Download presentation
Presentation is loading. Please wait.
Published byDale Blois Modified over 9 years ago
1
1
2
2
3
3
4
4
5
5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is? Manage many accounts take logs → burden
6
66 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? An ordinary person Maybe, you Use my network FREE! Can I trust him? He can eavesdrop my packets… The administrator can attack to you! Put the blame on the administrator !? No, you are the attacker!
7
7
8
8
9
9
10
10
11
11 User Administrator Authentication Provider Top Level RADIUS proxy.jp.au… RADIUS Tree Authentication Cooperation
12
12
13
13 User Network Administrator the Internet Other Network User Authentication Connection via VPN Server VPN tunneling Authentication Connection via VPN Server VPN tunneling VPN ServerFile Server
14
14 AuthenticationTaking logsNonrepudiation FONFON teamnot needNG eduroamRADIUS serverneedNG MIAKOVPN servernot needOK ProposalDNS serverneedOK RoutingComplaint to FONend-to-endthe administrator eduroamend-to-endthe administrator MIAKOvia VPN serverthe VPN address Proposalend-to-endthe HIT or HI
15
15
16
16 Public key Private key Host Identity Tag Host Identity Local Scope Identity Oneway hash 128bits32bits Last digits Overlay Routable Cryptographic Hash Identifiers (ORCHIDs) a special class of IPv6 used at local network 512, 1024, or 2048bits RSA by default
17
Initiator Responder IPsec data traffic I1 R1 I2 R2 HIP Diffie-Hellman key exchange Encrypted Base Exchange 17
18
18
19
User Correspondent DNS Server the Internet Other Network Service Provider Manage an access point Contract the Internet service Take logs Authentication Provider register users to DNS operate DNSSEC server Tunneling Network Administrator
20
20
21
21 Alice Bob IPsec data traffic I1 R1 I2 R2 The administrator should record relationship of BE packets. Otherwise, the administrator cannot understand which BE is certainly completed. In our network, the administrator allows data packets that has completed Base Exchange.
22
22
23
23
24
24 User Correspondent Network Administrator DNS Server the Internet Other Network Once access to DNS… Connection is End-to-End and data is encrypted Check… Malicious Attack… Incorrect! Who!? the attacker!! Cannot eavesdrop packets’ data Feel safe
25
25
26
26
27
27
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.