Authentication Header

The Authentication Header (AH) protocol provides data origin authentication, data integrity, and replay protection. However, AH does not provide data confidentiality, which means that all of your data is sent in the clear.

AH ensures data integrity with the checksum that a message authentication code, like MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the AH header. It is worth noting here, that these three distinct functions are often lumped together and referred to as authentication. In the simplest terms, AH ensures that your data has not been tampered with en route to its final destination.

Although AH authenticates as much of the IP datagram as possible, the values of certain fields in the IP header cannot be predicted by the receiver. AH does not protect these fields, known as mutable fields. However, AH always protects the payload of the IP packet.

Start of changeThe Internet Engineering Task Force (IETF) formally defines AH in Request for Comment (RFC) 4302, IP Authentication Header. You can view this RFC on the Internet at the following Web site: of change

Ways of using AH

You can apply AH in two ways: transport mode or tunnel mode. In transport mode, the IP header of the datagram is the outermost IP header, followed by the AH header and then the payload of the datagram. AH authenticates the entire datagram, except the mutable fields. However, the information contained in the datagram is transported in the clear and is, therefore, subject to eavesdropping. Transport mode requires less processing overhead than tunnel mode, but does not provide as much security.

Tunnel mode creates a new IP header and uses it as the outermost IP header of the datagram. The AH header follows the new IP header. The original datagram (both the IP header and the original payload) comes last. AH authenticates the entire datagram, which means that the responding system can detect whether the datagram changed while in transit.

When either end of a security association is a gateway, use tunnel mode. In tunnel mode the source and destination addresses in the outermost IP header do not need to be the same as those in the original IP header. For example, two security gateways might operate an AH tunnel to authenticate all traffic between the networks they connect together. In fact, this is a very typical configuration.

The main advantage to using tunnel mode, is that tunnel mode totally protects the encapsulated IP datagram. In addition, tunnel mode makes it possible to use private addresses.

Why AH?

In many cases, your data only requires authentication. While the Encapsulating Security Payload (ESP) protocol can perform authentication, AH does not affect your system performance as does ESP. Another advantage of using AH, is that AH authenticates the entire datagram. ESP, however, does not authenticate the leading IP header or any other information that comes before the ESP header.

In addition, ESP requires strong cryptographic algorithms in order to be put into effect. Strong cryptography is restricted in some regions, while AH is not regulated and can be used freely around the world.

Using ESN with AH

If you use the AH protocol then you might want to enable Extended Sequence Number (ESN). ESN allows you to transmit large volumes of data at a high speed with out re-keying. The VPN connection uses a 64-bit sequence numbers instead of 32-bit numbers over IPSec. Using 64-bit sequence numbers allows more time before re-keying, which prevents sequence number exhaustion and minimizes the use of system resources.

What algorithms does AH use to protect my information?

Start of changeAH uses algorithms known as hashed message authentication codes (HMAC). Specifically, VPN uses HMAC-MD5, HMAC-SHA, HMAC-SHA-256, or AES-XCBC-MAC. Each of the algorithms take variable-length input data and a secret key to produce fixed-length output data (called a hash or MAC value). If the hashes of two messages match, then it is likely that the messages are the same.End of change

The Internet Engineering Task Force (IETF) formally defines the algorithms in the following Request for Comments (RFC):

  • HMAC-MD5 in RFC 2085, HMAC-MD5 IP Authentication with Replay Prevention
  • HMAC-SHA in RFC 2404, The Use of HMAC-SHA-1-96 within ESP and AH
  • Start of changeHMAC-SHA_256 in RFC 4868, Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsecEnd of change
  • Start of changeAES-XCBC-MAC in RFC 3566, The AES-XCBC-MAC-96 Algorithm and Its Use With IPsecEnd of change

You can view these RFCs on the Internet at the following Web site: