Cryptography and Network... Next Header | Payload Length RESERVED Security Parameters Index SPI Sequence Number Authentication Data variable... Transport & Tunnel Modes End-to-end auth
Trang 1Cryptography and Network
Trang 4° applicable to use over LANs, across public
& private WANS, & for the Internet
Trang 5Networking dev ice
with IPSec
Trang 6
packet was sent
° insure no forging o
Trang 7* many others, grouped by category
¢ mandatory in IPv6, optional in IPv4
Trang 9
e have a database o
Trang 10° parties must share ase
Trang 11Next Header | Payload Length RESERVED
Security Parameters Index (SPI)
Sequence Number
Authentication Data (variable)
Trang 13Transport & Tunnel Modes
End-to-end authentication
End-to-end
Network
End-to-intermediate authentication
Trang 15Encapsulating Security Payload
Security Parameters Index (SPI)
Trang 16Combining Security Associations
¢ SA’s can implement either AH or ESP
° to implement both need to combine SA’s
° form a security bundle
° have 4 cases (see next)
Trang 17Combining Security Associations
One or More SAs Tunnel SA
b.ESP in transport mode
c AH followed by ESP in transport mode(ESP SA inside an AH SA
d any one a, b, c inside an AH or ESP.in tunnel mode
Trang 18
SAˆs1n laree
° has Oakley &
Trang 19
*® can use arith
curve fields
Trang 21Initiator Cookie
Responder Cookie Next Payload NijVer Exchange Type
Miessage ID
(a) ISAKMP Header
16
(b) Generic Payload Header