InformationTechnology:Security:Encryption

Contents 1 Navigation 2 Related categories 3 About this page 4 Encryption resources 5 IP Security (IPSEC) 6 IPSEC Virtual Private Networks (VPN)

Navigation

Related categories

About this page

We apologize for the little information we provide, this page is still under construction. Please stay tuned.

Encryption resources

With the advent of Internet-based communications there is a growing demand to protect Internet transmissions, while using the existing infrastructure. Esentially the need for is to build virtual private networks on top of the publicly-shared Internet infrastructure. Several approaches exist and all of them are based on some form of tunneling. The most widely used encryption and authentication schemes are based on the RSA asymetric cryptography algorithm (here is a primer). However, with the advent in computing power, many fear the RSA-based schemes are at risk of being broken just like SHA1.

IP Security (IPSEC)

Responding to that demand, IPSEC — the IP security protocol — has been standardized by the IETF, for IPv4 and IPv6. There are 2 basic encryption protocols in IPSEC:

• Authentication Header (AH)
• Encapsulating Security Payload (ESP)

Based on these protocols, the so-called IPSEC-VPNs provide: ² Data integrity, by protecting the IP packets against undetected modification. ² Authentication, by cryptographically authenticating the origin of an IP packet. ² Confidentiality, by encrypting the IP packet or the payload thereof. ² Anti-Replay, by encrypting with a secret sequence number.

Two IPSEC modes exist for providing the above services

• Transport mode encrypts the original IP packet payload and adds a new IP protocol header
• Tunnel mode encrypts the whole IP packet and encapsulates it in a new IP packet

The crytptographic protocol parameters to be used are grouped in security-policies in a Security Policy Database (SPD) Once the policies established, the crytptographic keys are negotiated using the Internet Key Exchange (IKE) protocol, based on the Diffie-Hellman algorithm.Once the key exchange sequences are done, Security Associations (SA) relationships are established between communicationg peers and held in a Security Association Database (SAD). IPSEC

References

IPSEC Primer [1]

IPSEC Virtual Private Networks (VPN)

• Introduction to VPNs ftp://ftp.software.ibm.com/eserver/zseries/zos/vse/pdf3/wavv00/2324vpn.pdf
• [2]
• Cryptographic protocols & standards [3]
• Tom Dunigan security page [4]
• VPN protocols [5]