Cryptography and Network Security: Third Edition by William Stallings Lecture Slides by Lawrie Brown
Cryptography and Network Security: Third Edition by William Stallings Lecture Slides by Lawrie Brown
Cryptography and Network Security: Third Edition by William Stallings Lecture Slides by Lawrie Brown
Security
Third Edition
by William Stallings
a. AH in transport mode
b.ESP in transport mode
c. AH followed by ESP in transport mode(ESP SA inside an AH SA
d. any one a, b, c inside an AH or ESP in tunnel mode
Key Management
• handles key generation & distribution
• typically need 2 pairs of keys
• 2 per direction for AH & ESP
• manual key management
• sysadmin manually configures every system
• automated key management
• automated system for on demand creation of keys for
SA’s in large systems
• has Oakley & ISAKMP elements
Oakley
• RFC 2412
• a key exchange protocol
• based on Diffie-Hellman key exchange
• adds features to address weaknesses
• cookies, groups (global params), nonces, DH
key exchange with authentication
• can use arithmetic in prime fields or elliptic
curve fields
ISAKMP
• Internet Security Association and Key
Management Protocol (RFC 2407)
• provides framework for key management
• defines procedures and packet formats to
establish, negotiate, modify and delete SAs
• independent of key exchange protocol,
encryption algorithm and authentication method
ISAKMP
Summary
• have considered:
• IPSec security framework
• AH Protocol
• ESP Protocol
• key management & Oakley/ISAKMP