Editing IPsec (section)

===Security association===
{{main|Security association}}
The IPsec protocols use a [[security association]], where the communicating parties establish shared security attributes such as [[algorithms]] and keys. As such, IPsec provides a range of options once it has been determined whether AH or ESP is used. Before exchanging data, the two hosts agree on which [[Symmetric-key algorithm|symmetric encryption algorithm]] is used to encrypt the IP packet, for example [[Advanced Encryption Standard|AES]] or [[ChaCha20]], and which hash function is used to ensure the integrity of the data, such as [[BLAKE2]] or [[SHA-2|SHA256]]. These parameters are agreed for the particular session, for which a lifetime must be agreed and a [[session key]].<ref>{{Cite book|title= Carrier-Scale IP Networks: Designing and Operating Internet Networks|author =Peter Willis |publisher= IET|year=2001 |isbn= 9780852969823|page=271}}</ref>

The algorithm for authentication is also agreed before the data transfer takes place and IPsec supports a range of methods. Authentication is possible through [[pre-shared key]], where a [[symmetric key]] is already in the possession of both hosts, and the hosts send each other hashes of the shared key to prove that they are in possession of the same key. IPsec also supports [[public key encryption]], where each host has a public and a private key, they exchange their public keys and each host sends the other a [[Cryptographic nonce|nonce]] encrypted with the other host's public key. Alternatively if both hosts hold a [[public key certificate]] from a [[certificate authority]], this can be used for IPsec authentication.<ref>{{Cite book|title= Carrier-Scale IP Networks: Designing and Operating Internet Networks|author =Peter Willis |publisher= IET|year=2001 |isbn= 9780852969823|pages=272–3}}</ref>

The security associations of IPsec are established using the [[Internet Security Association and Key Management Protocol]] (ISAKMP). ISAKMP is implemented by manual configuration with pre-shared secrets, [[Internet Key Exchange]] (IKE and IKEv2), [[Kerberized Internet Negotiation of Keys]] (KINK), and the use of IPSECKEY [[list of DNS record types|DNS records]].{{Ref RFC|4025}}{{Ref RFC|2406|rsection=1}}{{Ref RFC|3129}} RFC 5386 defines Better-Than-Nothing Security (BTNS) as an unauthenticated mode of IPsec using an extended IKE protocol.  C. Meadows, C. Cremers, and others have used [[Formal Methods|formal methods]] to identify various anomalies which exist in IKEv1 and also in IKEv2.<ref>{{cite book|author=C. Cremers|title=Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2, ESORICS 2011|chapter=Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2 |series=Lecture Notes in Computer Science|year=2011|volume=6879 |pages=315–334|publisher=Springer|doi=10.1007/978-3-642-23822-2_18|hdl=20.500.11850/69608|isbn=9783642238222|s2cid=18222662 |chapter-url=https://link.springer.com/chapter/10.1007/978-3-642-23822-2_18}}</ref>

In order to decide what protection is to be provided for an outgoing packet, IPsec uses the [[Security Parameter Index]] (SPI), an index to the security association database (SADB), along with the destination address in a packet header, which together uniquely identifies a security association for that packet. A similar procedure is performed for an incoming packet, where IPsec gathers decryption and verification keys from the security association database.

For [[IP multicast]] a security association is provided for the group, and is duplicated across all authorized receivers of the group. There may be more than one security association for a group, using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed, each sender can have multiple security associations, allowing authentication, since a receiver can only know that someone knowing the keys sent the data. Note that the relevant standard does not describe how the association is chosen and duplicated across the group; it is assumed that a responsible party will have made the choice.