Description
The Authentication Header (AH) is a fundamental component of the IPsec (Internet Protocol Security) suite standardized by the IETF and adopted by 3GPP for securing network-based communications. It operates at the network layer (Layer 3) and is defined in RFC 4302, with 3GPP specifying its application within 3GPP system architectures in TS 33.210. AH provides authentication services by calculating a cryptographic checksum, known as an Integrity Check Value (ICV), over the IP packet. This ICV is computed using a shared secret key and specific authentication algorithms, with HMAC-SHA-1-96 and HMAC-MD5-96 being commonly mandated in early 3GPP releases for interoperability.
Architecturally, AH can be deployed in two modes: transport mode and tunnel mode. In transport mode, typically used for end-to-end security between hosts, the AH header is inserted after the original IP header and before the upper-layer protocol (e.g., TCP, UDP). It authenticates the IP payload and the immutable fields of the IP header. In tunnel mode, used primarily for gateway-to-gateway security (like between a UE's PDN Gateway and a corporate firewall), the entire original IP packet is encapsulated within a new outer IP packet. The AH header is inserted after this new outer IP header, and it authenticates the entire inner IP packet plus the immutable fields of the outer IP header. This makes tunnel mode suitable for creating Virtual Private Networks (VPNs).
The protocol works by prepending a header to the IP datagram. This AH header contains several fields: Next Header (identifies the protocol of the following payload), Payload Length, Reserved, Security Parameters Index (SPI), Sequence Number, and the Integrity Check Value (ICV). The SPI, combined with the destination IP address and security protocol (AH), uniquely identifies the Security Association (SA) for the packet. The Sequence Number provides anti-replay protection by ensuring packets are processed only once. The receiver uses the same shared secret key and algorithm to recompute the ICV and compares it with the value in the packet. If they match, the packet is authenticated; if not, it is discarded.
Within 3GPP networks, AH's role is primarily defined for securing the Za and Zb interfaces as part of the Network Domain Security (NDS) framework. Za interface protection applies between security domains within a 3GPP network (e.g., between different operator networks or between an operator and a service provider). Zb interface protection applies within a single security domain. For these interfaces, 3GPP mandates the use of IPsec, with AH being one of the two core protocols (alongside ESP - Encapsulating Security Payload) available to implement the required security services. Its use ensures that signaling and user plane traffic between network nodes like MMEs, SGWs, and PGWs cannot be tampered with or spoofed, forming a critical part of the core network's defense-in-depth strategy.
Purpose & Motivation
AH was created to address fundamental security weaknesses in the original IP protocol suite, which provided no inherent mechanisms for authentication or integrity. IP packets could be easily forged, modified, or replayed by attackers, making communication over untrusted networks like the internet inherently risky. The IETF developed IPsec, including AH, to provide standardized, interoperable security at the IP layer. This layer-3 approach is advantageous as it can secure all upper-layer protocols (TCP, UDP, ICMP, etc.) transparently, without requiring modifications to individual applications.
In the context of 3GPP, the adoption of AH and IPsec was motivated by the evolution towards all-IP core networks. As 2G/3G networks evolved to 4G LTE and 5G, the core network (EPC, 5GC) became entirely IP-based. This introduced new threats, as sensitive control plane signaling and user data now traversed IP networks that could be shared or public. The 3GPP NDS/IP work (TS 33.210) specifically aimed to standardize how IPsec should be deployed to protect these inter-node communications. AH solves the problem of ensuring that messages received between two 3GPP network elements genuinely originate from the claimed source and have not been altered in transit, which is essential for billing, lawful interception, and overall network reliability.
While AH provides strong authentication and integrity, it does not provide confidentiality (encryption). This limitation is addressed by its companion protocol, ESP. In many practical 3GPP deployments, ESP is often preferred or used in conjunction with AH because it can provide both confidentiality and authentication. However, AH remains a valid and standardized option within the 3GPP security framework, particularly for scenarios where authentication and integrity are required but encryption is either unnecessary or handled by other means, or where the authentication of the original IP header itself is critically important.
Key Features
- Provides data origin authentication for IP packets
- Ensures connectionless integrity for IP packet payload and header
- Offers optional anti-replay protection via sequence numbers
- Operates in both transport mode and tunnel mode
- Uses Security Associations (SAs) identified by SPI/Dest IP/Protocol tuple
- Relies on shared secret keys and algorithms like HMAC-SHA-1 for ICV calculation
Evolution Across Releases
Introduced as a mandated component of the Network Domain Security/IP (NDS/IP) framework in TS 33.210. Specified for use in protecting the Za and Zb interfaces within and between 3GPP network security domains. Initial capabilities included support for tunnel mode and transport mode, manual or IKEv2-based SA establishment, and mandatory-to-implement cryptographic algorithms for integrity.
Defining Specifications
| Specification | Title |
|---|---|
| TS 33.210 | 3GPP TR 33.210 |