Sunday, February 16, 2020
Cryptographic overhead of IPsec Protocol suit Research Paper
Cryptographic overhead of IPsec Protocol suit - Research Paper Example The reality that the Internet is deficient in security is still undeniable. So to solve this issue researchers are trying to increase the network security at each layer by designing a range of security protocols. The designed protocols include PGP, S/MIME, and SET which are specifically designed to ensure the security of the application layer. In this scenario, SSL/TLS are used on the transport layer. In this race, IPSec is one of the most important security protocol, which is designed for dealing with the network layer security, ensuring the availability of security services like that data source authentication, access control, data confidentiality and integrity and processing data packages on the IP packet layer (Zheng & Zhang, 2009; Meng, et al., 2010). This report presents a detailed analysis of IPSec and associated aspects. IPSec IPSec is a complete suite of protocols, which carry out specific tasks. As discussed above, the basic objective of IPSec is to provide a variety of sec urity facilities to traffic transmitting between a source and destination. In this scenario, a source or destination can be a host or a router. In addition, these facilities can be used for all packets sent or received, or simply to a particular kind of transmission such as FTP or telnet. Figure1 demonstrates how IPSec ensures the security of data transmission between a host and a destination (Clark, 2002): Figure 1IPSec Operation, Image Source: (Clark, 2002) In this diagram a red line is used to demonstrate that IPSec is implemented on the path between the Host B and Router 1. Basically, IPSec provides a variety of security mechanisms for securing transmissions over a network and these mechanisms can be implemented in different ways. Additionally, IPSec can perform operations on particular kind of traffic at the same time as remaining traffic is moved on a defenseless path. This process is clearly mentioned in the figure, in this figure 1 black links are used to demonstrate this ki nd of communication. A number of separate IPSec protected connections can be established between the two routers and between Host B and Router 1 (Clark, 2002). Implementation of security through IPSec In their paper, (Zheng & Zhang, 2009) provides a detailed discussion on the working of IPSec and the way it ensures the surety of transmission over a network. According to their viewpoint, IPSec implements the security in a network by maintaining the security associations (SAs). In this scenario, a security association is used as a basis to identify the security parameters that will be utilized in data transmission to make it protected, for instance IPSec security protocol, encryption algorithm, hash function and encryption key. Additionally, each security association is typically specified by an exclusive set of parameters such as destination IP address, security parameter index and security protocol. In addition, these associations are established after the negotiation between the co mmunicating hosts in the networks. IPSec is also responsible for maintaining a Security Policy Database (SPD). In fact, a network interface that is established using the IPSec, possesses a pair of Security Policy Database and Security Association Database, which help in processing incoming and outgoing IP packets. One entry of Security Association Database is equal to a security association, on the other hand, Security Policy Database entry refers to a security policy. In this scenario,
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.