SlideShare a Scribd company logo

Lecture14..pdf

A
AlaaElhaddad3

internet Security

Engineering
1 of 21
Download to read offline
Network Security Course Spring 2022 Lecture 14 Department of Computer Engineering Dr Shubat Owhida 1
slide 2 Network Security All defense mechanisms must work correctly and securely Cryptographic primitives Protocols and policies Implementations RSA, DES, AES, SHA-1… TLS, IPsec, access control… Firewalls, intrusion detection… End uses Password managers, company policies…
❑ VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. Virtual Private Network (VPN) ❑ A tunnel is a virtual path across a network that delivers packets that are encapsulated and possibly encrypted.
Internet Security Protocols ❑ Security provides at Network layer with IPSec. ❑ Security provides at Transport layer with Secure Socket Layer. NIC ❑ Security Provided at application layer with Pretty Good Privacy for email security Application Transport Network link Physical SSL OS User IPSec PGP ✓ IPSec used in VPN applications (secure tunnel)
❑ IPSec a set of protocol and algorithm used to secure IP data and network layer. ❑ IPSec implemented by the network for all applications ❑ IPSec inbuild in IPv6 and compatible with IPv4. ❑ IPSec provides cryptographic security services that allow for authentication, integrity, access control, and confidentiality. ❑ IPSec is completely transparent to the applications (no need to have any knowledge of IPSec to be able to use it). ❑ IPSec is employed to establish virtual private networks (VPNs) among networks across the Internet. IPSec Implemented on end hosts and gateways. IPSec (Internet Protocol Security)
❑ IPSec provides Authentication services (verify the source of IP packet) by using Digital Signature or Pre-Shared keys. ❑ IPSec prevent replay of old IP packets (also called as "man-in-the-middle attacks"). ❑ IPSec protect integrity of IP packets by using Hashing algorithms. ❑ IPSec provides Data Confidentiality to Data by Encrypting). Goals of IPSec
7 Components of IPSec 1. Internet Key Exchange (IKE) Protocol: Internet Key Exchange is used to establish Security Association (SA) between two communicating IPSec devices. 2. Encapsulating Security Payload (ESP): IPSec uses ESP to provide Data Integrity, Encryption, Authentication, and Anti-Replay functions for IPSec VPN. ▪ Cisco IPSec implementations uses DES, 3DES and AES for Data encryption. 3. Authentication Header (AH): IPSec uses AH to provide Data Integrity, Authentication, and Anti-Replay functions for IPSec VPN. ▪ Authentication Header: It is the authenticating protocol does not provide any Data Encryption.
A Security Association (SA) database ❑ A Security Association (SA) is one of the most important concepts in IPSec, defined in RFC 1825. A Security Associations represents a specification of the security services offered to traffic carried through a unidirectional channel from one node to another. A SA are one way, a minimum of two SAs are required for a single IPSec connection. ❑ A Security Associations can offer either the AH or the ESP service, but not both. Two security associations are necessary to provide both types of services simultaneously. A total of four SAs are required for bi-directional traffic using both AH and ESP.
A Security Association (SA) database cont. ❑ Keying information for IPsec security services is maintained in security association databases (SADBs). SAs contain parameters including: ▪ Authentication algorithm and algorithm mode ▪ Encryption algorithm and algorithm mode ▪ Key(s) used with the authentication/encryption algorithm(s) ▪ Lifetime of the key ▪ Lifetime of the SA ▪ Source Address(es) of the SA ▪ Sensitivity level (ie Secret or Unclassified)
The Security Policy Database (SPD) ❑ The Security Policy Database contains a set of rules that determines whether a packet is subject to IPsec processing and governs the processing details. The SPD contains destination IP address, source IP address, UserID, Data Sensitivity Level, transport layer protocol, source and destination port. Each entry in the SPD represents a policy that defines how the set of traffic will be processing. Any inbound or outbound packet is processed in one of three ways: discard, perform IPsec processing, or bypass IPsec processing
❑ An organization maintains LANs at dispersed locations ❑ Non secure IP traffic is conducted on each LAN. ❑ IPSec protocols are used ❑ These protocols operate in networking devices that connect each LAN to the outside world. (router, firewall ) ❑ The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN Scenario of IPSec usage
IP security scenario
SAD and SPD Example ❑ Consider this example: It’s required to protect the Post Office Protocol v3 (POP3) traffic between a mail client node A and a mail server node B. The traffic exchanged between node A and node B need be encrypted. In order to apply IPsec to the traffic between the nodes, the SPD and the SAD on both node A and node B need to be set. Two SP entries for the bi-directional exchange between A and B. The SP entries on node A are described by the entries listed in the following Table
Direction Outbound Inbound Source Address Node A POP server B Destination Address POP server B Node A Upper Layer Protocol TCP TCP Upper Layer Source Port Any Port POP3 Upper Layer Destination Port POP3 Any IPsec Protocol ESP ESP Mode Transport Transport Security Policy Database for Node A
Security Policy Database for Node B Direction Outbound Inbound Source Address POP server B Node A Destination Address Node A POP server B Upper Layer Protocol TCP TCP Upper Layer Source Port POP3 Any Upper Layer Destination Port Any Port POP3 IPsec Protocol ESP ESP Mode Transport Transport
Security Association Database for Node A Direction Outbound Inbound SPI 1000 1001 Destination Address POP server B Node A IPsec Protocol ESP ESP Algorithm 3DES-CBC 3DES-CBC Key The secret key from A to B The secret key from B to A Mode Transport Transport Security parameter index A unique identifier generated by the creator of the SA, used to distinguish among the SAs of the IPsec protocol terminating at the same destination node.
Security Association Database for Node B Direction Outbound Inbound SPI 1001 1000 Destination Address Node A POP server B IPsec Protocol ESP ESP Algorithm 3DES-CBC 3DES-CBC Key The secret key from B to A The secret key from A to B Mode Transport Transport
❑ IPSec can work in one of two modes: ➢ Transport mode, in which the payload of the message is protected ➢ Tunnel mode, in which the payload and the routing and header information are protected. IPSec (Internet Protocol Security)
Internet Protocol (IP) Review IP header: IP header Data IP datagram is of form 19
20 Fields of the IP Packet ❑ Version: the version number of the protocol. Version = 4 for IPv4. ❑ Header length: the length of the header in 4 byte words. Header length = 5 if options are not used. ❑ Service type: 3 bits of precedence (rarely used) 4 bits QoS representing delay, throughput, reliability, and Jitter. ❑ Total length: length in bytes of the header plus data. Maximum size is 65,535 bytes. ❑ Identification, flags, fragment offset: used for fragmentation and reassembly (offset in 8 byte chunks) ❑ Time to live (TTL): Originally seconds, now usually hop count. Source sets it (often 30 used). Each router must decrement by at least 1, when 0 packet discarded.
21 Protocol Field Values ❑ Protocol = 1, ICMP, Internet Control Message Protocol ❑ Protocol = 6, TCP ❑ Protocol = 17, UDP ❑ Protocol = 4, IP in IP encapsulation ❑ Protocol = 8, EGP, Exterior Gateway Protocol ❑ Protocol = 9, IGRP, Interior Gateway Routing Protocol ❑ Protocol =89, OSPF, Open Shortest Path First Routing P. ❑ Protocol = 50, ESP, Encapsulating Security Payload ❑ Protocol = 51, AH, Authentication Header • ………………..more protocols

Recommended

IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptxMamoonKhan40
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .pptNamanRockzz
 
Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
ESP.ppt
ESP.pptESP.ppt
ESP.pptShineStar21
 

Recommended

IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptxMamoonKhan40
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .pptNamanRockzz
 
Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
ESP.ppt
ESP.pptESP.ppt
ESP.pptShineStar21
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Unit 6
Unit 6Unit 6
Unit 6KRAMANJANEYULU1
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docxhanneloremccaffery
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdfgeorgejustymirobi1
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicsGopal Karthik
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP securityChaitanya Tata, PMP
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityJyoshna Cec Cse Staf bejjam
 
CNS UNIT-VI.pptx
CNS UNIT-VI.pptxCNS UNIT-VI.pptx
CNS UNIT-VI.pptxnandan543979
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture designssuser87fa0c1
 

More Related Content

Similar to Lecture14..pdf

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docxhanneloremccaffery
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 

Similar to Lecture14..pdf (20)

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Unit 6
Unit 6Unit 6
Unit 6
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Ip security
Ip security Ip security
Ip security
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
Ip security
Ip security Ip security
Ip security
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Ipsec
IpsecIpsec
Ipsec
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
CNS UNIT-VI.pptx
CNS UNIT-VI.pptxCNS UNIT-VI.pptx
CNS UNIT-VI.pptx
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
IP Security
IP SecurityIP Security
IP Security
 

Recently uploaded

Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture designssuser87fa0c1
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 

Recently uploaded (20)

Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture design
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 

Lecture14..pdf

  • 1. Network Security Course Spring 2022 Lecture 14 Department of Computer Engineering Dr Shubat Owhida 1
  • 2. slide 2 Network Security All defense mechanisms must work correctly and securely Cryptographic primitives Protocols and policies Implementations RSA, DES, AES, SHA-1… TLS, IPsec, access control… Firewalls, intrusion detection… End uses Password managers, company policies…
  • 3. ❑ VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. Virtual Private Network (VPN) ❑ A tunnel is a virtual path across a network that delivers packets that are encapsulated and possibly encrypted.
  • 4. Internet Security Protocols ❑ Security provides at Network layer with IPSec. ❑ Security provides at Transport layer with Secure Socket Layer. NIC ❑ Security Provided at application layer with Pretty Good Privacy for email security Application Transport Network link Physical SSL OS User IPSec PGP ✓ IPSec used in VPN applications (secure tunnel)
  • 5. ❑ IPSec a set of protocol and algorithm used to secure IP data and network layer. ❑ IPSec implemented by the network for all applications ❑ IPSec inbuild in IPv6 and compatible with IPv4. ❑ IPSec provides cryptographic security services that allow for authentication, integrity, access control, and confidentiality. ❑ IPSec is completely transparent to the applications (no need to have any knowledge of IPSec to be able to use it). ❑ IPSec is employed to establish virtual private networks (VPNs) among networks across the Internet. IPSec Implemented on end hosts and gateways. IPSec (Internet Protocol Security)
  • 6. ❑ IPSec provides Authentication services (verify the source of IP packet) by using Digital Signature or Pre-Shared keys. ❑ IPSec prevent replay of old IP packets (also called as "man-in-the-middle attacks"). ❑ IPSec protect integrity of IP packets by using Hashing algorithms. ❑ IPSec provides Data Confidentiality to Data by Encrypting). Goals of IPSec
  • 7. 7 Components of IPSec 1. Internet Key Exchange (IKE) Protocol: Internet Key Exchange is used to establish Security Association (SA) between two communicating IPSec devices. 2. Encapsulating Security Payload (ESP): IPSec uses ESP to provide Data Integrity, Encryption, Authentication, and Anti-Replay functions for IPSec VPN. ▪ Cisco IPSec implementations uses DES, 3DES and AES for Data encryption. 3. Authentication Header (AH): IPSec uses AH to provide Data Integrity, Authentication, and Anti-Replay functions for IPSec VPN. ▪ Authentication Header: It is the authenticating protocol does not provide any Data Encryption.
  • 8. A Security Association (SA) database ❑ A Security Association (SA) is one of the most important concepts in IPSec, defined in RFC 1825. A Security Associations represents a specification of the security services offered to traffic carried through a unidirectional channel from one node to another. A SA are one way, a minimum of two SAs are required for a single IPSec connection. ❑ A Security Associations can offer either the AH or the ESP service, but not both. Two security associations are necessary to provide both types of services simultaneously. A total of four SAs are required for bi-directional traffic using both AH and ESP.
  • 9. A Security Association (SA) database cont. ❑ Keying information for IPsec security services is maintained in security association databases (SADBs). SAs contain parameters including: ▪ Authentication algorithm and algorithm mode ▪ Encryption algorithm and algorithm mode ▪ Key(s) used with the authentication/encryption algorithm(s) ▪ Lifetime of the key ▪ Lifetime of the SA ▪ Source Address(es) of the SA ▪ Sensitivity level (ie Secret or Unclassified)
  • 10. The Security Policy Database (SPD) ❑ The Security Policy Database contains a set of rules that determines whether a packet is subject to IPsec processing and governs the processing details. The SPD contains destination IP address, source IP address, UserID, Data Sensitivity Level, transport layer protocol, source and destination port. Each entry in the SPD represents a policy that defines how the set of traffic will be processing. Any inbound or outbound packet is processed in one of three ways: discard, perform IPsec processing, or bypass IPsec processing
  • 11. ❑ An organization maintains LANs at dispersed locations ❑ Non secure IP traffic is conducted on each LAN. ❑ IPSec protocols are used ❑ These protocols operate in networking devices that connect each LAN to the outside world. (router, firewall ) ❑ The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN Scenario of IPSec usage
  • 13. SAD and SPD Example ❑ Consider this example: It’s required to protect the Post Office Protocol v3 (POP3) traffic between a mail client node A and a mail server node B. The traffic exchanged between node A and node B need be encrypted. In order to apply IPsec to the traffic between the nodes, the SPD and the SAD on both node A and node B need to be set. Two SP entries for the bi-directional exchange between A and B. The SP entries on node A are described by the entries listed in the following Table
  • 14. Direction Outbound Inbound Source Address Node A POP server B Destination Address POP server B Node A Upper Layer Protocol TCP TCP Upper Layer Source Port Any Port POP3 Upper Layer Destination Port POP3 Any IPsec Protocol ESP ESP Mode Transport Transport Security Policy Database for Node A
  • 15. Security Policy Database for Node B Direction Outbound Inbound Source Address POP server B Node A Destination Address Node A POP server B Upper Layer Protocol TCP TCP Upper Layer Source Port POP3 Any Upper Layer Destination Port Any Port POP3 IPsec Protocol ESP ESP Mode Transport Transport
  • 16. Security Association Database for Node A Direction Outbound Inbound SPI 1000 1001 Destination Address POP server B Node A IPsec Protocol ESP ESP Algorithm 3DES-CBC 3DES-CBC Key The secret key from A to B The secret key from B to A Mode Transport Transport Security parameter index A unique identifier generated by the creator of the SA, used to distinguish among the SAs of the IPsec protocol terminating at the same destination node.
  • 17. Security Association Database for Node B Direction Outbound Inbound SPI 1001 1000 Destination Address Node A POP server B IPsec Protocol ESP ESP Algorithm 3DES-CBC 3DES-CBC Key The secret key from B to A The secret key from A to B Mode Transport Transport
  • 18. ❑ IPSec can work in one of two modes: ➢ Transport mode, in which the payload of the message is protected ➢ Tunnel mode, in which the payload and the routing and header information are protected. IPSec (Internet Protocol Security)
  • 19. Internet Protocol (IP) Review IP header: IP header Data IP datagram is of form 19
  • 20. 20 Fields of the IP Packet ❑ Version: the version number of the protocol. Version = 4 for IPv4. ❑ Header length: the length of the header in 4 byte words. Header length = 5 if options are not used. ❑ Service type: 3 bits of precedence (rarely used) 4 bits QoS representing delay, throughput, reliability, and Jitter. ❑ Total length: length in bytes of the header plus data. Maximum size is 65,535 bytes. ❑ Identification, flags, fragment offset: used for fragmentation and reassembly (offset in 8 byte chunks) ❑ Time to live (TTL): Originally seconds, now usually hop count. Source sets it (often 30 used). Each router must decrement by at least 1, when 0 packet discarded.
  • 21. 21 Protocol Field Values ❑ Protocol = 1, ICMP, Internet Control Message Protocol ❑ Protocol = 6, TCP ❑ Protocol = 17, UDP ❑ Protocol = 4, IP in IP encapsulation ❑ Protocol = 8, EGP, Exterior Gateway Protocol ❑ Protocol = 9, IGRP, Interior Gateway Routing Protocol ❑ Protocol =89, OSPF, Open Shortest Path First Routing P. ❑ Protocol = 50, ESP, Encapsulating Security Payload ❑ Protocol = 51, AH, Authentication Header • ………………..more protocols