Overview#Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications that works by authenticating and encrypting each IP packet of a communication session.
Internet Protocol Security uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.
Internet Protocol Security is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers at the Transport Layer (TLS) and the Application Layer (SSH).
Internet Protocol Security protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.
The DNC Decryption Flow detects and decrypts selected communications tha t ar e encrypte d using IPsec the n reinjects the unencrypte d packets back into TURMOIL Stage 1. TURMOIL Stag e 1 applications process th e packets into sessions an d whe n appropriat e forwards the unencrypte d conten t to follow-on processing systems. The DNC eventing (PPF) components in TURMOIL detec t all IKE/ISAKMP and ESP packets an d querie s KEYCARD for each unique IKE exchang e session and each unique ESP session to determin e if the link should be selected for processing. Selection is base d on IP address. Decryption is attempte d if eithe r th e sourc e or the destination IP address is targete d for decryption in KEYCARD (the KEYCARD tasking action is labeled "TRANSFORM" so as not to us e the term "decrypt"). If KEYCARD return s a hit for an IKE packet, then the IKE packe t is sen t to LONGHAUL wher e is is used to recove r keys. If KEYCARD return s a hit for an ESP packet, a key request is sent to LONGHAUL. The IPsec Security Paramete r Index (SP1) correlate s IKE