session_09_vpn__ipsec__and_tls_101908

The server key exchange parameters are signed by

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: In TLS, the following key exchange methods are supported: o RSA: The secret key is enciphered with the server’s private key. o Fixed Diffie-Hellman: The server’s certificate has the Diffie-Hellman parameters, signed by a certificate authority (CA). o Ephemeral Diffie-Hellman: The Diffie-Hellman parameters are signed using the server’s RSA or DSS. o Anonymous Diffie-Hellman: The Diffie-Hellman parameters are not signed. • Regardless of the key-exchange method, the server needs to specify the parameters for the key exchange. The server key-exchange message conveys cryptographic information to allow the client to communicate the pre-master secret: either an RSA public key to encrypt the pre-master secret with, or a Diffie-Hellman public key with which the client can complete a key exchange (with the result being the pre-master secret). • The server key exchange parameters are signed by creating a hash (MD5 or SHA) of the parameters and encrypting it with the server’s private key. 41 VPN, IPSec and TLS Phase 3 Handshake Protocol Web Server Client Authentication and Key Exchange Client 1. 2. Client verifies whether or not the server’s certificate is valid. Client sends certificate, if the server has requested it. — 3. Pre-master key exchange — — 4. Client must send either the certificate message or a no_certificate alert; this alert is only a warning. If client authentication is required, the server may respond with a fatal handshake failure alert. RSA: A 48-byte pre-master secret key, encrypted with the server’s RSA public key. Diffie-Helman: Both client and server perform the Diffie-Hellman calculation to create a pre-master key. Master Key generation — Once the pre-master key has been created, either from RSA or from DiffieHellman, the master key is computed as follows: Master_Key = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) Master_Key = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) PRF = Ps...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online