Embed Size (px)
Citation preview
Prot
ocol
sPr
otoc
ols
Part
IPa
rt I
Bria
n A.
LaM
acch
iaBr
ian
A. L
aMac
chia
bal@
cs.w
ashi
ngto
n.ed
uba
l@cs
.was
hing
ton.
edu
bal@
mic
roso
ft.co
mba
l@m
icro
soft.
com
Por
tions
© 2
002-
2006
, Bria
n A
. LaM
acch
ia.
Th
is m
ater
ial i
s pr
ovid
ed w
ithou
t war
rant
y of
any
kin
d in
clud
ing,
with
out l
imita
tion,
war
rant
y of
non
-infri
ngem
ent o
r sui
tabi
lity
for a
ny p
urpo
se.
This
mat
eria
l is
not g
uara
ntee
d to
be
erro
r fre
e an
d is
inte
nded
for i
nstru
ctio
nal u
se o
nly.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
22
Age
nda
Age
nda
!!In
trod
uctio
n to
pro
toco
lsIn
trod
uctio
n to
pro
toco
ls!!
Sess
ion
Sess
ion --
base
d pr
otoc
ols
base
d pr
otoc
ols
""Ke
rber
osKe
rber
os""
SSL/
TLS
SSL/
TLS
""IP
SEC
IPSE
C!!
Mes
sage
Mes
sage
-- bas
ed p
roto
cols
base
d pr
otoc
ols
""S/
MIM
ES/
MIM
E""
XMLD
SIG
& X
MLE
NC
XMLD
SIG
& X
MLE
NC
!!A
dvan
ced
Key
Exch
ange
Alg
orith
ms
Adv
ance
d Ke
y Ex
chan
ge A
lgor
ithm
s
Intr
oduc
tion
to P
roto
cols
Intr
oduc
tion
to P
roto
cols
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
44
Mot
ivat
ion
Mot
ivat
ion
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
55
Mot
ivat
ion
Mot
ivat
ion
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
66
Mot
ivat
ion
Mot
ivat
ion
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
77
Mot
ivat
ion
Mot
ivat
ion
!!H
ow d
o I k
now
the
web
site
I�m
H
ow d
o I k
now
the
web
site
I�m
ta
lkin
g to
is r
eally
who
I th
ink
it is
?ta
lkin
g to
is r
eally
who
I th
ink
it is
?!!
Is it
saf
e to
vie
w to
giv
e se
nsit
ive
Is it
saf
e to
vie
w to
giv
e se
nsit
ive
info
rmat
ion
over
the
Web
?in
form
atio
n ov
er th
e W
eb?
""W
hat k
eeps
my
CC#,
SSN
, fin
anci
al
Wha
t kee
ps m
y CC
#, S
SN, f
inan
cial
in
form
atio
n or
med
ical
rec
ords
out
of t
he
info
rmat
ion
or m
edic
al r
ecor
ds o
ut o
f the
ha
nds
of th
e ba
d gu
ys?
hand
s of
the
bad
guys
?!!
How
do
I kno
w th
at th
e in
form
atio
n H
ow d
o I k
now
that
the
info
rmat
ion
I�m lo
okin
g at
has
n�t b
een
mal
icio
us
I�m lo
okin
g at
has
n�t b
een
mal
icio
us
mod
ified
?
mod
ified
?
""H
as s
omeo
ne ta
mpe
red
wit
h it
?H
as s
omeo
ne ta
mpe
red
wit
h it
?
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
88
Secu
rity
Pro
toco
l Pro
pert
ies
Secu
rity
Pro
toco
l Pro
pert
ies
!!Co
nfid
enti
alit
yCo
nfid
enti
alit
y""
Keep
ing
mes
sage
con
tent
sec
ret,
even
if
Keep
ing
mes
sage
con
tent
sec
ret,
even
if
the
info
rmat
ion
pass
es o
ver
a pu
blic
th
e in
form
atio
n pa
sses
ove
r a
publ
ic
chan
nel
chan
nel
!!In
tegr
ity
Inte
grit
y""
Keep
ing
mes
sage
s ta
mpe
rKe
epin
g m
essa
ges
tam
per --
free
from
fr
ee fr
om
orig
in to
des
tina
tion
orig
in to
des
tina
tion
!!A
uthe
ntic
atio
nA
uthe
ntic
atio
n""
Det
erm
inin
g th
e or
igin
of m
essa
ges
Det
erm
inin
g th
e or
igin
of m
essa
ges
(aut
hor
and/
or s
ende
r)(a
utho
r an
d/or
sen
der)
Kerb
eros
Kerb
eros
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1010
Kerb
eros
His
tory
Kerb
eros
His
tory
!!D
esig
ned
as p
art o
f MIT
�s P
roje
ct
Des
igne
d as
par
t of M
IT�s
Pro
ject
A
then
a in
the
1980
�sA
then
a in
the
1980
�s""
Kerb
eros
v4
publ
ishe
d in
198
7Ke
rber
os v
4 pu
blis
hed
in 1
987
!!M
igra
tion
to th
e IE
TFM
igra
tion
to th
e IE
TF""
RFC
1510
(Ker
bero
s v5
, 199
3)RF
C 15
10 (K
erbe
ros
v5, 1
993)
!!U
sed
in a
num
ber
of p
rodu
cts
Use
d in
a n
umbe
r of
pro
duct
s""
Exam
ple:
par
t of W
indo
ws
2000
Exam
ple:
par
t of W
indo
ws
2000
""M
S Pa
sspo
rt is
ess
enti
ally
Ker
bero
s do
ne
MS
Pass
port
is e
ssen
tial
ly K
erbe
ros
done
w
/ cl
ient
w/
clie
nt-- s
ide
cook
ies
over
HTT
Psi
de c
ooki
es o
ver
HTT
P
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1111
Kerb
eros
Kerb
eros
!!D
esig
ned
for
sing
le �
adm
inis
trat
ion
Des
igne
d fo
r si
ngle
�ad
min
istr
atio
n do
mai
n� o
f mac
hine
s &
use
rs: u
sers
, do
mai
n� o
f mac
hine
s &
use
rs: u
sers
, cl
ient
mac
hine
s, s
erve
r m
achi
nes,
and
cl
ient
mac
hine
s, s
erve
r m
achi
nes,
and
th
e Ke
y D
istr
ibut
ion
Cent
er (K
DC)
the
Key
Dis
trib
utio
n Ce
nter
(KD
C)!!
No
publ
ic k
ey c
rypt
o N
o pu
blic
key
cry
pto
!!Pr
ovid
es a
uthe
ntic
atio
n &
enc
rypt
ion
Prov
ides
aut
hent
icat
ion
& e
ncry
ptio
n se
rvic
esse
rvic
es!!
�� Ker
beri
zed
Kerb
eriz
ed�
serv
ers
prov
ide
� se
rver
s pr
ovid
e au
thor
izat
ion
on to
p of
the
auth
oriz
atio
n on
top
of th
e au
then
tica
ted
iden
titi
esau
then
tica
ted
iden
titi
es
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1212
The
Kerb
eros
Mod
elTh
e Ke
rber
os M
odel
!!Cl
ient
sCl
ient
s!!
Serv
ers
Serv
ers
!!Th
e Ke
y D
istr
ibut
ion
Cent
er (K
DC)
The
Key
Dis
trib
utio
n Ce
nter
(KD
C)!!
Cent
raliz
ed tr
ust m
odel
Cent
raliz
ed tr
ust m
odel
""KD
C is
trus
ted
by a
ll cl
ient
s &
ser
vers
KDC
is tr
uste
d by
all
clie
nts
& s
erve
rs""
KDC
shar
es a
sec
ret,
sym
met
ric
key
wit
h KD
C sh
ares
a s
ecre
t, sy
mm
etri
c ke
y w
ith
each
clie
nt a
nd s
erve
rea
ch c
lient
and
ser
ver
!!A
�re
alm
� is
sin
gle
trus
t dom
ain
A �
real
m�
is s
ingl
e tr
ust d
omai
n co
nsis
ting
of o
ne o
r m
ore
clie
nts,
co
nsis
ting
of o
ne o
r m
ore
clie
nts,
se
rver
s,
serv
ers,
KD
CsKD
Cs
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1313
Key
Dis
trib
utio
n K
ey D
istr
ibut
ion
Cen
ter (
KD
C)
Cen
ter (
KD
C)
Clie
ntC
lient
Pict
ure
of a
Ker
bero
s Re
alm
Pi
ctur
e of
a K
erbe
ros
Real
m
Serv
erSe
rver
Tick
et G
rant
ing
Tick
et G
rant
ing
Serv
er (T
GS)
Serv
er (T
GS)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1414
Join
ing
a Ke
rber
os R
ealm
Join
ing
a Ke
rber
os R
ealm
!!O
neO
ne-- t
ime
setu
pti
me
setu
p""
Each
clie
nt, s
erve
r th
at w
ishe
s to
Ea
ch c
lient
, ser
ver
that
wis
hes
to
part
icip
ate
in th
e re
alm
exc
hang
es a
pa
rtic
ipat
e in
the
real
m e
xcha
nges
a
secr
et k
ey w
ith
the
KDC
secr
et k
ey w
ith
the
KDC
""If
the
KDC
is c
ompr
omis
ed, t
he e
ntir
e If
the
KDC
is c
ompr
omis
ed, t
he e
ntir
e sy
stem
is c
rack
edsy
stem
is c
rack
ed!!
Beca
use
the
KDC
know
s ev
eryo
ne�s
Be
caus
e th
e KD
C kn
ows
ever
yone
�s
indi
vidu
al s
ecre
t key
, the
KD
C ca
n in
divi
dual
sec
ret k
ey, t
he K
DC
can
issu
e cr
eden
tials
to e
ach
real
m id
entit
yis
sue
cred
entia
ls to
eac
h re
alm
iden
tity
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1515
Kerb
eros
Cre
dent
ials
Kerb
eros
Cre
dent
ials
!!Tw
o ty
pes
of c
rede
ntia
ls in
Ker
bero
sTw
o ty
pes
of c
rede
ntia
ls in
Ker
bero
s""
Tick
ets
Tick
ets
""A
uthe
ntic
ator
sA
uthe
ntic
ator
s!!
Tick
ets
are
cred
entia
ls is
sued
to a
Ti
cket
s ar
e cr
eden
tials
issu
ed to
a
clie
nt fo
r co
mm
unic
atio
n w
ith
a cl
ient
for
com
mun
icat
ion
wit
h a
spec
ific
serv
ersp
ecifi
c se
rver
!!A
uthe
ntic
ator
s ar
e ad
diti
onal
A
uthe
ntic
ator
s ar
e ad
diti
onal
cr
eden
tials
that
pro
ve a
clie
nt k
now
s a
cred
entia
ls th
at p
rove
a c
lient
kno
ws
a ke
y at
a p
oint
in ti
me
key
at a
poi
nt in
tim
e""
Basi
c id
ea: e
ncry
pt a
�no
nce�
Basi
c id
ea: e
ncry
pt a
�no
nce�
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1616
The
Basi
c Ke
rber
os P
roto
col
The
Basi
c Ke
rber
os P
roto
col
Ass
ume
clie
nt C
wis
hes
to a
uthe
ntic
ate
Ass
ume
clie
nt C
wis
hes
to a
uthe
ntic
ate
to a
nd c
omm
unic
ate
with
ser
ver
Sto
and
com
mun
icat
e w
ith s
erve
r S
Phas
e 1
Phas
e 1 :
C g
ets
a Ti
cket
: C g
ets
a Ti
cket
-- Gra
ntin
g Ti
cket
G
rant
ing
Tick
et
(TG
T) fr
om th
e KD
C(T
GT)
from
the
KDC
Phas
e 2
Phas
e 2 :
C u
ses
the
TGT
to g
et a
Tic
ket
: C u
ses
the
TGT
to g
et a
Tic
ket
for
Sfo
r S
Phas
e 3
Phas
e 3 :
C c
omm
unic
ates
with
S: C
com
mun
icat
es w
ith S
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1717
Prot
ocol
Def
initi
ons
Prot
ocol
Def
initi
ons
Follo
win
g Fo
llow
ing
Schn
eier
Schn
eier
(Sec
tion
24.5
):(S
ectio
n 24
.5):
!!C
= c
lient
, S =
ser
ver
C =
clie
nt, S
= s
erve
r!!
