IPSEC :

• It is a protocol to provide security for a packet at a network layer which is often referred to as the Internet protocol on IP layer.

• IPSEC helps to create confidential & authenticated packets for the IP layer.

• It can enhance the security of those client programs such as electronic mail, that use their own security protocol.

• It can enhance the security of the server programs such as HTTP that use the security service provided at the transport layer.

• It can also be used to provide security to those client/server programs that do not use the security services provided at the transport layer.

Modes of IPSEC :

• Transport mode:(It only protects the information coming from transport layer)

• In this mode, IPSEC protocols only the packet from the transport not the whole IP packet. Here the IPsec header & trader are added to the information coming from the transport layer. The IP header is added later.

• This mode is normally used when we need host to host (end to end protection of data)

  2.Tunnel mode:(IPSEC in this mode protects the original IP header)

• In this mode , IPSEC protects the entire IP packet. It takes an IP packet including the header, applies IPsec security methods to the entire packet & then adds a new IP header.

• The new IP header has different information than the original IP header.

• Tunnel model is normally used between two route , between a host & a router or between a router & a host.

IPsec defines two protocols :

a. The authentication Header (AH)

b. Encapsulation Security Payload (ESP)

to provide authentication & for encryption for the packets at the IP level.

a. Authentication Header (AH) :

• Provide source authentication & data integrity but not privacy

• AH protocol is designed to authenticate the source host & to ensure the integrity of payload carried in the IP packet

• This protocol was a hash function & a symmetric key to create a message digest, the digest is inserted via the authentication header.

• The AH is then placed on the appropriate header based on the mode i.e. transport or tunnel.

• When an IP datagram carries an authentication header the original value in the protocol of the IP header is replaced by the value SI.

• The addition of an authentication header follows following steps:

• An AH is added to the payload with authentication data field set to zero.

• Padding may be added to make the total length ever for a particular hashing algorithm.

• Hashing is based on the total packet, However only those fields of the IP header that do not change during transmission are included in the calculation of the message digest i.e. authentication data.

• The authentication data are inserted in the authentication header.

• The IP header is added after changing the value of the protocol field to SI.

b.Encapsulating Security Protocol :

• As all protocol does not provide privacy IPSEC comes up with ESP protocol.

• It provides source authentication, integrity & privacy.

• It adds a header & trailer.

• ESP's authentication data are added at the end of the packet which makes its calculation easier.

• When an IP datagram carries an ESP header & trailer the value of the protocol field in the IP header is 50.

• A field inside the ESP trailer (next header field) holds the original value of the protocol field ( the type of payload being carried by the IP datagram such as TCP or UDP)

ESP procedure follows following steps :

1. An ESP trailer is added to the payload.

2. The payload & the trailer are encrypted

3. The ESP header is added.

4. The ESP header payload & ESP trailer are used to create the authentication data.

5. The authentication data are added to the end of the ESP trailer.

6. The IP header is added after changing the protocol value of 50.

IPSEC :

• It is a protocol to provide security for a packet at a network layer which is often referred to as the Internet protocol on IP layer.

• IPSEC helps to create confidential & authenticated packets for the IP layer.

• It can enhance the security of those client programs such as electronic mail, that use their own security protocol.

• It can enhance the security of the server programs such as HTTP that use the security service provided at the transport layer.

• It can also be used to provide security to those client/server programs that do not use the security services provided at the transport layer.

Modes of IPSEC :

• Transport mode:(It only protects the information coming from transport layer)

• In this mode, IPSEC protocols only the packet from the transport not the whole IP packet. Here the IPsec header & trader are added to the information coming from the transport layer. The IP header is added later.

• This mode is normally used when we need host to host (end to end protection of data)

  2.Tunnel mode:(IPSEC in this mode protects the original IP header)

• In this mode , IPSEC protects the entire IP packet. It takes an IP packet including the header, applies IPsec security methods to the entire packet & then adds a new IP header.

• The new IP header has different information than the original IP header.

• Tunnel model is normally used between two route , between a host & a router or between a router & a host.

IPsec defines two protocols :

a. The authentication Header (AH)

b. Encapsulation Security Payload (ESP)

to provide authentication & for encryption for the packets at the IP level.

a. Authentication Header (AH) :

• Provide source authentication & data integrity but not privacy

• AH protocol is designed to authenticate the source host & to ensure the integrity of payload carried in the IP packet

• This protocol was a hash function & a symmetric key to create a message digest, the digest is inserted via the authentication header.

• The AH is then placed on the appropriate header based on the mode i.e. transport or tunnel.

• When an IP datagram carries an authentication header the original value in the protocol of the IP header is replaced by the value SI.

• The addition of an authentication header follows following steps:

• An AH is added to the payload with authentication data field set to zero.

• Padding may be added to make the total length ever for a particular hashing algorithm.

• Hashing is based on the total packet, However only those fields of the IP header that do not change during transmission are included in the calculation of the message digest i.e. authentication data.

• The authentication data are inserted in the authentication header.

• The IP header is added after changing the value of the protocol field to SI.

b.Encapsulating Security Protocol :

• As all protocol does not provide privacy IPSEC comes up with ESP protocol.

• It provides source authentication, integrity & privacy.

• It adds a header & trailer.

• ESP's authentication data are added at the end of the packet which makes its calculation easier.

• When an IP datagram carries an ESP header & trailer the value of the protocol field in the IP header is 50.

• A field inside the ESP trailer (next header field) holds the original value of the protocol field ( the type of payload being carried by the IP datagram such as TCP or UDP)

ESP procedure follows following steps :

1. An ESP trailer is added to the payload.

2. The payload & the trailer are encrypted

3. The ESP header is added.

4. The ESP header payload & ESP trailer are used to create the authentication data.

5. The authentication data are added to the end of the ESP trailer.

6. The IP header is added after changing the protocol value of 50.