Uploaded byShineStar21
PPT, PDF501 views

ESP.ppt

ESP provides encryption, authentication, and integrity for IP packets. It operates on a per-packet basis (ESP header and trailer encapsulate the payload) and supports transport and tunnel modes. The ESP packet fields include the SPI, sequence number, payload, padding, pad length, and ICV. ESP packet processing at the sender involves lookup SA, encryption, authentication, and sequencing. At the receiver, it involves verification of decryption, authentication and sequencing. ESP aims to provide data origin authentication, confidentiality, and traffic flow confidentiality with anti-replay detection.

Embed presentation

Download to read offline
ENCAPSULATING SECURITY PAYLOAD Submitted to PROF. ANUPAMA S Assistant Professor Dept of E&C, SJCE CRYPTOGRAPHY AND NETWORK SECURITY EC743 1. Ajay M 2.P Sudarshan Yadav 3.Rishitha R Gowda 4.Surya Ms 01JST19EC005 01JST19EC057 01JST19EC070 01JST19EC089 Presented by
OUTLINE  Introduction  ESP Overview  ESP Packet Format  ESP Fields  ESP Modes  ESP packet processing  Why ESP?  Security Considerations  ESP Performance Impacts  Conclusion
INTRODUCTION • Internet Protocol Security (IPsec): A security function implemented at the IP level of the protocol stack. • Security Association (SA): is used to track a given communication session. It defines the information about the traffic security protocol, the authentication algorithm, and the encryption algorithm to be used. Also, it gives the information on data flow, lifetime of the SA and sequence numbering to guard against replay attacks.
ESP OVERVIEW • ESP protocol is used in an IPsec transmitted over IP. • ESP is identified by protocol number 50. • ESP provides optional services to provide the protection for anything such as authentication, encryption, and integrity check for IP datagrams. It operates on a per-packet basis. Encryption scrambles the data packet to prevent unauthorized people from reading the message. Authentication verifies that the source address was not forged. Anti replay mechanism ensures the packet was not tampered while in route to its destination.
ESP PACKET FORMAT There is an ESP header, an ESP trailer, and ESP authentication data. The payload is located (encapsulated) between the header and the trailer, which gives the protocol its name.
PACKET FIELDS The ESP packet contains the following fields:  Security Parameters Index (32 bits): Identifies a security association.  Sequence Number (32 bits): A monotonically increasing counter value; this provides an anti-replay function, as discussed for AH.  Payload Data (variable): This is a transport-level segment (transport mode) or IP packet (tunnel mode) that is protected by encryption.  Padding (0–255 bytes): The purpose of this field is to add bits to fill block size.  Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field.  Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying the first header in that payload.  Integrity Check Value (variable): A variable-length field (must be an integral number of 32-bit words) that contains the Integrity Check Value computed over the ESP packet minus the Authentication Data field.
ESP MODES • Transport Mode Here the ESP header is inserted immediately after the IP header. The ESP trailer and the optional authentication data are appended to the payload. In transport mode, ESP neither authenticates nor encrypts the IP header. But this mode has a low computational overhead.
ESP MODES • Tunnel Mode Here, a new IP packet is made with a new IP header. ESP/Transport is then applied and the original datagram is the payload for the new packet. If authentication and encryption have been initiated, the packet is protected. However, the new IP header is not protected.
ESP PACKET PROCESSING Sender Processes: 1. Look up SA 2. Packet encryption and authentication data 3. Generate sequence number  Encapsulate the original next layer protocol information or the entire original IP datagram  Add necessary padding  Encrypt the result using the key and encryption algorithm mode specified in SA  Compute the authenticate data over the ESP packet using hash functions.
ESP PACKET PROCESSING • Receiver Processes: 1. Determines the appropriate SA 2. Verify sequence number 3. Verify the decryption and authentication  Decrypts and integrity check the ESP payload data, padding, pad length, and next header using the key, algorithm, algorithm mode indicated by SA  If the check fail, discard the packet and log the SPI value, date/time received, source address, destination address, the sequence number.  Extract the original IP datagram or transport-layer frame from the ESP Payload Data field.
WHY ESP?  Data origin authentication is a security service that verifies the identity of the claimed source of data  Confidentiality is the security service that protects data from unauthorized parties.  The disclosure of external characteristics of communication, also known as the traffic-flow confidentiality that is support by concealing source and destination addresses, message length, or frequency of communication.  Anti-replay detects arrival of duplicate IP datagram (using sliding receive window). It is supported by the sequence number which is an unsigned 32-bit field contains a monotonically increasing counter value in ESP header
SECURITY CONSIDERATIONS The quality of the security provides by this ESP mechanism depends on The strength of the implemented cryptographic algorithms The strength of the key being used The correct implementation of the cryptographic algorithms The security of the key management protocol The correct implementation of IP Several security mechanisms in all of the participating systems. The ESP protocol is described as a security service focuses only on the IP layer not solves the security of the entire system.
PERFORMANCE IMPACTS The encapsulating security approach used by ESP can noticeably impact network performance in participating systems 1. Protocol processing in participating systems will be more complex when encapsulating security is used, requiring both more time and more processing power. 2. Use of encryption will also increase the communications latency. The increased latency is primarily due to the encryption and decryption required for each IP datagram containing an Encapsulating Security Payload
CONCLUSION • Encapsulating Security Payload covers packet format and general issues for packet encryption. It offers the security service at the IP layer. Hence, it could be used in the conjunction with other security mechanisms in designing robust distributed systems.
ESP.ppt

More Related Content

PPTX
IPSec and VPN
byAbdullaziz Tagawy
 
PDF
IP Security
byAmbo University
 
PPTX
Internet Key Exchange Protocol
byPrateek Singh Bapna
 
PPTX
Transport Layer Security
byHuda Seyam
 
PPTX
TCP/IP 3-way Handshake
byAlok Tripathi
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
PPT
Network security and protocols
byOnline
 
PPTX
Secure communication
byTushar Swami
 
IPSec and VPN
byAbdullaziz Tagawy
 
IP Security
byAmbo University
 
Internet Key Exchange Protocol
byPrateek Singh Bapna
 
Transport Layer Security
byHuda Seyam
 
TCP/IP 3-way Handshake
byAlok Tripathi
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
Network security and protocols
byOnline
 
Secure communication
byTushar Swami
 

What's hot

PPTX
Encapsulating security payload in Cryptography and Network Security
byKoushil Mankali
 
PPT
Network Security and Cryptography
byAdam Reagan
 
PPT
block ciphers
byAsad Ali
 
PPT
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
PPTX
IP security
byshraddha mane
 
PPT
Block Cipher and its Design Principles
bySHUBHA CHATURVEDI
 
PPTX
Web Security
byDipika Bambhaniya
 
PDF
Introduction to Cryptography
bySeema Goel
 
PPT
Secure Socket Layer
byNaveen Kumar
 
DOCX
What is AES? Advanced Encryption Standards
byFaisal Shahzad Khan
 
PDF
AES-Advanced Encryption Standard
byPrince Rachit
 
PPTX
RSA Algorithm
bySrinadh Muvva
 
PPTX
Public Key Cryptosystem
byDevakumar Kp
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PPTX
Symmetric Encryption Techniques
byDr. Kapil Gupta
 
PPTX
Cryptography
byJens Patel
 
PPTX
SSL
byBadrul Alam bulon
 
PPTX
Osi security architecture in network.pptx
byVinzoCenzo
 
PPTX
Transposition Cipher
bydaniyalqureshi712
 
PPTX
Introduction to cryptography and types of ciphers
byAswathi Nair
 
Encapsulating security payload in Cryptography and Network Security
byKoushil Mankali
 
Network Security and Cryptography
byAdam Reagan
 
block ciphers
byAsad Ali
 
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
IP security
byshraddha mane
 
Block Cipher and its Design Principles
bySHUBHA CHATURVEDI
 
Web Security
byDipika Bambhaniya
 
Introduction to Cryptography
bySeema Goel
 
Secure Socket Layer
byNaveen Kumar
 
What is AES? Advanced Encryption Standards
byFaisal Shahzad Khan
 
AES-Advanced Encryption Standard
byPrince Rachit
 
RSA Algorithm
bySrinadh Muvva
 
Public Key Cryptosystem
byDevakumar Kp
 
Public Key Cryptography
byGopal Sakarkar
 
Symmetric Encryption Techniques
byDr. Kapil Gupta
 
Cryptography
byJens Patel
 
SSL
byBadrul Alam bulon
 
Osi security architecture in network.pptx
byVinzoCenzo
 
Transposition Cipher
bydaniyalqureshi712
 
Introduction to cryptography and types of ciphers
byAswathi Nair
 

Similar to ESP.ppt

PPTX
IP Security
byKeshab Nath
 
PDF
IP Security
byDr.Florence Dayana
 
PPTX
Unit 6
byKRAMANJANEYULU1
 
PPT
Ipsec
byBaidyanath Dutta
 
PDF
Network IP Security.pdf
bygeorgejustymirobi1
 
PPTX
IP SEC.ptx
byMamoonKhan40
 
PPTX
IP Security, IP Security Policy ESP Prot
byDr.Manjunath Kotari
 
PPTX
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
byPragyanshuParadkar1
 
PPT
IS Unit-4 .ppt
byNamanRockzz
 
PPTX
Cryptography and network security
byPriyadharshiniVS
 
PPTX
ip security
byChirag Patel
 
PPTX
Ipsec 2
bySourabh Badve
 
PPT
Chapter No 19 - Network and Security-by-MIT
byKamranHussainAwan
 
PPTX
Ipsecurity
byChinmay Patel
 
PPTX
Cyber forensics
byGopal Karthik
 
PPT
Ip Sec
byRam Dutt Shukla
 
PPT
Ip Sec Rev1
byRam Dutt Shukla
 
PPT
Ip Sec
byRam Dutt Shukla
 
DOCX
[removed]Cryptography and Network Security Principles a.docx
byhanneloremccaffery
 
