‫الجمهورية الجزائرية الديمقراطية الشعبية‬

Ministère de l’Enseignement Ministère de la Poste, des Télécommunications,

Supérieur et de la Recherche des Technologies et du Numérique
Scientifique

Institut National des Télécommunications ‫المعهد الوطني‬

et des Technologies de l’Information et de ‫لالتصاالت‬
la Communication ‫وتكنولوجيات اإلعالم‬
‫واالتصال‬

Exposé de 4 éme année

Thème
VPN Technology

Présenté par : MAGHRAOUI Ahmed Elbachir

KHEMMAS Mohamed Amine

Encadré par : M. BENBAKRETI Samir

Promotion : IGE 41
Année Universitaire : 2019-2020
Contents

1 Introduction 1

2 Fundamentals of VPN Technology 2

2.1 What Is a VPN? . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2 Types of VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2.1 Remote-access VPNs . . . . . . . . . . . . . . . . . . . . . 2
2.2.2 Site-to-site VPNs . . . . . . . . . . . . . . . . . . . . . . . 3
2.3 Advantages of VPN . . . . . . . . . . . . . . . . . . . . . . . . . 3

3 Encryption and hash functions 5

3.1 What is encryption? . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2 Types of encryption . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2.1 Symmetric encryption . . . . . . . . . . . . . . . . . . . . 5
3.2.2 Asymmetric encryption . . . . . . . . . . . . . . . . . . . 6
3.3 Hash Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3.1 Requirements for a Hash Function . . . . . . . . . . . . . 7

4 VPN Protocols 9
4.1 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1.1 How PPTP Works . . . . . . . . . . . . . . . . . . . . . . 9
4.2 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3 SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3.1 How SSL works . . . . . . . . . . . . . . . . . . . . . . . 10
4.4 IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.4.1 What is IPsec . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.4.2 How IPsec Works . . . . . . . . . . . . . . . . . . . . . . . 12

5 Site-To-Site VPN lab 13

5.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

6 Conclusion 17

Bibliography 17

i
Acronyms

ADSL Asymmetric Digital Subscriber Line. 10

AES Advanced Encryption Standard. 5

BGP User Datagram Protocol. 12

CPU Central Processing Unit. 5

DES Data Encryption Standard. 5

DSLAM digital subscriber line access multiplexer. 10

ESP Encapsulating Security Payload. 12

GRE Generic Routing Encapsulation. 9

ICMP Internet Control Message Protocol. 12

IDEA International Data Encryption Algorithm. 5

IP Internet Protocol. 11

L2TP Layer 2 Tunneling protocol. 10

MD5 Message digest 5. 8

NAS Network Access Server. 10

PPP Point-to-point protocol. 9

PPTP Point-to-Point Tunneling Protocol. 9

RC2 Rivest’s cipher. 5

SHA-1 Secure Hash Algorithm 1. 8

SHA-2 Secure Hash Algorithm 2. 8

SSL Secure Sockets Layer. 2

ii
 Acronyms

TCP Transmission control Protocol. 12

UDP User Datagram Protocol. 12

VPN Virtual Private Network. 1

Page iii
List of Figures

2.1 VPN Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . 3

3.1 Symmetric encryption . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2 Asymmetric encryption . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 hush function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.1 PPTP VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

4.2 SSL VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

5.1 Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

5.2 Testing connectivity from pc0 . . . . . . . . . . . . . . . . . . . 15
5.3 Testing connectivity from pc1 . . . . . . . . . . . . . . . . . . . 16
1. Introduction

There is an increasing demand nowadays to connect to internal networks from

distant locations. Employees often need to connect to internal private networks
over the Internet (which is by nature insecure) from home, hotels, airports
or from other external networks. Security becomes a major consideration when
staff or business partners have constant access to internal networks from insecure
external locations.
VPN technology provides a way of protecting information being transmitted
over the Internet, by allowing users to establish a virtual private “tunnel” to se-
curely enter an internal network, accessing resources, data and communications
via an insecure network such as the Internet.

1
2. Fundamentals of VPN Technology

2.1 What Is a VPN?

If we break down the term virtual private network into its individual compo-
nents, we could say that a network allows connectivity between two devices.
Those two devices could be computers on the same local-area network or could
be connected over a wide-area network. In either case, a network is providing
the basic connectivity between the two. The word virtual in VPN refers to
a logical connection between the two devices. For example, one user may be
connected to the Internet in Las Vegas, Nevada, and another user may be con-
nected to the Internet in Vienna, Austria, and we could build a logical network,
or virtual network, between the two devices using the Internet as our transport
mechanism. The letter P in VPN refers to private . The virtual network we
could create between our two users in Las Vegas and Vienna would be private
between those two parties. So, there are the basics for VPN, a virtual private
network[1].
VPN is a generic term used to describe a communication network that uses
any combination of technologies to secure a connection tunnelled through an
otherwise unsecured or untrusted network. Instead of using a dedicated connec-
tion, such as leased line, a ”virtual” connection is made between geographically
dispersed users and networks over a shared or public network, like the Internet.
Data is transmitted as if it were passing through private connections.

2.2 Types of VPNs

There are two major categories into which VPNs could be placed: remote-access
and site-to-site. The following are details about each, including when they might
be used:

2.2.1 Remote-access VPNs

Remote-access VPNs: Some users might need to build a VPN connection from
their individual computer to the corporate headquarters (or to the destination
they want to connect to). This is referred to as a remote-access VPN connection
. Remote-access VPNs can use or SSL technologies for their VPN.

2
 2.3. Advantages of VPN

Remote Access.png Remote Access.png

Figure 2.1: VPN Remote Access

2.2.2 Site-to-site VPNs

The other main VPN implementation is by companies that may have two or
more sites that they want to connect securely together (likely using the In-
ternet) so that each site can communicate with the other site or sites. This
implementation is called a site-to-site VPN . Site-to-site VPNs traditionally use
a collection of VPN technologies called IPsec .

2.3 Advantages of VPN

It’s obvious that because of people’s security need and especially because of
the need for sending encrypted data over a network, the VPN technology has
been developed. But beside the role of creating a “private scope of computer
communications,” VPN technology has many other advantages:
• Enhanced security. When you connect to the network through a VPN,
the data is kept secured and encrypted. In this way, the information is
away from the hackers’ eyes.

• Remote control. In case of a company, the great advantage of having a

VPN is that the information can be accessed remotely even from home or
from any other place. That’s why a VPN can increase productivity within
a company.
• Share files. A VPN service can be used if you have a group that needs to
share data for an extended period.
• Online anonymity. Through a VPN you can browse the web in complete
anonymity. Compared to hide IP software or web proxies, the advantage
of a VPN service is that it allows you to access both web applications and
websites in complete anonymity.

• Unblock websites bypass filters. VPNs are great for accessing blocked
websites or for bypassing Internet filters. This is why there is an increased
number of VPN services used in countries where Internet censorship is
applied.

Page 3
 2.3. Advantages of VPN

• Change IP address. If you need an IP address from another country, then

a VPN can provide you this.

• Better performance. Bandwidth and efficiency of the network can gener-

ally be increased once a VPN solution is implemented.
• Reduce costs. Once a VPN network is created, the maintenance cost is
very low. More than that, if you opt for a service provider, the network
setup and surveillance is no more a concern[2].

Page 4
3. Encryption and hash functions

3.1 What is encryption?

Encryption is a way of scrambling data so that only authorized parties can
understand the information. In technical terms, it is the process of converting
plaintext to ciphertext. In simpler terms, encryption takes readable data and
alters it so that it appears random. Encryption requires the use of an encryption
key: a set of mathematical values that both the sender and the recipient of an
encrypted message know.

3.2 Types of encryption

3.2.1 Symmetric encryption
A symmetric encryption algorithm, also known as a symmetrical cipher , uses
the same key to encrypt the data and decrypt the data. Two devices connected
via a VPN both need the key or keys to successfully encrypt and decrypt the data
that is protected using a symmetric encryption algorithm. Common examples
of symmetric encryption algorithms include the following:
• DES
• 3DES
• AES
• IDEA
• RC2, RC4, RC5, RC6
• Blowfish
Symmetrical encryption algorithms are used for most of the data that we protect
in VPNs today. The reason we use symmetrical to encrypt the bulk of our data
is because it is much faster to use a symmetrical encryption algorithm and takes
less CPU for the same symmetrical encryption algorithm than it would for an
asymmetrical algorithm. As with all encryption, the more difficult the key, the
more difficult it is for someone who does not have the key to intercept and
understand the data. We usually refer to keys with VPNs by their length. A
longer key means better security. A typical key length is 40 bits to 256 bits.
The minimum key length should be at least 80 bits for symmetrical encryption
algorithms to be considered fairly safe. Again, bigger is better.

5
 3.2. Types of encryption

Figure 3.1: Symmetric encryption

3.2.2 Asymmetric encryption

An example of an asymmetric algorithm is public key algorithms. There is
something magical about them. Instead of using the same key for encrypting
and decrypting, we use two different keys that mathematically work together
as a pair. Let’s call these keys the public key and private key . Together they
make a key pair . Let’s put these keys to use with an analogy.
Imagine a huge shipping container that has a special lock with two keyholes
(one large keyhole, and one smaller keyhole). With this magical shipping con-
tainer, if we use the small keyhole with its respective key to lock the container,
the only way to unlock it is to use the big keyhole with its larger key. Another
option is to initially lock the container using the big key in the big keyhole, and
then the only way to unlock it is to use the small key in the small keyhole. (I
told you it was magic). This analogy explains the interrelationship between the
public key and its corresponding private key. (I’ll let you decide which one you
want to call the big key and which one you want to call the little key.) There is a
very high CPU cost when using key pairs to lock and unlock data. For that rea-
son, we use asymmetric algorithms sparingly. Instead of using them to encrypt
our bulk data, we use asymmetric algorithms for things such as authenticating a
VPN peer or generating keying material that we could use for our symmetrical
algorithms. Both of these tasks are infrequent compared to encrypting all the
user packets (which happens consistently).
One reason this is called public key cryptography is that we allow one of
these keys to be published and available to anyone who wants to use it (the
public key). The other key in the key pair is the private key, and this private
key is known only to the device that owns the public-private key pair. An
example of using a public-private key pair is visiting a secure website. In the
background, the public-private key pair of the server is being used for security
of the session. Your PC has access to the public key, and the server is the only
one that knows its private key.

Page 6
 3.3. Hash Function

Figure 3.2: Asymmetric encryption

3.3 Hash Function

A hash value h is generated by a function H of the form
h = H(M)
where M is a variable-length message and H( M ) is the fixed-length hash value.
The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct. The receiver authenticates that
message by recomputing the hash value, because the hash function itself is not
considered to be secret.

Figure 3.3: hush function

3.3.1 Requirements for a Hash Function

The purpose of a hash function is to produce a ”fingerprint” of a file, message,
or other block of data. To be useful for message authentication, a hash function

Page 7
 3.3. Hash Function

H must have the following properties:

• H can be applied to a block of data of any size.

• H produces a fixed-length output.
• H(x) is relatively easy to compute for any given x, making both hardware
and software implementations practical.
• For any given value h, it is computationally infeasible to find x such that
H(x) = h. This is sometimes referred to in the literature as the one-way
property.

• For any given block x, it is computationally infeasible to find y different x

x such that H(y) = H(x). This is sometimes referred to as weak collision
resistance.
• It is computationally infeasible to find any pair (x, y) such that H(x) =
H(y). This is sometimes referred to as strong collision resistance [3].

An example of using a hash to verify integrity is the sender running a hash

algorithm on each packet and attaching that hash to the packet. The receiver
runs the same hash against the packet and compares his results against the
results the sender had (which were attached to the packet, as well). If the hash
generated matches the hash that was sent, we know that the entire packet is
intact. If a single bit of the hashed portion of the packet is modified, the hash
calculated by the receiver will not match, and the receiver will know that the
packet had a problem, specifically with the integrity of the packet. The three
most popular types of hashes are as follows:

• MD5: This creates a 128-bit digest.

• SHA-1: This creates a 160-bit digest.

• SHA-2: Options include a digest between 224 bits and 512 bits.

Page 8
4. VPN Protocols

4.1 PPTP
PPTP is a protocol that allows PPP connections to be tunneled through an IP
network, creating a VPN. Thus, a remote machine on network X can tunnel
traffic to a gateway machine on network Y and appear to be sitting, with an
internal IP address, on network Y. The gateway machine receives traffic to this
internal IP address, and sends it back to the remote machine on network X.
There are two primary ways of using PPTP, either directly over the Internet or
through dial up services.

Figure 4.1: PPTP VPN

4.1.1 How PPTP Works

PPTP works by encapsulating the virtual network packets inside of PPP pack-
ets, which are in turn encapsulated in GRE packets sent over IP from the client
to the gateway PPTP server and back again. In conjunction with this encap-
sulated data channel, there is a TCP-based control session. The control session
packets are used to query status and to convey signaling information between
the client and the server. The control channel is initiated by the client to the
server on TCP port 1723. In most cases this is a bi-directional communication
channel where the client can send requests to the server and vice-versa. PPTP

9
 4.2. L2TP

does not specify specific algorithms for authentication and encryption; instead
it provides a framework for negotiating particular algorithms. This negotiation
is not specific to PPTP, and relies upon existing PPP option negotiations con-
tained within CCP, CHAP, and other PPP extensions and enhancements. Just
as PPP sessions have been able to netogiate compression algorithms, they can
negotiate authentication or encryption algorithms[4].

4.2 L2TP
L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside
on different devices interconnected by a packet-switched network. With L2TP,
a user has an L2 connection to an access concentrator (e.g., modem bank, ADSL
,DSLAM, etc.), and the concentrator then tunnels individual PPP frames to the
NAS. This allows the actual processing of PPP packets to be divorced from the
termination of the L2 circuit.
One obvious benefit of such a separation is that instead of requiring the
L2 connection terminate at the NAS (which may require a long-distance toll
charge), the connection may terminate at a (local) circuit concentrator, which
then extends the logical PPP session over a shared infrastructure such as frame
relay circuit or the Internet. From the user’s perspective, there is no functional
difference between having the L2 circuit terminate in a NAS directly or using
L2TP. L2TP may also solve the multilink hunt-group splitting problem. Multi-
link PPP [RFC1990] requires that all channels composing a multilink bundle be
grouped at a single Network Access Server (NAS). Due to its ability to project
a PPP session to a location other than the point at which it was physically
received, L2TP can be used to make all channels terminate at a single NAS.
This allows multilink operation even when the calls are spread across distinct
physical NASs [5].

4.3 SSL
SSL provides privacy and reliability between two communicating applications.
The protocol is composed of two layers. At the lowest level, layered on top
of some reliable transport protocol (e.g., TCP [RFC0793]), is the SSL record
protocol. The SSL record protocol is used for encapsulation of various higher
level protocols. One such encapsulated protocol, the SSL handshake protocol,
allows the server and client to authenticate each other and to negotiate an
encryption algorithm and cryptographic keys before the application protocol
transmits or receives its first byte of data. One advantage of SSL is that it is
application protocol independent. A higher level protocol can layer on top of
the SSL protocol transparently.

4.3.1 How SSL works

The ssl protocol aims primarily to provide privacy and data integrity between
two or more communicating computer applications. When secured by ssl, con-
nections between a client (e.g a web browser) and a server should have one or
more of the following properties:

Page 10
 4.4. IPsec

vpn.png vpn.png

Figure 4.2: SSL VPN

• The connection is private. Encryption is used after an initial handshake to

define a secret key. Symmetric cryptography is used for data encryption
(e.g. DES, 3DES, RC4).

• The peer’s identity can be authenticated using asymmetric, or public key,

cryptography.
• The connection is reliable. Message transport includes a message integrity
check using a keyed Message Authentication Code (MAC) [RFC2104].
Secure hash functions (e.g SHA, MD5) are used for MAC computations
[6].

