Network systems for secure communication - Free Essay Example

Network Systems for Secure Communication Methodology: The main methodology involved behind this research project is to provide the importance of such technology from professionals and well referred articles. Some of the general interviews will be added to the project with details showing their interest towards the current technology and also the change they see in communicating with the new technology. It on the hands of the components of IP Security that contribute to this level of secure communication: The IP Security (IPSec) Driver is used to monitor, filter, and secures the traffic throughout the system. The (ISAKMP/Oakley) abbreviated as Internet Security Association Key Management Protocol performs key exchange and management functions that oversee security issues between hosts, and provide keys which can be used with security algorithms. The IP Security Policy and the Security Associations are derived from those policies that define the security environment where two hosts can communicate. The function of Security Association API is to provide the interface between the IPSec driver, the Policy Agent and the ISAKMP. The function of the management tools is to create policies, monitor IP Security statistics, and log IP Security events. The main methodologies which are under consideration for this project are Classical encryption technologies, IP sec Tunnel, IP sec VPN, Internet Key Exchange methods, Block Cipher Data Encryption, Advanced Encryption, Symmetric ciphers, Public private key functions, Digital signature etc, which have suggested me to design a better system. Implementation: The main reason behind selecting IPSec is that it so powerful that it provides security to IP layer, and also forms the basis for all the other TCP/IP protocols. This is generally composed of two protocols: Authentication Header (AH); Encapsulating Security Payload (ESP); IPSec Implementation Methods: IPSec is comprised of several implementations architectures which are defined in RFC 2401. The IPSec implementation also depends on various factors including the version of IP used (v4 versus v6), the basic requirements of the application and other factors. End Host Implementation: Implementing IPSec in all host devices provides the most flexibility and security. It enables end-to-end security between any two devices on the network. Router Implementation: Router implementation however is a much simpler task since we only make changes to a few routers instead of hundreds or thousands of clients. It only provides protection between pairs of routers that implement IPSec, but this may be sufficient for certain applications such as virtual private networks (VPNs). The idea will be implemented after proper testing of various available methodologies. The current strategy for implementation is as follows:. We use certain open source softwares which provide encryption and decryption methods and authentication. In the actual system, the user is asked to enter details of files to be sent and also some other details about the password and the public keys if included. The required software are used in a way which helps to run a smooth process and secure operation. CONTENTS Acknowledgement I owe many thanks to people who helped supported me in doing my dissertation. Firstly, I would like to express my immense gratitude to my respected professor Mr. Dr. XXX, YYYY University, London for his support and motivation that has helped me to come up with this project. He supported me when its needed and suggested me in understanding various methodologies in my project. He also took care of my project with attention to achieve my goal. I thank to my Institution and faculty members for giving me an opportunity to do my dissertation and also for library, computer lab facilities for doing my dissertation to achieve practical results which can resolve my project related issues. I also extend my Heart full thanks to my family friends. I owe my special thanks to my Dad and his colleagues who gave me suggestions on doing my Dissertation. Abstract In the present system the network helps a particular organization to share the data by using external devices. The external devices are used to carry the data. The existing system cannot provide security, which allows an unauthorized user to access the secret files. It also cannot share a single costly printer. Many interrupts may occur within the system. Though it is advantageous we have numerous disadvantageous, somebody writes a program and can make the costly printer to misprint the data. Similarly some unauthorized user may get access over the network and may perform any illegal functions like deleting some of the sensitive information Security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information because he should not be able to understand whats the actual information in the file, which is the main intention of the project. The project is designed to protect the sensitive information while it is in transaction in the network. There are many chances that an unauthorized person can have an access over the network in some way and can access this sensitive information. My main topic focuses on IPSec (Internet Protocol Security) is an extension to the IP protocol specified by IETF which provides security to the IP and the upper-layer protocols and cryptography in a network sharing system. It was first developed for the new IPv6 standard and then back ported to IPv4. The IPSec architecture is described in the IPSec uses two different protocols AH (Authentication Header) and ESP (Encapsulating security payload) to ensure the authentication, integrity and confidentiality of the communication. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. [2] Cryptography is the technique used to secure the data while they are in transactions. Encryption and Decryption are two techniques used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The main idea behind the design is to provide a secured communication between the networks showing network level performance practically by differentiating different operating system which can ensure the security, authenticity by considering, analyzing and testing any best available methodologies. 1. Introduction: Businesses today are focused on the importance of securing customer and business data. Increasing regulatory requirements are driving need for security of data. There have been many methods which have evolved over the years to address the need for security. Many of the methods are focused at the higher layers of the OSI protocol stack, thus compensating the IPs lack in resolving security issues. These solutions can be implemented in certain situations, but they cannot be generalized because they are particularly too many applications. For example, Secure Sockets Layer (SSL) can be used for certain applications like World Wide Web access or FTP, but there are many other applications which cannot be resolved with this type of security. A solution is required to allow security at the IP level was very necessary so that all higher-layer protocols in TCP/IP could take advantage of it. When the decision was made to develop a new version of IP (IPv6), this was the golden opportunity to resolve not just the addressing problems in the older IPv4, but also resolve lack of security issues as well. Later a new security technology was developed with IPv6 in mind, but since IPv6 has taken long time to develop, and thus a solution was designed to be usable for both IPv4 and IPv6. The technology which brings a secure communications to the Internet Protocol is known as IP Security, commonly abbreviated as IPSec. IPSec services allow users to build secure tunnels through certain networks. All the data that passes through the entrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result obtained is a Virtual Private Network or VPN. This network is effectively private even though it includes machines at several different sites which are connected by the insecure Internet. Cryptography technique is used to secure the data while they are in transactions. Encryption and Decryption are two techniques which are used under cryptography technology. Data cryptography is the art of securing the resource that is shared among the applications. The Encryption and Decryption are termed as two powerful security technologies that are widely implemented to protect the data from loss and deliberate compromise. In this project the networking allows the company to share files or data without using certain external devices. Some unauthorized users may get access over the network and perform some illegal functions in certain cases like deleting files while the transaction is still on at that time encryption and then decryption techniques are implemented to secure the data. Many other attacks in cryptography are considered which lead me to research on different types of IPSec implementation methodologies in order to design the best model such that it may be suitable for the present trend of networking systems also form a platform to enable communication to the outside world. Thus in orders to implement IPSec, certain modifications are required to the systems communications routines and certain new systems processes conduct secret key negotiations. What is IPSec? An extension to the IP protocol is considered as IPSec which provides high level security to the IP and to the upper-layer protocols. This was initially developed for the new IPv6 standard and then was back ported to IPv4. IPSec provides the following security services: data origin authentication, connectionless integrity, replay protection, data confidentiality, limited traffic flow confidentiality, and key negotiation and management. It has been made mandatory by the IETF for the use of IPSec wherever feasible; the standards documents are close to completion, and there are numerous implementations. Overview of IPSec Architecture: The IPSec suite defined as a framework of open standards. The following protocols are used by IPSec to perform various functions. [2][3] IPSec provides three main facilities which are explained below: Internet key exchange(IKE and IKEv2) : This is used to set up a security association (SA) which can be done by handling negotiation of protocols and algorithms and generating the encryption and authentication keys which can be used by IPSec.[4][5] Authentication Header (AH): This is used to provide connectionless integrity and data origin authentication for IP datagrams and also provides protection against replay attacks.[6][7] Encapsulating Security Payload (ESP): This is used to provide confidentiality, data origin authentication, connectionless integrity, anti-replay service, and limited traffic flow confidentiality. [9] Both authentication and encryption are generally desired in this mechanism. Assure that unauthorized users do not penetrate the virtual private network Assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network. Since both the above features are generally desirable, most implementations are likely to use ESP rather than AH. Security Association: The security Association mechanism is used for authentication (AH) and confidentiality (ESP) A one way relationship between a sender and a receiver that affords security services to the traffic carried on it. Security services are afforded to an SA for the use of AH or ESP but not both. SA identified by three parameters: Security Parameter Index (SPI) IP destination address Security protocol identifier Overview of IPSec Services and Functions: IPSec is not only assumed as a single protocol, but is rather considered as a set of services and protocols which provide a complete security solution to the IP network. These services and protocols are combined to provide various types of protection. Since IPSec usually works at the IP layer, it provides protection for any higher layer TCP/IP application or protocol without using any additional security methods, which is considered as a major strength for its implementation. General types of protection services offered by IPSec include: Encryption of user data to achieve privacy. Authentication and message integrity has to be achieved to ensure that it is not changed on route. Protection against certain types of security attacks, such as replay attacks. The ability of the devices to negotiate the security algorithms and keys required in order to meet their security needs. wo security modes called tunnel and transport are implemented to meet the various network needs. Features Benefits: IPSec is observed to be transparent by the end users. The users on the security mechanisms need not be trained. IPSec assures security measures for individuals. There is no requirement to change the software on a user or a server system. Strong security measures are applied to the entire traffic crossing the perimeter. 2. Objective: IPSec is mostly designed in order to encrypt the data between the two systems without any spoofing attacks. It is a key force of defence against internal and external attacks. However, other than these, there are many other security strategies which have prevented the security attacks. The main idea in my research is to provide a better approach to the implementation of IP Security by analyzing the present methodologies. In the implementation of this design, I am also considering different operating systems to provide a better approach towards security which can prove to be good in ideal ways. The design of such an approach is helpful in restricting any unauthorised access to the network and also helps in providing a secure and authenticated access. The main idea behind the design is to provide a secured communication between the networks independent of the operating system which can ensure the security, authenticity by considering, analyzing and testing any two best available methodologies. In my overview of RFCs available in the Internet such as Cryptography the receiver end of a particular communication channel is not aware of the sender unless the sender transmits some information with private and public keys with cipher text which can prove his authenticity. Now the receiver sends the same package with his signature and then the receiver is also authenticated mutually. Attacks may occur in different ways. There are also many ways where in such communications can be detected and using techniques like eavesdropping or sniffing or man in the middle attack. These are the three major problems for secure communications. In my research, I will attempt to design a procedure which can be easily followed in order to overcome such problems. There are many techniques available now which are better than normal communication. The major problem in such techniques is the implementation of man in the middle attack. There have been many advances to try and rectify the problems but there has always been a flaw in the design. My research is to design a system using the current technologies used to encrypt and authenticate. These techniques play a major role in the implementation of IP Security. The major interest would be in areas like encryption, decryption and authentication. Additions will be done to this research as it is implemented. The goal is to use research existing systems and to suggest a system which makes it even hard to break. It is not 100% immune to attacks but the attack may take longer to break the system than the present rate. This system will also be very safe and will be easy to use in daily life rather than something with a dozen processing steps to be followed. 2.2 SCOPE With the rapid development of Multimedia data management technologies over the internet there is need to concern about the internet there is need to concern about the security and privacy of information. In multimedia document, dissipation and sharing of data is becoming a common practice for internet based application and enterprises. As the internet forms the open source the present for all users security Forms the critical issue. Hence the transfer of information over the internet forms the critical issue. At the present situations the cryptographic techniques are used for providing SECURITY. 2.3 PROJECT PERSPECTIVE The project Network system for Secure Communication is totally enhanced with the features that enable us to feel the real-time environment. Todays world is mostly employing the latest networking techniques instead of using stand-alone PCs. IPSec tunnelling or Encryption, information scrambling technology is an important security tool. By properly applying, it can provide a secure communication channel even when the underlying system and network infrastructure is not secure. This is particularly important when data passes through the shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data and especially passwords should be encrypted in order to protect it from unintended disclosure or modification. 2.4 PROPOSED SYSTEM In this system security is the term that comes into picture when some important or sensitive information must be protected from an unauthorized access. Hence there must be some way to protect the data from them and even if he hacks the information, The proposed system provides the security and it does not allow unauthorized users to access the secret files. As per the ISO standards the security parameters are: Confidentiality Authentication Integrity Key distribution Access control CONFIDENTIALITY: Confidentiality is the protection of transmitted data from passive attacks. It can protect the data from unauthorized disclosure. AUTHENTICATION: A process used to verify the integrity of the transmitted data, especially a message. It is the process of proving ones identity to someone else. INTEGRITY: The sender and the receiver want to ensure that the content of their communication is not altered during transmission. KEY DISTRIBUTION: Key distribution can be defined as a term that refers to means of delivering a key to the communicating parties, without allowing others to see the key. ACCESS CONTROL: It is a ability to limit and control the access to host systems and applications via communication links. 3.Literature Review This project emphasis design and evaluates a computer-based system using appropriate process and tools. Most of the industry wide routers in the network implement their functionality in hardware and therefore we believe that hardware based routers are more efficient than a software-based router implementation besides that most of the work is in the research community which will be performed, using software-based routers utilizing off-the-shelf PCs. Various works have to be attempted which evaluates different protocol stack, however none of them use hardware-based routers, has such a wide range of metrics, and none investigated mechanisms. My research methodology emphasis surveys, forums from the internet and articles from IEEE (Institute of Electrical and Electronics EngineersorIEEE) a quantitative approach in advance technology. I also consider various other thesis and books which are best suitable for my project. Here following are the network related definitions, and few protocols from application layer, network and internet layer also discussed which actually gives clear idea of understanding the concepts. 3.1 IPSec Standards: IPSec is actually a collection of techniques and protocols; it is not defined in a single Internet standard. Instead, a collection of RFCs defines the architecture, services and specific protocols used in IPSec. Some of the most important of these are shown below: [RFC 2401] Security Architecture for the Internet Protocol (IPSec overview) The main IPSec document describes the architecture and general operation of the technology, and showing how the different components fit together. [RFC 2402] IP Authentication Header It defines the IPSec Authentication Header (AH) protocol used for ensuring data integrity and origin verification. [RFC 2403] The Use of HMAC-MD5-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Message Digest 5 (MD5), HMAC variant. [RFC 2404] The Use of HMAC-SHA-1-96 within ESP and AH Describes a particular encryption algorithm for use by AH and ESP called Secure Hash Algorithm 1 (SHA-1), HMAC variant. [RFC 2406] IP Encapsulating and Security payload (ESP) It describes the IPSec Encapsulation Security Payload (ESP) protocol that provides data encryption for confidentiality. [RFC 2408] Internet Security Association and Key Management Protocol (ISAKMP) It defines methods for exchanging keys and negotiating security associations. [RFC 2409] The Internet Key Exchange (IKE) Describes the Internet Key Exchange (IKE) protocol used to negotiate security associations and exchange keys between devices for secure communications. It is based on ISAKMP and OAKLEY. [RFC 2412] The OAKLEY Key Determination Protocol It describes a generic protocol for key exchange. [RFC 2131] Dynamic Host Configuration Protocol (DHCP) DHCP allows a host to obtain an IP address automatically, as well as to learn additional information about subnet mask, the address of its first-hop router, and the address of its local DNS server. [RFC 2131; RFC 3022] Network Address Translation (NAT)- In an attempt to provide transparent routing to hosts, NAT devices are used to connect an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses. Domain Name System (DNS): It is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various other information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. For example, www.example.com translates to 208.77.188.166. Windows Internet Name Service (WINS): It is Microsofts implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Effectively WINS is to NetBIOS names, like DNS is to domain names in fact its a central mapping of host names to network addresses. Like DNS it is broken into two parts, a Server Service (that manages the encoded Jet Database, server to server replication, service requests, and conflicts) and a TCP/IP Client component which manages the clients registration and renewal of names, and takes care of queries. VPN (Virtual Private Network) : It is a virtual computer network that exists over the top of an existing network. The purpose of a VPN is to allow communications between systems connected to the VPN using an existing shared network infrastructure as the transport, without the VPN network being aware of the existence of the underlying network backbone or without the VPN interfering with other network traffic on the backbone. A VPN between two networks is often referred to as a VPN Tunnel. Most VPN technologies can be separated into two broad categories, Secure VPNs and Trusted VPNs. Internet Protocol version 6 (IPv6): It is the next-generation Internet Protocol version designated as the successor to IPv4. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol was the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460. IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion. Due to its security and flexibility entire Internet will be deployed byIPv6 in 2012 as expected. Tunnelling: In computer networks tunnelling protocol (delivery protocol) encapsulates the different payload protocol i.e., It carries a payload over an incompatible delivery-network. It can also provide a secure path through an untrusted network without any data loss. Transport Layer Security (TLS): Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Encryption: In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text). In many contexts, the word encryption also implicitly refers to the reverse process, decryption. Internet Key Exchange: Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties. 4.IPSec System Architecture Authentication Header and Encapsulating Security Payload are commonly called protocols, though this is another case where the validity of this term is debatable. They are not really distinct protocols but are implemented as headers that are inserted into IP datagrams, as we will see. They thus do the grunt work of IPSec, and can be used together to provide both authentication and privacy. IPSec protocols: The IPSec protocol family consists of two protocols: Authentication Header (AH) and Encapsulated Security Payload (ESP). Both these protocols are independent IP. AH is the IP protocol 51 and ESP is the IP protocol 50 Authentication Header: This is a member of the IPSec protocol suite. Authentication Header provides connectionless data integrity and data origin authentication of IP packets. Further, it can also provide protection against the replay attacks by using the sliding window technique and by discarding the old packets. Authentication Header also gives protection for the IP payload and all the header fields of an IP datagram. AH generally operates on the stop of IP, by using the IP protocol number 51. An AH packet diagram is shown below which describes how an AH packet can be constructed and interpreted: 0 7 bit 8 15 bit 16 23 bit 24 31 bit Next header Payload length RESERVED Security parameters index (SPI) Sequence number Authentication data (variable) Field meanings: Next header: This field is an 8-bit field that mainly identifies the type of the next payload obtained after the Authentication Header. The value of this field can be chosen from the set of defined IP Protocol Numbers. RESERVED These fields are usually reserved for the future use. Payload length This defines the size of Authentication Header packet. Sequence number This field represents a monotonically increasing number which is used to prevent certain replay attacks. Security parameters index (SPI) This field is used to identify the security parameters, in combination with the IP address, and then identify the security association techniques implemented with this packet. Authentication data This field contains the integrity check value (ICV) which is necessary to authenticate the packet. This field may also contain padding. Encapsulating Security Payload: ESP which can be expanded as Encapsulating Security Payload is a member belonging of the IPSec protocol suite. IPSec achieves integrity, origin authenticity, and confidentiality protection of packets. This protocol also supports encryption-only and authentication-only configurations. However usage of only encryption technique without authentication is not recommended because it is termed insecure. ESP does not protect the IP packet header like the Authentication Header (AH) does. The packet diagram below shows how an ESP packet is constructed and interpreted: 0 7 bit 8 15 bit 16 23 bit 24 31 bit Security parameters index (SPI) Sequence number Payload data (variable) Padding (0-255 bytes) Pad Length Next Header Authentication Data (variable) Field meanings: Security parameters index (SPI) This field is used to identify the security parameters by combining the IP addresses. Payload data This field represents data which is needs to be transferred. Sequence number This field is a monotonically increasing number which can be used to prevent replay attacks. Padding This field along with some block ciphers is used to pad the data to the full length of a block. Next header This field generally identifies the protocol of the payload data. The value of this field is chosen from the set of IP Protocol Numbers which has been defined from the recent Internet Assigned Numbers Authority called Assigned Numbers RFC. Authentication data: This field contains the data which is used to authenticate the packet Pad length This field represents the size of padding in bytes. IPSec implementation There are many methods to IP Security. In the Microsofts Windows 2003 the server version, there are many such techniques and tweaks which are useful to help provide a secure base to the system. The operating system is very good in protecting the system from attacks which may be active attacks or in some cases passive attacks. The procedures for IPSec are placed properly into the system which helps it tackle such attacks. This is possible by providing a secure packet filter for packet transport and also using cryptography. This technology is very in high use for communication types like host to host, router to router, gateway to gateway, site to site and also in virtual private networks. Some other places for successful implementation are secure servers. The IPSec comes as a basic Group Policy controlled by Dos Prompt commands and it also has user interface with custom programs installed. The implementation of IPSec involves these steps: Overview of IPSec Deployment Determining Our Internet Protocol Security targets Preparing a Internet Protocol Security Policy Implementation of the designed policies Overview of IPSec Deployment: There are many techniques such as usage of cryptography and authentication software to secure the communication in a network. The connection may be between two parties or between a group of users. Security is to make sure that the communication is not broken, the communication is not intervened and the data is not altered. The Internet Protocol Security has some features which help running a secure transmission. IPSec has set procedures which help achieve these ends. Today there are many companies and it is getting harder day by day to ensure the security of such humungous networks with a heavy workload on the networks. It is also very hard to track any attacks on the network in millions and millions of request. Using firewalls to protect a network did work for some days but it has proved to be impractical as it has no proper rules to detect intrusions or attacks. The advent of IPSec is a leap in computer and network security. This protocol has a wide spectrum of features which are strong enough to contain such high volume of network requests and also handle intrusions. The Internet Protocol for Security is not a versatile detection protocol. It is capable of managing most of the policies to grant or reject, block and negotiate the traffic in a network. This can also be permitted to a specific set of addresses or in some cases protocol and also a different policy to each port. It is recommended that we use ICF (Internet Connection Firewall) when we are in need of a firewall which is capable of providing a network interface for very big networks. This is because the internet protocol for Security has a very strict and a very stern strategy which is based on static filtering based on IP addresses. But this is it is totally different in the case of the Internet Connection Firewall. The ICF has policies which has a set of filter for all the addresses which are capable of being accessed. The Internet Protocol for Security can be used when the restriction is only to a particular set of addresses or the communication between a group of computers. There are many ways to use IPSec in a network but the best way is bye using a directory with all the domains and also a GP when needed. Some areas of interest when implementing IPSecurity: The decision of where we must secure computers and how on our network which can be done by running a group of systems in a directory which is also called as the Active Directory Organisational Units or OUs. The next step is to determine the strength of the policies we assign. Determining Our Internet Protocol Security targets: The first step in deploying IPSec on our server or the network can be done properly by deciding which set of systems are in dire need of security. There are surely some places on the network which are in a need of higher security than the other sections. It is for sure that IPSec is capable of providing optimal security but the problems starts when the network slows down due to the excessive data to be processed and also a large number of systems for IPSec to follow and maintain. In some cases, there are systems which are not upgraded to be able to support the IPSecurity. In beginning of the protocol design procedure, proper planning should be done to make sure that our current network environment available for use. It is always helpful to have a set of the network topology with all of its hardware and software components. This procedure is of high importance mainly in the designing procedure. IPSecurity is highly vulnerable to a network topology. There are many network topologies in which IPSec is not well suited. Preparing a Internet Protocol Security Policy : As said earlier, there are many network topologies which are not suitable to the default structure of the IPSec policies. There is a need to develop a custom IPSec set of policies well suited for the current network. Some organisations can run their network with a small set of policies. But in companies with a very huge network, there are many policies which are to be implemented properly and also a stringent structure is to be maintained. Steps below shows how IP Sec policies work. There might be some cases where the company or the organisation is interested in implementing a policy which sets a secure communication between two specified computers. This can be done by restricting all traffic and adding exceptions which relates to these two systems. This method can be done vice versa. A network can be setup with policies to allow all requests and block specific ports or computers. To implement such exceptions, a thorough analysis of the network is clearly needed. Computer roles: Security for Data Transmission: Security needs are different from each and every data packet transmitted. The security policies are also very different. There are many levels in this instance. When considering encryption, there are many types such as AES, DE5, RSA and many more. RSA is the best encryption software available presently. These programs can be used to secure files on transmission, on a network or even in the system. Operating System Computers: IPSecurity is a very unique technique used to implement security in a network. There are many operating systems which are not so advanced to implement IPSec. There is no support for IPSec. But there are many operating systems which are capable of running IPSec in transport mode. Some other cases, the policies are stored locally which makes it easier to decide as the implementation doesnt take long enough. In some cases, IPSec policies are implemented through the Group Policy. Settings of Internet Protocol for Security: The set of general policies for IPSec is necessary. The General IPSec policies are needed either for companies which need packet filtering or for other companies which need system to system or network to network connection security. IPSec Rules The rules devised for the Internet Protocol for Security are used to find out any problems in a network. These rules are a depiction of all the problems in a network. A clear picture of all the problems and their consequences are listed in a particular section on the network. The table below describes a set of rules in the IPSec. Table6.5Settings of IPSec Rules Settings Details Example Filter list A name for each filter is specified. Each and every filter has its own list of traffic and also its own filter action list. Filters can be devised in such a way that they match to particular Internet Protocols, source and destination for TCP, UDP and IP Addresses. The filter list name might include the version number, the last update time, and the administrative owner. Each computer discards the filter list name during policy processing. . Source Address: My IP Address Destination Address: 172.16.0.4 Protocol: TCP Source Port: Any Dest Port: 1434 Mirrored: Yes Name: Me to sqlsvr3 TCP * 1434 Filter action Specifies whether a packet is permitted, blocked, or secured. If packets are to be secured, specifies how they are secured. A list of security methods specifies the security protocol, cryptographic algorithm, and session key regeneration frequency. Request Security Authentication methods One or more authentication methods, which are specified in order of preference. Available options are KerberosV5, certificate, or preshared key. KerberosV5 Tunnel endpoint Specifies whether to use tunnel mode and, if so, the tunnels endpoint. 172.16.0.5 Connection type Specifies whether the rule applies to LAN connections, remote access connections, or both. LAN Assigning IPSec Policies: As a domain administrator, there are many ways which can be implemented configure and implement policies for Internet Policies. These vary from each and every global enterprise to a site, user, group or application also. Internet Protocol Security can be implemented in systems running on Windows 2000 also. This can be done by addressing the policies in a local environment of the domain. Implementation of the designed policies: After scoping our needs, building IPSec policies, and determining our strategy, there are many procedures to be followed. Proper implementation of such policies is done by testing them in an environment for a period of time and then implement in the real scenario. This is to be done before the production stage. There are many stages to be implemented before the production of the IPSec policies. These policies are properly tested in lab conditions first. The next stage is to implement these policies in a limited resource environment. Looking at the results of the limited operational environment, the decision for production is made. A Cryptographic Evaluation of IPSec: Internet Protocol for Security was always a topic. It had some serious critic reviews. But even after all the negative reviews; IPSecurity is the best system for security which is available right now. There are many more alternatives to IPSec which have been tested and implemented. According to a recent survey, these alternative protocols are very different and not so secure. Some protocols are not close to what IPSec does and the rest are not even in the race. Such is the difference in between IPSec and the rest of the security protocols. Considering the market factor, IPSec is the best and also the safest option. There are of course some drawbacks to this technology. One of these drawbacks is the complexity of IPSec. IPSec has many options instilled into its structure which puts the handler in a state of dilemma. Another drawback is that the IPSec system has many ways to implement a single task. It is instructive to compare this to the approach taken by NIST for the development of AES [NIST97a, NIST97b]. Instead of a committee, NIST organized a contest. Several small groups each created their own proposal, and the process is limited to picking one of them. At the time of writing there has been one stage of elimination, and any one of the five remaining candidates will make a much better standard than any committee could ever have made. Complexity Trap: Securitys worst enemy is complexity. Complexity of IPSecurity is highly complex. The complexity is far beyond its security. IPSecurity is designed to support and also implement its policies in a varied area of situations with a number of options. We feel very strongly that the resulting system is well beyond the level of complexity that can be analysed or properly implemented with current methodologies. Thus, no IPSec system will achieve the goal of providing a high level of security. IPSec has two modes of operation: transport mode and tunnel mode. There are two protocols: AH and ESP. AH provides authentication, ESP provides authentication, encryption, or both. This creates a lot of extra complexity: two machines that wish to authenticate a packet can use a total of four different modes: transport/AH, tunnel/AH, transport/ESP with NULL encryption, and tunnel/ESP with NULL encryption. The differences between these options, both in functionality and performance, are minor. The documentation also makes it clear that under some circumstances it is envisioned to use two protocols: AH for the authentication and ESP for the encryption. Modes As far as we can determine, the functionality of tunnel mode is a superset of the functionality of transport mode. (From a network point of view, one can view tunnel mode as a special case of transport mode, but from a security point of view this is not the case. The only advantage that we can see to transport mode is that it result s in a somewhat smaller bandwidth overhead. However, the tunnel mode could be extended in a straightforward way with a specialized header-compression scheme that we will explain shortly. This would achieve virtually the same performance as transport mode without introducing an entirely new mode. We therefore recommend that transport mode be eliminated. Recommendation 1 Eliminate transport mode. Without any documented rationale, we do not know why IPSec has two modes. In our opinion it would require a very compelling argument to introduce a second major mode of operation. The extra cost of a second mode (in terms of added complexity and resulting loss of security) is huge, and it certainly should not be introduced without clearly documented reasons. Eliminating transport mode also eliminates the need to separate the machines on the network into the two categories of hosts and security gateways. The main distinction seems to be that security gateways may not use transport mode; without transport mode the distinction is no longer necessary. Protocols The functionality provided by the two protocols overlaps somewhat. AH provides authentication of the payload and the packet header, while ESP provides authentication and confidentiality of the payload. In transport mode, AH provides a stronger authentication than ESP can provide, as it also authenticates the IP header fields. One of the standard modes of operation would seem to be to use both AH and ESP in transport mode. In tunnel mode, ESP provides the same level of authentication (as the payload includes the original IP header), and AH is typically not combined with ESP [KA98c, section 4.5]. (Implementations are not required to support nested tunnels that would allow ESP and AH to both be used in tunnel mode.) One can question why the IP header fields are being authenticated at all. The authentication of the payload proves that it came from someone who knows the proper authentication key. That by itself should provide adequate information. The IP header fields are only used to get the data to the recipient, and should not afiect the interpretation of the packet. There might be a very good reason why the IP header fields need to be authenticated, but until somebody provides that reason the rationale remains unclear to us. The AH protocol [KA98a] authenticates the IP headers of the loour layers. This is a c lear violation of the modularization of the protocol stack. We therefore recommend that the AH protocol be eliminated. IPSec methodology using different operating systems: IPSec is a framework for security that operates at the Network Layer by extending the IP packet header. This gives it the ability to encrypt any higher layer protocol, including TCP and UDP sessions, so it offers the greatest flexibility of all the existing TCP/IP cryptosystems. While conceptually simple, setting up IPSec is much more complex that installing SSH, for example. IPSec also has the disadvantage of requiring operating system support, since most O/S kernels dont allow direct manipulation of IP headers. Linux IPSec support (the FreeS/WAN project), for example, isnt included in the standard kernel distribution for this reason, and has to be applied as an add-on. Furthermore, putting the cryptography in the kernel isolates it from the application, making it more difficult to code crypto-aware software. Using SSL, for example, simply requires linking a library into the application and allows the application to easily query what certificates have been used to authenticate a client. IPSec defines a Security Association (SA) as its primitive means of protecting IP packets. An SA is defined by the packets destination IP address and a 32-bit Security Parameter Index (SPI), that functions somewhat like a TCP or UDP port number. SAs can operate in transport mode, where the IPSec data field begins with upper level packet headers (usually TCP, UDP, or ICMP), or in tunnel mode, where the IPSec data field begins with an entirely new IP packet header, ala RFC 2003. Furthermore, SAs can be encapsulated within SAs, forming SA bundles, allowing layered IPSec protection. For example, one SA might protect all traffic through a gateway, while another SA would protect all traffic to a particular host. The packets finally routed across the network would be encapsulated in an SA bundle consisting of both SAs. A common use of IPSec is the construction of a Virtual Private Network (VPN), where multiple segments of a private network are linked over a public network using encrypted tunnels. This allows applications on the private network to communicate securely without any local cryptographic support, since the VPN routers perform the encryption and decryption. IPSec is well suited for this environment, more so than tunneling PPP over SSL or SSH, since it operates directly on the IP packets and preserves a one-to-one correspondence between packets inside and outside the network. In the case of tunneling PPP over an encrypted TCP connection, any packet loss in the public network would trigger a TCP retransmission, stalling the link until the packet was delivered. In particular, running Voice Over IP (VoIP) traffic through a TCP/PPP tunnel would largely defeat the RTP protocol used for VoIP; IPSec is better suited in this case. IPSec Development for Linux: In the Linux IPv4 IPSec world, a lot of people use FreeS/WAN projects implementation. It consists of an inkernel IPSec processing part, Key Exchange daemon Pluto and some utility commands/scripts. To run Pluto with small changes on our IPSec kernel implementation and reduce impact for user who use FreeS/WAN implementation, we have decided to keep compatibility with FreeS/WANs IPSec programming interface between kernel and userland. For this, we use the same PF KEY interface which FreeS/WAN project extended. In kernel IPSec packet processing part, we developed AH, ESP, SAD and SPD from scratch. PF KEY interface PF KEY(v2), which is described in RFC2367, is key management API mainly for IPSec. PF KEY is used for handling the IPSec Security Association Database. Additionally we have to handle the IPSec Security Policy Database, but there is no standard for the IPSec Security Policy management API. In FreeS/WAN implementation, PF KEY interface is extended to manage the IPSec Security Policy Database. Our kernel 2.4 IPSec implementation also uses the same PF KEY interface as FreeS/WANs one. It is important to be able to run the FreeS/WANs userland application (e.g., Pluto) with small changes. 