mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-28 23:34:05 -06:00
51 lines
1.2 KiB
Markdown
51 lines
1.2 KiB
Markdown
---
|
|
title: "25-network-security-2"
|
|
aliases:
|
|
tags:
|
|
- cosc203
|
|
- lecture
|
|
---
|
|
|
|
|
|
# TLS
|
|
- security protocol above transport layer.
|
|
- supported by most browsers
|
|
- prvides, confidentaility, integrity, authentication
|
|
- replaced SSL
|
|
|
|
- provides API that any application can use
|
|
- 
|
|
- QUIC and http3: moves transpor tlayer functions to app layer, on top of UDP
|
|
|
|
how
|
|
- handshake: use certificates, private keys to authenticate each other, exchange or create shared secret
|
|
- key derivation: use shared secret to derive set of keys
|
|
- data transfer: as a series of records, not just one time transactions
|
|
- connection closure: special message to close message
|
|
|
|
|
|
protocols
|
|
- handshake protocol
|
|
- changechipherspec protocol
|
|
- choose encryption algerithms
|
|
- alert Protocol
|
|
- terminate
|
|
- error reporting
|
|
- record protocol
|
|
- divide data to segments
|
|
- encrypt and authenticate and send
|
|
|
|
handshake
|
|
- 
|
|
|
|
cryptographic keys
|
|
- bad to use the same key for more than one crytographic algorithm (encryption and authentication)
|
|
- uses master secret
|
|
- 
|
|
|
|
|
|
# IPSec
|
|
|
|
# firewall
|
|
|
|
# IDS |