Security in Cryptography: IPsec and TLS Protocols Analysis

Verified

Added on 2022/09/12

AI Summary

This report delves into the realm of security in cryptography, with a specific focus on the Internet Protocol Security (IPsec) and Transport Layer Security (TLS) protocols. It elucidates the purpose and real-world applications of IPsec, which provides a framework for secure and private communication over the internet, and TLS, which utilizes cryptographic techniques for secure end-to-end communications. The report examines the functionality of these protocols, including how IPsec secures networks and facilitates VPN implementation, and how TLS provides authentication, data integrity, and privacy. Furthermore, it explains the reasons for performing the Authentication Header (AH) protocol after the Encapsulating Security Payload (ESP) protocol in IPsec, highlighting the roles of AH and ESP in ensuring data integrity and confidentiality. The report also discusses the Change Cipher Spec protocol and message within SSL/TLS, detailing how these mechanisms modify encryption settings and ensure secure communication between clients and servers. The report concludes with a discussion on how these protocols and techniques are implemented in real-world scenarios, with references to relevant literature.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY IN CRYPTOGRAPHY
SECURITY IN CRYPTOGRAPHY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1SECURITY IN CRYPTOGRAPHY
IPsec and TLS security protocols – Importance, Purpose and Real-life
Application
IPsec
IPsec (Internet Protocol Security) provides a framework for assured secure and private
communication over internet using cryptographic security. It is easily deployable for the existing
networks as it does not requires changes in codes or the protocols. Its main purpose is to provide
direct access of the central network to a remote computer. These remote computer users have all
the access for storage locations of the files, programs, backups over that network. To secure the
network from the more outside connections, it provides encryption by scrambling the data which
cannot be intercepted or deciphered (Tiller, 2017). Only the correct mathematical key can
decipher the encryption. The key negotiation overhead is reduced and simplified by supporting
the IKE protocol where the automatic key negotiation and IPsec security association (SA) is
provided. All IP-based application system can use IPsec without modifying the compatibility,
system and services. Per-packet encryption provides the flexibility and enhances the security. It
guarantees the highest levels of possible security in application level.
Function and Real-world application
In Real-world applications, IPsec has been doing its work in the numerous areas along with the
E-mail services, Web Access HTTP secured (Shah & Parvez, 2015). The companies can secure
the network using IPsec and disallowing the access to untrusted sites, limiting the encrypted
packets to leave the network boundary, implementing authentications to the data packets and
users. VPN implementation is also comes in IPsec Protocols.

2SECURITY IN CRYPTOGRAPHY
TSL
On another hand, TLS (Transport Layer Security) is a protocol which uses cryptographic
techniques to provide the secure end-to-end communications. It is used to prevent
eavesdropping, massage forgery and tampering for security. Currently it is the predecessor of
Secure Socket Layer (SSL) (Oppliger, 2016). It defines two layers of specification where it uses
the handshake between the client and server for the authentication and exchange security keys
before data transmission. It is a multi-step process.
Function and Real-world application
It is widely used in internet communications and during online transactions. It provides
authentication, data integrity and privacy over connecting between two computer applications. In
web browsers, applications and data exchanging software, remote desktop, VoIP (Voice over IP)
VPN connections etc. the TSL protocol is implemented. MD5, hashes, RC4 etc. are widely used
cryptographic techniques in TSL protocols.
Reason for performing AH protocol after the ESP protocol
IPsec is having two modes of operating: one is transport and another is tunnel mode
along with two protocols ESP (Encapsulating Security Payload) and AH (Authentication
Header). AH provides the packet authentication, where the ESP provides encryption of results
(pad length, next header, padding and payload data) using keys, encryption techniques along
with the authentication. Data integrity in AH protocol is assured by using the algorithms such as
HMAC-SHA or HMAC-MD5 which generates message digest (Rao et al., 2015). Originality of
the data is ensured by sharing secrete key between the client and the server. Here the complexity
of the mechanism gets increased as the two protocols trying to authenticate a single packet. ESP

