No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Encryption Algorithm

Encryption Algorithm

Encryption is a process in which plain-text data is transformed into unreadable cipher text. The responder can decrypt the data only by using the correct key. In this way, encryption ensures the data confidentiality.

There are two types of encryption in IPsec VPN, data encryption (IP packet encryption) and protocol message encryption (ISAKMP message encryption).

Data Encryption

ESP can encapsulate content of IP packets to protect them during transmission. IPsec uses symmetric encryption algorithms to encrypt and decrypt data. When a symmetric encryption algorithm is used, the initiator and responder use the same key to encrypt and decrypt the data.

Figure 13-20 shows the data encryption and decryption procedures by symmetric encryption algorithms.
Figure 13-20 Encryption and decryption procedures

The symmetric key can be manually configured, or generated through the DH algorithm and shared by both devices. For details on the keys generated through the DH algorithm and the functions of the keys, see IKEv1 Phase-1 Negotiation.

IPsec uses the following encryption algorithms:

  • Data Encryption Standard (DES): uses a 64-bit key to encrypt a 64-bit IP packet in plaintext.

  • Triple Data Encryption Standard (3DES): uses three 64-bit keys (in effect, a 192-bit key) to encrypt an IP packet in plaintext.

  • Advanced Encryption Standard Cipher Block Chaining 128 (AES-CBC-128): uses 128-bit AES-CBC encryption algorithm to encrypt IP packets.

  • Advanced Encryption Standard Cipher Block Chaining 192 (AES-CBC-192): uses 192-bit AES-CBC encryption algorithm to encrypt IP packets.

  • Advanced Encryption Standard Cipher Block Chaining 256 (AES-CBC-256): uses 256-bit AES-CBC encryption algorithm to encrypt IP packets.

  • SM4: uses 128-bit key to encrypt IP packets.

3DES encrypts protocol packets more slowly than DES, but provides a more secure service. AES is more secure than 3DES.

Protocol Message Encryption

Protocol message encryption is used in IKE negotiation. Protocol message encryption also uses DES, 3DES, and AES. The symmetric key used for encryption is generated through the DH algorithm. For details on the keys generated through the DH algorithm and the functions of the keys, see IKEv1 Phase-1 Negotiation.
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12909

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next