TGS
= ti
cket
TGS
= ti
cket
-- gra
ntin
g se
rvic
egr
anti
ng s
ervi
ce!!
KKxx
=
= x
�sx�s
secr
et k
eyse
cret
key
!!KK
x,y
x,y
= s
essi
on k
ey fo
r x
and
y=
ses
sion
key
for
x an
d y
!!{{ m
}Km
}Kxx
= m
enc
rypt
ed in
=
m e
ncry
pted
in x
�sx�s
secr
et k
eyse
cret
key
!!TT x
,yx,y
=
= x
�sx�s
ticke
t to
use
ytic
ket t
o us
e y
!!AA
x,y
x,y
= a
uthe
ntic
ator
from
x to
y=
aut
hent
icat
or fr
om x
to y
!!NN
xx=
a n
once
gen
erat
ed b
y x
= a
non
ce g
ener
ated
by
x
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1818
The
Basi
c Ke
rber
os P
roto
col (
1)Th
e Ba
sic
Kerb
eros
Pro
toco
l (1)
Phas
e 1:
C g
ets
a Ti
cket
Phas
e 1:
C g
ets
a Ti
cket
-- Gra
ntin
g Ti
cket
Gra
ntin
g Ti
cket
1.1.C
send
s a
requ
est t
o th
e KD
C fo
r a
C se
nds
a re
ques
t to
the
KDC
for
a �t
icke
t�t
icke
t --gr
anti
ng ti
cket
� (T
GT)
gran
ting
tick
et�
(TG
T)""
A T
GT
is a
tick
et u
sed
to ta
lk to
the
A T
GT
is a
tick
et u
sed
to ta
lk to
the
spec
ial t
icke
tsp
ecia
l tic
ket --
gran
ting
ser
vice
gran
ting
ser
vice
""A
TG
T is
rel
ativ
ely
long
A T
GT
is r
elat
ivel
y lo
ng-- l
ived
(~8
lived
(~8 --
24
24
hour
s ty
pica
lly)
hour
s ty
pica
lly)
C C ##
KDC:
C, T
GS,
NKD
C: C
, TG
S, N
CC
Sent
in th
e cl
ear!
Se
nt in
the
clea
r!
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
1919
The
Basi
c Ke
rber
os P
roto
col (
2)Th
e Ba
sic
Kerb
eros
Pro
toco
l (2)
Phas
e 1:
C g
ets
a Ti
cket
Phas
e 1:
C g
ets
a Ti
cket
-- Gra
ntin
g Ti
cket
Gra
ntin
g Ti
cket
2.2.KD
C re
spon
ds w
ith tw
o ite
ms
KDC
resp
onds
with
two
item
s""
The
tick
etTh
e ti
cket
-- gra
ntin
g ti
cket
gran
ting
tick
et""
A ti
cket
for
C to
talk
to T
GS
A ti
cket
for
C to
talk
to T
GS
""A
cop
y of
the
sess
ion
key
to u
se to
talk
A
cop
y of
the
sess
ion
key
to u
se to
talk
to
TG
S, e
ncry
pted
in C
�s s
hare
d ke
yto
TG
S, e
ncry
pted
in C
�s s
hare
d ke
yKD
C KD
C ##
CC : {T: {
T C,T
GS
C,TG
S}K}K
TGS
TGS
, {K
, {K
C,TG
SC,
TGS}
K}KCC
whe
re
whe
re TT
c,s
c,s=
s, {
c,
= s
, {c,
cc-- a
ddr
addr
, life
tim
e,
, life
tim
e, KK
c,s
c,s}
K}Kss
""O
nly
the
TGS
can
decr
ypt t
he ti
cket
Onl
y th
e TG
S ca
n de
cryp
t the
tick
et""
C ca
n un
lock
the
seco
nd p
art t
o re
trie
ve
C ca
n un
lock
the
seco
nd p
art t
o re
trie
ve
KKC,
TGS
C,TG
S
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2020
Clie
ntC
lient
Pict
ure
of a
Ker
bero
s Re
alm
Pi
ctur
e of
a K
erbe
ros
Real
m
Key
Dis
trib
utio
n K
ey D
istr
ibut
ion
Cen
ter (
KD
C)
Cen
ter (
KD
C)
C #
KD
C: C
, TG
S, N
CK
DC
#C
: {T C
,TG
S}K
TGS
, {K
C,T
GS}
KC
whe
re T
c,s
= s,
{c, c
-add
r, lif
etim
e, K
c,s}
Ks
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2121
The
Basi
c Ke
rber
os P
roto
col (
3)Th
e Ba
sic
Kerb
eros
Pro
toco
l (3)
Phas
e 2:
C g
ets
a Ti
cket
for
SPh
ase
2: C
get
s a
Tick
et fo
r S
3.3.C
requ
ests
a ti
cket
to c
omm
unic
ate
wit
h S
C re
ques
ts a
tick
et to
com
mun
icat
e w
ith
S fr
om th
e ti
cket
from
the
tick
et-- g
rant
ing
serv
ice
(TG
S)gr
anti
ng s
ervi
ce (T
GS)
""C
send
s TG
T to
S a
long
wit
h an
aut
hent
icat
or
C se
nds
TGT
to S
alo
ng w
ith
an a
uthe
ntic
ator
re
ques
ting
a tic
ket f
rom
C to
Sre
ques
ting
a tic
ket f
rom
C to
S
C C ##
TGS:
{ATG
S: {A
C,S
C,S}
K}KC,
TGS
C,TG
S, {
T, {
T C,T
GS
C,TG
S}K}K
TGS
TGS
whe
re
whe
re AA
c,s
c,s
= {c
, tim
esta
mp,
opt
. =
{c, t
imes
tam
p, o
pt. s
ubke
y}K
subk
ey}K
c,s
c,s
""Fi
rst p
art p
rove
s to
TG
S th
at C
kno
ws
the
Firs
t par
t pro
ves
to T
GS
that
C k
now
s th
e se
ssio
n ke
yse
ssio
n ke
y""
Seco
nd p
art i
s th
e TG
T C
got f
rom
the
KDC
Seco
nd p
art i
s th
e TG
T C
got f
rom
the
KDC
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2222
The
Basi
c Ke
rber
os P
roto
col (
4)Th
e Ba
sic
Kerb
eros
Pro
toco
l (4)
Phas
e 2:
C g
ets
a Ti
cket
for
SPh
ase
2: C
get
s a
Tick
et fo
r S
4.4.TG
S re
turn
s a
ticke
t for
C to
talk
to S
TGS
retu
rns
a tic
ket f
or C
to ta
lk to
S(J
ust l
ike
step
2 a
bove
...)
(Jus
t lik
e st
ep 2
abo
ve...
)TG
S TG
S ##
CC : {T: {
T C,SC,S}
K}KS S
, {K
, {K
C,S
C,S}
K}KC,
TGS
C,TG
S
""O
nly
S ca
n de
cryp
t the
tick
etO
nly
S ca
n de
cryp
t the
tick
et""
C ca
n un
lock
the
seco
nd p
art t
o re
trie
ve
C ca
n un
lock
the
seco
nd p
art t
o re
trie
ve
KKC,
SC,
S
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2323
Clie
ntC
lient
Pict
ure
of a
Ker
bero
s Re
alm
Pi
ctur
e of
a K
erbe
ros
Real
m
Tick
et G
rant
ing
Tick
et G
rant
ing
Serv
er (T
GS)
Serv
er (T
GS)
C #
TGS:
{AC
,S}K
C,T
GS
, {T C
,TG
S}K
TGS
whe
re A
c,s
= {c
, tim
esta
mp,
opt
. sub
key}
Kc,
s TGS #
C: {
T C,S
}KS
, {K
C,S
}KC
,TG
S
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2424
The
Basi
c Ke
rber
os P
roto
col (
5)Th
e Ba
sic
Kerb
eros
Pro
toco
l (5)
Phas
e 3:
C c
omm
unic
ates
with
SPh
ase
3: C
com
mun
icat
es w
ith S
5.5.C
send
s th
e ti
cket
to S
alo
ng w
ith
an
C se
nds
the
tick
et to
S a
long
wit
h an
au
then
ticat
or to
est
ablis
h a
shar
ed
auth
entic
ator
to e
stab
lish
a sh
ared
se
cret
secr
etC C ##
S: {A
S: {A
C,S
C,S}
K}KC,
SC,
S, {
T, {
T C,SC,S}
K}KSS
whe
re
whe
re AA
c,s
c,s
= {c
, tim
esta
mp,
opt
. =
{c, t
imes
tam
p, o
pt.
subk
ey}K
subk
ey}K
c,s
c,s
""S
decr
ypts
the
tick
et T
S de
cryp
ts th
e ti
cket
TC,
SC,
Sto
get
the
to g
et th
e sh
ared
sec
ret K
shar
ed s
ecre
t KC,
S C,
S ne
eded
to
need
ed to
co
mm
unic
ate
secu
rely
wit
h C
com
mun
icat
e se
cure
ly w
ith
C
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2525
The
Basi
c Ke
rber
os P
roto
col (
6)Th
e Ba
sic
Kerb
eros
Pro
toco
l (6)
Phas
e 3:
C c
omm
unic
ates
with
SPh
ase
3: C
com
mun
icat
es w
ith S
6.6.S
decr
ypts
the
ticke
t to
obta
in th
e K
S de
cryp
ts th
e tic
ket t
o ob
tain
the
KC,
S C,
S an
d re
plie
s to
C w
ith p
roof
of
and
repl
ies
to C
with
pro
of o
f po
sses
sion
of t
he s
hare
d se
cret
po
sses
sion
of t
he s
hare
d se
cret
(o
ptio
nal s
tep)
(opt
iona
l ste
p)S S ##
CC : {t
imes
tam
p, o
pt.
: {tim
esta
mp,
opt
. sub
key}
Ksu
bkey
}Kc,
sc,
s
Not
ice
that
S h
ad to
dec
rypt
the
Not
ice
that
S h
ad to
dec
rypt
the
auth
entic
ator
, ext
ract
the
times
tam
p au
then
ticat
or, e
xtra
ct th
e tim
esta
mp
& o
pt.
