13 - Lecture #13 SS G513 Network Security Key Management...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture #13 SS G513 Network Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Key Management IPSec requires the determination and distribution of secret keys. Two types of management: Manual and automated. Manual: System administrator manually configures the system with its keys and keys of other communicating systems.
Background image of page 2
Key Management. .. -Automated Default automated key management protocol is referred to as ISAKMP/Oakley. -Consists of: Oakley Key Determination Protocol Internet Security Association and Key Management Protocol (ISAKMP)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Oakley A key exchange protocol based on D-H and provides added security. Uses cookies to thwart clogging attacks. Enables two parties to negotiate a group. (specifies the global parameters of D-H key exchange.) Uses nonces to foil replay attacks. Authenticates the D-H exchange. (To twart man- in-the-middle attack.)
Background image of page 4
Oakley Three authentication methods can be used: 1. Digital signatures -Authenticated by signing a hash by the private key. -Hash is generated over importat parameters (IDs and nonces). 2. Public-key encryption -Authenticated by encrypting with sender’s private key.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Oakley 3. Symmetric-key encryption -Symmetric encryption is used to authenticate the communication. -Secret key is derived using some out-of-band mechanism.
Background image of page 6
ISAKMP Provides framework and protocols for: >Internet key management. >Negotiation of security attributes. >Establish, modify, and delete SAs. (Defines message types, procedures, and packet formats.)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ISAKMP Header Format ISAKMP message consists of ISAKMP header followed by one or more payloads. > See next slide for formats. -Payload header: All ISAKMP payloads begin with a payload header.
Background image of page 8
ISAKMP
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ISAKMP Payload Types Proposal payload Transform payload Key exchange payload Identification payload Certificate payload Hash payload Signature payload Nonce payload Notification payload
Background image of page 10
IPSec (How does it work?) Consists of two parts: Part 1: Does Authentication and Key Management. Consists of two phases: Phase 1: Authentication and key agreement. Phase 2: Setting up bulk encryption parameters. Part 2: Provides Bulk data encryption, confidentiality, and message integrity. > Two parties exchange encrypted and authenticated messages
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IPSec (How does it work?) Part 1: (Authentication and Key Management) Phase 1: (Negotiate cryptographic parameters and secret keys). o Mainly consists of plain text messages.
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/14/2010 for the course CSE SS ZG513 taught by Professor Sundarb during the Summer '10 term at Birla Institute of Technology & Science.

Page1 / 42

13 - Lecture #13 SS G513 Network Security Key Management...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online