Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Security at the Network Layer: IPSec
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IP Security (IPSec protocol)
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Chapter 6 IP Security 1.
1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew.
IP Security: Security Across the Protocol Stack
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
IPSEC : KEY MANAGEMENT PRESENTATION BY: SNEHA A MITTAL(121427)
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
Chapter 18 IP Security  IP Security (IPSec)
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
Chapter 6 IP Security.
Cryptography and Network Security
Presentation transcript:

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings

Crypto – chapter 16 - noack IP security overview IPSec provides security at the IP layer Varieties AH – Authentication header Transport mode - AH fits after IP header and covers TCP Tunnel mode – New IP header – AH covers original IP and TCP ESP – Encapsulating security payload Transport mode – ESP authenticates and encrypts TCP Tunnel mode – New IP header – ESP authenticates and encrypts original IP and TCP Modes Transport – end-to-end services – not processed by routers Tunnel – intermediate services – processed by routers and firewalls

Crypto – chapter 16 - noack Components SA – Security association Carried inside AH and ESP Contents Security parameters index – identifier and specification IP destination address – can be real user or firewall/router Security protocol identifier – is this AH or ESP AH – Authentication header Standard header components Security parameters index (from SA) Sequence number Authentication data ESP – Encapsulation security payload Essentially like AH

Crypto – chapter 16 - noack ESP capabilities Encryption algorithms Triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish Authentication algorithms 96-bit MAC Must support HMAC-MD5-96 and HMAC-SHA-1-96 Padding As needed to support block structure and conceal actual payload length

Crypto – chapter 16 - noack Transport and tunneling Transport Authenticates/protects TCP layer This means packets and IP headers are seen IP headers and addresses are not protected Tunneling This allows IP tunnels – for example between parts of an organization Allows VPN’s Multiple layers are possible (iterated tunneling) Individual SA applies to only one layer (AH or ESP)

Crypto – chapter 16 - noack Key distribution Oakley key distribution protocol Based on Diffie-Hellman Non-specific – does not specify formats, just exchanges Diffie-Hellman weaknesses No identity information Subject to person-in-the-middle attack Computationally intensive – vulnerable to clogging attack Oakley improvements Uses cookies to thwart clogging Allows group negotiation Uses nonces to prevent replays Enables, but authenticates Diffie-Hellman

Crypto – chapter 16 - noack Oakley details Groups Actually five methods Modular exponentiation with lengths 768, 1024, 1536 Elliptic curve group over 155 or 185-bit fields with generator specified Nonce usage Used to prevent replay attacks Authentication methods Digital signatures Public key encryption Symmetric-key encryption – requires out-of-band key distribution

Crypto – chapter 16 - noack More Oakley Details Recommended cookie Hashes (MD5) source IP and port, destination same, UDP same, locally generated secret Reasoning Fast, specific, contains local secret Groups (confusing term) Modular exponentiation (768,1024,1536) Elliptic curve (155,185) Authentication methods Digital signatures Public-key encryption Symmetric-key encryption

Crypto – chapter 16 - noack ISAKMP ISAKMP = ISA key management protocol Manages security associations in general Format Header with cookies and next payload pointer Subsequent payloads with next payload pointer Payload types Security association Proposal Transform Key exchange Identification Certificate Hash Signature Nonce Notification Delete SA’s

Crypto – chapter 16 - noack ISAKMP exchange types Exchange types Base 4 messages, establishes SA Identity protection Includes identity verification, 6 messages Authentication only Authentication – agrees on basic SA, 3 messages Aggressive 3 messages – no identity protection Informational 1 message – just SA management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.