By: Desiree Carter 11/25/2012

SSL (Secure Sockets Layer) is a protocol that provides secure communication between client and server. The client is your browser and the server is the website youre communicating with. When it comes to smart phones they have an internet app that facilitates the access to the browser. The purpose of secure communication is to provide privacy, message integrity, and authentication. Here is an example Laura wants to check her Facebook on her GalaxyS III. In order to do this shell need to send the sensitive information of her email address and password. Laura wants to make sure that the information she sends is kept private. She also wants to make sure that the data she sends is not altered along the way which would be message integrity. She also wants to make sure that shes really sending her information to the real Facebook and not a hacker which would be authentication.

The sensitive information Laura sends to Facebook is kept private by cryptography. A plaintext message like a post is encrypted into ciphertext. To hackers who might eavesdrop and intercept the message, the ciphertext is meaningless. Its estimated that trying to crack the ciphertext by brute force alone (trying every possible combination) would take millions of years even if all the computers in the world were linked together to solve the puzzle. (GeoCerts, 2012) The information that is required to turn a plaintext message into an encrypted ciphertext message is a key. Public key cryptography makes use of a pair of keys, one is public, and the other is private. Laura wants to send Facebook private information, so Facebook says Here Laura, use this public key to encrypt your message before sending it to me. When I receive your encrypted message I will use my private key to decrypt your message. Its okay for anyone to have a copy of the public key, but only Facebook should have a copy of their private key. A plaintext message encrypted with the public key can only be decrypted with the private key.

The security concerns of the Internet-confidentiality and authentication--led to the establishment of a protocol, Internet protocol security, IPSec, to implement these concerns in all computer networks.(Paull) Internet address protocol was the starting point. It provides the authentication and encryption architecture required to protect networks from attacks, penetration or other security abuses. The 6th version of IPSec replaced the 4th version. The 6th version extended the Internet Protocol addresses to 340 billion addresses.

Internet kept growing a larger addressing scheme was needed because of this Internet Protocol version 6 was created which then used a 128 bit addressing scheme which accommodates the Internet today. Internet Protocol version 4 was established in 1986 and is capable of 4 billion Internet addresses, these were projected to be exhausted by June 2010. The 6th version of Internet Protocol which replaced version 4 has the capacity of 340 billion x 10 to the 27th power. It has improved security and better quality of service and can be configured automatically by the computer. Internet Protocol Security finds applications in email, network management and web access. The security software for email includes Pretty Good Privacy (PGP) and Privacy Enhanced Mail.

Internet Key Exchange is a standard protocol of Internet Protocol Security it is used to ensure security for virtual private networks (VPN) negotiation and remote host or network access. This is specified in the Internet Engineering Task Force (IETF) in Request for Comments (RFC) 2409; IKE defines an automatic means of negotiation and authentication for IPSec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. (Rouse, 2009) The Internet Key Exchange protocol ensures that security for security associations communication without the prior configuration that would otherwise be required.

There is a hybrid protocol associated with Internet Key Exchange that implements two earlier security protocols Oakley and SKEME, within an Internet Security Association and Key Management Protocol (ISAKMP) It is based on Transmission Control Protocol/ Internet Protocol(TCP/IP) based framework. Internet Security Association and Key Management Protocol specify the framework for key exchange and authentication. The Oakley protocol specifies a sequence of key exchanges and describes their services (such as identity protection and authentication) (Rouse, 2009) SKEME specifies the actual method of key exchange (Rouse, 2009) Internet Key Exchange is not required for Internet Protocol Security configuration.

Smart phones are used for just about everything today including shopping online. Secure Electronic Transaction (SET) is required to make this possible. It is a system for ensuring the security of financial transactions on the Internet. It was originally supported by MasterCard, Visa, Microsoft as well as Netscape. When using Secure Electronic Transaction a user is given an electronic wallet through a digital certificate. The transaction is conducted and verified using a combination of digital certificates and digital signatures among the person using their smart phone using their phone to shop, the merchant they are shopping with and the smart phone users bank keeping privacy and confidentiality. When working with Netscape it uses a Secure Sockets Layer (SSL). When working with Microsoft it uses Secure Transaction Technology (STT) as well as Terisa Systems Secure Hypertext Transfer Protocol (S-HTTP). Secure Transaction Protocol uses a few of the aspects of public key infrastructure (PKI). When using a Secure Electronic Transaction enabled browser the following steps are taken:

1.

The user of a smart phone opens a MasterCard or Visa bank account. All credit card issuers are a type of bank.

2. First the customer receives a digital certificate. The digital certificate serves as a credit card for online purchases and other transactions. It includes a public key that expires. It also has been through a digital switch to the bank in order to make sure it is valid. 3. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key. (Rouse, 2008) 4. 5. The smart phone user would place an order over a Web page by phone or by an online service. The smart phones browser receives and confirms from the merchants certificate that the merchant is valid

6. When the browser sends the order information the message is encrypted with the merchants public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
7. The merchant then verifies the smart phones user by checking the digital signature on their certificate. This can be done by referring the certificate to the band or to a third-party verifier. 8. Then merchant sends the order message to the bank. This includes the banks public key and the customers payment information which the merchant cant decode as well as the merchants certificate. 9. The bank then verifies the merchant and the message. The bank then uses the digital signature on the certificate with the message and verifies the payment part of the message. 10. Then the bank digitally signs and sends the authorization to the merchant who then can fill the order.

In computer security, a cryptographic accelerator is a form of a co-processor that performs computationally intensive encoding and decoding of information while freeing the host Computer Processor Unit to perform other tasks. When there is a large proportion of the system load of either encryption or decryption of data the overall system performance can be improved when a cryptographic accelerator is used. They are typically available as an expansion card on the system motherboard. Several operating systems provide some support for cryptographic hardware. The BSD family of systems has the OpenBSD Cryptographic Framework (OCF), and Linux systems have the Crypto API. Microsoft Windows has the Microsoft CryptoAPI. (Wikipedia, 2012)

A public key infrastructure (PKI) enables users of an unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The PKI provides for a digital certificate that can identify an individual or organization and its directory services that can store and revoke the certificates. The components of a public key infrastructure are generally understood but a number of different vendor approaches and services are emerging because of this an Internet standard for public key infrastructure is in the works. Public key cryptography as well as the public key infrastructure is the preferred approach on the Internet. The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography. (Rouse, 2006)

In order for IPSec to handle Security Policies, Security Associations and Databases it is equipped with a flexible, powerful way of specifying how different types of datagrams should be handled. In order to understand how this works, two logical concepts must be defined. First is Security Policies, a security policy can be defined as a rule that is programmed into the IPSec implementation that tells it how to process different datagrams received by the device.

The security policies for a device are stored in the devices security policy database (SPD). Security Associations also abbreviated as (SA) is a Set of security information that describes a particular kind of secure connection between one device and another. It can be considered a "contract", that specifies the particular security mechanisms that are used for secure communications between the two. The devices security associations are contained in its Security Association Database (SAD). It is usually hard to distinguish the security policy database and the security association database since they have similar concepts.

The data fields for authentication in the AH and ESP headers are fields with variable-lengths, each of these contains an Integrity Check Value (ICV). The field varies in length to accommodate variations from the Integrity Check Value algorithms, and the length is specified by the selected function. This field is optional and it is only included when an authentication service is being used for the security association that corresponds to the header, and information about the integrity check value function in use is maintained along with the rest of the security association data.

These are the suggested algorithms for ICV: Message Authentication Codes (MACs), the results of which are then encrypted with an appropriate symmetric encryption algorithm (for example, AES) Secure hash functions, such as MD5 or SHA-1 (an updated version of SHA) To comply with the standard, implementations must support MD5 and SHA-1 keyed hashing, at least. (daddy, 2012)