Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Published byAron Nickolas Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP."— Presentation transcript:

1 1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

2 2 Network Architecture and Design IP Security (IPsec) Advantages Provides seamless security to application and transport layers (ULPs) Allows per flow or per connection security and thus allows for very fine-grained security control Disadvantages More difficult to exercise on a per user basis on a multi-user machine

3 3 Network Architecture and Design IPsec Services Connectionless integrity Assurance that received traffic has not been modified Integrity includes anti-reply defenses Data origin authentication Assurance that traffic is sent by legitimate party or parties Confidentiality (encryption) Assurance that user’s traffic is not examined by non- authorized parties Access control Prevention of unauthorized use of a resource

4 4 Network Architecture and Design IPsec Protocols IPsec = AH + ESP + IPcomp + IKE Authentication Header (AH) Provides authenticity guarantee for packets, by attaching strong crypto checksum to packets Ensures: The packet was originated by the expected peer The packet was not generated by impersonator The packet was not modified in transit

5 5 Network Architecture and Design IPsec Protocols Encapsulating Security Payload (ESP) Provides confidentiality guarantee for packets, by encrypting packets with encryption algorithms Ensures The packet was not wiretapped in the middle

6 6 Network Architecture and Design IPsec Protocols IP payload compression (IPcomp) Provides a way to compress packets before encryption by ESP Internet Key Exchange (IKE) AH and ESP needs shared secret key between peers IKE provides ways to negotiate keys in secrecy

7 7 Network Architecture and Design RFC 2401-2412

8 8 Network Architecture and Design IPsec Modes

9 9 Network Architecture and Design IPsec Example (Transport) Bulk data in clear text, but sensitive information encrypted Privacy, Transparency, Flexibility and High Performance encrypted clear text encrypted clear text clear text bulk data encrypted sensitive information clear text IP IPSec ESP header ESP LAN Internet payload IP ESP IPSec host IPSec ESP header clear text IPIP LAN IPSec host router payload payloadpayload

10 10 Network Architecture and Design IPsec Example (Tunnel) payload A single IPSec gateway secures multiple site networks Simplicity, High Performance, Flexibility and Compatibility encrypted clear text IPSec ESP header LAN Internet LAN IPSec gateway IPSec gateway IP ESP IP new IP header IPSec “tunnel” clear text IPIP payloadpayload

11 11 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

12 12 Network Architecture and Design Mobile IP – The Problem A mobile host must be assigned a new address when it moves outside of the home network Host address must be preserved regardless of a hosts location Mobile node Foreign Network Home Network

13 13 Network Architecture and Design Mobile IP – Basic Entities Mobile Node (or Mobile Host) Home Agent (HA) The agent of the network where the mobile node belongs (Home Network) Foreign Agent (FA) The agent of the foreign network where the mobile node may be found Home Address (HA) The mobile node’s permanent address Care-of Address (CA) The mobile node’s temporary address assigned in the foreign network

14 14 Network Architecture and Design Mobile IP – Basic Entities A mobile node keeps its home address inside the home network, but in a foreign network it borrows a care-of address Agents: Take care of all issues related to the mapping of the care-of address to the home address Agents are: Routers Advanced servers

15 15 Network Architecture and Design Mobile IP Mechanism Advertising care-of address Registration Tunneling

16 16 Network Architecture and Design Mobile IP Advertising Care-of Address Home and foreign agents periodically broadcast agent advertisements (ICMP messages) to mobile nodes Messages contain: mobility agent address care-of addresses If (Network Prefix IP Source Address advertisement = Network Prefix Home Address) then mobile node is in the home network Else Move detection Registration required

17 17 Network Architecture and Design Mobile IP Advertising Care-of Address Agent Addr: 132.5.3.2 Care-of Addr: 132.5.3.8 Home AgentForeign Agent Agent Addr: 169.17.8.29 Care-of Addr: 169.17.8.11 Internet 132.5.3.69 132.5.3.74 This node requires registration This node is in the home network

18 18 Network Architecture and Design Mobile IP - Registration Internet Host requests service Foreign Ag. relays request to Home Ag. For. Ag. relays status to HostHome Ag. accepts or denies After registration: Both, host and agents know the host’s new location Home agent knows the host’s state-of address

19 19 Network Architecture and Design Mobile IP - Tunneling How packets from sources are delivered to host? Home agent (router) intercepts packets destined to host Home agent tunnels (encapsulates) packets to sate-of address Foreign agent decapsulates packets and delivers them to mobile host

20 20 Network Architecture and Design Mobile IP - Tunneling Internet Dest. Addr. 148.6.8.2 Data Dest. Addr. 134.2.5.7 Dest. Addr. 148.6.8.2 DataDest. Addr. 148.6.8.2 Data Source Home AgentForeign AgentMobile Host Header Inner HeaderOuter Header Payload Mobile Host Home Address: 148.6.8.2 Mobile Host State-of Address: 134.2.5.7 Packets to Host

21 21 Network Architecture and Design Mobile IP: NAT issues The problem: IP in IP tunnels cannot traverse NAT. The Care-of address is a private address. This address is not reachable from outside the private network. Two Mobile Nodes in different private networks may happen to have the same private address as Care-of address. The solution: draft-ietf-mobileip-nat-traversal-05.txt Use IP in UDP tunnels. Use the source IP address and source port of Registration Request messages to locate the Mobile Node. Add an option to registration messages to inform of UDP tunneling capability.

22 22 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

23 23 Network Architecture and Design IP Telephony Since today PSTN and Internet were two different networks Need of integration Solution: Voice over IP (VoIP) New devices IP Telephones Gatekeepers

24 24 Network Architecture and Design IP Telephony PSTN IP Network Phone Gatekeeper Switch IP Phone PC

25 25 Network Architecture and Design IP Telephony Vs Pure Telephony Pure Telephony: End to End QoS No delay Isolated from new IP services IP telephony Variable QoS Delay Integrated with other services Problems will be solved in the future

26 26 Network Architecture and Design IP Telephony Features Data Transport : RTP Signalling: IETF SIP protocol suit ITU-T H.323 protocol suit Quality of Service: RSVP

27 27 Network Architecture and Design IP Telephony Protocol Stack

28 28 Network Architecture and Design First Intermediate Report NAT and Mobile IP I. Stergiou IPv6 and IPsec A. Sgora Deadline: 15/01/03

29 29 Network Architecture and Design First Intermediate Report Structure Overview of examined technology Focus on open research points Related to open points works - State of the art behind open points Your own interests - Ideas Conclusions References

30 30 Network Architecture and Design First Intermediate Report Report (soft and hard copy) A related presentation (about twenty minutes).

31 31 Network Architecture and Design End of Second Lecture

Download ppt "1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Similar presentations

Ads by Google