Misplaced Pages

Security Parameter Index

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

The Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use.

#293706

5-590: The SPI (as per RFC 2401) is a required part of an IPsec Security Association (SA) because it enables the receiving system to select the SA under which a received packet will be processed. An SPI has only local significance, since it is defined by the creator of the SA; an SPI is generally viewed as an opaque bit string. However, the creator of an SA may interpret the bits in an SPI to facilitate local processing. This works like port numbers in TCP and UDP connections. What it means

10-486: A data encryption algorithm, public key , or initialization vector. To make things easier, all of this security information is grouped logically, and the logical group itself is a Security Association. Each SA has its own ID called SAID. So both the base station and mobile subscriber will share the SAID, and they will derive all the security parameters. In other words, an SA is a logical group of security parameters that enable

15-442: Is a simplex (one-way channel) and logical connection which endorses and provides a secure data connection between the network devices. The fundamental requirement of an SA arrives when the two entities communicate over more than one channel. Take, for example, a mobile subscriber and a base station . The subscriber may subscribe itself to more than one service. Therefore, each service may have different service primitives, such as

20-485: Is that there could be different SAs used to provide security to one connection. An SA could therefore act as a set of rules. Carried in Encapsulating Security Payload (ESP) header or Authentication Header (AH) , its length is 32 bits. This Internet-related article is a stub . You can help Misplaced Pages by expanding it . Security Association A security association ( SA ) is

25-654: The establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parameters for the network data to be passed over the connection. The framework for establishing security associations is provided by the Internet Security Association and Key Management Protocol (ISAKMP). Protocols such as Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK) provide authenticated keying material. An SA

#293706