 we said that the original internet protocols didn't support security so people have created some add-ons and they can be used at different layers in our protocol stack. We can have the add-ons inside the application so add the encryption to the application so it encrypts the data as it generates it or inside the operating system so the operating system does the encryption and there's two modes really that inside the transport layer using an extension of the transport layer and a common one is called TLS but also called SSL so don't get confused when I say TLS or SSL I generally mean the same thing they just it was originally called SSL but as the versions changed it became TLS but in this context we mean the same so at the transport level or at the network layer level that is encrypt the IP datagram or at least the data inside the datagram using IPsec or the fourth case which we finished on last week was at the link level used the link technology to encrypt and different link technologies support encryption especially wireless and we went through using this example topology and protocol stacks to show that with application level security we get end-to-end encryption but we must as the application developer deal with that security make those security mechanisms so there's some complexity for the application developer some systems support that so secure shell is one that you've used on a regular basis but there is others as well or at the transport level where the application developer doesn't have to worry about the implementing encryption and other security mechanisms they use a library usually that comes with your operating system or comes with an application and that library usually implements TLS or SSL one such library open SSL but it only works for one transport protocol so it's not as generic as some of the others but still end-to-end encryption which is good HTTPS is the best known example of that HTTPS simply is normal HTTPS using TLS then we said at the network layer there's IPsec also can provide end-to-end encryption which is good and it encrypts everything whether it's UDP or TCP whatever the transport protocol is being used the data is sent to IP and then IPsec encrypts that so it doesn't matter which transport protocol we're using doesn't matter which application layer protocol we're using if it's HTTP traffic email instant messaging it still can be encrypted with IPsec so it's the most general of the three solutions so that's good it's good because it can be end-to-end it's bad big the problem with it is that it often involves the end user on the host where we run IPsec host A and host B to do some configuration set up the security parameters so that they can communicate between the hosts so that makes it not very convenient for many common applications so it's not widely used in this mode we did look at also Wi-Fi encryption we looked at the case where we could use encryption just across a link good as they encrypt everything whether it's UDP or TCP IP version for IP version six doesn't matter it's encrypted as it's sent by the network device the problem is it only applies to that single link it doesn't give us end-to-end security so it only has limited purpose so that the four main solutions but we said IPsec is not so common use for this end-to-end encryption but it is slightly more common for other setups and we saw when you look in your mobile phone under the VPN settings there is an option to use IPsec and that's where IPsec and some other technologies are used and we'll show them in the next couple of slides and the next topic will return to this issue of VPNs so we say that network level security IPsec and even others is commonly used in what we say tunneling mode what does tunneling mode mean change the proxy have you covered it in maybe Dr. Comet's course maybe maybe not we'll define it but we'll you you've seen tunnels talked about we'll define it shortly but first let's look at an example and make it reasonably clear I hope here's our same topology as before but in this example we're going to use IPsec on my host my computer my laptop for example and instead of having a running on host B we will run IPsec as another endpoint let's say on router y so the idea here is that when my host A sends its IP datagrams IPsec will encrypt the data but instead of sending it encrypted all the way through to host B we send it encrypted all the way through to router y router y which is running IPsec decrypts what it receives and then takes that plain text data and sends it normally to the final destination host B so the red line highlights the the path for which the data is encrypted using IPsec first thing I think you will note we don't have end to end encryption between host A and host B the entire path does not use encryption and that's a disadvantage here because if an attacker intercepts the traffic between router y and host B the traffic is not encrypted so that's a security flaw it's only encrypted from the router to host A why would we do this then as opposed to the previous version of our application of IPsec where we had it from host to host why would we run IPsec from host to router if it gives us less security what advantage does it give us what's what was the problem with IPsec again what what what did we say the problem was have a look on the slides it may say that is in the the end-to-end application of IPsec it's good from a security perspective because we have encryption all the way what's the problem with it it usually requires some manual or some support the IPsec features need to be available and some manual configuration in the endpoints in the hosts so if that's the case where IPsec is used there's a manual configuration necessary how can this case host to router application of IPsec be better than the previous one what's the advantage here the you the user at the recipient host B's endpoint doesn't need to configure IPsec the administrator of the router needs to configure IPsec but not the user of host B well does that make much difference it does if there are many hosts inside this subnet let's say router Y is the router for for SIT and the hosts inside SIT there are hundreds if not thousands so we don't need to configure IPsec on every individual host inside the subnet we configure IPsec on the one router for SIT and the external the host a in this case yes we still need to configure IPsec here but internal or the the destination network it's much simpler it's just on one device that covers the entire network so that's the the trade-off that arises in this approach we no longer have end-to-end encryption we have a potential area of compromise between router and host B that's a negative but the advantage is that we no longer need to configure IPsec on every individual host inside this network we can configure it once on the router it doesn't have to be done by you or the