Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy-Based IPSec Management (Role combination)

Published byCaroline Henriksen Modified over 5 years ago

Similar presentations

Presentation on theme: "Policy-Based IPSec Management (Role combination)"— Presentation transcript:

1 Policy-Based IPSec Management (Role combination)
15장 키 관리에 대해 발표할 전영호 입니다. Jeon Youngho

2 Contents Abstract Related works Proposed system Conclusion References
IPSec IPSec modes Secure protocols SA, SP, IKE Proposed system Role Combination Conclusion References

3 Abstract Security is vital to the success of e-commerce and many new valued-added IP services. IPSec is an important security mechanism in that it provies cryptographic-based protection mechanisms for IP packets. IPSec policies are quite complex, manually configuring them on individual network elements is inefficient. Therefore, it is infeasible for large-scale IPSec deployment.

4 Related works IPSec is a set of IETF’s open standards that provides cryptographic-based protection mechanisms for IP packet. Supporting confidentiality, integrity, authentication, protection against replay

5 Related works (cont.) IPSec modes Transfer mode

6 Related works (cont.) IPSec modes Tunnel mode

7 Related works (cont.) Secure protocols
AH(Authentication Header) protocol providing integrity, source authentication, but not privacy

8 Related works (cont.) Secure protocols
ESP(Encapsulating Security Payload) protocol Providing integrity, source authentication and privacy.

9 Related works (cont.) SA, SP and IKE

10 Related works (cont.) SP(Security policy) decides if a particular packet needs to be processed by IPSec or not. SA(Security association) is a simplex “connection” that provides security services to the IP traffic. IKE(Internet Key Exchange) is the protocol to establish secure connection internally and externally

11 Related works (cont.) Current example of IPSec policy
Unfortunately, the parameters must be manually entered into the policy server by an administrator.

12 Proposed system Role Combination, a set of parameters, makes us easy to input parameters toward policy server by duplicating it. The Role Combination also could be modified and easily customized. The Role Combination supports inheritance. If a branch added at banking system, Role Combination is automatically downloaded.

13 Proposed system (cont.)
An example of IPSec information model. Box : classes Line with arrow : inheritance Line with “o” : partially aggregation(inheritance) Line with “*” : sharing association.

14 Conclusion IPSec offers a richset of security protections.
Getting more complex, the proposed policy-based IPSec management simplifies large-scale IPSec policy deployment and management. The Role Combination provides a level of abstraction for the application of a set of policys to specific interfaces. Continuous research and standardization efforts are required to meet these challenges.

15 References [1] S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” IETF RFC 2401, Nov [2] A. Westerinen et al., “ Terminology for Policy-Based Management,” IETF RFC 3198, Nov [3] S. Kent and R. Atkinson, “IP Encapsulating Security Payload,” IETF RFC 2406, Nov [4] S. Kent and R. Atkinson, “IP Authentication Header,” IETF RFC 2402, Nov [5] D. Harkins and D. Carrel, “ The Internet Key Exchange (IKE),” IETF RFC 2409, Nov [6] 3GPP TS : “Third Generation Partnership Project; Technical Specification, Group Services and System Aspects; 3G Security; Network Domain Security; IP Network Layer Security.” [7] M. Fine et al., “Framework Policy Information Base,” IETF RFC3318, Mar [8] D. Durham et al., “The COPS (Common Open Policy Service) Protocol,” IETF RFC 2748, Jan [9] K. Chan et al., “COPS Usage for Policy Provisioning (COPS-PR),” IETF RFC 3084, Mar [10] J. Jason et al., “ IPSec Configuration Policy Information Model,” IETF draftietf- ipsp-config-policy-model-07.txt, work in progress, Mar

Download ppt "Policy-Based IPSec Management (Role combination)"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Security Data Transmission and Authentication

Security Data Transmission and Authentication
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew.

1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew.
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.

/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

Similar presentations

Ads by Google