session_09_vpn__ipsec__and_tls_101908

Client and server update the cipherspec with the new

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: eudo Random Function. See slide 20 VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 42 • In Phase 3, the client determines whether or not the server’s certificate is valid. If the certificate is valid, then the server’s public key is authentic and the client is sure that the server is who it claims to be. • If the server has sent a certificate request message, the client must send either the certificate message or a no_certificate alert. This alert is only a warning; however, the server may respond with a fatal handshake failure alert if client authentication is required. • Once the pre_master key has been created, either from RSA or from Diffie-Hellman, the master_secret key is computed as follows: master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) 42 VPN, IPSec and TLS Phase 4 Handshake Protocol Web Server Finish Client 1. Client and server update the cipher_spec with the new, agreed-upon encryption algorithms, keys, and hash functions. 2. Client sends a “finished message” using the just negotiated encryption algorithms, hash functions, and symmetric encrypting keys to verify that the key exchange and authentication processes were successful. 3. The finished message is hashed as follows: — MD5[master_secret ║ pad2 ║ MD5(handshake_messages ║ Sender ║ master_secret ║ pad1)] — SHA[master_secret ║ pad2 ║ SHA(handshake_messages ║ Sender ║ master_secret ║ pad1)] Pad1 and pad 2 are the values defined in the MAC Handshake refers to all handshake messages exchanged Sender is a code that identifies that the sender is a client (0x434C4E54) or a server (0x53525652). Client and server may begin sending confidential data immediately after Client and server may begin sending confidential data immediately after sending the Finish message. The master secret is used as an entropy sending the Finish message. The master secret is used as an entropy source to generate random values for the export and non-export MACS, source to generate random values for the export and non-export MACS, secret keys, and initialization values (IV) required to encipher the data. secret keys, and initialization value...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online