The Authentication Header (AH) provides data integrity and data authentication for the entire IPv6 packet. Anti-replay protection is also provided by the AH. Data authentication refers to the fact that if a given computer receives an IP packet with a given source address in the IP header, it can be assured that the IP packet did indeed come from that IP address. Data integrity refers to the fact that if a given computer receives an IP packet, it can be assured that the contents have not been modified along the path from the source node to the destination node. Anti-replay protection means that if a computer has already received a particular IP packet, another packet with modified data won’t also be accepted as valid data. Next, the Authentication Header fields will be examined to determine how these security features are provided. Refer to Figure for the format of the Authentication Header.
The Authentication Header contains a Next Header field, which identifies the next Extension Header or transport type (e.g. TCP). The Payload Length field contains the length of the Authentication Header. The Security Parameters Index (SPI) field contains the Security Parameters Index to be used in identifying the Security Association.
The Sequence Number field is a counter field. The sequence number is set to 0 when the communication phase between the sender and receiver is established. It is subsequently incremented by 1 when either the sender or receiver transmits data.
The variable length Authentication Data contains the Integrity Check Value (ICV), which provides the authentication and data integrity. The SA specifies the authentication algorithm used to compute the ICV.
Authentication Header (AH) IPV6The Authentication Header contains a Next Header field, which identifies the next Extension Header or transport type (e.g. TCP). The Payload Length field contains the length of the Authentication Header. The Security Parameters Index (SPI) field contains the Security Parameters Index to be used in identifying the Security Association.
The Sequence Number field is a counter field. The sequence number is set to 0 when the communication phase between the sender and receiver is established. It is subsequently incremented by 1 when either the sender or receiver transmits data.
The variable length Authentication Data contains the Integrity Check Value (ICV), which provides the authentication and data integrity. The SA specifies the authentication algorithm used to compute the ICV.
The use of the Authentication Header prevents IP Spoofing Attacks, one of the network attack methods in use today. In IP Spoofing, the hacker creates IP packets, via various hacker utilities; with a different IP address then the host computer. This can be used for various malicious reasons. The hacker can act as one side of a trust relationship to gain access to a trusting host.
No comments:
Post a Comment