Data transferred over many communication networks are typically sent unsecured, without the benefit of encryption and/or strong authentication of the sender. Sending unsecured data on a communication network may make the data vulnerable to being intercepted, inspected, modified and/or redirected. To make data less prone to these vulnerabilities, many networks employ various security standards and protocols to secure network traffic transferred in their networks. This secured network traffic is typically transferred using data packets that are encoded according to a security standard and/or protocol. As used herein, a secured data packet is a data packet that has been secured using a security standard and/or protocol. Likewise, as used herein, an unsecured data packet is a data packet that has not been secured using a security standard and/or protocol.
One well-known widely-used standard for securing Internet Protocol (IP) traffic is the IP security (IPsec) standard. The IPsec standard comprises a collection of protocols that may be used to transfer secure data packets end-to-end between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec operates at layer-3 (L3), which is the network layer of the Open Systems Interconnection Reference Model (OSI-RM). A description of IPsec may be found in Request for Comments (RFC) 2401 through RFC 2412 and RFC 4301 through RFC 4309, all of which are available from the Internet Engineering Task Force (IETF). One protocol that is commonly used to encapsulate an IP datagram is the Encapsulating Security Payload (ESP) protocol.
The ESP protocol provides a means to authenticate and verify the integrity of IP traffic carried in a secured packet. In addition, the ESP protocol provides a means to encrypt the IP traffic to prevent unauthorized interception of the IP traffic. The ESP uses an Integrity Check Value (ICV) to authenticate and check the integrity of a packet. Encryption is used to ensure confidentiality of the IP traffic. Encryption is accomplished by applying an encryption algorithm to the IP traffic to encrypt it. Encryption algorithms commonly used with IPsec include Data Encryption Standard (DES), triple-DES and Advanced Encryption Standard (AES).