Module 4
IP Security, Transport level security and Email Security
____________________________________________________________________
MUSA NOTES
IP level Security:
IP-level security encompasses three functional areas: authentication, confidentiality,
and key management. The authentication mechanism assures that a received packet
was, in fact, transmitted by the party identified as the source in the packet header. In
addition, this mechanism assures that the packet has not been altered in transit. The
confidentiality facility enables communicating nodes to encrypt messages to prevent
eavesdropping by third parties. The key management facility is concerned with the
secure exchange of keys.
Introduction to IPSec
The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard
suite of protocols between 2 communication points across the IP network that provide
data authentication, integrity, and confidentiality. It also defines the encrypted,
decrypted and authenticated packets. The protocols needed for secure key exchange
and key management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which all
data is being sent between the two endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
Components of IP Security –
It has the following components:
1. Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication and anti replay. It also
provides authentication for payload.
2. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it does not
provide encryption. The anti replay protection, protects against unauthorized
transmission of packets. It does not protect data’s confidentiality.
1|Module No: 1
�3. Internet Key Exchange (IKE) –
It is a network security protocol designed to dynamically exchange encryption keys
and find a way over Security Association (SA) between 2 devices. The Security
Association (SA) establishes shared security attributes between 2 network entities
to support secure communication. The Key Management Protocol (ISAKMP) and
Internet Security Association which provides a framework for authentication and
key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and
how direct connections between two hosts that are using IPsec.
Internet Key Exchange (IKE) provides message content protection and also an
open frame for implementing standard algorithms such as SHA and MD5. The
algorithm’s IP sec users produces a unique identifier for each packet. This
identifier then allows a device to determine whether a packet has been correct or
not. Packets which are not authorized are discarded and not given to receiver.
Working of IP Security –
1. The host checks if the packet should be transmitted using IPsec or not. These
packet traffic triggers the security policy for themselves. This is done when the
system sending the packet apply an appropriate encryption. The incoming packets
are also checked by the host that they are encrypted properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate
themselves to each other to start a secure channel. It has 2 modes. The Main
mode which provides the greater security and the Aggressive mode which
enables the host to establish an IPsec circuit more quickly.
3. The channel created in the last step is then used to securely negotiate the way the
IP circuit will encrypt data across the IP circuit.
2|Module No: 1
�4. Now, the IKE Phase 2 is conducted over the secure channel in which the two
hosts negotiate the type of cryptographic algorithms to use on the session and
agreeing on secret keying material to be used with those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted tunnel.
These packets are encrypted and decrypted by the hosts using IPsec SAs.
6. When the communication between the hosts is completed or the session times out
then the IPsec tunnel is terminated by discarding the keys by both the hosts.
IPSec Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header). IPSec Architecture includes protocols, algorithms, DOI, and
Key Management. All these components are very important in order to provide the
three main services:
• Confidentiality
• Authentication
• Integrity
IP Security Architecture:
1. Architecture: Architecture or IP Security Architecture covers the general
concepts, definitions, protocols, algorithms, and security requirements of IP Security
technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service. Encapsulation Security Payload is implemented in either two ways:
• ESP with optional Authentication.
• ESP with Authentication.
3|Module No: 1
�PacketFormat:
• Security Parameter Index(SPI): This parameter is used by Security
Association. It is used to give a unique number to the connection built between the
Client and Server.
• Sequence Number: Unique Sequence numbers are allotted to every packet so
that on the receiver side packets can be arranged properly.
• Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
• Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
• Next Header: Next header means the next payload or next actual data.
• Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: The encryption algorithm is the document that
describes various encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication
and Integrity service. Authentication Header is implemented in one way only:
Authentication along with Integrity.
Authentication Header covers the packet format and general issues related to the use
of AH for packet authentication and integrity.
4|Module No: 1
�5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH
and ESP protocols. It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how
the keys are exchanged between sender and receiver.
Transport level security:
What is Transport Layer Security (TLS)?
