A Design Methodology for HW/SW Security Protocols
|
|
- Alban McDaniel
- 8 years ago
- Views:
Transcription
1 Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali Dipartimento di Tecnologie dell Informazione Corso di Dottorato di Ricerca in Scienze Informatiche XIII ciclo Tesi di Dottorato di Ricerca A Design Methodology for HW/SW Security Protocols Alberto Ferrante Matr: R05112 Relatore: Prof. Vincenzo Piuri Correlatori: Prof. Luigi Dadda, Dr. Jeff Owen Anno accademico
2
3 Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali Dipartimento di Tecnologie dell Informazione Corso di Dottorato di Ricerca in Scienze Informatiche XIII ciclo Tesi di Dottorato di Ricerca A Design Methodology for HW/SW Security Protocols INF/01 Alberto Ferrante Matr: R05112 Tutor: Coordinatore dottorato: Prof. Vincenzo Piuri Prof. Gianni Degli Antoni Correlatori: Prof. Luigi Dadda ALaRI - Università della Svizzera italiana, Lugano, Svizzera Dr. Jeff Owen ST Microelectronics Inc., San Jose, California, USA Anno accademico
4
5 ... To my parents...
6
7 Contents 1 VPNs and Network Security Virtual Private Networks Introduction to cryptography The symmetric key algorithms The public key algorithms The Diffie-Hellman protocol Authentication algorithms Security Protocols The IPSec protocol suite New Version of the IPSec Suite Preliminary Evaluation of Hardware Requirements Network Quality of Service IPSec Hardware Requirements Study IPSec Performance Analysis IPSec Performance Measurement Hardware and Software Configuration of the Test Network Description of the Tests Results Remarks on Performance Guidelines for IPSec Configuration Security Protocols Technologies and Researches Classification of accelerators External View vii
8 viii CONTENTS Internal View Software Accelerator Interface Current Accelerators for IPSec Researches Market Products Network Processors Trends for Security Protocols 51 5 A Model of IPSec High-level Modelling for Synthesis and Testing IPSec Modelling Generation of Test Sequences Results Scheduling Algorithms for Cryptographic Accelerators System Architecture A Packet Scheduling Algorithm Description of the Algorithm Simulations Enhanced System Architecture Small Packet Processing The Sliding Window Scheduling Algorithm Simulations Quality of Service Support Description of the Algorithm Simulations Enhanced System Architecture About Supporting Hard QoS System on Chip for IPSec High Level Architecture External Interface Notes on IKE Analysis of the Data Processing Improving Efficiency: the Intelligent I/O Unit Improved Internal Communications Specifications of the Functionalities Storage of Information Soft Quality of Service Management Notes on Hard Quality of Service Management
9 CONTENTS ix Extending the Processing Capabilities of the SoC Some Notes on Hardware/Software Partitioning Functional Blocks of the SoC IKE Unit Functional Blocks Packet, Memory and Database Classes System Integration and Testbench Results of the Simulations DB Manager The Core of the DB Query Functional Block Further Improving Speed: Multithreaded Queries Conclusions and Future Work 173
10 x CONTENTS
11 List of Figures 1.1 A mobile user connected to a private network Connection of two private networks Datagram transformation for ESP transport mode Datagram transformation for ESP tunnel mode Datagram transformation for AH transport mode Datagram transformation for AH tunnel mode IKE Phase 1 exchange IKE Phase 2 quick mode exchange IPSec outbound packet processing IPSec inbound packet processing Test network structure Network throughput for a 100Mbit/s network CPU effort comparison for a 100Mbit/s network Sender PC Network output traffic for a 100Mbit/s network Instantaneous CPU load with no IPSec Instantaneous CPU load with IPSec Network throughput for a 10Mbit/s network CPU effort comparison for a 10Mbit/s network Fabric side connection, in-line coprocessor Fabric side connection, off-line coprocessor Network side connection, in-line coprocessor Network side connection, off-line coprocessor IBM PCI cryptographic coprocessor high-level schema Luna VPN cryptographic accelerator integration schema xi
