E-Commerce, M-Commerce &

Network Security

(Assignment –I)

Submitted in partial fulfilment of the requirements for the degree of

Master of Technology in Information Technology

by

Vijayananda D Mohire

(Enrolment No.921DMTE0113)

Information Technology Department

Karnataka State Open University

Manasagangotri, Mysore – 570006

Karnataka, India

(2010)

MT23C-I

2

E-Commerce, M-Commerce & Network Security

MT23C-I

3

CERTIFICATE

This is to certify that the Assignment-I entitled E-Commerce, M-Commerce &

Network Security, subject code: MT23C submitted by Vijayananda D Mohire having

Roll Number 921DMTE0113 for the partial fulfilment of the requirements of Master

of Technology in Information Technology degree of Karnataka State Open

University, Mysore, embodies the bonafide work done by him under my

supervision.

Place: ________________ Signature of the Internal Supervisor

Name

Date: ________________ Designation

MT23C-I

4

For Evaluation

Question

Number

Maximum Marks Marks awarded Comments, if any

1 1

2 1

3 1

4 1

5 1

6 1

7 1

8 1

9 1

10 1

TOTAL 10

Evaluator’s Name and Signature Date

MT23C-I

5

Preface

This document has been prepared specially for the assignments of M.Tech – IT II

Semester. This is mainly intended for evaluation of assignment of the academic

M.Tech - IT, II semester. I have made a sincere attempt to gather and study the

best answers to the assignment questions and have attempted the responses to

the questions. I am confident that the evaluator’s will find this submission

informative and evaluate based on the provide content.

For clarity and ease of use there is a Table of contents and Evaluators section to

make easier navigation and recording of the marks. Evaluator’s are welcome to

provide the necessary comments against each response; suitable space has been

provided at the end of each response.

I am grateful to the Infysys academy, Koramangala, Bangalore in making this a big

success. Many thanks for the timely help and attention in making this possible

within specified timeframe. Special thanks to Mr. Vivek and Mr. Prakash for their

timely help and guidance.

Candidate’s Name and Signature Date

MT23C-I

6

Table of Contents

For Evalua tion................................................................................................................................ 4

Preface.......................................................................................................................................... 5

Question 1..................................................................................................................................... 9

Answer 1 ....................................................................................................................................... 9

Question 2................................................................................................................................... 10

Answer 2 ..................................................................................................................................... 10

Question 3................................................................................................................................... 12

Answer 3 ..................................................................................................................................... 12

Question 4................................................................................................................................... 14

Answer 4 ..................................................................................................................................... 14

Question 5................................................................................................................................... 16

Answer 5 ..................................................................................................................................... 17

Question 6................................................................................................................................... 19

Answer 6 ..................................................................................................................................... 19

Question 7................................................................................................................................... 20

Answer 7 ..................................................................................................................................... 20

Question 8................................................................................................................................... 21

Answer 8 ..................................................................................................................................... 21

Question 9................................................................................................................................... 23

Answer 9 ..................................................................................................................................... 23

Question 10 ................................................................................................................................. 28

Answer 10 ................................................................................................................................... 28

MT23C-I

7

Table of Figures

Figure 1 The VPN connection ......................................................................................................... 14

Figure 2 VPN Model ....................................................................................................................... 16

Figure 3 IP address spoofing......................................................................................................... 20

Figure 4 Verifying a Digital signature in Message Authentication .................................................... 23

Figure 5 Risk Management plan..................................................................................................... 24

Figure 6 Identify Risks ................................................................................................................... 25

Figure 7 Analyze risks.................................................................................................................... 26

Figure 8 Plan for management of risks .......................................................................................... 27

Figure 9 IP Sec elements ................................................................................................................ 28

MT23C-I

8

E-COMMERCE, M-COMMERCE & NETWORK SECURITY

RESPONSE TO ASSIGNMENT – I

MT23C-I

9

Question 1 What is the need of Securing?

Answer 1

Few reasons for the need of security is to avoid:

Damage of computer systems

Damage of internal data

Loss of sensitive information to hostile parties

Damage to reputation of company

Monetary damages

Security is a continuous process of protecting an object from unauthorized

access. It is as state of being or feeling protected from harm. That object in

that state may be a person, an organization such as a business, or property

such as a computer system or a file. Security comes from secure which

means, according to Webster Dictionary, a state of being free from care,

anxiety, or fear.

An object can be in a physical state of security or a theoretical state of

security.

In a physical state, a facility is secure if it is protected by a barrier like a fence,

has secure areas both inside and outside, and can resist penetration by

intruders. This state of security can be guaranteed if the following four

protection mechanisms are in place: deterrence, prevention, detection, and

response.

• Deterrence is usually the first line of defense against intruders who may try to

gain access. It works by creating an atmosphere intended to frighten intruders.

Sometimes this may involve warnings of severe consequences if security is

breached.

• Prevention is the process of trying to stop intruders from gaining access to

the resources of the system. Barriers include firewalls, demilitarized zones

(DMZs), and use of access items like keys, access cards, biometrics, and

others to allow only authorized users to use and access a facility.

• Detection occurs when the intruder has succeeded or is in the process of

gaining access to the system. Signals from the detection process include

MT23C-I

10

alerts to the existence of an intruder. Sometimes these alerts can be real time

or stored for further analysis by the security personnel.

• Response is an after effect mechanism that tries to respond to the failure of

the first three mechanisms. It works by try ing to stop and/or prevent future

damage or access to a facility.

Evaluator’s Comments if any:

Question 2 What are the threats and vulnerabilities?

Answer 2

Threats:

A threat can be any person, object, or event that, if realized, could

potentially cause damage to the LAN. Threats can be malicious, such as the

intentional modification of sensitive information, or can be accidental, such

as an error in a calculation, acts of nature.

Security threats to the availability, confidentiality and integrity/non-

repudiation state of computer and network assets may involve physical

actions or cyber actions. Physical threats include natural threats (e.g., flood

and lightning) and man-made threats (e.g., physical break-in to destroy or

take away computers and network devices).

Cyber security threats can be characterized by many factors such as

motive, objective, origin, speed, means, skill, resource, and so on. For

example, there may be a political motive for the massive destruction of

computer and network assets at a national level, a financial motive for

gathering and stealing information at the corporate level, and a personal

motive for overcoming the technical challenge to vandalize or gain access

to a computer and network system. Objectives can vary from gathering or

MT23C-I

11

stealing information to gaining access, disrupting or denying service, and

modifying or deleting data. In general, a threat can come internally or

externally. An internal threat or insider threat comes from a source which

has access rights but abuses them. An external threat comes from a source

which is not authorized to access a computer and network system. Some

attacks are scripted and automatically executed with little human

intervention, producing a machine speed of attack execution, whereas other

attacks are performed through manual interactions with a computer and

network system and thus proceed slowly. An attacker can have no

sophisticated skills and little resources but simply execute a downloaded

attack script. Nation- or organization-sponsored attacks can use

sophisticated skills and knowledge about computers and networks with

unlimited resources.

Vulnerability:

Vulnerabilities are weaknesses in a LAN that can be exploited by a threat.

For example, unauthorized access to the LAN could occur by an outsider

guessing an obvious password. The vulnerability exploited is the poor

password choice of the user.

Each computer or network asset has a limited service capacity, an inherent

vulnerability which exposes them to denial of service attacks through

flooding. Moreover, most system and application software, which enables

users to operate computers and networks, is large in size and complex in

nature. Large-scale, complex software presents considerable challenges in

specification, design, implementation, testing, configuration, and operation

management. As a result, system software and application software is often

released without being fully tested and evaluated as free from errors, due to

the complexity of large-scale software. Errors can also be made by system

administrators when they configure software.

