Scribd
Upload
0 views

IP Security

IP Security (IPsec) is a protocol suite designed to secure IP communications by ensuring data integrity, authentication, and confidentiality during transmission. It utilizes mechanisms such as Authentication Header (AH) and Encapsulating Security Payload (ESP) to protect against various attacks and manage keys for secure connections. While IPsec enhances network security, it can introduce latency due to the processing required for encryption and decryption.

Uploaded by

letchukarthick.alpharive
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0 views

IP Security

IP Security (IPsec) is a protocol suite designed to secure IP communications by ensuring data integrity, authentication, and confidentiality during transmission. It utilizes mechanisms such as Authentication Header (AH) and Encapsulating Security Payload (ESP) to protect against various attacks and manage keys for secure connections. While IPsec enhances network security, it can introduce latency due to the processing required for encryption and decryption.

Uploaded by

letchukarthick.alpharive
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

IP SECURITY

Presented by
Saminathan G
Chanjay J
Arun prasath D
Gopinath R
Ram ganesh G
INTRODUCTION
• In today’s massively interconnected business world of the internet,
Intranets, branch offices and remote access, sensitive information
constantly crosses the networks.
• Without security, both public and private networks are susceptible to
unauthorized monitoring and access.
• There are different network security protocols widespread use for
protecting private and public network such as
• IP security
• Transport layer security
• Secure shell
• Hence, only IPsec protect all application traffic over an ip network.
• IP security refers to security mechanism implemented at the IP Layer to
ensure
• Integrity
• Authentication
• Confidentiality of data during transmission in the open Internet environment
• It is a protocol suite for secure IP communications that works by
• Authenticating
• Encrypting each IP pacted of a communication session.
• IPSec is a set of protocol and algorithm used to secure IP data and
network layer
Goals of IPsec
• To verify source of IP packets
• Authentication
• To prevent replaying of old packets
• To protect integrity and/or confidentiality of packets
• Data Integrity/Data Encryption
IPsec Architecture
• Architecture: Covers the genera concepts, security requirement,
definitions and mechanisms defining IPsec technology
AUTHENTICATION HEADER
• Provides source authentication
• Protects against source spoofing
• Provides connectionless data integrity
• Protects against replay attacks
• Use monotonically increasing sequence numbers
• Protects against denial of service attacks
• NO protecting for confidentiality
AH DETAILS
• Use 32-bt monotonically increasing sequence number to avoid
replay attacks
• Use cryptographically strong hash algorithms to protect data
integrity(96-bit)
• Use symmetric key cryptography
• HMAC-SHA-96, HMAC-MD5-96
AH PACKET DETAILS
ENCAPSULATING SECURITY
PAYLOAD
• Provides all that AH offers, and
• In addition provides data confidentiality
• Uses symmetric key encryption
• Same as AH:
• Use 32-bit sequence number to counter replaying attacks
• Use integrity check algorithms
• Only in ESP:
• Data confidentiality
• Uses symmetric key encryption algorithms to encrypt packets
ESP PACKET DETAILS
TRANSPORT AND TUNNEL
MODES
KEY MANAGEMENT
• The key management portion of IPSec involves
• The determination and distribution of the secret keys
• A typical requirement is four keys for communication between two
applications :
• Transmit and receive pairs for both AH and ESP
• Supports for two types of key management
• Manual
• Automatic
SECURITY ASSOCIATION
• SA describes a particular kind of secure connection between one device
and another.
• Security Associations are key to IPSEC’s authentication and confidentiality
mechanisms.
• SAs are needed to negotiate in the exchange of the “shared secret”
process

• Sharing the shared key secret


SECURITY ASSOCIATION
• Uniquely identified by three parameters:
• Security parameters index: the SPI assigns a bit string to this SA that has
local significance only.
• The SPI is carried in AH and ESP headers to enable the receiving system to
select the SA under which a received packet will be processed.
• IP destination address : Currently, only unicast addresses are allowed; this
is the address of the destination endpoint of the SA, which may be an
end-user system or a network such as a firewall or router.
• Security protocol identifier : this indicates whether the association is an
AH or ESP security association.
Benefites of IPSec
• In a firewall/router provides strong security to all traffic crossing the
perimeter.
• In a firewall/routing is resistant to bypass
• Is below transport layer, hence transparent to applications.
• Can be transparent to end users.
• Can provide security for individual users if needed
• Secure routing architechure.
Applications of IPSec
• Secure branch office connectivity over the internet
• Secure remote access over the internet
• Establishment of extranet and intranet connectivity with partners
• Enhancement of electronic commerce security
CONCLUSION
• IP security importance is growing, but unfortunately its operation
imposes a significant burden on the encrypting device.
Furthermore, certain applications may suffer from the increase in
latency(i.e., the time required to pass though an IPSec network
device) due to the extra processing.
• Finally, at a time when network security is increasingly vital IPSec
makes it easy for network managers to provide a strong layer of
protection to their organization’s information resources.
THANK YOU

You might also like