Download as PDF, PPTX
More Related Content
Similar to IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
- 1.
- 2. What is IPSec? •IPSec – stands for IP Security – it is used for the security of general IP traffic. • The power of IPSec lies in its ability to – support multiple protocols and algorithms. • It also incorporates new advancements in – encryption and hashing protocols.
- 3. Objective of IPSec Themain objective of IPSec is • to provide CIA – (confidentiality, integrity, and authentication) for virtual networks used in current networking environments.
- 4. Objective of IPSec •Confidentiality. – IPSec uses encryption protocols namely AES, DES, and 3DES for providing confidentiality. • Integrity. – IPSec uses hashing protocols (MD5 and SHA) for providing integrity. Hashed Message Authentication (HMAC) can also be used for checking the data integrity. • Authentication algorithms. – RSA digital signatures and pre-shared keys (PSK) are two methods used for authentication purposes.
- 5. Use of IPSec •To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender.
- 6. Use of IPSec •To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
- 7. Architecture of IPSec IPSec Policy AHProtocol ESP Protocol Authentication Algorithm Encryption Algorithm IPSec Domain of Interpretation Key Management
- 8. Architecture of IPSec •IP Security Architecture – covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology.
- 9. Architecture of IPSec: ESP Protocol • Encapsulation Security Payload – provide the confidentiality service. • Encapsulation Security Payload is implemented in either two ways: – ESP with optional Authentication. – ESP with Authentication.
- 10. Architecture of IPSec: ESP Protocol • Packet Format Encrypted Format Security Parameter Index (SPI) Sequence Number Payload Data Padding Padding Length Next Header Authentication Data (Optional)
- 11. Architecture of IPSec: ESP Protocol • Packet Format – SPI • used to give an unique number to the connection build between Client and Server. – Sequence Number • alloted to every packet so that at the receiver side packets can be arranged properly. – Payload Data • the actual data or the message. It is in encrypted format to achieve confidentiality.
- 12. Architecture of IPSec: ESP Protocol • Packet Format – Padding • extra bits or space added to the original message in order to ensure confidentiality. • it’s length is the size of added bits or space in the original message. – Next Header • it means the next payload or actual data. – Authentication Data • optional field in ESP protocol packet format.
- 13. Architecture of IPSec •Encryption Algorithm – document that describes various encryption algorithm used for Encapsulation Security Payload.
- 14. Architecture of IPSec: AH Protocol • Authentication Header – provides both Authentication and Integrity service. • Authentication Header is implemented in one way only: – Authentication along with Integrity.
- 15. Architecture of IPSec: AH Protocol • Packet Format Security Parameter Index (SPI) Sequence Number Reserved Payload Length Next Header Authentication Data (Integrity Checksum)
- 16. Architecture of IPSec •Authentication Algorithm – contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP.
- 17. Architecture of IPSec •Domain of Interpretation – the identifier which support both AH and ESP protocols. – It contains values needed for documentation related to each other.
- 18. Architecture of IPSec •Key Management – contains the document that describes how the keys are exchanged between sender and receiver.