IPsec
IP Security, or IPsec, is a set of rules for securing data communications
across a public, untrusted network such as the Internet. It provides the
following:
■ Data confidentiality by encrypting portions of a packet
■ Data integrity by ensuring the packet has not been altered in transit
■ Data source authentication to ensure that the data originated
with a trusted source
■ Anti-replay protection to ensure that packets are not copied
and sent
IPsec standards do not specify exactly how packets should be encrypted or
authenticated; it relies on other protocols to accomplish those functions. For
encryption, it can use Data Encryption Standard (DES), Triple Data Encryption
Standard (3DES), and Advanced Encryption Standard (AES). For authentication,
it can use Hash-based Message Authentication Codes (HMAC). An HMAC
combines a hash function such as Message Digest 5 (MD5) and Secure Hash
Algorithm 1 (SHA-1) with a shared secret key. MD5 uses a 128-bit hash,
whereas SHA-1 uses a 160-bit hash. Only 96 bits of the SHA-1 hash are
used with IPsec, however.
IPsec Headers
IPsec defines two types of headers: Authentication Header and
Encapsulating Security Payload.