IPSec Architecture

IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture include protocols, algorithms, DOI, and Key Management. All these components are very important in order to provide the three main services:

  • Confidentiality
  • Authentication
  • Integirity

IP Security Architecture:





1. Architecture:
Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology.

2. ESP Protocol:
ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways:



  • ESP with optional Authentication.
  • ESP with Authentication.

Packet Format:





  • Security Parameter Index(SPI):
    This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server.

  • Sequence Number:
    Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly.

  • Payload Data:
    Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality.

  • Padding:
    Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message.

  • Next Header:
    Next header means the next payload or next actual data.

  • Authentication Data
    This field is optional in ESP protocol packet format.



3. Encryption algorithm:
Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload.



4. AH Protocol:
AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header is implemented in one way only: Authentication along with Integrity.





Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity.

5. Authentication Algorithm:
Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP.

6. DOI (Domain of Interpretation):
DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other.

7. Key Management:
Key Management contains the document that describes how the keys are exchanged between sender and receiver.

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :
Practice Tags :


1


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.