Sunday 27 May 2012

IPSec (ESP, AH, DES, MD5, SHA, DH)

IPSec means Internet Protocol Security which is a protocol suite that help secure Internet Protocol (IP) communications by authenticating and encrypting every IP packet in the communication layer. This protocol is used for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys that will be used during the session. IPsec uses two transforms, the Authentication Header (AH) and the Encapsulating Security Payload (ESP) header and trailer, to encapsulate and secure IP packets or payloads. Some examples of IPSec are: ESP, AH, DES, MD5, SHA, and DH.


Encapsulating Security Payload(ESP)
ESP provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, or in combination with AH. Unless it is tunneled, ESP would not normally sign the entire package.


Authentication Header(AH)
AH provides connectionless integrity, data origin authentication, and an optional anti-replay service. This is archieve by applying a keyed one-way hash function to the datagram to create a message digest. One-way hash involves the use of a secret shared between the two systems means that authenticity can be guaranteed.

Data Encryption Standard(DES)
DES is a widely-used method of data encryption using a private (secret) key . DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds or operations.


Message Digest 5(MD5)
MD5 is a widely used cryptographic hash function with a 128-bit hash value. MD5 is widely used in security-related applications, and is also frequently used to check the integrity of files. MD5 value of file is considered to be a highly reliable fingerprint that can be used to verify the integrity of the file's contents. If as little as a single bit value in the file is modified, the MD5 value for the file will completely change. Forgery of a file in a way that causes MD5 to generate the same result as that for the original file is considered to be extremely difficult.


Secure Hash Algorithm(SHA)
SHA is one of a cryptography hash function.


Diffie-Hellman(DH)
The protocol has two system parameters p and g. They are both public and may be used by all the users in a system. Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, which is capable of generating every element from 1 to p-1 when multiplied by itself a certain number of times, modulo the prime p. However, it is vulnerable to a middleperson attack.




REFERENCEhttp://technet.microsoft.com/en-us/library/cc959510.aspx
                       http://www.networksorcery.com/enp/protocol/ah.htm 
                       http://www.networksorcery.com/enp/protocol/ah.htm
                       http://searchsecurity.techtarget.com/definition/Data-Encryption-Standard
                       http://www.accuhash.com/what-is-md5.html
                       http://x5.net/faqs/crypto/q24.html
Posted by at

2 comments:

  1. Winnie Tan30 May 2012 at 03:52

    Hi jenny, your post is very informative. Actually we are doing the same topic, there is really a little I can comment. This is what I feel about your post, maybe you can describe more about SHA and the difference between the two hashing algorithm SHA and MD5. =)

    ReplyDelete
  2. Unknown10 February 2014 at 22:16

    All these security algorithms are popular and useful one. As I am learning about digital signatures this article helped me a lot. Thank you.
    digital certificates

    ReplyDelete

Subscribe to: Post Comments (Atom)