AH, Authentication Header

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP, IPSec.
Protocol type:Transport layer authentication protocol.
IP Protocol:51
Working groups: ipsec, IP Security Protocol.
msec, Multicast Security.

The Authentication Header protocol provides connectionless integrity, data origin authentication, and an optional anti-replay service.

RFC 4302:

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just "integrity") and to provide protection against replays. This latter, optional service may be selected, by the receiver, when a Security Association (SA) is established. (The protocol default requires the sender to increment the sequence number used for anti-replay, but the service is effective only if the receiver checks the sequence number.) However, to make use of the Extended Sequence Number feature in an interoperable fashion, AH does impose a requirement on SA management protocols to be able to negotiate this new feature.

AH provides authentication for as much of the IP header as possible, as well as for next level protocol data. However, some IP header fields may change in transit and the value of these fields, when the packet arrives at the receiver, may not be predictable by the sender. The values of such fields cannot be protected by AH. Thus, the protection provided to the IP header by AH is piecemeal.

AH may be applied alone, in combination with the IP Encapsulating Security Payload (ESP), or in a nested fashion. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. ESP may be used to provide the same anti-replay and similar integrity services, and it also provides a confidentiality (encryption) service. The primary difference between the integrity provided by ESP and AH is the extent of the coverage. Specifically, ESP does not protect any IP header fields unless those fields are encapsulated by ESP (e.g., via use of tunnel mode).

RFC 2401, page 10:

AH offers an anti-replay (partial sequence integrity) service at the discretion of the receiver, to help counter denial of service attacks. AH is an appropriate protocol to employ when confidentiality is not required (or is not permitted, e.g , due to government restrictions on use of encryption). AH also provides authentication for selected portions of the IP header, which may be necessary in some contexts. For example, if the integrity of an IPv4 option or IPv6 extension header must be protected en route between sender and receiver, AH can provide this service (except for the non-predictable but mutable parts of the IP header.)

MAC header IPv4 | IPv6 header AH header Data :::

AH header:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Next header Length 0
Security Parameters Index
Sequence number
Authentication Data :::

Next header. 8 bits.
Specifies the next encapsulated protocol.

Length. 8 bits.
Size of the AH header in 32 bit words - 2. May be cleared to zero.

SPI, Security Parameters Index. 32 bits.
Contains a pseudo random value used to identify the security association for this datagram. If cleared to zero, a security association does not exist. Values in the range 1 to 255 are reserved.

Sequence number. 32 bits.

Authentication Data. Variable length.
This field must contain a multiple of 32 bit words.



[RFC 1828] IP Authentication using Keyed MD5.

[RFC 2085] HMAC-MD5 IP Authentication with Replay Prevention.

[RFC 2403] The Use of HMAC-MD5-96 within ESP and AH.

[RFC 2411] IP Security Document Roadmap.

[RFC 2841] IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC).

[RFC 2857] The Use of HMAC-RIPEMD-160-96 within ESP and AH.

[RFC 4301] Security Architecture for the Internet Protocol.

[RFC 4302] IP Authentication Header.

[RFC 4305] Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH).

[RFC 4359] The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH).

[RFC 4543] The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH.

[RFC 6054] Using Counter Modes with Encapsulating Security Payload (ESP) and Authentication Header (AH) to Protect Group Traffic.


Obsolete RFCs:

[RFC 1825] Security Architecture for the Internet Protocol.

[RFC 1826] IP Authentication Header.

[RFC 1852] IP Authentication using Keyed SHA.

[RFC 2401] Security Architecture for the Internet Protocol.

[RFC 2402] IP Authentication Header.

[RFC 2404] The Use of HMAC-SHA-1-96 within ESP and AH.

Description Glossary RFCs Publications Obsolete RFCs