The IP security protocol, nore commonly known as IPsec, is a suite of protocols that provides security
at the network layer. IPsec is a rather complex animal--parts fo it are secribed in more than
a dozen RFCs.
Consider first what it means to provide network-layer confidentiality. The network layer would
porvide confidentiallity if all the data carried by all IP datagrams were encrypted. This meas that whenever a host
wants to send a datagram, it encrypts the data field of the datagram before shipping it out into the network. In principle,
the encryption could be done with symmetric key encryption, public key encryption, or with session keys that arenegotiated
using public key encryption. The data field could be a TCP segment, a UDP segment, anICMP message, and so on.
If such a network-layer service were in place, all data sent by hosts--including e-mail, Web pages, control messages, and
management messages--would be hidden from any thrid party that was wire tapping the network.
In addition to confidentiality, one might also want the network layer to also provide source authentication.
When a destination host receives an IP datagram with a particular IP source address, it authenticates the source by making
sure that the IP datagram was indeed generated by the host with that IP source address. Such a serciver prevents datagrams
with spoofed IP addresses from being authenticated.
In the IPsec protocol suite there are two principal protocols: the Authentication Header (AH) protocol
and the Encapsulation Security Payload (ESP) protocol. When a source host sends secure datagrams to
a destination host, it does so with either the AH protocol or the ESP protocol. The AH protocol provides source authentication
and data integrity but does not provide confiedntiality. The ESP protocol provides authentication, data integirty, and
confidentiality. Providing more services, the ESP protocol is naturally more complicated and requires more porcessing
than the AH protocol.
IN both the AH and the ESP protocols, before secured datagrams are sent from a source host to a destination host, the
source and network hosts handshake and create a network-layer logical connection. This logical channel is called a security
association (SA).
An SA is uniquely identified by a three-tuple consiting of:
- A security protocol (AH or ESP) identintifier.
- The source IP address for the simplex connection
- A 32-bit connection identifier called the Security Parameter Index (SPI).
Authentication Header (AH) Protocol
The AH protocol provides source host authentication and data integrity but not confiedntiality. When a particular
source host wants to send one or more datagrams to a particular destination, it first establishes an SA withthe destination.
After having established the SA, the source can send secure datagrams to the destination host. The secure datagrams
include the AH header, which is inserted between the original IP datagram data and the IP header.
The AH Header includes several fields:
- Next Header field, which has the role that the protocol field has for an ordinary datagram.
- Security Parameter Index (SPI) field, an arbitrary 32-bit value that, in combination with the destination IP
address and the security protocol, uniquely identifies the SA for the datagram.
- Sequence Number field, a 32-bit field containing a sequence number for each datagram.
- Authentication Data field, a variable-length field containing a signed message digest for this datagram.
When the destination host receives an IP datagram with an AH header, it determines the SA for the datagram and then authenticates
the datagram's integrity by processing the authentication data field.
The ESP Protocol
The ESP protocol provides network-layer confidentiality as well as source host authentication and data integrity.
It all begins with a source host establisheing an SA with a destination host. Then the source host can send secured
datagrams to the destination host. A secured datagram is created by surrounding the original IP datagram into the data
field of an IP datagram. For the protocol field in the header of the IP datagram, the value 50 is used to indicate that
the datagram includes an ESP header and trailer. When the destination host receives the IP datagram, it takes note of
the 50 in the protocol field and porcesses the datagram using the ESP protocol.
SA and Key Management
For successful deployment of IPsec, a scalable and automated SA and key management scheme is necessary. Several protocols
have been defined for these taskes.
- The Internet Key Exchange (IKE) algorithm is the default key management protocol for IPsec.
- The Internet Security Association and Key Managemetn Protocol (ISKMP) defines procedures for establishing
and tearing down SAs.