Email & Network Security: S/MIME, IPsec, ESP, SSL, Honeypots
S/MIME: Secure Email Standards
S/MIME is a standard for secure email communication that provides authentication, message integrity, non-repudiation, and privacy using encryption and digital signatures.
Its main functions are:
Enveloped Data
Provides confidentiality.
The message is encrypted with the recipient’s public key so only the intended receiver can decrypt.
Signed Data
Provides authentication and integrity.
The sender’s private key is used to digitally sign the message; the receiver verifies with the sender’s public key.
Clear Signed Data
Signature is added without encrypting the message body.
Human-readable (plain text) but still verifiable for authenticity.
Signed and Enveloped Data
Combines both: the message is signed for authenticity and then encrypted for confidentiality.
Ensures privacy, integrity, and non-repudiation.
IPsec Modes of Operation
Two Modes of Operation in IPsec:
Transport Mode
Only the payload (data) of the IP packet is encrypted/authenticated. The original IP header remains unchanged.
Used for end-to-end communication between two hosts (e.g., client ↔️ server).
Efficient, but less secure than tunnel mode because IP headers are visible.
Tunnel Mode
The entire original IP packet (header + payload) is encrypted/authenticated. Then it is encapsulated into a new IP packet with a new IP header.
Used for network-to-network VPNs, host-to-network VPNs, or gateway-to-gateway connections.
Provides higher security since the original packet is hidden.
[10:22 pm, 28/10/2025] Saziya: Encapsulating Security Payload (ESP)
ESP (Encapsulating Security Payload)
Definition
ESP is a core protocol in IPsec that provides confidentiality, data integrity, authentication, and anti-replay protection for IP packets. Unlike AH (Authentication Header), ESP can encrypt data to ensure privacy.
Key Features of ESP
- Confidentiality – Encrypts the payload using symmetric encryption (e.g., AES, DES, 3DES).
- Integrity – Ensures data has not been modified during transmission.
- Authentication – Verifies the sender of the packet.
- Anti-replay protection – Prevents attackers from capturing and resending packets.
ESP Header Format
- ESP Header (contains SPI + sequence number).
- Encrypted Payload (the actual data + padding).
- ESP Trailer & Authentication Data (for integrity and authentication).
ESP Modes of Operation
- Transport Mode: Encrypts only the payload (data), keeps original IP header.
- Tunnel Mode: Encrypts the entire original IP packet (header + payload) and adds a new IP header.
Advantages of ESP
- Provides encryption + authentication (stronger than AH).
- Widely used in VPNs for secure communication.
- Works with IPv4 and IPv6.
Secure Sockets Layer (SSL)
Definition
SSL (Secure Sockets Layer) is a security protocol that provides a secure communication channel between client and server over the internet. It ensures:
- Authentication – verifies the server (and sometimes the client).
- Confidentiality – encrypts data so that outsiders cannot read it.
- Integrity – prevents data modification during transmission.
SSL is the predecessor of TLS (Transport Layer Security), but the architecture concepts are still the same in exams.
SSL Architecture
The SSL architecture has two layers:
SSL Record Protocol
Works on top of TCP and provides basic security services.
Responsibilities:
- Fragmentation of data into manageable blocks.
- Compression (optional).
- Encryption (using symmetric keys).
- Adding a Message Authentication Code (MAC) for integrity.
SSL Handshake Protocols
These sit above the Record Layer and handle authentication and key exchange. They include:
IPsec Architecture (20 Marks)
Introduction
IPsec (Internet Protocol Security) is a framework of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a data stream. It operates at the network layer (Layer 3) of the OSI model and provides confidentiality, integrity, and authentication of data.
1. Components of IPsec Architecture
1. Protocols
AH (Authentication Header):
- Provides data integrity, authentication, and anti-replay protection.
- Does not provide encryption; data is readable but verified.
ESP (Encapsulating Security Payload):
- Provides encryption (confidentiality), authentication, and integrity.
- Can be used with or without authentication.
2. Security Associations (SA)
A unidirectional logical connection that defines how two entities communicate securely.
- Includes encryption algorithms, keys, and protocols.
- Identified by SPI (Security Parameter Index), destination IP, and security protocol (AH/ESP).
3. Key Management
Manual keying: Administrator sets keys manually (not scalable).
Honeypots
A honeypot is a decoy computer system, network, or application set up to attract attackers. It is designed to look vulnerable so that intruders are lured into attacking it instead of the real network.
Honeypots are mainly used for:
- Detecting attacks – Identifying unauthorized attempts to access the network.
- Studying attack techniques – Understanding how hackers operate.
- Preventing attacks – Diverting attackers away from real systems.
Characteristics of Honeypots
- Decoy system – Appears real and vulnerable to attackers.
- Monitored environment – All activity is logged for analysis.
- Isolation – Kept separate from production systems to prevent real damage.
Types of Honeypots
Low-interaction Honeypots
Simulate services and vulnerabilities without running full operating systems.
Easier to maintain, less risky, but provides limited information.
High-interaction Honeypots
Fully functional systems that attackers can interact with.
Provides detailed information about attack methods.
Higher risk and more complex to maintain.