IPSec
By Shobhit Sharma
What is IPSec?
• IPSec
– stands for IP Security
– it is used for the security of general IP traffic.
• The power of IPSec lies in its ability to
– support multiple protocols and algorithms.
• It also incorporates new advancements in
– encryption and hashing protocols.
Objective of IPSec
The main objective of IPSec is
• to provide CIA
– (confidentiality, integrity, and authentication) for
virtual networks used in current networking
environments.
Objective of IPSec
• Confidentiality.
– IPSec uses encryption protocols namely AES, DES, and
3DES for providing confidentiality.
• Integrity.
– IPSec uses hashing protocols (MD5 and SHA) for providing
integrity. Hashed Message Authentication (HMAC) can
also be used for checking the data integrity.
• Authentication algorithms.
– RSA digital signatures and pre-shared keys (PSK) are two
methods used for authentication purposes.
Use of IPSec
• To encrypt application layer data.
• To provide security for routers sending
routing data across the public internet.
• To provide authentication without
encryption, like to authenticate that the
data originates from a known sender.
Use of IPSec
• To protect network data by setting up
circuits using IPsec tunneling in which
all data is being sent between the two
endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
Architecture of IPSec
IPSec
Policy
AH Protocol ESP Protocol
Authentication
Algorithm
Encryption
Algorithm
IPSec Domain of
Interpretation
Key Management
Architecture of IPSec
• IP Security Architecture
– covers the general concepts, definitions,
protocols, algorithms and security
requirements of IP Security technology.
Architecture of IPSec : ESP
Protocol
• Encapsulation Security Payload
– provide the confidentiality service.
• Encapsulation Security Payload is
implemented in either two ways:
– ESP with optional Authentication.
– ESP with Authentication.
Architecture of IPSec : ESP
Protocol
• Packet Format
Encrypted
Format
Security Parameter Index (SPI)
Sequence Number
Payload Data
Padding
Padding
Length
Next
Header
Authentication Data (Optional)
Architecture of IPSec : ESP
Protocol
• Packet Format
– SPI
• used to give an unique number to the connection
build between Client and Server.
– Sequence Number
• alloted to every packet so that at the receiver side
packets can be arranged properly.
– Payload Data
• the actual data or the message. It is in encrypted
format to achieve confidentiality.
Architecture of IPSec : ESP
Protocol
• Packet Format
– Padding
• extra bits or space added to the original message
in order to ensure confidentiality.
• it’s length is the size of added bits or space in the
original message.
– Next Header
• it means the next payload or actual data.
– Authentication Data
• optional field in ESP protocol packet format.
Architecture of IPSec
• Encryption Algorithm
– document that describes various encryption
algorithm used for Encapsulation Security
Payload.
Architecture of IPSec : AH
Protocol
• Authentication Header
– provides both Authentication and Integrity
service.
• Authentication Header is implemented in
one way only:
– Authentication along with Integrity.
Architecture of IPSec : AH
Protocol
• Packet Format
Security Parameter Index (SPI)
Sequence Number
Reserved
Payload
Length
Next
Header
Authentication Data (Integrity Checksum)
Architecture of IPSec
• Authentication Algorithm
– contains the set of the documents that
describe authentication algorithm used for
AH and for the authentication option of ESP.
Architecture of IPSec
• Domain of Interpretation
– the identifier which support both AH and ESP
protocols.
– It contains values needed for documentation
related to each other.
Architecture of IPSec
• Key Management
– contains the document that describes how
the keys are exchanged between sender and
receiver.

IPSec (Internet Protocol Security) - PART 1

  • 1.
  • 2.
    What is IPSec? •IPSec – stands for IP Security – it is used for the security of general IP traffic. • The power of IPSec lies in its ability to – support multiple protocols and algorithms. • It also incorporates new advancements in – encryption and hashing protocols.
  • 3.
    Objective of IPSec Themain objective of IPSec is • to provide CIA – (confidentiality, integrity, and authentication) for virtual networks used in current networking environments.
  • 4.
    Objective of IPSec •Confidentiality. – IPSec uses encryption protocols namely AES, DES, and 3DES for providing confidentiality. • Integrity. – IPSec uses hashing protocols (MD5 and SHA) for providing integrity. Hashed Message Authentication (HMAC) can also be used for checking the data integrity. • Authentication algorithms. – RSA digital signatures and pre-shared keys (PSK) are two methods used for authentication purposes.
  • 5.
    Use of IPSec •To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender.
  • 6.
    Use of IPSec •To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
  • 7.
    Architecture of IPSec IPSec Policy AHProtocol ESP Protocol Authentication Algorithm Encryption Algorithm IPSec Domain of Interpretation Key Management
  • 8.
    Architecture of IPSec •IP Security Architecture – covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology.
  • 9.
    Architecture of IPSec: ESP Protocol • Encapsulation Security Payload – provide the confidentiality service. • Encapsulation Security Payload is implemented in either two ways: – ESP with optional Authentication. – ESP with Authentication.
  • 10.
    Architecture of IPSec: ESP Protocol • Packet Format Encrypted Format Security Parameter Index (SPI) Sequence Number Payload Data Padding Padding Length Next Header Authentication Data (Optional)
  • 11.
    Architecture of IPSec: ESP Protocol • Packet Format – SPI • used to give an unique number to the connection build between Client and Server. – Sequence Number • alloted to every packet so that at the receiver side packets can be arranged properly. – Payload Data • the actual data or the message. It is in encrypted format to achieve confidentiality.
  • 12.
    Architecture of IPSec: ESP Protocol • Packet Format – Padding • extra bits or space added to the original message in order to ensure confidentiality. • it’s length is the size of added bits or space in the original message. – Next Header • it means the next payload or actual data. – Authentication Data • optional field in ESP protocol packet format.
  • 13.
    Architecture of IPSec •Encryption Algorithm – document that describes various encryption algorithm used for Encapsulation Security Payload.
  • 14.
    Architecture of IPSec: AH Protocol • Authentication Header – provides both Authentication and Integrity service. • Authentication Header is implemented in one way only: – Authentication along with Integrity.
  • 15.
    Architecture of IPSec: AH Protocol • Packet Format Security Parameter Index (SPI) Sequence Number Reserved Payload Length Next Header Authentication Data (Integrity Checksum)
  • 16.
    Architecture of IPSec •Authentication Algorithm – contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP.
  • 17.
    Architecture of IPSec •Domain of Interpretation – the identifier which support both AH and ESP protocols. – It contains values needed for documentation related to each other.
  • 18.
    Architecture of IPSec •Key Management – contains the document that describes how the keys are exchanged between sender and receiver.