ON1T-V

ecib
beb Secun Considehahons
wonld cwid web 1S fundo mentally o chtnt 1Senvo
applicahon cPlip
nunning9. ovo h ininanej.
imonned and
',
ConS+ pllowing chanacloniShsSecunity tuls
Ahough web browos aru voy ea h un-web Sohvov
Co nelahvely ealj h anfiguru, managt and web con knt
is
ncieasng7 eal t drulop h undhlgng SItwaru
Jenizaondirai Compus
2. A web Sov an be enploi ked a a Jaunching faol Inh
h Conponahons 037 aguneyt enfu Computo Complu
3 calual and unnalned ulhs au common cends don web
-bad souid).
web Sccunity-thraah
a.3negilj
iModfiahon ula dats d

T3v)an hounK brnoukn

).modfiahon d& mumIIj
iv
modifahon ck ehagl dabic in dnons
b. anfidntality

i
.baveldoPping
Thebt
on
u net
oom Sevy
io
i. Thot dkdals from cient
ivjno nehunk ntigunahon
aboud
v. intD about which clitnh
alka h Sovo)
Denial db Senvi
C.
1
Killing dk ulor hnead)
11. Flooding machinu uth
guW hequesln.
 ii.Fling up disK 0 Mumo
iy- JSolahing machinu bj DNS a4atKs
d. Authundicahon,

H. ImpoSonahon ( Jgitimati ws
. web Toalhic
Seuni APPDgache

9H numben d appnaches h providing web Secu ouo

Po sibu
Ta Vantous appoachs hat hav ben tonsjd
w Simila) Jn hu Sovias huy pnouid and o Somu eKVLT
d mchanifms that Hhuj u, but thy dibkon wrn
napect
hui stoptds applhabiliy and hin aho bahon wth
n-H4 TePlIp paohcal Stack Nthoon k, panspont, A pghahon
Se cune Socki Layen Ss)
mMS?Secusiy Snvia anu Seeuru SockLa AYN (SIL)
Thu
and T3ran.spand dayeh Seeunty CTLS).
lu S9L a gneal-puznpok Seula implnunko aa hl
S
Rorodv cals Hha
ehy on TCP
SSL Could be providd a pard ds tha undorlging pnonal
pnotntal
tute and houdonu be antgatuni to appiah anJ
mas bowsos (amt ezuipped wrth SSL
have Implunun ked th panohvcal.
anel ma web
Sevas
SSL Anch1echtunt

designioJo make ukds TCP

SSL to iS
D fnovidt
aeliabl
end end SecuuJobid Ss 1S T07
not a Singlu
Jahun two Jayohs dk potocoly 4 P0
io Cal but
ihu S92 Recond Panohcold
povidus basie See
to hgho Jayen oh cols. In pauhtu usit SeuOS
la, HP which
h paovid
2
 3
an Can
hu 1anlf Snuia on web cherd) Scnvo, intoath
Opoal on hp d SSL pan d S$2
dedintd as
Thhe hghen- layen potocols au
Tho
hand haxe prahcol, Thu chang ciphth 3pec poe
ho and
Aot proto(al
SSL SsL chang
Cipht.3pe Ale po tocol HT1P
HandSha
PhonKo PnobcaJ
SSL Recond Ponotocol

TCP

Ss1 Porotocol StaCK

SSL Con Su4 two impontan Conaph ie. SS Semjon and

SSL Conn.echon.
Session 5SL
An SSi Sessio0 iS an aociakon bewen o clitn+ and
a Sovon Se ion au Chtako b1 handshaK phoucal
A A
Seon Slatt i dabnd ballowing parametos
0 Sewton idanhfr
b. P Cehicala
C- (ompeSion me1hod
d. cipho Spee
e masio) Serae
omabl
IS Conneehions1
SSL
A Connechon 17antpon hat pnovides Jurlabu ypd a
SnviG. Fon SSl Such Connee hont at pewr-h pu 9xlakoninps
Evoy Connechen isavociald aurth ont Sepron
conneChan hat is drdnud by -h Tollowing faonameitoy

O. Sthvor. and ditnl nandom

SavO wik 1AC Se
Cclhtnd Cwnik 1AC Se1ntt
o dtnt wnik ugN

inhalizahm vahhs.
Segumit Numbe.
Kecond Pnotoco
SSL anc me bag
porovidt Condidin hal tj
ihu s$l fetond prohol
S2 conne chong.
Jnkgily Senvi do
APPliahon
dlod

Fnogmun

Compane

Add MAC

en1p

Append SSL

heaolu SSL Recosd Proto@l 0Penatio0

Aov quu indlicakes hu ovorall eporahon &y SSL Ketond
Prnotocol hu kecond Rrotocal aces an appiahan menag h be
fnanimihd nagunh h dat, inb managubl blocR, dpharal
Comphe9su h aPplies
daba
1,encHgh, adda a beaoo)
and ranimiy hnetulhng unit in4 Tep segmunt Kecrvod
 dal adu de rayphd, Voitied, dtompre sud and ealyembleo
brfonu being delivoed o heghen- ve uwrs

Chang Ciphu Pec Yrototo

Simpleat porothol. This Pnobal Conjnt de-a Singu

Sa
which con.sS9 db a Single byk aHh Solk puz poK
h valule 1. th
6 me Hag is to auk
h pnding Shab to be opro
TN CUent ab, whith updntis thi ciphin Suik do be upo
on thiy Connechon.
Rorutocal
3 Alod

huP Prutol
Alodis uld h eonlgy 2-elahd alens o th
enh. As wth othor appliahons hat uk 31, alert
me ag u Compe and enoyphd a yefid
Cunnund au d b7 h

4 Hondshak Pnotol
Ihu mast Complex fad l& 91 in hi HandShaks Vsotvcol. This
protvco alows -hu Soven and chnt h arthanhcat eath
oh
and to negotiali an en9yphion and AC Hlgprithm and Cnph-
omaphic to
7rpnic Kay be uld th pootet dal Sent in an SS 2
econd. Ihu handthaKe notnol uld brfort an1 agplicahon
dala 1s nansmithd.

19anspont 4ayen Secuity

t Secuzu 7ht nant
1LS IS a atuu
mai Seves deuignd
cb

mision ce ehcthonic nail hon one Sevc h anrthu UJhg

en(1pho) techne
1s (an edua -h 3isk 6 cavesdnoping tampoing and
he ag t0"mg cy mail Communi ahen
11S w0) deiont duzko provide Seeusity al ha ranpazt y
1S 15 a nonpe porlelat SSlUasion d
TLS Cuhend VOSion is maj UOSIon 3 and mon berjio
mAc alkulahen.
TLS Ufo mAC algnihua ano hu Stope dk-hu
Sece

HmAc
Seoia
AC)
Scec

HMAC Set H7A C

Secn
AC)

( -Secd

Hr1AC HMAC
Secoe AS)
Sead
Secu HMAC

Jungth-haJh Se
TLS funchon Phash (Seroel, Seed.
Phosh CSecaed, Secd) H19AChash (Seaut, A(1D l SCtd
HMAC-ha sh (Secanel, A l) Seed) 1)
HmAc-haSh CSeCrtl, n(| Sect) 1
9 Supponbh all db tht aler codes clebinud in sslv3 rth
exephon no Cohbicare
f dk
 HTTPS

PJ os to thu combinahon d& HT1P and Ss2 0mpltnun

Stcune Comunicahion betaucen a tweb boiolusn and aeb a

Scnv O).
he HT1 Ps (agabilHy is built inh all modon urb bootosops
14S tust depends on Suppoonhng HTYS
th Cocb Sevc
Com muniCation
HT7P connechon use) peonH 8o. 13 HT1RS uleo-po 4,
tuhich invoN SS 2.
t
uhunH7PS 1s ujcd thu following elkmin h (omuiCaNe e
tnoypeo.
1. ORL dl dhe nequesho clotcunen
Contends o8 hu documen}
3 Condents t bone0 S tom3.
Cookies Sent nom booust to SoVC) and Vie Vetg9
4.
heades
SContnhtb IT7P
chang in using HTP oVOn ciHhe
Thene is no tandamen tal
SS2 0n LS and bolh implemuntahons au M23 ond a t
HT1PS
H1TPS mplmunHahion ConsI S9 Comeekon Jnihahon and
and
Connecho) clouf
Secune Shell CsSH)

S a phototol 0) Secunc netwpnk Comrnuniahons

SSH
designue nelakvely Simplt and incapensivc
f umpleMint
was docusa on porovidng a Seeust umok dogon tad
SSH
t Juploce TElNET
aidel availablu ta
SSH cient and SovC applicahons ant
mas1 opemnng Syhmg.
 COnnechon Photo co
SSH USO Authrdi ation hotoco SSH
mulhplexes th tnc1pkd Junnd
Authendicates thu clen- Sice ch0n nel
Sevoad fnotocol Jogic
CASe td-lha Seovh into
SSH THons po ayen foto Co
Auherdiaiontonfidun hal ihy and Jnhgn7g
iovides Sovo
May oPhonally also pnovide compes3 104),
t
TCP
SanSmiSS10n Contol pnotoo poiouides neliable,conne chov
0 enled end- to-end delivo1

Irn me Protocol Pono vides do-a gonam delivoy alcHOSS

mulh ple Nedwos.

SHaCk
SSH olocel
Jt has becomu thu metho d dk chorce ton umok Jog in
and is apd be coming Onu d hu
andX tunneling
most Peonuasive appliahons p entyshon deahnoloa1 Oulside

cb embedded Sgmg.
SH iS 0mganized 0s hu photocol3 tha PiCall un
top 6b CP.
170nsPOt Layon Piotvcol
prouides Seuo1
,
Atcthundicakan data
Confidlenhality,
and dala inlegsnit Cwith
tonwond Secmecy
SececH.
Host Key Sovo Aucthundicahion occu3 Qthi bansfot
,
layen baSed on hu Stnve pmo0SSIng a publc poiivalc
K paih
may have muipu host kes bsing mulhplk
A A SenU

dibbenen 0Smmenic encgPhon algonrthm. nulh pht

hosis ma Shauh Samu host
Ki.
ond dhu conneodhion 13 egabl
ishesthe clhent and Sen VOn
 enchang lad e Bb cholto as
segmun
packes ntha, dae
ield db a TCP 9upurnrm
Each packet is in thu ollowing tonmatsups2
Paload

%mphes5

se POK! pd
Padding

encoy MA C

a. Packd unath HPaACKat

SSH TansPont dayon psnotocol packut fonmakon

Length db dhu facket in byies

, no ncludingh
packt
Jungth and 1AC bields
Padding Jngth
length db th Jandom padding ield.
paylood
Urbu conlens dhu Pock ovio-lo algonihm, nego-
Hahon,his ield uncomponeSSed. Compnessicn s
nego hahi00, hin in ebeg uent Packadshis relo
Compne SSion.
dd. Xandom padding
Once an encnphon algonithms has been negotakd,
this bield 19
adoed
e Mesa Authundiadion Cods (1AO
plus
5 Tha mAC value is com pukd OVO thu entau Pacrt
Sequena numbo, excluding thu MACAeld.
2 USen Authndicohon pnotocols

The use Aulhundicahan p31od ocol Psiouides hu means

ohich th cliend is aulh(ndicotegt to SenvO.
The SeouO may nequine on on moe d6 hu hollouwing
authendiCahion me-lhod9.
O Public Key
b. pasS wond
hogt seo
C.
ba
3. Connechion Piotoco
h pnotocol uns on tup dthu SsH 1hans
S3H Conne chon
pon layen pnoto col
and assumes hod a 3ecuu Atrthendi-
aion is in u
Thad ecuu Authundicahon Connechon
bb oned to as a tunne is uSed byfhu Connechon pho-
tocol to mulhplex a numbm 0b Jogica channel3.
Wianeless Secuut
-wineless Secunty and wihede3s devie9 fhad use thum,
indhodu0 a hosi ds 3ecuipnoblum9 OUtn and a bove
ho efound n cOi91ed neuwonks.
Somi, thu t octons comoibu hng
3niSK ds wineless netwon ks
tohu higho eouot
co0 pahed to co Ded nlus
uding th bollouwlng incl
aChanne
c01neless netwonndng ypically
cw1nelesS Involue9 boioad cot
Communicohi ong
eavesdhopping
uneh 1s o
and jamm ing
mone Sus cepibe to
han culneo netuonk.
 DDDD)))
CCCCCCCCCCCCCCCC
End- Point Cuidneless Medium AcCa Polnt
INinelessNetcwonKing Componenh
b. Mlobill
tOineless
deuices an in pincipal and usual! in pnacho
fa mout Poable and mobilhan wined deuico3
his mobility «sul in a numbc) d 9Sksdescombeo
Subsequent1.
c KesounC),
Som wineless deuices, Such as Sma phones and ablets,
have Soph ishaned opnabing Spsems bud Jimeol Mmo
and ponoco 9sing e Sounco3 tuth which 4o counloho
including denial db Senuice ancl malua
d. AcSSoabllit
Som tAiheless devies, Such as Sm So9S and noboh
may be Jebt unaHa ched in
mok and lo hoshu Jorahns
Ths qoualy inhea Sep hun Vulnoabltyt phasica atHac
iwlneles5 Netwok hauod
a. arcdden}al asšociahons
less ANs 0 wineless acoSs Poinds Cweo
(ompany ioe
ANS
uildtngs
in clo
may healk
Pnoximiy e3 in hu 3amu om
nanm isslon
neghboming
OU) lappln 74ng
b. malicious asSociahons
In Ahis Stuahion weless dvic
a 19 cob 9uud
aPPca) to be a
degii mat arca poin n0nhny
 orendo fo Steal Pasiaomds fhomJegi malu uSns
Ond netwont hoough a legil ma
pene-lbnati
tw1neless a wied
acas poln
C. Ad hock
netwonK

Thesau petn- D - pe metuwon ks belwer) wheless

Computus with no arc foint betwcen hum. Such
nekwon kS an pos a Secunity dheat due to a Jack
06 a Cendal poi db Conino).
d- Nonbadtiona nedwosns
NOndhadiiona netwo) Ks and uinkS, Such as peoral
nedwonk bluetovh deuia3, boocode Jcade9 and handled
PDAS po a SeCumity iSr in lems db bolh taves doo-
9ping and spooing
e. Tdenkty thebi (nAC Spootin

ThiS CCCuNS whun an aHackes 1S able to eavesdhoP

on ndtuonie ->aßbic and ideni thu 1AC
addess dk
Computo unh netwonk poniVileges
Men-in-thu middlk aHacKS
in a boaadn Sens, hiS 0Mack inuolves Pnsuading
a usch and an acesS pin to belive dhat thuy Hadking
tb each othu whun mjact Communicahon 19 song
oing honough an into mioialt attacking deuia
Denral db Seuia C DOS)
DOS aH ack Occun9 whun an otHackn Conhnual1
bom bands a wihe leds aCce poim
acce SSiblt
S an Somu Gih
Qce SSiblu Cuimele
po
tuth Uantous Ph0to col Message)
desigmid COn Sumu
Sptm SiesouICI
h. Neu0n ntcHons
A nekwonk inrOHon OHackh9u wieless arCe
 poinls had au exposed to on4ilHoud nthuook dhadn
Such as douhng probcol messages 0 netwonk mon
emn messc
qe)
gbo
uinekssSecunity measu3
O we Can noup tuo1heless Secunty Mea Sunes Inhshose
dealing wilh wi3ne less 19ans missfons, wlhele33 acC
Poins and cwiheles% neduwonR3.
a Secusn wieleW dhansmissons
hu pnincipal h winele3s dhans mi s
neats to 1on a
evesdonoPphng, akoing on messages and
nsenhn
disuption.
Thou abu wo meJune) i Sanal-hiding dechni2ues
and Encayphon
bSecunity wineles ACC poims
Th main thJeat inuolving wiheless aCCus3 poinh 15
unautheni12ed arcu to thu netwonk
Thu ponincipaj aph0ach bon poneventing Such arus1 is
th TEEE 802.1X handand 0 Pogd basd acee Corrpno
C. Secunity wnele Netwonks

1 u en(Djphion.
2 0Se
aniuinus and anhspHw Sdbtuwanu and fiuwal

3Tunn dlidenhin bhoadcoShng

4. Chang thu idnhii on you) 1ouon hom-hu dnjad
Chong eun noulcen's phe. Sel pasttwond do
Admin Stnahon
G Allotu onl
specitic computos do
toOeless neabonk
au you
 Mobt lt devia Secuoitty
pohto phones,hu dominavt
h thu widuspacad uk dk Smal
o9 Compudn and nedwonk Secunty dga"
9ahons as follow 9. Copoal 1 Coas hgrll (on)holed
sc deuicas tvou ypicalJimied to caindows PCs. Businesa
aPpications tuou Corbolled b11 and etho Jun Jocall
On endpoinls a on phsical Sovos in dada cendos.
An 0gani2ations andxpoivenchrng Sgniticand 2ourth
employe u db mobil dleui ceS howing ox 6b ne w dvicy
b. clbud bod aPlications
APplicasons can un anywhou -an dhadiional pgaico
Sevos 0n mobiu virual Seivns 0 in thu loud
End uSos Can now -take advanta db a widi voo1ej &
-
cloud basd appli cahions and T Senbice peonmal o
and piofess ional ut.
C.depomel enitahons
Given neu deviO ponoJige hahion, applicahon mobili
and Cdoud- based Con.Sumen and companati Seavia h
notahion b a 9hahc netwonk penmio)iS all bua gone.
d Exonnal buSnes% hezuiuminb
Thu
entonpise mus also phoUrda quesls hlol-pasty
Condna Cton3 and busine9 paodnens netwonk accey
u3ing cuurs rom a
ya0 ious
mulhfude dk Jocahans.
Mobilu divit Secuit thheah

GudeJines fon managing and Secusity mobill duia)

fn Hhu endoRni Jul 2612 huu an Seven maja)
Secuty Concenns 0) mobllu dovices.
 .LAck db physlo Secuity onmbob.
a.ux db unMbusko
mobiu diuia
3. 0St ds uniusleod nelwonkS.
4 OS ds Applicaions Conled by Onknown panhes,
SrInionachion auth Oth Sskms.
6 U db Undhuskd Conlen
9-Ok db Locaion Sevice!
mobilu daviCt
Secut Snak
Thu
mobiu davico Secugl hall in het cakgorie
Sizala1
1 Devic Sccunit mobili divIds
2. chent l
Scave) nabbic Secuity Con-1gunud whh teus

3. Bonni th Sccui nechanndom

Mechanisms and fahamelou
ad Corfom hamgani-
h\0ngani-
2ahon Serusrili policy

mo bill dav
Condiguohahon
nphahon SvO
datnbalk
Souo

This IS coogkd cahon

frthardi
u SSl o ACUy connd
1PSec VPw
tunnd
huaa

an dnd
Arcdhundicoh poharoco
huwal dinmih Scopt ok Cantod ano
dCUs afuicl
dalti appliahan atuas dukd o ntj (hmi
sta b)sh
mobiu dvila,
t6a acw
Mobiu dvia Secuity Elumunh on
1Deyia Secuity
A numbe db 0ngani2ahons wil Suppy mobi divias
will SuPP
PPmobiu diui o employu u and pecmA JUDY
thok dAvIce) Secuni poity
Confenn do th entopik
Whetho a dvit 1s ownd b éhu 0ngen/7aho) en BYG D
ocwn - deviw,thi asgani 2ah00 sheuld
(97ing- Joun-
COndigune thi deviu wiHh Seausnity contora ineluding
ollowing:
th
Enablu auh doce, which caulo h devilt Jo Jock H1

has no been ukd on a givtn imt

, nesUining ha ut
to u-enton a fous-digit PiN 0 pasuond b M-achve
th devta.
2. Enable panwond n PN Potochiorn
featunes tha umumbo
3 Avoid using
o pa
auh- domplele
lo
. name) wd
Enabl Jumo twlp
Is enabed,ik availablu
SEntunt thal Ssl fnolochon ,

6. maxe suu thi do, intduding OS and appliahon Is up wpely

InHall anh viw Sotuau as it betom qvailabu.
8 Erthun Sensihve dals Should
pohlbitd arom Shnag
be
mobiu deuiü
on h a Should be encphol
q. T shal should also have
th ability
to umoiel1 Olay
dvioo , wipe hu dvict dr al data ano thun disablu
h davit in thu evn t lop a9 the3}H.
10Thu 03hganiaahon maj pouhibA all inJtallahon d&
Pagity appl/ahns.
hisd-
ITh 091g9n12aion can implemunt and endonu
on whot
-
clouo bakd Sthona .
devics can SnchJoni?¢
and on-thu uh db
Nesinichons
 12 To deal with thu thoat d unduskd onknt an
disa bling Camona uk e on C0nponate mobil dvid

3 To Countoy hu thoeat 18 malienoul Uk ds doaho

Senuices,dhu Seeuonity palicy an dictali thad Such
Sevias is disabled on all mtbu duvie).
i. Tobhc Secui
Secuniy batol on -ha uSual meehanism
Toabbic is
Authindlahon
DO97 ensy phon and deconph om wHh
netwon
prnivati (VPNS) Can be ondquwrue
Virual K
betwen hi mobil devidt andl tha
So
that all dalic
019an12ahons netwK iS Vio a VP,.
15. Banonten Secuni
09ngan ahons should ha Secunity mechaniSms
Ihu
roltct thu netwonk hom unathasnieod aCCe. Th Seuiy
SHorakgy on alo ineude fauaall palicies speaibhe fo
mobile devict dralic.
cuall policies Can dimit hu Stope ek data anc a9piahan
disu
aCtey ton all mabil deviw.
TEEE 802.11 witeley LAN

JEEE Bo2 CommmHke thad has dwlopeo Stanclands fon

wid Sange db Joal areg nlw (lAN).
|In 1990 thu TEEE o2 CommiHk onm a new nedwonkin
phoup 1tEE 802.11, wiha horast) o devebpa pootrol
and d3anfm/9oton specificahon hn w Deleu lANI (Wl AN)
 WLANS at ditseneot heguencies and dala nales has
Cplokd.
StscdRer mo
S 0u cos ellechue and desinable gatcays tu ble
Computing less
Thy allow compuons to be mobile, cablu
Ond Communi ca
corth SPeed clo o speools o uihe
h
LANS. Thie Sk
heatusnes Cam wHh expensive paico ho pay 1n
Oeas ub Secunity d thu netwonks.
JEeE 8o2 potocol hchidectine
PiteE 8o2-11 Standamds au clebintd wthinth sihuctune de
dayend Set dt photocols.
hengol 1EE 8o2 Speciic,3EEE 80 1
funchon funcian
LO
Logical
flow Conino)
Link
Contho tsnon ConHo)
ASSemblu dade in 6namu Reliatblu doda delivoa
Medium ,
ACCOSS Addhessing Emon detechon wneles ACIM Conms-ol
Condo Medium ACCus
Poto cols.
Physicad Encoding 1decoding db Signals
bit Tangmissionlnece p hon -heq uency bond debinahon
Tians m Ss i00 medium wineles Signal en(oding.

TEEE 8021) Protocol Stack

. physia lagun
This 19he Joweg8 Jayon , which includes uch funchons as
encoding ldecoding
d Sgnals and bt dhansmisSion 3hetophon
In addition ,thu phgsicoal Jayo includes a Specificahon
dnansmission medium. 6 ha
3nhu Cask 6 1EEE 802.1),tha Physica
ayh also debines aequeney
bands and amenna
2. ediaACO Coninols chohecteSh
All CANS Corsist d5 Collech
on3
Abionsmr% (0n eapacng.
d deuins -}hot ghoou-hu newoo
 Somu means d Comonolling anes acey torthu donansmis4 0
medium 1S neded to phovide an 0ndolt and ebbicvent
uk db that
Conihol (mAO
Capacit This 19-ths-fanchon a media actev

hu AClayon eceive dada hon a highu) Jazo- PnotDdo

-

pically thu, Jogical Jink coniol ClC) Jayo, in hu

donm dt a block d dlala known as MAC Suia dah unit
MAcSDU).
mAC PNotocol dada und (mppU) hau a dala onmat ie
MAC Deshnaje SounC
mA mAC
Conbo AddnessAdde
MAC SeVitA claa unt CRe

MAC Headu MAC a)lo

henoal JEEE BO2 T1PDD TOnima
4
Consie hollowng tields.
a 1AC Conmol
Deshnahion
b. 1Ac AddnesS
Soune mAC Addhe
o. MAC Sovid oa Unid
e. cRC.
3. Logica Link Condho

In masa doda-Jnk con tnol poo1ocols, thu cala-linK pootbca)

ensty1s hesgonsibl no) onlon delecing emons using |
bu on necovejing
Ahu CRC, nom those enDons bj Juboas
mng damagudname
3n thu LAN poiotocol
anchilechtue,theu wo tunchon 3
Oou splt blw mAc& LUC Jajtns.
u mAC Jayon is hespon si
bleon deteoing en0 nS and
oliscanding on amus hat COniaiin eNNODS
Jayo
Llebeen Succes ophionatly Kops back d which fnames hal
hully secivo and adnansmits unsucceful
Sname
 20)
tctunal Modl
Componenth and Anch
Nlw
sben
nibsm
Oislaibuko Sskmn

AP2

STAZ
Basic
AP
SovittSdC8s3) STAI u
Basic
Sovica
C8ss) STA7

SiA4 S1AS STA6

STA 3

gune lusinalis -thu mocle g02-1) (oa) Kitg

devcloptol
b
Above
o Thu Smallest buildin9 block db a toiheless AN 15 a
bas ie Seuid St C8s9, which Consisis ds twieless Siedio
acu
n
exceuhing tha Samu mAc photocol and Competing don

.fo thi
A BSss
3am Shaned Cu heless Oiheless meolium
may be isolated 0 i may COnnect h back bonu
disionibuko Syshm (D3) thhough ACe poiH CAP).

Th AP funchon aS a bonidor and a ntay Point

1 Stahon i0 4h e3s
One wa
ho Communicafi Curth
anothh Stakon n hu Sami BSS, 4hu nACnam is
ing+ Sen hom hu 0miginahng gatio0 fo tha AP
and
hen nom thu AP-td thu odleshnakon sahion,
DEEE 802.11 Sevices

1ASSocidahon 6ntegahon
2. Aulhenfcahion 9 mspo delvoy
3. De Au-henhcahon 8-Paivat
L4. De Ass OCiahion
9- Keassociahion
5. DiSiibuhion
 TEEE 802.1li wineless LAN Seeunidy

lhu o0nginal 8o2.11 Specificahon ineluded a Sehl,db Secunit

DCatues ton poivacy and aulhinkcahonhat Cwet twe
an CueP)
paivacy, So2 .1) debined Ahu wiudl Eguivalen ponivacy (
algonithm. Tht paivacy onhon dk Hh 802-11 Shan
dancd Conlained majo cweaknesse
Subseguent to thu developmunt ob wEe thu 802.11a Jask
pnoup has developeo a Sel d apabiliies to addoegs-h
WLAN Secunuty iSSucd
Jn 03nden to accelenati thu intnoduchon sbmong Secunit
into lLANS hu w-F Alliance phomulgaled (Oi- F phof eeled
A CaSs (WPA) OS a tai-Fi Standand.
Thu Final fonm thu 802-li landasnd is nebbed toas
Secunty Nekwonk CRSD. Th Wi-Fi Alliana Cob fi)
Robus1
Vendosh9 in compliance toth Ahu tqll 802 1l4 Specibicahion
undn thu wPA2 poogna m.
RSN Speciicahon is quk ComplM.
TEEE 802 11 Sovia
a. Authundicahion
A Pnotocol is used to debnk
an exchange bl tueen a
uS and AS hat p1ovides mutual authenhahon
and genehates empona@y Keys to be tu ¢o
bekwcen
thu client and Ahu AP ovo thu twiheless
dink
b Actss Condo
This funchon en fon ces Ahe use
funchion, noutes thu messages
d hu authunhcah oo
phopconly and docilinp
Kiy exchorng .st coan
copnk Coth a
Authmhcaion pnotocols. va\iet os
 ,C. Poivacy
Coth message inleg
mAC Jevelo daa au encoypled along wnh a message
haue not
Code hat ensuies hat he data
been alHaeol.
JEtt 8o2. 1là phases dk openation
n an 1eeE
OPOIakion dk 802 li RSN Can be bnokn cdown
1nto ue dishnict phases dk ophahon. The ex act natune
d6-hu phases auill depend on -thi Coigunoahon and
hu end points d6 -tht Commun Caion.
Possi biliies include
1 Two cwihelegs Siahons in thi Sami BsSs Communicahng
Via thu access Point (AP) foon hak BSs
2. Two tuineless inthu Same ad hoc
SHadion C sTAs)
18sS Communicahing diaecty tuith each othe
Two (wiheless 3tahons in dibb Oent BSs Com muni-
Cahng dihed via hwn heSpecti ve APs achOSS a
olisibuhon Sshm
le. A.
uihe less Stahion Communicahing Curth an end
Hahon on a Cwihed nctawonk via ih AP and thu
disinibuhion Sgitm
Theive phasu) au
DisCoveny
An AP USS me ssa ges Called Geacons and
Responses to
Phobe
adv0 6se JEtt 80L- 1J SeCUSity policy
Thu STA URS these to idenhty an AP
Jon a wLAN
toth tuhich i 0iShes to Communi
cati
tu STA aSsociais
cojth. thu AP, which ues T0
Select 4h Cipho
Suite and authunhcahon
it
tohen thu Beacons mechanism
and phobe Responses phe sent
Choice Q
 22)
STA AP AS tnd Sahm
hno 94

Phat 4-DISCovon

Pha 2- Authen hahon

phak 3- key manau munt*

phog-4 Pnotecled Dala 1ns t

pha 5 onnechon Tohminajon

1eEE &02.11i phaseu ds openaion.
2. Pulhunhicohion
+Dunina his phak, thu STA and AS piove hein idenh hes
to each
oth
Thu AP blockS non- outhunh(akion Aaabbic between -thu STA
and As unhl thu authun hahio0 Ahansachon is Suceesstu
}hu AP des noi panhipati
in he authunhcahion diansachon
OthtAhan fontwasding Ahabbic beueen Ahu STA 2 AS.
 2
eg 2noahon
and disibnibuhan
Thu AP
and $1A Porho%m Se vohal ophahions haf
Cau JPhgnaphic Keys do be genoako and plauo
On thu AP and STA.
and STA Only
hames 07e cxchangcd belween -thu Af
4. Pnotecled dada
Tanso)
STA ano hu end
exchanged beltween thu
Fhames
3Hahion
0e
hnough tha AP
denokd by thu Shading and thu enaphon module
As STA
daa daans fen belwen thu
Secune
Cino thu AP om
occUns
not phovided end- to eno,
Secumty 1S
S- Connechon 1minahon
Tha AP and SIA enchangedames . Duning dhis pha
hu Secunl Connechon is
hion 1s estoned to
Ton down and hu Connec
h Onginal Siate.
 UNIT- V
PoeHy Gred
enshego 09
Panivacy
(Pa) 34am 980
heman kable phe no me non, 1 was by deueloped
PaP 15 à

phl 2imman man.

POP Phouides a cantiduniality and authnhahion Sovi
hak Can be uSed ton elechonic mail and
Stona u
QPpli cah ons
chonaclei shes d PGP
PGP is
availablt ne
Co0 nlod twidt
2. PGP an aun on vanious plat-foom windouws, UNIX and
maghimosh.
3 he algonithm3 uSed au exine mely Secu.
Cwonld coid acapalilety
PGP 1S not oleve loped and (omaalled
b geVehnamunt on
Handood gani2ahon
PCGP 1S on an
6. Intonet Stand0ds 1haCK
enoyps olata by using a block ciphen called tOE
PaP
Kty managmuni us RSA and dala, inegnity uhy MD5
NO-taions USed in PoP
Ks-Session Key uStd in Stmmelic en cyphon 3cheme
PRa Pivati key db 0So A.
PUa Public key d6 Osn BA.
E Public Ke Encyphon
DP Public Key Decoyphon,
CCSmme-gi c Encyptio
DC-Symmelic Dec)phion
H Hosh funchon
11 Con (ade naki on
2 Com pie SSion using 21P algo) ithm
R64 Convensfon tu nacix 64 AScN fo?ma
 PP OPOaions
PGP Congisa db toun SenViCas
o.a. Authun hcabon
Con-biduohiality

3 Compnessio
Emai Compahbilih
Authunkcahion
Signadunu Seuia Phovideo
Authomhcohion thi dighal
to PhP.
ocw
hu Sezunu is as9 foll 3.
b
O. Thu Sendn Cieates a messagr.
hash codi 0&
SHA-1 3 ustd genoati a 160- bit
h mesg.
enCyptd wth RSA USing Sendeo3 u
4 nash Codi is prupendeo othu messaqul
Porivat Key and thu esult 1S
d Thi eciuen ugh R3A tuHh hu Sendos Pubic g f
and ecoven the hosh code.
decypt
Thu ecive qunenatty a Hon thu mess-
neto hash Cod
a andcompanes H oth -thu derayped hash Cod
1 thu twO ma-éh, thu mesaq 18 acce pkd as auhenic
2 Conidunhality
Anothr basic Sevid pnouldluolb PGP is Contydanhiality
twhich 1S Phovideo by en(NYPhon mesSages hu b rlhans-
mittd o to be 3toned docall as l.
which (an
be descnibed astollows.
A Thu Sendih gennats a messag and a hando
128-bit numbto be used as a 9esS 0n I
K (07
his message Onl
b. thu messag is en copled Usin9 CAST-128
an 3DE
( 0n 1DEA
S) tuHh Session
 3

2 E

2
 4. Email Compahblhty
leasa paaH ds thu blocK D De R
FGP 1S Sed, ad
Seuia
1% onl1 th Signatu
dnsmtkd is encaHplkd.
en oko.
iS a&d, hun hu messag digest iS

Con-idlenhallty 1S ohi messa plus

Savice
6Hhi
S1gnatuu enCPkd.
aou
hu
eSinichon, Pr Phovides
PTo comodati this binany Sugm
)UicA db Con v hng thu aw 8-bit
chanactns.
10 Sinugm dk pninable Asci
nelahon3hip among h tain
Belbuw ciagnam ghows hi
Sigmtune 1s enonakao
SOvICO. On d9ansmission a
th uncompessed plaintl
Thun
USing a hash eode db
Conhidunialty 1s
thu plainkat 1S Compne sscd, Neat, i
he quined ,thu block is enchypkd and poependeo uith
hu public KI enca1pkd Smmenic encoyphon kj-
+inall,hu enhau block isS Con Vened oa Ck 0am
back
nacli-64 foma.
XGu
$iAnatusu70 henode gnatusu
Culud Y, X Signgkue llX
NO

CompTEI
X2x)

congidinhal
conidin Hal7u
T EncoPt Keg, x
euinu XElPUb,Ks N E(KS,X)|L
N

Connt t nadmee
R64[xJ. |
tneniC 1ónsmission
messao dta gnam 0E PGP
On S1ecephon, hu incoming block is 1hst Convon
td back
hom adi-64 fomat to binahg. Thun, messo
15
ib hu
encptd, hi Jhecipen ecovvs th Session K
decpte th meSSag. Thu Siesulhng block 1S and
decomphe SSed. messag
thu
thu iS S1gned, hu ecipest
O1cCoven s thu an smifled
Calculahon
hash Codtand Compane3
d thu hash cod.

ConUod dbom adod 64

XE XJ RG4

Decayp key, x
con-icunhality
Resuiud9 Ks-D CPRb, E CPUn,k)
NO XD (Ks, E CKS, X)

Decompts5
xZ(

$qnatuJU s 9ianatuolt lbom x

NO
VOb 31natuJU

henonic Hecephion diagnam d5

PGP mess0g
 sIMIME 2
Mal Cxlen son
SImine isa Intomet
Sectune MubpunpoSe
cuity enhana munt to thu 111E imnnel
e-mail funmat 9anddoo
anA
KEC 822 débines a foomat fon ded messag that
Sent using eleclonic mail. Thu RFC 822 34andand
Oppli only fo th contnh.
ine is an exknsion to thu RFC 822 amiwon hak
1S nndeo d th addess Som d thu pnoblems and
Jimahons d thu uk db SmP
SMTP Jmdahons,
bindy dbyrcC
SiP canndt daans mit execuda ble ies 0n
2 S Cannot hantmiterd daa hat includes nahona
Janguag chanaci os.
3 Sr77P Sovos may ujec mail me Saq OVo a en tain
31
SMTP x.u0v elecmonic mail nerwonks an
4. gakways
handle nonlextua dada ineludeo in X-400 mesSages
sMTP qakuays thad
1anslati between ASc11 and The
Chadnaclcn code EBCDIC do not uka consis tnt Sd dk
mappings, Iesulhng in ibansmission pno blems.
MIME
.1imE iSa Supplementon photoco had allows non-ASc
dada to be sem hhough 3n1P.
2 MinE dehntdb TETFto alloo 19hans mi ss id n dk non-ASa
dada viQ e-mai.
34 allous
anbHoyto be encadeo in Ascil don nohmal
Ahansmi3sion.
.A1 media tyRS hat
stt
du enCodled eciueo
OVethe wcolb
twndi tveb Cwwtw) an clibt e
Using elit
rMunEtP (Htd mulhpontiala Audl0_imaq mckanunt
applicahony)
 SMessag Sent using miME encoding ncludl inkn9ymaho)
hat descnibes hu tye ds dade and hencoding
that twaS
ud
6. RFC 822 SPecitieshu exact tomat on mai) hnd
dines as well as fhn Semanhc imn Pnciahon s.
MiME dein five heados.
.MME -VOSi0n
2 Conkni-THPe
B. Contn}- 1hanson -Encodng
(a-Bi4,8-8it, Sin0, 5ak 64)
Conlnt 1d
S
Content Desciphon
MiME message (maib Head

fnom cse eemoil.com

To Stuount e email com
MiME-VGsion 10
Content-TPeimag«1git
Conitnd-T>anshon-tncoding bak64
dala on-h imag

s/minE funchanal ty'

In dom db genoial tunchonaliy Slme s vy Simla
to PaP. oth 08tts he abilhty Si9n andlo encNYpt
mesIagel
t proyides thu tollowing funchon,
Envelo loped olade
2- S1gned dale
3- clea S1gned cate
S1gncol. añd enuelaped dada.
 1Enualoped dadeibeno
an and
This Consists d enca4pled Conkr ds
monu
Pe
encaypled Coment encoyphon Kep ton One oh
9necpicnh
2. Signed clode

eking thi me s5ag

A digilal 31gnatune is fomed by
ol igest d hu contnt to be signed and hun encyphn9

hat tunh thu privali Ku ds thu Signatuu

3-clea-3ned do
AsS tuHh 9gned olada, digtal 31gnatuae dk thu (On ent
Aomned
4. Signed and enveloped dada
Sgneo-Onl and encoy pied-only enhhes may be nestol,
So that encaypitd
dala may be sgned and signed daty
0n clea- Signed dads may be
encayplrol
Cyphug naphie Algonirthms ukd tn
Sh1nE;
Funchion Ke9uisumin
Ceaka messag digest|- MUSi Supfon SHA- 1
to be ußed in fonming Recivo 3HooLD
a ditau signatuJu upPOi tmDS fon
backad compotbility
2 EncoyP meog oigest g and keciuing 0gen
Ho omQ digital S4ppo 09s 105T
atusu Sending agents 9tioULD
encayphon. Suppot RSA
RecelVing 0gnh SHoULD
Supfont
319natuses twrthhi-
ticahion os RSA
S1t Si2 bih Kuy
3 Ccati a messa 1024, bik.
Keceiving agna MOST
Authenhca.hon coclu Supp HnAC
toth 9H A-1
endin8 agen SHoULD
Suppont
HnAc COin SA-
 Encaypt 6esson Ke do Sending and Receiving 0gemh SHoU
19iangmiss ion wh o Supfot DIb&ie-Hellman
nessa Serdng and Receivingagen 1u5
Supposit RSA PHon dorhix
encJ
i2 SI2 bi to 1024 bib
enypt message to
Sendin8 and R ecei uing 0genh mo51
d7ansmission uith Cuppont encphion toth 30ES
Onu-hmu ge3sion Ki Sending agenb SHOULD Suppor
encayphon torth AES 2 RC2 140

slMitit Messaqu
pocadue9 o Slmine messag phupanahion
Phenenal
Secuing a mimE Enhg
14 Secunes a 1inE enhiy rth 3ignatuu,encoyphon
On bot
Thu messag Ao be Send is Conuod to canonical to)))
in all CaSe)
2. Ehveloped dada
Sieps on poupaing an enveloped dal
a- hentholi a pseudonandon Session Ke an a pahcula)
Smmelnic encaphon algaithn
DFO aco Jecipient, encOHpt thu Sessidn re ih Th
ecpiems public Key RSA Kej.
C. pup0u a block j0 each Jucipien
Encaypt tha me3sag
d. Conent colth hu Ses3ion Kuj.
3 Signed doda
SHPS da pupaing signed Dada aru
a. Select a messag oliget
algoithmn
b. Compuk ha mess ag digest d 4hu Conkn to be Stgnu
c. Encoyp thu meSJag digest Culth-thy
gno's Pivat Kul
d Pou Pau a blbck Knoten as
Sgninto .
 Conknt
clea nt
is achieued using ha mulhpa
Pe tuth a Signed subiyge
Messa is 3emin thu clean becau necipicnt
ecipitn with
tCopability but not slnint Copabily an ho
ahlu
ad h incoming messa
5 Regi shmotion Reuesi
h Ceob tåcahon
equesi includes
a CeaHjicahion Keguesà 1nbo block
b3denhris, d -hu public encoyphon alganithm
C
K1
Sgnatusu db hu cohbicahon Re^uesA)no bloCK
The cehticalhog Reg uesaInko
thu Cenhficab a nami 0b
blocks ncludes
Subject anda
db thu uSons bi-Sining Jepe Seniahon
publi Ke-
ISecuuty ovOvicu
9bb ount appiahon Specific Secunty mechonisms die ne
developed Such as eleclnonic
mail, client 1Sovo Ckonboo 3)
web arusS CSSL).
An JP level Se cunit can entune Secune netwon king not
onl1 Hon aplicahong toth
Secuty mechanigimg but
also on many Secunity 1gnonant appliahons
TP Secuai CIPSec) is the capability
thak an be added
fo ponesent vo1sion
d intonet protoal ay m
anJ &
addihona hadvs Yon
Secune Communi Cahon
LAN, WAN and nm
Ontt atnos
aCnoS
1PSec is a
sel dt PMoto calsand meehanism
Contidun hality, Gurthuntiahon, that pnovide
Message inlepriby
neplay delechon al I? day. and
hu devill on which thi, 1PSee meehanism re Sid Is
called as Secunity gabuurt
3c has tuo modes d oponahon.
Tonanspont mode o Infrom phrel
2-Tunne mod
IPSc tWes wo ponotocols
hen mes3ag Secunity.
Aulhunhcahon HeadterCAH) pnotho
2 tncapsulah ng Seeunity pajJoad lESP) pnoftoco)
APplicahians dt 1Pstc

Secune connechvity ovh huJnteone

Secune nemode alass ove thu Dtonc
3 Eshabhshing exlhant and inlontt Connechvihy wh
Secuznity. PaNameto
tnhanhan eing elkclnonic Comm en
Beniebih
d JPse
1
3PSec povides Snong Secunity wrthin and actnos thu LAN'S.
2 JPSe ina finecwall avoides bypass i all dralbic fno
th oulside mus use IP
3. No ned to chong saltuane on implemenhng 1Be
1Psee 15 below 1nanspod layen and hencis nanspanent
4.
to applh cahon S.
S9PStc is 9ranspane do-hy end ulors alo.
6 nezured YSte can penovid Srewrity th ndividua
usos
1PStc Souides

AcCe93 Conino)
Connechon.dess nleqorily
Aurhinhahon
Dakd 0n
Regchon dh npayd Ppackeh
SContidinhality
6. LImitHed taltie floo confiden hiality
( SP Secuni Anchietune Concap d
funda melal to-thu openahion d6 Psec is thu
Secunity policy applico to thu each PacKet Fhat
nansmis 1onm a Souna th a deshmahon hu
s3P
PIPSecu nidy polic 1s delomined paniman
imoachon d tu00 dalabases,h Secunit cotiahonk
ASSoCiahor
dalabaft CSAD and thu Secunity policy clah bak CSPD

eKey Eachang nton K exchang

IKEV 3KEV2
SPD TKE SA SPD
Secunt
Polic SecV 3 3Perv3 Secunik
oataba k 1PSec SA Pain
policd
Secu Secuuk daaba t
SA D aSSoCiaho ssocaho SA D
oladaba olahba
EsP poelceis
da
3Pec Anchitecrtuzu
Secunit Associahons
A Ke Concept that oppeos in boih thu aulheohcahon
and condunh ality mechanisms o 3P is thu Secuaih
OsSociah00 (SA).
An associaio0 isa ont-ue Jogical Connechon belaueh
a Sendtn and eciuO) hat asko
nd9 Secuniy Sehuia
to the 1na bbic caimied on dk
1ta peh elahonghip is netded fan two-ny Secune
exchange, thun Auwo
Secunt associahong ou 3eqund
A Secun associahon is tni uej idnfeo b hau
.
Poonametchs
Secunity Panameos Indax CsP1
b.3P De Shnahofn Adldhess
C.Secuniy photocol Idunhottn
 Secunity AssociaJjon Database(GAD) Ri
Jn each JPSec impleminlahon theu s a nominadSeeuNI
ASSociahon dalabase that dle hines thu pahametn3 0SJocao
CuHh each SA .

ASecuni associahon ig nonmall debnid by thi

0ollo wing Ponameto.s in an SAD M
O. Secunit Panameto Indu
b.Sequena Numben Counto
C. Sequence Counton OVwflbo

d. Anh-Ke play windou

.. AH Intanmahon
ESP inonmahon
Lihe hm t this Serunity Apociahion
TPSte Povtocol 1ode
1 th 7T 0 Cmaximum 7nansmision Unid.
3 Secuit poliey Dadbok SPD

IP
means by which irolhc is helako Jo Spcifrt
Ihu
SAs s namina Secnsity palicy Dahbak (SPD
In ib Simpkst tonm an SPD Containt enics, doch
dt awhich debine a Subseh d P 1ralhc and ponh
o an SA 0 hat thalhe
In mot Compleenuisnonmeni
, thou may be mulhjpu
enmes hat poknhaly
elati doa Singu SA 0n mulhpu
SAs associa kd wth a singlu SPD eniny
Each SPD entay y dénd by a sel d 1P and upptn-
Layn pnotoce field valus caleol Selectuns.
In tbbect, thek Selkchs au uko do iloh Ougoing
190/hc n Ondlh
D map i inb a pPan hicu lan SH
ha bollowing
seleehs detominau an SPD enby
a2Cimolen]P Addne
ott b local JP AddheSs
CNex Layo Pnotoco
.Nom
e. Jotal and kemok Panh
Authunhahan
Hadn CAH)
4 phovides
suprat fo olada integnity and Auhanh-
Cohon db
P Packe
Dade inlegouty Senvice
inSuies hat dloda ingide P rackels|
iS not
alfoed duning hu ADiansi
Authunhicadhon
Souia enables and end uso tu Aurhnkat
hu uSc ad-ha Othn end
and decides to arce ph 0n INEJECI
Packes acconding
Authenhcahon also
pevenh thu P SPoofing attack
AH 1S based on thu MAC ponotoco,
Caton paoihes must i-e, Aw0 Commun
Shanu a
Secek Kej.
Next head Payload Length 31
Resovd
Secunity fthameton
Inds (SPD)
Seguence Numbo)

Auethunhcahon
da
TYSec
Authenhicahan
headb omat
AH headtn tomat ConSist
INext headun 44. SP
2. ayload Lergth
3. Resnvd
SSeguenuNumbon
6- Aurthan hcahon
daty
 tncap Sulahng Secuity hyload ESP) 6icp
Jimitkd
ESP Pn ovides Contidunhall hy Sovict and
oabbic 6low onfdenhal ty
An Authenhcahon Sovia is 0phonal featne.
ESP
hcahon
can cwonk wrth a vaiety d enoyp hon and authr-
algonthma
244 31

SecuiyCSPD Poname t

Sequena Numben

Pay load clat

Padding Padd ing Next
Co-1S5 bjten) Jengts Had
Acethon Kcahion dads
VOnviablu Si2)
ESP Tonmat

-1PSec ESP fonnat Consist d

1 SPL

2. Seguene Numbon
3. paydoad dals
4. odding
Spadding Jngth
6. Next headh
3 Aulhenh ahon dat
Compaision bet ween AH and ESP

fimil boc AH ESP

RFC 2406
DCbined
in REC 2402 Dined In
1S ophona
mandathn 6o Compliana EsP twth 1v6
AH iPV6 U B 15
po7ovicded
Ponouides slaongon authen hicahon Authenhicah o
3
in doans pont nmode not as 9toong as AH

Reguines Jess ovehead Sinte it Requines monu OUhea

inSeny a heacli)
4 onlinsenb ahead inb thu Cs t
3P Packet and ndilb)

7 H and EsP can Suppont two mades o opoaion

1TnansPont modl
Tunmel modl
mocle maint phovide pnolechon jo Oppo
T9anSt
JOgon potpCol9. Thu pnotechon exends to thi payJoad as
an ir ackel
Tunnel pnotechon to enhne 1P fakeH
mode provides
Secuny bields au added to DP fackeh and enibu paCKOE
1S new IP Packet oith a neus P heade

Pono hucol Tnan spo9d mode Tunne Mod

Aurhunhcals TP pajoad Authenhcaes enkou îP
AH and Seleclko ponhon d Packut and Selecleol pa3nhan
3P Heodtn d OutaiP heaoluy
Enoypls 31 Paydoad and Encapis entiou IP Packet
ESP JPN6 exknsion headu

Authunhcales 3P Paydoad
ESP with Authenhtalo innn IP
Ond noi IP hadu) Packet
Auhenh-
Aunenh-
Cahion Encai 1P Payload and Encoypis enhu tnnen
TPv6 heado
P Packet
 Combinin
a Secunity ASso ciahons
An indiuidual SA Can implemunt ertho thu AH 0 ES
Po7otocol
bul no both.
Somi hmes tha
a pobulan 1nabhe dloo wil Cal T0
CUiCes Pnovided by both AH and ESP futh
Ponhculah tonabhc low may neguinu IPSec Sonvian bluwe4n
hosh and don btween
hat Somu flow, Sepoak Sevi0
Secuity 2alitnyo Such a5
hnetual5
In all db hese cases, mulhpt SAs musA be employed
o hu Somi doralbic flow to achieve hi deshed JPsrd
Sovius.
Ihu 1om Secunty aBociahan bunduDos tu a Segueto
O6 SAsthnough wheh dorabhic musy be Pooassed 0
Povide a desind Sddt PSc Sonvias.
Thu SAs
in a bundu may deminai at dib3ount cnd poin
03 af hu Sami cndpoinh.
PStcunTy aSIociahons may be combined inh bundes in tuo
twayp
TnanS POt Adjauncy

Kib cres w apyng monu han one Secusily pnotoco

o-tha 9ami 3 Packel Cwthout inuoKing tunneling
This appnoach to Combining AH and ESP allouS Hon
Only one devel ds conmbinahon,

2 Tnina td lunneling
to-thu applicahon ds mulhph dayens dk Secunia
Rebes
Photocols ebleced hdiough P Tunneling
appnoach allous 0n mulhpu Jevcls ob neshng,
This
each funnel can onginau on tominalu oda
Ana
dibb um TPkc sik abng thu Path.
 6aS om binahons c Seruin ADociahans
JPSec chiteohtuu muw} be
SupponHed Jsh dou exampl) thaf
an Implementahon. Each SH Canbe eino
in
AH 0 ESP
Hel9-ty-hst Si ant eHho manspont 0n tunn
Othbnwise t mult be tunnel
modt
CASEA
All Secusity is pnovided belueen end Spiems
Implemen 3Pee.
7 Possibu combinahans ant
a. AH n dhanspan modlt
b ESP n 1hapo}madt
C.AH Tallaued by EsP in 1hanip0t mode
on dt a,b ore insich and AH OT ESp in Aunnel neo
2 CASE 2

Seunty pnouided onl bedaan 9atiways and no

implumant
Pkc. On hah
Singk tunnel needed
3. CAE 3
Bula) on ak 2
b adding md-to-end Seeunity.
ateu0y- h-Galiwy tumd is B EsP and individual
hoss con implument addihonal 1PSec
end SAs
Senviy via end-h
4 CASE 4
Pnovides fo a umok hat usng
Suppan
and ieaching behind a thi Jntenet
Onl1 tunnel modt
ie wall.
neguinud btwten
hos and thu the Demotc
One
fiuall
two SAs
o) ma be ukol belwan
host and thu docal
hos
thi Moe
MMOH
 hey larngemen db Je

Key
managemun 1s velaicdto delominaton angt

diStiibution d SeCnet Kegs.

,JPCO Jequine ment is houn Keys on Communianol
Oe cen wo
applhcahon S tbansmit and eccive
:

Pas hon both inkgnty and canbi dun hialig

hu 1PStc Achileehune
document mandates suppoT 00
two types 0 Key manage mun}
1Manua
condguNeS each
A Skm ddminiShahn manualy
ih own Keys and wth thi Keyo 16 Ofho
SHm wh
CommuniCahng sphms.
is pnachcal don Small, nelatively Shhl Envinonm
This
2. Automalrd-
hu on-dtmand
Sysenn enables Ceahion
An aubmakd
dk Keyp in a
06 Keys ton SAt and facilhes hu uk
AOg disi bulro Sysem wth an evoluing _cold Judnahion.|
defaut aurtbmaled By managemunt eehbval
huNeBennd to as 1sArnP/Oakely
Mie a
and consish de a
Yolowing elemenh

10akey kiy Detomnahon hotca

Ky exthang pho tn col bosto on Dilte-
Cakley
Hellman
ja
algonthm but pauvidng acdeo StUTity
h
0akley is unenic in hat k des ntt dictak Speobie fonalt

2. onet Secunty Asiociahan and Ky Managmuilt IutbcalSAK

JH

ISAKMP Phovides a hamuwonk on Inton

Hy managnun
and pnovides ia Specigic photvol Suppant,
ineludiny
malMNLgDhiahon k funitataihut
 ntoned Ky Exchang
(Kt) Pono tocol
JKE Ky delominahon Di38r- Helman
isa efinamint dB-h
i exehangt algonimm
Thesu
au a num 0 wcaknejs to D8t-Hellnan
Jdoes not porovide any indommahon about thi idunhkw
db thu pahhit.
is Subject ha man-in-thu-middk aHack
3 1S Compudahonally inltnsive
E Key
deleminahon is designed elain thu aduaHage
Did6e -Hellman twhiu oundchding
Featunes & IKE
KJ Detominah on
wea kne
o
ih .
tmployt a mechanisn known al co kis m Jhuwan+
clogging
atfacks
2. cnables he two panhw n negohiai a gnoup.
3J Sc) nonts fo tnsude against
lepuy arackS
4. 4 enables th exchange Dilbit-Heliman public
d kej valu
S3 Puthen hales ht Diltie- Hellman exethange to huwat
Man-in-midolle atHacks
Thtt diblent arlhanhahioo methods can be ujd wrth
IKE K detominahun
. Digitul SignauNI
2. publie K enco19hon
3 Symmeinic- Klj encnpho0
KE Huol tarmai an KE MESa9 consa d an 1KE
hcader llowd Onu an m0 pay.loadl
All t his is a 1d ma 19anlpUt pnotvol.
must
h crfi cahon dicdaes-hal implmutatons
Suppoantdhu ul 06 ODY JR -7 dhanipant Parotual.
 24
Inihahi's Steuaity Poamelon Todeu (SPT)

Nespondes' Secusnty ahanelo Indis SPT)

Next
PayJead yco i v Exchang TypPe plags

Message ength 7D

Lnglh

OUIKE heades

16 24
Nexd Payload cRseoved PtyJad Jingth.
( Genovc layload headu
IKE mah
lhi 1kE
hader fohmat const folbangDields
1 nhah S (eu bh)
2 Bupondb 3P (6a bih
3 Ned pay Jaad C8 bih)
4majo7 VJOn Cu bilh)
S1inon vosion (4 br)
6 Evehang Typc Ct bih)
C&
7flags bih)
/1essag 1D (32 bih)
9 Jongfh (32 bih).
 COSe Studieg on Ca1 phignaph and Secunity

Secune Inton-bn anch Paymunt TanSachon

Electnd
henoha Bant d îndia Cae) has implemen ito an
munt S1(m olled a5 CPS n ab12 0D bianthy
aCcoioss hu
ou21 stou chons buCentun
This Sptm lansto
Paymunt in
Compuli td bo1anches db GB1
A CenM hal Scauo 1s mainMain/d ad -h EPS dbbicc Jo cakd

in mumbai. Ihu bnanch 0bliccs Connecto-lhu local VSA

G6 a poniva netwank by
using dial-up Connechion.
lhu loca VSAT has a comechvity establishrd wrth h
EPS 0bbi
Ge ohi2es propoietay massaging Swit Calleol a
GE-Taontf fo xdhong aynment insdnuchans. Cunnend
tPS has minimal dalh Secuslty
AS -he Sysem OPenades in a closed netuok, -hu tuoeun
Secunity infna Su¢ tupul oay Sul3ic hu ned
7 Ihi dala moving acIOSS -th netugnk is
in encaypkdma
Cunsnent EPS Anchitechtuie

EPS is to 1nansmi paynut delails nom h

std paye
hnanch to -tha payet braneh via The Centna
Suo in
Mumbal whrch M alo descibed Skp-b-sHp
A dalemng pOtON in -fhu paye Bnonch
entoJ 1ans-
achon delon -Hoaugh-fhu intorfau.
Es
2. A bank olkicen chees -ha Valolity t thu daansachon
hhough fhu ES 1iCdac
3 ABHO valdathing h tnansoction, lhu Bank 08icc
08ie
QUrlhoieS h 1an sachio7. Authani 2cl Aransathon
i SlhsHel 1n 4 doal paynus 1aso() olaaba t.
 4. once hu 1nansa chon is Stoaed in Pr, a copP1 06 thu
Samt and Staeo ina fiu. This Jnansa
enypid
- chion Sloed in ou7 dinectuny
fil
S Ihu G6- 19anfon apication Joors ton any pending
doansachons by a poling meehaniSm and iH prds suc

3nanSachon S, it Sernds all hege flu onu-b-ont to u

EPS cenha ObdiaJoca ld in mumbal by dialing thu
doCal VSAT.
6 Ihu Jocal VSAT o thu EPS Cendha olbia
qeh comeckvity
and fhi9ansãchorn is dranlfeud and Shoue shud
in dhu disectooy
1N at
-h EPS tenhal dlica
ih intohdaa Rioqram af hu EPs ceninal obtitt colec
h i
pending "in dhu IN diectiy and Send
t
P appliahons at th 03bia
8 In ondr do Stnd-he Caedd Kujuel? h fhum17anJmiss ia
oL chang0
headons
9.
Ihu 061 -
Toanlf appliahon at tha EPs ental obdit
Colects -1hu 19ansachons pending in thu O01 diaucdny
and Sends hum to the payei Bank hovugh the vSAT
10 The 1nansachon 1S nanIHDNd and Sthned in th IN
ohhe chay db payet Branch,
h
por0g nam at thi fayet Branch Collechons
I1. Thu iniofaa
hu 1hanochon andPasis t in dh P.
hetun3 baCK an CCKno
2 PM manKs th edit e1 and
l2q0mun thu Sam.
6
13 h acknouwkdgmurt is picktd bj G67-19antfor atthu
Poyet Bonanch ond Send fo thu EPs centbal Clict thS1ough
VSAT
h
14. Iu EPS Centoal olbite Shecei ves tm Cnell acKnouweagen
and tonwands i to Paren Bonanch.
 15 The payo Bonanch onecives -thu acknotoledgemenm
Ched
Utcei This omple
esthi 4010nSaCno
2. C10ss Sile Scoiphng vulneoabiliy CCSS
a heladivel neo onm d atHacKs hal (npo CSSU
inadequal alidahions on lhu Sautr Sid
7nm
1S
actual no Complerel CONeC- pablem uwas Vea
Hetwev),ths tom luos Coied hin hi
Compe ll Cundstod and has Sluck evC INcl and/09
whan malitdul g
a9
COn09 STR SCmp hng hoppens
bsous) via anGtIO)
g a/acK a wrb Sve9
dynami call nonakd web ago.
u
r1o but atnu7
a arbsilk,
7 hi alattes longut and 15
U
iS 2unlk Simple o nderstand
d (Ssv
10a
On exyloihng he SCIiphing technologrs, Sudh as JavaJcenP,
VBSCnip 0n Snip
undessland
us hoo fhiu wpnK. ww
->Let SiHe Sending hiu pag
- Suppose -fhal au thu ORL 0b Hhi
twoald be
Submih hu fom. #
desd com and whe hu uf
ponognam called a adoe. agp
ooayso ySnVOn-
anm, in uf
-h web pag Conain ing a
whith h
ent 4 pasdal addney.
apeold
- Sonisg.
Howev, imagini Hhad ha Uon tnt s f alowing wituo
nhe
SCipl> tlello agnld 21Sip>
3 Viual Ekehons
- Anc-the siuahon whet yphgaphy S tleful m vtual
VOting would becomu 2uik commen
thchondCOnmut O12 (o
in-fk ezt tewdecades. yon virtual
Such , it. 1s impa3dant hat h
pootoco
-As
Cle chons Shoulo pINO teet individual ponivaey and Should

alo disallow chaing

 Consicun thi bollbwing protncol in 0ndor that botoS
Can Send hw Uols eleelnonically ht Elchon
Aulhoiity CEA).
tath Uoln cash hi ole and tnsypis it twr7h puoue

2. Eoth oton Sends

hen c1pled volehthu EA

3 hu Eh deapls all thu Vols r eaht netni eve

t
Oniginal ote, tabulotes al h votes a nnounww 7u
e suH t8 hu ekchon.
Theu au tollowing problums In hu Schenm
1.1hu EA cb nd KNOo tyhelho hu aurthan 2cd Uotes
has Secie ved tok Chogus) vates
have voltd 0 i4
votind
mechan sm to pheveni duplialb
2. Seeondl1 heu is no

u V VO SiOn Roopcol onsIS moru obus

ipa10 pznivati key
1Each wton cash fhu ole and sgns id with her
encopis h SignudVOk with fh
2. Eath vott thun
pubit key d-h En.
voe h-th EA
3 Eah votca Sends hu
thu voten wrh ih psnvali andJ
hy and
4. hu EA decnpts
thu help
VOufiethu Sgnatuae cl hi ot tuth
b votos public Krf
fhu EA han -tabulahs all hu Votu and annoanas
-hu ubl tt the ehchon.