Write notes on IP Sec (Security) architecture in brief?

The specification is quite complex, with groups:

  1. Architecture
    • RFC4301 Security Architecture for Internet Protocol
  2. Authentication Header (AH)
    • RFC4302 IP Authentication Header
  3. Encapsulating Security Payload (ESP)
    • RFC4303 IP Encapsulating Security Payload (ESP)
  4. Internet Key Exchange (IKE)
    • RFC4306 Internet Key Exchange (IKEv2) Protocol
  5. Cryptographic algorithm

IP Sec Services:

  1. Access control
  2. Connectionless integrity
  3. Data origin authentication
  4. Rejection of replayed packets
    • a form of partial sequence integrity
  5. Confidentiality (encryption)
  6. Limited traffic flow confidentiality

Transport and Tunnel Modes:

  1. Transport Mode
    • to encrypt & optionally authenticate IP data
    • can do traffic analysis but is efficient
    • good for ESP host to host traffic
  2. Tunnel Mode
    • encrypts entire IP packet
    • add new header for next hop
    • no routers on way can examine inner IP header
    • good for VPNs, gateway to gateway security


Security Associations: It’s a a one-way relationship between sender & receiver that affords security for traffic flow

  1. defined by 3 parameters:
    • Security Parameters Index (SPI)
    • IP Destination Address
    • Security Protocol Identifier
  2. has a number of other parameters
    • seq no, AH & EH info, lifetime etc
  3. have a database of Security Associations

Leave a Reply

Your email address will not be published. Required fields are marked *