Question

1. Explain encryption methods and how they are used
2. Describe authentication methods and how they are used
3. Explain and configure IP Security
4. Discuss attacks on encryption and authentication methods
5. Discuss the different types of encryption method and how to implement them.
6. Discuss the importance of security token.

Answer 1

1.

There are three different basic encryption methods, each with their own advantages (list courtesy of Wisegeek):

• Hashing
  Hashing creates a unique, fixed-length signature for a message or data set. Each “hash” is unique to a specific message, so minor changes to that message would be easy to track. Once data is encrypted using hashing, it cannot be reversed or deciphered. Hashing, then, though not technically an encryption method as such, is still useful for proving data hasn’t been tampered with.
• Symmetric methods
  Symmetric encryption is also known as private-key cryptography, and is called so because the key used to encrypt and decrypt the message must remain secure, because anyone with access to it can decrypt the data. Using this method, a sender encrypts the data with one key, sends the data (the ciphertext) and then the receiver uses the key to decrypt the data.
• Asymmetric methods
  Asymmetric encryption, or public-key cryptography, is different than the previous method because it uses two keys for encryption or decryption (it has the potential to be more secure as such). With this method, a public key is freely available to everyone and is used to encrypt messages, and a different, private key is used by the recipient to decrypt messages.

2.

• Transaction Authentication

Simply put, transaction authentication looks for logical flaws when comparing known data about a user with the details of the current transaction. For example, if a user that lives in the U.S. purchases several big ticket items while logged in from an IP address determined to be from a foreign country, this is cause for concern and would require extra verification steps to ensure the purchase is not fraudulent.

• Biometrics

Biometrics literally means "measuring life," and refers to the use of known and recorded physical traits of a user to authenticate their identity, as no two individuals share the same exact physical traits. Common schemes include:

1. Voice recognition
2. Fingerprints
3. Face scanning and recognition
4. Eyeprints, such as retina and iris scans

• Tokens

Tokens are physical devices that are used to access secure systems. They can be in the form of a card, dongle, or RFID chip. One common token used in authentication schemes today is the RSA secureID token, which provides an OTP (one time password) on its LED screen which users must input along with their normal username/password to access a network.

Tokens make it harder for a hacker to access an account, as they must possess not only the login credentials, which can easily be gotten with a keylogger, but also the much harder-to-obtain physical device in order to gain access.

• Multi-Factor Authentication

MFA is really a blanket term that describes an authentication scheme that uses two or more independent sources to verify an identity, like:

1. Something possessed, as in a physical token or telephone
2. Something known, such as a password or mother's maiden name
3. Something inherent, like a biometric trait mentioned earlier

A classic example of multifactor authentication would be an ATM machine, which requires something possessed (the debit card) with something known (the PIN number) to authorize a transaction.

3.

The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it.

Uses of IP Security –
IPsec can be used to do the following things:

• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.

Components of IP Security –
It has the following components:

1. Encapsulating Security Payload (ESP) –
   It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload.
2. Authentication Header (AH) –
   It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality.
3. Internet Key Exchange (IKE) –
   It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Assocaition (SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec.

   Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets which are not authorized are discarded and not given to receiver.

Working of IP Security –

1. The host checks if the packet should be trasmitted using IPsec or not. These packet traffic triggers the security policy for themselves. This is done when the system sending the packet apply an appropriate encryption. The incomming packets are also checked by the host that they are encrypted properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive mode which enables the host to establish an IPsec circuit more quickly.
3. The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data accross the IP circuit.
4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those algorithms.
5. Then the data is exchanged accross the newly created IPsec encrypted tunnel. These packets are encrypted and decrypted by the hosts using IPsec SAs.
6. When the communacation between the hosts is completed or the session times out then the IPsec tunnel is terminated by discarding the keys by both the hosts.

NOTE: As per Chegg policy, I am allowed to answer only 3 questions (including sub-parts) on a single post. Kindly post the remaining questions separately and I will try to answer them. Sorry for the inconvenience caused.