Security association

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

A security association (SA) is the establishment of shared security information between two network entities to support secure communication. An SA may include cryptographic keys, initialization vectors or digital certificates.

An SA is a simplex (one-way channel) and logical connection which endorses and provides a secure data connection between the network devices. The fundamental requirement of an SA arrives when the two entities communicate over more than one channel. Take an example of mobile subscriber and a base station. The subscriber may subscribe itself for more than one service. Therefore each service may have different service primitives like a data encryption algorithm, public key or initialization vector. Now to make things easier, all this security information is grouped logically. This logical group itself is a Security Association. Each SA has its own ID called SAID. So now the base station and mobile subscriber will share the SAID and they will derive all the security parameters, making things a lot easier.

In a nutshell, a SA is a logical group of security parameters, that ease the sharing of information to another entity.

Contents 1 SA Types 1.1 Transport mode 1.2 Tunnel mode 2 See also 3 References

SA Types

Two basic types of SAs are as follows:

Transport mode

See main article: Transport mode

Tunnel mode

See main article: Tunnel mode

See also

• IPsec
• Internet Key Exchange (IKE)

References

• Internet Key Exchange Protocol - RFC 2409
• Internet Key Exchange (IKEv2) Protocol - RFC 4306Template:Com-stub

This article is a part of CryptoDox, an attempt to build an Online Encyclopedia on Cryptography and Information Security. You are seeing this box on this page since we believe this is a stub page. Create an account for yourself on this website and start contributing content.