Security in many layersSecurity in many layers

Application Layer – E-MailApplication Layer – E-Mail Transport Layer - Secure Socket LayerTransport Layer - Secure Socket Layer Network Layer – IPsec (VPN)Network Layer – IPsec (VPN) Link Layer – Wireless CommunicationLink Layer – Wireless Communication

Application - EMailApplication - EMail

Most popular is PGP Most popular is PGP (pretty good privacy)(pretty good privacy) First described in 1991 by P.R.ZimmermannFirst described in 1991 by P.R.Zimmermann Just using existing encoding techniquesJust using existing encoding techniques

Symmetric keys (DES,IDEA,RC5)Symmetric keys (DES,IDEA,RC5) Digital signature (MD5 or SHA with RSA)Digital signature (MD5 or SHA with RSA)

Figure (Figure (8.278.27, 8.28 and 8.29), 8.28 and 8.29)

Transport – Transport – SSLSSL

SSL – Secure Socket LayerSSL – Secure Socket Layer A ‘layer’ between Application and A ‘layer’ between Application and

TransportTransport Developed by Netscape back in 1994 – Developed by Netscape back in 1994 –

for use in web-applicationsfor use in web-applications HTTPS – http secure meaning http over ssl.HTTPS – http secure meaning http over ssl.

HighLevel view figure 8.32HighLevel view figure 8.32

Network – IPsec (VPN)Network – IPsec (VPN)

2 form for security2 form for security Authentication Authentication

–> Authentication Header (AH)–> Authentication Header (AH)Figure 8.33Figure 8.33

Authentication + ConfidentiallyAuthentication + Confidentially-> Encapsulation Security Payload (ESP)-> Encapsulation Security Payload (ESP)Figure 8.34Figure 8.34

VPN – Virtual Private NetworkVPN – Virtual Private Network Connecting two ‘local’ network safely over the network by Connecting two ‘local’ network safely over the network by

using eg. ESP in each router attached to the public network using eg. ESP in each router attached to the public network

Link – Wireless networkLink – Wireless network

Wireless network are very easy to break in – you just Wireless network are very easy to break in – you just have to be within the range of the access point.have to be within the range of the access point.

Simple security is WEP Simple security is WEP Wired Equivalent Privacy – part of 802.11 standard.Wired Equivalent Privacy – part of 802.11 standard. 1: Wireless host to Access Point (AP) – Ask for authentication1: Wireless host to Access Point (AP) – Ask for authentication 2: AP send 128 byte ‘nonse’2: AP send 128 byte ‘nonse’ 3: host encode the ‘nonse’ with symmetric key3: host encode the ‘nonse’ with symmetric key 4: AP check encode ‘nonse’ with original.4: AP check encode ‘nonse’ with original. Key distribution is out-band agreed somewhere elseKey distribution is out-band agreed somewhere else

Advanced security is using Authentication ServerAdvanced security is using Authentication Server Central server for verifying the host authenticationCentral server for verifying the host authentication Part of 802.11i (figure 8.37)Part of 802.11i (figure 8.37)