ip layer security

7/31/2019 IP Layer Security

1/20

1

IP LAYER

SECURITY

Lecture #5


2/20

Learning Objectives2

Understand the ESP and AH

protocols


3/20

Understand IPSec and its

architecture

Understand IPSec protocol

processing

Understand the ESP and AH

protocols Understand the

ISAKMP protocol

Understand the IKE protocol

Understand VPN


4/20

Introduction3

The increased connectivity ofthe Internet has given


5/20

opportunity to intruders to carry

out a variety of attacks

A broad range of solutions to

achieve secure data

communication These Thesesolutions solutions operate

operate at at different different

layers layers of of protocol

protocol stack: stack:

Application-level security (ALS)

Transport-level security (TLS)


6/20

Network-level security


7/20

Introduction4

and socket layer

IP layer security or IPSec


8/20

Guarantees privacy and

integrity of IP data packets

irrespective of the security

features at the application

and socket layer Any

application will benefit from

the underlying IP security as

long as it uses IP to senddata


9/20

Introduction5

IPSec is the most

transparent solution because


10/20

it does not require modifying

the application

IPSecs existence is hidden

from the application We

discuss the security

mechanism provided at the

IP layer and its applications

here


11/20

Short Introduction to

the IP Suite6

guarantee of packet delivery


12/20

The IP has the task of

enabling communicationbetween systems

IP offers a connectionless

datagram service with no

guarantee of packet delivery

IP does not provide explicit

mechanisms to guaranteecorrect delivery


13/20


the IP Suite7

InternetApplication Protocol

TCP UDP

IP


14/20

Access Control

Application Protocol

TCP UDP

IP

Access Control

System B

Application Protocol

TCP UDP

IP

Access Control

System A

System C


15/20

Source: http://s000jiq.springnote.com/pages/4649045/attachments/2521669

8


the IP SuiteByte

Version

Protocol

Fragment Offset

Version of IP Protocol. 4 and 6 are valid. This diagram represents version 4 structure only

Header Length

Number of 32-bit words in TOP header, minimum value of 5 Multiply by 4 to get byte count.

Total Length


16/20

Total length of IP datagram, or IP fragment if fragmented. Measured in Bytes.

Fragment offset from start of IP datagram. Measured in 8 byte (2 words, 64 bits) increments. I1 IP datagram is

fragmented, fragment size (Tota\ Length) mus! be a multiple of 8 bytes.

x 0x80 reserved {evil bit)

D 0x40 Do Not Fragment

M 0x20 More Fragments

follow

Header Checksum

Checks-um 01 entire IP header

Please refer to RFC for ihe complete Internet Protocol (IF) Specification.

Copyright 2004 - Malt Baxter - [email protected]


17/20

Internet Threats9

The Internet opens up a

huge array of vulnerabilities


18/20

Without proper control and

measures, any transactionover the Internet is subjected

to the followings:

Packet sniffing

Loss of data integrity

Identity spoofing

Replay of old packets


19/20

10

IPSec

A method proposed to solve

the mentioned attacks


20/20

through the interaction with

the network layer

It can encrypt and

authenticate all traffic at the

IP level

ip layer security

Documents