Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
K. Salah1 Security Protocols in the Internet IPSec.
IP Security: Security Across the Protocol Stack
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
1 IPv6 Security & QoS Babu Ram Dawadi. 2 Outline IP Security Overview IP Security Architecture Authentication Header Encapsulating Security Payload Combinations.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
IP Security
CSCI 465 Data Communications and Networks Lecture 26
IPSec Detailed Description and VPN
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
CSE 4905 IPsec.
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
Cryptography and Network Security
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
Chapter 6 IP Security.
Lecture 36.
Lecture 36.
Cryptography and Network Security
Presentation transcript:

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

What is IP Security Framework of open standards to ensure secure communications over the Internet In short: It is the network layer Internet Security Protocol

IPSEC Service Internet/ Intranet IPSec disabled host Case 1 : Insecure IP Packet IPSec enabled host Case 2 : Secure IP Packet IP Header Upper layer data IP Header IPSec Header Upper layer data

IPSec general IP Security mechanisms provides –authentication –confidentiality –key management applicable to use over LANs, across public & private WANs, & for the Internet

IP sec Application IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. –Secure branch office connectivity over the Internet –Secure remote access over the Internet –Establishing extranet and intranet connectivity with partners –Enhancing electronic commerce security

Security Associations One of the most important concepts in IPSec is called a Security Association (SA). Defined in RFC SAs are the combination of a given Security Parameter Index (SPI) and Destination Address. SAs are one way. A minimum of two SAs are required for a single IPSec connection. SAs contain parameters including: –Authentication algorithm and algorithm mode –Encryption algorithm and algorithm mode –Key(s) used with the authentication/encryption algorithm(s) –Lifetime of the key –Lifetime of the SA –Source Address(es) of the SA –Sensitivity level (ie Secret or Unclassified)

IP security scenario

scenario of IPSec usage An organization maintains LANs at dispersed locations Non secure IP traffic is conducted on each LAN. IPSec protocols are used These protocols operate in networking devices that connect each LAN to the outside world. (router, firewall ) The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN

Why not use IPSec? Processor overhead to encrypt & verify each packet can be great. Added complexity in network design.

Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture

IPsec

Network Layer Security IP security (IPsec) –Two protocols Authentication protocol, using an Authentication Header (AH) Encryption/authentication protocol, called the Encapsulating Security Payload (ESP) –Two modes of operation Transport mode: provides protection for upper-layer protocols Tunnel mode: protects the entire IP datagram

IPSec protocols – AH protocol AH - Authentication Header –Defined in RFC 1826 –Integrity: Yes, including IP header –Authentication: Yes –Non-repudiation: Depends on cryptography algorithm. –Encryption: No –Replay Protection: Yes IP HeaderAH HeaderPayload (TCP, UDP, etc) IP HeaderAH HeaderPayload (TCP. UDP,etc)IP Header Transport Packet layout Tunnel Packet layout

IPSec protocols – ESP protocol ESP – Encapsulating Security Payload –Defined in RFC 1827 –Integrity: Yes –Authentication: Depends on cryptography algorithm. –Non-repudiation: No –Encryption: Yes –Replay Protection: Yes IP HeaderESP HeaderPayload (TCP, UDP, etc) IP HeaderESP HeaderPayload (TCP. UDP,etc)IP Header Transport Packet layout Tunnel Packet layout UnencryptedEncrypted

What protocol to use? Differences between AH and ESP: –ESP provides encryption, AH does not. –AH provides integrity of the IP header, ESP does not. –AH can provide non-repudiation. ESP does not. However, we don’t have to choose since both protocols can be used in together. Why have two protocols? –Some countries have strict laws on encryption. If you can’t use encryption in those countries, AH still provides good security mechanisms. Two protocols ensures wide acceptance of IPSec on the Internet.

Data Integrity and Confidentiality Basic difference between AH and ESP

IPSec Protocols (cont) Algorithms Used: Encryption: Symmetric – As IP packets may arrive out of order and Asymmetric algorithms are incredible slow. E.g. DES (Data Encryption Standard)  Authentication: MAC (Message Authentication Codes) based on symmetric encryption algorithms. One way hash functions. (MD5 or SHA-1)

Transport Versus Tunnel Mode Transport Mode: Used for Peer to Peer communication security Data is encrypted Tunnel Mode: Used for site-to-site communication security Entire packet is encrypted.

Transport versus Tunnel mode (cont) Transport mode is used when the cryptographic endpoints are also the communication endpoints of the secured IP packets. Cryptographic endpoints: The entities that generate / process an IPSec header (AH or ESP) Communication endpoints: Source and Destination of an IP packet

Transport versus Tunnel mode (cont) Tunnel mode is used when at least one cryptographic endpoint is not a communication endpoint of the secured IP packets. Outer IP Header – Destination for the router. Inner IP Header – Ultimate Destination

Transport Mode Tunneling Mode

How IPSec works: Phase 1 Internet Key Exchange (IKE) is used to setup IPSec. IKE Phase 1: –Establishes a secure, authenticated channel between the two computers –Authenticates and protects the identities of the peers –Negotiates what SA policy to use –Performs an authenticated shared secret keys exchange –Sets up a secure tunnel for phase 2 –Two modes: Main mode or Aggressive mode Main Mode IKE 1.Negotiate algorithms & hashes. 2.Generate shared secret keys using a Diffie-Hillman exchange. 3.Verification of Identities. Aggressive Mode IKE –Squeezes all negotiation, key exchange, etc. into less packets. –Advantage: Less network traffic & faster than main mode. –Disadvantage: Information exchanged before a secure channel is created. Vulnerable to sniffing.

How IPSec works: Phase 2 –An AH or ESP packet is then sent using the agreed upon “main” SA during the IKE phase 1. –IKE Phase 2 Negotiates IPSec SA parameters Establishes IPSec security associations for specific connections (like FTP, telnet, etc) Renegotiates IPSec SAs periodically Optionally performs an additional Diffie-Hellman exchange

How IPSec works: Communication Once Phase 2 has established an SA for a particular connection, all traffic on that connection is communicated using the SA. IKE Phase 1 exchange uses UDP Port 500. AH uses IP protocol 51. ESP uses IP protocol 50.

Key Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.