Scribd Logo
Upload

Welcome to Scribd!

  • Network Security Issues: Dr. S. K. Ghosh

    Uploaded by

    Pravin Dherange
    15 views28 pages
    This document discusses network security issues and IPSec. It describes four types of security attacks: interruption, interception, modification, and fabrication. It also discusses passive and active attacks. IPSec provides two modes of protection: tunnel mode and transport mode. It describes how IPSec provides authentication, integrity, confidentiality, and replay protection. The document outlines how IPSec authentication header and encapsulating security payload work in both transport and tunnel modes.

    Original Description:

    Slides 1

    Original Title

    Slides 1

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses network security issues and IPSec. It describes four types of security attacks: interruption, interception, modification, and fabrication. It also discusses passive and active attacks. IPSec provides two modes of protection: tunnel mode and transport mode. It describes how IPSec provides authentication, integrity, confidentiality, and replay protection. The document outlines how IPSec authentication header and encapsulating security payload work in both transport and tunnel modes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views28 pages

    Network Security Issues: Dr. S. K. Ghosh

    Uploaded by

    Pravin Dherange
    This document discusses network security issues and IPSec. It describes four types of security attacks: interruption, interception, modification, and fabrication. It also discusses passive and active attacks. IPSec provides two modes of protection: tunnel mode and transport mode. It describes how IPSec provides authentication, integrity, confidentiality, and replay protection. The document outlines how IPSec authentication header and encapsulating security payload work in both transport and tunnel modes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 28

    Network Security Issues

    Dr. S. K. Ghosh
    School of Information Technology Indian Institute of Technology, Kharagpur skg@sit.iitkgp.ernet.in

    Security Attacks
    Any action that compromises the security of information. Four types of attack:
    1. 2. 3. 4. Interruption Interception Modification Fabrication S D
    Destination
    2

    Basic model:

    Source

    Security Attacks (contd.)


    Interruption:
    Attack on availability
    S D

    Interception:
    Attack on confidentiality

    Security Attacks
    Modification:
    Attack on integrity
    I S D

    Fabrication:
    Attack on authenticity

    S I

    Passive and Active Attacks


    Passive attacks
    Obtain information that is being transmitted (eavesdropping). Two types:
    Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission. Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged.

    Very difficult to detect.

    Active attacks
    Involve some modification of the data stream or the creation of a false stream. Four categories:
    Masquerade:- One entity pretends to be a different entity. Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification:- Some portion of a legitimate message is altered. Denial of service:- Prevents the normal use of communication facilities.

    Security Services
    Confidentiality (privacy) Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources) Availability (permanence, non-erasure)
    Denial of Service Attacks

    Virus that deletes files


    7

    IPSec
    Provides two modes of protection
    Tunnel Mode Transport Mode

    Authentication and Integrity Confidentiality Replay Protection

    Tunnel Mode
    Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types
    Gateway to gateway Host to gateway Host to host

    Three Types of Tunnels

    Gateway to Gateway

    Host to Gateway

    Host to Host

    10

    Transport Mode
    Encapsulates only the transport layer information within IPSec protection Can only be created between host nodes

    11

    Authentication and Integrity


    Verification of the origin of data Assurance that data sent is the data received Assurance that the network headers have not changed since the data was sent

    12

    Confidentiality
    Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel

    13

    Replay Prevention
    Causes retransmitted packets to be dropped.

    14

    IPSec Protection Protocols


    Authentication Header
    Authenticates payload data Authenticates network header Gives anti-replay protection

    Encapsulated Security Payload


    Encrypts payload data Authenticates payload data Gives anti-replay protection

    15

    IPSec AH in Transport Mode

    Orig IP Hdr TCP Hdr Insert Orig IP Hdr AH Hdr

    Data

    TCP Hdr

    Data

    Integrity hash coverage (except for mutable fields in IP hdr)

    16

    IPSec AH in Tunnel Mode


    Orig IP Hdr TCP Hdr Data

    IP Hdr

    AH Hdr Orig IP Hdr TCP Hdr

    Data

    Integrity hash coverage (except for mutable new IP hdr fields)

    New IP header with source & destination IP address


    17

    IPSec ESP in Transport Mode

    Orig IP Hdr TCP Hdr Insert Orig IP Hdr ESP Hdr TCP Hdr Data

    Data Append ESP Trailer ESP Auth

    Usually encrypted integrity hash coverage

    18

    IPSec ESP Tunnel Mode


    Orig IP Hdr TCP Hdr Data

    IPHdr

    ESP Hdr IP Hdr

    TCP Hdr Data


    Usually encrypted

    ESP Trailer ESP Auth

    integrity hash coverage

    New IP header with source & destination IP address

    19

    IPSec Basic Architecture


    IPSec Driver Policy Agent Internet Key Exchange (IKE)
    Policy Agent

    IKE

    TCP/IP Driver

    IPSec Driver

    20

    IPSec Driver
    Monitors and Secures IP traffic
    Encryption and Authentication of outbound packets Decryption and Authentication of inbound packets Prompts IKE to negotiate secure channels as needed

    Maintains secure channel state information


    21

    Policy Agent
    Maintains IPSec policy and state information Distributes filter rule sets to the IPSec Driver Distributes authentication and security settings to IKE

    22

    IKE
    Negotiates secure channels based on settings received from the Policy Agent Distributes secure channel information to the IPSec driver

    23

    How It All Fits Together


    Tunnel

    Transport

    24

    Sending in Transport Mode


    Application Transport IP Physical IPSec

    Physical

    IP

    IPSec

    TCP

    Application Data

    25

    Sending in Tunnel Mode


    IPSec IP Physical IP Physical IPSec

    Physical

    IP

    IPSec

    TCP

    Application Data

    IP

    IPSec

    TCP

    Application Data

    Physical

    Outer IP

    IPSec

    Inner IP

    IPSec

    TCP

    Application Data

    26

    Receiving in Tunnel Mode


    IPSec IP Physical IP Physical IPSec

    Physical

    Outer IP

    IPSec

    Inner IP

    IPSec

    TCP

    Application Data

    IP

    IPSec

    TCP

    Application Data

    Physical

    IP

    IPSec

    TCP

    Application Data

    27

    Receiving in Transport Mode


    Application Transport IPSec IP Physical

    Physical

    IP

    IPSec

    TCP

    Application Data

    28

    You might also like