session_09_vpn__ipsec__and_tls_101908

Cryptographic algorithms for authentication and

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: dex (SPI) o IP Destination Address o Security Protocol ID, which identifies whether the SA is AH or ESP. • Security Protocols o IP Authentication Header (AH) is used to authenticate. o IP Encapsulated Security Payload (ESP) is used to encrypt and to authenticate. • Cryptographic Algorithms for Authentication and Encryption. o RFC 4305 defines the mandatory, default algorithm for use with AH and ESP and a similar document. RFC 4307 defines the mandatory algorithm for use with IKEv2. Each cryptographic algorithm has a separate RFC. o AES, Triple DES, and other symmetric encryption algorithms are used to encrypt the data. Keyed hash algorithms are used for authentication and integrity. • Key Management Protocols o The key management protocols are described in the Internet Key Exchange (IKEv2), RFC 4306. 15 VPN, IPSec and TLS Security Protocols • IPsec provides mechanisms to provide security services to IP and upper layer protocols (e.g., UDP or TCP). • IPsec protect IP datagrams by defining a method in a SA. • The SA associated with a connection could be Encapsulating Security Payload (ESP), or Authentication Header (AH), but not both. • If both AH and ESP protection are applied to a connection, then two (or more) SAs are created to provide protection to the connection. • To secure typical, bi-directional communication between two hosts, or between two security gateways, two Security Associations (one in each direction) are required. • Both ESP and AH security protocols support two modes of operation: transport or tunnel mode. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 16 • IPsec provides mechanisms to provide security services to IP and upper layer protocols (e.g., UDP or TCP). IPsec protects IP datagrams by defining a security protocol in an SA. The SA associated with a connection could be Encapsulating Security Payload (ESP), or Authentication Header (AH), but not both. If both AH and ESP protection are applied to a connection, then two (or more) SAs are created to provide pro...
View Full Document

Ask a homework question - tutors are online