Tribhuvan University

Institute of Science and Technology

Bachelor in Computer Science and Information Technology (BSC CSIT)
7Th Semester
Network Security (CS-416 )
Unit-3: Transport Level Security (6 Hrs.)

Instructor
Tekendra Nath Yogi
Tekendranath@[Link]
 Contents
• Unit 3: Transport Level Security (6 Hrs.)

– 3.1. Web Security

– 3.2. Transport Layer Security (TLS)

– 3.3. HTTPS

– 3.4. Secure Shell (SSH)

6/15/2025 By: Tekendra Nath Yogi 2

 3.1. Web Security
• Virtually all businesses, most government agencies, and many individuals
now have Web sites.

• The number of individuals and companies with Internet access is expanding

rapidly and all of these have graphical Web browsers.

• As a result, businesses are enthusiastic about setting up facilities on the Web

for electronic commerce.

• But the reality is that the Internet and the Web are extremely vulnerable to
compromises of various sorts.

• As businesses wake up to this reality, the demand for secure Web services
grows.

6/15/2025 By: Tekendra Nath Yogi 3

3.1. Web Security -- Web Security Considerations
• The Web operates as a client/server model over the Internet and TCP/IP
intranets, making general network security tools applicable.

• However, certain unique aspects of Web usage require specialized security

measures:
– Although browsers and servers are user-friendly and easy to manage, the
underlying software is complex and often hides security vulnerabilities, even in
well-installed systems.

– A compromised Web server can serve as an entry point into an organization’s

broader network, allowing attackers to access other connected systems and
data.

– Many Web users lack security awareness or training, making them vulnerable
targets who are unable to defend against attacks.

6/15/2025 By: Tekendra Nath Yogi 4

 3.1. Web Security -- Web Security Threats
• Types of Web security threats based on active and passive attacks:

Web Security
Threats

Active Passive

Include eavesdropping on
Include impersonating another user,
network traffic between browser
altering messages in transit between
and server and gaining access to
client and server, and altering
information on a Web site that is
information on a Web site
supposed to be restricted

6/15/2025 By: Tekendra Nath Yogi 5

 Cont’d…
• Types of security threats faced when using the Web can be summarized as:

6/15/2025 By: Tekendra Nath Yogi 6

 Cont’d…
• Web security threats is in terms of the location of the threat:

Web Security
threats

Network Security System security

Security issues of
Issues of server
network traffic
and browser
between browser
security
and server
6/15/2025 By: Tekendra Nath Yogi 7
3.1. Web Security – Web Traffic Security Approaches
• Three major approaches to provide web security:

– Network-Level Security (IPsec)

– Transport-Level Security (SSL/TLS)

– Application-Level Security.

6/15/2025 By: Tekendra Nath Yogi 8

 Cont’d…
• Network-Level Security (IPsec):

– Works at the IP layer.

– Transparent to users and apps.

– General-purpose and includes traffic filtering.

6/15/2025 By: Tekendra Nath Yogi 9

 Cont’d…
• Transport-Level Security (SSL/TLS):

– Operates above TCP.

– SSL (now TLS) is widely used in browsers and servers.

– Can be implemented either within the protocol stack or in specific

applications.

6/15/2025 By: Tekendra Nath Yogi 10

 Cont’d…
• Application-Level Security:

– Security features are built into the application (e.g., S/MIME for
email).

– Offers customization for specific needs.

6/15/2025 By: Tekendra Nath Yogi 11

 3.2. Transport Layer Security(TLS)
• TLS (Transport Layer Security) is a widely used internet security protocol.

• Evolved from SSL (Secure Sockets Layer), which is now deprecated by

IETF.

• Provides confidentiality and integrity over TCP connections.

• Can be implemented in two ways:

– As part of the protocol stack (transparent to applications).

– Embedded in applications (e.g., web browsers and servers).

• Most modern web services use TLS to secure data transmission. e.g.,
HTTPS.

6/15/2025 By: Tekendra Nath Yogi 12

 Cont’d…
• TLS Connection:
– A peer-to-peer, transient transport link.

– Each connection is tied to one session.

– Multiple connections can share a session.

• Connection State Parameters:

– Server/Client random: Random byte sequences from each party.

– Write MAC secrets (server/client): Keys for message authentication codes.

