IP Security. Outline. Introduction IP security Overview IP security Applications IP security Scenario IP security Benefits IP security Architecture Security Associations Combinations of SA’s Key Exchange Management. Basic Objective: Secure IP. Should achieve the following:
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Should achieve the following:
“Provides the facilities for inter-connecting end systems across multiple networks.”
Routers must cope with heterogeneous networks.
//The next slides shows the architecture of TCP/IP suite.//
“End system X wants to send a data packet to end system Y.”
at several dispersed locations.
-Within each LAN, IP traffic is not secured.
-For Inter-LAN traffic (over the Internet
or a WAN), IPSec protocols are used.
// User workstation must implement IPSec protocols//
//no need to change software on end systems.//
-IPSec can be transparent to end users.
//no need to train end users on security mechanisms.//
1. Architecture: Covers general concepts, security requirements, etc.
2. Encapsulating Security Payload (ESP): Covers the issues of packet encryption.
3. Authentication header (AH): Cover issues of packet authentication
4.Encryption Algorithms: how various encryption algos are used for ESP.
5. Authentication Algorithms: How various authentication algorithms are used for AH and authentication option of ESP.
6. Key Management: Documents that describe key management.
7. Domain of Interpretation (DOI): Defines payload formats, exchange types, and conventions for naming security
1. Authentication Header (AH): an authentication protocol.
2. Encapsulating Security Payload (ESP): a combined encryption and authentication protocol.
//Used by receiver to select the SA.//
//may be an end user system, a firewall or a router//
1. Data integrity of a packet.
2. Authentication of a packet.
3. Also guards against replay attacks.
1. Provides confidentiality services.
2. Provides limited authentication service.
3. Also provides limited traffic confidentiality.