0% found this document useful (0 votes)
36 views20 pagesNS Assignment 3
Simpl
Uploaded by
eshwareshwar5141Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
36 views20 pagesNS Assignment 3
Simpl
Uploaded by
eshwareshwar5141Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
/ 20
|
a Asi
A
Ssigument 3
ae
3
gust
|] Wath mab — oh explain operotion , St protocol
Busi] The SSL Record poval Prvtclui +00 gervices for
SSL cownections: |
Confidentiality The Hondahale -protvee! igi a seed
securt Keay “tat used fay eonventivel enouption
] Sst poryloads
—y Mureg. Tyctugaty: Th Hardihake. Protocel olyines a shoud
seat key that i ured to foam a manage.
aucthuntication cook (MAC).
— Rqu. indicots the eyerall operotion oy Hu. ssh
Recovd Protocol. The Reeoyd Protocol taka an applicatie
rasiog. ty be- trarmitted » feogments the deta ity
m abl. blocks , optienal compres te data,
applies a MAC , ent pts, adds a haoderjond trommit
He suulting writ in a TCP segment, Received data
one sted, vesidied » de vemproutd jand xeanembled
bape bing dutiverd ty highin vel user
The Ava ctep & hognuntation. Eoch Uppert
te pagmentil tts Locks 72 byte (iss
bya) ow LM
> Next, comprauion & option ally. opptival «Com prenion wiry
be losley ond Moy nob meme the contint
w move thon (sha af. Tn $8lv3 yno tempreni
Hh is Specified 5 0 -the dfault tm preuion
ahgnttirs ta nul)
— Th nwt ctp in proceutvg. & to compute
authertcation cole, tude) Vernet
; oer the compreued
For thu Parposes a thoad secat fey ai
1 ai
Tenet: the compl wing. ps Bee one an
enerypte wave Ayeowntbe mrayption
toy The final stp 4 SSL Revove Protocol paveusia iu +s
proc Ahraha . &
Comprened minoge tus Ha
|trvbtien [|
Fagwot | ee i ee
Aue
a. hordl
WHHL wrod ciagasm” explain phase '3 operation
protocel - fe
Cle Sever
Phoe x
Ealobtaing Sean’ patil
Sava ovthuntiaton ard kay octavg | pooue T
Prae AT | Chevt aucttuntiation avd fag OW
Fretivg- dt Hondiloke. Rotoce! | pose IV
Ctient " Saver
hello Bent cry epee
Meld eh aut
|, server tlle J rr oetptan pa
18% youd i
a ep oye 2
[ae sei — Ine asin voy od
vactee See Ma dad &
—_ Lf erd” halle menep- ple
SOUtt fr cote ia
ey, Chet fie cudtheae i
Cent CUiewt sends
2 Sethe ercbovy. «Chiru ony 4
fT et fcere vaiftafion,
| std 7) Prone:
Hy} Chas plo suit ad
cophe Trial hardibake, pootoe
pow
ty: Handaboks protoes! oetien.
T
| Phase 3° Chen Audhontootion and Keoy- Exchange .
-7 Phowe 3 u cuted ty cudtentiaat: be client.
[> Upon recep a the server dene Weage, »-Hhe chert
howl verify ted the server srovidid ox valid usdifeate
G4 yeytitd ) ool cheek, pe 4erver cathe Panseaitim ore
Seerproble. Ty OU UW satisfactory. sHe chet Zerdy ow or
More. Mmermoges lack to the server.
> Cathe TR the. sever has vequutral 0 codified, the
Werk beans teu phoe cendiva~ oo unthle musege,
“Ty no subtobh castlfiedt is ovailaLly fia. clerk serdr 0
no catifrest: oblut insted. -
—> Cewd_ Kay Ex SMe chew sends o client encborge
Epluyol ov Arany rors ‘Deffie Hellman: the chtent 4 peutic
Diffie — Helwan patamitn om aed
=> Bored Diffie Hellman: Th cheuth public Diffie Hellman
paronuts wet Att in a catifieats mumoge 40 tt
tevctd- tis enrages mull
Por terra! The lieu Firtesza posomretin ou 40rd
— Cetifiecte vex 1 Prabha ple he fend me
| coud a CoctiR ca veridy~ meMoge 4p provi de, expla!
vaktobion 9 9 diet cntifeach This mewog. & enily, cud
| fo\topoivg— omy eliewd — cadificate trod Lio Figuivg-
Spolt Uy 5
+] Explain how Mac By tvemiport loys, &Exptoin bow
Peeide youdeln yunetion is qrosted .
