Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 22 Internet Security Protocols and Standards
Cryptography and Network Security
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security Sorina Persa Group 3250 Group 3250.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Lecture 10 Page 1 CS 136, Fall 2014 Network Security, Continued Computer Security Peter Reiher November 13, 2014.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
IP Security: Security Across the Protocol Stack
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Lecture 11 Page 1 CS 136, Spring 2009 Network Security CS 136 Computer Security Peter Reiher May 7, 2009.
Lecture 11 Page 1 CS 136, Fall 2012 Network Security, Continued CS 136 Computer Security Peter Reiher November 6, 2012.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
Network Layer Security Network Systems Security Mort Anvari.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
Lecture 12 Page 1 CS 136, Fall 2011 Network Security, Continued CS 136 Computer Security Peter Reiher November 1, 2011.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
IPSecurity.
Network Security Mechanisms
CSE 4905 IPsec.
Encryption and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
IT443 – Network Security Administration Instructor: Bo Sheng
Firewall Configuration and Administration
Virtual Private Networks (VPNs)
Outline Using cryptography in networks IPSec SSL and TLS.
Virtual Private Networks (VPNs)
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols discussed previously Can be applied at different places in the network stack With different effects and costs

Lecture 10 Page 2 CS 236 Online Link Level Encryption SourceDestination plaintext Let’s say we want to send a message using encryption ciphertext plaintextciphertext plaintextciphertext plaintextciphertext plaintext Different keys (maybe even different ciphers) used at each hop

Lecture 10 Page 3 CS 236 Online End-to-End Encryption SourceDestination plaintextciphertext plaintext Cryptography only at the end points Only the end points see the plaintext Normal way network cryptography done When would link encryption be better?

Lecture 10 Page 4 CS 236 Online Where Are the Endpoints, Anyway? If you do end-to-end encryption, where are the endpoints? The network layer end points? The transport layer end points? The application layer end points? Maybe not even end machine to end machine (e.g., VPNs)? Has serious implications for where you do cryptography –And keying and trust issues

Lecture 10 Page 5 CS 236 Online IPsec Standard for applying cryptography at the network layer of IP stack Provides various options for encrypting and authenticating packets –On end-to-end basis –Without concern for transport layer (or higher)

Lecture 10 Page 6 CS 236 Online What IPsec Covers Message integrity Message authentication Message confidentiality

Lecture 10 Page 7 CS 236 Online What Isn’t Covered Non-repudiation Digital signatures Key distribution Traffic analysis Handling of security associations Some of these covered in related standards

Lecture 10 Page 8 CS 236 Online Some Important Terms for IPsec Security Association - “ A Security Association (SA) is a simplex ‘connection’ that affords security services to the traffic carried by it.” –Basically, a secure one-way channel SPI (Security Parameters Index) – Combined with destination IP address and IPsec protocol type, uniquely identifies an SA

Lecture 10 Page 9 CS 236 Online General Structure of IPsec Really designed for end-to-end encryption –Though could do link level Designed to operate with either IPv4 or IPv6 Meant to operate with a variety of different ciphers And to be neutral to key distribution methods Has sub-protocols –E.g., Encapsulating Security Payload

Lecture 10 Page 10 CS 236 Online Encapsulating Security Payload (ESP) Protocol Encrypt the data and place it within the ESP The ESP has normal IP headers Can be used to encrypt just the payload of the packet Or the entire IP packet

Lecture 10 Page 11 CS 236 Online ESP Modes Transport mode –Encrypt just the transport-level data in the original packet –No IP headers encrypted Tunnel mode –Original IP datagram is encrypted and placed in ESP –Unencrypted headers wrapped around ESP

Lecture 10 Page 12 CS 236 Online ESP in Transport Mode Extract the transport-layer frame –E.g., TCP, UDP, etc. Encapsulate it in an ESP Encrypt it The encrypted data is now the last payload of a cleartext IP datagram

Lecture 10 Page 13 CS 236 Online ESP Transport Mode Original IP header ESP Hdr Normal Packet Payload ESP Trlr ESP Auth Encrypted Authenticated

Lecture 10 Page 14 CS 236 Online Using ESP in Tunnel Mode Encrypt the IP datagram –The entire datagram Encapsulate it in a cleartext IP datagram Routers not understanding IPsec can still handle it Receiver reverses the process

Lecture 10 Page 15 CS 236 Online ESP Tunnel Mode New IP hdr ESP Hdr Original Packet Payload ESP Trlr ESP Auth Orig. IP hdr Encrypted Authenticated

Lecture 10 Page 16 CS 236 Online Uses and Implications of Tunnel Mode Typically used when there are security gateways between sender and receiver –And/or sender and receiver don’t speak IPsec Outer header shows security gateway identities –Not identities of real parties Can thus be used to hide some traffic patterns

Lecture 10 Page 17 CS 236 Online What IPsec Requires Protocol standards –To allow messages to move securely between nodes Supporting mechanisms at hosts running IPsec –E.g., a Security Association Database Lots of plug-in stuff to do the cryptographic heavy lifting

Lecture 10 Page 18 CS 236 Online The Protocol Components Pretty simple Necessary to interoperate with non-IPsec equipment So everything important is inside an individual IP packet’s payload No inter-message components to protocol –Though some security modes enforce inter-message invariants at endpoints

Lecture 10 Page 19 CS 236 Online The Supporting Mechanisms Methods of defining security associations Databases for keeping track of what’s going on with other IPsec nodes –To know what processing to apply to outgoing packets –To know what processing to apply to incoming packets

Lecture 10 Page 20 CS 236 Online Plug-In Mechanisms Designed for high degree of generality So easy to plug in: –Different crypto algorithms –Different hashing/signature schemes –Different key management mechanisms

Lecture 10 Page 21 CS 236 Online Status of IPsec Accepted Internet standard Widely implemented and used –Supported in Windows 2000, XP, Vista, Windows 7, Windows 8 –In Linux 2.6 (and later) kernel The architecture doesn’t require everyone to use it RFC 3602 on using AES in IPsec still listed as “proposed” AES will become default for ESP in IPsec

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.