This preview shows page 1. Sign up to view the full content.
Unformatted text preview: hases: phase 1 Initiate Connection phase 2 Certificate/Key Exchange phase 3 Client Verifies Certificate, Parameters phase 4 Complete Secure Connection Setup SSL Handshake Protocol SSL Handshake Protocol Parameters Parameters version random session ID ciphersuite compression method IPv4 and IPv6 Security IPv4 IP Security extensions (IPSec) for IPv4/v6 developed in response to observed weaknesses to stop unauthorized traffic monitoring, secure to user traffic with authentication & encryption user example uses: secure branch office connectivity over Internet secure remote access over Internet extranet and intranet connectivity enhanced electronic commerce security can encrypt / authenticate all traffic at IP level IPSec Facilities IPSec Authentication Header (AH) authentication only service combined authentication & encryption service generally used for virtual private networks both manual and automated Encapsulated Security Payload (ESP) key exchange in RFC’s 2401,2402,2406,2408 (1998) Security Association (SA) Security one-way sender-receiver relationship for two-way, need two security associations three SA identification parameters security parameter index (in AH/ESP header) IP destination address (unicast only) security protocol identifier (AH or ESP) SA uniquely identified by dest address in SA IPv4/6 header and SPI in AH/ESP header IPv4/6 SA Parameters SA sequence number counter sequence counter overflow anti-reply windows AH information ESP information lifetime of this association IPSec protocol mode path MTU Authentication Header Authentication Encapsulating Security Payload Payload WiFi Protected Access WiFi WiFi Protected Access (WPA) extensions WiFi to address 802.11 security issues to based on current 802.11i standard addresses authentication, key management, addresses data transfer privacy data uses authentication server and a more uses robust protocol robust encryption with AES or 104-bit RC4 WiFi Protected Access WiFi 802.11i Access Control 802.11i 802.11i Privacy & Integrity 802.11i have Temporal Key Integrity Protocol have (TKIP) or WPA-1 (TKIP) s/w only changes to existing equipment using same RC4 algorithm as older WEP and Counter Mode CBC MAC (CCMP) or and WPA-2 using AES encryption WPA-2 both add message integrity code (MIC) generated using Michael algorithm Summary Summary security requirements and attacks confidentiality using symmetric encryption message authentication & hash functions public-key encryption & digital signatures secure socket layer (SSL) IPSec WiFi Protected Access...
View Full Document
This note was uploaded on 04/06/2011 for the course EE 5363 taught by Professor Kang during the Spring '09 term at NYU Poly.
- Spring '09