SlideShare a Scribd company logo

IP Sec by Amin Pathan

Download as PPT, PDF
aminpathan11
aminpathan11
EducationTechnology
1 of 24
IPSec—An Overview BY Amin Pathan MGM`s Polytechnic, Aurangabad 1
Outline  why IPSec?  IPSec Architecture  Internet Key Exchange (IKE)  IPSec Policy  discussion 2
IP is not Secure!  IP protocol was designed in the late 70s to early 80s – Part of DARPA Internet Project – Very small network All hosts are known!  So are the users!  Therefore, security was not an issue  3
Security Issues in IP  source spoofing  replay packets  no data integrity or confidentiality • DOS attacks • Replay attacks • Spying • and more… Fundamental Issue: Networks are not (and will never be) fully secure 4
Goals of IPSec  to verify sources of IP packets – authentication  to prevent replaying of old packets  to protect integrity and/or confidentiality of packets – data Integrity/Data Encryption 5
Outline  Why IPsec?  IPSec Architecture  Internet Key Exchange (IKE)  IPsec Policy  Discussion 6
The IPSec Security Model Secure Insecure 7
IPSec Architecture ESP AH Encapsulating Security Payload Authentication Header IPSec Security Policy IKE The Internet Key Exchange 8
IPSec Architecture  IPSec provides security in three situations: – Host-to-host, host-to-gateway and gateway-to-gateway  IPSec operates in two modes: – Transport mode (for end-to-end) – Tunnel mode (for VPN) 9
IPsec Architecture Transport Mode Router Router Tunnel Mode 10
Various Packets Original IP header TCP header Transport mode IP header IPSec header TCP header IP header IPSec header Tunnel mode data IP header data TCP header 11 data
IPSec  A collection of protocols (RFC 2401) – Authentication Header (AH)  RFC 2402 – Encapsulating Security Payload (ESP)  RFC 2406 – Internet Key Exchange (IKE)  RFC 2409 – IP Payload Compression (IPcomp)  RFC 3137 12
Authentication Header (AH)  Provides source authentication – Protects against source spoofing   Provides data integrity Protects against replay attacks – Use monotonically increasing sequence numbers – Protects against denial of service attacks  NO protection for confidentiality! 13
AH Details   Use 32-bit monotonically increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit) – Use symmetric key cryptography – HMAC-SHA-96, HMAC-MD5-96 14
Encapsulating Security Payload (ESP)  Provides all that AH offers, and  in addition provides data confidentiality – Uses symmetric key encryption 15
ESP Details  Same as AH: – Use 32-bit sequence number to counter replaying attacks – Use integrity check algorithms  Only in ESP: – Data confidentiality:  Uses symmetric key encryption algorithms to encrypt packets 16
Internet Key Exchange (IKE)  Exchange and negotiate security policies  Establish security sessions – Identified as Security Associations  Key exchange  Key management  Can be used outside IPsec as well 17
IPsec/IKE Acronyms  Security Association (SA) – Collection of attribute associated with a connection – Is asymmetric!    One SA for inbound traffic, another SA for outbound traffic Similar to ciphersuites in SSL Security Association Database (SADB) – A database of SAs 18
IPsec/IKE Acronyms  Security Parameter Index (SPI) – A unique index for each entry in the SADB – Identifies the SA associated with a packet  Security Policy Database (SPD) – Store policies used to establish SAs 19
How They Fit Together SPD SA-1 SA-2 SADB SPI SPI 20
SPD and SADB Example A’s SPD Transport Mode A C B D Tunnel Mode A’s SADB From To Asub Bsub From To Asub Bsub From To Protocol Port Policy A B Any Any AH[HMAC-MD5] From To Protocol SPI SA Record A B AH 12 HMAC-MD5 key Protocol Port Policy Tunnel Dest Any Any ESP[3DES] D Protocol SPI SA Record ESP 14 C’s SPD 3DES key C’s SADB 21
IPsec Policy   Phase 1 policies are defined in terms of protection suites Each protection suite – Must contain the following:     Encryption algorithm Hash algorithm Authentication method Diffie-Hellman Group – May optionally contain the following:   Lifetime … 22
IPSec Policy   Phase 2 policies are defined in terms of proposals Each proposal: – May contain one or more of the following     AH sub-proposals ESP sub-proposals IPComp sub-proposals Along with necessary attributes such as – Key length, life time, etc 23
Resources  IP, IPsec and related RFCs: – http://www.ietf.org/html.charters/ipsec-charter.html – IPsec: RFC 2401, IKE: RFC 2409 – www.freeswan.org  Google search 24

