Professional Documents
Culture Documents
Network Security Issues: Dr. S. K. Ghosh
Network Security Issues: Dr. S. K. Ghosh
Dr. S. K. Ghosh
School of Information Technology Indian Institute of Technology, Kharagpur skg@sit.iitkgp.ernet.in
Security Attacks
Any action that compromises the security of information. Four types of attack:
1. 2. 3. 4. Interruption Interception Modification Fabrication S D
Destination
2
Basic model:
Source
Interception:
Attack on confidentiality
Security Attacks
Modification:
Attack on integrity
I S D
Fabrication:
Attack on authenticity
S I
Active attacks
Involve some modification of the data stream or the creation of a false stream. Four categories:
Masquerade:- One entity pretends to be a different entity. Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification:- Some portion of a legitimate message is altered. Denial of service:- Prevents the normal use of communication facilities.
Security Services
Confidentiality (privacy) Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources) Availability (permanence, non-erasure)
Denial of Service Attacks
IPSec
Provides two modes of protection
Tunnel Mode Transport Mode
Tunnel Mode
Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types
Gateway to gateway Host to gateway Host to host
Gateway to Gateway
Host to Gateway
Host to Host
10
Transport Mode
Encapsulates only the transport layer information within IPSec protection Can only be created between host nodes
11
12
Confidentiality
Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel
13
Replay Prevention
Causes retransmitted packets to be dropped.
14
15
Data
TCP Hdr
Data
16
IP Hdr
Data
Orig IP Hdr TCP Hdr Insert Orig IP Hdr ESP Hdr TCP Hdr Data
18
IPHdr
19
IKE
TCP/IP Driver
IPSec Driver
20
IPSec Driver
Monitors and Secures IP traffic
Encryption and Authentication of outbound packets Decryption and Authentication of inbound packets Prompts IKE to negotiate secure channels as needed
Policy Agent
Maintains IPSec policy and state information Distributes filter rule sets to the IPSec Driver Distributes authentication and security settings to IKE
22
IKE
Negotiates secure channels based on settings received from the Policy Agent Distributes secure channel information to the IPSec driver
23
Transport
24
Physical
IP
IPSec
TCP
Application Data
25
Physical
IP
IPSec
TCP
Application Data
IP
IPSec
TCP
Application Data
Physical
Outer IP
IPSec
Inner IP
IPSec
TCP
Application Data
26
Physical
Outer IP
IPSec
Inner IP
IPSec
TCP
Application Data
IP
IPSec
TCP
Application Data
Physical
IP
IPSec
TCP
Application Data
27
Physical
IP
IPSec
TCP
Application Data
28