Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT.

Published byMyrtle Henry Modified over 8 years ago

Similar presentations

Presentation on theme: "ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT."— Presentation transcript:

1 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call Kathy Cheek, 404 894-5696 Chapter 6a - IPsec (IP Secure) (note: 06b has PDF copies of slides from Chap. 6 of the text, “Network Security Essentials, Applications and Standards” by William Stallings)

2 2 Each LAN Connects to Internet via a Router

3 The Internet is a Router Network In an Router Network, circuits are defined by entries in the Routing Tables along the way. These may be Static (manually set up) or Dynamic (set up according to Algorithm in the Router). 4E 3 A 5 C D B 1 7 6 2 Station ( on a LAN) A 1 Local Connection Trunk or Long-Haul Router A to D 3 E’net Token Ring IP

4 Optimal Paths From Router 1 (or To Router 1) Define Router 1'sSink Tree 4E 3 A 5 C D B 1 7 6 2 Station A 1 Local Connection Trunk or Long-Haul Router 4

5 5 Application Layer (HTTP) Transport Layer (TCP,UDP) Network Layer (IP) E'net Data Link Layer Ethernet Phys. Layer Network Layer E'net Data Link Layer E'net Phys. Layer Network Layer Web Server Browser Router Buffers Packets that need to be forwarded (based on IP address). Application Layer (HTTP) Transport Layer (TCP,UDP) Network Layer (IP) Token Ring Data-Link Layer Token Ring Phys. Layer IP Address 130.207.22.5 IP Address 24.88.15.22 Port 80 Port 31337 Segment No. Token Ring Data Link Layer Token Ring Phys. Layer

6 6 Connecting Over the Internet to “www.cnn.com” Discover the Ethernet address of the Domain Name Server ARP - “Who has 130.207.244.244” Reply from Gateway Router “00 0E 36 A9 72 24 has 130.207.244.244” * Use DNS (BIND) to convert “www.cnn.com” to a 32-bit Internet address (64.236.16.52). Send UDP DNS-Request Packet to 130.207.244.244 : UDP 53 Reply www.cnn.com = 64.236.16.52 Discover the Ethernet address of host 64.236.16.52 (or gateway router). ARP - “Who has 64.236.16.52” Reply from Gateway Router “00 0E 36 A9 72 24 has 64.236.16.52” * Start a TCP connection Send TCP Packet with SYN flag set to 64.236.16.52 / 00 0E 36 A9 72 24 Reply is TCP Packet with SYN and ACK flag bits set. Send TCP packet with ACK flag set. * The gateway router “has” all IP addresses that are not local (on the LAN).

7 #1 Receive time:71765.605 (0.000) packet length:80 received length:70 UDP Datagrams are exchanged to find the IP address Ethernet: (08000726b22f -> Sun 75f53a) type: IP(0x800) Internet: 130.207.8.51 -> 130.207.244.244 hl: 5 ver: 4 tos: 0 len: 66 id 0x01 fragoff:0 flags: 00 ttl:60 prot:UDP(17) xsum: 0x68ce UDP: 1042 -> domain(53) len: 46 xsum: 0x5315 Domain Name Service: ID: 2984 opcode: Query (0) Flags: (0100) Queries: 1, answers: 0, name servers: 0, Query 0: Name:www.cnn.com #2 Receive time:71765.653 (0.048) packet length:148 received length:70 Ethernet: ( Sun 75f53a -> 08000726b22f) type: IP(0x800) Internet: 130.207.244.244 -> 130.207.8.51 hl: 5 ver: 4 tos: 0 len:134 id:xbc77 fragoff 0 flags:00 ttl:60 prot:UDP(17) xsum:0xac13 UDP: domain(53) -> 1042 len: 114 xsum: 0000 Domain Name Service: ID: 2984 opcode: Query (0) Response: No. err (0) Flags: (8580) Queries: 1, answers: 3, name servers: 0, Query 0: Name:www.cnn.com 7

8 #3 Receive time:71765.711 packet length:60 Ethernet: (08000726b22f -> Cisco 083625) type: IP(0x800) Internet: 130.207.8.51 -> 64.236.16.52 hl: 5 ver: 4 tos: 0 len: 44 id: 0x02 fragoff: 0 flags: 00 ttl: 60 prot: TCP(6) xsum: 0x9be5 TCP Port: 1076 -> http(80) seq: 28a61070 ack: ---- win: 10241 hl: 6 xsum: 0x5342 urg: 0 flags: mss: 536 #4 Receive time:71765.721 packet length:60 Ethernet: (Cisco 083625 -> 08000726b22f) type: IP(0x800) Internet: 64.236.16.52 -> 130.207.8.51 hl: 5 ver: 4 tos: 0 len:44 id:0x7d1f fragoff 0 flags:00 ttl:57 prot:TCP(6) xsum:0x21c8 TCP Port: http(80) -> 1076 seq: 3a28ac00 ack: 28a61071 win: 4096 hl: 6 xsum: 0x816d urg: 0 flags: mss:1460 The first two packets of the IP, TCP & HTTP (port 80) Connection. The Ethernet address (Cisco...) is the local router port. The IP Address is used “end to end.” Ethernet addresses are local only. Address Resolution Protocol (ARP) E’net frames are not shown. 8

9 Internet Layer Security (IPsec) Rolf Oppliger, "Internet Security: Firewalls and Beyond," p92, Comm. ACM 40, May 1997 The Internet Engineering Task Force (IETF) Internet Security Protocol working group standardized an IP Security Protocol (IPsec) and an Internet Key Management Protocol (IKMP). objective of IPsec is to make available cryptographic security mechanisms to users who desire security. mechanisms should work for both the current version of IP (IPv4) and the new IP (IPv6). should be algorithm-independent, in that the cryptographic algorithms can be altered. should be useful in enforcing different security policies, but avoid adverse impacts on users who do not employ them. 9

10 IPsec Authentication Header (AH) 10 Transport Mode Transport Mode Tunnel Mode

11 Encapsulated Secure Payload (ESP) Transport Level Security (TLS) 11

12 12 IPsec ESP - Tunnel Mode Virtual Private Network (VPN)

13 Internet Layer Security (IPsec) 13 IPsec Authentication Header (AH) - Transport and Tunnel Modes Normal Internet Protocol (IP) IPsec Encapsulated Secure Payload (ESP) IPsec Encapsulated Secure Payload (ESP) with AH IP Header, A to B TCP Header Application Header Data IP Header, A to B AH TCP Header Application Header Data IP Header, A to R b ESP Header TCP Header Application Header Data Encrypted IP Header, A to R b AH ESP Header TCP Header Application Hdr Data Encrypted IP Hdr, A to R b AH IP Hdr A to B TCP Hdr Application Header Data

14 Security Associations 64.236.16.52 14

Download ppt "ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT."

Similar presentations

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Networking and Internetworking: Standards and Protocols i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg.

Networking and Internetworking: Standards and Protocols i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg.
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362.

ECE Prof. John A. Copeland fax Office: Klaus 3362.
Lecture 8 Modeling & Simulation of Communication Networks.

Lecture 8 Modeling & Simulation of Communication Networks.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Secure connections.

Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_a

TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_a
Cisco 1 - Networking Basics Perrine. J Page 19/17/2015 Chapter 9 What transport layer protocol does TFTP use? 1.TCP 2.IP 3.UDP 4.CFTP.

Cisco 1 - Networking Basics Perrine. J Page 19/17/2015 Chapter 9 What transport layer protocol does TFTP use? 1.TCP 2.IP 3.UDP 4.CFTP.
Chapter 13 – Network Security

Chapter 13 – Network Security
A day in the life: scenario

A day in the life: scenario
Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,

Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,

Similar presentations

Ads by Google