If IPSec provides security at the network layer, why is it that security mechanisms are still needed at layers above IP?

Question:

If IPSec provides security at the network layer, why is it that security mechanisms are still needed at layers above IP?

Solution Preview:

Internet Protocol Security (IPsec):

It is a protocol suite which is for security of the Internet Protocol communications. In which, each and every packet of the IP are authenticated and encrypted during that particular communication. It also includes rules for mutual authentication between the two communicating parties at the start of the session. In which cryptographic keys are being used for that particular session.

It is an end to end scheme which operates at the Internet layer of the IP Layer Suite

  1. a pair of hosts (host-to-host)
  2. Between a pair of security gateways (network-to-network)
  3. Between a security gateway and a host (network-to-host).

Some other secure systems at the higher level of the TCP/IP are:

  1. Secure Sockets Layer (SSL)
  2. Transport Layer Security (TLS)
  3. Secure Shell (SSH)

IPsec protects any application traffic across an IP network from any layer protocol above it, but if the layer is using the protocol other than IP then IPsec is useless.

Suppose transport layer protocol uses UDP or RDP then the IPsec will not work, as the data is not going over the IP layer hence it is not secure hence security at the higher layer is required. For this purpose the SSL (secure Socket Layer) is developed in order to secure the Transport layer and its protocol as the security provided by the IPsec do not work for these protocol except IP.

Application Layer also uses IP packets for most of the security purposes but since applications also use other protocols for communication the IPsec security do not fulfil all security concerns arising in the Application layer hence the alternatives needed to be used.

Due to the some of the following short comings IPsec is not used for higher layer securities:

  1. Security on the gateway is essential if the IPsec have to function as it is designed.
  2. It cannot provide the end-to-end security when working at the layers above. It encrypts the connection between the two communicating parties but do not encrypt the messages exchanged between the two parties.
  3. Analysis of the packets at the IPsec can occur only for the unencrypted packets hence the layer will not be secure if the packet analysis have to be done.

What We Offer:
• On-time delivery guarantee
• PhD-level professionals
• Automatic plagiarism check
• 100% money-back guarantee
• 100% Privacy and Confidentiality
• High Quality custom-written papers