The IPSec protocol suite is a series of protocols developed by the IETF (Internet Engineering Task Force), which provides high-quality, interoperable, cryptography-based security for IP datagrams.
IPSec is implemented through two security protocols: authentication header AH (Authentication Header, protocol number 51) and encapsulating security payload ESP (Encapsulating Security Payload). AH can provide data source verification and data integrity check functions; ESP can not only provide data verification and integrity check functions, but also provide encryption functions for IP messages.
The IPSec protocol has two encapsulation modes:
-
transmission mode. In transport mode, AH or ESP is inserted after the IP header but before all transport layer protocols, or before all other IPSec protocols.
-
Tunnel mode. In tunnel mode, AH or ESP is inserted before the original IP header, and a new IP header is generated and placed before AH or ESP.
Transport mode is used for communication between two hosts, or between a host and a security gateway. In transport mode, the two devices that encrypt and decrypt messages must themselves be the original sender and final recipient of the message.
Usually, most of the data traffic between two security gateways (routers) is not the traffic of the security gateway itself. Therefore, the transmission mode is generally not used between security gateways, but the tunnel mode is always used. Messages encrypted at one security gateway can only be decrypted by another security gateway. Therefore, the IP packet must be tunnel-encapsulated, that is, a new IP header is added, and the tunnel-encapsulated IP packet is sent to another security gateway before it can be decrypted.
Message format
Figure 1 AH package and header format
Field | length | describe |
---|---|---|
Next Header | 8 bits | Represents the next payload after the authentication header. |
Payload Len | 8 bits | The length of AH is reduced by 2, and 4 bytes is the counting unit. For example, with a 96-bit authentication value, the length would be "4" (i.e. 3 fixed 4 bytes for the header + 3 4 bytes for the ICV - 2). For IPv6, the total header length must be a multiple of 8 bytes. |
RESERVED | 16 bits | Reserved for future use. Must be set to 0 and ignored when receiving. |
Security Parameters Index | 32 bits | Used to identify SA to the message receiving end |
Sequence Number Field | 32 bits | Sequence number. Every time a message is sent, the count increases by 1. For example, every time a SA message is sent, the sequence number increases by 1. |
Integrity Check Value-ICV | lengthen | The ICV field of the message has variable length. The length must be an integer multiple of 32 bits. |
Figure 2 ESP encapsulation and header format
Field | length | describe |
---|---|---|
Security Parameters Index | 32 bits | Security parameter index. |
Sequence Number | 32 bits | serial number. |
Payload Data* | lengthen | Payload data (variable). |
Padding | 0–255 bytes | Populate the fields. |
Pad Length | 8 bits | Padding field length. |
Next Header | 8 bits | Next head. |
Integrity Check Value-ICV | lengthen | verify the data. |
Figure 3 Combined use of AH and ESP protocols
Internet Key Exchange Protocol IKE (Internet Key Exchange) is the signaling protocol of IPSEC.
Figure 4 IKE Header Format
Field | length | describe |
---|---|---|
IKE_AS Initiator's SPI | 8 bytes | The sender is used to uniquely identify an IKE security association. This value cannot be set to 0. |
IKE_AS Responder's SPI | 8 bytes | The responder is used to uniquely identify an IKE security association. This value must be 0 for the initial IKE interaction message and cannot be 0 for other messages. |
Next Payload | 1 byte | Only the type of load that follows the head. |
MjVer | 4 bits | Identifies the maximum version of the IKE protocol used. |
MnVer | 4 bits | Identifies the minimum version of the IKE protocol used. |
Exchange Type | 1 byte |
|
Flags | 1 byte | Specific options set in the message. If the Flag field is set, it means there are options.
|
Message ID | 4 bytes | 消息标识符,用来对请求消息和呼应消息的匹配,以便控制丢弃消息的重复发送。这在抑制重放攻击时对保障协议的安全性很关键。 |
Length | 4 bytes | 整个消息的长度(报文头+负荷),以字节为单位。 |
Next Payload | 1 byte | 标识消息中的下一个负载的类型。如果当前的负载是消息的最后一个,则此字段置0。
|
C (Critical) | 1 bit |
注意,C比特应用于当前负载,而不是下一个负载。 |
RESERVED | 7 bits | 发送时必须置0,接收时忽略。 |
Payload Length | 2 bytes | 当前负载的长度,包括通用负载的头部,以字节为单位。 |