3.2 Encryption and Authentication algorithm We provide HMAC-SHA1 and HMAC-MD5 for authentication, NULL, DES-CBC, 3DES-CBS and AES for encryption. We thought encryption and authentication algorithm is not only used by IPSec and there are many algorithms so that we consider encryption and authentication algorithm and those interface should have good modularity. We adopted cipher modules which provided by CryptoAPI Project[1]. 3.3 Security Association and Security Policy SA and SP themselves dont depend substantially on the IP version. FreeS/WAN project architecture depends on their special virtual network interface for IPSec because it might focus on IPv4 tunnel mode (Their implementation also provides IPv4 transport mode). Their SA, SP, SAD and SPD also depend on their special virtual network interface. We considered and decided it was not suit to IPv6 because the IPv6 stack needed the neighbor discovery and the auto address configuration in its basic specification. If we had implemented IPv6 IPSec stack with their architecture, we had to implement those basic specification in their special virtual network interface. Therefore we implemented our own SAD and SPD in order to handle both IPv4 and IPv6. To improve the system performance, Each database will be locked by smallest granularity. And in many cases we use the read lock. SA and SP are managed by the reference counter to prevent used SA from removing by accident. 3.4 IPSec Packet Processing 3.4.1 Output There are various packet output paths from the IP(v4/6) layer to the network driver layer in Linux kernel networking stack (TCP, UDP/ICMP, and NDP[10] for IPv6). The packets which may be applied IPSec will go through these paths. We had to add IPSec functionality for these output paths, e.g, in IPv6 ip6 xmit() for TCP, ip6 build xmit() for UDP/ICMP and ndisc send ns()/ndisc send rs() for neighbor discovery packets. Output process is as follows (as shown in 1. check IPSec SP 2. lookup the IPSec SA by the IPSec SP 3. apply IPSec processing to the packet 4. output the packet to the network driver layer To reduce SA searhing time, we link the SP and the found SA after lookup from the first time. 3.4.2 Input At input, there is only path for IP packets. We added IPSec processing part in ip6 input finish(). Input process is as follows (as shown in Figure2): 1. receive the packet 2. lookup the IPSec SA by SPI(which resides in AH/ESP header) 3. check integrity and decrypt 4. check IPSec Policy. 3.5 IPSec Tunnel mode We are using IPv6-over-IPv6(and IPv4-over-IPv4) virtual tunnel device to implement IPSec tunnel mode. This implementation can avoid to duplication code of encapsulation/ decapsulation outer IP header compairing with having these code in the IPSec processing part itself. The virtual tunnel device is not different from the normal IP-over-IP virtual tunnel device in Linux. 4 IPSec implementation for kernel 2.6 The most important difference between ours and them is SAD/SPD part. They thought the whole SPD/SAD mechanic should be flow cache based lookup system shared by IPv4 and IPv6. One month later, they introduced the new network architecture called XFRM to Linux kernel 2.5. At first their developing code lacked IPv6 IPSec only for IPv4 IPSec. In order to suport IPv6 IPSec, we have implemented IPv6 IPSec code based on XFRM (and discarded our original code). 4.1 PF KEY interface The PF KEY interface of Linux kernel 2.6(and 2.5) is compatible with KAME[3] PF KEY interface. We can use setkey command for configuring SA and SP and Racoon for IKE. Additionally we can add IPSec Policy each socket via Netlink3. They have suported only IPv4 in their first code, we have added IPv6 support. 4.2 Security Association and Security Policy On the XFRM architecture, IPSec SP, which is represented as xfrm policy structure, will be bound to the routing flow cache (and IPSec policy will point IPSec SA bundle) and IPSec SA, which is represented as xfrm state structure, is included in destination cache, dst entry structure. The chaining destination cache means IPSec SA bundle. 4.3 IPSec Packet Processing4.3.1 Output The output part of the XFRM architecture is placed between the IP layer and the network driver layer. In general, non IPSec packet will be passed to the network driver layer by a single destination output function, which is resolved routing lookup. But IPSec packet will be need to apply some IPSec processing (e.g., encryption, hash). XFRM functions make a chain of destination output functions (We call Stackable Destination, as shown in Figure3). Each function match each IPSec processing (AH, ESP and IPcomp[11]). To be more specific, in order to pass a packet to the network driver layer we have to do as follows. 1. lookup routing table to decide output function by ip6 route output() 2. lookup IPSec Security Policy 3. lookup IPSec Security Association(s) suitable for IPSec Security Policy and create destination chain 4. to apply IPSec, pass a packet to the destination chain 4.3.2 Input The input part of the XFRM architecture is simpler than output. The XFRM input function is handled as same as upper layer protocols like TCP, UDP, etc. In IPv6, IPSec headers are defined as IPv6 extension header but IPSec input functions are handled as an upper layer protocol handler. As the result of introducing IPv6 IPSec input processing in Linux. Kernel, inconsistencies existed between IPSec headers and other IPv6 extension headers. In order to resolve this, we moved to the other IPv6 extension header handler functions to upper layer protocol handler. In detail, we registered IPSec header (both AH and ESP) handler functions with upper layer protocol handler array inet6 protos[]. Incoming IPSec packet processing flow is as follows (as shown in Figure5): 1. process IP packet from IP header in sequence 2. process IPSec part (check integrity and decrypt) if founded 3. check IPSec Security Policy 4. pass IP packet next handler 4.4 IPSec Tunnel mode Linux kernel 2.6 IPSec tunnel mode doesnt use the virtual tunnel device to create tunnel. The IPSec stack builds the outer IP header during IPSec processing by itself. IPSec Best practices Best practices IPSec in transport mode has some serious advantages over other solutions. Compared to other technologies, IPSec is built into to the Linux kernel. In other words there is noconfiguration policy(i.e. dont implement this policy because it is insecure). Example file: #!/usr/sbin/setkey flush; spdflush; add 192.168.0.50 192.168.0.51 ah 0x200 -A hmac-md5 0x11111111222222223333333333334444; add 192.168.0.51 192.168.0.50 ah 0x300 -A hmac-md5 0x44444444333333333222222222211111; add 192.168.0.50 192.168.0.51 esp 0x201 -E aes-cbc 0xAAAAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEE; add 192.168.0.51 192.168.0.50 esp 0x301 -E aes-cbc 0xZZZZZZZZZXXXXXXXXXXXCCCCCCCCCCCDDDDDDDDEEEEQQQQQ; spdadd 192.168.0.50 192.168.0.51 any -P out IPSec esp/transport//require ah/transport//require; spdadd 192.168.0.51 192.168.0.50 any -P in IPSec esp/transport//require ah/transport//require; Sections Explained #!