Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research.

Slides:



Advertisements
Similar presentations
A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Advertisements

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Secure SharePoint mobile connectivity
Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Access control for IP multicast T Petri Jokela
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Chapter 5 Network Security Protocols in Practice Part I
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Internet Protocol Security (IPSec)
Authors: Thomas Ristenpart, et at.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Host Identity Protocol
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Network Security David Lazăr.
Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
1 A VPN based approach to secure WLAN access John Floroiu
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Kerberos Guilin Wang School of Computer Science 03 Dec
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Ch. 7 -Attacking Session Management Latasha A. Gibbs CSCE 813 – Internet Security, Fall 2012 College of Engineering and Computing University of South Carolina.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
Denial of Service Attacks and Countermeasures Analysis Dang Nguyen Duc School of Engineering ( )
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Chapter 5 Network Security Protocols in Practice Part I
Cryptography: an overview
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
Cryptography: an overview
Presentation transcript:

Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research

Summary Derived an initial list of Requirements and Goals for the Protocol that would protect IPv6 hosts from Potential DoS(Denial of Service) and Traffic diversion attacks through discussing two major problems : 1)Chicken and Egg problem( here:Ip Ipsec) 2)Address Ownership problem And thus outlined some building blocks which could be parts of such protocol.

Comments +VE Good systematic way of solving a potential problem. Good technical exposure to some of the Potential security issues like DoS which we are facing. -VE Protects Verifier only.

Assumption The whole protocol works on the assumption that the routing infrastructure is not Compromised.

Protection Using Host id as crypto token. Using random numbers. Using one time password mechanism.

Protection(Cont.) Using Cryptographic Tokens uses lower 62bits of IPv6 address to store cryptographic hash of the Public key. host ID=HASH 62 (public key/random) dis-advantage: problem arises if host discloses random.

Protection(cont.) Protection (cont.) H N := HASH 160 (Public Key | random) H i := HASH 160 (Public key | H i+1 ) Host ID := HASH 62 (H 0 ) while collision occurs, both parties authenticate each other just by reveal their H 0 if not by revealing H 1.

Protection(cont.) Protection (cont.) Puzzles can also be used to protect oneself from DoS. Recipient Initiator Puzzle correct YES NO Deny

Question Question Is this enough to SAVE your computer from Potential threats Like DoS ? Is this enough to SAVE your computer from Potential threats Like DoS ?

Thank You

Queries ?

What’s a Denial-of-Service? It refers to a broad family of different methods that hackers use to try to prevent legitimate users from accessing web servers, mail servers networks and other systems.

Chicken & Egg Problem A is required to perform B and B is required to perform A Here: IPSec is needed to Configure IP and IP is needed to Configure IPSec.

Address Ownership Who owns an IPv6 / link-layer address? Is the owner an authorized agent? Proof??????????

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.