What is IPSec Protocol?
By Paul Liu
Monday, January 7th, 2013
What is IPSec? How do I use it, and how does it compare?
Internet Protocol Security (IPSec) is a set of protocols used to authenticate and encrypt internet data transfer. It is used to secure data transfer between a pair of hosts or networks or between a host and a network. IPSec is a complete security protocol that operates in the network layer of the Internet Protocol Suite which makes it possible to secure the data without using application level security. In this article, we will check out the features of IPSec and how it works to provide a safe and secure environment for internet browsing and data transfer.
History of IPSec
The initial research on IPSec was done at AT&T Bell Labs and Columbia University in 1993. The protocol was further developed at Trusted Information Systems and the first implementation of the protocol was done on a BSDI system in 1994. Further research and development made it possible to use the protocol on many other flavors of UNIX as well as other plug and play systems. The protocol was first released to the general public as a part of the Gauntlet firewall in December, 1994.
IPSec uses the following security architecture for its operation:
1) Authentication Header – The authentication header (AH) is responsible for authenticating data origin by verifying its credentials. This part of IPSec is also designed to provide connectionless integrity and protect the network against replay attacks. The authentication header works by authenticating the bits of information present in request headers.
2) Encapsulating Security Payloads – The encapsulating security payloads (ESP) part is responsible for authentication of origin, integrity and protecting the confidentiality of data packets. ESP can also be used just for authentication or encryption but using encryption without authentication is not really recommended. ESP operates in 2 modes; a transport mode which doesn’t provide authentication and integrity to entire IP packet and a tunnel mode that provides authentication and integrity to the entire IP packet.
3) Security Associations – In addition to securing and authenticating data with authentication header and encapsulating security payloads, IPSec uses security association for additional network security. The security association is nothing but a set of keys and algorithms used to encrypt and authenticate data flow. The assigned keys are decrypted at the destination by referring to security association database which verifies the authenticity of the data.
IPSec is officially standardized by Internet Engineering Task Force (IETF) and it offers support for both IPv4 and IPv6 connectivity.
How IPSec Works
IPSec works for both host-to-host and network-to-network environments. In host-to-host transfer, the entire IP packet isn’t authenticated or encrypted; only the payload part of the data packet secured. In network-to-network transfer, also known as tunnel mode, the complete IP packet is authenticated and encrypted.
The tunnel mode is used for creating secure host-to-host (private messaging), host-to-network (remote access) and network-to-network (router to sites) connections. Tunnel mode is also used to deploy virtual private networks (VPN) to create extremely secure site-to-site or network-to-network connections. In particular, IPSec is often used in conjunction with L2TP protocol since it provides an easy, fast and secure way to implement VPNs. The combination is referred to as L2TP/IPSec protocol and is supported by major platforms and devices. Most VPN providers offer support for L2TP/IPSec protocol as an alternative to OpenVPN protocol.