end user it's done by the network administrator who should have more knowledge of how to set it up correctly and in many practical cases encrypting from host A through to the router maybe secure enough because often let's say the router is that for SIT often we may trust the network internally so all the traffic between the SIT router and the SIT hosts like my office computer and so on we assume an attacker cannot intercept that because they must come into SIT and physically access our cables to intercept so we consider this portion of the path from Y to B more secure but from SIT's perspective outside of router Y that is out on the internet we don't trust therefore we use encryption across that part of the path and that's where IPsec has a larger larger rolling being used in the internet and not just IPsec there are other protocols that do similar how how is it done so that's the advantage here but how is it achieved I try to capture with these packets so not draw them again slightly different from what I drew before but just to make the packets easier or quicker to draw this is the IP datagram this is the data and the source address is A and the destination address is B right we're sending from host A to host B so this is what the IP datagram originally looks like from A to B and some data inside whether it's TCP UDP or some or doesn't matter what application but what IPsec does when we've configured it in this mode is it takes that original IP datagram encrypts it all and puts another IP header on the outside and we see that down the bottom the original IP datagram going from A to B and the data is all encrypted but an additional IP header is attached and the source IP address is A and the destination is router Y the endpoint of the IPsec security connection as a result we send this datagram it's still an IP datagram with a normal IP header we send it through the internet via our Wi-Fi someone intercepts it over my home Wi-Fi network what do they see well they don't see my data they see it's going from A to Y they don't see the transport layer because it's encrypted so they don't know if I'm using HTTP or some other protocol they do know A and Y are communicating and as it goes through the internet similar someone on the internet that intercepts cannot see the data they cannot see it's destined to B but they can see it's destined to Y in the outer header this datagram gets to router Y which is the other endpoint of the IPsec connection and as the endpoint what it does is it removes because it's the destination Y it removes the outer header decrypts the inner part and what do we get we get the original IP datagram and send that onto B so as Y receives this encrypted IP datagram it realizes on the destination we're using IPsec actually inside the header there's something that indicates we're using IPsec we decrypt the data and find it's another IP datagram and the destination is B so we forward that datagram onto B who receives that original datagram so that's the the basics of the how we send over a portion of the path encrypted in this case from host A to router Y questions on how at this stage it's a very important technology and you probably use it if not have in the future everything okay at the back okay the end alright so a question about the end-to-end encryption first is this case end-to-end encryption what do I mean by end-to-end well in this case we're talking about host A wants to communicate with host B so host A is one endpoint host B is the other endpoint so this case on the screen is not using end-to-end encryption because we don't have the data encrypted all the way between the two endpoints so this is not end-to-end encryption and and that's a negative in this case a disadvantage this one is end to end encryption we encrypt at the source endpoint send the data encrypted all the way across the path and decrypt at the recipient endpoint that's what we'd like in most cases and that's what TLS provided and even application level security because we don't want anyone in the entire path to be able to intercept but with the IPsec set up there's a disadvantage event end-to-end encryption we must configure the endpoints to support IPsec so in this case where we don't have end-to-end encryption we lose some security because we don't have encryption across the last segment in the past but we gain some convenience because we don't need to set up IPsec on all the in hosts here let's say all the hosts inside SIT we only need to set it up on one router so that's the trade-off there if we don't have end-to-end encryption it means we're going to have to trust someone in the past here we trust whoever operates the network between router y and host B maybe it's your home and you trust that no one can access your home and access your network maybe that's satisfactory or maybe it's an organization where you work for and they have secured their network using other means so this may be suitable the way that we implemented this by taking the original IP datagram destined to be putting it inside another IP datagram there's really two IP headers here one that says the source is A and the destination is B and the outer header so there's an inner header and an outer header from A to Y this concept of putting one IP datagram inside another what do we call it it's generally referred to as tunneling so that's what we mean by tunneling carry one datagram of using IP inside another IP datagram so this is an example of tunneling the concept is with we're sending from A to B but we send it via a tunnel from A through to Y this setup may be used again back to the example the network from Y to B let's say is SIT's internal network and host A is my laptop at home as an employee of SIT I sometimes need to access the internal network from home to access some special servers the database servers and the servers inside SIT so we may use this setup in that from my host A through to the SIT network basically is the public internet and we don't trust that so all of our communications between host A and the router Y should be secure so we use a tunnel in this case an IPsec tunnel between them but we trust the SIT network so we don't need the setup on the internal network in practice to set this up the router Y needs to be configured to support IPsec and it's often referred to as a tunnel endpoint or a VPN endpoint a virtual private network endpoint and so that would be set up to allow any employee from SIT from their external computer to connect into the router this would require some setup on my laptop maybe some software installed or set up the operating system so that I know that the endpoint is router Y open your mobile phones again some of God I'm open they're very fast at doing this well done go to the VPN settings and find IPsec or just the general VPN settings on your phone where is it you find it and tell me what are some of