Home > Articles

This chapter is from the book

1.5 Cryptographically Protected Sessions

When Alice and Bob use modern cryptography and protocols, such as IPsec (Chapter 12) or TLS (Chapter 13), they first exchange a few messages in which they establish session secrets. These session secrets allow them to encrypt and integrity-protect their conversation. Although their physical connectivity is a path across the Internet, once Alice and Bob create the protected session, data that they send to each other is as trustworthy as if they had a private physically protected link.

There are various terms for this type of protected session. We will usually refer to it as a secure session. It is considered good security practice to use several cryptographic keys in a secure session between Alice and Bob. For example, there might be different session keys for

  • encryption of Alice to Bob traffic,

  • encryption of Bob to Alice traffic,

  • integrity protection of Alice to Bob traffic, and

  • integrity protection of Bob to Alice traffic.

Alice and Bob will each have a database describing their current secure sessions. The information in the database will include information such as how the session will be identified on incoming data, who is on the other end of the session, which cryptographic algorithms are to be used, and the sequence numbers for data to be sent or received on the session.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.