**Cryptographic Security for Internet : TLS/SSL, VPN/SSL vs VPN/IPsec**

# **Cryptographic Security for Internet : TLS/SSL, VPN/SSL vs VPN/IPsec** welcome to project :tada: [toc] ## **1.Cryptoraphic Security for Internet :** Cryptographic security is a way of securely transforming or transmitting information through the use of methods that transform information so that only those authorized to such information can read and process it. The conversion of this information is done through two processes: encryption and decryption. In it, coding is the conversion of information from a state that is readable to humans into non-readable but incomprehensible forms. Cryptographic Security for Internet is important. Scalable applications and services are vulnerable to various attacks and information leakage, demanding greater levels of security and privacy. ![](https://i.imgur.com/AGxzLrB.png) ## **2.TLS/SSL** ### **What is TLS/SSL ?** Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that made the most popular Web browser at the time. SSL 1.0 was never released to the public, and SSL 2.0 had serious flaws. SSL 3.0, released in 1996, was completely revamped, and set the stage for what followed. :::success When the next version of the protocol was released in 1999, it was standardized by the Internet Engineering Task Force (IETF) and given a new name: Transport Layer Security, or TLS. As the TLS specification notes, "the differences this protocol and SSL 3.0 are not dramatic." Thus, it's not really a matter of TLS vs. SSL; rather, the two form a continuously updated series of protocols, and are often lumped together as SSL/TLS. ::: ![](https://i.imgur.com/33wNReQ.png) ### **How does TLS/SSL work ?** These are the essential principles to grasp for understanding how SSL/TLS works: * Secure communication begins with a TLS handshake, in which the two communicating parties open a secure connection and exchange the public key * During the TLS handshake, the two parties generate session keys, and the session keys encrypt and decrypt all communications after the TLS handshake * Different session keys are used to encrypt communications in each new session * TLS ensures that the party on the server side, or the website the user is interacting with, is actually who they claim to be * TLS also ensures that data has not been altered, since a message authentication code (MAC) is included with transmissions > With TLS, both HTTP data that users send to a website (by clicking, filling out forms, etc.) and the HTTP data that websites send to users is encrypted. Encrypted data has to be decrypted by the recipient using a key. ![](https://i.imgur.com/6TCRmgS.png) ## **3.VPN/SSL** ### **What is VPN ?** ![](https://i.imgur.com/kR21pBI.png) A virtual private network, better known as a VPN, gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot. A virtual private network is a key privacy tool that you should use when you’re logging onto the internet from a public place such as a coffee shop, hotel lobby, or any other spot that offers access to free public Wi-Fi. A VPN creates a type of tunnel that hides your online activity, including the links you click or the files you download, so that cybercriminals, businesses, government agencies, or other snoops can't see it. Ready to find out more? Click on the links to jump to different topics, from a deeper understanding of VPN meaning to learning how to choose a VPN. ### **VPN/SSL** A secure sockets layer VPN (SSL VPN) enables individual users to access an organization's network, client-server applications, and internal network utilities and directories without the need for specialized software. SSL VPNs provide safe, secure communication via an encrypted connection for all types of devices, regardless of whether access to the network is via the public internet or another secure network. All traffic between a web browser and an SSL VPN device is encrypted with either the SSL or transport layer security (TLS) protocol. Individual users of the SSL VPN do not have to decide which protocol to use for the VPN to do its job. Instead, the SSL VPN automatically uses the newest, most updated cryptographic protocol that has been installed on the user's browser. Users do not need to worry about updating the protocol on their browser either. Whenever a browser or an operating system (OS) is updated, the newest version of the protocol is updated along with it. ## **4.VPN/IPsec** ### **What is IPsec ?** IPsec is a group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from. Within the term "IPsec," "IP" stands for "Internet Protocol" and "sec" for "secure." The Internet Protocol is the main routing protocol used on the Internet; it designates where data will go using IP addresses. IPsec is secure because it adds encryption* and authentication to this process. ### **How does IPsec work?** ![](https://i.imgur.com/AWwXIKC.png) IPsec connections include the following steps: **Key exchange:** Keys are necessary for encryption; a key is a string of random characters that can be used to "lock" (encrypt) and "unlock" (decrypt) messages. IPsec sets up keys with a key exchange between the connected devices, so that each device can decrypt the other device's messages. **Packet headers and trailers:** All data that is sent over a network is broken down into smaller pieces called packets. Packets contain both a payload, or the actual data being sent, and headers, or information about that data so that computers receiving the packets know what to do with them. IPsec adds several headers to data packets containing authentication and encryption information. IPsec also adds trailers, which go after each packet's payload instead of before. **Authentication:** IPsec provides authentication for each packet, like a stamp of authenticity on a collectible item. This ensures that packets are from a trusted source and not an attacker. **Encryption:** IPsec encrypts the payloads within each packet and each packet's IP header (unless transport mode is used instead of tunnel mode — see below). This keeps data sent over IPsec secure and private. **Transmission:** Encrypted IPsec packets travel across one or more networks to their destination using a transport protocol. At this stage, IPsec traffic differs from regular IP traffic in that it most often uses UDP as its transport protocol, rather than TCP. TCP, the Transmission Control Protocol, sets up dedicated connections between devices and ensures that all packets arrive. UDP, the User Datagram Protocol, does not set up these dedicated connections. IPsec uses UDP because this allows IPsec packets to get through firewalls. **Decryption:** At the other end of the communication, the packets are decrypted, and applications (e.g. a browser) can now use the delivered data. ![](https://i.imgur.com/QjBfgIw.png) ### **What protocols are used in IPsec?** In networking, a protocol is a specified way of formatting data so that any networked computer can interpret the data. IPsec is not one protocol, but a suite of protocols. The following protocols make up the IPsec suite: **Authentication Header (AH):** The AH protocol ensures that data packets are from a trusted source and that the data has not been tampered with, like a tamper-proof seal on a consumer product. These headers do not provide any encryption; they do not help conceal the data from attackers. **Encapsulating Security Protocol (ESP):** ESP encrypts the IP header and the payload for each packet — unless transport mode is used, in which case it only encrypts the payload. ESP adds its own header and a trailer to each data packet. **Security Association (SA):** SA refers to a number of protocols used for negotiating encryption keys and algorithms. One of the most common SA protocols is Internet Key Exchange (IKE). Finally, while the Internet Protocol (IP) is not part of the IPsec suite, IPsec runs directly on top of IP. ## **5.VPN/SSL vs VPN/IPsec :** **Difference between IPSec and SSL/VPN** |IPSec - Internet Protocol Security | SSL - Secure Socket Layer | | -------- | -------- | | A set of protocols that provide security for Internet Protocol. |A secure protocol developed for sending information securely over the Internet.| |Used to secure a Virtual Private Network|Used to secure web transactions.| |Installation process is Vendor Non-Specific.|Installation process is Vendor Specific.| :::info Each type of VPN has its pros and cons. Sometimes trade-offs have to be made when choosing either one to manage your remote network access. You might even have a situation where both can be used. Some of today’s networks are hybrid networks, which have both on-prem and cloud components that would require the use of both types of VPNs. It comes down to the needs of your remote users as to which one will work best for your situation. ::: ***The members do project :*** | Fullname| IDstudent| | -------- | -------- | | Trương Diệu Đạt|19127359| |Trần Bảo Phú|19127508| |Nguyễn Trường Phước|19127520| |Huỳnh Huy Tấn| 19127272|