Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. "— Presentation transcript:

1 Internet Protocol Security An Overview of IPSec

2 Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security.  IPSec Security Services.  Modes of operation.  IPSec Security Protocols.  Outbound/Inbound IPSec Processing.  Real World Deployment Examples.

3 What Security Problem? Today's Internet is primarily comprised of :  Public  Un-trusted  Unreliable IP networks Because of this inherent lack of security, the Internet is subject to various types of threats…

4 Internet Threats  Data integrity The contents of a packet can be accidentally or deliberately modified.  Identity spoofing The origin of an IP packet can be forged.  Anti-reply attacks Unauthorized data can be retransmitted.  Loss of privacy The contents of a packet can be examined in transit.

5 Understanding TCP/IP OSI Reference Model Application Layer Transport Layer Network Layer Physical Layer Presentation Layer Session Layer Logical Link Layer TCP, UDP IP Network Adapter Device Driver Application HTTPSMTPFTPSNMPNFSFTPDNS

6 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Application Layer

7 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3 Application Layer Transport Layer (TCP, UDP)

8 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3Header 3 Transport Layer (TCP, UDP) Application Layer

9 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3Header 3 Data 2 Transport Layer (TCP, UDP) Network Layer (IP) Application Layer

10 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3Header 3 Data 2Header 2 Transport Layer (TCP, UDP) Network Layer (IP) Application Layer

11 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3Header 3 Data 2Header 2 Transport Layer (TCP, UDP) Network Layer (IP) Data 1 Application Layer Data Link Layer

12 Understanding TCP/IP Encapsulation of Data for Network Delivery Original Message Data 3Header 3 Data 2Header 2 Transport Layer (TCP, UDP) Network Layer (IP) Data 1Header 1 Application Layer Data Link Layer

13 Understanding TCP/IP Data 1Header 1 Packet Packet Sent by Host A Data Link Layer

14 Understanding TCP/IP Network Layer Data Link Layer Packet Received by intermediary Router

15 Understanding TCP/IP Data 1Header 1 Packet Packet Received by Host B Data Link Layer

16 Understanding TCP/IP Data 1Header 1 De-capsulation of Data from Network Delivery Data Link Layer

17 Understanding TCP/IP De-capsulation of Data from Network Delivery Data 1 Data Link Layer

18 Understanding TCP/IP De-capsulation of Data from Network Delivery Data 2Header 2 Network Layer (IP)

19 Understanding TCP/IP De-capsulation of Data from Network Delivery Data 2 Network Layer (IP)

20 Understanding TCP/IP De-capsulation of Data from Network Delivery Data 3Header 3 Transport Layer (TCP, UDP)

21 Understanding TCP/IP De-capsulation of Data from Network Delivery Data 3 Transport Layer (TCP, UDP)

22 Understanding TCP/IP De-capsulation of Data from Network Delivery Original Message Application Layer

23 Understanding TCP/IP De-capsulation of Data from Network Delivery Original Message Application Layer

24 Security at What Level? Application Layer Transport Layer Network Layer Data Link Layer PGP, Kerberos, SSH, etc. Transport Layer Security (TLS) IP Security Hardware encryption

25 Security at Application Layer (PGP, Kerberos, SSH, etc.)  Implemented in end-hosts  Advantages - Extend application without involving operating system. - Application can understand the data and can provide the appropriate security.  Disadvantages - Security mechanisms have to be designed independently of each application.

26 Security at Transport Layer Transport Layer Security (TLS)  Implemented in end-hosts  Advantages - Existing applications get security seamlessly  Disadvantages - Protocol specific

27 Security at Network Layer IP Security (IPSec)  Advantages - Provides seamless security to application and transport layers (ULPs). - Allows per flow or per connection security and thus allows for very fine-grained security control.  Disadvantages - More difficult to to exercise on a per user basis on a multi-user machine.

28 Security at Data Link Layer  (Hardware encryption)  Need a dedicated link between host/routers.  Advantages - Speed.  Disadvantages - Not scalable. - Need dedicated links.

29 IP Security (IPSec)  IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). Creates secure, authenticated, reliable communications over IP networks

30 IPSec Security Services  Connectionless integrity Assurance that received traffic has not been modified. Integrity includes anti-reply defenses.  Data origin authentication Assurance that traffic is sent by legitimate party or parties.  Confidentiality (encryption) Assurance that user’s traffic is not examined by non- authorized parties.  Access control Prevention of unauthorized use of a resource.

31 IPSec Modes of Operation  Transport Mode: protect the upper layer protocols IP Header TCP Header Data Original IP Datagram IP Header TCP Header IPSec Header Data Transport Mode protected packet  Tunnel Mode: protect the entire IP payload Tunnel Mode protected packet New IP Header TCP Header IPSec Header Data Original IP Header protected

32 Tunnel Mode  Host-to-Network, Network-to-Network Protected Data IPSec IP Layer SG Internet Transport Layer Application Layer IP Layer Host B Protected Data IPSec IP Layer SG Transport Layer Application Layer IP Layer Host A SG = Security Gateway

33 Transport Mode Transport Layer Application Layer  Host-to-Host Transport Layer Application Layer IP Layer Data Link Layer IPSec Host B IP Layer Data Link Layer IPSec Host A

34 IPSec Security Protocols  Authentication Header (AH)  Encapsulating Security Payload (ESP)

35 IPSec Security Protocols  Authentication Header (AH) provides: - Connectionless integrity - Data origin authentication - Protection against replay attacks  Encapsulating Security Payload (ESP) provides: - Confidentiality (encryption) - Connectionless integrity - Data origin authentication - Protection against reply attacks  Both protocols may be used alone or applied in combination with each other.

36 Outbound/Inbound IPSec Processing  The inbound and the outbound IPSec processing are completely independent. Packet

37 SPD IPSec policies SAD SPD = Security Policy Database SAD = Security Association Database SA = Security Association Packet Outbound IPSec Processing selector 1.Drop the packet. 2.Bypass IPSec. 3.Apply IPSec. SA out

38 SPD IPSec policies Packet Inbound IPSec Processing Case 1: If IPSec headers exists 1.Headers are processed. 2.SPD is consulted to determine if the packet can be admitted based on the Sa in. SPD = Security Policy Database SAD = Security Association Database SA = Security Association

39 SPD IPSec policies Packet Inbound IPSec Processing Case 2: If IPSec headers are absent 1.SPD is consulted to determine the type of service to afford this packet. 2.If certain traffic is required to be IPSec protected and its not it must be dropped. SPD = Security Policy Database SAD = Security Association Database SA = Security Association

40 Real World Deployment Examples  VPNs  Wireless Internet SG Internet Encrypted / Authenticated

41 Conclusion  The Internet was not created with security in mind.  Communications can be altered, examined and exploited.  There is a growing need to protect private information crossing the public networks that make up the Internet infrastructure.  IPSec is a set of protocols and methodologies to create secure IP connections.

42 Questions?

Download ppt "Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. "

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security

Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google