Lecture 15: 1st November 2019

Question 1

What is SSL?

Answer 1

A protocol that enables encrypted communications over a network (the Internet). SSL is at the transport layer, sitting on top of TCP, and provides an application interface for secure and encrypted communications.

Question 2

What is TLS?

Answer 2

A cryptographic protocol implementing secure, encrypted communications over a network. It is at the transport and session layer and is on top of TCP, again providing an application interface for secure and encrypted communications.

Question 3

What is the difference between SSL and TLS?

Answer 3

SSL preceded TLS, TLS 1.0 was an upgrade of SSL 3.0. TLS has more modern cipher suites and hash algorithms. SSL has one certificate alert message only vs numerous alert messages in TLS. SSL MAC vs HMAC in TLS. Different handshake proceedure.

Question 4

How does handshaking work in SSL?

Answer 4

user asks a server for its SSL certificate; the server sends its certificate; user checks if they trust the certificate, if so, messaging the server to open an encrypted SSL session; server replies with a digitally signed ack to start the session.

Question 5

What is IPSec?

Answer 5

A framework of open standards for ensuring private, secure communications over IP networks through the use of end-to-end cryptographic security services. A suite of protocols that provide data authentication, integrity, and confidentiality.

Question 6

What is the SSL MAC?

Answer 6

MAC = Message Authentication Code = short piece of information used to authenticate a message and to provide integrity and authenticity assurances on the message.

Question 7

What is the TLS HMAC?

Answer 7

keyed-hash message authentication code = a specific type of MAC, different than that found in SSL.

Question 8

What is the difference between the SSL MAC and the TLS HMAC?

Answer 8

HMAC includes encrypting the digest of the hash function used with a key negotiated with the other host. HMAC produces an integrity check value as the MAC does, but uses a hash function to strengthen it. There is also more padding than with TLS.

Question 9

What are some sources of vulnerabilities or ways to find them?

Answer 9

Precursors: Port Scan, Social Engineering, Reconnaissance, Application Fingerprinting.

Authentication: Impersonation, Eavesdropping, spoofing, session hijacking

Confidentiality: Protocol Flaws, Eavesdropping, wiretap, misdelivery, exposure, traffic flow analysis, cookies.

Integrity: Protocol Flaws, wiretap, falsification of messages, network noise,

DNS attack Availability: Protocol Flaws, Component Failure, DoS, Traffic redirection, ping of death, smurf, syn flood.

Programming Flaws: Buffer overflows, addressing errors, cookies, Java, ActiveX malicious code, viruses, etc.

Mobile Agents: malicious agents, webbots.

Question 10

Which computers are involved in IPSec protection?

Answer 10

The sender and receiver only

Question 11

Why are a strong cryptographic key and authentication algorithm both needed with encrypted comms?

Answer 11

A strong cryptographic key with a weak authentication algorithm may allow attacker disruption; weak encryption and strong authentication can allow decryption.

Question 12

What is the drawback of having both a strong cryptographic key and a strong authentication algorithm?

Answer 12

cost of transmission rate and CPU time

Question 13

How does handshaking work in TLS?

Answer 13

client hello; sever hello + certificate, ask for client certificate, and key exchange; the client sends certificate, finishes key exchange, verifies server certificate, and choose cipher spec; server confirms cipher spec and checks client certificate.

Question 14

What are the two modes of use of IPSec?

Answer 14

transport and tunnel mode

Question 15

What is an AH in IPSec?

Answer 15

Authentication Header: a security mechanism to ensure the authenticity and integrity of packets. It adds an extra header containing the message digest of the whole datagram.

Question 16

What is an ESP in IPSec?

Answer 16

Encapsulated Security Payload: a security mechanism to ensure the confidentiality, integrity, and authenticity of packet payloads. Adds a header with the digest of a hash of the payload and encrypts the payload.

Question 17

What are the key features of IPSec?

Answer 17

Collection of standards for end-to-end security on IP networks. IPSec was developed to address the needs for data security, integrity, authentication, and protection for network connections which are connectionless and stateless.

Provides security at the network layer:

• All IP datagrams covered.
• No re-engineering of applications.
• Transparent to upper layers.

Mandatory for IPv6, optional for IPv4.

Question 18

What is an SPI?

Answer 18

Security Parameters Index = an ESP header that identifies which algorithms and keys are to be used for IPSec processing.

Question 19

What are the key features of IPSec’s transport mode?

