FEDERAL UNIVERSITY LOKOJA

DEPARTMENT OF COMPUTER SCIENCE

CSC 409: NET-CENTRIC COMPUTING

GROUP 3
TOPIC: IPSEC AND WEB PROTOCOLS WITH
EMPHASIS ON HTTP

LECTURER: DR. FREDERICK D. BASAKY

1
 GROUP MEMBERS
S/N NAME MATRIC NUMBER
1 Abimbola Mukhtar SCI19CSC005
2 Akele Ayobami Precious EDU19SED025
3 Olaniyi Opeyemi Joseph SCI20CSC160
4 Chukwu Ifeayi Victory SCI19CSC033
5 Akhaine Osalumese Christabel SCI19CSC020
6 Alamoh Temiloluwa Abraham SCI20CSC140
7 Oluwafemi Bisola Deborah SCI19CSC081
8 Ale Muyiwa Sunday SCI19CSC022
9 Abdulmalik Ozovehe Emmanuel SCI20CSC134
10 Jimoh Enehezei Mariam SCI19SCS049
11 Folorunsho Victor Friday SCI20CSC148
12 Yahaya Peter Ugbeta SCI20CSC169
13 David Ataboh SCI18CSC904
14 Olubiyo K. Augustine EDU19SED025
15 Adukwu Blessing Ugbedeojo SCI19CSC014
16 Elyon Akanya SCI19CSC019
17 Lanlehin Olanrewaju Olumide SCI18CSC082

2
 TABLE OF CONTENTS
Introduction to IPsec …………………………………………………………………4
What Is IPsec………………………………………………………………………....4
IP Security Architecture ……………………………………………………………..4
Components of IPsec………………………………………………………………....5
How Does IPsec Work……………………………………………………………….6
IPsec Modes………………………………………………………………………….6
Features of IPsec……………………………………………………………………..7
Applications of IPsec………………………………………………………………...8
Best Practices for Implementing IPsec ……………………………………………...8
Advantages and Disadvantages of IPsec ……………………………………………8
Conclusion…………………………………………………………………………...9
CHAPTER TWO
Introduction to Web Protocols ………………………………………………………10
HTTP: Hypertext Transfer Protocol…………………………………………………10
History of HTTP …………………………………………………………………….10
Working of HTTP …………………………………………………………………...11
HTTP Request ……………………………………………………………………....11
HTTP Response ……………………………………………………………………..12
HTTP Cookies ……………………………………………………………………...13
Characteristics of HTTP ……………………………………………………………13
Advantages & Disadvantages of HTTP …………………………………………….14
Conclusion ……………………………………………………………………….....14
Reference……………………………………………………………………………15

3
 CHAPTER ONE

INTRODUCTION

In today's interconnected digital landscape, safeguarding data transmitted over networks is

paramount. Internet Protocol Security (IPsec) stands as a cornerstone in achieving this goal. IPsec
is a suite of protocols designed to secure communication over IP networks. It offers a robust
framework for ensuring the confidentiality, integrity, and authenticity of data exchanged between
network devices. Whether in corporate environments, remote access scenarios, or VPN
deployments, IPsec plays a vital role in fortifying network communications against potential
threats and vulnerabilities.

WHAT IS IPSEC

IPsec (Internet Protocol Security) is a suite of protocols used to secure Internet Protocol (IP)
communications by encrypting and authenticating each data packet. It provides a framework for
secure communication over IP networks, ensuring confidentiality, integrity, and authentication of
data packets. IPsec operates at the network layer (Layer 3) of the OSI model, making it transparent
to applications and higher-layer protocols.

