{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

cse443-lecture-17-networksecurity

cse443-lecture-17-networksecurity - Lecture 17 Network...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Idea Why don ʼ t we just integrate some of these neat crypto tricks directly into the IP protocol stack? This is called transport security 2
Background image of page 2
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page IPsec IP layer security protocol – Integrated directly into protocol stack – Defined as an extension to the network layer – Transparent to the above layers and application • Provides – confidentiality – integrity – authenticity – replay protection – DOS protection 3 IPsec SA Ethernet IP TCP HTTP Physical Ethernet IP TCP HTTP Physical
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Tunnel vs. Transport Mode Transport mode – default mode of IPsec -- protects transport layer packet – end-to-end encapsulation of data – useful when both endpoints are configured to use/manage IPsec Tunnel mode – encapsulates all of the IP data over a new IP level packet – useful when the device applying IPsec to the packet is not the originating host, e.g., at a gateway – Also known as, “ ip over ip IPsec provides the mechanism, you provide the policy 4
Background image of page 4
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page IPsec Processing 5 ESP Start IKE Phase 1: Negotiate Session ISAKMP Keys IKE Phase 2: Negotiate SA Keys Process Using AH Encoding and Policy Process Using ESP Encoding and Policy ISAKMP Keys Exist?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}