The transport layer security protocol (TLS)

Question 1

What is TLS?

Answer 1

Cryptographic services protocol based on PKI

Runs primarly over TCP

Consist of 3 higher-level protocols

Question 2

What is TLS often used for?

Answer 2

To allow browsers to establish secure sessions with web servers

Question 3

What 3 higher level protocols does TCP consist of?

Answer 3

TLS handshake protocol to set up session

TLS alert protocol to signal events such as failures

TLS change cipher spec protocol to change the cryptographic algorithms

Question 4

What are the layers of the TLS: Protocol stack?

Answer 4

Handshake - Change cipher spec - alert - http or other

TLS record protocol

TCP

IP

Question 5

What does the TLS alert protocol do?

Answer 5

Handles connections by sending an “alert” message of various degrees of severity

Question 6

What are the three types of alerts in the alert protocol?

Answer 6

Warning alerts

close_notify alert

fatal alerts

Question 7

What can happen if we have improper handling of alert messages?

Answer 7

Truncation attacks

Question 8

What does the change cipher spec protocol do?

Answer 8

Normally used after handshake to indicate commencement of secure traffic

Question 9

What does TLS ciphersuites do?

Answer 9

Specify the public key algorithms used in handshake, and symmetric algo used in record protocol

Question 10

Describe the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite

Answer 10

Key exchange uses RSA to encrypt a secret chosen by the client

Triple DES (enc-dec-enc) in CBC mode used for encryption

SHA-1 used for the HMAC for data integrity

Question 11

What does the record protocol do in TLS?

Answer 11

Provides 2 services:
Message confidentiality: Ensure message content cannot be read in transit

Message integrity:Ensure receiver can detect if a message is modified in transit

Question 12

How does the record protocol provide the 2 services?

Answer 12

A symmetric encryption algorithm and a MAC

Question 13

Describe the record protocol format

Answer 13

Header: Content type, major version, minor version, length

Plaintext (optionally compressed): encrypted

MAC (not a separate field if AEAD is used): encrypted

Question 14

What is the Content Type field in the record protocol header?

Answer 14

Defines content types. The defined ones are:
- change-cipher-spec
- alert
- handshake
- application data

Question 15

What is the length field in the record protocol header?

Answer 15

Length in octets of the data

Question 16

What are the operations of the record protocol?

Answer 16

Fragmentation

Compression: optionally applied

Authenticated data

Plaintext: Compressed data and the MAC, if present

Session keys for MAC and encryption algorithms are established during handshake protocols

Encryption and MAC algorithms are specified in the negotiated ciphersuite

Question 17

What is fragmentation in the record protocol?

Answer 17

Each application layer message is fragmented into blocks of 2^14 bytes or less

Question 18

What is authenticated data in the record protocol?

Answer 18

Consist of the (compressed) data, header, and an implicit record sequence number

Question 19

What crypto algorithms are used in the record protocol?

Answer 19

MAC: HMAC, SHA-2 allowed in TLS 1.2

Enc: Either a block in CBC, or stream cipher

AEAD: Allowed instead of enc and MAC in TLS 1.2

Question 20

What is the purpose of the handshake protocol?

Answer 20

Negotiates the TLS version and crypto algos to be used

Establishes shared session key for use in record protocol

Auths server

Auths client (optional)

Completes session establishment