UNIT 4

IP Security and Web Security

Ms.N.A.Deshmukh
PRMIT&R
 Contents
• IP Security:
IP Security Overview,
IP Security Architecture,
Authentication Header,
Encapsulating Security Payload,
Combining Security Associations,
Key Management,
• Web Security:
Web Security Considerations,
Secure Socket Layer
(SSL) and Transport Layer Security (TLS),
Secure Electronic Transaction (SET).
 IP Security

Q. What is IPSec ? Explain its application benefits and the

authentication header ? What is IPSec mode of operation ?

Q. Describe the IPSec document in detail ?

Q. What is Security association ? Define its parameters ?
Q. Explain 2 modes of IPSec ?
Q. What is authentication header ? Explain in detail ?
 IP Security
 In computer, Internet Protocol Security (IP-sec) is a network
protocol suite that authenticates and encrypts the packets of data sent
over a network.
 IP-sec can protect data flows between a pair of hosts (host-to-host),
between a pair of security gateways (network-to-network), or between
a security gateway and a host (network-to-host).
 IPSec encompasses three functional areas : Authentication,
confidentiality, and key management.
 Authentication can be applied to the original IP packet (tunnel mode )
or to all of the packet except for the IP header (transport mode).
 IP Security
 IP-sec provides two choices of security service:

Authentication Header (AH), which essentially allows

authentication of the sender of data, and

Encapsulating Security Payload (ESP), which supports both

authentication of the sender and encryption of data as well.
 Confidentiality is provided by an encryption format known as
encapsulating security payload .
 IPSec defines a number of techniques for key management.
 IP Security Overview

 Applications of IPSec

 IPSec provides secure communication across LAN, private WAN,

public WAN, and Internet.
 IP Security Overview

 Applications of IPSec
 Secure branch office connectivity over the Internet :

Company can build a secure Virtual Private Network (VPN) over

the Internet or over a public WAN. Enables a business to rely
heavily on Internet and reduce its need for private network, saving
costs and network management overhead.
 Secure remote access over the Internet :

End user with IP Security protocols with help of ISP can gain
access to a company network. Reduces the cost of travelling
employees and other communication charges.
 Establishing extranet and intranet connectivity with partners :

• IPSec can be used for secure communication with other

organizations, ensuring authentication and confidentiality and
provides a key exchange mechanism.
 Enhancing electronic security : Generally web and e-commerce
applications have built-in security protocols.
• Use of IPSec enhances that security.
 IP Security Overview
• Main feature of IPSec which enables it to support these applications is
that it can encrypt and/or authenticate all traffic at the IP level.
• Therefore distributed application like remote logon, client/server, e-
mail, file transfer, web access etc can be secured.
• Fig shows a typical scenario of IPSec usage.
• An organization maintains LAN’s at dispersed locations with non
secure IP traffic on each LAN.
• For traffic offsite, IPSec protocols are used.
• These protocols operates in networking devices such as router,
firewall etc. that provide connectivity with outside world.
IP Security Overview
 IP Security Architecture

• In addition to these RFC additional draft have been published.

• The documents are divided into Seven groups as shown in fig.

• Architecture : Covers the general concepts, security

requirements, definitions, and mechanisms defines IPSec
technology.

• Encapsulating Security Payload (ESP) : It covers the

packet format and general issues related to use of ESP for packet
encryption and optionally, authentication.
Fig : IPSec Document Overview
 IP Security Architecture

• Authentication Header (AH) : Covers the packet format and

general issues related to the use of AH for packet authentication.

• Encryption Algorithm : A set of documents that describes

how various encryption algorithms are used for ESP.

• Authentication Algorithm : A set of documents that

describe how various authentication algorithms are used for AH
and for authentication option of ESP.

• Key Management : Documents that describe key

management schemes.
 IP Security Architecture

• Domain of Interpretation (DOI) : Contains values needed

for the other document to relate to each other.
• It include identifier for approved encryption and authentication
algorithms, as well as operational parameters such as key
lifetime.
 IPSec Services
• Ip-Sec provides Security service at the IP layer.
• Enables a system to select required security protocols,
• Determine the algorithms to use for the services.
• Place any cryptographic keys for requested services.
• Two protocols were used for security service.

1. Authentication Protocol : designated by the header of the

protocol, Authentication Header(AH).

2. Combined encryption/authentication protocol : designated by

the format of the packet for that protocol, Encapsulating Security
payload (ESP).
 IPSec Services
 Services are:
o Access Control.
o Connectionless integrity.
o Data origin authentication.

o Rejection of replayed packets.

o Confidentiality (encryption).
o Limited traffic flow confidentiality.
 Security Associations
Q. What is security association ? Define its parameters.
 Security Associations :
• It is an key concept, appears in both authentication and confidentiality
mechanism for IP.
• an SA is a one-way relationship between a sender and a receiver system

• If peer relationship needed, then two SA is required and SA is used either for
AH or for ESP but never for both
 Security Associations
• An SA is uniquely identified by three parameters
– Security Parameters Index (SPI)
• a bit string assigned to the SA
• carried in AH and ESP headers to allow the receiving party to
select the SA which must be used to process the packet
– IP destination address
• currently only uni-cast address is allowed.
• i.e. address of an destination end point of SA i.e end-system
or a network element (e.g., router).
– Security protocol identifier
• indicates whether the SA is an AH or an ESP SA

• Hence in any IP packet, The SA is uniquely identified by destination

address in IPv4 or IPv6 header and the SPI in the enclosed extension
header (AH or ESP).
 Transport mode in action
• Transport mode
– provides protection primarily for upper layer protocols
– protection is applied to the payload of the IP packet

• ESP in transport mode encrypts and optionally

authenticates the IP payload but not the IP header
• AH in transport mode authenticates the IP payload and
selected fields of the IP header
– usually used between end-systems
Transport mode in action
 Tunnel mode in action

• Tunnel mode
– provides protection to the entire IP packet
– the entire IP packet is considered as payload and encapsulated
in another IP packet (with potentially different source and
destination addresses)
• ESP in tunnel mode encrypts and optionally authenticates
the entire inner IP packet
• AH in tunnel mode authenticates the entire inner IP packet
and selected fields of the outer IP header
– usually used between security gateways (routers, firewalls)
 Tunnel mode in action

*
 Authentication Header
• Authentication header provides support for data integrity
and authentication of IP packets.
• Data integrity ensures protection against undetected
modification.
• Authentication enables end system or network device to
authenticate the user or application and filter the traffic
accordingly.
• Prevents the address spoofing attacks .

• AH also guards against the replay attack.

 Authentication Header
• Authentication is based on the use of a message authentication code (MAC) .

• Therefore two parties must share a secret key.

•Payload length
length of AH (in 32 bit words) minus 2
Next Payload e.g., default length of authentication data
Reserved
header length
field is 96 bits or three 32 bit words.
Security Parameters Index (SPI) With a three-word fixed header, there a total
of six-words in header, and payload length
Sequence number
field has a value of 4
• Reserved (16 bits) For future use.
• Security Parameters Index(32 bits):
identifies the SA used to generate this header
Authentication data • Sequence number (32 bits) :
(variable length) sequence number of the packet
Authentication data (variable):
a (truncated) MAC or Integrity Check
value(ICV).

• Next header
type of header immediately following
this header (e.g., TCP, IP, etc.)
 Anti-replay service
 Explain Anti-replay Service ?
 In Replay attack, attacker obtains a copy of an authenticated
header and then transmits to an intended destination.
 The receipt of duplicate authenticated IP packet disrupt
service or may have undesired consequence.
 Sequence number field is designed to such attacks.
 Sequence number generation : When a new SA is
established, the sender initializes a sequence number counter
to 0.
 Anti-replay service
• Each time the packet is sent, sender increments the counter by 1
and places value in sequence number field.
• Thus first value to be used is 1.
• If anti-replay is enabled then the sender must not allow the
sequence number to cycle past 232 – 1 back to 0.
• Or it will create multiple packets with same sequence number.
• If limit of 232 – 1 is reached, sender should terminate SA and
negotiate a new SA with a new key.
 Anti-replay service

• IP is connectionless, and unreliable.

• This protocol does not guarantee the in order packet delivery, and

also not guarantee that all packet get delivered.

 Transport and Tunnel Mode

• There are two ways for IPSec authentication service can be

used.
• First case authentication is provided directly between a server
and client workstation.
• Workstation can be either on same network as the server on an
external network.
• As long as workstation and server share a protected secret key,
the authentication is secure.
• This mode uses a transport mode SA.
 Transport and Tunnel Mode
• In other case, a remote workstation authenticate itself to
corporate firewall, either for accessing the entire internal
network or the requested server does not support the
authentication feature.
• This case uses a Tunnel mode.
Transport and Tunnel Mode

Fig a .) Before Applying AH

 Transport and Tunnel Mode
• We can see the scope of authentication provided by AH and
the authentication header location for two modes.
• Fig a. Shows the typical IPv4 and IPv6 packets.
• In this case, IP payload is a TCP segment.
• or it may be a data unit of any other protocol that uses IP,
such as UDP or ICMP.
• For Transport mode AH using IPv4, the AH is inserted after
the original IP header and before the IP payload as shown in
fig b.
 Transport and Tunnel Mode
• Authentication covers the entire packet, excluding mutable (variable)
fields in the IPv4 header and are set to zero for MAC calculations.
• In the context of IPv6, AH is viewed as an end-to-end payload.

• i.e. it is not examined or processed by intermediate routers.

• Therefore, the AH appears after the IPv6 base header and hop-by-
hop, routing, and fragment extension headers.
• Destination option extension header could appear before or after AH
header depending upon semantics desired.
• Authentication covers the entire packet, excluding mutable fields that
are set to zero for MAC calculations.
Transport and Tunnel Mode

Fig b. ) Transport Mode

 Transport and Tunnel Mode
• For Tunnel Mode AH, the entire original IP packet is
authenticated , and the AH is inserted between the original IP
header and a new IP header as shown in fig c.

• Inner IP header carries the ultimate source and destination

addresses while an outer IP header may contain different IP
addresses (e.g. addresses of firewalls or other security gateways).

• With tunnel mode, the entire inner packet, including the entire
inner IP header is protected by AH.

• The outer IP header (in IPv6, the outer IP extension header) is

protected except for mutable and unpredictable fields.
Transport and Tunnel Mode

Fig c .) Tunnel Mode

 Encapsulating Security Payload
• ESP provides confidentiality service, including confidentiality of
message contents and limited traffic flow confidentiality.
• Optionally ESP can also provide an authentication service.
• ESP format : Shown in fig.

• It consist of various fields.

o Security Parameter Index (32 bits) : Identifies the SA.

o Sequence Number (32 bits) : Monolithically increasing counter

value; Provide protection against replay attacks.
o Payload data (Variable) : It is an transport level segment (transport
mode) or IP packet (tunnel mode)that is protected by encryption.
Encapsulating Security Payload
 Encapsulating Security Payload

o Padding (0-255 bytes)

o Pad Length (8 bits) : Indicates number of pads bytes
immediately preceding this field.
o Next header (8 bits) : It identifies type of data in the payload
data field, by simply identifying the first header in that
payload.
o Authentication data (variable) : A variable-length field
(integral number of 32-bits) that contains the integrity check
value over the ESP packet minus the authentication data field.
 Encryption and Authentication Algorithms
• Payload data, Padding, Pad Length, and Next Header field are encrypted by the
ESP services.
• If cryptographic synchronization data such as an initialization vector (IV) is
required, then data get carried explicitly at the beginning of payload data field.
• If included, IV is usually not encrypted.
• There are number of algorithms assigned for encryption; These includes
o Three-key triple DES.
o RC5
o Three-key triple IDEA
o CAST
o Blowfish.
 Encryption and Authentication Algorithms
• ESP supports the use of MAC with default length of 96 bits.
• Specification dictates that implementation must support HMAC-
MD5-96 and HMAC-SHA-1-96.
• Concept of Padding : Padding serve for several purpose

1. If an encryption algorithm requires plaintext to be multiple of

some bytes, the padding field is used to expand the plaintext to be
of required length.
2. ESP format require Pad Length and next Header fields be right
aligned within a 32-bit word.
3. It is also require for partial traffic flow confidentiality.
 Transport and Tunnel Mode
• There are two ways in which IPSec ESP service can be used.
• One technique provides encryption directly between two hosts
as shown in fig a.
• Fig b. shows how tunnel mode operation for setting Virtual
private network.

Fig a : Transport-level Security

 Transport and Tunnel Mode

Fig b : Virtual Private Network via Tunnel mode

 Transport and Tunnel Mode
• As shown in fig, An organization has four private networks
interconnected across the internet.
• Hosts on the internal networks use the Internet for transport of data.
• Transport mode ESP : Transport mode ESP is used to encrypt and
optionally authenticate the data carried by IP (e.g. TCP segment) as
shown in fig a.
• In transport mode using IPv4, the ESP header is inserted into the IP
packet immediately prior to the transport layer header (e.g. TCP,UDP,
ICMP) and an ESP trailer (Padding, Pad Length, and next header fields) is
placed after the IP packet.
Transport and Tunnel Mode
 Transport and Tunnel Mode
• If authentication is selected, the ESP Authentication data field is added
after the ESP trailer.
• Entire transport-level segment + ESP trailer are encrypted.
• Authentication covers all of the ciphertext + ESP header.
• In IPv6 context, ESP is viewed as an end-to-end payload, i.e. it is not
examined or processed by intermediate routers.
• Therefore ESP header appears after IPv6 base header and hop-by-hop,
routing, and fragment extension headers.
• Destination option extension header could appear before or after the
ESP header, depending on semantics desired.
 Transport and Tunnel Mode
• For Ipv6, encryption covers the entire transport-level
segment + the ESP trailer + destination options header if
occurs after the ESP header.
• Authentication covers the ciphertext + the ESP header.
 Tunnel mode ESP
• Tunnel mode ESP : Use to encrypt an entire IP packet as shown.

