Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

S&A > 6- crypto applications: SSL/TLS, Kerberos > Flashcards

6- crypto applications: SSL/TLS, Kerberos Flashcards

1
Q

Services provided by primitives

A

Encryption - C
Hash - DI/2
MAC - DI, DOA, NR/2
Dsign - DI, DOA, NR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Primitives that cannot be used for services

A

MAC - not C
Dsign - not C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TLS

A

main security protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Primitives of TLS

A
  • PK crypto - to establish symmetric keys
  • Dsign - EA through signed certificates -> EA
  • MACs - DOA -> EA
  • Sym Enc. -> C
  • hash -> MACs, Dsigns, key derivation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cipher suite

A

set of primitives used for communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TLS parts

A

1- handshake protocol - agreement b/w entities:
- cipher suite
- establish EA
- establich keys for securing the channel
2- record protocol - implement secure channel:
- format data (blocks etc)
- compute MACs from data
- encrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TLS handshake protocol

A

1- client request
2- server response
3- pre-master secret transfer
4- client finished
5- server finished

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Client request

A
  • sesion ID
  • pseudorandom r
  • list of ciphersuits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Server response

A
  • session ID
  • pseudorandom r (server’s freshness)
  • cipher-suite from client’s list
  • copy of servers PK certificate (+its chain)
  • Ephemeral DH for establishing keys => fresh set of params for it
  • client checks validity of server’s PK certificate
  • if eph DH => client verifies dsign on the DH params
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Pre-master secret transfer

A
  • need to agree on secret Kp
  • RSA: client pseudorandomly generates Kp, encrypts with servers PK, sends to server
  • Eph. DH => client generates fresh DH key pair, sends public part to server, then both compute DH secret Kp
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Key derivation

A

1- both use key derivation function:
f (rc, Kp), f (rs, Kp) => Km
2- both use Km for MAC and encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Client finished

A

1- client computes MAC (HMAC) on the has of messages sent, encrypts, sends to server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Server finished

A

1- server checks MAC received from the client
2- server computes MAC on hash of all sent messages
3- server encrypts MAC and sends to client

client checks MAC from server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TSL with client authentication

A

not always required

after pre-master secret transfer:
client authentication data: client sends a copy of its PK certificate to the server
- PK = verification key
- client hashes all protocol messages, signs them with client’s signature key
- server checks validity of client’s certificate
- server verifies clients Dsign at the end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TSL record protocol

A

derivation of data:
- symmetric session keys
- symmetric MAC keys
- any required IVs

derivation: Km is input, rc and rs are inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

S&A (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions