SlideShare a Scribd company logo

Chapter 6

Download as PPT, PDF
S
shivz3

IP SECURITY

Engineering
1 of 31
Henric Johnson 1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
Henric Johnson 2 Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management
Henric Johnson 3 TCP/IP Example
Henric Johnson 4 IPv4 Header
Henric Johnson 5 IPv6 Header
Henric Johnson 6 IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
Henric Johnson 7 IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security
Henric Johnson 8 IP Security Scenario
Henric Johnson 9 IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged
Henric Johnson 10 IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities
Henric Johnson 11 IPSec Document Overview
Henric Johnson 12 IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity
Henric Johnson 13 Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier
Henric Johnson 14 Transport Mode SA Tunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extesion header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
Henric Johnson 15 Before applying AH
Henric Johnson 16 Transport Mode (AH Authentication)
Henric Johnson 17 Tunnel Mode (AH Authentication)
Henric Johnson 18 Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks.
Henric Johnson 19 End-to-end versus End-to- Intermediate Authentication
Henric Johnson 20 Encapsulating Security Payload • ESP provides confidentiality services
Henric Johnson 21 Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96
Henric Johnson 22 ESP Encryption and Authentication
Henric Johnson 23 ESP Encryption and Authentication
Henric Johnson 24 Combinations of Security Associations
Henric Johnson 25 Combinations of Security Associations
Henric Johnson 26 Combinations of Security Associations
Henric Johnson 27 Combinations of Security Associations
Henric Johnson 28 Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP)
Henric Johnson 29 Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption
Henric Johnson 30 ISAKMP
Henric Johnson 31 Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6jaymehta971
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IP security
IP securityIP security
IP securityshraddha mane
 

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6jaymehta971
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IP security
IP securityIP security
IP securityshraddha mane
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
ip security
ip securityip security
ip securityChirag Patel
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 

More Related Content

What's hot

IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 

What's hot (19)

IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
IPsec
IPsecIPsec
IPsec
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
 
IP Security
IP SecurityIP Security
IP Security
 
Ip security
Ip security Ip security
Ip security
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ipsec
IpsecIpsec
Ipsec
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1
 
IP Security
IP SecurityIP Security
IP Security
 
ip security
ip securityip security
ip security
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 

Similar to Chapter 6

Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
I psec
I psecI psec
I psecnlekh
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docxhanneloremccaffery
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
1. Application Security Administrator – Keep software / apps safe and secure...
1. Application Security Administrator – Keep software / apps safe and secure...1. Application Security Administrator – Keep software / apps safe and secure...
1. Application Security Administrator – Keep software / apps safe and secure...BalajiKoushikS
 

Similar to Chapter 6 (20)

Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
IP Security
IP SecurityIP Security
IP Security
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Unit 5
Unit 5Unit 5
Unit 5
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
I psec
I psecI psec
I psec
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .ppt
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
 
I psec
I psecI psec
I psec
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx
 
Ip sec
Ip secIp sec
Ip sec
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Websecurity
Websecurity Websecurity
Websecurity
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
1. Application Security Administrator – Keep software / apps safe and secure...
1. Application Security Administrator – Keep software / apps safe and secure...1. Application Security Administrator – Keep software / apps safe and secure...
1. Application Security Administrator – Keep software / apps safe and secure...
 

More from shivz3

Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...shivz3
 
Bi 7 (1)
Bi 7 (1)Bi 7 (1)
Bi 7 (1)shivz3
 
Bi (1)
Bi (1)Bi (1)
Bi (1)shivz3
 
Bi (1) (1)
Bi (1) (1)Bi (1) (1)
Bi (1) (1)shivz3
 
Nw sec
Nw secNw sec
Nw secshivz3
 
Chapter 10
Chapter 10Chapter 10
Chapter 10shivz3
 
Chapter 9
Chapter 9Chapter 9
Chapter 9shivz3
 
Chapter 7
Chapter 7Chapter 7
Chapter 7shivz3
 
Chapter 5
Chapter 5Chapter 5
Chapter 5shivz3
 
Chapter 4
Chapter 4Chapter 4
Chapter 4shivz3
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shivz3
 
Chapter 1
Chapter 1Chapter 1
Chapter 1shivz3
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shivz3
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1shivz3
 

More from shivz3 (19)

Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
 
Bi 7
Bi 7Bi 7
Bi 7
 
Bi 7 (1)
Bi 7 (1)Bi 7 (1)
Bi 7 (1)
 
Bi 5
Bi 5Bi 5
Bi 5
 
Bi 4
Bi 4Bi 4
Bi 4
 
Bi 3
Bi 3Bi 3
Bi 3
 
Bi (1)
Bi (1)Bi (1)
Bi (1)
 
Bi (1) (1)
Bi (1) (1)Bi (1) (1)
Bi (1) (1)
 
Bi 6
Bi 6Bi 6
Bi 6
 
Nw sec
Nw secNw sec
Nw sec
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1
 

Recently uploaded

Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 

Recently uploaded (20)

Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 

Chapter 6

  • 1. Henric Johnson 1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
  • 2. Henric Johnson 2 Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management
  • 6. Henric Johnson 6 IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
  • 7. Henric Johnson 7 IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security
  • 8. Henric Johnson 8 IP Security Scenario
  • 9. Henric Johnson 9 IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged
  • 10. Henric Johnson 10 IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities
  • 11. Henric Johnson 11 IPSec Document Overview
  • 12. Henric Johnson 12 IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity
  • 13. Henric Johnson 13 Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier
  • 14. Henric Johnson 14 Transport Mode SA Tunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extesion header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
  • 16. Henric Johnson 16 Transport Mode (AH Authentication)
  • 17. Henric Johnson 17 Tunnel Mode (AH Authentication)
  • 18. Henric Johnson 18 Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks.
  • 19. Henric Johnson 19 End-to-end versus End-to- Intermediate Authentication
  • 20. Henric Johnson 20 Encapsulating Security Payload • ESP provides confidentiality services
  • 21. Henric Johnson 21 Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96
  • 22. Henric Johnson 22 ESP Encryption and Authentication
  • 23. Henric Johnson 23 ESP Encryption and Authentication
  • 24. Henric Johnson 24 Combinations of Security Associations
  • 25. Henric Johnson 25 Combinations of Security Associations
  • 26. Henric Johnson 26 Combinations of Security Associations
  • 27. Henric Johnson 27 Combinations of Security Associations
  • 28. Henric Johnson 28 Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP)
  • 29. Henric Johnson 29 Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption
  • 31. Henric Johnson 31 Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994