MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)"

Transcription

1 MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic of China, { changyc, hcc,m *Department of Electronic Engineering Ta Hwa Institute of Technology, Hsinchu, Taiwan, ROC ABSTRACT: Due to the prevalence of Internet and mobile communications, people sending messages through Internet has concentrated on security and encryption regarding data transmission. VPN (Virtual Private Network) is the way to keep personal data secured by sending data through the public network. Following the rapid growth of network and the decrease of IPv4 network addresses, the Internet Engineering Task Force (IETF) has initiated the promotion of next generation IP (IPv6) [3] instead of the current IPv4. IPv6 supports the mobility and security of mobile communication environments. Since the VPN currently does not support cellular mobile IPv6, the goal of this paper is to construct a MPLS VPN framework in the cellular mobile IPv6 (CMIv6) [1] environment, and use the IPSEC [2] defined by IETF to keep the security and integrity of data transmission for future mobile communication systems. Key words: MPLS, VPN (Virtual Private Network), IPSEC, Cellular Mobile IPv6 1. Introduction In the mobile communication environments, Mobile IP is defined to provide users roaming everywhere and transmit information freely. It integrates communication and network systems into Internet. The Mobile IPv6 concepts are similar to Mobile IP, and some new functions of IPv6 bring new features and schemes for mobility support. Two major problems in mobile environments are packet loss and handoff. To solve those problems, the CMIv6 were proposed. The MPLS network provides high-speed IP forwarding and large scalability in the backbone network. One of the major applications of MPLS is the secure VPN [15]. MPLS VPN offers the same level of security as connection-oriented VPN. The VPN describes a technology that supports security services for transmitting encryption data on the public network. IPSEC provides the security service at IP layer, socalled layer-three network security protocol. It can be used to protect one or more paths between a pair of hosts, a pair of security gateways, or a security gateway and a host. This paper is structured as follows. Section2 presents the Mobile Environment briefly. Section3 presents security concerns. Section4 describes the Cellular Mobile IPv6 security mechanism. Section5 presents the conclusions and future work. 2. Mobile Environment 2.1 Mobile IP In the mobile communication environment, Mobile IP is defined to provide users roaming everywhere and integrate communication and network systems into Internet. The IETF Mobile IP defines three functional entities, and its mobility protocols must be implemented: Mobile Node (MN) Changing its link from one to the other, a node using permanent IP home address connects to the Internet. Home Agent A router with an interface connects to mobile node s home link. 1) As the mobile node moves form one link to another, it keeps informed of its current location to the Home Agent by its care-of-address. 2) Home Agent advertises the network-prefix of mobile node s home address. Therefore, packets are destined to the mobile node s home address. 3) Home Agent intercepts packets destined to the mobile node s home address and tunnels them to the mobile node s current location (to the care-of-address). Foreign Agent A router stays on a mobile node s foreign link. 1) Foreign Agent serves the mobile node with informing its home agent of current care-of-address. 2) Foreign Agent provides a care -of-address and detunnel packets for the mobile node that has been tunneled by home agent. 3) When the mobile node connects to the foreign link, Foreign Agent is set to a default router to transmit packets. 2.2 Mobile IPv6 At the beginning, Mobile IP is based on and is compatible with IPv4. The Mobile IPv6 concepts are similar to Mobile IP, and some new functions of IPv6 bring new features and schemes for mobility support. Plug and Play When the mobile node enters a subnet, it can get an IPv6 address from the auto-configuration mechanism of IPv6. In Mobile IPv6, the MN will require a care -ofaddress in a foreign network in the same mechanism. Multiple Care-of-Address and Soft Handoff

2 To overcome the packet loss, the MN will be able to get multiple care -of-address in the wireless communication environment. Thus, the MN can connect one or more base stations (BS) simultaneously. This scenario can be described as a smooth handoff or a soft handoff when the MN moves within the cells of base stations. No Foreign Agent In Mobile IP, an MN registers an address to an FA to build an IP tunnel so that FA can forward the packets to the MN. But in Mobile IPv6, the MN can get a new IPv6 address when the MN enters to another sub-network. Thus, the FA does not need to exist any more. In other words, the FA is replaced by the IPv6 network and the MN itself. Destination Option Header IPv6 defines several kinds of extension headers that can be used to provide extra information in the header of IPv6 packets [7]. Destination Option Header is one of those extension headers and is used for Mobile IPv6 to inform various nodes of their care-of-address [12]. 2) An MN obtains a care-of-address with stateless autoconfiguration in foreign link. Care-of-address = prefix MAC address Figure 1. The framework of Cellular Mobile IPv6 constructed with FHA. 3) A smart router with FHA records the linking status of MN in cache table. 4) MN notifies its care-of-address to Home Agent and Corresponding Node with biding update messages. (Figure 2) Security Support The IP Authentication Header of IPv6 is mandatory for IPv6 nodes. It could provide a mechanism for wide-scale of route-optimization techniques. It can protect routing header, destination operation header, and tunneling under mobile situations. 2.3 Cellular Mobile IPv6 The Mobile IPv6 does not solve the interruption problem of handoff in cellular network. By reducing the delay time and the packet loss of handoff, the seamless handoff can be obtained. Cellular Mobile IPv6 (CMIv6) algorithm provides the way to reduce the packet loss. There are two main mechanisms in CMIv6: Foreign Home Agent (FHA) or Forward Agent (FA) and Cellular Multicasting (CM). FHA is placed in the foreign network, and the principal difference between Mobile IPv4 and CMIv6 is that FHA is not a host or server, it is treated to be a router (or switch) with improved IPv6 protocols. FHA transfers and forwards packets like a layer three IPv6 router or switch. A counter set in the MN to record the handoff frequency. If the MN compares the counter that exceeds the maximum update rate, MN will send the IGMP report message to notify FHA. Packets sent by the CN are delivered to the MN through FHA and forwarded by the FHA according to the IGMP report message in tunneling multicasting. The FHA and the CM (Cellular Multicasting) component in CMIv6 are proposed to reduce the time of forwarding packets and packet loss. Figure 1 shows the framework of Cellular Mobile IPv6 constructed with FHA. The CMIv6 mechanism is described as follows: 1) An MN enters the cellular network and determines its current location using the IPv6 Router Discovery. Figure 2. MN transmits biding update messages to HA and CN. 5) CN transmits packets to MN with its care-of-address. (Figure 3) Figure 3. CN transmits packets to MN with its care-of-address. 6) MN obtains another care-of-address when the MN moves into the overlap cellular between two base stations. 7) MN notifies HA and CN with biding update messages and HA and CN return biding acknowledge messages to MN. FHA records the alteration of MN location. Whenever CN hasn t received the binding update messages from MN yet, the packets transmitted by CN to MN are still forwarded to the previous location of MN.

3 FHA matches the packet s MAC address in cache table and transmits to the MN in the new foreign link. Figure 4. FHA compares the MAC address of packets and sends packets to new destination of MN. 3. Security 3.1 MPLS VPN In the MPLS network, it provides high-speed IP forwarding and large scalability in the backbone network. One of the major applications of MPLS is the secure VPN (Figure5). MPLS VPN offers the same level of security as connection-oriented VPN [15]. VPN traffic is kept separate in MPLS networks. Besides, MPLS supports the quality of service and traffic engineering services The main concepts of VPN are Tunneling and Security Association. Tunneling is the process of placing an entire packet within another packet and sending it over a network. Security Association (SA) is a simplex "connection" that affords security services to the traffic carried by it. Figure5 Architecture of MPLS VPN The basic function of VPN [8,9,10] includes tunneling, encryption and decryption, authentication and key management. In this paper we use the IPSEC protocol (embedded for IPv6) to provide the security service in Mobile IPv6 environment. 3.2 IPSEC IPSEC provides the security service at IP layer, socalled layer-three network security protocol. IPSEC can be used to protect one or more paths between a pair of hosts, a pair of security gateways, or a security gateway and a host. IPSEC protocol divides into three main scopes [2]: 1) Authentication Header (AH) provides connectionless integrity, data origin authentication, and an optional anti-replay service. 2) Encapsulating Security Payload (ESP) provides confidentiality (encryption), and limited traffic flow confidentiality. It may also provide connectionless integrity, data origin authentication, and an anti-replay service. 3) Internet Security Association and Key Management Protocol, ISAKMP [13]: provides auto-configuration of Security Association and manages the encryption and authentication of key exchange. The algorithm of AH is HMAC (Hashed Message Authentication Codes). For example, calculate the value from MD5 (Message Digest 5) [14] can authenticate the authentication and integrity of packets in the receiver. The difference between AH and ESP is the ESP confidentiality for the payload. The format of ESP header shows in Figure 6. Figure 6. Header of ESP There are two different modes: transport mode and tunnel mode. In transport mode, the security headers are added before the transport layer headers. An AH added to the packet will cover the TCP header. An ESP header will cover the TCP header and payload (Figure 7). To reduce the bandwidth, the IP header is not authenticated and encrypted. It can be monitored or intercepted during the transmission. In tunnel mode, both AH and ESP headers are used to cover the entire packet (Figure 8). The IP header and IP payload are both authenticated. Usually, the tunnel mode is used between two firewalls to provide the secure connection. ISAKMP (Internet Security Association and Key Management Protocol) [13] currently uses the IKE (Internet Key Exchange) for IPSEC. ISAKMP manages the exchange of cryptographic keys in two-phase processes. Phase I Two ISAKMP peers establish a secure channel with a Security Association (SA). SA is a single, unidirectional flow of data between two IPSEC nodes. Phase II

4 This phase is responsible for establishing the tunnels or SA of endpoint between IPSEC hosts. Figure9. Using VPN Tunnel, CN gets information of MN from HA. Figure 7. Transport mode and tunnel mode of AH Figure 8. Transport mode and tunnel mode of ESP In Phas1, it needs a lot of CPU resources to authenticate and provide integrity protection. In Phase 2, there is no need to repeat a full authentication like the one done in Phase 1. And according to the secure environment built in the Phase 1, Phase 2 sets the SA of AH and ESP. 4. Cellular Mobile IPv6 Security Mechanism We use VPN technology in the CMIv6 mechanism to provide the security transmission. Here are the assumptions in this paper: 1) There are several base stations connected to FHA. The MN, CN, HA, FHA are the equipments with VPN function, and the connections between them are authorized. 2) The creation, encryption, decryption of VPN Tunnel and the management of key exchange follow the IPSEC standards [2,11,12,13] 3) In the Cellular Mobile IPv6 environment, the biding update messages and the biding acknowledgements transmitted between MN to CN and HA are known deservedly. The secure mechanism CMIv6 is described below: 1) CN gets the address and relative security information of MN from HA when CN wants to transmit data to MN. (Figure 9) Figure10. VPN Tunnels are constructed between CN and FHA, FHA and MN 3) Then MN establishes the new VPN Tunnel to FHA when the MN roams from subnet A to subnet B. The FHA forwards the packets transmitted from CN to MN in the new subnet B by comparing the MAC address of packets. (Figure 11) Figure 11. CN uses the VPN Tunnels to transmit packets to MN. 4) When the MN roams from subnet B to subnet C suddenly, there is no VPN Tunnel established between MN and FHA2. At this time, the MN transmits the binding update message to CN and HA. CN does not establish new VPN Tunnel to the new FHA2, so it still transmits packets to the old FHA. (Figure12) 2) VPN Tunnels are established between CN and FHA, FHA and MN to exchange secure information. (Figure10) Figure 12. CN transmits packets to old FHA1 when MN roams into new subnet B.

