ESP, defined in RFC 2406, is used to provide confidentiality, data
origin authentication, connectionless integrity, an anti-replay service, and
limited traffic flow confidentiality by defeating traffic flow analysis. The
set of services provided depends on options selected at the time of security
association establishment and on the placement of the implementation.
Confidentiality may be selected independent of all other services. However, use
of confidentiality without integrity authentication, either in ESP or
separately in AH, may subject traffic to certain forms of active attacks that
could undermine the confidentiality service. ESP is defined as IP protocol
50.
Data origin authentication and connectionless integrity are joint
services and are offered as an option in conjunction with optional
confidentiality. The anti-replay service may be selected only if data origin
authentication is selected.
Its election is solely at the discretion of the receiver. Although the
default calls for the sender to increment the sequence number used for
anti-replay, the service is effective only if the receiver checks the sequence
number. Traffic flow confidentiality requires selection of tunnel mode. Traffic
flow confidentiality is most effective if implemented at a security gateway
where traffic aggregation may be able to mask true source-destination patterns.
Note that although both confidentiality and authentication are optional, at
least one of them must be selected.
ESP Packet Header Format is shown in
Figure
. One of the most
important values is the Security Parameters Index (SPI) that allows the router
to keep track to the current security association between two IPSec
devices.
Encryption is done with DES or 3DES. Optional authentication and
integrity are provided with HMAC, keyed SHA-1/RFC 2404, or keyed MD5/RFC 2403.
There are two different key types contained in the SA
:
- Encryption session keys
- HMAC session keys