IPsec

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network. It is used in virtual private networks (VPNs). In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network. It is used in virtual private networks (VPNs). IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection. The initial IPv4 suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end security scheme, while some other Internet security systems in widespread use operate above layer 3, such as Transport Layer Security (TLS) and Secure Shell (SSH), both of which operate at the Application layer. IPsec can automatically secure applications at the IP layer. Starting in the early 1970s, the Advanced Research Projects Agency sponsored a series of experimental ARPANET encryption devices, at first for native ARPANET packet encryption and subsequently for TCP/IP packet encryption; some of these were certified and fielded. From 1986 to 1991, the NSA sponsored the development of security protocols for the Internet under its Secure Data Network Systems (SDNS) program. This brought together various vendors including Motorola who produced a network encryption device in 1988. The work was openly published from about 1988 by NIST and, of these, Security Protocol at Layer 3 (SP3) would eventually morph into the ISO standard Network Layer Security Protocol (NLSP). From 1992 to 1995, various research groups improved upon SDNS's SP3. In 1992, the US Naval Research Laboratory (NRL) began the SIPP project to research and implement IP encryption. In December 1993, the experimental Software IP Encryption Protocol (swIPe) was developed on SunOS at Columbia University and AT&T Bell Labs by John Ioannidis and others. Funded by the White House in 1993, Wei Xu at Trusted Information Systems (TIS) followed the swIPe research, enhanced the IP security protocols and developed the device driver of Data Encryption Standard. By December 1994, his team released the TIS Gauntlet Firewall product with the integrated 3DES hardware encryption and provided commercial IP Security at over T1 speeds, securing networks between the US East and West coasts. During this period the Internet Engineering Task Force (IETF) IP Security Working Group formed to standardize these efforts as an open, freely available set of security extensions, called IPsec. In 1995, the working group published RFC-1825 through RFC-1827 with the NRL having the first working implementation. The IPsec is an open standard as a part of the IPv4 suite. IPsec uses the following protocols to perform various functions: The Security Authentication Header (AH) is derived partially from previous IETF standards work for authentication of the Simple Network Management Protocol (SNMP) version 2. Authentication Header (AH) is a member of the IPsec protocol suite. AH ensures connectionless integrity by using a hash function and a secret shared key in the AH algorithm. AH also guarantees the data origin by authenticating IP packets. Optionally a sequence number can protect the IPsec packet's contents against replay attacks, using the sliding window technique and discarding old packets. AH operates directly on top of IP, using IP protocol number 51.