Looking for a Tutor Near You?

Post Learning Requirement »
x
x

Direction

x

Ask a Question

x

Hire a Tutor

Presentation On Computer Networks

Loading...

Published in: Computer Science
95 Views

Advance Computer Networks

Muhammad F / Dubai

4 years of teaching experience

Qualification: Ms Computer Science

Teaches: Computer Science, Education, Matlab, English Language, Product Design

Contact this Tutor
  1. NTU INNOVATE Present by: M. Faizan Butt IP Security (18-NTU-4015) Present to: Sir Asif Habib Assistant Professor Department of Computer Sciences National Textile University 'P Sec protocols irnpleme tat O an n i r, d challenges
  2. Agenda Vlntroduction IP Security Architecture VHow IP Security works VChallenges of IPSec •Z Implementations IP Security V Conclusion IPSet protocols implementätion and challenges INTO)
  3. Introduction IP Security IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). It creates secure, authenticated, reliable communications over IP networks. IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. • IP Security system should provide three functional areas 1. Authentication • Assures that a received packet was transmitted by the party identified as the source in the packet header, and that the packet has not been altered in transit 2. Confidentiality • Enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. 3. Key management • Facility is concerned with the secure exchange of key IPSet protocols implementation and challenges (NT u)
  4. IPSec Architecture ESP Protocol Encryption Algorithm IPSec AH Protocol Authentication Algorithm DOI Key Management IPSet protocols implementation and challenges (NT u)
  5. Security Association The abstraction that binds AH and ESP together is the security association (SA). An SA is a simplex (one-way) connection with one or more of the available security properties. Securing a bidirectional communication between a pair of hosts—corresponding to a TCP connection, for example—requires two SAS, one in each direction. SAS are established, negotiated, modified, and deleted using ISAKMP. It defines packet formats for exchanging key generation and authentication Client SAc IPSet protocols implementation and challenges (NT u) data. Server SAs
  6. SA parameters Three parameters • Security parameter Index (SPI) • A unique number given to that particular SA • Ip destination address Where this message has to be send • Protocol identifier • Either in ESP or AH All the security association will be manned in a security association data base (SAD). IPSet protocols implementation and challenges (NT u)
  7. SAD • SPI • Sequence number counter Division of message based upon the bandwidth of network into packets • Sequence number over flow • Anti replay window Avoid receiving of duplicate number of packet AH information ESP Information • Life time of SA • IPSec protocol mode Transport mode Tunnel mode IPSet protocols implementation and challenges (NT u)
  8. Modes of IPSec Thera are two modes of IPSec 1. Transport mode 2. Tunnel mode Transport Mode Router Router Tunnel Mode IPSet protocols implementation and challenges (NT u)
  9. Modes of IPSec Original Transport mode Tunnel mode IP header IP header New IP header TCP header IPSec header IPSec header data TCP header IP header data TCP header data IPSet protocols implementation and challenges (NT u)
  10. Authentication Header Format Bit: 31 Next Header 8 Payload Length 16 RESERVED Security Parameters Index (SPI) Sequence Number Authentication Data (variable) IPSet protocols implementation and challenges (NT u)
  11. AH Frame Header • Packet format 32 bit • Next header is a next payload that use the specified IP protocol ID • Payload length is the length of actual data • Reserved for some future purpose • SPI • Sequence number • Authentication data here some authentication algorithms used IPSet protocols implementation and challenges (NT u)
  12. ESP Frame format SPI SeqNum PayloadData Padding (0—255 bytes) NextHdr IPSet protocols implementation and challenges (NT u)
  13. ESP(32bit) • SPI • Sequence number • Payload data simple data • Padding to assure the length of data (Adding duplicate bits) • Padding length (How many bitts are added) • Next header for further reference • Authentication data IP header ESP Header TCP header data ESP Trailer IPSet protocols implementation and challenges (NT u)
  14. Challenges of IPSec • Increased packet size reduces throughput and increases network utilization. • Traditional IPSec can not pass through NAT (Network Address Translation). VolP Quality loss Scheduling causes packet loss in real time applications Latency in VolP Denial Of Service (DOS) • Send too many acknowledge message. IPSet protocols implementation and challenges (NT u)
  15. IPSec implementation • Two types of IPSec Implementation 1. Host 2. Router IPSet protocols implementation and challenges (NT u)
  16. IPSec implementation (Cont...) • The implementation of IPsec on host has some advantages 1) Ensure end to end security 2) All modes of IPSec can be implemented on host 3) Provides security for every single packet flow between hosts and routers. 4) Maintain the Authentication for user. IPSet protocols implementation and challenges (NT u)
  17. IPSec implementation (Cont...) • There are two major classes for host implementation. 1. Operating System (OS) integration 2. Bump in stack Operating System (OS) IPSet protocols implementation and challenges (NT u)
  18. IPSec implementation (Cont...) • Integrating the IPSec with OS is beneficial in many ways. 1) Efficient implementation of IPSec with by tightly integration with network layer. 2) Ensure security at every flow of data packets. 3) Support for all IPSec modes (Transport and Tunnel). IPSet protocols implementation and challenges (NT u) 18
  19. IPSec implementation (Cont...) Bump in stack to overcome the limitations of OS integration, VPNs and intranets. • and implementing as shim (shred memory) support old API in new environment between datalink and network layer. This mechanism is known as bumps in the stack (BITS). IPSet protocols implementation and challenges (NT u)
  20. IPSec implementation (Cont...) • To ensure the packet delivery over the part of a network IPSec is implemented in routers. • IPSec provides security of data over internet. • Integrating the IPSec with router is beneficial in some ways. • Secure network to network communication • Enhancing the security using Authentication and authorization of user entering in a network. IPSet protocols implementation and challenges (NT u)