Encapsulating Security Payload

Created: 28.07.2022

This is about … .

Since AH protocol is only all about integrity and one needs to persue confidentiality as well, ESP comes into play.

  1. replay
  2. authentication
  3. integrity check (why to use AH as well here?)

ESP protocol data consists of 3 parts:

  1. Header
  2. Trailer
  3. Authentication block

Header Anatomy

32 Security Parameters Index. Alomg with IP and sec protocol (ESP) - sec association id for the datagram. 32 Sequence number. Replay attacks mitigation.

Trailer Anatomy

0-2040 Padding. 8 Pad Length. How many pad bytes precede it. 8 Next header. What’s in the payload?

Authentication Anatomy

Is plaxed at the very end of the packet. Variable length. Contains ICV(ESP packet - Authentication data).

References

Expand … [1]