Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    H - Introduction To IPsec

    Uploaded by

    Khouloud Ch
    The document discusses IPsec (Internet Protocol Security), which provides security to Internet communications at the IP layer. It consists of two protocols: Authentication Header (AH) which provides integrity and authentication, and Encapsulating Security Payload (ESP) which provides confidentiality, integrity, and authentication. These protocols can operate in either transport or tunnel mode depending on the use case. IPsec is commonly used to implement Virtual Private Networks (VPNs).

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    H - Introduction To IPsec

    Uploaded by

    Khouloud Ch
    23 views65 pages
    The document discusses IPsec (Internet Protocol Security), which provides security to Internet communications at the IP layer. It consists of two protocols: Authentication Header (AH) which provides integrity and authentication, and Encapsulating Security Payload (ESP) which provides confidentiality, integrity, and authentication. These protocols can operate in either transport or tunnel mode depending on the use case. IPsec is commonly used to implement Virtual Private Networks (VPNs).

    Original Description:

    intro to ipsec

    Original Title

    H- Introduction to IPsec

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses IPsec (Internet Protocol Security), which provides security to Internet communications at the IP layer. It consists of two protocols: Authentication Header (AH) which provides integrity and authentication, and Encapsulating Security Payload (ESP) which provides confidentiality, integrity, and authentication. These protocols can operate in either transport or tunnel mode depending on the use case. IPsec is commonly used to implement Virtual Private Networks (VPNs).

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    23 views65 pages

    H - Introduction To IPsec

    Uploaded by

    Khouloud Ch
    The document discusses IPsec (Internet Protocol Security), which provides security to Internet communications at the IP layer. It consists of two protocols: Authentication Header (AH) which provides integrity and authentication, and Encapsulating Security Payload (ESP) which provides confidentiality, integrity, and authentication. These protocols can operate in either transport or tunnel mode depending on the use case. IPsec is commonly used to implement Virtual Private Networks (VPNs).

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 65

    SECURITY AND PRIVACY

    Introduction to Ipsec (IP Security)

    Dr Nesrine Kaaniche

    Academic year: 2021 - 2022

    1
    Lecture’s objectives

    • Definitions
    • IPSEC protocols
    • IPSEC Phases
    • IKE Exchanges

    Dr Nesrine Kaaniche 2
    What is IPsec?
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security to
    Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel

    Dr Nesrine Kaaniche 4
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel

    Dr Nesrine Kaaniche 5
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 6
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 7
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 8
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 9
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 10
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 11
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 12
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 13
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 14
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)

    Dr Nesrine Kaaniche 15
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)
    • Host-to-host security → IPsec Transport mode
    Public network

    IPsec tunnel mode

    Dr Nesrine Kaaniche 16
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)
    • Host-to-host security → IPsec Transport mode
    Public network
    IPsec transport mode
    IPsec tunnel mode

    Dr Nesrine Kaaniche 17
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)
    • Host-to-host security → IPsec Transport mode
    Public network

    IPsec transport mode


    IPsec tunnel mode

    Dr Nesrine Kaaniche 18
    What is IPsec?
    • « IPsec (Internet Protocol Security) is a suite of protocols that provides security
    to Internet communications at the IP layer. » (IETF)
    • Two modes per protocol: Transport and Tunnel
    • Virtual Private Network (VPN)
    • gateway-to-gateway → IPsec Tunnel mode
    • host-to-gateway → IPsec Tunnel mode or IPsec Transport mode (IPsec/L2TP)
    • Host-to-host security → IPsec Transport mode
    Public network
    IPsec transport mode
    IPsec tunnel mode

    Dr Nesrine Kaaniche 19
    Which Protocols?
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    Dr Nesrine Kaaniche 21
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    Dr Nesrine Kaaniche 22
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    Dr Nesrine Kaaniche 23
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    AH tunnel mode

    Dr Nesrine Kaaniche 24
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    AH tunnel mode

    • Format

    Dr Nesrine Kaaniche 25
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    AH tunnel mode

    • Format

    Dr Nesrine Kaaniche 26
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    AH tunnel mode

    • Format

    Dr Nesrine Kaaniche 27
    Which Protocols?
    • Authentication Header (AH)
    • integrity and data origin authentication, anti-replay features

    AH transport mode

    AH tunnel mode

    • Format

    Dr Nesrine Kaaniche 28
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality

    Dr Nesrine Kaaniche 29
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality

    Dr Nesrine Kaaniche 30
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    Dr Nesrine Kaaniche 31
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    Dr Nesrine Kaaniche 32
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    Dr Nesrine Kaaniche 33
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    ESP tunnel mode

    Dr Nesrine Kaaniche 34
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    ESP tunnel mode

    Dr Nesrine Kaaniche 35
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    ESP tunnel mode

    Dr Nesrine Kaaniche 36
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    ESP tunnel mode

    • Format

    Dr Nesrine Kaaniche 37
    Which Protocols?
    • Encapsulating Security Payload (ESP)
    • integrity, data origin authentication, anti-replay features and/or confidentiality
    ESP transport mode

    ESP tunnel mode

    • Format

    Dr Nesrine Kaaniche 38
    How does IPsec work?
    How does IPsec work?

    Dr Nesrine Kaaniche 40
    How does IPsec work?

    Dr Nesrine Kaaniche 41
    How does IPsec work?

    Dr Nesrine Kaaniche 42
    How does IPsec work?

    Dr Nesrine Kaaniche 43
    How does IPsec work?

    Dr Nesrine Kaaniche 44
    How does IPsec work?

    Dr Nesrine Kaaniche 45
    How does IPsec work?

    Dr Nesrine Kaaniche 46
    How does IPsec work?

    Dr Nesrine Kaaniche 47
    How does IPsec work?

    Dr Nesrine Kaaniche 48
    How does IPsec work?

    Dr Nesrine Kaaniche 49
    How does IPsec work?

    Dr Nesrine Kaaniche 50
    How does IPsec work?

    Dr Nesrine Kaaniche 51
    How does IPsec work?

    Dr Nesrine Kaaniche 52
    How does IPsec work?

    Dr Nesrine Kaaniche 53
    How does IPsec work?

    Dr Nesrine Kaaniche 54
    How does IPsec work?

    Dr Nesrine Kaaniche 55
    About Internet Key Exchange (IKE)
    About Internet Key Exchange (IKE)
    • A key negotiation and management protocol to:
    • provide a dynamically negotiated and updated keying material for IPsec
    • perform mutual authentication between two parties
    • use the format of ISAKMP (Internet Security Association and Key Management Protocol)

    • Two non-interoperable versions of IKE: IKEv1 and IKEv2

    Dr Nesrine Kaaniche 57
    IKE Exchanges
    IKE Exchanges
    • IKE establishes two SA levels:

    Dr Nesrine Kaaniche 59
    IKE Exchanges
    • IKE establishes two SA levels:
    • IKE Security Association to secure SAs for ESP
    and AH

    Dr Nesrine Kaaniche 60
    IKE Exchanges
    • IKE establishes two SA levels:
    • IKE Security Association to secure SAs for ESP
    and AH
    • IPsec Security Associations for ESP and/or AH

    Dr Nesrine Kaaniche 61
    IKE Exchanges
    • IKE establishes two SA levels:
    • IKE Security Association to secure SAs for ESP
    and AH
    • IPsec Security Associations for ESP and/or AH
    • IKEv2 starts with two exchanges:

    Dr Nesrine Kaaniche 62
    IKE Exchanges
    • IKE establishes two SA levels:
    • IKE Security Association to secure SAs for ESP
    and AH
    • IPsec Security Associations for ESP and/or AH
    • IKEv2 starts with two exchanges:
    • IKE_SA_INIT exchange
    • Negotiate cryptographic algorithms, exchange
    nonces, and do a Diffie-Hellman for IKE SA
    • IKE_AUTH exchange
    • Authenticate IKE_SA_INIT messages, exchange
    identities and certificates, and establish the first Child
    SA (IPsec SA).

    Dr Nesrine Kaaniche 63
    IKE Exchanges
    • IKE establishes two SA levels:
    • IKE Security Association to secure SAs for ESP
    and AH
    • IPsec Security Associations for ESP and/or AH
    • IKEv2 starts with two exchanges:
    • IKE_SA_INIT exchange
    • Negotiate cryptographic algorithms, exchange
    nonces, and do a Diffie-Hellman for IKE SA
    • IKE_AUTH exchange
    • Authenticate IKE_SA_INIT messages, exchange
    identities and certificates, and establish the first Child
    SA (IPsec SA).

    • IKEv2 uses the CREATE_CHILD_SA


    exchange to create new child SAs or rekey
    SAs
    Dr Nesrine Kaaniche 64
    Kahoot: Let us play!

    • Open Kahoot Quiz

    • Enter the code!

    Dr Nesrine Kaaniche 65

    You might also like