6 - The IP Security Protocol (IPsec)

Abstract

This chapter introduces the IP (internet protocol) Security Protocol (IPsec). Claims that IPv4 security was neglected by the founders are based on the argument that early IPv4 networks were insecure things strung together on trust between naive but ultimately honorable academicians. However, at the very beginning, the Internet Protocol was defined as the U.S. Department of Defense (DoD) Standard, and security was certainly a consideration. Nevertheless, the IETF has given considerably more explicit attention to IPv6 security than IPv4 during its development. The chapter provides an overview to the security issues that are and can be addressed within the IP Security Protocol framework. It discusses the way authentication and security, including secure password transmission, encryption, and digital signatures on datagrams, are implemented under IP through the Authentication Header (AH) and Encapsulating Security Payload (ESP) options. Before examining the IP Security Protocol (IPsec), it will look at the IP security architecture described in RFC 2401, “security Architecture for the Internet Protocol,” and the different pieces of that architecture. It examines the issues of security for IP, security goals defined for IP, cryptographic elements of IPsec, protocol elements of IPsec, and implementation of IPsec.