The K Zone, Home

About Me

K View

Projects

Papers

Gallery

Email
 

 

  
  A review of security techniques used in protecting Active Server Pages (ASP) - Page 5

 

Back to Contents Page

  
 

 

Security Techniques used in protecting Active Server Pages

3. Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec) is a collection of standards that was designed specifically to create secure end-to-end secure connections. The standards were developed by the Internet Engineering Task For (IETF) to secure communications over both public and private networks, though it is particularly beneficial to public networks [5].

Using IPSec
The authentication and confidentiality functions of IPSec are divided into two independent parts which can be applied together or individually to a data message.
The authentication part is implemented by the Authentication Header (AH). This is located after the basic header of the message and contains cryptographic hashes of the data and identification information.


The confidentiality part is implemented by the Encapsulating Security Payload (ESP) header. This allows for the message data to be written in encrypted form [5].
The IPSec security functions can be applied in one of two modes:


· Transport mode, only the payload of the message is encrypted (Figure 4);

Message in Transport Mode

Figure 4. Message in Transport mode

· Tunnel mode, the payload, the header and the routing information are all encrypted (Figure 5).

Message in Tunnel mode

Figure 5. Message in Tunnel mode

Encryption is performed through the use of public and private key cryptology, keys are issued upon commencing a session and associated to the users respective identities. The sender encrypts the message using their private key. The receiver uses the senders public key to decrypt the message.

IPSec Security Review
Proper implementation of IPSec can provide a secure channel for transferring data. However it's not without it's limitations. When implemented in transport mode, IPSec is susceptible to replay attacks. Sessions are exposed to the possibility of hijacking if an authentication header is not used.


Furthermore, IPSec in transport mode is also susceptible to source routing exploits. This danger is greatly reduced by using tunnel mode as routing information is encrypted [5].

Next Page

 

  

Home | About Me | K View | Projects | Papers | Gallery | Email