SlideShare a Scribd company logo

ip security

S
saivarunsamudrala

The document discusses several topics related to internet security including key management and distribution, TLS, and email security protocols. TLS provides web traffic security at the transport layer and uses cryptographic protocols to establish secure sessions between clients and servers. Email security protocols like S/MIME provide authentication, confidentiality, compression and compatibility by applying digital signatures and encryption to email.

Education
1 of 44
Download to read offline
Unit V ● Key management and distribution: ○ Distribution of Public Keys, ○ X.509 Certificates ● Internet Security: ○ Introduction to SSL and TLS. ○ Email Security: Pretty Good Privacy (PGP), S/MIME. ○ IP Security: IP security overview, IP security Policy, Encapsulating Security Payload.
X.509 CERTIFICAT ES
Internet Security
Internet Security ● Web Security Threats
Internet Security ● One way to group these threats is in terms of passive and active attacks. ● Passive attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted. ● Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a Web site.
Web Traffic Security Approaches ● A number of approaches for providing Web security are possible. ● The various approaches that have been considered are similar in the services they provide and mechanism they use. ● But they differ with respect to their scope of applicability and their relative location within the TCP/IP protocol stack.
Web Traffic Security Approaches
Web traffic Security ● IP security (IPsec)- Network Level ○ The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. Furthermore, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing. ● Transport level ○ The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard known as Transport Layer Security (TLS). ● Application level ○ Application-specific security services are embedded within the particular application.
TRANSPORT LAYER SECURITY
TRANSPORT LAYER SECURITY 1. One of the most widely used security services is Transport Layer Security (TSL) 2. TLS is an Internet standard that evolved from a commercial protocol known as Secure Sockets Layer (SSL). 3. TLS is a general purpose service implemented as a set of protocols that rely on TCP. 4. there are two implementation choices. 5. For full generality, TLS could be provided as part of the underlying protocol suite and therefore be transparent to applications. 6. Alternatively, TLS can be embedded in specific packages. For example, most browsers come equipped with TLS, and most Web servers have implemented the protocol. 7.
TLS Architecture ● TLS is not a single protocol but rather two layers of protocols TSL Protocol Stack
TLS Architecture ● The TLS Record Protocol provides basic security services to various higher layer protocols. ● Three higher-layer protocols are defined as part of TLS: ● The Handshake Protocol; ● The Change Cipher Spec Protocol ● The Alert Protocol. ● These TLS-specific protocols are used in the management of TLS exchanges ● A fourth protocol, the Heartbeat Protocol, is defined in a separate RFC
TLS Architecture ● Two important TLS concepts are the TLS session and the TLS connection ○ Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For TLS, such connections are peer-to-peer relationships. The connections are transient. Every connection is associated with one session. ○ Session: A TLS session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
TLS Architecture ● There are a number of states associated with each session. ● Once a session is established, there is a current operating state for both read and write (i.e., receive and send). ● During the Handshake Protocol, pending read and write states are created. Upon successful conclusion of the Handshake Protocol, the pending states become the current states. ● A session state is defined by the following parameters:
TLS Architecture
TLS Architecture ● A connection state is defined by the following parameters:
TLS Record Protocol ● The TLS Record Protocol provides two services for TLS connections: ○ Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of TLS payloads. ○ Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC).
TLS Record Protocol ● TLS Record Protocol Operation
TLS Record Protocol ● The first step is fragmentation. Each upper-layer message is fragmented into blocks of 2 14 bytes (16,384 bytes) or less ● Next, compression is optionally applied. Compression must be lossless and may not increase the content length by more than 1024 bytes. ● The next step in processing is to compute a message authentication code over the compressed data. TLS makes use of the HMAC algorithm defined in RFC 2104. ● Next, the compressed message plus the MAC are encrypted using symmetric encryption. Encryption may not increase the content length by more than 1024 bytes, so that the total length may not exceed 214 + 2048. ● The final step of TLS Record Protocol processing is to prepend a header consisting of the following fields: ●
Change Cipher Spec Protocol ● The Change Cipher Spec Protocol is one of the four TLS-specific protocols that use the TLS Record Protocol, and it is the simplest. ● This protocol consists of a single message, which consists of a single byte with the value 1. ● The sole purpose of this message is to cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection. TLS Record Protocol Payload
TLS Architecture ●
Email Security
Email Security
Email Security
Email Protocol ● There are three common protocols used to deliver email over the Internet: ○ Simple Mail Transfer Protocol (SMTP), ○ MAIL ACCESS PROTOCOLS ■ Post Office Protocol (POP), and ■ Internet Message Access Protocol (IMAP). ● All three use TCP, and the last two are used for accessing electronic mailboxes. ● The current version of POP is version 3 (POP3) and the current version of IMAP is version 4 (IMAP4). ● Although not a protocol, there is a series of Multipurpose Internet Mail Extensions (just MIME, never “MIMEs”) for various types of email attachments (not just simple text).
Email Security-S/MIME ● Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancement to the MIME Internet email format standard based on technology from RSA Data Security. ● S/MIME provides for four message-related services: ○ authentication, ○ confidentiality, ○ compression, and ○ email compatibility ●
Email Security-S/MIME Simplified S/MIME Functional Flow

Recommended

Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer security
Nazmul Hossain Rakib
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
AmnaNadeem27
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
Jenish Prajapati
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket Layer
Dr.Florence Dayana
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
Unit 4.pptx
Unit 4.pptxUnit 4.pptx
Unit 4.pptx
ssuser4b0b85
 
Ch4 Protocols.pptx
Ch4 Protocols.pptxCh4 Protocols.pptx
Ch4 Protocols.pptx
kebeAman
 
Remote Login and File Transfer Protocols
Remote Login and File Transfer ProtocolsRemote Login and File Transfer Protocols
Remote Login and File Transfer Protocols
Himanshu Pathak
 

Recommended

Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer security
Nazmul Hossain Rakib
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
AmnaNadeem27
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
Jenish Prajapati
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket Layer
Dr.Florence Dayana
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
Unit 4.pptx
Unit 4.pptxUnit 4.pptx
Unit 4.pptx
ssuser4b0b85
 
Ch4 Protocols.pptx
Ch4 Protocols.pptxCh4 Protocols.pptx
Ch4 Protocols.pptx
kebeAman
 
Remote Login and File Transfer Protocols
Remote Login and File Transfer ProtocolsRemote Login and File Transfer Protocols
Remote Login and File Transfer Protocols
Himanshu Pathak
 
Ch4 Protocols.pptx
Ch4 Protocols.pptxCh4 Protocols.pptx
Ch4 Protocols.pptx
azmerawAnna1
 
Team 5 presentation
Team 5 presentationTeam 5 presentation
Team 5 presentation
rob420
 
ssl
sslssl
ssl
vivek lohiya
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
shashankmharse1533
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Fit project
Fit projectFit project
Fit project
ajay raghavender
 
Application layer and protocols of application layer
Application layer and protocols of application layerApplication layer and protocols of application layer
Application layer and protocols of application layer
Tahmina Shopna
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
MLG College of Learning, Inc
 
v
vv
v
MLG College of Learning, Inc
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
Hatem Mahmoud
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
Dr. Shivashankar
 
Lecture 3- tcp-ip
Lecture 3- tcp-ipLecture 3- tcp-ip
Lecture 3- tcp-ip
Saman M. Almufti
 
Mqtt
MqttMqtt
Mqtt
abinaya m
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
Abhishek Kesharwani
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
Abhishek Kesharwani
 
installandmanagenetworkprotocols.pptx
installandmanagenetworkprotocols.pptxinstallandmanagenetworkprotocols.pptx
installandmanagenetworkprotocols.pptx
Teshome48
 
IT-NET GROUP 3 REPORT.pptx
IT-NET GROUP 3 REPORT.pptxIT-NET GROUP 3 REPORT.pptx
IT-NET GROUP 3 REPORT.pptx
EdJulleza
 
Why “It’s over TLS” is not good enough
Why “It’s over TLS” is not good enoughWhy “It’s over TLS” is not good enough
Why “It’s over TLS” is not good enough
MatthewHooper22
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
AyushMahapatra5
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
Mebane Rash
 

More Related Content

Similar to ip security

Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
shashankmharse1533
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 

Similar to ip security (20)

Ch4 Protocols.pptx
Ch4 Protocols.pptxCh4 Protocols.pptx
Ch4 Protocols.pptx
 
Team 5 presentation
Team 5 presentationTeam 5 presentation
Team 5 presentation
 
ssl
sslssl
ssl
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Fit project
Fit projectFit project
Fit project
 
Application layer and protocols of application layer
Application layer and protocols of application layerApplication layer and protocols of application layer
Application layer and protocols of application layer
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
v
vv
v
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
Lecture 3- tcp-ip
Lecture 3- tcp-ipLecture 3- tcp-ip
Lecture 3- tcp-ip
 
Mqtt
MqttMqtt
Mqtt
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
installandmanagenetworkprotocols.pptx
installandmanagenetworkprotocols.pptxinstallandmanagenetworkprotocols.pptx
installandmanagenetworkprotocols.pptx
 
IT-NET GROUP 3 REPORT.pptx
IT-NET GROUP 3 REPORT.pptxIT-NET GROUP 3 REPORT.pptx
IT-NET GROUP 3 REPORT.pptx
 
Why “It’s over TLS” is not good enough
Why “It’s over TLS” is not good enoughWhy “It’s over TLS” is not good enough
Why “It’s over TLS” is not good enough
 

Recently uploaded

Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Recently uploaded (20)

Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

ip security

  • 1. Unit V ● Key management and distribution: ○ Distribution of Public Keys, ○ X.509 Certificates ● Internet Security: ○ Introduction to SSL and TLS. ○ Email Security: Pretty Good Privacy (PGP), S/MIME. ○ IP Security: IP security overview, IP security Policy, Encapsulating Security Payload.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 21. Internet Security ● Web Security Threats
  • 22. Internet Security ● One way to group these threats is in terms of passive and active attacks. ● Passive attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted. ● Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a Web site.
  • 23. Web Traffic Security Approaches ● A number of approaches for providing Web security are possible. ● The various approaches that have been considered are similar in the services they provide and mechanism they use. ● But they differ with respect to their scope of applicability and their relative location within the TCP/IP protocol stack.
  • 24. Web Traffic Security Approaches
  • 25. Web traffic Security ● IP security (IPsec)- Network Level ○ The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. Furthermore, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing. ● Transport level ○ The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard known as Transport Layer Security (TLS). ● Application level ○ Application-specific security services are embedded within the particular application.
  • 27. TRANSPORT LAYER SECURITY 1. One of the most widely used security services is Transport Layer Security (TSL) 2. TLS is an Internet standard that evolved from a commercial protocol known as Secure Sockets Layer (SSL). 3. TLS is a general purpose service implemented as a set of protocols that rely on TCP. 4. there are two implementation choices. 5. For full generality, TLS could be provided as part of the underlying protocol suite and therefore be transparent to applications. 6. Alternatively, TLS can be embedded in specific packages. For example, most browsers come equipped with TLS, and most Web servers have implemented the protocol. 7.
  • 28. TLS Architecture ● TLS is not a single protocol but rather two layers of protocols TSL Protocol Stack
  • 29. TLS Architecture ● The TLS Record Protocol provides basic security services to various higher layer protocols. ● Three higher-layer protocols are defined as part of TLS: ● The Handshake Protocol; ● The Change Cipher Spec Protocol ● The Alert Protocol. ● These TLS-specific protocols are used in the management of TLS exchanges ● A fourth protocol, the Heartbeat Protocol, is defined in a separate RFC
  • 30. TLS Architecture ● Two important TLS concepts are the TLS session and the TLS connection ○ Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For TLS, such connections are peer-to-peer relationships. The connections are transient. Every connection is associated with one session. ○ Session: A TLS session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
  • 31. TLS Architecture ● There are a number of states associated with each session. ● Once a session is established, there is a current operating state for both read and write (i.e., receive and send). ● During the Handshake Protocol, pending read and write states are created. Upon successful conclusion of the Handshake Protocol, the pending states become the current states. ● A session state is defined by the following parameters:
  • 33. TLS Architecture ● A connection state is defined by the following parameters:
  • 34. TLS Record Protocol ● The TLS Record Protocol provides two services for TLS connections: ○ Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of TLS payloads. ○ Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC).
  • 35. TLS Record Protocol ● TLS Record Protocol Operation
  • 36. TLS Record Protocol ● The first step is fragmentation. Each upper-layer message is fragmented into blocks of 2 14 bytes (16,384 bytes) or less ● Next, compression is optionally applied. Compression must be lossless and may not increase the content length by more than 1024 bytes. ● The next step in processing is to compute a message authentication code over the compressed data. TLS makes use of the HMAC algorithm defined in RFC 2104. ● Next, the compressed message plus the MAC are encrypted using symmetric encryption. Encryption may not increase the content length by more than 1024 bytes, so that the total length may not exceed 214 + 2048. ● The final step of TLS Record Protocol processing is to prepend a header consisting of the following fields: ●
  • 37. Change Cipher Spec Protocol ● The Change Cipher Spec Protocol is one of the four TLS-specific protocols that use the TLS Record Protocol, and it is the simplest. ● This protocol consists of a single message, which consists of a single byte with the value 1. ● The sole purpose of this message is to cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection. TLS Record Protocol Payload
  • 42. Email Protocol ● There are three common protocols used to deliver email over the Internet: ○ Simple Mail Transfer Protocol (SMTP), ○ MAIL ACCESS PROTOCOLS ■ Post Office Protocol (POP), and ■ Internet Message Access Protocol (IMAP). ● All three use TCP, and the last two are used for accessing electronic mailboxes. ● The current version of POP is version 3 (POP3) and the current version of IMAP is version 4 (IMAP4). ● Although not a protocol, there is a series of Multipurpose Internet Mail Extensions (just MIME, never “MIMEs”) for various types of email attachments (not just simple text).
  • 43. Email Security-S/MIME ● Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancement to the MIME Internet email format standard based on technology from RSA Data Security. ● S/MIME provides for four message-related services: ○ authentication, ○ confidentiality, ○ compression, and ○ email compatibility ●