IPSec
Rahul sai-411558
Computer science and engineering
cryptography and network security
INTRODUCTION
COMPONENTS OF IPSEC
IPSEC MODES
SECURITY ASSOCIATIONS OF IPSEC
AUTHENTICATION HEADER
ENCAPSULATING SECURITY PAYLOAD
PROS AND CONS
IP protocol was designed in the late 70s and early 80s
Part of DARPA( Defence Advanced Research Projects
Agency) internet project.
Very small network, all hosts are known so security was not an issue.
Security Flaws in IP?
No data integrity and authentication
No encryption to protect payload and replay attacks are possible
It protects IP and upper layer protocols (TCP,UDP)
Can be transparent to end users
Can provide security for end users
It is used to provide integrity, confidentiality and
authentication of packets
Mandatory in IPv6, optional in IPv4
An authentication protocol:Authentication header (AH) RFC
2402
A combination of encryption and authentication
protocol:Encapsulating Security Payload(ESP)
Key Management and Exchange Protocols
(ISAKMP/OAKLEY )
It operates in two modes transport mode and tunnel mode
Transport mode
End-to-end, host-to-gateway communication
Is used mainly between end-stations
Tunnel mode
gateway-to-gateway or host to gateway
It is most commonly used between gateway-to-
gateway.
Transport :All fields of IP header will not be used in authentication
Tunnel : Entire original IP packet can be encrypted and authenticated
Security Parameter Index (SPI)
Used to select the protocols at sender and receiver end.
IP destination address
Sequence numbers
These are stored in SAD(Security Association Database)
Protocols used for security associations are Authentication
Header and Encapsulating security payload(Encapsulating)
It can be used in either tunnel or transport mode
Provide data authentication and integrity using MAC
Protect against reply attacks using sequence number
NO protection for confidentiality
Keyed Message authentication code(MAC) is
calculated over
IP header except mutable fields like TTL, checksum
etc.
IPSec header except ICV field
Provides data integrity and authentication
In addition provides data confidentiality
Uses symmentric key encryption
Pros
Provides secure channel
Provides cost effective channels compared to
private dedicated lines
Cons
Symmetric key is used which can be
compromised