set323 - IP Security Cunsheng Ding HKUST Kong Kong China...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
IP Security Cunsheng Ding HKUST, Kong Kong, China
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building Blocks: IPSec Protocols - ESP and AH Building Block: Security Policy Database Building blocks: Key Management Protocols The Whole Picture of IPSec C. Ding - COMP4631 - L23
Background image of page 2
C. Ding - COMP4631 - L23 telnet,ftp,http, smtp,set TCP, UDP IP Network technology protocols Application Transport/session Internet Interface The Internet Layers smtp = simple mail transfer protocol
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
C. Ding - COMP4631 - L23 Where can we put security? SMTP FTP SSL/TLS HTTP IP TCP SMTP FTP TCP HTTP ESP AH IP Network approach Transport approach S/MIME S-HTTP IP TCP Application approach SMTP FTP HTTP IP TCP SET PGP Presentation approach Advantaqes and disadvantage of each?
Background image of page 4
C. Ding - COMP4631 - L23 Attacks Against IP n A number of attacks against IP are possible. n Typically, these exploit the fact that IP does not perform a robust mechanism for sender authentication . n IP Spoofing n This is where one host claims to have the IP address of another. n IP Session Hijacking n It is an attack whereby a user's session is taken over, being in the control of the attacker. n If the user was in the middle of email, the attacker is looking at the email, and then can execute any commands he wishes as the attacked user. Conclusion: Security mechanism at the network layer would help.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
C. Ding - COMP4631 - L23 Brief Introduction to IPSec
Background image of page 6
Internet Engineering Task Force Standardization ±²²³´ IPSEC WG (IETF) Define security architecture Standardize IP Security Protocol and Internet Key Management Protocol 1998: revised version of IPSec Architecture IPsec protocols (two sub-protocols AH & ESP) Internet Key Exchange (IKE) 2005: Updated version (RFC4301-4306) C. Ding - COMP4631 - L23
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IPsec: Network Approach Provides security for IP and upper layer protocols Suit of algorithms: Mandatory-to-implement Assures interoperability Easy to add new algorithms C. Ding - COMP4631 - L23
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/21/2011 for the course COMP 4631 taught by Professor Ding during the Fall '11 term at HKUST.

Page1 / 34

set323 - IP Security Cunsheng Ding HKUST Kong Kong China...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online