session_09_vpn__ipsec__and_tls_101908

The compressed cleartext and the mac are appended and

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ecord Protocol The Record Protocol is responsible for coordinating the client and server sessions. Message Block Mn M1 M2 … Mn Key Exchange .. Key Blocks of equal size such that the final SSL Record is not bigger than 214 bytes. Compressed Cleartext Message Compression (Optional) SSL Header Stream Cipher HMAC Block Cipher Padding Enciphered [Compressed Cleartex Message ║ HMAC] HMAC HMAC-SHA-1 HMAC-RSA Key Key Exchange Data Encryption Stream Ciphers: RC4 40-bit or 128-bit key. Block Ciphers: DES 56-bit, 3DES 168-bit, or AES-128 VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 38 • First, the client message is divided into message blocks that have arbitrary length but no more than 214 bytes, then compression is applied (optional), and, finally, a message authentication code (MAC) is computed. The compressed cleartext and the MAC are appended and enciphered using symmetric encryption, either stream ciphers or block ciphers. If a block cipher is used, some padding is required so the total data size, compressed message plus MAC plus padding, is a multiple of the cipher’s block. • Enciphering the Data: TLS supports data encryption with one of the following symmetric encryption algorithms: RC4 using 128-bit, DES using 56-bit, 3DES using 168-bit, and AES using 128-bit and 256-bit. Most TLS solutions typically negotiate encryption strength downward to the level supported by the lowest end of the connection. • Public Key: Depending on the certificate authority, the key size of the public-key / private-key pair may be different. VeriSign uses either 512 bits or 1024 bits, depending on the server software. The VeriSign private key, used to sign certificates, is 1024 bits, and the session key used in the TLS transaction is the strongest permitted by US Government law (generally either 128 bit or 256 bits). • There are four record protocols: the Handshake Protocol, the Alert Protocol, the Change Cipher Spec Protocol, and the Application Data Protocol. 38 VPN, IPSec and TLS Handshake Protocol (Session State) Phase 1 Establishing Security Capabilities Client_Hello Client Exchang...
View Full Document

Ask a homework question - tutors are online