This preview shows page 1. Sign up to view the full content.
Unformatted text preview: even in locations where the export, import or use of
encryption to provide confidentiality is regulated. • Encapsulation Security Payload (ESP)
— Provides integrity, authentication, and confidentiality to IP datagrams. Key Management
• Internet Key Exchange IKEv2
— Allows users to agree on authentication methods, encryption
methods, keys to use, and key duration.
— Key exchange could be manual or automated. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 14 • The basic key management mechanism is the Diffie-Hellman key exchange algorithm. IKEv2
supports perfect forward secrecy for keys, identity protection, authentication, user-defined
abstract group structures for use with the Diffie-Hellman algorithm, key updates, and
incorporation of keys distributed via out-of-band mechanisms.
• There are currently two ways to handle key exchange and management within IPsec’s
architecture: manual and automated keying. Both of these methods are mandatory requirements
of IPsec. 14 VPN, IPSec and TLS IP Security Architecture
— • • Encapsulation
Payload Protocol AH is used to authenticate.
ESP is used to encrypt and to
authenticate. Algorithms for encryption and
— Symmetric encryption algorithms.
Keyed hash algorithms. Encryption
Algorithm Key Management Protocols
— IPsec Databases
(SPD, SAD, PAD) ESP/AH
Engine Information shared between two
Gateways on how to secure
communications. Security Protocols
— • Security Policy Database (SPD)
Security Association Database (SAD)
Peer Authorization Database (PAD) Security Associations
— • IP Packets IPsec Databases Authentication
Management Manual and Automated VPN Authentication
Header Protocol IPsec IKE v2 TLS M. Mogollon – 01/08 - 15 • IPsec Databases
o Security Policy Database (SPD)
o Security Association Database (SAD)
o Peer Authorization Database (PAD)
• Security Associations
o Information shared between 2 Gateways on how to secure a communication.
• SAs has three parameters:
o Security Parameter In...
View Full Document
This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.
- Spring '10