ESP Authentication: Which Item is Excluded?

Not Authenticated by ESP

Prev Question Next Question


Which item is not authenticated by ESP?



Click on the arrows to vote for the correct answer

A. B. C. D. E. F.


ESP (Encapsulating Security Payload) is a protocol used in IPsec (Internet Protocol Security) that provides confidentiality, integrity, and authentication to IP packets. ESP encapsulates the payload of the IP packet, including any upper-layer headers, and adds its own headers and trailers.

ESP provides authentication for the ESP header, ESP trailer, and the payload data. However, it does not provide authentication for the original IP header or the new IP header that ESP adds.

Therefore, the answer to the question is D. Original IP header, as it is not authenticated by ESP. The original IP header is used to route the packet, and it is not modified by ESP. Although it is protected by the integrity check value (ICV) that ESP adds to the packet, it is not authenticated.

The other options are all authenticated by ESP:

A. ESP header: The ESP header includes the SPI (Security Parameters Index) and sequence number, and it is authenticated by ESP.

B. ESP trailer: The ESP trailer includes the ICV, which is used to ensure the integrity of the packet, and it is authenticated by ESP.

C. New IP header: ESP adds a new IP header to the packet, which includes the source and destination addresses of the ESP endpoints, and it is authenticated by ESP.

E. Data: The payload data is encrypted and authenticated by ESP.

F. TCP-UDP header: The upper-layer headers, such as the TCP or UDP header, are included in the payload data and are encrypted and authenticated by ESP.