Network-Layer Security | IPSec Modes
Category - Computer Networks | Network Layer
This article begins with a consideration of security at the network layer. Security is implemented between two hosts, two routers, or a host and a router at the network layer.
Those programs directly using the network layer's services, including routing protocols, are protected by network-layer security. Since UDP is a connectionless protocol and transport-layer security mechanisms cannot be applied to UDP, apps that use UDP can also profit from this service. We just talk about IPSec as an example of application-layer security here. The Internet Engineering Task Force (IETF) created a group of protocols known as IP Security (IPSec) to secure a packet at the network level. The IP layer benefits from creating authenticated and private packets thanks to IPSec.
Transport mode or tunnel mode are the two ways IPSec can be used.
Keep in mind that IP header protection is not provided by transport mode. To put it another way, the packet from the transport layer is protected by transport mode, which does not secure the entire IP packet (the IP-layer payload). The information arriving from the transport layer is enhanced in this mode by adding the IPSec header (and trailer). The IP header is included afterwards.
When host-to-host (end-to-end) data protection is required, we typically employ the transport mode. The payload sent from the transport layer is authenticated and/or encrypted by the sender host using IPSec. The IP packet is delivered to the transport layer by the receiving host using IPSec to verify the authentication and/or decrypt it. This idea is demonstrated in the given figure.
We'll see in a moment how the new IP header differs from the old IP header in terms of its information. As illustrated in the following figure, tunnel mode is typically used between two routers, a host and a router, or a router and a host. It appears as though the complete original packet travels via a fictitious tunnel to prevent tampering between the sender and the receiver.
The IPSec layer sits between the transport and network layers in transport mode. In tunnel mode, data is transferred back and forth between the network and IPSec layers before being sent back to the network layer. The two modes are compared in the following figure.