How IPSec Works Step by Step

Internet Protocol Security (IPSec) is a collection of protocols designed by IETF to provide security at the IP layer. It is a framework for multiple services, algorithms and granularities. Although it works at the IP layer it implements a connection-oriented service because a security key must be established and to be used during data transfer.

1. The reason for multiple services is that not all users require all the services to be opened at a time. The major services are secrecy, data integrity and non-repudiation . All of these are based on the symmetric-key algorithm.

2. The reason for multiple algorithms is that an algorithm that seems to be safe now may be broken in future and then a new algorithm may be required to be developed and used.

3. The reason for multiple granularities is to protect a particular TCP connection or a pair of hosts or all traffic between a pair of routers etc.

IPSec requires a logical connection between the end hosts for security to be employed using a signalling protocol known as Security Association (SA). It is a simplex connection having a security identifier associated with it. If the duplex connection is required then two SA connections are required, one in each direction. An SA connection is defined by three elements:

1. Security Parameter Index (SPI): It acts as virtual circuit identifier in case of connection-oriented communication.
2. Types of the protocol used for security
3. Source IP Address

Modes of Operation: According to where the IPSec header is added to IP packet. IPSec operations on two different modes:

i. Transport Mode: In transport mode, the IPSec header is added just after the IP header. The protocol field of the IP header is changed to indicate that the next protocol is IPSec. The IPSec header contains the security information, SA identifier, a new sequence number and integrity check of the payload.

Internet Protocol Security (IPSec)

ii. Tunnel Mode: In tunnel mode, the IPSec header is added before the IP header and the entire IPSec header, IP header and payload are encapsulated in the body of a new IP packet with a completely new IP header.

Tunnel Mode

There are five Steps of IPSec revisited:
Step1: Determine Interesting Traffic- Interesting traffic initiates an IPSec session—Access lists interpret IPSec security policy to determine which traffic will be protected by IPSec.

Step2: IKE Phase One- It authenticates peers and negotiates IKE SAs to determine if a secure channel can be established between the peers.

Step3: IKE Phase Two- It negotiates the stricter IPSec SA parameters between the peers.

Step4: IPSec Data Transfer- It qualifying data is transferred between IPSec peers.

Step5: Session Termination- IPSec session terminates through deletion or by timing out.