Main Menu

My Account
Online Free Samples
   Free sample   Cryptography assignment ipsec vs secure socket layer

Cryptography Assignment: IPSec Vs. Secure Socket Layer

Question

Task:
In this cryptography assignment, you are required to independently research a cryptosystem of your choice which is widely used in the world today. You task is to prepare a 2000-word report to explain the cryptosystem you have chosen: how it works, where it is used, why it is important, and its advantages and disadvantages compared to other algorithms. This report should be aimed at a professional but non-expert audience; for example, a first-year student in computer science, or an IT professional who is not an expert in cryptography.

The cryptosystem you choose should have the following properties:

  • It is a standard algorithm that is being widely used in 2021.
  • It uses both symmetric and asymmetric ciphers.
  • It uses a method of verifying message integrity and message authentication.

Some good choices of cryptosystem that you could select include: PGP, HTTPS or TLS, SSH, IPsec, and WPA3.

Answer

Introduction
It is evident herein cryptography assignment that the security protocols must provide the ability to mechanism to combine and safeguard all the three information properties. These properties include confidentiality, integrity, and availability of the information sets. Also, it is necessary that the authenticity of information is maintained by enabling only the authorized users to access the information. The use of strong cryptographic key with a weak authentication algorithm can lead to the added benefits to the attackers. It can cause disruptions in the data sets. Similarly, the presence of strong authentication algorithm with a weak encryption algorithm can make it easier for the attacker to perform data decryption. The involvement of strong encryption and authentication algorithms can bring up the issues of increased power consumption. The combination of these algorithms can, therefore, be critical. There are various developments that have been made in both the areas. IPSec (IP Security) and SSL (Secure Socket Layer) are the two most popular algorithms that shall be used. The paper includes the comparison and contrast of the two.

Explanation of Cryptosystem
IPSec

IPSec includes a suite of protocols that ensure the security of the IP traffic at the network layer. It also defines the mechanism to secure the CIA triad over the Internet. These mechanisms are ensured with the aid of the processes, such as tunneling, encryption, and authentication. If two entities are required to communicate using IPSec then it is necessary that both the entities agree to the same security policy which is referred as a security association. It is required to configure the same in the devices or at the end of the IPSec connection. IPSec tunnel provides the mechanism to secure all the communications irrespective of the traffic or application type. It is possible to establish the tunnel from server-to-server or from user-to-server. IPSec server provides the ability to secure the traffic for multiple devices and it is termed as a gateway. The user is termed as a host (Hwang et al., 2015).

How IPSec Works
IPsec is a combination of services and protocols that assure the security over the network channel. These components are integrated with each other to offer enhanced security. IPSec works at the network layer and therefore, it can assure protection for any higher-layer TCP/IP application without requiring any additional methods. It can provide encryption of the data to safeguard the privacy. Authentication is also assured to avoid any integrity attacks. Devices can also negotiate on the security protocol that shall be followed. IPSec guarantees the security of the information sets by carrying out the following tasks and activities.

  • The entities must agree upon a security protocol to use to make sure that the security is always maintained
  • Specific encryption algorithm shall be discussed and confirmed for data encoding
  • Two parties involved shall exchange the keys so that these keys can be used to unlock/decrypt the data
  • Once these finalizations are made, the devices must make use of the protocols, methods, and keys to encode the data and share it over the network channels.

There are several protocols and services included in the IPSec to make sure that the intended services are completed and the goals are attained. The same is shown in the figure below (Jeong, Hwang, Yeo, et al., 2015).

IPSec Works in cryptography 1

IPSec primarily comprises of two protocols as Authentication Header (AH) and Encapsulating Security Payload (ESP). Also with these two, there are three support components included within IPSec. AH and ESP do not illustrate the exact mechanism that can be applied for the purpose of encryption. It enables the flexibility to use the algorithms and the parties get to negotiate on the algorithms that shall be used. The two most commonly used methods are Message Digest 5, MD5 and Secure hash algorithm, SHA-1. These algorithms and functions used hash-based functions and therefore are termed as the hash algorithms or functions. AH is the protocol that ensures authentication of the data sets and also makes sure that the integrity validations are carried out Replay protection is also enabled; however, the protocol does not include any mechanism to safeguard the confidentiality (Jeong, Hwang, Kim, et al., 2015).

The data packets are discarded from the destination point if the authentication check fails. The confidentiality of the data is not assured and therefore no encryption algorithms are involved with AH. The IP header and the data sets are authenticated using the AH header. AH makes it possible to protect the fields of the IP datagram apart from the ones that are changed during the data transfers, Based on the security levels, hash functions are used by AH, such as HMAC-MD5 or HMAC-SHA1. It is possible to use AH in tunnel as well as transport mode.

