IP Security in Cryptography
IPsec (Internet Protocol Security) is a collection of algorithms and protocols used to secure the data transmitted over a public network. The Internet Engineering Task Force (IETF) was developed in the year of 1990. The main aim of The Internet Engineering Task Force (IETF) is to develop an IPsec (Internet Protocol Security) that provides a security layer for the encryption and authentication of data. The IPsec (Internet Protocol Security) consists of two protocol. These two protocols are Encapsulating Security Payload (ESP) and Authentication header (AH). The IPsec (Internet Protocol Security) also has Internet Key Exchange (IKE). With the help of Internet Key Exchange (IKE), we can generate a security key that can establish a security association (SA). The security association can perform the encryption and decryption process for the security level of two objects. To handle the security association, there is a need for a router or firewall.
What used is IPsec (Internet Protocol Security) for?
With the help of IPsec (Internet Protocol Security), we can protect our medical records, financial transaction, and corporate communication, etc. We can also secure the Virtual Private Network (VPN) with the help of IPsec (Internet Protocol Security). IPsec (Internet Protocol Security) also confirms the data transmitted over the public network. It can also provide the feature of authentication without an encryption process. In Open System Interconnection (OSI) model, the data can be transmitted securely without using IPsec (Internet Protocol Security). The Hypertext Transfer Protocol (HTTPS) performs the encryption process at the application layer. At the same time, the Transport Security Layer (TLS) provides the encryption algorithm at the transport layer. However, these higher layers' authenticating and encryption mechanisms increase the chance that attackers can hack the data.
With the help of the IPsec protocol, the data packet can be transmitted over IPv4 and IPv6-based networks securely. The header of the IPsec protocol is found in the IP header of a data packet. To enhance the security of IPsec, add several components to the IP header. The IPsec protocol follows a data format which is called a Request for comments (RFC). With the help of a request for comments (RFC), we can build the requirement for the network security standard. The RFC provides the standard information that enables developers and users to create and maintain the network layers. There are some keys that are present in the IPsec protocol. These are as follows.
- IP AH: The RFC 4302 is specified by AH. The AH provides the protection service to the data integrity and transport layer. With the help of AH, we can add the authentication data in the IP packet and protect the content of the data packet.
- IP ESP: The RFC 4303 is specified by the ESP. It provides the integrity, authentication, and confidentiality of data present in the IP packet.
- IKE: The IKE is defined by RFC 4303. IKE is a type of protocol that provides secure communication between two systems. This connection is established over an insecure network. With the help of this key protocol, we can create a secure tunnel between the client and server through which they can send the data securely. The security of this tunnel follows the mechanism of the Diffie-Hellman key exchange algorithm.
- Internet security association and key management protocol(ISAKMP): ISAKP is a part of RFC 7296 and the IKE protocol. It is a type of framework for key exchange protocol by which we can establish and authenticate the SA layer for secure data exchange at the IP layer. We can also say with the help of ISAKMP, we can communicate with the system and host it. The SA can establish the connection in one direction. The SA layer is associated with all the cryptographic algorithms, IPsec mode, encryption key, and other parameters related to the data layer.
IPSec protocol is used by many other protocols, such as the digital signature algorithm, IKE document roadmap, and RFC 6071.
How does IPsec work?
The IPsec performs its operation in five steps. These five steps are as follows.
1. Host recognization
The IPsec starts its operation by recognizing the host for the system. Then the host provides protection to the data packet. Then these data packets are transmitted through the tunnel by using IPsec policies. Such packets are considered interesting packets. Then these interesting packets trigger the data policies. The encryption and decryption algorithms are applied for all the outgoing packets. The main work of the host system is to verify all the incoming data packets.
2. Negotiation or IKE phase 1
In the second step, the host system tries to negotiate with the IPsec policies. The secure circuit authenticates both the client and server and transmits the data between them in a secure channel. The whole negotiation process occur either aggressive or main mode. In the main mode, the host system initiates the sending proposal of data with the encryption and decryption algorithm. The negotiation process continues between the host and the IKE until the IPsec policy has not been implemented. The main mode is more secure in comparison with the aggressive mode. In aggressive mode, the host system does not allow the negotiation process and allows the limited use of IKE SA. With the help of the aggressive method, the host system can set up the circuit very fastly.
3. IPsec circuit or IKE phase 2
In this step, the IPsec established a secure connection with the IKE phase 1. The negotiating process is used in the data transmission steps. The host system agrees to share the encryption and decryption key over a public traffic network. The host system also exchanges the random number. These random numbers are used to authenticate the session.
4. IPsec transmission
In this step, the host system is ready to transfer the established data through a secure channel. The IPsec SA is being used for the encryption and decryption of the data.
5. IPsec termination
Finally in this process, the IPsec gets terminated. Usually, this step happens when the number of bytes is completed or the number of bytes passed through the secure tunnel. When these events get completed, then the host system allows the IPsec to terminate all its IPsec policies. After completion of the termination process of IPsec, the host system destroys the private key, which is shared through the secure tunnel.
How is the IPsec used in a Virtual Private Network (VPN)?
A Virtual Private Network (VPN) is essential for a private network. With the help of a Virtual Private Network (VPN), the private network gets implemented over a public network. Anyone who is connected to a A virtual Private Network (VPN)can directly access the private network without trouble. With us of a Virtual Private Network (VPN), the employee can access their corporate network remotely in their company. With the help of IPsec, we can secure the Virtual Private Network (VPN). When a Virtual Private Network (VPN) creates a secure connection between the client and the server, the IPsec secures the data transmitted through that tunnel. Virtual Private Network (VPN) can secure their network with the help of two modes. These two modes are transport mode and tunnel mode.
There are two modes available in the IPsec. We are going to describe these modes below.
1. Tunnel Mode:
After creating a tunnel between the client and the server, then with the help of tunnel mode, the host system can provide the data that pass through the tunnel. For example, a user in an enterprise can securely connect with all other systems that are present in the main office branch. It is possible only by the host control. And the data transferred remotely can from one system to another system Is only possible with the help of IPsec policies. The tunnel mode has such type of mechanism by which it can avoid all kinds of unusual traffic between two points.
2. Transport Mode:
When the IPsec is directly connected with IPsec VPN, then the transport mode comes to use. IPsec connects the client and server directly with the help of a Virtual Private Network (VPN) through transport mode.
Comparing IPsec VPN vs. SSL VPN
A Secure Socket Layer (SSL) VPN is another approach to securing a public network connection. The two can be used together or individually, depending on the circumstances and security requirements.
With an IPsec VPN, IP packets are protected as they travel to and from the IPsec gateway at the edge of a private network and remote hosts and networks. An SSL VPN protects traffic as it moves between remote users and an SSL gateway. IPsec VPNs support all IP-based applications, while SSL VPNs only support browser-based applications, though they can support other applications with custom development.