Authentication Header

Created: 28.07.2022

Everyone from security knows about three main pillars of our field: integrity, confidantiality and availability. The mechanism described in this article is how integrity can be achieved for TCP/IP packets.

AH needs the whole packet to be ready, including layers 5-7. It then digitally signs the whole packet.

  1. Replay
  2. Tampering
  3. Spoofing

AH header is places between TCP/UDP (aka Transport layer) and IP/ICMP etc (aka Network layer).

Negotiation

Which encryption algo?

Which integrity mechanism?

How to authenticate?

AH or/and ESP?

Which encryption for ESP?

Which auth for AH?

Header Anatomy

8 Next header. Most of the headers have such field. 8 Payload Length. It means, AH payload length. 16 Reserved 00000 32 Security Parametrs Index. Arbitrary 32-bit value. This + IP + secutity protocol -> datagram id ❓. 32 Sequence Number Field. It’s what helps to mitigate replay attacks. It’s a counter and it’s mandatory unless either party is eager to disable it.

❓ How to disable it?

32 Authentication data. Contains ICV (integrity check value). Multiple of 32 in length.

For authentication MAC (+DES) or MD5/SHA-1. For multicast - hash + assymmetric signature.

References

Expand … [1]