Routing - E-Commerce - Lecture Slides, Slides of Fundamentals of E-Commerce

E-Commerce is taking over the traditional commerce practices. It is of special concern for the IT students. Following are the key points of these Lecture Slides : Routing, Mechanisms, Application Specific Security, Mechanisms, Security, Network Layer, Traffic Secure, Secure Communication, Branch Office, Remote Access

Typology: Slides

2012/2013

Uploaded on 07/30/2013

shoki_sho
shoki_sho 🇮🇳

4.9

(7)

121 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
E-commerce Security
Mechanisms - IPSec
COMP344
e-Commerce Technology
COMP344
2
IP Security
Application specific security
mechanisms exist (eg., SSL, Kerberos,
PGP)
sometimes want security at a lower
network layer
want to be sure all traffic secure
can put security at the level of IP
COMP344
3
IP Security
provides security even for applications
with no security awareness
three functional areas:
authentication
confidentiality
key management
COMP344
4
History
development begun in 1994
designed to be usable with IPv4 and
IPv6
COMP344
Docsity.com
pf3
pf4
pf5
pf8

Partial preview of the text

Download Routing - E-Commerce - Lecture Slides and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

1

E-commerce SecurityMechanisms - IPSec COMP344e-Commerce Technology

COMP

IP Security

Application specific securitymechanisms exist (eg., SSL, Kerberos,PGP) sometimes want security at a lowernetwork layer want to be sure all traffic secure can put security at the level of IP COMP 3

IP Security

provides security even for applicationswith no security awareness three functional areas:^  authentication  confidentiality  key management COMP

History

development begun in 1994 designed to be usable with IPv4 andIPv COMP Docsity.com

5

Applications

secure communication across LANsand WANs, including the Internet examples^  secure branch office connectivity  secure remote access  secure communication with otherorganisations  enhanced e-commerce security COMP

Example

IP Header IPSecHeader Secure IPPayload Public (Internet) or privatenetwork User systemwith IPSec Networking Device with IPSec IPHeader IPSecHeader Secure IPPayload IP Header IP Payload COMP 7

IPSec Benefits

when implemented in firewall or router trafficacross perimeter receives strong security withno overhead for traffic within perimeter IPSec in firewall resistant to bypass(assuming properly implemented firewall) IPSec below transport layer so transparent toapplications & users can provide security for off-site users COMP

Routing

IPSec can contribute to routingarchitecture for Internetworking IPSec can assure^  routing and neighbour advertisementscome from authorised routers  redirect message comes from the router towhich initial message was sent  routing updates are not forged COMP Docsity.com

13

Security Parameters Index(SPI)

bit string assigned to SA, localsignificance only SPI carried in AH and ESP headers allows receiver to select the SA underwhich packet processed COMP

IP Destination Address

endpoint of SA may be end user system or networksystem (router or firewall) COMP 15

SA Parameters

IPSec implementation includes databasewhich defines parameters for each SA normal parameters^  sequence number counter ^ sequence counter overflow ^ anti-replay window ^ AH information (algorithm and keys) ^ ESP information (algorithm and keys) ^ Lifetime of SA ^ IPSEC protocol mode ^ Path MTU (maximum transmission unit) COMP

SA Selectors

IPSec very flexible user can select which traffic gets IPSecprotection SAs can be combined in a very finegrained manner COMP Docsity.com

17

Modes

AH and ESP both support two modes^  transport  tunnel COMP

Transport Mode^ COMP

IP Header Encrypted DataBody

Tunnel Mode^ COMP

19 IP Header Encrypted IP Header Encrypted DataBody

Transport Mode

Primarily for protection of upper-layerprotocols ie, payload of IP packet (TCP, UDPsegments or ICMP packet) used for end-to-end communicationbetween two hosts COMP Docsity.com

25

Combining SecurityAssociations

A single SA can use AH or ESP but not both if need both then need more than one SA may need a number of SAs - for^  AH and ESP ^ two way communication ^ between hosts and firewalls ^ etc COMP

Security Association Bundle

Sequence of SAs traffic passes through them to providedesired security services SAs in bundle may terminate at thesame or different endpoints SAs may may be bundled by^  transport adjacency  iterated tunneling COMP 27

Transport Adjacency

More than one security protocol isapplied to a packet, without tunneling AH and ESP are combined processing takes place at a singledestination COMP

Transport Adjacency

ESP is applied to the IP payload,without authentication AH is then applied to resulting IP packet authentication covers more fields, suchas IP source and destination, then arecovered by ESP with authentication COMP Docsity.com

29

Iterated Tunnelling

may wish to do authentication beforeencryption makes altering authentication informationharder and makes it easier to storeauthentication data with original message for example,apply authentication to IP headerand payload then apply ESP to entire packet, givingtunnelling COMP

IPSEC

See text for more information on^  iterated tunneling  AH  ESP  IPSec key management COMP Docsity.com