March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today HomeworkHomework Project ScheduleProject Schedule LabLab RecapRecap Protecting.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

IPSec.
Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
March R. Smith - University of St Thomas - Minnesota QMCS Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.
March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class More about FunctionsMore about Functions RecursionRecursion.
March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Today: covering through P. 83 of textToday: covering through P. 83 of.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
March R. Smith - University of St Thomas - Minnesota Today’s Class RecapRecap More course thingsMore course things Work on labs/projectsWork on labs/projects.
March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class GradingGrading The examThe exam Sorting arraysSorting arrays Pointers,
March R. Smith - University of St Thomas - Minnesota QMCS Class Today Attack ExerciseAttack Exercise Attacking serversAttacking servers Firewalls.
March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Today’s LabToday’s Lab SortingSorting.
March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class The ProjectThe Project PointersPointers.
March R. Smith - University of St Thomas - Minnesota CISC Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”
March /18R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Class projectsClass projects Lab 13: Use the method documentation.
6/22/2015 1R. Smith - University of St Thomas - Minnesota QMCS Class Today St. Lukes Case StudySt. Lukes Case Study.
March R. Smith - University of St Thomas - Minnesota QMCS Class Today Working the InternetWorking the Internet RoutingRouting Firewalling in.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”
March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.
March R. Smith - University of St Thomas - Minnesota QMCS 230: Today in Class Buttons: Radio and Check BoxButtons: Radio and Check Box Lab 20Lab.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
March R. Smith - University of St Thomas - Minnesota CISC Class Today Homework RemindersHomework Reminders RecapRecap FirewallsFirewalls Firewall.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
March R. Smith - University of St Thomas - Minnesota CISC Class Today Project ScheduleProject Schedule Upcoming LabUpcoming Lab RecapRecap.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
10/27/2015 1R. Smith - University of St Thomas - Minnesota CISC Class Today Structured WiringStructured Wiring A wiring closetA wiring closet Ethernet.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
March R. Smith - University of St Thomas - Minnesota QMCS 130: Today’s Class Grades & Lab 12Grades & Lab 12 Upcoming ExamUpcoming Exam StructuresStructures.
IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)
March R. Smith - University of St Thomas - Minnesota QMCS Class Today “Enigma” recap and finish“Enigma” recap and finish The quiz/surveyThe.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Chapter 14 Network Encryption
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
3/21/2016 1R. Smith - University of St Thomas - Minnesota CISC Class Today Rest of SemesterRest of Semester Presentation SchedulePresentation Schedule.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Network Security Mechanisms
CSE 4905 IPsec.
Encryption and Network Security
Internet and Intranet Fundamentals
IPSec IPSec is communication security provided at the network layer.
Chapter 6 IP Security.
Presentation transcript:

March R. Smith - University of St Thomas - Minnesota CISC Class Today HomeworkHomework Project ScheduleProject Schedule LabLab RecapRecap Protecting packet integrityProtecting packet integrity IPSECIPSEC

Recap Protocols and LayeringProtocols and Layering –The funnel Lots of ApplicationsLots of Applications Narrow middle for the “protocol stack”Narrow middle for the “protocol stack” Lots of device drivers for different network hardwareLots of device drivers for different network hardware Network EncryptionNetwork Encryption –Link vs Network vs Application Different protection afforded at different layersDifferent protection afforded at different layers –Let’s bring up Wireshark for a moment March R. Smith - University of St Thomas - Minnesota

Project Schedule April 20: Next MondayApril 20: Next Monday –Project Proposal DUE –You want to start working on the project NOW –You want to have your team in place ASAP April 27: Twelve Days from TodayApril 27: Twelve Days from Today –Project OUTLINE Due –The outline is a bit of work If you’re a group, figure out how to divide it upIf you’re a group, figure out how to divide it up Hand in combined outline and combined reference listHand in combined outline and combined reference list –It counts for a chunk of the assignment (20% or so) –DON’T MESS IT UP March R. Smith - University of St Thomas - Minnesota

The Lab How are people doing?How are people doing? –Due Next Wednesday –Don’t get wrapped around the Loopback: Where to do itWhere to do it –Lab down the hall – OSS 429 When to do itWhen to do it –Do I need to schedule some time? –Do enough people have card access? 12/21/2015 4R. Smith - University of St Thomas - Minnesota

Protecting Packet Integrity Tools at our disposalTools at our disposal –Encryption, checksums, CRCs, one-way hash ThreatsThreats –Fabricating new packets – forgery –Changing packet contents – tricking the application –Changing packet addresses – redirecting the packet March R. Smith - University of St Thomas - Minnesota

Checksums for packet protection Incorporating a secret for protectionIncorporating a secret for protection March R. Smith - University of St Thomas - Minnesota

Attacking the simple checksum The checksum isn’t sensitive to positionThe checksum isn’t sensitive to position March R. Smith - University of St Thomas - Minnesota

Practical problems The secret information isn’t very muchThe secret information isn’t very much –Trial-and-error can generate a working checksum The checksum isn’t very sensitiveThe checksum isn’t very sensitive –Obvious errors aren’t detected –Designed to detect simple, random errors –Not really designed to protect against clever people What tool(s) can improve this?What tool(s) can improve this? March R. Smith - University of St Thomas - Minnesota

Keyed Hash Use one-way hash with a shared secretUse one-way hash with a shared secret –Hash included in message –Recipient verifies the message with the shared secret March R. Smith - University of St Thomas - Minnesota

Issues with Keyed Hashes One-way hashes aren’t perfectOne-way hashes aren’t perfect –Research has found ways to fiddle with them –In particular, some aren’t sensitive enough to ‘truncation’ Alternative #1: put secret on front and backAlternative #1: put secret on front and back –Initial strategy used in the IPSEC protocols Still sensitive to other hash vulnerabilitiesStill sensitive to other hash vulnerabilities –Designers sought a way to cover weaknesses –Apply hash multiple times to cover various problems March R. Smith - University of St Thomas - Minnesota

Keyed Hash on Steroids - HMAC State of the art in keyed hashingState of the art in keyed hashing March R. Smith - University of St Thomas - Minnesota

IP Security Protocol – IPSEC Security protection that’s IP routableSecurity protection that’s IP routable We authenticate the IP addressesWe authenticate the IP addresses We encrypt everything inside the IP headerWe encrypt everything inside the IP header March R. Smith - University of St Thomas - Minnesota

Separate Headers AH – Authentication HeaderAH – Authentication Header –Keeps the packet intact ESP – Encapsulating Security PayloadESP – Encapsulating Security Payload –A ‘generic’ security format, originally just for encryption –Now does both encryption and authentication March R. Smith - University of St Thomas - Minnesota

Practical question for network geeks What parts of the IP packet MUST be modified?What parts of the IP packet MUST be modified? What happens during routing?What happens during routing? MAC addressingMAC addressing Hop-per-hopHop-per-hop March R. Smith - University of St Thomas - Minnesota

Authentication Header – ‘AH’ Protects unchanging bits of the IP headerProtects unchanging bits of the IP header “SPI” – Security Parameter Index“SPI” – Security Parameter Index –Identifies the keying and hash algorithm to use March R. Smith - University of St Thomas - Minnesota

March R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.