|
IPsec stands for Internet Protocol Security. It is a standards framework for securing IP (Internet Protocol) communications. The key differentiator for IPsec is that it provides security at the network or packet processing layer of the protocol stack. Typically, security is provided at the application layer. IPsec, on the other hand, provides security services at the IP layer that other protocols and applications can use.
The two key components of IPsec are the Authentication Header (AH) and the Encapsulating Security Payload (ESP). As its name implies, AH provides authentication services. In other words, the recipient of a message can verify that the sender of the message is legitimate. AH also permits the recipient to verify that the data in a message has not been altered or tampered with. Replay attacks where a message is resent by an illegitimate user are also countered by AH.While AH supports data integrity, ESP supports data privacy by encrypting the contents of an IP packet. Thus, using IPsec, data can be authenticated and encrypted. There are also support components for fundamental cryptography operations such as hashing and encryption algorithms and key management.
IPsec is ideally suited for Virtual Private Networks (VPNs). A VPN is a private network that uses the Internet or other public network to connect remote sites and users together. A secure VPN usually uses IPsec to 'tunnel' between the two endpoints (sender and receiver). As most IPsec solutions require hardware and/or software installation on machines accessing the VPN this effectively acts as an extra layer of security as anyone attempting to access the network illegitimately would require additional hardware or software installation.
Not all VPNs use IPSec. Some use Secure Sockets Layer (SSL). The primary reason for this is financial as IPsec does require specialised software or hardware. SSL VPNs also have the advantage of being more focussed as they can be used to create a tunnel for a specific application rather than the entire corporate network. However, in general they are only appropriate for web-based applications.
There are number of open source IPsec implementation including OpenSwan for LINUX (See http://www.openswan.org/). Similarly, an SSL-based VPN is available from Open VPN (See http://openvpn.net/).
IPsec and SSL are both enablers of VPNs. Given the prevalence of networks emerging for smart grids and eocsystems and the confidential nature of much of this data both could play a key role in providing VPNs for CleanTech and Smart Infrastructure solutions.
|
