AKSUM UNIVERSITY

AKSUM INSTITUTE OF TECHNOLGY

FACULITY OF COMPUTING TECHNOLOGY

DEPARTMENT OF INFORMATION TECHNOLOGY

ASSIGNMENT OF: INFORMATION SECURITY AND ASSURANCE

TITILE PROPOSAL: IP SECURITY
Group Members: 1.Teklebrhan Mengesha
2. Andom yilma
3. Saba Solomon
4. Ashenafi Asfehaley
5. Danait kebede
6. G/medhn Hagos
SubMe to INst:Tesfu(MSc)

Tigray Ethiopia 2023

Contents
Introduction .............................................................................................................................................. 1
Body.......................................................................................................................................................... 1
Uses of IP Security .............................................................................................................................. 1
Components of IP Security ................................................................................................................... 1
IP Security Architecture........................................................................................................................ 2
IPSec (IP Security) architecture ........................................................................................................ 2
Working on IP Security ....................................................................................................................... 3
Features of IPSec .................................................................................................................................. 3
Advantages of IPSec ............................................................................................................................. 4
Disadvantages of IPSec......................................................................................................................... 4
Conclusion: ............................................................................................................................................. 5
Introduction
IPsec (Internet Protocol Security) is a suite of protocols and algorithms for securing data
transmitted over the internet or any public network. The Internet Engineering Task Force, or
IETF, developed the IPsec protocols in the mid-1990s to provide security at the IP layer
through authentication and encryption of IP network packets.
Internet Protocol Security (IPSec) is a framework of open standards for ensuring private,
secure communications over Internet Protocol (IP) networks, through the use of cryptographic
security services. IPSec is a suite of cryptography-based protection services and security
protocols. Because it requires no changes to programs or protocols, you can easily deploy
IPSec for existing networks.

The driving force for the acceptance and deployment of secure IP is the need for business and
government users to connect their private WAN/ LAN infrastructure to the Internet for
providing access to Internet services and use of the Internet as a component of the WAN
transport system. As we all know, users need to isolate their networks and at the same time
send and receive traffic over the Internet. The authentication and privacy mechanisms of
secure IP provide the basis for a security strategy for us.
IPsec protects one or more paths between a pair of hosts, a pair of security gateways, or a
security gateway and a host. A security gateway is an intermediate device, such as a switch or
firewall that implements IPsec. Devices that use IPsec to protect a path between them are
called peers.

IPsec requires a PCI Accelerator Card (PAC) to provide hardware data compression and
encryption. A PAC is a hardware processing unit the switch’s CPU controls.

1
Body
IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF) standard
suite of protocols between two communication points across the IP network that provide data
authentication, integrity, and confidentiality. It also defines the encrypted, decrypted, and
authenticated packets. The protocols needed for secure key exchange and key management
are defined in it.
Uses of IP Security
IPsec can be used to do the following things:
 To encrypt application layer data.
 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data originates
from a known sender.
 To protect network data by setting up circuits using IPsec tunneling in which all data being
sent between the two endpoints is encrypted, as with a Virtual Private Network
(VPN) connection.
Components of IP Security
It has the following components:
1. Encapsulating Security Payload (ESP)
2. Authentication Header (AH)
3. Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data integrity, encryption,
authentication, and anti-replay. It also provides authentication for payload .
2. Authentication Header (AH): It also provides data integrity, authentication, and anti-
replay and it does not provide encryption. The anti-replay protection protects against
the unauthorized transmission of packets. It does not protect data confidentiality.

IP Header

4. Internet Key Exchange (IKE): It is a network security protocol designed to

dynamically exchange encryption keys and find a way over Security Association (SA)
between 2 devices. The Security Association (SA) establishes shared security
attributes between 2 network entities to support secure communication. The Key
Management Protocol (ISAKMP) and Internet Security Association provides a
framework for authentication and key exchange. ISAKMP tells how the setup of the
Security Associations (SAs) and how direct connections between two hosts are using
IPsec. Internet Key Exchange (IKE) provides message content protection and also an
open frame for implementing standard algorithms such as SHA and MD5. The
algorithm’s IP sec users produce a unique identifier for each packet. This identifier
then allows a device to determine whether a packet has been correct or not. Packets
that are not authorized are discarded and not given to the receiver.