IP SECURITY ARCHITECTURE

IPsec (IP Security) architecture uses two protocols to secure the traffic or data flow. These
protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPsec
Architecture includes protocols, algorithms, DOI, and Key Management. All these components
are very important in order to provide the three main services:

1. Confidentiality
2. Authenticity
3. Integrity

4
 Fig1.1: IP Security Architecture.

COMPONENTS OF IPSEC

1. Encapsulating Security Payload (ESP): It provides data integrity, encryption,

authentication, and anti-replay. It also provides authentication for payload. ESP can operate
in two modes: transport mode, where only the payload is encrypted, and tunnel mode,
where the entire original IP packet, including the header, is encrypted and encapsulated
within a new IP packet.
2. Authentication Header (AH): It also provides data integrity, authentication, and anti-
replay and it does not provide encryption. The anti-replay protection protects against the
unauthorized transmission of packets. It does not protect data confidentiality.
3. Internet Key Exchange (IKE): It is a network security protocol designed to dynamically
exchange encryption keys and find a way over Security Association (SA) between 2
devices. The Security Association (SA) establishes shared security attributes between 2
network entities to support secure communication. The Key Management Protocol
(ISAKMP) and Internet Security Association provides a framework for authentication and
key exchange. ISAKMP tells how the setup of the Security Associations (SAs) and how
direct connections between two hosts are using IPsec.

5
 HOW DOES IPSEC WORK?

Computers exchange data with the IPsec protocol through the following steps.

1. The sender computer determines if the data transmission requires IPsec protection by
verifying against its security policy. If it does, the computer initiates secure IPsec
transmission with the recipient computer.
2. Both computers negotiate the requirements to establish a secure connection. This includes
mutually agreeing on the encryption, authentication, and other security association (SA)
parameters.
3. The computer sends and receives encrypted data, validating that it came from trusted
sources. It performs checks to ensure the underlying content is reliable.
4. Once the transmission is complete or the session has timed out, the computer ends the IPsec
connection.

IPSEC MODES

Tunnel mode: Usually used between secured network gateways, IPsec tunnel mode enables hosts
behind one of the gateways to communicate securely with hosts behind the other gateway. For
example, any users of systems in an enterprise branch office can securely connect with any systems
in the main office if the branch office and main office have secure gateways to act as IPsec proxies
for hosts within the respective offices. The IPsec tunnel is established between the two gateway
hosts, but the tunnel itself carries traffic from any hosts inside the protected networks. Tunnel
mode is useful for setting up a mechanism for protecting all traffic between two networks, from
disparate hosts on either end.

Transport mode. A transport mode IPsec circuit is when two hosts set up a directly connected
IPsec VPN connection. For example, this type of circuit might be set up to enable a remote
information technology (IT) support technician to log in to a remote server to do maintenance
work. IPsec transport mode is used in cases where one host needs to interact with another host.
The two hosts negotiate the IPsec circuit directly with each other, and the circuit is usually torn
down after the session is complete.

6
 Fig 1.2: IPsec Mode.

FEATURES OF IPSEC

Authentication: IPsec provides authentication of IP packets using digital signatures or shared

secrets. This helps ensure that the packets are not tampered with or forged.

Confidentiality: IPsec provides confidentiality by encrypting IP packets, preventing

eavesdropping on the network traffic.

Integrity: IPsec provides integrity by ensuring that IP packets have not been modified or corrupted
during transmission.

Key management: IPsec provides key management services, including key exchange and key
revocation, to ensure that cryptographic keys are securely managed.

Tunneling: IPsec supports tunneling, allowing IP packets to be encapsulated within another

protocol, such as GRE (Generic Routing Encapsulation) or L2TP (Layer 2 Tunneling Protocol).

Flexibility: IPsec can be configured to provide security for a wide range of network topologies,
including point-to-point, site-to-site, and remote access connections.

Interoperability: IPsec is an open standard protocol, which means that it is supported by a wide
range of vendors and can be used in heterogeneous environments.

7
 APPLICATIONS OF IPSEC

Site-to-Site VPN: IPsec is commonly used to establish secure connections between geographically
distributed networks, enabling secure communication between corporate offices or data centers.

Remote Access VPN: IPsec allows remote users to securely connect to corporate networks over
the Internet, providing secure access to resources from remote locations.

Network-to-Network VPN: IPsec enables secure communication between multiple networks,

such as branch offices or partner networks, over public or untrusted networks.

Secure VoIP Communication: IPsec can be employed to secure Voice over IP (VoIP)
communication, ensuring confidentiality and integrity of voice data transmitted over IP networks.

BEST PRACTICES FOR IMPLEMENTING IPSEC

Define Security Policies: Clearly define security policies to determine which traffic requires
protection and how it should be secured.

Use Strong Authentication and Encryption: Implement strong authentication methods and
encryption algorithms to ensure the confidentiality, integrity, and authenticity of data.

Regularly Update and Rotate Keys: Regularly update cryptographic keys and rotate them
periodically to mitigate the risk of key compromise.

Monitor and Audit IPsec Traffic: Monitor and audit IPsec traffic to detect and respond to
security incidents and anomalies effectively.

ADVANTAGES AND DISADVANTAGES OF IPSEC

Advantages:

Strong Security: IPsec provides robust security features, including encryption, authentication,
and integrity protection.

Compatibility: IPsec is widely supported by network devices and operating systems, making it a
versatile solution for securing network communications.

Flexibility: IPsec offers flexibility in configuring security policies and encryption algorithms to
meet specific security requirements.

8
Disadvantages:

Complexity: Configuring and managing IPsec can be complex, especially in large-scale

deployments with multiple endpoints and security policies.

Overhead: IPsec introduces overhead in terms of processing power and bandwidth due to
encryption and encapsulation of IP packets.

Key Management: Effective key management is crucial for the security of IPsec deployments,
and managing cryptographic keys securely can be challenging.

CONCLUSION

In conclusion, IPsec is a powerful tool for securing IP communications, providing essential

security features such as encryption, authentication, and integrity protection. By understanding its
key components, deployment scenarios, advantages, and limitations, organizations can effectively
leverage IPsec to safeguard their network communications against potential threats and
vulnerabilities.

9
 CHAPTER TWO

INTRODUCTION TO WEB PROTOCOLS

Web protocols are sets of rules and conventions that govern the communication between clients
(such as web browsers) and servers over the World Wide Web. These protocols enable the
exchange of data, resources, and information across the internet. One of the fundamental web
protocols is the Hypertext Transfer Protocol (HTTP), which forms the basis of communication for
accessing and transmitting web resources.

HTTP: HYPERTEXT TRANSFER PROTOCOL

Overview
HTTP is an application-layer protocol used for transferring hypertext documents on the World
Wide Web. It follows a client-server model, where a client (such as a web browser) sends requests
to a server, and the server responds with the requested resources. HTTP operates over TCP/IP and
typically uses port 80 for communication.

HISTORY OF HTTP
Tim Berners Lee and his team at CERN get credit for inventing original HTTP and associated
technologies.

HTTP version 0.9: This was the first version of HTTP which was introduced in 1991.

HTTP version 1.0: In 1996, RFC 1945 (Request for Comments) was introduced in HTTP version
1.0.

HTTP version 1.1: In January 1997, RFC 2068 was introduced in HTTP version 1.1.
Improvements and updates to the HTTP version 1.1 standard were released under RFC 2616 in
June 1999.

HTTP version 2.0: The HTTP version 2.0 specification was published as RFC 7540 on May 14,
2015.

HTTP version 3.0: HTTP version 3.0 is based on the previous RFC draft. It is renamed as Hyper-
Text Transfer Protocol QUIC which is a transport layer network protocol developed by Google.

10
 WORKING OF HTTP
First of all, whenever we want to open any website then first open a web browser after that we will
type the URL of that website (e.g., www.facebook.com). This URL is now sent to the Domain
Name Server (DNS). Then DNS first check records for this URL in their database, then DNS will
return the IP address to the web browser corresponding to this URL. Now the browser is able to
send requests to the actual server.

After the server sends data to the client, the connection will be closed. If we want something else
from the server, we should have to re-establish the connection between the client and the server.

Fig 2.1: HTTP Connection.

HTTP REQUEST
HTTP request is simply termed as the information or data that is needed by Internet browsers for
loading a website. This is simply known as HTTP Request.

There is some common information that is generally present in all HTTP requests. These are
mentioned below.

HTTP Request Headers: HTTP Request Headers generally store information in the form of key-
value and must be present in each HTTP Request. The use of this Request Header is to provide
core information about the client’s information, etc.

HTTP Request Body: HTTP Request Body simply contains the information that has to be
transferred. HTTP Request has the information or data to be sent to these browsers.

HTTP Methods: HTTP defines several request methods, each specifying the type of action the
client desires to perform on a resource. Common HTTP request methods include:

11
GET: Retrieves data from the server.
POST: Submits data to be processed by the server.
PUT: Uploads a resource to the server.
DELETE: Removes a resource from the server.
HEAD: Retrieves the headers of a resource without the body.
OPTIONS: Retrieves information about the communication options available for the server.
PATCH: Applies partial modifications to a resource.
HTTP RESPONSE
HTTP Response is simply the answer to what a Server gets when the request is raised. There are
various things contained in HTTP Response, some of them are listed below.

HTTP Status Code

HTTP Headers

HTTP Body

Fig 2.2: HTTP Response.

12
HTTP Response Headers: HTTP headers provide additional information about the request or
response, such as the content type, content length, caching directives, and more. Headers are
crucial for conveying metadata and instructions between the client and server, ensuring smooth
communication.

HTTP Response Body: HTTP Responses are the responses that are received successfully upon
the request. Generally, it comes under the requests generated by the web. In most cases, the request
is of transferring the HTML data into a webpage.

HTTP Status Code: HTTP Status Codes are the 3-Digit codes that tell the message or simply tell
us about the HTTP Request whether it has been completed or not. There are simply 5 types of
status codes.

Informational e.g. 100 Continue: readies for the client to continue with a request.

Successful e.g. 200 OK: For a successful transaction.

Re-directional e.g. 300 Multiple Choices: The requested URL refers to more than one resource.

Client-Error e.g. 404 Not Found: The document at the specified URL does not exist.

Server-Error e.g. 500 Internal Server Error: This code indicates that a part of the server
encountered a configuration error.

HTTP COOKIES
An HTTP cookie (web cookie, browser cookie) is a little piece of data that a server transmits to a
user’s web browser. When making subsequent queries, the browser may keep the cookie and
transmit it back to the same server. An HTTP cookie is typically used, for example, to maintain a
user’s login state, to determine whether two requests originate from the same browser. For the
stateless HTTP protocol, it retains active information.

CHARACTERISTICS OF HTTP
HTTP is IP based communication protocol that is used to deliver data from server to client or vice-
versa.

1. The server processes a request, which is raised by the client, and also server and client
know each other only during the current bid and response period.

13
 2. Any type of content can be exchanged as long as the server and client are compatible with
it.
3. Once data is exchanged, servers and clients are no longer connected.
4. It is a request and response protocol based on client and server requirements.
5. It is a connection-less protocol because after the connection is closed, the server does not
remember anything about the client and the client does not remember anything about the
server.
6. It is a stateless protocol because both client and server do not expect anything from each
other but they are still able to communicate.

ADVANTAGES OF HTTP
1. Memory usage and CPU usage are low because of fewer simultaneous connections.
2. Since there are few TCP connections hence network congestion is less.
3. Since handshaking is done at the initial connection stage, then latency is reduced because
there is no further need for handshaking for subsequent requests.
4. The error can be reported without closing the connection.
5. HTTP allows HTTP pipe-lining of requests or responses.

DISADVANTAGES OF HTTP

1. HTTP requires high power to establish communication and transfer data.

2. HTTP is less secure because it does not use any encryption method like HTTPS and use
TLS to encrypt regular HTTP requests and response.
3. HTTP is not optimized for cellular phones and it is too gabby.
4. HTTP does not offer a genuine exchange of data because it is less secure.
5. The client does not close the connection until it receives complete data from the server;
hence, the server needs to wait for data completion and cannot be available for other clients
during this time.

CONCLUSION

Web protocols, particularly HTTP, form the backbone of communication on the World Wide Web,
enabling the exchange of data and resources between clients and servers. Understanding the

14
fundamentals of HTTP, including request methods, response status codes, headers, and cookies, is
essential for developing and maintaining web applications. Additionally, the adoption of HTTPS
enhances security by encrypting web traffic, safeguarding sensitive information from unauthorized
access and interception. Overall, web protocols are crucial for the seamless operation and security
of the internet.

REFERENCES:

https://www.geeksforgeeks.org/ip-security-ipsec/
https://aws.amazon.com/what-is/ipsec/
https://www.techtarget.com/searchsecurity/definition/IPsec-Internet-Protocol-Security
https://www.geeksforgeeks.org/http-full-form/

15