StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

IPSec and Cryptography - Essay Example

Cite this document
Summary
The paper "IPSec and Cryptography" offers a clear discussion of the major functions of IPsec in relation to the cryptographic functions employed by the protocol suite during the packet exchange process. The paper further discusses the limitations of the IPsec in relation to the used algorithms and attacks against IPsec…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.5% of users find it useful
IPSec and Cryptography
Read Text Preview

Extract of sample "IPSec and Cryptography"

Running head: Research Paper, Computer Sciences and Information Technology Research Paper, Computer Sciences and Information Technology IPSec and Cryptography Introduction The major source of security for the IP network layer is the Internet protocol security (IP sec). This implies that the security of all the IP packets is granted, regardless of the superiority of the protocol being transported in the packet payloads. When using the internet security protocol, the applications do not require further reengineering. This is because; the security offered by the IPsec can be made transparent to final users. IPsec is very vital since it offers numerous solutions to virtual private Networking (VPN), by giving communication security against untrusted network like the internet. Cryptography refers to the change of plaintext information into a coded form. The aim of cryptography is to offer the necessary security and frontier access to private information. This paper offers a clear discussion of the major functions of IPsec in relation to the cryptographic functions employed by the protocol suite during the packet exchange process. The paper further discusses the limitations of the IPsec in relation to the used algorithms and attacks against IPsec. Functions of IPsec There are numerous functions that the IPsec performs. First, the IPsec is used for data confidentiality. The function is achieved by the IP sec sender encrypting the data packets prior to sending them to another network. The second function is data integrity. This requires the IPsec receiver to authenticate the data packets received from the IPsec sender in order to guarantee the safety of the received data packets. The third function of IPsec is data authentication. This enables the IP sec receiver to confirm the origin of the sent IPsec packets, although the success of this function relies on the data service. The replay function is the fourth function played by the IPSec (Pachghare, 2009). In the execution of this function the IP sec receiver is capable of sensing and eliminating the repeated packets. The above services are offered at the IP layer, thus they can be employed at any upper layer protocol. Such as TCP, UDP, and ICMP, just to mention a few. The IP DOI is also responsible for the provision of the IP compression; this is achieved through the encryption that is done in the IPsec. This hinders sufficient compression by the lower protocol layers (Elkelany, 2002). At the IP layer, the IPsec offers the necessary security that allows the system to choose the suitable security protocols, establish the algorithms to be employed for the task and reorganize the cryptographic keys needed to offer the application. IPsec are capable of providing sufficient security to more than one path between a protection gateway and host (Pachghare, 2009). IP sec can establish the areas that are susceptible to attacks, thus providing the necessary security. This is achieved by configuring admission lists that are further interfaced in the crypto map sets (Pachghare, 2009). At this point the traffic may be chosen in basing on the origin and destination. There can be several users on a particular traffic, and at the same time the crypto map set might have several admission lists. In order to guarantee the security, a specific sequence must be employed when searching the crypto maps. The traffic usually tries to match the packet in order to gain admittance. When packet gain admittance to a specific data list, the corresponding crypto map is marked as Cisco and the required connections made. IPsec is usually activated whenever the crypto connection is marked as ipsec-isakmp. In the absence of the SA that the IPsec can use to provide the protection to the affected routes, the Internet Key Exchnage (IKE) is usually used to discuss with the secluded users in order to come up with the required IP sec to facilitate the smooth streaming of information. The discussions are usually based on the data specified in the crypto map and the specified access entries. Additionally, IPsec is activated when the crypto map access is marked as IPsec-manual. In the absence of the SA to be used by the IPsec to offer the protection to the affected traffic, the traffic is always terminated. In such instances the SAs are always installed through the configuration minus the intervention of the IKE (Joshi, 2008). Limitations of IPsec in Relationship to the Algorithms Its Uses IPsec has been used as the major source of IP network security. Although the IPsec is broadly used, there are several limitations linked to the system in relation to the algorithms it uses. First, in setting up the system, numerous knobs and settings are involved. This makes the entire system a complicated suite of protocol. The major source of the complications is that the IPsec offers the means, and not the strategy which makes it hard for some users. In comparison to other systems, IPsec has more features which contribute to it being hard to execute and require more supports, thus making it expensive. Additionally, the system also entails the use of some interoperability issues whereby several IPsec executions have failed to adhere to the principles and share the issues affecting them among themselves. This has made it hard to reach for the solutions to these problems affecting the system (Schmeh, 2003) The IPsec constructed using the standard IPsec may be hard to scale due to the need for the provision for the IPsec tunnels between the pairs of VPN gateways. At the same time, it is hard to scale vibrant multipoint VPNs using the IP sec site-to -site VPVs using the IPsec tunnels. This implies that the success of the IPsec will call for the more scalability (Loshin, 2003). IPsec is usually used as a data security measure, but in order to guarantee the effective security of the IPsec VPNs, it always essential to involve the digital signature authentication. This offers permission to install Public Key Infrastructure (PKI) that requires proper management. This implies that the IPsec cannot be effective without the digital signature. In an IPsec site-to-site VPN, it is true that the routing is dynamic, especially when using the point-to-point IPSec tunnel configuration. This makes the system more complicated than in an MPLS layer 3 VPN. Each individual IPsec VPN gateway ought to be an IP routing peer of another IPsec VPN gateway; this is applicable for fully meshed connectivity. Each Customer Edge (CE) router is a VPN is an IP routing peer that has an in depended direct link to the VPN. In instances with meshed connectivity having dynamic multiple VPN, spoke site routers do not qualify to be routing peers to any other spoke site routers apart from the hub site route (Joshi, 2008). Basing on the current situation, the IP sec does not offer support for multicast and multi-protocol traffic. This limitation offers a chance for the use of the Generic Routing Encapsulation (GRE) tunnels or the Virtual Tunnel Interfaces (VTI). IPsec can also cause the overworking of the CPU in terms of the VPN gateways. This is because it involves the packet encryption/ decryption and authentication processing (Joshi, 2008). Existing Work on IPsec Cryptographic Overhead(s) In terms of literature review, there are limited studies done on IPSec cryptographic overheads. This is evident in terms of the limited number of the existing works. It has been noted that none of the existing work contains all the security algorithms that are currently in use. The existing work also does not offer the specific implications of the system. This is because; on various platforms most aspects of the system have not been addressed. Elkeen asserts that in order to achieve data confidentiality of the IPsec overhead cryptographic, Data Encryption Standards (DES) was the best approach (Elkeelany, 2002). Eskeen also asserts that secure authentication is granted whenever the IPsec is incorporated in the Message Digest (MD5) and Secure Hash Algorithm 1 (SHA-1). Further studies done by Miltcheve et al mainly considered the Advanced Encryption Standards (AES). In their studies they acted as a reference point in relation to the functionality of the IPsec in an Open BSD system. The study also addressed the importance of employing hardware accelerators in order to enhance the cryptographic processing. The scarcity of information of the IPsec cryptographic overheads is an implication that there is need for further research on the same (Miltchev & Keromytis, 2002). Key Attacks against IPsec There are various attacks against IPsec, for instance, the Initializing Vector (IV) aims at the modification of the CBC-encrypted packet during transmission. The IV attacks against IPsec very serious if used carelessly. Therefore while using the IPsec it is necessary to have the defense mechanisms against such attacks. IV attacks pose a huge security risk of the CBC encryption approach of block ciphers that are employed in IPsec. The IV attacks are mainly unauthenticated in CBC encryption. This enables the attacker to take charge of the first block of the decrypted plain text and modifying the IV. At this instance is where cryptographic is essential since when the data is coded it will be resistant to the attack (Miltchev & Keromytis, 2002). Conclusion Currently wireless systems have become the major data transmission channels. This has led to increased information insecurity. The introduction of the IPsec and cryptographic aimed at increasing the information security. Various cryptographic algorithms such as Data Inscription Standards (DES) and Advanced Encryption Standards (AES) just to mention a few have been used together with the IPsec. These systems have worked perfectly, but there is need for further research on the systems in order to assure total security, since the instances of data insecurity still exist. References Elkeelany, O, 2002, ‘Performance Analysis of IPSec Protocol: Encryption and Authentication’, IEEE Communications Conference (ICC 2002), pp. 1164-1168. Joshi, J. B. D2008. Network security knows it all. Amsterdam, Morgan Kaufmann/Elsevier. Loshin, P, 2003, IPv6 Theory, Protocol, and Practice, 2nd Edition. Burlington: Elsevier. Miltchev, S & Keromytis, A, 2002, ‘A Study of the Relative Costs of Network Security Protocols’Proc.’ USENIX 2002 Annual Thnical Conference, Monterey, CA. Pachghare, V, 2009, Cryptography and information security. New Delhi, PHI Learning. Schmeh, K, 2003, Cryptography and public key infrastructure on the Internet, Chichester, England, J. Wiley. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(IPSec and Cryptography Essay Example | Topics and Well Written Essays - 1250 words - 1, n.d.)
IPSec and Cryptography Essay Example | Topics and Well Written Essays - 1250 words - 1. https://studentshare.org/information-technology/1801100-ipsec-and-cryptography
(IPSec and Cryptography Essay Example | Topics and Well Written Essays - 1250 Words - 1)
IPSec and Cryptography Essay Example | Topics and Well Written Essays - 1250 Words - 1. https://studentshare.org/information-technology/1801100-ipsec-and-cryptography.
“IPSec and Cryptography Essay Example | Topics and Well Written Essays - 1250 Words - 1”. https://studentshare.org/information-technology/1801100-ipsec-and-cryptography.
  • Cited: 0 times

CHECK THESE SAMPLES OF IPSec and Cryptography

Cryptography Attacks in the US

cryptography Attacks Name: Institution: cryptography is a science of communication that specializes in secure communication in the presence of a third party commonly referred to as adversaries.... hellip; cryptography is a science of secure communication using unique codes to disguise the information thereby making it inaccessible by third parties....
5 Pages (1250 words) Research Paper

Data Encryption and Authentication Methods

lassification based on keys : cryptography is the process of disguising data as cipher text before sending it over a network.... Internet has today become the easiest and most convenient form of communication between individuals, corporates and even governments.... With growth in volumes of data, come security problems....
5 Pages (1250 words) Term Paper

Differentiate between the different types of cryptographic algorithms

In cryptography, a key refers to a… There are various forms of classifying Cryptographic algorithms.... In cryptography, a key refers to a sequence of bits which long and used in decryption or encryption algorithms.... These are secret key cryptography, public key cryptography and hash functions (Schneier, 2007).... he second cryptographic algorithms are the public key cryptography.... It is also known as asymmetric key cryptography....
1 Pages (250 words) Essay

Is DES cipher not security anymore

?cryptography and network security: principles and practice.... This is particularly because DES is a weak, old and broken encryption algorithm that is highly susceptible to brute force attacks (Curtin, Dolske, 1998, p.... ).... For example, the DES cryptanalysis… arried out by Electronic Frontier Foundation (EFF) in 1998 revealed that given a finite time, DES can easily be cracked by a modestly financed adversary....
1 Pages (250 words) Essay

Cryptographic Failures and Challenges

cryptography is a technique used in keeping and passing on information in a particular outline such that, only for whom the data is proposed can understand and process it.... The error enabled Cryptographic Failures and Challenges Affiliation cryptography is a technique used in keeping and passing on information in a particular outline such that, only for whom the data is proposed can understand and process it.... In conclusion, cryptography is very vital as it invention was meant on secrecy and, therefore, there should be some ways of ensuring that they uphold their mandate....
1 Pages (250 words) Assignment

Cryptography Attacks

The paper "cryptography Attacks" presents detailed information, that cryptography is a science of communication that specializes in secure communication in the presence of a third party commonly referred to as adversaries.... According to the Oxford English dictionary....
5 Pages (1250 words) Research Paper

How Do You Keep a Secret: the History of Cryptography

… The paper "How Do You Keep A Secret: the History of cryptography" is a delightful example of a history essay.... cryptography has been used for a long time and it has reached the level of encryption now, where the trapdoors are such that it is next to impossible for code breakers to decipher the message without knowing the key.... The paper "How Do You Keep A Secret: the History of cryptography" is a delightful example of a history essay....
1 Pages (250 words) Essay

Cryptography and Information Assurance

… The paper " cryptography and Information Assurance" is a  remarkable example of an assignment on information technology.... The paper " cryptography and Information Assurance" is a  remarkable example of an assignment on information technology....
16 Pages (4000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us