Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. 2 3 4 5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is?

Published byDale Blois Modified over 9 years ago

Similar presentations

Presentation on theme: "1. 2 3 4 5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is?"— Presentation transcript:

1 1

2 2

3 3

4 4

5 5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is? Manage many accounts take logs → burden

6 66 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? An ordinary person Maybe, you Use my network FREE! Can I trust him? He can eavesdrop my packets… The administrator can attack to you! Put the blame on the administrator !? No, you are the attacker!

7 7

8 8

9 9

10 10

11 11 User Administrator Authentication Provider Top Level RADIUS proxy.jp.au… RADIUS Tree Authentication Cooperation

12 12

13 13 User Network Administrator the Internet Other Network User Authentication Connection via VPN Server VPN tunneling Authentication Connection via VPN Server VPN tunneling VPN ServerFile Server

14 14 AuthenticationTaking logsNonrepudiation FONFON teamnot needNG eduroamRADIUS serverneedNG MIAKOVPN servernot needOK ProposalDNS serverneedOK RoutingComplaint to FONend-to-endthe administrator eduroamend-to-endthe administrator MIAKOvia VPN serverthe VPN address Proposalend-to-endthe HIT or HI

15 15

16 16 Public key Private key Host Identity Tag Host Identity Local Scope Identity Oneway hash 128bits32bits Last digits Overlay Routable Cryptographic Hash Identifiers (ORCHIDs) a special class of IPv6 used at local network 512, 1024, or 2048bits RSA by default

17 Initiator Responder IPsec data traffic I1 R1 I2 R2 HIP Diffie-Hellman key exchange Encrypted Base Exchange 17

18 18

19 User Correspondent DNS Server the Internet Other Network Service Provider Manage an access point Contract the Internet service Take logs Authentication Provider register users to DNS operate DNSSEC server Tunneling Network Administrator

20 20

21 21 Alice Bob IPsec data traffic I1 R1 I2 R2 The administrator should record relationship of BE packets. Otherwise, the administrator cannot understand which BE is certainly completed. In our network, the administrator allows data packets that has completed Base Exchange.

22 22

23 23

24 24 User Correspondent Network Administrator DNS Server the Internet Other Network Once access to DNS… Connection is End-to-End and data is encrypted Check… Malicious Attack… Incorrect! Who!? the attacker!! Cannot eavesdrop packets’ data Feel safe

25 25

26 26

27 27

Download ppt "1. 2 3 4 5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is?"

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Virtual Private Networks

Virtual Private Networks
Secure Mobile IP Communication

Secure Mobile IP Communication
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google