/var/logmarcus chiu

IPSec - Security Association (SA) - Security Parameter Index (SPI) - Security Policy Database (SPD)

Created on · Last Modified on

Security Association (SA)

  • SA is a cryptographically protected connection (i.e. IPSec session)
  • SA specifies the encryption/authentication algorithms, keys, parameters, etc
  • SA identified by:
    • Security Parameter Index (SPI)
    • Destination IP Address
    • Protocol Identifier (AH or ESP)
  • security policy database - specifies what kind of protection should be applied to packets (acc. to source-destination address, port numbers, user ID, data sensitivity level, etc.)
  • each SA entry contains:
  • a database of SA entries are stored at the host/router
  • a single SA defines the IPSec communication between a 2 hosts/routers, therefore 2 copies are stored (one for each host/router)