Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Presentation on theme: "1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1."— Presentation transcript:

1 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1

2 2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : –Mahasiswa dapat menjelaskan IP Security dan SSL

3 3 Outline Materi Konsep IP Security Arsitecture IP security Protokol dasar SSL Arsitektur SSL

4 4 Security facilities in TCP/IP

5 5 IP Security Overview IPSec is not a single protocol. IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. General IP Security mechanisms provides –Authentication –Confidentiality –Key management Applicable to use over LANs, across public and private WANs, and for the Internet

6 6 IP Security Overview Applications of IPSec –Secure branch office connectivity over the Internet –Secure remote access over the Internet –Establsihing extranet and intranet connectivity with partners –Enhancing electronic commerce security

7 7 IP Security Overview Benefits of IPSec –Transparent to applications (below transport layer (TCP, UDP) –Provide security for individual users –IPSec can assure that: A router or neighbor advertisement comes from an authorized router A redirect message comes from the router to which the initial packet was sent A routing update is not forged provides strong security to all traffic crossing the perimeter

8 8 IP Security Scenario

9 9 Authentication Header Authentication Header (AH) provides support for data integrity & authentication of IP packets –End system/router can authenticate user/app –Prevents address spoofing attacks by tracking sequence numbers Based on use of a MAC –HMAC-MD5-96 or HMAC-SHA-1-96 Parties must share a secret key

10 10 Authentication Header Provides support for data integrity and authentication (MAC code) of IP packets. Guards against replay attacks.

11 11 AH Authentication Tunnel Mode AH Authentication

12 12 Security Associations Security Association (SA) is a one-way relationship between sender & receiver that affords security for traffic flow Defined by 3 parameters: –Security Parameters Index (SPI) –IP Destination Address –Security Protocol Identifier Has a number of other parameters –seq no, AH & EH info, lifetime etc Have a database of Security Associations

13 13 ESP Encapsulating Security Payload (ESP) provides message content confidentiality & limited traffic flow confidentiality Can optionally provide the same authentication services as AH Supports range of ciphers, modes, padding –DES, Triple-DES, RC5, IDEA, CAST, etc –CBC most common –Pad to meet blocksize, for traffic flow

14 14 ESP ESP Encryption and Authentication

15 15 Algorithms Encryption & Authentication Algorithms –Encryption: Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish –Authentication: HMAC-MD5-96 HMAC-SHA-1-96

16 16 Transport & Tunnel Modes

17 17 Transport & Tunnel Mode ESP Transport mode is used to encrypt & optionally authenticate IP data –Data protected but header left in clear –Can do traffic analysis but is efficient –Good for ESP host to host traffic Tunnel mode encrypts entire IP packet –Add new header for next hop –Good for VPNs, gateway to gateway security

18 18 SSL and TLS SSL was originated by Netscape TLS working group was formed within IETF First version of TLS can be viewed as an SSLv3.1

19 19 SSL Architecture

20 20 Handshake Protocol The most complex part of SSL. Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data are transmitted.

21 21 Handshake Protocol Action

Download ppt "1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1."

Similar presentations

Ads by Google