Secure connections.

Slides:

Advertisements

Similar presentations

Advertisements

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

Lecture 24 Secure Communications CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

IPsec Internet Headquarters Branch Office SA R1 R2

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Lecture 25 Secure Communications CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross and Dave Hollinger.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Network security and Hot topics in networking EECS 489 Computer Networks Z. Morley Mao Wednesday, April 11,

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Lecture 7: Network Level Security – IPSec CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Keith Ross, and.

Lecture 23 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Security at different layers

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

8.4 – 8.5 Securing & Securing TCP connections with SSL By: Amanda Porter.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.

Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Real Security Protocols 1. Securing 2. Securing TCP connections: SSL 3. Network layer security: IPsec 4. Securing wireless LANs Computer Networking:

VIRTUAL PRIVATE NETWORKS Lab 8. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,

Lecture 9: Network Level Security – IPSec

IPSec Detailed Description and VPN

Security in the layers 8: Network Security.

CSE 4905 IPsec.

Chapter 18 IP Security  IP Security (IPSec)

UNIT.4 IP Security.

IPSec IPSec is communication security provided at the network layer.

IP Security and VPN Most of the slides are derived from the slides (Chapter-8) by the authors of «Computer Networking: A Top Down Approach», and from the.

Slides have been taken from:

Network Security (contd.)

Security Protocols in the Internet

Virtual Private Networks (VPNs)

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Virtual Private Networks (VPNs)

Unit 8 Network Security.

Presentation transcript:

Secure connections

Secure connections examples Application Layer Email – Pretty Good Privacy Transport Layer Secure Socket Layer Network Layer Ipsec (VPN) DataLink Layer Wifi – WEP (not part of curriculum) Physical Layer N/A

Secure Application layer email - PGP (Pretty Good Privacy) Alice wants to send confidential e-mail, m, to Bob KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet

Secure Application layer email - PGP (Pretty Good Privacy) Alice wants to provide sender authentication message integrity H( ) . KA( ) - + H(m ) KA(H(m)) m KA Internet compare

PGP – Both confidential & Integrity . KA( ) - + KA(H(m)) m KA KS( ) KB( ) KB(KS ) KS KB Internet

Secure Transport layer Secure Socket Layer (SSL) SSL support Confidential (HTTPS is based on SSL) SSL can support Integrity Four keys (part of EMS – Encrypted Master Secret): Kc = encryption key for data sent from client to server Mc = MAC key for data sent from client to server Ks = encryption key for data sent from server to client Ms = MAC key for data sent from server to client

Secure Transport layer - Secure Socket Layer (SSL) Normal TCP 3way Connection hello certificate, nonce KB+(MS) = EMS type 0, seq 1, data type 0, seq 2, data type 0, seq 3, data type 1, seq 4, close type 1, seq 2, close encrypted bob.com

Secure Network layer IPsec (Virtual Private Network - VPN) edge routers IPsec-aware (tunnel) IPsec hosts IPsec-aware

Secure Network layer IPsec (Virtual Private Network - VPN) Authentication Header (AH) protocol provides source authentication & data integrity but not confidentiality Encapsulation Security Protocol (ESP) provides source authentication, data integrity, and confidentiality more widely used than AH

VPN SA – or VPN as tunnel - the most often used security at Network layer 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2 new IP header ESP hdr original IP hdr Original IP datagram payload trl auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

Secure DataLink layer WEP - Wired Equivalent Privacy authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce Not very secure ! – use WPA -- Wifi Protected Access

Secure DataLink layer EAP- Extensible Authentication Protocol EAP TLS EAP EAP over LAN (EAPoL) IEEE 802.11 RADIUS UDP/IP wired network Network Security