3SECURITY IN CRYPTOGRAPHY
has been developed to achieve a mix security service combining IPv4 and IPv6. Hence it
becomes total 4 different modes of operation: AH/tunnel, AH/transport, ESP/Tunnel and
ESP/transport (Huang, Chiu & Shen, 2013). AH does the payload and packet header
authentication whereas the ESP provides both confidentiality and authentication. However, in
transport mode ESP does not have the better authentication than AH. IPsec performs the ESP
first for encryption the packets the authentication by ESP and AH. While being on the same end-
to-end flow, two security associations (SAs) are merged and results in combined AH and ESP
protocols in transport mode. It has been done because transmitting the data packet it needs to be
encrypted. On other hand, without authentication data cannot be encrypted also. The AH
authentication is used in the ESP protocol as it is not strong enough (Alshamrani, 2014). If
authentication is used then the encryption is done first as it does not encompass the
authentication data field. Using this order of operation, improves in rapid identification and
rejection of repeated and false data packets received. Hence, it effectively omits the effects of
DoS (Denial of service) attacks. On another hand, it also provides packet’s parallel processing at
the receiver end which means authentication and decryption of the packets can happen in
parallel.
Change cipher spec protocol and change cipher spec message
In SSL (Secure Socket Layer) all the messages are encrypted according to the records
over any network. Though, the encryption is usually done on the basis of each record. However,
different messages (handshake establishment) can be fit and treated as a single record. The
messages typically have two states named Current State and Pending State. The encryption
settings are modified by the change cipher spec message, where the beginning of a new record
takes place (Turner, 2014). This new setting then applies on the new record immediately which

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4SECURITY IN CRYPTOGRAPHY
raises the concern in security aspects. Particularly by the message itself where it uses the MAC
address and encryption of the client’s and server’s device. Also, the new changes happens
without any renegotiation of the connection.
On another hand, Change Cipher Spec Protocol is the method to implement the
properties provided by the Change Cipher Spec message. It has solo messages which consist of
single byte which values one. It has the main purpose of copying the messages of the pending
state into the current state messages, hence; it modifies the cipher suite (a set of algorithms for
security) to use records. It makes sure that transmission between the server and client is used to
notify the receiver party that encryption of the record has been done under negotiated Cipher
Spec and keys (Chen, 2014).On a record type basis, It helps in creating a new record in the
system for the completed message from the Change Cipher Spec Message. If the
Implementations are done with discipline to begin new record where the new record is needed
and verification of that peer then the record type distinct can be avoided. It provides more
robustness and safe way to make the handshaking unavoidable by the each record type.

5SECURITY IN CRYPTOGRAPHY
References
Alshamrani, H. (2014). Internet Protocol Security (IPSec) Mechanisms. International Journal of
Scientific & Engineering Research, 5(5), 85-87.
Chen, X. (2014). Constrained application protocol for internet of things. URL: https://www. cse.
wustl. edu/~ jain/cse574-14/ftp/coap.
Huang, K. T., Chiu, J. H., & Shen, S. S. (2013). A novel structure with dynamic operation mode
for symmetric-key block ciphers. International Journal of Network Security & Its
Applications, 5(1), 17.
Oppliger, R. (2016). SSL and TLS: Theory and Practice. Artech House.
Rao, M., Newe, T., Grout, I., Lewis, E., & Mathur, A. (2015, October). FPGA based
Reconfigurable IPSec AH core suitable for IoT applications. In 2015 IEEE International
Conference on Computer and Information Technology; Ubiquitous Computing and
Communications; Dependable, Autonomic and Secure Computing; Pervasive
Intelligence and Computing (pp. 2212-2216). IEEE.
Shah, J. L., & Parvez, J. (2015, March). Impact of ipsec on real time applications in IPv6 and
6to4 tunneled migration network. In 2015 International Conference on Innovations in
Information, Embedded and Communication Systems (ICIIECS) (pp. 1-6). IEEE.
Tiller, J. S. (2017). A technical guide to IPSec virtual private networks. CRC Press.
Turner, S. (2014). Transport layer security. IEEE Internet Computing, 18(6), 60-63.