IPSec

Created by

Lance De Guzman

Cards (16)

IPSec 
Offers authentication, confidentiality, integrity, access control, and protection against replay attacks
View source
IPSec 
Operates on network layer, transparent to the user
Automatically negotiates cryptographic protection with another IPSec enabled computer
View source
IPSec negotiation 
1. Both ends negotiate cryptographic parameters and assurance, complete authentication, and agree on shared secret keys
2. Provide data encryption confidentiality and message integrity
View source
Security Association (SA) 
Contains secret keys, names of cryptographic algorithms for encryption and authentication, and other parameters
View source
IPSec Phase 1 
1. Authentication
2. Key Agreement
3. SA-1 parameters are derived
View source
IPSec Phase 2
1. Negotiation of bulk data encryption parameters
2. SA-2 parameters are derived
View source
SA-1 parameters 
Used to encrypt and authenticate Phase 2 messages
View source
SA-2 parameters 
Used to encrypt and authenticate all Phase 2 messages
View source
Transport Mode 
IPSec protects what is delivered from the transport layer to the network layer, but does not protect the IP Header
View source
Tunnel Mode 
IPSec protects the entire IP packet, including the header, by applying IPSec security methods and adding a new IP Header
View source
Authentication Header (AH) Protocol 
Provides data integrity and source authentication, but not confidentiality
View source
Encapsulating Security Payload (ESP) Protocol 
Provides confidentiality, data integrity, and source authentication
View source
IPSec combinations
ESP + Transport
ESP + Tunnel
AH + Transport
AH + Tunnel
View source
The most robust protection is ESP + Tunnel, often used for VPNs
View source
Services provided by IPSec
Access Control
Message Authentication
Entity Authentication
Confidentiality
Replay attack protection
View source
Two-phase key exchange in IPSec
Single SA-1 can generate many SA-2
Fast changes in SA-2 keys
Encryption algorithms in SA-2 can be changed
View source