Network Security

avocadogymnophoriaNetworking and Communications

Nov 21, 2013 (3 years and 6 months ago)

193 views



Internet Security



CS457 Seminar

Zhao Cheng







Security attacks


interruption, interception, modification,
fabrication


passive attack, active attack



Security services


Confidentiality


Authentication


Integrity


Nonrepudiation

IPSec services

SA(Security Association): one way relationship, identified by


SPI(Security Parameter Index).


IP Destination Address.


Security Protocol Identifier:


AH(authentication Header)


ESP(Encapsulation Security Payload)



Two modes




Transport mode: protection for upper layer
protocol.


Tunnel mode: protection to entire IP packet.

Authentication header


Header definition.


Anti
-
Replay service


Integrity check value

Encapsulating Security Payload


Format.


Encryption and authentication.


Key management


Manual: configured by system
administrator with its own keys and keys of
other systems.


Automated: on demand creation of keys for
SAs, ISAKMP(Internet Security
Association and Key Management Protocol)
by default.

Benefit of IPSec


Strong and easy security for group behind
firewall.


Transparent to applications.


Transparent to end users.


Security for individual users can be
provided.

TLS(transport layer security)


Object: reliable end to end security over
TCP.


Construction: two layers of protocols.

SSL Record Protocol


Record Protocol Operation and format.

SSL Handshake Protocol

Phases:

1.
Establish Security Capabilities.

2.
Server Authentication and Key Exchange.

3.
Client Authentication and Key Exchange.

4.
Finish.


Example on handshake protocol



Services of TSL

1.
Integrity: by cryptographic checksums.

2.
Confidentiality: by encryption on SSL
payloads.

3.
Authentication: by handshake protocol.



Summary


Attacks on network security and
corresponding security services.


IPSec: Services approaches on IP layer.


TLS: Services approaches on transport
layer.