Lecture 15: 1st November 2019 Flashcards
Network Protocols: IPSec
What is SSL?
A protocol that enables encrypted communications over a network (the Internet). SSL is at the transport layer, sitting on top of TCP, and provides an application interface for secure and encrypted communications.
What is TLS?
A cryptographic protocol implementing secure, encrypted communications over a network. It is at the transport and session layer and is on top of TCP, again providing an application interface for secure and encrypted communications.
What is the difference between SSL and TLS?
SSL preceded TLS, TLS 1.0 was an upgrade of SSL 3.0. TLS has more modern cipher suites and hash algorithms. SSL has one certificate alert message only vs numerous alert messages in TLS. SSL MAC vs HMAC in TLS. Different handshake proceedure.
How does handshaking work in SSL?
user asks a server for its SSL certificate; the server sends its certificate; user checks if they trust the certificate, if so, messaging the server to open an encrypted SSL session; server replies with a digitally signed ack to start the session.
What is IPSec?
A framework of open standards for ensuring private, secure communications over IP networks through the use of end-to-end cryptographic security services. A suite of protocols that provide data authentication, integrity, and confidentiality.
What is the SSL MAC?
MAC = Message Authentication Code = short piece of information used to authenticate a message and to provide integrity and authenticity assurances on the message.
What is the TLS HMAC?
keyed-hash message authentication code = a specific type of MAC, different than that found in SSL.
What is the difference between the SSL MAC and the TLS HMAC?
HMAC includes encrypting the digest of the hash function used with a key negotiated with the other host. HMAC produces an integrity check value as the MAC does, but uses a hash function to strengthen it. There is also more padding than with TLS.
What are some sources of vulnerabilities or ways to find them?
Precursors: Port Scan, Social Engineering, Reconnaissance, Application Fingerprinting.
Authentication: Impersonation, Eavesdropping, spoofing, session hijacking
Confidentiality: Protocol Flaws, Eavesdropping, wiretap, misdelivery, exposure, traffic flow analysis, cookies.
Integrity: Protocol Flaws, wiretap, falsification of messages, network noise,
DNS attack Availability: Protocol Flaws, Component Failure, DoS, Traffic redirection, ping of death, smurf, syn flood.
Programming Flaws: Buffer overflows, addressing errors, cookies, Java, ActiveX malicious code, viruses, etc.
Mobile Agents: malicious agents, webbots.
Which computers are involved in IPSec protection?
The sender and receiver only
Why are a strong cryptographic key and authentication algorithm both needed with encrypted comms?
A strong cryptographic key with a weak authentication algorithm may allow attacker disruption; weak encryption and strong authentication can allow decryption.
What is the drawback of having both a strong cryptographic key and a strong authentication algorithm?
cost of transmission rate and CPU time
How does handshaking work in TLS?
client hello; sever hello + certificate, ask for client certificate, and key exchange; the client sends certificate, finishes key exchange, verifies server certificate, and choose cipher spec; server confirms cipher spec and checks client certificate.
What are the two modes of use of IPSec?
transport and tunnel mode
What is an AH in IPSec?
Authentication Header: a security mechanism to ensure the authenticity and integrity of packets. It adds an extra header containing the message digest of the whole datagram.
What is an ESP in IPSec?
Encapsulated Security Payload: a security mechanism to ensure the confidentiality, integrity, and authenticity of packet payloads. Adds a header with the digest of a hash of the payload and encrypts the payload.
What are the key features of IPSec?
Collection of standards for end-to-end security on IP networks. IPSec was developed to address the needs for data security, integrity, authentication, and protection for network connections which are connectionless and stateless.
Provides security at the network layer:
- All IP datagrams covered.
- No re-engineering of applications.
- Transparent to upper layers.
Mandatory for IPv6, optional for IPv4.
What is an SPI?
Security Parameters Index = an ESP header that identifies which algorithms and keys are to be used for IPSec processing.