Cryptographic Protocols Flashcards
Lecture 18 (6 cards)
1
Q
What are Message Authentication Codes?
A
They are used to calculate a keyed hash of the message, then append it to the end of the message.
- They provide integrity and authenticity, but not confidentiality
2
Q
What are Length Extension attacks?
A
Assumes an attacker doesn’t know k, but they do know the keyed hash at the end of the message
3
Q
How do Length Extension attacks work?
A
- Observe message and keyed hash message
- Create a new attack message m|x
- Initialise hash function with an internal state of the keyed hash message
- Complete the hash with x to produce keyed hash attack message
4
Q
What is the Record Layer in TLS?
A
Uses established symmetric keys and other session info, will encrypt application packets
5
Q
What is the Handshake Layer in TLS?
A
Used to establish session keys, as well as authenticate either party - Usually the server using a public-key certificate
6
Q
What are the steps of the TLS handshake?
A
- Client says hello, with a random number and a list of supported cipher suites
- Server responds with a hello, random number, chosen cipher suite and its certificate
- Key exchange between the two parties is performed
- Client verifies the certificate that was originally sent by computing the digital signature with the public key and private key
- Sends conclusive finish messages before the connection is then deemed fully established
