Upload
vijay-mohire
View
78
Download
2
Tags:
Embed Size (px)
Citation preview
E-Commerce, M-Commerce &
Network Security
(Assignment –I)
Submitted in partial fulfilment of the requirements for the degree of
Master of Technology in Information Technology
by
Vijayananda D Mohire
(Enrolment No.921DMTE0113)
Information Technology Department
Karnataka State Open University
Manasagangotri, Mysore – 570006
Karnataka, India
(2010)
MT23C-I
2
E-Commerce, M-Commerce & Network Security
MT23C-I
3
CERTIFICATE
This is to certify that the Assignment-I entitled E-Commerce, M-Commerce &
Network Security, subject code: MT23C submitted by Vijayananda D Mohire having
Roll Number 921DMTE0113 for the partial fulfilment of the requirements of Master
of Technology in Information Technology degree of Karnataka State Open
University, Mysore, embodies the bonafide work done by him under my
supervision.
Place: ________________ Signature of the Internal Supervisor
Name
Date: ________________ Designation
MT23C-I
4
For Evaluation
Question
Number
Maximum Marks Marks awarded Comments, if any
1 1
2 1
3 1
4 1
5 1
6 1
7 1
8 1
9 1
10 1
TOTAL 10
Evaluator’s Name and Signature Date
MT23C-I
5
Preface
This document has been prepared specially for the assignments of M.Tech – IT II
Semester. This is mainly intended for evaluation of assignment of the academic
M.Tech - IT, II semester. I have made a sincere attempt to gather and study the
best answers to the assignment questions and have attempted the responses to
the questions. I am confident that the evaluator’s will find this submission
informative and evaluate based on the provide content.
For clarity and ease of use there is a Table of contents and Evaluators section to
make easier navigation and recording of the marks. Evaluator’s are welcome to
provide the necessary comments against each response; suitable space has been
provided at the end of each response.
I am grateful to the Infysys academy, Koramangala, Bangalore in making this a big
success. Many thanks for the timely help and attention in making this possible
within specified timeframe. Special thanks to Mr. Vivek and Mr. Prakash for their
timely help and guidance.
Candidate’s Name and Signature Date
MT23C-I
6
Table of Contents
For Evalua tion................................................................................................................................ 4
Preface.......................................................................................................................................... 5
Question 1..................................................................................................................................... 9
Answer 1 ....................................................................................................................................... 9
Question 2................................................................................................................................... 10
Answer 2 ..................................................................................................................................... 10
Question 3................................................................................................................................... 12
Answer 3 ..................................................................................................................................... 12
Question 4................................................................................................................................... 14
Answer 4 ..................................................................................................................................... 14
Question 5................................................................................................................................... 16
Answer 5 ..................................................................................................................................... 17
Question 6................................................................................................................................... 19
Answer 6 ..................................................................................................................................... 19
Question 7................................................................................................................................... 20
Answer 7 ..................................................................................................................................... 20
Question 8................................................................................................................................... 21
Answer 8 ..................................................................................................................................... 21
Question 9................................................................................................................................... 23
Answer 9 ..................................................................................................................................... 23
Question 10 ................................................................................................................................. 28
Answer 10 ................................................................................................................................... 28
MT23C-I
7
Table of Figures
Figure 1 The VPN connection ......................................................................................................... 14
Figure 2 VPN Model ....................................................................................................................... 16
Figure 3 IP address spoofing......................................................................................................... 20
Figure 4 Verifying a Digital signature in Message Authentication .................................................... 23
Figure 5 Risk Management plan..................................................................................................... 24
Figure 6 Identify Risks ................................................................................................................... 25
Figure 7 Analyze risks.................................................................................................................... 26
Figure 8 Plan for management of risks .......................................................................................... 27
Figure 9 IP Sec elements ................................................................................................................ 28
MT23C-I
8
E-COMMERCE, M-COMMERCE & NETWORK SECURITY
RESPONSE TO ASSIGNMENT – I
MT23C-I
9
Question 1 What is the need of Securing?
