Professional Documents
Culture Documents
CNS CW .
CNS CW .
ecib
beb Secun Considehahons
wonld cwid web 1S fundo mentally o chtnt 1Senvo
applicahon cPlip
nunning9. ovo h ininanej.
imonned and
',
ConS+ pllowing chanacloniShsSecunity tuls
Ahough web browos aru voy ea h un-web Sohvov
Co nelahvely ealj h anfiguru, managt and web con knt
is
ncieasng7 eal t drulop h undhlgng SItwaru
Jenizaondirai Compus
2. A web Sov an be enploi ked a a Jaunching faol Inh
h Conponahons 037 aguneyt enfu Computo Complu
3 calual and unnalned ulhs au common cends don web
-bad souid).
web Sccunity-thraah
a.3negilj
iModfiahon ula dats d
i
.baveldoPping
Thebt
on
u net
oom Sevy
io
i. Thot dkdals from cient
ivjno nehunk ntigunahon
aboud
v. intD about which clitnh
alka h Sovo)
Denial db Senvi
C.
1
Killing dk ulor hnead)
11. Flooding machinu uth
guW hequesln.
ii.Fling up disK 0 Mumo
iy- JSolahing machinu bj DNS a4atKs
d. Authundicahon,
H. ImpoSonahon ( Jgitimati ws
. web Toalhic
Seuni APPDgache
TCP
inhalizahm vahhs.
Segumit Numbe.
Kecond Pnotoco
SSL anc me bag
porovidt Condidin hal tj
ihu s$l fetond prohol
S2 conne chong.
Jnkgily Senvi do
APPliahon
dlod
Fnogmun
Compane
Add MAC
en1p
Append SSL
huP Prutol
Alodis uld h eonlgy 2-elahd alens o th
enh. As wth othor appliahons hat uk 31, alert
me ag u Compe and enoyphd a yefid
Cunnund au d b7 h
4 Hondshak Pnotol
Ihu mast Complex fad l& 91 in hi HandShaks Vsotvcol. This
protvco alows -hu Soven and chnt h arthanhcat eath
oh
and to negotiali an en9yphion and AC Hlgprithm and Cnph-
omaphic to
7rpnic Kay be uld th pootet dal Sent in an SS 2
econd. Ihu handthaKe notnol uld brfort an1 agplicahon
dala 1s nansmithd.
HmAc
Seoia
AC)
Scec
( -Secd
Hr1AC HMAC
Secoe AS)
Sead
Secu HMAC
Jungth-haJh Se
TLS funchon Phash (Seroel, Seed.
Phosh CSecaed, Secd) H19AChash (Seaut, A(1D l SCtd
HMAC-ha sh (Secanel, A l) Seed) 1)
HmAc-haSh CSeCrtl, n(| Sect) 1
9 Supponbh all db tht aler codes clebinud in sslv3 rth
exephon no Cohbicare
f dk
HTTPS
SHaCk
SSH olocel
Jt has becomu thu metho d dk chorce ton umok Jog in
and is apd be coming Onu d hu
andX tunneling
most Peonuasive appliahons p entyshon deahnoloa1 Oulside
cb embedded Sgmg.
SH iS 0mganized 0s hu photocol3 tha PiCall un
top 6b CP.
170nsPOt Layon Piotvcol
prouides Seuo1
,
Atcthundicakan data
Confidlenhality,
and dala inlegsnit Cwith
tonwond Secmecy
SececH.
Host Key Sovo Aucthundicahion occu3 Qthi bansfot
,
layen baSed on hu Stnve pmo0SSIng a publc poiivalc
K paih
may have muipu host kes bsing mulhplk
A A SenU
%mphes5
se POK! pd
Padding
encoy MA C
1 u en(Djphion.
2 0Se
aniuinus and anhspHw Sdbtuwanu and fiuwal
mo bill dav
Condiguohahon
nphahon SvO
datnbalk
Souo
an dnd
Arcdhundicoh poharoco
huwal dinmih Scopt ok Cantod ano
dCUs afuicl
dalti appliahan atuas dukd o ntj (hmi
sta b)sh
mobiu dvila,
t6a acw
Mobiu dvia Secuity Elumunh on
1Deyia Secuity
A numbe db 0ngani2ahons wil Suppy mobi divias
will SuPP
PPmobiu diui o employu u and pecmA JUDY
thok dAvIce) Secuni poity
Confenn do th entopik
Whetho a dvit 1s ownd b éhu 0ngen/7aho) en BYG D
ocwn - deviw,thi asgani 2ah00 sheuld
(97ing- Joun-
COndigune thi deviu wiHh Seausnity contora ineluding
ollowing:
th
Enablu auh doce, which caulo h devilt Jo Jock H1
AP2
STAZ
Basic
AP
SovittSdC8s3) STAI u
Basic
Sovica
C8ss) STA7
.fo thi
A BSss
3am Shaned Cu heless Oiheless meolium
may be isolated 0 i may COnnect h back bonu
disionibuko Syshm (D3) thhough ACe poiH CAP).
1ASSocidahon 6ntegahon
2. Aulhenfcahion 9 mspo delvoy
3. De Au-henhcahon 8-Paivat
L4. De Ass OCiahion
9- Keassociahion
5. DiSiibuhion
TEEE 802.1li wineless LAN Seeunidy
Phat 4-DISCovon
3 Compnessio
Emai Compahbilih
Authunkcahion
Signadunu Seuia Phovideo
Authomhcohion thi dighal
to PhP.
ocw
hu Sezunu is as9 foll 3.
b
O. Thu Sendn Cieates a messagr.
hash codi 0&
SHA-1 3 ustd genoati a 160- bit
h mesg.
enCyptd wth RSA USing Sendeo3 u
4 nash Codi is prupendeo othu messaqul
Porivat Key and thu esult 1S
d Thi eciuen ugh R3A tuHh hu Sendos Pubic g f
and ecoven the hosh code.
decypt
Thu ecive qunenatty a Hon thu mess-
neto hash Cod
a andcompanes H oth -thu derayped hash Cod
1 thu twO ma-éh, thu mesaq 18 acce pkd as auhenic
2 Conidunhality
Anothr basic Sevid pnouldluolb PGP is Contydanhiality
twhich 1S Phovideo by en(NYPhon mesSages hu b rlhans-
mittd o to be 3toned docall as l.
which (an
be descnibed astollows.
A Thu Sendih gennats a messag and a hando
128-bit numbto be used as a 9esS 0n I
K (07
his message Onl
b. thu messag is en copled Usin9 CAST-128
an 3DE
( 0n 1DEA
S) tuHh Session
3
2 E
2
4. Email Compahblhty
leasa paaH ds thu blocK D De R
FGP 1S Sed, ad
Seuia
1% onl1 th Signatu
dnsmtkd is encaHplkd.
en oko.
iS a&d, hun hu messag digest iS
CompTEI
X2x)
congidinhal
conidin Hal7u
T EncoPt Keg, x
euinu XElPUb,Ks N E(KS,X)|L
N
Connt t nadmee
R64[xJ. |
tneniC 1ónsmission
messao dta gnam 0E PGP
On S1ecephon, hu incoming block is 1hst Convon
td back
hom adi-64 fomat to binahg. Thun, messo
15
ib hu
encptd, hi Jhecipen ecovvs th Session K
decpte th meSSag. Thu Siesulhng block 1S and
decomphe SSed. messag
thu
thu iS S1gned, hu ecipest
O1cCoven s thu an smifled
Calculahon
hash Codtand Compane3
d thu hash cod.
Decayp key, x
con-icunhality
Resuiud9 Ks-D CPRb, E CPUn,k)
NO XD (Ks, E CKS, X)
Decompts5
xZ(
NO
VOb 31natuJU
slMitit Messaqu
pocadue9 o Slmine messag phupanahion
Phenenal
Secuing a mimE Enhg
14 Secunes a 1inE enhiy rth 3ignatuu,encoyphon
On bot
Thu messag Ao be Send is Conuod to canonical to)))
in all CaSe)
2. Ehveloped dada
Sieps on poupaing an enveloped dal
a- hentholi a pseudonandon Session Ke an a pahcula)
Smmelnic encaphon algaithn
DFO aco Jecipient, encOHpt thu Sessidn re ih Th
ecpiems public Key RSA Kej.
C. pup0u a block j0 each Jucipien
Encaypt tha me3sag
d. Conent colth hu Ses3ion Kuj.
3 Signed doda
SHPS da pupaing signed Dada aru
a. Select a messag oliget
algoithmn
b. Compuk ha mess ag digest d 4hu Conkn to be Stgnu
c. Encoyp thu meSJag digest Culth-thy
gno's Pivat Kul
d Pou Pau a blbck Knoten as
Sgninto .
Conknt
clea nt
is achieued using ha mulhpa
Pe tuth a Signed subiyge
Messa is 3emin thu clean becau necipicnt
ecipitn with
tCopability but not slnint Copabily an ho
ahlu
ad h incoming messa
5 Regi shmotion Reuesi
h Ceob tåcahon
equesi includes
a CeaHjicahion Keguesà 1nbo block
b3denhris, d -hu public encoyphon alganithm
C
K1
Sgnatusu db hu cohbicahon Re^uesA)no bloCK
The cehticalhog Reg uesaInko
thu Cenhficab a nami 0b
blocks ncludes
Subject anda
db thu uSons bi-Sining Jepe Seniahon
publi Ke-
ISecuuty ovOvicu
9bb ount appiahon Specific Secunty mechonisms die ne
developed Such as eleclnonic
mail, client 1Sovo Ckonboo 3)
web arusS CSSL).
An JP level Se cunit can entune Secune netwon king not
onl1 Hon aplicahong toth
Secuty mechanigimg but
also on many Secunity 1gnonant appliahons
TP Secuai CIPSec) is the capability
thak an be added
fo ponesent vo1sion
d intonet protoal ay m
anJ &
addihona hadvs Yon
Secune Communi Cahon
LAN, WAN and nm
Ontt atnos
aCnoS
1PSec is a
sel dt PMoto calsand meehanism
Contidun hality, Gurthuntiahon, that pnovide
Message inlepriby
neplay delechon al I? day. and
hu devill on which thi, 1PSee meehanism re Sid Is
called as Secunity gabuurt
3c has tuo modes d oponahon.
Tonanspont mode o Infrom phrel
2-Tunne mod
IPSc tWes wo ponotocols
hen mes3ag Secunity.
Aulhunhcahon HeadterCAH) pnotho
2 tncapsulah ng Seeunity pajJoad lESP) pnoftoco)
APplicahians dt 1Pstc
AcCe93 Conino)
Connechon.dess nleqorily
Aurhinhahon
Dakd 0n
Regchon dh npayd Ppackeh
SContidinhality
6. LImitHed taltie floo confiden hiality
( SP Secuni Anchietune Concap d
funda melal to-thu openahion d6 Psec is thu
Secunity policy applico to thu each PacKet Fhat
nansmis 1onm a Souna th a deshmahon hu
s3P
PIPSecu nidy polic 1s delomined paniman
imoachon d tu00 dalabases,h Secunit cotiahonk
ASSoCiahor
dalabaft CSAD and thu Secunity policy clah bak CSPD
IP
means by which irolhc is helako Jo Spcifrt
Ihu
SAs s namina Secnsity palicy Dahbak (SPD
In ib Simpkst tonm an SPD Containt enics, doch
dt awhich debine a Subseh d P 1ralhc and ponh
o an SA 0 hat thalhe
In mot Compleenuisnonmeni
, thou may be mulhjpu
enmes hat poknhaly
elati doa Singu SA 0n mulhpu
SAs associa kd wth a singlu SPD eniny
Each SPD entay y dénd by a sel d 1P and upptn-
Layn pnotoce field valus caleol Selectuns.
In tbbect, thek Selkchs au uko do iloh Ougoing
190/hc n Ondlh
D map i inb a pPan hicu lan SH
ha bollowing
seleehs detominau an SPD enby
a2Cimolen]P Addne
ott b local JP AddheSs
CNex Layo Pnotoco
.Nom
e. Jotal and kemok Panh
Authunhahan
Hadn CAH)
4 phovides
suprat fo olada integnity and Auhanh-
Cohon db
P Packe
Dade inlegouty Senvice
inSuies hat dloda ingide P rackels|
iS not
alfoed duning hu ADiansi
Authunhicadhon
Souia enables and end uso tu Aurhnkat
hu uSc ad-ha Othn end
and decides to arce ph 0n INEJECI
Packes acconding
Authenhcahon also
pevenh thu P SPoofing attack
AH 1S based on thu MAC ponotoco,
Caton paoihes must i-e, Aw0 Commun
Shanu a
Secek Kej.
Next head Payload Length 31
Resovd
Secunity fthameton
Inds (SPD)
Seguence Numbo)
Auethunhcahon
da
TYSec
Authenhicahan
headb omat
AH headtn tomat ConSist
INext headun 44. SP
2. ayload Lergth
3. Resnvd
SSeguenuNumbon
6- Aurthan hcahon
daty
tncap Sulahng Secuity hyload ESP) 6icp
Jimitkd
ESP Pn ovides Contidunhall hy Sovict and
oabbic 6low onfdenhal ty
An Authenhcahon Sovia is 0phonal featne.
ESP
hcahon
can cwonk wrth a vaiety d enoyp hon and authr-
algonthma
244 31
SecuiyCSPD Poname t
Sequena Numben
2. Seguene Numbon
3. paydoad dals
4. odding
Spadding Jngth
6. Next headh
3 Aulhenh ahon dat
Compaision bet ween AH and ESP
Authunhcales 3P Paydoad
ESP with Authenhtalo innn IP
Ond noi IP hadu) Packet
Auhenh-
Aunenh-
Cahion Encai 1P Payload and Encoypis enhu tnnen
TPv6 heado
P Packet
Combinin
a Secunity ASso ciahons
An indiuidual SA Can implemunt ertho thu AH 0 ES
Po7otocol
bul no both.
Somi hmes tha
a pobulan 1nabhe dloo wil Cal T0
CUiCes Pnovided by both AH and ESP futh
Ponhculah tonabhc low may neguinu IPSec Sonvian bluwe4n
hosh and don btween
hat Somu flow, Sepoak Sevi0
Secuity 2alitnyo Such a5
hnetual5
In all db hese cases, mulhpt SAs musA be employed
o hu Somi doralbic flow to achieve hi deshed JPsrd
Sovius.
Ihu 1om Secunty aBociahan bunduDos tu a Segueto
O6 SAsthnough wheh dorabhic musy be Pooassed 0
Povide a desind Sddt PSc Sonvias.
Thu SAs
in a bundu may deminai at dib3ount cnd poin
03 af hu Sami cndpoinh.
PStcunTy aSIociahons may be combined inh bundes in tuo
twayp
TnanS POt Adjauncy
2 Tnina td lunneling
to-thu applicahon ds mulhph dayens dk Secunia
Rebes
Photocols ebleced hdiough P Tunneling
appnoach allous 0n mulhpu Jevcls ob neshng,
This
each funnel can onginau on tominalu oda
Ana
dibb um TPkc sik abng thu Path.
6aS om binahons c Seruin ADociahans
JPSec chiteohtuu muw} be
SupponHed Jsh dou exampl) thaf
an Implementahon. Each SH Canbe eino
in
AH 0 ESP
Hel9-ty-hst Si ant eHho manspont 0n tunn
Othbnwise t mult be tunnel
modt
CASEA
All Secusity is pnovided belueen end Spiems
Implemen 3Pee.
7 Possibu combinahans ant
a. AH n dhanspan modlt
b ESP n 1hapo}madt
C.AH Tallaued by EsP in 1hanip0t mode
on dt a,b ore insich and AH OT ESp in Aunnel neo
2 CASE 2
Key
managemun 1s velaicdto delominaton angt
Message ength 7D
Lnglh
OUIKE heades
16 24
Nexd Payload cRseoved PtyJad Jingth.
( Genovc layload headu
IKE mah
lhi 1kE
hader fohmat const folbangDields
1 nhah S (eu bh)
2 Bupondb 3P (6a bih
3 Ned pay Jaad C8 bih)
4majo7 VJOn Cu bilh)
S1inon vosion (4 br)
6 Evehang Typc Ct bih)
C&
7flags bih)
/1essag 1D (32 bih)
9 Jongfh (32 bih).
COSe Studieg on Ca1 phignaph and Secunity