• For this ESP header is prefixed to packet and then the packet + ESP trailer is encrypted.

• It is necessary to encapsulate entire packet as IP header contains destination address +

routing directives + hop by hop option information.
 Tunnel mode ESP

• it is not simply to transmit the encrypted IP packet prefixed

by a ESP header.
• Intermediate routers would be unable to process such a
packet.
• Therefore, it is necessary to encapsulate the entire block
 Combining Security Associations
• An individual SA can implement either in AH or ESP protocol but
not both.
• Some traffic flow may require services provided by both AH and
ESP.
• Sometime a traffic flow require IPSec services between hosts
and, for that same flow, separate service between security
gateway e.g. in firewalls.
• For all these cases multiple SAs must be employed for same
traffic to achieve the desired IPSec services.
 Combining Security Associations
• Security association bundle refers to a sequence of SAs.
• SAs are combined in bundles in two ways.
1. Transport adjacency : Applying more than one security protocol to the
same IP packet without tunneling .
-- Combining AH and ESP allows for only one level of combination.
2. Iterated tunneling : Refers to application of multiple layers of security
protocols effected through IP tunneling.
-- allows multiple levels of nesting as each tunnel can originate or
terminate at different IPSec site along path.
 Authentication Plus Confidentiality
• Encryption and authentication can be combined to transmit
IP packet which can have confidentiality and authentication
between hosts.
• There are various approaches.
o ESP with Authentication option :
 Authentication Plus Confidentiality
• The user first applies ESP to data to be protected and then appends the authentication

data field.

• It has two subclasses.

1. Transport mode ESP : Authentication and encryption apply to the IP payload delivered

to host, but IP header is not protected.

2. Tunnel mode ESP : Authentication applies to the entire IP packet delivered to the outer

IP destination address (e.g. firewall) and authentication is performed at the destination.

-- Entire inner packet is protected.

For both cases, authentication applies to ciphertext rather the plaintext.

 Authentication Plus Confidentiality
 Basic combinations of Security Associations.

• IPSec Architecture document lists four examples of combinations of SAs .

• Case 1 : All security is provided between end systems that implements
IPSec.
• For communication between two end system using SA, they must share the
appropriate secret key.
• Among the possible combinations.

a) AH in transport mode.

b) ESP in transport mode

c) ESP followed by AH in transport mode (an ESP SA inside an AH SA).

d) Any one of a,b, or c inside AH or ESP in tunnel mode.

Combining Security Associations
 Combining Security Associations
• Case 2 : Security is provided between gateways (routers, firewalls
etc) and no host implement IPSec.
• It represent simple virtual private network support.
• Security architecture document specifies that only a single tunnel
SA is needed for this case.
• Tunnel could support AH, ESP, or ESP with authentication.
• Nested tunnels are not required because the IPSec services
apply to the entire inner packet.
Combining Security Associations
 Combining Security Associations

• Case 3 : It is build on Case 2 by adding end-to-end security.

• Similar to case 1 and case 2 combinations.

• Gateway-to –gateway tunnel provides either authentication or
confidentiality or both for all traffic between end systems.
• When gateway-to-gateway tunnel is ESP, it also provides a
limited form of traffic confidentiality.
• Host can implement any additional IPSec services required by
user or application, by means of end-to-end SAs.
Combining Security Associations
 Combining Security Associations

• Case 4 : It provide a support for remote host that uses the

Internet to reach an organization’s firewall and then gain access
to some server or workstation behind the firewall.
• Only tunnel mode is required between the remote host and the
firewall, and one or two SAs may be used between the remote
host and the local host.
Combining Security Associations
 Key Management
• Key management involves the determination and distribution of
secret key.
• It require four keys for communication between two applications:
• i.e. transmit and receive pairs for both AH and ESP.
• IPSec architecture document mandates support for two types of
key management.
o Manual : System admin manually configures each system with its
own keys and with keys of other communications system.
• It is practical for small, relatively static environments.
 Key Management
o Automated : Automated system enables the on-demand
creation of keys for SAs and facilitates the use of keys in large
distributed systems.
• Automated key management protocol for IPSec is referred as
ISAKMP/Oakley and it consist of elements such as.
 Oakley Key Determination Protocol : Oakley is a key exchange
protocol based on Diffie-Hellman algorithm but it also provide
added security.
• Oakley is generic as it does not dictate any specific format.
 Key Management

 Internet Security Association and Key Management Protocol

(ISAKMP) : ISAKMP provide a framework for Internet key
management and provides the specific protocol support,
including formats, for negotiation of security attributes.
ESP Tunnel Mode

Encrypted

Authenticated
(optionally)