EDUCBA

Home Software Development Software Development Tutorials Network Security Tutorial IPSec

IPSec

Swati Tawde
Article bySwati Tawde
Priya Pedamkar
Reviewed byRavi Rathore

Updated March 20, 2023

IPSec

 

 

Introduction to IPSec

IPsec stands for Internet Protocol Security. IP packets that travel through transmission medium contain data in plain text form. It ensures that anyone watching IP packets move through can access IP packets, and read the data. To overcome this problem, and to secure the IP packets, IPsec comes into the picture.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

The idea behind IPSec is to encrypt and seal the transport and application Layer data during transmission. It also offers integrity protection for the internet layer. Internet header itself is not encrypted, because of which the intermediate routers can deliver encrypted IPSec messages to the intended receiver. IPSec layer lies in between the transport layer and the internet layer.

IPSec Protocols

IP packets consist of two parts one is an IP header, and the second is actual data. These features are implemented in the form of additional IP headers which are called extension headers to the standards, default IP address. This extension IP headers must follow the Standard IP headers. IP security offers two main services one is authentication and another is confidentiality each of these requires its own extension headers. To support this IPSec support two IP extension headers, One for authentication and another for confidentiality.

IPSec protocols

1. Authentication Header Protocol

The authentication header protocol provides integrity, authentication, and anti-replay service. The IPSec authentication header is a header in the IP packet, which contains a cryptographic checksum for the contents of the packet. This authentication header is inserted in between the IP header and any subsequent packet contents. There is no need of changes in the data contents of the packet, therefore security resides completely in the contents of the authentication header.

2. ESP Protocol

ESP protocol stands for Encapsulating Security Payload Protocol. It provides data confidentiality. Encapsulating Security Payload Protocol also defines the new header that needs to be inserted into the IP packet. ESP protocol also converts the protected data into encrypted format i.e. unreadable format. Under normal circumstances, the Encapsulating Security Payload Protocol will be inside the Authentication header. That means that it first performs encryption and authenticate.

When the receiver gets the IP packet processed by IPSec, the receiver first processes the Authentication header, if it is present. Based on the outcome of this, the receiver decides whether the contents of the packet are right or not, whether the data is modified or not during transmission. If the receiver finds the contents acceptable, it extracts the key and algorithms associated with Encapsulating Security Payload and decrypts the contents.

Modes of Operation

Both the authentication header and encapsulating security payload can be used in one of two nodes. Two nodes are – Tunnel mode and Transport mode.

1. Tunnel Mode

In tunnel mode, an encrypted tunnel is established between two hosts. Suppose A and B are two hosts and want to communicate with each other using IPsec tunnel mode. First, they identify the corresponding proxies, say Pro1 and Pro2 and the logical encrypted tunnel is established between these two proxies. A sends its message to Pro1 and the tunnel carries this message to Pro2. Pro2 forwards this message sent by A to B. In tunnel mode, it protects the entire IP datagram. It adds the IPSec header and trailer to the Iap datagram and encrypts the whole. Then it adds a new IP header to this encrypted datagram.

2. Transport Mode

In transport mode, source addresses and destination addresses are not hidden during transmission. They are in plain text form i.e. anyone can read it. In transport mode, it takes transport-layer payload, and adds IPSec header and trailer and then encrypts them as a whole. After that it adds IP header, Thus IP header is not encrypted.

Applications of IPSec

Given below are some applications of IPSec:

  • Secure Remote Internet Access: With IP security, we can make a call to our IPS(Internet Service Provider) so as to connect to our organization network in a secure manner. We can also access corporate network facilities or remote servers/desktops.
  • To Set up Communication with other Organizations: As IP security allows connection between various branches of the organization, it can also be used to connect the networks of various organizations in a secure manner.
  • Secure Branch office Connectivity: It allows an organization to set an IPSec enabled the network to securely connect all its branches over the internet. This feature reduces the expense of the organization that needs for connecting the organization branches across the cities or countries.

Advantages

Given below are the advantages mentioned:

  • It allows fast traveling to have secure access to the corporate network.
  • It allows interconnectivity between branches of the organization in a Secure and inexpensive manner.
  • It works at the network layer, therefore there is no need for changes in the upper layers i.e application layer and transport layer.
  • It is transparent to end-users. There is no need for user training, key issuance, and revocation.
  • It is also used in a firewall to protect incoming and outgoing traffic.
  • When IP security is configured to work with the firewall, it becomes only an entry-exit point for all traffic to make it extra secure.

Recommended Articles

This has been a guide to IPSec. Here we discuss the basic concept, modes of operation, protocols, applications, and advantages of IPSec. You may also have a look at the following articles to learn more –

  1. What is NAT?
  2. Authentication Header
  3. SHA Algorithm
  4. Protocol Testing
quiz