Encapsulating Security Payload
Encapsulating Security Payload (ESP) provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, or in combination with AH.
ESP does not normally sign the entire packet unless it is being tunneled—ordinarily, just the IP data payload is protected, not the IP header.
For example, Alice on Computer A sends data to Bob on Computer B. The data payload is encrypted and signed for integrity. Upon receipt, after the integrity verification process is complete, the data payload in the packet is decrypted. Bob can be certain it was really Alice who sent the data, that the data is unmodified, and that no one else was able to read it.
ESP indicates itself in the IP header using the IP protocol ID of 50. As shown in the Figure 8.3, the ESP header is placed prior to the transport layer header (TCP or UDP) or the IP payload data for other IP protocol types.
Figure 8.3 ESP
The ESP header contains the following fields:
Security Parameters Index Identifies, when used in combination with the destination address and the security protocol (AH or ESP), the correct security association for the communication. The receiver uses this value to determine the security association with which this packet should be identified.
Sequence Number Provides anti-replay protection for the SA. It is 32-bit, incrementally increasing number (starting from 1) that indicates the packet number sent over the security association for the communication. The sequence number is never allowed to cycle. The receiver checks this field to verify that a packet for a security association with this number has not been received already. If one has been received, the packet is rejected.
The ESP trailer contains the following fields:
Padding 0 to 255 bytes is used for 32-bit alignment and with the block size of the block cipher.
Padding Length Indicates the length of the Padding field in bytes. This field is used by the receiver to discard the Padding field.
Next Header Identifies the nature of the payload, such as TCP or UDP.
The ESP Authentication Trailer contains the following field:
Authentication Data Contains the Integrity Check Value (ICV), and a message authentication code that is used to verify the sender's identity and message integrity. The ICV is calculated over the ESP header, the payload data and the ESP trailer.
Packet Signature and Encryption
As shown in Figure 8.4, ESP provides protection for upper layer protocols. The Signed area indicates where the packet has been signed for integrity. The Encrypted area indicates what information is protected with confidentiality.
Figure 8.4 ESP: Signature and Encryption
ESP is inserted after the IP header and before an upper layer protocol, such as TCP, UDP, or ICMP, or before any other IPSec headers that have already been inserted. Everything following ESP (the upper layer protocol, the data, and the ESP trailer) is signed. The IP header is not signed, and therefore not necessarily protected from modification. The upper layer protocol information, the data, and the ESP trailer are encrypted.