Cse443-lecture-17-ne - Lecture 17 Network Security CMPSC 443 Spring 2012 Introduction Computer and Network Security Professor Jaeger

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Idea • Why don ʼ t we just integrate some of these neat crypto tricks directly into the IP protocol stack? • This is called transport security 2
Background image of page 2
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page IPsec • IP layer security protocol – Integrated directly into protocol stack – Defned as an extension to the network layer – Transparent to the above layers and application • Provides – confdentiality – integrity – authenticity – replay protection – DOS protection 3 IPsec SA Ethernet IP TCP HTTP Physical Ethernet IP TCP HTTP Physical
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Tunnel vs. Transport Mode • Transport mode – default mode of IPsec -- protects transport layer packet – end-to-end encapsulation of data – useful when both endpoints are conFgured to use/manage IPsec • Tunnel mode – encapsulates all of the IP data over a new IP level packet – useful when the device applying IPsec to the packet is not the originating host, e.g., at a gateway – Also known as, “ ip over ip • IPsec provides the mechanism, you provide the policy 4
Background image of page 4
Page IPsec Processing 5 ESP Start IKE Phase 1: Negotiate Session ISAKMP Keys IKE Phase 2: Negotiate SA Keys Process Using AH Encoding and Policy Process Using ESP Encoding and Policy ISAKMP Keys Exist? SA Keys Exist?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/11/2012 for the course CSE 443 taught by Professor Trentjaeger during the Spring '11 term at Pennsylvania State University, University Park.

Page1 / 20

Cse443-lecture-17-ne - Lecture 17 Network Security CMPSC 443 Spring 2012 Introduction Computer and Network Security Professor Jaeger

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online