Network Layer Security Network Systems Security Mort Anvari.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

IP Security Nick Feamster CS 6262 Spring IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
NS-H /11041 IP Security. NS-H /11042 TCP/IP Example.
Cryptography and Network Security
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security: Security Across the Protocol Stack
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.
Karlstad University IP security Ge Zhang
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Securty 1. Overview 2. Architecture 3. Authentication Header 4. Encapsulating Security Payload 5. Combining security Associations 6. Internet Key Exchange.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 IPv6 Security & QoS Babu Ram Dawadi. 2 Outline IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Presentaion on ipsecurity Presentaion given by arun saraswat To lavkush sharma sir arun saraswat1.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPv6 Security & QoS Babu Ram Dawadi.
IPSecurity.
Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom.
Chapter 18 IP Security  IP Security (IPSec)
IP Security Ch16 of Cryptography and Network Security - Third Edition
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
No.9: IP Security Network Information Security 网络信息安全
Cryptography and Network Security Chapter 16
Cryptography and Network Security
CSCE 815 Network Security Lecture 13
Cryptography and Network Security Chapter 16
Cryptography and Network Security Chapter 16
Cryptography and Network Security
Presentation transcript:

Network Layer Security Network Systems Security Mort Anvari

9/30/20042 Security in Network Layer Implementing security in application layer provides flexibility in security policy and key management Problem is need to implement security mechanism in every application individually To reduce the overhead, implement security in network layer to provide security for all applications between selected pair of computers

9/30/20043 IPSec Two protocols Authentication Header (AH) Encasulating Security Payload (ESP) Provide general security services for IP Authentication Confidentiality Anti-replay Key management Applicable to use over LANs, across public and private WANs, and for the Internet

9/30/20044 Scenario of IPSec Uses

9/30/20045 Benefits of IPSec Provide strong security to all traffic crossing the perimeter if installed in a firewall/router Resistant to bypass IPSec is below transport layer, hence transparent to applications Can be transparent to end users Can provide security for individual users if desired

9/30/20046 IP Security Architecture Specification is quite complex Defined in numerous RFC’s RFC 2401/2402/2406/2408 many others, grouped by category Mandatory in IPv6, optional in IPv4

9/30/20047 Security Association (SA) A unidirectional relationship between sender and receiver that affords security for traffic flow Each IPSec computer maintains a database of SA’s Defined by 3 parameters Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier

9/30/20048 SA Parameters Sequence Number Counter Sequence Number Overflow Anti-Replay Window AH and ESP information Lifetime IPSec Protocol Mode Path MTU

9/30/20049 Authentication Header (AH) Provide support for data integrity and authentication of IP packets end system/router can authenticate user/app prevent address spoofing attacks by tracking sequence numbers Based on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96 Parties must share a secret key

9/30/ Authentication Header

9/30/ End-to-End vs End-to-Intermediate Authentication

9/30/ Scope of AH Authentication

9/30/ Encapsulating Security Payload (ESP) Provide message content confidentiality and limited traffic flow confidentiality Can optionally provide the same authentication services as AH Support range of ciphers, modes, padding DES, Triple-DES, RC5, IDEA, CAST etc CBC most common pad to meet blocksize, for traffic flow

9/30/ Encapsulating Security Payload

9/30/ Transport vs Tunnel Mode ESP Transport mode is used to encrypt and optionally authenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic Tunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security

9/30/ Scope of ESP Encryption and Authentication

9/30/ Combining Security Associations SAs can implement either AH or ESP, but each SA can implement only one To implement both, need to combine SAs form a security bundle Have 4 cases

9/30/ Combining Security Associations

9/30/ Key Management Handle key generation and distribution Typically need 2 pairs of keys 2 per direction for AH & ESP Manual key management sysadmin manually configures every system Automated key management automated system for on demand creation of keys for SA’s in large systems Oakley and ISAKMP

9/30/ OAKLEY A key exchange protocol Based on Diffie-Hellman key exchange Add features to address weaknesses of Diffie- Hellman cookies to counter clogging attacks nonces to counter replay attacks key exchange authentication to counter man-in- the-middle attacks Can use arithmetic in prime fields or elliptic curve fields

9/30/ Usage of Cookies Three basic requirements Must depend on specific parties Impossible for anyone other than issuing entity to generate cookies that will be accepted by issuing party Cookie generation and verification must be fast To create a cookie, perform a fast hash over src and dst IP addresses, src and dst ports, and a locally generated secret value

9/30/ ISAKMP Internet Security Association and Key Management Protocol Provide framework for key management Define procedures and packet formats to establish, negotiate, modify, and delete SAs Independent of key exchange protocol, encryption algorithm, and authentication method

9/30/ ISAKMP

9/30/ Next Class Denial-of-Service (DoS) attack Hop Integrity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.