ephase/cours
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add first part of IPSec course

Browse source
This commit is contained in:
Yorick Barbanneau 2022-12-07 00:43:44 +01:00
parent d869be6e0b
commit 5d803fdcb9
3 changed files with 624 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

285
content/secu_reseaux/5_securite-echanges/images/ipsec_transport.svg Normal file
View file

@ -0,0 +1,285 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="65.754684mm"
height="20.251797mm"
viewBox="-7 -7 114.40725 35.236311"
version="1.1"
id="svg157"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<title
id="title15212">propagation de Mirail</title>
<defs
id="defs154">
<marker
style="overflow:visible"
id="Arrow2"
refX="0"
refY="0"
orient="auto-start-reverse"
markerWidth="7.6999998"
markerHeight="5.5999999"
viewBox="0 0 7.7 5.6"
preserveAspectRatio="xMidYMid">
<path
transform="scale(0.7)"
d="M -2,-4 9,0 -2,4 c 2,-2.33 2,-5.66 0,-8 z"
style="fill:context-stroke;fill-rule:evenodd;stroke:none"
id="arrow2L" />
</marker>
</defs>
<metadata
id="metadata128720">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:creator>
<cc:Agent>
<dc:title>Yorick Barbanneau ^ ephase</dc:title>
</cc:Agent>
</dc:creator>
<dc:rights>
<cc:Agent>
<dc:title>CC BY-SA</dc:title>
</cc:Agent>
</dc:rights>
<cc:license
rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
<dc:title>propagation de Mirail</dc:title>
</cc:Work>
<cc:License
rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
<cc:permits
rdf:resource="http://creativecommons.org/ns#Reproduction" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#Distribution" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#Notice" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#Attribution" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#ShareAlike" />
</cc:License>
</rdf:RDF>
</metadata>
<rect
style="fill:#ffffff;fill-opacity:0.996078;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:0.905882"
id="rect6653"
width="114.40726"
height="35.236309"
x="-7"
y="-7" />
<path
style="fill:none;fill-opacity:0.996078;stroke:#874ee0;stroke-width:0.460351px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow2)"
d="M 18.005652,1.4155964 C 18.257675,8.972584 7.9166804,5.9279844 7.9166804,11.143908"
id="path7829" />
<g
id="g2059"
transform="translate(4.4237426,-14.159757)">
<rect
id="rect991"
width="20.435221"
height="8.5417414"
x="2.8635905"
y="9.9194212"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="IP"
id="text856"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 9.8605408,11.505512 h 1.2479832 v 5.369566 H 9.8605408 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2050" />
<path
d="m 12.324139,11.505512 h 2.067984 q 0.924299,0 1.417019,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.49272,0.453158 -1.417019,0.453158 h -0.82 v 1.862984 h -1.247984 z m 1.247984,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561053,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197807,-0.194211 -0.561053,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2052" />
</g>
</g>
<path
style="fill:none;fill-opacity:0.996078;stroke:#874ee0;stroke-width:0.460351px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow2)"
d="M 35.415183,2.4476782 C 35.16316,10.004666 45.504154,6.9600662 45.504154,12.17599"
id="path9050" />
<g
id="g2088"
transform="translate(30.48148,-35.31831)">
<rect
id="rect2066"
width="20.435221"
height="8.5417414"
x="-3.2183595"
y="31.077974"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="TCP"
id="text856-3"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="M 0.03104342,32.660467 H 4.4835033 v 1.04658 h -1.60044 v 4.322986 H 1.6350798 V 33.707047 H 0.03104342 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2076" />
<path
d="m 8.9611388,37.735121 q -0.3452635,0.197807 -0.7192989,0.298509 -0.3704389,0.100701 -0.7732462,0.100701 -1.2084221,0 -1.913335,-0.74807 -0.7049128,-0.751668 -0.7049128,-2.035616 0,-1.287545 0.7049128,-2.035616 0.7049129,-0.751667 1.913335,-0.751667 0.4028073,0 0.7732462,0.100702 0.3740354,0.100702 0.7192989,0.298509 v 1.111316 q -0.34886,-0.262544 -0.6869304,-0.384824 -0.334474,-0.122281 -0.7049129,-0.122281 -0.6689479,0 -1.0501763,0.474737 -0.3812284,0.474737 -0.3812284,1.309124 0,0.83079 0.3812284,1.305527 0.3812284,0.474738 1.0501763,0.474738 0.3704389,0 0.7049129,-0.122281 0.3380704,-0.122281 0.6869304,-0.384825 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2078" />
<path
d="M 9.9897356,32.660467 H 12.05772 q 0.924299,0 1.417018,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.492719,0.453158 -1.417018,0.453158 h -0.820001 v 1.862984 H 9.9897356 Z m 1.2479834,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561054,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197808,-0.194211 -0.561054,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2080" />
</g>
</g>
<path
style="fill:none;fill-opacity:0.996078;stroke:#874ee0;stroke-width:0.460351px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Arrow2)"
d="M 59.663798,2.4476782 C 59.411775,10.004666 69.752769,6.9600662 69.752769,12.17599"
id="path9072" />
<g
id="g2993"
transform="translate(18.933233,-13.569315)">
<rect
style="fill:#ffffff;fill-opacity:0.999967;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:1"
id="rect2933"
width="47.121777"
height="8.5417404"
x="28.305676"
y="9.3289804" />
<path
id="rect2074"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="M 58.624997,17.870721 H 28.305677 V 9.3289804 h 30.31932" />
<path
id="path2190"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="m 70.887804,17.87072 h 4.539648 V 9.3289804 h -4.539648" />
<path
id="path2192"
style="fill:#ffffff;fill-opacity:0.999967;stroke:#de6a66;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0"
d="M 70.530266,17.870721 H 58.624997 m 0,-8.5417406 h 11.905269" />
<text
xml:space="preserve"
style="font-style:normal;font-weight:normal;font-size:7.36562px;line-height:1.25;font-family:sans-serif;fill:#666666;fill-opacity:1;stroke:none;stroke-width:0.460351"
x="38.220848"
y="15.711082"
id="text1841"><tspan
id="tspan1839"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:semi-condensed;font-size:7.36562px;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed';fill:#666666;fill-opacity:1;stroke-width:0.460351"
x="38.220848"
y="15.711082">payload</tspan></text>
</g>
<g
id="g2059-7"
transform="translate(-6.3963201,5.9146575)">
<rect
id="rect991-5"
width="20.435221"
height="8.5417414"
x="2.8635905"
y="9.9194212"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="IP"
id="text856-35"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 9.8605408,11.505512 h 1.2479832 v 5.369566 H 9.8605408 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2050-6" />
<path
d="m 12.324139,11.505512 h 2.067984 q 0.924299,0 1.417019,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.49272,0.453158 -1.417019,0.453158 h -0.82 v 1.862984 h -1.247984 z m 1.247984,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561053,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197807,-0.194211 -0.561053,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2052-2" />
</g>
</g>
<g
id="g2088-9"
transform="translate(39.916886,-15.243896)">
<rect
id="rect2066-1"
width="20.435221"
height="8.5417414"
x="-3.2183595"
y="31.077974"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="TCP"
id="text856-3-2"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="M 0.03104342,32.660467 H 4.4835033 v 1.04658 h -1.60044 v 4.322986 H 1.6350798 V 33.707047 H 0.03104342 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2076-7" />
<path
