Uses IPsec symmetric keys

What is IPSEC and how does it work?

Internet Protocol Security (IPSEC) are three cryptographic protocols that are useful for encrypting communications over a network. These are usually used for VPN, but are useful in various cases to protect the IP (Internet Protocol). IPSEC is part of IPV6 while it is optional for IPV4. The 3 protocols that make up IPSEC are AH (Authentication Header), ESP (Encapsulating Security Payload) and IKE (Internet Key Exchange). While the AH and ESP work in different ways, they can both be combined to provide different functions.

While the AH protocol is an authentication protocol, the ESP protocol also offers authentication and encryption.

Security Association:

The assignment consists of key management and the establishment of a secure connection between the devices. This is the first step in a connection and is performed by the IKE (Internet Key Exchange) protocol.

Authentication:

In this case, the authentication does not provide encryption because the information is not encrypted. The function of the AH protocol and its authentication is to confirm that the packet being delivered was not intercepted and modified or "interrupted" in transit. The AH protocol helps to check the integrity of the transmitted data and the associated IP addresses. Using IPSEC with AH does not protect our information from a man in the middle attack, but it does inform us of it by detecting differences between the header of the received IP packet and the original one. To do this, the AH protocols identify packets that add a layer with a sequence of numbers.

AH, Authentication Headers, as the name suggests, also checks the IP header layer, while the ESP does not contain the IP header.

Note: The IP header is the packet layer of an IP that contains information about the established connection (or connection), e.g. B. the source and destination address.

Encryption:

In contrast to the AH protocol, which only authenticates the integrity of the packets, senders in IP headers, the ESP packet (Encapsulating Security Payload) also offers encryption. If an attacker intercepts the packet, they cannot see the content because it is encrypted.

Asymmetric and symmetric encryption

IPSEC combines both asymmetric and symmetric encryption to provide security at the same time as speed.

With symmetric encryption, a single key is shared among users, while authentication with public and private keys uses asymmetric encryption. Asymmetric encryption is more secure because we can share a public key with many users while security depends on the private key. Symmetric encryption is less secure because we are forced to share the single key.

The advantage of symmetric encryption is speed. Permanent interaction between two devices that are permanently authenticated with asymmetric encryption would be slow. IPSEC integrates both, authenticated first, and asymmetric encryption creates a secure connection between the devices using the IKE and AH protocols and then switches to symmetric encryption to maintain the connection speed. The SSL protocol also integrates both asymmetric and symmetric ciphers, but SSL or TLS belong to the higher layer of the IP protocol. Therefore, IPSEC can be used for TCP or UDP (you can also use SSL or TLS, but this is not the norm).

Using IPSEC is an example of the need to add extra support to our kernel in order for it to be used, as explained in a previous article on the Linux kernel. You can implement IPSEC on Linux with strongSwan, on Debian and Ubuntu systems you can enter:

apt install strongswan -y

An article was also published on VPN services, including IPSEC, which is easy to set up on Ubuntu.

Hope you found this article helpful in understanding the IPSEC protocols and how they work. Follow LinuxHint for more Linux tips and updates.

Something like that