Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Published byAnne Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition."— Presentation transcript:

1 1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition

2 2 IP Level Security - IPSec IP Security (IPSec) is a collection of protocols designed by the IETF to provide security for a packet at the IP level. Provides a framework and a mechanism. Leaves the selection of the encryption, authentication, and hashing methods to the user.

3 3 IPSec – Security Association IPSec requires a logical connection between two hosts using a signaling protocol, called Security Association (SA). Needs the connectionless IP protocol changed to a connection-oriented protocol. An SA connection is a simplex (unidirectional) connection between a source and destination. Two SA connections are required for a duplex connection.

4 4 IPSec – Security Association An SA connection is defined by:  A 32-bit security parameter index (SPI), which acts as a virtual circuit identifier in connection- oriented protocols such as Frame Relay or ATM.  Alternative security protocols: AH and ESP.  Source IP address.

5 5 IPSec – Two modes Transport mode and tunnel mode: defines where the IPSec header is added to the IP packet. Transport mode

6 6 IPSec – Two modes Tunnel mode

7 7 IPSec – Two modes Example  VPN technology uses IPSec in the tunnel mode.

8 8 Two security protocols Authentication Header (AH) protocol: Designed to authenticate the source host and to ensure the integrity of the payload. Calculates a message digest, using a hashing function and a symmetric key, and inserts the digest in the authentication header. AH is put in the appropriate location based on the mode. Provide source authentication and data integrity, but not privacy.

9 9 Two security protocols Authentication header in transport mode: Protocol field: http://www.networksorcery.com/enp/protocol/ip.htm#Protocol http://www.networksorcery.com/enp/protocol/ip.htm#Protocol

10 10 Two security protocols Next header – Defines the type of payload carried by the IP datagram. (e.g. TCP/UDP/ICMP, …) Payload length – Defines the length of the authentication header. Security parameter index – Plays the role of a virtual circuit identifier and is the same for all packets sent during a SA connection. Sequence number – Provides ordering information for a sequence of datagrams, and prevent playback. Authentication data – The result of applying a hash function to the entire IP datagram.

11 11 Two security protocols Encapsulating Security Payload (ESP) Provide source authentication, integrity, and privacy. Adds a header and trailer. Authentication data – In AH, part of the IP header is included in the calculation of the authentication data; in ESP, it is not.

12 12 Two security protocols ESP (Transport mode)

13 13 AH versus ESP ESP protocol was designed after AH protocol was already in use. ESP does whatever AH does with additional functionality (privacy). AH will remain part of the Internet until the products are phased out. Ref: http://www.microsoft.com/technet/itsolutions/network /security/ipsecarc.mspx http://www.microsoft.com/technet/itsolutions/network /security/ipsecarc.mspx

14 14 Secure Sockets Layer (SSL) Commonly used protocols for managing the security of a message transmission across the “insecure” Internet. Developed by Netscape for transmitting private documents via the Internet. Uses a public key to encrypt data that is transferred over the SSL connection. URLs that require an SSL connection start with “https:” instead of “http:”.

15 15 Secure Sockets Layer (SSL) Runs on top of the TCP, not over UDP or directly over IP. Uses TCP/IP on behalf of higher-level protocols Allows SSL-enabled server to authenticate itself to SSL-enabled client Allows client to authenticate itself to server Allows both machines to establish an encrypted connection.

16 16 Secure Sockets Layer (SSL) - Examples HTTP over SSL  Securing the web was the main initial drive for designing SSL, and HTTP is the first application-layer protocol secured by SSL.  HTTPS operates on TCP port 443, while HTTP operates on TCP port 80 by default.  Standardized in RFC 2818.

17 17 Secure Sockets Layer (SSL) - Examples Email over SSL  Similar to HTTP over SSL, e-mail protocols such as SMTP, Post Office Protocol 3 (POP3), and Internet Message Access Protocol (IMAP) can be supported by SSL.

18 18 Secure Sockets Layer (SSL) Uses ciphers to enable encryption of data between two parties. Uses digital certificates to enable authentication of the parties involved in a secure transaction. Asymmetric encryption (public key encryption). Symmetric encryption (secret key encryption).

19 19 Secure Sockets Layer (SSL) - Digital Certificates Components  Certificate user’s name  Entity for whom certificate is being issued  Public key of the subject  Time stamp Typically issued by a CA that acts as a trusted third party  Public certificate authorities  Private certificate authorities

20 20 Transport Layer Security - TLS Derived from a security protocol called Secure Socket Layer (SSL). TLS is a nonproprietary version of SSL designed by IETF. Lies between the application layer and the transport layer.

21 21 Transport Layer Security - TLS For transactions on the Internet, a browser needs the following:  The server must be authenticated.  The integrity of the message must be preserved.  There is a need for privacy. TLS is actually two protocols:  Handshake protocol  Data exchange protocol

22 22 TLS – Handshake protocol Responsible for negotiating security, authenticating the server to the browser, and (optionally) defining other communication parameters.

23 23 TLS – Handshake protocol The browser sends a hello message that includes the TLS version and some preferences. The server sends a certificate message that includes the public key of the server. The public key is certified by some certification authority, which means the public key is encrypted by a CA private key. The browser has a list of CAs and their public keys. It uses the corresponding key to decrypt the certificate and finds the server public key. This also authenticates the server. The browser generates a secret key, encrypts it with the server public key, and sends it to the server. The browser sends a message, encrypted by the secret key, to inform the server that handshaking is terminating from the browser side. The server decrypts the secret key using its private key and decrypts the message using the secret key. It then sends a message, encrypted by the secret key, to inform the browser that handshaking is terminating from the server side.

24 24 TLS – Data exchange protocol The data exchange (record) protocol uses the secret key to encrypt the data for secrecy and to encrypt the message digest for integrity.message digest The details and specification of algorithms agreed upon during the handshake phase.

25 25 SSL VPN Emerging remote access technology that provides secure connectivity to the internal corporate resources through a web browser or a dedicated client. The greatest strength of SSL VPN comes from the fact that SSL is a mature protocol and is readily available in virtually all web browsers. Using SSL VPN, you can securely navigate your internal web server, or even check your e-mails, from a kiosk or Internet cafe.

26 26 SSL VPN SSL VPN offers the advantage that it is platform independent. Using any browser that supports SSL, you can access resources without worrying about the underlying operating system. Secondly, you do not have to troubleshoot a third-party VPN client, should the connection not work as expected. Additionally, SSL VPN solves the network traversal problem, as many organizations restrict most forms of VPN traffic, such as IPsec and PPTP, to pass through their networks.

Download ppt "1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 29 Internet Security

Chapter 29 Internet Security
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google