Network Security - Module 4

8/3/2019 Network Security - Module 4

1/30

Not to be published to external person other than students of Rajagiri school of

engineering and technology

Module 4

Kerberos

Kerberos is the name of a computer networkauthenticationprotocol, which allows individuals

communicating over a non-secure network to prove their identity to one another in a securemanner. It is also a suite of free software published by Massachusetts Institute of Technology(MIT) that implements this protocol. Its designers aimed primarily at a client-servermodel, andit provides mutual authentication both the user and the server verify each other's identity.Kerberos protocol messages are protected against eavesdropping and replay attacks.

Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions toKerberos can provide for the use of public-key cryptography during certain phases ofauthentication.

Protocol:

The security of the protocol relies heavily on participants maintaining loosely synchronized timeand on short lived assertions of authenticity called Kerberos tickets. What follows is a simplifieddescription of the protocol. The following abbreviations will be used:

AS = Authentication Server TGS = Ticket Granting Server SS = Service Server TGT = Ticket Granting Ticket

Briefly, the client authenticates to AS using a long-termshared secretand receives a ticket from

the AS. Later the client can use this ticket to get additional tickets for SS without resorting tousing the shared secret. These tickets can be used to prove authentication to SS.

In more detail:

User Client-based Logon Steps:

1. A user enters a username and password on the client machine.2. The client performs a one-way function (Hash mostly) on the entered password, and this

becomes the secret key of the client.

Client Authentication Steps:

1. The client sends a cleartextmessage to the AS requesting services on behalf of the user.Sample message: "User XYZ would like to request services". Note: Neither the secretkey nor the password is sent to the AS.

2. The AS checks to see if the client is in its database. If it is, the AS sends back thefollowing two messages to the client:

Prepared by Abinas Akbar, visit http://www.abiabinas.co.nr (for more coursematerials and updates)

Reference: internet web sites
http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Free_softwarehttp://en.wikipedia.org/wiki/Massachusetts_Institute_of_Technologyhttp://en.wikipedia.org/wiki/Client-serverhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Symmetric_key_cryptographyhttp://en.wikipedia.org/wiki/Trusted_third_partyhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Shared_secrethttp://en.wikipedia.org/wiki/Shared_secrethttp://en.wikipedia.org/wiki/Shared_secrethttp://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/Cleartexthttp://en.wikipedia.org/wiki/Cleartexthttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Free_softwarehttp://en.wikipedia.org/wiki/Massachusetts_Institute_of_Technologyhttp://en.wikipedia.org/wiki/Client-serverhttp://en.wikipedia.org/wiki/Eavesdroppinghttp://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Symmetric_key_cryptographyhttp://en.wikipedia.org/wiki/Trusted_third_partyhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Shared_secrethttp://en.wikipedia.org/wiki/Client_(computing)http://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/Cleartexthttp://www.abiabinas.co.nr/


2/30



o Message A: Client/TGS Session Key encrypted using the secret key of the user.

o Message B: Ticket-Granting Ticket (which includes the client ID, client network

address, ticket validity period, and the client/TGS session key) encrypted usingthe secret key of the TGS.

3. Once the client receives messages A and B, it decrypts message A to obtain the

Client/TGS Session Key. This session key is used for further communications with TGS.(Note: The client cannot decrypt Message B, as it is encrypted using TGS's secret key.)At this point, the client has enough information to authenticate itself to the TGS.

Client Service Authorization Steps:

1. When requesting services, the client sends the following two messages to the TGS:o Message C: Composed of the Ticket-Granting Ticket from message B and the ID

of the requested service.o Message D: Authenticator (which is composed of the client ID and the

timestamp), encrypted using the Client/TGS Session Key.

2. Upon receiving messages C and D, the TGS retrieves message B out of message C. Itdecrypts message B using the TGS secret key. This gives it the "client/TGS session key".Using this key, the TGS decrypts message D (Authenticator) and sends the following twomessages to the client:

o Message E: Client-to-server ticket (which includes the client ID, client network

address, validity period and Client/Server Session Key) encrypted using theservice's secret key.

o Message F: Client/server session key encrypted with the Client/TGS Session Key.

Client Service Request Steps:

1. Upon receiving messages E and F from TGS, the client has enough information toauthenticate itself to the SS. The client connects to the SS and sends the following twomessages:

o Message E from the previous step (the client-to-server ticket, encrypted using

service's secret key).o Message G: a new Authenticator, which includes the client ID, timestamp and is

encrypted using client/server session key.2. The SS decrypts the ticket using its own secret key to retrieve the Client/Server Session

Key. Using the sessions key, SS decrypts the Authenticator and sends the followingmessage to the client to confirm its true identity and willingness to serve the client:

o Message H: the timestamp found in client's Authenticator plus 1, encrypted using

the Client/Server Session Key.3. The client decrypts the confirmation using the Client/Server Session Key and checks

whether the timestamp is correctly updated. If so, then the client can trust the server andcan start issuing service requests to the server.

4. The server provides the requested services to the client.

Drawbacks:


http://www.abiabinas.co.nr/http://www.abiabinas.co.nr/


3/30



Single point of failure: It requires continuous availability of a central server. When theKerberos server is down, no one can log in. This can be mitigated by using multipleKerberos servers.

Kerberos requires the clocks of the involved hosts to be synchronized. The tickets havetime availability period and, if the host clock is not synchronized with the clock of

Kerberos server, the authentication will fail. The default configuration requires that clocktimes are no more than 10 minutes apart. In practice, Network Time Protocol daemonsare usually used to keep the host clocks synchronized.

The administration protocol is not standardized, and differs between serverimplementations. Password changes are described inRFC 3244.

Since the secret keys for all users are stored on the central server, a compromise of thatserver will compromise all users' secret keys.

X509

In cryptography, X.509 is an ITU-T standard for apublic key infrastructure (PKI) and Privilege

Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats forpublic key certificates, certificate revocation lists, attribute certificates, and a certification path

validation algorithm. In the X.509 system, a CA issues a certificate binding a public key to a

particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as ane-

mail addressor a DNS-entry.

An organization's trusted root certificates can be distributed to all employees so that they can usethe company PKI system. Browsers such asInternet Explorer,Netscape/Mozilla,Opera andSafari come with root certificates pre-installed, soSSLcertificates from larger vendors who havepaid for the privilege of being pre-installed will work instantly; in effect the browsers' ownersdetermine which CAs are trusted third parties for the browsers' users. Although these root

certificates can be removed or disabled, users rarely do so. If pre-installed root certificates areremoved on the Microsoft-platform, the operating-system re-installs them as soon as a web-siteusing the certificate is visited[citation needed]. As this mechanism relies on hash-values, pre-installedwith the operating system, it is not even possible to determine which certificates are permanentlytrusted.

X.509 also includes standards forcertificate revocation list (CRL) implementations, an oftenneglected aspect of PKI systems. The IETF-approved way of checking a certificate's validity isthe Online Certificate Status Protocol (OCSP). Popular browsers like Internet Explorer andFirefox don't check for certificate revocation by default. The time lag for performing thechecking could be one of the reasons.

