SlideShare una empresa de Scribd logo

IPSec Chapter Summary

Descargar como PPT, PDF
J
jaymehta971

IPSec provides a framework for securing IP communications through encryption and authentication. It allows pairs of communicating entities to choose appropriate security algorithms. IPSec can secure branch office connectivity, remote access, extranets, and e-commerce. It authenticates packets and protects against replays. Security associations define the security parameters between sender and receiver. Authentication Header provides integrity and authentication of packets while Encapsulating Security Payload provides confidentiality through encryption. Key management protocols like Oakley and ISAKMP handle automated key establishment.

Tecnología
1 de 31
Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson 1
Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management Henric Johnson 2
TCP/IP Example Henric Johnson 3
IPv4 Header Henric Johnson 4
IPv6 Header Henric Johnson 5
IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Henric Johnson 6
IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security Henric Johnson 7
IP Security Scenario Henric Johnson 8
IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged Henric Johnson 9
IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities Henric Johnson 10
IPSec Document Overview Henric Johnson 11
IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity Henric Johnson 12
Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier Henric Johnson 13
Transport Mode Tunnel Mode SA SA Authenticates IP payload Authenticates entire AH and selected portions of inner IP packet plus IP header and IPv6 selected portions of extension headers outer IP header Encrypts IP payload and Encrypts inner IP ESP any IPv6 extesion header packet Encrypts IP payload and Encrypts inner IP ESP with any IPv6 extesion packet. Authenticates authentication header. Authenticates IP inner IP packet. payload but no IP header Henric Johnson 14
Before applying AH Henric Johnson 15
Transport Mode (AH Authentication) Henric Johnson 16
Tunnel Mode (AH Authentication) Henric Johnson 17
Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks. Henric Johnson 18
End-to-end versus End-to- Intermediate Authentication Henric Johnson 19
Encapsulating Security Payload • ESP provides confidentiality services Henric Johnson 20
Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96 Henric Johnson 21
ESP Encryption and Authentication Henric Johnson 22
ESP Encryption and Authentication Henric Johnson 23
Combinations of Security Associations Henric Johnson 24
Combinations of Security Associations Henric Johnson 25
Combinations of Security Associations Henric Johnson 26
Combinations of Security Associations Henric Johnson 27
Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP) Henric Johnson 28
Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption Henric Johnson 29
ISAKMP Henric Johnson 30
Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994 Henric Johnson 31

Recomendados

Chapter 6
Chapter 6Chapter 6
Chapter 6shivz3
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 

Recomendados

Chapter 6
Chapter 6Chapter 6
Chapter 6shivz3
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011manav416
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170006
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)Azad Kaki
 
VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityJyoshna Cec Cse Staf bejjam
 
I psec
I psecI psec
I psecnlekh
 
Ip sec
Ip secIp sec
Ip secshifanabasheer
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
Vpn
VpnVpn
VpnKamalPreet Saluja
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkMariana Hansen
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...apidays
 
ch06.ppt
ch06.pptch06.ppt
ch06.pptssuserec53e73
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.pptssuserec53e73
 

Más contenido relacionado

La actualidad más candente

BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011manav416
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170006
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)Azad Kaki
 
VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
I psec
I psecI psec
I psecnlekh
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkMariana Hansen
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...apidays
 

La actualidad más candente (20)

Ipsec
IpsecIpsec
Ipsec
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
 
IP Security
IP SecurityIP Security
IP Security
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Websecurity
Websecurity Websecurity
Websecurity
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Works
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
I psec
I psecI psec
I psec
 
Ip sec
Ip secIp sec
Ip sec
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
Vpn
VpnVpn
Vpn
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
 

Similar a IPSec Chapter Summary

Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
Chapter 7
Chapter 7Chapter 7
Chapter 7shivz3
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
ch10.ppt
ch10.pptch10.ppt
ch10.pptImXaib
 
Chapter 10
Chapter 10Chapter 10
Chapter 10shivz3
 

Similar a IPSec Chapter Summary (20)

ch06.ppt
ch06.pptch06.ppt
ch06.ppt
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
I psec
I psecI psec
I psec
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
ch08 (1).ppt
ch08 (1).pptch08 (1).ppt
ch08 (1).ppt
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
 
ch10.ppt
ch10.pptch10.ppt
ch10.ppt
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 

Último

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

IPSec Chapter Summary

  • 1. Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson 1
  • 2. Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management Henric Johnson 2
  • 3. TCP/IP Example Henric Johnson 3
  • 4. IPv4 Header Henric Johnson 4
  • 5. IPv6 Header Henric Johnson 5
  • 6. IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Henric Johnson 6
  • 7. IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security Henric Johnson 7
  • 8. IP Security Scenario Henric Johnson 8
  • 9. IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged Henric Johnson 9
  • 10. IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities Henric Johnson 10
  • 11. IPSec Document Overview Henric Johnson 11
  • 12. IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity Henric Johnson 12
  • 13. Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier Henric Johnson 13
  • 14. Transport Mode Tunnel Mode SA SA Authenticates IP payload Authenticates entire AH and selected portions of inner IP packet plus IP header and IPv6 selected portions of extension headers outer IP header Encrypts IP payload and Encrypts inner IP ESP any IPv6 extesion header packet Encrypts IP payload and Encrypts inner IP ESP with any IPv6 extesion packet. Authenticates authentication header. Authenticates IP inner IP packet. payload but no IP header Henric Johnson 14
  • 15. Before applying AH Henric Johnson 15
  • 16. Transport Mode (AH Authentication) Henric Johnson 16
  • 17. Tunnel Mode (AH Authentication) Henric Johnson 17
  • 18. Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks. Henric Johnson 18
  • 19. End-to-end versus End-to- Intermediate Authentication Henric Johnson 19
  • 20. Encapsulating Security Payload • ESP provides confidentiality services Henric Johnson 20
  • 21. Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96 Henric Johnson 21
  • 22. ESP Encryption and Authentication Henric Johnson 22
  • 23. ESP Encryption and Authentication Henric Johnson 23
  • 24. Combinations of Security Associations Henric Johnson 24
  • 25. Combinations of Security Associations Henric Johnson 25
  • 26. Combinations of Security Associations Henric Johnson 26
  • 27. Combinations of Security Associations Henric Johnson 27
  • 28. Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP) Henric Johnson 28
  • 29. Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption Henric Johnson 29
  • 31. Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994 Henric Johnson 31