4.4 IPsec
4.4.1 What is IPsec
IPsec is a suite of protocols used to protect IP packets and has been around for
decades. It is in use today for both remote-access VPNs and site-to-site VPNs.
IPsec provides security services at the IP layer by enabling a system to
select required security protocols, determine the algorithm(s) to use for the
service(s), and put in place any cryptographic keys required to provide the
requested services. IPsec can be used to protect one or more ”paths” between
a pair of hosts, between a pair of security gateways, or between a security
gateway and a host. (The term ”security gateway” is used throughout the IPsec
documents to refer to an intermediate system that implements IPsec protocols.
For example, a router or a firewall implementing IPsec is a security gateway.)
The set of security services that IPsec can provide includes access control,
connectionless integrity, data origin authentication, rejection of replayed packets
(a form of partial sequence integrity), confidentiality (encryption), and limited
traffic flow confidentiality. Because these services are provided at the IP layer,

Page 11
 4.4. IPsec

they can be used by any higher layer protocol, e.g., TCP, UDP,ICMP,BGP,
etc.
The IPsec DOI also supports negotiation of IP compression [SMPT98], mo-
tivated in part by the observation that when encryption is employed within
IPsec, it prevents effective compression by lower protocol layers.

4.4.2 How IPsec Works

IPsec uses two protocols to provide traffic security – Authentication Header
(AH) and Encapsulating Security Payload (ESP). Both protocols are described
in more detail in their respective RFCs [KA98a, KA98b].

• The IP Authentication Header (AH) provides connectionless integrity,

data origin authentication, and an optional anti-replay service.
• ESP protocol [KA98b] may provide confidentiality (encryption), and lim-
ited traffic flow confidentiality. It also may provide connectionless in-
tegrity, data origin authentication, and an anti-replay service. (One or
the other set of these security services must be applied whenever ESP is
invoked.)
• Both AH and ESP are vehicles for access control, based on the distribution
of cryptographic keys and the management of traffic flows relative to these
security protocols.

other to provide a desired set of security services in IPv4 and IPv6. Each
protocol supports two modes of use: transport mode and tunnel mode. In trans-
port mode the protocols provide protection primarily for upper layer protocols;
in tunnel mode, the protocols are applied to tunneled IP packets.
IPsec allows the user (or system administrator) to control the granularity
at which a security service is offered. For example, one can create a single
encrypted tunnel to carry all the traffic between two security gateways or a
separate encrypted tunnel can be created for each TCP connection between
each pair of hosts communicating across these gateways. IPsec management
must incorporate facilities for specifying:
• Which security services to use and in what combinations.

• The granularity at which a given security protection should be applied.

• The algorithms used to effect cryptographic-based security.
Because these security services use shared secret values (cryptographic keys),
IPsec relies on a separate set of mechanisms for putting these keys in place. (The
keys are used for authentication/integrity and encryption services.) [7].

Page 12
5. Site-To-Site VPN lab

Figure 5.1: Site-to-Site VPN

13
 5.1. Configuration

5.1 Configuration
ISP router configuration
hostname ISP
i n t e r f a c e g0 /1
ip address 209.165.200.2 255.255.255.0
no s h u t
i n t e r f a c e g0 /0
ip address 209.165.100.2 255.255.255.0
no s h u t
exit
Configure IPsec on the router 1
hostname R1
i n t e r f a c e g0 /1
ip address 192.168.1.1 255.255.255.0
no s h u t
i n t e r f a c e g0 /0
ip address 209.165.100.1 255.255.255.0
no s h u t
exit
ip route 0 . 0 . 0 . 0 0 . 0 . 0 . 0 209.165.100.2
!
c r y p t o isakmp p o l i c y 10
e n c r y p t i o n a e s 256
a u t h e n t i c a t i o n pre−s h a r e
group 5
!
c r y p t o isakmp key s e c r e t k e y a d d r e s s 2 0 9 . 1 6 5 . 2 0 0 . 1
!
c r y p t o i p s e c t r a n s f o r m −s e t R1−R3 esp−a e s 256 esp−sha−hmac
!
c r y p t o map IPSEC−MAP 10 i p s e c −isakmp
set peer 209.165.200.1
s e t p f s group5 s e t s e c u r i t y −a s s o c i a t i o n l i f e t i m e s e c o n d s 86400
s e t t r a n s f o r m −s e t R1−R3
match a d d r e s s 100
!
i n t e r f a c e G i g a b i t E t h e r n e t 0 /0 c r y p t o map IPSEC−MAP
!
a c c e s s − l i s t 100 p e r m i t i p 1 9 2 . 1 6 8 . 1 . 0 0 . 0 . 0 . 2 5 5 1 9 2 . 1 6 8 . 3 . 0 0 . 0 . 0 . 2 5 5
Configure IPsec on the router 3
hostname R3
i n t e r f a c e g0 /1
ip address 192.168.3.1 255.255.255.0
no s h u t
i n t e r f a c e g0 /0
ip address 209.165.200.1 255.255.255.0

