The IP Security protocol suite provides security at the IP (networking) layer (or Layer 3).
The IP Security protocol suite consists of two protocols:
IKE and IPsec were designed to be used between any two nodes in the Internet that want to protect traf?c at the IP networking layer, for both IPv4 and IPv6. For Mobile
IPv6, IKE and IPsec protect binding update and home link conguration information exchange between the wireless terminal and home network.
The following sections present overviews of the basic IP security architecture, the design of IKEv2 which is the latest version of IKE, and IPsec Encapsulating Security
Payload (ESP), and how they are used in Mobile IPv6. For IKE, the emphasis is on understanding the protocol semantics rather than the details of the message syntax.
For IPsec, the protocol semantics are simple, and so more emphasis is placed on the message syntax. In both cases, consult the relevant Internet RFCs for complete details, particularly if implementation is intended.
In addition to these services, anti-replay protection is provided if dynamic key provisioning is used. In Mobile IPv6, both services are supported, but ESP is expected to be more widely used because it supports both data origin authentication and con?dentiality protection in a single protocol and both are needed.
The overall effect is somewhat like a rewall, except the security services supported are more sophisticated because the processing may involve cryptographic operations in addition to simply keeping or dropping the packet.
IPsec requires that two nodes that are engaged in mutual security operations share a security association (SA). An IPsec SA is a collection of state that applies to the unidirectional trafc between nodes. Most protocol transactions consist of bidirectional , so there are typically two SAs between two nodes in most uses of IPsec, one for each direction. The opposite side has SAs that point in the opposite directions.
The IP Security protocol suite provides security at the IP (networking) layer (or Layer 3).
The IP Security protocol suite consists of two protocols:
IKE and IPsec were designed to be used between any two nodes in the Internet that want to protect traf?c at the IP networking layer, for both IPv4 and IPv6. For Mobile
IPv6, IKE and IPsec protect binding update and home link conguration information exchange between the wireless terminal and home network.
The following sections present overviews of the basic IP security architecture, the design of IKEv2 which is the latest version of IKE, and IPsec Encapsulating Security
Payload (ESP), and how they are used in Mobile IPv6. For IKE, the emphasis is on understanding the protocol semantics rather than the details of the message syntax.
For IPsec, the protocol semantics are simple, and so more emphasis is placed on the message syntax. In both cases, consult the relevant Internet RFCs for complete details, particularly if implementation is intended.
In addition to these services, anti-replay protection is provided if dynamic key provisioning is used. In Mobile IPv6, both services are supported, but ESP is expected to be more widely used because it supports both data origin authentication and con?dentiality protection in a single protocol and both are needed.
The overall effect is somewhat like a rewall, except the security services supported are more sophisticated because the processing may involve cryptographic operations in addition to simply keeping or dropping the packet.
IPsec requires that two nodes that are engaged in mutual security operations share a security association (SA). An IPsec SA is a collection of state that applies to the unidirectional trafc between nodes. Most protocol transactions consist of bidirectional , so there are typically two SAs between two nodes in most uses of IPsec, one for each direction. The opposite side has SAs that point in the opposite directions.
No comments:
Post a Comment