Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

Published byBrandi Swan Modified over 9 years ago

Similar presentations

Presentation on theme: "Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi."— Presentation transcript:

1 Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi

2 Contents Introduction IPsec technology overview IPsec in mobile networks Market overview Software component manufacturing Vendor strategies Conclusion

3 Introduction Everyone has secrets Traditional IP network is like a town hall –Your secrets can be heard Possible to –Forge –Modify –Inspect traffic

4 IPsec technology overview 1/5 Set IETF protocols that provide –Data source authentication –Integrity –Confidentiality (encryption) –Protection against replay attacks at IP layer Traffic security protocols –Authentication Header –Encapsulated Security Payload (encryption)

5 IPsec technology overview 2/5 Modes of operation –Transport –Tunnel (encapsulation) Security Association provides information –How to protect –What to protect –With whom the protection is done Key management –Internet Key Exchange negotiates SAs

6 IPsec technology overview 3/5 IKE TCP/UDP IP IPsec Internet Layer Secure IP packets IKE TCP/UDP IP IPsec SA negotiations SA pair

7 IPsec technology overview 4/5 Use case scenarios –Host -- Host (transport) –Host -- Security Gateway (tunnel) –SGW-- SGW (tunnel) Virtual Private Network deployment –Remote access (Road Warrior) –Site-to-site SGW

8 IPsec technology overview 4/5 Use case scenarios –Host -- Host (transport) –Host -- Security Gateway (tunnel) –SGW-- SGW (tunnel) Virtual Private Network deployment –Remote access (Road Warrior) –Site-to-site SGW

9 IPsec technology overview 4/5 Use case scenarios –Host -- Host (transport) –Host -- Security Gateway (tunnel) –SGW-- SGW (tunnel) Virtual Private Network deployment –Remote access (Road Warrior) –Site-to-site SGW

10 IPsec technology overview 4/5 Use case scenarios –Host -- Host (transport) –Host -- Security Gateway (tunnel) –SGW-- SGW (tunnel) Virtual Private Network deployment –Remote access (Road Warrior) –Site-to-site SGW Road Warrior

11 IPsec technology overview 4/5 Use case scenarios –Host -- Host (transport) –Host -- Security Gateway (tunnel) –SGW-- SGW (tunnel) Virtual Private Network deployment –Remote access (Road Warrior) –Site-to-site SGW

12 IPsec technology overview 5/5 Original RFCs criticized for complexity –Two modes of operation, two traffic security protocols –Committee made compromises between Network systems design Cryptographic protocol design Addressed in current (2005) versions –Optional AH –Transport mode between SGWs –IKE version 2

13 IPsec in mobile networks 1/3 3rd Generation Partnership Project (3GPP) –Collaboration agreement Mobile phones to use IP for voice & data 3GPP Release 6 –IP layer security implemented with IPsec –Both IKE versions in use

14 IPsec in mobile networks 2/3 IP layer in Network Domain Security –IPsec and IKE –Traffic between network elements IP based services –IKEv2 authenticates MS and IMS –IPsec tunnel for insecure protocols (SIP)

15 IPsec in mobile networks 3/3 3GPP interwork with WLAN –IPsec and IKEv2 Generic Access Network (GAN/UMA) –WLAN access to 2G services –Seamless handoff from GSM/GPRS to unlicensed spectrum –IKEv2 authenticates subscriber –IPsec tunnel between MS and GANC-SEGW What does it take to compete?

16 Market overview 1/2 Multiple roles to take Software industry –Provides software components to... System integrators –For example network equipment vendors –Provide solutions to... End users –Other industries –Consumers int main() ……

17 Market overview 2/2 Market segments –Consumer Network cards, ADSL modems, WLAN routers –SME Security gateways, network devices –Government –Enterprise High bandwidth, failover support These affect the software requirements

18 Software component manufacturing Software is an information product –Expensive to produce first copy Sunk costs –Cheap to reproduce => OEM value proposition: Price < customer’s development costs Integration time < customer’s development time Variable pricing –Differences in willingness to pay Great deal of value in maintenance

19 Vendor strategies 1/3 Business customer classes –Price-oriented –Solution-oriented Total Cost of Ownership –Gold-standard Quality, features and professional service –Strategic-value Tight relationship Threat of vertical integration

20 Vendor strategies 2/3 Market not perfectly competitive –Cost structure Basic strategies –Cost leadership Economy of scale Product business –Differentiation Added value through unique resources Project business

21 Vendor strategies 3/3 Target segment Market segment Business model Vendor strategy PriceSolutionGoldStrategic Consumer SME Government Enterprise ProductProject Cost leadership Differentiation

22 Conclusion Best solution for IP layer security –Common standard –Complex IP convergence brings new opportunities –Mobile networks Software is information –Cost structure leads to variable pricing –Two basic vendor strategies

23 Questions? The floor is open

Download ppt "Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Similar presentations

Ads by Google