Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application Layer TLS draft-friel-tls-atls-00

Published byGriselda Evans Modified over 5 years ago

Similar presentations

Presentation on theme: "Application Layer TLS draft-friel-tls-atls-00"— Presentation transcript:

1 Application Layer TLS draft-friel-tls-atls-00
Friel, Barnes, Pritikin - cisco Tschofenig – ARM Baugher - Consultant

2 Summary and Goals ATLS Summary Goals
Establish end-to-end encrypted channel / shared encryption keys between client and server over untrusted transport Achieved by exchanging TLS Handshake Records at the application layer between client and service over untrusted transport Where transport includes gateways, middleboxes; using HTTP, CoAP, Zigbee, etc. Define packaging and content type to explicitly identify ATLS payload to middleboxes Goals Based on Monday’s reasonably positive* ATLS Lunch Meeting determine if this warrants further investigation and assessment Determine best path forward: Adoption by a WG? New mini-WG? *Show of hands indicated ~10 people (30%) interested in further investigation Two primary concerns raised: DKG – future AATLS, AAATLS, etc.; P.McM – HTTP is an unreliable transport substrate

3 Use Cases – Bootstrapping Devices
Bootstrapping device that needs to establish trust in network layer TLS middlebox by downloading trust anchors from service

4 Use Cases – Constrained Devices
Constrained device / thing connecting via a gateway to a mobile app where data must be protected from gateway Constrained device / thing connecting via an internet gateway to a cloud service where data must be protected from gateway

5 Implementation Options
D/TLS Data Records Encrypted Data transported inside D/TLS Records Key exporting ATLS only used for handshake (2xRTT) and key exporting Data encrypted by application using shared keys

6 Encrypted Data Transport Layering
D/TLS Data Records Key exporting

Download ppt "Application Layer TLS draft-friel-tls-atls-00"

Similar presentations

Internet Security Protocols

Internet Security Protocols
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Datagram. Definition A datagram is an independent, self- contained message sent over the network whose arrival, arrival time, and content are not guaranteed.

Datagram. Definition A datagram is an independent, self- contained message sent over the network whose arrival, arrival time, and content are not guaranteed.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.

IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
Emerging Solutions in Network Time Synchronization Security

Emerging Solutions in Network Time Synchronization Security
The Internet of Things ... Babel

The Internet of Things ... Babel
Computer and Network Security

Computer and Network Security
The Secure Sockets Layer (SSL) Protocol

The Secure Sockets Layer (SSL) Protocol
Chapter 7 - Secure Socket Layer (SSL)

Chapter 7 - Secure Socket Layer (SSL)
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-401)
History and Implementation of the IEEE 802 Security Architecture

History and Implementation of the IEEE 802 Security Architecture

Similar presentations

Ads by Google