Introduction

Data Integrity

Guarantee data consistency; prevent unauthorized creation, modification, or deletion of data between source and destination.

Authentication

Ensure that the data received is the same as the data sent and that the claimed sender is the actual sender.

Confidentiality

Provide data privacy such that only the intended recipients of the data know what is being sent. The sender encrypts (encodes) the data using an encryption algorithm and key (bit string). The output is ciphertext that is difficult to decode without knowing the key.

Application-transparent Security

IPSec security headers are inserted between the standard IP protocol header and the upper-layer data (such as a TCP packet). Any network service that uses IP (such as telnet, FTP or sendmail) or user application that uses IP (TCP BSD Socket or XTI Streams application) can use IPSec without modification.

IPSec traffic can also pass transparently through existing IP routers.

Authentication Header (AH) for data integrity and authentication.

Encapsulating Security Payload (ESP) header for data confidentiality, data integrity, and data authentication. The ESP header also includes a sequence number that provides a form of replay protection.

Internet Key Exchange (IKE) protocol, for generating and distributing cryptography keys for ESP and AH. IKE also authenticates the identity of the remote system, so AH and authenticated ESP with IKE keys provides data origin authentication.