On this page
|
| SUMMARY | |
| Protocol |
: |
Authentication Header |
| Protocol suite |
: |
TCP/IP |
| Layer |
: |
Network Layer |
| Working groups |
: |
Ipsec, IP Security Protocol |
|
| DESCRIPTION |
The IP Authentication Header (AH) is used to provide connection less integrity and data origin authentication for IP datagrams (here after referred to as just "authentication"), and to provide protection against replays. This latter, optional service may be selected, by the receiver, when a Security Association is established. (Although the default calls for the sender to increment the Sequence Number used for anti-replay, the service is effective only if the receiver checks the Sequence Number.) AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data. However, some IP header fields may change in transit and the value of these fields, when the packet arrives at the receiver, may not be predictable by the sender. The values of such fields cannot be protected by AH. Thus the protection provided to the IP header by AH is somewhat piecemeal.
AH may be applied alone, in combination with the IP Encapsulating Security Payload (ESP), or in a nested fashion through the use of tunnel mode (see "Security Architecture for the Internet Protocol", hereafter referred to as the Security Architecture document). Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. ESP may be used to provide the same security services, and it also provides a confidentiality (encryption) service. The primary difference between the authentication provided by ESP and AH is the extent of the coverage. Specifically, ESP does not protect any IP header fields unless those fields are encapsulated by ESP (tunnel mode). For more details on how to use AH and ESP in various network environments, seethe Security Architecture document.
It is assumed that the reader is familiar with the terms and concepts described in the Security Architecture document. In particular, the reader should be familiar with the definitions of security services offered by AH and ESP, the concept of Security Associations, the ways in which AH can be used in conjunction with ESP, and the different key management options available for AH and ESP.
AH offers an anti-replay (partial sequence integrity) service at the discretion of the receiver, to help counter denial of service attacks. AH is an appropriate protocol to employ when confidentiality is not required (or is not permitted, e.g , due to government restrictions on use of encryption). AH also provides authentication for selected portions of the IP header, which may be necessary in some contexts. For example, if the integrity of an IPv4 option or IPv6 extension header must be protected en route between sender and receiver, AH can provide this service (except for the non-predictable but mutable parts of the IP header.)
When used with IPv6, the Authentication Header normally appears after the IPv6 Hop-by-Hop Header and before the IPv6 Destination Options. When used with IPv4, the Authentication Header normally follows the main IPv4 header.
Header Format
1 byte | 1 byte | 2 bytes | Next header | Payload Length | Reserved | Security parameters index | Security number | Authentication data(variable number of 32-bit words) |
- Next header
8 bits. The Next Header is an field that identifies the type of the next payload after the Authentication Header.
- Payload Length
8 bits. Size of the Authentication Data payload in 32 bit words - 2. May be cleared to zero.
- SPI, Security Parameters Index
32 bits. Contains a pseudo random value used to identify the security association for this datagram. If cleared to zero, a security association does not exist. Values in the range 1 to 255 are reserved.
- Sequence number
32 bits. The sequence number contains a monotonically increasing counter value (sequence number).
- Authentication Data
Variable length. This field must contain a multiple of 32 bit words.
Authentication Header Processing
Authentication Header Location
AH may be employed in two ways: transport mode or tunnel mode. The former mode is applicable only to host implementations and provides protection for upper layer protocols, in addition to selected IP header fields.
- IPv4
In transport mode, AH is inserted after the IP header and before an upper layer protocol, e.g., TCP, UDP, ICMP, etc. or before any other IPsec headers that have already been inserted. In the context of IPv4, this calls for placing AH after the IP header (and any options that it contains), but before the upper layer protocol.
Before Applying AH
orig IP hdr(any options) | TCP | Data |
After Applying AH
orig IP hdr(any options) | AH | TCP | Data | authenticated |
- IPv6
In the IPv6 context, AH is viewed as an end-to-end payload, and thus should appear after hop-by-hop, routing, and fragmentation extension headers. The destination options extension header(s) could appear either before or after the AH header depending on the semantics desired. The following diagram illustrates AH transport mode positioning for a typical IPv6 packet.
Before Applying AH
orig IP hdr | ext hdrs if present | TCP | Data |
After Applying AH
orig IP hdr | hop-by-hop, dest*, routing, fragment. | AH | dest opt* | TCP | Data | authenticated except for mutable fields |
In tunnel mode, AH protects the entire inner IP packet, including the entire inner IP header. The position of AH in tunnel mode, relative to the outer IP header, is the same as for AH in transport mode. The following diagram illustrates AH tunnel mode positioning for typical IPv4 and IPv6 packets.
IPv4
orig IP hdr(any options) | AH | orig IP hdr* (any options) | TCP | Data | authenticated except for mutable fields in the new IP hdr |
IPv6
new IP hdr* | ext hdrs* if present | AH | orig IP hdr* | ext hdrs* if present | TCP | Data | authenticated except for mutable fields in new IP hdr |
= construction of outer IP hdr/extensions and modification of inner IP hdr/extensions is discussed below.
- Authentication Algorithms
The authentication algorithm employed for the ICV computation is specified by the SA. For point-to-point communication, suitable authentication algorithms include keyed Message Authentication Codes (MACs) based on symmetric encryption algorithms (e.g., DES) or on one-way hash functions (e.g., MD5 or SHA-1). For multicast communication, one-way hash algorithms combined with asymmetric signature algorithms are appropriate, though performance and space considerations currently preclude use of such algorithms.
- Outbound Packet Processing
In transport mode, the sender inserts the AH header after the IP header and before an upper layer protocol header, as described above. In tunnel mode, the outer and inner IP header/extensions can be inter-related in a variety of ways. The construction of the outer IP header/extensions during the encapsulation process is described in the Security Architecture document.
- Inbound Packet Processing
If there is more than one IPsec header/extension present, the processing for each one ignores (does not zero, does not use) any IPsec headers applied subsequent to the header being processed.
|
 Top of Page
|
| EXAMPLES |
|
|
Top of Page
|
| PROTOCOL RELATIONS |
■ Parent layer
■ Child layer
IP
| | AH | |
Top of Page
|
| GLOSSARY |
|
Algorithm
Algorithm is a formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point. Algorithms can be expressed in any language, from natural languages like English or French to programming languages like FORTRAN.
We use algorithms every day. For example, a recipe for baking a cake is an algorithm. Most programs, with the exception of some artificial intelligence applications, consist of algorithms. Inventing elegant algorithms -- algorithms that are simple and require the fewest steps possible -- is one of the principal challenges in programming.
Anti-replay
The anti-replay protocol is part of the Internet Engineering Task Force (IETF) Internet Protocol Security (IPsec) standard. Anti-replay ensures IP packet-level security by making it impossible for a hacker to intercept message packets and insert changed packets into the data stream between a source computer and a destination computer. By detecting packets that match the sequence numbers of those that have already arrived, the anti-replay mechanism helps to ensure that invalid packets are discarded. Both of the main protocols in the IPSec standard, the Encapsulating Security Payload (ESP) and the Authentication Header (AH), use anti-replay protection.
Authentication
The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
Encapsulation
In programming, the process of combining elements to create a new entity. For example, a procedure is a type of encapsulation because it combines a series of computer instructions. Likewise, a complex data type, such as a record or class, relies on encapsulation. Object-oriented programming languages rely heavily on encapsulation to create high-level objects. Encapsulation is closely related to abstraction and information hiding.
Encryption
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.
There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
Header
In many disciplines of computer science, a header is a unit of information that precedes a data object. In a network transmission, a header is part of the data packet and contains transparent information about the file or the transmission. In file management, a header is a region at the beginning of each file where bookkeeping information is kept. The file header may contain the date the file was created, the date it was last updated, and the file's size. The header can be accessed only by the operating system or by specialized programs.
In word processing, one or more lines of text that appears at the top of each page of a document. Once you specify the text that should appear in the header, the word processor automatically inserts it.
IPv6
IPv6 is designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.
|
Top of Page
|
| REFERENCES |
RFCs
[ RFC 1828] IP Authentication using Keyed MD5.
[ RFC 2085] HMAC-MD5 IP Authentication with Replay Prevention.
[ RFC 2401] Security Architecture for the Internet Protocol.
Obsoletes: RFC 1825.
[ RFC 2402] IP Authentication Header.
Obsoletes: RFC 1826.
[ RFC 2403] The Use of HMAC-MD5-96 within ESP and AH.
[ RFC 2404] The Use of HMAC-SHA-1-96 within ESP and AH.
[ RFC 2411] IP Security Document Roadmap.
[ RFC 2841] IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC).
Obsoletes: RFC 1852.
[ RFC 2857] The Use of HMAC-RIPEMD-160-96 within ESP and AH.
Obsolete RFCs:
[ RFC 1825] Security Architecture for the Internet Protocol.
Obsoleted by: RFC 2401.
[ RFC 1826] IP Authentication Header.
Obsoleted by: RFC 2402.
[ RFC 1852] IP Authentication using Keyed SHA.
Obsoleted by: RFC 2841.
|
Top of Page
|
| OTHER PROTOCOLS OF TCP/IP SUITE |
|
|
|
|
|
