Ipsec Business

Uploaded from authorPOINT Lite
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Happy Thanksgiving
What's up on authorSTREAM?
Views: 415
Like it  ( Likes) Dislike it  ( Dislikes)
Added: April 16, 2008 This Presentation is Public 
Presentation Category : Entertainment All Rights Reserved
Presentation Transcript

Research Seminar on Telecommunications Business IPSEC BUSINESS: Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi


Contents: Contents Introduction IPsec technology overview IPsec in mobile networks Market overview Software component manufacturing Vendor strategies Conclusion


Introduction: Introduction Everyone has secrets Traditional IP network is like a town hall Your secrets can be heard Possible to Forge Modify Inspect traffic


IPsec technology overview 1/5: IPsec technology overview 1/5 Set IETF protocols that provide Data source authentication Integrity Confidentiality (encryption) Protection against replay attacks at IP layer Traffic security protocols Authentication Header Encapsulated Security Payload (encryption)


IPsec technology overview 2/5: IPsec technology overview 2/5 Modes of operation Transport Tunnel (encapsulation) Security Association provides information How to protect What to protect With whom the protection is done Key management Internet Key Exchange negotiates SAs


IPsec technology overview 3/5: IPsec technology overview 3/5 TCP/UDP IP IPsec Internet Layer Secure IP packets TCP/UDP IP IPsec SA negotiations SA pair SA pair


IPsec technology overview 4/5: IPsec technology overview 4/5 Use case scenarios Host -- Host (transport) Host -- Security Gateway (tunnel) SGW-- SGW (tunnel) Virtual Private Network deployment Remote access (Road Warrior) Site-to-site SGW SGW


IPsec technology overview 4/5: IPsec technology overview 4/5 Use case scenarios Host -- Host (transport) Host -- Security Gateway (tunnel) SGW-- SGW (tunnel) Virtual Private Network deployment Remote access (Road Warrior) Site-to-site SGW SGW


IPsec technology overview 4/5: IPsec technology overview 4/5 Use case scenarios Host -- Host (transport) Host -- Security Gateway (tunnel) SGW-- SGW (tunnel) Virtual Private Network deployment Remote access (Road Warrior) Site-to-site SGW SGW


IPsec technology overview 4/5: IPsec technology overview 4/5 Use case scenarios Host -- Host (transport) Host -- Security Gateway (tunnel) SGW-- SGW (tunnel) Virtual Private Network deployment Remote access (Road Warrior) Site-to-site SGW Road Warrior


IPsec technology overview 4/5: IPsec technology overview 4/5 Use case scenarios Host -- Host (transport) Host -- Security Gateway (tunnel) SGW-- SGW (tunnel) Virtual Private Network deployment Remote access (Road Warrior) Site-to-site SGW SGW


IPsec technology overview 5/5: IPsec technology overview 5/5 Original RFCs criticized for complexity Two modes of operation, two traffic security protocols Committee made compromises between Network systems design Cryptographic protocol design Addressed in current (2005) versions Optional AH Transport mode between SGWs IKE version 2


IPsec in mobile networks 1/3: IPsec in mobile networks 1/3 3rd Generation Partnership Project (3GPP) Collaboration agreement Mobile phones to use IP for voice & data 3GPP Release 6 IP layer security implemented with IPsec Both IKE versions in use


IPsec in mobile networks 2/3: IPsec in mobile networks 2/3 IP layer in Network Domain Security IPsec and IKE Traffic between network elements IP based services IKEv2 authenticates MS and IMS IPsec tunnel for insecure protocols (SIP)


IPsec in mobile networks 3/3: IPsec in mobile networks 3/3 3GPP interwork with WLAN IPsec and IKEv2 Generic Access Network (GAN/UMA) WLAN access to 2G services Seamless handoff from GSM/GPRS to unlicensed spectrum IKEv2 authenticates subscriber IPsec tunnel between MS and GANC-SEGW What does it take to compete?


Market overview 1/2: Market overview 1/2 Multiple roles to take Software industry Provides software components to ... System integrators For example network equipment vendors Provide solutions to ... End users Other industries Consumers int main() …… ……


Market overview 2/2: Market overview 2/2 Market segments Consumer Network cards, ADSL modems, WLAN routers SME Security gateways, network devices Government Enterprise High bandwidth, failover support These affect the software requirements


Software component manufacturing: Software component manufacturing Software is an information product Expensive to produce first copy Sunk costs Cheap to reproduce => OEM value proposition: Price < customer’s development costs Integration time < customer’s development time Variable pricing Differences in willingness to pay Great deal of value in maintenance


Vendor strategies 1/3: Vendor strategies 1/3 Business customer classes Price-oriented Solution-oriented Total Cost of Ownership Gold-standard Quality, features and professional service Strategic-value Tight relationship Threat of vertical integration


Vendor strategies 2/3: Vendor strategies 2/3 Market not perfectly competitive Cost structure Basic strategies Cost leadership Economy of scale Product business Differentiation Added value through unique resources Project business


Vendor strategies 3/3: Vendor strategies 3/3 Target segment Market segment Business model Vendor strategy Price Solution Gold Strategic Consumer SME Government Enterprise Product Project Cost leadership Differentiation


Conclusion: Conclusion Best solution for IP layer security Common standard Complex IP convergence brings new opportunities Mobile networks Software is information Cost structure leads to variable pricing Two basic vendor strategies


Questions?: Questions? The floor is open