7/31/2019 IP Layer Security
1/20
1
IP LAYER
SECURITY
Lecture #5
7/31/2019 IP Layer Security
2/20
Learning Objectives2
Understand the ESP and AH
protocols
7/31/2019 IP Layer Security
3/20
Understand IPSec and its
architecture
Understand IPSec protocol
processing
Understand the ESP and AH
protocols Understand the
ISAKMP protocol
Understand the IKE protocol
Understand VPN
7/31/2019 IP Layer Security
4/20
Introduction3
The increased connectivity ofthe Internet has given
7/31/2019 IP Layer Security
5/20
opportunity to intruders to carry
out a variety of attacks
A broad range of solutions to
achieve secure data
communication These Thesesolutions solutions operate
operate at at different different
layers layers of of protocol
protocol stack: stack:
Application-level security (ALS)
Transport-level security (TLS)
7/31/2019 IP Layer Security
6/20
Network-level security
7/31/2019 IP Layer Security
7/20
Introduction4
and socket layer
IP layer security or IPSec
7/31/2019 IP Layer Security
8/20
Guarantees privacy and
integrity of IP data packets
irrespective of the security
features at the application
and socket layer Any
application will benefit from
the underlying IP security as
long as it uses IP to senddata
7/31/2019 IP Layer Security
9/20
Introduction5
IPSec is the most
transparent solution because
7/31/2019 IP Layer Security
10/20
it does not require modifying
the application
IPSecs existence is hidden
from the application We
discuss the security
mechanism provided at the
IP layer and its applications
here
7/31/2019 IP Layer Security
11/20
Short Introduction to
the IP Suite6
guarantee of packet delivery
7/31/2019 IP Layer Security
12/20
The IP has the task of
enabling communicationbetween systems
IP offers a connectionless
datagram service with no
guarantee of packet delivery
IP does not provide explicit
mechanisms to guaranteecorrect delivery
7/31/2019 IP Layer Security
13/20
Short Introduction to
the IP Suite7
InternetApplication Protocol
TCP UDP
IP
7/31/2019 IP Layer Security
14/20
Access Control
Application Protocol
TCP UDP
IP
Access Control
System B
Application Protocol
TCP UDP
IP
Access Control
System A
System C
7/31/2019 IP Layer Security
15/20
Source: http://s000jiq.springnote.com/pages/4649045/attachments/2521669
8
Short Introduction to
the IP SuiteByte
Version
Protocol
Fragment Offset
Version of IP Protocol. 4 and 6 are valid. This diagram represents version 4 structure only
Header Length
Number of 32-bit words in TOP header, minimum value of 5 Multiply by 4 to get byte count.
Total Length
7/31/2019 IP Layer Security
16/20
Total length of IP datagram, or IP fragment if fragmented. Measured in Bytes.
Fragment offset from start of IP datagram. Measured in 8 byte (2 words, 64 bits) increments. I1 IP datagram is
fragmented, fragment size (Tota\ Length) mus! be a multiple of 8 bytes.
x 0x80 reserved {evil bit)
D 0x40 Do Not Fragment
M 0x20 More Fragments
follow
Header Checksum
Checks-um 01 entire IP header
Please refer to RFC for ihe complete Internet Protocol (IF) Specification.
Copyright 2004 - Malt Baxter - [email protected]
7/31/2019 IP Layer Security
17/20
Internet Threats9
The Internet opens up a
huge array of vulnerabilities
7/31/2019 IP Layer Security
18/20
Without proper control and
measures, any transactionover the Internet is subjected
to the followings:
Packet sniffing
Loss of data integrity
Identity spoofing
Replay of old packets
7/31/2019 IP Layer Security
19/20
10
IPSec
A method proposed to solve
the mentioned attacks
7/31/2019 IP Layer Security
20/20
through the interaction with
the network layer
It can encrypt and
authenticate all traffic at the
IP level
Top Related