Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

IPSec Architecture

  • Difficulty Level : Easy
  • Last Updated : 04 Jan, 2022

IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture include protocols, algorithms, DOI, and Key Management. All these components are very important in order to provide the three main services: 

  • Confidentiality
  • Authentication
  • Integrity

IP Security Architecture: 


1. Architecture: 
Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology. 

2. ESP Protocol: 
ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways: 

  • ESP with optional Authentication.
  • ESP with Authentication.

Packet Format: 



  • Security Parameter Index(SPI): 
    This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server. 


  • Sequence Number: 
    Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly. 


  • Payload Data: 
    Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality. 


  • Padding: 
    Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message. 


  • Next Header: 
    Next header means the next payload or next actual data. 


  • Authentication Data 
    This field is optional in ESP protocol packet format. 

3. Encryption algorithm: 
Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload. 

4. AH Protocol: 
AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header is implemented in one way only: Authentication along with Integrity. 


Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity. 

5. Authentication Algorithm: 
Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP. 

6. DOI (Domain of Interpretation): 
DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other. 

7. Key Management: 
Key Management contains the document that describes how the keys are exchanged between sender and receiver.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!