Section 16.8. Key Terms, Review Questions, and Problems

Previous page
Table of content
Next page

[Page 517]

16.8. Key Terms, Review Questions, and Problems

Key Terms

anti-replay service

authentication header (AH)

encapsulating security payload (ESP)

Internet Security Association and Key Management Protocol (ISAKMP)

IP Security (IPSec)

IPv4

IPv6

Oakley key determination protocol

replay attack

security association (SA)

transport mode

tunnel mode

Review Questions

16.1

Give examples of applications of IPSec.

16.2

What services are provided by IPSec?

16.3

What parameters identify an SA and what parameters characterize the nature of a particular SA?

16.4

What is the difference between transport mode and tunnel mode?

16.5

What is a replay attack?

16.6

Why does ESP include a padding field?

16.7

What are the basic approaches to bundling SAs?

16.8

What are the roles of the Oakley key determination protocol and ISAKMP in IPSec?

Problems

16.1

In discussing AH processing, it was mentioned that not all of the fields in an IP header are included in MAC calculation.

  1. For each of the fields in the IPv4 header, indicate whether the field is immutable, mutable but predictable, or mutable (zeroed prior to ICV calculation).

  2. Do the same for the IPv6 header.

  3. Do the same for the IPv6 extension headers.

    In each case, justify your decision for each field.

16.2

When tunnel mode is used, a new outer IP header is constructed. For both IPv4 and IPv6, indicate the relationship of each outer IP header field and each extension header in the outer packet to the corresponding field or extension header of the inner IP packet. That is, indicate which outer values are derived from inner values and which are constructed independently of the inner values.

16.3

End-to-end authentication and encryption are desired between two hosts. Draw figures similar to Figures 16.6 and 16.9 that show

  1. Transport adjacency, with encryption applied before authentication

  2. A transport SA bundled inside a tunnel SA, with encryption applied before authentication

  3. A transport SA bundled inside a tunnel SA, with authentication applied before encryption

16.4

The IPSec architecture document states that when two transport mode SA's are bundled to allow both AH and ESP protocols on the same end-to-end flow, only one ordering of security protocols seems appropriate: performing the ESP protocol before performing the AH protocol. Why is this approach recommended rather than authentication before encryption?

[Page 518]
16.5

  1. Which of the ISAKMP Exchange Types (Table 16.4) corresponds to the aggressive Oakley key exchange (Figure 16.11)?

  2. For the Oakley aggressive key exchange, indicate which parameters in each message go in which ISAKMP payload types.



Previous page
Table of content
Next page
Cryptography and Network Security Principles and Practices
Cryptography and Network Security (4th Edition)
ISBN: 0131873164
EAN: 2147483647
Year: 2005
Pages: 209
Authors: William Stallings
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Metrics and Models in Software Quality Engineering (2nd Edition)
Lotus Notes and Domino 6 Development (2nd Edition)
C++ GUI Programming with Qt 3
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy