Encapsulating Security Payload (ESP) is a key protocol in the IPsec (Internet Security) architecture, which is designed to provide a mix of security services in IPv4 and IPv6. The IP Encapsulating Security Payload (ESP) seeks to provide confidentiality and integrity by encrypting data to be protected and placing the encrypted data in the data portion of the IP ESP. Depending on the user"s security requirements, this mechanism may be used to encrypt either a transport-layer segment (e.g., TCP, UDP, ICMP, IGMP) or an entire IP datagram. Encapsulating the protected data is necessary to provide confidentiality for the entire original datagram.

The ESP header is inserted after the IP header and before the upper layer protocol header (transport mode) or before an encapsulated IP header (tunnel mode). The Internet Assigned Numbers Authority has assigned Protocol Number 50 to ESP. The header immediately preceding an ESP header will always contain the value 50 in its Next Header (IPv6) or Protocol (IPv4) field. ESP consists of an unencrypted header followed by encrypted data. The encrypted data includes both the protected ESP header fields and the protected user data, which is either an entire IP datagram or an upper-layer protocol frame (e.g., TCP or UDP).

ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service, and limited traffic flow confidentiality.

The set of services provided depends on options selected at the time of Security Association establishment and on the placement of the implementation. Confidentiality may be selected independent of all other services. However, use of confidentiality without integrity/authentication (either in ESP or separately in AH) may subject traffic to certain forms of active attacks that could undermine the confidentiality service. Data origin authentication and connectionless integrity are joint services and are offered as an option in conjunction with (optional) confidentiality. The anti-replay service may be selected only if data origin authentication is selected, and its election is solely at the discretion of the receiver.

Protocol Structure

• Security association identifier - a pseudo-random value identifying the security association for this datagram.
• Sequence Number - it contains a monotonically increasing counter value and is mandatory and is always present even if the receiver does not elect to enable the anti-replay service for a specific SA.
• Payload Data - a variable-length field containing data described by the Next Header field.
• Padding C padding for encryption.
• Pad length - indicates the number of pad bytes immediately preceding it.
• Next header - identifies the type of data contained in the Payload Data field, e.g., an extension header in IPv6 or an upper layer protocol identifier.
• Authentication Data - a variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication Data.

Related protocols: IPsec, AH, DES, AES, IKE, DOI, HMAC, HMAC-MD5, HMAC-SHA, PKI, IP, IPv6, ICMP, IGMP

Sponsor Source: ESP is defined by IETF (http://www.ietf.org)

Reference:
http://www.javvin.com/protocol/rfc4303.pdf: IP Encapsulating Security Payload (ESP)
http://www.javvin.com/protocol/rfc4305.pdf: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH).