Encryption and Security Protocols in a VPN [Explained]

The reason people use the services of a VPN is that privacy is very important, and keeping personal data from prying eyes is critical to this endeavor. However, understanding the different parts of how a VPN works – including the encryption and security protocols – is critical to making an informed decision about which VPN is a worthy investment. The goal is explaining what these processes are in simple terms, as not everyone understands the technical details, but everyone does require an understanding of what they are signing up for.

So, what is encryption? The answer is simple – encryption disguises your data so that a computer with the proper tools can unmask the data. Think of encrypting as a costume party, and only the host of the party knows who is wearing what costume. If someone else arrived at the party, they would not know who is under which costume because they lack the decoding system that only the host has.

Encryption requires a key, and this key tells the computer what processes to go through to encrypt or decrypt the data. This encryption works on small things like e-mail or larger things like masking your IP address as you connect with a VPN server. The reality is encryption is a big part of online security, and there are a couple types of encryption – symmetric-key encryption and public-key encryption.

Symmetric-key encryption is when the computers or the people using the system have the same key that will encrypt and decrypt the data.

Public-key encryption has what is called a public-private key pair. A computer will use the private key to encrypt the data, and the other computer uses the public key to decrypt the same data. This type of encryption can be a little more secure than the symmetric-key encryption for a variety of reasons.

Understanding these principles of encryption makes it easier to understand how a VPN works.

A VPN uses a process called tunneling, and your computer is at one end of the tunnel, and the server is at the other end. The VPN is the vehicle which takes you through the tunnel. The issue here is that for a VPN to work correctly, having a single pair of keys that applies and decodes encryption just is not sophisticated enough. There needs to be more involved with making sure that as you connect to the VPN, your IP address does not leak out of the tunnel. The way this works is with a process called Internet Protocol Security Protocol, better known as IPSec or its cousin generic routing encapsulation (GRE). The difference between these two is largely easy to follow.

The way GRE works is fairly straightforward. GRE is basically a road map for transporting packets of data between sender and receiver. In this case, what it does it manages how information goes between two different sources. The framework is all about the type of packet, or data, that is being sent and received along with the connection between the two.

IPSec is a little more complex, and it is used much more broadly. The way it works is data is encrypted on a variety of devices. This could be going router to router, desktop to router, router to firewall, or desktop to server. IPSec uses two things called sub-protocols, and these give the instructions to a VPN that enables the VPN to secure the packets. The two sub-protocols are:

  • Encapsulated Security Payload (ESP): This sub-protocol encrypts the data inside the packet, otherwise knowns as the payload, and included within it is a symmetric key.
  • Authentication Header (AH): Using the hashing operation within the packet header conceals information such as the sender’s identity until the packet arrives where it is supposed to go

On devices that are part of a network, IPSec can be used in two types of encryption styles. There is transport mode – this is when data traveling between devices is encrypted. Tunnel mode is when there is a tunnel created between the two networks. Of course, the VPN uses the IPSec in tunnel mode and this enables ESP and AH to work together and ultimately keep your information private and away from those who should not see it.

Now, there is another type of VPN called “remote access” VPN. This type of tunneling uses something called Point-to-Point Protocol (otherwise known as PPP). However, there are three different protocols that derive from PPP, and understanding them will help you understand exactly what your VPN is doing.

  • L2F (Layer 2 Forwarding) — This type of protocol comes from Cisco, they developed it and it is quite versatile and uses all of the authentications that have the support of PPP
  • PPTP (Point-to-point Tunneling Protocol) — Along with all of the different authentications PPP supports, this system uses 40-bit and 128-bit encryption to add an additional layer of security
  • L2TP (Layer 2 Tunneling Protocol) — This is the best of both worlds as it combines both L2F and PPTP along with the full support of IPSec; so versatile that it will even work with the VPNs going site-to-site.

The bottom line is in this article it is easy to see how technical everything is in the world of VPNs, encryption, and security protocol. These are complex topics if you are not someone who is well-versed in the nuance of computers, the internet, and security. There are a few interesting takeaways though.

One of the most interesting is that VPNs are so effective that these encryption methods have not done a whole lot of changing over time. This means that businesses are getting great value from VPNs and that using a good VPN means that a business is keeping its work properly private. While there have been a lot of different improvements in the technology that services VPNs, at the end of the day, when breaking it down, how a VPN keeps your IP address and other data secure is pretty simple. The simplicity of the system is its greatest selling point.