23-06-2012, 01:29 PM
IP Security (IPSec)
IP Security.doc (Size: 1.08 MB / Downloads: 64)
Introduction
In the past decades, various security-enhanced measures have been proposed to improve the security of data transmission over public networks. Existing work on security-enhanced data transmission includes the designs of cryptography algorithms and system infrastructures and security-enhanced routing methods. Their common objectives are often to defeat various threats over the Internet, including eavesdropping, spoofing, session hijacking, etc. Among many well-known designs for cryptography based systems, the IP Security (IPSec) and the Secure Socket Layer (SSL) are popularly supported and implemented in many systems and platforms.
Literature survey
IP Security (IPsec):
The IP Security architecture (IPsec) defines basic security mechanisms at the network level, so that they can be available to all the layered applications. The security techniques adopted in IPsec have been designed to be easily inserted in both IPv4 and IPv6. IPsec security services are offered by means of two dedicated extension headers, the Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key management procedures and protocols. The AH header was designed to ensure authenticity and integrity of the IP packet. It also provides an optional anti-replay service. On the other hand, the ESP header provides data encapsulation with encryption to ensure that only the destination node can read the payload conveyed by the IP packet. ESP may also provide packet integrity and authenticity, and an anti-reply service.
Secure Socket Layer (SSL):
A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS. SSL is a type of sockets communication and resides between TCP/IP and upper layer applications, requiring no changes to the application layer. SSL is used typically between server and client to secure the connection. The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys.
Performance Analysis Evaluation over IPsec:
The system overheads and performance of IPSEC were explored based on the Common Criteria (CC), an international standard in the definitions of the information technology security requirements. Security-enhanced services usually come at the price of additional overheads and might reduce the system performance. IPSEC operates directly on IP packets without an additional layer for data transmissions between gateways. Prior to the proposing of IPSEC, network operators were forced to deploy solutions such as those at the application level, e.g., Secure Sockets Layer (SSL). Compared with IPSEC, SSL provides less flexibility and is less efficient.
Adaptive Multi-Path Routing:
There are two main types of intra-domain routing protocols with respect to the underlying path calculation algorithms: link-state protocols like OSPF (Open Shortest Path First) are based on the Dijkstra algorithm and require a global view of the network topology in every node, whereas for distance-vector protocols, the local perspective is sufficient. In most operational Internet Service Provider (ISP) networks, the link cost values are usually kept static for several hours or days, during which traffic always takes the same path from source to sink.
Multi-path Routing Approach for Secure Data Delivery:
In any modern network, there is a need for security. However, the current Internet, without integrating with security mechanisms originally, has a number of security problems and lacks effective protection of confidentiality and integrity of the data transferred over the network below the application layer. The internetworking communication will be exposed to all kinds of attacks in such an open hostile environment. With the emerging of applications such as e-commence/m-commerce, the need for network security services that can provide secure communication in public networks has been more and more significant.