UNIT.4 IP Security.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
CN8814: Network Security1 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) TLS (SSL-VPN)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Cryptography CSS 329 Lecture 13:SSL.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
Executive Director and Endowed Chair
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPSec Detailed Description and VPN
CSE 4905 IPsec.
Cryptography and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
BINF 711 Amr El Mougy Sherif Ismail
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Public-Key Cryptography
Cryptography and Network Security
Cryptography and Network Security Chapter 16
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Virtual Private Networks (VPN)
Cryptography and Network Security
Virtual Private Networks (VPNs)
SSL (Secure Socket Layer)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Security at the Transport Layer: SSL and TLS
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

UNIT.4 IP Security

OBJECTIVES: To introduce the idea of Internet security at the network layer and the IPSec protocol that implements that idea in two modes: transport and tunnel. To discuss various protocols in IPSec, AH and ESP, and explain the security services each provide. Key Management protocol (ISAKMP, Oakley determination) To introduce security association and its implementation in IPSec. To introduce virtual private networks (VPN) as an application of IPSec in the tunnel mode.

Chapter Outline 1 Network Layer Security

1. NETWORK LAYER SECURITY In 1995, Internet Engineering Task Force (IETF) designed IP Security (IPSec). It is a collection of protocols to provide security for a packet at the network level. IPSec helps create authenticated and confidential packets by offering Integrity protection for the IP layer.

Topics Discussed in the Section Two Modes Four Security Protocols Services Provided by IPSec Security Association Internet Key Exchange (IKE) Virtual Private Network (VPN)

Concept of Transport Mode Figure .1 IPSec in transport mode

IPSec in transport mode does not protect the IP header; Note IPSec in transport mode does not protect the IP header; it only protects the information coming from the transport layer.

Figure .2 Transport mode in Action Host-to-Host (end-to-end) encryption

Concept Of Tunnel Mode Logical encrypted /imaginary tunnel

Implementation Of Tunnel Mode

Figure .3 IPSec in tunnel mode Protect the original packet & IP header

Tunnel Figure .4 Tunnel-mode in action Router to Router Router to Host Host to Router

IPSec in tunnel mode protects the original IP header. Note IPSec in tunnel mode protects the original IP header.

Figure.5 Transport mode versus tunnel mode

Contains MD/Hash/Checksum for content of packet. Note The AH protocol provides source authentication and data integrity , anti-replay service but not privacy Contains MD/Hash/Checksum for content of packet.

Figure.6 Authentication Header (AH) protocol

ESP provides source authentication, data integrity, and privacy. Note ESP provides source authentication, data integrity, and privacy.

Figure .7 Encapsulating Security Payload (ESP) for Encryption

IPSEC Services:-

Secure Connectivity Over Internet -> VPN IPSEC Applications Secure Connectivity Over Internet -> VPN Secure Remote Access Over Internet -> Company N/W Extranet & Intranet Connectivity -> Other Organization Enhanced E-Commerce Security -> Applications

The Internet Key Exchange(IKE)

IKE creates SAs for IPSec. Note IKE creates SAs for IPSec.

Security Association(SA)

Figure.8 Simple SA

Figure.9 SAD (Security Association DB)

Figure.10 SPD (Security Policy DB ) which determines how a message are to handle also the security services needed & path the packet should take.

Figure.11 Outbound processing

Figure.12 Inbound processing

Figure.13 IKE components

Figure.14 Virtual private network

2-TRANSPORT LAYER SECURITY Secure Sockets Layer (SSL) protocol Web Browser & Server(i.e:- web security) Authentication & Confidentiality Netscape Corporation in 1994 Version 2,3,3.1 Transport Layer Security (TLS) protocol version 1. IETF Standardization initiative.

OBJECTIVES (continued): To introduce the idea of Internet security at the transport layer. The SSL protocol encrypt only application level data To show how SSL creates six cryptographic secrets to be used by the client and the server. To discuss four protocols used in SSL and how they are related to each other.

Topics Discussed in the Section SSL Architecture Four Protocols

Performs Encryption Adds SSL Header(SH) Figure 30.15 Location of SSL and TSL in the Internet mode Performs Encryption Adds SSL Header(SH)

Figure 30.19 Four SSL protocols

Handshake Protocol Type (1byte) Length (3byte) Content (1 or more Byte) Message Type Parameters Hello request None Client hello Version, Random number, Session id, Cipher suite, Compression method Server hello Certificate Chain of X.509V3 certificates Server key exchange Parameters, signature Certificate request Type, authorities Server hello done Certificate verify Signature Client key exchange Finished Hash value

Figure 30.20 Handshake protocol

SSL Handshake – Phase 1 Step 1: Client hello Step 2: Server hello Fig Web Browser Web Server Step 1: Client hello Step 2: Server hello Fig

Note After Phase I, the client and server know the version of SSL, the cryptographic algorithms, the compression method, and the two random numbers for key generation & Session id.

SSL Handshake – Phase 2 Step 1: Certificate Web Browser Web Server Step 2: Server key exchange Step 3: Certificate request Step 4: Server hello done

key of the server if required. Note After Phase II, the server is authenticated to the client, and the client knows the public key of the server if required.

SSL Handshake – Phase 3 Step 1: Certificate Web Browser Web Server Step 2: Client key exchange Step 3: Certificate request

Note After Phase III, The client is authenticated for the serve, and both the client and the server know the pre-master secret.

Figure.16 Calculation of maser key generation from pre-master secret

Figure .17 Calculation of the key materials(symmetric key) generation M

Figure .18 Extraction of cryptographic secrets from key materials

SSL Handshake – Phase 4 1. Change cipher specs Web Browser Web Server Step 3: Change cipher specs Step 4: Finished 1. Change cipher specs 2. Finished

SSL Handshake Phase 1 Phase 2 Phase 3 Phase 4 Client Server SSL Time Client Hello SSL Server Hello Certificate Server Key Exchange Certificate Request Server Hello done Client Key Exchange Certificate Verify Change Cipher Spec Finished Time Phase 1 Phase 2 Phase 3 Phase 4 Finished

SSL Record Protocol It transfer application & SSL information. Confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol message is compressed before encryption Integrity using a MAC with shared secret key

Figure .21 Processing done by the record protocol 2^14 bytes

Append Header Content Type:-Handshake, alert, change chiper. Major Version:-if 3.1 field contain 3 Minor Version:-if 3.0 field contain 0 Compressed Length:-Specifies the length in bytes(Original or Compressed if done)

SSL Alert Protocol conveys SSL-related alerts to peer entity Severity (1 byte) Type of error Warning:-1 Fatal:-2 Cause (2 byte) Actual Error Fatal Alert unexpected message , bad record mac(MAC), decompression failure, handshake failure, illegal parameter. Non-Fatal Alert no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown, close notify.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.