Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Published byCecil Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010."— Presentation transcript:

1

2 An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010

3 Learning Objectives Understand why we need encryption. Identify and explain the three types of security assurance. Describe the purposes of the Internet Protocol Security (IPsec) and it’s related sub-protocols. Describe the difference between transport and tunnel IPsec modes.

4 Why do we need encryption? The Internet is inherently insecure. The entire global network is based upon millions of hosts, switches, firewalls, routers, and the transport media used to connect these nodes—all of which are owned, operated and used by a countless number of people/organizations.

5 Why do we need encryption? Without relying on a recognized authority in charge of developing security specifications and standards, there would be no way to secure the information of such a wide-spread, public network. Furthermore, IP packets, as originally designed in the TCP/IP protocols, have no built-in security mechanism.

6 Modern Security Standards Development Internet Engineering Task Force (IETF) develops TCP/IP and Internet protocol standards Composed of volunteer professionals sponsored by both corporations and governments Created in 1986 Focus is on building consensus for specifications, backward compatibility and running code * * http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force

7 Types of Security Assurances Integrity assurance – ensures information has not been altered during transport. Authentication assurance – ensures information is coming from the true source. Confidentiality assurance – ensures the information has not been read by others who were not intended to view the information.

8 Internet Protocol Security (IPsec) IPsec is security protocol developed by the IETF IPsec defines how packets are made secure from node to node It has been implemented on Windows, Apple, Linux, Unix and other platforms It is application-independent.

9 Internet Protocol Security (IPsec) Hybrid TCP/IP-OSI Architecture Application Layer (Layer 5) TCP/IP Transport (Layer 4) TCP/IP Internet (Layer 3) Data Link (Layer 2) Physical Layer (Layer 1) IPsec Standards

10 Internet Protocol Security (IPsec) IPsec is implemented using a number of sub-protocols with special responsibilities: Internet Key Exchange Security Association Authentication Header Encapsulating Security Payload

11 Internet Key Exchange (IKE) The Internet Key Exchange (IKE) service is called upon to handle the key exchange between two nodes and allows for the initial handshake. IKE supports three types of authentication methods: pre-shared keys, public key encryption, and digital signatures (to be discussed later)

12 Security Association (SA) Once an initial connection is created using IKE, the Security Policy Database on each node is used to determine the agreed upon rules for encrypting packets during the lifetime of the communication. These rules are collectively called Security Associations. * IPv6 Security by Scott CCIE No. 5133 Hogg; Eric Vyncke

13 Authentication Header (AH) Through the use of algorithms, AH provides authentication and integrity assurances: Did the packet come from the true source it claims to be from? Have the packet contents been modified? It may be used separately or in combination with ESP. AH guards against replay attack – an attacker takes a copy of a packet and later resends the packet to the intended destination node.

14 Encapsulating Security Payload (ESP) ESP is used to provide authentication, integrity and confidentiality assurances by encrypting the payload of the packet. It can be used separately or in conjunction with AH services.

15 Transport Mode Transport mode requires configuration and a digital certificate and is used between two hosts. Only the payload is encrypted/authenticated. Used for host to host communications. Expensive management on each host computer.

16 Tunnel Mode Tunnel mode implements IPsec between two IPsec- configured routers. The entire packet can be encrypted, authenticated and is encapsulated within a new packet and new IP header to make sure the original IP packet is unchanged. Tunnel mode is used to create Virtual Private Networks (VPN).

17 Illustration of Tunneling and VPN http://www.unixwiz.net/techtips/iguide-ipsec.html

18 Review Questions Why is IPsec needed? What are the three types of security assurances? How does an encrypted IP packet differ from one without encryption? What layer of the TCP/IP-OSI model does IPsec fall under? What are the major differences between transport and tunnel IPsec modes?

Download ppt "An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Similar presentations

Ads by Google