Cryptography applications
Cryptography can be applied in data communications for safety and security purposes. This can be seen in form of IPSec, SSL and PGP.
IPSec (Internet Protocol Security)
This is a set of protocols designed to protect the integrity and authenticity of data while moving across the network. This set of rules (IPSec) work at the layer 3 of the OSI model. Wait!!! what is layer 3..... brain cracking.... searching my database..... THE NETWORK LAYER! Yeaaaahhhh! If we can recall, network layer deals with IP addressing(logical address). So this protocol is implemented on the IP addressing system? Yeah! This security application uses some sets of rules which govern how data is been successfully flowing over a network.
The earliest cryptographic applications are implemented on the layer 7 Application layer. IPSec came into the world with its layer 3 implementation, unlike it predecessors where the policy is been implemented at the Application layer, this security policy is done right before the data leaves or enter into the network. One of its feature that makes it successful is its ability to work without any major changes to the implemented computer system. This security policy is found very helpful in remote user access through dial-up connections, private networks even VPN virtual private network, wait! Whats that? I will surely dedicate an article on VPN just stay in touch!
IPSec Protection Mechanisms
This security policy uses two types of mechanism to protect data.
• Authentication Header
• Encapsulation security payload
Authentication header (AH): This provides an integrity and authentication of datagrams between two systems or devices.
This technology uses hashing. As already discussed hashing is a way of encryption which helps the receiver to authenticate the integrity of the data received. Any alteration of data after hashing is applied will surely be identified.
Authentication header is applied to the entire datagram except the addressing header which has to change during transit. When data is been sent over a network, it follows different hops (router interface that forward data to reach its destination) thus making the next hop address changes over transit. TTL Time to leave (this is a mechanism that tells the router its time to release packet or packet stayed too long in the network it needs to send it to the right direction to reach its destination or discarded, if it reaches zero before reaching its destination the data is discarded) changes over time so this portion too need not to be hashed.
How do AH works?
>>1>> The IP header and the payload is hashed
wait!!! what is IP header? This is a prefix in an IP packet which describes information like, IP version, source and destination IP address, TTL etc.
>>2>> The hash is used to built a new AH header, which is attached to the original packet.
>>3>> The packet is transmitted to the IPSec peer router.
>>4>> The peer router will the has the IP header and the payload, extracts the transmitted hash from the AH header and compares the two hashes. As you already know they must exactly match, even if one or atom (laughs) bit of data is altered the hash will never be the same. Thus making the data not original.
Encapsulation security payload (ESP): This provide a way to authenticate data as well as encrypt data. It provides confidentiality by encrypting the IP packet layer, data origin authentication, integrity, optional antire-replay service (this is a sub-protocol of IPSec, its main aim is to guard the integrity of data, by protecting datagram from been altered by an intruder) and limited traffic flow confidentiality by limiting traffic flow analysis. ESP supports the symmetric encryption algorithms which is already discussed.
The information that contains each of the mentioned IPSec mechanisms can be found in the IP header which follows the IP packet.
References: ciscopress Wikipedia Sybex CEH
Cryptography can be applied in data communications for safety and security purposes. This can be seen in form of IPSec, SSL and PGP.
IPSec (Internet Protocol Security)
This is a set of protocols designed to protect the integrity and authenticity of data while moving across the network. This set of rules (IPSec) work at the layer 3 of the OSI model. Wait!!! what is layer 3..... brain cracking.... searching my database..... THE NETWORK LAYER! Yeaaaahhhh! If we can recall, network layer deals with IP addressing(logical address). So this protocol is implemented on the IP addressing system? Yeah! This security application uses some sets of rules which govern how data is been successfully flowing over a network.
The earliest cryptographic applications are implemented on the layer 7 Application layer. IPSec came into the world with its layer 3 implementation, unlike it predecessors where the policy is been implemented at the Application layer, this security policy is done right before the data leaves or enter into the network. One of its feature that makes it successful is its ability to work without any major changes to the implemented computer system. This security policy is found very helpful in remote user access through dial-up connections, private networks even VPN virtual private network, wait! Whats that? I will surely dedicate an article on VPN just stay in touch!
IPSec Protection Mechanisms
This security policy uses two types of mechanism to protect data.
• Authentication Header
• Encapsulation security payload
Authentication header (AH): This provides an integrity and authentication of datagrams between two systems or devices.
This technology uses hashing. As already discussed hashing is a way of encryption which helps the receiver to authenticate the integrity of the data received. Any alteration of data after hashing is applied will surely be identified.
Authentication header is applied to the entire datagram except the addressing header which has to change during transit. When data is been sent over a network, it follows different hops (router interface that forward data to reach its destination) thus making the next hop address changes over transit. TTL Time to leave (this is a mechanism that tells the router its time to release packet or packet stayed too long in the network it needs to send it to the right direction to reach its destination or discarded, if it reaches zero before reaching its destination the data is discarded) changes over time so this portion too need not to be hashed.
How do AH works?
>>1>> The IP header and the payload is hashed
wait!!! what is IP header? This is a prefix in an IP packet which describes information like, IP version, source and destination IP address, TTL etc.
>>2>> The hash is used to built a new AH header, which is attached to the original packet.
>>3>> The packet is transmitted to the IPSec peer router.
>>4>> The peer router will the has the IP header and the payload, extracts the transmitted hash from the AH header and compares the two hashes. As you already know they must exactly match, even if one or atom (laughs) bit of data is altered the hash will never be the same. Thus making the data not original.
Encapsulation security payload (ESP): This provide a way to authenticate data as well as encrypt data. It provides confidentiality by encrypting the IP packet layer, data origin authentication, integrity, optional antire-replay service (this is a sub-protocol of IPSec, its main aim is to guard the integrity of data, by protecting datagram from been altered by an intruder) and limited traffic flow confidentiality by limiting traffic flow analysis. ESP supports the symmetric encryption algorithms which is already discussed.
The information that contains each of the mentioned IPSec mechanisms can be found in the IP header which follows the IP packet.
References: ciscopress Wikipedia Sybex CEH
To be continued
Comments
Post a Comment