1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.

Slides:



Advertisements
Similar presentations
IPSec.
Advertisements

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Andreas Steffen, , 13-VPN.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
GVCID parameter for Encapsulation - V2 - Oct2009 Encapsulation Service: Specifying the channel in the underlying Space Data Link Protocol Version 2/3 (Last.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
IPSec Access control Connectionless integrity
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
The OSI Reference Model Key concepts: Layers Communications between two adjacent layers Encapsulation Multiplexing and demultiplexing Tunneling.
Secure connections.
IP Security: Security Across the Protocol Stack
Introduction to Packet Accelerator (PA). 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer.
1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010.
IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010.
TCP/IP Protocols Contains Five Layers
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
IPSec (IP Security) Tahir Hussain Tanmay Shah. outline introduction IPSec protocols scenarios conclusion.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
March 7, 2008Security Proposal 1 CCSDS Link Security Proposal Ed Greenberg Greg Kazz Howard Weiss March 7, 2008.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Introduction to IPv6 ECE4110. Problems with IPv4 32-bit addresses give about 4,000,000 addresses IPv4 Addresses WILL run out at some point – Some predicted.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS
1 Network Layer Security: Status Update Howie Weiss (NASA/JPL/Parsons) Bordeaux, France April 2013.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter Objectives After completing this chapter you will be able to: Define RFC 1483 Describe logical link control (LLC) encapsulation Describe VC multiplexing.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
CSCI 465 Data Communications and Networks Lecture 26
IPSec Detailed Description and VPN
IPSecurity.
CSE 4905 IPsec.
Encryption and Network Security
Bruno Saba DCT/TV/IN 26/04/2010
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS
Security WG: Report of the Fall 2013 Meeting
IPSec IPSec is communication security provided at the network layer.
Slides have been taken from:
תרגול 11 – אבטחה ברמת ה-IP – IPsec
Security Protocols in the Internet
Virtual Private Networks (VPNs)
Virtual Private Networks (VPNs)
Presentation transcript:

1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013

2 Agenda CCSDS Network Layer Security – Action item SecWG0413:3 from Bordeaux meeting to investigate how/if IPsec can be run over non-IP protocols » E.g., a la DTN run over a convergence layer directly on top of another network layer protocol

3 ESP w/AES-GCM IPv4 Header 20 bytes ESP AES128 Encrypted Payload 140 bytes ESP SPI 4 bytes ESP Seq # 4 bytes ESP IV 8 bytes IPv4 Header 20 bytes ICMP (8 bytes hdr + 80 bytes data) 88 bytes Pad varies per RFC in this example 2 bytes Pad Len 1 byte Next Hdr 1 byte Authentication Data varies: 8, 12,or 16 bytes 12 bytes ESP (IP protocol 50) total length 160 bytes Encrypted (128 bytes) ESP Authenticated (140 bytes) ESP HeaderESP AuthESP Trailer

4 ESP over non-IP Network Layer ESP in tunnel mode is an encapsulation protocol – It carries whatever payload its given Old study of IPsec over SCPS-NP (SCPS Network Protocol) showed that ESP over NP was not a problem – NP was similar to IP and could ‘look’ like IP but was not IP CCSDS B-1 (IP over CCSDS Links): uses encapsulation to carry IP and its payload (which could very well be IPsec) over CCSDS space data link protocols such as TM, TC, AOS, and Prox-1 – CCSDS encapsulation packets – CCSDS encapsulation service over AOS, TM, TC Virtual Channel Packet (VCP) service, TC Multiplexer Access Point Packet (MAPP) Service, or Prox-1.

5 Summary Yes – IPSec could be run over non-IP protocols if there was a reason to do so – Modifications needed to the underlying protocol to understand & recognize ESP – Protocol number assignment needed to ESP over XX protocol – “Simple” solution to use IP over CCSDS encapsulation