Presentation on theme: "1. 2 3 4 5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is?"— Presentation transcript:
5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is? Manage many accounts take logs → burden
66 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? An ordinary person Maybe, you Use my network FREE! Can I trust him? He can eavesdrop my packets… The administrator can attack to you! Put the blame on the administrator !? No, you are the attacker!
11 User Administrator Authentication Provider Top Level RADIUS proxy.jp.au… RADIUS Tree Authentication Cooperation
13 User Network Administrator the Internet Other Network User Authentication Connection via VPN Server VPN tunneling Authentication Connection via VPN Server VPN tunneling VPN ServerFile Server
14 AuthenticationTaking logsNonrepudiation FONFON teamnot needNG eduroamRADIUS serverneedNG MIAKOVPN servernot needOK ProposalDNS serverneedOK RoutingComplaint to FONend-to-endthe administrator eduroamend-to-endthe administrator MIAKOvia VPN serverthe VPN address Proposalend-to-endthe HIT or HI
16 Public key Private key Host Identity Tag Host Identity Local Scope Identity Oneway hash 128bits32bits Last digits Overlay Routable Cryptographic Hash Identifiers (ORCHIDs) a special class of IPv6 used at local network 512, 1024, or 2048bits RSA by default
Initiator Responder IPsec data traffic I1 R1 I2 R2 HIP Diffie-Hellman key exchange Encrypted Base Exchange 17
User Correspondent DNS Server the Internet Other Network Service Provider Manage an access point Contract the Internet service Take logs Authentication Provider register users to DNS operate DNSSEC server Tunneling Network Administrator
21 Alice Bob IPsec data traffic I1 R1 I2 R2 The administrator should record relationship of BE packets. Otherwise, the administrator cannot understand which BE is certainly completed. In our network, the administrator allows data packets that has completed Base Exchange.
24 User Correspondent Network Administrator DNS Server the Internet Other Network Once access to DNS… Connection is End-to-End and data is encrypted Check… Malicious Attack… Incorrect! Who!? the attacker!! Cannot eavesdrop packets’ data Feel safe