Just a quick guide on IPSec - nothing too heavy hoepfully
What is IPSec
As the name suggests IPSEC is IP Security. IPSec is a industry standard set of protocols and services, it authenticates and encrypts each IP packet within a communication session. IPSec can be used in protecting the data between
host-to-host
network-to-network
network-to-host
What Does It Do
IPSec is designed to provide authentication and integrity. IPSec operates at the Layer 3 of the OSI model - you may be asking isn't SSL secure, SSL operates at the Application layer. With SSL applications have to be written to be aware and use SSL, where as IPSec can be used and the application does not need to be aware of this.
How Does It Work
IPSec is not a single protocol, but 2 protocols that can be used together or seperately.
AH (Authentication Header) AH is used to authenticate and identify the sender, and to provide integrity of the data to ensure it is not modified. AH does not encrypt the data but used as a way to sign the entire packet.
A typical IP4 packet is
{[IP HEADER][DATA PAYLOAD]}
Packet in AH Mode
{[IP HEADER][AH][DATA PAYLOAD]}
With AH, the packet is now authenticated.
ESP (Encapsulated Security Payload) - ESP can provide encryption to the data within the IP packet.
A typical IP4 packet is
{[IP HEADER][DATA PAYLOAD]}
ESP Packet
{[IP HEADER][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
With ESP, the data is now encrypted.
There are 2 models of operation for both AH and ESP
Tunnel Mode - The entire IP packet is encrypted and/or authenticated. You have used tunnel mode without knowing about it, a VPN.
Transport Mode - Only the payload of the IP packet is encrypted and/or authenticated.
To get a better understanding, lets look at the IP Packet in both modes,
Lets go back to our IP packet, without IPSec
{[IP HEADER][DATA PAYLOAD]}
In AH Transport Mode
{[IP HEADER][AH][DATA PAYLOAD]}
In AH Tunnel mode
{[NEW IP HEADER][AH][IP HEADER][DATA PAYLOAD]}
In ESP Transport Mode
{[IP HEADER][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
In ESP Tunnel mode
{[NEW IP HEADER][ESP HEADER][IP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Both AH and ESP in Transport Mode
{[IP HEADER][AH][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Both AH and ESP in Tunnel mode
{[NEW IP HEADER][AH][ESP HEADER][IP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Now if you are still confused, lets me simplify it a bit
AH v ESP -To authenticate we use AH and encrypt we use ESP.
Tunnel or Transport mode - Transport Mode provides a secure connection between two endpoints as it encapsulates the data payload, while Tunnel Mode encapsulates the entire IP packet.
Transport mode is used to form a traditional VPN, where as tunnel generally creates a secure tunnel across an untrusted Internet.
A security associations (SA) provide the bundle of algorithms and data that provide the parameters necessary to AH and/or ESP operations.
After all I have said all this, as part of the Snowden leaks, it has been revealed that the US National Security Agency has been actively working to "Insert vulnerabilities into commercial encryption systems". There are allegations that IPsec was a targeted encryption system.
John Gilmore, who followed the IPsec IETF standards committee and lead a group that tried to implement IPsec, has speculated that the NSA sabotaged the IPsec standard. Gilmore speculates that the NSA purposefully made the standard less secure. with the goal of hampering the spread of strong crypto unbreakable to the NSA.
What is IPSec
As the name suggests IPSEC is IP Security. IPSec is a industry standard set of protocols and services, it authenticates and encrypts each IP packet within a communication session. IPSec can be used in protecting the data between
host-to-host
network-to-network
network-to-host
What Does It Do
IPSec is designed to provide authentication and integrity. IPSec operates at the Layer 3 of the OSI model - you may be asking isn't SSL secure, SSL operates at the Application layer. With SSL applications have to be written to be aware and use SSL, where as IPSec can be used and the application does not need to be aware of this.
How Does It Work
IPSec is not a single protocol, but 2 protocols that can be used together or seperately.
AH (Authentication Header) AH is used to authenticate and identify the sender, and to provide integrity of the data to ensure it is not modified. AH does not encrypt the data but used as a way to sign the entire packet.
A typical IP4 packet is
{[IP HEADER][DATA PAYLOAD]}
Packet in AH Mode
{[IP HEADER][AH][DATA PAYLOAD]}
With AH, the packet is now authenticated.
ESP (Encapsulated Security Payload) - ESP can provide encryption to the data within the IP packet.
A typical IP4 packet is
{[IP HEADER][DATA PAYLOAD]}
ESP Packet
{[IP HEADER][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
With ESP, the data is now encrypted.
There are 2 models of operation for both AH and ESP
Tunnel Mode - The entire IP packet is encrypted and/or authenticated. You have used tunnel mode without knowing about it, a VPN.
Transport Mode - Only the payload of the IP packet is encrypted and/or authenticated.
To get a better understanding, lets look at the IP Packet in both modes,
Lets go back to our IP packet, without IPSec
{[IP HEADER][DATA PAYLOAD]}
In AH Transport Mode
{[IP HEADER][AH][DATA PAYLOAD]}
In AH Tunnel mode
{[NEW IP HEADER][AH][IP HEADER][DATA PAYLOAD]}
In ESP Transport Mode
{[IP HEADER][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
In ESP Tunnel mode
{[NEW IP HEADER][ESP HEADER][IP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Both AH and ESP in Transport Mode
{[IP HEADER][AH][ESP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Both AH and ESP in Tunnel mode
{[NEW IP HEADER][AH][ESP HEADER][IP HEADER][DATA PAYLOAD][ESP TRAILER][ESP AUTHENTICATION]}
Now if you are still confused, lets me simplify it a bit
AH v ESP -To authenticate we use AH and encrypt we use ESP.
Tunnel or Transport mode - Transport Mode provides a secure connection between two endpoints as it encapsulates the data payload, while Tunnel Mode encapsulates the entire IP packet.
Transport mode is used to form a traditional VPN, where as tunnel generally creates a secure tunnel across an untrusted Internet.
A security associations (SA) provide the bundle of algorithms and data that provide the parameters necessary to AH and/or ESP operations.
After all I have said all this, as part of the Snowden leaks, it has been revealed that the US National Security Agency has been actively working to "Insert vulnerabilities into commercial encryption systems". There are allegations that IPsec was a targeted encryption system.
John Gilmore, who followed the IPsec IETF standards committee and lead a group that tried to implement IPsec, has speculated that the NSA sabotaged the IPsec standard. Gilmore speculates that the NSA purposefully made the standard less secure. with the goal of hampering the spread of strong crypto unbreakable to the NSA.
