Origin Authentication
IPSec guarantees that the endpoint of the connection is indeed the peer whom they claim to be. This check is performed via authentication during the D-H key agreement protocol. Remember, D-H is used to obtain a shared secret key over an unsecure medium. There are a few ways we can perform authentication for a peer:
Using a shared secret key
Using digital signatures
Using encrypted nonces
Preshared Keys
Both sides agree upon a shared secret key. (This is not one of the derived D-H keys.) What one sides encrypts, the other can decrypt, and it is therefore authentic.
RSA Signatures
RSAsignatures, also called digital signatures, allow both sides to obtain a digital certificate, which validates that a public key (remember RSA and ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.