This master thesis deals with Internet security in general and IPsec in particular. Traffic and transactions over the Internet are risky, and credit card numbers are easily stolen and abused. IPsec has been developed to ensure security and integrity and we discuss how IPsec works and where in the computer network it resides. In order to come up with any conclusions and results, we did a literature research of the Internet Engineering Task Force’s (IETF) Request For Comments (RFC) documents on the Internet. The few books available are also built upon the RFCs. The study found that IPsec will provide security for all kinds of computer traffic without, or with little, human interaction. IPsec can replace current application security techniques like PGP etc. Since IPsec is built in a modular way it is future proof and it is easy to add new cryptographic methods when such are developed and proven more secure.
Contents
1 INTRODUCTION
1.1 BACKGROUND
1.2 PURPOSE
1.3 RESTRICTIONS
1.4 TARGET GROUP
1.5 DISPOSITION
2 METHOD
2.1 IETF
2.2 DESCRIPTION OF A WORKING GROUP
2.3 REQUEST FOR COMMENTS AND INTERNET DRAFTS
3 INTERNET BACKGROUND
3.1 TIME WINDOW FOR INTERNET 1966-2000
4 OVERVIEW OF OSI AND TCP/IP
4.1 THE OSI REFERENCE MODEL
4.1.1 Application Layer
4.1.2 Presentation Layer
4.1.3 Session Layer
4.1.4 Transport Layer
4.1.5 Network Layer
4.1.6 Data Link Layer
4.1.7 Physical Layer
4.2 TCP/IP STRUCTURE
4.2.1 Application Layer
4.2.2 Transport Layer
4.2.3 Network Layer
4.2.3.1 Internet Protocol
4.2.3.2 The Datagram
4.2.4 Link Layer
5 NETWORK SECURITY
5.1 SECURITY IN GENERAL
5.2 SECURITY THREATS IN THE NETWORK ENVIRONMENT
5.2.1 Fundamental Threats
5.2.2 Primary Enabling Threats Network Security?
5.2.2.1 Masquerade
5.2.2.2 Bypassing Controls
5.2.2.3 Authorization Violation
5.2.2.4 Physical Intrusion
5.2.2.5 Trojan Horse
5.2.2.6 Trapdoor
5.2.2.7 Service Spoofing
5.2.3 Underlying Threats
5.3 IP SECURITY THREATS
5.3.1 Spoofing
5.3.2 Sniffing
5.3.3 Session Hijacking
5.3.4 The Man-in-the-middle
5.4 SECURITY SERVICES
5.5 APPLICATION SPECIFIC SECURITY
5.6 IP SECURITY – AT WHICH LAYER?
5.6.1 Application Layer
5.6.2 Transport Layer
5.6.3 Network Layer
5.6.4 Data Link Layer
6 ENCRYPTION
6.1 DIFFERENT TYPES OF CRYPTOSYSTEMS
6.1.1 Security Through Obscurity
6.1.2 Symmetric Algorithms
6.1.2.1 Data Encryption Standard
6.1.2.2 Triple DES
6.1.3 Asymmetric Algorithms
6.1.3.1 Encryption
6.1.3.2 Digital Signatures
6.1.3.3 RSA
6.1.3.4 Diffie-Hellman
6.1.4 Cryptographic Hash Functions
6.1.4.1 Message Digest Algorithm 5
6.1.4.2 Secure Hash Algorithm
6.2 SYMMETRIC VERSUS ASYMMETRIC CRYPTOGRAPHY
7 IP SECURITY
7.1 IPSEC IMPLEMENTATION
7.1.1 Host Implementation
7.1.1.1 OS Integrated
7.1.2 Bump in the Stack
7.1.3 Router ImplementationNetwork Security?
7.2 IPSEC MODES
7.2.1 Transport Mode
7.2.2 Tunnel Mode
7.3 SECURITY ASSOCIATIONS
7.3.1 Security Parameter Index
7.3.2 IP Destination Address
7.3.3 Security Protocol
7.3.3.1 Security Policy Database
7.3.3.2 Security Association Database
7.3.4 SA Management
7.3.4.1 Creation
7.3.4.2 Deletion
7.3.5 Parameters
7.3.6 Security Policy
7.4 IPSEC PROCESSING
7.4.1 Outbound
7.4.2 Inbound
7.4.3 Fragmentation
7.5 ENCAPSULATING SECURITY PAYLOAD
7.5.1 The ESP Header
7.5.2 ESP Modes
7.5.3 ESP Processing
7.5.3.1 Outbound Processing
7.5.3.2 Inbound Processing
7.6 AUTHENTICATION HEADER
7.6.1 The AH Header
7.6.2 AH Modes
7.6.2.1 Transport Mode
7.6.2.2 Tunnel Mode
7.6.3 AH Processing
7.6.3.1 Outbound Processing
7.6.3.2 Inbound Processing
7.7 THE IPSEC DOI
8 KEY MANAGEMENT AND KEY EXCHANGE
8.1 KEY MANAGEMENT
8.2 KEY EXCHANGE
8.3 KEY EXCHANGE PROTOCOLS DEVELOPED FOR IP
8.3.1 Oakley
8.3.2 SKEME
8.3.3 ISAKMP
8.3.3.1 Message and Payloads
8.3.3.2 Exchanges and PhasesNetwork Security?
9 INTERNET KEY EXCHANGE
9.1 MANUAL KEY EXCHANGE
9.2 IKE PHASES
9.3 IKE MODES
9.3.1 Main Mode Exchange
9.3.2 Aggressive Mode Exchange
9.3.3 Quick Mode Exchange
9.4 ESTABLISHING A SECURE CHANNEL
9.4.1 How It Is Done
9.5 IKE SECURITY
10 DISCUSSION
10.1 NETWORK SECURITY
10.2 ADVANTAGES OF IPSEC
10.3 DISADVANTAGES OF IPSEC
10.4 APPLIED NETWORK SECURITY
10.4.1 E-Commerce
10.5 CONCLUSIONS
11 REFERENCES
11.1 BOOKS, JOURNALS AND PAPERS
11.2 ELECTRONIC DOCUMENTS
11.3 UNPUBLISHED DOCUMENTS
11.4 PERSONAL COMMUNICATION
12 TABLE OF FIGURES
LIST OF ABBREVIATIONS
APPENDIX A
Author: Jönsson, Oskar,Dahlgren, Anders
Source: Goteborg University
Download URL 2: Visit Now