Based on protocol packet encryption and authentication at the IP layer, Internet Protocol Security (IPsec) provides integrity, authenticity, and confidentiality for protocol packets transmitted over networks.
IPsec is an open network-layer framework protocol designed by Internet Engineering Task Force (IETF). It is not a single protocol, but a collection of protocols and services that provide security for IP networks. IPsec protocols include security protocols, Internet Key Exchange (IKE), and certain algorithms used for authentication and encryption. The security protocols include Authentication Header (AH) and Encapsulating Security Payload (ESP).
At the advent of IPv4, the Internet scale was small, and physical isolation alone was a sufficient means for Internet security. IPv4 security protection, however, was beyond consideration during IPv4 design and development, since no one expected the explosive growth of the Internet.
Because IP does not provide any security, IP addresses are easily forged, contents in IP packets may be tampered with, and packets may be replayed or intercepted in transit. Therefore, conventional IP layer protocols cannot safeguard received IP packets. Application-layer methods resolve the security problem, but are effective only on specific applications. Therefore, there is an urgent need in protocols that provide security services on the IP layer. The IPsec technology resolves this problem.
IPsec encrypts data to ensure data confidentiality.
IPsec ensures that the data is not tampered with during transmission using data integrity authentication.
IPsec authenticates data origins to ensure that data comes from real senders.
IPsec prevents malicious users from sending obtained packets by enabling the receiver to discard duplicate packets.