Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Network Layer Security Truyền thông TCP / IP có thể được thực hiện an toàn với sự giúp đỡ của mật mã. Phương pháp mật mã và giao thức đã được thiết kế cho các mục đích khác nhau trong việc đảm bảo thông tin liên lạc trên Internet. Chúng bao gồm, ví dụ, SSL và TLS cho giao thông HTTP Web, S / MIME và PGP cho e-mail và IPsec an ninh lớp mạng. Chương này chủ yếu là địa chỉ an ninh duy nhất tại lớp IP và mô tả các dịch vụ bảo mật khác nhau cho. | 7 Network Layer Security TCP IP communication can be made secure with the help of cryptography. Cryptographic methods and protocols have been designed for different purposes in securing communication on the Internet. These include for instance the SSL and TLS for HTTP Web traffic S MIME and PGP for e-mail and IPsec for network layer security. This chapter mainly addresses security only at the IP layer and describes various security services for traffic offered by IPsec. 7.1 IPsec Protocol IPsec is designed to protect communication in a secure manner by using TCP IP. The IPsec protocol is a set of security extensions developed by the IETF and it provides privacy and authentication services at the IP layer by using modern cryptography. To protect the contents of an IP datagram the data is transformed using encryption algorithms. There are two main transformation types that form the basics of IPsec the Authentication Header AH and the Encapsulating Security Payload ESP . Both AH and ESP are two protocols that provide connectionless integrity data origin authentication confidentiality and an anti-replay service. These protocols may be applied alone or in combination to provide a desired set of security services for the IP layer. They are configured in a data structure called a Security Association SA . The basic components of the IPsec security architecture are explained in terms of the following functionalities Security Protocols for AH and ESP Security Associations for policy management and traffic processing Manual and automatic key management for the Internet Key Exchange IKE the Oakley key determination protocol and ISAKMP. Algorithms for authentication and encryption Internet Security. Edited by M.Y. Rhee 2003 John Wiley Sons Ltd ISBN 0-470-85285-2 244 INTERNET SECURITY The set of security services provided at the IP layer includes access control connectionless integrity data origin authentication protection against replays and confidentiality. The modularity .