Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.

Published byJeffrey Christopher McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia."— Presentation transcript:

1 Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia

2 Lecture 9: Kerberos and IPSEC

3 March 5, 2002Practical Aspects of Modern Cryptography3 Kerberos & IPSEC We’ve already seen SSL/TLS and how it’s used to secure two-party communications over the web Today we look at two additional protocol suites in widespread use today to secure client-server and peer-to-peer transactions Kerberos IPSEC

4 March 5, 2002Practical Aspects of Modern Cryptography4 Kerberos Designed for single “administration domain” of machines & users: users, client machines, server machines, and the Key Distribution Center (KDC) No public key crypto Provides authentication & encryption services “Kerberized” servers provide authorization on top of the authenticated identities

5 March 5, 2002Practical Aspects of Modern Cryptography5 Kerberos History Designed as part of MIT’s Project Athena in the 1980’s Kerberos v4 published in 1987 Migration to the IETF RFC 1510 (Kerberos v5, 1993) Used in a number of products Example: part of Windows 2000 Passport is essentially Kerberos done w/ client- side cookies over HTTP

6 March 5, 2002Practical Aspects of Modern Cryptography6 The Kerberos Model Clients Servers The Key Distribution Center (KDC) Centralized trust model KDC is trusted by all clients & servers KDC shares a secret, symmetric key with each client and server A “realm” is single trust domain consisting of one or more clients, servers, KDCs

7 March 5, 2002Practical Aspects of Modern Cryptography7 Joining a Kerberos Realm One-time setup Each client, server that wishes to participate in the realm exchanges a secret key with the KDC If the KDC is compromised, the entire system is cracked Because the KDC knows everyone’s individual secret key, the KDC can issue credentials to each realm identity

8 March 5, 2002Practical Aspects of Modern Cryptography8 Kerberos Credentials Two types of credentials in Kerberos Tickets Authenticators Tickets are credentials issued to a client for communication with a specific server Authenticators are additional credentials that prove a client knows a key at a point in time Basic idea: encrypt a nonce

9 March 5, 2002Practical Aspects of Modern Cryptography9 Key Distribution Center (KDC) Client Picture of a Kerberos Realm Server Ticket Granting Server (TGS)

10 March 5, 2002Practical Aspects of Modern Cryptography10 The Basic Kerberos Protocol Assume client C wishes to authenticate to and communicate with server S Phase 1: C gets a Ticket-Granting Ticket (TGT) Phase 2: C gets a Ticket for S Phase 3: C communicates with S

11 March 5, 2002Practical Aspects of Modern Cryptography11 Protocol Definitions Following Schneier (Section 24.5): C = client, S = server TGS = ticket-granting service K x = x’s secret key K x,y = session key for x and y {m}K x = m encrypted in x’s secret key T x,y = x’s ticket to use y A x,y = authenticator from x to y N x = a nonce generated by x

12 March 5, 2002Practical Aspects of Modern Cryptography12 The Basic Kerberos Protocol (1) Phase 1: C gets a Ticket-Granting Ticket 1. C sends a request to the KDC for a “ticket- granting ticket” (TGT) A TGT is a ticket used to talk to the special ticket-granting service A TGT is relatively long-lived (~8-24 hours typically) C  KDC: C, TGS, N C Sent in the clear!

13 March 5, 2002Practical Aspects of Modern Cryptography13 The Basic Kerberos Protocol (2) Phase 1: C gets a Ticket-Granting Ticket 2. KDC responds with two items The ticket-granting ticket A ticket for C to talk to TGS A copy of the session key to use to talk to TGS, encrypted in C’s shared key KDC  C: {T C,TGS }K TGS, {K C,TGS }K C where T c,s = s, {c, c-addr, lifetime, K c,s }K s Only the TGS can decrypt the ticket C can unlock the second part to retrieve K C,TGS

14 March 5, 2002Practical Aspects of Modern Cryptography14 Key Distribution Center (KDC) Client Picture of a Kerberos Realm C  KDC: C, TGS, NC KDC  C: {T C,TGS }K TGS, {K C,TGS }K C where T c,s = s, {c, c-addr, lifetime, K c,s }K s

15 March 5, 2002Practical Aspects of Modern Cryptography15 The Basic Kerberos Protocol (3) Phase 2: C gets a Ticket for S 3. C requests a ticket to communicate with S from the ticket-granting service (TGS) C sends TGT to S along with an authenticator requesting a ticket from C to S C  TGS: {A C,S }K C,TGS, {T C,TGS }K TGS where A c,s = {c, timestamp, opt. subkey}K c,s First part proves to TGS that C knows the session key Second part is the TGT C got from the KDC

