Scribd
Upload
26 views

Authentication Header

Uploaded by

Swetha Smiley
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
26 views

Authentication Header

Uploaded by

Swetha Smiley
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

AUTHENTICATION HEADER

BY M.SWETHA
WHAT IS AUTHENTICATION HEADER?

The Authentication Header (AH) is a security


protocol used within the IPsec suite. Its
primary function is to ensure that the
message remains unmodified during
transmission from the source and it confirms
that the data originates from the expected
source.
FUNCTIONS OF AUTHENTICATION HEADER

• Message Integrity – It means, the


message is not modified while coming
from the source.
• Source Authentication – It means, the
source is exactly the source from whom
we were expecting data.
When a packet is sent from source A to
Destination B, it consists of data that we need to
send and a header that consists of packet
information. The Authentication Header verifies
the origin of data and also the payload to
confirm if there has been modification done in
between, during transmission between source
and destination. However, in transit, values of
some IP header fields might change (like- Hop
count, options, extension headers). So, the
values of such fields cannot be protected from
Authentication header. Authentication header
cannot protect every field of IP header. It
BLOCK DIAGRAM
AUTHENTICATION HEADER FORMAT

Next Header – Next Header is 8-bit field that identifies


type of header present after Authentication Header. In case
of TCP, UDP or destination header or some other extension
header it will store correspondence IP protocol number .

Payload Length – Payload length is length of


Authentication header and here we use scaling factor of 4.
Whatever be size of header, divide it by 4 and then subtract
by 2. We are subtracting by 2 because we’re not counting
first 8 bytes of Authentication header, which is first two row
of picture given above.
Reserved – This is 16-bit field which is set to “zero” by
sender as this field is reserved for future use.
Security Parameter Index (SPI) – It is arbitrary 32-
bit field. It is very important field which identifies all
packets which belongs to present connection.
Sequence Number – This unsigned 32-bit field
contains counter value that increases by one for each
packet sent. Every packet will need sequence number.
It will start from 0 and will go till 232
Authentication Data (Integrity Check Value)
– Authentication data is variable length field that
contains Integrity Check Value (ICV) for packet.
HOW IT WORKS?
When a packet is sent from source A to
destination B, it includes both data and a header.
The Authentication Header verifies the origin of
the data and checks if any modifications
occurred during transmission. Note that some IP
header fields (such as hop count, options, and
extension headers) may change in transit and
are not protected by Authentication Header.
Authentication Header focuses on protecting
essential fields within the IP header.
MODES OF OPERATION
• Authentication Header Transport Mode:
In the authentication header transport mode,
it is lies between the original IP Header and IP
Packets original TCP HEADER.
• Authentication Header Tunnel Mode: In
this authentication header tunnel mode, the
original IP packet is authenticated entire and
the authentication header is inserted between
the original IP header and new outer
IP header.
ADVANTAGES
1. Integrity Assurance:
AH provides data integrity by ensuring that the content
of the IP packet has not been tampered with during
transmission.
2. Authentication:
It authenticates the source of the IP packet, ensuring
that the packet comes from a legitimate sender.
3. Anti-Replay Protection:
AH includes sequence numbers to prevent replay
attacks, where an attacker captures and retransmits
packets to disrupt communication.
DISADVANTAGES
1. No Payload Encryption:
AH does not provide confidentiality. The payload remains
visible, which can expose sensitive data if encryption
2. Limited Scope:
AH protects only the parts of the packet that do not
change during transit. This means it cannot protect fields
like the IP header's Time to Live (TTL)
3. Increased Packet Size:
2.Adding the AH to a packet increases its size, which can
impact network performance and increase bandwidth
usage.

You might also like