& o
pt. s
ubke
ysu
bkey
, and
re, a
nd re
-- enc
rypt
thos
e en
cryp
t tho
se
two
com
pone
nts
with
tw
o co
mpo
nent
s w
ith KK
c,s
c,s
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2626
Clie
ntC
lient
Pict
ure
of a
Ker
bero
s Pi
ctur
e of
a K
erbe
ros
Real
m
Real
m
Serv
erSe
rver
C #
S: {A
C,S
}KC
,S, {
T C,S
}KS
whe
re A
c,s
= {c
, tim
esta
mp,
opt
. sub
key}
Kc,
s
S #
C: {
times
tam
p, o
pt. s
ubke
y}K
c,s
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2727
Key
Dis
trib
utio
n K
ey D
istr
ibut
ion
Cen
ter (
KD
C)
Cen
ter (
KD
C)
Clie
ntC
lient
Pict
ure
of a
Ker
bero
s Re
alm
Pi
ctur
e of
a K
erbe
ros
Real
m
Serv
erSe
rver
Tick
et G
rant
ing
Tick
et G
rant
ing
Serv
er (T
GS)
Serv
er (T
GS)
TGT
Req
uest
TGT
Tick
etR
eque
st Tick
et
Tick
et +
ser
vice
requ
est
�Do
som
e st
uff�
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2828
Thou
ghts
on
Kerb
eros
...Th
ough
ts o
n Ke
rber
os...
!!Th
ere�
s no
pub
lic k
ey c
rypt
o an
ywhe
re
Ther
e�s
no p
ublic
key
cry
pto
anyw
here
in
the
base
Ker
bero
s sp
ec, b
ut y
ou c
an
in th
e ba
se K
erbe
ros
spec
, but
you
can
m
odify
the
base
pro
toco
ls to
use
PK.
..m
odify
the
base
pro
toco
ls to
use
PK.
..""
Exam
ple:
the
init
ial �
logi
n� to
the
KDC
Exam
ple:
the
init
ial �
logi
n� to
the
KDC
coul
d be
don
e w
ith
publ
ic k
ey fo
r ad
ded
coul
d be
don
e w
ith
publ
ic k
ey fo
r ad
ded
secu
rity
(e.g
. PKI
NIT
pro
toco
l)se
curi
ty (e
.g. P
KIN
IT p
roto
col)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
2929
Verif
icat
ion
and
Verif
icat
ion
and
NT
user
acc
ount
N
T us
er a
ccou
nt
look
uplo
okup
Logo
n re
ques
t Lo
gon
requ
est
usin
g Pu
blic
Key
usin
g Pu
blic
Key
Ker
bero
s Ti
cket
K
erbe
ros
Tick
et
Gra
ntin
g Ti
cket
(TG
T)G
rant
ing
Tick
et (T
GT)
Key
Dis
trib
utio
n K
ey D
istr
ibut
ion
Cen
ter (
KD
C)
Cen
ter (
KD
C)
Act
ive
Act
ive
Dire
ctor
yD
irect
ory
Rea
der
Rea
der
Clie
ntC
lient
SCSCC
ert
Cer
t
PKIN
IT in
Win
dow
s PK
INIT
in W
indo
ws
2K/2
K3
2K/2
K3
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3030
Thou
ghts
on
Kerb
eros
...(2
)Th
ough
ts o
n Ke
rber
os...
(2)
!!O
nly
the
KDC
need
s to
kno
w th
e us
er�s
O
nly
the
KDC
need
s to
kno
w th
e us
er�s
pa
ssw
ord
(use
d to
gen
erat
e th
e sh
ared
pa
ssw
ord
(use
d to
gen
erat
e th
e sh
ared
se
cret
)se
cret
)""
You
can
have
mul
tipl
e Yo
u ca
n ha
ve m
ulti
ple
KDCs
KDCs
for
for
redu
ndan
cy, b
ut th
ey a
ll ne
ed to
hav
e a
redu
ndan
cy, b
ut th
ey a
ll ne
ed to
hav
e a
copy
of t
he u
sern
ame/
pass
wor
d da
taba
seco
py o
f the
use
rnam
e/pa
ssw
ord
data
base
!!O
nly
the
TGS
need
s to
kno
w th
e se
cret
O
nly
the
TGS
need
s to
kno
w th
e se
cret
ke
ys fo
r th
e se
rver
ske
ys fo
r th
e se
rver
s""
You
can
split
KD
C fr
om T
GS,
but
it is
Yo
u ca
n sp
lit K
DC
from
TG
S, b
ut it
is
com
mon
for
thos
e tw
o se
rvic
es to
res
ide
com
mon
for
thos
e tw
o se
rvic
es to
res
ide
on th
e sa
me
phys
ical
mac
hine
on th
e sa
me
phys
ical
mac
hine
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3131
Thou
ghts
on
Kerb
eros
...(3
)Th
ough
ts o
n Ke
rber
os...
(3)
!!Cr
oss
Cros
s --re
alm
trus
t is
poss
ible
real
m tr
ust i
s po
ssib
le""
Just
nee
d to
sha
re a
sec
ret k
ey b
etw
een
Just
nee
d to
sha
re a
sec
ret k
ey b
etw
een
the
the
KDCs
KDCs
for
the
two
real
ms.
..fo
r th
e tw
o re
alm
s...
""O
nce
acco
mpl
ishe
d, a
use
r in
rea
lm A
can
O
nce
acco
mpl
ishe
d, a
use
r in
rea
lm A
can
ge
t a ti
cket
for
a se
rvic
e in
rea
lm B
get a
tick
et fo
r a
serv
ice
in r
ealm
B
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3232
Thou
ghts
on
Kerb
eros
...(4
)Th
ough
ts o
n Ke
rber
os...
(4)
!!�� T
ime�
is v
ery
impo
rtan
t in
Kerb
eros
Tim
e� is
ver
y im
port
ant i
n Ke
rber
os""
All
part
icip
ants
in th
e re
alm
nee
d A
ll pa
rtic
ipan
ts in
the
real
m n
eed
accu
rate
clo
cks
accu
rate
clo
cks
""Ti
mes
tam
ps a
re u
sed
in a
uthe
ntic
ator
s to
Ti
mes
tam
ps a
re u
sed
in a
uthe
ntic
ator
s to
de
tect
rep
lay;
if a
hos
t can
be
fool
ed
dete
ct r
epla
y; if
a h
ost c
an b
e fo
oled
ab
out t
he c
urre
nt ti
me,
old
ab
out t
he c
urre
nt ti
me,
old
au
then
tica
tors
cou
ld b
e re
play
edau
then
tica
tors
cou
ld b
e re
play
ed""
Tick
ets
tend
to h
ave
lifet
imes
on
the
Tick
ets
tend
to h
ave
lifet
imes
on
the
orde
r of
hou
rs, a
nd r
epla
ys a
re p
ossi
ble
orde
r of
hou
rs, a
nd r
epla
ys a
re p
ossi
ble
duri
ng th
e lif
etim
e of
the
tick
etdu
ring
the
lifet
ime
of th
e ti
cket
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3333
Thou
ghts
on
Kerb
eros
...(5
)Th
ough
ts o
n Ke
rber
os...
(5)
!!Pa
ssw
ord
Pass
wor
d --gu
essi
ng a
ttac
ks a
re
gues
sing
att
acks
are
po
ssib
lepo
ssib
le""
Capt
ure
enou
gh e
ncry
pted
tick
ets
and
Capt
ure
enou
gh e
ncry
pted
tick
ets
and
you
can
brut
eyo
u ca
n br
ute --
forc
e de
cryp
t the
m to
fo
rce
decr
ypt t
hem
to
disc
over
sha
red
keys
disc
over
sha
red
keys
""(A
noth
er r
easo
n to
use
pub
lic k
ey...
)(A
noth
er r
easo
n to
use
pub
lic k
ey...
)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3434
Thou
ghts
on
Kerb
eros
...(6
)Th
ough
ts o
n Ke
rber
os...
(6)
!!It
�s p
ossi
ble
to s
crew
up
the
It�s
pos
sibl
e to
scr
ew u
p th
e im
plem
enta
tion
impl
emen
tati
on""
In fa
ct, K
erbe
ros
v4 h
ad a
col
ossa
l In
fact
, Ker
bero
s v4
had
a c
olos
sal
secu
rity
bre
ach
due
to b
ad
secu
rity
bre
ach
due
to b
ad
impl
emen
tati
ons
impl
emen
tati
ons
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3535
RNG
sRN
Gs
in K
erbe
ros
v4in
Ker
bero
s v4
!!Se
ssio
n ke
ys w
ere
gene
rate
d fr
om a
Se
ssio
n ke
ys w
ere
gene
rate
d fr
om a
PR
NG
see
ded
with
the
XOR
of th
e PR
NG
see
ded
with
the
XOR
of th
e fo
llow
ing:
follo
win
g:""
Tim
eTi
me --
ofof-- d
ay in
sec
onds
sin
ce 1
/1/1
970
day
in s
econ
ds s
ince
1/1
/197
0""
Proc
ess
ID o
f the
Ker
bero
s se
rver
pro
cess
Proc
ess
ID o
f the
Ker
bero
s se
rver
pro
cess
""Cu
mul
ativ
e co
unt o
f ses
sion
key
s Cu
mul
ativ
e co
unt o
f ses
sion
key
s ge
nera
ted
gene
rate
d""
Frac
tion
al p
art o
f tim
eFr
acti
onal
par
t of t
ime --
ofof-- d
ay s
econ
dsda
y se
cond
s""
Hos
tid
Hos
tid
of th
e m
achi
ne r
unni
ng th
e se
rver
of th
e m
achi
ne r
unni
ng th
e se
rver
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3636
RNG
sRN
Gs
in K
erbe
ros
v4 (c
onti
nued
)in
Ker
bero
s v4
(con
tinu
ed)
!!Th
e se
ed is
a 3
2Th
e se
ed is
a 3
2 --bi
t val
ue, s
o w
hile
the
bit v
alue
, so
whi
le th
e se
ssio
n ke
y is
use
d fo
r D
ES (6
4 bi
ts
sess
ion
key
is u
sed
for
DES
(64
bits
lo
ng, n
orm
ally
56
bits
of e
ntro
py),
it lo
ng, n
orm
ally
56
bits
of e
ntro
py),
it ha
s on
ly 3
2 bi
ts o
f ent
ropy
has
only
32
bits
of e
ntro
py!!
Wha
t�s
wor
se, t
he fi
ve v
alue
s ha
ve
Wha
t�s
wor
se, t
he fi
ve v
alue
s ha
ve
pred
icta
ble
port
ions
pred
icta
ble
port
ions
""Ti
me
is c
ompl
etel
y pr
edic
tabl
eTi
me
is c
ompl
etel
y pr
edic
tabl
e""
Proc
essI
DPr
oces
sID
is m
ostl
y pr
edic
tabl
eis
mos
tly
pred
icta
ble
""Ev
en
Even
hos
tID
host
IDha
s 12
pre
dict
able
bits
(of 3
2 ha
s 12
pre
dict
able
bits
(of 3
2 to
tal)
tota
l)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3737
RNG
sRN
Gs
in K
erbe
ros
v4 (c
onti
nued
)in
Ker
bero
s v4
(con
tinu
ed)
!!O
f the
32
seed
bits
, onl
y 20
bits
rea
lly
Of t
he 3
2 se
ed b
its, o
nly
20 b
its r
eally
ch
ange
with
any
freq
uenc
y, s
o ch
ange
with
any
freq
uenc
y, s
o Ke
rber
os v
4 ke
ys (i
n th
e M
IT
Kerb
eros
v4
keys
(in
the
MIT
im
plem
enta
tion)
onl
y ha
ve 2
0 bi
ts o
f im
plem
enta
tion)
onl
y ha
ve 2
0 bi
ts o
f ra
ndom
ness
rand
omne
ss""
They
cou
ld b
e br
ute
They
cou
ld b
e br
ute --
forc
e di
scov
ered
in
forc
e di
scov
ered
in
seco
nds
seco
nds
!!Th
e ho
le w
as in
the
MIT
Ker
bero
s Th
e ho
le w
as in
the
MIT
Ker
bero
s so
urce
s fo
r so
urce
s fo
r se
ven
year
s!se
ven
year
s!
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3838
Secu
ring
Inte
rnet
Tra
ffic
Secu
ring
Inte
rnet
Tra
ffic
!!A
pplic
atio
nA
pplic
atio
n --le
vel s
ecur
ity
leve
l sec
urit
y""
Secu
re th
e tr
affic
bet
wee
n tw
o Se
cure
the
traf
fic b
etw
een
two
com
mun
icat
ing
appl
icat
ions
com
mun
icat
ing
appl
icat
ions
""A
pplic
atio
nA
pplic
atio
n --sp
ecifi
c pr
otoc
ols
spec
ific
prot
ocol
s""
Exam
ple:
SSL
/TLS
for
web
traf
ficEx
ampl
e: S
SL/T
LS fo
r w
eb tr
affic
!!IPIP
-- lev
el s
ecur
ityle
vel s
ecur
ity""
Secu
re tr
affic
at t
he In
tern
et P
roto
col
Secu
re tr
affic
at t
he In
tern
et P
roto
col
laye
r (lo
wla
yer
(low
-- lev
el w
ire
form
at)
leve
l wir
e fo
rmat
)""
App
licat
ions
don
�t h
ave
to k
now
abo
ut
App
licat
ions
don
�t h
ave
to k
now
abo
ut
secu
rity
spe
cific
ally
, the
y �g
et it
for
free
�se
curi
ty s
peci
fical
ly, t
hey
�get
it fo
r fr
ee�
""Ex
ampl
e: IP
SEC
Exam
ple:
IPSE
C
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
3939
Com
mon
The
mes
Com
mon
The
mes
!!Th
ree
phas
esTh
ree
phas
es""
Aut
hent
icat
ion
Aut
hent
icat
ion
""Ve
rify
the
othe
r pa
rty
is s
omeo
ne y
ou
Veri
fy th
e ot
her
part
y is
som
eone
you
w
ant t
o ta
lk to
wan
t to
talk
to""
Key
agre
emen
tKe
y ag
reem
ent
""A
gree
on
data
enc
rypt
ion
and
inte
grit
y A
gree
on
data
enc
rypt
ion
and
inte
grit
y pr
otec
tion
key
spr
otec
tion
key
s""
Encr
ypte
d da
ta e
xcha
nge
Encr
ypte
d da
ta e
xcha
nge
""Co
mm
unic
ate
over
the
encr
ypte
d Co
mm
unic
ate
over
the
encr
ypte
d ch
anne
lch
anne
l
SSL/
TLS
SSL/
TLS
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4141
App
App
-- Lev
el S
ecur
ity:
SSL
/TLS
Leve
l Sec
urit
y: S
SL/T
LS
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4242
SSL/
PCT/
TLS
His
tory
SSL/
PCT/
TLS
His
tory
!!19
94:
Secu
re S
ocke
ts L
ayer
(SSL
) V2.
019
94:
Secu
re S
ocke
ts L
ayer
(SSL
) V2.
0!!
1995
: Pr
ivat
e Co
mm
unic
atio
n Te
chno
logy
19
95:
Priv
ate
Com
mun
icat
ion
Tech
nolo
gy
(PCT
) V1.
0(P
CT) V
1.0
!!19
96:
Secu
re S
ocke
ts L
ayer
(SSL
) V3.
019
96:
Secu
re S
ocke
ts L
ayer
(SSL
) V3.
0!!
1997
: Pr
ivat
e Co
mm
unic
atio
n Te
chno
logy
19
97:
Priv
ate
Com
mun
icat
ion
Tech
nolo
gy
(PCT
) V4.
0(P
CT) V
4.0
!!19
99:
Tran
spor
t Lay
er S
ecur
ity
(TLS
) V1.
019
99:
Tran
spor
t Lay
er S
ecur
ity
(TLS
) V1.
0!!
2005
/200
6: T
LS V
1.1
(cur
rent
ly in
the
RFC
2005
/200
6: T
LS V
1.1
(cur
rent
ly in
the
RFC
Edit
or�s
Que
ue a
wai
ting
pub
licat
ion)
Edit
or�s
Que
ue a
wai
ting
pub
licat
ion)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4343
Typi
cal S
cena
rio
Typi
cal S
cena
rio
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.
Her
e is
my
RSA
pub
lic k
ey.
Her
e is
a sy
mm
etric
key
, enc
rypt
ed w
ith y
our
publ
ic k
ey, t
hat w
e ca
n us
e to
talk
.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4444
SSL/
TLS
SSL/
TLS
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.
Her
e is
my
RSA
pub
lic k
ey.
Her
e is
a sy
mm
etric
key
, enc
rypt
ed w
ith y
our
publ
ic k
ey, t
hat w
e ca
n us
e to
talk
.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4545
SSL/
TLS
SSL/
TLS
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.H
ere
are
the
prot
ocol
s and
cip
hers
I un
ders
tand
.
Her
e is
my
RSA
pub
lic k
ey.
Her
e is
a sy
mm
etric
key
, enc
rypt
ed w
ith y
our
publ
ic k
ey, t
hat w
e ca
n us
e to
talk
.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4646
SSL/
TLS
SSL/
TLS
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.H
ere
are
the
prot
ocol
s and
cip
hers
I un
ders
tand
.
I cho
ose
this
pro
toco
l and
cip
hers
.H
ere
is m
y pu
blic
key
and
so
me
othe
r stu
ff.
Her
e is
a sy
mm
etric
key
, enc
rypt
ed w
ith y
our
publ
ic k
ey, t
hat w
e ca
n us
e to
talk
.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4747
SSL/
TLS
SSL/
TLS
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.H
ere
are
the
prot
ocol
s and
cip
hers
I un
ders
tand
.
I cho
ose
this
pro
toco
l and
cip
hers
.H
ere
is m
y pu
blic
key
and
som
e ot
her s
tuff
.
Usi
ng y
our p
ublic
key
, I�v
e en
cryp
ted
a ra
ndom
sym
met
ric k
ey to
you
.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4848
SSL/
TLS
SSL/
TLS
All
subs
eque
nt s
ecur
e m
essa
ges
All
subs
eque
nt s
ecur
e m
essa
ges
are
sent
usi
ng th
e sy
mm
etri
c ke
y ar
e se
nt u
sing
the
sym
met
ric
key
and
a ke
yed
hash
for
mes
sage
an
d a
keye
d ha
sh fo
r m
essa
ge
auth
enti
cati
on.
auth
enti
cati
on.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
4949
The
five
phas
es o
f SSL
/TLS
The
five
phas
es o
f SSL
/TLS
1.1.N
egot
iate
the
Neg
otia
te th
e ci
pher
suite
ciph
ersu
iteto
be
used
to b
e us
ed2.2.
Esta
blis
h th
e sh
ared
ses
sion
key
Esta
blis
h th
e sh
ared
ses
sion
key
3.3.Cl
ient
aut
hent
icat
es th
e se
rver
Clie
nt a
uthe
ntic
ates
the
serv
er(�
serv
er a
uth�
)(�
serv
er a
uth�
)""
Opt
iona
l, bu
t alm
ost
Opt
iona
l, bu
t alm
ost
alw
ays
alw
ays
done
done
4.4.Se
rver
aut
hent
icat
es th
e cl
ient
Serv
er a
uthe
ntic
ates
the
clie
nt(�
clie
nt a
uth�
)(�
clie
nt a
uth�
)""
Opt
iona
l, an
d al
mos
t O
ptio
nal,
and
alm
ost
neve
rne
ver
done
done
5.5.A
uthe
ntic
ate
prev
ious
ly e
xcha
nged
dat
aA
uthe
ntic
ate
prev
ious
ly e
xcha
nged
dat
a
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5050
Phas
e 1:
Ph
ase
1: C
iphe
rsui
teCi
pher
suit
eN
egot
iati
onN
egot
iati
on
!!Cl
ient
hel
lo (
Clie
nt h
ello
(cl
ient
clie
nt##
serv
erse
rver
))""
�Hi!
I spe
ak th
ese
n �H
i! I s
peak
thes
e n
ciph
ersu
ites
ciph
ersu
ites
, and
, a
nd
here
�s a
28
here
�s a
28 --
byte
ran
dom
num
ber
(non
ce)
byte
ran
dom
num
ber
(non
ce)
I jus
t pic
ked�
I jus
t pic
ked�
!!Se
rver
hel
lo (
Serv
er h
ello
(cl
ient
clie
nt$$
serv
erse
rver
))""
�Hel
lo. W
e�re
goi
ng to
use
this
par
ticu
lar
�Hel
lo. W
e�re
goi
ng to
use
this
par
ticu
lar
ciph
ersu
ite
ciph
ersu
ite ,
and
her
e�s
a 28
, and
her
e�s
a 28
-- byt
e no
nce
I by
te n
once
I ju
st p
icke
d.�
just
pic
ked.
�!!
Oth
er in
fo c
an b
e pa
ssed
alo
ng (w
e�ll
Oth
er in
fo c
an b
e pa
ssed
alo
ng (w
e�ll
see
why
a li
ttle
late
r...)
see
why
a li
ttle
late
r...)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5151
TLS
V1.0
TL
S V1
.0 c
iphe
rsui
tes
ciph
ersu
ites
TLS_NULL_WITH_NULL_NULL
TLS_NULL_WITH_NULL_NULL
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_
TLS_RSA_EXPORT_WITH_RC2_CBC_40_
MD5
MD5
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_S
TLS_RSA_EXPORT_WITH_DES40_CBC_S
HA
HA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CB
TLS_DH_DSS_EXPORT_WITH_DES40_CB
C_SHA
C_SHA
TLS_DH_DSS_WITH_DES_CBC_SHA
TLS_DH_DSS_WITH_DES_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SH
TLS_DH_DSS_WITH_3DES_EDE_CBC_SH
AA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_
SHA
SHA
TLS_DH_RSA_WITH_DES_CBC_SHA
TLS_DH_RSA_WITH_DES_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC
_SHA
_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC
_SHA
_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD
TLS_DH_anon_EXPORT_WITH_RC4_40_MD
55TLS_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC
TLS_DH_anon_EXPORT_WITH_DES40_CBC
_SHA
_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
Mor
e de
fined
in o
ther
spe
csM
ore
defin
ed in
oth
er s
pecs
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5252
TLS
TLS --
With
With
-- AES
A
ES c
iphe
rsui
tes
ciph
ersu
ites
(RFC
326
8)(R
FC 3
268)
TLS_RSA_WITH_AES_128_CBC_SHA RSA
TLS_RSA_WITH_AES_128_CBC_SHA RSA
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH_DSS
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH_DSS
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH_RSA
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH_RSA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE_DSS
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE_DSS
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA DH_anon
DH_anon
TLS_RSA_WITH_AES_256_CBC_SHA RSA
TLS_RSA_WITH_AES_256_CBC_SHA RSA
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH_DSS
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH_DSS
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH_RSA
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH_RSA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE_DSS
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE_DSS
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE_RSA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE_RSA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA DH_anon
DH_anon
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5353
Phas
e 2:
Est
ablis
h th
e Ph
ase
2: E
stab
lish
the
shar
ed s
essi
on k
eysh
ared
ses
sion
key
!!Cl
ient
key
exc
hang
eCl
ient
key
exc
hang
e""
Clie
nt c
hoos
es a
48
Clie
nt c
hoos
es a
48 --
byte
�pr
eby
te �
pre --
mas
ter s
ecre
t�m
aste
r sec
ret�
""Cl
ient
enc
rypt
s th
e pr
eCl
ient
enc
rypt
s th
e pr
e --m
aste
r se
cret
wit
h th
e m
aste
r se
cret
wit
h th
e se
rver
�s R
SA p
ublic
key
serv
er�s
RSA
pub
lic k
ey""
Clie
ntCl
ient
##se
rver
serv
eren
cryp
ted
pre
encr
ypte
d pr
e --m
aste
r sec
ret
mas
ter s
ecre
t
!!Cl
ient
and
ser
ver
both
com
pute
Clie
nt a
nd s
erve
r bo
th c
ompu
te""
PRF
(pre
PRF
(pre
-- mas
ter s
ecre
t, �m
aste
r sec
ret�
, clie
nt
mas
ter s
ecre
t, �m
aste
r sec
ret�
, clie
nt
nonc
e +
ser
ver n
once
)no
nce
+ s
erve
r non
ce)
""PR
F is
a p
seud
oPR
F is
a p
seud
o --ra
ndom
func
tion
rand
om fu
nctio
n""
Firs
t 48
byte
s ou
tput
from
PRF
form
mas
ter
Firs
t 48
byte
s ou
tput
from
PRF
form
mas
ter
secr
etse
cret
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5454
TLS�
s PR
FTL
S�s
PRF
!!PR
F(se
cret
PRF(
secr
et, l
abel
, see
d) =
, l
abel
, see
d) =
P_
MD
5(S1
, lab
el +
see
d) X
OR
P_M
D5(
S1, l
abel
+ s
eed)
XO
R P_
SHA
P_SH
A-- 1
(S2,
labe
l + s
eed)
; 1(
S2, l
abel
+ s
eed)
; w
here
S1,
S2
are
the
two
halv
es o
f the
w
here
S1,
S2
are
the
two
halv
es o
f the
se
cret
secr
et!!
