Professional Documents
Culture Documents
Unit-5 - Network Security
Unit-5 - Network Security
Unit-5
Network Security
dipak.dabhi@utu.ac.in
• Un-trusted
• Unreliable IP networks
•
Because of this inherent lack of security, the Internet is subject
to various types of threats…
•
It helps keep data sent over public networks secure.
•
IPsec is often used to set up VPNs, and it works by encrypting IP
packets, along with authenticating the source where the packets
come from.
•
IPsec is used for protecting sensitive data, such as financial
transactions, medical records and corporate communications, as it's
transmitted across the network.
•
VPN connections take place over public networks, but the data
exchanged over the VPN is still private because it is encrypted.
Unit-5
8 Network Security CGPIT 8
Unit-5 Network Security CGPIT 9
IPSec Scenario
• Connectionless integrity
• Data Confidentiality
• To achieve this, after the AH or ESP fields are added to the IP packet,
the entire packet plus security fields is treated as the payload of new
outer IP packet with a new outer IP header.
• Tunnel mode is used when one or both ends of a security association
(SA) are a security gateway, such as a firewall or router that
implements IPsec
• With tunnel mode, a number of hosts on networks behind firewalls
may engage in secure communications without implementing IPsec.
• The unprotected packets generated by such hosts are tunnelled
through external networks
•
When a host needs to send an IPSec enabled packet, host needs
to find the corresponding entry in outbound SAD
•
When a host needs to receive an IPSec enabled packet, host
needs to find the corresponding entry in inbound SAD
•
Each entry is uniquely selected using following triple index
•
<SPI, DA, P>
• The IP Header is added after changing the value of the protocol field
to 51.
• The ESP header, payload and ESP trailer are used to create the
authentication data
• The authentication data are added to the end of the ESP
trailer
• The IP header is added after changing the protocol value to
50.
Unit-5 Network Security CGPIT 39
ESP in Transport Mode and Tunnel
Mode
• For the current version of TLS, the major version is 3 and the
minor version is 3.
TLS makes use of the HMAC algorithm SSLv3 uses the same algorithm, except that
defined in RFC 2104. the padding bytes are concatenated with
the secret key rather than being XORed
HMACK(M)= H[(K+ opad)|H[(K+ ipad)|M]] with the secret key padded to the block
length.
End of Unit-5