2. What is IPSec?
• IPSec
– stands for IP Security
– it is used for the security of general IP traffic.
• The power of IPSec lies in its ability to
– support multiple protocols and algorithms.
• It also incorporates new advancements in
– encryption and hashing protocols.
3. Objective of IPSec
The main objective of IPSec is
• to provide CIA
– (confidentiality, integrity, and authentication) for
virtual networks used in current networking
environments.
4. Objective of IPSec
• Confidentiality.
– IPSec uses encryption protocols namely AES, DES, and
3DES for providing confidentiality.
• Integrity.
– IPSec uses hashing protocols (MD5 and SHA) for providing
integrity. Hashed Message Authentication (HMAC) can
also be used for checking the data integrity.
• Authentication algorithms.
– RSA digital signatures and pre-shared keys (PSK) are two
methods used for authentication purposes.
5. Use of IPSec
• To encrypt application layer data.
• To provide security for routers sending
routing data across the public internet.
• To provide authentication without
encryption, like to authenticate that the
data originates from a known sender.
6. Use of IPSec
• To protect network data by setting up
circuits using IPsec tunneling in which
all data is being sent between the two
endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
7. Architecture of IPSec
IPSec
Policy
AH Protocol ESP Protocol
Authentication
Algorithm
Encryption
Algorithm
IPSec Domain of
Interpretation
Key Management
8. Architecture of IPSec
• IP Security Architecture
– covers the general concepts, definitions,
protocols, algorithms and security
requirements of IP Security technology.
9. Architecture of IPSec : ESP
Protocol
• Encapsulation Security Payload
– provide the confidentiality service.
• Encapsulation Security Payload is
implemented in either two ways:
– ESP with optional Authentication.
– ESP with Authentication.
10. Architecture of IPSec : ESP
Protocol
• Packet Format
Encrypted
Format
Security Parameter Index (SPI)
Sequence Number
Payload Data
Padding
Padding
Length
Next
Header
Authentication Data (Optional)
11. Architecture of IPSec : ESP
Protocol
• Packet Format
– SPI
• used to give an unique number to the connection
build between Client and Server.
– Sequence Number
• alloted to every packet so that at the receiver side
packets can be arranged properly.
– Payload Data
• the actual data or the message. It is in encrypted
format to achieve confidentiality.
12. Architecture of IPSec : ESP
Protocol
• Packet Format
– Padding
• extra bits or space added to the original message
in order to ensure confidentiality.
• it’s length is the size of added bits or space in the
original message.
– Next Header
• it means the next payload or actual data.
– Authentication Data
• optional field in ESP protocol packet format.
13. Architecture of IPSec
• Encryption Algorithm
– document that describes various encryption
algorithm used for Encapsulation Security
Payload.
14. Architecture of IPSec : AH
Protocol
• Authentication Header
– provides both Authentication and Integrity
service.
• Authentication Header is implemented in
one way only:
– Authentication along with Integrity.
15. Architecture of IPSec : AH
Protocol
• Packet Format
Security Parameter Index (SPI)
Sequence Number
Reserved
Payload
Length
Next
Header
Authentication Data (Integrity Checksum)
16. Architecture of IPSec
• Authentication Algorithm
– contains the set of the documents that
describe authentication algorithm used for
AH and for the authentication option of ESP.
17. Architecture of IPSec
• Domain of Interpretation
– the identifier which support both AH and ESP
protocols.
– It contains values needed for documentation
related to each other.
18. Architecture of IPSec
• Key Management
– contains the document that describes how
the keys are exchanged between sender and
receiver.