SA Parameters

• Sequence number counter:

  • 32 bits in AH or ESP header for outbound packets
  • incremented by 1 whenever SA is used
  • used to detect replay attack
  • SA renegotiated after this field overflows

• Sequence number overflow: set when the sequence number overflows

• Antireplay window: used for incoming packet processing

  • sliding window size must be greater than 32
  • received packet must be new and fall inside or right of window

Previous slide

Next slide

Back to first slide

View graphic version