Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010.

Published byOpal Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010."— Presentation transcript:

1 1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010

2 2 Agenda IPSec Profile for CCSDS

3 3 What is Network Layer Security? SCPS-NPIP Space Link Subnet: CCSDS Data Link SCPS-SP Other Apps IPSec UDPTCP SCPS-FP TCPOptionsTCPOptions FTP FTPFeaturesFTPFeatures Space extensions to the Socket Interface Common Network- Layer Interface SCPS-TP “TCP Tranquility” options The CCSDS protocol suite supports either “native” or “space enhanced” Internet services, at the discretion of the Project organization Space-optimized IP variant Space-optimized IPSec variant Space extensions to FTP

4 4 IPSec: one protocol, many options Tunnel mode vs. transport mode Default cipher suite (encryption + auth + mode) – Authenticated encryption? – Null encryption (authentication-only)? » ESP w/null encrypt or AH? – What would be allowed? Anti-replay option Keying and rekeying – Pre-placed keys? – IKE auto rekey » Automatic when keys expire – regardless of mission state? » Rekey “now” button?

5 5 Approach: Issues to be resolved Define transport vs. tunnel mode – Eliminate the one not to be used Define default cipher suite(s) Authenticated Encryption or Encryption w/o auth allowed? ESP-only? AH-only? Authentication-only w/o encryption allowed? Keying and rekeying questions – Automated vs. manual

6 6 Summary Look at the IPSec options: – Determine what needs to be kept – Determine what can be eliminated Determine ciphers Determine keying strategy

Download ppt "1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
VPN IPSEC & SSL technology Security and management point of view Lakbabi, A. Lab. Math., Inf. et Applic., Univ. Mohammed V-Agdal, Rabat, Morocco Orhanou,

VPN IPSEC & SSL technology Security and management point of view Lakbabi, A. Lab. Math., Inf. et Applic., Univ. Mohammed V-Agdal, Rabat, Morocco Orhanou,
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
IPSec Access control Connectionless integrity

IPSec Access control Connectionless integrity
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Similar presentations

Ads by Google