Internet Protocol Security (IPsec) is a protocol
suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP
packet of a communication
session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the
session and negotiation of cryptographic
keys to be used during the
session.
Encapsulation Security Payload (ESP) provides
authentication, integrity, and confidentiality, which protect against data
tampering and, most importantly, provide message content protection. ESP
also provides all encryption services in IPSec. Encryption translates a
readable message into an unreadable format to hide the message content. The
opposite process, called decryption, translates the message content from an
unreadable format to a readable message. Encryption/decryption allows only the
sender and the authorized receiver to read the data. In addition, ESP has an
option to perform authentication, called ESP authentication. Using ESP
authentication, ESP provides authentication and integrity for the payload and not
for the IP header.
Authentication
Headers (AH) provides
authentication, integrity, and anti-replay for the entire packet (both the IP
header and the data payload carried in the packet). It does not provide
confidentiality, which means it does not encrypt the data. The data is
readable, but protected from modification. AH uses the HMAC algorithms
described earlier to sign the packet for integrity.
Data Encryption Standard (DES) -
also known as DEA (Data Encryption Algorithm) was one of the most popular forms
of encryption and variants, such as Triple DES/3DES are still considered strong
and fast and are actively used in banking and commerce.
Message Digest 5 (MD5) is a well-known
cryptographic hash function with a 128-bit resulting hash value. MD5 is widely
used in security-related applications, and is also frequently used to check the
integrity of files.
Secure
Hash Algorithm (SHA)
is a hashing algorithm. It is used for password (and other important info)
hashing. SHA is used to create digital signatures of the data. By running the algorithm
on the data, we produce the hash value (also known as signature). If the data
changes in any way, the signature will not match and thus we would know that
the data has been compromised/tampered with. It’s not an encryption algorithm.
SHA cannot be used for encryption. We use SHA1 on earlier versions (before SEE
8.0.0) and SHA2 on SEE 8.0.0 and above for hashing.
Diffie-Hellman (DH) is a specific method of exchanging cryptographic keys. It is a public-key cryptography protocol which
allows two parties to establish a shared secret key used by encryption
algorithms (DES or MD5, for example) over an insecure communications channel.
Reference:
This comment has been removed by a blog administrator.
ReplyDeleteUseful post. This article gave me a quick detail about all the main security mechanism. Each of them is a very powerful scheme and is interesting to study.
ReplyDeletedigital certificates