0
8.9kviews
Write short note of IPsec protocols for security
1 Answer
1
229views
  • One of the weaknesses of the original Internet Protocol was that it lacked any sort of general purpose mechanism for ensuring the authenticity and privacy of data as it is passed over a network.
  • A set of protocols named Internet Protocols for Security (IPsec) were developed to provide security enhancements for internet critical applications.

There are two security modes for use depending on network need:

  • Transport mode:
    • Transport mode provides protection primarily for upper-layer protocols.
    • It is used to encrypt and optionally authenticate the data carried by IP.
    • Typically, transport mode is used for end-to-end communication between two hosts
  • Tunnel Mode:
    • It encrypts an entire IP packet.
    • After attaching all inner security header, the payload+security headers are treated as a new “payload” and a separate IP header is attached to it.
    • The entire original, or inner, packet travels through a "tunnel" from one point of an IP network to another; no routers along the way are able to examine the inner IP header
    • E.g. VPN (Virtual Private Network) Two important protocols which are also referred as core IPsec protocols are:
  • IPsec Authentication Header(AH):
    • This protocol provides authentication services for IPSec.
    • What this means is that it allows the recipient of a message to verify that the supposed originator of a message was in fact the one that sent it.
    • It also allows the recipient to verify that none of the data in the datagram has been changed by any intermediate devices en-route.
    • It also provides protection against so-called “replay” attacks, where a message is captured by an unauthorized user and re-sent.
  • Encapsulating Security Payload (ESP):
    • The Authentication Header ensures integrity of the data in datagram, but not its privacy.
    • When the information in a datagram is “for your eyes only”, it can be further protected using the ESP protocol, which encrypts the payload of the IP datagram.
  • Internet Key Exchange (IKE) is another important protocol involved in IPsec. It involves the involves the determination and distribution of secret keys. A typical requirement is four keys for communication between two applications: transmit and receive pairs for both AH and ESP.
Please log in to add an answer.