upgrade
Fiveable

📡Systems Approach to Computer Networks Unit 18 Review

QR code for Systems Approach to Computer Networks practice questions

18.3 Secure Protocols: SSL/TLS, IPsec

📡Systems Approach to Computer Networks
Unit 18 Review

18.3 Secure Protocols: SSL/TLS, IPsec

Written by the Fiveable Content Team • Last updated September 2025
Written by the Fiveable Content Team • Last updated September 2025
📡Systems Approach to Computer Networks
Unit & Topic Study Guides
18.1 Cryptographic Principles
18.2 Authentication and Digital Signatures
18.3 Secure Protocols: SSL/TLS, IPsec

SSL/TLS and IPsec are crucial protocols for securing internet communications. SSL/TLS operates at the application layer, providing encrypted connections for web browsers and servers. It uses a handshake process to establish secure communication, ensuring data confidentiality and integrity.

IPsec, on the other hand, works at the IP layer, offering security services for all network traffic. It uses two main protocols: Authentication Header and Encapsulating Security Payload. IPsec can operate in transport or tunnel mode, making it versatile for various network security needs.

SSL/TLS Protocol

Purpose of SSL/TLS protocol

  • Provides secure communication between web browsers and servers ensures confidentiality, integrity, and authentication of data transmitted over the internet (online banking, e-commerce)
  • Establishes an encrypted connection using a handshake process negotiates cryptographic algorithms and parameters, verifies server identity using digital certificates (RSA, ECC)
  • Encrypts data exchanged between client and server prevents eavesdropping and tampering by unauthorized parties (man-in-the-middle attacks)
  • Operates at the application layer, on top of the transport layer typically TCP (HTTPS, FTPS)

Processes in SSL/TLS

  • Key exchange process
    1. Client and server agree on cryptographic algorithms and parameters
    2. Server sends digital certificate containing public key to client
    3. Client verifies server's certificate and extracts public key
    4. Client generates random session key and encrypts it with server's public key
    5. Encrypted session key sent to server, decrypted using server's private key
  • Authentication process
    • Server's identity verified by client using server's digital certificate issued by trusted Certificate Authority (CA), contains server information
    • Client checks certificate validity, expiration date, and CA's digital signature (browser trust store)
    • Optional client authentication can be performed using client certificates (two-way authentication)
  • Encryption process
    • Session key securely exchanged, used to encrypt data between client and server
    • Symmetric encryption algorithms used for efficient encryption and decryption (AES, ChaCha20)
    • Message Authentication Codes (MACs) ensure data integrity (HMAC-SHA256)

IPsec Protocol

Role of IPsec

  • Provides security services at IP layer, protecting data as it travels across network ensures confidentiality, integrity, and authentication of IP packets (VPNs)
  • Consists of two main protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP) AH provides data integrity and authentication, ESP provides confidentiality, data integrity, and authentication
  • Uses Security Associations (SAs) to define security parameters for each connection specify cryptographic algorithms, keys, and other settings (IKEv2)
  • Can be used in two modes: transport mode and tunnel mode

IPsec modes

  • Transport mode
    • Protects payload of IP packet, leaving original IP header intact
    • Suitable for end-to-end communication between two hosts (server-to-server)
    • Provides security services only for higher-layer protocols (TCP, UDP)
  • Tunnel mode
    • Encapsulates entire original IP packet (header and payload) within new IP packet
    • Suitable for creating secure virtual private networks (VPNs) between two networks (site-to-site)
    • Provides security services for entire original IP packet
    • Commonly used for securing communication between two gateways or routers (remote access)

SSL/TLS vs IPsec

  • Benefits of SSL/TLS
    • Widely supported by web browsers and servers
    • Provides secure communication for web-based applications (online shopping, social media)
    • Allows granular control over security of individual connections
    • Operates at application layer, easy to implement and deploy
  • Limitations of SSL/TLS
    • Secures only application layer data, not entire IP packet
    • Requires additional overhead for handshake process and encryption
    • May not be suitable for securing non-web-based applications or protocols (email, file transfer)
  • Benefits of IPsec
    • Provides security at network layer, protecting all applications and protocols
    • Supports both end-to-end and gateway-to-gateway secure communication
    • Offers flexibility in terms of security services provided (AH or ESP)
    • Suitable for creating secure VPNs between networks
  • Limitations of IPsec
    • Requires support from operating system or network devices
    • May introduce additional latency due to encryption and decryption processes
    • Can be more complex to configure and manage compared to SSL/TLS
    • May not be suitable for securing individual applications or connections