Presentation is loading. Please wait.

Presentation is loading. Please wait.

Provided By: Saeed Darvish Pazoki – MCSE, CCNA Wikipedia VPNs Illustrated: Tunnels, VPNs, and IPsec - By Jon C. Snader SSL and TLS Essentials – By Stephen.

Published byBlaze McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "Provided By: Saeed Darvish Pazoki – MCSE, CCNA Wikipedia VPNs Illustrated: Tunnels, VPNs, and IPsec - By Jon C. Snader SSL and TLS Essentials – By Stephen."— Presentation transcript:

1 Provided By: Saeed Darvish Pazoki – MCSE, CCNA Wikipedia VPNs Illustrated: Tunnels, VPNs, and IPsec - By Jon C. Snader SSL and TLS Essentials – By Stephen Thomas 1

2  Security ◦ Authentication  Prove you are who you say you are (Kerberos and NTLM) ◦ Authorization  Determine what you can do on the network after you have authenticated. (Kerberos and NTLM) ◦ Confidentiality  Keep Data Secret (Encryption components of Kerberos and IPSec) ◦ Integrity  Ensure that the data received is the same data that is sent (Components of Kerberos, NTLM, and IPSec) ◦ Anti-Replay ◦ Anti-replay is the concept of not allowing an intercepted packet message to be sent to the recipient multiple times without the original sender knowing. 2

3  Cryptography  Key Management  Hash 3

4 Cryptography 4

5  The word cryptography is derived from the Greek for “Secret Writing”  The task of keeping information secret is an important mission of cryptography (Confidentiality)  Cryptography also provides identity (Authentication) and verifies information (Integrity) 5

6  Confidentiality ◦ Secret Code (Cipher)  Authentication (Proof of Identity) ◦ Pass Phrase (Signature)  Integration ◦ Hash Function (MD5 / SHA) 6

7  One essential element of cryptography is the use of secret codes that are shared only by the communicating parties.  These secret codes are called “Keys”  Cryptographic techniques fall into two classifications, depending on the type of keys they use: ◦ Secret (Symmetric) key cryptography ◦ Public (Asymmetric) key cryptography 7

8  Secret Key Cryptography ◦ Both parties know the same information ◦ Both parties know the same information for this reason it has the technical name Symmetric Encryption ◦ Encryption algorithms, or ciphers, based on secret key techniques are usually just mathematical transformations on the data to be encrypted, combined with the secret key itself ◦ Encryption = Key + algorithm ◦ Shared-Secret and Diffie-Hellman are two methods ◦ An important quality that determines the effectiveness of a cipher is the size of the secret key; The larger the key, the more difficult it is to break the code 8

9  Alice and Bob agree to use a prime number p=23 and base g=5.  Alice chooses a secret integer a=6, then sends Bob (g^a mod p) ◦ 5^6 mod 23 = 8.  Bob chooses a secret integer b=15, then sends Alice (g^b mod p) ◦ 5^15 mod 23 = 19.  Alice computes (g^b mod p)^a mod p ◦ 19^6 mod 23 = 2.  Bob computes (g^a mod p)^b mod p ◦ 81^5 mod 23 = 2. 9

10 10

11  Secret key cryptography ◦ Cryptographers also characterize symmetric encryption algorithms according to how they process input data.  Stream ciphers  Block ciphers ◦ Stream ciphers process input data a byte at a time, and can accept any size of input for encryption. ◦ Block ciphers, in contrast, operate only on fixed- sized blocks of data—typically 8 bytes in size.  Block ciphers are require less computation resources, and they are generally slightly less vulnerable to attack 11

12  Secret key (Symmetric) cryptography 12

13  Public (Asymmetric) key cryptography ◦ Public key cryptography or, more technically, asymmetric encryption, actually has each of the two parties use separate keys—one for encryption and a different one for decryption. ◦ Fundamentally, asymmetric encryption is based on mathematical problems that are much easier to generate than they are to solve.  anyone with a pocket calculator can compute the product of 113 * 293 and get the correct answer of 33 109.  Which two whole numbers, when multiplied together, yield the product 29 213? 13

14 Encrypt with Public Key and Decrypt with Private Key 14

15  Public key cryptography ◦ Some public key encryption algorithms, notably the Rivest Shamir Adleman (RSA) algorithm commonly used with SSL, also work in reverse (Identity Proof) 15

16  Public key encryption is a powerful tool, but in most practical implementations it suffers from one serious disadvantage; the encryption operation is extremely complex and costs performance! 16

17 17

18  There is an important variation to this process that relies on a different type of public key algorithm known as a key exchange algorithm, and the most famous example is the Diffie-Hellman algorithm.  Diffie-Hellman is usually thought of as a public key algorithm, even though it cannot be used for encryp-tion or for digital signatures.  Diffie-Hellman allows two parties to securely establish a secret number using only public messages. 18

19 Key Management 19

20  In the previous examples, Alice has hypothetically retrieved Bob’s public keys from the newspaper. Suppose, however, that the nefarious Charles was able to print a phony newspaper (with a phony public key for Bob) and sneak it into Alice’s driveway in the morning in place of her real paper. How would Alice know of the fraud?  It is exactly this problem that has led to the creation of public key certificates and certificate authorities. 20

21  Important parts of a Public Key Certificate ◦ Issuer ◦ Period of Validity ◦ Subject ◦ Subject’s Public Key ◦ Signature 21

22  Certificate Authorities ◦ The issuer of a public key certificate is traditionally known as a certificate authority (CA), and certificate authorities play a vital role in establishing trust among a community of users. ◦ The certificate authority digitally signs all certificates, attesting to the validity of the public keys they contain. ◦ If users trust the certificate authority, they can trust any certificate that CA issues ◦ A certificate authority can be identified as either a private or a public CA  Private authorities include organizations that issue certificates strictly for their own users  A public certificate authority issues certificates to the general public, and it can certify the identity of both individuals and organizations. 22

23  Certificate Authorities ◦ Certificate authorities are themselves frequently identified by their certificates, but their certificates differ from standard certificates in one important respect: the subject and the issuer are one and the same ◦ Any party that receives a normal certificate can check the certificate’s signature to decide whether to trust the public key in that certificate 23

24  Certificate Hierarchies ◦ With a hierarchy in place, a certificate authority does not have to certify all identities itself. Instead, it designates one or more subsidiary authorities. These authorities may, in turn, designate their own subsidiaries, the hierarchy continuing until an authority actually certifies end users 24

25  Certificate Revocation List ◦ A certificate revocation list, or CRL for short, is a list of certificates that the authority has previously issued, but no longer considers valid. ◦ It is the responsibility of any party that trusts another’s certificate to check with the certificate authority to make sure the certificate has not been revoked. 25

26 Hash Function 26

27  A hash function is a method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.  In cryptography, a cryptographic hash function is a transformation that takes an input and returns a fixed-size string, which is called the hash value.  A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.  The fingerprints are called hash sums, hash values, hash codes or simply hashes.  In various standards and applications, the two most- commonly used hash functions are MD5 and SHA-1. 27

28 28

29  User A wants to send a packet to User B with Confidentiality, Integrity and Packet Authentication in mind! ◦ A 1.Request B public key 2.Encrypt text with B public key (This way he makes sure only user B can decrypt the text!) 3.Generate Hash value of the encrypted text in step 2 4.Encrypt the hash value in the previous step with its own private key 5.Sent Encrypted text + Hash value + encrypted hash to user B ◦ B 1.Get A public key 2.Decrypt A-4 with A public key  If matched with A-3 then the packet is authenticated 3. generate Hash value of A-2  If matched with A-3 then packet integrity is approved 4.Decrypt A-1 with its own private key  confidentiality 29

30 30

31 IPSec 31

32  IPsec consists of three major protocols: ◦ AH  A protocol that provides data origin authentication, data integrity, and replay protection. ◦ ESP  A protocol that provides the same services as AH but also offers data privacy through the use of encryption. ◦ IKE  A protocol that provides the Key-Management function. The alternative to IKE is manual keying, which IPsec also supports. 32

33  AH and ESP can operate in one of two modes: ◦ Transport mode  A method of providing security to the upper-layer protocol of an IP datagram ◦ Tunnel mode  A method of providing security to an entire IP datagram 33

34  Transport Mode ◦ Transport mode is meant to be used between two fixed hosts. ◦ Transport mode cannot be used to connect two networks or a network and a host. ◦ The name transport mode comes from the fact that they protect data that comes after the IP header, which is most often data from a transport protocol. ◦ From a practical standpoint, this means that the AH or ESP header is placed after the IP header in the datagram. 34

35  Transport Mode 35

36  Tunnel-Mode ◦ The typical use of tunnel mode is to connect either two networks or a host and a network 36

37  Security Association (SA) ◦ A security association (SA) is the establishment of shared security information between two network entities to support secure communication. ◦ It includes such things as:  Encryption algorithm and its keys  Authentication algorithm and its keys  Current sequence number  Anti-replay window  Lifetime of the SA usually in time and bytes  Identifying number  The security parameter index (SPI) ◦ SAs are simplex; that is, they control traffic in only one direction, from host A to host B, say, but not from host B to host A. Thus, each VPN endpoint must have a pair of SAs: one for input and one for output. ◦ SAs are distinguished by the triple. 37

38  Security Association (SA) ◦ SA Creation Types:  The SAs can be created manually (manual keying) by the system administrator.  The SAs can be negotiated as needed by the IPsec key- management protocol, IKE. ◦ An IPsec implementation holds the SAs in a security association database (SAD), where it can locate them during processing. ◦ Conceptually, there is a SAD for input and another for output, but whether there is one SAD or two is an implementation detail. 38

39  Policies ◦ Decide what kind of traffic must be proceeded with IPSec based on selectors such as:  Destination address  Source address  Transport-layer protocol  Source port  Destination port ◦ As with security associations, a node's IPsec policies are maintained in a database, called the security policy database (SPD). 39

40  IPSec Processing ◦ Outbound  Compare each outbound datagram's selector fields against the SPD to find the first matching policy.  If this policy specifies that the datagram should be dropped, discard it and log the event.  If the policy specifies that IPsec should be bypassed, transmit the datagram in the normal way.  When the policy specifies that IPsec should be applied, it will point to a set of zero or more SAs or SA bundles in the SAD.  If the set is empty, no SA exists for this policy, so IPsec will invoke IKE, assuming it is running, to negotiate the SAs with the appropriate peer.  Find the first SA in the set from the first step that applies to the datagram. This step is necessary because a single policy rule can create multiple SAs.  Use the SA to apply the appropriate IPsec services to the datagram. 40

41  IPSec Processing ◦ Inbound  When a datagram arrives at a VPN endpoint, it is checked to see whether it contains an IPsec header, indicating that security processing must be applied. If it does, the following steps take place.  Using the destination address, the SPI, and the type of header (AH or ESP), locate the SA that applies to the header. If this is tunnel mode, use the destination address of the outer header. If no SA is available, log and drop the datagram.  If anti-replay is enabled, check that the sequence number is valid. Using the SA found in the first step, perform the encryption and/or authentication specified by the SA. Verify that the resulting datagram's selectors match those specified in the SA. Repeat steps 1 and 2 until all the IPsec headers are processed.  Locate the SPD entry that applies to the datagram by matching its selectors, just as in the outbound processing.  Verify that the SAs found in steps 1 and 2 match the SAs required by the policy found in step 3 and that they were applied in the right order. Steps 3 and 4 are to verify that the datagram was processed correctly.  Forward the decapsulated datagram to the next hop if this is not the final destination or to the appropriate transport protocol if it is. 41

42  Authentication Header (AH) ◦ The Authentication Header (AH) protocol provides endpoint authentication and data integrity without the overhead of encryption, thereby supplying exactly what's required in these situations. ◦ AH provides its protection by calculating a keyed MAC (Message Authentication Code), called an integrity check value (ICV), over parts of the IP header and the entire payload data. The results of the ICV are placed in the AH header, and the header is added to the IP datagram. The exact placement of the AH header in the datagram depends on whether it is being used in transport or tunnel mode. ◦ AH is an IP protocol and has its own IP protocol number: 51 42

43  Authentication Header (AH) 43

44  Authentication Header (AH) ◦ Sequence Numbers  it's not sufficient for AH to remember the next expected sequence number and to check that an incoming datagram's sequence number matches it. When a datagram arrives, its sequence number can be: 1.Greater than the largest sequence number received 2.Less than the largest sequence number received but not a duplicate of a previous sequence number 3.Equal to a previously received sequence number  We would like to accept datagrams in cases 1 and 2, and drop datagrams in case 3  The antireplay-window idea refines the idea of remembering all the sequence numbers to remembering whether the last n sequence numbers were received. 44

45  Authentication Header (AH) ◦ Anti-Replay Window  RFC 2402 specifies that the anti-replay window must be at least 32 sequence numbers wide and recommends that it be 64. 45

46  AH – Transport Mode 46

47  AH – Tunnel Mode 47

48  AH – Tunnel Mode 48

49  ESP ◦ The Encapsulating Security Payload (ESP) protocol provides the same authentication, data integrity, and anti-replay protection that AH provides but adds the IPsec confidentiality function. In tunnel mode, ESP also provides limited protection from traffic analysis. ◦ The ESP authentication function is identical to that in AH ◦ Think of the ESP packet as consisting of four parts:  The ESP header, which contains the SPI and sequence number fields  The payload, which contains the IV and payload data fields  The ESP trailer, which contains the padding, pad length, and next header fields  The ESP authentication data, which contains the ICV. 49

50  ESP 50

51  ESP – Transport Mode 51

52  ESP – Transport Mode ◦ The ESP header is not encrypted otherwise, the receiver couldn't find the SPI and wouldn't know how to decrypt the packet but it is authenticated. ◦ The IP header is not protected. This means that an attacker can change any of the IP header fields without detection. ◦ If an attacker attempts to forge an IP datagram, the ICV will be incorrect, and the authentication step will fail. 52

53  ESP – Tunnel Mode 53

54  ESP – Tunnel Mode 54

55  Internet Key Exchange (IKE) ◦ It handles the difficult problem of key management by negotiating security associations between a set of peers. ◦ The basic idea behind IKE is straightforward: The peers perform a Diffie-Hellman exchange to obtain a shared secret that they use to generate keying material for the encryption and authentication algorithms used to protect a communication. ◦ IKE must take steps to protect itself against denial-of- service attacks, replay attacks, man-in-the-middle attacks, and other attempts to subvert the secure exchange of keys. ◦ In addition to exchanging keying material, IKE negotiates the encryption, authentication, and other cryptographic primitives that the VPN needs and agrees on the policy that the VPN will use, so the protocol must handle these aspects of SA creation as well. 55

56  Internet Key Exchange (IKE) ◦ IKE is often described as a hybrid protocol because it derives from three other key-exchange protocols:  ISAKMP  OAKLEY  SKEME ◦ IKE uses the first of these, the Internet Security Association and Key Management Protocol (ISAKMP), as a base protocol. ◦ ISAKMP is a framework that provides mechanisms and message formats for expressing additional protocols that establish security associations and perform key exchange. ◦ The Oakley Key Determination protocol (OAKLEY) describes a series of modes that specify methods for using the Diffie-Hellman algorithm to securely exchange keying material while providing identity verification, authentication, and perfect forward secrecy. ◦ IKE's use of various modes comes from the OAKLEY protocol, as do the original four fixed groups defined in RFC 2409 that IKE uses for the Diffie- Hellman exchange. The latter are called OAKLEY groups. 56

57  Internet Key Exchange (IKE) ◦ The SKEME protocol is a versatile key-exchange protocol that provides perfect forward secrecy, key replacement, and the negotiation of cryptographic primitives. ◦ IKE borrows SKEME's method of using public key encryption for authentication and the idea of fast rekeying by exchanging nonces. ◦ IKE consists of two phases  The purpose of phase 1 is to establish an encrypted, authenticated channel between the two nodes so that they can securely negotiate the appropriate IPsec SAs, such as ESP or AH.  After the phase 1 SA is established, both peers will know that they are talking to the proper endpoint and will have a secure channel over which they can negotiate further SAs. 57

58  Internet Key Exchange (IKE) ◦ IKE Phase-1 (IKE SA)  Negotiate how IKE should be protected ◦ IKE Phase-2 (IPSec SA)  Negotiate how IPsec should be protected  Derive some fresh keying material from the key exchange in phase-1, to provide session keys to be used in the encryption and authentication of the VPN data flow 58

Download ppt "Provided By: Saeed Darvish Pazoki – MCSE, CCNA Wikipedia VPNs Illustrated: Tunnels, VPNs, and IPsec - By Jon C. Snader SSL and TLS Essentials – By Stephen."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Internet-security.ppt-1 (2000-11-26) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

Similar presentations

Ads by Google