Network Encryption 3 4/20/17

Size: px
Start display at page:

Download "Network Encryption 3 4/20/17"

Transcription

1 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server applications: Kerberos HTTP, etc.: SSL/TLS but what about a network as a whole? implementing security at the IP layer could ensure secure networking for all applications and transparently The Network Layer two approaches for security at the network protocol layer: end- to- end security, or network link security The Network Layer end- to- end security is a minimalist strategy encryption/decryption is restricted exclusively to the endpoint hosts communicating payload data is encrypted header information for all PDUs must remain plaintext Pros? Cons? 1

2 The Network Layer network link security implies that network layer devices (routers) manage encryption/decryption duties when a packet arrives at a link, it is decrypted, checked, encrypted again and transmitted to the next link each pair of routers must be equipped with encryption technology and must manage encryption keys Pros? Cons? The Network Layer: IPSec IPSec (for Internet Protocol Security ) is a hybrid model that attempts to provide more security over an insecure network layer (IPv4 or IPv6) a suite of protocols instead of Internet router implementation, IPSec creates a virtual secure network that is managed by servers that establish a secure connection between hosts all packets transmitted through this connection receive same security services The Network Layer: IPSec Security Services confidentiality. privacy of communications message integrity. can detect whether messages have been tampered with or altered authentication. can provide source authentication to prevent IP spoofing and related attacks access control. only authorized agents can send and receive packets over a network connection anti- replay. can detect and prevent playback attacks The Network Layer: IPSec commonly used for establishing Virtual Private Networks (VPNs) 2

3 The Network Layer: IPSec Transfer Modes Two standard modes of operation: transport used for end- to- end communications, for example, encrypted telnet or Remote Desktop sessions provides protection of the data or IP payload tunnel the default mode: the entire packet is protected by IPSec the entire packet is encrypted and wrapped with a new IP header the datagram is then sent to the other side of the VPN tunnel The Network Layer: IPSec the IPSec protocol suite can be divided into three basic groups Authentication Header (AH), RFC 4302 Encapsulating Security Payload (ESP), RFC 4303 Internet Key Exchange protocols, which generates and distributes keys for both AH and ESP The Network Layer: IPSec Authentication Header IPSec Authentication Header (AH) a protocol that provides authentication of all or part of the contents of a datagram the AH does not provide privacy The Network Layer: IPSec Authentication Header in the transport mode, the AH header is inserted after the IP header IP data and header are used to calculate the authentication value 3

4 The Network Layer: IPSec Authentication Header in the tunnel mode, the original IP datagram is encapsulated within a new IP packet all of the original IP datagram is authenticated The Network Layer: Encapsulating Security Payload Encapsulated Security Payload (ESP) uses shared key encryption for data privacy also supports its own authentication or can be used in conjunction with AH ESP divides its fields into three components ESP Header ESP Trailer ESP Authentication Data The Network Layer: Encapsulating Security Payload in transport mode, ESP Header is inserted after the original IP header ESP trailer and authentication are added to the end of the packet each host must be aware that IPSec is operating The Network Layer: Encapsulating Security Payload in tunnel mode, the original IP packet is encapsulated, which secures both IP header and payload ESP header follows the new IP header ESP trailer and authentication are again added to the end of the packet 4

5 The Network Layer: Internet Key Exchange Internet Key Exchange (IKE) is a composite of several protocols that automatically negotiate IPSec Security Associations (SA) and enable secure communications authenticates hosts as IPSec peers and manages shared key generation uses Diffie- Hellman so that hosts without previous communication can establish a common shared secret The Network Layer: Internet Key Exchange In Phase 1, peers lay groundwork for an IPSec Security Association (SA) i.e., establishing what traffic to protect and how to protect it The Network Layer: Internet Key Exchange In Phase 2, peers specify parameters for security levels and are ready to exchange data Phase 2 can also serve as a quick mode for creating the SAs The Link Layer: Wireless LANs ANSI/IEEE Standard is the dominant technology for wireless LANs topology: the basic service set (BSS) is the fundamental component of the wireless LAN there are two types: BSS with an Access Point ( AP ), which serves as the central base station connecting a collection of wireless hosts ad hoc network (no AP), hosts form temporary network without the aid of an AP 5

6 The Link Layer: Wireless LANs we will focus on the former, wireless LANs with an AP as the central base they are connected (eventually) to wired networks and the Internet it is also typical for several BSS to be connected The Link Layer: BSS Membership How does a host join an associated BSS? SSID. each AP is assigned a one- or two- word Service Set Identifier (SSID) channel. the AP is designated a specific channel or sub- frequency for communication beacon frames. each AP sends short messages to identify the AP s SSID and MAC address The Link Layer: BSS Membership How does a host join an associated BSS? passive scanning. any host within range will receive beacon frames the host is free to choose any BSS that identifies itself active scanning. the host broadcasts probe request frames. An AP within range may respond with a probe response frame The Link Layer: BSS Membership How does a host join an associated BSS? regardless of the method, the last step is the handshake protocol association request frames association response frames membership may require authentication in these instances, the AP consults an authentication server 6

7 The Link Layer: Common Attacks on Wireless LANs packet sniffing. easy and risk of detection is low rogue APs. unauthorized wireless devices that extend the range of a local network serve as pivot points for attacks evil twin attack. a device that masquerades as the BSS AP used for MITM attacks The Link Layer: Wireless LAN Security IEEE i provides protocols for Robust Security Networks (RSN) authentication. prescribes the exchange between a wireless host and the authentication server provide mutual authentication, generates temporary keys access control. enforces the use of authentication, routes messages, and facilitates the key exchange. privacy with message integrity. data are encrypted along with message integrity code The Link Layer: Wireless LAN Security The Link Layer: Wireless LAN Security the Discovery phase includes: network & security discovery system association in the Authentication phase, the host joins the AS, receives master session key from AS via AP in the key management phase, there is usually a four- way handshake nonce is sent to STA from AP STA sends a separate nonce with a Message Integrity Code (MIC) the AP sends a Group Temporal Key (GTK) and MIC the STA acknowledges The Pairwise Transient Key (PTK) insures the STA that there is no MITM attack 7

8 The Link Layer: Wireless LAN Security confidentiality is ensured by Wireless Protected Access 2 (WPA2) uses AES encryption/decryption with Cipher Block Chaining- MAC or CCM integrity is ensured by the CCM, which uses the last code block as the MIC 8

Chapter 24 Wireless Network Security

Chapter 24 Wireless Network Security Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality

More information

COSC4377. Chapter 8 roadmap

COSC4377. Chapter 8 roadmap Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, 1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets

More information

CSC 6575: Internet Security Fall 2017

CSC 6575: Internet Security Fall 2017 CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture

More information

Internet security and privacy

Internet security and privacy Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security

More information

IP Security. Have a range of application specific security mechanisms

IP Security. Have a range of application specific security mechanisms IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security

More information

Chapter 17. Wireless Network Security

Chapter 17. Wireless Network Security Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with

More information

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols

More information

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL

More information

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009 VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A

More information

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016 Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project

More information

IPSec. Overview. Overview. Levente Buttyán

IPSec. Overview. Overview. Levente Buttyán IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet

More information

IP Security. Cunsheng Ding HKUST, Kong Kong, China

IP Security. Cunsheng Ding HKUST, Kong Kong, China IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

IPSec Transform Set Configuration Mode Commands

IPSec Transform Set Configuration Mode Commands IPSec Transform Set Configuration Mode Commands The IPSec Transform Set Configuration Mode is used to configure IPSec security parameters. There are two core protocols, the Authentication Header (AH) and

More information

Virtual Private Network

Virtual Private Network VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality

More information

Virtual Private Networks (VPN)

Virtual Private Networks (VPN) CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1

More information

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015 Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA

More information

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these

More information

Lecture 9: Network Level Security IPSec

Lecture 9: Network Level Security IPSec Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Virtual Private Networks

Virtual Private Networks EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,

More information

WPA-GPG: Wireless authentication using GPG Key

WPA-GPG: Wireless authentication using GPG Key Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication

More information

Network Security: IPsec. Tuomas Aura

Network Security: IPsec. Tuomas Aura Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to

More information

IPSec Transform Set Configuration Mode Commands

IPSec Transform Set Configuration Mode Commands IPSec Transform Set Configuration Mode Commands The IPSec Transform Set Configuration Mode is used to configure IPSec security parameters. There are two core protocols, the Authentication Header (AH) and

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

CSE543 Computer and Network Security Module: Network Security

CSE543 Computer and Network Security Module: Network Security CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel

More information

Time Synchronization Security using IPsec and MACsec

Time Synchronization Security using IPsec and MACsec Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also

More information

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

Virtual Tunnel Interface

Virtual Tunnel Interface This chapter describes how to configure a VTI tunnel. About s, on page 1 Guidelines for s, on page 1 Create a VTI Tunnel, on page 2 About s The ASA supports a logical interface called (VTI). As an alternative

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43 0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link

More information

Introduction and Overview. Why CSCI 454/554?

Introduction and Overview. Why CSCI 454/554? Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

The IPsec protocols. Overview

The IPsec protocols. Overview The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview

More information

Configuration of an IPSec VPN Server on RV130 and RV130W

Configuration of an IPSec VPN Server on RV130 and RV130W Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel

More information

Chapter 5: Network Layer Security

Chapter 5: Network Layer Security Managing and Securing Computer Networks Guy Leduc Mainly based on Network Security - PRIVATE Communication in a PUBLIC World C. Kaufman, R. Pearlman, M. Speciner Pearson Education, 2002. (chapters 17 and

More information

Network Encryption Methods

Network Encryption Methods Network Encryption Network Encryption Methods CSC362, Information Security Objectives understanding the impact of employing encryption at different protocol layers application layer encryption transport

More information

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University Chapter 6 IP Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. IP Security Overview 2. IP Security Architecture 3.

More information

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

Table of Contents 1 WLAN Security Configuration Commands 1-1

Table of Contents 1 WLAN Security Configuration Commands 1-1 Table of Contents 1 WLAN Security Configuration Commands 1-1 authentication-method 1-1 cipher-suite 1-2 gtk-rekey client-offline enable 1-2 gtk-rekey enable 1-3 gtk-rekey method 1-4 ptk-lifetime 1-5 security-ie

More information

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security - ISA 656 IPsec IPsec Key Management (IKE) Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating

More information

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A Network Security IP Security Part 1 1 IP Security Overview 1994 RFC1636, Security in the Internet Architecture Identified key needs: Secure network infrastructure from unauthorized monitoring Control network

More information

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The

More information

VPN Ports and LAN-to-LAN Tunnels

VPN Ports and LAN-to-LAN Tunnels CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel

More information

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted. Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.

More information

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved.  Worldwide Education Services Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will

More information

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED Part V ECHONET Lite System Design Guidelines i 2011 (2012) ALL RIGHTS RESERVED The specifications published by the ECHONET Consortium are established without regard to industrial property rights (e.g.,

More information

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content

More information

IP Security IK2218/EP2120

IP Security IK2218/EP2120 IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Configuring Layer2 Security

Configuring Layer2 Security Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring

More information

8. Network Layer Contents

8. Network Layer Contents Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular

More information

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

COMPUTER SECURITY. Computer Security Secure Communication Channels (2) COMPUTER SECURITY 7. Secure Communication Channels: 2 case studies (2) Technologies' case studies (2) WEP Wired Equivalent Privacy (3) IPsec Internet Protocol Security (11) SSL Secure Sockets Layer (25)

More information

Physical and Link Layer Attacks

Physical and Link Layer Attacks Physical and Link Layer Attacks CMSC 414 November 1, 2017 Attenuation Physical links are subject to attenuation Copper cables have internal resistance, which degrades signal over large distances Fiber

More information

CSE509: (Intro to) Systems Security

CSE509: (Intro to) Systems Security CSE509: (Intro to) Systems Security Fall 2012 Invited Lecture by Vyas Sekar IPSec 2005-12 parts by Matt Bishop, used with permission Security in Real Life: Motivation Site SF Company X $$$ Site NY Site

More information

1 FIVE STAGES OF I.

1 FIVE STAGES OF I. 1 1 FIVE STAGES OF 802.11I. Stage 1. AP and Security Capability Discovery This stage consists of messages numbered (1) to (3). The AP either periodically broadcasts its security capabilities, indicated

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Chapter 6/8. IP Security

Chapter 6/8. IP Security Chapter 6/8 IP Security Prof. Bhargavi H Goswami Department of MCA, Sunshine Group of Institutes, Rajkot, Gujarat, India. Mob: +918140099018. Email: bhargavigoswami@gmail.com Topic List 1. IP Security

More information

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router Objective Internet Protocol Security (IPSec) is used to protect communications through the encryption of IP packets during a communication

More information

Lecture 12 Page 1. Lecture 12 Page 3

Lecture 12 Page 1. Lecture 12 Page 3 IPsec Network Security: IPsec CS 239 Computer Software February 26, 2003 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same

More information

Appendix E Wireless Networking Basics

Appendix E Wireless Networking Basics Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design

More information

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,

More information

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California Security and Lawful Intercept In VoIP Networks Manohar Mahavadi Centillium Communications Inc. Fremont, California Agenda VoIP: Packet switched network VoIP devices VoIP protocols Security and issues in

More information

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE. INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building

More information

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE

More information

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions 4.4 IEEE 802.11 MAC Layer 4.4.1 Introduction 4.4.2 Medium Access Control 4.4.3 MAC Management 4.4.4 Extensions 4.4.3 802.11 - MAC management Synchronization try to find a LAN, try to stay within a LAN

More information

05 - WLAN Encryption and Data Integrity Protocols

05 - WLAN Encryption and Data Integrity Protocols 05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks

More information

The EN-4000 in Virtual Private Networks

The EN-4000 in Virtual Private Networks EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission

More information

CS 356 Internet Security Protocols. Fall 2013

CS 356 Internet Security Protocols. Fall 2013 CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5

More information

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014 Network Security: IPsec Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 2 IPsec: Architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects

More information

Network Security Chapter 8

Network Security Chapter 8 Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information