12 xii LIST OF FIGURES 3.7 Motorola MPC190 accelerator The flow-through architecture HIPP III 8530: block diagram A board using the HIPP III 8530 accelerator Example of a system using Toaster2 in distributed configuration Cisco Toaster2 architecture: TMC and processor complex Testing of a system using its specifications UML class diagram of IPSec Statechart of the TunnelESP class Statechart of the Header ESP class Statechart of the TrailerESP class Reference scheme Reference scheme for the scheduling algorithm Simulation scheme CPU load due to cryptography for a 2-accelerator system Throughput for a 2-accelerator system Average processing latency for a 2-accelerator system Average global latency for a 2-accelerator system Average processing latency comparison for a 1-accelerator system Throughput comparison for a 1-accelerator system The sliding window schema Percentage of packets processed by the CPU; W = Relative CPU usage. CPU parameters: T init ratio = 3; T enc ratio = Relative throughput. CPU parameters: T init ratio = 3; T enc ratio = Relative average latency. CPU parameters: T init ratio = 3; T enc ratio = Reference scheme for the scheduling algorithm Simulation scheme CPU load due to cryptography for a 2-accelerator system in the Packet Average case Throughput for a 2-accelerator system in the Packet Average case Average processing latency for a 2-accelerator system in the Packet Average case
13 LIST OF FIGURES xiii 6.20 Average processing latency for a 2-accelerator system in the RR Average case Average processing latency for the RR Average and the Packet Average cases. α 0 = 50; β 0 = ns Packet distribution among different priority levels for the network trace we have considered Average processing latency comparison for a 4-accelerator system Throughput comparison for a 4-accelerator system CPU usage comparison for a 4-accelerator system Overview of the SoC architecture Internal architecture overview with the Intelligent I/O unit Internal overview of the Intelligent I/O unit basic architecture Internal architecture overview of the Intelligent I/O unit with fragmentation management Internal communication scheme Improved internal communication scheme UML class diagram describing the relations among the different parts of the SoC Sequence diagram describing the behavior of the SoC when a new IPSec inbound packet arrives Sequence diagram describing the behavior of the SoC when a new inbound packet which does not need any IPSec processing arrives Sequence diagram describing the behavior of the SoC when IKE needs to be activated Sequence diagram describing the behavior of the SoC when an IKE packet is received Statecharts describing the input-dedicated part of the Net I/O Manager unit Statecharts describing the output-dedicated part of the Net I/O Manager unit Statecharts describing the In DB Manager unit Statecharts describing the IKE DB Manager unit Statecharts of the Scheduler unit Memory - CPU performance gap Maximum memory usage for different combinations of network bandwidth requirements and data rate supported by the device
14 xiv LIST OF FIGURES 7.19 Average memory usage for different combinations of network bandwidth requirements and data rate supported by the device Maximum and average memory usage comparison for different network speeds Maximum number of packets that need to be stored for different combinations of network bandwidth requirements and data rate supported by the device Average number of packets that need to be stored for different combinations of network bandwidth requirements and data rate supported by the device Comparison between average an maximum number of packets that need to be stored depending on the network bandwidth Internal architecture of the Memory unit The MEM block of the Memory unit Memory usage for a PQ policy; required bandwidth is lower than the system throughput Memory usage for a PQ policy; required bandwidth similar to the system throughput Memory usage for a PQ policy; required bandwidth is higher than the system throughput Number of packets; a PQ policy is considered; required bandwidth is lower than the system