Answer 1
Few reasons for the need of security is to avoid:
Damage of computer systems
Damage of internal data
Loss of sensitive information to hostile parties
Damage to reputation of company
Monetary damages
Security is a continuous process of protecting an object from unauthorized
access. It is as state of being or feeling protected from harm. That object in
that state may be a person, an organization such as a business, or property
such as a computer system or a file. Security comes from secure which
means, according to Webster Dictionary, a state of being free from care,
anxiety, or fear.
An object can be in a physical state of security or a theoretical state of
security.
In a physical state, a facility is secure if it is protected by a barrier like a fence,
has secure areas both inside and outside, and can resist penetration by
intruders. This state of security can be guaranteed if the following four
protection mechanisms are in place: deterrence, prevention, detection, and
response.
• Deterrence is usually the first line of defense against intruders who may try to
gain access. It works by creating an atmosphere intended to frighten intruders.
Sometimes this may involve warnings of severe consequences if security is
breached.
• Prevention is the process of trying to stop intruders from gaining access to
the resources of the system. Barriers include firewalls, demilitarized zones
(DMZs), and use of access items like keys, access cards, biometrics, and
others to allow only authorized users to use and access a facility.
• Detection occurs when the intruder has succeeded or is in the process of
gaining access to the system. Signals from the detection process include
MT23C-I
10
alerts to the existence of an intruder. Sometimes these alerts can be real time
or stored for further analysis by the security personnel.
• Response is an after effect mechanism that tries to respond to the failure of
the first three mechanisms. It works by try ing to stop and/or prevent future
damage or access to a facility.
Evaluator’s Comments if any:
Question 2 What are the threats and vulnerabilities?
Answer 2
Threats:
A threat can be any person, object, or event that, if realized, could
potentially cause damage to the LAN. Threats can be malicious, such as the
intentional modification of sensitive information, or can be accidental, such
as an error in a calculation, acts of nature.
Security threats to the availability, confidentiality and integrity/non-
repudiation state of computer and network assets may involve physical
actions or cyber actions. Physical threats include natural threats (e.g., flood
and lightning) and man-made threats (e.g., physical break-in to destroy or
take away computers and network devices).
Cyber security threats can be characterized by many factors such as
motive, objective, origin, speed, means, skill, resource, and so on. For
example, there may be a political motive for the massive destruction of
computer and network assets at a national level, a financial motive for
gathering and stealing information at the corporate level, and a personal
motive for overcoming the technical challenge to vandalize or gain access
to a computer and network system. Objectives can vary from gathering or
MT23C-I
11
stealing information to gaining access, disrupting or denying service, and
modifying or deleting data. In general, a threat can come internally or
externally. An internal threat or insider threat comes from a source which
has access rights but abuses them. An external threat comes from a source
which is not authorized to access a computer and network system. Some
attacks are scripted and automatically executed with little human
intervention, producing a machine speed of attack execution, whereas other
attacks are performed through manual interactions with a computer and
network system and thus proceed slowly. An attacker can have no
sophisticated skills and little resources but simply execute a downloaded
attack script. Nation- or organization-sponsored attacks can use
sophisticated skills and knowledge about computers and networks with
unlimited resources.
Vulnerability:
Vulnerabilities are weaknesses in a LAN that can be exploited by a threat.
For example, unauthorized access to the LAN could occur by an outsider
guessing an obvious password. The vulnerability exploited is the poor
password choice of the user.
Each computer or network asset has a limited service capacity, an inherent
vulnerability which exposes them to denial of service attacks through
flooding. Moreover, most system and application software, which enables
users to operate computers and networks, is large in size and complex in
nature. Large-scale, complex software presents considerable challenges in
specification, design, implementation, testing, configuration, and operation
management. As a result, system software and application software is often
released without being fully tested and evaluated as free from errors, due to
the complexity of large-scale software. Errors can also be made by system
administrators when they configure software.
Symantec Corporation has a software product, called Vulnerability
Assessment (VA), which uses host-based audits to check the security
settings of a host computer for vulnerabilities or uses a network scanner to
check remote computers for vulnerabilities. The VA defines the following
vulnerability classes to indicate the types of errors which produce the
vulnerabilities:
_ boundary condition error;
MT23C-I
12
_ access validation error;
_origin validation error;
_ input validation error;
_ failure to handle exceptional conditions;
_ race condition error;
_ serialization error;
_ atomicity error;
_ environment error;
_ configuration error;
_ design error;
_ unknown.
Evaluator’s Comments if any:
Question 3 What are the firewall Components?
Answer 3
Firewalls can be composed of software, hardware or most commonly, both.
A firewall is hardware, software, or a combination of both that monitors and
filters traffic packets that attempt to either enter or leave the protected private
network. It is a tool that separates a protected network or part of a network,
and now increasingly a user PC, from an unprotected network – the “bad
network” like the Internet. In many cases the “bad network” may even be part
of the company network. By definition, a “firewall,” is a tool that provides a
MT23C-I
13
filter of both incoming and outgoing packets.
The primary components of a firewall are:
1. Network policy
2. Advanced authentication mechanisms
3. Packet filtering, and Application gateways
Network policy:
There are two levels of network policy that directly influence the design,
installation and use of a firewall system. The higher level policy (Services
access policy) is an issue-specific, network access policy that defines those
services that will be allowed or explicitly denied from the restricted network,
how these services will be used, and the conditions for exception to this
policy. The lower level policy (Firewall design policy) describes how the firewall
will actually go about restricting the access and filtering the services what were
defined in the higher level policy.
Advanced authentication:
Advanced authentication measures such as smartcards, authentication tokens,
biometrics, and software based mechanism are designed to counter the
weakness of traditional passwords. While the authentication techniques vary,
they are similar in that the passwords generated by advanced authentication
devices cannot be reused by an attacker who has monitored a connection.
Ex.: One time passwords.
Packet filtering, and Application gateways
IP Packet filtering is done using a packet filtering router designed for filtering
packets as they pass between the router’s interfaces. A packet filtering router
usually can filter IP packets based on some or all of the following fields:
Source IP address
Destination IP address
TCP/UDP source and destination ports To counter some of the weakness associated with packet filtering routers,
firewalls need to use software applications to forward and filter connections for
services such as TELNET and FTP. Such an application is referred to as a
proxy service, while the host running the proxy service is referred to as an
application gateway.
MT23C-I
14
Evaluator’s Comments if any:
Question 4 Explain VPN?
Answer 4
A VPN is the extension of a private network that encompasses links across
shared or public networks such as the Internet. A VPN enables you to send
data between two computers across a shared or public internetwork in a
manner that emulates the properties of a point-to-point private link. In
essence, it makes the remote computer virtually part of the private network by
making an encrypted tunnel through the public Internet. The act of configuring
and creating a VPN is known as virtual private networking.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a
header that provides routing information, allowing the data to traverse the
shared or public transit internetwork to reach its endpoint. To emulate a private
link, the data being sent is encrypted for confidentiality. Packets that are
intercepted on the shared or public network are indecipherable without the
encryption keys. The portion of the connection in which the private data is
encapsulated is known as the tunnel. The portion of the connection in which
the private data is encrypted is known as the VPN connection. Figure 1 shows
the VPN connection.
Figure 1 The VPN connection
VPN connections allow users working at home or on the road to connect in a
secure fashion to an organization’s remote server by using the routing
MT23C-I
15
infrastructure provided by a public internetwork (such as the Internet). From the
user’s perspective, the VPN connection is a point-to-point connection
between the user’s computer and an organization’s server. The nature of the
intermediate internetwork is irrelevant to the user because it appears as if the
data is being sent over a dedicated private link.
