session_09_vpn__ipsec__and_tls_101908

Public key is used for automatic key management but

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ed only to the tunneled packet, not to the outer header. 21 VPN, IPSec and TLS Internet Key Exchange (IKE v2) • IPsec security services use symmetric encryption. — Source and destination need to agree to the mechanisms used to share the secret keys and the keys that are used for authentication/integrity and encryption services. • IPsec supports both manual and automatic distribution of keys. • Public Key is used for automatic key management, but other automated key distribution techniques may be used. • IKE v2 defines procedures and packet formats to establish, negotiate, modify, and delete Security Associations (SA). VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 22 • Because IPsec security services use symmetric encryption, it is necessary for both hosts, source and destination, to agree to the mechanisms used to share the secret keys, as well as to the keys that are used for authentication/integrity and encryption services. IPsec supports both manual and automatic distribution of keys. Public key is used for automatic key management, but other automated key distribution techniques may be used. • RFC 4306, IKE v2 (Hoffman, 2005), combines the security concepts of authentication, key management, and security associations to establish the required security for government, commercial, and private communications on the Internet. It does so by defining procedures and packet formats to establish, negotiate, modify, and delete security associations (SA). IKE v2 defines payloads for exchanging key generation and authentication data, thus providing a consistent framework for transferring key and authentication data independent of the key generation technique, encryption algorithm, and authentication mechanism. • A security association (SA) payload indicates a proposal for a set of IPsec encryption algorithms, authentication mechanisms, and key establishment algorithms to be used in IKE, as well as for ESP and/or AH. IKE v2 is not bound to any specific cryptographic algorithm, key generation technique, or security mechanism; the independence from specific security mechanisms and algo...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online