SlideShare a Scribd company logo

rooster-ipsecindepth.ppt

Download as PPT, PDF
I
ImXaib

IPSec uses two protocols to provide security for IP packets: the Encapsulating Security Payload (ESP) and Authentication Header (AH). ESP provides both encryption and authentication, and can operate in either transport or tunnel mode. AH provides authentication through cryptographic integrity checks on packet headers and data. Internet Key Exchange (IKE) negotiates the security associations (SAs) needed to implement IPSec by using either pre-shared keys or digital certificates. IKE has two phases - main mode negotiates the IKE SA while quick mode establishes IPSec SAs to protect data transmission.

Education
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
IPSec In Depth
Encapsulated Security Payload (ESP) • Must encrypt and/or authenticate in each packet • Encryption occurs before authentication • Authentication is applied to data in the IPSec header as well as the data contained as payload
IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PadLength NextHdr Seq# Keyed Hash 22-36 bytes total InitVector ESP is IP protocol 50 Insert Append © 2000 Microsoft Corporation
IPSec ESP Tunnel Mode Data TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation ESP Trailer
Authentication Header (AH) • Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out • If both ESP and AH are applied to a packet, AH follows ESP
IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len Rsrv SecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert © 2000 Microsoft Corporation
IPSec AH Tunnel Mode Data TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr Data TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation
Internet Key Exchange (IKE) • Phase I – Establish a secure channel(ISAKMP SA) – Authenticate computer identity • Phase II – Establishes a secure channel between computers intended for the transmission of data (IPSec SA)
Main Mode • Main mode negotiates an ISAKMP SA which will be used to create IPSec Sas • Three steps – SA negotiation – Diffie-Hellman and nonce exchange – Authentication
Main Mode (Kerberos) Initiator Responder Header, SA Proposals Header, Selected SA Proposal Header, D-H Key Exchange, Noncei, Kerberos Tokeni Header, D-H Key Exchange, Noncer, Kerberos Tokenr Header, Idi, Hashi Header, Idr, Hashr Encrypted
Main Mode (Certificate) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Certificatei, Signaturei, Certificate Request Header, D-H Key Exchange, Noncer,Certificate Request Header, Idr, Certificater, Signaturer Encrypted Header, SA Proposals Header, Selected SA Proposal
Main Mode (Pre-shared Key) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Hashi Header, D-H Key Exchange, Noncer Header, Idr, Hashr Encrypted Header, SA Proposals Header, Selected SA Proposal
Quick Mode • All traffic is encrypted using the ISAKMP Security Association • Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)
Quick Mode Negotiation Header, Hash Header, Connected Notification Encrypted Initiator Responder Header, IPSec Selected SA Header, IPSec Proposed SA

More Related Content

PPT
Rooster ipsecindepth
dharajani
 
PPT
IP security Part 1
CAS
 
DOC
Ipsec rbe guide
Wahyu Nasution
 
PPTX
IP SEC.ptx
MamoonKhan40
 
PPTX
Cyber forensics
Gopal Karthik
 
PDF
Working Survey of Authentication Header and Encapsulating Security Payload
ijtsrd
 
PPT
Ip sec talk
anoean
 
PPTX
Ip security
JithuK6
 
Rooster ipsecindepth
dharajani
 
IP security Part 1
CAS
 
Ipsec rbe guide
Wahyu Nasution
 
IP SEC.ptx
MamoonKhan40
 
Cyber forensics
Gopal Karthik
 
Working Survey of Authentication Header and Encapsulating Security Payload
ijtsrd
 
Ip sec talk
anoean
 
Ip security
JithuK6
 

Similar to rooster-ipsecindepth.ppt (20)

PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PDF
IPsec for IMS
Hossein Yavari
 
PPTX
Ipsecurity
Chinmay Patel
 
PPT
IP Sec by Amin Pathan
aminpathan11
 
PDF
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
PPTX
Unit 6
KRAMANJANEYULU1
 
PPTX
IP Security
Keshab Nath
 
PPTX
Cryptography and network security
PriyadharshiniVS
 
PPTX
Cryptography and Network security # Lecture 8
Kabul Education University
 
PPTX
OHCSCP1106 IPSec VPN and Its Applications ISSUE 3.0.pptx
fahmeedakram1
 
PPT
IPSec Overview
davisli
 
PPT
IPSec
davisli
 
PPT
I psec
ahmad1986jor
 
PPT
IP Security in Network Security NS6
koolkampus
 
PDF
IP Security
Dr.Florence Dayana
 
PPTX
I psecurity
ZainabNoorGul
 
PPT
Chapter 6
jaymehta971
 
PPT
Ip security in i psec
Mohd Arif
 
PDF
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
PPT
Ip Sec Rev1
Ram Dutt Shukla
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
IPsec for IMS
Hossein Yavari
 
