Understanding IP Security Architecture requires in-depth knowledge about IP Security basics. IP Security (IPSec) is primarily a group of communication rules or protocols utilized to set up secure network connections. On the internet, we have the common standard called the internet protocol that governs how data travels across the internet. IPSec upgrades the overall protocol security by providing features like encryption and authentication. IPSec helps in ensuring that the data is encrypted at the source and decrypted at the destination. Moreover, it also performs verification of the data source.
In this blog, let us study all about IP Security, its architecture, and the main protocols and components associated with it.
IP Security Definition
IP Security is a suite of protocols and algorithms to make sure that the data transmits over the network in a secure manner. The protocols were developed in the mid-1990s by the Internet Engineering Task Force to offer protection at the IP layer through complete encryption and authentication of IP network packets. Mainly, it is utilized to protect sensitive information like medical records, corporate communication, and financial transactions as they travel across the network.
IP Security Architecture
The architecture mainly depends on two protocols to ensure the security of traffic and data flow over the entire network. Commonly, these protocols are referred to as AH and ESP, i.e., Authentication Header and Encapsulation Security Payload respectively. It includes aspects such as algorithms, protocols, key management, and DOI. All these components are extremely important in order to make sure that the three main services are provided:
- Authentication
- Integration
- Confidentiality
Now, let us see the main components of the IPSec architecture-
1. Architecture:
It covers all the general definitions, concepts, algorithms, protocols, and security needs of the IP security technology.
2. ESP Protocol:
ESP, i.e., Encapsulation Security Payload covers all services of confidentiality. ESP can be executed in one of the following techniques:
- ESP with Authentication
- ESP with optional authentication
The ESP packet structure consists of some essential components-
- Security Parameter Index (SPI): This parameter is primarily utilized by a set of specifications called Security Association. It is utilized to provide a unique number to the connection established between the server and the client.
- Sequence Number: Unique sequence numbers are provided to each packet so that at the receiver side, packets can be properly organized.
- Payload Data: It refers to all the information, data, and message to be transmitted over the network. It usually appears in an encrypted format to achieve confidentiality.
- Padding: Extra bits of space can be included in the original message in order to ensure total confidentiality. Padding length refers to the overall size of added bits of space present in the original message.
- Next Header: Next header refers to the actual information or payload next in line.
- Authentication Data: In the protocol packet format of ESP, the authentication data appears as an optional field.
- Encryption Algorithm: It is basically the document that describes numerous encryption algorithms utilized for encapsulation security payload.
3. AH Protocol:
AH (Authentication Header) protocol provides both integrity and authentication services. Authentication Header is executed in one way only: Authentication combined with integrity. There is an authentication header in IP Security architecture that encompasses general issues and packet format associated with the utilization of AH with packet integrity and authentication.
4. Authentication Algorithm:
The authentication algorithm contains a group of documents that describes authentication algorithms relevant to AH and ESP.
5. DOI (Domain of Interpretation):
DOI is the identifier that provides support to both ESP and AH protocols. It consists of values required for documentation associated with them.
6. Key Management:
Key management comprises a document that entails information related to the exchange of keys between sender and receiver.
IPSec Protocols
The IPSec protocols leverage a format known as Request for Comments (RFC) to establish the requirements for the network security standards. RFC standards are leveraged throughout the internet to provide important data that empowers users to create, develop, maintain, and manage the network. Here are the few necessary IPSec Protocols:
IP AH:
AH is basically defined in RFC 4302. It provides services like data integrity and transport protection. Designed to be specified in an IP packet, it comprises authentication information and protects the content from tampering.
IP ESP:
It is included in RFC 4303 standard and provides integrity, authentication, and confidentiality through IP packet encryption.
IKE:
Specified in RFC 7296, it is a protocol that allows two devices or systems to set up a secure channel over a risk-prone network. The protocol utilizes a series of key exchanges to generate a sort of well-protected tunnel through which encrypted data can be transferred between server and client.
Internet Security Association and Key Management Protocol (ISAKMP):
It is defined as an integral part of the RFC 7296 and IKE protocol. Basically, a framework that consists of authentication, key establishment, and negotiation of security association that ensures safe exchange between IP layer and packets. Here, each SA defines a connection in a single direction, i.e., from a single host to another.
How Does IPSec Work?
There are five key steps that defines how IPSec operates:
Recognition of Host
The process of IPSec starts when a host system finds out that a packet requires security and must be transferred via IPSec policies. For the purpose of IP Security architecture, such packets are referred to as “interesting traffic”. For outgoing packets, appropriate encryption and authentication is applied. For incoming packets, IPSec verifies that all the packets are well-encrypted and authenticated.
IKE Phase 1 (or Negotiation)
After host recognition, IPSec negotiates the policies it requires to set up a secure circuit. Mainly, it is used for defining the way IPSec will authenticate or encrypt the information sent across the communication channel. The negotiation process happens via two modes i.e. main mode or aggressive mode. The main mode is a lot more secure than the aggressive mode primarily due to the fact that it establishes a more secure communication tunnel.
IKE Phase 2
The main purpose of IKE Phase 2 is to set up IPSec SAs, which are vital for the encrypted exchange of data. These SAs basically determine the details of the decryption and encryption process. It includes details like which algorithms to use and how keys must be managed. In this stage, the hosts also carry out cryptographic nonces, which are just random numbers utilized to authenticate sessions.
IPSec Transmission
By now, IPSec has already established a secure communication channel. So, in this stage, hosts carry out data exchange through this tunnel. The SAs that were established earlier are utilized to ensure the encryption and decryption of packets.
IPSec Termination
Now, in the last stage, the IPSec tunnel is eliminated. Normally, this takes place after the previously defined number of bytes have already been transferred or session time occurs. In either of these two events, the session is either terminated or hosts communicate among themselves. After the process of termination, the hosts lose private keys acquired during the process of data transmission.
Conclusion
IPSec ensures the authentication and encryption of data packets that are transferred over both IPV-4 and IPV-6-driven networks. It is used for safeguarding crucial and confidential data like financial transactions, corporate records, medical information, etc. The blog explores all the fundamentals related to IP Security architecture. It also details all the protocols associated with IPSec and the steps involved in its implementation.
Related Posts
PHP Script to Securely Manage Server Services Remotely
Why Cybersecurity In The Cloud Era: Unprecedented Importance Explained