– Write keys (server/client): Keys for encryption/decryption.

– Initialization vectors: Used for block cipher encryption.

– Sequence numbers: Track sent/received messages per connection; reset after cipher
change.

6/15/2025 By: Tekendra Nath Yogi 13

 Cont’d…
• TLS Session:
– An association between a client and server.

– Created via the Handshake Protocol.

– Holds cryptographic parameters shared by multiple connections.

– Avoids repeating costly negotiations.

• Session State Parameters:

– Session ID: Unique identifier for resumption.

– Peer certificate: X.509 certificate.

– Compression method: Algorithm used for compression.

– Cipher spec :Includes encryption and hash algorithms.

– Master secret: 48-byte key shared by client and server.

– Is resumable: Indicates if session can establish new connections.

6/15/2025 By: Tekendra Nath Yogi 14

 Cont’d…
• TLS Architecture: TLS is a two layers of multiple protocols.

Figure: TLS Protocol Stack

6/15/2025 By: Tekendra Nath Yogi 15

 Cont’d…
• The TLS Record Protocol: provides confidentiality and Message
Integrity services for TLS connections. The overall operation of the TLS
Record Protocol is shown in the figure below:

Figure: TLS Record Protocol Operation

6/15/2025 By: Tekendra Nath Yogi 16
 Cont’d…
• At Sender side:
– The Record Protocol takes an application message to be transmitted.

– Fragments the data into manageable blocks, optionally compresses the data.

– Applies a Message Authentication Code (MAC), encrypts, adds a header, and

transmits the resulting unit in a TCP segment.

• At Receiver side:
– Received data are decrypted, verified, decompressed, and reassembled before
being delivered to higher-level users.

6/15/2025 By: Tekendra Nath Yogi 17

 Cont’d…

Figure: TLS Record Format

6/15/2025 By: Tekendra Nath Yogi 18
 Cont’d…
• Change Cipher Spec Protocol:

– The Change Cipher Spec Protocol is one of the four TLS-specific

protocols that use the TLS Record Protocol, and it is the simplest.

– This protocol consists of a single byte message with the value1.

– The sole purpose of this message is to cause the pending state to be

copied into the current state, which updates the cipher suite to be used
on this connection.

6/15/2025 By: Tekendra Nath Yogi 19

 Cont’d…
• Alert Protocol:

– The Alert Protocol is used to convey TLS-related alerts to the peer entity.

– As with other applications that use TLS, alert messages are compressed and
encrypted, as specified by the current state.

– Each message in this protocol consists of two bytes.

– The first byte takes the value warning (1) or fatal (2) to convey the
severity of the message.
• If the level is fatal, TLS immediately terminates the connection. Other connections on the
same session may continue, but no new connections on this session may be established.

– The second byte contains a code that indicates the specific alert e.g.,
unexpected_message, bad_record_mac, decompression_failure, handshake_failure
etc.

6/15/2025 By: Tekendra Nath Yogi 20

 Cont’d…
• Handshake Protocol:

– Allows the server and client to authenticate each other and to negotiate
an encryption and MAC algorithm and cryptographic keys to be used
to protect data sent in a TLS record.

– The Handshake Protocol is used before any application data is

transmitted.

– The Handshake Protocol consists of a series of messages exchanged by

client and server. All of these have the format shown in Figure below:

6/15/2025 By: Tekendra Nath Yogi 21

 Cont’d…

6/15/2025 By: Tekendra Nath

Figure: Handshake Yogi
Protocol Actions 22
 Cont’d…
• Heartbeat Protocol:
– A heartbeat is a periodic signal generated by hardware or software to indicate
normal operation or to synchronize other parts of a system.

– A heartbeat protocol is used to monitor the availability of a protocol entity.

– Consists of two message types: heartbeat_request and heartbeat_response.

– Normally, Used during Phase 1 of the Handshake protocol,

– However, a heartbeat_request message can be sent at any time. Whenever a

request message is received, it should be answered promptly with a
corresponding heartbeat_response message.

6/15/2025 By: Tekendra Nath Yogi 23

 Cont’d…
• Secure Socket Layer(SSL): Same as the TLS except that the TLS provides
improvement on the following:
– Version number
– Message Authentication Code
– Pseudorandom function
– Alert keys
– Cipher suites
– Client certificate types
– Certificate verify and Finished Messages
– Cryptographic computations
– Padding

• Note: Although SSL implementations are still around, it has been

deprecated by IETF and is disabled by most corporations offering TLS
software.
6/15/2025 By: Tekendra Nath Yogi 24
 3.3. HTTPS --(HTTP over TLS)
• HTTPS (HTTP over TLS) refers to the combination of HTTP and TLS to
implement secure communication between a Web browser and a Web server.
• The HTTPS capability is built into all modern Web browsers. Its use depends
on the Web server supporting HTTPS communication.
• The principal difference seen by a user of a Web browser is that URL addresses
begin with https:// rather than [Link]
• A normal HTTP connection uses port 80. If HTTPS is specified, port 443 is
used, which invokes TLS.
• When HTTPS is used, the following elements of the communication are
encrypted:
– URL of the requested document
– Contents of the document
– Contents of browser forms.
– Cookies sent from browser to server and from server to browser
– Contents of HTTP header
6/15/2025 By: Tekendra Nath Yogi 25
 Cont’d…
• Connection Initiation: For HTTPS, the agent acting as the HTTP client also
acts as the TLS client

– The client initiates a connection to the server on the appropriate port

and then sends the TLS ClientHello to begin the TLS handshake.

– When the TLS handshake has finished, the client may then initiate the
first HTTP request

– All HTTP data is to be sent as TLS application data

• There are three levels of awareness of a connection in HTTPS: HTTP

Connection, TCP Connection and TLS/SSL session

6/15/2025 By: Tekendra Nath Yogi 26

 Cont’d…
• Connection Closure:

– An HTTP client or server can indicate the closing of a connection by

including the line Connection: close in an HTTP record

– The closure of an HTTPS connection requires that TLS close the

connection with the peer TLS entity on the remote side, which will
involve closing the underlying TCP connection

– An unannounced TCP closure could be evidence of some sort of attack

so the HTTPS client should issue some sort of security warning when
this occurs

6/15/2025 By: Tekendra Nath Yogi 27

 Cont’d…

Figure: HTTPS Working Principle

6/15/2025 By: Tekendra Nath Yogi 28
 3.4. SSH (Secure Shell )
• A protocol for secure network communications.

• Provides a secure remote logon facility.

• Replaces other insecure remote logon protocols such as TELNET.

• SSH also provides a more general client/server capability such as file

transfer and e-mail.

• SSH client and server applications are widely available for most OS.

• Has become the method of choice for remote login, encryption and
tunneling

6/15/2025 By: Tekendra Nath Yogi 29

 Cont’d…
• SSH is organized as three protocols that typically run on top of TCP

Figure: SSH Protocol Stack

6/15/2025 By: Tekendra Nath Yogi 30

 Cont’d…
• SSH Transport Layer Protocol: Provides server authentication, data
confidentiality, and data integrity with forward secrecy. The transport layer
may optionally provide compression.

• User Authentication Protocol: Authenticates the user to the server.

• Connection Protocol: Multiplexes multiple logical communications

channels over a single, underlying SSH connection.

6/15/2025 By: Tekendra Nath Yogi 31

 Cont’d…
• SSH Transport Layer Protocol: Host Keys

– The server host key (public/private key pair) is used during key
exchange to authenticate the identity of the host

– Two alternative trust models:

• The client has a local database that associates each host name with the
corresponding public host key

• The host name-to-key association is certified by a trusted certification

authority (CA); the client only knows the CA root key and can verify the
validity of all host keys certified by accepted CAs

6/15/2025 By: Tekendra Nath Yogi 32

 Cont’d…
• SSH Transport Layer Protocol: Packet Exchange - Figure below shows the
sequence of events in the SSH Transport Layer Protocol.

Figure: SSH Transport Layer Protocol Packet Exchanges

6/15/2025 By: Tekendra Nath Yogi 33
 Cont’d…
• First, the client establishes a TCP connection to the server. Once the
connection is established, the client and server exchange data (packets).
• The SSH Transport Layer packet exchange consists of a sequence of steps:
– Identification string exchange : First client sends a packet with a identification string
then sever responds with its own identification string
– Algorithm Negotiation: Client and server exchanges the list of available key exchange,
encryption, MAC algorithm, and compression algorithm to be negotiated. Negotiate
among them.
– Key exchange: e.g. Diffie–Hellman key exchange
– End of key exchange: signaled by the exchange of SSH_MSG_NEWKEYS packets.
– Service request: The client sends an SSH_MSG_SERVICE_ REQUEST packet to
request either the User Authentication or the Connection Protocol.
– Data is exchanged as the payload of an SSH Transport Layer packet, protected by
encryption and MAC

6/15/2025 By: Tekendra Nath Yogi 34

 Cont’d…
• Each packet is in the following format:

Figure: SSH Transport Layer Packet Formation

6/15/2025 By: Tekendra Nath Yogi 35
 Cont’d…
• SSH User Authentication protocol: The User Authentication Protocol provides
the means by which the client is authenticated to the server. The message
exchange involves the following steps:
– 1. The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method of none.
– 2. The server checks to determine if the user name is valid. If not, the server returns
SSH_MSG_USERAUTH_FAILURE with the partial success value of false. If the user name is
valid, the server proceeds to step 3.
– 3. The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more
authentication methods to be used.
– 4. The client selects one of the acceptable authentication methods and sends a
SSH_MSG_USERAUTH_REQUEST with that method name and the required method-specific
fields.
– 5. If the authentication succeeds and more authentication methods are required, the server
proceeds to step 3, using a partial success value of true. If the authentication fails, the server
proceeds to step 3, using a partial success value of false.
– 6. When all required authentication methods succeed, the server sends a
SSH_MSG_USERAUTH_SUCCESS message, and the Authentication Protocol is over.

6/15/2025 By: Tekendra Nath Yogi 38

 Cont’d…
• Authentication Methods:
– Public key: The client sends a message to the server that contains the client’s public key,
with the message signed by the client’s private key. When the server receives this message,
it checks whether the supplied key is acceptable for authentication and, if so, it checks
whether the signature is correct

– Password: The client sends a message containing a plaintext password, which is protected
by encryption by the Transport Layer Protocol

– Host-based: Authentication is performed on the client’s host rather than the client itself.
This method works by having the client send a signature created with the private key of the
client host. Rather than directly verifying the user’s identity, the SSH server verifies the
identity of the client host

6/15/2025 By: Tekendra Nath Yogi 39

 Cont’d…
• SSH Connection Protocol:
– Runs on top of the SSH Transport Layer Protocol.

– Uses secure authentication connection called tunnel to multiplex a number of

logical channels.

– All types of communication using SSH are supported using separate channels

– The life of a channel progresses through three stages:

• Opening a channel

• Data transfer, and

• Closing a channel

6/15/2025 By: Tekendra Nath Yogi 40

 Cont’d…
• Channel mechanism – SSH Connection Protocol Message Exchange

Figure: Examples of the SSH connection protocol Message Exchange

6/15/2025 By: Tekendra Nath Yogi 41
 Cont’d…
• Channel Types: Four channel types are recognized in the SSH Connection
Protocol specification
– Session

• The remote execution of a program. The program may be a shell, an application

such as file transfer or e-mail, a system command, or some built-in subsystem.
Once a session channel is opened, subsequent requests are used to start the
remote program

– X11

• Refers to the X Window System, a computer software system and network

protocol that provides a GUI for networked computers. X allows applications
to run on a network server but to be displayed on a desktop machine

– Forwarded-TCPIP: Remote port forwarding

– Direct-TCPIP: Local port forwarding

6/15/2025 By: Tekendra Nath Yogi 42

 Cont’d…
• Port Forwarding:

– One of the most useful features of SSH

– Provides the ability to convert any insecure TCP connection into a

secure SSH connection (also referred to as SSH tunneling)

– Incoming TCP traffic is delivered to the appropriate application on the

basis of the port number (a port is an identifier of a user of TCP)

6/15/2025 By: Tekendra Nath Yogi 43

 Cont’d…
• SSH Transport Layer Message Exchanges: Connection via TCP

6/15/2025 By: Tekendra Nath Yogi 44

 Cont’d…
• SSH Transport Layer Message Exchanges: Connection via SSH Tunnel

6/15/2025 By: Tekendra Nath Yogi 45

 Thank You !

6/15/2025 By: Tekendra Nath Yogi 46