Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Published byDayna Carr Modified over 9 years ago

Similar presentations

Presentation on theme: "TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security."— Presentation transcript:

1 TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security

2 TCP/IP Protocol Suite 2OBJECTIVES:  To introduce the idea of Internet security at the network layer and the IPSec protocol that implements that idea in two modes: transport and tunnel.  To discuss two protocols in IPSec, AH and ESP, and explain the security services each provide.  To introduce security association and its implementation in IPSec.  To introduce virtual private networks (VPN) as an application of IPSec in the tunnel mode.  To introduce the idea of Internet security at the transport layer and the SSL protocol that implements that idea

3 TCP/IP Protocol Suite 3 OBJECTIVES (continued):  To show how SSL creates six cryptographic secrets to be used by the client and the server.  To discuss four protocols used in SSL and how they are related to each other.  To introduce Internet security at the application level and two protocols, PGP and S/MIME, that implement that idea.  To show how PGP and S/MIME can provide confidentiality and message authentication.  To discuss firewalls and their applications in protecting a site from intruders.

4 TCP/IP Protocol Suite 4 Chapter Outline 30.1 Network Layer Security 30.2 Transport Layer Security 30.3 Application Layer Security 30.4 Firewalls

5 TCP/IP Protocol Suite 5 30-1 NETWORK LAYER SECURITY We start this chapter with the discussion of security at the network layer. Although in the next two sections we discuss security at the transport and application layers, we also need security at the network layer. IP Security (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. IPSec helps create authenticated and confidential packets for the IP layer.

6 TCP/IP Protocol Suite 6 Topics Discussed in the Section Two Modes Two Security Protocols Services Provided by IPSec Security Association Internet Key Exchange (IKE) Virtual Private Network (VPN)

7 TCP/IP Protocol Suite 7 Figure 30.1 IPSec in transport mode

8 TCP/IP Protocol Suite 8 IPSec in transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note

9 TCP/IP Protocol Suite 9 Figure 30.2 Transport mode in Action

10 TCP/IP Protocol Suite 10 Figure 30.3 IPSec in tunnel mode

11 TCP/IP Protocol Suite 11 Figure 30.4 Tunnel-mode in action Tunnel

12 TCP/IP Protocol Suite 12 IPSec in tunnel mode protects the original IP header. Note

13 TCP/IP Protocol Suite 13 Figure 30.5 Transport mode versus tunnel mode

14 TCP/IP Protocol Suite 14 Figure 30.6 Authentication Header (AH) protocol

15 TCP/IP Protocol Suite 15 The AH protocol provides source authentication and data integrity, but not privacy. Note

16 TCP/IP Protocol Suite 16 Figure 30.7 Encapsulating Security Payload (ESP)

17 TCP/IP Protocol Suite 17 ESP provides source authentication, data integrity, and privacy. Note

18 TCP/IP Protocol Suite 18

19 TCP/IP Protocol Suite 19 Figure 30.8 Simple SA

20 TCP/IP Protocol Suite 20 Figure 30.9 SAD

21 TCP/IP Protocol Suite 21 Figure 30.10 SPD

22 TCP/IP Protocol Suite 22 Figure 30.11 Outbound processing

23 TCP/IP Protocol Suite 23 Figure 30.12 Inbound processing

24 TCP/IP Protocol Suite 24 IKE creates SAs for IPSec. Note

25 TCP/IP Protocol Suite 25 Figure 30.13 IKE components

26 TCP/IP Protocol Suite 26 Figure 30.14 Virtual private network

27 TCP/IP Protocol Suite 27 30-2 TRANSPORT LAYER SECURITY Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol. The latter is actually an IETF version of the former. We discuss SSL in this section; TLS is very similar. Figure 30.15 shows the position of SSL and TLS in the Internet model.

28 TCP/IP Protocol Suite 28 Topics Discussed in the Section SSL Architecture Four Protocols

29 TCP/IP Protocol Suite 29 Figure 30.15 Location of SSL and TSL in the Internet mode

30 TCP/IP Protocol Suite 30 Figure 30.16 Calculation of maser key from pre-master secret

31 TCP/IP Protocol Suite 31 Figure 30.17 Calculation of the key materials from master secret

32 TCP/IP Protocol Suite 32 Figure 30.18 Extraction of cryptographic secrets from key materials

33 TCP/IP Protocol Suite 33 Figure 30.19 Four SSL protocols

34 TCP/IP Protocol Suite 34 Figure 30.20 Handshake protocol

35 TCP/IP Protocol Suite 35 After Phase I, the client and server know the version of SSL, the cryptographic algorithms, the compression method, and the two random numbers for key generation. Note

36 TCP/IP Protocol Suite 36 After Phase II, the server is authenticated to the client, and the client knows the public key of the server if required. Note

37 TCP/IP Protocol Suite 37 After Phase III, The client is authenticated for the serve, and both the client and the server know the pre-master secret. Note

38 TCP/IP Protocol Suite 38 Figure 30.21 Processing done by the record protocol

39 TCP/IP Protocol Suite 39 30-3 APPLICATION LAYER SECURITY This section discusses two protocols providing security services for e-mails: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME).

40 TCP/IP Protocol Suite 40 Topics Discussed in the Section E-mail Security Pretty Good Privacy (PGP) Key Rings PGP Certificates S/MIME Applications of S/MIME

41 TCP/IP Protocol Suite 41 In e-mail security, the sender of the message needs to include the name or identifiers of the algorithms used in the message. Note

42 TCP/IP Protocol Suite 42 In e-mail security, the encryption/decryption is done using a symmetric-key algorithm, but the secret key to decrypt the message is encrypted with the public key of the receiver and is sent with the message. Note

43 TCP/IP Protocol Suite 43 Figure 30.22 A plaintext message

44 TCP/IP Protocol Suite 44 Figure 30.23 An authenticated message

45 TCP/IP Protocol Suite 45 Figure 30.24 A compressed message

46 TCP/IP Protocol Suite 46 Figure 30.25 A confidential message

47 TCP/IP Protocol Suite 47 Figure 30.26 Key rings in PGP

48 TCP/IP Protocol Suite 48 In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note

49 TCP/IP Protocol Suite 49 Figure 30.27 Trust model

50 TCP/IP Protocol Suite 50 Figure 30.28 Signed-data content type

51 TCP/IP Protocol Suite 51 Figure 30.29 Encrypted-data content type

52 TCP/IP Protocol Suite 52 Figure 30.30 Digest-data content type

53 TCP/IP Protocol Suite 53 Figure 30.31 Authenticated-data content type

54 TCP/IP Protocol Suite 54 The following shows an example of an enveloped-data in which a small message is encrypted using triple DES. Example Example 30.1

55 TCP/IP Protocol Suite 55 30-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Figure 30.32 shows a firewall.

56 TCP/IP Protocol Suite 56 Topics Discussed in the Section Packet-Filter Firewall Proxy Firewall

57 TCP/IP Protocol Suite 57 Figure 30.32 Firewall

58 TCP/IP Protocol Suite 58 Figure 30.33 Packet-filter firewall

59 TCP/IP Protocol Suite 59 In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note

60 TCP/IP Protocol Suite 60 Figure 30.34 Proxy firewall

61 TCP/IP Protocol Suite 61 A proxy firewall filters at the application layer. Note

Download ppt "TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google