Académique Documents
Professionnel Documents
Culture Documents
!!!
What is IPsec ?
BACCHAN
Overview
…There must be some way for BACCHAN
to know which cryptographic key and
which algorithm to use to process the
packet.
Consists of:
Cryptographic key
Sequence number currently being used
Cryptographic services being used (e.g.: integrity
only / integrity+encryption / algo to be used)
IPsec Security associations(SA)
• It’s a unidirectional.
BACCHAN DOG ## ## ## ##
ASH
ASH ## ## ## ##
Security policy database
• database that can tell,
• - which packets to drop
• - which to forward
• - which to accept without security
authentication Encapsulating
header security
payload
Provides Integrity Provides Integrity
protection only protection and
Encryption too.
Keeps important
fields visible to
firewalls & Routers
Applying IPsec to a packet
IP headerRest of the packet
Transport
mode
New IP header IP sec IP header Rest packet
Tunnel
Mode
IPV4
• It’s a Network layer protocol, uses 32 bit
address.
• In IPV4 … the “4” is version number field.
• 32 bits wont be enough! So migration to
IPV6 is necessary some or other day
4 bit Version
4 bit Header lengths
1 octet Type of service
2 octet Header lengths + data
2 octet Packet identification
IPV4 Header
3 bit Flags
13 bit Fragment offset
1 octet TTL
1 octet Protocols
2 octet Header checksum
4 octet Source address
4 octet Destination address
variable Options
IPV6
• Uses 16 octets i.e. 128 bit address.
IPV6 Header
1 octet Next header
1 octet Hops remaining
16 octet Source address
16 octet Destination Address
NEXT HEADER FIELD Equivalent to IPV4’s PROTOCOL field
1 octet Unused
1 octet SPI
TRICK !!!!
DA <DHA>
Pa <PANA>
Palega <PADEGA>
Nahito
<“Aur De”>
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
????????????????????????????
ARIGATO
*_*
… You just learned to say THANK YOU in
Japanese !