Department of CSE

III Year B.Tech. II-Sem

Regulation: R18
Subject: Information Security (18PE0CS2C)

Prepared By:
Dr.B.Veeramallu

Dept. of CSE ,GNITC

1
 Information Security

UNIT-IV
• E- Mail Security: Pretty Good Privacy, S/MIME.

• IP Security: IP Security overview, IP Security

architecture, Authentication Header, encapsulating
security payload, combining security association, Key
management.

Arun Singh, Asst. Professor, GNITC

 Electronic mail Security
 Email is one of the most widely used and best network service.

 But according to some mail service providers, it is not secure.

 Message may be observed by third party while transmission.

 Email list is the list of destination mail addresses.

 In implementation of email list , there are two exploring

mechanisms involved:

 1. Remote explorer : In this sender sends an email to the server who

keeps the email list and distribute emails to all members in the list.
 Electronic mail Security
 2. Local explorer : Sender gets the list from server and distributes
email to the members in the list.

 In both , there is the need of security services for these mails and
mailing list like :

 Privacy , Proof of delivery of mail , Authentication ,

Confidentiality regarding message flow, Integrity , Security from
self destruct, Non repudiation , Proof of submission of mail ,
Integrity regarding message sequence.

 Threats to E-mail :
 Loss of Confidentiality , Loss of integrity , Lack of Data origin
Authentication , Lack of non Repudiation , Lack of notification of
receipt .
 Electronic mail Security
 Threats Enabled by E-mail :
 1. Exposure of systems to malicious code : Email is one of the tool by
which computer viruses spread.

 Intruders using java script or VB script to the mails for spreading

viruses.

 2. Exposure of systems to denial of service attacks : Intruders use a

small program that sends mails to a client attack so there is a chance
of denial of service attack.

 3. Spamming : Spam wastes bandwidth and it decreases productivity.

 4. Relaying and Blacklisting : Wrong configuration of relaying

capability allows mail server to be exploited for spamming.
 Electronic mail Security
 Sometime all e-mails from vulnerable client get blocked by mail
server using blacklist

 5. Unauthorized Access to systems : Mail servers themselves are

vulnerable , because they are also attacked to external networks.

 Sometimes it leads to your mail server is used as attack platform on

other system

 To overcome these threats, secure e-mail standards provides two

important concepts : PGP and S/MIME.
 Pretty Good Privacy (PGP)
 PGP was developed by Zimmermann in 1980 and first version was
released in 1991

 PGP is high security cryptographic applications which allows people

to exchange messages or file with privacy ,confidentiality , integrity ,
and authentication.

 PGP provides a confidentiality and authentication service that can

be used for e-mail and file storage applications.

 PGP is used for signing , encrypting , and decrypting e-mails to

increase the security of e-mail communications.

 PGP is mainly used to provide privacy that is to store and transmit

your data so that only selected people may view their contents .
 Pretty Good Privacy (PGP)
 Objectives of PGP :
 So many reasons are there for this growth :

 It is available free worldwide and in commercial versions

 Operating system independent that run on platforms like

windows , unix etc.

 Based on the popular algorithms that are considered more secure

like RSA,DSS , IDEA, 3-DES, SHA-1.

 PGP is now an internet standards (RFC 3156)

 It is not controlled by government or standards organization.
 Pretty Good Privacy (PGP)
 Guidelines of PGP : Zimmerman developed PGP and he has done
the following :

 Best available cryptographic algorithms used as building block.

 Integrated these algorithms into a general –purpose application.

 It is independent of operating system and processor and Simple

command to use.

 Made total documentation including source code freely available via

internet.
 Pretty Good Privacy (PGP)
 Notations :
 Following are some notations and their symbols which are used :
 Ks = session key used in symmetric encryption
 PRa = private key of user A, used in public encryption
 PUa = public key of user A ,used in public key encryption
 EP = public key encryption
 DP =public key decryption
 EC = symmetric encryption
 DC = symmetric decryption
 H = hash function
 l l = concatenation
 Z = compression using zip algorithm
 R64 = conversion to radix 64 ASCII format
 Pretty Good Privacy (PGP)
 PGP services /operations :
 The actual operation of PGP , as opposed to the management of
keys , consists of four services :

 Authentication (digital signatures) , Confidentiality (message

encryption), compression and e-mail compatibility.

 Authentication : Fig. illustrates the digital signature service provided

by PGP.

 The sequence is as follows :

 1. Sender creates message

 2. SHA-1 is used to produce 160-bit hash code of message

 Pretty Good Privacy (PGP)
 3. Hash code is encrypted with RSA using senders private key and
result is pre-pended to the message

 4. Receiver decrypts & recovers hash code using RSA with senders
public key

 5. Receiver generates new hash code for message and compares it

with decrypted hash code and matches and verifies to be authentic.
Pretty Good Privacy (PGP)
 PGP Operation – Confidentiality
 Confidentiality :
 The another basic service provided by PGP is confidentiality.

 The symmetric encryption algorithm CAST-128 may be used.

 Alternatively ,IDEA or 3DES is used.

 The 64-bit cipher feed back mode is used.

 In PGP , each symmetric key is used only once.

 A new key (session key) is generated as a random 128-bit number for

each message.
 PGP Operation – Confidentiality
 This session key is bound with the message and transmitted with it.

 To protect the session key , it is encrypted with receiver’s public

key.

 Fig. illustrates the sequence as follows :

 1. Sender generates a message and 128-bit random session key for
this message.

 2. The message is encrypted with session key using CAST-128 (or

IDEA or 3DES)

 3. The session key is encrypted with RSA using receiver’s public key
and pre-pended with message.
 PGP Operation – Confidentiality
 4.The receiver uses RSA with its private key to decrypt and recover
the session key.
 5. The session key is used to decrypt the message.
 PGP Operation – Confidentiality and
Authentication
 Confidentiality and Authentication : To increase the trust of any
service, both confidentiality and authentication should be provided.

 Figure illustrates both services may be used for same message.

 Firstly , a signature is generated for the message and it is pre-pended

to the message according to authentication sequence.

 Then message plus signature is encrypted using128-bit random

session key and CAST-128 (IDEA or 3DES) , and session key is
encrypted using RSA.

 Receiver decrypts the signed message by using its private key and
recovers session key.
 PGP Operation – Confidentiality and Authentication
 when both services are used, the sender first signs the message with
its own private key, then encrypt the message with a session key ,
and finally encrypts the session key with receiver’s public key.
 PGP Operation – Compression ,email
compatibility
 Compression:
 By default , PGP compresses the message after applying the
signatures but before encryption.

 1. The signature is generated before compression for two reasons :

 A. It is more convenient to store uncompressed message along with

signature for future verification.

 B. If one signed a compressed document , then it would be necessary

either to store a compressed version of message for later verification
or to recompress the message when verification is required.
 PGP Operation – Compression ,email
compatibility
 2. The message encryption is applied after compression to
strengthen cryptographic security because :

 A. The compressed message has less redundancy than original

plaintext.

 B. Thus cryptanalysis is more difficult.

 Email Compatibility :
 In all above cases PGP sends message in encrypted form (binary data)

 However email systems was designed only for ASCII text

 PGP Operation – Compression ,email
compatibility
 PGP must encode raw binary data into printable ASCII characters for
transmission.

 This is called e-mail compatible conversion.

 It uses radix-64 conversion algorithm.

 Maps 3 bytes to 4 printable ASCII characters output.

 Also appends a CRC to find transmission errors.

 PGP also segments messages if too big

 Key management of PGP
 PGP makes use of four types of Keys :
 One time session symmetric keys
 Public Keys
 Private keys
 Passphrase –based symmetric keys.
 Three requirements are there with respect to these keys :
 1. A means of generating session keys is needed.

 2. Allow user to have multiple public –key/ private –key pairs

because user may change his key pair from time to time.
 So some means is needed for identifying particular keys.

 3. Each PGP entity must maintain a file of its own public/private key
pairs as well as file of public keys of correspondents.
 Key management of PGP
 Session key generation :
 Algorithm used for session key is CAST-128.

 Input given to CAST -128 is a 128- bit random generated key and
here two 64 bits plaintexts are to be encrypted.

