Μελέτη υλοποίησης του πρωτοκόλλου IPsec µε τη χρήση IP Encryptors στα IP δίκτυα της Βόρειο-Ατλαντικής Συµµαχίας (North Atlantic Treaty Organization, NATO)

Abstract

Cryptography is the most widely used tool to ensure the confidentiality and integrity of information in communications. It plays a key role in military communications, helping to protect confidential information and sensitive data that will be circulated on a network. It is the main way in which messages can be safely transmitted between the forces of a military structure, without the opposing force having the ability to block the messages or read them. Even if the message is intercepted, it must then be decrypted so that it is legible. IP Encryptors are mainly used for the security of communications in military IP networks, which can offer a high degree of confidentiality of information flow, authentici-ty and integrity of the data, which are exchanged in a network. However, the integration of such devices in a network presents additional problems in events of their malfunction or the need for maintenance and repair, as the cost of their supply or replacement is important for a military structure, and in cases where their replacement can not be done immediately, there is a temporary lack of availability in the network. The purpose of this thesis is to study the IP Encryptors used for the implementation of IPSec in the IP networks of the North Atlantic Treaty Organization (NATO), how they operate and integrate IPSec and will examine the possibility of switching from the IPSec integration model in IP Encryptors to another IPSec implementation model in NATO IP backbone networks, without the use of a separate IPSec device. In this paper, the IP-sec suite of protocols, its architecture and implementation modes will be presented first. Next, IP Encryptors will be described in terms of how they operate and how they inte-grate the IPsec suite of protocols. In addition, types of IP encryption devices developed by telecommunications companies and used by North Atlantic Treaty Organization (NATO) member states will be analyzed and compared in terms of their capabilities and operation, and NATO requirements for the design, architecture and operation of these devices will be further investigated. With the above findings, there will be a study of whether it is possible to switch from the IPSec model using dedicated hardware to the IPSec model without dedicated hardware. The criteria of this study will be the compli-ance with the specifications - security requirements set by NATO for these devices, the total cost required for the transition to the new model as well as the advantages - dis-advantages of each model, and so, the conclusions will be presented.