How is IP Security transmitted?
IP Security adds a new header in the IP datagram between the original header and the payload. In ESP, data are encrypted and a new datagram trailer is added. IP Datagram IP security has four main functionalities: • Security Associations(SA) • Authentication only(Authentication Header or AH) • Encryption and authentication known as Encapsulating Security Payload(ESP) • Key management • Security Association(SA) A key concept that appears in both the authentication and confidentiality mechanisms for IP is the SA. An association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. If a peer relation is needed for two way secure exchange, then two security associations are required. Security services are afforded to an SA for the use of AH or ESP, but not both. A security association is uniquely identified by three parameters: • Security Parameter Index(SPI): Bit string assigned to the SA with local meaning, it is Transmitted
