Chapter 9. IP Secure



Similar documents
Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

A PPENDIX L TCP/IP and OSI

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Internet Architecture and Philosophy

Protocol Security Where?

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Ethernet. Ethernet. Network Devices

The OSI and TCP/IP Models. Lesson 2

Address Resolution Protocol (ARP), Reverse ARP, Internet Protocol (IP)

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

Overview of TCP/IP. TCP/IP and Internet

PART OF THE PICTURE: The TCP/IP Communications Architecture

IPv6 Advantages. Yanick Pouffary.

Internet Protocol Version 6 (IPv6)

Introduction to IP v6

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

IPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas

21.4 Network Address Translation (NAT) NAT concept

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Module 7 Internet And Internet Protocol Suite

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Network Layer. Introduction Datagrams and Virtual Circuits Routing Traffic Control. Data delivery from source to destination.

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Lecture Computer Networks

Data Communication Networks and Converged Networks

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 4803 Computer and Network Security

Network Security Part II: Standards

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)

Internetworking. Problem: There is more than one network (heterogeneity & scale)

Securing IP Networks with Implementation of IPv6

Protocol Data Units and Encapsulation

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Network Layer: Network Layer and IP Protocol

Lecture 15. IP address space managed by Internet Assigned Numbers Authority (IANA)

Chapter 2 - The TCP/IP and OSI Networking Models

Mobile IP Network Layer Lesson 01 OSI (open systems interconnection) Seven Layer Model and Internet Protocol Layers

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

IP - The Internet Protocol

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Communications and Computer Networks

Network Security TCP/IP Refresher

Network layer: Overview. Network layer functions IP Routing and forwarding

(Refer Slide Time: 01:38 01:37)

Data Communication Networks

Virtual Private Networks

RARP: Reverse Address Resolution Protocol

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Chapter 10. Network Security

Networking Test 4 Study Guide

Lesson: TANDBERG and IP

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Lecture 10: Communications Security

Datacommunication. Internet Infrastructure IPv4 & IPv6

Effectiveness of IPv6 in Addressing Wireless Security Vulnerabilities

The Internet. Internet Technologies and Applications

Chapter 32 Internet Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

NETWORK LAYER/INTERNET PROTOCOLS

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

ELEC3030 (EL336) Computer Networks. How Networks Differ. Differences that can occur at network layer, which makes internetworking difficult:

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CHAPTER. Securing TCP/IP

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Overview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features

Objectives of Lecture. Network Architecture. Protocols. Contents

Future Internet Technologies

Protocols. Packets. What's in an IP packet

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

IP Next Generation (IPv6)

Introduction to Computer Security

UPPER LAYER SWITCHING

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

IP SECURITY (IPSEC) PROTOCOLS

IP address format: Dotted decimal notation:

Introduction to TCP/IP

Network Models and Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Encryption of Traffic

8.2 The Internet Protocol

Internet Packets. Forwarding Datagrams

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

CPS221 Lecture: Layered Network Architecture

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2

IPV6 vs. SSL comparing Apples with Oranges

2. IP Networks, IP Hosts and IP Ports

High Performance VPN Solutions Over Satellite Networks

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Transport Layer. Chapter 3.4. Think about

04 Internet Protocol (IP)

Transcription:

Chapter 9 IP Secure 1

Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack. TCP is Transmission Control Protocol, IP is Internet Protocol, UDP is User Datagram Protocol, data link including Ethernet, PPP, FDDI etc. 2

OSI model Application Presentation Session transport Network Data Link Physical IP model Application TCP/UDP IP Data link Physical Figure 1: Network layer stack 3

We have seen some security protocols in application level (PGP, S/MIME, etc.) and Transport level (SSL, TLS). In this chapter, we investigate IP level security. The method of communication on the network is to send and receive chunks of data called packets. A packet is comprised of small chunks of data that each layer appends onto that packet data it received from the layer directly above it. 4

A TCP/IP packet can be described as follows. Link-H IP-H TCP-H Data Link-T Where H means header of that layer, Link-T is the tail of the link. Usually, when a sending packet is formed, the application data is first generated, then different headers for different layers are added. To secure communications, we need to encrypt the packets. 5

Network security encryption can be classified into two types. End-to-end encryption: The encryption process is carried out at the two end systems. Link encryption: The encryption process is carried in each link. Figure 2 is a simple example of these two types of encryption. 6

Router Router Internet Link encryption End to end encryption Figure 2: Types of Encryption 7

End-to-end encryption is simple, but it cannot perform at a low level of the communication hierarchy. The address of the message cannot be encrypted, otherwise the packet-switching node cannot route the packet. So end-to-end encryption cannot protect against the traffic analysis attack. The link encryption can encrypt most data except the link control protocol header. However, the router has to decrypt the data and then encrypt it again. 8

IPSec considers the security at IP layer. It can be used in a firewall or router. It also can be used for individual users. So IPSec can be used for both end-to-end encryption or link encryption. Since IPSec is below the transport layer, it can be transparent to end users. So there is no need to change the application software or train users on security mechanisms. Before discussing the IPSec, we need some knowledge of IP. An internet protocol (IP) is used for transmit packets across multiple networks. The main internet protocol is IPv4. The IP header of IPv4 is shown in Figure 3 9

0 4 8 16 19 31 version IHL Type of Service Total Length Identification Flags Fragment Offset Time to live Protocol Header Checksum Source Address Destination Address Option + Padding Figure 3: IPv4 header The size of the IPv4 header is a minimum of 20 octets, or 160 bits. The items in IPv4 header are as follows. 10

Version (4 bits): The version of IP, the value is 4. Internet Header Length (IHL) (4 bits): Length of header in 32-bit words. The minimum value is 5. Type of Service (8 bits): Provides guidance to end IP modules and to routers along the packet s path about the packet s relative priority. Total length (16 bits): Total IP packet length, in octets. Identification (16 bits): A sequence number identifies the packet, together with the source address, destination address and user protocol. 11

Flags (3 bits): Indicates whether it is the last fragment of the original packet. Fragment Offset (13 bits): Indicate where in the original packet this fragment belongs, measured in 64-bit units. Time to live (8 bits): Specifies how long a packet is allowed to remain in the internet. Protocol (8 bits): Indicates the next higher level protocol. Header Checksum (16 bits): An error-detecting code (for the header only). Since some header fields may change during transit, this is reverified and recomputed at each router. 12

Source Address (32 bits): Coded to allow a variable allocation of bits to specify the network and the end system attached to the specified network. Destination Address (32 bits): Same characteristics as source address. Options (variable): Encodes the options requested by the sending user, such as security label, source routing, record routing, and timestamping. Padding (variable): Used to ensure that the packet header is a multiple of 32 bits in length. 13

A new version of IP was developed as a standard by IETF (the Internet Engineering Task Force), which is known as IPv6. IPv6 header uses fewer fields than IPv4, that lets the router treat the packet faster. IPv6 provides more space for source and destination addresses, which uses 16 bytes each (128 bits). An IPv6 also includes zero or more extension headers such as hop-by-hop option header, router header, fragment header, authentication header, encapsulating security payload header, destination option header, etc. Separated extension headers may be placed between the IPv6 header and the upper- layer header in a packet. The IP header of IPv6 is shown in Figure 4. 14

0 4 12 16 24 31 Version Traffic class Flow label Payload Length Next header Hop limit Source Address Destination Address Figure 4: IPv6 header 15

IPv6 is still in developing. IP-level security encompasses three functional areas: authentication, confidentiality and key management. 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information