Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Data Integrity - IPsec VPN Tutorial Guide

 

 

Data Integrity protects data from interception and modification. Data integrity ensures data has not been altered when in transmit.

In the case with VPN's, it is there to ensure data has not been intercepted and changed when traveling from one VPN gateway to another VPN gateway. A hashing mechanism is used to accomplish the integrity of data. As data integrity guarantees integrity of a message, even if one bit has been modified, the hash will not match. A one way hash of the data has to match exactly. If one bit is different, this means the message has been changed and the data integrity check will fail.

A one way hash simply takes a variable length string and data, and produces a fixed length hash value. The hash along with its data is then sent to the receiver. The receiver will compute the same hash function on the data to compare this to the sending hash result, and if they are the same, then the message will be accepted. We can safely say that the message has not been modified in transit.

Common hashing algorithms developed to ensure integrity of data are the SHA family of algorithms, the MD family of algorithms, Haval and Tiger.Two common hash algorithms VPN device uses for verifying integrity of data are hmac-md5 and hmac-sha, Hmac-sha being the strongest of the two.

Further Reading

Wikipedia's guide to Data Integrity