/usr/sbin/setkey flush; spdflush; The first part of the configuration file simply flushes the keys and then the policys. add 192.168.0.50 192.168.0.51 ah 0x200 -A hmac-sha-256 0x111111112222222233333333333344445555556666666777; add 192.168.0.51 192.168.0.50 ah 0x300 -A hmac-sha-256 0x444444443333333332222222222111110000000000000000; add 192.168.0.50 192.168.0.51 esp 0x201 -E aes-cbc 0xAAAAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEE; add 192.168.0.51 192.168.0.50 esp 0x301 -E aes-cbc 0xZZZZZZZZZXXXXXXXXXXXCCCCCCCCCCCDDDDDDDDEEEEQQQQQ; These lines are the actual keys and the encryption that will be used. The first block has the keys that will be used for authentication. In this case, it is the hmac-md5algorithm. The second block contains the keys that will be used for privacy, and the method of encryption. In the example, AES-CBC will be used, which is probably stronger than should be required; the key that we will be using is 194bits, meaning that it is good enough for US Government Secret and below classifications. spdadd 192.168.0.50 192.168.0.51 any -P out IPSec esp/transport//require ah/transport//require; spdadd 192.168.0.51 192.168.0.50 any -P in IPSec esp/transport//require ah/transport//require; The final block includes the actual policy. This is where you can put port numbers and even define whether it will be TCP orUDP. Generating the keys The more random the key, the better. Obviously, the example above is insufficient to secure a network. The following command will generate a random key. While running this command, youll need to wiggle the mouse to make it run faster. Or, if you are using a terminal use /dev/urandom instead. dd if=/dev/random count=16 bs=1| xxd -ps Depending on the size of the key that you want, adjust the count (16 will produce a 128 bit key, 24 will produce a 196 bit key, and 32 will produce a 512 bit key). The size of the key is important. If you really paranoid or just haveCPUcycles to burn on cryptography, use a 256 bit key. Generally speaking 256-bit encryption is becoming the standard for sensitive data. For most applications, it is overkill. In this example, we are using the AES-CBC cipher which is used by the US Government. At the time of this writing AES 128 bit-key lengths is the defacto standard for anything that is Secret or below, while AES 196 or 256 bit-key lengths are required for Top Secret. Needless to say, the choice of the cryptographic strength and the cipher is largely your choice. For the tinfoil hat crowd, the following are viable options for the cipher and the usable strengths: algorithm keylen (bits) des-cbc 64 esp-old: rfc1829, esp: rfc2405 3des-cbc 192 rfc2451 null 0 to 2048 rfc2410 blowfish-cbc 40 to 448 rfc2451 cast128-cbc 40 to 128 rfc2451 des-deriv 64 IPSec-ciph-des-derived-01 3des-deriv 192 no document rijndael-cbc 128/192/256 rfc3602 (also known as aes-cbc) twofish-cbc 0 to 256 draft-ietf-IPSec-ciph-aes-cbc-01 aes-ctr 160/224/288 draft-ietf-IPSec-ciph-aes-ctr-03 Loading the Config After you have hashed out the configuration file, you can load it using the setkey -f /etc/setkey.conf command. If there are any errors, it will tell you. Otherwise, after the command has been run, it is immediately active. Any connection to or from the machine in question that meets a rule will have to be appropriately encrypted. If you should find that you have rendered your system unable to connect to the world, type setkey -FP. Testing The testing is rather simple if after loading the configuration file you can access the other server, then it worked. Otherwise, there is a problem. If you are particularly interested to see that the data is indeed being encrypted, a simple tcpdump will show it to you: # tcpdump -i eth0 | egrep AH|ESP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:52:37.459643 IP bhoward1 bhoward2: AH(spi=0x00000200,seq=0x2a): ESP(spi=0x00000201,seq=0x2a), length 104 18:52:37.459761 IP bhoward2 bhoward1: AH(spi=0x00000300,seq=0x2a): ESP(spi=0x00000301,seq=0x2a), length 104 18:52:38.463752 IP bhoward1 bhoward2: AH(spi=0x00000200,seq=0x2b): ESP(spi=0x00000201,seq=0x2b), length 104 18:52:38.463899 IP bhoward2 bhoward1: AH(spi=0x00000300,seq=0x2b): ESP(spi=0x00000301,seq=0x2b), length 104 18:52:39.467689 IP bhoward1 bhoward2: AH(spi=0x00000200,seq=0x2c): ESP(spi=0x00000201,seq=0x2c), length 104 18:52:39.467809 IP bhoward2 bhoward1: AH(spi=0x00000300,seq=0x2c): ESP(spi=0x00000301,seq=0x2c), length 104 18:52:40.471733 IP bhoward1 bhoward2: AH(spi=0x00000200,seq=0x2d): ESP(spi=0x00000201,seq=0x2d), length 104 18:52:40.471841 IP bhoward2 bhoward1: AH(spi=0x00000300,seq=0x2d): ESP(spi=0x00000301,seq=0x2d), length 104 18:52:41.475738 IP bhoward1 bhoward2: AH(spi=0x00000200,seq=0x2e): ESP(spi=0x00000201,seq=0x2e), length 104 18:52:41.475841 IP bhoward2 bhoward1: AH(spi=0x00000300,seq=0x2e): ESP(spi=0x0000030 1,seq=0x2e), length 104 140 packets captured 284 packets received by filter 0 packets dropped by kernel If you see the AH() and the ESP() lines, then the information is encrypted. In this case it was a simplepingoperation. Boot start In order to load the rules at boot, add the following line to /etc/init.d/boot.local: # /etc/init.d/boot.local /usr/sbin/setkey -f /etc/setkey.conf /etc/init.d/boot.local will start before the network connections are activated. Adjust your firewall since IPSec will only encrypt traffic from one IP address to another, you may need to change you firewall rules to reflect this behavior. For example, if an application is listening on 5901 (VNC) and all the machines that will access the ports need have IPSec; it would be advisable to shut out everyone except the IP addresses you want. Otherwise a user could connect from a non-IPSec secured machine and then transmit the data unencrypted. In other words, IPSec is only part of the equation. Conflicts If you are using a desktop IPSec client like Raccoon you may have your rules cleared. You may need to edit your configuration files in order to include the rules. Side note On a practical level IPSec is great to secure applications with out additional overhead. At the time of writing this, I had three problems: Securing several hosts with out using a full-fledged VPN solution like OpenVPN Running Synergy Securing VNC Concern fortelnet Obviously, the first item was an o utcrop of the last three. IPSec soon became the best choice for me. Other people might find that solutions like stunnel and ssh will work for them. The biggest issue was that I wanted something that would just work. I didnt want something that I would have to monkey around or have to drop into a super-user in order to fix a problem here and a problem there. I found IPSec to be faster than any of the other solutions although I dont have hard numbers on it. Conclusion: IPSec has an extensive set of parameters within its architecture, and the interaction of those factors is not always intuitively clear. However, the IPSec communications driver follows these rules to the letter, giving system administrators and developers utilizing this system a means to follow and interpret security results, even when they are unexpected. Fortunately, the challenges of the IPSec architecture are commensurate with its poor, and the effort to thoroughly understand its intricacies will repay we with an invaluable defence against many forms of system attack. IPSec configuration may not be point-and-click simple, but it is actually easier to configure than most firewalls or other network security tools that filter packets. IPSec is still better than any other protocol (L2TP, PPTP, . . . ). Nevertheless, IPSecs design is far too complex. Secure implementations of such a complex system are almost impossible. As always in security, there is no prize for getting 90% right; w e have to get everything right. The only way out is to reduce complexity. The development process has to be blamed for this outcome, not the people that worked on it.