mcs1000 MosChip, mcs1000 Datasheet - Page 20

mcs1000

Manufacturer Part Number

mcs1000

Description

Security Processor

Manufacturer

MosChip

Datasheet

1.MCS1000.pdf (30 pages)

Current page: 20 of 30
Download datasheet (818Kb)

Page 20

MCS1000

Security Processor

Consider the IP packet shown in the figure above. It contains both IPSec headers and offers full transport

protection. The AH header signs the cleartext (open) header section up to the ESP at location 40. The ESP

signs and encrypts the packet payload. Although the ESP signature in this case is redundant because it is

already covered by the AH it must still be considered during the performance analysis because the IPSec

standard supports it. All of the algorithms used for signature and encryption with their respective keys are

negotiated a priori by a key exchange protocol (IKE) or entered manually. Both IPSec headers contain a

security parameter index (SPI) that points to the description of these settings which are collectively called the

security association (SA). When a packet enters the IPSec processing process the first thing to do is to look up

the SA from the database, use that information to initialize the operators with their keys and program the start

and end double word locations within the packets.

Assuming that the SPI lookup revealed the following SAs for the packet above:

From the packet analysis we know that the AH header starts from the beginning (0) and ends at the packet end

(104). The ESP signature starts at the ESP header (40) and ends at the packet end (104). The ESP encryption

starts at the ESP header after SPI (44) and ends before the ICV at the end (100). Thus we have the following

ranges for the operators:

IP Packet with IPSec Headers

IP Header

SA1

SA2

ESP:

AH:

23 24

Options

HMAC-

SHA1

MD5

HM for ESP

BL for ESP

HM for AH

27 28

with 160 bit ICV

AH Signature

Start

ESP

3DES

IV included in packet payload.

End

104

100

for encryption,

ESP Signature

ESP Encryption

TCP

100 104

Rev.

1.1

mcs1000 MosChip, mcs1000 Datasheet - Page 20

mcs1000

Related parts for mcs1000