IP Sec - Symmetric Asymmetric Encryption

Cryptography is the most crucial part of the IP Sec. It's nothing but a simple mathematical algorithm which is used to change the original values so that no one other could understand it. The function or algorithm aka as cipher. With the help of cryptography IP Sec converts the human readable format in mathematical form and forwards over the untrusted network. Once the data is received by receiver, IP Sec decrypts the data from mathematical form to human readable form.
Encryption and Decryption is of two types:-
a) Symmetric Encryption
b) Asymmetric Encryption

Symmetric Encryption:- As the name implies, both sender and receiver should have identical keys for encryption and decryption. This is the easiest and simpler operation of encryption. A shared key is given to both sender and receiver and with the help of that sender can encrypt or decrypt the data. The main disadvantage of using shared key is that, if the key is hacked or leaked to someone that could lead to many problems. It's not a CPU hungry function and very easy to implement. Transforms used in IPsec Security Associations, such as Data Encryption Standard (DES), 3DES, and AES, are symmetric encryption algorithms. As such, IPsec relies heavily on symmetric key encryption to deliver confidential exchange of data.

Asymmetric Encryption:- As the name implies, both sender and receiver uses the different keys for sending and receiving data. This is the very secure way of communiaction but require lot of CPU process. In this a private key and public keys are used. Public keys are used to encypt the data while private keys are used to decrypt the data. The main advantage of using asymmetric encryption is that the private keys never exchanged with each other and key is used used to decrypt the data not to encrypt.
Most of the Banks,MNC and Credit Card companies allocates a small machine which generates tokens for online secure transation. It is nothing but a private key :).

Read more!

IP Sec Fundamentals

Internet Protocol Security (IPsec), as defined in RFC 2401, provides a means by which to ensure the authenticity, integrity, and confidentiality of data at the network layer of the Open System Interconnection (OSI) stack. IPsec is a suite of protocols that define standards for four key elements needed in defining a comprehensively robust Virtual Private Network (VPN) enabler:

Security Protocols

Key Exchange Mechanisms

Algorithms Required for Encryption and Secure Key Exchange

SA Definitions and Maintenance

Read more!

IP Sec Is So Demanded

Most of companies requires IP Sec VPN for to access devices securly over the untrusted network. Why IP Sec VPN has received lot of love from the corporates companies, SMB companies and MNC. The main advantage of using IP Sec vpn is that it maintains the Data Confidentiality, Data Integrity and Message Authentication.

Data Confidentiality:- It ensures that the both sender and receiver will able to receive the original messages. Everytime user sends the data in plain text but with the help of some algorithms the format of data is changed which is aka cipher text or encrypted text. The whole mechanism depends on the exchange of keys between sender and receiver.

Data Integrity:- Digital signatures and unique keys protect the integrity of data over untrusted network.

Message Authentication:- Message authentication means that the message will be sent to the bonafied user.

These all features make IP Sec VPN unique from the traditional methods of exchanging information.

Read more!