Monday 9 March 2015

Understanding Authentication Header and Encapsulating Security Payload

Authentication Header:
AH (or Auhentication Header) is an IPSec protocol that provides:

- Data Integrity
- Data Origin Information (of IP Packets!)
- Ani-replay services (optional)

Although it does not provide any confidentiality (encryption).

The AH header is inserted between the IP header and any subsequent contents of the packet (e.g. TCP Header, Payload etc.) And can authenticate the sender and also verify the packet integrity!

Because it does not provide any confidentailtiy services, the encrpytion of packet data is performed by the ESP (Encapsulaing Security Payload) protocol and then wrapped using AH.

ESP (Encapsulaing Security Payload):
ESP provides all of the data confidentiality / encrpytion services for IPSec, as well as integrity and authnentication servics.

The ESP header is inserted into the packet between the IP header and the packet contents and is unable to authenticate the IP header - hence AH is used!


Post a Comment