40.6. Appendix - IPSEC protocol

Internet Protocol SECurity (IPSEC) is a suite of protocols for protecting communications over IP networks by authenticating and/or encrypting each IP packet in a data stream. The set of security services offered includes:

These services are provided at the network layer (layer 3 of the OSI model), offering protection for IP and/or upper layer protocols. IPsec also includes protocols for cryptographic key estabilishment such as Internet Key Exchange (IKE).

IPsec uses two protocols that can be applied either separately or together to provide a desired set of security services:

All implementations of AH and ESP must support the concept of a Security Association (SA). SA is simply the bundle of algorithms and parameters (such as keys) that is being used to encrypt a particular flow. Two types of SAs are defined: