E.2.1 ipsec security components, E.2.1.1 authentication header (ah) – Billion Electric Company BiGuard 2 User Manual

141

Internet Protocol Security (IPSec) is a set of protocols and algorithms that provide
data authentication, integrity, and confidentiality as data is transferred across IP
networks. IPSec provides data security at the IP packet level, and protects against
possible security risks by protecting data. IPSec is widely used to establish VPNs.

There are three major functions of IPSec:

- Confidentiality: Conceals data through encryption.
- Integrity: Ensures that contents did not change in transit.
- Authentication: Verifies that packets received are actually from the claimed
sender.

E.2.1 IPSec Security Components

IPSec contains three major components:

- Authentication Header (AH): Provides authentication and integrity.
- Encapsulating Security Payload (ESP): Provides confidentiality, authentication,
and integrity.
- Internet Key Exchange (IKE): Provides key management and Security Association
(SA) management.

These components are discussed below.

E.2.1.1 Authentication Header (AH)

The Authentication Header (AH) is a protocol that provides authentication and
integrity, protecting data from tampering. It provides authentication of either all or
part of the contents of a datagram through the addition of a header that is
calculated based on the values in the datagram.

The AH can also protect packets from unauthorized re-transmission with anti-replay
functionality. The presence of the AH header allows us to verify the integrity of the
message, but doesn't encrypt it. Thus, AH provides authentication but not privacy.
ESP protects data confidentiality. Both AH and ESP can be used together for added
protection.