专题 虚拟专用网VPN PKI PGP Chapter 6 IP Security TCP/IP Example Host—Router Router—Router Host--Host Application TCP IP link TCP data data TCP data IP 帧头 TCP data IP tail A TCP IP link IPSec的应用 IPSec之所以能用于不同的应用领域,主要是因为它能够加密认证IP层所有的数据流 远程登录 C/S系统 电子邮件 文件传输 Web访问 IP Security Scenario End users Partners Branch offices Outline IP Security Overview IP Security Architecture Authentication Header Encapsulating Security binations of Security Associations IP Security Overview ab. IPSec RFC1636 ( Architecture Board),1994 IPSec is not a single protocol. a set of security algorithms a general framework that allows a pair municating entities municate in security. provides Authentication\confidentiality\key management IPSec Documents Overview IETF IP security Protocol Working group definition ESP: encapsulation security payload AH: Authentication header DOI: Domain of interpretation IPSec Services Access Control Connectionless integrity Data origin authentication Confidentiality (encryption) Limited traffic flow confidentiallity Rejection of replayed packets