[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Security Association (SA)

Definition - What does Security Association (SA) mean?

A security association (SA) is a logical connection involving two devices that transfer data. With the help of the defined IPsec protocols, SAs offer data protection for unidirectional traffic. Generally, an IPsec tunnel features two unidirectional SAs, which offer a secure, full-duplex channel for data.

A security association consists of features like traffic encryption key, cryptographic algorithm and mode, and also parameters required for the network data.

Techopedia explains Security Association (SA)

The Internet Security Association and Key Management Protocol (ISAKMP) provides the framework for establishing SAs, whereas the authenticated keying material is offered by protocols like Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK).

With SAs, enterprises can manage specifically which resources can securely communicate as per the security policy. In order to execute this, enterprises can put together several SAs to facilitate various secure VPNs in addition to defining the SAs inside the VPN for supporting many different units as well as business partners.

Security associations use modes for their operation. A mode is a method wherein the IPsec protocol is applied to the packet. IPsec is used in transport or tunnel mode. In general, the transport mode is employed to protect the host-to-host IPsec tunnel, whereas the tunnel mode is implemented to protect the gateway-to-gateway IPsec tunnel.

In transport mode the payload of the packet is encapsulated by the transport-mode IPsec implementation; however, the IP header remains unchanged. The new IP packet includes the processed packet payload as well as the old IP header once the packet is processed with IPsec. The transport mode does not have the capability to shield the information carried in the IP header, which lets an attacker identify the source and destination of the packet.

In tunnel mode the IPsec implementation encapsulates the whole IP packet. The whole packet turns into the packet's payload that is processed using IPsec. The newly created IP header contains two IPsec gateway addresses. Use of the tunnel mode prevents an attacker from inspecting the information and decoding it, and it also hides the source and destination of the packet.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.