Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Similar documents
Overview of Hierarchical Protocol Architecture. Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Hierarchical Protocol Architecture

Hierarchical Protocol Architecture. Youki Kadobayashi Nara Institute of Science and Technology Graduate School of Information Science

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

Network Encryption 3 4/20/17

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

CSE543 Computer and Network Security Module: Network Security

IPSec. Dr.Talal Alkharobi. IPsec (IP security)

Analysis of VPN Protocols

Transport Level Security

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Transport Layer Security

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Virtual Private Networks

Virtual Private Network

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Internet security and privacy

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Virtual Private Networks (VPN)

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

8. Network Layer Contents

CSC 4900 Computer Networks: Security Protocols (2)

Lecture 10: Communications Security

CSCE 715: Network Systems Security

Lecture 9: Network Level Security IPSec

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

The OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

IP Security IK2218/EP2120

Introduction to Networking

CS 356 Internet Security Protocols. Fall 2013

Virtual Private Networks.

Review on protocols of Virtual Private Network

INDEX. Symbols. 3DES over4 mechanism to4 mechanism...101

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

Firewalls, Tunnels, and Network Intrusion Detection

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 1. Slide 2. Slide 3

Chapter 6: Security of higher layers. (network security)

IP Security. Have a range of application specific security mechanisms

Read addressing table and network map

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Chapter 2. Communicating Over The Network. CCNA1-1 Chapter 2

Lecture 13 Page 1. Lecture 13 Page 3

Defining Networks with the OSI Model. Module 2

IPSec. Overview. Overview. Levente Buttyán

Total No. of Questions : 09 ] [ Total No.of Pages : 02

TCP/IP THE TCP/IP ARCHITECTURE

Copyleft 2005, Binnur Kurt. Objectives

Chapter 8 Network Security

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

CSE509: (Intro to) Systems Security

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Network Layers. Standardization Cruelty 2009/08/12. (C) Herbert Haas

VPN Ports and LAN-to-LAN Tunnels

Chapter 7. Local Area Network Communications Protocols

HP Instant Support Enterprise Edition (ISEE) Security overview

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Chapter 2. Communicating Over The Network

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

COSC4377. Chapter 8 roadmap

E-commerce security: SSL/TLS, SET and others. 4.1

Networking and Health Information Exchange: ISO Open System Interconnection (OSI)

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Cryptography and Network Security

Hands-On TCP/IP Networking

Table of Contents. Computer Networks and the Internet

A-B I N D E X. backbone networks, fault tolerance, 174

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

CompTIA Network+ Course

IBM i Version 7.2. Security Virtual Private Networking IBM

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Internetworking models

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Sample excerpt. Virtual Private Networks. Contents

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Chapter 3 Protocols and the TCP/IP Suite

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Administrator's Guide

Additional Material. Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Information Network I/No.

Chapter 11 The IPSec Security Architecture for the Internet Protocol

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Transcription:

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

History of computer network protocol development in 20 th century.

Development of hierarchical protocol 1980s Industrial de facto standards IBM SNA, DECNET, Xerox XNS OSI AppleTalk, Novell Netware, NetBIOS CLNP, TP4, IS-IS, X400, TCP/IP RIP, EGP/BGP, OSPF TELNET, SMTP, DNS, FTP, SNMP, NTP,. DARPA adapted TCP/IP as a standard. ARPAnet, MILnet Information Network 1 / 2012 3

Development of hierarchical protocol We knew the market winner of computer communication protocols in 1990 s TCP/IP Mistakes of OSI Slow standardization defeat of ISO standardization process by national delegates. Complex specifications Only 7 Layer Reference Model and X.500 are still widely used. Victory of TCP/IP Simple, open and fast process of standardization victory of IETF standardization process The United States continued using TCP/IP. simple specification and implementation oriented Information Network 1 / 2012 4

Decline of vendor protocol Once standardized, but losing the game. DECNET OSI Protocol AppleTalk TCP/IP applications Netware, NetBios TCP/IP applications Xerox XNS: decline and lost Only IBM / SNA was survived Large scale general-purpose system known as legacy system Difficult to migrate mission-critical system to the other open platform Information Network 1 / 2012 5

Development of hierarchical protocol 21 st century Development of upper layer protocol session layer presentation layer Demise of protocols processing platform Layer segmentation and sophistication MPLS J2EE,.NET, GRID. Information Network 1 / 2012 6

Significant technologies Data Link Ethernet : LAN technology HDLC : classical packet switching technology TCP/IP Protocol Suite TCP/IP protocol is used most in the world. especially, IP and TCP Network Management Application Technology Information Network 1 / 2012 7

Multiplexing, Demultiplexing, and Encapsulation Information Network 1 / 2012 8

Multiplexing Application Presentation Session FTP DNS PAP Session Manager Transport TCP UDP TP4/AppleTalk Network Data Link Physical IP IEEE802.3 Ethernet CAT/5 cable AppleTalk Information Network 1 / 2012 9

Demultiplexing Application Presentation Session FTP DNS PAP Session Manager Transport TCP UDP TP4/AppleTalk Network Data Link Physical IP IEEE802.3 Ethernet CAT/5 cable AppleTalk Information Network 1 / 2012 10

Technical Aspect of Hierarchical Protocol Encapsulation Lower-level protocol encapsulates a packet of upper-level protocol (n-1) PDU = (n-1) header + (n)pdu stores upper layer packet in a data area Application Presentation Session Transport Network Data Link Physical Information Network 1 / 2012 11

Pros & Cons Pro. Simple Easily understandable Separated & parallel implementations Concealment function and independent version up Interconnection between different networks Con. Hierarchical implementation can not improve quality and its performance. Memory and data managements are difficult by encapsulation process Data length flexibility is difficult to handle. Information Network 1 / 2012 12

Network Layer Gateway ES (End System) Application Presentation Session Transport Network Data Link Physical Network layer gateway IPv4 ES (End System) Application Presentation Session Transport Network Data Link Physical Physical connection Physical connection Information Network 1 / 2012 13

Transport Layer Gateway ES (End System) Application Presentation Session Transport Transport layer gateway 4/6 mapping ES (End System) Application Presentation Session Transport Network IPv4 IPv6 Network Data Link Data Link Physical Physical Physical connection Physical connection Information Network 1 / 2012 14

Application Layer Gateway ES (End System) Application Presentation Session Application layer gateway SMTP X400 ES (End System) Application Presentation Session Transport TCP TCP Transport Network IPv4 IPv6 Network Data Link Data Link Physical Physical Physical connection Physical connection Information Network 1 / 2012 15

Virtual Private Network (VPN) Information Network 1 / 2012 16

VPN A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together using advanced encryption and tunnels to protect: Confidentiality of information Integrity of data Authentication of users The primary benefits include: Security Private on public infrastructure: encryption & authentication Reduced cost Elimination of expensive dedicated WAN circuits Scalability Corporate network availability can be scaled quickly with minimal cost Information Network 1 / 2012 17

VPN Classification Remote access VPN Targeted at mobile users and home telecommutes Site-to-Site VPN Used to connect remote offices and branch offices to the headquarters internal network over a shared infrastructure Information Network 1 / 2012 18

VPN Technologies Layer 2 VPNs Operate at Layer 2 of the OSI reference model Point-to-point connection Common protocols: Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Layer 2 Forwarding Connectivity between sites over a virtual circuit A virtual circuit is a logical end-to-end connection between two endpoints in a network Popular Layer 2 VPNs ATM Frame Relay Information Network 1 / 2012 19

VPN Technologies Layer 3 VPNs The delivery header of a connection between two sites is at Layer 3 of the OSI model Generic Routing Encapsulation (GRE) Tunnels: RFC 1701 MPLS VPNs (RFC 2547) Use labels to encapsulate the original data or payload Key advantage: flexibility to configure arbitrary technologies Scalability: no point-to-point tunnels IPSec VPNs IPSec is a suite of protocols developed under the auspices of the IETF to achieve secure services over IP packet-switched networks Services: authentication, integrity, access control, confidentiality Information Network 1 / 2012 20

VPN Technologies Transport Layer VPNs (SSL/TLS) Used to provide security with single HTTP-based applications Secure Socket Layer (SSL) Developed by Netscape for secure authentication connection between browsers and servers SSL Version 3, open standard in 1999 and called Transport Layer Security (TLS) Version 1 Use of certificates is fundamental Server-only authentication Server-client authentication Protocols: SSL Handshake SSL Record SSL Cipher Change SSL Alert Information Network 1 / 2012 21

VPN Technologies Application Layer Provide protection for only a single application Secure Shell (SSH): Remote login protection S-MIME Pretty Good Privacy (PGP) Information Network 1 / 2012 22

Encryption & Security Protocol IPSec (Internet Protocol Security) Network layer Protects and authenticates IP packets Framework of open standard Provides CIA (Confidentiality, Integrity, and Authentication) It consists of two sub-layers Encapsulating Security Payload (ESP): encrypts the packet s payload with a symmetric key It provides confidentiality, data integrity, data origin authentication, and antireply services Authentication Header (AH): uses hashing operation to hide packet information It provides connectionless integrity, data authentication, and replay protection but does not provide confidentiality Information Network 1 / 2012 23

Encapsulation First layer: L2TP encapsulation A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header. Second layer: IPsec encapsulation The resulting L2TP message is then wrapped with an IPsec ESP header and trailer, an IPsec AH, and a final IP header. Information Network 1 / 2012 24

IPSec (RFC2401) Overview Encryption A cryptographic algorithm is the mathematical function used for encryption and decryption. Two categories of cryptographic algorithms Symmetric: the same key is used to encrypt and decrypt the message Problem of key distribution DES, 3DES, AES Asymmetric: use separate keys one for encryption and another for decryption The encryption key is called public key and is available for anyone The decryption key is called private key and should be kept secret The two keys are mathematically related Hash: To attest the content of a message and the identity of the sender, a digital signature is created by the message with a private key Information Network 1 / 2012 25

IPSec (RFC2401) Overview Transport mode In this mode an IPSec header (AH or ESP) is inserted between the IP header and the upper layer protocol header Original IP Header TCP DATA Original IP Header AH TCP DATA Authenticated Original IP Header ESP Header TCP DATA ESP Header ESP Authentication Authenticated Encripted Information Network 1 / 2012 26

IPSec (RFC2401) Overview Tunnel mode The original IP packet is encapsulated in another IP datagram, and an IPSec header (AH or ESP) is inserted between the outer and inner headers, Original IP Header TCP DATA Original IP Header Original IP AH TCP DATA Header Authenticated New IP Header ESP Header Original IP Header TCP DATA ESP Trailer ESP Auth, Authenticated Encripted Information Network 1 / 2012 27

IPSec (RFC2401) Overview Key Management and Security Association Diffie-Hellman Key Exchange Security association (SA) Basic building block of IPSec Internet Key Exchange (IKE) SA: Default IPSec method for secure key negociation Phase 1: mutual authentication of systems, session key establishment Phase 2: negociation and establishment of IPSec SA Information Network 1 / 2012 28

Assignment 1 Information Network 1 / 2012 29

Network Simulation(1) Goal: To be able to understand the network topology of the Mandara Network and to learn how to use Packet Tracer. What to do: Obtain a copy of the Packet Tracer installer from the Mandara network: ~noppawat-c/network2012/ Windows: PacketTracer533_setup.exe Linux: PacketTracer533_* Mac: please use the VM image "network2012.tar.gz"» (user: network2012, password: 1234) Install the application on your machine and refer to the link below on how to use it: http://engweb.info/cisco/packet Tracer Tutorials.html Replicate the Mandara system (refer to the diagram in the next slide) in Packet Tracer Information Network 1 / 2012 30

Network Simulation(2) Essay: Identify the different equipment used in the network Explain briefly the function of each device Categorize which device(s) belong to which OSI layer Information Network 1 / 2012 31

Mandara Network Architecture Information Network 1 / 2012 32

Submission Deadline: May 2, 2012 (Wed) at 17:00 JST Compress your Packet Tracer file and essay in one folder with your name and student ID (e.g., DoudouFall1234567.zip) then send it to: network1-2012@is.naist.jp For questions and concerns about the assignment, you may contact the TAs by email (network1-2012@is.naist.jp) or meet them in A307 Internet Engineering Laboratory Information Network 1 / 2012 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback