SlideShare a Scribd company logo

Chapter 6

Download as PPT, PDF
J
jaymehta971

IPSec provides a framework for securing IP communications through encryption and authentication. It allows pairs of communicating entities to choose appropriate security algorithms. IPSec can secure branch office connectivity, remote access, extranets, and e-commerce. It authenticates packets and protects against replays. Security associations define the security parameters between sender and receiver. Authentication Header provides integrity and authentication of packets while Encapsulating Security Payload provides confidentiality through encryption. Key management protocols like Oakley and ISAKMP handle automated key establishment.

Technology
1 of 31
Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson 1
Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management Henric Johnson 2
TCP/IP Example Henric Johnson 3
IPv4 Header Henric Johnson 4
IPv6 Header Henric Johnson 5
IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Henric Johnson 6
IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security Henric Johnson 7
IP Security Scenario Henric Johnson 8
IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged Henric Johnson 9
IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities Henric Johnson 10
IPSec Document Overview Henric Johnson 11
IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity Henric Johnson 12
Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier Henric Johnson 13
Transport Mode Tunnel Mode SA SA Authenticates IP payload Authenticates entire AH and selected portions of inner IP packet plus IP header and IPv6 selected portions of extension headers outer IP header Encrypts IP payload and Encrypts inner IP ESP any IPv6 extesion header packet Encrypts IP payload and Encrypts inner IP ESP with any IPv6 extesion packet. Authenticates authentication header. Authenticates IP inner IP packet. payload but no IP header Henric Johnson 14
Before applying AH Henric Johnson 15
Transport Mode (AH Authentication) Henric Johnson 16
Tunnel Mode (AH Authentication) Henric Johnson 17
Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks. Henric Johnson 18
End-to-end versus End-to- Intermediate Authentication Henric Johnson 19
Encapsulating Security Payload • ESP provides confidentiality services Henric Johnson 20
Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96 Henric Johnson 21
ESP Encryption and Authentication Henric Johnson 22
ESP Encryption and Authentication Henric Johnson 23
Combinations of Security Associations Henric Johnson 24
Combinations of Security Associations Henric Johnson 25
Combinations of Security Associations Henric Johnson 26
Combinations of Security Associations Henric Johnson 27
Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP) Henric Johnson 28
Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption Henric Johnson 29
ISAKMP Henric Johnson 30
Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994 Henric Johnson 31

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6
shivz3
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
AhmadRahmanian1
 
IPsec
IPsecIPsec
IPsec
abdullah roomi
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Network
shubham ghimire
 
Ip security
Ip security Ip security
Ip security
Dr.K.Sreenivas Rao
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
PRADEEPJ30
 

Recommended

Chapter 6
Chapter 6Chapter 6
Chapter 6
shivz3
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
AhmadRahmanian1
 
IPsec
IPsecIPsec
IPsec
abdullah roomi
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Network
shubham ghimire
 
Ip security
Ip security Ip security
Ip security
Dr.K.Sreenivas Rao
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
PRADEEPJ30
 
Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
manav416
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
sharetech
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
Avadhesh Agrawal
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170006
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
Azad Kaki
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
Riazehri
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
Jyoshna Cec Cse Staf bejjam
 
I psec
I psecI psec
I psecnlekh
 
Ip sec
Ip secIp sec
Ip secshifanabasheer
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Mariana Hansen
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
apidays
 
ch06.ppt
ch06.pptch06.ppt
ch06.ppt
ssuserec53e73
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
ssuserec53e73
 

More Related Content

What's hot

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
manav416
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
sharetech
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
Avadhesh Agrawal
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170006
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
Azad Kaki
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
Riazehri
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
Jyoshna Cec Cse Staf bejjam
 
I psec
I psecI psec
I psecnlekh
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Mariana Hansen
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
apidays
 

What's hot (20)

Ipsec
IpsecIpsec
Ipsec
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
 
IP Security
IP SecurityIP Security
IP Security
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Websecurity
Websecurity Websecurity
Websecurity
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Works
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
I psec
I psecI psec
I psec
 
Ip sec
Ip secIp sec
Ip sec
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
Vpn
VpnVpn
Vpn
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
 

Similar to Chapter 6

ch06.ppt
ch06.pptch06.ppt
ch06.ppt
ssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
ssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
DivyaSek
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Aksum Institute of Technology(AIT, @Letsgo)
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
shivz3
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
Dr. Shivashankar
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
ArunKumar Subbiah
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
georgejustymirobi1
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
PriyadharshiniVS
 
ch08 (1).ppt
ch08 (1).pptch08 (1).ppt
ch08 (1).ppt
avenirengineering
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
ssuserbab2f4
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
Momita Chowdhury
 
ch10.ppt
ch10.pptch10.ppt
ch10.ppt
ImXaib
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
shivz3
 

Similar to Chapter 6 (20)

ch06.ppt
ch06.pptch06.ppt
ch06.ppt
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
I psec
I psecI psec
I psec
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
ch08 (1).ppt
ch08 (1).pptch08 (1).ppt
ch08 (1).ppt
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
 
ch10.ppt
ch10.pptch10.ppt
ch10.ppt
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

Chapter 6

  • 1. Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson 1
  • 2. Outline • Internetworking and Internet Protocols (Appendix 6A) • IP Security Overview • IP Security Architecture • Authentication Header • Encapsulating Security Payload • Combinations of Security Associations • Key Management Henric Johnson 2
  • 3. TCP/IP Example Henric Johnson 3
  • 4. IPv4 Header Henric Johnson 4
  • 5. IPv6 Header Henric Johnson 5
  • 6. IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Henric Johnson 6
  • 7. IP Security Overview • Applications of IPSec – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establsihing extranet and intranet connectivity with partners – Enhancing electronic commerce security Henric Johnson 7
  • 8. IP Security Scenario Henric Johnson 8
  • 9. IP Security Overview • Benefits of IPSec – Transparent to applications (below transport layer (TCP, UDP) – Provide security for individual users • IPSec can assure that: – A router or neighbor advertisement comes from an authorized router – A redirect message comes from the router to which the initial packet was sent – A routing update is not forged Henric Johnson 9
  • 10. IP Security Architecture • IPSec documents: – RFC 2401: An overview of security architecture – RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 – RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 – RFC 2408: Specification of key managament capabilities Henric Johnson 10
  • 11. IPSec Document Overview Henric Johnson 11
  • 12. IPSec Services • Access Control • Connectionless integrity • Data origin authentication • Rejection of replayed packets • Confidentiality (encryption) • Limited traffic flow confidentiallity Henric Johnson 12
  • 13. Security Associations (SA) • A one way relationsship between a sender and a receiver. • Identified by three parameters: – Security Parameter Index (SPI) – IP Destination address – Security Protocol Identifier Henric Johnson 13
  • 14. Transport Mode Tunnel Mode SA SA Authenticates IP payload Authenticates entire AH and selected portions of inner IP packet plus IP header and IPv6 selected portions of extension headers outer IP header Encrypts IP payload and Encrypts inner IP ESP any IPv6 extesion header packet Encrypts IP payload and Encrypts inner IP ESP with any IPv6 extesion packet. Authenticates authentication header. Authenticates IP inner IP packet. payload but no IP header Henric Johnson 14
  • 15. Before applying AH Henric Johnson 15
  • 16. Transport Mode (AH Authentication) Henric Johnson 16
  • 17. Tunnel Mode (AH Authentication) Henric Johnson 17
  • 18. Authentication Header • Provides support for data integrity and authentication (MAC code) of IP packets. • Guards against replay attacks. Henric Johnson 18
  • 19. End-to-end versus End-to- Intermediate Authentication Henric Johnson 19
  • 20. Encapsulating Security Payload • ESP provides confidentiality services Henric Johnson 20
  • 21. Encryption and Authentication Algorithms • Encryption: – Three-key triple DES – RC5 – IDEA – Three-key triple IDEA – CAST – Blowfish • Authentication: – HMAC-MD5-96 – HMAC-SHA-1-96 Henric Johnson 21
  • 22. ESP Encryption and Authentication Henric Johnson 22
  • 23. ESP Encryption and Authentication Henric Johnson 23
  • 24. Combinations of Security Associations Henric Johnson 24
  • 25. Combinations of Security Associations Henric Johnson 25
  • 26. Combinations of Security Associations Henric Johnson 26
  • 27. Combinations of Security Associations Henric Johnson 27
  • 28. Key Management • Two types: – Manual – Automated • Oakley Key Determination Protocol • Internet Security Association and Key Management Protocol (ISAKMP) Henric Johnson 28
  • 29. Oakley • Three authentication methods: – Digital signatures – Public-key encryption – Symmetric-key encryption Henric Johnson 29
  • 31. Recommended Reading • Comer, D. Internetworking with TCP/IP, Volume I: Principles, Protocols and Architecture. Prentic Hall, 1995 • Stevens, W. TCP/IP Illustrated, Volume 1: The Protocols. Addison- Wesley, 1994 Henric Johnson 31