Authenticated addressing in networks
|
|
- Primrose Jefferson
- 6 years ago
- Views:
Transcription
1 Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Diploma thesis semi final presentation Authenticated addressing in networks Blaž Primc, University of Ljubljana Supervisors TUM: Marc Oliver Pahl, Heiko Niedermayer, Andreas Müller, Holger Kinkelin
2 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1 Task 2 Task 3 Task 4 Outlook 2
3 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1 Task 2 Task 3 Task 4 Outlook 3
4 Goals Authone project Autonomous functionality inside (home )networks Prerequisites Network entity addressing Network entity identification Diploma thesis Goal: provide Authone framework with capabilities for Network entity addressing Network entity identification 4
5 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1 Outlook Task 2 Task 3 Task 4 5
6 Home network Network entities Users Devices Home gateway 6
7 Identities Identity is... based on public key cryptography signed by issuing special node Special node(s) (e.g. home gateway) Issues identities Each network entity must be registered Provides lookup service 7
8 Addressing EntityID is... hash over entity s public key Identity BobPDA Home B Authone address... EntityID consists of entityids entityid.homeid.authone is bounded to identity supports inter home addressing BobPDA ID = hash(pubkey BobPDA ) HomeB ID = hash(pubkey HomeB ) Authone address = BobPDA ID.HomeB ID.authone Lookup service Translates Authone address to IP address Provided by special node(s) (e.g. home gateway) IP address 8
9 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1: entity registration Task 2: address lookup inside home network Task 3: establish trust relationship between homes Task 4: address lookup outside home network Outlook 9
10 Task 1: entity registration Goals Register new device at home network Procedure User Fills new device registration request details Unregistered device Sends registration request details to home gateway Home gateway Creates identity Updates DNS records Sends identity to the new device 10
11 Task 1: entity registration Goals Register new device at home network Unregistered device BobLaptop Afterwards we can Address the new device using the Authone address Identify the new device 11
12 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1: entity registration Task 2: address lookup inside home network Task 3: establish trust relationship between homes Task 4: address lookup outside home network Outlook 12
13 Task 2: address lookup inside home network Goals Resolve Authone address to IP address Procedure Registered device Sends DNS query to home gateway Special node (e.g. home gateway) Local DNS answers Logged on BobLaptop at Home B: $ BobPDA.authone BobPDA DNS query BobLaptop DNS response 13
14 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1: entity registration Task 2: address lookup inside home network Task 3: establish trust relationship between homes Task 4: address lookup outside home network Outlook 14
15 Task 3: establish trust relationship between homes Goals Securely exchange identities between homes Challenges No pre established security context Secure exchange of information over wireless Procedure Authenticated Diffie Hellman key exchange Identity exchange and verification Home B Home A Home A Device A Home B Device B 15
16 Task 3: establish trust relationship between homes Goals Securely exchange identities between homes Procedure: Authenticated Diffe Hellman key exchange Device A and Device B perform DH key exchange and hash DH secret key Device A displays 1st part of hash (ABCD) Device B displays 2nd part of hash (EFGH) User A and User B verbally exchange hashes and enter them into devices User A enters 2st part of hash to Device A (EFGH) User B enters 1st part of hash to Device B (ABCD) Device A ABCD and Device B verify Verbal if exchange input matches the calculated EFGH hash OK. DH key exchange OK. Home A Home B 16
17 Task 3: establish trust relationship between homes Goals Securely exchange identities between homes Procedure: Identity exchange and verification Device A sends Home A and Device A identity Device B Validates presented identities Sends a challenge to Device A Device A responds to challenge Device B verifies response and stores the identities Challenge Home A Response Device A Home A Home B 17
18 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1: entity registration Task 2: address lookup inside home network Task 3: establish trust relationship between homes Task 4: address lookup outside home network Outlook 18
19 Task 4: address lookup outside home network Goals Resolve foreign home Authone address to IP address Challenges How do we contact Home B from Home A? Home A???THE INTERNET Home B Logged on AlicePDA at Home A: $ BobPDA.HomeB.authone 19
20 Task 4: address lookup outside home network Goals Resolve foreign home Authone address to IP address Identity Solution entityid = hash(public_key) Distributed Hash Table Overlay network Provides lookup service similar to hash table (key,value) Key based addressing of DHT nodes Put all home gateways in one DHT HomeID is the home gateway s address in DHT Homes with trust relationship can find and securely communicate with one another Possession of public key: we can generate entityid, thus we can address home gateway in DHT 20
21 Task 4: address lookup outside home network BobPDA Goals Resolve foreign home Authone address to IP address Home A DHT DNS reply DHT reply: My IP and port DNS query: DHT query: Forwards Device A s Home B tell me DNS query your IP and port Home B Forward DNS query DNS reply Logged on AlicePDA at Home A: $ BobPDA.HomeB.authone AlicePDA 21
22 Task 4: address lookup outside home network Demo 22
23 Presentation overview Motivation Goals Diploma thesis Concepts Home network Identities Addressing Tasks Task 1: entity registration Task 2: address lookup inside home network Task 3: establish trust relationship between homes Task 4: address lookup outside home network Outlook 23
24 Outlook Work still in progress Authone framework fundamental part 24
25 The end Thank You! 25
Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks
Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks Maximilian Szengel Advisors: C. Grothoff, R. Holz, H. Niedermayer, B. Polot Master s thesis Chair for Network
More informationIntroduction. Heterogeneous access networks. Customer is in an area with a bad UMTS coverage (Mobility Management)
Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik TU München A Metering Infrastructure for Heterogeneous Mobile Networks Andreas Monger Marc Fouquet Christian Hoene Georg Carle Morten
More informationLehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL
More informationEvent Correlation Engine
Event Correlation Engine Master s Thesis Final Presentation Andreas Müller Tutors: Christoph Göldi, Bernhard Tellenbach Supervisor: Prof. B. Plattner Institut für Technische Informatik und Kommunikationsnetze
More informationNetwork Security. Kerberos and other Frameworks for Client Authentication. Dr. Heiko Niedermayer Cornelius Diekmann. Technische Universität München
Network Security Kerberos and other Frameworks for Client Authentication Dr. Heiko Niedermayer Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: January
More informationGNUnet Distributed Data Storage
GNUnet Distributed Data Storage DHT and Distance Vector Transport Nathan S. Evans 1 1 Technische Universität München Department of Computer Science Network Architectures and Services July, 24 2010 Overview
More informationPeer-to-Peer Systems and Security IN2194
Network Architectures and Services Department of Computer Science TU München Peer-to-Peer Systems and Security IN2194 Dr. Heiko Niedermayer Christian Grothoff, PhD Prof. Dr.-Ing Georg Carle Course organization
More informationTechnische Universität München. Address Resolution and Key Management for a Distributed Communication Underlay
Technische Universität München Department of Informatics Bachelor s Thesis in Informatics Address Resolution and Key Management for a Distributed Communication Underlay cand. inf. Andreas Kammerloher Technische
More informationIntroduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?
Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension
More informationHost Identity Protocol, PLA, and PSIRP
Contents Host Identity Protocol, PLA, and PSIRP Prof. Sasu Tarkoma 23.02.2009 Introduction Current state Host Identity Protocol (HIP) Packet Level Authentication (PLA) Overlays (i3 and Hi3) Clean-slate
More informationDMAP : Global Name Resolution Services Through Direct Mapping
DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu, Rutgers University http://www.winlab.rutgers.edu/~tamvu/ (Joint work with Akash Baid, Yanyong Zhang, Thu D. Nguyen, Junichiro Fukuyama,
More informationDNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION
DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION Peter R. Egli 1/10 Contents 1. Security Problems of DNS 2. Solutions for securing DNS 3. Security with DNSSEC
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationHow to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel
How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel The Barracuda NextGen Firewall F-Series can establish IPsec VPN tunnels to any standard-compliant third party IKEv1 IPsec VPN gateway. The Site-to-Site
More informationNew Security Features in DLMS/COSEM
New Security Features in DLMS/COSEM A comparison to the Smart Meter Gateway Workshop on Power Line Communications 2015 (HRW), Robin Massink (DNV GL), Gerd Bumiller (HRW) 21.09.2015 21.09.2015 1 Initiated
More informationProtocol for Tetherless Computing
Protocol for Tetherless Computing S. Keshav P. Darragh A. Seth S. Fung School of Computer Science University of Waterloo Waterloo, Canada, N2L 3G1 1. Introduction Tetherless computing involves asynchronous
More informationSome Notes on Security in the Service Location Protocol Version 2 (SLPv2)
Some Notes on Security in the Service Location Protocol Version 2 (SLPv2) Marco Vettorello, Christian Bettstetter, and Christian Schwingenschlögl Technische Universität München (TUM), Institute of Communication
More informationCN Assignment I. 1. With an example explain how cookies are used in e-commerce application to improve the performance.
CN Assignment I 1. With an example explain how cookies are used in e-commerce application to improve the performance. In an e-commerce application, when the user sends a login form to the server, the server
More informationRelease Notes. NCP Android Secure Managed Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.
NCP Android Secure Managed Client can be commissioned for use in one of two environments: NCP Secure Enterprise Management, or NCP Volume License Server. Release: 2.32 build 067 Date: May 2013 1. New Features
More informationHow to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel
How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel The Barracuda CloudGen Firewall can establish IPsec VPN tunnels to any standard-compliant, third-party IKEv1 IPsec VPN gateway. The Site-to-Site IPsec
More informationIn the event of re-installation, the client software will be installed as a test version (max 10 days) until the required license key is entered.
NCP Android Secure Managed Client can be commissioned for use in one of two environments: NCP Secure Enterprise Management as an NCP Secure Enterprise Android VPN Client or NCP Volume License Server as
More informationRelease Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.
NCP Secure Enterprise Mac Client Service Release 2.05 Build 14711 Date: December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this
More informationImplementation and Evaluation of Mobility Models with OPNET
Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Implementation and Evaluation of Mobility Models with OPNET Abschlussvortrag zur Masterarbeit von Thomas
More informationInternet Key Exchange
CHAPTER16 The help topics in this section describe the (IKE) configuration screens. (IKE) What Do You Want to Do? (IKE) is a standard method for arranging for secure, authenticated communications. IKE
More informationConfiguration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows
Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows Objective A Virtual Private Network (VPN) is a method for remote users to virtually connect to a private network
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationNCP Secure Managed Android Client Release Notes
Service release: 4.11 r42317 Date: January 2019 Prerequisites Android 9 to Android 4.4 Prerequisites for the central management via Secure Enterprise Management (SEM) To manage the client software centrally
More informationCSE 5306 Distributed Systems
CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations
More informationStudent ID: CS457: Computer Networking Date: 5/8/2007 Name:
CS457: Computer Networking Date: 5/8/2007 Name: Instructions: 1. Be sure that you have 10 questions 2. Write your Student ID (email) at the top of every page 3. Be sure to complete the honor statement
More informationPurpose and security analysis of RASTER
Purpose and security analysis of RASTER Oliver Gasser Advisor: Christian Grothoff Seminar Future Internet SS2010 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität
More informationGraphical Interaction
Fakultät für Informatik Technische Universität München Bachelor s thesis: Graphical Interaction on Enterprise Architecture Visualisations Referee: Björn Kirschner Supervisor: Sascha Roth 1 Structure 1.
