Authentication Header
   HOME

TheInfoList



OR:

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, Internet Protocol Security (IPsec) is a secure network
protocol suite The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...
that authenticates and
encrypts In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
packets of data to provide secure encrypted communication between two computers over an
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...
network. It is used in virtual private networks (VPNs). IPsec includes protocols for establishing
mutual authentication Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some pro ...
between agents at the beginning of a session and negotiation of
cryptographic key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
s to use during the session. IPsec can protect data flows between a pair of hosts (''host-to-host''), between a pair of security gateways (''network-to-network''), or between a security gateway and a host (''network-to-host''). IPsec uses cryptographic security services to protect communications over
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...
(IP) networks. It supports network-level peer authentication,
data origin authentication In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit ( data integrity) and that the receiving party can verify the source of the message. Message authent ...
,
data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
, data confidentiality (
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
), and replay protection (protection from
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
s). The initial
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a
layer 3 In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers. Functions The network layer provides the means of transf ...
OSI model The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of SOstandards development for the purpose of systems interconnection'. In the OSI reference model, the communications ...
or
internet layer The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destinat ...
end-to-end security scheme. In contrast, while some other Internet security systems in widespread use operate above the
network layer In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers. Functions The network layer provides the means of trans ...
, such as
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in secu ...
(TLS) that operates above the
transport layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...
and
Secure Shell The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based ...
(SSH) that operates at the
application layer An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network. An ''application layer'' abstraction is specified in both the Internet Protocol ...
, IPsec can automatically secure applications at the
internet layer The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destinat ...
.


History

Starting in the early 1970s, the
Advanced Research Projects Agency The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...
sponsored a series of experimental
ARPANET encryption devices The ARPANET pioneered the creation of novel encryption devices for packet networks in the 1970s and 1980s, and as such were ancestors to today's IPsec architecture, and High Assurance Internet Protocol Encryptor (HAIPE) devices more specifical ...
, at first for native
ARPANET The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite. Both technologies became the technical foun ...
packet encryption and subsequently for
TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
packet encryption; some of these were certified and fielded. From 1986 to 1991, the
NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
sponsored the development of security protocols for the Internet under its Secure Data Network Systems (SDNS) program. This brought together various vendors including
Motorola Motorola, Inc. () was an American multinational telecommunications company based in Schaumburg, Illinois, United States. After having lost $4.3 billion from 2007 to 2009, the company split into two independent public companies, Motorola ...
who produced a network encryption device in 1988. The work was openly published from about 1988 by
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sc ...
and, of these, ''Security Protocol at Layer 3'' (SP3) would eventually morph into the ISO standard Network Layer Security Protocol (NLSP). From 1992 to 1995, various groups conducted research into IP-layer encryption. *1. In 1992, the US
Naval Research Laboratory The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
(NRL) began the
Simple Internet Protocol Plus Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. ...
(SIPP) project to research and implement IP encryption. *2. In 1993, at
Columbia University Columbia University (also known as Columbia, and officially as Columbia University in the City of New York) is a private research university in New York City. Established in 1754 as King's College on the grounds of Trinity Church in Manha ...
and
AT&T Bell Labs Nokia Bell Labs, originally named Bell Telephone Laboratories (1925–1984), then AT&T Bell Laboratories (1984–1996) and Bell Labs Innovations (1996–2007), is an American industrial research and scientific development company owned by mul ...
, John Ioannidis and others researched the software experimental Software IP Encryption Protocol (swIPe) on
SunOS SunOS is a Unix-branded operating system developed by Sun Microsystems for their workstation and server computer systems. The ''SunOS'' name is usually only used to refer to versions 1.0 to 4.1.4, which were based on BSD, while versions 5.0 ...
. *3. In 1993, Sponsored by Whitehouse internet service project, Wei Xu at
Trusted Information Systems Trusted Information Systems (TIS) was a computer security research and development company during the 1980s and 1990s, performing computer and communications (information) security research for organizations such as NSA, DARPA, ARL, AFRL, SPAW ...
(TIS) further researched the Software IP Security Protocols and developed the hardware support for the
Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Stand ...
, which was coded in the
BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Be ...
4.1 kernel and supported both x86 and SUNOS architectures. By December 1994, TIS released their
DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...
-sponsored
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
Gauntlet Firewall product with the integrated 3DES hardware encryption at over T1 speeds. It was the first-time using IPSec VPN connections between the east and west coast of the States, known as the first commercial IPSec VPN product. *4. Under NRL's
DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...
-funded research effort, NRL developed the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
standards-track specifications (RFC 1825 through RFC 1827) for IPsec, which was coded in the BSD 4.4 kernel and supported both x86 and
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
CPU architectures. NRL's IPsec implementation was described in their paper in the 1996
USENIX Conference The USENIX Annual Technical Conference (USENIX ATC, or, canonically, USENIX) is a conference of computing professions sponsored by the USENIX association. The conference includes computing tutorials, and a single track technical session for presen ...
Proceedings. NRL's open-source IPsec implementation was made available online by
MIT The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the ...
and became the basis for most initial commercial implementations. The
Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
(IETF) formed the IP Security Working Group in 1992 to standardize openly specified security extensions to IP, called ''IPsec''. In 1995, the working group organized a few of the workshops with members from the five companies (TIS,
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...
, FTP, Checkpoint, etc.). During the IPSec workshops, the NRL's standards and Cisco and TIS' software are standardized as the public references, published as RFC-1825 through RFC-1827.


Security architecture

The IPsec is an
open standard An open standard is a standard that is openly accessible and usable by anyone. It is also a prerequisite to use open license, non-discrimination and extensibility. Typically, anybody can participate in the development. There is no single definitio ...
as a part of the IPv4 suite. IPsec uses the following
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
s to perform various functions: * Authentication Headers (AH) provides connectionless
data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
and
data origin authentication In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit ( data integrity) and that the receiving party can verify the source of the message. Message authent ...
for IP
datagrams A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The deliv ...
and provides protection against
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
s. * Encapsulating Security Payloads (ESP) provides
confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
, connectionless data integrity, data origin
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...
, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality. *
Internet Security Association and Key Management Protocol Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing Security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication an ...
(ISAKMP) provides a framework for authentication and key exchange,The
Internet Key Exchange In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exc ...
(IKE), RFC 2409, §1 Abstract
with actual authenticated keying material provided either by manual configuration with
pre-shared key In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Key To build a key from shared secret, the key derivation function is typically u ...
s,
Internet Key Exchange In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exc ...
(IKE and IKEv2),
Kerberized Internet Negotiation of Keys Kerberized Internet Negotiation of Keys (KINK) is a protocol defined in RFC 4430 used to set up an IPsec security association (SA), similar to Internet Key Exchange (IKE), utilizing the Kerberos protocol to allow trusted third parties to handle aut ...
(KINK), or IPSECKEY
DNS records The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
. The purpose is to generate the security associations (SA) with the bundle of algorithms and parameters necessary for AH and/or ESP operations.