Answer 19

When you can connect directly between two IPSec-aware hosts as endpoints. Make host-host (end-to-end) security. IPSec processing at each endpoint. Source and destination addresses are unencrypted.

Question 20

What are the key features of IPSec’s tunnel mode?

Answer 20

For IPsec-unaware hosts, tunnel established by intermediate gateways or host OS. A tunnel is established between IPSec gateways; IP packets are encapsulated inside of IPSec packets which are transferred between the gateways before the original IP packet is sent from the receiving gateway by de-encapsulating the IPSec packet.

Question 21

What does the CIA acronym stand for?

Answer 21

confidentiality; integrity; authentication

Question 22

How does the CIA acronym apply to ESP?

Answer 22

• Confidentiality: encrypted inner IP datagram, including original S/D addresses, not visible to intermediate routers.
• Integrity: hash of ESP
• Authentication: PSKs

Question 23

What is a SA in IPSec?

Answer 23

Security Association = a unidirectional relationship between a sender and receiver. It specifies the processing to be applied to this datagram from this sender to this receiver.

The establishment of shared security attributes between two network entities to support secure communication. An SA may include: cryptographic algorithm and mode; traffic encryption key; parameters for the network data to be passed over the connection.

Question 24

What is a PSK in IPSec?

Answer 24

Pre-shared Key = a symmetric key used to establish mutual authentication and allow IKE

Question 25

What does an SPI in IPSec contain?

Answer 25

A Security Parameter Index (SPI) which identifies the Security Association (SA) for the IP packet. The SPI and a sequence number constitute the ESP header.

Question 26

How does a SA in IPSec work in transport mode?

Answer 26

Transport Mode SA - operates between hosts, the original source and destination IP addresses are readable, the hosts do their own AH encapsulation of their data.

A risk exists because the IPSec header sits within the original IP header. This allows an attacker to make intelligent guesses as to where servers are on a network and begin to build a picture of the network.

Transport mode is when the payload only is encrypted.

Question 27

How does a SA in IPSec work in tunnel mode?

Answer 27

Tunnel Mode SA - this operates normally between routers/ firewalls or router to host and is used in the VPN environment. These are often called Security Gateways or IPsec Gateways because the Gateways provide AH/ESP services to other hosts.

This SA is more secure because a new IP header unrelated to the hosts using the tunnel is created around the IPsec datagram.

The original IP header is included within the encrypted IPSec datagram and so the addresses of the originating devices are hidden.

Question 28

What does a SA in IPSec contain?

Answer 28

SA = SPI (Sec Parameter index) + Source address+ Destination address+ security protocol (AH or ESP) + algorithm type +keys + key lifetimes + Initialization Vectors (IVs) + sequence number + anti-replay + (tunnel or transport) mode.

Question 29

How do SAs work?

Answer 29

Active SAs are held in a database (SAD).

Each entry in the Security Association Database (SAD) must indicate whether the SA lookup makes use of the destination, or destination and source IP addresses in addition to the SPI.

For each inbound IPsec-protected packet, search the SAD such that the entry that matches the “longest” SA identifier is found.

1. Search the SAD for a match on (SPI, destination address, source address); if a SAD entry matches, then process the inbound packet with that entry.
2. Otherwise, search the SAD for a match on (SPI, destination address); if a SAD entry matches, then process the inbound packet with that entry.
3. Otherwise, search the SAD for a match on only (SPI) if the receiver has chosen to maintain a single SPI space for AH and ESP, or on (SPI, protocol) otherwise; if a SAD entry matches, then process the inbound packet with that entry.
4. Otherwise, discard the packet and log an auditable event

Question 30

How is IPSec security policy defined?

Answer 30

Rules stored in a Security Policy Database (SPD). SPD consulted for each
outbound & inbound packet.

Rules decide if packets should be dropped, passed through, encrypted, or MACed, and which key and algorithm to apply

Fields in IP datagram compared to fields in SPD entries to find a match based on source and destination addresses (ranges of addresses stored in SPD), transport layer protocol, and transport layer port numbers, etc.

A match identifies a Security Association (SA) or a group of SAs (or the need for new SA).

Question 31

Why does IPSec require many keys?

Answer 31

One key per SA and one SA per combo of ESP/SH, tunnel/transport, and sender and receiver addresses

Question 32

Where can IPSec obtain keys and SAs?