Symantec Corporation has a software product, called Vulnerability

Assessment (VA), which uses host-based audits to check the security

settings of a host computer for vulnerabilities or uses a network scanner to

check remote computers for vulnerabilities. The VA defines the following

vulnerability classes to indicate the types of errors which produce the

vulnerabilities:

_ boundary condition error;

MT23C-I

12

_ access validation error;

_origin validation error;

_ input validation error;

_ failure to handle exceptional conditions;

_ race condition error;

_ serialization error;

_ atomicity error;

_ environment error;

_ configuration error;

_ design error;

_ unknown.

Evaluator’s Comments if any:

Question 3 What are the firewall Components?

Answer 3

Firewalls can be composed of software, hardware or most commonly, both.

A firewall is hardware, software, or a combination of both that monitors and

filters traffic packets that attempt to either enter or leave the protected private

network. It is a tool that separates a protected network or part of a network,

and now increasingly a user PC, from an unprotected network – the “bad

network” like the Internet. In many cases the “bad network” may even be part

of the company network. By definition, a “firewall,” is a tool that provides a

MT23C-I

13

filter of both incoming and outgoing packets.

The primary components of a firewall are:

1. Network policy

2. Advanced authentication mechanisms

3. Packet filtering, and Application gateways

Network policy:

There are two levels of network policy that directly influence the design,

installation and use of a firewall system. The higher level policy (Services

access policy) is an issue-specific, network access policy that defines those

services that will be allowed or explicitly denied from the restricted network,

how these services will be used, and the conditions for exception to this

policy. The lower level policy (Firewall design policy) describes how the firewall

will actually go about restricting the access and filtering the services what were

defined in the higher level policy.

Advanced authentication:

Advanced authentication measures such as smartcards, authentication tokens,

biometrics, and software based mechanism are designed to counter the

weakness of traditional passwords. While the authentication techniques vary,

they are similar in that the passwords generated by advanced authentication

devices cannot be reused by an attacker who has monitored a connection.

Ex.: One time passwords.

Packet filtering, and Application gateways

IP Packet filtering is done using a packet filtering router designed for filtering

packets as they pass between the router’s interfaces. A packet filtering router

usually can filter IP packets based on some or all of the following fields:

Source IP address

Destination IP address

TCP/UDP source and destination ports To counter some of the weakness associated with packet filtering routers,

firewalls need to use software applications to forward and filter connections for

services such as TELNET and FTP. Such an application is referred to as a

proxy service, while the host running the proxy service is referred to as an

application gateway.

MT23C-I

14

Evaluator’s Comments if any:

Question 4 Explain VPN?

Answer 4

A VPN is the extension of a private network that encompasses links across

shared or public networks such as the Internet. A VPN enables you to send

data between two computers across a shared or public internetwork in a

manner that emulates the properties of a point-to-point private link. In

essence, it makes the remote computer virtually part of the private network by

making an encrypted tunnel through the public Internet. The act of configuring

and creating a VPN is known as virtual private networking.

To emulate a point-to-point link, data is encapsulated, or wrapped, with a

header that provides routing information, allowing the data to traverse the

shared or public transit internetwork to reach its endpoint. To emulate a private

link, the data being sent is encrypted for confidentiality. Packets that are

intercepted on the shared or public network are indecipherable without the

encryption keys. The portion of the connection in which the private data is

encapsulated is known as the tunnel. The portion of the connection in which

the private data is encrypted is known as the VPN connection. Figure 1 shows

the VPN connection.

Figure 1 The VPN connection

VPN connections allow users working at home or on the road to connect in a

secure fashion to an organization’s remote server by using the routing

MT23C-I

15

infrastructure provided by a public internetwork (such as the Internet). From the

user’s perspective, the VPN connection is a point-to-point connection

between the user’s computer and an organization’s server. The nature of the

intermediate internetwork is irrelevant to the user because it appears as if the

data is being sent over a dedicated private link.

