In
computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
, Internet Protocol Security (IPsec) is a secure network
protocol suite
The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoc ...
that
authenticates and
encrypts
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
packets of data to provide secure encrypted communication between two computers over an
Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
...
network. It is used in
virtual private networks (VPNs).
IPsec includes protocols for establishing
mutual authentication
Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some prot ...
between agents at the beginning of a
session and negotiation of
cryptographic key
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
s to use during the session. IPsec can protect data flows between a pair of hosts (''host-to-host''), between a pair of security gateways (''network-to-network''), or between a security gateway and a host (''network-to-host'').
IPsec uses cryptographic security services to protect communications over
Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
...
(IP) networks. It supports network-level peer authentication,
data origin authentication
In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message. Message authentica ...
,
data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
, data confidentiality (
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
), and replay protection (protection from
replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s).
The initial
IPv4 suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a
layer 3
In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers.
Functions
The network layer provides the means of transfe ...
OSI model
The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of SOstandards development for the purpose of systems interconnection'. In the OSI reference model, the communications ...
or
internet layer
The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destinat ...
end-to-end security scheme. In contrast, while some other Internet security systems in widespread use operate above the
network layer
In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers.
Functions
The network layer provides the means of tran ...
, such as
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(TLS) that operates above the
transport layer
In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...
and
Secure Shell
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on ...
(SSH) that operates at the
application layer
An application layer is an abstraction layer that specifies the shared communications protocols and Interface (computing), interface methods used by Host (network), hosts in a communications network. An ''application layer'' abstraction is speci ...
, IPsec can automatically secure applications at the
internet layer
The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destinat ...
.
History
Starting in the early 1970s, the
Advanced Research Projects Agency
The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.
Originally known as the Adv ...
sponsored a series of experimental
ARPANET encryption devices
The ARPANET pioneered the creation of novel encryption devices for packet networks in the 1970s and 1980s, and as such were ancestors to today's IPsec architecture, and High Assurance Internet Protocol Encryptor (HAIPE) devices more specifically ...
, at first for native
ARPANET
The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite. Both technologies became the technical fou ...
packet encryption and subsequently for
TCP/IP
The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
packet encryption; some of these were certified and fielded. From 1986 to 1991, the
NSA
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
sponsored the development of security protocols for the Internet under its Secure Data Network Systems (SDNS) program. This brought together various vendors including
Motorola
Motorola, Inc. () was an American multinational telecommunications company based in Schaumburg, Illinois, United States. After having lost $4.3 billion from 2007 to 2009, the company split into two independent public companies, Motorol ...
who produced a network encryption device in 1988. The work was openly published from about 1988 by
NIST and, of these, ''Security Protocol at Layer 3'' (SP3) would eventually morph into the ISO standard Network Layer Security Protocol (NLSP).
From 1992 to 1995, various groups conducted research into IP-layer encryption.
*1. In 1992, the US
Naval Research Laboratory
The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
(NRL) began the
Simple Internet Protocol Plus
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv ...
(SIPP) project to research and implement IP encryption.
*2. In 1993, at
Columbia University
Columbia University (also known as Columbia, and officially as Columbia University in the City of New York) is a private research university in New York City. Established in 1754 as King's College on the grounds of Trinity Church in Manhatt ...
and
AT&T Bell Labs
Nokia Bell Labs, originally named Bell Telephone Laboratories (1925–1984),
then AT&T Bell Laboratories (1984–1996)
and Bell Labs Innovations (1996–2007),
is an American industrial research and scientific development company owned by mult ...
, John Ioannidis and others researched the software experimental
Software IP Encryption Protocol (swIPe) on
SunOS.
*3. In 1993, Sponsored by Whitehouse internet service project, Wei Xu at
Trusted Information Systems
Trusted Information Systems (TIS) was a computer security research and development company during the 1980s and 1990s, performing computer and communications (information) security research for organizations such as NSA, DARPA, ARL, AFRL, SPAWAR ...
(TIS) further researched the Software IP Security Protocols and developed the hardware support for the
Triple DES
In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...
, which was coded in the
BSD
The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
4.1 kernel and supported both x86 and SUNOS architectures. By December 1994, TIS released their
DARPA
The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.
Originally known as the Ad ...
-sponsored
open-source Gauntlet Firewall product with the integrated
3DES hardware encryption at over
T1 speeds. It was the first-time using IPSec VPN connections between the east and west coast of the States, known as the first commercial IPSec VPN product.
*4. Under NRL's
DARPA
The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.
Originally known as the Ad ...
-funded research effort, NRL developed the
IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
standards-track specifications (RFC 1825 through RFC 1827) for IPsec, which was coded in the BSD 4.4 kernel and supported both
x86
x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was intr ...
and
SPARC
SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system develope ...
CPU architectures.
NRL's IPsec implementation was described in their paper in the 1996
USENIX Conference
The USENIX Annual Technical Conference (USENIX ATC, or, canonically, USENIX) is a conference of computing professions sponsored by the USENIX association. The conference includes computing tutorials, and a single track technical session for presen ...
Proceedings. NRL's open-source IPsec implementation was made available online by
MIT
The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the m ...
and became the basis for most initial commercial implementations.
The
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
(IETF) formed the IP Security Working Group in 1992 to standardize openly specified security extensions to IP, called ''IPsec''. In 1995, the working group organized a few of the workshops with members from the five companies (TIS,
Cisco
Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
, FTP, Checkpoint, etc.). During the IPSec workshops, the NRL's standards and Cisco and TIS' software are standardized as the public references, published as RFC-1825 through RFC-1827.
Security architecture
The IPsec is an
open standard as a part of the IPv4 suite. IPsec uses the following
protocol
Protocol may refer to:
Sociology and politics
* Protocol (politics), a formal agreement between nation states
* Protocol (diplomacy), the etiquette of diplomacy and affairs of state
* Etiquette, a code of personal behavior
Science and technolog ...
s to perform various functions:
[
]
*
Authentication Headers (AH) provides connectionless
data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
and
data origin authentication
In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message. Message authentica ...
for IP
datagrams
A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The deliv ...
and provides protection against
replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s.
*
Encapsulating Security Payloads (ESP) provides
confidentiality
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
Legal confidentiality
By law, lawyers are often required ...
, connectionless data integrity, data origin
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.
*
Internet Security Association and Key Management Protocol Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing Security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication an ...
(ISAKMP) provides a framework for authentication and key exchange,
[The ]Internet Key Exchange
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exch ...
(IKE), RFC 2409, §1 Abstract with actual authenticated keying material provided either by manual configuration with
pre-shared keys,
Internet Key Exchange
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exch ...
(IKE and IKEv2),
Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY
DNS records.
The purpose is to generate the
security associations (SA) with the bundle of algorithms and parameters necessary for AH and/or ESP operations.
Authentication Header
The Security Authentication Header (AH) was developed at the
US Naval Research Laboratory
The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
in the early 1990s and is derived in part from previous IETF standards' work for authentication of the
Simple Network Management Protocol
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...
(SNMP) version 2. Authentication Header (AH) is a member of the IPsec protocol suite. AH ensures connectionless
integrity
Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values.
In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...
by using a
hash function
A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually ...
and a secret shared key in the AH algorithm. AH also guarantees the data origin by
authenticating
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proof (truth), proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In ...
IP
packet
Packet may refer to:
* A small container or pouch
** Packet (container), a small single use container
** Cigarette packet
** Sugar packet
* Network packet, a formatted unit of data carried by a packet-mode computer network
* Packet radio, a fo ...
s. Optionally a sequence number can protect the IPsec packet's contents against
replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s, using the
sliding window
A sliding window protocol is a feature of packet-based data transmission protocols. Sliding window protocols are used where reliable in-order delivery of packets is required, such as in the data link layer ( OSI layer 2) as well as in the Tran ...
technique and discarding old packets.
* In
IPv4, AH prevents option-insertion attacks. In
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, AH protects both against header insertion attacks and option insertion attacks.
* In
IPv4, the AH protects the IP payload and all header fields of an
IP datagram
A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The deli ...
except for mutable fields (i.e. those that might be altered in transit), and also IP options such as the IP Security Option (RFC 1108). Mutable (and therefore unauthenticated) IPv4 header fields are
DSCP/
ToS,
ECN, Flags,
Fragment Offset,
TTL
TTL may refer to:
Photography
* Through-the-lens metering, a camera feature
* Zenit TTL, an SLR film camera named for its TTL metering capability
Technology
* Time to live, a computer data lifespan-limiting mechanism
* Transistor–transistor lo ...
and
Header Checksum
A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
.
* In
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, the AH protects most of the IPv6 base header, AH itself, non-mutable extension headers after the AH, and the IP payload. Protection for the IPv6 header excludes the mutable fields:
DSCP,
ECN, Flow Label, and Hop Limit.
AH operates directly on top of IP, using
IP protocol number 51.
The following AH packet diagram shows how an AH packet is constructed and interpreted:
; ''Next Header'' (8 bits) : Type of the next header, indicating what upper-layer protocol was protected. The value is taken from the
list of IP protocol numbers
This is a list of the IP protocol numbers found in the field ''Protocol'' of the IPv4 header and the ''Next Header'' field of the IPv6 header. It is an identifier for the encapsulated protocol and determines the layout of the data that immediately ...
.
; ''Payload Len'' (8 bits) : The length of this ''Authentication Header'' in 4-octet units, minus 2. For example, an AH value of 4 equals 3×(32-bit fixed-length AH fields) + 3×(32-bit ICV fields) − 2 and thus an AH value of 4 means 24 octets. Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This restriction does not apply to an ''Authentication Header'' carried in an IPv4 packet.
; ''Reserved'' (16 bits) : Reserved for future use (all zeroes until then).
; ''Security Parameters Index'' (32 bits) : Arbitrary value which is used (together with the destination IP address) to identify the
security association of the receiving party.
;
''Sequence Number'' (32 bits) : A
monotonic
In mathematics, a monotonic function (or monotone function) is a function between ordered sets that preserves or reverses the given order. This concept first arose in calculus, and was later generalized to the more abstract setting of ord ...
strictly increasing sequence number (incremented by 1 for every packet sent) to prevent
replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s. When replay detection is enabled, sequence numbers are never reused, because a new security association must be renegotiated before an attempt to increment the sequence number beyond its maximum value.
; ''Integrity Check Value'' (multiple of 32 bits) : Variable length check value. It may contain padding to align the field to an 8-octet boundary for
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, or a 4-octet boundary for
IPv4.
Encapsulating Security Payload
The IP Encapsulating Security Payload (ESP) was developed at the
Naval Research Laboratory
The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
starting in 1992 as part of a
DARPA
The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.
Originally known as the Ad ...
-sponsored research project, and was openly published by
IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
SIPP Working Group drafted in December 1993 as a security extension for SIPP. This
ESP
ESP most commonly refers to:
* Extrasensory perception, a paranormal ability
ESP may also refer to:
Arts, entertainment Music
* ESP Guitars, a manufacturer of electric guitars
* E.S. Posthumus, an independent music group formed in 2000, ...
was originally derived from the US Department of Defense
SP3D protocol, rather than being derived from the ISO Network-Layer Security Protocol (NLSP). The SP3D protocol specification was published by
NIST in the late 1980s, but designed by the Secure Data Network System project of the
US Department of Defense
The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national sec ...
.
Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin
authenticity
Authenticity or authentic may refer to:
* Authentication, the act of confirming the truth of an attribute
Arts and entertainment
* Authenticity in art, ways in which a work of art or an artistic performance may be considered authentic
Music
* A ...
through source
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
,
data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
through hash functions and
confidentiality
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
Legal confidentiality
By law, lawyers are often required ...
through
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
protection for IP
packet
Packet may refer to:
* A small container or pouch
** Packet (container), a small single use container
** Cigarette packet
** Sugar packet
* Network packet, a formatted unit of data carried by a packet-mode computer network
* Packet radio, a fo ...
s. ESP also supports
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
-only and
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
Unlike
Authentication Header (AH), ESP in transport mode does not provide integrity and authentication for the entire
IP packet. However, in
tunnel mode, where the entire original IP packet is
encapsulated with a new packet header added, ESP protection is afforded to the whole inner IP packet (including the inner header) while the outer header (including any outer IPv4 options or IPv6 extension headers) remains unprotected.
ESP operates directly on top of IP, using IP protocol number 50.
The following ESP packet diagram shows how an ESP packet is constructed and interpreted:
; ''Security Parameters Index'' (32 bits) : Arbitrary value used (together with the destination IP address) to identify the
security association of the receiving party.
; ''Sequence Number'' (32 bits) : A
monotonic
In mathematics, a monotonic function (or monotone function) is a function between ordered sets that preserves or reverses the given order. This concept first arose in calculus, and was later generalized to the more abstract setting of ord ...
ally increasing sequence number (incremented by 1 for every packet sent) to protect against
replay attack
A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s. There is a separate counter kept for every security association.
; ''Payload data'' (variable) : The protected contents of the original IP packet, including any data used to protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the ''Next Header'' field.
; ''Padding'' (0-255 octets) : Padding for encryption, to extend the payload data to a size that fits the encryption's
cipher block size, and to align the next field.
; ''Pad Length'' (8 bits) : Size of the padding (in octets).
; ''Next Header'' (8 bits) : Type of the next header. The value is taken from the
list of IP protocol numbers
This is a list of the IP protocol numbers found in the field ''Protocol'' of the IPv4 header and the ''Next Header'' field of the IPv6 header. It is an identifier for the encapsulated protocol and determines the layout of the data that immediately ...
.
; ''Integrity Check Value'' (multiple of 32 bits) : Variable length check value. It may contain padding to align the field to an 8-octet boundary for
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, or a 4-octet boundary for
IPv4.
Security association
The IPsec protocols use a
security association, where the communicating parties establish shared security attributes such as
algorithms
In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
and keys. As such, IPsec provides a range of options once it has been determined whether AH or ESP is used. Before exchanging data, the two hosts agree on which
symmetric encryption algorithm is used to encrypt the IP packet, for example
AES or
ChaCha20
Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...
, and which hash function is used to ensure the integrity of the data, such as
BLAKE2
BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in t ...
or
SHA256
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
. These parameters are agreed for the particular session, for which a lifetime must be agreed and a
session key
A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used for en ...
.
The algorithm for authentication is also agreed before the data transfer takes place and IPsec supports a range of methods. Authentication is possible through
pre-shared key, where a
symmetric key
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...
is already in the possession of both hosts, and the hosts send each other hashes of the shared key to prove that they are in possession of the same key. IPsec also supports
public key encryption
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
, where each host has a public and a private key, they exchange their public keys and each host sends the other a
nonce encrypted with the other host's public key. Alternatively if both hosts hold a
public key certificate from a
certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
, this can be used for IPsec authentication.
The security associations of IPsec are established using the
Internet Security Association and Key Management Protocol Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing Security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication an ...
(ISAKMP). ISAKMP is implemented by manual configuration with pre-shared secrets,
Internet Key Exchange
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exch ...
(IKE and IKEv2),
Kerberized Internet Negotiation of Keys (KINK), and the use of IPSECKEY
DNS records.
RFC 5386 defines Better-Than-Nothing Security (BTNS) as an unauthenticated mode of IPsec using an extended IKE protocol. C. Meadows, C. Cremers, and others have used
formal methods
In computer science, formal methods are mathematically rigorous techniques for the specification, development, and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the exp ...
to identify various anomalies which exist in IKEv1 and also in IKEv2.
In order to decide what protection is to be provided for an outgoing packet, IPsec uses the
Security Parameter Index (SPI), an index to the security association database (SADB), along with the destination address in a packet header, which together uniquely identifies a security association for that packet. A similar procedure is performed for an incoming packet, where IPsec gathers decryption and verification keys from the security association database.
For
IP multicast
IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses spec ...
a security association is provided for the group, and is duplicated across all authorized receivers of the group. There may be more than one security association for a group, using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed, each sender can have multiple security associations, allowing authentication, since a receiver can only know that someone knowing the keys sent the data. Note that the relevant standard does not describe how the association is chosen and duplicated across the group; it is assumed that a responsible party will have made the choice.
Modes of operation
The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.
Transport mode
In transport mode, only the payload of the IP packet is usually
encrypted
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the
authentication header is used, the IP addresses cannot be modified by
network address translation, as this always invalidates the
hash value
A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...
. The
transport
Transport (in British English), or transportation (in American English), is the intentional movement of humans, animals, and goods from one location to another. Modes of transport include air, land ( rail and road), water, cable, pipelin ...
and
application layers are always secured by a hash, so they cannot be modified in any way, for example by
translating
Translation is the communication of the meaning of a source-language text by means of an equivalent target-language text. The English language draws a terminological distinction (which does not exist in every language) between ''transl ...
the
port
A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...
numbers.
A means to encapsulate IPsec messages for
NAT traversal
Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).
NAT traversal techniques are required for m ...
has been defined by
RFC documents describing the
NAT-T
Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).
NAT traversal techniques are required for m ...
mechanism.
Tunnel mode
In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create
virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat).
Tunnel mode supports NAT traversal.
Algorithms
Symmetric encryption algorithms
Cryptographic algorithms defined for use with IPsec include:
*
HMAC-
SHA1
In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecim ...
/
SHA2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
for integrity protection and authenticity.
*
TripleDES-
CBC for confidentiality
* AES-
CBC and
AES-CTR
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity.
A block cipher by itself is only suitable for the secure cryptographic transfor ...
for confidentiality.
*
AES-
GCM and
ChaCha20-Poly1305
ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast ...
providing confidentiality and authentication together efficiently.
Refer to RFC 8221 for details.
Key exchange algorithms
*
Diffie–Hellman (RFC 3526)
*
ECDH (RFC 4753)
Authentication algorithms
*
RSA
*
ECDSA
In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.
Key and signature-size
As with elliptic-curve cryptography in general, the b ...
(RFC 4754)
*
PSK (RFC 6617)
Implementations
The IPsec can be implemented in the IP stack of an
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
. This method of implementation is done for hosts and security gateways. Various IPsec capable IP stacks are available from companies, such as HP or IBM. An alternative is so called
bump-in-the-stack (BITS) implementation, where the operating system source code does not have to be modified. Here IPsec is installed between the IP stack and the network
drivers. This way operating systems can be retrofitted with IPsec. This method of implementation is also used for both hosts and gateways. However, when retrofitting IPsec the encapsulation of IP packets may cause problems for the automatic
path MTU discovery
Path MTU Discovery (PMTUD) is a standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentat ...
, where the
maximum transmission unit
In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. The MTU relates to, but is not identical to the maximum frame size tha ...
(MTU) size on the network path between two IP hosts is established. If a host or gateway has a separate
cryptoprocessor
A secure cryptoprocessor is a dedicated System-on-a-chip, computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistan ...
, which is common in the military and can also be found in commercial systems, a so-called
bump-in-the-wire (BITW) implementation of IPsec is possible.
When IPsec is implemented in the
kernel
Kernel may refer to:
Computing
* Kernel (operating system), the central component of most operating systems
* Kernel (image processing), a matrix used for image convolution
* Compute kernel, in GPGPU programming
* Kernel method, in machine learn ...
, the key management and
ISAKMP/
IKE
Ike or IKE may refer to:
People
* Ike (given name), a list of people with the name or nickname
* Dwight D. Eisenhower (1890–1969), Supreme Commander of the Allied forces in Europe during World War II and President of the United States Surname
...
negotiation is carried out from user space. The NRL-developed and openly specified "PF_KEY Key Management API, Version 2" is often used to enable the application-space key management application to update the IPsec security associations stored within the kernel-space IPsec implementation.
[RFC 2367, ''PF_KEYv2 Key Management API'', Dan McDonald, Bao Phan, & Craig Metz (July 1998)] Existing IPsec implementations usually include ESP, AH, and IKE version 2. Existing IPsec implementations on
Unix-like operating system
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
s, for example,
Solaris
Solaris may refer to:
Arts and entertainment Literature, television and film
* ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem
** ''Solaris'' (1968 film), directed by Boris Nirenburg
** ''Solaris'' (1972 film), directed by ...
or
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, usually include PF_KEY version 2.
Embedded IPsec can be used to ensure the secure communication among applications running over constrained resource systems with a small overhead.
Standards status
IPsec was developed in conjunction with
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
and was originally required to be supported by all standards-compliant implementations of
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
before RFC 6434 made it only a recommendation.
[RFC 6434, "IPv6 Node Requirements", E. Jankiewicz, J. Loughney, T. Narten (December 2011)] IPsec is also optional for
IPv4 implementations. IPsec is most commonly used to secure IPv4 traffic.
IPsec protocols were originally defined in RFC 1825 through RFC 1829, which were published in 1995. In 1998, these documents were superseded by RFC 2401 and RFC 2412 with a few incompatible engineering details, although they were conceptually identical. In addition, a mutual authentication and key exchange protocol
Internet Key Exchange
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exch ...
(IKE) was defined to create and manage security associations. In December 2005, new standards were defined in RFC 4301 and RFC 4309 which are largely a superset of the previous editions with a second version of the Internet Key Exchange standard
IKEv2
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Excha ...
. These third-generation documents standardized the abbreviation of IPsec to uppercase “IP” and lowercase “sec”. “ESP” generally refers to RFC 4303, which is the most recent version of the specification.
Since mid-2008, an IPsec Maintenance and Extensions (ipsecme) working group is active at the IETF.
Alleged NSA interference
In 2013, as part of
Snowden leaks, it was revealed that the US
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...
had been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the
Bullrun program. There are allegations that IPsec was a targeted encryption system.
The OpenBSD IPsec stack came later on and also was widely copied. In a letter which
OpenBSD lead developer
Theo de Raadt
Theo de Raadt (; ; born May 19, 1968) is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt ...
received on 11 Dec 2010 from Gregory Perry, it is alleged that Jason Wright and others, working for the FBI, inserted "a number of
backdoor
A back door is a door in the rear of a building. Back door may also refer to:
Arts and media
* Back Door (jazz trio), a British group
* Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel.
* Works so titl ...
s and
side channel key leaking mechanisms" into the OpenBSD crypto code. In the forwarded email from 2010, Theo de Raadt did not at first express an official position on the validity of the claims, apart from the implicit endorsement from forwarding the email. Jason Wright's response to the allegations: "Every urban legend is made more real by the inclusion of real names, dates, and times. Gregory Perry's email falls into this category. … I will state clearly that I did not add backdoors to the OpenBSD operating system or the
OpenBSD Cryptographic Framework
The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2 ...
(OCF)." Some days later, de Raadt commented that "I believe that NETSEC was probably contracted to write backdoors as alleged. … If those were written, I don't believe they made it into our tree." This was published before the Snowden leaks.
An alternative explanation put forward by the authors of the
Logjam attack suggests that the NSA compromised IPsec VPNs by undermining the
Diffie-Hellman algorithm used in the key exchange. In their paper,
they allege the NSA specially built a computing cluster to precompute multiplicative subgroups for specific primes and generators, such as for the second Oakley group defined in RFC 2409. As of May 2015, 90% of addressable IPsec VPNs supported the second Oakley group as part of IKE. If an organization were to precompute this group, they could derive the keys being exchanged and decrypt traffic without inserting any software backdoors.
A second alternative explanation that was put forward was that the
Equation Group
The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs de ...
used
zero-day exploits against several manufacturers' VPN equipment which were validated by
Kaspersky Lab
Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
as being tied to the Equation Group and validated by those manufacturers as being real exploits, some of which were zero-day exploits at the time of their exposure. The
Cisco PIX and ASA firewalls had vulnerabilities that were used for wiretapping by the NSA.
Furthermore, IPsec VPNs using "Aggressive Mode" settings send a hash of the PSK in the clear. This can be and apparently is targeted by the NSA using offline
dictionary attack
In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands o ...
s.
IETF documentation
Standards track
* : The ESP DES-CBC Transform
* : The Use of HMAC-MD5-96 within ESP and AH
* : The Use of HMAC-SHA-1-96 within ESP and AH
* : The ESP DES-CBC Cipher Algorithm With Explicit IV
* : The NULL Encryption Algorithm and Its Use With IPsec
* : The ESP CBC-Mode Cipher Algorithms
* : The Use of HMAC-RIPEMD-160-96 within ESP and AH
* : More Modular Exponential (MODP)
Diffie-Hellman groups for Internet Key Exchange (IKE)
* : The
AES-CBC
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity.
A block cipher by itself is only suitable for the secure cryptographic transform ...
Cipher Algorithm and Its Use with IPsec
* : Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
* : Negotiation of NAT-Traversal in the IKE
* : UDP Encapsulation of IPsec ESP Packets
* : The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
* : Security Architecture for the Internet Protocol
* : IP Authentication Header
* : IP Encapsulating Security Payload
* : Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
* : Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (
IKEv2
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Excha ...
)
* : Cryptographic Suites for IPsec
* : Using
Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a varian ...
(AES)
CCM mode with IPsec Encapsulating Security Payload (ESP)
* : The Use of
Galois Message Authentication Code
In cryptography, Galois/Counter Mode (GCM) is a block cipher mode of operation, mode of operation for Symmetric-key algorithm, symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of- ...
(GMAC) in IPsec ESP and AH
* : IKEv2 Mobility and Multihoming Protocol (MOBIKE)
* : Online Certificate Status Protocol (OCSP) Extensions to IKEv2
* : Using
HMAC-SHA-256
In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret ...
, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
* : The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
* : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
* : Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
* : Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
* : Modes of Operation for
Camellia
''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in eastern and southern Asia, from the Himalayas east to Japan and Indonesia. There are more than 220 described species, with some controv ...
for Use with IPsec
* : Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
* : Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
* : IKEv2 Extensions to Support Robust Header Compression over IPsec
* : IPsec Extensions to Support Robust Header Compression over IPsec
* : Internet Key Exchange Protocol Version 2 (IKEv2)
* : Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
* : Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
* : Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
* : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
Experimental RFCs
* : Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
Informational RFCs
* : PF_KEY Interface
* : The OAKLEY Key Determination Protocol
* : A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
* : IPsec-Network Address Translation (NAT) Compatibility Requirements
* : Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
* : Requirements for an IPsec Certificate Management Profile
* : Problem and Applicability Statement for Better-Than-Nothing Security (BTNS)
* : Integration of Robust Header Compression over IPsec Security Associations
* : Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
* : IPsec Cluster Problem Statement
* : IPsec and IKE Document Roadmap
* :
Suite B
NSA Suite B Cryptography was a set of cryptographic algorithms Promulgation, promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassi ...
Cryptographic Suites for IPsec
* : Suite B Profile for Internet Protocol Security (IPsec)
* : Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
Best current practice RFCs
* : Guidelines for Specifying the Use of IPsec Version 2
Obsolete/historic RFCs
* : Security Architecture for the Internet Protocol (obsoleted by RFC 2401)
* : IP Authentication Header (obsoleted by RFC 2402)
* : IP Encapsulating Security Payload (ESP) (obsoleted by RFC 2406)
* : IP Authentication using Keyed
MD5 (historic)
* : Security Architecture for the Internet Protocol (IPsec overview) (obsoleted by RFC 4301)
* : IP Encapsulating Security Payload (ESP) (obsoleted by RFC 4303 and RFC 4305)
* : The Internet IP Security Domain of Interpretation for ISAKMP (obsoleted by RFC 4306)
* : The Internet Key Exchange (obsoleted by RFC 4306)
* : Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 4835)
* : Internet Key Exchange (IKEv2) Protocol (obsoleted by RFC 5996)
* : IKEv2 Clarifications and Implementation Guidelines (obsoleted by RFC 7296)
* : Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 7321)
* : Internet Key Exchange Protocol Version 2 (IKEv2) (obsoleted by RFC 7296)
See also
*
Dynamic Multipoint Virtual Private Network
Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers, and Huawei AR G3 routers, and on Unix-like operating systems.
Benefits
DMVPN provides the ca ...
*
Information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
NAT traversal
Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).
NAT traversal techniques are required for m ...
*
Opportunistic encryption
Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
*
tcpcrypt
In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS (SSL), tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea ...
References
External links
*
All IETF active security WGs*
IETF ipsecme WG("IP Security Maintenance and Extensions" Working Group)
*
("Better-Than-Nothing Security" Working Group) (chartered to work on unauthenticated IPsec, IPsec APIs, connection latching)]
Securing Data in Transit with IPsecWindowsSecurity.com article by Deb Shinder
IPsecon Microsoft TechNet
*
Microsoft IPsec Diagnostic Toolon Microsoft Download Center
by Steve Friedl
Security Architecture for IP (IPsec)Data Communication Lectures by Manfred Lindner Part IPsec
Creating VPNs with IPsec and SSL/TLSLinux Journal article by Rami Rosen
{{DEFAULTSORT:Ipsec
IPsec,
Cryptographic protocols
Internet protocols
Network layer protocols
Tunneling protocols