throughput Number of packets; a PQ policy is considered; required bandwidth is similar to the system throughput Number of packets; a PQ policy is considered; required bandwidth is higher than the system throughput Throughput for a PQ policy; required bandwidth is lower than the system throughput Throughput for a PQ policy; required bandwidth is similar to the system throughput Throughput for a PQ policy; required bandwidth is higher than the system throughput Memory usage for a WFQ policy; required bandwidth is lower than the system throughput Memory usage for a WFQ policy; required bandwidth is similar to the system throughput Memory usage for a WFQ policy; required bandwidth is higher than the system throughput
15 LIST OF FIGURES xv 7.38 Number of packets; WFQ policy; required bandwidth is lower than the system throughput Number of packets; WFQ policy; required bandwidth is similar to the system throughput Number of packets; WFQ policy; required bandwidth is higher than the system throughput Throughput for a WFQ policy; required bandwidth is lower than the system throughput Number of packets; WFQ policy; required bandwidth is similar to the system throughput Number of packets; WFQ policy; required bandwidth is higher than the system throughput Typical IKE interfaces required to the integration with an IPSec environment Subdivision of IKE into different components The PRNG component The MD5 component The AES component The RSA component The finite state machine implemented into the IKE Manager Sequence of operations in the IKE Manager The pad entry memory structure The rqt memory structure The pkt memory structure The ikedb entry memory structure The ipsec sa entry memory structure The mem data memory structure IKE unit architecture IKE simulation testbench Memory utilized by IKE Utilization of the IKE units SA creation final time Basic architecture for the core of the database query functional block Average query times Average number of queries per second Hit and replacement rates for the SPD cache Hit and replacement rates for the SAD cache
16 xvi LIST OF FIGURES
17 List of Tables 6.1 β 0 and corresponding number of bytes that can be processed in such time by one of the accelerators Pattern parameters in bytes Simulation results for the initial exchanges Simulation results for the child exchanges Size of the essential part of the SPD record; IPv4 addresses and 32 bit memory addresses are considered Size of the SAD records; IPv4 addresses and 32 bit memory addresses are considered Different configurations used during the simulations Sizes of the caches in number of elements and in bytes xvii
18 xviii LIST OF TABLES
19 Acronyms AES Advanced Encryption Standard. AH Authentication header. API Application Protocol Interface. ASIC Application-Specific Integrated Circuit. CBQ Class-based Weighted Fair Queuing. DES Data Encryption Standard. DH Diffie-Hellman. Diffserv Differentiated Services. DMA Direct Memory Access. DoI Domain of Interpretation. DoS Denial of Service. ECC Elliptic Curve Cryptography. ESP Encapsulating Security Payload. HMAC Hash Message Authentication Code. IETF Internet Engineering Task Force. IKE Internet Key Exchange. xix
20 xx ACRONYMS ISAKMP Internet Security Association and Key Management Protocol. IP Internet Protocol; if not differently specified, the version 4 of this protocol. IPv6 Internet Protocol version 6. IPSec IP Secure. IPComp IP Compression. L2F Layer 2 Forwarding L2TP Layer 2 Tunneling Protocol. MD5 Message Digest algorithm 5. MTU Maximum Transfer Unit. NoC Network on Chip. NP Network Processor. PAD Peer Authentication Database. PPP Point to Point Protocol. PPTP Point to Point Tunnelling Protocol. PQ Priority Queuing. WFQ Flow-based Weighted Fair Queuing. QoS Quality of Service. RFC Request For Comments. RTL Register Transfer Level. SA Security Association. SAD Security Association Database. SHA Secure Hash Standard. SoC System on Chip. SPD Security Policy Database.
21 ACRONYMS xxi TCP Transmission Control Protocol. TLS Transport Level Security. UDP User Datagram Protocol. UML Unified Modelling Language. VPN Virtual Private Network.
