University of Wisconsin
Internet Key Exchange (IKE)
IP is not Secure!
IP protocol was designed in the
late 70s to early 80s
Part of DARPA Internet Project
IPSec In Depth
Encapsulated Security Payload
Must encrypt and/or authenticate in each
Encryption occurs before authentication
Authentication is applied to data in the
IPSec header as well as the data contained
IPSec: Authentication Header,
Encapsulating Security Payload
CSCI 5931 Web Security
Set of security services offered by IPSec include
Data origin authentication
Protection against replay
Modes of Operation
To establish a secure IPSEC connection two
nodes must execute a key agreement
The sub-protocol of IPSEC that handles key
negotiations is called IKE (Internet Key
First, assume two nodes have agreed on
IP security security built into the IP layer
Provides host-to-host (or router-to-router)
encryption and authentication
Required for IPv6, optional for IPv4
Comprised of two parts:
IPSEC proper (authenticat
Internet Protocol Security
An Overview of IPSec
What Security Problem?
Security at What Level?
IPSec Security Services.
Modes of operation.
IPSec Security Protocols.
Outbound/Inbound IPSec Processing.
Chapter 13 IPsec
IPsec (IP Security)
A collection of protocols used to create VPNs
A network layer security protocol providing
cryptographic security services that can support
various combinations of authentication, integrity,
access control, and confid