VPN technology also allows a corporation to connect to branch offices or to

other companies over a public internetwork (such as the Internet) while

maintaining secure communications. The VPN connection across the Internet

logically operates as a wide area network (WAN) link between the sites.

In both of these cases, the secure connection across the internetwork appears

to the user as a private network communication—despite the fact that this

communication occurs over a public internetwork—hence the name virtual

private network.

VPN technology is designed to address issues surrounding the current

business trend toward increased telecommuting and widely distributed global

operations, where workers must be able to connect to central resources and

must be able to communicate with each other.

To provide employees with the ability to connect to an organization’s

computing resources, regardless of their location, a corporation must deploy a

scalable remote access solution. Typically, corporations choose either a

department solution, where an internal information systems department is

charged with buying, installing, and maintaining an organization’s modem

pools and a private network infrastructure; or they choose a value-added

network (VAN) solution, where they pay an outsourced company to buy, install,

and maintain modem pools and a telecommunication infrastructure.

Neither of these solutions provides the necessary scalability, in terms of cost,

flexible administration, and demand for connections. Therefore, it makes sense

to replace the modem pools and private network infrastructure with a less

expensive solution based on Internet technology so that the business can

focus on its core competencies. With an Internet solution, a few Internet

connections through Internet service providers (ISPs) and VPN server

computers can serve the remote networking needs of hundreds or thousands

of remote clients and branch offices.

The security procedures that involve encryption are achieved through the use

of a tunneling protocol. There are two types of VPNs:

MT23C-I

16

Remote access which lets single users connect to the protected company

network and site-to-site which supports connections between two protected

company networks. In either mode, VPN technology gives a company the

facilities of expensive private leased lines at much lower cost by using the

shared public infrastructure like the Internet. See Fig. 2.

VPN technology is not new; phone companies have provided private shared

resources for voice messages for over a decade. However, its extension to

making

Figure 2 VPN Model

it possible to have the same protected sharing of public resources for data is

new. Today, VPNs are being used for both extranets and wide-area intranets.

Probably owing to cost savings, the popularity of VPNs by companies has been

phenomenal.

Evaluator’s Comments if any:

Question 5 Explain various methods of attacks?

MT23C-I

17

Answer 5

Whatever their motives, hackers have a variety of techniques in their arsenal

to carry out their goals. Let us look at some of them here.

Social Engineering: This involves fooling the victim for fun and profit. Social

engineering depends on trusting that employees will fall for cheap hacker

“tricks” such as calling or e-mailing them masquerading as a system

administrator, for example, and getting their passwords which eventually

lets in the intruder. Social engineering is very hard to protect against. The

only way to prevent it is through employee education and employee

awareness.

Impersonation is stealing access rights of authorized users. There are many

ways an attacker such as a hacker can impersonate a legitimate user. For

example, a hacker can capture a user telnet session using a network sniffer

such as tcpdump or nitsniff. The hacker can then later login as a legitimate

user with the stolen login access rights of the victim.

Exploits: This involves exploiting a hole in software or operating systems. As

is usually the case, many software products are brought on the market

either through a rush to finish or lack of testing, with gaping loopholes.

Badly written software is very common even in large software projects such

as operating systems. Hackers quite often scan network hosts for exploits

and use them to enter systems.

Transitive Trust exploits host-to-host or network-to-network trust. Either

through client-server three-way handshake or server-to-server next-hop

relationships, there is always a trust relationship between two network hosts

during any transmission. This trust relationship is quite often compromised

by hackers in a variety of ways. For example, an attacker can easily do an

IP-spoof or a sequence number attack between two transmitting elements

and gets away with information that compromises the security of the two

communicating elements.

Data Attacks: Script programming has not only brought new dynamism into

Web development, but it has also brought a danger of hostile code into

systems through scripts. Current scripts can run on both the server, where

they traditionally used to run, and also on the client. In doing so, scripts can

MT23C-I

18

allow an intruder to deposit hostile code into the system, including Trojans,

worms, or viruses.

