Chapter 19 IP SECURITY
o IP Security Overview
·
Applications of
IPsec Benefits of IPsec Routing Applications IPsec Documents IPsec Services
·
Transport and Tunnel
Modes
o IP Security Policy
·
Security
Associations
·
Security Association
Database Security Policy Database
·
IP Traffic
Processing
o Encapsulating Security
Payload
·
ESP Format
·
Encryption and
Authentication Algorithms Padding
·
Anti-Replay Service
Transport and Tunnel Modes
o Combining Security
Associations
·
Authentication Plus
Confidentiality
·
Basic Combinations
of Security Associations
o Internet Key Exchange
·
Key Determination
Protocol Header and Payload Formats
o Cryptographic Suites
KEY POINTS
◆ IP security (IPsec) is a capability that
can be added to either current version of the Internet Protocol (IPv4 or IPv6)
by means of additional headers.
◆ IPsec encompasses three functional areas:
authentication, confidentiality, and key management.
◆ Authentication makes use of the HMAC
message authentication code. Authentication can be applied to the entire
original IP packet (tunnel mode) or to all of the packet except for the IP
header (transport mode).
◆ Confidentiality is provided by an
encryption format known as encapsulating security payload. Both tunnel and
transport modes can be accommodated.
◆ IKE defines a number of techniques for key
management.
There are application-specific
security mechanisms for a number of
application areas, including electronic mail (S/MIME, PGP),
client/server (Kerberos), Web access
(Secure Sockets Layer), and others. However, users have security concerns that cut across protocol
layers. For example, an enterprise can run a secure, private IP network by disallowing links to untrusted
sites, encrypting packets
that leave the premises,
and authenticating packets that enter
the premises. By implementing security at the IP level, an
organization can ensure secure networking not only for applications that have security
mechanisms but also for the many security-ignorant applications.
IP-level
security encompasses three
functional areas: authentication, confiden- tiality, and key management. The authentication mechanism assures that a received packet was, in fact, transmitted by the party identified as the source
in the packet header. In addition, this mechanism assures that the packet has
not been altered in transit. The confidentiality facility enables communicating nodes
to encrypt messages to prevent eavesdropping by third parties. The key management facility
is concerned with the
secure exchange of keys.
We begin this chapter with an overview of IP security (IPsec) and
an introduction to the IPsec architecture. We then look at each of the three functional areas in detail.
Appendix L reviews Internet protocols.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2026 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.