IPsec Concepts 239
The preceding sections of this chapter covered some basic principles of security and
cryptography; the following sections introduce concepts speciﬁc to IPsec. These are
• Transform Sets
• Security Associations
• Transport and Tunnel Modes
• Authentication Header (AH) and Encapsulating Security Payload (ESP)
A peer of an IPsec device is another device participating in IPsec. A peer can be a router, a
ﬁrewall, a server, or a remote access device such as a PC with IPsec support. Peering
between two IPsec devices is typically a point-to-point relationship. Going back to the
example of two IPsec devices, Alice and Bob, Bob is a peer of Alice (and Alice a peer of
Bob) when the two of them communicate with IPsec.
A transform set is a list of IPsec protocols and cryptographic algorithms that a peer can
accept. Because IPsec allows for the use of different protocols and algorithms, a peer needs
to declare and negotiate with other peers what it can support. Peers communicate the
protocols and algorithms they support by exchanging transform sets. For two peers to
communicate successfully, they must share a common transform set. If they do not, their
attempt to establish a peering will fail and they will not be able to communicate.
The following situation highlights transform sets in action. Consider a case where Alice and
Bob are two IPsec devices on the Internet, but they were made by different manufacturers.
Suppose Alice's implementation of IPsec supports an optional encryption algorithm (one
that is supported but not mandated by the standard) that Bob does not support. If Alice sends
Bob a transform set that includes the optional encryption algorithm, Bob will reject it
because he has no way of encrypting or decrypting with that algorithm. What Alice could
do to make things easier is send Bob two or three transform sets she thinks Bob might
accept and have Bob pick a transform set acceptable to him.
A transform set typically contains the following information:
• An IPsec security protocol (AH or ESP—see "Authentication Header and
Encapsulating Security Payload," later in this chapter) that is supported by the peer.
Using AH and ESP together is also supported.
240 Chapter 7: Advanced Security Services, Part I: IPsec
• An integrity/authentication algorithm supported by the peer (a hashing algorithm such as
MD5 HMAC or SHA-1 HMAC, for example).
• An encryption algorithm supported by the peer (DES or Triple-DES, for example). A null
encryption algorithm (no encryption) is also supported.
NOTE You may use authentication alone if encryption is not required. Encryption without
authentication is also supported but is not recommended because of a potential security risk
(see Bibliography for a reference).
An important point to know is that a transform set deﬁnes a set of protocols and algorithms
to be used for peering with another device. It does not deﬁne a list of all the protocols and
algorithms a peer supports. In other words, a transform set lists the rules for a session and is
session-focused, not device-focused. A transform set is a proposal for communication: Alice
might support DES, Triple-DES, IDEA, and Blowﬁsh, but propose to Bob by way of a
transform set that their session use DES.
A security association (SA) is a logical connection that protects data ﬂowing from one peer to
another by using a transform set. Security associations are like logical tunnels between peers:
Trafﬁc entering an SA is protected and transported to the other side (the other peer).
SAs are unidirectional—an SA protects data ﬂowing in one direction only. Therefore, for secure
bidirectional communication between peers, a pair of SAs is required.
IPsec maintains many pieces of data needed to support an SA between two peers. These
• The identity of the remote peer participating in IPsec (an IP address or hostname).
• The security protocol (AH or ESP), hashing algorithm (if one is used), and encryption
algorithm (if ESP is used). This information is negotiated when the peers exchange
• The shared keys used by the hashing and encryption algorithms for the duration of the SA
(called the lifetime of the SA).
• A description of the trafﬁc ﬂow protected by the SA. Typically, this speciﬁes the IP
addresses and port numbers protected by the SA. The description can be ﬁne-grained,
such as a single TCP session between two hosts, or it can be broad, such as all trafﬁc
ﬂowing from Subnet X to Subnet Y.