Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
IP Security: Security Across the Protocol Stack
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.
IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.
CSCE 715: Network Systems Security
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
TCP/IP Protocols Contains Five Layers
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
IPSec IPSec is communication security provided at the network layer.
תרגול 11 – אבטחה ברמת ה-IP – IPsec
Security Protocols in the Internet
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Presentation transcript:

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004

Computer Science and Engineering Contents  Security in Networks (Cont.)  Group Work  Khalid’s presentation  Ben’s presentation

Computer Science and Engineering Wired Backbone with Mobile nodes Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host

Computer Science and Engineering Mobile IP (Cont.) Arbitrary Topology of Routers and Links Home Agent Mobile Host at Home Foreign Agent Mobile Host visiting A foreign subnet Home subnet Foreign subnet

Computer Science and Engineering Wireless Multi-hop Backbone Mobile Host

Computer Science and Engineering Hybrid backbone Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host Wireless Multi-hop Backbone Mobile Host Hybrid Backbone Mobile Host

Computer Science and Engineering Encryption  Link Encryption  End-to-End Encryption BNTSME

Computer Science and Engineering Link Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

Computer Science and Engineering End-to-End Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

Computer Science and Engineering IP Security Protocol (IPSec)  With IPv6, IETF addresses security requirements  Defines a standard for handling encrypted data  Implemented at the IP layer  Supports authentication and confidentiality  Allows communicating parties to agree on a mutually supported set of protocols  Security Association -- set of parameters for a secured communication channel

Computer Science and Engineering Security Association A security association includes:  encryption algorithm and mode – e.g. DES  encryption key  encryption parameters – e.g. initialization vector  authentication protocol and key  lifespan of the association  address of opposite end of association  sensitivity level of protected data – used for classified data

Computer Science and Engineering IPSec (cont.)  Security Parameter Index (SPI) – data element, a pointer into a table of security associations  Authentication Header (AH) – immediately follows IP header (authentication for IP traffic)  Encapsulated Security Payload (ESP) – replaces (includes) the conventional TCP header and data portion of packet (encryption for IP data)

Computer Science and Engineering TCP/IP Conventional Packets Physical Header IP Header TCP Header Data Physical Trailer

Computer Science and Engineering TCP/IP Conventional Packets IP Header AH

Computer Science and Engineering Authentication Header Next Header SEQUENCE NUMBER Payload Length Security Parameters Index (SPI) Authentication Data Reserved

Computer Science and Engineering IPSec Packets ESP (includes TCP header and Data)

Computer Science and Engineering Encapsulated Security Packet Next Header SEQUENCE NUMBER Payload DATA Padding Length Padding Security Parameters Index (SPI) Authentication Data authenticated encrypted

Computer Science and Engineering Key Management  Internet Security Association Key management Protocol (ISAKMP) – distinct key be generated for each security association  ISAKMP Key Exchange (IKE)  Setup of secure communication – authentication of peers, exchange of keys, creation of security association

Computer Science and Engineering Group Work (firewalls, pages ) 5 groups Read, discuss, and report  G1  packet filtering  G2  stateful inspection  G3  application proxies  G4  guards  G5  personal firewall

Computer Science and Engineering Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.