22 xxii ACRONYMS
23 Acknowledgments T he first people I would like to acknowledge are my parents and all my family who have supported me during these last twentynine years. This thesis would not even exist without the help of Vincenzo, who is my advisor: his precious suggestions helped me a lot during these three years of PhD... Thank you Vincenzo! A special acknowledgment goes to the referees of this thesis, Prof. Miroslaw Malek, Prof. Eduardo Sanchez, and Prof. Renato Stefanelli. I would also like to acknowledge Prof. Dadda, Jeff, Fabien, and Marco for their invaluable contribution to this thesis. Furthermore, Jeff is the one who came up with the idea of working on these topics, therefore he deserves a special thank. All the people at the ALaRI institute, such as Prof. Sami, Umberto, and all the staff deserve to be mentioned for their support and understanding during the last years. I would also like to take the opportunity to acknowledge all the students I met at ALaRI: all of them taught me a lot; some of them also helped me during this research... Antonietta, Antonio, Rodrigo, Sathish, and Uljana, thank you! I would also like to mention my friend Sara: her help with the English in some parts of this thesis has been greatly appreciated! Last but not least, I would like to thank all my friends, who continuously supported me during my life. xxiii
24 xxiv ACKNOWLEDGMENTS
25 Introduction The ability to communicate has become of fundamental importance for every activity of the human life: companies need to connect different seats and to communicate with their customers and partners; human beings need to communicate with others, with companies, and institutions. Security and privacy is also an important need of the modern world: the rising competitiveness among industries imposes an increasing level of protection for each Company s confidential information; private information of the human beings also need to be protected or, anyway, only pieces of information should be able to be revealed by each person to certain recipients. This need for security is obviously in contrast with the need of communication. As a matter of fact, sending information over any communication mean could expose them to possible evesdroppers. The only way to solve this contrast is to introduce some security mechanisms in communications. Communication security is crucial for economic and social development. Many security mechanisms have been studied and deployed over the years. Presently used mechanisms are based over cryptography or, for few very advanced applications, quantum cryptography. The latter technology is the future for a limited number of applications as it requires peculiar technological conditions. Traditional cryptographic techniques will probably continue to be used for common applications for many years. Wether the possible advent of quantum computers will determine the end of traditional cryptographic techniques or not, need to be clarified. As a matter of fact, quantum computers will be able to factorize large prime numbers in very small times. This is potentially dangerous xxv
26 xxvi INTRODUCTION for some public-key cryptographic algorithms (e.g., RSA) but not for others. These algorithms can be substituted with others that are not based on prime number factorization (e.g., ECC) and the whole cryptosystem will be able to work without any problem. In any case experts believe that actual secured data communications if properly configured are usually the most secure part of the whole IT system. The less secure parts of each IT system are the ones involving humans. As a matter of fact one may have the most advanced and well configured security mechanisms, but human factor can play a fundamental role in revealing classified information. Companies employees can reveal (by intention or not) important information without the real need to involve the IT infrastructure. Solving this problem is far more difficult than any other: technical problems can be solved by adopting new technologies, but the human problem can only be solved by educating people to security. This education process may take many years to give proper effects. An area of communication security is the one of security protocols. These protocols offer a way to use cryptographic algorithms for providing communication security. As a matter of fact, cryptographic algorithms are not usable by themselves: they need mechanisms for exchanging keys between the parties that are involved and for managing the secure connections. This is what secure protocols exactly do. Secure protocols are based on cryptographic algorithms and these algorithms are very resource consuming. Specialized hardware is therefore used to support high network performances as general purpose CPUs cannot often provide the necessary computational capacity. Gilder s [52] and at the Moore s [53] laws say that this situation is not going to improve with time: while Moore says that computational capacity is doubling every 18 months, Gilder says that available network bandwidth doubles every 12 months. Goal of the work presented in this dissertation is to study a comprehensive design methodology for mixed hardware/software architectures dedicated to security protocols. The IPSec (IP Secure) protocol suite is taken as a reference for this work, as it has assumed great importance, being also included as mandatory security mechanism in the new version of the IP protocol, IPv6.
27 INTRODUCTION xxvii The work here reported can be subdivided into different phases: 1. Study of the application requirements (IPSec suite protocols and a study about virtual private networks); this is necessary to understand the problems that may arise by using these protocols. 2. Profiling of one of the current IPSec software implementation: this allows to understand in which cases hardware acceleration is really necessary and the performance requirements. 3. Study of the actual hardware/software architectures for secure protocols. 4. Study of advantages disadvantages of the actual architectures. 5. Development of an abstract model of IPSec; this model will be used as a reference during the design phase. Starting from the model a testing methodology for IPSec-based systems will be developed. 6. Optimization of relevant aspects of presently used IPSec implementations. 7. High-level design of an innovative System on Chip for efficiently processing IPSec traffic. In the following chapters the previously discussed topics are presented. In Chapter 1 an explanation of the main technologies involved in virtual private networking is given. Focus is mainly concentrated on the security protocols which are involved. The IPSec suite of protocols is mainly presented, as well as an introduction on cryptography. Chapter 2 provides a performance analysis of the IPSec suite of protocols. Experimental results there reported show that IPSec is very resource consuming and hardware accelerators are crucial in reaching high performances. This is also confirmed by other works found in the literature. Performance considerations also help in configuring IPSec-based networks. Chapter 3 provides an overview of the existing hardware accelerators on the market. A classification of security protocol dedicated accelerators is firstly given. A list of currently available accelerators and network processors is then provided. As most of them are commercial products only marketing information are often available.
28 xxviii INTRODUCTION Chapter 4 gives an overview of the current scenario of the security protocol implementations along with an evaluation of the future trends in the field. Chapter 5 provides an innovative model of the IPSec suite of protocols by using UML. As IPSec is very complex, these specification can help understanding it and the relations between its different parts. The use of UML allows for abstracting the model from the implementation, thus providing a suitable base both for design, including HW/SW partitioning, and for testing. A testing methodology based on the UML model is presented at the end of this chapter. Chapter 6 proposes some optimizations to the presently used HW/SW interfaces for IPSec accelerators. These optimizations are both useful for presently used systems and for developing new architectures for IPSec. As a matter of fact, optimizing the present systems also allows to understand their problems. The optimizations we propose in this chapter consist of some packet scheduling algorithms which allow using together multiple cryptographic accelerators and software implementations of the cryptographic algorithms. Reference system is composed by a normal PC architecture hosting a certain number of accelerators. Only cryptographyrelated operations are offloaded to them. This is a scheme used on present low-end servers. This scheme can anyway be replicated, by considering different processing and communication speeds, on different, more performant, architectures. An algorithm for extracting better performances when small packets are processed in such an architecture is also presented. All the algorithms presented in this chapter allow for optimizing very important parts of IPSec and for designing an enhanced, more flexible, architecture. Chapter 7 presents a study over a high-performance comprehensive solution for IPSec. Different high level architectures are presented along with the main requirements. Main parts of these architectures are developed in detail. Chapter 8 presents some proposals for designing two functional blocks of the IPSec SoC: the core part of the blocks implementing the IKE protocol and the database query functionality. These two functional blocks were chosen because there exist no implementation of them in the literature. Chapters 5, 6, 7, and 8, along with Section 2.2, contain the original contribution of this work. Parts of these sections were published in [20, 18, 41, 19, 23].
29 INTRODUCTION xxix To summarize, the original results shown in this dissertation are: a performance measurement of IPSec; an abstract model of IPSec and a testing methodology for IPSecbased systems; three packet scheduling algorithms for multi-accelerator based systems; the high-level architecture of an innovative SoC for IPSec; a SystemC model of IKE, allowing to perform optimal HW/SW partitioning of it; the internal high-level design of two functional blocks of the SoC.
30 xxx INTRODUCTION
31 1 Virtual Private Networks and Network Security Since many years the need of internal Companies communication has increased. The ability to support mobile users and to connect seats located in different places have become of fundamental importance in everyday business. In this chapter we present some techniques presently used to support these functionalities and the main technologies behind them. 1.1 Virtual Private Networks To support communications out of local networks, private separate networks were firstly used. This solution gives good performances and security, but it is very costly as it requires to rent private communication lines. As the Internet has become pervasive, the idea of Virtual Private Networks (VPNs) has become popular. The main idea of VPNs is to use secure protocols to build secure communication channels and to allow the machines connected to these channels to act as if they were connected to the same private networks. The main idea is therefore to virtually build a private network over a public one: VPNs use obfuscation through secure tunnels, rather than physical separation, to keep communications private [127, 42]. VPNs have become popular for many reasons: ubiquitous coverage: The Internet offers wider coverage compared with the private data network infrastructures. Adding new desti- 1
32 2 CHAPTER 1. VPNS AND NETWORK SECURITY nations to VPNs usually consists of modifying some configuration files; adding new destination to private networks usually consists of adding new circuits and possibly sign interconnection agreements between different providers, cost reduction: for VPNs there is no need to purchase and maintain special purpose infrastructures. General purpose internet connections are sufficient to allow VPN access, security: VPN use cryptography to provide data confidentiality and integrity. In private networks security usually relies only on the telecommunication service provider s physical security practices. Main VPN scenarios are shown in Figure 1.1 and in Figure 1.2. The first figure shows a mobile user connected to a company s network through a VPN. This configuration, that is usually called road warrior, allows the mobile user to access the company s internal network theoretically as if he was connected to it from inside. Whether the access to company s network resources is limited or not, depends on the security policy that have been deployed in the specific network. Usually the mobile user s machine gets a virtual address belonging to the private company s network. The second figure shows two private networks connected together by means of a VPN. This is typical when two or more seats of the same company need to communicate and to share information. A mix of the previously two described scenarios can be deployed for providing different seats interconnection and access to mobile users. In each one of these schemes there is one fundamental network component that is the secure gateway. This machine manages the secure communications and it usually runs a firewall, a gateway, and a VPN server. The Firewall is for filtering the connections to the internal network. Depending on the policy that has been selected, non-secured connections can be refused or not. In any secure network non-secured connections should anyway have limited access to internal resources. The gateway is for routing the traffic, while the VPN server is responsible of managing the VPN connections. VPNs are usually created by associating two different protocols, one for data security and one for emulating a point to point connection. Layer 2 tunnelling protocols are specifically designed to tunnel Point-to-Point Protocol (PPP) [122] frames through an IP network. PPP protocols are used to route privately addressed packets through a publicy addressed infrastructure. For the road warrior configuration, the remote uses sets up a PPP connection, tunnelled on IP, to the secure gateway. Once a PPP connection
APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationBranch Office VPN Tunnels and Mobile VPN
WatchGuard Certified Training Branch Office VPN Tunnels and Mobile VPN Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Notice to Users Information
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationIP SECURITY (IPSEC) PROTOCOLS
29 IP SECURITY (IPSEC) PROTOCOLS One of the weaknesses of the original Internet Protocol (IP) is that it lacks any sort of general-purpose mechanism for ensuring the authenticity and privacy of data as
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationInternet Protocol Security IPSec
Internet Protocol Security IPSec Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Introduction Authentication Header (AH) Encapsulating Security Payload
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationSecurity Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress
Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationInternetwork Security
Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationUsing IPSec in Windows 2000 and XP, Part 2
Page 1 of 8 Using IPSec in Windows 2000 and XP, Part 2 Chris Weber 2001-12-20 This is the second part of a three-part series devoted to discussing the technical details of using Internet Protocol Security
More informationViewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355
VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More informationVPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers
Q&A VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers OVERVIEW Q. What is a VPN? A. A VPN, or virtual private network, delivers the benefits of private network security,
More informationChapter 5: Network Layer Security
Managing and Securing Computer Networks Guy Leduc Mainly based on Network Security - PRIVATE Communication in a PUBLIC World C. Kaufman, R. Pearlman, M. Speciner Pearson Education, 2002. (chapters 17 and
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationChapter 49 IP Security (IPsec)
Chapter 49 IP Security (IPsec) Introduction...49-3 IP Security (IPsec)...49-4 Security Protocols and Modes... 49-4 Compression Protocol... 49-5 Security Associations (SA)... 49-5 ISAKMP/IKE...49-6 ISAKMP...
