The Protocols Behind IPSec
IPSec provides confidentiality, integrity, authenticity, and replay protection through two new protocols. These protocols are called Authentication Header (AH) and Encapsulated Security Payload (ESP).
You are watching: The alternative to encapsulating security protocol (esp) is
AH provides authentication, integrity, and replay protection (but not confidentiality). Its main difference with ESP is that AH also secures parts of the IP header of the packet (such as the source/destination addresses).
ESP provides authentication, integrity, replay protection, and confidentiality of the data (it secures everything in the packet that follows the header). Replay protection requires authentication and integrity. Confidentiality (encryption) is used with or without authentication/integrity. Similarly, authentication/integrity is possible with or without confidentiality.
The AH comes after the basic IP header and contains cryptographic hashes of the data and identification information. The hashes also cover the invariant parts of the IP header itself. There are several different RFCs giving a choice of actual algorithms to use in the AH, however they all must follow the guidelines specified in RFC2402.
The ESP header allows for the rewriting of the payload in encrypted form. The ESP header does not consider the fields of the IP header before it and makes no guarantees about anything except the payload. The various types of ESP applicable must follow RFC2406. An ESP header also provides authentication for the payload, but not the outer header.
An orthogonal (mostly) division of IPSec functionality is applied depending on whether the endpoint doing the IPSec encapsulation is the original source of the data or a gateway:
Transport mode is used by a host generating the packets. In transport mode, the security headers are added before the transport layer (e.g. TCP, UDP) headers, before the IP header is prepended to the packet. In other words an AH added to the packet covers the hashing of the TCP header and some fields of the end-to-end IP header, and an ESP header covers the encryption of the TCP header and the data, but not the end-to-end IP header. Tunnel mode is used when the end-to-end IP header is already attached to the packet, and one of the ends of the secure connection is only a gateway. In this mode, the AH and ESP headers are used to cover the entire packet including the end-to-end header, and a new IP header is prepended to the packet that covers just the hop to the other end of the secure connection.
IPSec secured links are defined in terms of Security Associations (SAs). Each SA is defined for a single unidirectional flow of data, and usually from one single point to another, covering traffic distinguishable by some unique selector. All traffic flowing over a single SA is treated the same. Some traffic may be subject to several SAs, each of which applies some transform. Groups of SAs are called an SA Bundle. Incoming packets can be assigned to a particular SA by the three defining fields, (Destination IP address, Security Parameter Index, security protocol). SPI is considered a cookie handed out by the receiver of the SA when the parameters of the connection are negotiated. The security protocol must be either AH or ESP. Since the IP address of the receiver is part of the triple, this is a guaranteed unique value. They are found from the outer IP header and the first security header (which contains the SPI and the security protocol).
An example of a tunnel mode AH packet:
An example of a transport mode AH packet:
Because an ESP header cannot authenticate the outer IP header, it is useful to combine an AH and an ESP header to get this:
This is called Transport Adjacency. The tunneling version looks like:
However, it is not specifically mentioned in the RFC. As with transport adjacency, this authenticates the entire packet except a few headers in the IP header and also encrypts the payload.
Return to Top