You are on page 1of 5

International Journal of Advanced Engineering Research and Technology (IJAERT 281

Volume 4 Issue 8, August 2016, ISSN No.: 2348 8190

A Review of IP Security for Internetworking


1

Snigdha Sharma, 2Gyan Prakash Pal, 3Prof. S. K. Goel

Assistant Professor, EE Department, MIET, Meerut, (U. P.)


2
M.E. Scholar, ECE Department, NITTTR, Chandigarh
3
HOD, EE Department, MIET, Meerut, (U. P.)

ABSTRACT
Today mostly works are done online and require an
efficient security. Earlier security have inserted at
the Application layer of the communications model. IP
security (IPsec) is said to be especially useful for
implementing virtual private networks and for remote
user access through dial-up connection to private
networks. A big advantage of IPsec is that security
arrangements can be handled without requiring changes
to individual user computers. IPsec has been deployed
widely to implement Virtual Private Networks (VPNs).
Keywords IPsec, authentication, confidentiality, key
management, Transport mode, Tunnel mode.

I.

INTRODUCTION

IP security (IPsec) is added to Internet Protocol (IPv4 or


IPv6) by means of additional headers. IPsec provides
three functional areas: authentication, confidentiality,
and key management. Authentication can be applied to
the entire packet except for the IP header (transport
mode) or to the entire original IP packet (tunnel mode).
Confidentiality is provided by an encryption format
known as encapsulating security payload. Internet Key
Exchange (IKE) defines a number of techniques for key
management.
IPsec is comprised of the following sub-protocols:
Encapsulated Security Payload (ESP): this
protocol protects the IP packet data from third
party interference by encrypting the contents
using symmetric cryptography algorithms such
as Blowfish and 3DES.
Authentication Header (AH): this protocol
protects the IP packet header from third party
interference and spoofing by computing a
cryptographic
checksum
and
hashing
the IP packet header fields with a secure hashing
function. This is then followed by an additional
header that contains the hash, to allow the
information in the packet to be authenticated.

IP Payload Compression Protocol (IPComp):


this protocol tries to increase communication
performance by compressing the IP payload in
order to reduce the amount of data sent.

These protocols can either be used together or


separately, depending on the environment.
Applications:
IPsec provides the capability to secure communications
across a LAN, across private and public WANs, and
across the Internet. Examples of its use include:
Secure branch office connectivity over
the Internet
Secure remote access over the Internet
Establishing extranet and intranet
connectivity with partners
Enhancing electronic commerce security
Routing Applications:
IPsec can play a vital role in the routing architecture
required for internetworking.
A router advertisement (a new router advertises
its presence) comes from an authorized router.
A neighbor advertisement (a router seeks to
establish or maintain a neighbor relationship
with a router in another routing domain) comes
from an authorized router.
A redirect message comes from the router to
which the initial IP packet was sent. A routing
update is not forged
Benefits of IPSec:
In a firewall/router provides strong security to
all traffic crossing the perimeter.
In a firewall/router is resistant to bypass
Is below transport layer, hence transparent to
applications
Can be transparent to end users
Can provide security for individual users
Secures routing architecture

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT 282


Volume 4 Issue 8, August 2016, ISSN No.: 2348 8190

Figure 1: A model of IP security


II.

IP SECURITY MODES

Transport and Tunnel Modes:


Authentication Header (AH): AH is an
extension header to provide message
authentication (RFC-4302)
Encapsulating Security Payload (ESP): ESP
consists of an encapsulating header and trailer
used to provide encryption or combined
encryption/authentication (RFC-4303)

Both AH and ESP support two modes of use: Transport


& Tunnel mode.
TRANSPORT MODE: Transport mode
provides protection primarily for upper-layer
protocols.
TUNNEL MODE: Tunnel mode provides
protection to the entire IP packet.

Figure 2: Transport-Mode versus Tunnel-Mode Encryption


www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT 283


Volume 4 Issue 8, August 2016, ISSN No.: 2348 8190

Figure 2 shows two ways in which the IPsec ESP service


can be used. In the upper part of the figure, encryption
(and optionally authentication) is provided directly
between two hosts. Figure 2(b) shows how tunnel mode

operation can be used to set up a virtual private


network (VPN). The former technique is supported by a
transport mode SA, while the latter technique uses a
tunnel mode SA.

Figure 3: Protocol Operation for ESP

III.

COMBINING
ASSOCIATIONS

SECURITY

An individual SA can implement either the AH or ESP


protocol but not both. Sometimes a particular traffic
flow will call for the services provided by both AH and
ESP. Further, a particular traffic flow may require IPsec
services between hosts and, for that same flow, separate
services between security gateways, such as firewalls. In
all of these cases, multiple SAs must be employed for
the same traffic flow to achieve the desired IPsec
services. The term security association bundle refers to a
sequence of SAs through which traffic must be
processed to provide a desired set of IPsec services. The
SAs in a bundle may terminate at different endpoints or
at the same endpoints.

Security associations may be combined into bundles in


two ways:
Transport adjacency
Iterated tunneling
Basic Combinations of Security Associations
The IPsec Architecture document lists four examples of
combinations of SAs that must be supported by
compliant IPsec hosts (e.g., workstation, server) or
security gateways (e.g. firewall, router). These are
illustrated in Figure 4. The lower part of each case in the
figure represents the physical connectivity of the
elements; the upper part represents logical connectivity
via one or more nested SAs. Each SA can be either AH
or ESP. For host-to-host SAs, the mode may be either
transport or tunnel; otherwise it must be tunnel mode.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT 284


Volume 4 Issue 8, August 2016, ISSN No.: 2348 8190

Figure 4: Basic Combinations of Security Associations

IV.

CONCLUSION

As per above discussion IP security is must for


internetworking. IPsec model and modes of operation
are included in this paper. Which mode of operation of
IPsec, we are using in network, which depends on our
application. Applications and benefits of IPsec give us a
fair direction to use of IPsec in current scenario of
internet.

REFERENCES
[1] William Stalling Cryptography and Network
Security, 5th Edition, Pearson publication,2011
[2] B.A. Forouzan Cryptography & Network Security,
1st Edition, TMH,2010
[3] Huitema,C. IPv6: The new internet protocol. Upper
Saddle River,NJ:Prentice Hall, 1998
[4] Cisco Systems. Securing Mission-Critical Systems,
Cisco Networking Forum: Technology Solutions
Designs for you Evolving Network, Cisco Systems,
2002 PG 8.
[5] Frankel S. & Krishnan S. IP Security (IPSEC) and
IKE Document Roadmap. Draft-ietf-ipsceme-roadmap01.txt, March 06, 2009
[6] Satya Prakash, Aradhana Jyotsana Network
Security, pp- 001-007, IJSRET (www.ijsret.org),
Volume 1 Issue 1, March 2012
[7] Gyan Prakash Pal, Sadhana Pal First Boot of The
Router & Storing Its Configration, pp- 008-013,

IJSRET (www.ijsret.org) , Volume 1 Issue 1, March


2012
[8] Rajeshwar Singh Transmission Problem, pp- 014018, IJSRET (www.ijsret.org), Volume 1 Issue 1, March
2012
[9] Sadhana Pal, Gyan Prakash Pal VPN: To Make
Private Networks Through Public Networks, pp- 026032, IJSRET (www.ijsret.org), Volume 1 Issue 3, June
2012
[10] Naveen Kumar, B.S.Roohani Data Security on
WLAN,
pp171-178,
IJSRET
(www.ijsret.org), Volume 1 Issue 5, August 2012
[11] Ajay kumar yadav, Vishal Upmanu, Satyendra kr.
Yadav Design and Analysis of a Beam Forming
Network for WLAN Application, pp- 4-9, IJSRET
(www.ijsret.org), Volume 1 Issue 6, September 2012
[12] Meenu gupta, Parul gupta, Ashish gupta GSM
Based Password Authenticated Control Over
Electrical/Electronic Appliances, pp- 15-17, IJSRET
(www.ijsret.org), Volume 1 Issue 6, September 2012
[13] Suresh Kumar, Tarun Kumar, Ganesh Singh,
Maninder Singh Nehra Open Flow Switch with
Intrusion Detection System, pp- 1-4, I IJSRET
(www.ijsret.org), Volume 1 Issue 7, October 2012
[14] Rajeshwar Singh LAYER 3 SWITCHING, pp- 15, IJSRET (www.ijsret.org), Volume 1 Issue 10, January
2013
[15] Gyan Prakash Pal, Sadhana Pal Virtual Local Area
Network (VLAN), pp- 6-10, IJSRET (www.ijsret.org),
Volume 1 Issue 10, January 2013

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT 285


Volume 4 Issue 8, August 2016, ISSN No.: 2348 8190

[16] Rajeshwar Singh A REVIEW: LAYER 2


ETHERNET SWITCHES, pp- 11-14, IJSRET
(www.ijsret.org), Volume 1 Issue 10, January 2013
[17] Rahul Mukherjee Power Optimized MAC Protocol
in Mobile Ad-hoc Networks, pp- 8-15, IJSRET
(www.ijsret.org), Volume 1 Issue 11, February 2013
[18] Keshav Goyal, Nidhi Gupta, Keshawanand Singh
A Survey on Intrusion Detection in Wireless Sensor
Networks, pp- 113-126, IJSRET (www.ijsret.org),
Volume 2 Issue 2, May 2013
[19] Laxman Vishnoi, Monika Agarwal SOCIAL
NETWORKING: A THREAT TO CORPORATE, pp247-249, IJSRET (www.ijsret.org), Volume 2 Issue
5, August 2013
[20] Laxman Vishnoi, Monika Agarwal SESSION
HIJACKING AND ITS COUNTERMEASURES, pp250-252, IJSRET (www.ijsret.org), Volume 2 Issue
5, August 2013
[21] B.Sivakumar, D.Anandan, S.Venkatesan, Kalifulla,
N.Saravanan Mobile ADHOC Networks Improving
Power Efficiency Using Multicast Multi-path Routing
Technology, pp- 274-278, IJSRET (www.ijsret.org),
Volume 2 Issue 5, August 2013
[22] Deepika Routing Protocols in MANETs-A
Security
Analysis,
pp300-303,
IJSRET
(www.ijsret.org), Volume 2 Issue 5, August 2013
[23] Laxman Vishnoi, Mohammad Ishak Tank
Performance analysis of VOIP technology on the
ground of penetration testing, pp- 345-347, IJSRET
(www.ijsret.org), Volume 2 Issue 6, September 2013
[24] Sara Fatima, MoghalNisar Ahmed Baig, Dr. Shaik
Mahaboob Basha, Md. Riyazuddin Data Collection
Approaches in WSN, pp- 348-351, IJSRET
(www.ijsret.org), Volume 2 Issue 6, September 2013

www.ijaert.org