P_ha
sh(s
ecre
tP_
hash
(sec
ret ,
see
d) =
, s
eed)
=
HM
AC_
hash
(sec
ret
HM
AC_
hash
(sec
ret ,
A(1
) + s
eed)
+
, A(1
) + s
eed)
+
HM
AC_
hash
(sec
ret
HM
AC_
hash
(sec
ret ,
A(2
) + s
eed)
+
, A(2
) + s
eed)
+
HM
AC_
hash
(sec
ret
HM
AC_
hash
(sec
ret ,
A(3
) + s
eed)
+ ..
. , A
(3) +
see
d) +
...
!!A
(0) =
see
d A
(0) =
see
d A
(iA
(i) =
) =
HM
AC_
hash
(sec
ret
HM
AC_
hash
(sec
ret ,
A(i
, A(i
-- 1))
1)
)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5555
Phas
es 3
& 4
: Aut
hent
icat
ion
Phas
es 3
& 4
: Aut
hent
icat
ion
Mor
e on
this
in a
mom
ent..
.M
ore
on th
is in
a m
omen
t...
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5656
Phas
e 5:
Aut
hent
icat
e Ph
ase
5: A
uthe
ntic
ate
prev
ious
ly e
xcha
nged
dat
apr
evio
usly
exc
hang
ed d
ata
!!�� C
hang
e Ch
ange
cip
hers
uite
sci
pher
suit
es�
mes
sage
� m
essa
ge""
Tim
e to
sta
rt s
endi
ng d
ata
for
real
...Ti
me
to s
tart
sen
ding
dat
a fo
r re
al...
!!�F
inis
hed�
han
dsha
ke m
essa
ge�F
inis
hed�
han
dsha
ke m
essa
ge""
Firs
t pro
tect
ed m
essa
ge, v
erifi
es
Firs
t pro
tect
ed m
essa
ge, v
erifi
es
algo
rith
m p
aram
eter
s fo
r th
e en
cryp
ted
algo
rith
m p
aram
eter
s fo
r th
e en
cryp
ted
chan
nel
chan
nel
""12
byt
es fr
om:
12 b
ytes
from
:PR
F(m
aste
r_se
cret
PRF(
mas
ter_
secr
et, �
clie
nt fi
nish
ed�,
, �
clie
nt fi
nish
ed�,
M
D5(
hand
shak
e_m
essa
ges)
+
MD
5(ha
ndsh
ake_
mes
sage
s) +
SH
ASH
A-- 1
(han
dsha
ke_m
essa
ges)
)1(
hand
shak
e_m
essa
ges)
)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5757
Why
do
I tru
st th
e se
rver
key
?W
hy d
o I t
rust
the
serv
er k
ey?
!!H
ow d
o I k
now
I�m
rea
lly ta
lkin
g to
H
ow d
o I k
now
I�m
rea
lly ta
lkin
g to
A
maz
on.c
omA
maz
on.c
om??
!!W
hat d
efea
ts a
man
Wha
t def
eats
a m
an-- i
nin-- t
hethe --
mid
dle
mid
dle
atta
ck?
atta
ck?
Web
Web
Serv
erSe
rver
Clie
ntC
lient
HTT
P w
ith S
SL/T
LSH
TTP
with
SSL
/TLS
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5858
Why
do
I tru
st th
e se
rver
key
?W
hy d
o I t
rust
the
serv
er k
ey?
!!H
ow d
o I k
now
I�m
rea
lly ta
lkin
g to
H
ow d
o I k
now
I�m
rea
lly ta
lkin
g to
A
maz
on.c
omA
maz
on.c
om??
!!W
hat d
efea
ts a
man
Wha
t def
eats
a m
an-- i
nin-- t
hethe --
mid
dle
mid
dle
atta
ck?
atta
ck?
Web
Web
Serv
erSe
rver
Clie
ntC
lient
Mal
let
Mal
let
HTT
P w
ith
HTT
P w
ith
SSL/
TLS
SSL/
TLS
HTT
P w
ith
HTT
P w
ith
SSL/
TLS
SSL/
TLS
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
5959
SSL/
TLS
SSL/
TLS
You
(clie
nt)
You
(clie
nt)
Mer
chan
t (se
rver
)M
erch
ant (
serv
er)
Let�s
talk
secu
rely
.H
ere
are
the
prot
ocol
s and
cip
hers
I un
ders
tand
.
Her
e is
a fr
esh
key
encr
ypte
d w
ith y
our k
ey.
I cho
ose
this
pro
toco
l and
cip
hers
.H
ere
is m
y pu
blic
key
and
so
me
othe
r stu
ff th
at w
ill m
ake
you
trust
this
key
is m
ine.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6060
Wha
t�s
the
�som
e ot
her s
tuff
�W
hat�
s th
e �s
ome
othe
r stu
ff�
How
can
we
conv
ince
Alic
e th
at s
ome
key
How
can
we
conv
ince
Alic
e th
at s
ome
key
belo
ngs
to B
ob?
belo
ngs
to B
ob?
!!A
lice
and
Bob
coul
d ha
ve m
et
Alic
e an
d Bo
b co
uld
have
met
pr
evio
usly
& e
xcha
nged
key
s di
rect
ly.
prev
ious
ly &
exc
hang
ed k
eys
dire
ctly
.""
Jeff
Je
ff B
ezos
Bezo
sis
n�t g
oing
to s
hake
han
ds w
ith
isn�
t goi
ng to
sha
ke h
ands
with
ev
eryo
ne h
e�d
like
to s
ell t
o...
ever
yone
he�
d lik
e to
sel
l to.
..!!
Som
eone
Alic
e tr
usts
cou
ld v
ouch
to
Som
eone
Alic
e tr
usts
cou
ld v
ouch
to
her
for
Bob
and
Bob�
s ke
yhe
r fo
r Bo
b an
d Bo
b�s
key
""A
thir
d pa
rty
can
A th
ird
part
y ca
n ce
rtify
cert
ifyBo
b�s
key
in a
Bo
b�s
key
in a
w
ay th
at c
onvi
nces
Alic
e.w
ay th
at c
onvi
nces
Alic
e.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6161
Wha
t is
a ce
rtifi
cate
?W
hat i
s a
cert
ifica
te?
!!A
cer
tific
ate
is a
dig
ital
lyA
cer
tific
ate
is a
dig
ital
ly-- s
igne
d si
gned
st
atem
ent t
hat b
inds
a p
ublic
key
to
stat
emen
t tha
t bin
ds a
pub
lic k
ey to
so
me
iden
tify
ing
info
rmat
ion.
som
e id
enti
fyin
g in
form
atio
n.""
The
sign
er o
f the
cer
tific
ate
is c
alle
d it
s Th
e si
gner
of t
he c
erti
ficat
e is
cal
led
its
issu
er.
issu
er.
""Th
e en
tity
talk
ed a
bout
in th
e ce
rtifi
cate
Th
e en
tity
talk
ed a
bout
in th
e ce
rtifi
cate
is
the
is th
e su
bjec
tsu
bjec
tof
the
cert
ifica
te.
of th
e ce
rtifi
cate
.!!
That
�s a
ll a
cert
ifica
te is
, at t
he 3
0,00
0�
That
�s a
ll a
cert
ifica
te is
, at t
he 3
0,00
0�
leve
l. le
vel.
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6262
Def
eatin
g M
alle
tD
efea
ting
Mal
let
Bob
can
conv
ince
Alic
e th
at h
is k
ey r
eally
doe
s Bo
b ca
n co
nvin
ce A
lice
that
his
key
rea
lly d
oes
belo
ng to
him
if h
e ca
n al
so s
end
alon
g a
digi
tal
belo
ng to
him
if h
e ca
n al
so s
end
alon
g a
digi
tal
cert
ifica
te A
lice
will
bel
ieve
& tr
ust
cert
ifica
te A
lice
will
bel
ieve
& tr
ust
Bob
Bob
Alic
eA
lice
Let�s
talk
secu
rely
.H
ere
are
the
prot
ocol
s and
cip
hers
I un
ders
tand
.
I cho
ose
this
pro
toco
l and
cip
hers
.H
ere
is m
y pu
blic
key
and
a
certi
ficat
e to
con
vinc
e yo
u th
at th
eke
y re
ally
bel
ongs
to m
e.
Cer
tC
ert
Cer
tC
ert
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6363
Serv
er &
Clie
nt A
uthe
ntic
atio
nSe
rver
& C
lient
Aut
hent
icat
ion
wit
h Ce
rtifi
cate
sw
ith
Cert
ifica
tes
!!W
e�re
goi
ng to
talk
a lo
t mor
e ab
out
We�
re g
oing
to ta
lk a
lot m
ore
abou
t ho
w y
ou d
eter
min
e w
heth
er y
ou tr
ust
how
you
det
erm
ine
whe
ther
you
trus
t a
nam
ea
nam
e --ke
y bi
ndin
g la
ter
in th
e co
urse
key
bind
ing
late
r in
the
cour
se""
Lect
ure
#8: T
rust
, Pub
lic K
ey
Lect
ure
#8: T
rust
, Pub
lic K
ey
Infr
astr
uctu
re (P
KI) a
nd K
ey M
anag
emen
tIn
fras
truc
ture
(PKI
) and
Key
Man
agem
ent
!!Fo
r no
w, s
impl
y as
sum
e th
at e
ach
For
now
, sim
ply
assu
me
that
eac
h cl
ient
and
ser
ver
can:
clie
nt a
nd s
erve
r ca
n:""
Cryp
togr
aphi
cally
val
idat
e a
cert
ifica
te to
Cr
ypto
grap
hica
lly v
alid
ate
a ce
rtifi
cate
to
veri
fy it
s in
tegr
ity
veri
fy it
s in
tegr
ity
""D
ecid
e w
heth
er a
val
idat
ed c
erti
ficat
e D
ecid
e w
heth
er a
val
idat
ed c
erti
ficat
e sh
ould
be
shou
ld b
e be
lieve
dbe
lieve
dac
cord
ing
to it
s ac
cord
ing
to it
s tr
ust
trus
t po
licy
polic
y
IPSE
CIP
SEC
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6565
Prot
ocol
Prot
ocol
-- Lev
el S
ecur
ity:
IPSE
CLe
vel S
ecur
ity:
IPSE
C
!!A
pplic
atio
nA
pplic
atio
n --le
vel s
ecur
ity p
roto
cols
le
vel s
ecur
ity p
roto
cols
w
ork
grea
t for
par
ticul
ar a
pplic
atio
nsw
ork
grea
t for
par
ticul
ar a
pplic
atio
ns""
But t
hey
But t
hey
only
only
wor
k fo
r th
at a
pplic
atio
nw
ork
for
that
app
licat
ion
!!SS
L/TL
S re
quir
es lo
ts o
f inf
rast
ruct
ure
SSL/
TLS
requ
ires
lots
of i
nfra
stru
ctur
e to
wor
k; h
ow m
any
prot
ocol
s ca
n w
e to
wor
k; h
ow m
any
prot
ocol
s ca
n w
e do
that
for?
do th
at fo
r?!!
Idea
lly, w
e�d
like
all t
he s
ecur
ity
Idea
lly, w
e�d
like
all t
he s
ecur
ity
feat
ures
of S
SL/T
LS a
vaila
ble
for
feat
ures
of S
SL/T
LS a
vaila
ble
for
ever
yev
ery
Inte
rnet
pro
toco
l/ap
plic
atio
nIn
tern
et p
roto
col/
appl
icat
ion
""�S
ecur
ity
at th
e IP
laye
r��S
ecur
ity
at th
e IP
laye
r�
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6666
Idea
l Pro
tect
ion:
End
Idea
l Pro
tect
ion:
End
-- toto
--En
dEn
d
!!SS
L/TL
S do
es th
is a
t the
app
licat
ion
laye
r (TC
P)SS
L/TL
S do
es th
is a
t the
app
licat
ion
laye
r (TC
P)!!
IPSE
C do
es th
is fo
r an
y IP
pac
ket,
at n
etw
ork
laye
rIP
SEC
does
this
for
any
IP p
acke
t, at
net
wor
k la
yer
!!A
pps
mus
t be
awar
e of
/con
trol
SSL
, don
�t h
ave
to
App
s m
ust b
e aw
are
of/c
ontr
ol S
SL, d
on�t
hav
e to
be
for
IPSe
cbe
for
IPSe
c
serv
er
host
serv
er
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6767
IPSE
CIP
SEC
!!IP
SEC
= IP
(Int
erne
t Pro
toco
l) Se
curi
tyIP
SEC
= IP
(Int
erne
t Pro
toco
l) Se
curi
ty""
Suit
e of
pro
toco
ls th
at p
rovi
de
Suit
e of
pro
toco
ls th
at p
rovi
de
encr
ypti
on, i
nteg
rity
and
aut
hent
icat
ion
encr
ypti
on, i
nteg
rity
and
aut
hent
icat
ion
serv
ices
for
IP p
acke
tsse
rvic
es fo
r IP
pac
kets
""M
anda
tory
Man
dato
ry-- t
oto-- i
mpl
emen
t for
IPv6
, im
plem
ent f
or IP
v6,
opti
onal
(but
ava
ilabl
e) fo
r IP
v4op
tion
al (b
ut a
vaila
ble)
for
IPv4
!!Co
nsis
ts o
f tw
o m
ain
com
pone
nts:
Cons
ists
of t
wo
mai
n co
mpo
nent
s:""
IPSE
C ke
y m
anag
emen
tIP
SEC
key
man
agem
ent
""IP
SEC
prot
ectio
n pr
otoc
ols
IPSE
C pr
otec
tion
prot
ocol
s""
Encr
ypti
on &
aut
h of
IP p
acke
tsEn
cryp
tion
& a
uth
of IP
pac
kets
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6868
IPSE
C Ke
y M
anag
emen
tIP
SEC
Key
Man
agem
ent
!!Es
tabl
ishe
s a
Secu
rity
Ass
ocia
tion
(SA
) Es
tabl
ishe
s a
Secu
rity
Ass
ocia
tion
(SA
) fo
r a
sess
ion
for
a se
ssio
n""
Thin
k �s
hare
d se
cret
key
� fo
r ea
ch p
air
of
Thin
k �s
hare
d se
cret
key
� fo
r ea
ch p
air
of
com
mun
icat
ing
part
ies
com
mun
icat
ing
part
ies
""SA
use
d to
pro
vide
aut
hent
icat
ion
and
SA u
sed
to p
rovi
de a
uthe
ntic
atio
n an
d co
nfid
enti
alit
y se
rvic
es fo
r th
at s
essi
onco
nfid
enti
alit
y se
rvic
es fo
r th
at s
essi
on""
SA is
ref
eren
ced
via
a se
curi
ty p
aram
eter
SA
is r
efer
ence
d vi
a a
secu
rity
par
amet
er
inde
x (S
PI) i
n ea
ch IP
dat
agra
m h
eade
rin
dex
(SPI
) in
each
IP d
atag
ram
hea
der
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
6969
IPSE
C A
rchi
tect
ure
IPSE
C A
rchi
tect
ure
Dat
aD
ata
SPI
SPI
IP
IP H
drH
dr Sec
urity
info
rmat
ion
mai
ntai
ned
by h
ost
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7070
IPSE
C Pr
otec
tion
Prot
ocol
sIP
SEC
Prot
ectio
n Pr
otoc
ols
!!A
uthe
ntic
atio
n H
eade
r (A
H)
Aut
hent
icat
ion
Hea
der
(AH
)""
Aut
hent
icat
es p
aylo
ad d
ata
Aut
hent
icat
es p
aylo
ad d
ata
""A
uthe
ntic
ates
net
wor
k he
ader
Aut
hent
icat
es n
etw
ork
head
er""
Giv
es a
nti
Giv
es a
nti --
repl
ay p
rote
ctio
nre
play
pro
tect
ion
!!En
caps
ulat
ed S
ecur
ity P
aylo
ad (E
SP)
Enca
psul
ated
Sec
urity
Pay
load
(ESP
)""
Encr
ypts
pay
load
dat
aEn
cryp
ts p
aylo
ad d
ata
""A
uthe
ntic
ates
pay
load
dat
aA
uthe
ntic
ates
pay
load
dat
a""
Giv
es a
nti
Giv
es a
nti --
repl
ay p
rote
ctio
nre
play
pro
tect
ion
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7171
IPSE
C M
odes
of O
pera
tion
IPSE
C M
odes
of O
pera
tion
!!Tu
nnel
Mod
eTu
nnel
Mod
e""
Enca
psul
ates
the
enti
re IP
pac
ket w
ithi
n IP
SC
Enca
psul
ates
the
enti
re IP
pac
ket w
ithi
n IP
SC
prot
ectio
npr
otec
tion
""Tu
nnel
s ca
n be
cre
ated
bet
wee
n se
vera
l Tu
nnel
s ca
n be
cre
ated
bet
wee
n se
vera
l di
ffer
ent n
ode
type
sdi
ffer
ent n
ode
type
s""
Gat
eway
to g
atew
ayG
atew
ay to
gat
eway
""H
ost t
o ga
tew
ayH
ost t
o ga
tew
ay""
Hos
t to
host
Hos
t to
host
!!Tr
ansp
ort M
ode
Tran
spor
t Mod
e""
Enca
psul
ates
onl
y th
e tr
ansp
ort l
ayer
En
caps
ulat
es o
nly
the
tran
spor
t lay
er
info
rmat
ion
wit
hin
IPSE
C pr
otec
tion
info
rmat
ion
wit
hin
IPSE
C pr
otec
tion
""Ca
n on
ly b
e cr
eate
d be
twee
n ho
st n
odes
Can
only
be
crea
ted
betw
een
host
nod
es
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7272
IPse
cIP
sec
Scen
ario
1Sc
enar
io 1
Fire
wal
l to
Fire
wal
lFi
rew
all t
o Fi
rew
all
!!Co
rpor
ate
netw
ork
conn
ecte
d th
roug
h Co
rpor
ate
netw
ork
conn
ecte
d th
roug
h In
tern
etIn
tern
et
IPse
cen
dpoi
ntIP
sec
endp
oint
Unt
rust
edN
etw
ork
Prot
ecte
dSu
bnet
Prot
ecte
dSu
bnet
Unm
odifi
ed
Endn
ode
Unm
odifi
ed
Endn
ode
Tunn
el M
ode
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7373
IPse
cIP
sec
Scen
ario
2Sc
enar
io 2
Endn
ode
Endn
ode
to F
irew
all
to F
irew
all
!!M
obile
nod
e co
nnec
ts h
ome
thro
ugh
Mob
ile n
ode
conn
ects
hom
e th
roug
h In
tern
etIn
tern
et
IPse
cen
dpoi
nt
Inte
rnet
Prot
ecte
dSu
bnet
Endn
ode
w/IP
sec
in
netw
ork
stac
k
Unm
odifi
ed
Endn
ode
Tunn
el M
ode
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7474
IPse
cIP
sec
Scen
ario
3Sc
enar
io 3
End
to E
ndEn
d to
End
!!Tw
o no
des
don�
t nee
d to
trus
t the
Tw
o no
des
don�
t nee
d to
trus
t the
ne
twor
kne
twor
k
Endn
ode
w/IP
sec
in
netw
ork
stac
k
Endn
ode
w/IP
sec
in
netw
ork
stac
k
inte
rnal
or e
xter
nal n
etw
ork
Tran
spor
t Mod
e
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7575
Aut
hent
icat
ion
Hea
der (
AH
)A
uthe
ntic
atio
n H
eade
r (A
H)
!!A
uthe
ntic
atio
n is
app
lied
to th
e en
tire
Aut
hent
icat
ion
is a
pplie
d to
the
entir
e pa
cket
, with
the
mut
able
fiel
ds in
the
pack
et, w
ith th
e m
utab
le fi
elds
in th
e IP
hea
der
zero
ed o
utIP
hea
der
zero
ed o
ut!!
If b
oth
ESP
and
AH
are
app
lied
to a
If
bot
h ES
P an
d A
H a
re a
pplie
d to
a
pack
et, A
H fo
llow
s ES
Ppa
cket
, AH
follo
ws
ESP
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7676
Orig
IP H
drTC
P H
dr TCP
Hdr
IPSE
C A
uthe
ntic
atio
n H
eade
r (A
H)
IPSE
C A
uthe
ntic
atio
n H
eade
r (A
H)
in T
rans
port
Mod
ein
Tra
nspo
rt M
ode
Dat
a
Dat
aA
H H
drO
rigIP
Hdr
Nex
t Hdr
Payl
oad
Len
Inte
grity
has
h co
vera
ge (e
xcep
t for
mut
able
fiel
ds in
IP
Inte
grity
has
h co
vera
ge (e
xcep
t for
mut
able
fiel
ds in
IP h
drhdr ))
24 b
ytes
tota
lA
H is
IP p
roto
col 5
1
Inse
rt Rsr
vSe
cPar
amIn
dex
Seq#
Key
ed H
ash
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7777
TCP
Hdr
TCP
Hdr
IP H
drIP
Hdr
Dat
aD
ata
TCP
Hdr
TCP
Hdr
Orig
IP H
drO
rig IP
Hdr
IPSE
C A
H in
Tun
nel M
ode
IPSE
C A
H in
Tun
nel M
ode
Dat
aD
ata
Orig
IP H
drO
rig IP
Hdr
Inte
grity
has
h co
vera
ge (e
xcep
t for
mut
able
new
IP h
dr fi
elds
)In
tegr
ity h
ash
cove
rage
(exc
ept f
or m
utab
le n
ew IP
hdr
fiel
ds)
AH
Hdr
AH
Hdr
New
IP h
eade
r with
sou
rce
&
dest
inat
ion
IP a
ddre
ss
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7878
Enca
psul
ated
Sec
urity
En
caps
ulat
ed S
ecur
ity
Payl
oad
(ESP
)Pa
yloa
d (E
SP)
!!M
ust e
ncry
pt a
nd/o
r au
then
ticat
e in
M
ust e
ncry
pt a
nd/o
r au
then
ticat
e in
ea
ch p
acke
tea
ch p
acke
t!!
Encr
yptio
n oc
curs
bef
ore
Encr
yptio
n oc
curs
bef
ore
auth
entic
atio
nau
then
ticat
ion
!!A
uthe
ntic
atio
n is
app
lied
to d
ata
in
Aut
hent
icat
ion
is a
pplie
d to
dat
a in
th
e IP
SEC
head
er a
s w
ell a
s th
e da
ta
the
IPSE
C he
ader
as
wel
l as
the
data
co
ntai
ned
as p
aylo
adco
ntai
ned
as p
aylo
ad
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
7979
TCP
Hdr
TCP
Hdr
Orig
IP H
drO
rig IP
Hdr
ESP
Trai
ler
ESP
Trai
ler
Dat
aD
ata
TCP
Hdr
TCP
Hdr
IPSE
C ES
P in
Tra
nspo
rt M
ode
IPSE
C ES
P in
Tra
nspo
rt M
ode
Dat
aD
ata
Orig
IP H
drO
rig IP
Hdr
ESP
Hdr
ESP
Hdr
ESP
Aut
hES
P A
uth
Usu
ally
enc
rypt
edU
sual
ly e
ncry
pted
inte
grity
has
h co
vera
gein
tegr
ity h
ash
cove
rage
Inse
rtA
ppen
d
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8080
TCP
Hdr
TCP
Hdr
Orig
IP H
drO
rig IP
Hdr
IPSE
C ES
P in
Tra
nspo
rt M
ode
IPSE
C ES
P in
Tra
nspo
rt M
ode
Dat
aD
ata
Dat
aD
ata
TCP
Hdr
TCP
Hdr
ESP
Hdr
ESP
Hdr
Orig
IP H
drO
rig IP
Hdr
ESP
Trai
ler
ESP
Trai
ler
ESP
Aut
hES
P A
uth
Usu
ally
enc
rypt
edU
sual
ly e
ncry
pted
inte
grity
has
h co
vera
gein
tegr
ity h
ash
cove
rage
SecP
aram
Inde
xSe
cPar
amIn
dex
Padd
ing
Pa
ddin
g
PadL
engt
hPa
dLen
gth
Nex
tHdr
Nex
tHdr
Seq#
Seq#
Key
ed H
ash
Key
ed H
ash
22-3
6 by
tes
tota
l
InitV
ecto
rIn
itVec
tor
ESP
is IP
pro
toco
l 50In
sert
App
end
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8181
IPH
drIP
HdrIP
SEC
ESP
Tunn
el M
ode
IPSE
C ES
P Tu
nnel
Mod
e Dat
aD
ata
TCP
Hdr
TCP
Hdr
Orig
IP H
drO
rig IP
Hdr
ESP
Aut
hES
P A
uth
Usu
ally
enc
rypt
edU
sual
ly e
ncry
pted
inte
grity
has
h co
vera
gein
tegr
ity h
ash
cove
rage
Dat
aD
ata
TCP
Hdr
TCP
Hdr
ESP
Hdr
ESP
Hdr
IP
IP H
drH
dr
New
IP h
eade
r with
sou
rce
&
dest
inat
ion
IP a
ddre
ss
ESP
Trai
ler
ESP
Trai
ler
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8282
IPSE
C Ke
y M
anag
emen
tIP
SEC
Key
Man
agem
ent
!!IP
SEC
Key
Man
agem
ent i
s al
l abo
ut
IPSE
C Ke
y M
anag
emen
t is
all a
bout
es
tabl
ishi
ng a
nd m
aint
aini
ng S
ecur
ity
esta
blis
hing
and
mai
ntai
ning
Sec
urit
y A
ssoc
iatio
ns (
Ass
ocia
tions
(SA
sSA
s ) b
etw
een
pair
s of
) b
etw
een
pair
s of
co
mm
unic
atin
g ho
sts
com
mun
icat
ing
host
s
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8383
Secu
rity
Ass
ocia
tions
(SA
)Se
curi
ty A
ssoc
iatio
ns (S
A)
!!N
ew c
once
pt fo
r IP
com
mun
icat
ion
New
con
cept
for
IP c
omm
unic
atio
n""
SA n
ot a
�co
nnec
tion
�, b
ut v
ery
sim
ilar
SA n
ot a
�co
nnec
tion
�, b
ut v
ery
sim
ilar
""Es
tabl
ishe
s tr
ust b
etw
een
com
pute
rsEs
tabl
ishe
s tr
ust b
etw
een
com
pute
rs!!
If s
ecur
ing
with
IPSE
C, n
eed
SAIf
sec
urin
g w
ith IP
SEC,
nee
d SA
""IK
E pr
otoc
ol n
egot
iate
s se
curi
ty
IKE
prot
ocol
neg
otia
tes
secu
rity
pa
ram
eter
s ac
cord
ing
to p
olic
ypa
ram
eter
s ac
cord
ing
to p
olic
y""
Man
ages
cry
ptog
raph
ic k
eys
and
lifet
ime
Man
ages
cry
ptog
raph
ic k
eys
and
lifet
ime
""En
forc
es tr
ust b
y m
utua
l aut
hent
icat
ion
Enfo
rces
trus
t by
mut
ual a
uthe
ntic
atio
n
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8484
Gen
eral
idea
of I
KEv2
Gen
eral
idea
of I
KEv2
Alic
eB
obgA
mod
p, n
once
A
{�A
lice�
, pro
of I�
m A
lice}
gAB
mod
p
gBm
od p
, non
ceB
{�B
ob�,
pro
of I�
m B
ob}g
AB
mod
p
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8585
Gen
eral
idea
of I
KEv2
Gen
eral
idea
of I
KEv2
!!It
�s ju
st
It�s
just
Diff
ieD
iffie
-- Hel
lman
Key
Exc
hang
e!H
ellm
an K
ey E
xcha
nge!
Alic
eB
obgA
mod
p, n
once
A
{�A
lice�
, pro
of I�
m A
lice}
gAB
mod
p
gBm
od p
, non
ceB
{�B
ob�,
pro
of I�
m B
ob}g
AB
mod
p
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8686
Inte
rnet
Key
Exc
hang
e (I
KE)
Inte
rnet
Key
Exc
hang
e (I
KE)
!!Re
sync
hron
ize
two
ends
of a
n Re
sync
hron
ize
two
ends
of a
n IP
sec
IPse
cSASA
""Ch
oose
cry
ptog
raph
ic k
eys
Choo
se c
rypt
ogra
phic
key
s""
Rese
t seq
uenc
e nu
mbe
rs to
zer
oRe
set s
eque
nce
num
bers
to z
ero
""A
uthe
ntic
ate
endp
oint
sA
uthe
ntic
ate
endp
oint
s!!
Sim
ple,
rig
ht?
Sim
ple,
rig
ht?
""D
esig
n ev
olve
d in
to s
omet
hing
ver
y D
esig
n ev
olve
d in
to s
omet
hing
ver
y co
mpl
exco
mpl
ex
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8787
IKE
Cont
ende
rsIK
E Co
nten
ders
!!Ph
otur
isPh
otur
is: S
igne
d : S
igne
d D
iffie
Diff
ie-- H
ellm
an,
Hel
lman
, st
atel
ess
cook
ies,
opt
iona
l hid
ing
stat
eles
s co
okie
s, o
ptio
nal h
idin
g en
dpoi
nt ID
sen
dpoi
nt ID
s!!
SKIP
: SK
IP: D
iffie
Diff
ie-- H
ellm
an p
ublic
key
s, s
o if
Hel
lman
pub
lic k
eys,
so
if yo
u kn
ow s
omeo
ne�s
pub
lic k
ey
you
know
som
eone
�s p
ublic
key
ggBB, ,
you
auto
mat
ical
ly k
now
a s
hare
d yo
u au
tom
atic
ally
kno
w a
sha
red
secr
et
secr
et gg
AB
AB. E
ach
. Eac
h m
sgm
sgst
arts
wit
h pe
rst
arts
wit
h pe
r --m
sgm
sgke
y S
encr
ypte
d w
ith
key
S en
cryp
ted
wit
h ggA
BA
B
!!A
nd th
e w
inne
r w
as...
And
the
win
ner
was
...
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8888
ISA
KMP
ISA
KMP
!!In
tern
et S
ecur
ity A
ssoc
iatio
n an
d Ke
y In
tern
et S
ecur
ity A
ssoc
iatio
n an
d Ke
y M
anag
emen
t Pro
toco
lM
anag
emen
t Pro
toco
l!!
Gift
to th
e IE
TF fr
om N
SAG
ift to
the
IETF
from
NSA
!!A
�fr
amew
ork�
, not
a p
roto
col.
A �
fram
ewor
k�, n
ot a
pro
toco
l. Co
mpl
ex e
ncod
ings
. Fle
xibl
e ye
t Co
mpl
ex e
ncod
ings
. Fle
xibl
e ye
t co
nstr
aini
ng.
cons
trai
ning
.!!
Two
�pha
ses�
. Pha
se 1
exp
ensi
ve,
Two
�pha
ses�
. Pha
se 1
exp
ensi
ve,
esta
blis
hes
a se
ssio
n ke
y w
ith
whi
ch to
es
tabl
ishe
s a
sess
ion
key
wit
h w
hich
to
nego
tiat
e m
ulti
ple
phas
e 2
sess
ions
nego
tiat
e m
ulti
ple
phas
e 2
sess
ions
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
8989
Inte
rnet
Key
Exc
hang
e (I
KE)
Inte
rnet
Key
Exc
hang
e (I
KE)
!!Ph
ase
IPh
ase
I""
Esta
blis
h a
secu
re c
hann
el (I
SAKM
P SA
)Es
tabl
ish
a se
cure
cha
nnel
(ISA
KMP
SA)
""A
uthe
ntic
ate
com
pute
r id
enti
tyA
uthe
ntic
ate
com
pute
r id
enti
ty!!
Phas
e II
Phas
e II
""Es
tabl
ishe
s a
secu
re c
hann
el b
etw
een
Esta
blis
hes
a se
cure
cha
nnel
bet
wee
n co
mpu
ters
inte
nded
for
the
tran
smis
sion
co
mpu
ters
inte
nded
for
the
tran
smis
sion
of
dat
a (I
PSEC
SA
)of
dat
a (I
PSEC
SA
)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9090
Inte
rnet
Key
Exc
hang
e (I
KE)
Inte
rnet
Key
Exc
hang
e (I
KE)
!!IK
Ev1
auth
ors
trie
d to
fit a
cade
mic
IK
Ev1
auth
ors
trie
d to
fit a
cade
mic
pa
pers
(SKE
ME,
OA
KLEY
) int
o IS
AKM
Ppa
pers
(SKE
ME,
OA
KLEY
) int
o IS
AKM
P!!
Mos
tly a
rew
ritin
g of
ISA
KMP,
but
not
M
ostly
a r
ewri
ting
of IS
AKM
P, b
ut n
ot
self
self
-- con
tain
ed. U
ses
ISA
KMP
cont
aine
d. U
ses
ISA
KMP
!!Si
nce
both
so
badl
y w
ritt
en, h
adn�
t Si
nce
both
so
badl
y w
ritt
en, h
adn�
t go
tten
thor
ough
rev
iew
gott
en th
orou
gh r
evie
w""
Real
ly 3
+ s
pecs
(ISA
KMP,
IKE,
DO
I)Re
ally
3+
spe
cs (I
SAKM
P, IK
E, D
OI)
""Pl
us a
few
mor
e (N
AT
trav
ersa
l, et
c.)
Plus
a fe
w m
ore
(NA
T tr
aver
sal,
etc.
)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9191
Imag
ine
150
page
s of
this
!Im
agin
e 15
0 pa
ges
of th
is!
!!W
hile
Oak
ley
defin
es �
mod
es�,
W
hile
Oak
ley
defin
es �
mod
es�,
IS
AKM
P de
fines
�ph
ases
�. T
he
ISA
KMP
defin
es �
phas
es�.
The
re
latio
nshi
p be
twee
n th
e tw
o is
ver
y re
latio
nshi
p be
twee
n th
e tw
o is
ver
y st
raig
htfo
rwar
d an
d IK
E pr
esen
ts
stra
ight
forw
ard
and
IKE
pres
ents
di
ffer
ent e
xcha
nges
as
mod
es w
hich
di
ffer
ent e
xcha
nges
as
mod
es w
hich
op
erat
e in
one
of t
wo
phas
es.
oper
ate
in o
ne o
f tw
o ph
ases
.��
RFC
RFC
2409
2409
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9292
IKE
IKE
!!Tw
o ph
ases
, lik
e IS
AKM
PTw
o ph
ases
, lik
e IS
AKM
P!!
Phas
e 1
is 8
pro
toco
ls!
Phas
e 1
is 8
pro
toco
ls!
""Tw
o �m
odes
�: a
ggre
ssiv
e (3
Tw
o �m
odes
�: a
ggre
ssiv
e (3
msg
sm
sgs )
, and
),
and
mai
n (6
m
ain
(6 m
sgs
msg
s ))""
Mai
n do
es m
ore,
like
hid
ing
endp
oint
M
ain
does
mor
e, li
ke h
idin
g en
dpoi
nt
iden
tifie
rsid
enti
fiers
!!Ph
ase
2 kn
own
as �
quic
k m
ode�
Phas
e 2
know
n as
�qu
ick
mod
e�!!
So 9
pro
toco
ls (8
for
phas
e 1,
+ p
hase
2)
So 9
pro
toco
ls (8
for
phas
e 1,
+ p
hase
2)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9393
Gen
eral
Idea
of A
ggre
ssiv
e M
ode
Gen
eral
Idea
of A
ggre
ssiv
e M
ode
Alic
eB
obI�
m A
lice,
gA
mod
p, n
once
A
proo
f I�m
Alic
e
I�m
Bob
, gB
mod
p, p
roof
I�m
Bob
, non
ceB
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9494
Gen
eral
Idea
of M
ain
Mod
eG
ener
al Id
ea o
f Mai
n M
ode
Alic
eB
ob
gAm
od p
, non
ceA
{�A
lice�
, pro
of I�
m A
lice}
key
var
iant
-dep
ende
nt
gBm
od p
, non
ceB
cryp
to su
ites I
supp
ort
cryp
to su
ites I
cho
ose
{�B
ob�,
pro
of I�
m B
ob}
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9595
Gen
eral
idea
of Q
uick
Mod
eG
ener
al id
ea o
f Qui
ck M
ode
IKE-
SA, Y
, tra
ffic
, SPI
A, [
gAm
od p
]
IKE-
SA, Y
, ack
IKE-
SA, Y
, tra
ffic
, SPI
B, [
gBm
od p
]
Alic
eB
ob
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9696
Mai
nM
ain --
Mod
eM
ode --
Pres
hare
dPr
esha
red
key
Ske
y S
Alic
eB
ob
gAm
od p
, non
ceA
{�A
lice�
, pro
of I�
m A
lice}
f(S,
gAB)
gBm
od p
, non
ceB
cryp
to su
ites I
supp
ort
cryp
to su
ites I
cho
ose
{�B
ob�,
pro
of I�
m B
ob}
f(S,
gAB)
Add
itio
nal I
PSEC
Top
ics
Add
itio
nal I
PSEC
Top
ics
(if w
e ha
ve ti
me)
(if w
e ha
ve ti
me)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9898
IPSE
C Bu
ndlin
g/W
rapp
ing
IPSE
C Bu
ndlin
g/W
rapp
ing
!!M
ulti
ple
IPSE
C tr
ansf
orm
s m
ay b
e M
ulti
ple
IPSE
C tr
ansf
orm
s m
ay b
e w
rapp
ed s
ucce
ssiv
ely
arou
nd a
sin
gle
wra
pped
suc
cess
ivel
y ar
ound
a s
ingl
e IP
dat
agra
mIP
dat
agra
m""
Exam
ple:
IPSE
C tr
ansp
ort s
ent o
ver
an
Exam
ple:
IPSE
C tr
ansp
ort s
ent o
ver
an
IPSE
C tu
nnel
IPSE
C tu
nnel
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
9999
Send
ing
in T
rans
port
Mod
eSe
ndin
g in
Tra
nspo
rt M
ode
App
licat
ion
App
licat
ion
Tran
spor
tTr
ansp
ort
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
Phys
ical
Phys
ical
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
100
100
Send
ing
in T
unne
l Mod
eSe
ndin
g in
Tun
nel M
ode
Phys
ical
Phys
ical
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
Inne
rIn
ner
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
aIP
Sec
IPSe
cO
uter
Out
erIPIP
Phys
ical
Phys
ical
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
101
101
Rece
ivin
g in
Tun
nel M
ode
Rece
ivin
g in
Tun
nel M
ode
Phys
ical
Phys
ical
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
Inne
rIn
ner
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
aIP
Sec
IPSe
cO
uter
Out
erIPIP
Phys
ical
Phys
ical
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
102
102
Rece
ivin
g in
Tra
nspo
rt
Rece
ivin
g in
Tra
nspo
rt
Mod
eM
ode
App
licat
ion
App
licat
ion
Tran
spor
tTr
ansp
ort
IPIP
Phys
ical
Phys
ical
IPSe
cIP
Sec
Phys
ical
Phys
ical
IPIPIP
Sec
IPSe
cTC
PTC
PA
pplic
atio
nA
pplic
atio
nD
ata
Dat
a
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
103
103
Wha
t is
Net
wor
k A
ddre
ss
Wha
t is
Net
wor
k A
ddre
ss
Tran
slat
ion
(NA
T) ?
Tran
slat
ion
(NA
T) ?
!!N
etw
ork
Add
ress
Tra
nsla
tion
(NA
T)N
etw
ork
Add
ress
Tra
nsla
tion
(NA
T)""
Dyn
amic
ally
mod
ifies
sou
rce
addr
ess
Dyn
amic
ally
mod
ifies
sou
rce
addr
ess
""D
ynam
ical
ly
Dyn
amic
ally
rec
ompu
tes
reco
mpu
tes
inte
rior
UD
P/TC
P in
teri
or U
DP/
TCP
chec
ksum
s ch
ecks
ums
!!Po
rt A
ddre
ss T
rans
latio
n (P
AT)
Port
Add
ress
Tra
nsla
tion
(PA
T)""
Dyn
amic
ally
mod
ifies
TCP
/UD
P so
urce
D
ynam
ical
ly m
odifi
es T
CP/U
DP
sour
ce
addr
ess
and
port
addr
ess
and
port
""D
ynam
ical
ly
Dyn
amic
ally
rec
ompu
tes
reco
mpu
tes
inte
rior
UD
P/TC
P in
teri
or U
DP/
TCP
chec
ksum
sch
ecks
ums
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
104
104
10.0
.0.3
, 118
5, 2
3 =1
72.3
1.24
9.14
TC
PIP
Stac
k
NA
TsN
ATs
Rew
rite
Add
ress
/Por
t Pai
rsRe
wri
te A
ddre
ss/P
ort P
airs
Ker
nel
Use
r
10.0
.0.2
, 118
5, 2
3 =1
72.3
1.24
9.14
10.0
.0.2
131.
107.
1.7
DSN
AT
Inte
rcep
t10
.0.0
.213
1.10
7.1.
7DS
10.0
.0.2
131.
107.
1.7
DS
172.
31.2
49.1
413
1.10
7.1.
7DS
172.
31.2
49.1
413
1.10
7.1.
7DS
Tran
slat
ion
Tabl
e
Ker
nel m
ode
firew
all h
ook
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
105
105
IPSE
C A
H a
nd N
AT
IPSE
C A
H a
nd N
AT
!!Ch
ange
in a
ddre
ss o
r po
rt w
ill c
ause
Ch
ange
in a
ddre
ss o
r po
rt w
ill c
ause
m
essa
ge in
tegr
ity
chec
k to
fail
mes
sage
inte
grit
y ch
eck
to fa
il ""
Pack
et w
ill b
e re
ject
ed b
y de
stin
atio
n IP
SEC
Pack
et w
ill b
e re
ject
ed b
y de
stin
atio
n IP
SEC
""A
H c
anno
t be
used
with
NA
T or
PA
T de
vice
sA
H c
anno
t be
used
with
NA
T or
PA
T de
vice
s
Dat
aD
ata
TCP
Hdr
TCP
Hdr
AH
Hdr
AH
Hdr
Orig
IP H
drO
rig IP
Hdr
Mes
sage
Inte
grity
Che
ck c
over
age
(exc
ept f
or m
utab
le fi
elds
)M
essa
ge In
tegr
ity C
heck
cov
erag
e (e
xcep
t for
mut
able
fiel
ds)
Janu
ary
24, 2
006
Janu
ary
24, 2
006
Prac
tical
Asp
ects
of M
oder
n Cr
ypto
grap
hyPr
actic
al A
spec
ts o
f Mod
ern
Cryp
togr
aphy
106
106
IPSE
C ES
P an
d N
AT
IPSE
C ES
P an
d N
AT
!!Ca
n ch
ange
IP h
eade
r in
spe
cial
cas
es o
nly
Can
chan
ge IP
hea
der
in s
peci
al c
ases
onl
y""
Spec
ial T
CP/U
DP
igno
res
pseu
do h
eade
r use
d in
Sp
ecia
l TCP
/UD
P ig
nore
s ps
eudo
hea
der u
sed
in
chec
ksum
cal
cula
tion
chec
ksum
cal
cula
tion
!!Po
rt in
form
atio
n en
cryp
ted!
Port
info
rmat
ion
encr
ypte
d!!!
Can�
t cha
nge
ESP
head
er b
ecau
se in
tegr
ity
Can�
t cha
nge
ESP
head
er b
ecau
se in
tegr
ity
hash
cov
erag
eha
sh c
over
age
Dat
aD
ata
TCP
Hdr
TCP
Hdr
ESP
Hdr
ESP
Hdr
Orig
IP H
drO
rig IP
Hdr
ESP
Trai
ler
ESP
Trai
ler
ESP
Aut
hES
P A
uth
encr
ypte
den
cryp
ted
inte
grity
has
h co
vera
gein
tegr
ity h
ash
cove
rage
