Download Slide 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Extensible Authentication Protocol wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Net bias wikipedia , lookup

Wireless security wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Internet protocol suite wikipedia , lookup

Deep packet inspection wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Transcript 
An Introduction to Encrypting Messages
on the Internet
Mike Kaderly
INFS 750
Summer 2010
Learning Objectives
 Understand why we need encryption.
 Identify and explain the three types of security
assurance.
 Describe the purposes of the Internet Protocol
Security (IPsec) and it’s related sub-protocols.
 Describe the difference between transport and tunnel
IPsec modes.
Why do we need encryption?
 The Internet is inherently insecure.
 The entire global network is based upon millions of
hosts, switches, firewalls, routers, and the transport
media used to connect these nodes—all of which are
owned, operated and used by a countless number of
people/organizations.
Why do we need encryption?
 Without relying on a recognized authority in charge of
developing security specifications and standards, there
would be no way to secure the information of such a
wide-spread, public network.
 Furthermore, IP packets, as originally designed in the
TCP/IP protocols, have no built-in security
mechanism.
Modern Security Standards
Development
 Internet Engineering Task Force (IETF) develops
TCP/IP and Internet protocol standards
 Composed of volunteer professionals sponsored by both
corporations and governments
 Created in 1986
 Focus is on building consensus for specifications,
backward compatibility and running code *
* http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force
Types of Security Assurances
 Integrity assurance – ensures information has not
been altered during transport.
 Authentication assurance – ensures information is
coming from the true source.
 Confidentiality assurance – ensures the information
has not been read by others who were not intended to
view the information.
Internet Protocol Security (IPsec)
 IPsec is security protocol developed by the IETF
 IPsec defines how packets are made secure from node
to node
 It has been implemented on Windows, Apple, Linux,
Unix and other platforms
 It is application-independent.
Internet Protocol Security (IPsec)
Hybrid TCP/IP-OSI Architecture
Application Layer (Layer 5)
TCP/IP Transport (Layer 4)
TCP/IP Internet (Layer 3)
Data Link (Layer 2)
Physical Layer (Layer 1)
IPsec Standards
Internet Protocol Security (IPsec)
 IPsec is implemented using a number of sub-protocols
with special responsibilities:
 Internet Key Exchange
 Security Association
 Authentication Header
 Encapsulating Security Payload
Internet Key Exchange (IKE)
 The Internet Key Exchange (IKE) service is called upon
to handle the key exchange between two nodes and
allows for the initial handshake.
 IKE supports three types of authentication methods:
pre-shared keys, public key encryption, and digital
signatures (to be discussed later)
Security Association (SA)
 Once an initial connection is created using IKE, the
Security Policy Database on each node is used to
determine the agreed upon rules for encrypting
packets during the lifetime of the communication.
 These rules are collectively called Security
Associations.
* IPv6 Security by Scott CCIE No. 5133 Hogg; Eric Vyncke
Authentication Header (AH)
 Through the use of algorithms, AH provides
authentication and integrity assurances:
Did the packet come from the true source it claims to be
from?
Have the packet contents been modified?
 It may be used separately or in combination with ESP.
 AH guards against replay attack – an attacker takes a
copy of a packet and later resends the packet to the
intended destination node.
Encapsulating Security Payload
(ESP)
 ESP is used to provide authentication, integrity and
confidentiality assurances by encrypting the payload
of the packet.
 It can be used separately or in conjunction with AH
services.
Transport Mode
 Transport mode requires configuration and a digital
certificate and is used between two hosts.
 Only the payload is encrypted/authenticated.
 Used for host to host communications.
 Expensive management on each host computer.
Tunnel Mode
 Tunnel mode implements IPsec between two IPsec-
configured routers.
 The entire packet can be encrypted, authenticated and
is encapsulated within a new packet and new IP
header to make sure the original IP packet is
unchanged.
 Tunnel mode is used to create Virtual Private
Networks (VPN).
Illustration of Tunneling and VPN
http://www.unixwiz.net/techtips/iguide-ipsec.html
Review Questions
 Why is IPsec needed?
 What are the three types of security assurances?
 How does an encrypted IP packet differ from one
without encryption?
 What layer of the TCP/IP-OSI model does IPsec fall
under?
 What are the major differences between transport and
tunnel IPsec modes?
Related documents
Chapter 9
Chapter 9
IPSec (IP Security)
IPSec (IP Security)
Mullvad Barnprogram
Mullvad Barnprogram
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Network Security
Network Security
Slide 1
Slide 1
Slide 1
Slide 1
IPSEC Presentation
IPSEC Presentation
Secure Mobile IP Communication - Department of Computer Science
Secure Mobile IP Communication - Department of Computer Science
Performance-aware Security for Unicast Communication in Hybrid Satellite Networks
Performance-aware Security for Unicast Communication in Hybrid Satellite Networks
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Web Security
Web Security
Security Issues in Mobile Ad
Security Issues in Mobile Ad
presentation source
presentation source
Slides
Slides
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
IPSec
IPSec
Chapter 24 - William Stallings, Data and Computer
Chapter 24 - William Stallings, Data and Computer
Lecture X ISA & IPSecurity
Lecture X ISA & IPSecurity
Slides for lecture 26
Slides for lecture 26
Presentation Title
Presentation Title
CMSC 414 Computer (and Network) Security
CMSC 414 Computer (and Network) Security