Recommended

Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
IP security
IP securityIP security
IP securityshraddha mane
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2Sourabh Badve
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 

Recommended

Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
IP security
IP securityIP security
IP securityshraddha mane
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2Sourabh Badve
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
Unit 6
Unit 6Unit 6
Unit 6KRAMANJANEYULU1
 
I psec
I psecI psec
I psecnlekh
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsecPACHIYAPPAN PACHIYAPPAS
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
ip security
ip securityip security
ip securityChirag Patel
 
I psec
I psecI psec
I psecahmad1986jor
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 

More Related Content

What's hot

IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
I psec
I psecI psec
I psecnlekh
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 

What's hot (19)

IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
Ip security
Ip security Ip security
Ip security
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Unit 6
Unit 6Unit 6
Unit 6
 
I psec
I psecI psec
I psec
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
IP Security
IP SecurityIP Security
IP Security
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Ipsec
IpsecIpsec
Ipsec
 
Ipsec
IpsecIpsec
Ipsec
 
IP Security
IP SecurityIP Security
IP Security
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
ip security
ip securityip security
ip security
 

Similar to IP Sec by Amin Pathan

The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 

Similar to IP Sec by Amin Pathan (20)

I psec
I psecI psec
I psec
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
The Security layer
The Security layerThe Security layer
The Security layer
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
I psecurity
I psecurityI psecurity
I psecurity
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet Protocols
 
IPSec
IPSecIPSec
IPSec
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .ppt
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
IPSEC
IPSECIPSEC
IPSEC
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
 
05 06 ike
05 06 ike05 06 ike
05 06 ike
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 

More from aminpathan11

4 g technology by amin
4 g technology by amin4 g technology by amin
4 g technology by aminaminpathan11
 
Cloud computing by amin
Cloud computing by aminCloud computing by amin
Cloud computing by aminaminpathan11
 
Access control by amin
Access control by aminAccess control by amin
Access control by aminaminpathan11
 
Tracing an email by Amin Pathan
Tracing an email by Amin PathanTracing an email by Amin Pathan
Tracing an email by Amin Pathanaminpathan11
 
Human resource management by Amin
Human resource management by AminHuman resource management by Amin
Human resource management by Aminaminpathan11
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathanaminpathan11
 
VPN by Amin Pathan
VPN by Amin PathanVPN by Amin Pathan
VPN by Amin Pathanaminpathan11
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and applicationaminpathan11
 
Forms of ownerships in Management
Forms of ownerships in ManagementForms of ownerships in Management
Forms of ownerships in Managementaminpathan11
 

More from aminpathan11 (15)

E wallet by amin
E wallet by aminE wallet by amin
E wallet by amin
 
4 g technology by amin
4 g technology by amin4 g technology by amin
4 g technology by amin
 
Cloud computing by amin
Cloud computing by aminCloud computing by amin
Cloud computing by amin
 
Hololens
HololensHololens
Hololens
 
Biometric by amin
Biometric by aminBiometric by amin
Biometric by amin
 
Access control by amin
Access control by aminAccess control by amin
Access control by amin
 
Tracing an email by Amin Pathan
Tracing an email by Amin PathanTracing an email by Amin Pathan
Tracing an email by Amin Pathan
 
Human resource management by Amin
Human resource management by AminHuman resource management by Amin
Human resource management by Amin
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathan
 
VPN by Amin Pathan
VPN by Amin PathanVPN by Amin Pathan
VPN by Amin Pathan
 
ISDN
ISDNISDN
ISDN
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
 
PSTN
PSTNPSTN
PSTN
 
Management
ManagementManagement
Management
 
Forms of ownerships in Management
Forms of ownerships in ManagementForms of ownerships in Management
Forms of ownerships in Management
 

Recently uploaded

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 

Recently uploaded (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 

IP Sec by Amin Pathan

  • 1. IPSec—An Overview BY Amin Pathan MGM`s Polytechnic, Aurangabad 1
  • 2. Outline  why IPSec?  IPSec Architecture  Internet Key Exchange (IKE)  IPSec Policy  discussion 2
  • 3. IP is not Secure!  IP protocol was designed in the late 70s to early 80s – Part of DARPA Internet Project – Very small network All hosts are known!  So are the users!  Therefore, security was not an issue  3
  • 4. Security Issues in IP  source spoofing  replay packets  no data integrity or confidentiality • DOS attacks • Replay attacks • Spying • and more… Fundamental Issue: Networks are not (and will never be) fully secure 4
  • 5. Goals of IPSec  to verify sources of IP packets – authentication  to prevent replaying of old packets  to protect integrity and/or confidentiality of packets – data Integrity/Data Encryption 5
  • 6. Outline  Why IPsec?  IPSec Architecture  Internet Key Exchange (IKE)  IPsec Policy  Discussion 6
  • 7. The IPSec Security Model Secure Insecure 7
  • 8. IPSec Architecture ESP AH Encapsulating Security Payload Authentication Header IPSec Security Policy IKE The Internet Key Exchange 8
  • 9. IPSec Architecture  IPSec provides security in three situations: – Host-to-host, host-to-gateway and gateway-to-gateway  IPSec operates in two modes: – Transport mode (for end-to-end) – Tunnel mode (for VPN) 9
  • 11. Various Packets Original IP header TCP header Transport mode IP header IPSec header TCP header IP header IPSec header Tunnel mode data IP header data TCP header 11 data
  • 12. IPSec  A collection of protocols (RFC 2401) – Authentication Header (AH)  RFC 2402 – Encapsulating Security Payload (ESP)  RFC 2406 – Internet Key Exchange (IKE)  RFC 2409 – IP Payload Compression (IPcomp)  RFC 3137 12
  • 13. Authentication Header (AH)  Provides source authentication – Protects against source spoofing   Provides data integrity Protects against replay attacks – Use monotonically increasing sequence numbers – Protects against denial of service attacks  NO protection for confidentiality! 13
  • 14. AH Details   Use 32-bit monotonically increasing sequence number to avoid replay attacks Use cryptographically strong hash algorithms to protect data integrity (96-bit) – Use symmetric key cryptography – HMAC-SHA-96, HMAC-MD5-96 14
  • 15. Encapsulating Security Payload (ESP)  Provides all that AH offers, and  in addition provides data confidentiality – Uses symmetric key encryption 15
  • 16. ESP Details  Same as AH: – Use 32-bit sequence number to counter replaying attacks – Use integrity check algorithms  Only in ESP: – Data confidentiality:  Uses symmetric key encryption algorithms to encrypt packets 16
  • 17. Internet Key Exchange (IKE)  Exchange and negotiate security policies  Establish security sessions – Identified as Security Associations  Key exchange  Key management  Can be used outside IPsec as well 17
  • 18. IPsec/IKE Acronyms  Security Association (SA) – Collection of attribute associated with a connection – Is asymmetric!    One SA for inbound traffic, another SA for outbound traffic Similar to ciphersuites in SSL Security Association Database (SADB) – A database of SAs 18
  • 19. IPsec/IKE Acronyms  Security Parameter Index (SPI) – A unique index for each entry in the SADB – Identifies the SA associated with a packet  Security Policy Database (SPD) – Store policies used to establish SAs 19
  • 20. How They Fit Together SPD SA-1 SA-2 SADB SPI SPI 20
  • 21. SPD and SADB Example A’s SPD Transport Mode A C B D Tunnel Mode A’s SADB From To Asub Bsub From To Asub Bsub From To Protocol Port Policy A B Any Any AH[HMAC-MD5] From To Protocol SPI SA Record A B AH 12 HMAC-MD5 key Protocol Port Policy Tunnel Dest Any Any ESP[3DES] D Protocol SPI SA Record ESP 14 C’s SPD 3DES key C’s SADB 21
  • 22. IPsec Policy   Phase 1 policies are defined in terms of protection suites Each protection suite – Must contain the following:     Encryption algorithm Hash algorithm Authentication method Diffie-Hellman Group – May optionally contain the following:   Lifetime … 22
  • 23. IPSec Policy   Phase 2 policies are defined in terms of proposals Each proposal: – May contain one or more of the following     AH sub-proposals ESP sub-proposals IPComp sub-proposals Along with necessary attributes such as – Key length, life time, etc 23
  • 24. Resources  IP, IPsec and related RFCs: – http://www.ietf.org/html.charters/ipsec-charter.html – IPsec: RFC 2401, IKE: RFC 2409 – www.freeswan.org  Google search 24