Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
IPSec.
Internet Security CSCE 813 IPsec
Sri Lanka Institute of Information Technology
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Chapter 5 Network Security Protocols in Practice Part I
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography, Authentication and Digital Signatures
CSCE 715: Network Systems Security
SMUCSE 5349/49 IP Sec. SMUCSE 5349/7349 Basics Network-level: all IP datagrams covered Mandatory for next-generation IP (v6), optional for current-generation.
Karlstad University IP security Ge Zhang
Prepared by Dr. Samia Chelloug Princess Nora Bint Abdulrahman University College of computer and information sciences Networks.
Network Security David Lazăr.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Prepared by Dr. Samia Chelloug
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Chapter 5 Network Security Protocols in Practice Part I
IPSecurity.
CSE 4905 IPsec.
Cryptographic Hash Function
IPSec IPSec is communication security provided at the network layer.
NET 311 Information Security
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Virtual Private Networks (VPNs)
NET 536 Network Security Lecture 5: IPSec and VPN
Prepared by Dr. Samia Chelloug
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Chapter 3 - Public-Key Cryptography & Authentication
CSE 5/7349 – February 15th 2006 IPSec.
Presentation transcript:

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug

Content 1.Basics of computer and network security. 2.Impact of network architecture on network security. 3.Basics of network design. 4.Firewalls and virtual private networks. 5.Internet and wireless network security. 6.Impact of operating systems models on network security. 7.How to secure an application?

References 1.Bahrouz A.Forouzan, ‘Data Commnications and Networking’, Fourth Edition, William Stallings, ‘Cryptography and Network Security: Principles and practice’, Fifth edition, Eric Cole, Ronald L.Kruz, James W.Conley, ‘Network Security Fundamentales’, Wiley 2007.

Authentication check principles:  Hash function takes variable length input data and produces fixed length output data.  SHA-1 (secure hash algorithm) generates 160 bit hash value.  MD5 (message digit 5) generates 128 bit hash value.

Authentication check principles:  The digest that created by a hash function is called a Modification Detection Code (MDC).  The MDC guarantees that the message hasn’t been altered.  In message authentication, we need to know that the message is coming from trusted source ( e.g. Alice not Eve)  Thus, Message Authentication Code (MAC) is used for this purpose.

Message authentication code(MAC) :  Message authentication is achieved using a message authentication code (MAC), also known as a keyed hash function.  MACs are used between two parties that share a secret key to authenticate information exchanged between those parties.  A MAC function takes as input a secret key and a data block and produces a hash value, referred to as the MAC.

* ICV= Integrity Check Value

IPSec  Some types of messages may need more security; others may need less. Also, exchanges with certain devices may require different processing than others.  To manage all of this complexity, IPSec is equipped with a flexible, powerful way of specifying how different types of datagrams should be handled.

IPSec  Security policies and the security policy database (SPD)  A security policy is a rule that is programmed into the IPSec implementation. It tells the implementation how to process different datagrams received by the device.  For example, security policies decide if a particular packet needs to be processed by IPSec or not.  If security is required, the security policy provides general guidelines for how it should be provided. Security policies for a device are stored in the device’s SPD.

IPSec  Security associations(Sas) and the security association database (SAD):  For each inbound packet, IPSec looks up the inbound SA in the SAD based on the SPI and then decryptes the packet.  Actions applied to packets:  Bypass: allows the transmission of a packet.  Discard: blocks a packet.  Protect:

IPSec

Anti-replay mechanism  Each IPSec header contains a unique and an increasing sequence number.  When a security association is created, the sequence number is initialized to 0.  The sequence number is 32 bits long.  The receive window can be any size greater than 32 but 64 is recommended.  The received packets must be new and must fall either inside the window or at the right. Otherwise, they are dropped.

Anti-replay mechanism  If a received packet has a sequence number which is:  -to the left of the current window, the receiver rejects the packet.  -inside the current window, the receiver accepts the packet.  -to the right of the current window, the receiver accepts the packet and advances the window.

Anti-replay mechanism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.