Secure Socket Layer (SSL) provides security for TCP-based applications by encrypting data transmission and allowing for authentication. It is commonly used for secure web browsing (HTTPS) and protects any application using TCP. SSL uses public key cryptography for authentication, where the server has a certificate signed by a trusted certificate authority that is validated by the client. It then establishes an encrypted session using a symmetric key to encrypt all further communication. At the network layer, IPsec uses two main protocols - Authentication Header and Encapsulating Security Payload - to provide authentication, integrity and confidentiality to IP packets through security associations and encryption. These techniques are foundational aspects of network security that are applied in various scenarios like secure email, transport layers, and
Secure Socket Layer (SSL) provides security for TCP-based applications by encrypting data transmission and allowing for authentication. It is commonly used for secure web browsing (HTTPS) and protects any application using TCP. SSL uses public key cryptography for authentication, where the server has a certificate signed by a trusted certificate authority that is validated by the client. It then establishes an encrypted session using a symmetric key to encrypt all further communication. At the network layer, IPsec uses two main protocols - Authentication Header and Encapsulating Security Payload - to provide authentication, integrity and confidentiality to IP packets through security associations and encryption. These techniques are foundational aspects of network security that are applied in various scenarios like secure email, transport layers, and
Secure Socket Layer (SSL) provides security for TCP-based applications by encrypting data transmission and allowing for authentication. It is commonly used for secure web browsing (HTTPS) and protects any application using TCP. SSL uses public key cryptography for authentication, where the server has a certificate signed by a trusted certificate authority that is validated by the client. It then establishes an encrypted session using a symmetric key to encrypt all further communication. At the network layer, IPsec uses two main protocols - Authentication Header and Encapsulating Security Payload - to provide authentication, integrity and confidentiality to IP packets through security associations and encryption. These techniques are foundational aspects of network security that are applied in various scenarios like secure email, transport layers, and
Encrypted SSL session: ❒ SSL: basis of IETF ❒ Server authentication: ❒ Browser generates Transport Layer Security ❒ PGP provides security for a SSL-enabled browser symmetric session key, (TLS) RFC 2246. specific network app. ❍ encrypts it with server’s includes public keys for ❒ SSL can be used for non- ❒ SSL works at transport trusted CAs. public key, sends encrypted layer. Provides security to key to server. Web applications, e.g., ❍ Browser requests server any TCP-based app using IMAP. certificate, issued by ❒ Using its private key, server SSL services. trusted CA. decrypts session key. ❒ Client authentication can ❒ SSL: used between WWW ❍ Browser uses CA’s public ❒ Browser, server agree that be done with client key to extract server’s future msgs will be certificates. browsers, servers for I- public key from commerce (shttp). certificate. encrypted. ❒ Visit your browser’s ❒ All data sent into TCP ❒ SSL security services: security menu to see its socket (by client or server) ❍ server authentication is encrypted with session trusted CAs. ❍ data encryption key. ❒ www.openssl.org for more ❍ client authentication info (optional)
7: Network Security 39 7: Network Security 40
Authentication Header (AH) Protocol
IPSEC: Network Layer Security AH header includes: ❒ Network-layer secrecy: ❒ Provides source host ❒ RFCs 2401, 2411, 2402, 2406 authentication, data ❒ connection identifier ❍ sending host encrypts the ❒ For both AH and ESP, source, integrity, but not secrecy. ❒ authentication data: signed data in IP datagram destination handshake: ❒ AH header inserted message digest, calculated ❍ TCP and UDP segments; ❍ create network-layer between IP header and IP over original IP datagram, ICMP and SNMP logical channel called a providing source messages. data field. (service agreement-no) authentication, data integrity. (security agreement-no) ❒ Protocol field = 51. ❒ Network-layer authentication ❒ Next header field: specifies security association (SA) ❒ Intermediate routers ❍ destination host can type of data (TCP, UDP, ICMP, authenticate source IP ❒ Each SA unidirectional process datagrams as usual. etc.) address ❒ Uniquely determined by: ❍ security protocol (AH or ❒ Two principle protocols: ESP) ❍ authentication header ❍ source IP address (AH) protocol ❍ 32-bit connection ID ❍ encapsulation security payload (ESP) protocol 7: Network Security 41 7: Network Security 42 ESP Protocol Network Security (summary) ❒ Provides secrecy, host ❒ ESP authentication Basic techniques…... authentication, data field is similar to AH integrity. ❒ cryptography (symmetric and public) authentication field. ❒ Data, ESP trailer ❒ authentication ❒ Protocol = 50. encrypted. ❒ message integrity ❒ Next header field is in ❍ message digest ESP trailer. ❍ digital signatures
…. used in many different security scenarios
❒ secure email ❒ secure transport (SSL) ❒ IP sec See also: firewalls , in network management 7: Network Security 43 7: Network Security 44