Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Published byCathleen Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004

2 Computer Science and Engineering Contents  Security in Networks (Cont.)  Group Work  Khalid’s presentation  Ben’s presentation

3 Computer Science and Engineering Wired Backbone with Mobile nodes Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host

4 Computer Science and Engineering Mobile IP (Cont.) Arbitrary Topology of Routers and Links Home Agent Mobile Host at Home Foreign Agent Mobile Host visiting A foreign subnet Home subnet Foreign subnet

5 Computer Science and Engineering Wireless Multi-hop Backbone Mobile Host

6 Computer Science and Engineering Hybrid backbone Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host Wireless Multi-hop Backbone Mobile Host Hybrid Backbone Mobile Host

7 Computer Science and Engineering Encryption  Link Encryption  End-to-End Encryption BNTSME

8 Computer Science and Engineering Link Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

9 Computer Science and Engineering End-to-End Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

10 Computer Science and Engineering IP Security Protocol (IPSec)  With IPv6, IETF addresses security requirements  Defines a standard for handling encrypted data  Implemented at the IP layer  Supports authentication and confidentiality  Allows communicating parties to agree on a mutually supported set of protocols  Security Association -- set of parameters for a secured communication channel

11 Computer Science and Engineering Security Association A security association includes:  encryption algorithm and mode – e.g. DES  encryption key  encryption parameters – e.g. initialization vector  authentication protocol and key  lifespan of the association  address of opposite end of association  sensitivity level of protected data – used for classified data

12 Computer Science and Engineering IPSec (cont.)  Security Parameter Index (SPI) – data element, a pointer into a table of security associations  Authentication Header (AH) – immediately follows IP header (authentication for IP traffic)  Encapsulated Security Payload (ESP) – replaces (includes) the conventional TCP header and data portion of packet (encryption for IP data)

13 Computer Science and Engineering TCP/IP Conventional Packets Physical Header IP Header TCP Header Data Physical Trailer

14 Computer Science and Engineering TCP/IP Conventional Packets IP Header AH

15 Computer Science and Engineering Authentication Header Next Header SEQUENCE NUMBER Payload Length Security Parameters Index (SPI) Authentication Data Reserved

16 Computer Science and Engineering IPSec Packets ESP (includes TCP header and Data)

17 Computer Science and Engineering Encapsulated Security Packet Next Header SEQUENCE NUMBER Payload DATA Padding Length Padding Security Parameters Index (SPI) Authentication Data authenticated encrypted

18 Computer Science and Engineering Key Management  Internet Security Association Key management Protocol (ISAKMP) – distinct key be generated for each security association  ISAKMP Key Exchange (IKE)  Setup of secure communication – authentication of peers, exchange of keys, creation of security association

19 Computer Science and Engineering Group Work (firewalls, pages 458-465) 5 groups Read, discuss, and report  G1  packet filtering  G2  stateful inspection  G3  application proxies  G4  guards  G5  personal firewall

20 Computer Science and Engineering Thank you!

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google