Ipsecurity
Chinmay Patel
 
IP Sec by Amin Pathan
aminpathan11
 
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
Unit 6
KRAMANJANEYULU1
 
IP Security
Keshab Nath
 
Cryptography and network security
PriyadharshiniVS
 
Cryptography and Network security # Lecture 8
Kabul Education University
 
OHCSCP1106 IPSec VPN and Its Applications ISSUE 3.0.pptx
fahmeedakram1
 
IPSec Overview
davisli
 
IPSec
davisli
 
I psec
ahmad1986jor
 
IP Security in Network Security NS6
koolkampus
 
IP Security
Dr.Florence Dayana
 
I psecurity
ZainabNoorGul
 
Chapter 6
jaymehta971
 
Ip security in i psec
Mohd Arif
 
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
Ip Sec Rev1
Ram Dutt Shukla
 
Ad

More from ImXaib (20)

PPTX
cellular-communication-system presentation.pptx
ImXaib
 
PPTX
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
PPTX
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
PPTX
Advance Machine Learning presentation.pptx
ImXaib
 
PPTX
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
PPTX
ERD introduction in databases model.pptx
ImXaib
 
PPTX
SDA presentation the basics of computer science .pptx
ImXaib
 
PPTX
terminal a clear presentation on the topic.pptx
ImXaib
 
PPTX
What is Machine Learning_updated documents.pptx
ImXaib
 
PPTX
Grid Computing and it's applications.PPTX
ImXaib
 
PDF
Firewall.pdf
ImXaib
 
PPT
4966709.ppt
ImXaib
 
PPT
lecture2.ppt
ImXaib
 
PPTX
Tools.pptx
ImXaib
 
PPT
lec3_10.ppt
ImXaib
 
PPT
ch12.ppt
ImXaib
 
PPT
Fullandparavirtualization.ppt
ImXaib
 
PPT
mis9_ch08_ppt.ppt
ImXaib
 
PPT
Policy formation and enforcement.ppt
ImXaib
 
PPT
Database schema architecture.ppt
ImXaib
 
cellular-communication-system presentation.pptx
ImXaib
 
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
Advance Machine Learning presentation.pptx
ImXaib
 
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
ERD introduction in databases model.pptx
ImXaib
 
SDA presentation the basics of computer science .pptx
ImXaib
 
terminal a clear presentation on the topic.pptx
ImXaib
 
What is Machine Learning_updated documents.pptx
ImXaib
 
Grid Computing and it's applications.PPTX
ImXaib
 
Firewall.pdf
ImXaib
 
4966709.ppt
ImXaib
 
lecture2.ppt
ImXaib
 
Tools.pptx
ImXaib
 
lec3_10.ppt
ImXaib
 
ch12.ppt
ImXaib
 
Fullandparavirtualization.ppt
ImXaib
 
mis9_ch08_ppt.ppt
ImXaib
 
Policy formation and enforcement.ppt
ImXaib
 
Database schema architecture.ppt
ImXaib
 
Ad

Recently uploaded (20)

PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Pre independence Education in Inndia.pdf
goofy5603
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
master seminar digital applications in india
ananyaray35
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 

rooster-ipsecindepth.ppt

  • 2. Encapsulated Security Payload (ESP) • Must encrypt and/or authenticate in each packet • Encryption occurs before authentication • Authentication is applied to data in the IPSec header as well as the data contained as payload
  • 3. IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PadLength NextHdr Seq# Keyed Hash 22-36 bytes total InitVector ESP is IP protocol 50 Insert Append © 2000 Microsoft Corporation
  • 4. IPSec ESP Tunnel Mode Data TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation ESP Trailer
  • 5. Authentication Header (AH) • Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out • If both ESP and AH are applied to a packet, AH follows ESP
  • 6. IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len Rsrv SecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert © 2000 Microsoft Corporation
  • 7. IPSec AH Tunnel Mode Data TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr Data TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation
  • 8. Internet Key Exchange (IKE) • Phase I – Establish a secure channel(ISAKMP SA) – Authenticate computer identity • Phase II – Establishes a secure channel between computers intended for the transmission of data (IPSec SA)
  • 9. Main Mode • Main mode negotiates an ISAKMP SA which will be used to create IPSec Sas • Three steps – SA negotiation – Diffie-Hellman and nonce exchange – Authentication
  • 10. Main Mode (Kerberos) Initiator Responder Header, SA Proposals Header, Selected SA Proposal Header, D-H Key Exchange, Noncei, Kerberos Tokeni Header, D-H Key Exchange, Noncer, Kerberos Tokenr Header, Idi, Hashi Header, Idr, Hashr Encrypted
  • 11. Main Mode (Certificate) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Certificatei, Signaturei, Certificate Request Header, D-H Key Exchange, Noncer,Certificate Request Header, Idr, Certificater, Signaturer Encrypted Header, SA Proposals Header, Selected SA Proposal
  • 12. Main Mode (Pre-shared Key) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Hashi Header, D-H Key Exchange, Noncer Header, Idr, Hashr Encrypted Header, SA Proposals Header, Selected SA Proposal
  • 13. Quick Mode • All traffic is encrypted using the ISAKMP Security Association • Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)
  • 14. Quick Mode Negotiation Header, Hash Header, Connected Notification Encrypted Initiator Responder Header, IPSec Selected SA Header, IPSec Proposed SA