IPsec

  The IP Security architecture [8], as specified by the Internet Engineering Task Force (IETF), is comprised of a set of protocols that provide data integrity, confidentiality, replay protection, and authentication at the network layer. This positioning in the network stack offers considerable flexibility in transparently employing IPsec for different roles (e.g., building Virtual Private Networks, end-to-end security, remote access, etc.). Such flexibility is not possible at higher or lower levels of the network stack.

The overall IPsec architecture is very similar to previous work [5] and is composed of three modules:

• The data encryption/authentication protocols [6,7]. These are the ``wire protocols,'' used for encapsulating IP packets to be protected. They simply provide a format for the encapsulation; the details of the bit layout are not particularly important for the purposes of this paper.

  Outgoing packets are authenticated, encrypted, and encapsulated just before being sent to the network, and incoming packets are decapsulated, verified, and decrypted immediately upon receipt. These protocols are typically implemented inside the kernel, for performance and security reasons. A brief overview of the OpenBSD kernel IPsec architecture is given in Section 2.2.

• A key exchange protocol (e.g., IKE[4]) is used to dynamically establish and maintain Security Associations (SAs). An SA is the set of parameters necessary for one-way secure communication between two hosts (e.g., cryptographic keys, algorithm choice, ordering of transforms, etc.). Although the wire protocols can be used on their own using manual key management, wide deployment and use of IPsec in the Internet requires automated, on-demand SA establishment. Due to its complexity, the key management protocol is typically implemented as a user-level process.
• The policy module governs the handling of packets on their way into or out of an IPsec-compliant host. Even though the security protocols protect the data from tampering, they do not address the issue of which host is allowed to exchange what kind of traffic with what other host. This module is in fact split between the kernel (which decides what level of security incoming or outgoing packets should have) and user space (making higher-level decisions, e.g., which user is allowed to establish SAs and with what parameters).

For more details on their implementation in OpenBSD, see [3].