SlideShare a Scribd company logo

ch06.ppt

Download as PPT, PDF
S
ssuserec53e73

ipsec

Education
1 of 31
Henric Johnson 1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
Henric Johnson 2 Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management
Henric Johnson 3 TCP/IP Example
Henric Johnson 4 IPv4 Header
Henric Johnson 5 IPv6 Header
Henric Johnson 6 IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
Henric Johnson 7 IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security
Henric Johnson 8 IP Security Scenario
Henric Johnson 9 IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged
Henric Johnson 10 IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities
Henric Johnson 11 IPSec Document Overview
Henric Johnson 12 IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity
Henric Johnson 13 Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier
Henric Johnson 14 Transport Mode SA Tunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extesion header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
Henric Johnson 15 Before applying AH
Henric Johnson 16 Transport Mode (AH Authentication)
Henric Johnson 17 Tunnel Mode (AH Authentication)
Henric Johnson 18 Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks.
Henric Johnson 19 End-to-end versus End-to- Intermediate Authentication
Henric Johnson 20 Encapsulating Security Payload • ESP provides confidentiality services
Henric Johnson 21 Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96
Henric Johnson 22 ESP Encryption and Authentication
Henric Johnson 23 ESP Encryption and Authentication
Henric Johnson 24 Combinations of Security Associations
Henric Johnson 25 Combinations of Security Associations
Henric Johnson 26 Combinations of Security Associations
Henric Johnson 27 Combinations of Security Associations
Henric Johnson 28 Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP)
Henric Johnson 29 Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption
Henric Johnson 30 ISAKMP
Henric Johnson 31 Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6jaymehta971
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6jaymehta971
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptxssuserbab2f4
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdfgeorgejustymirobi1
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
Unit 5
Unit 5Unit 5
Unit 5Vinod Kumar Gorrepati
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
I psec
I psecI psec
I psecahmad1986jor
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .pptNamanRockzz
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-enMomita Chowdhury
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
I psec
I psecI psec
I psecnlekh
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docxhanneloremccaffery
 
Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonssuserec53e73
 

More Related Content

Similar to ch06.ppt

Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
I psec
I psecI psec
I psecnlekh
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docxhanneloremccaffery
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 

Similar to ch06.ppt (20)

IP Security
IP SecurityIP Security
IP Security
 
Ip security
Ip security Ip security
Ip security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
Ip security
Ip security Ip security
Ip security
 
IP Security
IP SecurityIP Security
IP Security
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Unit 5
Unit 5Unit 5
Unit 5
 
IP Security
IP SecurityIP Security
IP Security
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
I psec
I psecI psec
I psec
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .ppt
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
 
I psec
I psecI psec
I psec
 
[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx[removed]Cryptography and Network Security Principles a.docx
[removed]Cryptography and Network Security Principles a.docx
 
Ip sec
Ip secIp sec
Ip sec
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 

More from ssuserec53e73

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonssuserec53e73
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityssuserec53e73
 
Hash functions, digital signatures and hmac
Hash functions, digital signatures and hmacHash functions, digital signatures and hmac
Hash functions, digital signatures and hmacssuserec53e73
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxssuserec53e73
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxssuserec53e73
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.pptssuserec53e73
 
IoT Reference Architecture.pptx
IoT Reference Architecture.pptxIoT Reference Architecture.pptx
IoT Reference Architecture.pptxssuserec53e73
 
Introduction to measurement.pptx
Introduction to measurement.pptxIntroduction to measurement.pptx
Introduction to measurement.pptxssuserec53e73
 
ML-DecisionTrees.ppt
ML-DecisionTrees.pptML-DecisionTrees.ppt
ML-DecisionTrees.pptssuserec53e73
 

More from ssuserec53e73 (20)

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using python
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber security
 
Hash functions, digital signatures and hmac
Hash functions, digital signatures and hmacHash functions, digital signatures and hmac
Hash functions, digital signatures and hmac
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptx
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptx
 
unit-1-l3.ppt
unit-1-l3.pptunit-1-l3.ppt
unit-1-l3.ppt
 
AI.ppt
AI.pptAI.ppt
AI.ppt
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt
 
Dr Jose Reena K.pdf
Dr Jose Reena K.pdfDr Jose Reena K.pdf
Dr Jose Reena K.pdf
 
Enumeration.pptx
Enumeration.pptxEnumeration.pptx
Enumeration.pptx
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPT
 
UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
 
Unit 1 iot.pptx
Unit 1 iot.pptxUnit 1 iot.pptx
Unit 1 iot.pptx
 
IoT Reference Architecture.pptx
IoT Reference Architecture.pptxIoT Reference Architecture.pptx
IoT Reference Architecture.pptx
 
patent ppt.pptx
patent ppt.pptxpatent ppt.pptx
patent ppt.pptx
 
Introduction to measurement.pptx
Introduction to measurement.pptxIntroduction to measurement.pptx
Introduction to measurement.pptx
 
ML-DecisionTrees.ppt
ML-DecisionTrees.pptML-DecisionTrees.ppt
ML-DecisionTrees.ppt
 
ML_Lecture_7.ppt
ML_Lecture_7.pptML_Lecture_7.ppt
ML_Lecture_7.ppt
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 

ch06.ppt

  • 1. Henric Johnson 1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
  • 2. Henric Johnson 2 Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management
  • 6. Henric Johnson 6 IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.
  • 7. Henric Johnson 7 IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security
  • 8. Henric Johnson 8 IP Security Scenario
  • 9. Henric Johnson 9 IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged
  • 10. Henric Johnson 10 IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities
  • 11. Henric Johnson 11 IPSec Document Overview
  • 12. Henric Johnson 12 IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity
  • 13. Henric Johnson 13 Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier
  • 14. Henric Johnson 14 Transport Mode SA Tunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extesion header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet.
  • 16. Henric Johnson 16 Transport Mode (AH Authentication)
  • 17. Henric Johnson 17 Tunnel Mode (AH Authentication)
  • 18. Henric Johnson 18 Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks.
  • 19. Henric Johnson 19 End-to-end versus End-to- Intermediate Authentication
  • 20. Henric Johnson 20 Encapsulating Security Payload • ESP provides confidentiality services
  • 21. Henric Johnson 21 Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96
  • 22. Henric Johnson 22 ESP Encryption and Authentication
  • 23. Henric Johnson 23 ESP Encryption and Authentication
  • 24. Henric Johnson 24 Combinations of Security Associations
  • 25. Henric Johnson 25 Combinations of Security Associations
  • 26. Henric Johnson 26 Combinations of Security Associations
  • 27. Henric Johnson 27 Combinations of Security Associations
  • 28. Henric Johnson 28 Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP)
  • 29. Henric Johnson 29 Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption
  • 31. Henric Johnson 31 Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994