Friday, May 25, 2012

IPSec (ESP, AH, DES, MD5, SHA, DH)

Internet Protocol Security (IPSec) is a protocol that is used to authenticate and encrypt every IP packet for every communication session (IPsec, 2012). It is found in the Internet Layer of the TCP/IP Model.

There are several security protocols in IPSec. This includes Encapsulating Security Payload (ESP), Authentication Header (AH). Encryption will be Data Encryption Standard (DES). For Authentication it will be MD5 and SHA. Cryptographic protocol would be Diffie–Hellman key exchange (DH).

For ESP, it will refer to protocol that is upholds integrity, authenticity and confidentiality of the packets. In order to uphold the integrity of the packets, ESP provides optional authentication services (“System Administration Guide,” n.d.). It is advisable for all packets to enable both encryption and authentication service. It is because if the packets only enable only one service, it will be rather insecure (IPsec, 2012). However ESP is only able to protect parts of the datagram at ESP encapsulate (“System Administration Guide,” n.d.).

Figure 1 will be showing how ESP encrypts the datagram.


Figure 1 (Showing how ESP works (“System Administration Guide,” n.d.))

When both services are activated, ESP will be capable of preventing eavesdropping and cut-and-paste attack1.

AH will ensure connectionless integrity as well as the data origin authentication of IP address (IPsec, 2012). AH will helps to protect packets from IP header to transport header. This will helps to prevent cut and paste attack (“System Administration Guide,” n.d.)..

DES is previously one of the best encryption algorithms. In addition DES was highly influential in the cryptography industry (“Data Encryption,” 2012). However in today world, DES is considered “weak” in encryption. It is because COPACOBANA is able to crack DES in less than one day (“Data Encryption,” 2012). Therefore to encrypt the data, Advanced Encryption System (AES) is would be a better choice since it is the industry standard for encryption (Deutsch, n.d.).

MD5 is one of the widely used hash algorithm. It is used to check the integrity of the data. However in the recent years, MD5 flaws have been surfaced and US-CERT decided to stop using MD5 function since it is seriously flawed (MD5, 2012). As a result, most of the U.S. government decides to use SHA-2 family hash function (MD5, 2012).

SHA function is designed by the National Security Agency (U.S.). Currently there are two well-known SHA family created by National Security Agency, namely SHA-1 and SHA-2 (SHA-1, 2012). SHA-3 is under-development and it will be available once the NIST hash function competition has selected the winning function this year (SHA-1, 2012). There is an urgent need to implement SHA-3 because there are flaw in SHA-1. This will also affect SHA-2 because both uses similar algorithm (SHA-1, 2012).

In DH, it refers to a method to exchange key is a method of exchanging cryptographic keys. Under DH, it allows two parties to know their secret key over an insecure network through the use of symmetric key cipher (Diffie–Hellman key exchange, 2012)(“Diffie-Hellman,” n.d.).

The following video will be explaining how DH works in greater details:

References


Data Encryption Standard. (2012, May 2). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Data_Encryption_Standard
Diffie–Hellman key exchange. (2012, May 24). Retrieved May 25, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
IPsec. (2012, May 7). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Encapsulating_Security_Payload
MD5. (2012, May 23). Retrieved May 25, 2012, from Wikipedia: http://en.wikipedia.org/wiki/MD5
SHA-1. (2012, May 24). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/SHA-1
Deutsch, W. (n.d.). A Short History of AES Encryption. Retrieved May 24, 2012, from About.com: http://bizsecurity.about.com/od/informationsecurity/a/aes_history.htm
System Administration Guide: IP Services. (n.d.). Retrieved May 24, 2012, from Oracle: http://docs.oracle.com/cd/E19082-01/819-3000/ipsec-ov-8/index.html

1Cut-and-paste attack refers to attack where hacker replaces part of the ciphertext to different ciphertext. This altered ciphertext will result in modifying valid information.
Posted by at

2 comments:

  1. aloysiusTMay 26, 2012 at 10:10 PM

    Hi Kim Chye,

    I've just read your post on the internet protocol security. I feel that you've provided great details and indepth about how the different protocols work. Coupled, you have also provided a short explanation for how the protocols differ from one another.

    In addition, the inclusion of pictures and diagrams, as well as the video of how the DH algorithm works served in helping me understand much more. This has really fuelled my interest too.

    Well done! :)

    ReplyDelete
  2. JettMay 28, 2012 at 11:53 PM

    Hi Kim Chye,

    I just read your post on the internet protocol security. It is a very straight to the point post and it explains the concept of the different protocols explicitly.

    The pictures and videos also aided me in my understanding of the different protocols.

    Well done!

    ReplyDelete

Subscribe to: Post Comments (Atom)