 The cipher feedback mode generates two 64-bit ciphers that forms
session key.
 Key Identifiers :
 One important observation drawn in PGP is that it has multiple public
keys.

 How recipient know which of its public keys was used to encrypt the
session key.
 Key management of PGP
 To solve this problem key identification is required.

 There is a need of sending receiver's public key ID because it is used

for encrypting session key.

 Other need is send the sender’s public key ID whose private key used
for signature.

 General format of PGP message :

 A message consist of three components :

 (a). Message component : Contains actual data to be stored or

transmitted , filename ,timestamp that specifies time of creation.
 (b) . Signature component :
 It Contains following :

 Timestamp (the time at which signature was made)

 Message digest that is a 160-bit SHA-1 digest encrypted with senders

private key

 Leading two octets of message digest : makes the receiver to

determine if the correct public key was to decrypt the message
digest for authentication

 Key ID of sender’s public key : Identifies public key that should be

used to decrypt message digest and identifies private key that was
used to encrypt message digest.
 (c). The session key component : includes encrypted session key and
key ID of receiver’s public key. Figure : PGP Message Format
 PGP Key Rings
 To overcome the difficulty of sending key identifications with every
message each PGP user has a pair of key rings:

 Public-key ring contains all the public-keys of other PGP users known
to this user, indexed by key ID

 Private-key ring contains the public/private key pair(s) for this user,
indexed by key ID & encrypted keyed from a hashed passphrase.
PGP Key Rings
 PGP Trust Model
 PGP does not include any specification for establishing certifying
authorities pr for establishing trust, it provides a better way of using
trust ,associating trust with public keys and exploiting trust
information.

 Figure shows public key ring structure regarding trust. Complete trust
is given for You , each other node in the key ring has OWNERTRUST
value.

 A,B are partially trusted by You to sign keys , D,E,F are fully trusted by
You to sign keys, C,H,M ,N,O,P,Q are keys that are deemed legitimate
by You .G,I,J,K are not having trust.
PGP Trust Model
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 It is a security enhancement to MIME internet e-mail standard .

 Original Internet standard RFC822 email can be able to transfer text

content only.

 MIME provided support for various content types and multi-part

messages.

 It used encoding of binary data to textual form.

 S/MIME added security enhancements.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 S/MIME has support in many mail agents like MS Outlook, Mozilla,
Mac Mail etc.

 It originated from RSA data security in1995.

 Version 3 of S/MIME specified in RFC 2630-2634.

 Before S/MIME ,we need to understand about underlying e-mail

format MIME that is used by S/MIME.

 But to understand it ,we need to go back to traditional e-mail format

standard i.e. RFC 822 which is still in common use.
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 The most recent version of this format is RFC 5322 (Internet massage
format).

 It is one of the commonly used internet based standard.

 In this standard text mail messages that are transmitted by internet

is defined.

 These message consist of envelope and contents.

 Envelope has the information required for performing transmission
and delivery

 Content contain object that is to be delivered to actual receiver.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 Message structure of RFC 5322 consist of following two
fields :
 Header field : Used by user agent who is part of mail system.

 It consist of header lines that starts with keywords like from ,to ,date,
and subject.

 Keyword are followed by colon, which is followed by arguments of

keyword.

 Body field : It consist of unrestricted ASCII text.

 It is separated from header file by a blank line.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 Another field is commonly found in RFC5322 is Message ID .

 It contains unique identifier associated with the message.

 MIME (Multipurpose Internet Mail Extensions ) :

 It was developed to overcome the problems of SMTP.

 Some of the limitations and problems are :

 SMTP cannot transmit executable file, cannot transmit data that

contains uni-code characters, cannot transfer over a size limit ,
cannot handle non-textual data.
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 Common problems are :
 Wrapping of lines longer than 76 characters.

 Removal of trailing white space.

 Padding of lines in a message to same length.

 Conversion of tab characters into space characters.

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 Overview of MIME :
 The MIME specification includes the following component :
 1. Five new message header fields that provide information about the body of the
message.

