Internet protocol protects personal information.
An important aspect of transferring data from one computer to another is maintaining security. Computer networks around the globe have incorporated IP (Internet protocol) frameworks for exchanging data online. To secure this framework and data exchange process, a security protocol called IP security or IPsec has become a standard choice for both small and large networks. IPsec is a collection of different rules and regulations that define how communications can be secured and made reliable.
Basic Process
The primary task of IPsec protocol is to authenticate and encrypt the data bits traveling on the packets of IP protocol. Here, the terms "authenticate" and "encrypt" mean identifying the original sender and receiver and coding the data that is transmitted. Following this rule, IPsec initially carries out a collective identification process between the communicating parties. After the identities are confirmed, a communication session is initiated and the transfer of coded (or encrypted) data can begin. At this stage, the two parties share a data unlocking key, which decodes the transmitted data bits.
Architecture
IPsec protocol employs three major subprotocols for securing the overall communication process. These protocols include security association (SA), authentication header (AH) and encapsulating security payload (ESP). Security association contributes to the process of initializing the communication between parties by creating data coding and decoding procedures. Authentication header keeps the exchanged data integrated and unchanged, while encapsulating security payload provides secrecy and authentication procedures necessary for communication. Through the cooperative operations of these protocols, data bits are made secure, reliable and integrated, with a data transfer process that is both authenticated and confidential.
Operational Modes
Operations of IPsec protocol can be performed in two modes: transport mode and tunneling mode. These modes involve alteration of original IP packets for security purposes. A typical IP packet has two parts. The first part contains data bits to be transferred, and the second part maintains addresses of sending and receiving parties. The transport mode of IPsec is operated by coding or encrypting only the data part of IP packet, leaving the addresses part unchanged. In contrast, tunneling mode employs encryption of both parts, creating a new encrypted IP packet which works as a shield for both data bits and addresses in the original IP packet.
Security Techniques
IPsec uses different data security techniques, integrated within its subprotocols in the form of coded algorithms. An algorithm is a computer program, primarily used for solving a specific or limited number of operational problems. Since the operations of IPsec are related to data security, it uses only those algorithms which are specially designed to work toward data security. Some major IPsec algorithms include HMAC (hash-based message authentication code), AES (advanced encryption standard) and TDEA (triple data encryption algorithm). HMAC is used for providing data integrity and authenticity, while TDEA and AES make the transfer of data confidential and reliable.
Implementations
Implementation of IPsec protocols has been made at all levels, from individual or small networks to large networks. It has been implemented in p2p networks, wired and wireless LANs (local area networks) at the smallest levels. On a medium scale, it has been incorporated into corporate networks and organizational networks. At the largest levels, implementation of IPsec has been made at network interconnecting gateways and WANs (wide area networks, which can link entire cities or regions).
Tags: data bits, data security, IPsec protocol, area networks, authenticate encrypt, been made, encapsulating security