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationVirtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance
Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Johnnie Chen Project Manager of Network Security Group Network Benchmarking Lab Network Benchmarking Laboratory
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationBuilding VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&
Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
More informationLaboratory Exercises V: IP Security Protocol (IPSec)
Department of Electronics Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB) University of Split, Croatia Laboratory Exercises V: IP Security Protocol (IPSec) Keywords:
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More informationFortiOS Handbook IPsec VPN for FortiOS 5.0
FortiOS Handbook IPsec VPN for FortiOS 5.0 IPsec VPN for FortiOS 5.0 26 August 2015 01-504-112804-20150826 Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered
More informationCisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham
Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham In part two of NetCertLabs Cisco CCNA Security VPN lab series, we explored setting up a site-to-site VPN connection where one side
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationOverview. Protocols. VPN and Firewalls
Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)
More informationInternet Security Architecture
accepted for publication in Computer Networks and ISDN Systems Journal Internet Security Architecture Refik Molva Institut Eurécom 2229, route des Crêtes F-06904 Sophia-Antipolis molva@eurecom.fr Abstract
More informationChapter 2 Virtual Private Networking Basics
Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies,
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work by Jeff Tyson This article has been reprinted from http://computer.howstuffworks.com/ Please note that the web site includes two animated diagrams which explain in greater
More informationCisco Wireless Security Gateway R2
Cisco Wireless Security Gateway R2 Product Overview The Cisco Wireless Security Gateway (WSG) is a highly scalable solution for tunneling femtocell, Unlicensed Mobile Access (UMA)/Generic Access Network
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationChapter 8 Virtual Private Networking
Chapter 8 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FWG114P v2 Wireless Firewall/Print Server. VPN tunnels provide secure, encrypted
More informationRemote Connectivity for mysap.com Solutions over the Internet Technical Specification
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationConfiguring Internet Key Exchange Security Protocol
Configuring Internet Key Exchange Security Protocol This chapter describes how to configure the Internet Key Exchange (IKE) protocol. IKE is a key management protocol standard that is used in conjunction
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationMINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration
MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration Maintainer: Steve McQuade v1.07 - March 2, 1999 After trying to configure an OpenBSD 2.4 IPSEC based VPN based on the samples and
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationFortiOS Handbook - IPsec VPN VERSION 5.2.2
FortiOS Handbook - IPsec VPN VERSION 5.2.2 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT
More informationPart III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures
More informationVPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
VPNs Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationTrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
More informationGerardo L. Ahuatzin Sánchez Desarrollo de un esquema de traducción de direcciones IPv6-IPv4-IPv6. Anexo A. RFC s
Anexo A. RFC s A.1.- Desarrollo de políticas de seguridad en las computadoras RFC 1281 RFC 1457 RFC 2196 RFC 2323 RFC 2411 Guidelines for the Secure Operation of the Internet Security Label Framework for
More informationz/os Firewall Technology Overview
z/os Firewall Technology Overview Mary Sweat E - Mail: sweatm@us.ibm.com Washington System Center OS/390 Firewall/VPN 1 Firewall Technologies Tools Included with the OS/390 Security Server Configuration
More informationVPN Solutions. Lesson 10. etoken Certification Course. April 2004
VPN Solutions Lesson 10 April 2004 etoken Certification Course VPN Overview Lesson 10a April 2004 etoken Certification Course Virtual Private Network A Virtual Private Network (VPN) is a private data network
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More information