Internet Protocol Security - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Internet Protocol Security

Description:

Defines manner in which the network layers of two hosts interact ... Can be used alone or in ... Keeps original IP header intact and creates a new one. ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 18
Provided by: alexande149
Category:

less

Transcript and Presenter's Notes

Title: Internet Protocol Security


1
Internet Protocol Security IP version 6
  • Erich Chen
  • Alexander Stewart

2
Internet Protocol
  • Defines manner in which the network layers of two
    hosts interact
  • IP address uniquely identifies each computer
  • Messages get divided
  • Each packet sent individually through network

3
Packet Contents
4
Data Transfer
  • IP is a connectionless protocol
  • Packets sent through different routes to
    destination
  • A best-effort packet delivery service
  • TCP Transmission Control Protocol ensures
    delivery

5
Internet Layers
6
IPv6
  • Expanded addressing
  • Header format simplification
  • Improved support for extensions and options
  • Flow labeling capabilities
  • Authentication and privacy capabilities

7
Expanded Addressing Capabilities
  • Increases the IP address size from 32 bits to 128
    bits
  • Scope field to multicast addresses
  • Added Anycast address

8
Other Features
  • Header Format Simplification
  • IPv4 header fields have been dropped or made
    optional
  • Improved support for extensions and options
  • Change in the way header options are encoded

9
Other Features
  • Flow labeling capabilities
  • For particular traffic flows for which the
    sender requests special handling
  • Authentication Privacy Capabilities
  • Added extensions

10
IP Security (IPsec)
  • Can be used for both encryption and
    authentication.
  • Compatible with both IPv4 and IPv6
  • Two forms of IPsec
  • Encapsulating Security Payload (ESP)
  • Authentication Header (AH)

11
Security Association
  • Cryptographically protected connection
  • Required for both ESP and AH.
  • Security Association includes data such as
  • Cryptographic key
  • Identity of the other end of the connection
  • Type of security being used
  • Many Security Associations stored in a database
    on local computer.

12
Encapsulating Security Payload
  • Most common and useful form of IPsec
  • Encryption
  • Integrity
  • Encryption Integrity
  • Encryption algorithm can be any algorithm.

13
Authentication Header
  • Only provides Integrity checking.
  • Can be used alone or in combination with ESP.
  • Differs from ESP Integrity checking in that AH
    checks some of the fields of the IP header.

14
Transfer Modes
  • Transport mode
  • Simple.
  • Usually used to connect two end points together.
  • Tunnel mode
  • More complicated.
  • Keeps original IP header intact and creates a new
    one.
  • Used primarily between gateways or firewalls.

15
Network Address Translation
  • Necessary to prolong IPv4
  • Breaks several forms of IPsec
  • AH will not work with NAT at all.
  • In tunnel mode, ESP can verify both original IP
    header and data.
  • In transport mode, ESP can work if checksums are
    disabled.
  • Internet Key Exchange, used to setup Security
    Association, often relies on packets source IP
    address.

16
IPv6 IPsec
  • Often seen as linked.
  • Many of the same people worked on both.
  • IPsec has trouble with IPv4 because of NAT.
  • IPv6 is written as requiring IPsec.

17
Conclusion
  • IPsec improves the safety of the Internet as a
    whole
  • Applications can focus on more advanced forms of
    security
  • IPsec will be more useful when IPv6 takes over
Write a Comment
User Comments (0)
About PowerShow.com