SlideShare a Scribd company logo

The Security layer

S
Swetha S

This document provides an overview of network and internet security, focusing on IP Security (IPsec) protocols. It discusses IPsec frameworks that ensure secure communications over the internet by providing authentication, confidentiality, and key management. The document describes IPsec protocols like Authentication Header (AH) and Encapsulating Security Payload (ESP) that provide data integrity and confidentiality. It also explains how IPsec establishes security associations and works in two phases using the Internet Key Exchange protocol to securely exchange keys and negotiate security parameters for authentication and encryption of network traffic.

Education
1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Nadar Saraswathi college of Arts and science Theni Presented by: S.Swetha I M.sc(IT) The Security Layer Department of CS and iT
Network and internet security
Index • Wireless Transport Layer Security (WTLS) • IP Security • IPsec Protocols • Internet Key Exchange (IKE) Protocol • Security Association (SA) • Authentication Header (AH) • Encapsulating Security Payload (ESP) • IPsec key management
Wireless Transport Layer Security (WTLS) • It can be integrated into WAP(Wireless Application Protocol) architecture on top of WDP(Wireless Datagram Protocol). • It supports Datagram and connection oriented transport layer protocols. • Based on TLS/SSL protocol.It can provide different levels of security. • Privacy
The Security layer
IP Security
What is IP Security • Framework of open standards to ensure secure communications over the Internet In short: It is the network layer Internet Security Protocol
IPSEC Service Internet/ Intranet IPSec disabled host Case 1 : Insecure IP Packet IPSec enabled host Case 2 : Secure IP Packet IP Header Upper layer data IP Header IPSec Header Upper layer data
IPSec • general IP Security mechanisms • provides – authentication – confidentiality – key management • applicable to use over LANs, across public & private WANs, & for the Internet
IP sec Application • IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establishing extranet and intranet connectivity with partners – Enhancing electronic commerce security
Security Associations • One of the most important concepts in IPSec is called a Security Association (SA). Defined in RFC 1825. • SAs are the combination of a given Security Parameter Index (SPI) and Destination Address. • SAs are one way. A minimum of two SAs are required for a single IPSec connection. • SAs contain parameters including: – Authentication algorithm and algorithm mode – Encryption algorithm and algorithm mode – Key(s) used with the authentication/encryption algorithm(s) – Lifetime of the key – Lifetime of the SA – Source Address(es) of the SA – Sensitivity level (ie Secret or Unclassified)
IP security scenario
scenario of IPSec usage • An organization maintains LANs at dispersed locations • Non secure IP traffic is conducted on each LAN. • IPSec protocols are used • These protocols operate in networking devices that connect each LAN to the outside world. (router, firewall ) • The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN
Why not use IPSec? • Processor overhead to encrypt & verify each packet can be great. • Added complexity in network design.
Benefits of IPSec • in a firewall/router provides strong security to all traffic crossing the perimeter • in a firewall/router is resistant to bypass • is below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • secures routing architecture
IPsec
Network Layer Security • IP security (IPsec) – Two protocols • Authentication protocol, using an Authentication Header (AH) • Encryption/authentication protocol, called the Encapsulating Security Payload (ESP) – Two modes of operation • Transport mode: provides protection for upper-layer protocols • Tunnel mode: protects the entire IP datagram
IPSec protocols – AH protocol • AH - Authentication Header – Defined in RFC 1826 – Integrity: Yes, including IP header – Authentication: Yes – Non-repudiation: Depends on cryptography algorithm. – Encryption: No – Replay Protection: Yes IP Header AH Header Payload (TCP, UDP, etc) IP Header AH Header Payload (TCP. UDP,etc) IP Header Transport Packet layout Tunnel Packet layout
IPSec protocols – ESP protocol • ESP – Encapsulating Security Payload – Defined in RFC 1827 – Integrity: Yes – Authentication: Depends on cryptography algorithm. – Non-repudiation: No – Encryption: Yes – Replay Protection: Yes IP Header ESP Header Payload (TCP, UDP, etc) IP Header ESP Header Payload (TCP. UDP,etc) IP Header Transport Packet layout Tunnel Packet layout Unencrypted Encrypted
What protocol to use? • Differences between AH and ESP: – ESP provides encryption, AH does not. – AH provides integrity of the IP header, ESP does not. – AH can provide non-repudiation. ESP does not. • However, we don’t have to choose since both protocols can be used in together. • Why have two protocols? – Some countries have strict laws on encryption. If you can’t use encryption in those countries, AH still provides good security mechanisms. Two protocols ensures wide acceptance of IPSec on the Internet.
Data Integrity and Confidentiality Basic difference between AH and ESP
IPSec Protocols (cont) Algorithms Used: Encryption: Symmetric – As IP packets may arrive out of order and Asymmetric algorithms are incredible slow. E.g. DES (Data Encryption Standard)  Authentication: MAC (Message Authentication Codes) based on symmetric encryption algorithms. One way hash functions. (MD5 or SHA-1)
Transport Versus Tunnel Mode Transport Mode: • Used for Peer to Peer communication security • Data is encrypted Tunnel Mode: • Used for site-to-site communication security • Entire packet is encrypted.
Transport versus Tunnel mode (cont) Transport mode is used when the cryptographic endpoints are also the communication endpoints of the secured IP packets. Cryptographic endpoints: The entities that generate / process an IPSec header (AH or ESP) Communication endpoints: Source and Destination of an IP packet
Transport versus Tunnel mode (cont) Tunnel mode is used when at least one cryptographic endpoint is not a communication endpoint of the secured IP packets. Outer IP Header – Destination for the router. Inner IP Header – Ultimate Destination
Transport Mode Tunneling Mode
How IPSec works: Phase 1 • Internet Key Exchange (IKE) is used to setup IPSec. • IKE Phase 1: – Establishes a secure, authenticated channel between the two computers – Authenticates and protects the identities of the peers – Negotiates what SA policy to use – Performs an authenticated shared secret keys exchange – Sets up a secure tunnel for phase 2 – Two modes: Main mode or Aggressive mode • Main Mode IKE .1 Negotiate algorithms & hashes. .2 Generate shared secret keys using a Diffie-Hillman exchange. .3 Verification of Identities. • Aggressive Mode IKE – Squeezes all negotiation, key exchange, etc. into less packets. – Advantage: Less network traffic & faster than main mode.
How IPSec works: Phase 2 – An AH or ESP packet is then sent using the agreed upon “main” SA during the IKE phase 1. – IKE Phase 2 • Negotiates IPSec SA parameters • Establishes IPSec security associations for specific connections (like FTP, telnet, etc) • Renegotiates IPSec SAs periodically • Optionally performs an additional Diffie-Hellman exchange
How IPSec works: Communication • Once Phase 2 has established an SA for a particular connection, all traffic on that connection is communicated using the SA. • IKE Phase 1 exchange uses UDP Port 500. • AH uses IP protocol 51. • ESP uses IP protocol 50.
Key Management

More Related Content

PPTX
Network security
SVijaylakshmi
 
PDF
IP security and VPN presentation
KishoreTs3
 
PDF
Chapter 10 wireless hacking [compatibility mode]
Setia Juli Irzal Ismail
 
PPTX
Practical Security with MQTT and Mosquitto
nbarendt
 
PPTX
VPN
Ketan Paithankar
 
PPTX
IPSec | Computer Network
shubham ghimire
 
PPTX
Wired equivalent privacy (wep)
akruthi k
 
PPT
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
Network security
SVijaylakshmi
 
IP security and VPN presentation
KishoreTs3
 
Chapter 10 wireless hacking [compatibility mode]
Setia Juli Irzal Ismail
 
Practical Security with MQTT and Mosquitto
nbarendt
 
VPN
Ketan Paithankar
 
IPSec | Computer Network
shubham ghimire
 
Wired equivalent privacy (wep)
akruthi k
 
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 

What's hot (18)

PPTX
IPsec
abdullah roomi
 
PPT
Ipsec
Rupesh Mishra
 
PDF
Cracking WEP Secured Wireless Networks
Hammam Samara
 
PPTX
802.11 Wireless, WEP, WPA lecture
Martyn Price
 
PPT
WEP
nashniv
 
PPT
Ip sec and ssl
Mohd Arif
 
PPTX
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
PPT
Ipsec
Baidyanath Dutta
 
PPT
IP security Part 1
CAS
 
PPTX
IP security
shraddha mane
 
PPTX
IPsec vpn
sharetech
 
PPT
Ip security
Dr.K.Sreenivas Rao
 
PDF
8 Authentication Security Protocols
guestfbf635
 
PPT
Overview of ip_security by JetArvind kumar Madhukar
ALLCAD Services Pvt Limited
 
PPTX
IP Sec - Basic Concepts
Avadhesh Agrawal
 
ODP
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
 
PPTX
Wi Fi Security
yousef emami
 
IPsec
abdullah roomi
 
Ipsec
Rupesh Mishra
 
Cracking WEP Secured Wireless Networks
Hammam Samara
 
802.11 Wireless, WEP, WPA lecture
Martyn Price
 
WEP
nashniv
 
Ip sec and ssl
Mohd Arif
 
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Ipsec
Baidyanath Dutta
 
IP security Part 1
CAS
 
IP security
shraddha mane
 
IPsec vpn
sharetech
 
Ip security
Dr.K.Sreenivas Rao
 
8 Authentication Security Protocols
guestfbf635
 
Overview of ip_security by JetArvind kumar Madhukar
ALLCAD Services Pvt Limited
 
IP Sec - Basic Concepts
Avadhesh Agrawal
 
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
 
Wi Fi Security
yousef emami
 
Ad

Similar to The Security layer (20)

PPTX
Module3 rnbtybtybntrbnbrtrg56g56h6yh6yh7yh5h655PPT.pptx
ThanushB1
 
PPTX
Unit 6
KRAMANJANEYULU1
 
PPTX
IPSec and VPN
Abdullaziz Tagawy
 
PPTX
I psecurity
ZainabNoorGul
 
PDF
IP Security
Ambo University
 
PDF
BAIT1103 Chapter 6
limsh
 
PPTX
IP SEC.ptx
MamoonKhan40
 
PDF
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
PPTX
EOC MODULE 3 IP security - SR.pptx engineering college
komalsingh2444
 
PPTX
IP Security
Keshab Nath
 
PPTX
IP Security
sahilshah200
 
PPTX
ip security
Chirag Patel
 
PPTX
Ip Security.pptx
TouseeqHaider11
 
PPT
Chapter_4_InternetSecurity.pptChapter_4_InternetSecurity.pptChapter_4_Interne...
namrataparopate
 
PPTX
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
PDF
ipsec.pdfgvdgvdgdgdgddgdgdgdgdgdgdgdgdgd
zmulani8
 
PDF
IP Security
Dr.Florence Dayana
 
PPTX
Ip security
Naveen Dubey
 
PPTX
CNS UNIT-VI.pptx
nandan543979
 
PPTX
Ipsecurity
Chinmay Patel
 
Module3 rnbtybtybntrbnbrtrg56g56h6yh6yh7yh5h655PPT.pptx
ThanushB1
 
Unit 6
KRAMANJANEYULU1
 
IPSec and VPN
Abdullaziz Tagawy
 
I psecurity
ZainabNoorGul
 
IP Security
Ambo University
 
BAIT1103 Chapter 6
limsh
 
IP SEC.ptx
MamoonKhan40
 
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
EOC MODULE 3 IP security - SR.pptx engineering college
komalsingh2444
 
IP Security
Keshab Nath
 
IP Security
sahilshah200
 
ip security
Chirag Patel
 
Ip Security.pptx
TouseeqHaider11
 
Chapter_4_InternetSecurity.pptChapter_4_InternetSecurity.pptChapter_4_Interne...
namrataparopate
 
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
ipsec.pdfgvdgvdgdgdgddgdgdgdgdgdgdgdgdgd
zmulani8
 
IP Security
Dr.Florence Dayana
 
Ip security
Naveen Dubey
 
CNS UNIT-VI.pptx
nandan543979
 
Ipsecurity
Chinmay Patel
 
Ad

Recently uploaded (20)

PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Pre independence Education in Inndia.pdf
goofy5603
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Lesson notes of climatology university.
sgladness67
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 

The Security layer

  • 1. Nadar Saraswathi college of Arts and science Theni Presented by: S.Swetha I M.sc(IT) The Security Layer Department of CS and iT
  • 3. Index • Wireless Transport Layer Security (WTLS) • IP Security • IPsec Protocols • Internet Key Exchange (IKE) Protocol • Security Association (SA) • Authentication Header (AH) • Encapsulating Security Payload (ESP) • IPsec key management
  • 4. Wireless Transport Layer Security (WTLS) • It can be integrated into WAP(Wireless Application Protocol) architecture on top of WDP(Wireless Datagram Protocol). • It supports Datagram and connection oriented transport layer protocols. • Based on TLS/SSL protocol.It can provide different levels of security. • Privacy
  • 7. What is IP Security • Framework of open standards to ensure secure communications over the Internet In short: It is the network layer Internet Security Protocol
  • 8. IPSEC Service Internet/ Intranet IPSec disabled host Case 1 : Insecure IP Packet IPSec enabled host Case 2 : Secure IP Packet IP Header Upper layer data IP Header IPSec Header Upper layer data
  • 9. IPSec • general IP Security mechanisms • provides – authentication – confidentiality – key management • applicable to use over LANs, across public & private WANs, & for the Internet
  • 10. IP sec Application • IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establishing extranet and intranet connectivity with partners – Enhancing electronic commerce security
  • 11. Security Associations • One of the most important concepts in IPSec is called a Security Association (SA). Defined in RFC 1825. • SAs are the combination of a given Security Parameter Index (SPI) and Destination Address. • SAs are one way. A minimum of two SAs are required for a single IPSec connection. • SAs contain parameters including: – Authentication algorithm and algorithm mode – Encryption algorithm and algorithm mode – Key(s) used with the authentication/encryption algorithm(s) – Lifetime of the key – Lifetime of the SA – Source Address(es) of the SA – Sensitivity level (ie Secret or Unclassified)
  • 13. scenario of IPSec usage • An organization maintains LANs at dispersed locations • Non secure IP traffic is conducted on each LAN. • IPSec protocols are used • These protocols operate in networking devices that connect each LAN to the outside world. (router, firewall ) • The IPSec networking device will typically encrypt and compress all traffic going into the WAN, and decrypt and decompress traffic coming from the WAN
  • 14. Why not use IPSec? • Processor overhead to encrypt & verify each packet can be great. • Added complexity in network design.
  • 15. Benefits of IPSec • in a firewall/router provides strong security to all traffic crossing the perimeter • in a firewall/router is resistant to bypass • is below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • secures routing architecture
  • 16. IPsec
  • 17. Network Layer Security • IP security (IPsec) – Two protocols • Authentication protocol, using an Authentication Header (AH) • Encryption/authentication protocol, called the Encapsulating Security Payload (ESP) – Two modes of operation • Transport mode: provides protection for upper-layer protocols • Tunnel mode: protects the entire IP datagram
  • 18. IPSec protocols – AH protocol • AH - Authentication Header – Defined in RFC 1826 – Integrity: Yes, including IP header – Authentication: Yes – Non-repudiation: Depends on cryptography algorithm. – Encryption: No – Replay Protection: Yes IP Header AH Header Payload (TCP, UDP, etc) IP Header AH Header Payload (TCP. UDP,etc) IP Header Transport Packet layout Tunnel Packet layout
  • 19. IPSec protocols – ESP protocol • ESP – Encapsulating Security Payload – Defined in RFC 1827 – Integrity: Yes – Authentication: Depends on cryptography algorithm. – Non-repudiation: No – Encryption: Yes – Replay Protection: Yes IP Header ESP Header Payload (TCP, UDP, etc) IP Header ESP Header Payload (TCP. UDP,etc) IP Header Transport Packet layout Tunnel Packet layout Unencrypted Encrypted
  • 20. What protocol to use? • Differences between AH and ESP: – ESP provides encryption, AH does not. – AH provides integrity of the IP header, ESP does not. – AH can provide non-repudiation. ESP does not. • However, we don’t have to choose since both protocols can be used in together. • Why have two protocols? – Some countries have strict laws on encryption. If you can’t use encryption in those countries, AH still provides good security mechanisms. Two protocols ensures wide acceptance of IPSec on the Internet.
  • 21. Data Integrity and Confidentiality Basic difference between AH and ESP
  • 22. IPSec Protocols (cont) Algorithms Used: Encryption: Symmetric – As IP packets may arrive out of order and Asymmetric algorithms are incredible slow. E.g. DES (Data Encryption Standard)  Authentication: MAC (Message Authentication Codes) based on symmetric encryption algorithms. One way hash functions. (MD5 or SHA-1)
  • 23. Transport Versus Tunnel Mode Transport Mode: • Used for Peer to Peer communication security • Data is encrypted Tunnel Mode: • Used for site-to-site communication security • Entire packet is encrypted.
  • 24. Transport versus Tunnel mode (cont) Transport mode is used when the cryptographic endpoints are also the communication endpoints of the secured IP packets. Cryptographic endpoints: The entities that generate / process an IPSec header (AH or ESP) Communication endpoints: Source and Destination of an IP packet
  • 25. Transport versus Tunnel mode (cont) Tunnel mode is used when at least one cryptographic endpoint is not a communication endpoint of the secured IP packets. Outer IP Header – Destination for the router. Inner IP Header – Ultimate Destination
  • 27. How IPSec works: Phase 1 • Internet Key Exchange (IKE) is used to setup IPSec. • IKE Phase 1: – Establishes a secure, authenticated channel between the two computers – Authenticates and protects the identities of the peers – Negotiates what SA policy to use – Performs an authenticated shared secret keys exchange – Sets up a secure tunnel for phase 2 – Two modes: Main mode or Aggressive mode • Main Mode IKE .1 Negotiate algorithms & hashes. .2 Generate shared secret keys using a Diffie-Hillman exchange. .3 Verification of Identities. • Aggressive Mode IKE – Squeezes all negotiation, key exchange, etc. into less packets. – Advantage: Less network traffic & faster than main mode.
  • 28. How IPSec works: Phase 2 – An AH or ESP packet is then sent using the agreed upon “main” SA during the IKE phase 1. – IKE Phase 2 • Negotiates IPSec SA parameters • Establishes IPSec security associations for specific connections (like FTP, telnet, etc) • Renegotiates IPSec SAs periodically • Optionally performs an additional Diffie-Hellman exchange
  • 29. How IPSec works: Communication • Once Phase 2 has established an SA for a particular connection, all traffic on that connection is communicated using the SA. • IKE Phase 1 exchange uses UDP Port 500. • AH uses IP protocol 51. • ESP uses IP protocol 50.