VPN technology also allows a corporation to connect to branch offices or to
other companies over a public internetwork (such as the Internet) while
maintaining secure communications. The VPN connection across the Internet
logically operates as a wide area network (WAN) link between the sites.
In both of these cases, the secure connection across the internetwork appears
to the user as a private network communication—despite the fact that this
communication occurs over a public internetwork—hence the name virtual
private network.
VPN technology is designed to address issues surrounding the current
business trend toward increased telecommuting and widely distributed global
operations, where workers must be able to connect to central resources and
must be able to communicate with each other.
To provide employees with the ability to connect to an organization’s
computing resources, regardless of their location, a corporation must deploy a
scalable remote access solution. Typically, corporations choose either a
department solution, where an internal information systems department is
charged with buying, installing, and maintaining an organization’s modem
pools and a private network infrastructure; or they choose a value-added
network (VAN) solution, where they pay an outsourced company to buy, install,
and maintain modem pools and a telecommunication infrastructure.
Neither of these solutions provides the necessary scalability, in terms of cost,
flexible administration, and demand for connections. Therefore, it makes sense
to replace the modem pools and private network infrastructure with a less
expensive solution based on Internet technology so that the business can
focus on its core competencies. With an Internet solution, a few Internet
connections through Internet service providers (ISPs) and VPN server
computers can serve the remote networking needs of hundreds or thousands
of remote clients and branch offices.
The security procedures that involve encryption are achieved through the use
of a tunneling protocol. There are two types of VPNs:
MT23C-I
16
Remote access which lets single users connect to the protected company
network and site-to-site which supports connections between two protected
company networks. In either mode, VPN technology gives a company the
facilities of expensive private leased lines at much lower cost by using the
shared public infrastructure like the Internet. See Fig. 2.
VPN technology is not new; phone companies have provided private shared
resources for voice messages for over a decade. However, its extension to
making
Figure 2 VPN Model
it possible to have the same protected sharing of public resources for data is
new. Today, VPNs are being used for both extranets and wide-area intranets.
Probably owing to cost savings, the popularity of VPNs by companies has been
phenomenal.
Evaluator’s Comments if any:
Question 5 Explain various methods of attacks?
MT23C-I
17
Answer 5
Whatever their motives, hackers have a variety of techniques in their arsenal
to carry out their goals. Let us look at some of them here.
Social Engineering: This involves fooling the victim for fun and profit. Social
engineering depends on trusting that employees will fall for cheap hacker
“tricks” such as calling or e-mailing them masquerading as a system
administrator, for example, and getting their passwords which eventually
lets in the intruder. Social engineering is very hard to protect against. The
only way to prevent it is through employee education and employee
awareness.
Impersonation is stealing access rights of authorized users. There are many
ways an attacker such as a hacker can impersonate a legitimate user. For
example, a hacker can capture a user telnet session using a network sniffer
such as tcpdump or nitsniff. The hacker can then later login as a legitimate
user with the stolen login access rights of the victim.
Exploits: This involves exploiting a hole in software or operating systems. As
is usually the case, many software products are brought on the market
either through a rush to finish or lack of testing, with gaping loopholes.
Badly written software is very common even in large software projects such
as operating systems. Hackers quite often scan network hosts for exploits
and use them to enter systems.
Transitive Trust exploits host-to-host or network-to-network trust. Either
through client-server three-way handshake or server-to-server next-hop
relationships, there is always a trust relationship between two network hosts
during any transmission. This trust relationship is quite often compromised
by hackers in a variety of ways. For example, an attacker can easily do an
IP-spoof or a sequence number attack between two transmitting elements
and gets away with information that compromises the security of the two
communicating elements.
Data Attacks: Script programming has not only brought new dynamism into
Web development, but it has also brought a danger of hostile code into
systems through scripts. Current scripts can run on both the server, where
they traditionally used to run, and also on the client. In doing so, scripts can
MT23C-I
18
allow an intruder to deposit hostile code into the system, including Trojans,
worms, or viruses.