Infrastructure Weaknesses: Some of the greatest network infrastructure

weaknesses are found in the communication protocols. Many hackers, by

virtue of their knowledge of the network infrastructure, take advantage of

these loopholes and use them as gateways to attack systems. Many times,

whenever a loophole is found in the protocols, patches are soon made

available but not many system administrators follow through with patching

the security holes. Hackers start by scanning systems to find those

unpatched holes. In fact, most of the system attacks from hackers use

known vulnerabilities that should have been patched.

Denial of Service: This is a favourite attack technique for many hackers,

especially hacktivists. It consists of preventing the system from being used

as planned through overwhelming the servers with traffic. The victim server

is selected and then bombarded with packets with spoofed IP addresses.

Many times, innocent hosts are forced to take part in the bombardment of

the victim to increase the traffic on the victim until the victim is

overwhelmed and eventually fails.

Active Wiretap: In an active wiretap, messages are intercepted during

transmission. When the interception happens, two things may take place:

First, the data in the intercepted package may be compromised by

introduction of new data such as change of source or destination IP

address or the change in the packet sequence numbers. Secondly, data

may not be changed but copied to be used later such as in the scanning

and sniffing of packets. In either case, the confidentiality of data is

compromised and the security of the network is put at risk.

Evaluator’s Comments if any:

MT23C-I

19

Question 6 State the anti-virus technologies?

Answer 6

Five major Virus detection technologies:

Integrity checking( aka checksum)

Based on determining, by comparison, whether virus-attacked code

modified a program’s file characteristics. As it is not dependent on virus

signatures, this method does not require software updates at specific

intervals.

Interrupt monitoring: Attempts to locate and prevent a virus “interrupt calls”(

function requests through the system’s interrupts)

Memory detection: Depends on recognition of a known virus location and

code while in memory.

Signature scanning: Recognizes a virus unique “signature” a preidentified

set of hexadecimal code, making it highly successful at virus identification.

Heuristic/Rules based scanning: Faster than traditional scanners, method

uses a set of rules to efficiently parse through files and quickly identify

suspect code.

All above mentioned five technologies can usually perform on-access or

on-demand scans, for both network servers and work-stations. Today, all

effective products leverage a combination of above to manage virus threats.

Evaluator’s Comments if any:

MT23C-I

20

Question 7 What is IP address spoofing

Answer 7

The term IP address spoofing refers to the creation of IP packets with a

forged (spoofed) source IP address with the purpose of concealing the

identity of the sender.

Figure 3 shows a scenario of spoofing.

Figure 3 IP address spoofing

How Spoofing works:

The basic protocol for sending data over the Internet and many other

computer networks is the IP. The header of each IP packet contains, among

other things, the numerical source and destination address of the packet.

The source address is normally the address that the packet was sent from.

By forging the header so it contains a different address, an attacker can

make it appear that the packet was sent by a different machine. The

machine that receives spoofed packets will send response back to the

forged source address, which means that this technique is mainly used

when the attacker does not care about response or the attacker has some

way of guessing the response.

In certain cases, it might be possible for the attacker to see or redirect the

response to his own machine. The most usual case is when the attacker is

spoofing an address on the same LAN or WAN.

MT23C-I

21

Evaluator’s Comments if any:

Question 8 Describe digital Signature?

Answer 8

A digital signature or schema is a type of asymmetric cryptography used to

simulate the security properties of a handwritten signature on the paper.

Digital signature schemes normally provide two algorithms, one for signing

which involves the user’s secret key or private key, and one for verifying

signatures which involves the user’s public key. The output of the signature

process is called the “Digital signature”.

The idea of a digital signature is basically the same as that of a handwritten

signature, to authenticate the signer. It is used to authenticate the fact that

what has been promised by a signature can’t be taken back later. Like a

paper signature, the digital signature creates a legal and psychological link

between the signer of the message and the message.

