IPSec

Rahul sai-411558

Computer science and engineering

cryptography and network security

 INTRODUCTION
 COMPONENTS OF IPSEC
 IPSEC MODES
 SECURITY ASSOCIATIONS OF IPSEC
 AUTHENTICATION HEADER
 ENCAPSULATING SECURITY PAYLOAD
 PROS AND CONS
 IP protocol was designed in the late 70s and early 80s
 Part of DARPA( Defence Advanced Research Projects
Agency) internet project.
 Very small network, all hosts are known so security was not an issue.

Security Flaws in IP?

 No data integrity and authentication
 No encryption to protect payload and replay attacks are possible
 It protects IP and upper layer protocols (TCP,UDP)
 Can be transparent to end users
 Can provide security for end users
 It is used to provide integrity, confidentiality and
authentication of packets
 Mandatory in IPv6, optional in IPv4
 An authentication protocol:Authentication header (AH) RFC
2402
 A combination of encryption and authentication
protocol:Encapsulating Security Payload(ESP)
 Key Management and Exchange Protocols
(ISAKMP/OAKLEY )
 It operates in two modes transport mode and tunnel mode
 Transport mode
End-to-end, host-to-gateway communication
Is used mainly between end-stations
 Tunnel mode
gateway-to-gateway or host to gateway
It is most commonly used between gateway-to-
gateway.
 Transport :All fields of IP header will not be used in authentication
 Tunnel : Entire original IP packet can be encrypted and authenticated
 Security Parameter Index (SPI)
Used to select the protocols at sender and receiver end.
 IP destination address
 Sequence numbers
 These are stored in SAD(Security Association Database)
 Protocols used for security associations are Authentication
Header and Encapsulating security payload(Encapsulating)
 It can be used in either tunnel or transport mode
 Provide data authentication and integrity using MAC
 Protect against reply attacks using sequence number
 NO protection for confidentiality
 Keyed Message authentication code(MAC) is
calculated over
IP header except mutable fields like TTL, checksum
etc.
IPSec header except ICV field
 Provides data integrity and authentication
 In addition provides data confidentiality
Uses symmentric key encryption
Pros
 Provides secure channel
 Provides cost effective channels compared to
private dedicated lines

Cons
 Symmetric key is used which can be
compromised