ESP (Encapsulating Security Payload)
An Encapsulating Security
Payload (ESP) is a security protocol within the IPsec suite that provides
encryption and authentication for data packets transmitted over a network,
essentially safeguarding the confidentiality and integrity of the information
by encrypting the payload and verifying its origin, preventing unauthorized
access and tampering with the data while in transit; it operates by adding a
header and trailer to the IP packet, allowing for secure communication between
two devices through encryption with a shared secret key, and can be used in
both "transport mode" (encrypting only the data portion) or
"tunnel mode" (encrypting the entire IP packet including the header)
depending on the desired security level. 
Key points about ESP:
- Function: ESP primarily provides data confidentiality by encrypting the payload of an IP packet, ensuring only the intended recipient can decipher the information.
- Authentication: While encryption is the primary function, ESP can provide optional data origin authentication through integrity checks, verifying the sender's identity and preventing spoofing attacks.
- Integrity Check: ESP utilizes a cryptographic hash function to generate an Integrity Check Value (ICV) that is added to the packet. This allows the receiver to verify whether the data has been tampered with during transmission.
- Replay Protection: Sequence numbers in the ESP header help prevent replay attacks, in which an attacker attempts to resend a captured packet to gain unauthorized access.
- Encryption Algorithm: ESP utilizes symmetric encryption algorithms like AES (Advanced Encryption Standard), which allow both the sender and receiver to share the same secret key for encryption and decryption.
How ESP works:
1. Encapsulation: When a device wants to send data, it creates an ESP header containing encryption parameters and an ICV, then adds it to the beginning of the data payload.
2. Encryption: The entire data payload (including the ESP header) is encrypted using the shared secret key between the sender and receiver.
3. ESP Trailer: An ESP trailer containing authentication information is added at the end of the encrypted data.
4. Transmission: The encapsulated packet is then transmitted over the network.
5. Decryption: Upon receiving the packet, the recipient uses the shared secret key to decrypt the data, verifying the ICV to ensure data integrity.
Modes of operation:
- Transport Mode: In this mode, only the data payload within the IP packet is encrypted, leaving the IP header visible.
- Tunnel Mode: In tunnel mode, the entire IP packet, including the header, is encapsulated and encrypted, providing a higher level of security. This mode is typically used for network-to-network communication.
Key points to remember
about ESP:
- ESP is a core component of the IPsec protocol suite.
- It provides confidentiality and optional authentication for data packets.
- ESP uses symmetric encryption with a shared secret key.
- It operates in transport and tunnel modes, depending on the security requirements.
