Encapsulating Security Payload

Encapsulating Security Payload (or ESP ), is a pertaining protocol after IPSec, making it possible to combine several security services: confidentiality, authentification and integrity.

Presentation

Protocol ESP makes it possible to combine, at will, several security services like the data confidentiality by the use of a system of coding; authentification of the package and its transmitter (the address source of the package is that of the transmitter); integrity of the data (no voluntary deterioration or not of the package during transport) and unicity of the package (not of rejeu).

In opposition to the Authentication Header (AH), which adds only one additional heading to the package IP, ESP quantifies the data then encapsulates them.

Properties

ESP proposes authentification in the same way as AH gràce with the use of data of heading: The SPI (Security Parameters Index) makes it possible to characterize the association of safety used for communication (SA). The data of authentification contain the value of checking of integrity (ICV) making it possible to check the authenticity of the data of the package.

The statistical data are contained in the part “free field” (or PayLoad Data) of the package. This field contains possibly also data of synchronization. Stuffing (Padding), can be added if necessary. Its length is specified in the field envisaged for this purpose. Lastly, the En-tête fields according to (Next Header) indicates the nature of the contained informations in Payload Data (free field).

Description of a package ESP

A package ESP is presented as follows:

Significances: ; Index of the parameter of safety (SPI): identify the parameters of safety according to address IP ; Number of sequence: a meter which avoids the attacks by repetition ; Attached data: data to be transferred ; Filling: allows to obtain a size of block compatible with coding ; Length of the filling: expressed out of bits ; Heading according to: identify the protocol used for the transfer ; Data of authentification: contains the necessary informations to authenticate the package

See too

• IPSec

• Authentication Header
• Protocol network

Random links:

Like a magnet | Radio French-speaking Switzerland | French sculpture of the XIXe century | Aleksey Morozov | LTE (mobile networks) | John_Hardyng

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org