe to the same CA. This CA’s public key must be
provided to each user in an absolutely secure way (with respect to
integrity and authenticity) so that the user has confidence in the
associated certificates. Thus, with many users, it may be more
practical for there to be a number of CAs, each of which securely
provides its public key to some fraction of the users.
X.509 Version 3
The X.509 version 2 format does not convey all of the information
that recent design and implementation experience has shown to be
needed. [FORD95] lists the following requirements not satisfied by
version 2:
1. The Subject field is inadequate to convey the identity of a key
owner to a public key user. X.509 names may be relatively short and
lacking ‫ تفتقز‬in obvious identification details that may be needed by the
user.
2. The Subject field is also inadequate for many applications, which
typically recognize entities by an Internet e-mail address, a URL, or
some other Internet-related identification.
3. There is a need to indicate security policy information. This enables
a security
application or function, such as IPSec, to relate an X.509 certificate to
a given policy.
4. There is a need to limit the damage‫ االضزار‬that can result from a
faulty ‫ معيبة‬or malicious CA by setting constraints on the applicability
‫ انطباق‬of a particular certificate.
5. It is important to be able to identify different keys used by the same
owner at different times. This feature supports key life cycle
management, in particular the ability to update key pairs for users and
CAs on a regular basis or under exceptional circumstances ‫ظزوف‬
‫ استثنائية‬.
KEY AND POLICY INFORMATION These extensions convey
additional information about the subject and issuer keys, plus
indicators of certificate policy. A certificate policy is a named set of
rules that indicates the applicability of a certificate to a particular
community and/or class of application with common security
requirements. This area includes:
• Authority key identifier: Identifies the public key to be used to
verify the
signature on this certificate or certificate revocation list CRL. Enables
distinct keys of the same CA to be differentiated.
• Subject key identifier: Identifies the public key being certified.
(e.g., digital signature and encryption key agreement).
• Key usage: Indicates a restriction imposed as to the purposes for
which, and the policies under which, the certified public key may be
used. e.g. digital signature, nonrepudiation, key encryption, data
encryption, key agreement, CA signature verification on certificates,
and CA signature verification on CRLs.
• Private-key usage period: Indicates the period of use of the private
key corresponding to the public key.
• Certificate policies: Certificates may be used in environments
where multiple policies apply.
• Policy mappings: Used only in certificates for CAs issued by other
CAs. Policy mappings allow an issuing CA to indicate that one or
more of that issuer’s policies can be considered equivalent to another
policy used in the subject CA’s domain.
Public-Key Infrastructure
RFC 2822 (Internet Security Glossary) defines public-key
infrastructure (PKI) as the set of hardware, software, people, policies,
and procedures needed to create, manage, store, distribute, and revoke
digital certificates based on asymmetric cryptography.
The principal objective for developing a PKI is to enable secure,
convenient, and efficient acquisition ‫ استحواذ‬of public keys. The
Internet Engineering Task Force (IETF) Public Key Infrastructure
X.509 (PKIX) working group has been the driving force behind
setting up a formal (and generic) model based on X.509 that is
suitable for deploying a certificate-based architecture on the Internet.
This section describes the PKIX model. Figure 4.7 shows the
interrelationship among the key elements of the PKIX model. These
elements are:-
• End entity: A generic term used to denote end users, devices (e.g.,
servers, routers), or any other entity that can be identified in the
subject field of a public key certificate. End entities typically consume
and/or support PKI-related services.
• Certification authority (CA): The issuer of certificates and
(usually) certificate
revocation lists (CRLs). It may also support a variety of administrative
functions, although these are often delegated to one or more
registration authorities.
• Registration authority (RA): An optional component that can
assume a number of administrative functions from the CA. The RA is
associated with the end entity registration process, but can assist in a
number of other areas as well.
• CRL issuer: An optional component that a CA can delegate ‫ فوض‬to
publish CRLs.
• Repository: A generic term used to denote any method for storing
certificates and CRLs so that they can be retrieved by end entities.
PKIX Management Functions
PKIX identifies a number of management functions that potentially
need to be supported by management protocols. These are indicated in
Figure 4.7 and include the following:
• Registration: This is the process a user first makes itself known to a
CA (directly, or through an RA), prior to that CA issuing a certificate
or certificates for that user. Registration begins the process of
enrolling in a PKI. Registration usually involves some off-line or
online procedure for mutual authentication. Typically, the end entity is
issued one or more shared secret keys used for subsequent
authentication.
• Initialization: Before a client system can operate securely, it is
necessary to install key materials that have the appropriate
relationship with keys stored elsewhere in the infrastructure. For
example, the client needs to be securely initialized with the public key
and other assured information of the trusted CA(s) to be used in
validating certificate paths.
• Certification: This is the process in which a CA issues a certificate
for a user’s public key and returns that certificate to the user’s client
system and/or posts that certificate in a repositor
Internet Security Objectives

❑To introduce the idea of Internet security at the network layer and the IPSec protocol
that implements that idea in two modes: transport and tunnel.

❑ To discuss two protocols in IPSec, AH and ESP, and explain the security services
each provide.

❑ To introduce security association and its implementation in IPSec.

❑ To introduce virtual private networks (VPN) as an application of IPSec in the

tunnel mode.

❑ To introduce the idea of Internet security at the transport layer and the SSL protocol
that implements that idea.

❑ To show how SSL creates six cryptographic secrets to be used by the client and the
server.

❑ To discuss four protocols used in SSL and how they are related to each other.

❑ To introduce Internet security at the application level and two protocols, PGP and
S/MIME, that implement that idea.

❑ To show how PGP and S/MIME can provide confidentiality and message
authentication.

❑ To discuss firewalls and their applications in protecting a site from intruders.

NETWORK LAYER SECURITY

We start with the discussion of security at the network layer. Although in the next two
sections we discuss security at the transport and application layers, we also need
security at the network layer for three reasons. First, not all client/server programs
are protected at the application layer. Second, not all client/server programs at the
application layer use the services of TCP to be protected by the transport layer security
that we discuss for the transport layer; some programs use the service of UDP.

Third, many applications, such as routing protocols, directly use the service of IP;
they need security services at the IP layer.

IP Security (IPSec) is a collection of protocols designed by the Internet Engineering

Task Force (IETF) to provide security for a packet at the network level. IPSec helps
create authenticated and confidential packets for the IP layer.

Two Modes

IPSec operates in one of two different modes: transport mode or tunnel mode.

Transport Mode

In transport mode, IPSec protects what is delivered from the transport layer to the
network layer. In other words, transport mode protects the payload to be encapsulated
in the network layer, as shown in Figure 30.1.

Note that transport mode does not protect the IP header. In other words, transport
mode does not protect the whole IP packet; it protects only the packet from the
transport layer (the IP layer payload). In this mode, the IPSec header (and trailer) are
added to the information coming from the transport layer. The IP header is added later.
Transport mode is normally used when we need host-to-host (end-to-end) protection
of data.

The sending host uses IPSec to authenticate and/or encrypt the payload delivered from
the transport layer. The receiving host uses IPSec to check the authentication and/or
decrypt the IP packet and deliver it to the transport layer. Figure 30.2 shows this
concept.
Tunnel Mode
In tunnel mode, IPSec protects the entire IP packet. It takes an IP packet, including
the header, applies IPSec security methods to the entire packet, and then adds a new IP
header, as shown in Figure 30.3.

The new IP header, has different information than the original IP header. Tunnel mode
is normally used between two routers, between a host and a router, or between a router
and a host, as shown in Figure 30.4. The entire original packet is protected from
intrusion between the sender and the receiver, as if the whole packet goes through an
imaginary tunnel.

Comparison
In transport mode, the IPSec layer comes between the transport layer and the network
layer. In tunnel mode, the flow is from the network layer to the IPSec layer and then
back to the network layer again. Figure 30.5 compares the two modes.
Two Security Protocols
IPsec defines two protocols
the Authentication Header (AH) Protocol and the Encapsulating Security Payload
(ESP) Protocol.
to provide authentication and/or encryption for packets at the IP level.

Authentication Header (AH)

The Authentication Header (AH) Protocol is designed to authenticate the source
host and to ensure the integrity of the payload carried in the IP packet. The protocol
uses a hash function and a symmetric (secret) key to create a message digest; the digest
is inserted in the authentication header. The AH is then placed in the appropriate
location, based on the mode (transport or tunnel). Figure 30.6 shows the fields and the
position of the authentication header in transport mode.

When an IP datagram carries an authentication header, the original value in the

protocol field of the IP header is replaced by the value 51. A field inside the
authentication header (the next header field) holds the original value of the protocol
field (the type of payload being carried by the IP datagram). The addition of an
authentication header follows these steps:
1. An authentication header is added to the payload with the authentication data field
set to 0.
2. Padding may be added to make the total length even for a particular hashing
algorithm.
3. Hashing is based on the total packet. However, only those fields of the IP header
that do not change during transmission are included in the calculation of the message
digest (authentication data).
4. The authentication data are inserted in the authentication header.
5. The IP header is added after changing the value of the protocol field to 51.
A brief description of each field follows:
❑ Next header. The 8-bit next header field defines the type of payload carried by the
IP datagram (such as TCP, UDP, ICMP, or OSPF).
❑ Payload length. The name of this 8-bit field is misleading. It does not define the
length of the payload; it defines the length of the authentication header in 4-byte
multiples, but it does not include the first 8 bytes.
❑ Security parameter index. The 32-bit security parameter index (SPI) field plays
the role of a virtual circuit identifier and is the same for all packets sent during a
connection called a Security Association (discussed later).
❑ Sequence number. A 32-bit sequence number provides ordering information for a
sequence of datagrams. The sequence numbers prevent a playback. Note that the
sequence number is not repeated even if a packet is retransmitted. A sequence number
does not wrap around after it reaches 232; a new connection must be established.
❑ Authentication data. Finally, the authentication data field is the result of applying
a hash function to the entire IP datagram except for the fields that are changed during
transit (e.g., time-to-live).

Encapsulating Security Payload (ESP)

The AH protocol does not provide confidentiality, only source authentication and data
integrity. IPSec later defined an alternative protocol, Encapsulating Security Payload
(ESP), that provides source authentication, integrity, and confidentiality. ESP adds a
header and trailer. Note that ESP’s authentication data are added at the end of the
packet, which makes its calculation easier. Figure 30.7 shows the location of the ESP
header and trailer.
When an IP datagram carries an ESP header and trailer, the value of the protocol
field in the IP header is 50. A field inside the ESP trailer (the next-header field) holds.
the original value of the protocol field (the type of payload being carried by the IP
datagram, such as TCP or UDP).
The ESP procedure follows these steps:
1. An ESP trailer is added to the payload.
2. The payload and the trailer are encrypted.
3. The ESP header is added.
4. The ESP header, payload, and ESP trailer are used to create the authentication
data.
5. The authentication data are added to the end of the ESP trailer.
6. The IP header is added after changing the protocol value to 50.
The fields for the header and trailer are as follows:
❑Security parameter index. The 32-bit security parameter index field is similar to
the one defined for the AH protocol.
❑Sequence number. The 32-bit sequence number field is similar to the one defined
for the AH protocol.
❑Padding. This variable-length field (0 to 255 bytes) of 0s serves as padding.
❑Pad length. The 8-bit pad-length field defines the number of padding bytes. The
value is between 0 and 255; the maximum value is rare.
❑Next header. The 8-bit next-header field is similar to that defined in the AH
protocol. It serves the same purpose as the protocol field in the IP header before
encapsulation.
❑Authentication data. Finally, the authentication data field is the result of
applying an authentication scheme to parts of the datagram. Note the difference
between the authentication data in AH and ESP. In AH, part of the IP header is
included in the calculation of the authentication data; in ESP, it is not.

IPv4 and IPv6

IPSec supports both IPv4 and IPv6. In IPv6, however, AH and ESP are part of the
extension header.
AH versus ESP
The ESP protocol was designed after the AH protocol was already in use. ESP does
whatever AH does with additional functionality (confidentiality). The question is,why
do we need AH? The answer is that we don’t. However, the implementation of AH is
already included in some commercial products, which means that AH will remain part
of the Internet until these products are phased out.
Services Provided by IPSec
The two protocols, AH and ESP, can provide several security services for packets at
the network layer. Table 30.1 shows the list of services available for each protocol.

Access Control
IPSec provides access control indirectly using a Security Association Database
(SAD), as we will see in the next section. When a packet arrives at a destination,
and there is no Security Association already established for this packet, the packet
is discarded.
Message Integrity
Message integrity is preserved ‫ الحفاظ‬in both AH and ESP. A digest of data is
created and sent by the sender to be checked by the receiver.

Entity Authentication
The Security Association and the keyed-hash digest of the data sent by the sender
authenticate the sender of the data in both AH and ESP.
Confidentiality
The encryption of the message in ESP provides confidentiality. AH, however, does not
provide confidentiality. If confidentiality is needed, one should use ESP instead of AH.
Replay Attack Protection
In both protocols, the replay attack is prevented by using sequence numbers and a
sliding receiver window. Each IPSec header contains a unique sequence number when
the Security Association is established. The number starts from 0 and increases until
the value reaches 232 − 1. When the sequence number reaches the maximum, it is reset
to 0 and, at the same time, the old Security Association (see the next section) is deleted
and a new one is established.