SSL/TLS Flashcards
(27 cards)
what cryptographic algorithms does TLS/SSL support
RSA
DES
DH
specific cipher suite is negotiated at start of the session
what was SSL renamed to
TLS
what does an x.509 certificate contain:
subject (entity identity)
subjects public key
issuer’s name
what is the verification process of x.509 certificate
The issuer signs the hash of all the certificate data.
▶ To verify a certificate:
* Compute the hash of the data.
* Check the signature using the issuer’s public key.
▶ If I trust the issuer’s public key,
I can trust the subject’s public key.
what does it mean on a website when it says certificate is not valid
- TTP has not checked third party
what is in the internet protocol stack
top to bottom
application layer
transport layer
network layer
link/hardware layer
what does the tls layer run in between in the internet protocol stack.
application and transport layer
encryption apparent in application layer
Normal TCP and IP protocols etc , can be used in lower layers
decribe the TLS protocol
- C →S : ClientHello (Supported ciphers, random nonce)
- S →C : ServerHello (Chosen cipher, random nonce)
(basicaaly chooses a cipher) - S →C : Certificate (Server’s public key signed by CA)
- C →S : Key Exchange (Pre-master secret encrypted with Server’s public key)
- C →S : Finished (Client’s verification message)
- S →C : Finished (Server’s verification message)
Key Exchange Options:
▶ RSA: Client encrypts pre-master secret with server’s public key.
▶ Diffie-Hellman: Client and server derive a shared secret.
After the handshake, all communication is encrypted using the negotiated symmetric key
what are the key exchange options in TLS protocols
RSA: Client encrypts pre-master secret with server’s public key.
Diffie-Hellman: Client and server derive a shared secret.
what is the notation for TLS hanshake protocol
TLS Handshake Steps
1. C →S : NC
2. S →C : NS , CertS
3. C →S : ES (Kseed ), {Hash1}KCS
4. S →C : {Hash2}KCS
Hash Computation:
▶ Hash1 = #(NC , NS , ES (Kseed ))
▶ Hash2 = #(NC , NS , ES (Kseed ), {Hash1}KCS )
Session Key Generation:
▶ KCS = f (NC , NS , Kseed ) where KCS is the session key derived
from NC , NS and Kseed.
TLS Handshake Steps
1. C →S : NC
2. S →C : NS , CertS
3. C →S : ES (Kseed ), {Hash1}KCS
4. S →C : {Hash2}KCS
what is Hash1 and hash2 equal to
Hash1 = #(NC , NS , ES (Kseed ))
Hash2 = #(NC , NS , ES (Kseed ),{Hash1}KCS )
- C →S : NC
- S →C : NS , CertS
- C →S : ES (Kseed ), {Hash1}K_CS
- S →C : {Hash2}K_CS
what does K_CS
▶ KCS = f (NC , NS , Kseed ) where KCS is the session key derived
from NC , NS and Kseed.
what does C →S : ClientHello mean
give textual, mathematical notation and also explain what NC is for
▶ Textual: Client sends a random nonce and supported cipher list.
▶ Mathematical: C →S : NC
▶ NC is the client’s nonce, used in key derivation and preventing replay attacks.
what does S →C : ServerHello + Certificate mean
give textual, mathematical notation and also explain what NS and CertS is for
▶ Textual: Server responds with a random nonce and chosen cipher suite.
▶ Server sends its certificate (signed by CA).
▶ Mathematical: S →C : NS , CertS
▶ NS is the server’s random nonce, and CertS is the server certificate containing its public key
what does Key Exchange (C → S) mean
give textual, mathematical notation and also explain what ES (Kseed ): and Hash1 is for
Key Exchange (C → S)
▶ Textual: Client encrypts a pre-master secret with the server’s public key.
▶ Mathematical: C →S : ES (Kseed ), {Hash1}KCS
▶ ES (Kseed ): The pre-master secret encrypted with the server’s public key.
▶ Hash1 ensures integrity and is encrypted using the session key KCS.
what does Server Verifies and Responds (S → C) mean
give textual, mathematical notation and also explain what Hash2 is for
▶ Textual: Server verifies handshake and confirms key agreement.
▶ Mathematical: S →C : {Hash2}KCS
▶ Hash2 is computed over handshake data, confirming mutual agreement.
what is key derivation
give textual, mathematical notation and also explain what F is for
Textual: Both sides derive the session key using nonces and exchanged key
material.
▶ Mathematical: KCS = f (NC , NS , Kseed )
▶ f is a Key Derivation Function (KDF) that combines NC , NS , and Kseed to
generate KCS.
what are weaknesses in TLS
Configuration Weaknesses:
▶ Cipher Downgrading (forcing weaker ciphers)
▶ Self-Signed Certificates (no trusted authority)
what is a cipher downgrading attack
attacker forces use of weakest cipher
describe self signed certifcates and what their problem is
▶ Maintaining a set of certificates is hard (especially on apps and IoT devices).
▶ It’s much easier just to accept any certificate
(or certificates that sign themselves).
▶ What’s the problem?
▶ If the client accepts the self-signed certificates, then it’s easy to
man-in-the-middle.
▶ This has been shown to happen a lot in devices and code that use TLS!
is it safe if one side supports a weaker cipher suite then the other
Generally considered safe.
▶ Browser developers removed all weak ciphers, some remained in servers.
▶ This depends on different cipher suites being incompatible
what is a problem with diffie hellman in TLS
Many servers reuse the same small set of DH primes, making them
vulnerable to precomputation attacks
what is diffie hellman used for in TLS
for foward secrecy
what are the steps of logjam
Step 1: Man-in-the-Middle Attack
▶ The attacker intercepts the ClientHello message.
▶ The client proposes a strong Diffie-Hellman group (2048-bit).
▶ The attacker modifies this to request an export-grade 512-bit DH group.
Step 2: Server Accepts Weak DH Group
▶ The server allows the downgrade and responds with a weak DH group.
▶ The attacker can now easily compute the discrete log for the shared key.
