Encapsulating Security Payload, ESP Header

This lesson explains Encapsulating Security Payload (ESP), Encapsulating Security Payload (ESP) Header and trailer, Encapsulating Security Payload (ESP) Header and trailer fields description.

The Encapsulating Security Payload (ESP) protocol provides all the functions of Authentication Header (Authentication, Data Integrity, and anti-replay protection). The difference here is that the Encapsulating Security Payload (ESP) provides the most critical security function, data confidentiality. The benifits of using Encapsulating Security Payload (ESP) are listed below.

1) Confidentiality of Datagrams through encryption.

2) Traffic flow confidentiality using security gateways.

3) Authentication of data origin using digital certificates.

4) Anti-replay services using sequence number mechanism.

Encapsulating Security Payload (ESP) Header

Figure 7: Encapsulating Security Payload (ESP) Header

Security Parameter Index (SPI): Security Parameter Index (SPI) field in the Encapsulating Security Payload (ESP) header along with the destination address, and the IPsec protocol are used to uniquely identify the SA that applies to this packet.

Sequence Number: The sequence number in the Encapsulating Security Payload (ESP) header provides antireplay services to Encapsulating Security Payload (ESP).

Protected Data: Protected Data field in the Encapsulating Security Payload (ESP) heade is the actual data being protected by Encapsulating Security Payload (ESP). The length of this field is variable and depends on the size of the data. The protected data field also contain any initialization vector for encryption algorithm.

Padding: Block ciphers require that plaintext be padded to a multiple of the block size. If any padding is needed, it follows immediately after the payload data in the padding field.

Pad Length: Pad Length specifies the length of the padding.

Next Header: The next header field indicates what type of data is in the payload data field.

Authentication Data: The authentication data field contains an integrity check value for the Encapsulating Security Payload (ESP) packet.