cyber week 6

Encapsulating Security Payload (ESP)

An IPSec component that provides the same services as AH but also provides confidentiality when sending data.

IPSec transport mode

IPSec encrypts just the IP payload, leaving the IP packet header unchanged so it can be easily routed through the internet

IPSec

Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6, but can also work with IPv4 and it includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. IPsec uses port 500 for IKE with VPN connections.

IPSec tunnel mode

One of two modes for IPSec. It encrypts the entire IP packet and must add an entirely new IP packet that has the encrypted packet as well as the IPSec AH or ESP packets.

Authentication Header (AH)

The Authentication Header (AH), employed by the sender for support of the authentication process, uses the HMAC. It provides integrity for datagram payloads as well as the IP header. The sender and receiver share a secret key used in the HMAC computation, and the key is set up by the IKE key establishment protocol.

Network Security

concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet

RFC 4835 [3]

cryptographic algorithm implication requirements for the encapsulating security payload (ESP) and the authentication header (AH)

RCF 4307 [4]

cryptographic algorithms for use in the internet key exchange version 2 (IKEv2)

RFC 4308 [5]

cryptographic suites for IPsec

RFC 4302 [8]

the IP authentication header AH

RFC 4303 [7]

the IP encapsulating security payload

RFC 5996 [1], RFC 4306 [2]

the internet key exchange (IKEv2) protocol

RFC 4309 [6]

the use of the advanced encryption standard AES CCM Mode with the IPSec encapsulating security esp