Infrastructure Weaknesses: Some of the greatest network infrastructure
weaknesses are found in the communication protocols. Many hackers, by
virtue of their knowledge of the network infrastructure, take advantage of
these loopholes and use them as gateways to attack systems. Many times,
whenever a loophole is found in the protocols, patches are soon made
available but not many system administrators follow through with patching
the security holes. Hackers start by scanning systems to find those
unpatched holes. In fact, most of the system attacks from hackers use
known vulnerabilities that should have been patched.
Denial of Service: This is a favourite attack technique for many hackers,
especially hacktivists. It consists of preventing the system from being used
as planned through overwhelming the servers with traffic. The victim server
is selected and then bombarded with packets with spoofed IP addresses.
Many times, innocent hosts are forced to take part in the bombardment of
the victim to increase the traffic on the victim until the victim is
overwhelmed and eventually fails.
Active Wiretap: In an active wiretap, messages are intercepted during
transmission. When the interception happens, two things may take place:
First, the data in the intercepted package may be compromised by
introduction of new data such as change of source or destination IP
address or the change in the packet sequence numbers. Secondly, data
may not be changed but copied to be used later such as in the scanning
and sniffing of packets. In either case, the confidentiality of data is
compromised and the security of the network is put at risk.
Evaluator’s Comments if any:
MT23C-I
19
Question 6 State the anti-virus technologies?
Answer 6
Five major Virus detection technologies:
Integrity checking( aka checksum)
Based on determining, by comparison, whether virus-attacked code
modified a program’s file characteristics. As it is not dependent on virus
signatures, this method does not require software updates at specific
intervals.
Interrupt monitoring: Attempts to locate and prevent a virus “interrupt calls”(
function requests through the system’s interrupts)
Memory detection: Depends on recognition of a known virus location and
code while in memory.
Signature scanning: Recognizes a virus unique “signature” a preidentified
set of hexadecimal code, making it highly successful at virus identification.
Heuristic/Rules based scanning: Faster than traditional scanners, method
uses a set of rules to efficiently parse through files and quickly identify
suspect code.
All above mentioned five technologies can usually perform on-access or
on-demand scans, for both network servers and work-stations. Today, all
effective products leverage a combination of above to manage virus threats.
Evaluator’s Comments if any:
MT23C-I
20
Question 7 What is IP address spoofing
Answer 7
The term IP address spoofing refers to the creation of IP packets with a
forged (spoofed) source IP address with the purpose of concealing the
identity of the sender.
Figure 3 shows a scenario of spoofing.
Figure 3 IP address spoofing
How Spoofing works:
The basic protocol for sending data over the Internet and many other
computer networks is the IP. The header of each IP packet contains, among
other things, the numerical source and destination address of the packet.
The source address is normally the address that the packet was sent from.
By forging the header so it contains a different address, an attacker can
make it appear that the packet was sent by a different machine. The
machine that receives spoofed packets will send response back to the
forged source address, which means that this technique is mainly used
when the attacker does not care about response or the attacker has some
way of guessing the response.
In certain cases, it might be possible for the attacker to see or redirect the
response to his own machine. The most usual case is when the attacker is
spoofing an address on the same LAN or WAN.
MT23C-I
21
Evaluator’s Comments if any:
Question 8 Describe digital Signature?
Answer 8
A digital signature or schema is a type of asymmetric cryptography used to
simulate the security properties of a handwritten signature on the paper.
Digital signature schemes normally provide two algorithms, one for signing
which involves the user’s secret key or private key, and one for verifying
signatures which involves the user’s public key. The output of the signature
process is called the “Digital signature”.
The idea of a digital signature is basically the same as that of a handwritten
signature, to authenticate the signer. It is used to authenticate the fact that
what has been promised by a signature can’t be taken back later. Like a
paper signature, the digital signature creates a legal and psychological link
between the signer of the message and the message.