 2. A number of content types (formats)

 3. Transfer encoding techniques that enable conversion of any format into the form that
is protected from any change in mail system.

 The five message header fields defined in MIME are :

 a. MIME version : Must have value 1.0.It indicates that message confirms to proper RFC.
 S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 b. Content Type : Describe data contained in body with sufficient details
that receiver agent use to pick agent to represent data to user.

 c. Content- transfer –encoding : Indicate type of transformation used to

represent body of message that acceptable for mail transport.

 d. Content –ID : Used to identify MIME entities in multiple contexts.

 e. Content – Description : A text description of object with the body, this is

useful when object is not readable.
 MIME content Type (formats) :
 Content type declares general type of data , and subtype specify particular
format for that type of that data.
MIME content type table :
Transfer Encodings :
Other major component of the MIME specification is transfer
encoding techniques.
There are six different MIME transfer encoding techniques.
 Functionality of S/MIME :
In term of functionality , S/MIME is similar to PGP.
Digital signature , confidentiality , integrity services are provided by both.

Following are the functions of S/MIME :

1. Enveloped data : It contains encrypted content of any type along with encrypted
keys for one or more receivers

2. Signed Data : To create a digital signature, the hash code of the content is signed
and then encrypted using signer’s private key.

Later on signature and content are encoded using base64 encoding.

3. Clear-signed data : A digital signature of the content is formed. But in this case only
the digital signature is encoded using base64.
 4. Signed and enveloped data :
 Entities that are signed-only ,encrypted –only be nested to sign the
encrypted data and encrypt the signed or clearly –signed data.

 S/MIME Cryptographic Algorithms :

• Digital signatures: DSS & RSA

• Hash functions: SHA-1 & MD5
• Session key encryption: ElGamal & RSA
• Message encryption: AES, Triple-DES, RC2/40 and others
• MAC: HMAC with SHA-1
• Have process to decide which algorithms to use.
 S/MIME Messages :
 S/MIME secures a MIME entity with a signature, encryption, or both

 Forming a MIME wrapped PKCS object

 Have a range of content-types:

 Enveloped data

 Signed data

 Clear-signed data

 Registration request

 Certificate only message

 S/MIME Certificate Processing :
 S/MIME uses X.509 v3 certificates

 Managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of

trust.

 Each client has a list of trusted CA’s certificates

 Own public/private key pairs & certificates

 Certificates must be signed by trusted CA’s

 Certificate Authorities :
 Have several well-known CA’s
• VeriSign one of most widely used.

• VeriSign issues several types of Digital IDs

• Increasing levels of checks & hence increased trust.

 S/MIME Enhanced Security Services :

 3 proposed enhanced security services:
 Signed receipts

 Security labels

 Secure mailing lists

 IP Security
 IP security is a set of services and not a protocol.

 IPSec is a capability that can be added to either current version of

Internet Protocol (IPv4 or IPv6 ) by means of additional headers.

 IPSec covers three areas of functionality that is authentication ,

confidentiality and key management.

 IPSec encrypts and authenticates all data traffic at the IP level.

 Have a range of application specific security mechanisms for

application areas like e-mail (S/MIME, PGP), client server (Kerberos),
Web access (SSL/HTTPS)
 IP Security
 However there are security concerns that cut across protocol layers.

 By implementing security at the IP level , an organization can ensure

networking not only for applications that have security mechanisms
but for security –ignorant applications.

 Applicable to use over LANs, across public & private WANs, & for the
Internet

 IP Security Overview :
 In 1994, Internet Architecture Board (IAB) issued report “security in
the Internet Architecture “RFC 1636.

 IAB decided that authentication , integrity , encryption must be a part

of next generation version of IP protocol IPv6.
 Fortunately these security designed to be used with the current IPv4
and IPv6.

 The outcome of the study and IAB’s report is the protocol for
providing security at the IP levels called as IP security.

 Applications of IP Security :
 IPSec provided the capability to provide secure communication
across LAN, WAN and internet.
 Following are the examples of uses/applications of IPSec :
 Creation of virtual private network :
 Using IPSec, any organization can develop its own secure ,VPN on
internet.
 So ,need of private network is reduced and it enables to rely on
internet saving costs and overhead.
 Secure Remote access over internet :
 IPSec enables ‘remote user to securely access company’s network.

 Means user having IP security protocols can make a local call to an

ISP and get secure access to company’s network and reduce
transport charges.

 Establishing extranet and intranet connectivity with partners :

 IPSec issues like authentication, confidentiality , key management

will provide secure and reliable communication among various
organizations whether communication is intranet or extranet.

 Improving E-commerce security :

 Some e-commerce and web applications have in-built security
protocols, but IPSec enhance that security.
 Benefits of IP Security
 The principal feature of IPSec which allow it to support various
applications is that it can encrypt and authenticate all traffic at IP
level.

 So all applications (remote login ,client server ,email ,file transfer ,

web access) can be secured.

 Some of the Benefits of IPSec are :

 1. IPSec can be implemented in firewall.

 It provide powerful security check on all incoming and outgoing

packets.

 2. Firewall uses IPSec to restrict all those incoming packets which are
not using IP.
 Benefits of IP Security
 Since firewall is the only way to enter from the internet into the
organization , restricted packets cannot enter.

 3. All the operation of IPSec are transparent to other applications

because it is present below transport layer and at the IP layer.

 4. IPSec can be easily implemented in a firewall and does not require

any changes on the client or server system software.

 5. IPSec does not require additional training to be given to the users

because IPSec can be transparent to end users.

 6.IPSec can provide security for individual users if needed.

 IP Security Architecture
 IPSec (IP Security) architecture uses two protocols to secure the
traffic or data flow.
 These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header).
 IPSec Architecture includes protocols, algorithms, DOI, and Key
Management.
 All these components are very important in order to provide the
three main services:
 IP Security is a mechanism which includes various components.
 The whole IPSec architecture involves three components :
 IPSec Documents
 IPSec Services
 Security Associations (SA)
IP Security Architecture:
 IP Security Architecture
 IPSec Documents : IPSec can be defined by using number of
documents including RFC’s 2401,2402,2406,2408
 Released in 1998 to describe extension of packet Authentication
Header(AH) packet encryption (ESP) to describe security
architecture.
 The IPSec specification is divided into RFC’s and IETF documents
making it most difficult and complex.
 The document can be categorized into following groups :
 Architecture : Covers general concepts security
requirements ,definitions, mechanisms, notations/rules defining
IPSec technology with requirements for providing security.

 Authentication Header (AH): AH is an extension Header to provide

message authentication.
 Current specification is RFC 4301 (security architecture for Internet
 IP Security Architecture
 Encapsulating Security Payload : ESP consist of an encapsulating
header and trailer used to provide encryption or combined
encryption/authentication.

 Current specification is RFC 4303(IP encapsulating security payload)

 Internet Key Exchange (key management) :

 This is a collection of documents describing the key management
schemes used with IPSec.

 The main specification is Internet key exchange IKEv2 protocol.

 Cryptographic Algorithms : It includes set of documents that define

and describe implementation procedure of encryption algorithms for
encryption ,message authentication ,key exchange.
 IP Security Architecture
 Domain of interpretation :
 It contains the relational values between the different documents
including identifiers and parameters needed for encryption and
authentication algorithms

2. IP Security Services :
 IPSec provides security services at the IP layer by a system which
select required security protocols

 Determine algorithms and cryptographic keys required to provide the
requested services.
 IP Security Architecture
 IPSec architecture use two protocols to provide security at
IP level :
 Authentication Header (AH): an authentication protocol designated
by header of protocol.

 Encapsulating security payload (ESP) : a combined

encryption/authentication protocol designated by the format of the
packet of that protocol.
 IP Security Architecture
 The IPSec services are as follows :
 Access Control : Here cryptographic keys are distributed and traffic
flow is controlled in both AH and ESP protocols.

 Connectionless Integrity : Data integrity service is provided by IPSec

through AH which prevents data from any alteration(change) during
transmission.

 Data origin Authentication: This IPSec service prevents the

occurrence of replay attacks ,address spoofing etc.

