internet security cs457 seminar zhao cheng. security attacks interruption, interception,...
TRANSCRIPT
Security attacks
• interruption, interception, modification, fabrication
• passive attack, active attack
IPSec services
SA(Security Association): one way relationship, identified by
• SPI(Security Parameter Index).
• IP Destination Address.
• Security Protocol Identifier:
AH(authentication Header)
ESP(Encapsulation Security Payload)
Two modes
• Transport mode: protection for upper layer protocol.
• Tunnel mode: protection to entire IP packet.
Key management
• Manual: configured by system administrator with its own keys and keys of other systems.
• Automated: on demand creation of keys for SAs, ISAKMP(Internet Security Association and Key Management Protocol) by default.
Benefit of IPSec
• Strong and easy security for group behind firewall.
• Transparent to applications.
• Transparent to end users.
• Security for individual users can be provided.
TLS(transport layer security)
• Object: reliable end to end security over TCP.
• Construction: two layers of protocols.
SSL Handshake Protocol
Phases:
1. Establish Security Capabilities.
2. Server Authentication and Key Exchange.
3. Client Authentication and Key Exchange.
4. Finish.
Services of TSL
1. Integrity: by cryptographic checksums.
2. Confidentiality: by encryption on SSL payloads.
3. Authentication: by handshake protocol.