the settings yeah the VPN settings so you can choose the different protocols one is PPTP is there another one IPsec choose IPsec use IPsec and there are different versions or different variations you need to choose something about the keys but address if you find under IPsec settings you'll see that you need to specify the server address in your phone so what your phone is like host a what you do on your phones you set up the IPsec settings or the VPN settings in general to say that my server is router Y and you set the other security settings so that now when you use your phone whenever it send anything across the internet an IP datagram is created a normal one and then it's sent to the IPsec software on your phone which then encrypts it and sends it using tunneling through to router Y router Y receives it decrypts and forwards that original IP datagram to the destination whether it's host B or someone else so that's what the the VPN settings are used for on your phone where your phone can create a secure connection to some intermediate server a VPN server what can an attacker learn if they're in the internet in this internet portion of our path what can they learn the address of the source and destination more specific now because we have a few addresses in here right if you look in the outer header they can address learn the address of the original host host a and of the router so they know I'm communicating with this router for example they know if they can identify my IP address corresponds to Steve they know Steve is communicating with their SIT router but they don't know which internal hosts inside SIT that I'm communicating to they don't know if it's B or C or someone else so that's some extra feature that we obtain using this service we hide the final destination here's a variation in this first approach the end user must set up the IPsec security connections configuration on their device you must set it into your phone or your laptop or your your PC again that may be too inconvenient sometimes here's another case let's say on the left to the left of router X is one office one campus for example and to the right of router Y is another office or another campus and in between the two routers is the public internet so on the left maybe rungs it on the right is bunkery and in the middle is just the public internet we use some internet service providers to communicate between campuses so in this case at the two routers at the edge of the two campuses router X and Y we set up IPsec again we trust the internal communications I trust when I send something inside my campus it'll be secure no one's going to intercept I trust all the students so we don't worry about security across the path from a to router X similar at the other campus from host B to router Y we trust that network we don't worry about encryption there but we don't trust anyone in the public internet so what we do is we set up our two edge routers to use IPsec when a sends a datagram to B here's the datagram source address a destination B the original datagram it goes through eventually gets to router X that's the path it takes router X realises anything that's going out of me I need to use IPsec and send it to router Y so it takes that datagram encrypts it all and puts it inside another IP datagram the outer header says the source is X the destination is Y so this datagram is sent across the internet goes to router Y router Y is the endpoint of the tunnel and it X removes the outer header decrypts the internal datagram and sees ah I have something from A to B let's forward it on to B and B gets the data so this is another application still using tunneling and another approach of using IPsec what's advantage of this compared to the previous one an advantage why is this approach good what do we gain from doing this compared to the previous one or what do we lose what's a disadvantage compare this one versus this what do we lose well we lose some security over some portion of the path here we had encryption from a all the way through to Y here we only have it from X through to Y so we've lost some security from a through to Y maybe that's not a problem if we trust this internal network what do we gain convenience convenience because of we don't need or the end user doesn't need to set up their host to support IPsec you don't have to configure your phone the SIT router is configured to encrypt everything that it gets so the the network administrator sets up the two routers to use IPsec the end users do nothing and therefore it's very easy for end users they they don't have to care about their VPN settings or security certificates and so on so that's the advantage of this approach again it's using tunneling we put one packet inside the other of the same type and encrypting that and the other name of that is a virtual private network of VPN the internet we call a public network many people own parts of the internet it or operate different parts of it so we don't trust the internet generally it's a public network but by encrypting the data and sending across that public network no one can see the data it's as if the data is now private for us no one can see it see it it's private so we have a private network between X and Y it's not a true private network a true private network is if I own all the cables all right so not very convenient we get a virtual private network the same level of security as if I owned all this all the cables because still no one can see the data hence we call this a virtual private network of VPN between X and Y and we may refer to X and Y as VPN endpoints or tunnel endpoints this case is also a virtual private network but from a through to Y VPN and sometimes we'd refer to Y or in this case X as well as a VPN server VPN endpoint which direction am I going this one so that this summarizes what we've said so far tunneling is putting packets of one protocol type into the same at the same layer at least so putting our IP packet from the network layer into another IP packet at the network layer is referred to as tunneling there are other types of tunneling and it's commonly used for security we encrypt data we can do tunneling using secure shell that is I can access a website using HTTP but those HTTP messages are sent using a secure shell connection we may see that next week and I think you noticed on your phone when you look at the VPN settings usually you have three different options there's IP sec PPTP and L2TP they are three common VPN protocols and it depends upon the network operator as to which one supported most operating systems of end user devices will support all three not all but the the organizations like FIT the router and so on may not support all three and we use tunneling when we encrypt the data to create a virtual private network PPTP I think is the point-to-point tunneling protocol and L2TP is the layer to tunneling protocol we can have the advantage of configuring the security mechanisms on the routers rather than the end hosts but the disadvantage is we don't get end-to-end encryption last one here in this case we say we trust the internal network let's say router wide our host B is at rung sit and A to X is here at Bunker E where's a problem in this case where many problems what's a problem what don't you trust what's the weakest point you think in this case there's too many links between host A and router X well let's think about that host A is my laptop there's a link to the Wi-Fi access point on the wall that has a cable going down to the third floor second floor in this building and that's where the computer center is and there's a router there and that router is router X so it may be in the best case there's one wireless link from me to the access point and then one cable from the access point to the router there's probably a switch or two in between in practice do we trust that no why not let's say I trust the users inside SIT I trust the other faculty members staff I trust the students all right I don't don't worry but let's say we worked in a company and we trust all the other employers employees so what would be the problem still in this case still inside this right at host B is there a problem this is our other office so let's say we have a company now two offices one in in different cities so from A to X is one office we trust all the other workers in that office and from Y to B is another office in another city and we trust the workers there same company so where's the weak point where's the weak point and there is a weak point we trust the workers so I don't expect to someone to come into my ethernet cable and and cut it and tap into it because they if you don't work for us you have to get into the building and we have security you can't get past security so still what's the weak point here we have security to stop people from getting into the building and tapping into my ethernet network but someone can sit outside of the building in their car and capture my Wi-Fi packets because of the nature of wireless when we transmit our packets don't just go across a single link they go the broadcast in all directions when I transmit from my laptop to the access point on the wall trends the signals are going outside as well so someone can be sitting outside listening into my Wi-Fi traffic so the weakness here is this wireless LAN link how can we overcome that without having to lose the benefits of using the VPN from router a to router y how do we overcome the weakness of the wife wireless LAN link log in or use some link level encryption just across the Wi-Fi link use WPA for example for the Wi-Fi link we trust the wired links we use WPA across the wireless link and across the public internet we use our IP sec base virtual private network so we must make a trade-off between providing high security encrypting as much as possible versus making it convenient for the users and administrators a VPN makes it very convenient but we lose some security we may use a combination of link level encryption across the wireless portion of EPN across the public internet as a trade-off of course I don't trust the students in SIT so even if we do have a VPN I'm going to be using HTTPS for transport like encryption to log into websites and so on so we can have a combination of these security mechanisms it's not just one of them any questions on virtual private network so far and especially these two cases of using IP sec we can use L2 TP and PP TP these other alternatives in a similar manner as IP sec that brings us the end of these slides so well no there is some slides about secure email we're not going to touch them we're going to continue on this topic of internet security but we're going to look at it from a different perspective coming back to our VPN where yeah the VPN maybe not the VPN we'll come back to one of our earlier ones even say when we used HTTPS which is using TLS one more not that one this one this was our example when we used TLS transport layer security this was the packet down the bottom that was sent across the red line across our wireless LAN ethernet and the public internet someone intercepts this packet they're out in the public internet what do they learn when someone intercepts this packet what do they learn about the communications they know the source and destination so they know a is talking to be anything else they know that talking using TCP and inside the TCP header will be the port number so they probably can work out what application they're using they can't learn the data so that's the main thing we want to protect usually the data but they can learn some things and especially who is communicating sometimes we would like to hide that who is communicating because if someone can observe the the entities communicating and how often they communicate and what patterns of communications that can reveal valuable information sometimes so in addition to trying to keep the data confidential sometimes we'd like to keep the identities of those communicating confidential HTTPS doesn't do that because someone can see it's still a talking to be and similar application level security didn't do that it was still identified as a and B using IP second end to end mode doesn't hide who is communicating it's still a talking to be but with a VPN someone intercepts on the public internet what do they learn about who is communicating a to y what does that tell them anything useful it still can be useful for them why they learn about why let's say a is my laptop at home all right so they know it's me we'll talk about how they can map the address it's an IP address back to me in a moment and the network from y to B is the SIT internal network so B is a server and why is the router of SIT so with this VPN solution someone they know it's a talking to why they don't know that talking to be so they don't know I'm talking to this specific server but they do know I'm talking to someone in SIT so they by using a VPN we've hidden some information but we still reveal a lot we reveal the the user a and we reveal the destination network and that may be sufficient for an attacker to learn something about who's communicating to know that I'm communicating with SIT may be valuable for them so we'd like more security than that sometimes can we hide the source and destination completely that's one aspect of internet privacy this one does it help a little bit again the attacker on the internet doesn't know it's a and B they know it's X and Y but still Y may represent SIT X may represent my home network they can't map it back to the individual computer a but they can map it back to the network of a so again can we hide that can we make it so that they cannot learn who is communicating and that's the next topic on internet privacy