16 March 5, 2002Practical Aspects of Modern Cryptography16 The Basic Kerberos Protocol (4) Phase 2: C gets a Ticket for S 4. TGS returns a ticket for C to talk to S (Just like step 2 above...) TGS  C: {T C,S }K S, {K C,S }K C,TGS Only S can decrypt the ticket C can unlock the second part to retrieve K C,S

17 March 5, 2002Practical Aspects of Modern Cryptography17 Client Picture of a Kerberos Realm Ticket Granting Server (TGS) C  TGS: {A C,S }K C,TGS, {T C,TGS }K TGS where A c,s = {c, timestamp, opt. subkey}K c,s TGS  C: {T C,S }K S, {K C,S }K C,TGS

18 March 5, 2002Practical Aspects of Modern Cryptography18 The Basic Kerberos Protocol (5) Phase 3: C communicates with S 5. C sends the ticket to S along with an authenticator to establish a shared secret C  S: {A C,S }K C,S, {T C,S }K S where A c,s = {c, timestamp, opt. subkey}K c,s S decrypts the ticket T C,S to get the shared secret K C,S needed to communicate securely with C

19 March 5, 2002Practical Aspects of Modern Cryptography19 The Basic Kerberos Protocol (6) Phase 3: C communicates with S 6. S decrypts the ticket to obtain the K C,S and replies to C with proof of possession of the shared secret (optional step) S  C: {timestamp, opt. subkey}K c,s Notice that S had to decrypt the authenticator, extract the timestamp & opt. subkey, and re-encrypt those two components with K c,s

20 March 5, 2002Practical Aspects of Modern Cryptography20 Client Picture of a Kerberos Realm Server C  S: {A C,S }K C,S, {T C,S }K S where A c,s = {c, timestamp, opt. subkey}K c,s S  C: {timestamp, opt. subkey}K c,s

21 March 5, 2002Practical Aspects of Modern Cryptography21 Key Distribution Center (KDC) Client Picture of a Kerberos Realm Server Ticket Granting Server (TGS) TGT RequestTGT Ticket Request Ticket Ticket + service request “Do some stuff”

22 March 5, 2002Practical Aspects of Modern Cryptography22 Thoughts on Kerberos... There’s no public key crypto anywhere in the base Kerberos spec, but you can modify the base protocols to use PK... Example: the initial “login” to the KDC could be done with public key for added security (e.g. PKINIT protocol) More on this from final project presentations...

23 March 5, 2002Practical Aspects of Modern Cryptography23 Verification and NT user account lookup Logon request using Public Key Kerberos Ticket Granting Ticket (TGT) Key Distribution Center (KDC) Active Directory Reader Client SC Cert PKINIT in Windows 2000

24 March 5, 2002Practical Aspects of Modern Cryptography24 Thoughts on Kerberos...(2) Only the KDC needs to know the user’s password (used to generate the shared secret) You can have multiple KDCs for redundancy, but they all need to have a copy of the username/password database Only the TGS needs to know the secret keys for the servers You can split KDC from TGS, but it is common for those two services to reside on the same physical machine

25 March 5, 2002Practical Aspects of Modern Cryptography25 Thoughts on Kerberos...(3) Cross-realm trust is possible Just need to share a secret key between the KDCs for the two realms... Once accomplished, a user in realm A can get a ticket for a service in realm B

26 March 5, 2002Practical Aspects of Modern Cryptography26 Thoughts on Kerberos...(4) “Time” is very important in Kerberos All participants in the realm need accurate clocks Timestamps are used in authenticators to detect replay; if a host can be fooled about the current time, old authenticators could be replayed Tickets tend to have lifetimes on the order of hours, and replays are possible during the lifetime of the ticket

27 March 5, 2002Practical Aspects of Modern Cryptography27 Thoughts on Kerberos...(5) Password-guessing attacks are possible Capture enough encrypted tickets and you can brute-force decrypt them to discover shared keys (Another reason to use public key...)

28 March 5, 2002Practical Aspects of Modern Cryptography28 Thoughts on Kerberos...(6) It’s possible to screw up the implementation In fact, Kerberos v4 has had a colossal security breach due to bad implementations

29 March 5, 2002Practical Aspects of Modern Cryptography29 RNGs in Kerberos v4 Session keys were generated from a PRNG seeded with the XOR of the following: Time-of-day in seconds since 1/1/1970 Process ID of the Kerberos server process Cumulative count of session keys generated Fractional part of time-of-day seconds Hostid of the machine running the server

30 March 5, 2002Practical Aspects of Modern Cryptography30 RNGs in Kerberos v4 (continued) The seed is a 32-bit value, so while the session key is used for DES (64 bits long, normally 56 bits of entropy), it has only 32 bits of entropy What’s worse, the five values have predictable portions Time is completely predictable ProcessID is mostly predictable Even hostID has 12 predictable bits (of 32 total)

31 March 5, 2002Practical Aspects of Modern Cryptography31 RNGs in Kerberos v4 (continued) Of the 32 seed bits, only 20 bits really change with any frequency, so Kerberos v4 keys (in the MIT implementation) only have 20 bits of randomness They could be brute-force discovered in seconds The hole was in the MIT Kerberos sources for seven years!

32 March 5, 2002Practical Aspects of Modern Cryptography32 Ideal Protection: End-to-End server wrksta server Web security (SSL, https) does this over TCP IPSEC does this for any IP packet, at network layer Apps aware of/control SSL, don’t have to be for IPSec

33 March 5, 2002Practical Aspects of Modern Cryptography33 IPSEC IPSEC = IP (Internet Protocol) Security Suite of protocols that provide encryption, integrity and authentication services for IP packets Mandatory-to-implement for IPv6, optional (but available) for IPv4 Consists of two main components: IPSEC proper (encryption & auth of IP packets) IPSEC key management

34 March 5, 2002Practical Aspects of Modern Cryptography34 IPSEC Architecture Key management establishes a Security Association (SA) for a session SA used to provide authentication/confidentiality services for that session SA is referenced via a security parameter index (SPI) in each IP datagram header

35 March 5, 2002Practical Aspects of Modern Cryptography35 IPSEC Architecture DataSPI IP Hdr Security information maintained by host

36 March 5, 2002Practical Aspects of Modern Cryptography36 IPSEC Operation Provides two modes of protection Tunnel Mode Transport Mode Protection protocols Authentication and Integrity (AH) Confidentiality (ESP) Replay Protection

37 March 5, 2002Practical Aspects of Modern Cryptography37 Tunnel Mode Encapsulates the entire IP packet within IPSC protection Tunnels can be created between several different node types Gateway to gateway Host to gateway Host to host

38 March 5, 2002Practical Aspects of Modern Cryptography38 Three Types of Tunnels Host to Host Host to Gateway Gateway to Gateway

39 March 5, 2002Practical Aspects of Modern Cryptography39 Tunnel Security vs End-to-End Security POP Internet Tunnel Server Client (Dial-up) Target Network Tunnel Security End-to-End Security

40 March 5, 2002Practical Aspects of Modern Cryptography40 Transport Mode Encapsulates only the transport layer information within IPSEC protection Can only be created between host nodes

41 March 5, 2002Practical Aspects of Modern Cryptography41 Authentication and Integrity Verification of the origin of data Assurance that data sent is the data received Assurance that the network headers have not changed since the data was sent

42 March 5, 2002Practical Aspects of Modern Cryptography42 Confidentiality Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel

43 March 5, 2002Practical Aspects of Modern Cryptography43 Replay Prevention Causes retransmitted packets to be dropped.

44 March 5, 2002Practical Aspects of Modern Cryptography44 IPSEC Protection Protocols Authentication Header (AH) Authenticates payload data Authenticates network header Gives anti-replay protection Encapsulated Security Payload (ESP) Encrypts payload data Authenticates payload data Gives anti-replay protection

45 March 5, 2002Practical Aspects of Modern Cryptography45 Authentication Header (AH) Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out If both ESP and AH are applied to a packet, AH follows ESP

46 March 5, 2002Practical Aspects of Modern Cryptography46 IPSEC Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len RsrvSecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert

47 March 5, 2002Practical Aspects of Modern Cryptography47 IPSEC AH in Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address

48 March 5, 2002Practical Aspects of Modern Cryptography48 Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication is applied to data in the IPSEC header as well as the data contained as payload

49 March 5, 2002Practical Aspects of Modern Cryptography49 IPSEC ESP in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Insert Append

50 March 5, 2002Practical Aspects of Modern Cryptography50 IPSEC ESP in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PaddingPadLengthNextHdr Seq# Keyed Hash 22-36 bytes total InitVector ESP is IP protocol 50 Insert Append

51 March 5, 2002Practical Aspects of Modern Cryptography51 IPSEC ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address ESP Trailer

52 March 5, 2002Practical Aspects of Modern Cryptography52 IPSEC Key Management IPSEC Key Management is all about establishing and maintaining Security Associations (SAs) between pairs of communicating hosts

53 March 5, 2002Practical Aspects of Modern Cryptography53 Security Associations (SA) New concept for IP communication SA not a “connection”, but very similar Establishes trust between computers If securing with IPSEC, need SA ISAKMP protocol negotiates security parameters according to policy Manages cryptographic keys and lifetime Enforces trust by mutual authentication

54 March 5, 2002Practical Aspects of Modern Cryptography54 Internet Key Exchange (IKE) Phase I Establish a secure channel(ISAKMP SA) Authenticate computer identity Phase II Establishes a secure channel between computers intended for the transmission of data (IPSEC SA)

55 March 5, 2002Practical Aspects of Modern Cryptography55 ISAKMP/OAKLEY Merge of two key management protocols ISAKMP: Internet Security Association and Key Management Protocol NSA-designed protocol to exchange security parameters (but not establish keys) OAKLEY Diffie-Hellman based key management protocol

56 March 5, 2002Practical Aspects of Modern Cryptography56 ISAKMP/OAKLEY (2) What’s used today is a combination ISAKMP provides the protocol framework OAKLEY provides the security mechanisms

57 March 5, 2002Practical Aspects of Modern Cryptography57 Main Mode Main mode negotiates an ISAKMP SA which will be used to create IPSEC SA Three steps SA negotiation Diffie-Hellman and nonce exchange Authentication

58 March 5, 2002Practical Aspects of Modern Cryptography58 Main Mode (Pre-shared Key) Initiator Responder Header, D-H Key Exchange, Nonce i Header, Id i, Hash i Header, D-H Key Exchange, Nonce r Header, Id r, Hash r Encrypted Header, SA Proposals Header, Selected SA Proposal

59 March 5, 2002Practical Aspects of Modern Cryptography59 Main Mode (Kerberos) Initiator Responder Header, SA Proposals Header, Selected SA Proposal Header, D-H Key Exchange, Nonce i, Kerberos Token i Header, D-H Key Exchange, Nonce r, Kerberos Token r Header, Id i, Hash i Header, Id r, Hash r Encrypted

60 March 5, 2002Practical Aspects of Modern Cryptography60 Main Mode (Certificate) Initiator Responder Header, D-H Key Exchange, Nonce i Header, Id i, Certificate i, Signature i, Certificate Request Header, D-H Key Exchange, Nonce r,Certificate Request Header, Id r, Certificate r, Signature r Encrypted Header, SA Proposals Header, Selected SA Proposal

61 March 5, 2002Practical Aspects of Modern Cryptography61 Quick Mode All traffic is encrypted using the ISAKMP Security Association Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)

62 March 5, 2002Practical Aspects of Modern Cryptography62 Quick Mode Negotiation Header, Hash Header, Connected Notification Encrypted Initiator Responder Header, IPSec Selected SA Header, IPSec Proposed SA

63 March 5, 2002Practical Aspects of Modern Cryptography63 How It All Fits Together Tunnel Transport

64 March 5, 2002Practical Aspects of Modern Cryptography64 IPSEC Bundling/Wrapping Multiple IPSEC transforms may be wrapped successively around a single IP datagram Example: IPSEC transport sent over an IPSEC tunnel

65 March 5, 2002Practical Aspects of Modern Cryptography65 Sending in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

66 March 5, 2002Practical Aspects of Modern Cryptography66 Sending in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

67 March 5, 2002Practical Aspects of Modern Cryptography67 Receiving in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

68 March 5, 2002Practical Aspects of Modern Cryptography68 Receiving in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

69 March 5, 2002Practical Aspects of Modern Cryptography69 What is Network Address Translation (NAT) ? Network Address Translation (NAT) Dynamically modifies source address Dynamically recomputes interior UDP/TCP checksums Port Address Translation (PAT) Dynamically modifies TCP/UDP source address and port Dynamically recomputes interior UDP/TCP checksums

70 March 5, 2002Practical Aspects of Modern Cryptography70 NATs Rewrite Address/Port Pairs TCPIP.SYS Kernel User 10.0.0.2, 1185, 23 =172.31.249.14 10.0.0.2 131.107.1.7D S IPNAT.SYS 10.0.0.2 131.107.1.7D S 10.0.0.2 131.107.1.7D S 172.31.249.14 131.107.1.7D S 172.31.249.14 131.107.1.7D S 10.0.0.3, 1185, 23 =172.31.249.14 Translation Table Kernel mode firewall hook

71 March 5, 2002Practical Aspects of Modern Cryptography71 IPSEC AH and NAT Change in address or port will cause message integrity check to fail Packet will be rejected by destination IPSEC AH cannot be used with NAT or PAT devices Data TCP Hdr AH Hdr Orig IP Hdr Message Integrity Check coverage (except for mutable fields)

72 March 5, 2002Practical Aspects of Modern Cryptography72 IPSEC ESP and NAT Can change IP header in special cases only Special TCP/UDP ignores pseudo header used in checksum calculation Port information encrypted! Can’t change ESP header because integrity hash coverage Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth encrypted integrity hash coverage

Download ppt "Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Layer Security: IPSec

Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

Similar presentations

Ads by Google