Security association
Encyclopedia
A Security Association is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parameters for the network data to be passed over the connection. The framework for establishing security associations is provided by the Internet Security Association and Key Management Protocol
(ISAKMP). Protocols such as Internet Key Exchange
and Kerberized Internet Negotiation of Keys
provide authenticated keying material.
An SA is a simplex
(one-way channel) and logical connection which endorses and provides a secure data connection between the network devices. The fundamental requirement of an SA arrives when the two entities communicate over more than one channel. Take an example of mobile subscriber and a base station
. The subscriber may subscribe itself for more than one service. Therefore each service may have different service primitives like a data encryption algorithm, public key or initialization vector. Now to make things easier, all this security information is grouped logically. This logical group itself is a Security Association. Each SA has its own ID called SAID. So now the base station and mobile subscriber will share the SAID and they will derive all the security parameters, making things a lot easier.
In a nutshell, an SA is a logical group of security parameters that enable the sharing of information to another entity.
Internet Security Association and Key Management Protocol
ISAKMP is a protocol defined by RFC 2408 for establishing Security Associations and cryptographic keys in an Internet environment...
(ISAKMP). Protocols such as Internet Key Exchange
Internet key exchange
Internet Key Exchange is the protocol used to set up a security association in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP...
and Kerberized Internet Negotiation of Keys
Kerberized Internet Negotiation of Keys
Kerberized Internet Negotiation of Keys is a protocol defined in RFC 4430 used to set up an IPsec security association , similar to Internet Key Exchange , utilizing the Kerberos protocol to allow trusted third parties to handle authentication of peers and management of security policies in a...
provide authenticated keying material.
An SA is a simplex
Simplex communication
Simplex communication refers to communication that occurs in one direction only. Two definitions have arisen over time: a common definition, which is used in ANSI standard and elsewhere, and an ITU-T definition...
(one-way channel) and logical connection which endorses and provides a secure data connection between the network devices. The fundamental requirement of an SA arrives when the two entities communicate over more than one channel. Take an example of mobile subscriber and a base station
Base station
The term base station can be used in the context of land surveying and wireless communications.- Land surveying :In the context of external land surveying, a base station is a GPS receiver at an accurately-known fixed location which is used to derive correction information for nearby portable GPS...
. The subscriber may subscribe itself for more than one service. Therefore each service may have different service primitives like a data encryption algorithm, public key or initialization vector. Now to make things easier, all this security information is grouped logically. This logical group itself is a Security Association. Each SA has its own ID called SAID. So now the base station and mobile subscriber will share the SAID and they will derive all the security parameters, making things a lot easier.
In a nutshell, an SA is a logical group of security parameters that enable the sharing of information to another entity.