 Confidentiality : It is obtained by using en encryption technique in

which all data packets are transformed into cipher text.
 IP Security Architecture
 Limited traffic flow confidentiality : This service ensures that
confidentiality is maintained on number of packets transferred or
received.
 Rejection of replayed packets : The duplicate or replayed packets
are rejected using sequence number field in both AH and ESP.

3. Security Association (SA) :

 Security Association is one-way logical relationship or connection
between sender and receiver.

 The connection provided by SA is one way only , so two SA’s are

needed for bi-directional communication i.e. one for each direction.
 IP Security Architecture
 The Security Association is uniquely identified by three essential
parameters :

 1. Security parameter index (SPI) : This parameter used to indicate

the type of SA.

 The AH and ESP include this field in their respective header which
allow the receiving system to select type of SA under which received
packet is processed.

 Destination IP Address : This parameter represents the IP address of

the destination of SA. Destination can be firewall or router.

 Security protocol Identifier :This parameter or this field indicates

type of association i.e. either AH security association or ESP security
 IP Security Architecture
 Security Association Database :
 The implementation of IPSec contains SA database which defines
parameters related with each SA.

 Following are parameters on which SA depends or by

which SA is defined in Security Association Database :

 Sequence number counter : The AH and ESP header use this

parameter to generate 32-bit sequence number field.

 Sequence counter overflow : If sequence counter overflows due to

more packets received , an event is generated by flag which stops
further transmission
 IP Security Architecture
 Anti-replay window : This window is used to avoid impact of a replay
attack i.e. this window is used to determine whether incoming packet
is duplicate copy or new.

 AH Information : Consist information used for AH implementation

like types of authentication algorithm ,keys, Lifetime of keys and
related parameters.

 ESP Information : Consist information about authentication and

encryption algorithms ,keys ,lifetime for keys, values initialized used
for ESP implementation.

 Lifetime of security Association : Represents duration of time

assigned to SA i.e. Once the time expires , SA is terminated or
replaced
 Authentication Header
The authentication header AH is a protocol and a part of IPSec , which
authenticates the origin of IP Packets and generates integrity.

It provides integrity and authentication of IP packets.

It makes end users to authenticate opposite users to take decision

whether to accept or reject the packets.

The Authentication Header consist of following fields :

Next Header : This field is of 8 bits in size and is used to determine
type of succeeding header

Payload length : It is also of 8 bits in size and specifies length of AH

 Authentication Header
Reserved : AH contains 16 bits reserved for future use.

Security parameter Index :32 bit used to represent SA with this

packet.

Sequence number : Represents repetitive increasing counter value

used to protect against replay attacks.

Authentication Data : This field is not fixed length field and contains
Integrity check value used for authentication of AH packet.
 Encapsulating Security Payload (ESP)
It is a protocol which provides data confidentiality, also provides
origin authentication , data integrity checking and replay protection.

It consist of following fields :

Security parameter index : A 32 bit field which determines the
security association

Sequence Number : This field is used to represent a monotonically

increasing number assigned to each received packet to avoid replay
attacks.

Payload Data : This field represents the encrypted data which is to be

transferred.
 Padding (0-255 bits): Padding field is used to make length of
plaintext to be the multiple of desired number of bytes.

 Padding Length (8 bits): This field represents length of padding

applied to the data.

 Next Header : 8-bit in size and represents type of header which

follows this header.

 Some default values are assigned to protocol headers i.e. value of

TCP is 6,UDP is 17 and IP is 4.

 Authentication Data : It is of variable length (length depends on SA )

and contains an Integrity check value.
 IPSec protocol mode : It represents type of mode used for IPSec
implementation

 Mode can be tunnel mode or transport mode.

 Path MTU : Represents maximum allowable size for a packet i.e.

maximum data packet can hold during transmission.
 IP Security modes :
 We know that there are two IP security protocols , one is AH and ESP.
 Both AH and ESP supports two modes of use :

 Transport mode and Tunnel mode

 There are four possible combination of modes and protocol :

 AH in transport mode , AH in tunnel mode

 ESP in transport mode , ESP in tunnel mode

 AH in tunnel mode is not used because it protects same data that AH

protects in transport mode.
 Transport mode :
 Provide protection for upper layer protocols.

 Transport mode protection extends to the payload of an IP packet

 In transport mode , AH and ESP protect the transport header.

 Transport mode is used for end-to-end connection between two

hosts i.e. Client and server or between two workstations.
 Tunnel mode :
 Tunnel mode provide protection to entire IP packet.
 To achieve this , after the AH or ESP fields are added to the IP packet

 Entire packet plus security fields is treated as the payload of new

outer IP packet with a new outer IP header.
 Combining Security Associations
 It is mandatory to implement multiple SA’s for the same traffic flow
which requires both AH and ESP protocol services.

 The combination of SA’s needed for processing a traffic flow to

provide the required IPSec services can be termed as SA bundle.

 There are two ways in which SA bundle can be formed :

 Transport Adjacency : Single IP packet is provided with more than
one security protocol without applying tunnelling mechanism

 AH and ESP protocols are combined and applied to a single IP packet.

 Repeated Tunnelling : An IP packet which has a particular security

protocol is encapsulated into other IP packet.
 Combining Security Associations
 Basic Combinations of Security Associations :
 As per documents of IPSec architecture , SA’s can be combined in
four different ways that are supported by all the nodes in IPSec

 The nodes may be individually work-stations or server or firewall.

 First Combination : The individuals nodes must utilize their own

IPSec services to get appropriate security.

 The two nodes can communicate with each other by sharing their
respective secret keys through SA.
 Combining Security Associations
 Second combination : In this combination , the security of individual
nodes cannot be achieved by implementing services of IPSec,
 Instead the security is provided at the gateways.

 According to SA document, only one tunnel (i.e. AH , ESP ) or (ESP

with authentication ) is needed for this combination.

 Third Combination : This combination is almost similar to the second

combination
 But in addition provides security even to the nodes.

 This combination make use of two tunnels, first gateway to gateway

and second for node to node.
 Combining Security Associations
 Either authentication or encryption or both can be provided by using
the gateway to gateway tunnel.

 An additional IPSec service is provided to the individual nodes by

using node-to-node tunnel.

 Fourth combination : This combination is suitable for serving remote

users

 The end users sitting anywhere in the world can use the internet to
access the organizational workstations by firewall.
 Key Management
 Key Management is related to the identification and distribution of
the secret keys.

 AH and ESP consists of both transmission and receiving pairs.

 For providing communication between two applications, we need

four keys , each for transmitting and receiving pairs for both AH and
ESP.

 IPSec architecture supports two types of key management

 Manual : System admin manually configures each system with its

own keys and keys of the other communicating system .
 It is practical for small environment.
 Key Management
 Advantage : temporary implementation is easier

 Disadvantage : Not scalable , do not support anti-replay feature in

both AH and ESP.

 Automated : This system enables on demand creation of keys for

SA’s and facilitates use of keys in large distributed system with an
evolving configuration.

 Advantage : Scalable to large networks and across administrative

boundaries

 Disadvantage : This system requires PKI for complete authentication.

 Key Management
 Internet Key Exchange (IKE): It is a tool which automates the key
management for IP security architecture.

 IKE is a protocol designed to create both inbound and outbound SA.

 IKE protocol helps to negotiate the settings between two hosts that
implement IPSec.
 Key Management
 IKE components :
 Internet key exchange is based on three protocol shown:
 Oakley :
 It is based upon Diffie Hellman algorithm and uses mechanism called
cookies.

 It specifies global parameters of the Diffie Hellman and provides

extra security.

 Feature of Oakley :
 Five important features of Oakley algorithm :
 1. It employs a mechanism known as “cookies” to oppose clogging
attacks.
 Key Management
 In clogging attack, an opponent forges the source address of the
authenticated user and sends the public Diffie Hellman key to the
victim.

 2. It enables two parties to negotiate a group .

 It supports the use of different groups for Diffie Hellman key

exchange.

 3. It uses nonce to ensure against replay attacks.

 4. It enables the exchange of Diffie Hellman public key values.

 5. It authenticates Diffie Hellman key exchange to oppose man in

middle attacks.
 Key Management
 ISAKMP (Internet Security Association and Key
management protocol) :
 The SA’s can be initiated ,edited , negotiated or eliminated by
implementing the procedures and formats of ISAKMP.

 Every ISAKMP message must follow UDP transport layer protocol for
its implementation and consist of the following two sections :

 ISAKMP Header

 ISAKMP Payload
 Key Management
 ISAKMP Header format :
 The fields of ISAKMP message are as :

 Cookie (Initiator) : It is a 64-bit cookie which is responsible for

establishments, notification or deletion of SA’s.

 Cookie (Responder): It is of 64 bits in size and is responsible for

replying to Sa establishments , SA notification or SA deletion.

 Next Payload : This field is an 8-bit field which defines first payload
type in ISAKMP message

 Major Version and Minor version : 4 bits in size and are used to
define major and minor versions of ISAKMP respectively.
ISAKMP header format
 Key Management
 Exchange type : It is an 8-bit field and is used to define the type of
exchange implemented.

 Flags : Every ISAKMP message exchange needs to set certain options

prior to its transmission , which can be done by using flag bits.

 Message ID : Every ISAKMP message is assigned a unique message ID

which differentiates it from other messages.

 Length (32 bits) : This field defines total length of ISAKMP message
which includes ISAKMP header and ISAKMP payload.
 Key Management
 ISAKMP Payload types :
 All ISAKMP payloads begin with generic payload header.

 The generic payload header fields are as follows :

 Next Payload (1 byte) : Identifies the payload type of next payload in
message.

 Reserved (1 byte): Unused , set to 0.

 Payload Length (2 bytes): Length of the current payload , including

generic payload
 There are different ISAKMP payload types :
 Key Management
 SA Payload : The SA Payload is used to negotiate security attributes
and to indicate Domain of Interpretation and situation under which
negotiation takes place

 Proposal Payload : It contains information used during SA

negotiation.

 Proposal consist of security mechanisms used to secure

communication channel.

 Transform Payload : This payload consist of security mechanism or

transforms to be used to secure communication channel.

 It also contains SA attributes associated with specific transform.

 Key Management
 Key Exchange Payload : This payload supports a variety of key
exchange technique.

 Example are Oakley , Diffie Hellman ,Enhanced Diffie Hellman Key

exchange

 Identification Payload : This payload contains DOI specific data used

to exchange identification information.

 This information is used fro determining identities of communicating

peers.

 Certificate Payload : This payload provides a means to transport

certificates or other certificate –relates information by ISAKMP and
appears in ISAKMP message
 Key Management
 Key Exchange Payload : This payload supports a variety of key

 Certificate Request Payload : This payload provides means to

request certificates by ISAKMP and appears in any message.

 Hash Payload : This payload contains data generated by the hash

function(selected during SA establishment exchange)

 This payload may be used to verify the integrity of the data in an

ISAKMP message.
 Key Management
 Signature Payload : It contains data generated by digital signature
function (selected during SA establishment exchange)

 It is used for non repudiation services.

 Nonce Payload : This Payload contains data used to guarantee

liveness during an exchange and protect against replay attacks.

 Notification Payload : This Payload can obtain both ISAKMP and DOI
specific data and is used to transmit informational data such as error
conditions .

 Delete Payload : This Payload contains a protocol –specific SA

identifier that sender has removed from its SA database and no
longer valid.
 Key Management
 ISAKMP Exchanges :
 An ISAKMP exchange type is defined by the ordering of ISAKMP
message and of payloads within these messages.

 ISAKMP defines 5 default exchange types :

 Base Exchange : Allows transmission of key exchange and

authentication data together.

 Both are combined in one message reduces number of round trips.

 Disadvantage is that identities are not protected

 Identity Protection Exchange : identity information is protected by

common shared which is established before.
 Authentication Only Exchange : This exchange type transmits only
authentication data. Advantage is that no keys has to be
computed save time.

 Aggressive Exchange : It allows SA , Key exchange and

authentication within only three messages.

 Informational Exchange : It contains only one message which is

used for management purposes.

 The initiator and responder can send a notification or delete

payload which is used for maintaining state of communication.