- 1.1 Opinions, Products
- 1.2 Roadmap to the Book
- 1.3 Terminology
- 1.4 Notation
- 1.5 Cryptographically Protected Sessions
- 1.6 Active and Passive Attacks
- 1.7 Legal Issues
- 1.8 Some Network Basics
- 1.9 Names for Humans
- 1.10 Authentication and Authorization
- 1.11 Malware: Viruses, Worms, Trojan Horses
- 1.12 Security Gateway
- 1.13 Denial-of-Service (DoS) Attacks
- 1.14 NAT (Network Address Translation)
This chapter is from the book
This chapter is from the book
This chapter is from the book
1.5 Cryptographically Protected Sessions
When Alice and Bob use modern cryptography and protocols, such as IPsec (Chapter 12) or TLS (Chapter 13), they first exchange a few messages in which they establish session secrets. These session secrets allow them to encrypt and integrity-protect their conversation. Although their physical connectivity is a path across the Internet, once Alice and Bob create the protected session, data that they send to each other is as trustworthy as if they had a private physically protected link.
There are various terms for this type of protected session. We will usually refer to it as a secure session. It is considered good security practice to use several cryptographic keys in a secure session between Alice and Bob. For example, there might be different session keys for
encryption of Alice to Bob traffic,
encryption of Bob to Alice traffic,
integrity protection of Alice to Bob traffic, and
integrity protection of Bob to Alice traffic.
Alice and Bob will each have a database describing their current secure sessions. The information in the database will include information such as how the session will be identified on incoming data, who is on the other end of the session, which cryptographic algorithms are to be used, and the sequence numbers for data to be sent or received on the session.