d="m 8.9611388,37.735121 q -0.3452635,0.197807 -0.7192989,0.298509 -0.3704389,0.100701 -0.7732462,0.100701 -1.2084221,0 -1.913335,-0.74807 -0.7049128,-0.751668 -0.7049128,-2.035616 0,-1.287545 0.7049128,-2.035616 0.7049129,-0.751667 1.913335,-0.751667 0.4028073,0 0.7732462,0.100702 0.3740354,0.100702 0.7192989,0.298509 v 1.111316 q -0.34886,-0.262544 -0.6869304,-0.384824 -0.334474,-0.122281 -0.7049129,-0.122281 -0.6689479,0 -1.0501763,0.474737 -0.3812284,0.474737 -0.3812284,1.309124 0,0.83079 0.3812284,1.305527 0.3812284,0.474738 1.0501763,0.474738 0.3704389,0 0.7049129,-0.122281 0.3380704,-0.122281 0.6869304,-0.384825 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2078-0" />
<path
d="M 9.9897356,32.660467 H 12.05772 q 0.924299,0 1.417018,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.492719,0.453158 -1.417018,0.453158 h -0.820001 v 1.862984 H 9.9897356 Z m 1.2479834,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561054,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197808,-0.194211 -0.561054,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2080-9" />
</g>
</g>
<g
id="g2993-3"
transform="translate(28.368639,6.5050995)">
<rect
style="fill:#ffffff;fill-opacity:0.999967;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:1"
id="rect2933-6"
width="47.121777"
height="8.5417404"
x="28.305676"
y="9.3289804" />
<path
id="rect2074-0"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="M 58.624997,17.870721 H 28.305677 V 9.3289804 h 30.31932" />
<path
id="path2190-6"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="m 70.887804,17.87072 h 4.539648 V 9.3289804 h -4.539648" />
<path
id="path2192-2"
style="fill:#ffffff;fill-opacity:0.999967;stroke:#de6a66;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0"
d="M 70.530266,17.870721 H 58.624997 m 0,-8.5417406 h 11.905269" />
<text
xml:space="preserve"
style="font-style:normal;font-weight:normal;font-size:7.36562px;line-height:1.25;font-family:sans-serif;fill:#666666;fill-opacity:1;stroke:none;stroke-width:0.460351"
x="38.220848"
y="15.711082"
id="text1841-6"><tspan
id="tspan1839-1"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:semi-condensed;font-size:7.36562px;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed';fill:#666666;fill-opacity:1;stroke-width:0.460351"
x="38.220848"
y="15.711082">payload</tspan></text>
</g>
<g
id="g2072"
transform="translate(-5.6168351,-10.104739)">
<rect
id="rect1476"
width="20.435221"
height="8.5417414"
x="22.463316"
y="25.93882"
style="fill:#69ebba;stroke:#41e6a8;stroke-width:0.460351;stroke-opacity:1;fill-opacity:1" />
<g
aria-label="AH"
id="text937"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 31.173996,31.916228 h -1.9493 l -0.309299,0.978246 h -1.25158 l 1.791054,-5.369566 h 1.485352 l 1.791055,5.369566 h -1.255177 z m -1.640002,-0.996229 h 1.32351 l -0.658158,-2.136318 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2061" />
<path
d="m 33.367857,27.524908 h 1.247983 v 2.046405 h 1.837809 v -2.046405 h 1.244387 v 5.369566 H 36.453649 V 30.617893 H 34.61584 v 2.276581 h -1.247983 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2063" />
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

243
content/secu_reseaux/5_securite-echanges/images/ipsec_tunnel.svg Normal file
View file

@ -0,0 +1,243 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="65.754684mm"
height="20.251797mm"
viewBox="-7 -7 114.40725 35.236311"
version="1.1"
id="svg157"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<title
id="title15212">propagation de Mirail</title>
<defs
id="defs154" />
<metadata
id="metadata128720">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:creator>
<cc:Agent>
<dc:title>Yorick Barbanneau ^ ephase</dc:title>
</cc:Agent>
</dc:creator>
<dc:rights>
<cc:Agent>
<dc:title>CC BY-SA</dc:title>
</cc:Agent>
</dc:rights>
<cc:license
rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
<dc:title>propagation de Mirail</dc:title>
</cc:Work>
<cc:License
rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
<cc:permits
rdf:resource="http://creativecommons.org/ns#Reproduction" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#Distribution" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#Notice" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#Attribution" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
<cc:requires
rdf:resource="http://creativecommons.org/ns#ShareAlike" />
</cc:License>
</rdf:RDF>
</metadata>
<rect
style="fill:#ffffff;fill-opacity:0.996078;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:0.905882"
id="rect6653"
width="114.40726"
height="35.236309"
x="-7"
y="-7" />
<g
id="g6693"
transform="translate(8.2128849,2.5294895)">
<g
id="g2072"
transform="translate(-9.67994,-11.533408)">
<rect
id="rect1476"
width="20.435221"
height="8.5417414"
x="22.463316"
y="25.93882"
style="fill:#ffffff;stroke:#41e6a8;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="AH"
id="text937"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 31.173996,31.916228 h -1.9493 l -0.309299,0.978246 h -1.25158 l 1.791054,-5.369566 h 1.485352 l 1.791055,5.369566 h -1.255177 z m -1.640002,-0.996229 h 1.32351 l -0.658158,-2.136318 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2061" />
<path
d="m 33.367857,27.524908 h 1.247983 v 2.046405 h 1.837809 v -2.046405 h 1.244387 v 5.369566 H 36.453649 V 30.617893 H 34.61584 v 2.276581 h -1.247983 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2063" />
</g>
</g>
<g
id="g3003"
transform="translate(-9.633415,4.4841913)">
<rect
id="rect2995"
width="20.435221"
height="8.5417414"
x="2.8635905"
y="9.9194212"
style="fill:#ffffff;stroke:#41e6a8;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="IP"
id="g3001"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 9.8605408,11.505512 h 1.2479832 v 5.369566 H 9.8605408 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2997" />
<path
d="m 12.324139,11.505512 h 2.067984 q 0.924299,0 1.417019,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.49272,0.453158 -1.417019,0.453158 h -0.82 v 1.862984 h -1.247984 z m 1.247984,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561053,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197807,-0.194211 -0.561053,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2999" />
</g>
</g>
<g
id="g3029"
transform="translate(4.8760766,5.0746323)">
<rect
style="fill:#ffffff;fill-opacity:0.999967;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:1"
id="rect3017"
width="47.121777"
height="8.5417404"
x="28.305676"
y="9.3289804" />
<path
id="path3019"
style="fill:#ffffff;stroke:#41e6a8;stroke-width:0.460351;stroke-opacity:1"
d="M 58.624997,17.870721 H 28.305677 V 9.3289804 h 30.31932" />
<path
id="path3021"
style="fill:#ffffff;stroke:#41e6a8;stroke-width:0.460351;stroke-opacity:1"
d="m 70.887804,17.87072 h 4.539648 V 9.3289804 h -4.539648" />
<path
id="path3023"
style="fill:#ffffff;fill-opacity:0.999967;stroke:#41e6a8;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:1"
d="M 70.530266,17.870721 H 58.624997 m 0,-8.5417406 h 11.905269" />
</g>
<path
style="fill:#cebbec;fill-opacity:0.996078;stroke:none;stroke-width:0.460351px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="M 3.6779612,1.7719163 C 23.051338,5.8981533 35.833249,10.288092 37.785266,16.705369 h 37.91475 c 0.06387,-6.417277 5.512098,-13.8179317 15.0513,-14.9334537 z"
id="path5374" />
<g
id="g2059"
transform="translate(0.81437072,-16.689246)">
<rect
id="rect991"
width="20.435221"
height="8.5417414"
x="2.8635905"
y="9.9194212"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="IP"
id="text856"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="m 9.8605408,11.505512 h 1.2479832 v 5.369566 H 9.8605408 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2050" />
<path
d="m 12.324139,11.505512 h 2.067984 q 0.924299,0 1.417019,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.49272,0.453158 -1.417019,0.453158 h -0.82 v 1.862984 h -1.247984 z m 1.247984,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561053,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197807,-0.194211 -0.561053,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2052" />
</g>
</g>
<g
id="g2088"
transform="translate(26.87211,-37.847799)">
<rect
id="rect2066"
width="20.435221"
height="8.5417414"
x="-3.2183595"
y="31.077974"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351;stroke-opacity:1" />
<g
aria-label="TCP"
id="text856-3"
style="font-size:7.36562px;line-height:1.25;fill:#666666;stroke-width:0.460351">
<path
d="M 0.03104342,32.660467 H 4.4835033 v 1.04658 h -1.60044 v 4.322986 H 1.6350798 V 33.707047 H 0.03104342 Z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2076" />
<path
d="m 8.9611388,37.735121 q -0.3452635,0.197807 -0.7192989,0.298509 -0.3704389,0.100701 -0.7732462,0.100701 -1.2084221,0 -1.913335,-0.74807 -0.7049128,-0.751668 -0.7049128,-2.035616 0,-1.287545 0.7049128,-2.035616 0.7049129,-0.751667 1.913335,-0.751667 0.4028073,0 0.7732462,0.100702 0.3740354,0.100702 0.7192989,0.298509 v 1.111316 q -0.34886,-0.262544 -0.6869304,-0.384824 -0.334474,-0.122281 -0.7049129,-0.122281 -0.6689479,0 -1.0501763,0.474737 -0.3812284,0.474737 -0.3812284,1.309124 0,0.83079 0.3812284,1.305527 0.3812284,0.474738 1.0501763,0.474738 0.3704389,0 0.7049129,-0.122281 0.3380704,-0.122281 0.6869304,-0.384825 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2078" />
<path
d="M 9.9897356,32.660467 H 12.05772 q 0.924299,0 1.417018,0.456755 0.49272,0.453158 0.49272,1.294738 0,0.845176 -0.49272,1.301931 -0.492719,0.453158 -1.417018,0.453158 h -0.820001 v 1.862984 H 9.9897356 Z m 1.2479834,1.003422 v 1.499738 h 0.68693 q 0.363246,0 0.561054,-0.19421 0.197807,-0.197808 0.197807,-0.557457 0,-0.359649 -0.197807,-0.55386 -0.197808,-0.194211 -0.561054,-0.194211 z"
style="font-weight:bold;font-stretch:semi-condensed;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed'"
id="path2080" />
</g>
</g>
<g
id="g2993"
transform="translate(15.323863,-16.098805)">
<rect
style="fill:#ffffff;fill-opacity:0.999967;stroke:none;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:1"
id="rect2933"
width="47.121777"
height="8.5417404"
x="28.305676"
y="9.3289804" />
<path
id="rect2074"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="M 58.624997,17.870721 H 28.305677 V 9.3289804 h 30.31932" />
<path
id="path2190"
style="fill:#ffffff;stroke:#de6a66;stroke-width:0.460351"
d="m 70.887804,17.87072 h 4.539648 V 9.3289804 h -4.539648" />
<path
id="path2192"
style="fill:#ffffff;fill-opacity:0.999967;stroke:#de6a66;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0"
d="M 70.530266,17.870721 H 58.624997 m 0,-8.5417406 h 11.905269" />
<text
xml:space="preserve"
style="font-style:normal;font-weight:normal;font-size:7.36562px;line-height:1.25;font-family:sans-serif;fill:#666666;fill-opacity:1;stroke:none;stroke-width:0.460351"
x="38.220848"
y="15.711082"
id="text1841"><tspan
id="tspan1839"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:semi-condensed;font-size:7.36562px;font-family:'DejaVu Sans';-inkscape-font-specification:'DejaVu Sans Bold Semi-Condensed';fill:#666666;fill-opacity:1;stroke-width:0.460351"
x="38.220848"
y="15.711082">payload</tspan></text>
</g>
<g
id="g4419"
transform="translate(2.113969,2.7728763)"
style="stroke:#7137c8;stroke-opacity:0.905882">
<path
id="path4413"
style="fill:#ffffff;stroke:#7137c8;stroke-width:0.460351;stroke-opacity:0.905882"
d="m 58.624997,17.870721 h -22.9537 v -3.938228 h 22.9537" />
<path
id="path4415"
style="fill:#ffffff;stroke:#7137c8;stroke-width:0.460351;stroke-opacity:0.905882"
d="m 70.887804,17.87072 h 2.698243 v -3.938227 h -2.698243" />
<path
id="path4417"
style="fill:#ffffff;fill-opacity:0.999967;stroke:#7137c8;stroke-width:0.460351;stroke-dasharray:0.460351, 0.460351;stroke-dashoffset:0;stroke-opacity:0.905882"
d="M 70.530266,17.870721 H 58.624997 m 0,-3.938228 h 11.905269" />
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 12 KiB

96
content/secu_reseaux/5_securite-echanges/index.md Normal file
View file

@ -0,0 +1,96 @@
---
title: "Sécurité des réseaux : sécurité des échanges"
date: 2022-10-04
tags: ["TLS", "IPSEC"]
categories: ["Sécurité des réseaux", "Cours"]
---
Dans cette partie nous aborderons *TLS* (*Transport Layer Security*), *IPSec*
(*IP Security*) et les *PKI* (*Public Key Infrastructure*)
## Propriétéà assurer
Pour sécuriser un échange, il faut assurer 4 points:
1. la confidentialité: seul mon interlocuteur peut lire le message;
2. l'authenticité: le message est authentique;
3. l'intégrité: le message vient bien de mon interlocuteur, il n'a pas été
modifié par un tiers;
4. la non-répudiabilité: mon interlocuteur ne peut pas réfuter ses messages;
## IPSec
C'est un protocole ancien (~1994) créé pour répondre aux 4 propriétés vu
précédemment. Il se positionne dans la couche IP, il est donc totalement
transparent pour les couches supérieures.
IPSec est composé de plusieurs parties:
* **ESP (*Encapsulating Security Payload*)**: chiffrement;
* **AH** (*Authentication Header*): authentification de l'origine des paquets,
contrôle des accès, rejet des paquets rejoués;
* **Négociation**: établissement des paramètres de la communication
avec**IKE** (*Internet Key Exchange*).
### Les défi des attaques par rejeu
Ces types d'attaques permettent de mettre à mal des protocoles réputés fiables
comme *WPA2*. Quelle solution est implémentée dans IPSec?
Au niveau du récepteur, un identifiant de paquet et une fenêtre de réception
sont utilisés. Une **fenêtre** est une intervalle de temps bornée pendant
laquelle les identifiants sont acceptés.
Le déroulé:
* Une fenêtre de taille `W` est créée sur le récepteur;
* Le numéro d'ordre le plus élevé, noté `N`, est placé à l'extrémité droite de
la fenêtre;
* Pour tout paquet reçu avec un numéro d'ordre compris entre `N - W +1` et `N`,
la position correspondante est marquée;
* Lors de la réception d'un nouveau paquet;
* Si la position et la *MAC* sont corrects, la position est marquée
* Si la *MAC* est correct et que le numéro d'ordre est à droite de la
fenêtre, alors cette dernière est avancée de sorte que `N` prenne la
valeur du numéro d'ordre de ce paquet;
* Si la *MAC* est invalide ou que le numéro d'ordre est à gauche de la
fenêtre, **il est détruit**;
### Les modes d'utilisation
Il existe deux modes de fonctionnement : le mode tunnel et le mode transport.
#### Le mode tunnel
Deux réseaux se "parlent" via l'établissement d'un tunnel sécurisé.
![Encapsulation de la trame IP en mode tunnel](./images/ipsec_tunnel.svg)
Ce mode assure la protection du paquet IP dans sa totalité.
En mode ESP, le message doit être **chiffré**.
#### Le mode transport
Deux hôtes se "parlent" via un tunnel sécurisé. Dans ce mode, le paquet
d'origine est inclus dans un autre. Le paquet d'origine est alors chiffré et /
ou authentifié.
![Encapsulation de la trame IP en mode transport](./images/ipsec_transport.svg)
Un champ AH est ajouté pour authentifier la trame. Cette authentification est
assurée par une signature qui prend la forme:
```
hash(K || hash(K || M))
```
Ou `hash` est une foncion de hashage, `K` la clé.
En mode transport, **ESP** chiffre l'information utile du paquet, l'entête reste
inchangée. **AH** authentifie l'information utile et certaines parties de
l'entête IP.
Pour passer au travers d'un *NAT*, il est nécessaire d'encapsuler le tout dans
une trame UDP.