Structure of a certificate

The structure of a X.509 v3 digital certificateis as follows:

Certificateo Version


http://en.wikipedia.org/wiki/Network_Time_Protocolhttp://en.wikipedia.org/wiki/Network_Time_Protocolhttp://www.ietf.org/rfc/rfc3244.txthttp://www.ietf.org/rfc/rfc3244.txthttp://www.ietf.org/rfc/rfc3244.txthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/ITU-Thttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Privilege_Management_Infrastructurehttp://en.wikipedia.org/wiki/Privilege_Management_Infrastructurehttp://en.wikipedia.org/wiki/Public_key_certificatehttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/Attribute_certificatehttp://en.wikipedia.org/wiki/Certification_path_validation_algorithmhttp://en.wikipedia.org/wiki/Certification_path_validation_algorithmhttp://en.wikipedia.org/wiki/X.500http://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/Domain_Name_Systemhttp://en.wikipedia.org/wiki/Root_certificatehttp://en.wikipedia.org/wiki/Internet_Explorerhttp://en.wikipedia.org/wiki/Internet_Explorerhttp://en.wikipedia.org/wiki/Netscapehttp://en.wikipedia.org/wiki/Mozillahttp://en.wikipedia.org/wiki/Opera_(web_browser)http://en.wikipedia.org/wiki/Opera_(web_browser)http://en.wikipedia.org/wiki/Safari_(web_browser)http://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Online_Certificate_Status_Protocolhttp://en.wikipedia.org/wiki/Digital_certificatehttp://en.wikipedia.org/wiki/Digital_certificatehttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Network_Time_Protocolhttp://www.ietf.org/rfc/rfc3244.txthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/ITU-Thttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Privilege_Management_Infrastructurehttp://en.wikipedia.org/wiki/Privilege_Management_Infrastructurehttp://en.wikipedia.org/wiki/Public_key_certificatehttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/Attribute_certificatehttp://en.wikipedia.org/wiki/Certification_path_validation_algorithmhttp://en.wikipedia.org/wiki/Certification_path_validation_algorithmhttp://en.wikipedia.org/wiki/X.500http://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/E-mail_addresshttp://en.wikipedia.org/wiki/Domain_Name_Systemhttp://en.wikipedia.org/wiki/Root_certificatehttp://en.wikipedia.org/wiki/Internet_Explorerhttp://en.wikipedia.org/wiki/Netscapehttp://en.wikipedia.org/wiki/Mozillahttp://en.wikipedia.org/wiki/Opera_(web_browser)http://en.wikipedia.org/wiki/Safari_(web_browser)http://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Online_Certificate_Status_Protocolhttp://en.wikipedia.org/wiki/Digital_certificatehttp://www.abiabinas.co.nr/


4/30



o Serial Number

o Algorithm ID

o Issuer

o Validity

Not Before

Not Aftero Subject

o Subject Public Key Info

Public Key Algorithm Subject Public Key

o Issuer Unique Identifier (Optional)

o Subject Unique Identifier (Optional)

o Extensions (Optional)

... Certificate Signature Algorithm Certificate Signature

Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3.

Usage:

X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard.

It assumes a strict hierarchical system ofcertificate authorities (CAs) for issuing the certificates.

This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may

sign, and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the

flexibility to support other topologies likebridges and meshes. It can be used in a peer-to-peer,

OpenPGP-like web of trust, but was rarely used that way as of 2004. The X.500 system has

never been fully implemented, and the IETF's Public-Key Infrastructure (X.509), or PKIX,

working group has adapted the standard to the more flexible organization of the Internet. In fact,

the term X.509 certificate usually refers to the IETF's PKIX Certificate and CRL Profile of the

X.509 v3 certificate standard, as specified in RFC 3280

IP security Architecture:

IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by

authenticating and/orencrypting each IP packet in a data stream. IPsec also includes protocols

for cryptographic key establishment.

IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security

protocols in widespread use, such as SSL, TLS and SSH, operate from the transport layer up

(OSI layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting layer 4

protocols, including both TCP and UDP, the most commonly used transport layer protocols.

IPsec has an advantage over SSL and other methods that operate at higher layers: an application


http://en.wikipedia.org/wiki/1988http://en.wikipedia.org/wiki/X.500http://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Pretty_Good_Privacyhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Mesh_networkhttp://en.wikipedia.org/wiki/OpenPGPhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/2004http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://tools.ietf.org/html/rfc3280http://en.wikipedia.org/wiki/Protocol_suitehttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Data_streamhttp://en.wikipedia.org/wiki/IKEhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/1988http://en.wikipedia.org/wiki/X.500http://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Pretty_Good_Privacyhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Mesh_networkhttp://en.wikipedia.org/wiki/OpenPGPhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/2004http://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://tools.ietf.org/html/rfc3280http://en.wikipedia.org/wiki/Protocol_suitehttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Packet_(information_technology)#Example:_IP_packetshttp://en.wikipedia.org/wiki/Data_streamhttp://en.wikipedia.org/wiki/IKEhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Secure_Sockets_Layerhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/User_Datagram_Protocolhttp://www.abiabinas.co.nr/


5/30



doesn't need to be designed to use IPsec, whereas the ability to use SSL or another higher-layer

protocol must be incorporated into the design of an application.

IPsec is implemented by a set of cryptographic protocols for (1) securing packet flows, (2)mutual authentication and (3) establishing cryptographic parameters.

The IP security architecture uses the concept of a security association as the basis for buildingsecurity functions into IP. A security association is simply the bundle of algorithms andparameters (such as keys) that is being used to encrypt and authenticate a particular flow in onedirection. Therefore, in normal bi-directional traffic, the flows are secured by a pair of securityassociations. The actual choice of encryption and authentication algorithms (from a defined list)is left to the IPsec administrator.

In order to decide what protection is to be provided for an outgoing packet, IPsec uses thesecurity parameter index (SPI), an index to the security association database (SADB), along withthe destination address in a packet header, which together uniquely identify a security association

for that packet. A similar procedure is performed for an incoming packet, where IPsec gathersdecryption and verification keys from the security association database.

For multicast, a security association is provided for the group, and is duplicated across allauthorized receivers of the group. There may be more than one security association for a group,using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed,each sender can have multiple security associations, allowing authentication, since a receiver canonly know that someone knowing the keys sent the data. Note that the relevant standard does notdescribe how the association is chosen and duplicated across the group; it is assumed that aresponsible party will have made the choice.

Since the Internet Protocol does not inherently provide any security capabilities, IPsec wasintroduced to provide security services such as the following:

1. Encrypting traffic (so it cannot be read by parties other than those for whom it isintended)

2. Integrity validation (ensuring traffic has not been modified along its path)3. Authenticating the peers (ensuring that traffic is from a trusted party)4. Anti-replay (protecting against replay of the secure session).

There are two modes of IPsec operation: transport mode and tunnel mode.

Transport mode

In transport mode, only the payload (the data you transfer) of the IP packet is encrypted and/orauthenticated. The routing is intact, since the IP header is neither modified nor encrypted;however, when the authentication header is used, the IP addresses cannot be translated, as thiswill invalidate the hash value. The transport and application layers are always secured by hash,


http://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Internet_key_exchangehttp://en.wikipedia.org/wiki/Internet_key_exchangehttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Encryptedhttp://en.wikipedia.org/wiki/IPsec#Authentication_header_.28AH.29http://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Hash_valuehttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Application_layerhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Cryptographic_protocolhttp://en.wikipedia.org/wiki/Internet_key_exchangehttp://en.wikipedia.org/wiki/Internet_key_exchangehttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Encryptedhttp://en.wikipedia.org/wiki/IPsec#Authentication_header_.28AH.29http://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Hash_valuehttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Application_layerhttp://www.abiabinas.co.nr/


6/30



so they cannot be modified in any way (for example by translating the port numbers). Transportmode is used for host-to-host communications.

A means to encapsulate IPsec messages forNAT traversal has been defined by RFC documentsdescribing theNAT-T mechanism.

Tunnel mode

In tunnel mode, the entire IP packet (data plus the message headers) is encrypted and/orauthenticated. It must then be encapsulated into a new IP packet for routing to work. Tunnelmode is used for network-to-network communications (secure tunnels between routers, e.g. forVPNs) or host-to-network and host-to-host communications over the Internet.

Two protocols have been developed to provide packet-level security for both IPv4 and IPv6:

The IP Authentication Header provides integrity and authentication and non-repudiation,

if the appropriate choice of cryptographic algorithms is made. The IP Encapsulating Security Payload provides confidentiality, along with optional (but

strongly recommended) authentication and integrity protection.

Cryptographic algorithms defined for use with IPsec include HMAC-SHA1 for integrityprotection, and TripleDES-CBC and AES-CBC for confidentiality. Refer to RFC 4305 fordetails.

Authentication header (AH)

The AH is intended to guarantee connectionless integrity and data origin authentication of IP

datagrams. Further, it can optionally protect against replay attacks by using the sliding windowtechnique and discarding old packets. AH protects the IP payload and all header fields of an IPdatagram except for mutable fields, i.e. those that might be altered in transit. In IPv4, mutable(and therefore unauthenticated) IP header fields include TOS, Flags, FragmentOffset, TTL andHeaderChecksum. AH operates directly on top of IP, using IP protocol number 51. An AHpacket diagram:

0 - 7 bit 8 - 15 bit 16 - 23 bit 24 - 31 bit

Next header Payload length RESERVED

Security parameters index (SPI)

Sequence number

Authentication data (variable)


http://en.wikipedia.org/wiki/Port_address_translationhttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/NAT_traversalhttp://en.wikipedia.org/wiki/Request_for_Commentshttp://en.wikipedia.org/wiki/NAT-Thttp://en.wikipedia.org/wiki/Virtual_Private_Networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/HMAChttp://en.wikipedia.org/wiki/HMAChttp://en.wikipedia.org/wiki/SHA1http://en.wikipedia.org/wiki/TripleDEShttp://en.wikipedia.org/wiki/Cipher_block_chaininghttp://en.wikipedia.org/wiki/Cipher_block_chaininghttp://en.wikipedia.org/wiki/Advanced_Encryption_Standardhttp://tools.ietf.org/html/rfc4305http://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Sliding_windowhttp://en.wikipedia.org/wiki/Type_of_Servicehttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/Offsethttp://en.wikipedia.org/wiki/TTLhttp://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Checksumhttp://en.wikipedia.org/wiki/Checksumhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Port_address_translationhttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/NAT_traversalhttp://en.wikipedia.org/wiki/Request_for_Commentshttp://en.wikipedia.org/wiki/NAT-Thttp://en.wikipedia.org/wiki/Virtual_Private_Networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/HMAChttp://en.wikipedia.org/wiki/SHA1http://en.wikipedia.org/wiki/TripleDEShttp://en.wikipedia.org/wiki/Cipher_block_chaininghttp://en.wikipedia.org/wiki/Advanced_Encryption_Standardhttp://tools.ietf.org/html/rfc4305http://en.wikipedia.org/wiki/Replay_attackhttp://en.wikipedia.org/wiki/Sliding_windowhttp://en.wikipedia.org/wiki/Type_of_Servicehttp://en.wikipedia.org/wiki/IP_fragmentationhttp://en.wikipedia.org/wiki/Offsethttp://en.wikipedia.org/wiki/TTLhttp://en.wikipedia.org/wiki/Checksumhttp://www.abiabinas.co.nr/


7/30



Field meanings:

Next headero Identifies the protocol of the transferred data.

Payload length

o Size of AH packet. RESERVED

o Reserved for future use (all zero until then).

Security parameters index (SPI)o Identifies the security parameters, which, in combination with the IP address, then

identify the security associationimplemented with this packet.

Sequence numbero A monotonically increasing number, used to prevent replay attacks.

Authentication datao Contains the integrity check value (ICV) necessary to authenticate the packet; it

may contain padding.

Encapsulating Security Payload (ESP)

The ESP protocol provides origin authenticity, integrity, and confidentiality protection of apacket. ESP also supports encryption-only and authentication-only configurations, but usingencryption without authentication is strongly discouraged because it is insecure.[2][3][4]. UnlikeAH, the IP packet header is not protected by ESP. (Although in tunnel mode ESP, protection isafforded to the whole inner IP packet, including the inner header; the outer header remainsunprotected.) ESP operates directly on top of IP, using IP protocol number 50.

An ESP packet diagram:

0 - 7 bit 8 - 15 bit 16 - 23 bit 24 - 31 bit

Security parameters index (SPI)

Sequence number


http://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Monotonichttp://en.wikipedia.org/wiki/IPsec#cite_note-1http://en.wikipedia.org/wiki/IPsec#cite_note-2http://en.wikipedia.org/wiki/IPsec#cite_note-3http://en.wikipedia.org/wiki/IPsec#cite_note-3http://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Security_associationhttp://en.wikipedia.org/wiki/Monotonichttp://en.wikipedia.org/wiki/IPsec#cite_note-1http://en.wikipedia.org/wiki/IPsec#cite_note-2http://en.wikipedia.org/wiki/IPsec#cite_note-3http://www.abiabinas.co.nr/


8/30



Payload data (variable)

Payload data (variable) Padding (0-255 bytes)

Padding (0-255 bytes) Pad Length Next Header

Authentication Data (variable)

Field meanings:

Security parameters index (SPI)o Identifies the security parameters in combination with IP address.

Sequence numbero A monotonically increasing number, used to prevent replay attacks.

Payload datao The data to be transferred.

Padding

o Used with some block ciphers to pad the data to the full length of a block. Pad length

o Size of padding in bytes.

Next headero Identifies the protocol of the transferred data.

Authentication datao Contains the data used to authenticate the packet.

Secure Socket Layer




9/30



A simple connection example follows:

A Client sends a ClientHello message specifying the highest TLS protocol version itsupports, a random number, a list of suggested cipher suites and compression methods.

The Server responds with a ServerHello, containing the chosen protocol version, arandom number, cipher suite, and compression method from the choices offered by theclient.

The Server sends its Certificate (depending on the selected cipher suite, this may beomitted by the Server).

These certificates are currently X.509, but there is also a draft specifying the use ofOpenPGP based certificates.

The server may request a certificate from the client, so that the connection can bemutually authenticated, using a CertificateRequest.


http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/OpenPGPhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/OpenPGPhttp://www.abiabinas.co.nr/


10/30



The Server sends a ServerHelloDone message, indicating it is done with handshakenegotiation.

The Client responds with a ClientKeyExchange message, which may contain aPreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.)

The Client and Server then use the random numbers and PreMasterSecret to compute acommon secret, called the "master secret". All other key data is derived from this mastersecret (and the client- and server-generated random values), which is passed through acarefully designed "pseudorandom function".

The Client now sends a ChangeCipherSpec message, essentially telling the Server,"Everything I tell you from now on will be encrypted." Note that the ChangeCipherSpecis itself a record-level protocol, and has type 20, and not 22.

Finally, the Client sends an encrypted Finished message, containing a hash and MAC

over the previous handshake messages.

The Server will attempt to decrypt the Client's Finished message, and verify the hash andMAC. If the decryption or verification fails, the handshake is considered to have failedand the connection should be torn down.

Finally, the Server sends a ChangeCipherSpec and its encrypted Finished message, andthe Client performs the same decryption and verification.

At this point, the "handshake" is complete and the Application protocol is enabled, withcontent type of 23. Application messages exchanged between Client and Server will be

encrypted.

Pretty Good Privacy

Pretty Good Privacy (PGP) is a computer program that provides cryptographicprivacy and

authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the

security of e-mail communications. PGP encryption usespublic-key cryptography and includes a

system which binds the public keys to a user name. The first version of this system was generally

known as a web of trust to contrast with the X.509 system which uses a hierarchical approach

based on certificate authority and which was added to PGP implementations later. Current

versions of PGP encryption include both alternatives through an automated key management

server.

Digital signatures

A similar strategy is used to detect whether a message has been altered since it was completed(the message integrity property), and whether it was actually sent by the person/entity claimed to


http://en.wikipedia.org/wiki/Pseudorandomnesshttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Cryptographichttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Certificate_authorityhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Pseudorandomnesshttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Cryptographichttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Certificate_authorityhttp://www.abiabinas.co.nr/


11/30



be the sender (a digital signature). In PGP, it is used by default in conjunction with encryption,but can be applied toplaintext as well. The sender uses PGP to create a digital signature for themessage with either the RSA orDSA signature algorithms. To do so, PGP computes a hash (alsocalled a message digest) from the plaintext, and then creates the digital signature from that hashusing the sender's private keys.

The message recipient uses the sender's public key and the digital signature to recover theoriginal message digest. He compares this message digest with the message digest he computedher/himself from the (recovered) plaintext. If the signature matches the received plaintext'smessage digest, it must be presumed (to a very high degree of confidence) that the messagereceived has not been tampered with, either deliberately or accidentally. As well, since it wasproperly signed, it is very likely (to a very high degree of confidence) that the claimed senderactually did send it.

Web of trust

Both when encrypting messages and when verifying signatures, it is critical that the public keyone uses to send messages to someone or some entity actually does 'belong' to the intendedrecipient. Simply downloading a public key from somewhere is not overwhelming assurance ofthat association; deliberate (or accidental) spoofing is possible. PGP has, from its first versions,always included provisions for distributing a user's public keys in an 'identity certificate' which isso constructed cryptographically that any tampering (or accidental garble) is readily detectable.But merely making a certificate effectively which is impossible to modify without being detectedis also insufficient. It can prevent corruption only after the certificate has been created, notbefore. Users must also ensure by some means that the public key in a certificate actually doesbelong to the person/entity claiming it. From its first release, PGP products have included aninternal certificate 'vetting scheme' to assist with this; a trust model which has been called a web

of trust. A given public key (or more specifically, information binding a user name to a key) maybe digitally signed by a third party user to attest to the association between someone (actually auser name) and the key. There are several levels of confidence which can be included in suchsignatures. Although many programs read and write this information, few (if any) include thislevel of certification when calculating whether to trust a key.

The web of trust protocol was first described by Zimmermann in 1992 in the manual for PGPversion 2.0:

As time goes on, you will accumulate keys from other people that you may want to designate astrusted introducers. Everyone else will each choose their own trusted introducers. And everyonewill gradually accumulate and distribute with their key a collection of certifying signatures fromother people, with the expectation that anyone receiving it will trust at least one or two of thesignatures. This will cause the emergence of a decentralized fault-tolerant web of confidence forall public keys.

The web of trust mechanism has advantages over a centrally managed PKI scheme such as thatused by S/MIME, but has not been universally used. Users have been willing to accept


http://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/Message_digesthttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Internet_protocol_spoofinghttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/PKIhttp://en.wikipedia.org/wiki/S/MIMEhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/Message_digesthttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Internet_protocol_spoofinghttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/PKIhttp://en.wikipedia.org/wiki/S/MIMEhttp://www.abiabinas.co.nr/


12/30



certificates and check their validity manually, or to simply accept them. The underlying problemhas found no satisfactory solution.

Certificates

In the (more recent) OpenPGP specification, trust signatures can be used to support creation ofcertificate authorities. A trust signature indicates both that the key belongs to its claimed ownerand that the owner of the key is trustworthy to sign other keys at one level below their own. Alevel 0 signature is comparable to a web of trust signature, since only the validity of the key iscertified. A level 1 signature is similar to the trust one has in a certificate authority because a keysigned to level 1 is able to issue an unlimited number of level 0 signatures. A level 2 signature ishighly analogous to the trust assumption users must rely on whenever they use the defaultcertificate authority list (like those included in web browsers); it allows the owner of the key tomake other keys certificate authorities.

PGP versions have always included a way to cancel ('revoke') identity certificates. A lost or

compromised private key will require this if communication security is to be retained by thatuser. This is, more or less, equivalent to the certificate revocation lists of centralized PKIschemes. Recent PGP versions have also supported certificate expiration dates.

The problem of correctly identifying a public key as belonging to a particular user is not uniqueto PGP. All public key / private key cryptosystems have the same problem, if in slightly differentguise, and no fully satisfactory solution is known. PGP's original scheme, at least, leaves thedecision whether or not to use its endorsement/vetting system to the user, while most other PKIschemes do not, requiring instead that every certificate attested to by a central certificateauthority be accepted as correct.

Security quality

To the best of publicly available information, there is no known method which will allow aperson or group to break PGP encryption by cryptographic, or computational means. Earlyversions of PGP have been found to have theoretical vulnerabilities and so current versions arerecommended. Indeed, in 1996, cryptographerBruce Schneiercharacterized an early version asbeing "the closest you're likely to get to military-grade encryption."[1] In contrast to securitysystems/protocols like SSL which only protect data in transit over a network, PGP encryptioncan also be used to protect data in long-term data storage such as disk files.

The cryptographic security of PGP encryption depends on the assumption that the algorithms

used are unbreakable by direct cryptanalysis with current equipment and techniques. Forinstance, in the original version, the RSA algorithm was used to encrypt session keys; RSA'ssecurity depends upon the one-way function nature of mathematical integer factoring. New, nowunknown, integer factorization techniques might, therefore, make breaking RSA easier than now,or perhaps even trivially easy. However, it is generally presumed by informed observers that thisis an intractable problem, and likely to remain so.[citation needed] Likewise, the secret key algorithmused in PGP version 2 was IDEA, which might, at some future time, be found to have a


http://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Cryptographerhttp://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-0http://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Cryptanalysishttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/Integer_factorizationhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Cryptographerhttp://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-0http://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Cryptanalysishttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/Integer_factorizationhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://www.abiabinas.co.nr/


13/30



previously unsuspected cryptanalytic flaw. Specific instances of current PGP, or IDEA,insecurities if they exist are not publicly known. As current versions of PGP have addedadditional encryption algorithms, the degree of their cryptographic vulnerability varies with thealgorithm used. In practice, each of the algorithms in current use is not publicly known to havecryptanalytic weaknesses.

Any agency wanting to read PGP messages would probably use easier means than standardcryptanalysis, e.g. rubber-hose cryptanalysis orblack-bag cryptanalysis i.e. installing some formof trojan horse or keystroke logging software/hardware on the target computer to captureencrypted keyrings and their passwords. The FBI have already used this attack against PGP[2][3] intheir investigations. However, it is important to note that any such vulnerabilities apply not justto PGP, but to all encryption software.

An incident in December 2006 (see United States v. Boucher) involving US customs agents anda seized laptop PC which allegedly contained child pornography indicates that US Governmentagencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a judge ruling

on the same case in November 2007 has stated that forcing the suspect to reveal his PGP pass- phrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not toincriminate himself.

S/MIME

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public keyencryption and signing of e-mail encapsulated in MIME. S/MIME provides the followingcryptographic security services for electronic messaging applications: authentication, messageintegrity and non-repudiation of origin (using digital signatures) and privacy and data security(using encryption). S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-

data") type for data enveloping (encrypting): the whole (prepared) MIME entity to be envelopedis encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.

S/MIME functionality is built into the vast majority of modern e-mail software and interoperatesbetween them.

Before S/MIME can be used in any of the above applications, one must obtain and install anindividual key/certificate either from one's in-house certificate authority (CA) or from a publicCA such as one of those listed below. Best practice is to use separate private keys (andassociated certificates) for Signature and for Encryption, as this permits escrow of the encryption

key without compromise to the non-repudiation property of the signature key. Encryptionrequires having the destination party's certificate on store (which is typically automatic uponreceiving a message from the party with a valid signing certificate). While it is technicallypossible to send a message encrypted (using the destination party certificate) without havingone's own certificate to digitally sign, in practice, the S/MIME clients will require you installyour own certificate before they allow encrypting to others.


http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysishttp://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Keystroke_logginghttp://en.wikipedia.org/wiki/FBIhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-1http://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-2http://en.wikipedia.org/wiki/United_States_v._Boucherhttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/Laptop_PChttp://en.wikipedia.org/wiki/Child_pornographyhttp://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitutionhttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/MIMEhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Digital_signature#Non-repudiationhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysishttp://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Keystroke_logginghttp://en.wikipedia.org/wiki/FBIhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-1http://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-2http://en.wikipedia.org/wiki/United_States_v._Boucherhttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/Laptop_PChttp://en.wikipedia.org/wiki/Child_pornographyhttp://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitutionhttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/MIMEhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Digital_signature#Non-repudiationhttp://www.abiabinas.co.nr/


14/30



A typical basic personal certificate verifies the owner's identity only in terms of binding them toan email address and does not verify the person's name or business. The latter, if needed (e.g. forsigning contracts), can be obtained through CAs that offer further verification (digital notary)services or managed PKI service. For more detail on authentication, see Digital Signature.

Depending on the policy of the CA, your certificate and all its contents may be posted publiclyfor reference and verification. This makes your name and email address available for all to seeand possibly search for. Other CAs only post serial numbers and revocation status, which doesnot include any of the personal information. The latter, at a minimum, is mandatory to uphold theintegrity of the public key infrastructure.

Secure Electronic Transaction

Secure Electronic Transaction (SET) is a standardprotocol for securing credit cardtransactionsover insecurenetworks, specifically, theInternet. SET is not itself apayment system, but rather aset of security protocols and formats that enables users to employ the existing credit card

payment infrastructure on an open network in a secure fashion.

SET was developed by VISAand MasterCard (involving other companies such as GTE, IBM,Microsoft,Netscape,RSA and VeriSign) starting in 1996.

SET is based on X.509 certificates with several extensions. SET uses a blinding algorithm that,in effect, lets merchants substitute a certificate for a user's credit-card number. This allowstraders to credit funds from clients' credit cards without the need of the credit card numbers.

SET makes use of cryptographic techniques such as digital certificates and public keycryptography to allow parties to identify themselves to each other and exchange information

securely.

SET was heavily publicized in the late 1990's as the credit card approved standard, but failed towin market share. Reasons for this include:

Network effect - need to install client software (an e wallet). Cost and complexity for merchants to offer support and comparatively low cost and

simplicity of the existing, adequate SSL based alternative. Client-side certificate distribution logistics.

SET was said to become the de facto standardof payment method on the Internet between the

merchants, the buyers, and the credit-card companies. When SET is used, the merchant itselfnever has to know the credit-card numbers being sent from the buyer, which provide a benefit fore-commerce.

Protocol:


http://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Payment_systemhttp://en.wikipedia.org/wiki/VISA_(credit_card)http://en.wikipedia.org/wiki/VISA_(credit_card)http://en.wikipedia.org/wiki/MasterCardhttp://en.wikipedia.org/wiki/GTEhttp://en.wikipedia.org/wiki/IBMhttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Netscape_Communications_Corporationhttp://en.wikipedia.org/wiki/Netscape_Communications_Corporationhttp://en.wikipedia.org/wiki/Netscape_Communications_Corporationhttp://en.wikipedia.org/wiki/RSA_Securityhttp://en.wikipedia.org/wiki/VeriSignhttp://en.wikipedia.org/wiki/1996http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Digital_certificatehttp://en.wikipedia.org/wiki/Digital_certificatehttp://en.wikipedia.org/wiki/Public_key_cryptographyhttp://en.wikipedia.org/wiki/Public_key_cryptographyhttp://en.wikipedia.org/wiki/De_facto_standardhttp://en.wikipedia.org/wiki/De_facto_standardhttp://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Communications_protocolhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Payment_systemhttp://en.wikipedia.org/wiki/VISA_(credit_card)http://en.wikipedia.org/wiki/MasterCardhttp://en.wikipedia.org/wiki/GTEhttp://en.wikipedia.org/wiki/IBMhttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Netscape_Communications_Corporationhttp://en.wikipedia.org/wiki/RSA_Securityhttp://en.wikipedia.org/wiki/VeriSignhttp://en.wikipedia.org/wiki/1996http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Digital_certificatehttp://en.wikipedia.org/wiki/Public_key_cryptographyhttp://en.wikipedia.org/wiki/Public_key_cryptographyhttp://en.wikipedia.org/wiki/De_facto_standardhttp://www.abiabinas.co.nr/


15/30



People today pay for online purchases by sending their credit card details to the merchant. Aprotocol such as SSL or TLS keeps the card details safe from eavesdroppers, but does nothing toprotect merchants from dishonest customers or vice-versa. SET addresses this situation byrequiring cardholders and merchants to register before they may engage in transactions. Acardholder registers by contacting a certificate authority, supplying security details and the

public half of his proposed signature key. Registration allows the authorities to vet an applicant,who if approved receives a certificate confirming that his signature key is valid. All orders andconfirmations bear digital signatures, which provide authentication and could potentially help toresolve disputes.

A SET purchase involves three parties: the cardholder, the merchant, and the payment gateway(essentially a bank). The cardholder shares the order information with the merchant but not withthe payment gateway. He shares the payment information with the bank but not with themerchant. A set dual signature accomplishes this partial sharing of information while allowingall parties to confirm that they are handling the same transaction. The method is simple: eachparty receives the hash of the withheld information. The cardholder signs the hashes of both the

order information and the payment information. Each party can confirm that the hashes in their possession agrees with the hash signed by the cardholder. In addition, the cardholder andmerchant compute equivalent hashes for the payment gateway to compare. He confirms theiragreement on the details withheld from him.

All parties are protected. Merchants do not normally have access to credit card numbers.Moreover, the mere possession of credit card details does not enable a criminal to make a SETpurchase; he needs the cardholders signature key and a secret number that the cardholderreceives upon registration. The criminal would have better luck with traditional frauds, such asordering by telephone. It is a pity that other features of SET (presumably demanded bymerchants) weaken these properties. A merchant can be authorized to receive credit card

numbers and has the option of accepting payments given a credit card number alone.

SET is a family of protocols. The five main ones are cardholder registration, merchantregistration, purchase request, payment authorization, and payment capture. There are manyminor protocols, for example to handle errors. SET is enormously more complicated than SSL,which merely negotiates session keys between the cardholders and merchants Internet serviceproviders. Because of this complexity, much of which is unnecessary, the protocol is hardlyused. However, SET contains many features of interest:

The model is unusual. In the registration protocols, the initiator possesses no digital proofof identity. Instead, he authenticates himself by filing a registration form whose format isnot specified. Authentication takes place outside the protocol, when the cardholdersbank examines the completed form.

The dual signature is a novel construction. The partial sharing of information amongthree peers leads to unusual protocol goals.

SET uses several types of digital envelope. A digital envelope consists of two parts: one,encrypted using a public key, contains a fresh symmetric key K and identifyinginformation; the other, encrypted using K, conveys the full message text. Digital




16/30



envelopes keep public-key encryption to a minimum, but the many symmetric keyscomplicate the reasoning. Most verified protocols distribute just one or two secrets.

Firewall

A firewall is a device or set of devices configured to permit, deny, encrypt, or proxy all computertraffic between different security domains based upon a set of rules or other criteria. A firewall is

a dedicated appliance, or software running on another computer, which inspects network traffic

passing through it, and denies or permits passage based on a set of rules. A firewall's basic task is

to regulate some of the flow of traffic between computer networks of different trust levels.

Typical examples are the Internet which is a zone with no trust and an internal networkwhich is

a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a

trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone

(DMZ).

A firewall's function within a network is similar to firewalls with fire doors in buildingconstruction. In the former case, it is used to prevent network intrusion to the private network. Inthe latter case, it is intended to contain and delay structural fire from spreading to adjacentstructures.

Without proper configuration, a firewall can often become worthless. Standard security practicesdictate a "default-deny" firewall ruleset, in which the only network connections which areallowed are the ones that have been explicitly allowed. Unfortunately, such a configurationrequires detailed understanding of the network applications and endpoints required for theorganization's day-to-day operation. Many businesses lack such understanding, and thereforeimplement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically

blocked. This configuration makes inadvertent network connections and system compromisemuch more likely.

Scenario based questionnaire

1. What is the probable reason for getting 169.254.x.x?

Steps:-

1. Check the physical connection between the M-R-PC

i.e. Ensure that the PC is connected to the LAN port and that the Modem is connected to theWAN/Internet port of the router.

2. Check the status of light on the LAN ports of the router where the PC is connected to.


http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Demilitarized_zone_(computing)http://en.wikipedia.org/wiki/Firewall_(construction)http://www.abiabinas.co.nr/http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/Demilitarized_zone_(computing)http://en.wikipedia.org/wiki/Firewall_(construction)http://www.abiabinas.co.nr/


17/30



3. Also check the Internet/WAN port light it should be lit

4. Do ipconfig/renew

5. Power cycle the network

6. Change the card speed of the NIC to 10 Mbps

7. Swap the ends of the cables

8. If possible connect different PC to the router and then check

9. Reset the router

10. Power cycle the network

11. Possibility of RMA or router gone bad

2. Bob is trying to setup his Linksys router for the first time what are the probable steps toconfigure the router.

1. Ensure that there is no USB connection between the M-PC

2. Check the physical connection between the M-R-PC

3. Check the status of light on the router

4. Do ipconfig/release and then ipconfig/renew

5. Check what is the IP, SM, Default gateway?

6. Ask him the type of ISP whether cable or DSL

If Cable ISP then follows the following steps:-

i) Do a Power cycle

ii) Check if able to go online if not able to go online then ask him Which is the PC whenconnected to the modem directly is able to go online ? then go to that PC and note down theMAC address on a piece of paper.




18/30



iii) Open the setup page of the router by typing in the DG in the address bar (by default:192.168.1.1)

iv) Check whether it is an old firmware or a new firmware

If Old firmware:-

Ask him to click on the Advanced tab-> MAC address clone-> Type the MAC address of thePC noted earlier

If New Firmware:-

Ask him to Click on the Setuptab-> under the sub tab of Mac Address Clone-> Enable-> andthen put the MAC address noted earlier

v) Power cycle the network.

If DSL ISP then follow the below steps:-

i) Do ipconfig/release and then ipconfig/renew

ii) Note the default gateway and try to open the setup page of the router by typing it in theaddress bar

iii) A small window pops up asking for username and password type admin as the passwordwith no username or else asks if the customer has changed the password

iv) Click on the Status Tab and check for the internet IP address

a) If the Internet IP address is as follows:-

Internet IP address: 192.168.1.97

Subnet Mask : 255.255.255.0

Default Gateway : 192.168.1.254

v) Click on the Setup tab and under the Local IP change the LAN IP to 10.10.10.10

vi) Power cycle the network

vii) Check if able to go online

viii) If not ask the customer to convert the modem in a bridge mode




19/30



Click on the Status Tab and check for the internet IP address

b) If the Internet IP address is as follows:-

Internet IP address: 0.0.0.0

Subnet Mask : 0.0.0.0

Default Gateway : 0.0.0.0

i) Click on the Setup tab and under the Internet Connection type select PPPoE and put in [email protected] and the password:******

ii) Click on the Status tab and hit the Connect tab under the Login type PPPoE

iii) Do a Power cycle

3. Bob is trying to setup his Linksys router for the first time and when on the setup page of therouter on the Status he gets

Security mechanism in java platform

Security has been an integral part of Java technology from day one. Security is also an evolvingdesign goal of the Java communitybuilding and running secure and robust Java-based networkapplications. The primary reason for Java's success today as a secure execution environment isthe intrinsic security of its architectural foundationthe Java Virtual Machine (JVM) and the

Java language. This foundation achieves the basic Java security goal and its definitive ways forextending security capabilities to ensure features such as confidentiality, integrity, trust, and soforth. A second reason for its success is its ability to deliver an interoperable and platform-neutral security infrastructure that can be integrated with the security of the underlying operatingsystem and services.

