Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPSec IPSec is communication security provided at the network layer.

Published byLynette Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "IPSec IPSec is communication security provided at the network layer."— Presentation transcript:

1 IPSec IPSec is communication security provided at the network layer.
Communication protected with a session key is called a security association, a triple <SPI, dest address, AH|ESP>. Provides security for security-ignorant network applications. Somewhat transparent to the application. Can be implemented as bump-in-the-wire. Flexible enough to allow Secure branch office connectivity over the Internet. Secure remote access over the Internet. We will restrict ourselves to IPv4 with IPSec in tunnel mode. Transport the original datagram in its entirety inside another one. ________________ CS3235, Nov 2002

2 A Simple IPSec Scenario
Public or Private Network IP Header IPSec Hdr Secure IP payload User System With IPSec IP Hdr IPSec Hdr Secure IP payload Server PC Networking Device With IPSec IP Hdr IP Pload ________________ CS3235, Nov 2002

3 Some IPSec Terminology
Security Association One-way relationship between sender and receiver. An SA can be used with AH or ESP but not both. It is a triple consisting of SPI (32 bits) IP destination address (unicast or multicast) Security protocol identifier ________________ CS3235, Nov 2002

4 Some IPSec terminology
Security Policy Database (SPD) Contains entries, each if which defines a subset of IP traffic and points to an SA for that traffic. Each entry is defined by a set of IP and upper-layer protocol field values, called selectors. ________________ CS3235, Nov 2002

5 Authentication Header
Provides support for data integrity and authentication. Prevents address spoofing attacks. Guards against replay attacks. The communicating parties must share a key. Next hdr Payload len Reserved SPI Sequence number Authentication data (variable) ________________ CS3235, Nov 2002

6 Authentication Header
Authenticates its payload + immutable parts of the outer IP header. Must support HMAC-MD5-96 & HMAC-SHA-1-96. Mutable fields set to 0 when computing ICV. Authentication Data field set to 0 when calculating ICV. Problem for NAT. Payload len = The size of the AH header in 32-bit chunks – 2. Sequence number is used to recognize replayed packets. A new SA initializes it to 0. Anti-replay does not permit recycling past 2^32-1. Receiver should implement a window to check for replay. ________________ CS3235, Nov 2002

7 Encapsulating Security Payload
Provides confidentiality of message contents and limited traffic flow confidentiality. Can also provide the same authentication services as AH. SPI Sequence number Payload data (variable) Padding (0 – 255 bytes) Pad length Next header Authentication data (variable) ________________ CS3235, Nov 2002

8 Some thoughts The ESP authenticates encrypted payload.
Is there need for separate AH when ESP can provide the same functionality? Should AH authenticate IP header fields? ________________ CS3235, Nov 2002

Download ppt "IPSec IPSec is communication security provided at the network layer."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.

IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

Similar presentations

Ads by Google