5 5) According to the messages from MN, the FHA2 establishes a new VPN Tunnel to FHA1, and FHA1 forwards the packets from CN to FHA2.(Figure 13 issue is that the Mobile Node performs the function of label switch router and establishes label switch patches to Home Agent. Acknowledgements This work is partially supported by National Science Council of Taiwan, R.O.C., under grand number NSC E Figure 13. New VPN Tunnel is established between FHA1 and FHA2. 6) CN establishes the new VPN Tunnel to FHA2, transmits packets to MN, and cuts off the VPN between FHA1 and FHA2. (Figure 14) Figure 14. New VPN Tunnel is established between CN and FHA2. The computation of encryption and decryption data needs a lot of resources (CPU, memory, battery). We can set the VPN function to be optional selections to save the power of MN in the secured CMIv6 mechanism. Once the CN wants to transmit packet with security encryption, the VPN function of MN will be set at ON to enable the security of CMIv6 mechanism. 5. Conclusions and Future Work The Mobile IP provides the mobility of mobile node to roam within different base stations. The mobile environment evolves into Mobile IPv6 with the benefits of IPv6. CMIv6 mechanism is proposed to solve the packet loss and the hand off problems in the Mobile IPv6. The security issues of VPN and IPSEC can provide the encryption, integrity and authorization of CMIv6 mechanism in Mobile Internet. To transmit secure data in the Internet is significant and essential now, especially for the mobile computation environment. This paper uses the VPN technology and IPSEC protocol to provide the security mechanism in CMIv6. Far more, this mechanism can be an optional function for mobile node to save power of computation security information. In the future, combining the benefits of MPLS core network and secure function of VPN into the Mobile IPv6 environment is feasible and practicable. The key Reference [1] H. C. Chao, Y. M. Chu and M. T. Lin, The Implementation of the Next -Generation Wireless Network Design: Cellular Mobile IPv6, IEEE Transaction on Consumer Electronics, vol.46, no.3, August [2] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF, RFC 2401, November [3] S. Deering and R. Hinden, Internet Protocol, Version 6(IPv6) Specification, IETF, RFC 2460, December [4] C. Perkins, IP Mobility Support, IETF, RFC 2002, October [5] S. Thompson and T. Narten, IPv6 Stateless Address Autoconfiguration, IETF, RFC2462, December [6] James D. Solomon, Mobile IP, the Internet Unplugged, Prentice Hall PTR, [7] Han-Chieh Chao, and Y. M. Chu Seamless Support for Mobile Internet Protocol Based Cellular Environments to appear in the International Journal of Wireless Information Networks. [8] W. Fumy and H. P. Rieb, Network Security Management, Advanced Communications and Application for High Speed Networks, pp , [9] D. Snow and W. Chang, Network Security, Telesystems Conference NTC-92, pp.15/13-15/16, [10] B. C. Soh and S. Young, Network System and World Wide Web Security, Computer Communication, vol.20, pp , [11] S. Kent and R. Atkinson, IP Authentication Header, IETF, RFC 2402, November [12] S. Kent and R. Atkinson, IP Encapsulating Security Payload, IETF, RFC 2406, November [13] D. Maughan, M. Schertler, M. Schneider and J.Turner, Internet Security Association and Key Management Protocol, IETF, RFC 2408, November [14] C. Madson and R. Glenn, The Use of HMAC- MD5-96 within ESP and AH, IETF, RFC 2403, November 1998 [15] K. Muthukrishnan, C. Kathirvelu, T. Walsh, "A Core MPLS IP VPN Architecture "IETF, RFC 2917, July

Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT-UPM. dit UPM Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Protocol Security Where?

Protocol Security Where? IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

More information

Mobility on IPv6 Networks

Mobility on IPv6 Networks Mobility on IPv6 Networks Pedro M. Ruiz Project Manager Agora Systems S.A. Global IPv6 Summit Madrid 13-15 March 2002 Pedro M. Ruiz (c) Agora Systems S.A, 2002 1 Outline Motivation MIPv6 architecture MIPv6

More information

IPv6, Mobile IP & Mobile IPv6. Tolga Numanoglu

IPv6, Mobile IP & Mobile IPv6. Tolga Numanoglu IPv6, Mobile IP & Mobile IPv6 Tolga Numanoglu Outline IPv6 Background Features Details Mobile IP Mobile Node, Home Agent, Foreign Agent Mobile IPv6 What s different? IPv6 Background IP has been patched

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Authentication and Encryption Janice Regan, 2006-2013 1 Janice Regan, 2006-2013 2 IPsec usage Host to host May use transport mode May use tunnel mode Security Gateway to Security

More information

Mobile IP Part I: IPv4

Mobile IP Part I: IPv4 Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

Available online Journal of Scientific and Engineering Research, 2015, 2(2): Research Article

Available online  Journal of Scientific and Engineering Research, 2015, 2(2): Research Article Available online www.jsaer.com, 2015, 2(2):94-98 Research Article ISSN: 2394-2630 CODEN(USA): JSERBR Network Performance of different Encryption and Authentication Algorithm Jitendra Kumawat Department

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP Mobile IP Bheemarjuna Reddy Tamma IIT Hyderabad Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP IP Refresher Mobile IP Basics 3 parts of Mobile IP: Outline Advertising Care-of Addresses

More information

MOBILE IP: SECURITY & APPLICATION Gloria Tuquerres, Marcos Rogério Salvador and Ron Sprenkels s: {tuquerre, salvador,

MOBILE IP: SECURITY & APPLICATION Gloria Tuquerres, Marcos Rogério Salvador and Ron Sprenkels  s: {tuquerre, salvador, MOBILE IP: SECURITY & APPLICATION Gloria Tuquerres, Marcos Rogério Salvador and Ron Sprenkels e-mails: {tuquerre, salvador, sprenkel}@cs.utwente.nl Telematics Systems and Services - Centre for Telematics

More information

Securing IP Networks with Implementation of IPv6

Securing IP Networks with Implementation of IPv6 Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle

More information

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné

More information

Mobile IP Part I: IPv4 Raj Jain Professor of Computer Science and Engineering

Mobile IP Part I: IPv4 Raj Jain Professor of Computer Science and Engineering Mobile IP Part I: IPv4 Raj Jain Professor of Computer Science and Engineering Washington University in Saint Louis Saint Louis, MO 63130 Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse574-10/

More information

Site-to-site VPN SDM Lab Sim

Site-to-site VPN SDM Lab Sim Site-to-site VPN SDM Lab Sim Question Next Gen University main campus is located in Santa Cruz. The University has recently established various remote campuses offering e-learning services. The University

More information

1Introduction to VPN. VPN Concepts, Tips, and Techniques. What is a VPN?

1Introduction to VPN. VPN Concepts, Tips, and Techniques. What is a VPN? 1Introduction to VPN VPN Concepts, Tips, and Techniques There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But

More information

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff. Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

REDUCING PACKET OVERHEAD IN MOBILE IPV6

REDUCING PACKET OVERHEAD IN MOBILE IPV6 REDUCING PACKET OVERHEAD IN MOBILE IPV6 ABSTRACT Hooshiar Zolfagharnasab 1 1 Department of Computer Engineering, University of Isfahan, Isfahan, Iran hoppico@eng.ui.ac.ir hozo19@gmail.com Common Mobile

More information

IPv6 Security: How is the Client Secured?

IPv6 Security: How is the Client Secured? IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management

More information

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management in Cellular Systems Cellular System HLR PSTN MSC MSC VLR BSC BSC BSC cell BTS BTS BTS BTS MT BTS BTS BTS BTS HLR and VLR HLR (Home Location Register)

More information

Mobile IP Protocols CHAPTER 25 25.1 INTRODUCTION

Mobile IP Protocols CHAPTER 25 25.1 INTRODUCTION Handbook of Wireless Networks and Mobile Computing, Edited by Ivan Stojmenović Copyright 2002 John Wiley & Sons, Inc. ISBNs: 0-471-41902-8 (Paper); 0-471-22456-1 (Electronic) CHAPTER 25 Mobile IP Protocols

More information

Lecture 10 - Network Security

Lecture 10 - Network Security Lecture 10 - Network Security Networks and Security Jacob Aae Mikkelsen IMADA December 9, 2013 December 9, 2013 1 / 38 Network layer security: IPsec IP Security Protocol: IPsec Network layer security:

More information

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Security Engineering Part III Network Security. Security Protocols (II): IPsec Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,

More information

Mobile IP and DHCP. Motivation for Mobile IP. Terminology

Mobile IP and DHCP. Motivation for Mobile IP. Terminology Motivation for Mobile IP Motivation transfer Encapsulation Security Mobile IP and DHCP Problems DHCP Dr. Ka-Cheong Leung CSIS 7304 The Wireless and Mobile Computing 1 Routing based on IP destination address,

More information

Mobility Management in DECT/IPv6 Networks

Mobility Management in DECT/IPv6 Networks Mobility Management in DECT/IPv6 Networks Sarantis Paskalis 1, Georgios Lampropoulos 1, and Georgios Stefanou 1 Department of Informatics and Telecommunications University of Athens, Greece Abstract. The

More information

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS

More information

Neils Ferguson and Bruce Schneier presented by Rajdeep R Larha

Neils Ferguson and Bruce Schneier presented by Rajdeep R Larha A Cryptographic Evaluation of IPsec. Neils Ferguson and Bruce Schneier presented by Rajdeep R Larha About the Authors! Niels Ferguson:- Presently, an independent cryptography consultant, working at Amsterdam,

More information

THE MOBILE IP HANDOFF BETWEEN HYBRID NETWORKS

THE MOBILE IP HANDOFF BETWEEN HYBRID NETWORKS THE MOBILE IP HADOFF BETWEE HYBRID ETWORK YE Min-hua, LIU Yu, ZHA Hui-min chool of Information Engineering Beijing University of Posts and Telecommunications, Beijing 100876, China, mhye@bupt.edu.cn Abstract

More information

PERCEPTIVE APPROACH FOR ROUTE OPTIMIZATION IN MOBILE IP

PERCEPTIVE APPROACH FOR ROUTE OPTIMIZATION IN MOBILE IP PERCEPTIVE APPROACH FOR ROUTE OPTIMIZATION IN MOBILE IP Abstract Sumit Kumar, Anil Kumar, Vinay Kumar Nigam, Rakesh Kumar {sumitmmmec@gmail.com,anilk9911@gmail.com,vinay.nigam88@gmail.com, rkmmmec@rediffmail.com

More information

Mobile IP Handover Delay Reduction Using Seamless Handover Architecture

Mobile IP Handover Delay Reduction Using Seamless Handover Architecture MEE09: 64 Mobile IP Handover Delay Reduction Using Seamless Handover Architecture Khalid Eltayb Aldalaty This thesis is presented as part of Degree of Master of Science in Electrical Engineering with emphasis

More information

Introducing Reliability and Load Balancing in Mobile IPv6 based Networks

Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Jahanzeb Faizan Southern Methodist University Dallas, TX, USA jfaizan@engr.smu.edu Hesham El-Rewini Southern Methodist University

More information

Introduction to Mobile IPv6

Introduction to Mobile IPv6 1 Introduction to Mobile IPv6 III IPv6 Global Summit Moscow Dr. Dimitrios Kalogeras dkalo@grnet.gr GRNET Outline Introduction Relevant Features of IPv6 Major Differences between MIPv4 and MIPv6 Mobile

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

Introduction to IP v6

Introduction to IP v6 IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation

More information

Technical Report N : T2.1_05_PI_R01 Automatic IPSec Security Association Negotiation in Mobile-Oriented IPv6 networks

Technical Report N : T2.1_05_PI_R01 Automatic IPSec Security Association Negotiation in Mobile-Oriented IPv6 networks 1 Technical Report N : T2.1_05_PI_R01 Automatic IPSec Security Association Negotiation in Mobile-Oriented IPv6 networks Stefano Lucetti, s.lucetti@iet.unipi.it I. INTRODUCTION The need for secure and ubiquitous

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Mobile IP and VPN. Overview. Tunneling. Tarik Cicic University of Oslo December 2001

Mobile IP and VPN. Overview. Tunneling. Tarik Cicic University of Oslo December 2001 Mobile and VPN Tarik Cicic University of Oslo December 2001 Overview Concept of tunneling Mobile concepts and deployment Virtual Private Network principles 2 Tunneling Technique for modifying data transport

More information

Distributed Authentication Mechanism for Mobile IP Route Optimization

Distributed Authentication Mechanism for Mobile IP Route Optimization Distributed Authentication Mechanism for Mobile IP Route Optimization Neeraj Jaggi Department of ECSE Rensselaer Polytechnic Institute jaggin@rpi.edu Koushik Kar Department of ECSE Rensselaer Polytechnic

More information

IP Home Network Multimedia Application over IEEE 1394

IP Home Network Multimedia Application over IEEE 1394 IP Home Network Multimedia Application over IEEE 1394 Tin- Yu Wu, Kun-Chang Chen, and Han-Chieh Chao Department of Electrical Engineering National Dong Hwa University, Hualien, Taiwan, ROC Tak-Goa Tsuei

More information

Configuring a Site-to-Site VPN Tunnel Between RV Series Routers and ASA 5500 Series Adaptive Security Appliances

Configuring a Site-to-Site VPN Tunnel Between RV Series Routers and ASA 5500 Series Adaptive Security Appliances print email Article ID: 4936 Configuring a Site-to-Site VPN Tunnel Between RV Series Routers and ASA 5500 Series Adaptive Security Appliances Objective Security is essential to protect the intellectual

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Cradlepoint to Paloalto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Cradlepoint to Paloalto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions Cradlepoint to Paloalto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Paloalto firewall. IPSec is customizable on both the Cradlepoint

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols William Stallings Data and Computer Communications Chapter 15 Internetwork Protocols Internetworking Terms (1) Communications Network Facility that provides data transfer service An internet Collection

More information

Virtual Private Network VPN, VRF, and MPLS

Virtual Private Network VPN, VRF, and MPLS CE443 Computer Networks Virtual Private Network VPN, VRF, and MPLS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Implementation and Performance Analysis for the Multimedia. Home network based on IP over IEEE1394

Implementation and Performance Analysis for the Multimedia. Home network based on IP over IEEE1394 Implementation and Performance Analysis for the Multimedia Home network based on IP over IEEE1394 Tak-Goa Tsuei Department of Electronic Engineering, Ta Hwa Institute of Technology, Hsinchu, Taiwan, ROC

More information

The BANDIT Products in Virtual Private Networks

The BANDIT Products in Virtual Private Networks encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their

More information

Proactive DAD: An L2-assisted Fast Address Acquisition. Strategy for Mobile IPv6 Networks

