Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

Published bySybil Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication."— Presentation transcript:

1 By Mau, Morgan Arora, Pankaj Desai, Kiran

2  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication Header in IPv6  ESP in IPv6  Security Issues in IPv6

3 A (Poor) Representation of Relative IPv4 and IPv6 Address Space Sizes[1]

4  With IPv4 a typical Class C network has 8 bits for host addressing. ◦ If we scan at the rate of 1 host/sec ◦ 2exp8 hosts X 1sec/host X1 minute/60secs = 4.2 mins ◦ Takes us ~4 minutes to completely scan the C network  With IPv6 the subnets use 64 bits for host addressing. ◦ If we scan at the rate of 1 host/sec ◦ 2exp64 hosts X 1sec/host X 1yr/31536000secs = 584 billion yrs ◦ Takes us ~584billion yrs to completely scan the network

5  Advantages ◦ Port scanning attacks become an arduous task ◦ Well organized IP address assignment, helps track down issues  Disadvantages ◦ Increased overhead, since every datagram header or other place where IP addresses are referenced must use 16bytes for each address instead of 4bytes

6  IPsec is a set of cryptographic protocols that secure data communication and provide for secure exchange of keys during initial negotiation  Although IPsec has been there for quite some time now, it was optional in IPv4.  IPv6 mandates the use of IPsec

7 IPsec overview [1]

8  Integrated architecture ◦ Integrated in IP layer itself ◦ Example: IPv6 ◦ Most elegant but would not be possible with IPv4 as the IP implementation in each device needs to be changed

9 BITS architecture or Bump In The Stack BITS architecture [1]

10 BITW architecture or Bump In The Wire BITW architecture [1]

11 As its name suggests, in transport mode, the protocol protects the message passed down to IP from the transport layer.

12 In this mode, IPSec is used to protect a complete encapsulated IP datagram after the IP header has already been applied to it.

13  Thus to generalize, the order of headers are as below o Transport Mode: IP header, IPSec headers (AH and/or ESP), IP payload (including transport header). o Tunnel Mode: New IP header, IPSec headers (AH and/or ESP), old IP header, IP payload.  For IPv6, there are 2 variables and 4 combinations. Thus 2 protocols(AH& ESP) and 2 modes(Transport and Tunnel) could be combined in different ways.

14  AH is one among the two core security protocols in IPsec  AH is intended to guarantee connectionless integrity and data origin authentication IPsec AH packet [2]

15  The calculation of the authentication header is similar for both IPv4 and IPv6.  Difference is in placing the header into the datagram and for linking the headers together  The AH is inserted into the IP datagram as an extension header following normal rules of IPv6 extension header linking.  Each header field is linked to by the previous field by the Next header link.  Thus the headers could be chained one after the other.  The numbers indicated are a standard specified by IETF for each protocol.

16 Authentication Header Placement and Linking

17  AH is not enough if we do not want the intermediate devices to change our datagrams.  ESP provides the privacy we seek by encrypting them.  ESP also supports its own authentication scheme. ESP headers without and with authentication [2]

18  Unlike AH, which provides a small header before the payload, ESP surrounds the payload it's protecting  The next hdr field gives the type (IP, TCP, UDP, etc.) of the payload in the usual way, though it can be thought of as pointing "backwards" into the packet rather than forward as we've seen in AH  Header Calculation and Placement ◦ The ESP header placement works similar to AH. ◦ It is inserted into the IP datagram as an extension header.  Trailer Calculation and Placement ◦ The ESP Trailer is appended to the data to be encrypted. ◦ The Next Header field in ESP appears in the trailer and not the header.  ESP Authentication Field Calculation and Placement ◦ The authentication field is computed over the entire ESP datagram.

19 ESP in Transport and Tunnel Mode [1]

20  IPv6-IPv4 stack issues ◦ Dual stacks during migration always bring in security vulnerabilities  Extension Header issues ◦ Large size of extension headers will overwhelm certain nodes.  Multicast flooding ◦ New features like multicast address would increase the smurf attacks

21

22 [1]“TCPIP Guide”, http://www.tcpipguide.com, Web resource retrieved on Oct 13 th 2008http://www.tcpipguide.com [2]“An illustrated guide to IPsec”, http://unixwiz.net/techtips/iguide- ipsec.html, Web resource retrieved on Oct 13 th 2008 http://unixwiz.net/techtips/iguide- ipsec.html

Download ppt "By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication."

Similar presentations

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
IPSec.

IPSec.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IPv6 Network Security.

IPv6 Network Security.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - (http://www.TCPIPGuide.com) Version 3.0 - Version.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.

Similar presentations

Ads by Google