PPTX
ahmed hossam EltokhyEltokhyEltokhy2.pptx
byFutureTechnologies3
 
IP Security
byKeshab Nath
 
IP Security
byDr.Florence Dayana
 
Unit 6
byKRAMANJANEYULU1
 
Ipsec
byBaidyanath Dutta
 
Network IP Security.pdf
bygeorgejustymirobi1
 
IP SEC.ptx
byMamoonKhan40
 
IP Security, IP Security Policy ESP Prot
byDr.Manjunath Kotari
 
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
byPragyanshuParadkar1
 
IS Unit-4 .ppt
byNamanRockzz
 
Cryptography and network security
byPriyadharshiniVS
 
ip security
byChirag Patel
 
Ipsec 2
bySourabh Badve
 
Chapter No 19 - Network and Security-by-MIT
byKamranHussainAwan
 
Ipsecurity
byChinmay Patel
 
Cyber forensics
byGopal Karthik
 
Ip Sec
byRam Dutt Shukla
 
Ip Sec Rev1
byRam Dutt Shukla
 
Ip Sec
byRam Dutt Shukla
 
[removed]Cryptography and Network Security Principles a.docx
byhanneloremccaffery
 
ahmed hossam EltokhyEltokhyEltokhy2.pptx
byFutureTechnologies3
 

Recently uploaded

PPTX
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
PDF
Arithmetic for computers and its types..
bysuganyapownaiya
 
PPTX
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
PPTX
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
PPT
Introduction to ARTIFICIAL INTELLIGENCES
byKAVITHAA49
 
PPT
Steam generation , types of steam, boilers and their classifications, mountin...
byPrashantPatunkar1
 
PPTX
Basics of internal combustio nengines, vapor compression cycle
byPrashantPatunkar1
 
PPTX
Chapter4- Continuous-Time Markov Models- Stpchastoc Processes- Dr. Zahedi.pptx
byzahedicourse
 
PPTX
pH-Responsive Polymers: Synthesis, Properties, and Biomedical Applications
byBURAKALPERENKARABULU
 
PPTX
narrow-band-dfr-presentation-megger.pptx
byssuser52ed331
 
PPTX
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
PDF
Dimensional Analysis and modelling similitude
by360degrees1
 
PDF
Module 3 Python progr1BPLCK105B-By Dr.SV.pdf
bySURESHA V
 
PDF
Bme manufacturing process module 3 .4648
bysatyabsp44
 
PDF
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
PPTX
Lecture 2_Introduction to engineering design.pptx
bylynxvill3
 
PPTX
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
PPTX
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
PDF
Unconventional reservoirs in petroleum engineering
byMuhammadHaris61480
 
PPT
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
Arithmetic for computers and its types..
bysuganyapownaiya
 
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
Introduction to ARTIFICIAL INTELLIGENCES
byKAVITHAA49
 
Steam generation , types of steam, boilers and their classifications, mountin...
byPrashantPatunkar1
 
Basics of internal combustio nengines, vapor compression cycle
byPrashantPatunkar1
 
Chapter4- Continuous-Time Markov Models- Stpchastoc Processes- Dr. Zahedi.pptx
byzahedicourse
 
pH-Responsive Polymers: Synthesis, Properties, and Biomedical Applications
byBURAKALPERENKARABULU
 
narrow-band-dfr-presentation-megger.pptx
byssuser52ed331
 
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
Dimensional Analysis and modelling similitude
by360degrees1
 
Module 3 Python progr1BPLCK105B-By Dr.SV.pdf
bySURESHA V
 
Bme manufacturing process module 3 .4648
bysatyabsp44
 
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
Lecture 2_Introduction to engineering design.pptx
bylynxvill3
 
Introduction to Physical Metallurgy II.pptx
byOcheriCyril2
 
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
Unconventional reservoirs in petroleum engineering
byMuhammadHaris61480
 
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 

ESP.ppt

  • 1.
    ENCAPSULATING SECURITY PAYLOAD Submittedto PROF. ANUPAMA S Assistant Professor Dept of E&C, SJCE CRYPTOGRAPHY AND NETWORK SECURITY EC743 1. Ajay M 2.P Sudarshan Yadav 3.Rishitha R Gowda 4.Surya Ms 01JST19EC005 01JST19EC057 01JST19EC070 01JST19EC089 Presented by
  • 2.
    OUTLINE  Introduction  ESPOverview  ESP Packet Format  ESP Fields  ESP Modes  ESP packet processing  Why ESP?  Security Considerations  ESP Performance Impacts  Conclusion
  • 3.
    INTRODUCTION • Internet ProtocolSecurity (IPsec): A security function implemented at the IP level of the protocol stack. • Security Association (SA): is used to track a given communication session. It defines the information about the traffic security protocol, the authentication algorithm, and the encryption algorithm to be used. Also, it gives the information on data flow, lifetime of the SA and sequence numbering to guard against replay attacks.
  • 4.
    ESP OVERVIEW • ESPprotocol is used in an IPsec transmitted over IP. • ESP is identified by protocol number 50. • ESP provides optional services to provide the protection for anything such as authentication, encryption, and integrity check for IP datagrams. It operates on a per-packet basis. Encryption scrambles the data packet to prevent unauthorized people from reading the message. Authentication verifies that the source address was not forged. Anti replay mechanism ensures the packet was not tampered while in route to its destination.
  • 5.
    ESP PACKET FORMAT Thereis an ESP header, an ESP trailer, and ESP authentication data. The payload is located (encapsulated) between the header and the trailer, which gives the protocol its name.
  • 6.
    PACKET FIELDS The ESPpacket contains the following fields:  Security Parameters Index (32 bits): Identifies a security association.  Sequence Number (32 bits): A monotonically increasing counter value; this provides an anti-replay function, as discussed for AH.  Payload Data (variable): This is a transport-level segment (transport mode) or IP packet (tunnel mode) that is protected by encryption.  Padding (0–255 bytes): The purpose of this field is to add bits to fill block size.  Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field.  Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying the first header in that payload.  Integrity Check Value (variable): A variable-length field (must be an integral number of 32-bit words) that contains the Integrity Check Value computed over the ESP packet minus the Authentication Data field.
  • 7.
    ESP MODES • TransportMode Here the ESP header is inserted immediately after the IP header. The ESP trailer and the optional authentication data are appended to the payload. In transport mode, ESP neither authenticates nor encrypts the IP header. But this mode has a low computational overhead.
  • 8.
    ESP MODES • TunnelMode Here, a new IP packet is made with a new IP header. ESP/Transport is then applied and the original datagram is the payload for the new packet. If authentication and encryption have been initiated, the packet is protected. However, the new IP header is not protected.
  • 9.
    ESP PACKET PROCESSING SenderProcesses: 1. Look up SA 2. Packet encryption and authentication data 3. Generate sequence number  Encapsulate the original next layer protocol information or the entire original IP datagram  Add necessary padding  Encrypt the result using the key and encryption algorithm mode specified in SA  Compute the authenticate data over the ESP packet using hash functions.
  • 10.
    ESP PACKET PROCESSING •Receiver Processes: 1. Determines the appropriate SA 2. Verify sequence number 3. Verify the decryption and authentication  Decrypts and integrity check the ESP payload data, padding, pad length, and next header using the key, algorithm, algorithm mode indicated by SA  If the check fail, discard the packet and log the SPI value, date/time received, source address, destination address, the sequence number.  Extract the original IP datagram or transport-layer frame from the ESP Payload Data field.
  • 11.
    WHY ESP?  Dataorigin authentication is a security service that verifies the identity of the claimed source of data  Confidentiality is the security service that protects data from unauthorized parties.  The disclosure of external characteristics of communication, also known as the traffic-flow confidentiality that is support by concealing source and destination addresses, message length, or frequency of communication.  Anti-replay detects arrival of duplicate IP datagram (using sliding receive window). It is supported by the sequence number which is an unsigned 32-bit field contains a monotonically increasing counter value in ESP header
  • 12.
    SECURITY CONSIDERATIONS The qualityof the security provides by this ESP mechanism depends on The strength of the implemented cryptographic algorithms The strength of the key being used The correct implementation of the cryptographic algorithms The security of the key management protocol The correct implementation of IP Several security mechanisms in all of the participating systems. The ESP protocol is described as a security service focuses only on the IP layer not solves the security of the entire system.
  • 13.
    PERFORMANCE IMPACTS The encapsulatingsecurity approach used by ESP can noticeably impact network performance in participating systems 1. Protocol processing in participating systems will be more complex when encapsulating security is used, requiring both more time and more processing power. 2. Use of encryption will also increase the communications latency. The increased latency is primarily due to the encryption and decryption required for each IP datagram containing an Encapsulating Security Payload
  • 14.
    CONCLUSION • Encapsulating SecurityPayload covers packet format and general issues for packet encryption. It offers the security service at the IP layer. Hence, it could be used in the conjunction with other security mechanisms in designing robust distributed systems.