Scribd
Upload
170 views

Ipsec

IPSec is a network security protocol that can provide integrity, authentication and confidentiality of IP packets. It operates in two modes - transport mode for host-to-host communication and tunnel mode for gateway-to-gateway communication. IPSec uses the Authentication Header protocol to provide data authentication and integrity and the Encapsulating Security Payload protocol to provide encryption in addition to authentication. It establishes Security Associations between nodes using identifiers such as Security Parameter Index and IP addresses.

Uploaded by

Rahul Sai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
170 views

Ipsec

IPSec is a network security protocol that can provide integrity, authentication and confidentiality of IP packets. It operates in two modes - transport mode for host-to-host communication and tunnel mode for gateway-to-gateway communication. IPSec uses the Authentication Header protocol to provide data authentication and integrity and the Encapsulating Security Payload protocol to provide encryption in addition to authentication. It establishes Security Associations between nodes using identifiers such as Security Parameter Index and IP addresses.

Uploaded by

Rahul Sai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

IPSec

Rahul sai-411558

Computer science and engineering

cryptography and network security


 INTRODUCTION
 COMPONENTS OF IPSEC
 IPSEC MODES
 SECURITY ASSOCIATIONS OF IPSEC
 AUTHENTICATION HEADER
 ENCAPSULATING SECURITY PAYLOAD
 PROS AND CONS
 IP protocol was designed in the late 70s and early 80s
 Part of DARPA( Defence Advanced Research Projects
Agency) internet project.
 Very small network, all hosts are known so security was not an issue.

Security Flaws in IP?


 No data integrity and authentication
 No encryption to protect payload and replay attacks are possible
 It protects IP and upper layer protocols (TCP,UDP)
 Can be transparent to end users
 Can provide security for end users
 It is used to provide integrity, confidentiality and
authentication of packets
 Mandatory in IPv6, optional in IPv4
 An authentication protocol:Authentication header (AH) RFC
2402
 A combination of encryption and authentication
protocol:Encapsulating Security Payload(ESP)
 Key Management and Exchange Protocols
(ISAKMP/OAKLEY )
 It operates in two modes transport mode and tunnel mode
 Transport mode
End-to-end, host-to-gateway communication
Is used mainly between end-stations
 Tunnel mode
gateway-to-gateway or host to gateway
It is most commonly used between gateway-to-
gateway.
 Transport :All fields of IP header will not be used in authentication
 Tunnel : Entire original IP packet can be encrypted and authenticated
 Security Parameter Index (SPI)
Used to select the protocols at sender and receiver end.
 IP destination address
 Sequence numbers
 These are stored in SAD(Security Association Database)
 Protocols used for security associations are Authentication
Header and Encapsulating security payload(Encapsulating)
 It can be used in either tunnel or transport mode
 Provide data authentication and integrity using MAC
 Protect against reply attacks using sequence number
 NO protection for confidentiality
 Keyed Message authentication code(MAC) is
calculated over
IP header except mutable fields like TTL, checksum
etc.
IPSec header except ICV field
 Provides data integrity and authentication
 In addition provides data confidentiality
Uses symmentric key encryption
Pros
 Provides secure channel
 Provides cost effective channels compared to
private dedicated lines

Cons
 Symmetric key is used which can be
compromised

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy