Internet Protocol Security (IPsec)

The purpose of this document is to provide a basic knowledge and understanding of the Internet Protocol Security otherwise known as IPSec to include additional protocols that are used as part of the IPsec suite. This document is intended for anybody looking to gain a basic knowledge and understand of what IPSec is and how it works.

In order to ensure the confidentiality of data on a network there may be a need to use different forms of encryption or encryption techniques. The Open Source Interconnect (OSI) model can be used as a guideline to know how data is being protected and at which layer of the OSI model the data is being protected at (Teare, 1999). The seven layers of the OSI model are:

Data link

One of those methods to ensure data is secure is by using Internet Protocol Security, otherwise known as IPsec. IPsec functions at the Networking Layer, which is the same layer of the OSI, model that the Internet Protocol works at. Because IPsec works at the Networking Layer all of the Layers above the Data Link Layer are being protected. Other security systems like SSL, TLS, and SSH, function at higher levels of the OSI model and a system needs to be designed to incorporate these security systems, however due to IPsec functioning at the Networking Layer it is more flexible and systems do not need to be designed to use IPsec.

IPsec uses different protocols to authenticate and encrypt each packet within a data stream. IPsec is a framework of open standards that uses protocols like Inter Key Exchange (IKE and IKEv2), Authentication Header (AH), and Encapsulation Security Payload (ESP) to ensure secure communications. During the beginning of a session of communications between hosts, the IKE protocol establishes a mutual agreement of which shared secret key will be used during a session. The sessions of secure communications can be established between different hosts, gateway and hosts, and gateway and firewall. Once two hosts establish which cryptologic key will be used secure communications can begin. When a packet is sent from one host to another the receiving host uses the AH protocol, which ensures the integrity of a packet and that the packet is being sent from an authenticated host. The authentication header protects against replay attacks by using a “sliding window technique” that discards any aging packets (Network Sorcery, Inc., 2004). The Encapsulation Security Payload (ESP) transforms the data by encrypting it with an encryption algorithm key and then repackaging the datagram to include and ESP header, ESP trailer, and ESP authenticated data. Even though IPsec sounds like one form of encryption it is actually a suite of protocols that are used in conjunction with each other by using their own methods to ensure the data is being transferred from one host to another securely.

In conclusion, IPsec is actually a suite a protocol that function at the network layer of the OSI model to ensure data is being transferred from one host to another securely. As part of the IPsec suite the inter key exchange, authentication header, and the encapsulation security payload each perform their own function and build upon each other. The inter key exchange protocol is responsible for negotiating from one host to another to come to a mutual agreement on which shared secret key will be used. The authentication header protocol is responsible for ensuring the integrity of the data and protecting against replay attacks. The encapsulation security payload is responsible for encrypting the data and transforming the datagram so that the remote host can successfully decrypt the datagram and read the data.

1. Teare, Diane (1999). Internetworking Technology Handbook – Internetworking Basic – Cisco Systems. Retrieved March 13, 2009, from Internetworking Technology Handbook – Internetworking Basic – Cisco Systems Web site:
2. (2004, June 7th). AH, Authentication Header. Retrieved March 13, 2009, from Network Sorcery, Inc. Web site: