New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here


by: Amira Cormier

ComputerNetworks CS4590

Amira Cormier

GPA 3.55


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in ComputerScienence

This 0 page Class Notes was uploaded by Amira Cormier on Monday November 2, 2015. The Class Notes belongs to CS4590 at California State University - East Bay taught by Ching-ChengLee in Fall. Since its upload, it has received 19 views. For similar materials see /class/234372/cs4590-california-state-university-east-bay in ComputerScienence at California State University - East Bay.

Similar to CS4590 at

Popular in ComputerScienence


Reviews for ComputerNetworks


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/02/15
Advanced Computer Networks 32004 IPSec IP Security Florian Limberger Outline Introduction Internet Key Exchange IPSec Protocols and Modes Management Control motivation Where to put security application security really secure endtoencl applications must be modi ied sshsftphttps network lPlayer security IPSec general security applications remain unchanged applications must rely on lower security IPSec overview designed by IETF RFCs 2401 2402 2406 2408 2409 rather framework then single protocol high granularity different modes for each flow Different Security Services optional for IPv4 mandatory for IPv6 security services Access Control Integrity Authentication AntiReplay service Confidentiality main parts 1st part connection setup peer authentication negotiation of cryptographic parameters agreement on shared secret keys Internet Key Exchange Security Association 2nd part bulk data transfer application of security services AH Authentication Header Encapsulating Security Payload SA security association kind of connection uniquely identified by 3 parameters Security Parameters Index SPI local significance only identifies SA lP Destination Address address of destination endpoint of the SA Security Protocol Identifier AH or ESP SA parameters Lifetime of this SA AHESP Information authenticationencryption algorithm keys liftetime IPSec Protocol Mode tunnel transport antireplay window sequence number counter IKE internet key exchange connection setup peer authentication key exchange SA creation and negotiation ondemand creation of keys udp port 500 ISAKMP Internet Security Association and Key Management Protocol uses DiffieHellman key exchange algorithm IKE Phascl plaintext messages peer authentication through preshared keys PSK RSA keys X509 certificates creation of ISAKMP SA IKE PhaseZ encrypted messages with key from Phase1 second set of shared secret keys Phase1SA is used to setup lPSec SAs usually at leasttwo unidirectional lPSec SAs Phase2 repeated to change keys Phase1SA remains Data Encryption and Authentication 2 Attributes Protocol controls whether the data packet is protected by confidentiality or message authentication or both Mode controls in what way and how much of the data packet is protected AH Authentication header IP protocol 51 24 bytes provides data integrity and authentication integrity undetected modification not possible authentication authenticate sender spoofing attacks not possible src and dst fields are protected Next header Pnyloud length RESERVED Authentication dam varinble Integrity Check Value ICV contained within authentication data field hashed message authentication code HMAC hash over secret key payload immutable parts of the IP header using first 96bits HMACMD596 HMACSHA196 antireplay service use of sequence number retransmission of packet gt different number receiver has antireplay window duplicated packets are discarded if exhausted 2quot32 gt create new SA ESP Encapsulating Security Payload IP protocol 50 provides message contents confidentiality limited traffic flow confidentiality optional authentication services ESP E Iaylpau dam variable Aulhen ca nn ruvemge p Paddin to 7 4 quotmum mm cumugu Authentication dam variable encryption symmetric cipher performance 3DESRC5DEACASTBIOWfish padding necessary for block ciphers usefull for partial traffic flow confidentiality IPSec protocol modes Transport mode protection for upperlayer protocols endtoend between two hosts encryption of payload only authenticaton of payload header only AH Tunnel mode protection of entire IP packet old packet is packed into new one tunnel security gateway ltgt security gateway security gateway ltgt host used for Virtual Private Networks IPSec modes 0m nr Vlurl F lmurluoSh 1 Securm 1 Surnr 1 c n x kumr EMF Wquot lgul Hum 1a Case N Case 39munal SA n m s 39luumIS quot quot quot 0 1 9mm 1 Srcllrih Igmuuny 1mm AH modes tra nspo rt Authenticated excepl for mulzlbe new urig IP IP J rur gt urigLP huph hopdest Pm m munng39lvmgmm AH desl TCP Dnlu Aulhm ed ucnpl l ur nluluhle ld lllene lPh der NewIP n P IPVJ Authenliwled epl fur mmnblc elds in rm 1 header nnd La Lxlcnsioll Illadch ESP modes d AulhcmicalcE b tra nsport urma Aulllvnliuuwd p lt 1 nurypnd gt IiSI lrr hl ulllll vah orign huphyhnpuhsl SI M 1 Um lulr rnulinngngumu lnlr Amhmlitnlvd V L urryplud p V N WIP ESP nring 7 151 ESP quot4 hdr Ink hdr T m trynun d Aulllenlimmd b ltEncryplcd gt l mnl W11 AH VS ESP originally AH only integrity ESP only confidentiality AH not possible with NAT AH prevents spoofing ESP HMAC after trailer gt faster Management Control IPSec protection based on policy choices defined in the SPD established and maintained by a user Security Policy Database SPD defines subset of IP traffic ipaddress srcdst ports transport layer protocol etc points to SA inbound traf c lPSec quotlayerquot receives a packet from the network Headers of the packet are analysed If IPSEC was used to transmit Determine SA details over SPI Consult the SA Database to validatedecipher the packet Once validateddeciphered the appropriate action for the packet is determined and it is fonNarded according to the rules in the SPD outbound traf c lPSec quotlayerquot receives data to be sent It consults SPD to determine what should be done If IPSEC is to be used IPSEC engine recovers the SA and checks the SAD If no entry exists one will be created IKE etc Rules for the flow are considered If not the packet is processed normally References Computer Networks Larry Peterson amp Bruce 8 Davie Cryptography and Network Security William Stallings


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Anthony Lee UC Santa Barbara

"I bought an awesome study guide, which helped me get an A in my Math 34B class this quarter!"

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.