By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

Slides:



Advertisements
Similar presentations
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
Advertisements

IPSec.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IPv6 Network Security.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
IP Security: Security Across the Protocol Stack
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
TCP/IP Protocols Contains Five Layers
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
IP Security (IPSec) Encapsulating Security Payload (ESP) Dr Milan Marković.
IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
IPSec Detailed Description and VPN
IPSecurity.
Internet Protocol Version 6 Specifications
CSE 4905 IPsec.
Encryption and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
IT443 – Network Security Administration Instructor: Bo Sheng
IPSec IPSec is communication security provided at the network layer.
NET 536 Network Security Lecture 5: IPSec and VPN
Virtual Private Networks (VPNs)
Lecture 36.
Lecture 36.
Presentation transcript:

By Mau, Morgan Arora, Pankaj Desai, Kiran

 Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication Header in IPv6  ESP in IPv6  Security Issues in IPv6

A (Poor) Representation of Relative IPv4 and IPv6 Address Space Sizes[1]

 With IPv4 a typical Class C network has 8 bits for host addressing. ◦ If we scan at the rate of 1 host/sec ◦ 2exp8 hosts X 1sec/host X1 minute/60secs = 4.2 mins ◦ Takes us ~4 minutes to completely scan the C network  With IPv6 the subnets use 64 bits for host addressing. ◦ If we scan at the rate of 1 host/sec ◦ 2exp64 hosts X 1sec/host X 1yr/ secs = 584 billion yrs ◦ Takes us ~584billion yrs to completely scan the network

 Advantages ◦ Port scanning attacks become an arduous task ◦ Well organized IP address assignment, helps track down issues  Disadvantages ◦ Increased overhead, since every datagram header or other place where IP addresses are referenced must use 16bytes for each address instead of 4bytes

 IPsec is a set of cryptographic protocols that secure data communication and provide for secure exchange of keys during initial negotiation  Although IPsec has been there for quite some time now, it was optional in IPv4.  IPv6 mandates the use of IPsec

IPsec overview [1]

 Integrated architecture ◦ Integrated in IP layer itself ◦ Example: IPv6 ◦ Most elegant but would not be possible with IPv4 as the IP implementation in each device needs to be changed

BITS architecture or Bump In The Stack BITS architecture [1]

BITW architecture or Bump In The Wire BITW architecture [1]

As its name suggests, in transport mode, the protocol protects the message passed down to IP from the transport layer.

In this mode, IPSec is used to protect a complete encapsulated IP datagram after the IP header has already been applied to it.

 Thus to generalize, the order of headers are as below o Transport Mode: IP header, IPSec headers (AH and/or ESP), IP payload (including transport header). o Tunnel Mode: New IP header, IPSec headers (AH and/or ESP), old IP header, IP payload.  For IPv6, there are 2 variables and 4 combinations. Thus 2 protocols(AH& ESP) and 2 modes(Transport and Tunnel) could be combined in different ways.

 AH is one among the two core security protocols in IPsec  AH is intended to guarantee connectionless integrity and data origin authentication IPsec AH packet [2]

 The calculation of the authentication header is similar for both IPv4 and IPv6.  Difference is in placing the header into the datagram and for linking the headers together  The AH is inserted into the IP datagram as an extension header following normal rules of IPv6 extension header linking.  Each header field is linked to by the previous field by the Next header link.  Thus the headers could be chained one after the other.  The numbers indicated are a standard specified by IETF for each protocol.

Authentication Header Placement and Linking

 AH is not enough if we do not want the intermediate devices to change our datagrams.  ESP provides the privacy we seek by encrypting them.  ESP also supports its own authentication scheme. ESP headers without and with authentication [2]

 Unlike AH, which provides a small header before the payload, ESP surrounds the payload it's protecting  The next hdr field gives the type (IP, TCP, UDP, etc.) of the payload in the usual way, though it can be thought of as pointing "backwards" into the packet rather than forward as we've seen in AH  Header Calculation and Placement ◦ The ESP header placement works similar to AH. ◦ It is inserted into the IP datagram as an extension header.  Trailer Calculation and Placement ◦ The ESP Trailer is appended to the data to be encrypted. ◦ The Next Header field in ESP appears in the trailer and not the header.  ESP Authentication Field Calculation and Placement ◦ The authentication field is computed over the entire ESP datagram.

ESP in Transport and Tunnel Mode [1]

 IPv6-IPv4 stack issues ◦ Dual stacks during migration always bring in security vulnerabilities  Extension Header issues ◦ Large size of extension headers will overwhelm certain nodes.  Multicast flooding ◦ New features like multicast address would increase the smurf attacks

[1]“TCPIP Guide”, Web resource retrieved on Oct 13 th 2008http:// [2]“An illustrated guide to IPsec”, ipsec.html, Web resource retrieved on Oct 13 th ipsec.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.