IPSecurityandKeyEstablishment.pptVIP

IP Security and Key Establishment;Plan for the Next Few Lectures;IP Security Issues;IPSec = AH + ESP + IPcomp + IKE;Transport mode secures packet payload and leaves IP header unchanged Typically, client-gateway (e.g., PC to remote host) Tunnel mode encapsulates both IP header and payload into IPSec packets Typically, gateway-gateway (e.g., router to firewall);Provides integrity and origin authentication Authenticates portions of the IP header Anti-replay service (to counter denial of service) No confidentiality ;New IP header;Key Management;Key Distribution in Kerberos;Public-Key Infrastructure (PKI);Properties of Key Exchange Protocols;Diffie-Hellman Key Exchange;Diffie-Hellman Key Exchange;IKE Genealogy; , signB(m1,m2) signA(m1,m2);(Simplified) Photuris;Preventing Denial of Service;Cookies in Photuris and ISAKMP;IKE Overview;Why Two-Phase Design?;IKEv1 Was a Mess;Instead of running 2nd phase, “piggyback” establishment of child-SA on initial exchange;IP address range, ports, protocol id;Other Aspects of IKE