ISCSI Security Layer Protocol

ISCSI Security Layer Protocol PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on
  • Presentation posted in: General

Outline. IntroductioniSCSI security architectureConnection setupLogin phaseAuthentication phaseSecure session. Introduction. MotivationTo enable the creation of private SANs within common SAN/LAN systemsTo guarantee any confidential information on the network trafficTo guarantee integrity o

Download Presentation

ISCSI Security Layer Protocol

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. iSCSI Security Layer Protocol IETF Internet Draft Yaron Klein, Eyal Felstaine

2. Outline Introduction iSCSI security architecture Connection setup Login phase Authentication phase Secure session

3. Introduction Motivation To enable the creation of private SANs within common SAN/LAN systems To guarantee any confidential information on the network traffic To guarantee integrity of the network storage The iSCSI security layer is a secure protocol integrated with the iSCSI protocol.

4. iSCSI Security Architecture The protocol consists of 3 main phases. Login phase Ė key exchange & the negotiation of algorithms and parameters Authentication phase and secure session

5. Connection Setup TCP/IP connection establishment Protocol version string exchange The beginning of login phase

6. Key Exchange Algorithm negotiation

7. Key Exchange (Contíd) Diffie-Hellman key exchange protocol - p : large prime number, g : generator, V_S : serverís version string, V_C : clientís version string, K_S : serverís public host key, I_C : clientís KEXINIT message, I_S : serverís KEXINIT message The client sends :

8. Key Exchange (Contíd) The server receives the message from the client. - - shared secret - The server responds with : The client receives the response of the server. - - shared secret

9. Authentication Phase Public key authentication and password authentication Public key authentication Checking whether the server supports requested authentication The server responds to this message : - iSCSI_MSG_USERAUTH_FAILURE - iSCSI_MSG_USERAUTH_PK_OK

10. Authentication Phase (Contíd) The client sends a signature generated using the private key. The server responds with : - iSCSI_MSG_USERAUTH_SUCCESS (authentication is complete.) - iSCSI_MSG_USERAUTH_FAILURE

11. Secure Session Service request Clientís request Serverís response - iSCSI_MSG_DISCONNECT -

  • Login