Transport Layer Security, or TLS, is a widely adopted security protocol designed to
facilitate privacy and data security for communications over the Internet. A primary
use case of TLS is encrypting the communication between web applications and
servers, such as web browsers loading a website. TLS can also be used to encrypt other
communications such as email, messaging, and voice over IP (VoIP).
TLS was proposed by the Internet Engineering Task Force (IETF), an international
standards organization, and the first version of the protocol was published in 1999. The
most recent version is TLS 1.3, which was published in 2018.
What is the difference between TLS and SSL?
TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL,
which was developed by Netscape. TLS version 1.0 actually began development as SSL
version 3.1, but the name of the protocol was changed before publication in order to
indicate that it was no longer associated with Netscape. Because of this history, the
terms TLS and SSL are sometimes used interchangeably.
What does TLS do?
There are three main components to what the TLS protocol accomplishes: Encryption,
Authentication, and Integrity.
• Encryption: hides the data being transferred from third parties.
5|Module No: 1
� • Authentication: ensures that the parties exchanging information are who
they claim to be.
• Integrity: verifies that the data has not been forged or tampered with.
How does TLS work?
For a website or application to use TLS, it must have a TLS certificate installed on
its origin server (the certificate is also known as an "SSL certificate" because of the
naming confusion described above). A TLS certificate is issued by a certificate authority
to the person or business that owns a domain. The certificate contains important
information about who owns the domain, along with the server's public key, both of
which are important for validating the server's identity.
A TLS connection is initiated using a sequence known as the TLS handshake. When a
user navigates to a website that uses TLS, the TLS handshake begins between the
user's device (also known as the client device) and the web server.
During the TLS handshake, the user's device and the web server:
• Specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use
• Decide on which cipher suites (see below) they will use
• Authenticate the identity of the server using the server's TLS certificate
• Generate session keys for encrypting messages between them after the
handshake is complete
The TLS handshake establishes a cipher suite for each communication session. The
cipher suite is a set of algorithms that specifies details such as which shared encryption
keys, or session keys, will be used for that particular session. TLS is able to set the
matching session keys over an unencrypted channel thanks to a technology known
as public key cryptography.
The handshake also handles authentication, which usually consists of the server
proving its identity to the client. This is done using public keys. Public keys are
6|Module No: 1
�encryption keys that use one-way encryption, meaning that anyone with the public key
can unscramble the data encrypted with the server's private key to ensure its
authenticity, but only the original sender can encrypt data with the private key. The
server's public key is part of its TLS certificate.
Once data is encrypted and authenticated, it is then signed with a message
authentication code (MAC). The recipient can then verify the MAC to ensure the
integrity of the data. This is kind of like the tamper-proof foil found on a bottle of
aspirin; the consumer knows no one has tampered with their medicine because the foil
is intact when they purchase it.
VPN
A VPN (virtual private network) is one of the best tools for ensuring your internet
privacy. A VPN encrypts your connection and keeps you hidden while surfing,
shopping, and banking online.
VPN stands for "virtual private network" — a service that helps you stay private
online. A VPN establishes a secure, encrypted connection between your computer and
the internet, providing a private tunnel for your data and communications while you
use public networks.
How do VPNs work?
The Virtual Private Network was first developed by Microsoft in 1996 as a way for
remote employees to securely access the company’s internal network. Once it doubled
company productivity, other companies began to adopt the practice. Corporate VPNs
that allow remote work are now a standard feature of the global business landscape.
Need Web Security considerations
Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network
7|Module No: 1
�or web or while it is being transferred to the internet. For e.g. when you are
transferring data between client and server and you have to protect that data that
security of data is your web security.
Hacking a Website may result in the theft of Important Customer Data, it may be the
credit card information or the login details of a customer or it can be the destruction
of one’s business and propagation of illegal content to the users while somebody hacks
your website they can either steal the important information of the customers or they
can even propagate the illegal content to your users through your website so,
therefore, security considerations are needed in the context of web security.
Security Considerations
Updated Software
It is mandatory to keep your software updated. It plays vital role in keeping your
website secure.
SQL Injection
It is an attempt by the hackers to manipulate your database. It is easy to insert rogue
code into your query that can be used to manipulate your database such as change
tables, get information or delete data.
Cross Site Scripting (XSS)
It allows the attackers to inject client side script into web pages. Therefore, while
creating a form It is good to endure that you check the data being submitted and
encode or strip out any HTML.
Error Messages
You need to be careful about how much information to be given in the error messages.
For example, if the user fails to log in the error message should not let the user know
which field is incorrect: username or password.
Validation of Data
The validation should be performed on both server side and client side.
Passwords
It is good to enforce password requirements such as of minimum of eight characters,
including upper case, lower case and special character. It will help to protect user’s
information in long run.
Upload files
The file uploaded by the user may contain a script that when executed on the server
opens up your website.
SSL
It is good practice to use SSL protocol while passing personal information between
website and web server or database.
8|Module No: 1
�Secure Sockets Layer (SSL)Architecture
Secure Socket Layer provides security to the data that is transferred between web
browser and server. SSL encrypts the link between a web server and a browser which
ensures that all data passed between them remain private and free from attack.
Secure Socket Layer Protocols:
• SSL record protocol
• Handshake protocol
• Change-cipher spec protocol
• Alert protocol
SSL Protocol Stack:
SSL Record Protocol:
SSL Record provides two services to SSL connection.
• Confidentiality
• Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment
is compressed and then encrypted MAC (Message Authentication Code) generated by
algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended.
After that encryption of the data is done and in last SSL header is appended to the
data.
9|Module No: 1
�Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the client and
server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.
• Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purposes.
• Phase-2: Server sends his certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.
• Phase-3: In this phase, Client replies to the server by sending his certificate and
Client-exchange-key.
• Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake
Protocol ends.
10 | M o d u l e N o : 1
�Email Security: Secure Email S/MIME
What is Encrypted Email?
Encrypted Email is the only way to ensure your email messages are kept secure. Email
encryption is made possible through the use of Client Certificates, also known as
S/MIMECertificates.
POP Protocol
The POP protocol stands for Post Office Protocol. As we know that SMTP is used as a
message transfer agent. When the message is sent, then SMPT is used to deliver the
message from the client to the server and then to the recipient server. But the message
is sent from the recipient server to the actual server with the help of the Message
Access Agent. The Message Access Agent contains two types of protocols, i.e., POP3 and
IMAP.
Suppose sender wants to send the mail to receiver. First mail is transmitted to the
sender's mail server. Then, the mail is transmitted from the sender's mail server to the
receiver's mail server over the internet. On receiving the mail at the receiver's mail
server, the mail is then sent to the user. The whole process is done with the help of
Email protocols.
11 | M o d u l e N o : 1
�What is S/MIME?
Secure/Multipurpose Internet Mail Extensions, or S/MIME, is an internet
standard to digitally sign and encrypt email messages. It ensures the integrity of email
messages remains intact while being received.
By using digital signatures, S/MIME provides for authentication, message integrity,
and non-repudiation of origin. In addition, S/MIME includes encryption that
strengthens privacy and data security for electronic messaging.
How do you Protect and Encrypt an Email Message?
Emails messages can be secured and encrypted with S/MIME, or Secure/Multipurpose
Internet Mail Extensions and PKI, or digital certificates. S/MIME combined with
digital certificates can provide data encryption, message integrity and non-repudiation
of message origin. The DigiCert® PKI Platform for S/MIME includes S/MIME key
escrow service, certificate lifecycle management and the trusted DigiCert Certificate
Authority (CA).
What are Ways to Prevent Email Phishing?
12 | M o d u l e N o : 1
�Email users can prevent email phishing by enforcing a DMARC policy that effectively
screens out emails that are fraudulent or a phishing attempt. DMARC goes a step
beyond SPF and DKIM policies to ensure sent emails are authentic.
13 | M o d u l e N o : 1