The Java Virtual Machine (JVM)

The JVM is an abstract computing engine that resides on a host computer. It is the executionenvironment for the Java programming language and has the primary responsibility for executingthe compiled code by interpreting it in a machine-independent and cross-platform fashion. The

JVM is often referred to as the Java runtime environment. While executing a Java programrunning on top of the JVM, the JVM insulates the application from the underlying differences ofthe operating systems, networks, and system hardware, thus ensuring cross-platformcompatibility among all of the implementations of the Java platform.

The Java language allows creation of general-purpose programs called Java classes that representa Java program or an application. The Java classes compile into a format called Java's executable




20/30



bytecodes, which are quite similar to the machine language that can run on top of a JVM. TheJVM also allows users to download and execute untrusted programs and applications fromremote resources or over a network. To support delivery of Java components over the network,the JVM controls the primary security layer by protecting users and the environment frommalicious programs. To enable security, the JVM enforces stringent measures ensuring systems

security on the host client machine and its target server environments.

Distributing the executable Java bytecode over a network or running automatically inside a Webbrowser or a client's machine leads to different security risks and attacks, such as disclosure ofthe target environment to the untrusted applications and damage or modification of the client'sprivate information and data. For example, Java applets downloaded from a network are notallowed to have access to, read from, or write to a local file system. They are also not allowed tocreate network connections to any host system except the one where they are deployed. On theother hand, stand-alone Java applications that reside and run locally as trusted applications arenot subjected to these security features. The key issue is that allowing untrusted applicationssuch as Java applets to be downloaded from a network via a Web browser and letting them

access certain resources on the host computer paves the way for security breaches and becomes apotential avenue for the spread of viruses. To prevent known security breaches and threats, theJVM provides a built-in Java security architecture model, configurable security policies, accesscontrol mechanisms, and security extensions. Because of the built-in JVM safety features, Javaprograms can run safely and are more securely protected from known vulnerabilities.

The Java Language

Java is a general-purpose object-oriented programming language similar to C++. It deliversplatform-neutral compiled code that can be executed using a JVM and is intended for use indistributed application environments, heterogeneous systems, and diverse network environments.

The Java language is also designed to provide for the security and integrity of the application andits underlying systems at all levelsfrom the Java language constructs to the JVM runtime andfrom the class library to the complete application.The several inherent features of the Javalanguage that provide for the secure Java platform are as follows:

The language defines all primitives with a specific size and all operations are defined tobe in a specific order of execution. Thus, the code executed in different JVMs will notdiffer from the specified order of execution.

The language provides access-control functionality on variables and methods in theobject by defining name space management for type and procedure names. This securesthe program by restricting access to its critical objects from untrusted code. For example,

access is restricted by qualifying the type members as public, protected, private, package,etc. The Java language does not allow defining or dereferencing pointers, which means that

programmers cannot forge a pointer to the memory or create code defining offset pointsto memory. All references to methods and instance variables in the class file are done viasymbolic names. The elimination of pointers helps to prevent malicious programs like




21/30



computer viruses and misuse of pointers such as accessing private methods directly byusing a pointer starting from the object's pointer, or running off the end of an array.

The Java object encapsulation supports "programming by contract," which allows thereuse of code that has already been tested.

The Java language is a strongly typed language. During compile time, the Java compiler

does extensive type checking for type mismatches. This mechanism guarantees that theruntime data type variables are compatible and consistent with the compile timeinformation.

The language allows declaring classes or methods as final. Any classes or methods thatare declared as final cannot be overridden. This helps to protect the code from maliciousattacks such as creating a subclass and substituting it for the original class and overridemethods.

The Java Garbage Collection mechanism contributes to secure Java programs by providing a transparent storage allocation and recovering unused memory instead ofdeallocating the memory using manual intervention. This ensures program integrityduring execution and prevents programmatic access to accidental and incorrect freeing of

memory resulting in a JVM crash.

With these features, Java fulfills the promise of providing a secure programming language thatgives the programmer the freedom to write and execute code locally or distribute it over anetwork.

Java Built-in Security Model

In the previous two sections, we briefly looked at the basic security features provided by theJVM and the Java language. As part of its security architecture, Java has a built-in policy-driven,domain-based security model. This allows implementing security policies, protecting/controlling

access to resources, rule-based class loading, signing code and assigning levels of capability, andmaintaining content privacy.

In the first release of the Sun Java Platform, the Java Development Kit 1.0.x (JDK) introducedthe notion of a sandbox-based security model. This primarily supports downloading and runningJava applets securely and avoids any potential risks to the user's resources. With the JDK 1.0sandbox security model, all Java applications (excluding Java applets) executed locally can havefull access to the resources available to the JVM. Application code downloaded from remoteresources, such as Java applets, will have access only to the restricted resources provided withinits sandbox. This sandbox security protects the Java applet user from potential risks because thedownloaded applet cannot access or alter the user's resources beyond the sandbox.

The release of JDK 1.1.x introduced the notion of signed applets, which allowed downloadingand executing applets as trusted code after verifying the applet signer's information. To facilitatesigned applets, JDK 1.1.x added support for cryptographic algorithms that provide digitalsignature capabilities. With this support, a Java applet class could be signed with digitalsignatures in the Java archive format (JAR file). The JDK runtime will use the trusted publickeys to verify the signers of the downloaded applet and then treat it as a trusted local application,




22/30



granting access to its resources. Figure 3-1 shows the representation of a sandbox in the JDK 1.1security model.

Figure 3-1 JDK 1.1 security model

Java 2 Security Model

The release of J2SE [J2SE] introduced a number of significant enhancements to JDK 1.1 andadded such features as security extensions providing cryptographic services, digital certificatemanagement, PKI management, and related tools. Some of the major changes in the Java 2security architecture are as follows:

Policy-driven restricted access control to JVM resources. Rules-based class loading and verification of byte code. System for signing code and assigning levels of capability. Policy-driven access to Java applets downloaded by a Web browser.

In the Java 2 security architecture, all coderegardless of whether it is run locally ordownloaded remotelycan be subjected to a security policy configured by a JVM user oradministrator. All code is configured to use a particular domain (equivalent to a sandbox) and asecurity policy that dictates whether the code can be run on a particular domain or not. Figure 3-2 illustrates the J2SE security architecture and its basic elements.

Figure 3-2 Java 2 Security architecture and basic elements

Let's take a more detailed look at those core elements of the Java 2 security architecture.

Protection Domains (java.security.ProtectionDomain ): In J2SE, all local Java applications rununrestricted as trusted applications by default, but they can also be configured with access-control policies similar to what is defined in applets and remote applications. This is done byconfiguring a ProtectionDomain, which allows grouping of classes and instances and thenassociating them with a set of permissions between the resources. Protection domains aregenerally categorized as two domains: "system domain" and "application domain." All protected


http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig01.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig01.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://www.abiabinas.co.nr/http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig01.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig01.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig01.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://popup%28%27/content/images/chap3_0131463071/elementLinks/03fig02.gif')http://www.abiabinas.co.nr/


23/30



external resources, such as the file systems, networks, and so forth, are accessible only viasystem domains. The resources that are part of the single execution thread are considered anapplication domain. So in reality, an application that requires access to an external resource mayhave an application domain as well as a system domain. While executing code, the Java runtimemaintains a mapping from code to protection domain and then to its permissions.

Protection domains are determined by the current security policy defined for a Java runtimeenvironment. The domains are characterized using a set of permissions associated with a codesource and location. The java.security.ProtectionDomain class encapsulates the characteristics ofa protected domain, which encloses a set of classes and its granted set of permissions when beingexecuted on behalf of a user.

Permissions ( java.security.Permission ): In essence, permissions determine whether access to aresource of the JVM is granted or denied. To be more precise, they give specified resources orclasses running in that instance of the JVM the ability to permit or deny certain runtimeoperations. An applet or an application using a security manager can obtain access to a system

resource only if it has permission. The Java Security API defines a hierarchy for Permissionclasses that can be used to configure a security policy. At the root, java.security.Permission is theabstract class, which represents access to a target resource; it can also include a set of operationsto construct access on a particular resource. The Permission class contains several subclasses thatrepresent access to different types of resources. The subclasses belong to their own packages thatrepresent the APIs for the particular resource. Some of the commonly used Permission classesare as follows:

For wildcard permissions -java.security.AllPermission

For named permissions -java.security.BasicPermission

For file system -java.io.FilePermission

For network -java.net.SocketPermissionFor properties -java.lang.PropertyPermission

For runtime resources -java.lang.RuntimePermission

For authentication -java.security.NetPermission

For graphical resources -java.awt.AWTPermission

Example 3-1 shows how to protect access to an object using permissions. The code shows thecaller application with the required permission to access an object.

Example 3-1. Using Java permissions to protect access to an object

// Create the object that requires protectionString protectedObj = "For trusted eyes only";

// create the required permission that will// protect the object.// Guard, represents an object that is used to protect// access to another object.




24/30



Guard myGuard = new PropertyPermission("java.home", "read");

// Create the guardGuardedObject gobj =

new GuardedObject(protectedObj, myGuard);

// Get the guarded objecttry {

Object o = gobj.getObject();} catch (AccessControlException e) {

// Cannot access the object}

Permissions can also be defined using security policy configuration files (java.policy). Forexample, to grant access to read a file in "c:\temp\" (on Windows), the FilePermission can be

defined in a security policy file (see Example 3-2).

Example 3-2. Setting Java permissions in policy configuration file

grant{permission java.io.FilePermission

"c:\\temp\\testFile", "read";};

Policy: The Java 2 security policy defines the protection domains for all running Java code withaccess privileges and a set of permissions such as read and write access or making a connectionto a host. The policy for a Java application is represented by a Policy object, which provides a

way to declare permissions for granting access to its required resources. In general, all JVMshave security mechanisms built in that allow you to define permissions through a Java securitypolicy file. A JVM makes use of a policy-driven access-control mechanism by dynamicallymapping a static set of permissions defined in one or more policy configuration files. Theseentries are often referred to as grant entries. A user or an administrator externally configures thepolicy file for a J2SE runtime environment using an ASCII text file or a serialized binary filerepresenting a Policy class. In a J2SE environment, the default system-wide security policy filejava.policy is located at /lib/security/ directory. The policy file location is definedin the security properties file with a java.security setting, which is located at/lib/security/java.security.

Example 3-3 is a policy configuration file that specifies the permission for a signed JAR fileloaded from "http://coresecuritypatterns.com/*" and signed by "javaguy," and then grantsread/write access to all files in /export/home/test.

Example 3-3. Setting codebase and permissions in policy configuration file

grant signedBy "javaguy",codebase "http://coresecuritypatterns.com/*" {




25/30



permission java.io.FilePermission"/export/home/test/*", "read,write";};

The J2SE environment also provides a GUI-based tool called "policytool" for editing a security

policy file, which is located at "/bin/policytool."

By default, the Java runtime uses the policy files located in:

${java.home}/jre/lib/security/java.policy${user.home}/.java.policy

These policy files are specified in the default security file:

${java.home}/jre/lib/security/java.security

The effective policy of the JVM runtime environment will be the union of all permissions in allpolicy files. To specify an additional policy file, you can set the java.security.policy systemproperty at the command line:

java -Djava.security.manager-Djava.security.policy=myURL MyClass

To ignore the policies in the java.security file and only use the custom policy, use '==' instead of'=':

java -Djava.security.manager

-Djava.security.policy==Mylocation/My.policyMyClass

SecurityManager ( java.lang.SecurityManager ): Each Java application can have its ownsecurity manager that acts as its primary security guard against malicious attacks. The securitymanager enforces the required security policy of an application by performing runtime checksand authorizing access, thereby protecting resources from malicious operations. Under the hood,it uses the Java security policy file to decide which set of permissions are granted to the classes.However, when untrusted classes and third-party applications use the JVM, the Java securitymanager applies the security policy associated with the JVM to identify malicious operations. Inmany cases, where the threat model does not include malicious code being run in the JVM, the

Java security manager is unnecessary. In cases where the SecurityManager detects a securitypolicy violation, the JVM will throw an AccessControlException or a SecurityException.

In a Java application, the security manager is set by the setSecurityManager method in classSystem. And the current security manager is obtained via the getSecurityManager method (seeExample 3-4).




26/30



Example 3-4. Using SecurityManager

SecurityManager mySecurityMgr =System.getSecurityManager();

if (mySecurityMgr != null) {mySecurityMgr.checkWrite(name);

}

The class java.lang.SecurityManager consists of a number of checkXXXX methods likecheckRead (String file) to determine access privileges to a file. The check methods call theSecurityManager.checkPermission method to find whether the calling application haspermissions to perform the requested operation, based on the security policy file. If not, it throwsa SecurityException.

If you wish to have your applications use a SecurityManager and security policy, start up theJVM with the -Djava.security.manager option and you can also specify a security policy fileusing the policies in the -Djava.security.policy option as JVM arguments. If you enable the Java

Security Manager in your application but do not specify a security policy file, then the JavaSecurity Manager uses the default security policies defined in the java.policy file in the$JAVA_HOME/jre/lib/security directory. Example 3-5 programmatically enables the securitymanager.

Example 3-5. Using SecurityManager for restricting access control

// Before the security manager is enabled,// this call is possibleSystem.setProperty("java.version","Malicious: Delete");

try {

// Enable the security managerSecurityManager sm = new Sec

Documents

Network Security - Module 4