TLS t4 on LETE xtanclerdizotion (nitiahve, how
Ue to prduc. an Tatum andi vyeuton @ ssl- TLS
te dytned cs a Proposecl Tactinnet Stowdosd Wi RFC 5246.
Pre pase u vey aimilon ts ssl V3.
Musage Puttumticotion Code!
> Thar ae Loo difoonces behaeon sctv3avd TLS M
Schemes! the achwal elgoaitim and fhe cope Ff the
Mic cobcabdion. TLS “ake wae Hu. HMAC alge
Aiud MM RPC da. HMAC is dyinssl o
HMAC K (MD =H CH Dopo WHERE ipod MT]
:
Heewbedded hah function (fos Ts etthis MDS 0 chA-i)
ee Toph -to HMAC
Kt = seek kun paddid vot, 2004 en the Lyt so
He auutl U eyad to the block Ug of He bet
wo cle,
Fped= O0r10110 (36 tn bwedecimal) Apeatid 64 Ame (510 b
oped = 01811 100 (Se to hoxodicinval sepeatial 64 Himes (era 6
Sth, except -fat fhe pad di
SStv3 ws the come Olges’
exe contaberated with the secieh dtr ek
KOReL wei the. Zeca hey prstee. te ha, Hick tore.
The lvel g Secu by eoulel be cbodt tte Zome in
Cores:
4
Preudo rardem Function:
TLS mu we go preudorardem funchion a
PRE to expard uct wt bloe kx 3 dots tv
| q- bay aproton cy valicladion
| the objective, Bt woke we 4o aslalivdy ovall
orth Secscd volue but te qenecate OX bloke
date Wo woy Hat RAP ROM He hives
| 3 obtacké wack bok, funthens ond MACK
T-nm. PRE bared on
Va ag
Xponsion |
a sferetion a vanay
uk 2 ACY Ts eed) 4p
Fi G bath Coven | Ata) ff Seed) |
| AHIMA — Vash (cecact 2 ALS) U's ead)
| pba AC) & dyinad ay .
| © atop =serdl
|
ponoiln Catouh, seed) = Hae, ~boale (
awe meee, vorh see att
a _s
ee LHiAAc]
L + Negi tanaee
| Rtguei TLE an cto. p houh (scent seal)
[the deta expan’ ction makes ‘ HM
pow on ion. we qq the HMac
laevittim at He nn tos or sha -L ate gah ferwction
(TT Pash con be Herod os many timer Os wageaiany
bh produce, the Atgpived qvord qo |
CT Boch ttesation {volves two executions g HMAc tach
"E Which 11 hon invelver fun exeredions gy tle bork
| sitar, i ee
Th Moke, PREF 0x ceune ci porsible » 4 wes tov bail,
thm iy a wor “Hat shod ol Oe cin)
{ », i 2 Ww FRE 4
SOG ap 14 Sth egoviles ead
PREC Seat, tabel read Pa bah O17 10 i
PRE laduay fmpud a acerck valor an ile label sarnd a
Boer Ld puted On cudpp lenath, i
Wihot ore the ~ application and benrtitr of IPsec
Applications gq Maec :
—Y Secuce branch ABfia- Connectivity, cer the TSrwit i
A wompony. con build a Secu virtual private
nebdove over te Tiatmval- or over a public WAN: This
emably oa busiren to hrovily on te Tatand ord
reduce ite new for pri tcduderks aaving cote ond
nchonk wonegemant ovethtad . 5
— Seas remote cee ever Hu Tiitanit
An end user whose 2. th equipped with
IP seeaity protools tan make atocal tall an
Tutor serie, Rovide (188) anal gain seams. acceu
$5 a wwmpany. vcktork. Thin reduces te coat gq toll
chang er Nlivg- donployces oral telecine.