Answer 32

Manual keying: works for a small number of nodes but hopeless for reasonably sized networks of IPsec-aware hosts; requires manual re-keying.
IKE: Internet Key Exchange; many options and parameters.

Question 33

What are the 5 basic steps by which IPSec works?

Answer 33

1. Host A sends traffic to B
2. Router for A and B negotiate an IKE phase 1 session
3. Router for A and B negotiate an IKE phase 2 session
4. Router for A and B exchange info over an IPSec tunnel
5. The IPSec tunnel is closed

Question 34

What are the security properties of IKEs?

Answer 34

Entity authentication of participating parties. Establish a fresh shared secret, to derive further keys:

• for protecting IKE management channel,
• for SAs for general use.

Secure negotiation of all algorithms.
- Authentication method, key exchange method, encryption and MAC algorithms, hash algorithms.

Resistance to Denial-of-Service attacks. Options for perfect forward secrecy, deniable authentication and identity protection.

Question 35

What is IKE?

Answer 35

Internet Key Exchange = the protocol used to set up a security association (SA) and keys in IPsec. It uses Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.

Question 36

How are IKEs made?

Answer 36

request to init SA and ack; request to authenticate IKE and then crypto proof of identity given; then make and define SAs, exchanging keys with D-H key exchange

Question 37

What is a tunnel?

Answer 37

An encapsulated data exchange between a sender and intermediary host who relays the original, de-encapsulated message to the intended receiver, which usually makes the original message unreadable.

Question 38

What is a VPN?

Answer 38

Virtual Private Network = an encrypted connection over the Internet from a host to a remote device that connects it to a remote network, using tunnelling.

Question 39

What is PPTP?

Answer 39

Point-to-Point Tunneling Protocol: an obsolete protocol for connecting to VPNs.

Question 40

What is L2TP?

Answer 40

Layer 2 Tunneling Protocol: a network tunnelling protocol for connecting to VPNs.

Question 41

What is LDAP?

Answer 41

Lightweight Directory Access Protocol (LDAP) = a client/server protocol used to access and manage directory information and which can be used to connect to VPNs.

Question 42

What protocols do VPNs use to work?

Answer 42

PTP, L2TP, LDAP, SSL.

Question 43

What are the differences and similarities between SSL and IPSec?

Answer 43

Both SSL and IPSec require SHA-1 or MD5. Both use Authentication Algorithms but IPSec has mutual authentication through a PSK. Both can use RSA/DSA Digital Signatures.

SSL VPNs allows an application streams between the users and the applications but IPSec can connect remote networks and hosts.

IPSec can support a variety of IP applications, but SSL VPNs are usually through browsers or a private gateway each of which can be set up differently.

SSL Source and Destination addresses not encrypted. Process is initiated via a handshake with a ciphersuite chosen by server from list provided by client. May even be a Digital Certificate.

IPSEC:

• May require os support as many kernels don’t allow access/manipulation of IP headers
• Requires client software which means BYOD may not be applicable.
• In tunnel mode creates visibility to a server’s network and therefore (possibly) to applications or files.
• Requires dedicated network layer connection, therefore need extra resources and checks on privileges.

SSL VPN:

• Can be highly granular with respect to an application, end user functions may be controlled better.
• Browsers often include SSL so they can offer clientless remote access.

Question 44

What does an IPSec AH do?

Answer 44

The Authentication Header provides connectionless data integrity and data origin authentication.

• Authenticates whole payload and most of the header.
• Prevents IP address spoofing: source IP address is authenticated.
• Creates stateful channels using sequence numbers. Prevents replay of old datagrams: AH sequence number is authenticated.
• Uses MAC and secret key shared between endpoints.

Question 45

What does an IPSec ESP do?

Answer 45

Encapsulating Security Payload (ESP) provides one or both of:

• Confidentiality for payload/inner datagram; sequence number not protected by encryption.
• Authentication of payload/inner datagram, but not of the outer IP header.

Symmetric encryption and MACs based on secret keys shared between endpoints. ESP specifies the header and trailer to be added to IP datagrams.

Question 46

What is a SAD?

Answer 46

A Security Association Database. An SA is a unidirectional relationship between a sender and receiver. It specifies the processing to be applied to this datagram from this sender to this receiver.

SADs are queried to get SAs for every session.

Question 47

What is an AH ICV?

Answer 47

An integrity check value within the Authentication Header protocol. A variable-length immutable field added to a packet’s payload before encryption to verify its integrity upon decryption.