Digital signature-based authentication is yet another authentication
technique that does not require passwords and user names. A digital
signature is a cryptographic scheme used by the message recipient and any
third party to verify the sender’s identity and/or message on authenticity. It
consists of an electronic signature that uses public key infrastructure (PKI) to
verify the identity of the sender of a message or of the signer of a
document. The scheme may include a number of algorithms and functions
including the Digital Signature Algorithm (DSA), Elliptic Curve Digital
Signature and Algorithm (ECDSA), account authority digital signature,
authentication function, and signing function.
A digital signature is defined as an encrypted message digest, by the private
key of the sender, appended to a document to analogously authenticate it,
just like the handwritten signature appended on a written document
MT23C-I
22
authenticates it. Just like in the handwritten form, a digital signature is used
to confirm the identity of the sender and the integrity of the document. It
establishes the nonrepudiation of the sender.
Digital signatures are formed using a combination of public key encryption
and one-way secure hash function according to the following steps :
The sender of the message uses the message digest function to
produce a message authentication code (MAC). This MAC is then encrypted using the private key and the public key
encryption algorithm. This encrypted MAC is attached to the message
as the digital signature.
The message is then sent to the receiver. Upon receipt of the message, the
recipient then uses his or her public key to decrypt the digital signature.
First, the recipient must verify that the message indeed came from the
expected sender. This step verifies the sender’s signature. It is done via the
following steps:
The recipient separates the received message into two: the original
document and the digital signature.
Using the sender’s public key, the recipient then decrypts the digital
signature which results in the original MAC.
The recipient then uses the original document and inputs it to the hash
function to produce a new MAC.
The new MAC is compared with the MAC from the sender for a match.
If these numbers compare, then the message was received unaltered, the
data integrity is assured, and the authenticity of the sender is proven. See
Fig. 4 for the working of digital signature verification.
Because digital signatures are derived from the message as a digest which
is then encrypted, they cannot be separated from the messages they are
derived from and remain valid.
Since digital signatures are used to authenticate the messages and identify
the senders of those messages, they can be used in a variety of areas where
such double confirmation is needed. Anything that can be digitized can be
digitally signed. This means that digital signatures can be used with any kind
of message, whether it is encrypted or not, to establish the authenticity of
the sender and that the message arrived intact. However, digital signatures
cannot be used to provide the confidentiality of the message content.
MT23C-I
23
Figure 4 Verifying a Digital signature in Message Authentication
Among the most common digital signature algorithms in use today are the
Digital Signature Standard (DSS) proposed by NIST and based on the El
Gamal public key algorithm and RSA. DSS is faster than RSA.
Evaluator’s Comments if any:
Question 9 Explain the process of Risk Management?
Answer 9
Risk management is a systematic approach to determine appropriate corporate
security measures. How to address security, where to address security, and
the type and strength of security controls requires considerable thought.
Risk management is the act of examining the relative value of your assets and
then allocating your security resources based on the likelihood of the risk
MT23C-I
24
occurring and the value of the asset. Risk management helps you prioritize
your efforts and spending to secure your network
Figure 5 Risk Management plan
A risk is the possibility of suffering a loss, and the impact or extent of damage
that would result if the loss occurs. Risk management is the process of
identifying risks, analyzing the risks, and creating a plan to manage the risks.
There are two types of risk analysis:
Qualitative. Ranks risks according to their relative impact on business
operations. Qualitative analysis often requires you to estimate the
probability of a threat and the impact of the threat occurring on a scale
of 1 to 10. You then multiply the two numbers for the probability and impact and use the product to rank the risk relative to other risks.
Quantitative. Places actual values on the probability and impact of
threats to determine how to allocate security resources. Although
quantitative risk analysis uses advanced financial accounting skills, it
remains an inexact science.
MT23C-I
25
Figure 6 Identify Risks
To identify threats to assets, you perform threat modeling. For each threat that
you identify, create a risk statement. Risk statements combine information
about a threat with information about the impact of the threat occurring.
