SlideShare a Scribd company logo

IPSec (Internet Protocol Security) - PART 1

S
Shobhit Sharma

What is IPSec? What is Internet Protocol Security? Presentation By Shobhit Sharma (ScriptKKiddie) Read More At : https://www.technical0812.com

Technology
1 of 18
Download to read offline
IPSec By Shobhit Sharma
What is IPSec? • IPSec – stands for IP Security – it is used for the security of general IP traffic. • The power of IPSec lies in its ability to – support multiple protocols and algorithms. • It also incorporates new advancements in – encryption and hashing protocols.
Objective of IPSec The main objective of IPSec is • to provide CIA – (confidentiality, integrity, and authentication) for virtual networks used in current networking environments.
Objective of IPSec • Confidentiality. – IPSec uses encryption protocols namely AES, DES, and 3DES for providing confidentiality. • Integrity. – IPSec uses hashing protocols (MD5 and SHA) for providing integrity. Hashed Message Authentication (HMAC) can also be used for checking the data integrity. • Authentication algorithms. – RSA digital signatures and pre-shared keys (PSK) are two methods used for authentication purposes.
Use of IPSec • To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender.
Use of IPSec • To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
Architecture of IPSec IPSec Policy AH Protocol ESP Protocol Authentication Algorithm Encryption Algorithm IPSec Domain of Interpretation Key Management
Architecture of IPSec • IP Security Architecture – covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology.
Architecture of IPSec : ESP Protocol • Encapsulation Security Payload – provide the confidentiality service. • Encapsulation Security Payload is implemented in either two ways: – ESP with optional Authentication. – ESP with Authentication.
Architecture of IPSec : ESP Protocol • Packet Format Encrypted Format Security Parameter Index (SPI) Sequence Number Payload Data Padding Padding Length Next Header Authentication Data (Optional)
Architecture of IPSec : ESP Protocol • Packet Format – SPI • used to give an unique number to the connection build between Client and Server. – Sequence Number • alloted to every packet so that at the receiver side packets can be arranged properly. – Payload Data • the actual data or the message. It is in encrypted format to achieve confidentiality.
Architecture of IPSec : ESP Protocol • Packet Format – Padding • extra bits or space added to the original message in order to ensure confidentiality. • it’s length is the size of added bits or space in the original message. – Next Header • it means the next payload or actual data. – Authentication Data • optional field in ESP protocol packet format.
Architecture of IPSec • Encryption Algorithm – document that describes various encryption algorithm used for Encapsulation Security Payload.
Architecture of IPSec : AH Protocol • Authentication Header – provides both Authentication and Integrity service. • Authentication Header is implemented in one way only: – Authentication along with Integrity.
Architecture of IPSec : AH Protocol • Packet Format Security Parameter Index (SPI) Sequence Number Reserved Payload Length Next Header Authentication Data (Integrity Checksum)
Architecture of IPSec • Authentication Algorithm – contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP.
Architecture of IPSec • Domain of Interpretation – the identifier which support both AH and ESP protocols. – It contains values needed for documentation related to each other.
Architecture of IPSec • Key Management – contains the document that describes how the keys are exchanged between sender and receiver.

Recommended

Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution MethodsGulcin Yildirim Jelinek
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 

Recommended

Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution MethodsGulcin Yildirim Jelinek
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
ip security
ip securityip security
ip securityChirag Patel
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Rc4
Rc4Rc4
Rc4Amjad Rehman
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptographyRoshan Chaudhary
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsFaisal Shahzad Khan
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIMESou Jana
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptxMamoonKhan40
 

More Related Content

What's hot

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsFaisal Shahzad Khan
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIMESou Jana
 

What's hot (20)

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
ip security
ip securityip security
ip security
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
IP Security
IP SecurityIP Security
IP Security
 
Rc4
Rc4Rc4
Rc4
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption Standards
 
Cryptography
CryptographyCryptography
Cryptography
 
Email security
Email securityEmail security
Email security
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Ip security
Ip security Ip security
Ip security
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
 

Similar to IPSec (Internet Protocol Security) - PART 1

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.pptDEEPAK948083
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 

Similar to IPSec (Internet Protocol Security) - PART 1 (20)

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Unit 6
Unit 6Unit 6
Unit 6
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.ppt
 
IP Security
IP SecurityIP Security
IP Security
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Ip security
Ip securityIp security
Ip security
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .ppt
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
 
IP Security
IP SecurityIP Security
IP Security
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

IPSec (Internet Protocol Security) - PART 1

  • 2. What is IPSec? • IPSec – stands for IP Security – it is used for the security of general IP traffic. • The power of IPSec lies in its ability to – support multiple protocols and algorithms. • It also incorporates new advancements in – encryption and hashing protocols.
  • 3. Objective of IPSec The main objective of IPSec is • to provide CIA – (confidentiality, integrity, and authentication) for virtual networks used in current networking environments.
  • 4. Objective of IPSec • Confidentiality. – IPSec uses encryption protocols namely AES, DES, and 3DES for providing confidentiality. • Integrity. – IPSec uses hashing protocols (MD5 and SHA) for providing integrity. Hashed Message Authentication (HMAC) can also be used for checking the data integrity. • Authentication algorithms. – RSA digital signatures and pre-shared keys (PSK) are two methods used for authentication purposes.
  • 5. Use of IPSec • To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender.
  • 6. Use of IPSec • To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
  • 7. Architecture of IPSec IPSec Policy AH Protocol ESP Protocol Authentication Algorithm Encryption Algorithm IPSec Domain of Interpretation Key Management
  • 8. Architecture of IPSec • IP Security Architecture – covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology.
  • 9. Architecture of IPSec : ESP Protocol • Encapsulation Security Payload – provide the confidentiality service. • Encapsulation Security Payload is implemented in either two ways: – ESP with optional Authentication. – ESP with Authentication.
  • 10. Architecture of IPSec : ESP Protocol • Packet Format Encrypted Format Security Parameter Index (SPI) Sequence Number Payload Data Padding Padding Length Next Header Authentication Data (Optional)
  • 11. Architecture of IPSec : ESP Protocol • Packet Format – SPI • used to give an unique number to the connection build between Client and Server. – Sequence Number • alloted to every packet so that at the receiver side packets can be arranged properly. – Payload Data • the actual data or the message. It is in encrypted format to achieve confidentiality.
  • 12. Architecture of IPSec : ESP Protocol • Packet Format – Padding • extra bits or space added to the original message in order to ensure confidentiality. • it’s length is the size of added bits or space in the original message. – Next Header • it means the next payload or actual data. – Authentication Data • optional field in ESP protocol packet format.
  • 13. Architecture of IPSec • Encryption Algorithm – document that describes various encryption algorithm used for Encapsulation Security Payload.
  • 14. Architecture of IPSec : AH Protocol • Authentication Header – provides both Authentication and Integrity service. • Authentication Header is implemented in one way only: – Authentication along with Integrity.
  • 15. Architecture of IPSec : AH Protocol • Packet Format Security Parameter Index (SPI) Sequence Number Reserved Payload Length Next Header Authentication Data (Integrity Checksum)
  • 16. Architecture of IPSec • Authentication Algorithm – contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP.
  • 17. Architecture of IPSec • Domain of Interpretation – the identifier which support both AH and ESP protocols. – It contains values needed for documentation related to each other.
  • 18. Architecture of IPSec • Key Management – contains the document that describes how the keys are exchanged between sender and receiver.