Everyone from security knows about three main pillars of our field: integrity, confidantiality and availability. The mechanism described in this article is how integrity can be achieved for TCP/IP packets.
AH needs the whole packet to be ready, including layers 5-7. It then digitally signs the whole packet.
- Replay
- Tampering
- Spoofing
AH header is places between TCP/UDP (aka Transport layer) and IP/ICMP etc (aka Network layer).
Negotiation
Which encryption algo?
Which integrity mechanism?
How to authenticate?
AH or/and ESP?
Which encryption for ESP?
Which auth for AH?
Header Anatomy
8 Next header. Most of the headers have such field. 8 Payload Length. It means, AH payload length. 16 Reserved 00000 32 Security Parametrs Index. Arbitrary 32-bit value. This + IP + secutity protocol -> datagram id ❓. 32 Sequence Number Field. It’s what helps to mitigate replay attacks. It’s a counter and it’s mandatory unless either party is eager to disable it.
❓ How to disable it?
32 Authentication data. Contains ICV (integrity check value). Multiple of 32 in length.
For authentication MAC (+DES) or MD5/SHA-1. For multicast - hash + assymmetric signature.