A Technical Comparison of IPSec            and SSL   Computer and Network Security Course               IUG of Gaza       ...
Islamic University of Gaza         Faculty of Engineering         Computer DepartmentECOM 6321 :Computer and Network Secur...
AbdelNasir AlshamsiTakamichi Saito            Tokyo University of Technology
Agenda Abstract Introduction IPSec SSL (Secure Socket Layer) Comparison of IPSec and SSL Conclusion Questions Refe...
AbstractIPSec ( IP Security ) and SSL (Secure Socket  Layer) have been the most robust and most  potential tools available...
Introduction Securing data over the network is hard and complicated  issue while the threat of data modification and data...
Introduction Using both strong authentication and encryption  algorithm protects the data but it will decrease the  trans...
IPSec IPSec :is an IP layer protocol that enables the sending and receiving of cryptographically protected packets of any...
IPSec ESP header  includes the necessary information for decrypting and authenticating the data where AH header  include...
IPSecEstablishing IPSec connection requires two phases :   Phase 1 :          has two modes Main Mode and Aggressive Mod...
SSL (Secure Socket Layer) SSL : is an Application layer protocol. SSL is mostly utilized to protect HTTP transactions , ...
SSL (Secure Socket Layer) SSL is composed of the following protocols     Handshake protocol.     Change Cipher Spec pro...
SSL (Secure Socket Layer) Handshake protocol is used to perform authentication and key exchanges. Change Cipher Spec pro...
Comparison of IPSec and SSL1.   Authentication Algorithm     IPSec supports the use of Digital Signature and     the use ...
Comparison of IPSec and SSL2.   Authentication Method    IPSec supports one type of authentication     method, as Mutual ...
Comparison of IPSec and SSL3.   MAC (Message Authentication Code) is used for Authentication the exchanged  messages afte...
Comparison of IPSec and SSL4.    Connection Mode IPSec has two connection modes      Tunnel Mode        This is establi...
Comparison of IPSec and SSL5.    Cipher List Proposal Because IPSec is a two phase protocol, it has a     unique function...
Comparison of IPSec and SSL6.    Interoperability IPSec doesnt integrate well with other IPSec     vendors. Some cases r...
Comparison of IPSec and SSL7.    Overhead Size One disadvantage of IPSec is the extra size     added to the original pack...
Comparison of IPSec and SSL8.    Residing Layer  IPSec resides in the IP layer which allows it to workwith the above laye...
Comparison of IPSec and SSL9.   Time of Handshake Process
Comparison of IPSec and SSL10. Perfect Forward Secrecy   Both IPSec and SSL use PFS (Perfect Forward    Secrecy) in their...
Comparison of IPSec and SSL11. Order of Cryptographic Operations   IPSec encrypts the data first then creates MAC    for ...
Comparison of IPSec and SSL11. Order of Cryptographic Operations   SSL is the opposite it creates the MAC for the    plai...
ConclusionFunction                IPSec   SSLConfiguration           Hard    EasyClient Authentication   Must    OptionPre...
Questions
References1. Sheila Frankel" Demystifying the IPSec Puzzle",   Artec House Publisher,2001.2. Eric Rescorla "S SL and TLS D...
Thank you!     Thank you for your         attention!
Upcoming SlideShare
Loading in …5
×

A technical comparison of ip sec and ssl 2005

538 views
390 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
538
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A technical comparison of ip sec and ssl 2005

