This preview shows page 1. Sign up to view the full content.
Unformatted text preview: n
• In any TLS or SSL session, a client and a server are able to negotiate unique enciphering keys even
if they have not previously communicated with each other. 32 VPN, IPSec and TLS TCP/IP Stack and Security Related Protocols Application Layer SMTP, Telnet, FTP, Gopher Transport Layer TCP Network Layer Data Layer VPN IP RARP Ethernet, Token-Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer IPsec S/MIME
IPsec (ISAKMP) • SOCKS V5
• TLS/SSL UDP ARP •
• IKE v2 • IPsec (AH, ESP)
• Packet Filtering
• Tunneling Protocols • PPP-EAP, IEEE
802.1X, CHAP, PAP,
TLS M. Mogollon – 01/08 - 33 • The TLS and SSL protocols are implemented at the transport layer of the TCP/IP stack. 33 VPN, IPSec and TLS TLS Architecture
— A TLS session is an association between a client and a server.
Sessions are created by the Handshake Protocol.
— Sessions define a set of cryptographic security parameters, which
can be shared among multiple connections.
— Sessions are used to avoid the negotiation of new security
parameters for each connection. • Connection
— A connection is a transport (in the OSI layering model definition) that
provides a suitable type of service.
— For TLS, such connections are peer-to-peer relationships.
— A connections is transient. Every connection is associated with one
session. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 34 • In SSL, a session is first established between a client and a server and, then, a connection is
established. 34 VPN, IPSec and TLS Session Parameters
• Session identifier
— An arbitrary byte sequence chosen by the server to identify an active or resumable
session state. • Peer certificate
— An X509.v3 certificate of the peer. This element of the state may be null. • Compression method
— The algorithm used to compress data prior to encryption. • Cipher spec
— Specifies the data symmetric encryption algorithm (such as null, DES, etc.) and a MAC
View Full Document
This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.
- Spring '10