1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Internet Protocol Security (IP Sec)

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

VPN IPSEC & SSL technology Security and management point of view Lakbabi, A. Lab. Math., Inf. et Applic., Univ. Mohammed V-Agdal, Rabat, Morocco Orhanou,

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

IPSec Access control Connectionless integrity

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

Internet Protocol Security (IPSec)

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Security Data Transmission and Authentication

1 © 2002, Cisco Systems, Inc. All rights reserved. Protocol /IPSec Securing Routing/Signaling Protocols w/ IPSec David Ward

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Secure connections.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

CCSDS IPsec Compatibility Testing 10/28/2013 OKECHUKWU MEZU CHARLES SHEEHE CCSDS GRC POC.

IP Security: Security Across the Protocol Stack

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

TCP/IP Protocols Contains Five Layers

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

1 CCSDS Security Working Group Fall 2010 Meeting October 2010 British Standards Institute London, UK Howard Weiss NASA/JPL.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Karlstad University IP security Ge Zhang

Application Layer Security Mike Pajevski (NASA/JPL) April 2009.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS

1 Network Layer Security: Status Update Howie Weiss (NASA/JPL/Parsons) Bordeaux, France April 2013.

Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

CCSDS Security Working Group Application Layer Security Discussion Mike Pajevski NASA/JPL October 2008.

Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1 CCSDS Security Working Group Spring 2011 Meeting May 2011 Deutsches Institut für Normung (DIN) Berlin, Germany Howard Weiss NASA/JPL.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Network Layer Security Network Systems Security Mort Anvari.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Security Data Transmission and Authentication Lesson 9.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer 1.

CSCI 465 Data Communications and Networks Lecture 26

Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) May 2010.

Application Layer Security Mike Pajevski (NASA/JPL) April 2009

Internet and Intranet Fundamentals

Internet Security CS457 Seminar Zhao Cheng

Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS

תרגול 11 – אבטחה ברמת ה-IP – IPsec

Security Protocols in the Internet

Presentation transcript:

1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010

2 Agenda IPSec Profile for CCSDS

3 What is Network Layer Security? SCPS-NPIP Space Link Subnet: CCSDS Data Link SCPS-SP Other Apps IPSec UDPTCP SCPS-FP TCPOptionsTCPOptions FTP FTPFeaturesFTPFeatures Space extensions to the Socket Interface Common Network- Layer Interface SCPS-TP “TCP Tranquility” options The CCSDS protocol suite supports either “native” or “space enhanced” Internet services, at the discretion of the Project organization Space-optimized IP variant Space-optimized IPSec variant Space extensions to FTP

4 IPSec: one protocol, many options Tunnel mode vs. transport mode Default cipher suite (encryption + auth + mode) – Authenticated encryption? – Null encryption (authentication-only)? » ESP w/null encrypt or AH? – What would be allowed? Anti-replay option Keying and rekeying – Pre-placed keys? – IKE auto rekey » Automatic when keys expire – regardless of mission state? » Rekey “now” button?

5 Approach: Issues to be resolved Define transport vs. tunnel mode – Eliminate the one not to be used Define default cipher suite(s) Authenticated Encryption or Encryption w/o auth allowed? ESP-only? AH-only? Authentication-only w/o encryption allowed? Keying and rekeying questions – Automated vs. manual

6 Summary Look at the IPSec options: – Determine what needs to be kept – Determine what can be eliminated Determine ciphers Determine keying strategy