t Eerobhialaey extant ard tiband connectivity vite
| {Pree can be wed to Aeciur communicotion
| wrth often oni zotions , wiiiug oudtentication ond
| Conpeeouettoty ond rou alieg oO erchowge Wechonisa,
| —rEnvencivg eledinic commute rossi:
Evin Aeougls some Wed avd revive Comme
Opp Vestions have. fuiltifin Aeciniby protogok, the We
(eee enhantss Hot secwu'ty . (Prec gquoantess oct if
Frofic designratic by the netionk admiuirtodor Uu batt
ewor(ed ond outbanticatel, aattivg on odttind aur
H seusiy pp wlatoa & proved ott He ambeting
Bowgir 9 Pec: ’
| 7 When iPsec & tmpumented fro Arewall or route,
{ i provide Spee that con be applied to olf
hoftic. croesi ridin Taye Lotthin a compan
Ov Worl es MAIN ot tron ty
3 kiyt iota pe svadted
eee a di wally vuiclast to lypout @ all
a Cubbie mud ure, (Bard “tre
| evoal 74 fle On Meo ¢
| Ground wig, tee ones ye 3 erhane Yom fa
Fr tPaen Ue sbeclove, “Bre tewnaport (TEP, upp), and sou
transport ty pplication. Thue {a no nud te
Swe OM LARA oY seAVER spite cohen Prec
implant fy thy
impamanticl in end
opplicodiow, & wet
u
fittvnt oy woul. Even fy WPeee x
juppea- Septwong , include
eqitel, mappa lovee sat polaciug
—* tPeee, con be tranpount to end We. Tne Uae ited
to tain users on Setar muchanums ,tsue ‘
moti ona Peruse, basis yor reroke. wepyedeed
when weu Lave the ongortzation,
—> IPsec. Con peDvidle
Thi U Us
seousity for inalivedues wou ef needed»
40" pits Wyoker ond oy welling up a seome
Virid subd wok within om onyorien @ seuitive
opplcotions ‘
5 With erat chioysom explain transport: ond: bane! wrod
o operation a ESP
“Towuport mode |
Figgpiiorsgot: ~level aecuatly.
ma iy A be Kumasi ed oy fou:
os vols,
at pe block @ dala comtsbivg. Q the Esp
tratliy, plus the erty -brorsport-—|
ov Aa Pointoxt op thir beck “& xepheal arth 41
ag mont 16
plartert ty form Pg (P packel gen bor Minion ,
Rieanteation & addid ty this option és selrcted ,
| 2.The packet ex ttan souded te te arstvadion . Cock
ftredich youtn ned te examive- andl Po
the IP hoooler plus ony paintext tp extauion buodus
but doo not puddy dxantuc. the iphatext -
S: The destination nods eromins and proceues athe IF:
plu ony plinbt (Pextingion heooles- rae te the
boats alte: SPL om the ESP bode fle dutiretion
node. drouptr fhe semaivds ag the packet “hs 2ucover
the plowttert transport ~leyea agent
“Tiinne|_ rode:
[The Aouace Pepe on fone. (P pack with a. cer tinal
odds ay tvitrrel host. Tau pode i
prefixed by on esh heode 5 them tte pode obo}
ESP frotlin ” cue enuryptil cool Audhucietion Dott
beaddid« The nuubkivg bleck, encopiulabd
with 0 vue IP hod yhare destivetion oddau a
He f3a0wol | $059 fom the guise (P packet.
a. The ontix packet iu Qoutid th’ te dutination
Aive-poolh - Eauh cvteamidiate route needs to eomira
and pron the outa (P eos plus ony out, (P.
extinsion biscls but clo not hud fo exomlie
the ipo text, 4 ;
3: The dastination Apawadh Cramine ‘ond
out AP baodd ps omy ouch (P ea anaes in
Thin, on ta bosid the 7
, 4 SPL fn te ESP beocle,
pretend teed er derveide, gee
Aacover ai .
Pah Meant ate Fed
A The tnner packs i youkid Hoag 20.0 or mare 1
tr ts trtaval netwovt ete olestivation nari
@. yA vitkal prot nchoonk, vie Lannal moa.
Ayes Torspent Mare veuus Tannel Moda Grovetion
[List praametin thet dye seewi fy anew
| SAS ev 4
[> ceca Tanita Tie tins Se t,
‘the"vedriveey end gq an At vniquly tel "7
Tr an AD trdnye fey an outbound Smythe SPL ia use)
“ty construct, ta pocket AM ox, ESP heat. Tn an SAD
enby oy ane inbound $A ste SPI ts Wel tf map
“ile to “the appropriate A.
ation tn
> Sequance Humber Count: A 32-bit value used to
gems 1K sogusne Numben field in MI or ESP
| Heading
[> Arti "Replay. Window: ued to cletandne wlth on
| Mound AN oi ESP packet iy a replay
| PR Trjormation: Authenticadion algeritim » fp by let
and welaticl. rararnetin being used with
[ESC Tiyormelion: Eweyption ond aucthurtication algovttm,
fnttialization Veal, fap. Lgetionas van makted porbmretine
belvg cued Witte ESP
| > Litetinns of this seuwily Association: A time intaved or
| tount cotach on SA murt be ruplacdt with a
| Mew SA (ond way SPL) ox tanineticl plu an jnokcation
| wowide gf fuse actions shoud eccur,
| —* sec Protocol Madi. Tannil transport, of ustideand ,
| > Path MTU: Any. observed Tah werimum -trowuntsion
| Ont: (maximum size gy o- packet that Can be trons
|
|
|
|
woithoud Feoguauntotion) and py vavablu,
WHA neat atingnam explain (P bopjc. proceni
A | 0) Dutbourel Pacha, 7
|,
| 4,
& block Y dots from a higher lye, such a4
TCP UW paned down to the LP ( and an LP packt
& formed scoring. Gan UP header abd an IP body .
Dibourd IP podkd fo: furs TEP ox UDP) “
Sean,
Srouity pot
°
Match fourd
Discard | DISCARD -
Detanive
packst petiy
fq: Troveneg Mosul “for, Ouctbourd Packoh
Ls UPeec “seaihuthe SPD dora match ‘to thd packet
| 2s Ty no wodch ufourd » Hun tte pocket & dit cardtol
| and (an exo, muna. U
Ty 0 matdr uv food, firthor procening iu detunived
ye Firet meatchug tn Ate spd. Ty ~the peli
y Yair packet iu "Discdrgttan the packd Wu dixarded ,
Ty lu policy Bypass then thee i no dutter
[Peec Procaing: toe pactet forwardicl fo the acto
for bovsnuivion
ths poly. U PRorecT then a seoach ib wode & the
ho fev elthing erty - 7 no entry is found “then
tKE v moked ts cust an SA with Bo opproprinti
Kays and an erty iG made tn the SA-
| The. matching erty torte SAD detoring “thy |
| Proceming. a his packet. Ettlur endyyption, ducthentic
Or brit con be Fe ormid ,ovol sctttar Sctrompert ov
unial mete com be Wed. The packet b tun pad
tty the Rebwork. r -bantmivin,
») Ta bruvel Pack: .
An ‘evcomning IP packat ‘4 na the [Prec -proconig. 7
“Fllowieg stips occurs we 4
| Psec. determine whether the tu on une wed (P pac
Sxominivg {he IP Proto! -Keld (thva) or Next Haden
Fetal (ele) r
Pro
Ar/Esp
Thtourd (P packet
Coon ita
fy: Protdtng Maocll -fty Tnhound Packets
2H the packer Uw unsecured , (Prec search He SPR for
a match to the paced. Ty the frrat matching evitsy
kas a policy BYPASS, the \Pheadian Ue paotesed
anal tipped Ah orl the -packet body 4 cheliverd
ty the pet higher layer sua os TeP. Ty the -firat
wedchivg erty has a pobieg of PROTECT m (SeARD,
SY Ys 2 no woldlag ‘ewhuy j-the pocket
dis caschad « .
3 For a Fewsd packet, (Pree searches the sd, Dy wp
meth b found the porkul Ge discards. OMhawoinn,
(Piee apples the ogpropriate ESP or AM rai.
Ther the (Pheoda tr proceued and shipped oy
the lend body is dativerd fo the mort higher loge,
Suth ou TCPy
of
“| Ditfée-tatlman fp exchange atgovth. ust, dliagrom
Use B Koy Generation
Seer private Xr
