Cryptogvaphy Asign ment

he 2P Secunity Scananio
îtwstratt
Sutkable dag ram he ben efts and suvitey
2PSec
Commun' Cat'by
IPsec prou'de te apabithy
to
bble
ublic wan 's,
a lan evoss psiat and p
and
2Psec Sec
headr

headPao
Netoyk:

vpey

Pkea
Sorte du

witoorki wetos kong dev'c

device
Vsec

Scen an 'o

The eterr abev d'agyam typ'cally shows typica

se locat'n.
ePsec a o'sper
naintoing lAN's
earh LAN
Conduct a
Nengecunt p trofic
Some
-» For bra fsite through
AN TPsec. protool
publie
at davicey . Such ay
-’hest proto colr in networki'ng
eorrret connect each AN to
a routu
odside
Secuse tangnissiom possible
ho das he o to he
9ostaiens Psec pvoto eols to
provid Secu rihy
Bni Wsee
when lsec
rovidu srong Stcu:ty had cas be apbo to
pori'neten .
)
2lsec in a ortsal 's er' ctant to bup ats all
fiafle fom the outside lye

Bhternek nfo the zoti n,

Psec 's btlos the trangpos aye (rcCP, UDP ) an d

So 's
thans ponen
fPsec provid secun y or

Draw and model fo

dob ound and outbound pa ckets
Cutbound Outbeund 2p Packet

Seonch

dotabns
Mafck pund
Daturnine Protct
DasCand
packet poley
B1PASS No mat
Match
found Seanch founo'
Secuaity boss

Procevs
Caulesp) key
eKchang|
For wad
packet ia
 ed
nin
detu to ZPsec sep
pack"l cPse ele
dog
outboua
Then
dcarde made bo hi
oardd tralra,by
cunidNrader
tig is fen hbvned
t
fo
s gachetr s
lores
ments Se
es
ch
an
fo
is ch un
se
an
and ath d Sean ele an, Next
eyvngabigkea gack tie hn headus sec
ujecned
main
hn n a is a
ogenuatlus iscasd,
pvot header hen is
H Ald
this
fom entry paclet the
TCp.
Pstc gP PeoTEC7 kettna cel
found transnc fi4hhghtsdetu
Sion tnu
whethn
Esp
dsa an
he is is
matebing tThe rele ay
sls padet mbou
forpioceuig hasp such
eltmentsto Congisting ag is
my i pack ,
thock ates hat th ta
a belos$ lay
o ed pasy , m protesiagfr
or his ntfoork examining
polt:
ain
m an a
SaD hoghn
tiall lormd PSec
or
eY) one
1/ for
3
 a secentd packet , Psec Seanekey th s4
SAD,
2/ n0 match sfound th gackef s ycandd Otenw'st
AH proceuing

Proces
cu/esp
Matk

NO
Search
Secunh pohey Drstand Stenaity asecrala
dahbas
Packets

Pactet
Inbound 2P acket

3. Doseu th Encap sulatng Seenity Payload Cesp) Packet

32 6ts
Authen
ticadien
oeage
f'Confdtn
alty decnity panametu mdu CS)
7efuent: Wumben

Covnag
faylooo data (vanmabl.

adding Co-s tytes)

Pad hngtaNet headi
Authe thcatien Jato
Data (vaniabl))

dada orrgin
Can be
wed fo provde congden tahty orgin
authenti catin Comnecton ley intgry an i-rplay
vites and tralfce flors corfiden fabt
 Esp Can ork vasl ety enevyp tlon and
auhenticaton ageihm iot uding
algorithmy Suck GCM

Esp format :
a Secanty
Seeurity Panan tes nds (32 6:ts) : dentfres

? Srquanct Namba (32 b1s) : a monoto nically increayta9

Cestn vale; Ms pyovoer an anti -ploy peocten.

Dat (vaniabh) hs is a tregort.

Aroryport level sgment
) Payloa d
profefd by entrypt:
2P packet tod 's praleched
punpose his eld is d'sued
tatn

immdiaduly procalsg s fla

’ Authenti caton 2sa Vaiable : A vaniab% lng freld at
oves he tsp
ten tans rtgnty Cack vale compudrd
fackat minus he Authot catn Dada fel d

4 Explan base torn binadions

>The iP sec Arehitecture ocumtt t'sts fous trampe
Cornbinatgny sA S must be Suypo» trof by complan f

) The ower pant each Coy

elemnt
 ZP sec fems to cornuni'tati
’foy any trso ed Qn SA,

hy myt shan di apropiatr strnt eyt.

a. A# n tharypor t
tranport modi.

case and
an no
btstn gath anu eyt.
’ Srewty s providh dd omly rsec:
hosfs mylment efaork apo
hraty sigvirtuad privat
This cae ihy
is needed

tnd to end seCetity

Iand 2
)he
alose hert
eita
asag fo gadg ennel provide erka
auttnt caton
bety een end

gatato funnel Esp,t alyo

provd itd
Caye 4, :
funned gdr behveen remo e hogtane

Deme
host and lo cal hoo
5.Epla.n t rteoet key Erckange CIkE ) key detoinaton
7oavan?
altori Hm
hea en and
% chanac tutsed bu
» Tke key determ.'natiom
(ive impor tant fatures
a mechanisr m
knoon ot Coolr e fo
knon he

claggg atacks.
a grop;
2: 2t enabley tht two panties to
tiis is eten tt S) ecify he
glalal paamntus
the dile -Helman key eeckang
ngure
gauirst rephy atact.
4 - 2t enah lee the
key valuet
5. Z ath nticatu the Ditlbe - Hlman er ehang to
thwat man - in he mddl aack s

Iky Headu,

Cnittator 's Secunty Panametlu Znder (S)|

Respondu 's Secusity fanamtla
Net M: Ver M, Ven Gchang Flags
Meyage )
lENGTH
headen
 the oithatov
SPI (c bits ): A valut chos en by associat'm
secuty Cs)
enigue sAkmp
to
identily
val chostn 4y h Teyponds
2sAKMP SA.
a unrgut

Vegion CH bis ):2oo.raty ajor veim

minor vetion
)Mno Vent'n lHLt) :adrcatee

Isakmp orckang to con tro/ yetrang mtssion

4 lad packetr and mateking regueith and oeyponges

" leng th (s bts):lngts fotal myage fn ocfett.
'RE Paylead
Bito 8 16 3/

Nut Pa load C RES eRVE D Pay lood leng

Zke bay bad's begin with to Sami fun'e payloat hradey

The Nent Payload eld bas a valut o tis te h
lat
-)

feru'c payad kead.

sndu ants the vecelp t
to

p revio
Ner&
aybad