IP Security

Ξ May 31st, 2007 | → 14 Comments | ∇ Security, Technology |

ipsec.jpgYou cannot talk about VPNs without saying something about IP Security (IPSec). IPSec is a framework of open standards. It is not bound to any specific encryption or authentication algorithm keying technology. IPSec acts on the network layer, where it protects and authenticates IP packets between participating peers such as firewalls, routers, or concentrators. IPSec security provides four major functions:

  • Confidentiality The sender can encrypt the packets before transmitting them across the network. If such a communication is intercepted, it cannot be read by anybody.
  • Data integrity The receiver can verify whether the data was changed while traveling the Internet.
  • Origin authentication The receiver can authenticate the source of the packet.
  • Antireplay protection The receiver can verify that each packet is unique and is not duplicated.

When packets are traveling on the Internet, they are vulnerable to eavesdropping. Clear-text messages can be intercepted and read by anybody. Therefore, to keep the data secure, it can be encrypted. For encryption to work, both the sender and the receiver need to know the rules that were used to encrypt the original message. There are two types of encryption:

  • Symmetric
  • Asymmetric

With symmetric key encryption, each peer uses the same key to encrypt and decrypt data. With asymmetric key encryption, each peer uses a different key to encrypt and decrypt the message. Both the Data Encryption Standard (DES) and Triple DES (3DES) require a symmetric shared secret key. The problem is then to give those keys to both users. The keys can be sent by mail, courier, or public key exchange. The easiest method to exchange the key is Diffie-Hellman public key exchange. This key exchange provides a way for the users to establish a shared secret key, which only they know, although they are sending it over an insecure channel.

Public key cryptosystems rely on a two-key system:

  • A public key, which is exchanged between the users
  • A private key, which is kept secret by the owners
  • (more…)