Authentication Header

The Security Authentication Header (AH) was developed at the
US Naval Research Laboratory The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
in the early 1990s and is derived in part from previous IETF standards' work for authentication of the
Simple Network Management Protocol Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...
(SNMP) version 2. Authentication Header (AH) is a member of the IPsec protocol suite. AH ensures connectionless
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...
by using a
hash function A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually ...
and a secret shared key in the AH algorithm. AH also guarantees the data origin by
authenticating Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
IP
packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a form ...
s. Optionally a sequence number can protect the IPsec packet's contents against
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
s, using the
sliding window A sliding window protocol is a feature of packet-based data transmission protocols. Sliding window protocols are used where reliable in-order delivery of packets is required, such as in the data link layer ( OSI layer 2) as well as in the Tran ...
technique and discarding old packets. * In
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
, AH prevents option-insertion attacks. In
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
, AH protects both against header insertion attacks and option insertion attacks. * In
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
, the AH protects the IP payload and all header fields of an
IP datagram A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The deliv ...
except for mutable fields (i.e. those that might be altered in transit), and also IP options such as the IP Security Option (RFC 1108). Mutable (and therefore unauthenticated) IPv4 header fields are DSCP/ ToS, ECN, Flags, Fragment
Offset Offset or Off-Set may refer to: Arts, entertainment, and media * "Off-Set", a song by T.I. and Young Thug from the '' Furious 7: Original Motion Picture Soundtrack'' * ''Offset'' (EP), a 2018 EP by singer Kim Chung-ha * ''Offset'' (film), a 200 ...
, TTL and
Header Checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
. * In
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
, the AH protects most of the IPv6 base header, AH itself, non-mutable extension headers after the AH, and the IP payload. Protection for the IPv6 header excludes the mutable fields: DSCP, ECN, Flow Label, and Hop Limit. AH operates directly on top of IP, using IP protocol number 51. The following AH packet diagram shows how an AH packet is constructed and interpreted: ; ''Next Header'' (8 bits) : Type of the next header, indicating what upper-layer protocol was protected. The value is taken from the
list of IP protocol numbers This is a list of the IP protocol numbers found in the field ''Protocol'' of the IPv4 header and the ''Next Header'' field of the IPv6 header. It is an identifier for the encapsulated protocol and determines the layout of the data that immediatel ...
. ; ''Payload Len'' (8 bits) : The length of this ''Authentication Header'' in 4-octet units, minus 2. For example, an AH value of 4 equals 3×(32-bit fixed-length AH fields) + 3×(32-bit ICV fields) − 2 and thus an AH value of 4 means 24 octets. Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This restriction does not apply to an ''Authentication Header'' carried in an IPv4 packet. ; ''Reserved'' (16 bits) : Reserved for future use (all zeroes until then). ; ''Security Parameters Index'' (32 bits) : Arbitrary value which is used (together with the destination IP address) to identify the
security association A security association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parame ...
of the receiving party. ; ''Sequence Number'' (32 bits) : A
monotonic In mathematics, a monotonic function (or monotone function) is a function between ordered sets that preserves or reverses the given order. This concept first arose in calculus, and was later generalized to the more abstract setting of ord ...
strictly increasing sequence number (incremented by 1 for every packet sent) to prevent
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
s. When replay detection is enabled, sequence numbers are never reused, because a new security association must be renegotiated before an attempt to increment the sequence number beyond its maximum value. ; ''Integrity Check Value'' (multiple of 32 bits) : Variable length check value. It may contain padding to align the field to an 8-octet boundary for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
, or a 4-octet boundary for
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
.


Encapsulating Security Payload

The IP Encapsulating Security Payload (ESP) was developed at the
Naval Research Laboratory The United States Naval Research Laboratory (NRL) is the corporate research laboratory for the United States Navy and the United States Marine Corps. It was founded in 1923 and conducts basic scientific research, applied research, technological ...
starting in 1992 as part of a
DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...
-sponsored research project, and was openly published by
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
SIPP Working Group drafted in December 1993 as a security extension for SIPP. This ESP was originally derived from the US Department of Defense SP3D protocol, rather than being derived from the ISO Network-Layer Security Protocol (NLSP). The SP3D protocol specification was published by
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sc ...
in the late 1980s, but designed by the Secure Data Network System project of the
US Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national sec ...
. Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin
authenticity Authenticity or authentic may refer to: * Authentication, the act of confirming the truth of an attribute Arts and entertainment * Authenticity in art, ways in which a work of art or an artistic performance may be considered authentic Music * ...
through source
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...
,
data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
through hash functions and
confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
through
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
protection for IP
packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a form ...
s. ESP also supports
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
-only and
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...
-only configurations, but using encryption without authentication is strongly discouraged because it is insecure. Unlike Authentication Header (AH), ESP in transport mode does not provide integrity and authentication for the entire IP packet. However, in tunnel mode, where the entire original IP packet is encapsulated with a new packet header added, ESP protection is afforded to the whole inner IP packet (including the inner header) while the outer header (including any outer IPv4 options or IPv6 extension headers) remains unprotected. ESP operates directly on top of IP, using IP protocol number 50. The following ESP packet diagram shows how an ESP packet is constructed and interpreted: ; ''Security Parameters Index'' (32 bits) : Arbitrary value used (together with the destination IP address) to identify the
security association A security association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parame ...
of the receiving party. ; ''Sequence Number'' (32 bits) : A
monotonic In mathematics, a monotonic function (or monotone function) is a function between ordered sets that preserves or reverses the given order. This concept first arose in calculus, and was later generalized to the more abstract setting of ord ...
ally increasing sequence number (incremented by 1 for every packet sent) to protect against
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
s. There is a separate counter kept for every security association. ; ''Payload data'' (variable) : The protected contents of the original IP packet, including any data used to protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the ''Next Header'' field. ; ''Padding'' (0-255 octets) : Padding for encryption, to extend the payload data to a size that fits the encryption's
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
block size, and to align the next field. ; ''Pad Length'' (8 bits) : Size of the padding (in octets). ; ''Next Header'' (8 bits) : Type of the next header. The value is taken from the
list of IP protocol numbers This is a list of the IP protocol numbers found in the field ''Protocol'' of the IPv4 header and the ''Next Header'' field of the IPv6 header. It is an identifier for the encapsulated protocol and determines the layout of the data that immediatel ...
. ; ''Integrity Check Value'' (multiple of 32 bits) : Variable length check value. It may contain padding to align the field to an 8-octet boundary for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
, or a 4-octet boundary for
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
.


Security association

The IPsec protocols use a
security association A security association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parame ...
, where the communicating parties establish shared security attributes such as
algorithms In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
and keys. As such, IPsec provides a range of options once it has been determined whether AH or ESP is used. Before exchanging data, the two hosts agree on which symmetric encryption algorithm is used to encrypt the IP packet, for example
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
or
ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Cha ...
, and which hash function is used to ensure the integrity of the data, such as
BLAKE2 BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in th ...
or
SHA256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
. These parameters are agreed for the particular session, for which a lifetime must be agreed and a
session key A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used for e ...
. The algorithm for authentication is also agreed before the data transfer takes place and IPsec supports a range of methods. Authentication is possible through
pre-shared key In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Key To build a key from shared secret, the key derivation function is typically u ...
, where a
symmetric key Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...
is already in the possession of both hosts, and the hosts send each other hashes of the shared key to prove that they are in possession of the same key. IPsec also supports
public key encryption Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
, where each host has a public and a private key, they exchange their public keys and each host sends the other a
nonce Nonce may refer to: * Cryptographic nonce, a number or bit string used only once, in security engineering * Nonce word, a word used to meet a need that is not expected to recur * The Nonce, American rap duo * Nonce orders, an architectural term ...
encrypted with the other host's public key. Alternatively if both hosts hold a
public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...
from a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Th ...
, this can be used for IPsec authentication. The security associations of IPsec are established using the
Internet Security Association and Key Management Protocol Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing Security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication an ...
(ISAKMP). ISAKMP is implemented by manual configuration with pre-shared secrets,
Internet Key Exchange In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exc ...
(IKE and IKEv2),
Kerberized Internet Negotiation of Keys Kerberized Internet Negotiation of Keys (KINK) is a protocol defined in RFC 4430 used to set up an IPsec security association (SA), similar to Internet Key Exchange (IKE), utilizing the Kerberos protocol to allow trusted third parties to handle aut ...
(KINK), and the use of IPSECKEY
DNS records The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
. RFC 5386 defines Better-Than-Nothing Security (BTNS) as an unauthenticated mode of IPsec using an extended IKE protocol. C. Meadows, C. Cremers, and others have used
formal methods In computer science, formal methods are mathematically rigorous techniques for the specification, development, and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the exp ...
to identify various anomalies which exist in IKEv1 and also in IKEv2. In order to decide what protection is to be provided for an outgoing packet, IPsec uses the
Security Parameter Index The Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be i ...
(SPI), an index to the security association database (SADB), along with the destination address in a packet header, which together uniquely identifies a security association for that packet. A similar procedure is performed for an incoming packet, where IPsec gathers decryption and verification keys from the security association database. For
IP multicast IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses speci ...
a security association is provided for the group, and is duplicated across all authorized receivers of the group. There may be more than one security association for a group, using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed, each sender can have multiple security associations, allowing authentication, since a receiver can only know that someone knowing the keys sent the data. Note that the relevant standard does not describe how the association is chosen and duplicated across the group; it is assumed that a responsible party will have made the choice.


Modes of operation

The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.


Transport mode

In transport mode, only the payload of the IP packet is usually
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be modified by network address translation, as this always invalidates the
hash value A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually ...
. The
transport Transport (in British English), or transportation (in American English), is the intentional movement of humans, animals, and goods from one location to another. Modes of transport include air, land ( rail and road), water, cable, pipel ...
and application layers are always secured by a hash, so they cannot be modified in any way, for example by
translating Translation is the communication of the meaning of a source-language text by means of an equivalent target-language text. The English language draws a terminological distinction (which does not exist in every language) between ''transla ...
the
port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as ...
numbers. A means to encapsulate IPsec messages for
NAT traversal Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT). NAT traversal techniques are required for m ...
has been defined by RFC documents describing the
NAT-T Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT). NAT traversal techniques are required for m ...
mechanism.


Tunnel mode

In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat). Tunnel mode supports NAT traversal.


Algorithms


Symmetric encryption algorithms

Cryptographic algorithms defined for use with IPsec include: *
HMAC In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secre ...
-
SHA1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...
/
SHA2 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
for integrity protection and authenticity. * TripleDES- CBC for confidentiality * AES- CBC and AES-CTR for confidentiality. *
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
- GCM and
ChaCha20-Poly1305 ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast ...
providing confidentiality and authentication together efficiently. Refer to RFC 8221 for details.


Key exchange algorithms

* Diffie–Hellman (RFC 3526) * ECDH (RFC 4753)


Authentication algorithms

*
RSA RSA may refer to: Organizations Academia and education * Rabbinical Seminary of America, a yeshiva in New York City *Regional Science Association International (formerly the Regional Science Association), a US-based learned society *Renaissance S ...
*
ECDSA In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the b ...
(RFC 4754) * PSK (RFC 6617)


Implementations

The IPsec can be implemented in the IP stack of an
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
. This method of implementation is done for hosts and security gateways. Various IPsec capable IP stacks are available from companies, such as HP or IBM. An alternative is so called bump-in-the-stack (BITS) implementation, where the operating system source code does not have to be modified. Here IPsec is installed between the IP stack and the network drivers. This way operating systems can be retrofitted with IPsec. This method of implementation is also used for both hosts and gateways. However, when retrofitting IPsec the encapsulation of IP packets may cause problems for the automatic
path MTU discovery Path MTU Discovery (PMTUD) is a standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentati ...
, where the
maximum transmission unit In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. The MTU relates to, but is not identical to the maximum frame size th ...
(MTU) size on the network path between two IP hosts is established. If a host or gateway has a separate
cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike crypt ...
, which is common in the military and can also be found in commercial systems, a so-called
bump-in-the-wire Bump-in-the-wire (BITW) is a class of communications devices which can be inserted into existing (legacy) systems to enhance the integrity, confidentiality, or reliability of communications across an existing logical link without altering the comm ...
(BITW) implementation of IPsec is possible. When IPsec is implemented in the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine lea ...
, the key management and
ISAKMP Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing Security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication an ...
/
IKE Ike or IKE may refer to: People * Ike (given name), a list of people with the name or nickname * Dwight D. Eisenhower (1890–1969), Supreme Commander of the Allied forces in Europe during World War II and President of the United States Surname ...
negotiation is carried out from user space. The NRL-developed and openly specified "PF_KEY Key Management API, Version 2" is often used to enable the application-space key management application to update the IPsec security associations stored within the kernel-space IPsec implementation.RFC 2367, ''PF_KEYv2 Key Management API'', Dan McDonald, Bao Phan, & Craig Metz (July 1998) Existing IPsec implementations usually include ESP, AH, and IKE version 2. Existing IPsec implementations on
Unix-like operating system A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-lik ...
s, for example, Solaris or
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
, usually include PF_KEY version 2.
Embedded Embedded or embedding (alternatively imbedded or imbedding) may refer to: Science * Embedding, in mathematics, one instance of some mathematical object contained within another instance ** Graph embedding * Embedded generation, a distributed ge ...
IPsec can be used to ensure the secure communication among applications running over constrained resource systems with a small overhead.


Standards status

IPsec was developed in conjunction with
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
and was originally required to be supported by all standards-compliant implementations of
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. I ...
before RFC 6434 made it only a recommendation.RFC 6434, "IPv6 Node Requirements", E. Jankiewicz, J. Loughney, T. Narten (December 2011) IPsec is also optional for
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
implementations. IPsec is most commonly used to secure IPv4 traffic. IPsec protocols were originally defined in RFC 1825 through RFC 1829, which were published in 1995. In 1998, these documents were superseded by RFC 2401 and RFC 2412 with a few incompatible engineering details, although they were conceptually identical. In addition, a mutual authentication and key exchange protocol
Internet Key Exchange In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exc ...
(IKE) was defined to create and manage security associations. In December 2005, new standards were defined in RFC 4301 and RFC 4309 which are largely a superset of the previous editions with a second version of the Internet Key Exchange standard
IKEv2 In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exchan ...
. These third-generation documents standardized the abbreviation of IPsec to uppercase “IP” and lowercase “sec”. “ESP” generally refers to RFC 4303, which is the most recent version of the specification. Since mid-2008, an IPsec Maintenance and Extensions (ipsecme) working group is active at the IETF.


Alleged NSA interference

In 2013, as part of Snowden leaks, it was revealed that the US
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
had been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the
Bullrun Bull Run or Bullrun may refer to: Military * First Battle of Bull Run (First Manassas), 1861, the first major battle of the American Civil War * Second Battle of Bull Run (Second Manassas), 1862, a later battle also at Bull Run * Operation Bull ...
program. There are allegations that IPsec was a targeted encryption system. The OpenBSD IPsec stack came later on and also was widely copied. In a letter which
OpenBSD OpenBSD is a security-focused operating system, security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking N ...
lead developer
Theo de Raadt Theo de Raadt (; ; born May 19, 1968) is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt wo ...
received on 11 Dec 2010 from Gregory Perry, it is alleged that Jason Wright and others, working for the FBI, inserted "a number of
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so titl ...
s and
side channel In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorit ...
key leaking mechanisms" into the OpenBSD crypto code. In the forwarded email from 2010, Theo de Raadt did not at first express an official position on the validity of the claims, apart from the implicit endorsement from forwarding the email. Jason Wright's response to the allegations: "Every urban legend is made more real by the inclusion of real names, dates, and times. Gregory Perry's email falls into this category. … I will state clearly that I did not add backdoors to the OpenBSD operating system or the
OpenBSD Cryptographic Framework The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD ...
(OCF)." Some days later, de Raadt commented that "I believe that NETSEC was probably contracted to write backdoors as alleged. … If those were written, I don't believe they made it into our tree." This was published before the Snowden leaks. An alternative explanation put forward by the authors of the Logjam attack suggests that the NSA compromised IPsec VPNs by undermining the Diffie-Hellman algorithm used in the key exchange. In their paper, they allege the NSA specially built a computing cluster to precompute multiplicative subgroups for specific primes and generators, such as for the second Oakley group defined in RFC 2409. As of May 2015, 90% of addressable IPsec VPNs supported the second Oakley group as part of IKE. If an organization were to precompute this group, they could derive the keys being exchanged and decrypt traffic without inserting any software backdoors. A second alternative explanation that was put forward was that the
Equation Group The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs des ...
used zero-day exploits against several manufacturers' VPN equipment which were validated by
Kaspersky Lab Kaspersky Lab (; Russian language, Russian: Лаборатория Касперского, Romanization of Russian, tr. ''Laboratoriya Kasperskogo'') is a Russian Multinational corporation, multinational cybersecurity and anti-virus provider head ...
as being tied to the Equation Group and validated by those manufacturers as being real exploits, some of which were zero-day exploits at the time of their exposure. The Cisco PIX and ASA firewalls had vulnerabilities that were used for wiretapping by the NSA. Furthermore, IPsec VPNs using "Aggressive Mode" settings send a hash of the PSK in the clear. This can be and apparently is targeted by the NSA using offline
dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands o ...
s.


IETF documentation


Standards track

* : The ESP DES-CBC Transform * : The Use of HMAC-MD5-96 within ESP and AH * : The Use of HMAC-SHA-1-96 within ESP and AH * : The ESP DES-CBC Cipher Algorithm With Explicit IV * : The NULL Encryption Algorithm and Its Use With IPsec * : The ESP CBC-Mode Cipher Algorithms * : The Use of HMAC-RIPEMD-160-96 within ESP and AH * : More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) * : The
AES-CBC In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transforma ...
Cipher Algorithm and Its Use with IPsec * : Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) * : Negotiation of NAT-Traversal in the IKE * : UDP Encapsulation of IPsec ESP Packets * : The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) * : Security Architecture for the Internet Protocol * : IP Authentication Header * : IP Encapsulating Security Payload * : Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP) * : Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (
IKEv2 In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exchan ...
) * : Cryptographic Suites for IPsec * : Using
Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
(AES)
CCM mode CCM mode (counter with cipher block chaining message authentication code; counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and con ...
with IPsec Encapsulating Security Payload (ESP) * : The Use of
Galois Message Authentication Code In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achie ...
(GMAC) in IPsec ESP and AH * : IKEv2 Mobility and Multihoming Protocol (MOBIKE) * : Online Certificate Status Protocol (OCSP) Extensions to IKEv2 * : Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec * : The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX * : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile * : Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol * : Better-Than-Nothing Security: An Unauthenticated Mode of IPsec * : Modes of Operation for
Camellia ''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in eastern and southern Asia, from the Himalayas east to Japan and Indonesia. There are more than 220 described species, with some controvers ...
for Use with IPsec * : Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2) * : Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption * : IKEv2 Extensions to Support Robust Header Compression over IPsec * : IPsec Extensions to Support Robust Header Compression over IPsec * : Internet Key Exchange Protocol Version 2 (IKEv2) * : Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) * : Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation * : Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) * : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec


Experimental RFCs

* : Repeated Authentication in Internet Key Exchange (IKEv2) Protocol


Informational RFCs

* : PF_KEY Interface * : The OAKLEY Key Determination Protocol * : A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers * : IPsec-Network Address Translation (NAT) Compatibility Requirements * : Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol * : Requirements for an IPsec Certificate Management Profile * : Problem and Applicability Statement for Better-Than-Nothing Security (BTNS) * : Integration of Robust Header Compression over IPsec Security Associations * : Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol * : IPsec Cluster Problem Statement * : IPsec and IKE Document Roadmap * : Suite B Cryptographic Suites for IPsec * : Suite B Profile for Internet Protocol Security (IPsec) * : Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)


Best current practice RFCs

* : Guidelines for Specifying the Use of IPsec Version 2


Obsolete/historic RFCs

* : Security Architecture for the Internet Protocol (obsoleted by RFC 2401) * : IP Authentication Header (obsoleted by RFC 2402) * : IP Encapsulating Security Payload (ESP) (obsoleted by RFC 2406) * : IP Authentication using Keyed MD5 (historic) * : Security Architecture for the Internet Protocol (IPsec overview) (obsoleted by RFC 4301) * : IP Encapsulating Security Payload (ESP) (obsoleted by RFC 4303 and RFC 4305) * : The Internet IP Security Domain of Interpretation for ISAKMP (obsoleted by RFC 4306) * : The Internet Key Exchange (obsoleted by RFC 4306) * : Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 4835) * : Internet Key Exchange (IKEv2) Protocol (obsoleted by RFC 5996) * : IKEv2 Clarifications and Implementation Guidelines (obsoleted by RFC 7296) * : Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 7321) * : Internet Key Exchange Protocol Version 2 (IKEv2) (obsoleted by RFC 7296)


See also

* Dynamic Multipoint Virtual Private Network *
Information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...
*
NAT traversal Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT). NAT traversal techniques are required for m ...
*
Opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
*
tcpcrypt In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS (SSL), tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andre ...


References


External links

*
All IETF active security WGs
*
IETF ipsecme WG
("IP Security Maintenance and Extensions" Working Group) *

("Better-Than-Nothing Security" Working Group) (chartered to work on unauthenticated IPsec, IPsec APIs, connection latching)]
Securing Data in Transit with IPsec
WindowsSecurity.com article by Deb Shinder
IPsec
on Microsoft TechNet *
Microsoft IPsec Diagnostic Tool
on Microsoft Download Center

by Steve Friedl
Security Architecture for IP (IPsec)
Data Communication Lectures by Manfred Lindner Part IPsec
Creating VPNs with IPsec and SSL/TLS
Linux Journal article by Rami Rosen {{DEFAULTSORT:Ipsec IPsec, Cryptographic protocols Internet protocols Network layer protocols Tunneling protocols