Page 14
 5.2. Verification

no s h u t
exit
ip route 0 . 0 . 0 . 0 0 . 0 . 0 . 0 209.165.200.2
!
c r y p t o isakmp p o l i c y 10
e n c r y p t i o n a e s 256
a u t h e n t i c a t i o n pre−s h a r e
group 5
!
c r y p t o isakmp key s e c r e t k e y a d d r e s s 2 0 9 . 1 6 5 . 1 0 0 . 1
!
c r y p t o i p s e c t r a n s f o r m −s e t R3−R1 esp−a e s 256 esp−sha−hmac
!
c r y p t o map IPSEC−MAP 10 i p s e c −isakmp s e t p e e r 2 0 9 . 1 6 5 . 1 0 0 . 1
s e t p f s group5 s e t s e c u r i t y −a s s o c i a t i o n l i f e t i m e s e c o n d s 86400
s e t t r a n s f o r m −s e t R3−R1
match a d d r e s s 100
!
i n t e r f a c e G i g a b i t E t h e r n e t 0 /0
c r y p t o map IPSEC−MAP
!
a c c e s s − l i s t 100 p e r m i t i p 1 9 2 . 1 6 8 . 3 . 0 0 . 0 . 0 . 2 5 5 1 9 2 . 1 6 8 . 1 . 0 0 . 0 . 0 . 2 5 5

5.2 Verification
Verifying connectivity between PC0 and PC1 which are in different LAN, using
the command:
ping 1 9 2 . 1 6 8 . 3 . 1 0
ping 1 9 2 . 1 6 8 . 1 . 1 0

Figure 5.2: Testing connectivity from pc0

Page 15
 5.2. Verification

Figure 5.3: Testing connectivity from pc1

Page 16
6. Conclusion

VPN provides a means of accessing a secure, private, internal network over

insecure public networks such as the Internet. A number of VPN technologies
have been outlined, among which IPsec and SSL VPN are the most common.
Although a secure communication channel can be opened and tunneled through
an insecure network via VPN, client side security should not be overlooked.

17
Bibliography

[1] MICHAEL WATKINS. CCNA Security 640-554, Official Cert Guide. 2012,
p. 426.
[2] url: https://www.ibvpn.com/2010/02/8-advantages-of-using-vpn/.
[3] William Stallings. Cryptography and Network Security. 2005, p. 453.
[4] Bruce Schneier. “Cryptanalysis of Microsoft’s Point-to-Point Tunneling
Protocol (PPTP)”, p. 7. doi: http://www.schneier.com/paper-pptp.
pdf.
[5] W. Townsley. “Layer Two Tunneling Protocol L2TP”. In: (1999), p. 03.
doi: https://tools.ietf.org/html/rfc2661.
[6] A. Freier P. Karlton. “The Secure Sockets Layer (SSL) Protocol Version
3.0”. In: (2011), p. 06. doi: https://tools.ietf.org/html/rfc6101.
[7] Kent Atkinson. “Security Architecture for the Internet Protocol”. In: (1998),
p. 06. doi: https://tools.ietf.org/html/rfc2401.

18