First page Back Continue Last page Summary Graphic
How are those services provided?
The security services are provided by cryptographic mechanisms:
- Message authentication code (MAC) = data authenticity
- Encryption = data confidentiality
- Sequence number = protection against replay
The above mechanisms are implemented via two extensions of the IP protocol:
- AH (Authentication Header), which ensures the authenticity of the IP datagrams
- ESP (Encapsulating Security Payload), which can ensure data confidentiality and/or authenticity
Cryptographic algorithms:
- AH and ESP can be used with several cryptographic algorithms; the IETF makes some mandatory for compliance
- Encryption : triple DES (168 bits), DES, CAST-128 (40 to 128 bits key), Blowfish (40-448 bits), RC5 (40-2040 bits)...
- Authenticity : HMAC-MD5, HMAC-SHA-1…