IPsec: AH and ESP

A. Meddeb, and N. Boudriga, National Digital Certification Agency and University of Carthage, Tunisia Mohammad S. Obaidat*, Monmouth University, NJ, USA

TCP/IP Limitations and IPsec Response

IPsec Architecture

Security Association Database

Security Policy Database

Authentication Header

Encapsulating Security Protocol (ESP)

IPsec Processing

Outgoing Traffic Management

Incoming Traffic Management

Security Policy Management

IPSec Policy Capabilities

IPSec Policy Configuration

IPsec Implementations

Host Implementation

Router Implementation

Limitations, Perspectives and Advanced Issues of IPsec

Advantages of IPSec

IPSec Limitations

Concluding Remarks


Cross References



Nowadays, most of the Internet flows are left unprotected against cyber attacks. A packet that traverses the network can be intercepted by any host connected to the network (and lying along the transmission path). The packet can be replayed and its content can be modified or reproduced. Even the checksums, which are part of the Internet Packet format, if used as a security mechanism, cannot protect a packet from unauthorized alteration. The checksums were intended to protect against corruption caused by malfunctioning devices. If the data alteration is intentional, the attacker can recompute the checksum, and the packet will appear to be perfectly intact. This situation exists mainly because no real protection mechanism has been integrated into ...

Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.