More informationLess is More Cipher-Suite Negotiation for DNSSEC
Less is More Cipher-Suite Negotiation for DNSSEC Amir Herzberg Bar-Ilan University Haya Shulman Technische Universität Darmstadt Bruno Crispo Trento University Domain Name System (DNS) Lookup services
More informationConfiguration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview
Configuration Guide How to connect to an IPSec VPN using an iphone in ios Overview Currently, users can conveniently use the built-in IPSec client on an iphone to connect to a VPN server. IPSec VPN can
More informationCSE 5306 Distributed Systems. Naming
CSE 5306 Distributed Systems Naming 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations To access an entity, you have resolve
More informationObtain the hostname or IP address of Cisco UCS Central. Obtain the shared secret that was configured when Cisco UCS Central was deployed.
Registering Cisco UCS Domains with Cisco UCS Central Registration of Cisco UCS Domains, on page 1 Policy Resolution between Cisco UCS Manager and Cisco UCS Central, on page 1 Registering a Cisco UCS Domain
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationRelease Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.
NCP Secure Enterprise Mac Client Service Release 2.05 Rev. 32317 Date: January 2017 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this
More informationNCP Secure Client Juniper Edition (Win32/64) Release Notes
Service Release: 10.10 r31802 Date: September 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows 10 32/64 bit Windows 8.x 32/64
More informationRegistering Cisco UCS Domains with Cisco UCS Central
Registering Cisco UCS Domains with Cisco UCS Central This chapter includes the following sections: Registration of Cisco UCS Domains, page 1 Policy Resolution between Cisco UCS Manager and Cisco UCS Central,
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationVirtual Private Cloud. User Guide. Issue 03 Date
Issue 03 Date 2016-10-19 Change History Change History Release Date What's New 2016-10-19 This issue is the third official release. Modified the following content: Help Center URL 2016-07-15 This issue
More informationNetwork Security IN2101
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security IN2101 Prof. Dr.-Ing. Georg Carle Dipl.-Inform. Ali Fessi Institut für Informatik Technische
More informationIntegrating User Identity Management Systems with the Host Identity Protocol
Integrating User Identity Management Systems with the Host Identity Protocol Marc Barisch Institute of Communication Networks and Computer Engineering Universität Stuttgart marc.barisch@ikr.uni-stuttgart.de
More informationDeploying a New Hash Algorithm. Presented By Archana Viswanath
Deploying a New Hash Algorithm Presented By Archana Viswanath 1 function? Hash function - takes a message of any length as input - produces a fixed length string as output - termed as a message digest
More informationSearching for Shared Resources: DHT in General
1 ELT-53206 Peer-to-Peer Networks Searching for Shared Resources: DHT in General Mathieu Devos Tampere University of Technology Department of Electronics and Communications Engineering Based on the original
More informationDesign and Evaluation of Host Identity Protocol (HIP) Simulation Framework for INET/OMNeT++
Design and Evaluation of Host Identity Protocol (HIP) Simulation Framework for INET/OMNeT++ The 12-th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems October
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 19 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources
More informationImplementing a Web Client for Social Content and Task Management Master s Thesis Final Presentation , Björn Michelsen
Implementing a Web Client for Social Content and Task Management Master s Thesis Final Presentation 10.10.2016, Björn Michelsen Software Engineering für betriebliche Informationssysteme (sebis) Fakultät
More informationNCP Secure Client Juniper Edition Release Notes
Service Release: 10.11 r32792 Date: November 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows 10 32/64 bit Windows 8.x 32/64
More informationSearching for Shared Resources: DHT in General
1 ELT-53207 P2P & IoT Systems Searching for Shared Resources: DHT in General Mathieu Devos Tampere University of Technology Department of Electronics and Communications Engineering Based on the original
More informationForeScout CounterACT. Configuration Guide. Version 4.3
ForeScout CounterACT Authentication Module: RADIUS Plugin Version 4.3 Table of Contents Overview... 4 Understanding the 802.1X Protocol... 4 About the CounterACT RADIUS Plugin... 6 IPv6 Support... 7 About
More informationNaming in Distributed Systems
Distributed Systems, WS 2014 Naming in Distributed Systems Hong-Linh Truong Distributed Systems Group, Vienna University of Technology truong@dsg.tuwien.ac.at dsg.tuwien.ac.at/staff/truong DS WS 2014 1
More informationSOHO 6 Wireless Installation Procedure Windows XP with Internet Explorer 5.x & 6.0
SOHO 6 Wireless Installation Procedure Windows XP with Internet Explorer 5.x & 6.0 Before you Begin Before you install the SOHO 6 Wireless, you must have: A computer with a 10/100BaseT Ethernet card installed
More informationRegistering for classes Help
Registering for classes Help Before You Begin 1. Create your class schedule from the material provided by your campus. 2. Prepare additional schedules in the event courses on your first choice schedule
More informationIPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router
IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router Objective Internet Protocol Security (IPSec) is used to protect communications through the encryption of IP packets during a communication
More informationInter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing
Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing Tsai, Hong-Bin Chiu, Yun-Peng Lei, Chin-Laung Dept. of Electrical Engineering National Taiwan University July 10,
More informationPre-Course Meeting Proseminar Network Hacking & Defense
Network Architectures and Services Department Computer Science Technische Universität München Pre-Course Meeting Proseminar Network Hacking & Defense Dr. Holger Kinkelin and Nadine Herold Content q Administrative
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Introduction to GNUnet 0.9.x for Developers Christian Grothoff Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München April
More information18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange Online Cryptography Course Basic key exchange Trusted 3 rd parties Key management Problem: n users. Storing mutual secret keys is difficult
More informationViber Encryption Overview
Introduction Terms Preparations for Session Setup Secure Session Setup Exchanging Messages Encrypted Calls Photo, Video and File Sharing Secure Groups Secondary Device Registration Authentication Viber
More informationfp2p-hn: A P2P-based Route Optimization Solution for Mobile IP and NEMO clients.
1 fp2p-hn: A P2P-based Route Optimization Solution for Mobile IP and NEMO clients. Albert Cabellos-Aparicio 1, Rubén Cuevas 2, Jordi Domingo-Pascual 1, Ángel Cuevas 2, Carmen Guerrero 2 Abstract Wireless
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationAn Overview of DNSSEC. Cesar Diaz! lacnic.net!
An Overview of DNSSEC Cesar Diaz! cesar@ lacnic.net! 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that
More informationPrimary-Secondary-Resolvers Membership Proof Systems and their Applications to DNSSEC
Primary-Secondary-Resolvers Membership Proof Systems and their Applications to DNSSEC Weizmann Institute Sharon Goldberg, Moni Naor, Dimitris Papadopoulos, Leonid Reyzin, Sachin Vasant, Asaf Ziv The (non)
More informationHost Identity Protocol
Presentation outline Host Identity Protocol Slides by: Pekka Nikander Ericsson Research Nomadiclab and Helsinki Institute for Information Technology http://www.hip4inter.net 2 What is HIP? Motivation HIP
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationLecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011
Lecture 4: Intradomain Routing CS 598: Advanced Internetworking Matthew Caesar February 1, 011 1 Robert. How can routers find paths? Robert s local DNS server 10.1.8.7 A 10.1.0.0/16 10.1.0.1 Routing Table
More informationCS 395T. Formal Model for Secure Key Exchange
CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003
ZyWALL 70 Internet Security Appliance Quick Start Guide Version 3.62 December 2003 Introducing the ZyWALL The ZyWALL 70 is the ideal secure gateway for all data passing between the Internet and the LAN.
More informationFC-SP and DHCHAP. Fibre Channel Security Protocol. Send documentation comments to CHAPTER
30 CHAPTER Fibre Channel Security Protocol () capabilities provide switch-switch and host-switch authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge Handshake
More informationConfiguration of an IPSec VPN Server on RV130 and RV130W
Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel
More informationSecurity Analysis of the Secure Authentication Protocol by Means of Coloured Petri Nets
Security Analysis of the Secure Authentication Protocol by Means of Coloured Petri Nets Wiebke Dresp Department of Business Information Systems University of Regensburg wiebke.dresp@arcor.de Abstract.
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationChapter 6 Virtual Private Networking
Chapter 6 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the ADSL2+ Modem Wireless Router. VPN communications paths are called tunnels. VPN
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 1 Introduction
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 1 Introduction Questions Who is studying? Bachelor Informatics? / Information Sciences
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationDNS Security DNSSEC. *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi
DNS Security DNSSEC *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html 1 IT352 Network Security Najwa AlGhamdi Introduction DNSSEC is a security extensions to the DNS protocol in response to the
More informationNaming. Brighten Godfrey cs598pbg Sept slides 2010 by Brighten Godfrey unless otherwise noted
Naming Brighten Godfrey cs598pbg Sept 23 2010 slides 2010 by Brighten Godfrey unless otherwise noted Announcements Presentations are not on the assigned reading We all read it; no need to see a detailed
More informationThe EN-4000 in Virtual Private Networks
EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationFundamental Algorithms
Technische Universität München Fakultät für Informatik Lehrstuhl für Effiziente Algorithmen Dmytro Chibisov Sandeep Sadanandan Winter Semester 7/ Solution Sheet 5 November, 7 Fundamental Algorithms Problem
More informationAbstractness, Specificity, and Complexity in Software Design
Abstractness, Specificity, and Complexity in Software Design Stefan Wagner and Florian Deißenböck Technische Universität München, Germany Florian Deißenböck ROA, 11.05.2008 Fakultät für Informatik Lehrstuhl
More informationDHT Optimizations for mobile devices. Seminar Mobile Systems Supervisor: Thomas Bocek Student: Dario Nakic
DHT Optimizations for mobile devices Seminar Mobile Systems Supervisor: Thomas Bocek Student: Dario Nakic 05.11.2009 Agenda 1. Peer to Peer systems 2. Lookup problems in P2P systems 3. Distributed Hash
More informationAssurance Activity Report (AAR) for a Target of Evaluation
Assurance Activity Report (AAR) for a Target of Evaluation Apple IOS 10.2 VPN Client on iphone and ipad Apple IOS 10.2 VPN Client Security Target Version 1.0, July 2017 Protection Profile for IPsec Virtual
More informationPublic Key Cryptography Options for Trusted Host Identities in HIP
Public Key Cryptography Options for Trusted Host Identities in HIP Harri Forsgren and Timo Karvi University of Helsinki, Department of Computer Science Kaj Grahn and Göran Pulkkis Arcada University of
More informationDefining IPsec Networks and Customers
CHAPTER 4 Defining the IPsec Network Elements In this product, a VPN network is a unique group of targets; a target can be a member of only one network. Thus, a VPN network allows a provider to partition
More informationInvestigating the OpenPGP Web of Trust
Investigating the OpenPGP Web of Trust Alexander Ulrich, Ralph Holz, Peter Hauck, Georg Carle Diskrete Mathematik Universität Tübingen Netzarchitekturen und Netzdienste Technische Universität München ESORICS
More informationKEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington
KEY AGREEMENT PROTOCOLS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 13 of Trappe and Washington DIFFIE-HELLMAN KEY EXCHANGE Alice & want to exchange a ton of data using
More informationAnswer to the written exam given on TDTS06 Computer networks, October 23,
Answer to the written exam given on TDTS06 Computer networks, October 23, 2009 --------------------------------------------------------------------- Answers provided by Juha Takkinen, IDA, juha.takkinen@liu.se.
More informationHow to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP
How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP If you are using the Amazon Virtual Private Cloud, you can transparently extend your local network to the cloud by connecting both networks
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationConfiguring Security Features on an External AAA Server
CHAPTER 3 Configuring Security Features on an External AAA Server The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users
More informationBiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network
BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network Your network is constantly evolving as you integrate more business applications
More informationThis version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.
NCP Secure Enterprise MAC Client Service Release 2.02 Build 11 Date: August 2011 1. New Feature Compatibility to Mac OS X 10.7 Lion This version of the des Secure Enterprise MAC Client can be used on Mac
More information