Risk statements help you clearly state the risks that threaten your assets and
the consequences of a threat occurring so that you can design appropriate
security measures to reduce the risks. A single asset may have many risk
statements associated with it.
A risk statement contains three parts:
Condition. Generally an “if” clause about what happens if a threat
occurs.
Operations consequence. Describes the effects on IT operations of a
threat that occurs to an asset. The effects are also known as the mode of failure.
Financial and business impact. Describes the effects on the organization
of a threat that occurs to an asset.
MT23C-I
26
Figure 7 Analyze risks
After you create risk statements for each risk, you can analyze the impact of
each risk in greater detail. Qualitative risk analysis uses a general ranking of
probability and impact to determine a relative rank of a risk. The following table
offers an example.
In this example, the threat of information disclosure is medium, but with a high
impact. By estimating probability and impact on a scale of 1 to 10 and
multiplying the two numbers, a relative rank of 45 is obtained. This information
can help security designers prioritize threats, although the value placed on
probability and impact is subject to debate.
MT23C-I
27
Figure 8 Plan for management of risks
To manage a risk, you can apply one of four general strategies:
Accept. You accept risk and do nothing proactive, with the exception of
making contingency plans. Consider acceptance if the ALE for an asset
is less than the value of the asset, and if the business impact is low.
Mitigate. You mitigate risk by proactively changing the asset’s exposure
to the risk or your organization’s reliance on the asset. Consider a risk
mitigation strategy if the ALE is less than the value of the asset, and you
can take proactive actions in advance. Mitigation is the primary risk
management strategy.
Transfer. You transfer risk by partially shifting the responsibility for the
risk to another party, such as insurance or managed services company.
Transfer is becoming an increasingly important strategy for security.
Avoid. You avoid risk by eliminating the source of the risk or the asset’s
exposure to the risk. This is an extreme reaction to risk and should only
be done when the severity of the impact of the risk outweighs the benefit
that is gained from the asset.
Evaluator’s Comments if any:
MT23C-I
28
Question 10 Explain IP Security and security structure?
Answer 10
IPSec is a suite of protocols for securing Internet Protocol (IP)
communications by authenticating and/or encrypting each IP packet in a
data stream. IPSec also includes protocols for cryptographic key
establishment.
IPSec operates at network layer 3 of the OSI model. Applications using IP
Sec have an advantage over using lower layer protocols that it doesn’t need
to be designed to use IPSec, whereas for protocols like SSL the App needs
to be designed to support it.
Security Architecture:
Figure 9 IP Sec elements
IPSec is implemented by a set of cryptographic protocols for
Securing packet flows
Mutual authentication and
Establishing cryptographic parameters
MT23C-I
29
The IPSec architecture uses the concept of security association as the basis
for building security functions into IP. A security association is simply the
bundle of algorithms and parameters (such as keys) that is being used to
encrypt and authenticate a particular flow in one direction. Therefore in a
normal bi-directional traffic, the flows are secured by a pair of security
associations.
In order to decide what protection is to be provided for an outgoing packet,
IPSec uses the Security Parameter Index( SPI), an index to the security
association database(SADB), along with the destination address in a packet
header, which together uniquely identify a security association for that
packet. A similar procedure is performed for an incoming packet, where
IPSec gathers decryption and verification keys from the security association
database.
For multicast, a security association is provided for the group, and is
duplicated across all authorized receivers of the group. There may be more
than one security association for a group, using different SPIs, thereby
allowing multiple levels and sets of security within a group. Indeed, each
sender can have multiple security associations, allowing authentication,
since a receiver can only know what someone knowing the keys sent the
data.
There are two modes of IPSec operations, transport mode and tunnel mode.
In transport mode only the payload (the data you transfer) of the IP
Packet is encrypted and/or authenticated.
In tunnel mode the entire packet (data plus the message headers) is
encrypted and/or authenticated.
Evaluator’s Comments if any: