Professional Documents
Culture Documents
By
Farhan M.Shaikh
B.Sc. (CS),M.Sc. (IT), B.Ed.,M.Ed., M.A (Sociology)., UGC-NET (Education/ Sociology)
Visiting Faculty
L.S. Raheja College, SantaCruz
Tolani College, Andheri
Pioneer Education Center, Borivali, Andheri & Vasai
L.I.I.T., Dadar & Mulund
T.I.M.E., Andheri & Borivali
Unit 4
Security at the Application Layer (E-
MAIL, PGP and S/MIME)
Security at the Transport Layer (SSL
and TLS)
Security at the Network Layer (IPSec)
farhan.mohd@yahoo.co.in 2
Security at the Application Layer (E MAIL)
farhan.mohd@yahoo.co.in 3
Security at the Application Layer (E MAIL)
farhan.mohd@yahoo.co.in 4
Security at the Application Layer (E MAIL)
farhan.mohd@yahoo.co.in 5
Security at the Application Layer (E MAIL)
farhan.mohd@yahoo.co.in 6
Pretty Good Privacy (PGP)
farhan.mohd@yahoo.co.in 7
PGP
farhan.mohd@yahoo.co.in 8
Position of PGP in the TCP/IP protocol suite
farhan.mohd@yahoo.co.in 9
PGP
farhan.mohd@yahoo.co.in 10
PGP
farhan.mohd@yahoo.co.in 11
PGP
farhan.mohd@yahoo.co.in 12
PGP
farhan.mohd@yahoo.co.in 13
PGP
farhan.mohd@yahoo.co.in 14
PGP
farhan.mohd@yahoo.co.in 15
PGP
farhan.mohd@yahoo.co.in 16
PGP
farhan.mohd@yahoo.co.in 17
PGP
farhan.mohd@yahoo.co.in 18
PGP Algorithms
farhan.mohd@yahoo.co.in 19
S/MIME
farhan.mohd@yahoo.co.in 20
S/MIME
farhan.mohd@yahoo.co.in 21
S/MIME
farhan.mohd@yahoo.co.in 22
S/MIME
farhan.mohd@yahoo.co.in 23
S/MIME Certificate Processing
farhan.mohd@yahoo.co.in 24
farhan.mohd@yahoo.co.in 25
S/MIME User Agent Role
farhan.mohd@yahoo.co.in 26
S/MIME
farhan.mohd@yahoo.co.in 27
S/MIME
farhan.mohd@yahoo.co.in 28
Security at the Transport Layer:SSL
farhan.mohd@yahoo.co.in 29
Figure 32.14 Location of SSL and TLS in the Internet model
farhan.mohd@yahoo.co.in 30
SSL
Information sent over the Internet commonly
uses the set of rules called TCP/IP
(Transmission Control Protocol / Internet
Protocol).
The information is broken into packets,
numbered sequentially, and an error control
attached. Individual packets are sent by different
routes. TCP/IP reassembles them in order and
resubmits any packet showing errors.
SSL uses PKI and digital certificates to ensure
privacy and authentication.
farhan.mohd@yahoo.co.in 31
SSL
The procedure is something like this: the
client sends a message to the server,
which replies with a digital certificate. Using
PKI, server and client negotiate to create
session keys, which are symmetrical secret
keys specially created for that particular
transmission. Once the session keys are
agreed, communication continues with
these session keys and the digital
certificates.
farhan.mohd@yahoo.co.in 32
SSL
Negotiates and employs essential
Data Encryption
Data Integrity
farhan.mohd@yahoo.co.in 33
SSL
The Secure Sockets Layer (SSL) protocol,
originally developed by Netscape, has become
the universal standard on the Web for
authenticating Web sites to Web browser users,
and for encrypting communications between
browser users and Web servers.
Because SSL is built into all major browsers and
Web servers, simply installing a digital
certificate, or Server ID, enables SSL
capabilities.
farhan.mohd@yahoo.co.in 34
SSL Services
farhan.mohd@yahoo.co.in 35
SSL Services
farhan.mohd@yahoo.co.in 36
SSL Security Parameters
farhan.mohd@yahoo.co.in 37
Table 32.3 SSL cipher suite list
farhan.mohd@yahoo.co.in 38
Table 32.3 SSL cipher suite list (continued)
farhan.mohd@yahoo.co.in 39
SSL Sessions and Connections
farhan.mohd@yahoo.co.in 40
Four Protocols of SSL
farhan.mohd@yahoo.co.in 41
Figure 32.16 Four SSL protocols
farhan.mohd@yahoo.co.in 42
Figure 32.17 Handshake Protocol
farhan.mohd@yahoo.co.in 43
Four Protocols of SSL
farhan.mohd@yahoo.co.in 44
Figure 32.18 Processing done by the Record Protocol
farhan.mohd@yahoo.co.in 45
Security at the Transport Layer:TLS
farhan.mohd@yahoo.co.in 46
Security at the Network Layer: IPSec
farhan.mohd@yahoo.co.in 47
IPSec
general IP Security mechanisms
provides
authentication
confidentiality
key management
applicable to use over LANs, across public
& private WANs, & for the Internet
farhan.mohd@yahoo.co.in 48
IPSec Architecture
farhan.mohd@yahoo.co.in 49
IPSec Architecture
farhan.mohd@yahoo.co.in 50
IPSec Document Overview
farhan.mohd@yahoo.co.in 51
IPSec
farhan.mohd@yahoo.co.in 52
IPSec
farhan.mohd@yahoo.co.in 53
IPSec
farhan.mohd@yahoo.co.in 54
IPSec
farhan.mohd@yahoo.co.in 55
Authentication Header
farhan.mohd@yahoo.co.in 56
Authentication Header
farhan.mohd@yahoo.co.in 57
Encapsulating Security Payload
farhan.mohd@yahoo.co.in 58
ESP Format
farhan.mohd@yahoo.co.in 59
Encryption and Authentication
Algorithms
farhan.mohd@yahoo.co.in 60
Key Management
farhan.mohd@yahoo.co.in 61
Features of Oakley
farhan.mohd@yahoo.co.in 62
ISAKMP
farhan.mohd@yahoo.co.in 63
ISAKMP
farhan.mohd@yahoo.co.in 64
Services provided by IPSec
farhan.mohd@yahoo.co.in 65
Services provided by IPSec
farhan.mohd@yahoo.co.in 66
References
Network Security Essentials- Applications
& Standards,
Stallings W (Pearson Education)