Chapter 8
Network Layer Security
TCP/IP communication can be made secure with the help of cryptography. Cryptographic methods and protocols have been designed for different purposes in securing communication on the Internet. These include the SSL and TLS for HTTP Web traffic, S/MIME and PGP for e-mail, and IPsec (Internet Protocol security) for network layer security. This chapter mainly addresses security only at the IP layer and describes various security services for traffic offered by IPsec.
8.1 IPsec Protocol
IPsec is designed to protect communication in a secure manner by using TCP/IP. The IPsec protocol is a set of security extensions developed by the IETF and it provides privacy and authentication services at the IP layer by using modern cryptography.
To protect the contents of an IP datagram, the data is transformed using encryption algorithms. There are two main transformation types that form the basics of IPsec, the Authentication Header (AH) and the Encapsulating Security Payload (ESP). Both AH and ESP are two protocols that provide connectionless integrity, data origin authentication, confidentiality, and an antireplay service. These protocols may be applied alone or in combination to provide a desired set of security services for the IP layer. They are configured in a data structure called a Security Association (SA).
The basic components of the IPsec architecture are explained in terms of the following functionalities:
- Security protocols for AH and ESP.
- SAs for ...
Get Wireless Mobile Internet Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.