DOC PREVIEW
UHCL CSCI 5931 - Authentication Header Encapsulating Security Payload Protocols

This preview shows page 1-2-3-4 out of 11 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

IPSec: Authentication Header, Encapsulating Security Payload ProtocolsIPSec ArchitectureSlide 3Slide 4IPSec ProtocolsSlide 6Slide 7Slide 8Slide 9Slide 10Slide 11IPSec: Authentication Header, Encapsulating Security Payload ProtocolsCSCI 5931 Web SecurityEdward MurphyIPSec Architecture•Set of security services offered by IPSec include–Connectionless integrity–Data origin authentication–Protection against replay attacks–Confidentiality–Limited traffic flow confidentiality•The services can be used alone or in combination•Security is provided for protection of the IP and/or upper layer protocols(tcp, udp)•IPSec can be thought of as a software or hardware module that is implemented in either a host or a security gateway (router or firewall)IPSec Architecture•IPSec module is used to manage security for individual connections to other modules–Security Policy Database (SPD) provides specifications of the security services to be applied to each packet–Security Association Database (SAD) contains the security parameters (encryption algorithms, mode used, initialization data, session keys) used to enforce a specific policy–A connection from one module to another is created through a security association (SA) that corresponds to an entry in the SAD–An SA is a uni-directional connection that defines the type of security services and mechanisms used between two modulesIPSec ArchitectureI P s e c M o d u l e 1S P DS A DI P s e cI P s e c M o d u l e 2S P DS A DI P s e cS AIPSec Protocols•The protocols used to provide security are the Authentication Header (AH) and Encapsulating Security Payload (ESP)•Each protocol can be used in one of two modes–Transport mode – used to protect upper layer payloads of an IP packet (tcp, udp)–Tunnel mode – used to protect an entire IP packet including its payload (VPN)•Transport mode is used as an SA between two hosts•Tunnel mode is used as an SA between two gateways or a host and gatewayIPSec Protocols•Transport Mode (upper level protocols)P r o t e c t e dI P I P s e c P a y l o a dP r o t e c t e dO u t e rI PI P s e c P a y l o a dI n n e r I P•Tunnel Mode (entire IP packet)IPSec Protocols•AH is used to provide –Connectionless integrity and data origin authentication (integrity)–Optional anti-replay service•ESP is used to provide–Confidentiality and (integrity) connectionless integrity and data origin authentication–Connectionless integrity and data origin authentication (integrity)–Limited traffic flow confidentiality–Optional anti-replay serviceIPSec Protocols•Integrity Algorithm (AH, ESP)–Hashed Message Authentication Code (160 bit key)•Confidentiality Algorithm (ESP)–AES CBC mode (128 bit key – 256 bit key)•Transport Mode Protection•AH - Integrity–Immutable sections of the IP header, the AH header, and the upper level data•ESP - Integrity–The ESP header, the upper level data, and the ESP trailer•ESP – Confidentiality–The upper level data, and the ESP trailerIPSec Protocols•Transport Mode (AH)I n t e g r i t y & A u t h e n t i c a t i o nI PH e a d e rA HU p p e r L e v e lD a t a•Transport Mode (ESP)I n t e g r i t y & A u t h e n t i c a t i o n I PH e a d e rE S PU p p e r L e v e lD a t aE S PT r a i l e rE n c r y p t i o nIPSec Protocols•Tunnel Mode Protection•AH - Integrity–Immutable sections of the outer IP header, the AH header, and the entire inner IP packet•ESP - Integrity–The ESP header, the entire inner IP packet, and the ESP trailer•ESP – Confidentiality–The entire inner IP packet, and the ESP trailerIPSec Protocols•Tunnel Mode (AH)I n t e g r i t y & A u t h e n t i c a t i o nO u t e rI PA HU p p e r L e v e lD a t aI n n e r I P•Tunnel Mode (ESP)I n t e g r i t y & A u t h e n t i c a t i o nO u t e rI PE S PU p p e r L e v e lD a t aI n n e r I PE S PT r a i l e rE n c r y p t i o


View Full Document

UHCL CSCI 5931 - Authentication Header Encapsulating Security Payload Protocols

Documents in this Course
Load more
Download Authentication Header Encapsulating Security Payload Protocols
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Authentication Header Encapsulating Security Payload Protocols and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Authentication Header Encapsulating Security Payload Protocols 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?