session_09_vpn__ipsec__and_tls_101908

Mogollon 0108 20 rfc 4303 esp protocol provides the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: hentication (optional) Anti-replay Service (optional) Confidentiality (optional) Authentication Encryption Original IP Header ESP Header Payload Data ESP Trailer ESP ICV Security Parameters Index (SPI) Sequence Number Payload Data (variable) Padding (0 – 255 bytes) Pad Length Next Header Integrity Check Value –ICV (variable) 8 bits 8 bits 32 bits VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 20 • RFC 4303, “ESP Protocol,” provides the same security services that AH provides (data origin authentication, connectionless integrity, and anti-replay service); it also provides traffic flow confidentiality (encryption). The primary difference between the authentication provided by ESP and the authentication provided by AH is the extent of the coverage. Specifically, ESP does not protect any IP header fields unless those fields are encapsulated by ESP (tunnel mode). The set of services provided by ESP depends on options selected at the time that the security association is established and on the placement of the implementation. • The ESP handles encryption of IP at the packet level using symmetric key encryption. ESP is designed to use any number of encryption algorithms.. The mandatory-to-implement encryption algorithms are Triple DES-CBC, AES-CBC (128-Bit), and AES-CTR. Other algorithms, however, such as RC5, IDEA, Three-key triple IDEA, Cast, and Blowfish, could be used because the Domain of Interpretation (DOI) has assigned identifiers to them. • The ESP header is inserted between the IP header and the rest of the packet. • The SPI and Sequence number field provide the same functions as they do in the AH. • The TCP portion and Data (Payload), and ESP trailer are all encrypted. • ESP provides authentication in the same manner as the AH does. 20 VPN, IPSec and TLS AH and ESP Modes of Operation Tunnel Transport Server Client VPN Device VPN Device AH Inner IP Header Outer IP Header Tunnel Mode New IP Header ESP Header Original AH IP Header Outer IP Header...
View Full Document

Ask a homework question - tutors are online