IPSec is a protocol suite that provides security for IP communications by authenticating and encrypting each IP packet. It was created because the original IP protocol lacked security features to prevent spoofing, replay attacks, and ensure confidentiality. IPSec includes protocols like AH, ESP and IKE to provide authentication, integrity, confidentiality, and secure key establishment between network devices. It operates in either transport or tunnel mode and can be configured using IPSec policies to determine when and how to apply security to network traffic.

1. IPSEC
Crypto Group presents:

2.  Definition
Why IPSec?
 Goals of IPSec
Introduction

3.  Definition
Internet Protocol Security (IPSec)
is a Protocol suite for secure
Internet Protocol (IP) communications
by authenticating and encrypting
each IP packet of communication
session.

4. IP is not secure..!
IP Protocol was designed in the late
70’s to early 80’s.
 Part of DARPA Internet Project
 Very Small Network
 All hosts are known
 So are the users
 Therefore security was not an issue
Why IPsec … ?

5.  Security Issues in IP
 Fundamental Issue
Networks are not fully Secure (and
never will be)
 DOS Attacks, Replay Attacks and Spying
etc.
 IP causes
 Source Spoofing
 Replay Packets
 No data Integrity or Confidentiality
Why IPsec … ? (Cont..)

6.  Authentication
 To verify sources of IP packets
 To prevent Replaying of Old Packets
 To protect Integrity and/or
Confidentiality of Packets
 Data Integrity/ Data Encryption
Goals of IPsec

7.  Wei Xu started in July 1994 the research on IP
Security, enhanced the IP protocols, developed
the IPSec product.
 The assembly software encryption was unable to
support even aT1 (1.544MBps) speed.
 Wei further developed an automated device
driver, known as plug-and-play.
 After achieving the throughput higher than a
T1s, in December 1994, he finally made the
commercial product, that was released as
Gauntlet firewalll
History of IPsec

8. History (cont..)
 In December 1993, Another IP Encapsulating
Security Payload (ESP) was researched at the
Naval Research Laboratory as DARPA project
 ESP was derived from the US Department of
Defense SP3D protocol.
 The SecurityAuthentication Header (AH) is
derived from previous IETF standard.
 In 1995,The IPsec working group in the IETF
was started to create Protocols.
 IETF : Internet EngineeringTask Force

9. 9
Secure
Insecure
IPsec Security Model

10. Router Router
Transport Mode
Tunnel Mode
IPsec Architecture

11.  Transport Mode
Transport Mode is used between end-stations
supporting IPSec or between an end-station and
a gateway, if the gateway is being treated as
a host
 Tunnel Mode
Tunnel mode is used to encrypt traffic between
secure IPSec gateways and it is also used to
connect an end-station running IPSec Software.
Modes of IPsec

12. Modes of IPsec (Diagram)

13. IP header
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Original
Transport
mode
Tunnel
mode
Modes of IPsec (Diagram cont..)

14. PROTOCOLS

15. IPSec is broken into multiple protocols.
These are:
 Authentication Header (AH)
 Encapsulated Security Payload (ESP)
 Internet Key Exchange (IKE)
 IP Payload Compression
Protocols

16. Authentication header is defined as:
Authentication Header (AH)

17.  Provides source authentication
 Protects against source spoofing
 Provides data integrity
 Protects against replay attacks
 Use monotonically increasing sequence
numbers
 Protects against denial of service
attacks
 NO protection for confidentiality!
Authentication Header (Cont..)

18. The following AH packet diagram shows how an
AH packet is constructed and interpreted.
Authentication Header (Cont..)

19.  User and application transparent
 Authentication
 Integrity checking
 Anti-replay
 Protects entire packet
Advantages of Authentication Header

20.  No confidentiality
 Unable to use NATs or proxies
 Only works with TCP/IP
Disadvantages of Authentication Header

21. ESP is a member of the IPsec protocol suite. In
IPsec it provides origin authenticity, integrity
and confidentiality protection of packets.
Encapsulating Security Payload (ESP)

22. The following ESP packet diagram show how an
ESP packet is constructed and interpreted.
ESP (Cont..)

23.  Does not protect entire packet
 May not work with NATs or proxies
 Only works with TCP/IP
Disadvantages of ESP

24.  User and application
 transparent
 Authentication
 Integrity checking
 Confidentiality
 Anti-replay
Advantages of ESP

25.  Used for compression
 Can be specified as part of the
IPSec policy
 Will not cover!
IP Payload Compression

26. Internet Key Exchange(IKE)
 The internet key exchange is a protocol to set
up a security association in the IPsec
protocol.
 Before secured data can be exchanged, a
security agreement is established between
two computers. In this security
agreement(SA) both peers agree on how to
exchange and protect information.

27. IKE Modes

28. The IKE (Internet Key Exchange) of
IPsec is of two phases:
1) IKE phase 1
2) IKE phase 2
IPSec Phases

29. IKE Phase 1 Diagram

30. IKE phase 2 does the following things:
 Negotiates IPsec SA parameters
protected by an existing IKE SA.
 Establishes Ipsec security
associations.
 Periodically negotiates IPsec SAs to
ensure security.
IKE Phase 2

31. IKE Phase 2 Diagram

32. Benefits of IKE
 Automatic negotiation.
 Authentication.
 Anti replay services.
 Certification authority.

33.  Authentication
 Integrity
 Confidentiality
IPSec Features

34.  IPsec policy is a set of rules that governs
when and how Windows uses IPsec protocol to
secure the communications.
 The IPsec policy interacts directly with the
Ipsec driver.
 IPsec consists of some basic elements which
includes:
 IP filter list
 Individual IP filters
 Filter actions
A brief description is as follows:
IPSec Policy

35.  IP filter list contains the IP packets
on which the action was applied.
 Individual IP filters tells windows
that on which IP packets actions should
be performed.
 Filter action is to secure the IP
packets.
IPSec Policy (Cont..)

36. The IPsec policy also requires some
info about the network which includes:
 Security method to use
 Connection type
 Tunnel settings
IPSec Policy (Cont..)

37.  Security methods – which security
algorithms to use for authentication and
key exchanges.
 Connection type – policy applied to
remote access connections, LANs or all
network connections.
 Tunnel settings – IPsec use over a
virtual private network.
IPSec Policy (Cont..)

38.  IPsec policies can be created or
edited.
 In windows, 3 default policies are
stored which are:
 Client policy
 Server policy
 Secure server policy
IPSec Policy (Cont..)

39.  IPsec policy to block PING traffic.
 IPsec policy configuration through
GPO.
IPSec Policy Examples

40. References:
 https://en.wikipedia.org/wiki/IPsec
 http://www.webopedia.com/TERM/I/IPsec.ht
ml
 http://www.unixwiz.net/techtips/iguide-
ipsec.html