Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Encrypting Wireless Data with VPN Techniques

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Module 5: Configuring Access for Remote Clients and Networks.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Ariel Eizenberg PPP Security Features Ariel Eizenberg

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Remote Networking Architectures

Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.

Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.

NetComm Wireless VPN Functionality Feature Spotlight.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Strong Password Protocols

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

SSH Secure Login Connections over the Internet

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Mobile and Wireless Communication Security By Jason Gratto.

Secure Socket Layer (SSL)

Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Point-to-Point Tunneling Protocol [PPTP] Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN.

11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Module 5: Configuring Access for Remote Clients and Networks.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Karlstad University IP security Ge Zhang

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

CIST/ETRI/ISIT/KDDI/Kyusyu Univ./NICT Joint Research Workshop on Ubiquitous Network Security 2005 Verifier-Based Password-Authenticated Key Exchange Jeong.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

Virtual Private Network(VPN) Presented By Aparna Chilukuri.

Potential vulnerabilities of IPsec-based VPN

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Internet Key Exchange IKE ● RFC 2409 ● Services – Constructs shared authenticated keys – Establishes shared security parameters – Common SAs between IPSec.

PPP Configuration.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Cryptography CSS 329 Lecture 13:SSL.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Virtual Private Networks and IPSec

Microsoft Windows NT 4.0 Authentication Protocols

Virtual Private Networks

Chapter 18 IP Security  IP Security (IPSec)

SECURING NETWORK TRAFFIC WITH IPSEC

PPP – Point to Point Protocol

IPSec VPN Chapter 13 of Malik.

– Chapter 3 – Device Security (B)

The University of Adelaide, School of Computer Science

COEN 351 Authentication.

Virtual Private Networks (VPN)

Presentation transcript:

Prepared by They Yu Shu Lee Ern Yu

 Motivation  Previous Work  Remaining Issues  Improvement

 Current security schemes for iSCSI:  IPsec  File System Based Encryption (NTFS, EXT3 and etc.)  CHAP, Kerberos, SRP  Current security schemes doesn ’ t worked well on mobile devices.  Limited processing power and resources  Frequently changes of IP address  May not support IPsec or file system that provide data protection mechanism

 Embedded a light-weight encryption scheme using Dragon Encryption algorithm and HMAC- SHA256 into iSCSI layer  Data transfer between initiator and target are secured.

 Phase 1 Authentication and Key Exchange?  Dragon is a symmetric key encryption algorithm  The default authentication scheme (CHAP) does not secure enough

1. After the Link Establishment phase is complete, the authenticator sends a “challenge” message to the peer. 2. The peer responds with a value calculated using a “one-way hash” function. 3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated. 4. At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1 to 3. AuthenticatorPeer Challenge Respond Accept or Reject

CodeIdentifierLength Data … Figure 1: A captured CHAP Challenge packet Figure 2: A captured CHAP response packet

 Information we gathered so far  Username  Server name  Client and server IP  The ID used to compute response  Challenge and associated response  Try dictionary Attack

 Requirement in RFC 1994:-  The client MUST answer any challenge it receives Challenge Response Accept Challenge Response Accept

 Propose to use EC-SRP (Elliptic Curve Cryptography - Secure Remote Password) in the In-Band Initiator-Target Authentication phase.

 A password authentication and key exchange protocol.  SRP (Secure Remote Password) is already used for iSCSI Authentication  EC-SRP is SRP implementation using ECC (Elliptic Curve Cryptography)  EC-SRP need lesser amount of processing power.

 Further enhance the research paper “A Lightweight Virtual Storage Security Scheme for Mobile Devices”  Propose to use EC-SRP (Elliptic Curve Cryptography - Secure Remote Password) in the In-Band Initiator-Target Authentication phase.  Comparison between various type of Secure Remote Password (SRP) with EC-SRP

 Bruce Schneier and Mudge. Cryptoanalysis of Microsoft’s Point-to- Point Tunneling Protocol (PPTP).  An implementation of the attack described in this paper.  J. Satran, K. Meth, C. Sapuntzakis, M. Chadalapaka, E. Zeidner.: Internet Small Computer Systems Interface (iSCSI), Request For Comments 3720, April  A. Menezes and S.A. Vanstone. Elliptic curve cryptosystems and their implementations. Journal of Cryptology, 6(4):209{224,  D. Jablon. Extended password methods immune to dictionary attack. In WETICE '97 Enterprise Security Workshop, Cambridge, MA, June 1997.