Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
350 views8 pages

Architecture of IP Security

This document discusses various aspects of digital signatures, encryption, and security protocols. It covers: 1) Types of digital signatures like signed data, clear-signed data, and signed and enveloped data. 2) The S/MIME message format and how it represents messages using BER encoding and base64 transfer encoding. 3) IPSec security services including access control, authentication, and confidentiality. It describes security associations, transport mode, and tunnel mode. 4) The Authentication Header and Encapsulating Security Payload used in IPSec for data integrity, authentication, and confidentiality. 5) Key management approaches including manual and automated key distribution. 6) Web security

Uploaded by

Shirly N
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
350 views8 pages

Architecture of IP Security

This document discusses various aspects of digital signatures, encryption, and security protocols. It covers: 1) Types of digital signatures like signed data, clear-signed data, and signed and enveloped data. 2) The S/MIME message format and how it represents messages using BER encoding and base64 transfer encoding. 3) IPSec security services including access control, authentication, and confidentiality. It describes security associations, transport mode, and tunnel mode. 4) The Authentication Header and Encapsulating Security Payload used in IPSec for data integrity, authentication, and confidentiality. 5) Key management approaches including manual and automated key distribution. 6) Web security

Uploaded by

Shirly N
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

• Consists of encrypted content of any type and encrypted-content encryption

keys for one or more recipients.


Signed data
• A digital signature is formed by taking the message digest of the content to be
signed and then encrypting that with the private key of the signer
• The content plus signature are then encoded using base64 encoding
• A signed data message can only be viewed by a recipient with S/MIME capability
Clear-signed data
• Only the digital signature is encoded using base64
• Recipients without S/MIME capability can view the message content, although
they cannot verify the signature
Signed and enveloped data
• Signed-only and encrypted-only entities may be nested
• Encrypted data may be signed and signed data or clear-signed data may be
encrypted
S/MIME Message:
• Represented in BER(Basic Encoding Rules)
– ITU-T Recommendation X.209
– Arbitrary octet string
– Transfer encoded with base64 in the outer MIME message

IP SECURITY:
• The Architecture deals with the general concepts, definitions, mechanism etc.,
• IPSec Services
– Access control
– Data origin authentication
– Confidentiality( encryption) etc.,
SA( Security Associations)
– Key concept for IPSec
– One-way relationship between a sender and a receiver
– Identified by three Parameters
• Security parameters Index(SPI)
• IP Destination Address
• Security Protocol Identifier
Transport Mode
– Protection extents to the payload to an IP packet
– It is used for end-to-end communication
Tunnel Mode
– Provides protection to the entire IP packet
– A new outer IP header

Authentication Header (AH):


• Provides support for data integrity and authentication of IP packets

• Next Header(8bits)
– Identifies the type of header immediately following this header
• Payload Length(8bits)
– Length of AH in 32-bit words minus 2
• Reserved(16bits)
• Security Parameters Index(32bits)
– Identifies a security association
• Sequence Number(32bits)
– A monotonically increasing counter value
• Authentication Data(variable)
– Contains ICV( Integrity Check value) or MAC
Transport mode and Tunnel mode:
Encapsulating Security Payload (ESP):
 Provides confidentiality services
• Security Parameters Index(32bits)
– Identifies a security association
• Sequence Number(32bits)
– A monotonically increasing counter value
• Payload Data(variable)
– Transport-level segment or IP packet
• Padding(0-255bytes)
• Pad Length(8bits)
– the number of pad bytes immediately preceding
• Next Header(8bits)
– Identifies the type of data contained in the payload data field by identifying the
first header in that payload
• Authentication Data(variable)
– Contains ICV computed over the ESP packet
Encryption and Authentication Algorithm:
• Encryption
– Three-key triple DES
– RC5
– IDEA
– Three-key triple IDEA
– CAST
– Blowfish
• Authentication
– HMAC-MD5-96
– HMAC-SHA-1-96
Transport mode versus Tunnel mode:
Key Management:
• Determination and distribution of secret keys
– Manual
• Practical for small, relatively static environments
– Automated
• On-demand creation of keys in large distributed system
• ISAKMP(Internet Security Association and Key Management Protocol)

WEB SECURITY
Virtually all businesses, most governments agencies, and many individuals now have
Web sites, the number of sites expanding rapidly. As a result, businesses are setting up facilities
on the web for electronic commerce. This explosive growth of the Internet and the World Wide
Web has brought with it a need to securely protect sensitive communications sent over this open
network.
SSL / TLS
SSL (Secure Socket Layer):
• SSL provides security services between TCP and application that use TCP.
• The internet standard version is called transport layer service(TLS).
SSL Architecture:
• It is a layer of protocol use TCP to provide reliable end to end secure service.
3 layers of SSL
• Handshake protocol
• Change cipher spec protocol
• Alert protocol
SSL architecture:
Two important SSL concepts
• SSL connection
– a peer-to-peer, communications link
– associated with a session

You might also like