1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

IPSec.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 29 Internet Security
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
K. Salah1 Security Protocols in the Internet IPSec.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
IPSec Detailed Description and VPN
IPSecurity.
CSE 4905 IPsec.
Chapter 18 IP Security  IP Security (IPSec)
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
Virtual Private Networks (VPNs)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
NET 536 Network Security Lecture 5: IPSec and VPN
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Virtual Private Networks (VPNs)
Lecture 36.
Lecture 36.
Presentation transcript:

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition

2 IP Level Security - IPSec IP Security (IPSec) is a collection of protocols designed by the IETF to provide security for a packet at the IP level. Provides a framework and a mechanism. Leaves the selection of the encryption, authentication, and hashing methods to the user.

3 IPSec – Security Association IPSec requires a logical connection between two hosts using a signaling protocol, called Security Association (SA). Needs the connectionless IP protocol changed to a connection-oriented protocol. An SA connection is a simplex (unidirectional) connection between a source and destination. Two SA connections are required for a duplex connection.

4 IPSec – Security Association An SA connection is defined by:  A 32-bit security parameter index (SPI), which acts as a virtual circuit identifier in connection- oriented protocols such as Frame Relay or ATM.  Alternative security protocols: AH and ESP.  Source IP address.

5 IPSec – Two modes Transport mode and tunnel mode: defines where the IPSec header is added to the IP packet. Transport mode

6 IPSec – Two modes Tunnel mode

7 IPSec – Two modes Example  VPN technology uses IPSec in the tunnel mode.

8 Two security protocols Authentication Header (AH) protocol: Designed to authenticate the source host and to ensure the integrity of the payload. Calculates a message digest, using a hashing function and a symmetric key, and inserts the digest in the authentication header. AH is put in the appropriate location based on the mode. Provide source authentication and data integrity, but not privacy.

9 Two security protocols Authentication header in transport mode: Protocol field:

10 Two security protocols Next header – Defines the type of payload carried by the IP datagram. (e.g. TCP/UDP/ICMP, …) Payload length – Defines the length of the authentication header. Security parameter index – Plays the role of a virtual circuit identifier and is the same for all packets sent during a SA connection. Sequence number – Provides ordering information for a sequence of datagrams, and prevent playback. Authentication data – The result of applying a hash function to the entire IP datagram.

11 Two security protocols Encapsulating Security Payload (ESP) Provide source authentication, integrity, and privacy. Adds a header and trailer. Authentication data – In AH, part of the IP header is included in the calculation of the authentication data; in ESP, it is not.

12 Two security protocols ESP (Transport mode)

13 AH versus ESP ESP protocol was designed after AH protocol was already in use. ESP does whatever AH does with additional functionality (privacy). AH will remain part of the Internet until the products are phased out. Ref: /security/ipsecarc.mspx /security/ipsecarc.mspx

14 Secure Sockets Layer (SSL) Commonly used protocols for managing the security of a message transmission across the “insecure” Internet. Developed by Netscape for transmitting private documents via the Internet. Uses a public key to encrypt data that is transferred over the SSL connection. URLs that require an SSL connection start with “ instead of “

15 Secure Sockets Layer (SSL) Runs on top of the TCP, not over UDP or directly over IP. Uses TCP/IP on behalf of higher-level protocols Allows SSL-enabled server to authenticate itself to SSL-enabled client Allows client to authenticate itself to server Allows both machines to establish an encrypted connection.

16 Secure Sockets Layer (SSL) - Examples HTTP over SSL  Securing the web was the main initial drive for designing SSL, and HTTP is the first application-layer protocol secured by SSL.  HTTPS operates on TCP port 443, while HTTP operates on TCP port 80 by default.  Standardized in RFC 2818.

17 Secure Sockets Layer (SSL) - Examples over SSL  Similar to HTTP over SSL, protocols such as SMTP, Post Office Protocol 3 (POP3), and Internet Message Access Protocol (IMAP) can be supported by SSL.

18 Secure Sockets Layer (SSL) Uses ciphers to enable encryption of data between two parties. Uses digital certificates to enable authentication of the parties involved in a secure transaction. Asymmetric encryption (public key encryption). Symmetric encryption (secret key encryption).

19 Secure Sockets Layer (SSL) - Digital Certificates Components  Certificate user’s name  Entity for whom certificate is being issued  Public key of the subject  Time stamp Typically issued by a CA that acts as a trusted third party  Public certificate authorities  Private certificate authorities

20 Transport Layer Security - TLS Derived from a security protocol called Secure Socket Layer (SSL). TLS is a nonproprietary version of SSL designed by IETF. Lies between the application layer and the transport layer.

21 Transport Layer Security - TLS For transactions on the Internet, a browser needs the following:  The server must be authenticated.  The integrity of the message must be preserved.  There is a need for privacy. TLS is actually two protocols:  Handshake protocol  Data exchange protocol

22 TLS – Handshake protocol Responsible for negotiating security, authenticating the server to the browser, and (optionally) defining other communication parameters.

23 TLS – Handshake protocol The browser sends a hello message that includes the TLS version and some preferences. The server sends a certificate message that includes the public key of the server. The public key is certified by some certification authority, which means the public key is encrypted by a CA private key. The browser has a list of CAs and their public keys. It uses the corresponding key to decrypt the certificate and finds the server public key. This also authenticates the server. The browser generates a secret key, encrypts it with the server public key, and sends it to the server. The browser sends a message, encrypted by the secret key, to inform the server that handshaking is terminating from the browser side. The server decrypts the secret key using its private key and decrypts the message using the secret key. It then sends a message, encrypted by the secret key, to inform the browser that handshaking is terminating from the server side.

24 TLS – Data exchange protocol The data exchange (record) protocol uses the secret key to encrypt the data for secrecy and to encrypt the message digest for integrity.message digest The details and specification of algorithms agreed upon during the handshake phase.

25 SSL VPN Emerging remote access technology that provides secure connectivity to the internal corporate resources through a web browser or a dedicated client. The greatest strength of SSL VPN comes from the fact that SSL is a mature protocol and is readily available in virtually all web browsers. Using SSL VPN, you can securely navigate your internal web server, or even check your s, from a kiosk or Internet cafe.

26 SSL VPN SSL VPN offers the advantage that it is platform independent. Using any browser that supports SSL, you can access resources without worrying about the underlying operating system. Secondly, you do not have to troubleshoot a third-party VPN client, should the connection not work as expected. Additionally, SSL VPN solves the network traversal problem, as many organizations restrict most forms of VPN traffic, such as IPsec and PPTP, to pass through their networks.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.