• Home

  • Documents

  • An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010
17
Securing the Unsecured An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010

Tags:

Embed Size (px)

Citation preview

Slide 1

Securing the UnsecuredAn Introduction to Encrypting Messages on the Internet

Mike KaderlyINFS 750Summer 20101Learning ObjectivesUnderstand why we need encryption.Identify and explain the three types of security assurance.Describe the purposes of the Internet Protocol Security (IPsec) and its related sub-protocols.Describe the difference between transport and tunnel IPsec modes.

2Why do we need encryption?The Internet is inherently insecure.The entire global network is based upon millions of hosts, switches, firewalls, routers, and the transport media used to connect these nodesall of which are owned, operated and used by a countless number of people/organizations.

3Why do we need encryption?Without relying on a recognized authority in charge of developing security specifications and standards, there would be no way to secure the information of such a wide-spread, public network.Furthermore, IP packets, as originally designed in the TCP/IP protocols, have no built-in security mechanism.

4Modern Security Standards DevelopmentInternet Engineering Task Force (IETF) develops TCP/IP and Internet protocol standardsComposed of volunteer professionals sponsored by both corporations and governmentsCreated in 1986Focus is on building consensus for specifications, backward compatibility and running code *

* http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force

5Types of Security AssurancesIntegrity assurance ensures information has not been altered during transport.Authentication assurance ensures information is coming from the true source.Confidentiality assurance ensures the information has not been read by others who were not intended to view the information.

6Internet Protocol Security (IPsec)IPsec is security protocol developed by the IETFIPsec defines how packets are made secure from node to nodeIt has been implemented on Windows, Apple, Linux, Unix and other platformsIt is application-independent.

7Internet Protocol Security (IPsec)Hybrid TCP/IP-OSI ArchitectureApplication Layer (Layer 5)TCP/IP Transport (Layer 4)TCP/IP Internet (Layer 3)Data Link (Layer 2)Physical Layer (Layer 1)IPsec Standards

8Internet Protocol Security (IPsec)IPsec is implemented using a number of sub-protocols with special responsibilities:Internet Key ExchangeSecurity AssociationAuthentication HeaderEncapsulating Security Payload

9Internet Key Exchange (IKE) The Internet Key Exchange (IKE) service is called upon to handle the key exchange between two nodes and allows for the initial handshake.IKE supports three types of authentication methods: pre-shared keys, public key encryption, and digital signatures (to be discussed later)

10Security Association (SA)Once an initial connection is created using IKE, the Security Policy Database on each node is used to determine the agreed upon rules for encrypting packets during the lifetime of the communication.These rules are collectively called Security Associations.* IPv6 Security by Scott CCIE No. 5133 Hogg; Eric Vyncke

11Authentication Header (AH)Through the use of algorithms, AH provides authentication and integrity assurances:Did the packet come from the true source it claims to be from?Have the packet contents been modified?It may be used separately or in combination with ESP.AH guards against replay attack an attacker takes a copy of a packet and later resends the packet to the intended destination node.

12Encapsulating Security Payload (ESP)ESP is used to provide authentication, integrity and confidentiality assurances by encrypting the payload of the packet.It can be used separately or in conjunction with AH services.

13Transport ModeTransport mode requires configuration and a digital certificate and is used between two hosts.Only the payload is encrypted/authenticated.Used for host to host communications.Expensive management on each host computer.

14Tunnel ModeTunnel mode implements IPsec between two IPsec-configured routers. The entire packet can be encrypted, authenticated and is encapsulated within a new packet and new IP header to make sure the original IP packet is unchanged.Tunnel mode is used to create Virtual Private Networks (VPN).

15Illustration of Tunneling and VPN

http://www.unixwiz.net/techtips/iguide-ipsec.html

Review QuestionsWhy is IPsec needed?What are the three types of security assurances?How does an encrypted IP packet differ from one without encryption?What layer of the TCP/IP-OSI model does IPsec fall under? What are the major differences between transport and tunnel IPsec modes?


Encrypting with entanglement matthias christandl

Encrypting with entanglement matthias christandl

Technology
INFS 6225 Object-Oriented Systems Analysis & Design

INFS 6225 Object-Oriented Systems Analysis & Design

Documents
INFS 212 Principles of Management - WordPress.com

INFS 212 Principles of Management - WordPress.com

Documents
Encrypting Sensitive Data in Oracle EBS - Integrigy Encrypting Sensitive Data... · Encrypting Sensitive Data in Oracle E-Business Suite ... Oracle Capture Service Contracts aso

Encrypting Sensitive Data in Oracle EBS - Integrigy Encrypting Sensitive Data... · Encrypting Sensitive Data in Oracle E-Business Suite ... Oracle Capture Service Contracts aso

Documents
SELF-ENCRYPTING STORAGE - etouches · PDF fileSELF-ENCRYPTING STORAGE. Michael Willett, Wave Systems. and WillettWorks Technology

SELF-ENCRYPTING STORAGE - etouches · PDF fileSELF-ENCRYPTING STORAGE. Michael Willett, Wave Systems. and WillettWorks Technology

Documents
Seagate Secure TCG SSC Self-Encrypting Drives Security TargetSeagate Secure® TCG Opal SSC Self-Encrypting Drive Series Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive Series

Seagate Secure TCG SSC Self-Encrypting Drives Security TargetSeagate Secure® TCG Opal SSC Self-Encrypting Drive Series Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive Series

Documents
Encrypting CA IDMS™ Data · Encrypting CA IDMS™ Data Mainframe and Multi-Platform Application Development MI280SN

Encrypting CA IDMS™ Data · Encrypting CA IDMS™ Data Mainframe and Multi-Platform Application Development MI280SN

Documents
© 2009 G. Hellberg 1 Encrypting File System MS Windows 2000 Encrypting File System

© 2009 G. Hellberg 1 Encrypting File System MS Windows 2000 Encrypting File System

Documents
Encrypting stored data

Encrypting stored data

Documents
INFS 766 Internet Security Protocols Lecture 5

INFS 766 Internet Security Protocols Lecture 5

Documents
© 2001/2002, O. Petry / G. Hellberg 1 Encrypting File System MS Windows 2000 Encrypting File System

© 2001/2002, O. Petry / G. Hellberg 1 Encrypting File System MS Windows 2000 Encrypting File System

Documents
INFS 214: Introduction to Computing - WordPress.com · INFS 214: Introduction to Computing ... application program is a computer program designed to ... –Be able to differentiate

INFS 214: Introduction to Computing - WordPress.com · INFS 214: Introduction to Computing ... application program is a computer program designed to ... –Be able to differentiate

Documents
INFS 6225 – Object-Oriented Systems Analysis & Design

INFS 6225 – Object-Oriented Systems Analysis & Design

Documents
Encrypting data with confidence, across the enterprise and ...docs.media.bitpipe.com/io_12x/io_121448/item_1093772/Encrypting data... · Encrypting data with confidence, across the

Encrypting data with confidence, across the enterprise and ...docs.media.bitpipe.com/io_12x/io_121448/item_1093772/Encrypting data... · Encrypting data with confidence, across the

Documents
INFS 6510 – Competitive Intelligence Systems

INFS 6510 – Competitive Intelligence Systems

Documents
Encrypting Data in Salesforce

Encrypting Data in Salesforce

Technology
Encrypting Data coded version

Encrypting Data coded version

Documents
USING ENCRYPTING FILE SYSTEM TO PROTECT FILES … · 4 TOPICS • Basics of Encrypting File System • "EFS" versus "BitLocker" • "Encrypting File System" Service • Using the

USING ENCRYPTING FILE SYSTEM TO PROTECT FILES … · 4 TOPICS • Basics of Encrypting File System • "EFS" versus "BitLocker" • "Encrypting File System" Service • Using the

Documents
INFS 724 Project and Change Management

INFS 724 Project and Change Management

Business
First INFS 6510 Meeting fall 2009

First INFS 6510 Meeting fall 2009

Documents
INFS 767 Fall 2003 RBAC-MAC-DAC

INFS 767 Fall 2003 RBAC-MAC-DAC

Documents
INFS 329: Database Management Systems - … · INFS 329: Database Management Systems ... Modern Database Management. Pearson Prentice Hall. (Chapter 2) ... EBENEZER ANKRAH Slide 8

INFS 329: Database Management Systems - … · INFS 329: Database Management Systems ... Modern Database Management. Pearson Prentice Hall. (Chapter 2) ... EBENEZER ANKRAH Slide 8

Documents
Steve Jones - Encrypting Data

Steve Jones - Encrypting Data

Technology
INFS 767 Fall 2003 Administrative RBAC ARBAC97

INFS 767 Fall 2003 Administrative RBAC ARBAC97

Documents
INFS 2150 Introduction to Web Development

INFS 2150 Introduction to Web Development

Documents
Information Systems Pathways Certificates... · certificate advanced computing job skills certificate certificates advanced degree (a.s.) infs infs polo total intro to information

Information Systems Pathways Certificates... · certificate advanced computing job skills certificate certificates advanced degree (a.s.) infs infs polo total intro to information

Documents
SELF-ENCRYPTING DRIVES - SNIA

SELF-ENCRYPTING DRIVES - SNIA

Documents
Encrypting Data - Steve Jones

Encrypting Data - Steve Jones

Technology
Encrypting emails using Kleopatra PGP

Encrypting emails using Kleopatra PGP

Documents
Encrypting data in salesforce sept2014-final

Encrypting data in salesforce sept2014-final

Technology