An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Secure Mobile IP Communication

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Security at the Network Layer: IPSec

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Guide to Network Defense and Countermeasures Second Edition

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

K. Salah1 Security Protocols in the Internet IPSec.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Advanced Unix 25 Oct 2005 An Introduction to IPsec.

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec  IPsec (IP security)  Security for transmission over IP networks The InternetThe Internet Internal corporate IP networksInternal corporate IP.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Encryption and Network Security

Chapter 18 IP Security  IP Security (IPSec)

Internet and Intranet Fundamentals

UNIT.4 IP Security.

Security Protocols in the Internet

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Chapter 6 IP Security.

Presentation transcript:

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010

Learning Objectives Understand why we need encryption. Identify and explain the three types of security assurance. Describe the purposes of the Internet Protocol Security (IPsec) and it’s related sub-protocols. Describe the difference between transport and tunnel IPsec modes.

Why do we need encryption? The Internet is inherently insecure. The entire global network is based upon millions of hosts, switches, firewalls, routers, and the transport media used to connect these nodes—all of which are owned, operated and used by a countless number of people/organizations.

Why do we need encryption? Without relying on a recognized authority in charge of developing security specifications and standards, there would be no way to secure the information of such a wide-spread, public network. Furthermore, IP packets, as originally designed in the TCP/IP protocols, have no built-in security mechanism.

Modern Security Standards Development Internet Engineering Task Force (IETF) develops TCP/IP and Internet protocol standards Composed of volunteer professionals sponsored by both corporations and governments Created in 1986 Focus is on building consensus for specifications, backward compatibility and running code * *

Types of Security Assurances Integrity assurance – ensures information has not been altered during transport. Authentication assurance – ensures information is coming from the true source. Confidentiality assurance – ensures the information has not been read by others who were not intended to view the information.

Internet Protocol Security (IPsec) IPsec is security protocol developed by the IETF IPsec defines how packets are made secure from node to node It has been implemented on Windows, Apple, Linux, Unix and other platforms It is application-independent.

Internet Protocol Security (IPsec) Hybrid TCP/IP-OSI Architecture Application Layer (Layer 5) TCP/IP Transport (Layer 4) TCP/IP Internet (Layer 3) Data Link (Layer 2) Physical Layer (Layer 1) IPsec Standards

Internet Protocol Security (IPsec) IPsec is implemented using a number of sub-protocols with special responsibilities: Internet Key Exchange Security Association Authentication Header Encapsulating Security Payload

Internet Key Exchange (IKE) The Internet Key Exchange (IKE) service is called upon to handle the key exchange between two nodes and allows for the initial handshake. IKE supports three types of authentication methods: pre-shared keys, public key encryption, and digital signatures (to be discussed later)

Security Association (SA) Once an initial connection is created using IKE, the Security Policy Database on each node is used to determine the agreed upon rules for encrypting packets during the lifetime of the communication. These rules are collectively called Security Associations. * IPv6 Security by Scott CCIE No Hogg; Eric Vyncke

Authentication Header (AH) Through the use of algorithms, AH provides authentication and integrity assurances: Did the packet come from the true source it claims to be from? Have the packet contents been modified? It may be used separately or in combination with ESP. AH guards against replay attack – an attacker takes a copy of a packet and later resends the packet to the intended destination node.

Encapsulating Security Payload (ESP) ESP is used to provide authentication, integrity and confidentiality assurances by encrypting the payload of the packet. It can be used separately or in conjunction with AH services.

Transport Mode Transport mode requires configuration and a digital certificate and is used between two hosts. Only the payload is encrypted/authenticated. Used for host to host communications. Expensive management on each host computer.

Tunnel Mode Tunnel mode implements IPsec between two IPsec- configured routers. The entire packet can be encrypted, authenticated and is encapsulated within a new packet and new IP header to make sure the original IP packet is unchanged. Tunnel mode is used to create Virtual Private Networks (VPN).

Illustration of Tunneling and VPN

Review Questions Why is IPsec needed? What are the three types of security assurances? How does an encrypted IP packet differ from one without encryption? What layer of the TCP/IP-OSI model does IPsec fall under? What are the major differences between transport and tunnel IPsec modes?