 Now we shall discuss what are the possible options to secure our data in NGN. Specifically, we'd look at the most recognized ITF standard given protocols, namely the transport layer security, the IPsec or IPsecure, and the secure real-time protocol. The basic concept of providing security comes from the fact that the users are interested in making sure that no man in the middle attack can take place, so the traffic has to go encrypted. Encryption is one of the most widely understood definition of security. Of course, there are other issues also, for instance, the authentication and the authorization also come under the jurisdiction of security, but generally speaking, we'll keep the scope limited only to what is offered to us in standardized NGN framework. Here we have the ITF recommended guidelines and the standard protocols which have been adopted from the internet community as such into the NGN. Considering the network layer to be the reference, which is the layer 3 from below, we see that at the network layer, once we have IP running, so on top of that, we can have two options. If we incorporate security within the network layer itself, we can call it as the IP security or IPsec, but if we go one layer above and encapsulate the TCP segment or the UDP datagram into the transport layer, we can call it as TLS for TCP and DTLS for UDP. In NGN, TLS and IPsec are the main recommendations. Let's start talking about TLS first. Transport layer security actually involves not only securing the data packets or the user plane, but also the control plane. So if we are using HTTP or for instance, if we are using session initiation protocol at the application layer, in that case, both of these signaling traffic as well as the data traffic would be encapsulated and secured using transport layer security mechanism. Once we are using TLS, actually it simply implies that at the transport layer, we are assuming TCP to be there or SCTP, which is part of the RTP family, are the underlying transport protocols. As an example, if we just combine the operation of TLS with SIP, it actually makes SIP secure known as SIP. Likewise, when we look at the network layer, we know that it is almost everywhere that IP datagram is used to carry the payload within. So if we are interested in securing both the control and user plane at the network layer, then IPsec is the option. Now usage of IPsec actually means that now the traffic would be processed not end to end, but at the router level. So it has to be very cautiously chosen, otherwise it will cause a lot of overhead and some traffic delay can also be experienced. So using IPsec actually comes as a policy decision, only if a certain customer has an explicit request to incorporate IPsec, it is entertained. Otherwise, the combination of TLS and IPsec together is not realized. TLS, if we just quickly recap, is end to end encrypted, whereas IPsec is actually processed at the network layer over every intermediate hop that is at the router. IPsec provides us the different options. We have seen the operation of VPNs, the virtual private networks. So IPsec is being used there as well. So IPsec comes essentially in two modes. The first one is the transport mode. It is a simple mode in which the user traffic is encapsulated as such for point to point communication. So both these end points understand IPsec. Then we have the tunnel mode. Tunnel mode works once the traffic is destined for a party which is not implementing the IPsec rather it is simply an IP processor. In that case, the IPsec header actually contains as the payload another IP packet which is known as the tunnel packet. In that case, the traffic which is getting exchanged between two points is actually not meant for two end points but another node which sits behind one of the end points. So it means that the tunneling or IP in IP is a mechanism to provide a secure means of communication for users which do not have the IPsec implementation as such. If we talk about providing security to the multimedia traffic, since it is a lot of traffic and the traffic is also getting generated real time. So it is an important concern with regards to the overall efficiency and the overhead on the network. So generally speaking, in NGN, the users do not by default request for multimedia to be secured. Likewise, the network also is not very keen to offer this as a service. But if a customer makes an explicit request to provide protection to their data, in that case a protocol is used which is known as the secure real time protocol. It simply what it simply does is it encapsulates or encrypts the traffic on a point to point basis. So this real time protocol once it is secured, it typically is offered for RTP at the application layer and UDP at the transport layer. So what this secure real time protocol does is it encrypts the user traffic at the sender end and decrypts it on the receiving end. So it is a simple process of using keys to encrypt and decrypt traffic. However, this process takes the time so it is not adopted much if the user is not insisting.