CSC 774 -- Network Security - Dr. Peng Ning

More documents

Recommendations

Info

Key Management • Why do we need Internet key management – AH and ESP require encryption and authentication keys • Process to negotiate and establish IPsec SAs between two entities Computer Science Dr. Peng Ning CSC 774 Network Security 3 Security Principles • Basic security principle for session keys – Compromise of a session key • Doesn’t permit reuse of the compromised session key. • Doesn’t compromise future session keys and long-term keys. Computer Science Dr. Peng Ning CSC 774 Network Security 4
Security Principles (Cont’d) • Perfect forward secrecy (PFS) – Compromise of current keys (session key or longterm key) doesn’t compromise past session keys. – Concern for encryption keys but not for authentication keys. – Not really “perfect” in the same sense as perfect secrecy for one-time pad. Computer Science Dr. Peng Ning CSC 774 Network Security 5 Review of IPsec IPsec module 1 IPsec module 2 SPD SPD IKE IKE SAD IPsec SA IPsec SAD SPD: Security Policy Database; IKE: Internet Key Exchange; SA: Security Association; SAD: Security Association Database. Computer Science Dr. Peng Ning CSC 774 Network Security 6
Page 1: Computer Science CSC 774 -- Network
Page 5 and 6: Tunnel Mode Encrypted Tunnel Gatewa
Page 7 and 8: Automatic Key Management • Key di
Page 9 and 10: SKIP (Cont’d) • Limitations - N
Page 11 and 12: Resource Clogging Attack (Cont’d)
Page 13 and 14: Oakley Groups • 0 no group (place
Page 15 and 16: ISAKMP Message • Fixed format hea
Page 17 and 18: ISAKMP Domain Of Interpretation (DO
Page 19 and 20: ISAKKMP Payload Types • 8 H hash
Page 21 and 22: ISAKMP Exchanges (Cont’d) Authent

CSC 774 -- Network Security - Dr. Peng Ning

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?