1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
-
date post
21-Dec-2015 -
Category
Documents
-
view
227 -
download
1
Transcript of 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
![Page 1: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/1.jpg)
1
Pertemuan 11IPSec dan SSL
Matakuliah : H0242 / Keamanan Jaringan
Tahun : 2006
Versi : 1
![Page 2: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/2.jpg)
2
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :
–Mahasiswa dapat menjelaskan IP Security dan SSL
![Page 3: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/3.jpg)
3
Outline Materi
• Konsep IP Security• Arsitecture IP security• Protokol dasar SSL• Arsitektur SSL
![Page 4: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/4.jpg)
4
Security facilities in TCP/IP
![Page 5: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/5.jpg)
5
IP Security Overview
• IPSec is not a single protocol.• IPSec provides a set of security algorithms plus a
general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.• General IP Security mechanisms provides– Authentication– Confidentiality– Key management
• Applicable to use over LANs, across public and private WANs, and for the Internet
![Page 6: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/6.jpg)
6
IP Security Overview
• Applications of IPSec– Secure branch office connectivity over the
Internet– Secure remote access over the Internet– Establsihing extranet and intranet connectivity
with partners– Enhancing electronic commerce security
![Page 7: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/7.jpg)
7
IP Security Overview
• Benefits of IPSec– Transparent to applications (below transport
layer (TCP, UDP)– Provide security for individual users– IPSec can assure that:• A router or neighbor advertisement comes
from an authorized router• A redirect message comes from the router
to which the initial packet was sent• A routing update is not forged• provides strong security to all traffic
crossing the perimeter
![Page 8: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/8.jpg)
8
IP Security Scenario
![Page 9: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/9.jpg)
9
Authentication Header
• Authentication Header (AH) provides support for data integrity & authentication of IP packets– End system/router can authenticate user/app– Prevents address spoofing attacks by tracking
sequence numbers• Based on use of a MAC– HMAC-MD5-96 or HMAC-SHA-1-96
• Parties must share a secret key
![Page 10: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/10.jpg)
10
Authentication Header
• Provides support for data integrity and authentication (MAC code) of IP packets.
• Guards against replay attacks.
![Page 11: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/11.jpg)
11
AH Authentication
Tunnel Mode AH Authentication
![Page 12: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/12.jpg)
12
Security Associations
• Security Association (SA) is a one-way relationship between sender & receiver that affords security for traffic flow
• Defined by 3 parameters:– Security Parameters Index (SPI)– IP Destination Address– Security Protocol Identifier
• Has a number of other parameters– seq no, AH & EH info, lifetime etc
• Have a database of Security Associations
![Page 13: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/13.jpg)
13
ESP
• Encapsulating Security Payload (ESP) provides message content confidentiality & limited traffic flow confidentiality
• Can optionally provide the same authentication services as AH
• Supports range of ciphers, modes, padding– DES, Triple-DES, RC5, IDEA, CAST, etc– CBC most common– Pad to meet blocksize, for traffic flow
![Page 14: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/14.jpg)
14
ESP
ESP Encryption and Authentication
![Page 15: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/15.jpg)
15
Algorithms
Encryption & Authentication Algorithms
– Encryption:• Three-key triple DES• RC5• IDEA• Three-key triple IDEA• CAST• Blowfish
– Authentication:• HMAC-MD5-96• HMAC-SHA-1-96
![Page 16: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/16.jpg)
16
Transport & Tunnel Modes
![Page 17: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/17.jpg)
17
Transport & Tunnel Mode ESP
• Transport mode is used to encrypt & optionally authenticate IP data– Data protected but header left in clear– Can do traffic analysis but is efficient– Good for ESP host to host traffic
• Tunnel mode encrypts entire IP packet– Add new header for next hop– Good for VPNs, gateway to gateway security
![Page 18: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/18.jpg)
18
SSL and TLS
• SSL was originated by Netscape• TLS working group was formed within IETF• First version of TLS can be viewed as an SSLv3.1
![Page 19: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/19.jpg)
19
SSL Architecture
![Page 20: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/20.jpg)
20
Handshake Protocol
• The most complex part of SSL.• Allows the server and client to authenticate each
other.• Negotiate encryption, MAC algorithm and
cryptographic keys.• Used before any application data are transmitted.
![Page 21: 1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d5f5503460f94a3fa11/html5/thumbnails/21.jpg)
21
Handshake Protocol Action