33 vpn ipsec and tls tls architecture session a tls

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: n keys • In any TLS or SSL session, a client and a server are able to negotiate unique enciphering keys even if they have not previously communicated with each other. 32 VPN, IPSec and TLS TCP/IP Stack and Security Related Protocols Application Layer SMTP, Telnet, FTP, Gopher Transport Layer TCP Network Layer Data Layer VPN IP RARP Ethernet, Token-Ring, FDDI, X.25, Wireless, Async, ATM, SNA...Data Layer IPsec S/MIME S-HTTP PGP IPsec (ISAKMP) • SOCKS V5 • TLS/SSL UDP ARP • • • • IKE v2 • IPsec (AH, ESP) • Packet Filtering • Tunneling Protocols • PPP-EAP, IEEE 802.1X, CHAP, PAP, MS-CHAP TLS M. Mogollon – 01/08 - 33 • The TLS and SSL protocols are implemented at the transport layer of the TCP/IP stack. 33 VPN, IPSec and TLS TLS Architecture • Session — A TLS session is an association between a client and a server. Sessions are created by the Handshake Protocol. — Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. — Sessions are used to avoid the negotiation of new security parameters for each connection. • Connection — A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. — For TLS, such connections are peer-to-peer relationships. — A connections is transient. Every connection is associated with one session. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 34 • In SSL, a session is first established between a client and a server and, then, a connection is established. 34 VPN, IPSec and TLS Session Parameters • Session identifier — An arbitrary byte sequence chosen by the server to identify an active or resumable session state. • Peer certificate — An X509.v3 certificate of the peer. This element of the state may be null. • Compression method — The algorithm used to compress data prior to encryption. • Cipher spec — Specifies the data symmetric encryption algorithm (such as null, DES, etc.) and a MAC algorith...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online