7/11/2006IETF-66 MSEC IPsec composite groups page 1 George Gross IdentAware ™ Multicast Security IETF-66, Montreal, Canada July.

Slides:



Advertisements
Similar presentations
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
Advertisements

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
11/07/2003IETF-58 MSEC and AAA page 1 George Gross, IdentAware ™ Security IETF-58, Minneapolis, MN November 10 th 2003 Multicast.
Security at the Network Layer: IPSec
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Network Security Sorina Persa Group 3250 Group 3250.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
7/11/2006IETF-66 MSEC applied to RMT page 1 George Gross IdentAware ™ Multicast Security IETF-66, Montreal, Canada July 11 th 2006.
Cisco 1 - Networking Basics Perrine. J Page 19/17/2015 Chapter 9 What transport layer protocol does TFTP use? 1.TCP 2.IP 3.UDP 4.CFTP.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Virtual Private Networks (VPNs) Source: VPN Technologies: Definitions and Requirements. VPN Consortium, July 2008.VPN Technologies: Definitions and Requirements.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Information-Centric Networks Section # 9.3: Clean Slate Instructor: George Xylomenos Department: Informatics.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
8/02/2005IETF-63 MSEC IPsec extensions page 1 Brian Weis, Cisco Systems George Gross, IdentAware ™ Security Dragan Ignjatic, Polycom IETF-63, Paris, France,
Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations (RFC 6324) Po-Kang Chen Oct 19,
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Confidential New OnCell Features VPN & GuaranLink.
IPsec Problems and Solutions
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Network Security Mechanisms
CSE 4905 IPsec.
Encryption and Network Security
SECURING NETWORK TRAFFIC WITH IPSEC
Internet and Intranet Fundamentals
CSE 4905 IPsec II.
IT443 – Network Security Administration Instructor: Bo Sheng
Network Virtualization
Network Security (contd.)
Network Security Essentials
draft-ietf-bier-ipv6-requirements-01
Presentation transcript:

7/11/2006IETF-66 MSEC IPsec composite groups page 1 George Gross IdentAware ™ Multicast Security IETF-66, Montreal, Canada July 11 th 2006 Multicast IPsec Composite Cryptographic Groups

7/11/2006IETF-66 MSEC IPsec composite groups page 2 Composite Cryptographic Groups Definition: The logical group formed from union of two or more sub-groups, each sub- group supporting different cryptographic properties (e.g. IPsec software version). Composite groups occur when large-scale groups contains multiple protocol versions or multiple partially interoperable vendors. –e.g. retiring 3-DES, migrating to AES –software bug fixes

7/11/2006IETF-66 MSEC IPsec composite groups page 3 IPsec Subsystem Composite Group Requirements Multicast application is unaware of sub- groups, it only sends one packet to the composite group, not each sub-group. Must provide a mechanism where each data packet gets replicated for each sub-group, and treated with the respective sub-group’s IPsec cryptographic policy. IPsec policy per sub-group, set by its GCKS

7/11/2006IETF-66 MSEC IPsec composite groups page 4 Motivation for Composite Groups Can not easily upgrade a large-scale group, no “flag day” is allowed Cryptographic algorithms age or break, need strategy to move to new ones –witness recent attacks on MD5, SHA-1 Parallel vendor-specific sub-groups support different feature sets, want best combination Straddle IPv4 and IPv6 sub-groups

7/11/2006IETF-66 MSEC IPsec composite groups page 5 Sub-Group A A1 A4 Internet A2 A3 A0 A5 Sub-Group B B1 B4 B2 B3 B0 Group Speaker Host IPsec Subsystem B5 Transport mode multicast data security association Transport Mode IPsec

7/11/2006IETF-66 MSEC IPsec composite groups page 6 Composite Cryptographic Group IPsec Transport Mode End-to-end security, no plain-text on wire Supports Native, BITS, and BITW architectural modes Requires IPsec subsystem replicate each data SA packet for each sub-group before applying its cryptographic algorithms –do not want the multicast application to be aware of the cryptographic sub-groups

7/11/2006IETF-66 MSEC IPsec composite groups page 7 Sub-Group A A1 A4 Internet A2 A3 A0 A5 Sub-Group B B1 B4 B2 B3 B0 Group Speaker B5 Application data sent unencrypted across multicast LAN to security gateways IPsec Tunnel Endpoint IPsec Security Gateway IPsec Tunnel Endpoint IPsec Security Gateway multicast-capable LAN Tunnel Mode IPsec

7/11/2006IETF-66 MSEC IPsec composite groups page 8 Composite Cryptographic Group IPsec Tunnel Mode Application multicasts its data to two or more IPsec security gateways, one gateway per sub-group. Advantage: simply bolt together as many gateways as there are sub-groups Drawback: Unencrypted data must transit a trusted network to reach the gateways

7/11/2006IETF-66 MSEC IPsec composite groups page 9 Composite Groups Proposed for Experimental Track Request that draft-gross-ipsec-composite- group-00.txt become a MSEC WG item Publish as an IETF experimental RFC Revise and transition to a proposed standard RFC after: –additional operational experience –wider recognition by industry that this provides a solution that merits full standardization

7/11/2006IETF-66 MSEC IPsec composite groups page 10 Background Reading draft-gross-msec-ipsec-composite-group- 00.txt draft-ietf-msec-ipsec-extensions-02.txt RFC IP security architecture

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.