TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Guide to Network Defense and Countermeasures Second Edition
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
The OSI Model and the TCP/IP Protocol Suite
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Chapter 10 Network Security.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
K. Salah1 Security Protocols in the Internet IPSec.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter Twelve Network Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Internet Protocol Version4 (IPv4)
UNIT.4 IP Security.
Security at the Application Layer: PGP and S/MIME
Security Protocols in the Internet
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Security at the Transport Layer: SSL and TLS
Transport Layer Security (TLS)
Virtual Private Networks (VPN)
Presentation transcript:

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security

TCP/IP Protocol Suite 2OBJECTIVES:  To introduce the idea of Internet security at the network layer and the IPSec protocol that implements that idea in two modes: transport and tunnel.  To discuss two protocols in IPSec, AH and ESP, and explain the security services each provide.  To introduce security association and its implementation in IPSec.  To introduce virtual private networks (VPN) as an application of IPSec in the tunnel mode.  To introduce the idea of Internet security at the transport layer and the SSL protocol that implements that idea

TCP/IP Protocol Suite 3 OBJECTIVES (continued):  To show how SSL creates six cryptographic secrets to be used by the client and the server.  To discuss four protocols used in SSL and how they are related to each other.  To introduce Internet security at the application level and two protocols, PGP and S/MIME, that implement that idea.  To show how PGP and S/MIME can provide confidentiality and message authentication.  To discuss firewalls and their applications in protecting a site from intruders.

TCP/IP Protocol Suite 4 Chapter Outline 30.1 Network Layer Security 30.2 Transport Layer Security 30.3 Application Layer Security 30.4 Firewalls

TCP/IP Protocol Suite NETWORK LAYER SECURITY We start this chapter with the discussion of security at the network layer. Although in the next two sections we discuss security at the transport and application layers, we also need security at the network layer. IP Security (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. IPSec helps create authenticated and confidential packets for the IP layer.

TCP/IP Protocol Suite 6 Topics Discussed in the Section Two Modes Two Security Protocols Services Provided by IPSec Security Association Internet Key Exchange (IKE) Virtual Private Network (VPN)

TCP/IP Protocol Suite 7 Figure 30.1 IPSec in transport mode

TCP/IP Protocol Suite 8 IPSec in transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note

TCP/IP Protocol Suite 9 Figure 30.2 Transport mode in Action

TCP/IP Protocol Suite 10 Figure 30.3 IPSec in tunnel mode

TCP/IP Protocol Suite 11 Figure 30.4 Tunnel-mode in action Tunnel

TCP/IP Protocol Suite 12 IPSec in tunnel mode protects the original IP header. Note

TCP/IP Protocol Suite 13 Figure 30.5 Transport mode versus tunnel mode

TCP/IP Protocol Suite 14 Figure 30.6 Authentication Header (AH) protocol

TCP/IP Protocol Suite 15 The AH protocol provides source authentication and data integrity, but not privacy. Note

TCP/IP Protocol Suite 16 Figure 30.7 Encapsulating Security Payload (ESP)

TCP/IP Protocol Suite 17 ESP provides source authentication, data integrity, and privacy. Note

TCP/IP Protocol Suite 18

TCP/IP Protocol Suite 19 Figure 30.8 Simple SA

TCP/IP Protocol Suite 20 Figure 30.9 SAD

TCP/IP Protocol Suite 21 Figure SPD

TCP/IP Protocol Suite 22 Figure Outbound processing

TCP/IP Protocol Suite 23 Figure Inbound processing

TCP/IP Protocol Suite 24 IKE creates SAs for IPSec. Note

TCP/IP Protocol Suite 25 Figure IKE components

TCP/IP Protocol Suite 26 Figure Virtual private network

TCP/IP Protocol Suite TRANSPORT LAYER SECURITY Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol. The latter is actually an IETF version of the former. We discuss SSL in this section; TLS is very similar. Figure shows the position of SSL and TLS in the Internet model.

TCP/IP Protocol Suite 28 Topics Discussed in the Section SSL Architecture Four Protocols

TCP/IP Protocol Suite 29 Figure Location of SSL and TSL in the Internet mode

TCP/IP Protocol Suite 30 Figure Calculation of maser key from pre-master secret

TCP/IP Protocol Suite 31 Figure Calculation of the key materials from master secret

TCP/IP Protocol Suite 32 Figure Extraction of cryptographic secrets from key materials

TCP/IP Protocol Suite 33 Figure Four SSL protocols

TCP/IP Protocol Suite 34 Figure Handshake protocol

TCP/IP Protocol Suite 35 After Phase I, the client and server know the version of SSL, the cryptographic algorithms, the compression method, and the two random numbers for key generation. Note

TCP/IP Protocol Suite 36 After Phase II, the server is authenticated to the client, and the client knows the public key of the server if required. Note

TCP/IP Protocol Suite 37 After Phase III, The client is authenticated for the serve, and both the client and the server know the pre-master secret. Note

TCP/IP Protocol Suite 38 Figure Processing done by the record protocol

TCP/IP Protocol Suite APPLICATION LAYER SECURITY This section discusses two protocols providing security services for s: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME).

TCP/IP Protocol Suite 40 Topics Discussed in the Section Security Pretty Good Privacy (PGP) Key Rings PGP Certificates S/MIME Applications of S/MIME

TCP/IP Protocol Suite 41 In security, the sender of the message needs to include the name or identifiers of the algorithms used in the message. Note

TCP/IP Protocol Suite 42 In security, the encryption/decryption is done using a symmetric-key algorithm, but the secret key to decrypt the message is encrypted with the public key of the receiver and is sent with the message. Note

TCP/IP Protocol Suite 43 Figure A plaintext message

TCP/IP Protocol Suite 44 Figure An authenticated message

TCP/IP Protocol Suite 45 Figure A compressed message

TCP/IP Protocol Suite 46 Figure A confidential message

TCP/IP Protocol Suite 47 Figure Key rings in PGP

TCP/IP Protocol Suite 48 In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note

TCP/IP Protocol Suite 49 Figure Trust model

TCP/IP Protocol Suite 50 Figure Signed-data content type

TCP/IP Protocol Suite 51 Figure Encrypted-data content type

TCP/IP Protocol Suite 52 Figure Digest-data content type

TCP/IP Protocol Suite 53 Figure Authenticated-data content type

TCP/IP Protocol Suite 54 The following shows an example of an enveloped-data in which a small message is encrypted using triple DES. Example Example 30.1

TCP/IP Protocol Suite FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Figure shows a firewall.

TCP/IP Protocol Suite 56 Topics Discussed in the Section Packet-Filter Firewall Proxy Firewall

TCP/IP Protocol Suite 57 Figure Firewall

TCP/IP Protocol Suite 58 Figure Packet-filter firewall

TCP/IP Protocol Suite 59 In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note

TCP/IP Protocol Suite 60 Figure Proxy firewall

TCP/IP Protocol Suite 61 A proxy firewall filters at the application layer. Note

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.