Escolar Documentos
Profissional Documentos
Cultura Documentos
LECTURE x
1. IPSecurity (IPSec) , VPN
Internet Security
2. SSL/TLS
3. PGP
4. Firewalls
5. HTTPS
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN,
and Firewalls
(Forouzan, Data Communications and Networking, 4th Edition)
1 2
Protect payload from transport layer Protect payload at the network layer
(suitable for end-to-end) (suitable for router-to-router)
Figure 32.4 Transport mode in action Figure 32.5 Tunnel mode in action
7 8
Figure 32.6 Authentication Header (AH) Protocol in transport mode
Authentication Header
• Payload length: length of AH in 4-byte unit
— Exclude the first 8 bytes
• Security parameter index: Virtual circuit identifier
• Use hash and — Same for all packets sent during session association
symmetric key • Sequence number prevents playback
— Of the total packet — Not repeated with retransmission
• IP’s protocol field = — Not wrap around, new connection must be created
51 (AH) • Authentication data is calculated over the entire packet
• Next header = — Except fields that change from hop to hop (TTL)
Original payload type — Calculated assuming digest = 0’s
(TCP, UDP, etc.)
The AH Protocol provides source authentication and
data integrity, but not privacy. 9 10
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode Table 32.1 IPSec services
4
2
5
6 3
1
Security Association
Database (SADB)
15 16
Figure 32.11 Hybrid network Figure 32.12 Virtual private network
• Packet
meeting
these rules
are blocked