StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cryptographic Overhead of IPsec Protocol Suit - Research Paper Example

Cite this document
Summary
From the paper "Cryptographic Overhead of IPsec Protocol Suit" it is clear that IPSec is not a single protocol, however, it is a complete suite of protocols and contains a variety of protocols in which each protocol is responsible for performing specific tasks…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.8% of users find it useful
Cryptographic Overhead of IPsec Protocol Suit
Read Text Preview

Extract of sample "Cryptographic Overhead of IPsec Protocol Suit"

?Cryptographic overhead of IPsec Protocol suit By Introduction Today, the communication between networks, that are being established, have a strong need of good security mechanisms in order to ensure the security, integrity, confidentiality and authenticity between two hosts or two networks. The most common services of IPSec (internet protocol security) implementation are VPN (virtual private networking) services utilized on current networks such as the Internet, can ensure the safe transmission of useful data and information over public infrastructure. The reality that the Internet is deficient in security is still undeniable. So to solve this issue researchers are trying to increase the network security at each layer by designing a range of security protocols. The designed protocols include PGP, S/MIME, and SET which are specifically designed to ensure the security of the application layer. In this scenario, SSL/TLS are used on the transport layer. In this race, IPSec is one of the most important security protocol, which is designed for dealing with the network layer security, ensuring the availability of security services like that data source authentication, access control, data confidentiality and integrity and processing data packages on the IP packet layer (Zheng & Zhang, 2009; Meng, et al., 2010). This report presents a detailed analysis of IPSec and associated aspects. IPSec IPSec is a complete suite of protocols, which carry out specific tasks. As discussed above, the basic objective of IPSec is to provide a variety of security facilities to traffic transmitting between a source and destination. In this scenario, a source or destination can be a host or a router. In addition, these facilities can be used for all packets sent or received, or simply to a particular kind of transmission such as FTP or telnet. Figure1 demonstrates how IPSec ensures the security of data transmission between a host and a destination (Clark, 2002): Figure 1IPSec Operation, Image Source: (Clark, 2002) In this diagram a red line is used to demonstrate that IPSec is implemented on the path between the Host B and Router 1. Basically, IPSec provides a variety of security mechanisms for securing transmissions over a network and these mechanisms can be implemented in different ways. Additionally, IPSec can perform operations on particular kind of traffic at the same time as remaining traffic is moved on a defenseless path. This process is clearly mentioned in the figure, in this figure 1 black links are used to demonstrate this kind of communication. A number of separate IPSec protected connections can be established between the two routers and between Host B and Router 1 (Clark, 2002). Implementation of security through IPSec In their paper, (Zheng & Zhang, 2009) provides a detailed discussion on the working of IPSec and the way it ensures the surety of transmission over a network. According to their viewpoint, IPSec implements the security in a network by maintaining the security associations (SAs). In this scenario, a security association is used as a basis to identify the security parameters that will be utilized in data transmission to make it protected, for instance IPSec security protocol, encryption algorithm, hash function and encryption key. Additionally, each security association is typically specified by an exclusive set of parameters such as destination IP address, security parameter index and security protocol. In addition, these associations are established after the negotiation between the communicating hosts in the networks. IPSec is also responsible for maintaining a Security Policy Database (SPD). In fact, a network interface that is established using the IPSec, possesses a pair of Security Policy Database and Security Association Database, which help in processing incoming and outgoing IP packets. One entry of Security Association Database is equal to a security association, on the other hand, Security Policy Database entry refers to a security policy. In this scenario, if the packets are sent to the destination host, the corresponding policy in Security Policy Database is retrieved, if the documented act is to “process” the data transfer (as specified in the security policy), then corresponding Security Associations are retrieved according to the Security Association pointer. In case, if the Security Association does not exist in the Security Association Data base, then a new Security Association is created and stored into the database. Once Security Association has been retrieved from the database, the data packets are processed with the authentication encryption algorithm and security protocol presented in the Security Association. Then the processed data packets are sent to the IP of destination host. In the same way, the receiver side discovers the Security Association consistent with the Security Parameter Index parameter in the datagram, and verifies if retransmission of packets is required. Otherwise, the data is decrypted and authenticated with the protocol specified in the Security Association (Zheng & Zhang, 2009; Cremers, 2011; Wang & Wu, 2010). Benefits of IPSec The research has pointed out some of the major features of IPSec, which make this protocol more robust as compared to other security standards. IPSec allows for transparency as One of IPSec’s noticeable strong points lies in the integration of encryption and authentication methods with robust and full-featured key exchange Algorithms and protocol negotiation features to provide security against vulnerabilities on network layer. IPSec is complete package including both, a tunneling technology and a security technology. It enhances robustness as using tunneling without encryption facilitates no security against many forms of attack. Tunneling for an organization may not be just concerned with securing external routers from dealing with internal addresses. It may also be adopted for hiding those addresses from attackers beyond the firewall. Now days, because of many powerful attacker tools, security mechanisms that perform no authentication of the source and destination of every IP packet may provide worst results than no authentication at all. IPSec real strength lies in the fact the as compared to other standards, it combines tunneling, authentication, and encryption in a package that provide the organizations with a secure route between private networks, or into a network from a trusted host, while traveling right through a public network such as internet. IPSec is a scalable security standard and also promises for interoperability i.e. its spans all the vendors and platform same as IP do (Zheng & Zhang, 2009; Wang, et al., 2010; Degabriele & Paterson, 2010). Limitations of IPSec Some of the key challenges with the IPSec infrastructure are outlined below (Rossberg, et al., 2010; Arkko & Nikander, 2005): IPSec does not ensure identical endwise security for the systems that are functioning at higher levels. Though, with IPSec IP connections can be encrypted between two machines, but it is not applicable for higher level security such as encrypting messages between users or between applications. The research has shown that IPSec is not effective in dealing with a number of security attacks such as DoS attacks. IPSec does not provide effective support against analyzing the unencrypted headers of encrypted packets like that source and target’s gateway addresses and packet size etc. This information can be acquired by attackers with some intelligent tools. References This report has presented a detailed discussion on IPSec and its capabilities in ensuring the secure communication in the network. IPSec is not a single protocol, however it is a complete suite of protocols and contains a variety of protocols in which each protocol is responsible for performing specific tasks. Some of the important protocols that IPSec contains include Encapsulating Security Payload, Authentication Header, Internet key exchange and IP Payload Compression Protocol, which is used optionally. Each protocol plays its part in improving the security, integrity and confidentiality of communication by using different algorithms for encryption and authentication. IPSec is usually implemented by maintaining security associations which are stored in security association database and are retrieved according to the actions specified in the security policies that are stored in security policy database. Though IPSec provides a better, scalable and robust mechanism for ensuring the security in communications, as compared to other standards, but it also has some limitations as it cannot resist DoS attacks. However, there are some strategies that have been proposed and are being followed to improve the effectiveness of IPSec standard. References Arkko, J. & Nikander, P., 2005. Limitations of IPsec policy mechanisms. Berlin, Heidelberg, Springer-Verlag. Clark, D., 2002. Vulnerability’s of IPSEC: A discussion of possible weaknesses in IPSEC implementation and protocols, s.l.: SANS Institute. Cremers, C., 2011. Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. Berlin, Heidelberg, Springer-Verlag. Degabriele, J. P. & Paterson, K. G., 2010. On the (in)security of IPsec in MAC-then-encrypt configurations. New York, ACM. Meng, J. et al., 2010. Towards high-performance IPsec on cavium OCTEON platform. Berlin, Heidelberg, Springer-Verlag. Rossberg, M., Schaefer, G. & Strufe, T., 2010. Distributed Automatic Configuration of Complex IPsec-Infrastructures. Journal of Network and Systems Management, 18(3), pp. 300-326. Wang, H., Bai, G. & Chen, H., 2010. A Gbps IPSec SSL Security Processor Design and Implementation in an FPGA Prototyping Platform. Journal of Signal Processing Systems, 58(3), pp. 311-324. Wang, M.-Y. & Wu, C.-W., 2010. A mesh-structured scalable IPsec processor. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 18(5), pp. 725-731. Zheng, L. & Zhang, Y., 2009. An Enhanced IPSec Security Strategy. 2009 International Forum on Information Technology and Applications, ifita, 2(1), pp. 499-502. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cryptographic overhead of IPsec Protocol suit Research Paper”, n.d.)
Cryptographic overhead of IPsec Protocol suit Research Paper. Retrieved from https://studentshare.org/information-technology/1492876-cryptographic-overhead-of-ipsec-protocol-suit
(Cryptographic Overhead of IPsec Protocol Suit Research Paper)
Cryptographic Overhead of IPsec Protocol Suit Research Paper. https://studentshare.org/information-technology/1492876-cryptographic-overhead-of-ipsec-protocol-suit.
“Cryptographic Overhead of IPsec Protocol Suit Research Paper”, n.d. https://studentshare.org/information-technology/1492876-cryptographic-overhead-of-ipsec-protocol-suit.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cryptographic Overhead of IPsec Protocol Suit

Internetworking IpV6 vs IpV4: Compare and Contrast

The paper analyses the similarities and differences that exists between the two versions of internetworking protocol; IPv4 and IPv6 while stating their major characteristics, advantages as well as their limitations.... A new version of the internetworking protocol, IPv6, was designed to address the service and scalability shortcomings of the previous version, IPv4.... Unfortunately, machines and systems designed to one protocol cannot directly communicate with another machine designed to the other protocol due to the incompatibility between the two protocols....
17 Pages (4250 words) Research Paper

Internet Protocol Security (IPsec)

This report ''Internet protocol Security (IPsec)'' presents an overview of the IPSec technology.... Since the Internet protocol has no built in security feature and the information communicated over the Internet is in the form of plain text, this information is very vulnerable to threats such as unauthorized examination, alteration or exploitation.... urthermore the report discusses how ipsec can be integrated into the existing Internet setup....
11 Pages (2750 words) Report

Anonymity on the Internet

Anonymity can be achieved through various security protocols like Single Socket Layer (SSL) protocol, Secure Hyper Text Transfer protocol (SHTTP) and Transport Layer Security (TLS) protocol among others.... This paper "Anonymity on the Internet " focuses on the fact that anonymity is a major security feature for ensuring confidentiality and security for internet users....
12 Pages (3000 words) Case Study

Computer Sciences and Information Technology: IPSec and Cryptography

The author of the "Computer Sciences and Information Technology: IPSec and Cryptography" paper offers a clear discussion of the major functions of ipsec in relation to the cryptographic functions employed by the protocol suite during the packet exchange process.... he third function of ipsec is data authentication.... The major source of security for the IP network layer is the Internet protocol security (IP sec).... This implies that the security of all the IP packets is granted, regardless of the superiority of the protocol being transported in the packet payloads....
6 Pages (1500 words) Research Paper

Computer networking and management

Constant changes to the network environment and the incredible traffic load from various sources of data request and exchange are challenging and sometime overwhelming to the network manager.... From the various platforms that interact within a network such as the server(s),.... ... ... The advent of sophisticated, packet-level network-management tools allow administrators to determine the types of traffic flowing across their networks, and create security and It is also possible for network managers to restrict or otherwise bock the service for specific types of traffic or threats....
20 Pages (5000 words) Essay

IPSec and Cryptography

The paper "IPSec and Cryptography" offers a clear discussion of the major functions of ipsec in relation to the cryptographic functions employed by the protocol suite during the packet exchange process.... The third function of ipsec is data authentication.... The major source of security for the IP network layer is the Internet protocol security (IP sec).... This implies that the security of all the IP packets is granted, regardless of the superiority of the protocol being transported in the packet payloads....
6 Pages (1500 words) Essay

Cryptographic Protocols: Kerberos and IPSec

PSec Protocol ipsec protocol has been designed to provide integrity, verification or authentication, and confidentiality in a network.... On a theoretical level (Snader,2006), ipsec protocol is designed to protect or provide security for IP-based network traffic, while on a practical level the protocol is used to encrypt data so that it cannot be 'cracked' and then subsequently altered or read (Carmouche, 2007).... IPSec: Security Architecture for IP NetworkIPSec Sub-protocols ipsec protocol is made up of two protocols: AH (Authentication Header) and ESP (Encapsulating Security Payload) which can be used together or separately....
6 Pages (1500 words) Assignment

IP-SEC Site to Site VPN Connectivity

Today, they have been replaced by Virtual Private Networks based on Networks and MPLS (Multiple protocol Label Switching) networks.... This article "IP-SEC Site to Site VPN Connectivity" presents Site-to-site virtual private networks (VPN) tunnels that have been adopted for secure data, voice, and video transmission between two areas or sites, for example, branches or offices....
11 Pages (2750 words) Article
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us