session_09_vpn__ipsec__and_tls_101908

22 vpn ipsec and tls negotiating a security

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rithms provides a forward migration path to better mechanisms and algorithms. When improved security mechanisms are developed to counter new attacks against current encryption algorithms, authentication mechanisms and key exchanges would be created; in those situations, IKE v2 would allow the updating of the algorithms and mechanisms without having to develop a completely new IKE or to patch the current one. 22 VPN, IPSec and TLS Negotiating a Security Association using IKE IKE Security Association (IKE SA) proposes the following: • Type of protection to use, either ESP or AH. • Authentication algorithms and keys for signing data. • Encryption algorithms and keys to protect data. • Hash algorithms to reduce data for signing. • Information about a group over which to do a DiffieHellman exchange. • A pseudo-random function (prf) to hash certain values during the key exchange. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 23 • A security association normally includes the parameters listed below, but might include additional parameters as well: o Type of protection used, either ESP or AH. o Authentication algorithm used with AH. o Key(s) used with the authentication algorithm in AH. o Encryption algorithm and mode used with ESP. o Key(s) used with the encryption algorithm in ESP. o Initialization vector for the encryption algorithm used in ESP. o Authentication algorithm and mode used with the ESP transform. o Authentication key(s) used with the authentication algorithm in ESP o Lifetime of the key used or time when key change should occur. o Hash algorithms to reduce data for signing used. o Information provided about a group over which to do a Diffie-Hellman exchange. o Lifetime of the security association established. o Source address(es) of the security association provided. 23 VPN, IPSec and TLS Security Association I would like to establish a secure IP communication, and since we haven’t talked before, let’s agree on all the security parameters we need by creating an SA. Source Once we finish, let’s assign an index to the SA, (Security Parameter Index) and store the i...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online