2
 Packets in Internet Protocol

IP Security Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These
protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPsec
Architecture includes protocols, algorithms, DOI, and Key Management. All these
components are very important in order to provide the three main services:
 Confidentiality
 Authenticity
 Integrity

3
 IP Security Architecture

Working on IP Security
 The host checks if the packet should be transmitted using IPsec or not. This packet traffic
triggers the security policy for itself. This is done when the system sending the packet
applies appropriate encryption. The incoming packets are also checked by the host that
they are encrypted properly or not.
 Then IKE Phase 1 starts in which the 2 hosts (using IPsec) authenticate themselves to each
other to start a secure channel. It has 2 modes. The Main mode provides greater security
and the Aggressive mode which enables the host to establish an IPsec circuit more quickly.
 The channel created in the last step is then used to securely negotiate the way the IP circuit
will encrypt data across the IP circuit.
 Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts
negotiate the type of cryptographic algorithms to use on the session and agree on secret
keying material to be used with those algorithms.
 Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets
are encrypted and decrypted by the hosts using IPsec SAs.
 When the communication between the hosts is completed or the session times out then the
IPsec tunnel is terminated by discarding the keys by both hosts.
Features of IPSec
1. Authentication: IPSec provides authentication of IP packets using digital signatures or
shared secrets. This helps ensure that the packets are not tampered with or forged.
4
2. Confidentiality: IPSec provides confidentiality by encrypting IP packets, preventing
eavesdropping on the network traffic .
3. Integrity: IPSec provides integrity by ensuring that IP packets have not been
modified or corrupted during transmission.
4. Key management: IPSec provides key management services, including key exchange
and key revocation, to ensure that cryptographic keys are securely managed.
5. Tunneling: IPSec supports tunneling, allowing IP packets to be encapsulated
within another protocol, such as GRE (Generic Routing Encapsulation) or L2TP
(Layer 2 Tunneling Protocol).
6. Flexibility: IPSec can be configured to provide security for a wide range of
network topologies, including point-to-point, site-to-site, and remote access
connections.
7. Interoperability: IPSec is an open standard protocol, which means that it is
supported by a wide range of vendors and can be used in heterogeneous
environments.
Advantages of IPSec
1. Strong security: IPSec provides strong cryptographic security services that help
protect sensitive data and ensure network privacy and integrity.
2. Wide compatibility: IPSec is an open standard protocol that is widely supported
by vendors and can be used in heterogeneous environments.
3. Flexibility: IPSec can be configured to provide security for a wide range of
network topologies, including point-to-point, site-to-site, and remote access
connections.
4. Scalability: IPSec can be used to secure large-scale networks and can be scaled up
or down as needed.
5. Improved network performance: IPSec can help improve network performance
by reducing network congestion and improving network efficiency.
Disadvantages of IPSec
1. Configuration complexity: IPSec can be complex to configure and requires
specialized knowledge and skills.
2. Compatibility issues: IPSec can have compatibility issues with some network
devices and applications, which can lead to interoperability problems.
3. Performance impact: IPSec can impact network performance due to the overhead
of encryption and decryption of IP packets.
4. Key management: IPSec requires effective key management to ensure the security
of the cryptographic keys used for encryption and authentication.
5. Limited protection: IPSec only provides protection for IP traffic, and other
protocols such as ICMP, DNS, and routing protocols may still be vulnerable to
attacks.

5
Conclusion:
IPSec incorporates two protocols AH and ESP which gives security to IP packets. The
AH gives authentication and protects integrity. The ESP provides authentication,
integrity and replay protection. Authentication and Integrity can be utilized with or
without secrecy and the other way around. These protocols require certain parameters
with a specific end goal to set up every connection. The parameters are gathered in an
element called security association or SA. At the point when two hubs have built up
coordinating SAS, sent and receive packets can exploit the security administrations. In the
transport mode, the underlying IP header is utilized to convey the packets to the
endpoints. In the tunnel mode, the IP header provides the address of the router,
while the endpoint locations are encrypted along with the payload. The transport
method of operation, IPSec supports AH alone or ESP alone. The tunnel mode IPSec
also supports AH alone or ESP alone. Numerous IP stacks are implemented so that layer
(e.g. TCP) and executed in the OS, and anything above is implemented in a user space. It is
easier to deploy something on the off chance that you don't need to change the OS. It
requires the applications to interface to SSL rather than TCP, implementing security
inside the OS naturally causes all applications to be ensured without the application being
modified.