Proactive DAD: An L2-assisted Fast Address Acquisition. Strategy for Mobile IPv6 Networks Proactive DAD: An L2-assisted Fast Address Acquisition Strategy for Mobile IPv6 Networks Chien-Chao Tseng Department of Computer Science and Information Engineering National Chiao-Tung University Hsinchu,

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

Chapter 6 outline. 6.1 Introduction

Chapter 6 outline. 6.1 Introduction Chapter 6 outline 6.1 Introduction Wireless 6.2 Wireless links, characteristics CDMA 6.3 IEEE 802.11 wireless LANs ( wi-fi ) 6.4 Cellular Internet Access architecture standards (e.g., GSM) Mobility 6.5

More information

IPSec Overhead in Wireline and Wireless Networks

IPSec Overhead in Wireline and Wireless Networks IPSec Overhead in Wireline and Wireless Networks Hafeth Hourani hafeth.hourani@nokia.com 1 /Title/ 16.02.2004 hafeth.hourani@nokia.com T-79.300 Postgraduate Course in Theoretical Computer Science IPSec

More information

6 Mobility Management

6 Mobility Management Politecnico di Milano Facoltà di Ingegneria dell Informazione 6 Mobility Management Reti Mobili Distribuite Prof. Antonio Capone Introduction Mobility management allows a terminal to change its point of

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security

More information

UG4/MSc Computer Networking (CN) Fall 09. Mobility

UG4/MSc Computer Networking (CN) Fall 09. Mobility UG/MSc Computer Networking (CN) Fall 09 Mobility What is Mobility? Spectrum of mobility, from the perspective: no mobility high mobility mobile wireless user, using same access point mobile user, connecting/

More information

ETSF10 Part 3 Lect 2

ETSF10 Part 3 Lect 2 ETSF10 Part 3 Lect 2 DHCP, DNS, Security Jens A Andersson Electrical and Information Technology DHCP Dynamic Host Configuration Protocol bootp is predecessor Alternative: manual configuration IP address

More information

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

More information

On the Design of Mobility Management Scheme for 802.16-based Network Environment

On the Design of Mobility Management Scheme for 802.16-based Network Environment On the Design of obility anagement Scheme for 802.16-based Network Environment Junn-Yen Hu and Chun-Chuan Yang ultimedia and Communications Laboratory Department of Computer Science and Information Engineering

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

154 The International Arab Journal of Information Technology, Vol. 4, No. 2, April 2007 which had been found on MIPv4 protocol. IPv6 is derived from I

154 The International Arab Journal of Information Technology, Vol. 4, No. 2, April 2007 which had been found on MIPv4 protocol. IPv6 is derived from I The International Arab Journal of Information Technology, Vol. 4, No. 2, April 2007 153 Performance Analysis of Mobile IPv4 and Mobile IPv6 Fayza Nada Faculty of Computers and information, Suez Canal University,

More information

Configuring a Tunnel with Generic Routing Encapsulation

Configuring a Tunnel with Generic Routing Encapsulation 9 Configuring a Tunnel with Generic Routing Encapsulation Contents Overview...................................................... 9-2 GRE Tunnels............................................... 9-2 Advantages

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

Internet Protocol Security IPSec

Internet Protocol Security IPSec Internet Protocol Security IPSec Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Introduction Authentication Header (AH) Encapsulating Security Payload

More information

Wireless and Mobility. What is mobility?

Wireless and Mobility. What is mobility? Wireless and Mobility Wireless 6.2 Wireless links, characteristics CDMA 6.3 IEEE 802.11 wireless LANs ( wi-fi ) 6.4 Cellular Internet Access architecture standards (e.g., GSM) Mobility 6.5 Principles:

More information

IPV6 vs. SSL comparing Apples with Oranges

IPV6 vs. SSL comparing Apples with Oranges IPV6 vs. SSL comparing Apples with Oranges Reto E. Haeni r.haeni@cpi.seas.gwu.edu The George Washington University Cyberspace Policy Institute 2033 K Str. Suite 340 N Washington DC 20006 Washington DC,

More information

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router print email Article ID: 4938 Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router Objective Virtual Private

More information

Multiparty Handoff Mechanism in Mobile Ipv4 Networks

Multiparty Handoff Mechanism in Mobile Ipv4 Networks Multiparty Handoff Mechanism in Mobile Ipv4 Networks K. N. Rama Mohan Babu 1*, K. N. Balasubramanya Murthy 2 and Ram P. Rustagi 2 1 Dayananda Sagar College of Enggineering Bengaluru, India 2 PES Institute

