Technology - IP Techniques 4 - IPsec Security

Synopsis

IP Security (IPsec) is IPv4’s and IPv6’s built-in cryptographic system, for authentication and encryption of each packet’s contents. We discuss IPsec’s header structure, tunnelling to create Virtual Private Networks (VPNs), key-pair generation, hash algorithms, Cyclic Redundancy Checking (CRC) and modes of operation, including AH (Authentication Only), ESP (Encapsulating Security Header) and Tunnel Mode.

Table of Contents

• 1. Synopsis
• 2. Introduction
• 3. IPsec and other standards
  • 3.1 Contrast with SSL/TLS
  • 3.2 Contrast with PGP or GPG
  • 3.3 IPsec in Layer 3
  • 3.4 3rd generation RFC standards
• 4. Symmetrical cryptography
  • 4.1 64 and 128 bit keys
• 5. Public Key cryptography
  • 5.1 Generating the key pair
  • 5.2 Generating and sending the symmetrical key
    • 5.2.1 Internet Key Exchange Protocol (IKE)
    • 5.2.2 IKE authentication mechanisms
    • 5.2.3 IP Compression
• 6. Hash algorithms and integrity checking
  • 6.1 Checksums and Cyclic Redundancy Checking (CRC)
  • 6.2 Cryptographic hashing
• 7. IPsec’s modes of operation
  • 7.1 VPN tunnel applications
  • 7.2 SSL/TLS and NAT firewall compatibility
  • 7.3 AH and ESP
    • 7.3.1 AH Header
    • 7.3.2 ESP Header
  • 7.4 Transport Mode
  • 7.5 Tunnel Mode
    • 7.5.1 ESP in Tunnel Mode
• 8. Weaknesses of IPsec
  • 8.1 Schneier’s and Ferguson’s critique
  • 8.2 IKEv1’s Aggressive Mode compromised
• 9. Related reports