IPsec: AH and ESP

A. Meddeb, and N. Boudriga, National Digital Certification Agency and University of Carthage, Tunisia Mohammad S. Obaidat*, Monmouth University, NJ, USA

TCP/IP Limitations and IPsec Response

IPsec Architecture

Security Association Database

Security Policy Database

Authentication Header

Encapsulating Security Protocol (ESP)

IPsec Processing

Outgoing Traffic Management

Incoming Traffic Management

Security Policy Management

IPSec Policy Capabilities

IPSec Policy Configuration

IPsec Implementations

Host Implementation

Router Implementation

Limitations, Perspectives and Advanced Issues of IPsec

Advantages of IPSec

IPSec Limitations

Concluding Remarks

Glossary

Cross References

References

TCP/IP LIMITATIONS AND IPsec RESPONSE

Nowadays, most of the Internet flows are left unprotected against cyber attacks. A packet that traverses the network can be intercepted by any host connected to the network (and lying along the transmission path). The packet can be replayed and its content can be modified or reproduced. Even the checksums, which are part of the Internet Packet format, if used as a security mechanism, cannot protect a packet from unauthorized alteration. The checksums were intended to protect against corruption caused by malfunctioning devices. If the data alteration is intentional, the attacker can recompute the checksum, and the packet will appear to be perfectly intact. This situation exists mainly because no real protection mechanism has been integrated into ...