More information

Mobile IP. 10.1 The Requirements of Mobile IP CHAPTER 10. Adrian Farrel

Mobile IP. 10.1 The Requirements of Mobile IP CHAPTER 10. Adrian Farrel CHAPTER 10 Mobile IP Adrian Farrel Today s computers are smaller and more mobile than they once were. Processing power that used to take up a whole air-conditioned room can now be easily carried around

More information

Analysis of Mobile IP in Wireless LANs

Analysis of Mobile IP in Wireless LANs ENSC 835: COMMUNICATION NETWORKS FINAL PROJECT PRESENTATIONS Spring 2011 Analysis of Mobile IP in Wireless LANs www.sfu.ca/~bshahabi Babak Shahabi (bshahabi@sfu.ca( bshahabi@sfu.ca) 301102998 Shaoyun Yang

More information

Administrivia. CSMA/CA: Recap. Mobility Management. Mobility Management. Channel Partitioning, Random Access and Scheduling

Administrivia. CSMA/CA: Recap. Mobility Management. Mobility Management. Channel Partitioning, Random Access and Scheduling Administrivia No lecture on Thurs. Last work will be out this week (not due, covers wireless) Extra office hours for next week and the week after. Channel Partitioning, Random Access and Scheduling Channel

More information

Secure Networking Using Mobile IP

Secure Networking Using Mobile IP Secure Networking Using Mobile IP Alexandros Karakos and Konstantinos Siozios Democritus University of Thrace eepartment of Electrical and Computer Engineering GR-671 00 Xanthi, GREECE Abstract. The increasing

More information

Chapter 9 Mobile Communication Systems

Chapter 9 Mobile Communication Systems Chapter 9 Mobile Communication Systems 1 Outline Cellular System Infrastructure Registration Handoff Roaming Multicasting Security and Privacy 2 Cellular System Base Station System BTS VLR HLR MS MS BTS

More information

Chapter 2 Virtual Private Networking Basics

Chapter 2 Virtual Private Networking Basics Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies,

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Mechanisms of Mobile IP in delivering packets and its trends for changing from IPv4 to IPv6

Mechanisms of Mobile IP in delivering packets and its trends for changing from IPv4 to IPv6 Mechanisms of Mobile IP in delivering packets and its trends for changing from IPv4 to IPv6 Nguyen Ngoc Chan (Posts & Telecommunications Institute of Technology, Viet Nam) E-mail: ngoc_chan@ptithcm.edu.vn

More information

BUY ONLINE AT: http://www.itgovernance.co.uk/products/730

BUY ONLINE AT: http://www.itgovernance.co.uk/products/730 IPSEC VPN DESIGN Introduction Chapter 1: Introduction to VPNs Motivations for Deploying a VPN VPN Technologies Layer 2 VPNs Layer 3 VPNs Remote Access VPNs Chapter 2: IPSec Overview Encryption Terminology

More information

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

More information

IPSec, VPN, and Firewall Concepts

IPSec, VPN, and Firewall Concepts APPENDIX B This appendix introduces the concepts of Internet Security Protocol (IPSec), virtual private networks (VPNs), and firewalls, as they apply to monitoring with Performance Monitor: Overview: IPSec

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Chapter 32 Internet Security

Chapter 32 Internet Security Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011 Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice

More information

Virtual Private Networks: IPSec vs. SSL

Virtual Private Networks: IPSec vs. SSL Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies

More information

Announcements. CMPE 257: Wireless and Mobile Networking. Wireless Internet. Challenges. Homework on MAC up. Midterm moved to

Announcements. CMPE 257: Wireless and Mobile Networking. Wireless Internet. Challenges. Homework on MAC up. Midterm moved to CMPE 257: Wireless and Mobile Networking Announcements Homework on MAC up. Midterm moved to 05.10. Spring 2005 Wireless Internetworking CMPE 257 Spring 2005 1 CMPE 257 Spring 2005 2 Wireless Internet Extension

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

Virtual Private Networks: The Hot Revenue Source for Service Providers

Virtual Private Networks: The Hot Revenue Source for Service Providers Virtual Private s: The Hot Revenue Source for Service Providers December 11, 2001 presented by: Akram Ashamalla Agenda Why are we talking about VPNs? What is a VPN - Layer 2/Layer 3/IP VPN & what is the

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information