Authentication Header

What Does Authentication Header Mean?

Authentication Header (AH) is a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data. The AH confirms the originating source of a packet and ensures that its contents (both the header and payload) have not been changed since transmission.


If security associations have been established, AH can be optionally configured to defend against replay attacks using the sliding window technique.

Techopedia Explains Authentication Header

AH provides authentication of the IP header and next-level protocol data. This can be applied in a nested fashion, or in conjunction with the IP encapsulating security payload (ESP). Security services are intiated between two communicating hosts, between two communicating security gateways or between a security gateway and a host.

AH provides data integrity using a checksum generated by an authentication code, similar to MD5. There is a secret shared key in the AH algorithm for data origin authentication. Using a sequence number field inside the AH header, relay protection is ensured.

AH can be used in tunnel or transport mode. In transport mode, the IP header of a datagram is the outermost IP header, followed by the AH header and the datagram. This mode requires a reduced processing overhead compared to tunnel mode, which creates new IP headers and uses them in the outermost IP header of the datagram.

The fields within an AH header include:

  • Next header
  • Payload length
  • Reserved
  • Security parameters
  • Sequence numbers
  • Integrity check value

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…