1. Security in many layers  Application Layer – E-Mail  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication

2. Application - EMail  Most popular is PGP (pretty good privacy)  First described in 1991 by P.R.Zimmermann  Just using existing encoding techniques  Symmetric keys (DES,IDEA,RC5)  Digital signature (MD5 or SHA with RSA)  Figure (8.27, 8.28 and 8.29) 8.278.28 8.298.278.28 8.29

3. Transport – SSL  SSL – Secure Socket Layer  A ‘layer’ between Application and Transport  Developed by Netscape back in 1994 – for use in web-applications  HTTPS – http secure meaning http over ssl.  HighLevel view figure 8.32 8.32

4. Network – IPsec (VPN)  2 form for security  Authentication –> Authentication Header (AH) Figure 8.33 8.33  Authentication + Confidentially -> Encapsulation Security Payload (ESP) Figure 8.34 8.34  VPN – Virtual Private Network  Connecting two ‘local’ network safely over the network by using eg. ESP in each router attached to the public network

5. Link – Wireless network  Wireless network are very easy to break in – you just have to be within the range of the access point.  Simple security is WEP Wired Equivalent Privacy – part of 802.11 standard.  1: Wireless host to Access Point (AP) – Ask for authentication  2: AP send 128 byte ‘nonse’  3: host encode the ‘nonse’ with symmetric key  4: AP check encode ‘nonse’ with original.  Key distribution is out-band agreed somewhere else  Advanced security is using Authentication Server  Central server for verifying the host authentication  Part of 802.11i (figure 8.37) 8.37