  1. 1. A Technical Comparison of IPSec and SSL Computer and Network Security Course IUG of Gaza March 26th, 2013
  2. 2. Islamic University of Gaza Faculty of Engineering Computer DepartmentECOM 6321 :Computer and Network Security Prepared by: Eng.Nadeer Ataya A. Abu Jrair Supervisor: Prof. Mohammad A. Mikki
  3. 3. AbdelNasir AlshamsiTakamichi Saito Tokyo University of Technology
  4. 4. Agenda Abstract Introduction IPSec SSL (Secure Socket Layer) Comparison of IPSec and SSL Conclusion Questions References
  5. 5. AbstractIPSec ( IP Security ) and SSL (Secure Socket Layer) have been the most robust and most potential tools available for securing communications over the Internet .Both IPSec and SSL have advantages and shortcomingsYet no paper has been found comparing the two protocols in terms of characteristic and functionality .Our objective is to present an analysis of security
  6. 6. Introduction Securing data over the network is hard and complicated issue while the threat of data modification and data interruption is rising . The goal of network security is to provide confidentiality integrity and authenticity . confidentiality is keeping the data secret from the unintended listeners on the network . Integrity is ensuring that the received data is the data was actually sent. Authenticity is proving the identity of the endpoint to ensure that the endpoint is the intended entity to communicate with.
  7. 7. Introduction Using both strong authentication and encryption algorithm protects the data but it will decrease the transmission rate and could induce CPU consumption. With the recent development of the security tools so many protocols and powerful tools have been proposed but the most famous secure and widely deployed are IPSec IP Security and SSL Secure Socket Layer. In this paper we will provide a technical comparison of IPSec and SSL the similarities and the differences of the cryptographic properties
  8. 8. IPSec IPSec :is an IP layer protocol that enables the sending and receiving of cryptographically protected packets of any kind ( TCP, UDP, ICMP , etc )without any modification. IPSec provides two kinds of cryptographic services Based on necessity IPSec can provide confidentiality and authenticity or it can provide authenticity only ESP (Encapsulated Security Payload) . AH (Authentication Header) .
  9. 9. IPSec ESP header includes the necessary information for decrypting and authenticating the data where AH header includes the necessary information required for authenticating the protected data.
  10. 10. IPSecEstablishing IPSec connection requires two phases :  Phase 1 :  has two modes Main Mode and Aggressive Mode.  The differences between these two modes are the number of messages exchanged and the ID protection.  Psk (Phase-shift keying).  Phase 2 :  has one mode Quick Mod.
  11. 11. SSL (Secure Socket Layer) SSL : is an Application layer protocol. SSL is mostly utilized to protect HTTP transactions , and has been used for other purposes like IMAP and POP ,etc .  Internet message Access Protocol (IMAP), Post Office Protocol (POP). SSL is compatible with applications running only over TCP, but some modifications are required for the applications to run over SSL.
  12. 12. SSL (Secure Socket Layer) SSL is composed of the following protocols  Handshake protocol.  Change Cipher Spec protocol.  Alert protocol.  Application Data protocol.
  13. 13. SSL (Secure Socket Layer) Handshake protocol is used to perform authentication and key exchanges. Change Cipher Spec protocol is used to indicate that the chosen keys will now be used. Alert protocol is used for signaling errors and session closure. Application Data protocol transmits and receives encrypted data.
  14. 14. Comparison of IPSec and SSL1. Authentication Algorithm IPSec supports the use of Digital Signature and the use of a Secret Key Algorithm . SSL supports only the use of Digital Signature. The use of a random 2048 bit Secret Key is considered as strong as any other authentication methods
  15. 15. Comparison of IPSec and SSL2. Authentication Method IPSec supports one type of authentication method, as Mutual Authentication . SSL supports a various types of authentication , as Server Authentication , Client Authentication.
  16. 16. Comparison of IPSec and SSL3. MAC (Message Authentication Code) is used for Authentication the exchanged messages after the connection is established . The strength of the Hash Algorithm is based on the length of the output . Hash Length of SSL is Longer than IPSec.
  17. 17. Comparison of IPSec and SSL4. Connection Mode IPSec has two connection modes  Tunnel Mode  This is established between Gateway to Gateway Gateway to Host and Host to Host.  it requires adding a new IP header to the original packet.  Transport Mode  Transport Mode is Host to Host connection.  The data between the two entities are encrypted. SSL is one connection per one session type.
  18. 18. Comparison of IPSec and SSL5. Cipher List Proposal Because IPSec is a two phase protocol, it has a unique function called bi-directional . SSL is a one direction protocol.
  19. 19. Comparison of IPSec and SSL6. Interoperability IPSec doesnt integrate well with other IPSec vendors. Some cases require some modification. SSL is trouble free and well integrated.
  20. 20. Comparison of IPSec and SSL7. Overhead Size One disadvantage of IPSec is the extra size added to the original packet. SSL needs less overhead than IPSec .
  21. 21. Comparison of IPSec and SSL8. Residing Layer IPSec resides in the IP layer which allows it to workwith the above layers smoothly. SSL resides in the Application layer and that is a problem for some application to work with SSL.
  22. 22. Comparison of IPSec and SSL9. Time of Handshake Process
  23. 23. Comparison of IPSec and SSL10. Perfect Forward Secrecy Both IPSec and SSL use PFS (Perfect Forward Secrecy) in their resumption session. In the case of IPSec , the main goal for Phase 1 beside authentication is producing the encryption key required to safe guard Phase 2 exchange. In the case of SSL, PFS is implemented in the same manner as with IPSec when Ephemeral Diffie- Hellman is negotiated. The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.
  24. 24. Comparison of IPSec and SSL11. Order of Cryptographic Operations IPSec encrypts the data first then creates MAC for the encrypted data . If a modified data were inserted in the middle of transaction IPSec would verify the MAC before performing any decryption process.
  25. 25. Comparison of IPSec and SSL11. Order of Cryptographic Operations SSL is the opposite it creates the MAC for the plaintext first then encrypts the data. SSL on the other hand, is obligated to decrypt it first then verifies the MAC which could result in wasting CPU over decrypting modified packets.
  26. 26. ConclusionFunction IPSec SSLConfiguration Hard EasyClient Authentication Must OptionPre-Shared Key Yes NoInteroperability Yes NoProblemTCP Application All SomeSupportUDP support Yes NoThroughput Rate High HighCompression Support Yes OpenSSL onlyHandshake Time Slow Fast
  27. 27. Questions
  28. 28. References1. Sheila Frankel" Demystifying the IPSec Puzzle", Artec House Publisher,2001.2. Eric Rescorla "S SL and TLS Designing and Building Secure Systems" , Addison-Wesley , 3Rd Printing, Aug ,20013. www.freeswan.com4. www.stunnel.org
  29. 29. Thank you! Thank you for your attention!

×