IPSec (ESP, AH, DES, MD5, SHA, DH)

Internet Protocol Security (IPsec) is a protocol suite to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys that will be used during the session. Some example of IPsec includes: ESP, AH, DES, MD5, SHA and DH.

Encapsulating Security Payload (ESP)

ESP is a security protocol that is used to provide confidentiality (encryption), data origin authentication, integrity, optional anti-replay service, and limited traffic-flow confidentiality by defeating traffic-flow analysis.

Authentication Header (AH)

AH provides authentication and integrity to the datagrams that are passed between two systems. This is achieved by applying a keyed one-way hash function to the datagram to create a message digest. If any part of the datagram is changed during transit, this will be detected by the receiver when it performs the same one-way hash function on the datagram and compares the value of the message digest that the sender has supplied. The fact that the one-way hash also involves the use of a secret shared between the two systems means that authenticity can be guaranteed.

DES Algorithm

DES is used to encrypt and decrypt packet data; it is capable of turning clear text into cipher text via an encryption algorithm. The decryption algorithm on the remote end restores clear text from cipher text. The shared secret keys enable the encryption and decryption of the packet data. Also, DES uses a 56-bit key, which ensures high-performance encryption.

Message Digest 5 (MD5)

MD5 is a hash algorithm used to authenticate packet data. Cisco routers and PIX Firewall uses the MD5 hashed message authentication code (HMAC) variant that provides an additional level of hashing. A hash is a one-way encryption algorithm that takes an input message of arbitrary length and produces a fixed-length output message. MD5 authentication can also be used by IKE, AH and ESP.

Secure Hash Algorithm 1 (SHA-1)

SHA-1 is a hash algorithm used to authenticate packet data. Cisco routers and the PIX Firewall use the SHA-1 HMAC variant, which provides an additional level of hashing. Similar to MD5, SHA-1 authentication can also be used by IKE, AH and ESP.

Diffie-Hellman (D-H)

D-H is a public-key cryptography protocol which allows two parties to establish a shared secret key that will be used by encryption algorithms over an insecure communications channel. D-H is used within IKE to establish session keys. 768-bit and 1024-bit D-H groups are supported in the Cisco routers and PIX Firewall. The 1024-bit group is more secure than 768-group.

http://en.wikipedia.org/wiki/IPsec

http://www.ciscopress.com/articles/article.asp?p=25470