The Development of the Internet Protocol Security - Research Paper Example

Introduction With the rise of internet and increased use of technology it became more difficult for the organizations as well as for individuals to maintain their privacy and secure their data. Since the utility of internet is increasing consistently, it is becoming increasingly important for the organizations to develop and maintain certain protocols that can help organizations to maintain the secrecy of important information such credit card information, customer data, financial transactions etc. Internet protocol is a protocol which is used to make communication between networks with the help of internet protocol suites. Communication across the various networks therefore become more secure and data transmission takes place in encrypted format thus securing the way message is delivered across the internet networks. IP’s main function is to ensure that host network and destination network effectively communicate with each other under a secure environment. IPSEC is therefore a protocol suite that actually secures the Internet Protocol communication between the networks by encrypting and authenticating the data transmitted. This paper will provide a comprehensive analysis of what IPSEC is, how it works, its benefits as well as the kind of services which it can provide. What is IPSec? IPSec is considered as a framework of open standards with major objective of protecting and securing the communication between different networks through encrypting security services. IP Packets have inherently no built in security feature and it is really easy to interfere with these data packets and temper them. This lack of inherent security feature therefore requires that certain frameworks for IPs must be developed so that data is transmitted securely. (Doraswamy & Harkins, 2003) IPSec therefore provides a robust mechanism to provide security to IP and higher layer protocols. Broadband technologies like cable and DSL traverse a network that is untrusted. This network is nothing but the internet. Thus the main important concern or worry about this broadband technology such as virtual private network or VPN is the security. IPSec is the IP security protocol. It facilitates the sending and receiving of packets. These packets are protected cryptographically. It provides two kinds of cryptographic services. Thus IPSec is an Internet Engineering Task Force standard. It defines how a VPN can be set up uisng the IP addressing protocol. It was originally defined in the RFC 2401 to 2412. IPSec is not restricted to any particular encryption, authentication or security algorithm. It is basically an open standard framework. (Watkins & Wallace, 2008). Since IPSec is not restricted or deos not follow any particluar algorithm, it accepts new and enhanced algorithms. It provides data integrity, origin authentication and data confidentiality between the peers that are participating. It creates a secure path between two gateways or between two hosts or between a gateway and a host. (Ferguson & Schneier, 2008). It offers the following protecttion for the VPN traffic. 1. Confidentiality: It provides data confidentiality by encrypting the data. Therefore if a third party or user tries to seize this encrypted data, he cannot do it. This aspect of confidentiality therefore offers great sense of protection to the users regarding the confidentiality of their data besides offering a cutting technology to ensure that data remains confidential. 2. Integrity: It ensures that the data doesn’t get modified while travelling through the network. Here the routers calculate a checksum value at the end of the tunnel. If this checksum matches, then it indicates that the data has not been modified while travelling through the network. This aspect or feature of IPSec therefore ensures that the data is transmitted in an entirely transparent manner and without any significant tampering during transmission. 3. Authentication: Here the users or the parties involved in the conversation can verify their identity. Various authentication mechanisms are used. They are Username and password One time password Biometric technology Preshared keys Digitally signed certificates Above mechanism therefore allow users to particularly understand and know the true identity of the persons they are communicating with. This added feature of authenticity therefore offers network a unique feature to provide additional security to the users regarding the authenticity of the user who log on to the network and communicate through it. Advantages of IPSec 1. IPSec is a universally accepted framework because the relative power and flexibility that it offers. Over the period of time, it has become an international standard due to its ability to provide services to different networks across the world. 2. It is implemented at the network layer of the Open Systems Interconnection model. Thus it is able to protect all the application traffic. This control feature of IPSec is unique because it offers the added facility of controlling as well as protecting the traffic that pass through between the networks. 3. All the implemenations of IPSec contain plaintext Layer3 header, therefore there is no problem with respect to routing. 4. It runs at all the layer 2 protocols. This feature therefore allows its performance remain consistent regardless of the fact that factors like applications, users may affect its performance. 5. Protocols like High level Data Link Control, Synchronous Data Link Control, Frame Relay, Token Ring, Ethernet, ATM work with the IPSec data. This feature provides more flexibility to IPSec and make it truly universal framework to deal with diversified range of protocols. 6. IPSec is scalable therefore it can be applicable to networks of any size. It can even be implemented in global networks without significantly creating operational difficulties. 7. IPSEc outweighs SSL in the following ways 1. Number of applications supported. IPSec supports relatively larger number of applications as compared to SSL thus allowing accommodating different technologies and applications without increasing the costs for end users. 2. Strength of encryption as well as strength of authentication is high as compared to SSL. The encryption is duly validated and authenticate at various stages to ensure that data is transmitted securely over the network. 3. Entire Security structure and environment of IPSec is relatively better than SSL therefore using this framework offers more security as compared to SSL. Thus IPSec not only provides a wide range of security infrastructure but it also scales to a wide range of network. IPSec operates at the layer 3 of the OSI model i.e. it works at the network layer. This makes IPSec transparent to the applications. IPSec uses various protocols to provide these services. The primary protocol used is the IKE (Internet Key Exchange). It provides encryption in between the authenticated peers. For this purpose it uses the encryption keys that change periodically. The Internet Key Exchange protocol allows the administrators to configure these keys as required. (Asadoorian, 2010). IKE employs three methods to set up a secure communication path between the IPSec peers. 1. Main Mode: This mode involves three information exchanges. A peer called as the initiator sends one or more proposals to the other peer. This peer is called as a responder. The data that is exchanged includes a. Supported encryption and authentication protocols b. Key lifetimes The proposal also tells whether a perfect forward secrecy(FPS) should be employed. The 3 main modes are a. Exchange #1: The responder picksup a proposal that the initiator sent. b. Exchange #2: Diffie-Hellman creates a shared key securely. c. Exchange #3: An internet security association and key management protocol (ISAKMP) session is created. This session is secure and is used to settle an IPSed session. 2. Aggressive Mode: This mode acomplishes the same results as the main mode by using three packets only. The first packet is sent by the initiator. This packet contains all the information that is required to setup a security association. Next, the responder sends the second packet. This packet contains the securiy parameters that have been selected by the responder. This packet is used by the responder to authenticate the session. The last packet i.e. the third packet is sent by the initiator. This packet finalizes the authentication of the ISAKMP session. 3. Quick mode: This mode decides about the parameters for the IPSec session. This occurs within the security or the protection provided by the ISAKMP session. These modes indicate the primary stages required to establish an IPSec tunnel. Apart from IKE, IPSec tunnel also relies on the Authentication Header (AH) protocol or the Encapsulating Security Payload (ESP) protocol. Both of them offer the source authentication and integrity services.The main difference between AH and ESP is the encryption suppport that is provided. ESP will encrypt the initial packet. AH does not use encryption. AH and ESP operate in two modes Transport mode and Tunnel mode Let us look at each of these modes Transport mode: This mode uses the original IP header of the packet. It is mostly used for remote access VPN’s where a VPN client connects with the VPN termination device at the main location Tunnel mode: The tunnel mode takes the entire packet. Therefore this packet has a new header whih has the address informatin of the source as well as the destination. This mode is basically used in an IPSec site-to-site VPN. Authentication Header AH attains the authenticity by using a keyed one way has function to the packet. This hash is then merged with the text that has to be transmited. The receiver on the other end will detect the changes in the data that may happen when the packet travels in the network by using the same one-way hash function. It then compares the result of the hash function with that of the sender. This authentciation is ensured because it involves the use of a shared secret key between the two. (Spenneberg, 2003). The process followed is as follows 1. The data payload and the IP header is hashed 2. A new AH header is built by the hash 3. Transmission of new packet happens to the IPSec peer router 4. The peer router now hashes the IP header and the data payload. It pulls out the transmitted hash from the AH header and compares them. These two should match. Even if one bit is changed the AH header does not match. Encapsulating Security Payload It provides confidentiality. This is provided by encrypting the payload. It uses various algoriths that are symmetric. ESP also provides integrity and authentciation of the datagram. It also enforces antireplay protection by asking the receivng host to set the replay bit in the header. The ESP protects the original data because the IP datagram is encrypted. The ESP authentication uses the IP datagram and the ESP header and the trailer in the hashing process. (Cid, 2010) It prepares a new header to the authenticated payload nd uses the new IP address to route the packet through the internet. When ESP and AH both are selected, the encryption will occur first. This order facilitates the rapid detection and rejection of replayed packets or bogus packets. The receiver authentictes the inbound packets before decrypting them therefore it is able to detect problems and is able to reduce the denial-of-service attack. Thus IPSec uses the following set of standard algorithms 1. DES 2. 3DES 3. AES 4. MDS 5. SHA-1 6. DH Conclusion Internet protocol suites provide necessary backbone to any network to ensure that data is transmitted in a manner which is transparent and without any errors or tempering. IPSEC is a robust framework which offers different and unique mechanism to work with different protocols to transmit data across the network. It not only provides added features of confidentiality and integrity of data but also offers advantages such as scalability. The overall robustness of the framework makes it a preferred framework to be used in place of SSL because it can support higher number of applications, its strength of encryption is higher as well as its entire security structure is more robust and agile. Various modes under which IPSec communicate and establish data channels ensure that the traffic remains even and network does not falter due to high traffic volume and large processing times. IPSec is also superior to other internet network protocol frameworks such as SSL because of the ability of IPSec to handle large number of applications as well as offering more robust security environment. Bibliography 1. Asadoorian, P. (2010). An Introduction to IPsec. Retrieved July 29, 2010, from pauldotcom.com: http://pauldotcom.com/IPSEC.pdf 2. Cid, D. B. (2010). Configuring IPSec on PIX. Retrieved July 28, 2010, from http://www.infosecwriters.com: http://www.infosecwriters.com/text_resources/pdf/PIX-IPSec.pdf 3. Doraswamy, N., & Harkins, D. (2003). IPSec:the new security standard for the Internet, intranets, and virtual private networks. New York: Prentice Hall PTR,. 4. Ferguson, N., & Schneier, B. (2008). A Cryptographic Evaluation of IPsec. Retrieved July 29, 2010, from Counterpane Internet Security, Inc: www.counterpane.com 5. Spenneberg, R. (2003). IPsec HOWTO. Retrieved July 28, 2010, from http://www.ipsec-howto.org: http://www.ipsec-howto.org/ipsec-howto.pdf 6. Watkins, M., & Wallace, K. (2008). CCNA Security Official Exam Certification Guide (Exam 640-553). New York: Cisco Press. Read More