ESP unlike AH also provides data confidentiality along with the mechanism to safeguard authentication and integrity. Since confidentiality is guaranteed by ESP, encryption services are also provided by the protocol. Encryption makes it possible to convert the plain text in the cipher form so that the message content is hidden. Decryption involves the conversion of the cipher form to the plain text so that the message is readable again. ESP makes use of symmetric algorithms to maintain privacy and confidentiality of the data. Packet payload authentication can also be enabled with ESP. The protocol also supports authentication-only or encryption-only configurations (Paulis, 2017).

IPSec provides high degree of flexibility in letting the parties determine the procedure for the implementation of security. IT requires certain measures to keep a track of the security relationships between the parties and the components. It is carried out using constructs that are referred as security policies and security associations. It enables the ways to exchange security association information. The devices shall be able to exchange encryption information. It shall be possible for the parties to share the security keys for encryption and decryption. It is also required to exchange the security association details. Internet Key Exchange, IKE is the protocol that is used to enable such capabilities.

Comparison with other Cryptosystem
The other ecosystem that is commonly used is the Secure Socket Layer, SSL. It is the protocol that is utilised to secure the web-based communications on the network channel at the application layer. The protocol uses encryption and authentication techniques to maintain the privacy of the communications. These communications occur between the two devices that usually include a web server and the user’s machine. Encryption in SSL is 40-bit or 128-bit RC4 encryption. SSL also maintains flexibility in the enterprises to determine the security level. In the case of SSL, every application is secured one at a time. It is different from IPSec in which the operations are carried out without any dependency on the other application. To maintain the security, the application server must support the user access using a web browser (Taylor, 2019). Most of the commonly used web browsers provide support to SSL. It needs upgrading the existing systems. The process can involve a lot of time.

IPSec vs SSL – Advantages & Disadvantages

  • Accessibility / Simplicity
    • The main benefit with IPSec is that the operations are conducted at the network layer ensuring the security of all the applications. Remote users can also access the corporate resources making the protocol suitable for tele-commuters and remote workers (Salman, 2017).
    • SSL VPNs make use of standard browsers as their interfaces. The users are already familiar with the browsers providing easy integrations and understanding.
    • Remote access provided by SSL is very mobile. The users can access the same on their mobile devices even while travelling or in different locations.
  • Encryption
    • There is difference in the encryption algorithms used in the two cases. IPSec primarily uses 56-bit DES or 112 or 168-bit triple-DES. SSL, on the other hand, uses 40 or 128-bit RC4. Both these encryption algorithms are capable of providing security; however, IPSec with triple-DES ensures better encryption. One of the major concerns is to assure that the remote users adhere with the encryption policy to achieve better results. It comes easy with IPSec VPN. This is because the devices or parties involved shall agree upon the encryption algorithm and policy confirmed. This feature is not always present in the case of SSL VPN. As a result, business enterprises may not ensure the encryption of the remote users with SSL VPN (Zhang, 2016).
  • AUTHENTICATION
    • Authentication is another aspect that is supported by IPSec as well as SSL. The authentication can be the same for IPSec as well as SSL. The authentication technologies supported are primarily determined by the VPN provider. Both the techniques can include id-password or these can include X.509 digital certificates.
    • Authentication is provided and ensured by both the techniques; however, it is inferior in SSL as compared to IPSec. This is because specific software is required by the users to be installed on their machines to that they can obtain access over the network channels. Such requirements are not associated with SSL wherein the users can simply gain access through the web browsers.
    • One drawback of SSL in this area is that authentication demands the end-users to carry out the verification that the certificate being presented by the server is adequate and correctly described the server identity. It is possible that the malicious entities may provide bogus certificate to the user and develop a secure communication channel with this technique. It can result in the occurrence of the eavesdropping or other forms of man in the middle attacks.
  • Management Complexity
    • IPSec can offer better authentication and encryption as compared to SSL; however, there can be additional complexity that may be offered with IPSec VPN. This is because the additional software is needed with IPSec VPN and such is not the case with SSL VPN. IPSec also involves the configuration of numerous network parameters so as to establish an end-to-end VPN tunnel (Sholihah et al., 2019). It also requires the administrators involved in the configuration process to be experts on the tunnelling and encryption procedures.
    • SSL VPNs are usually referred as client-less. This is mainly because they work with an existing software that is embedded in the operating systems. The administrators can easily provide the other users with the access to the VPN using the ID and password combination or by sharing the URL of the VPN gateway with the end-users (Abideen et al., 2019).

Comparison chart
There are several differences present between IPSec VPN and SSL VPN. The following table specifies and highlights some of these differences.

Parameter

IPSec VPN

SSL VPN

Connectivity

It includes site to site as well as remote access connectivity

Only remote access connectivity is enabled

Installation

Addition software as client VPN is needed

No installation of client VPN is required in this case

 

 

 

Complexity

It is found to be more complex

It is found to be less complex

Cost

The cost of this VPN is higher (Sari & Batubara, 2018)

It involves lower costs

Security and Control

Broad access can result in the security issues

Granular controls may need additional management

Endpoints

Needs host-based clients

Browser-based clients along with an option to have thin clients (Wang & Peng, 2015)

Layer

Operates at the network layer

Operations at the application layer along with layers 4 to 6

Training

Specializing training is essential

Specialized training is not necessary


Conclusion
For any business, the access to the private information over the network channels can be complex. SSP and IPSec VPNs can be implemented to provide assistance to the enterprises by enabling the access without compromising on the security. It is essential to determine the deployments aspects of both the techniques along with the security capabilities offered by SSL and IPSec. Both the VPNs come with a few variations and differences. For example, SSL VPN is found to be more suited for site-to-site connections. It is not required to install the client software or receive any specialized training. IPSec, on the other hand provide better authentication and encryption which is essential from the security aspect.

References
Abideen, M., Saleem, S., & Ejaz, M. (2019). VPN Traffic Detection in SSL-Protected Channel. Security and Communication Networks, 2019, 1–17. https://doi.org/10.1155/2019/7924690

Hwang, S., Park, M., Moon, D., Kang, H., Kim, J., & Lee, C. (2015). Analysis of Padding Oracle Attack Possibility about Application Environment; SRTP, MIKEY, CMS, IPSec, TLS, IPTV. KIPS Transactions on Computer and Communication Systems, 4(2), 73–80. https://doi.org/10.3745/ktccs.2015.4.2.73

Jeong, W. H., Hwang, L.-M., Yeo, B.-G., Kim, K.-H., Park, S.-H., Yang, S.-W., Lim, J.-S., & Kim, K.-S. (2015). Effect Analysis of a Authentication Algorithm in IPsec VPN Satellite Communication. The Journal of the Institute of Internet, Broadcasting and Communication, 15(5), 147–154. https://doi.org/10.7236/jiibc.2015.15.5.147

Jeong, W.-H., Hwang, L.-M., Kim, K.-H., Park, S.-H., Yang, S.-W., Lim, J.-S., & Kim, K.-S. (2015). Performance Analysis of a Satellite Communication System based on IPsec VPN. The Journal of the Institute of Webcasting, Internet and Telecommunication, 15(1), 53–60. https://doi.org/10.7236/jiibc.2015.15.1.53

Paulis, M.-A. (2017). Solutions for Network Traffic Security: VPN Through IPsec and PKI. International Journal of Information Security and Cybercrime, 6(2), 40–46. https://doi.org/10.19107/ijisc.2017.02.06

Salman, F. A. (2017). Implementation of IPsec-VPN Tunneling using GNS3. Indonesian Journal of Electrical Engineering and Computer Science, 7(3), 855. https://doi.org/10.11591/ijeecs.v7.i3.pp855-860

Sari, L. O., & Batubara, A. K. (2018). Impact of Different Topology on the Performance of IPSec VPN Multimedia Using CLSA. International Journal of Electrical, Energy and Power System Engineering, 1(2), 20–25. https://doi.org/10.31258/ijeepse.1.2.20-25

Sholihah, W., Rizaldi, T., &Novianty, I. (2019). Information and communication system technology with VPN site-to-site IPsec. Journal of Physics: Conference Series, 1193, 012012. https://doi.org/10.1088/1742-6596/1193/1/012012

Taylor, A. (2019). Decrypting SSL traffic: best practices for security, compliance and productivity. Network Security, 2019(8), 17–19. https://doi.org/10.1016/s1353-4858(19)30098-4

Wang, X., & Peng, X. (2015). VPN Gateway Research in Wireless Network Based on SSL Technology. International Journal of U- and E-Service, Science and Technology, 8(4), 17–26. https://doi.org/10.14257/ijunesst.2015.8.4.03

Zhang, M. (2016). Study on Remote Access for Library Based on SSL VPN. International Journal of Control and Automation, 9(1), 111–122. https://doi.org/10.14257/ijca.2016.9.1.11

NEXT SAMPLE

Related Samples

Question Bank

Looking for Your Assignment?

Search Assignment
Plagiarism free Assignment

FREE PARAPHRASING TOOL

PARAPHRASING TOOL
FREE PLAGIARISM CHECKER

FREE PLAGIARISM CHECKER

PLAGIARISM CHECKER
FREE PLAGIARISM CHECKER

FREE ESSAY TYPER TOOL

ESSAY TYPER
FREE WORD COUNT AND PAGE CALCULATOR

FREE WORD COUNT AND PAGE CALCULATOR

WORD PAGE COUNTER



AU ADDRESS
9/1 Pacific Highway, North Sydney, NSW, 2060
US ADDRESS
1 Vista Montana, San Jose, CA, 95134
ESCALATION EMAIL
support@totalassignment
help.com