Transcript slides
Research Seminar on Telecommunications Business
IPSEC BUSINESS
Henri Ossi
Contents
•
•
•
•
•
•
•
Introduction
IPsec technology overview
IPsec in mobile networks
Market overview
Software component manufacturing
Vendor strategies
Conclusion
Introduction
• Everyone has secrets
• Traditional IP network is like a town hall
– Your secrets can be heard
• Possible to
– Forge
– Modify
– Inspect traffic
IPsec technology overview 1/5
• Set IETF protocols that provide
–
–
–
–
Data source authentication
Integrity
Confidentiality (encryption)
Protection against replay attacks at IP layer
• Traffic security protocols
– Authentication Header
– Encapsulated Security Payload (encryption)
IPsec technology overview 2/5
• Modes of operation
– Transport
– Tunnel (encapsulation)
• Security Association provides information
– How to protect
– What to protect
– With whom the protection is done
• Key management
– Internet Key Exchange negotiates SAs
IPsec technology overview 3/5
IKE
SA negotiations
SA pair
IKE
SA pair
TCP/UDP
TCP/UDP
IPsec
IPsec
IP
IP
Internet Layer
Secure IP packets
IPsec technology overview 4/5
• Use case scenarios
SGW
– Host -- Host (transport)
– Host -- Security Gateway (tunnel)
– SGW-- SGW (tunnel)
• Virtual Private Network deployment
– Remote access (Road Warrior)
– Site-to-site
SGW
IPsec technology overview 4/5
• Use case scenarios
SGW
– Host -- Host (transport)
– Host -- Security Gateway (tunnel)
– SGW-- SGW (tunnel)
• Virtual Private Network deployment
– Remote access (Road Warrior)
– Site-to-site
SGW
IPsec technology overview 4/5
• Use case scenarios
SGW
– Host -- Host (transport)
– Host -- Security Gateway (tunnel)
– SGW-- SGW (tunnel)
• Virtual Private Network deployment
– Remote access (Road Warrior)
– Site-to-site
SGW
IPsec technology overview 4/5
• Use case scenarios
SGW
– Host -- Host (transport)
– Host -- Security Gateway (tunnel)
– SGW-- SGW (tunnel)
• Virtual Private Network deployment
– Remote access (Road Warrior)
– Site-to-site
Road Warrior
IPsec technology overview 4/5
• Use case scenarios
SGW
– Host -- Host (transport)
– Host -- Security Gateway (tunnel)
– SGW-- SGW (tunnel)
• Virtual Private Network deployment
– Remote access (Road Warrior)
– Site-to-site
SGW
IPsec technology overview 5/5
• Original RFCs criticized for complexity
– Two modes of operation, two traffic security protocols
– Committee made compromises between
• Network systems design
• Cryptographic protocol design
• Addressed in current (2005) versions
– Optional AH
– Transport mode between SGWs
– IKE version 2
IPsec in mobile networks 1/3
• 3rd Generation Partnership Project (3GPP)
– Collaboration agreement
• Mobile phones to use IP for voice & data
• 3GPP Release 6
– IP layer security implemented with IPsec
– Both IKE versions in use
IPsec in mobile networks 2/3
• IP layer in Network Domain Security
– IPsec and IKE
– Traffic between network elements
• IP based services
– IKEv2 authenticates MS and IMS
– IPsec tunnel for insecure protocols (SIP)
IPsec in mobile networks 3/3
• 3GPP interwork with WLAN
– IPsec and IKEv2
• Generic Access Network (GAN/UMA)
– WLAN access to 2G services
– Seamless handoff from GSM/GPRS to unlicensed
spectrum
– IKEv2 authenticates subscriber
– IPsec tunnel between MS and GANC-SEGW
• What does it take to compete?
Market overview 1/2
• Multiple roles to take
• Software industry
– Provides software components to ...
int main()
……
……
• System integrators
– For example network equipment vendors
– Provide solutions to ...
• End users
– Other industries
– Consumers
Market overview 2/2
• Market segments
– Consumer
• Network cards, ADSL modems, WLAN routers
– SME
• Security gateways, network devices
– Government
– Enterprise
• High bandwidth, failover support
• These affect the software requirements
Software component
manufacturing
• Software is an information product
– Expensive to produce first copy
• Sunk costs
– Cheap to reproduce => OEM value proposition:
• Price < customer’s development costs
• Integration time < customer’s development time
• Variable pricing
– Differences in willingness to pay
• Great deal of value in maintenance
Vendor strategies 1/3
• Business customer classes
– Price-oriented
– Solution-oriented
• Total Cost of Ownership
– Gold-standard
• Quality, features and professional service
– Strategic-value
• Tight relationship
• Threat of vertical integration
Vendor strategies 2/3
• Market not perfectly competitive
– Cost structure
• Basic strategies
– Cost leadership
• Economy of scale
• Product business
– Differentiation
• Added value through unique resources
• Project business
Vendor strategies 3/3
Target segment
Price Solution
Strategic
Government
Consumer
Market segment
Gold
SME
Business model
Product
Vendor strategy
Cost
leadership
Enterprise
Project
Differentiation
Conclusion
• Best solution for IP layer security
– Common standard
– Complex
• IP convergence brings new opportunities
– Mobile networks
• Software is information
– Cost structure leads to variable pricing
– Two basic vendor strategies
Questions?
• The floor is open