Digital signature-based authentication is yet another authentication

technique that does not require passwords and user names. A digital

signature is a cryptographic scheme used by the message recipient and any

third party to verify the sender’s identity and/or message on authenticity. It

consists of an electronic signature that uses public key infrastructure (PKI) to

verify the identity of the sender of a message or of the signer of a

document. The scheme may include a number of algorithms and functions

including the Digital Signature Algorithm (DSA), Elliptic Curve Digital

Signature and Algorithm (ECDSA), account authority digital signature,

authentication function, and signing function.

A digital signature is defined as an encrypted message digest, by the private

key of the sender, appended to a document to analogously authenticate it,

just like the handwritten signature appended on a written document

MT23C-I

22

authenticates it. Just like in the handwritten form, a digital signature is used

to confirm the identity of the sender and the integrity of the document. It

establishes the nonrepudiation of the sender.

Digital signatures are formed using a combination of public key encryption

and one-way secure hash function according to the following steps :

The sender of the message uses the message digest function to

produce a message authentication code (MAC). This MAC is then encrypted using the private key and the public key

encryption algorithm. This encrypted MAC is attached to the message

as the digital signature.

The message is then sent to the receiver. Upon receipt of the message, the

recipient then uses his or her public key to decrypt the digital signature.

First, the recipient must verify that the message indeed came from the

expected sender. This step verifies the sender’s signature. It is done via the

following steps:

The recipient separates the received message into two: the original

document and the digital signature.

Using the sender’s public key, the recipient then decrypts the digital

signature which results in the original MAC.

The recipient then uses the original document and inputs it to the hash

function to produce a new MAC.

The new MAC is compared with the MAC from the sender for a match.

If these numbers compare, then the message was received unaltered, the

data integrity is assured, and the authenticity of the sender is proven. See

Fig. 4 for the working of digital signature verification.

Because digital signatures are derived from the message as a digest which

is then encrypted, they cannot be separated from the messages they are

derived from and remain valid.

Since digital signatures are used to authenticate the messages and identify

the senders of those messages, they can be used in a variety of areas where

such double confirmation is needed. Anything that can be digitized can be

digitally signed. This means that digital signatures can be used with any kind

of message, whether it is encrypted or not, to establish the authenticity of

the sender and that the message arrived intact. However, digital signatures

cannot be used to provide the confidentiality of the message content.

MT23C-I

23

Figure 4 Verifying a Digital signature in Message Authentication

Among the most common digital signature algorithms in use today are the

Digital Signature Standard (DSS) proposed by NIST and based on the El

Gamal public key algorithm and RSA. DSS is faster than RSA.

Evaluator’s Comments if any:

Question 9 Explain the process of Risk Management?

Answer 9

Risk management is a systematic approach to determine appropriate corporate

security measures. How to address security, where to address security, and

the type and strength of security controls requires considerable thought.

Risk management is the act of examining the relative value of your assets and

then allocating your security resources based on the likelihood of the risk

MT23C-I

24

occurring and the value of the asset. Risk management helps you prioritize

your efforts and spending to secure your network

Figure 5 Risk Management plan

A risk is the possibility of suffering a loss, and the impact or extent of damage

that would result if the loss occurs. Risk management is the process of

identifying risks, analyzing the risks, and creating a plan to manage the risks.

There are two types of risk analysis:

Qualitative. Ranks risks according to their relative impact on business

operations. Qualitative analysis often requires you to estimate the

probability of a threat and the impact of the threat occurring on a scale

of 1 to 10. You then multiply the two numbers for the probability and impact and use the product to rank the risk relative to other risks.

Quantitative. Places actual values on the probability and impact of

threats to determine how to allocate security resources. Although

quantitative risk analysis uses advanced financial accounting skills, it

remains an inexact science.

MT23C-I

25

Figure 6 Identify Risks

To identify threats to assets, you perform threat modeling. For each threat that

you identify, create a risk statement. Risk statements combine information

about a threat with information about the impact of the threat occurring.

Risk statements help you clearly state the risks that threaten your assets and

the consequences of a threat occurring so that you can design appropriate

security measures to reduce the risks. A single asset may have many risk

statements associated with it.

A risk statement contains three parts:

Condition. Generally an “if” clause about what happens if a threat

occurs.

Operations consequence. Describes the effects on IT operations of a

threat that occurs to an asset. The effects are also known as the mode of failure.

Financial and business impact. Describes the effects on the organization

of a threat that occurs to an asset.

MT23C-I

26

Figure 7 Analyze risks

After you create risk statements for each risk, you can analyze the impact of

each risk in greater detail. Qualitative risk analysis uses a general ranking of

probability and impact to determine a relative rank of a risk. The following table

offers an example.

In this example, the threat of information disclosure is medium, but with a high

impact. By estimating probability and impact on a scale of 1 to 10 and

multiplying the two numbers, a relative rank of 45 is obtained. This information

can help security designers prioritize threats, although the value placed on

probability and impact is subject to debate.

MT23C-I

27

Figure 8 Plan for management of risks

To manage a risk, you can apply one of four general strategies:

Accept. You accept risk and do nothing proactive, with the exception of

making contingency plans. Consider acceptance if the ALE for an asset

is less than the value of the asset, and if the business impact is low.

Mitigate. You mitigate risk by proactively changing the asset’s exposure

to the risk or your organization’s reliance on the asset. Consider a risk

mitigation strategy if the ALE is less than the value of the asset, and you

can take proactive actions in advance. Mitigation is the primary risk

management strategy.

Transfer. You transfer risk by partially shifting the responsibility for the

risk to another party, such as insurance or managed services company.

Transfer is becoming an increasingly important strategy for security.

Avoid. You avoid risk by eliminating the source of the risk or the asset’s

exposure to the risk. This is an extreme reaction to risk and should only

be done when the severity of the impact of the risk outweighs the benefit

that is gained from the asset.

Evaluator’s Comments if any:

MT23C-I

28

Question 10 Explain IP Security and security structure?

Answer 10

IPSec is a suite of protocols for securing Internet Protocol (IP)

communications by authenticating and/or encrypting each IP packet in a

data stream. IPSec also includes protocols for cryptographic key

establishment.

IPSec operates at network layer 3 of the OSI model. Applications using IP

Sec have an advantage over using lower layer protocols that it doesn’t need

to be designed to use IPSec, whereas for protocols like SSL the App needs

to be designed to support it.

Security Architecture:

Figure 9 IP Sec elements

IPSec is implemented by a set of cryptographic protocols for

Securing packet flows

Mutual authentication and

Establishing cryptographic parameters

MT23C-I

29

The IPSec architecture uses the concept of security association as the basis

for building security functions into IP. A security association is simply the

bundle of algorithms and parameters (such as keys) that is being used to

encrypt and authenticate a particular flow in one direction. Therefore in a

normal bi-directional traffic, the flows are secured by a pair of security

associations.

In order to decide what protection is to be provided for an outgoing packet,

IPSec uses the Security Parameter Index( SPI), an index to the security

association database(SADB), along with the destination address in a packet

header, which together uniquely identify a security association for that

packet. A similar procedure is performed for an incoming packet, where

IPSec gathers decryption and verification keys from the security association

database.

For multicast, a security association is provided for the group, and is

duplicated across all authorized receivers of the group. There may be more

than one security association for a group, using different SPIs, thereby

allowing multiple levels and sets of security within a group. Indeed, each

sender can have multiple security associations, allowing authentication,

since a receiver can only know what someone knowing the keys sent the

data.

There are two modes of IPSec operations, transport mode and tunnel mode.

In transport mode only the payload (the data you transfer) of the IP

Packet is encrypted and/or authenticated.

In tunnel mode the entire packet (data plus the message headers) is

encrypted and/or authenticated.

Evaluator’s Comments if any: