32 Bit Security Parameter Index Information Technology Essay

1. The outgoing packet travels through NCC’s route

Stands for IP Security: is a collection of protocols designed by the IETF to provide security for a packet at the network layer .It leaves the selection of the encryption, authentication, and hashing methods to the user. IPSec requires a Signaling protocol (called Security Association or (SA)) to transform a connectionless IP Protocol to Connection-oriented IP Protocol before security can be applied. The logical connection defined by a SA is a simplex or unidirectional connection. If a duplex (bidirectional) connection is needed, two SA connections are required, one in each direction. SA is identified by 3 elements. (6)

1. A 32-bit security parameter index (SPI).

2. The type of the protocol used for security: either AH or ESP (discussed below)

3. The source IP address.

The IPSec defines one of the following modes:

1- Tunnel mode

2- Transport mode

Transport Mode: encrypts only the data or information portion (payload) of each IP packet. Figure (1) illustrates how the IPSec header is inserted between the header and the rest of the packet. (6), (16)

Advantages:

Easier for implementation: provides end-to-end encryption since the header information is unchanged. As a result, no special setup is required for the network devices. It is used for secure host to host communications.

Disadvantages:

Since the header information is not encrypted, sniffers will be able analyze traffic patterns.

Figure (1): Transport Mode

Tunnel Mode:

IPSec header is placed at the beginning of the IP header packet and a new IP header is added in front as shown in figure (2). The IPSec encrypts the entire packet, both the header and the payload. (6), (16)

Advantages:

Provide protection against traffic analysis since someone sniffing the network can only find out the tunnel endings and not the real source and destination of the tunneled packets.

Disadvantage:

May require further configuration steps.

Figure (2) Tunnel Mode

Two Security Protocols

IPSec defines two protocols:

1-Authentication Header (AH) protocol: is designed to authenticate the source host and to ensure the integrity of the payload carried by the IP packet. The protocol calculates a message digest using a hashing function and a symmetric key, and inserts the digest in the authentication header. AH protocol provides message authentication and integrity, but not confidentiality.

2-Encapsualting security Payload (ESP) header protocol: ensures the packet’s confidentiality, authenticity, and data integrity. Confidentiality is achieved using an encryption algorithm such as Data Encryption Standard (DES) or Rivest Cipher (RC 5).

IPSec Operation: as illustrated in figure (3)…………………..