Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CryptoGraphy > 10/11 - Transport Layer Security > Flashcards

10/11 - Transport Layer Security Flashcards

1
Q

SSL

A

Secure Sockets Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TLS

A

Transport Layer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WHich of SSL and TLS is recommended?

A

TLS

SSL is deprecated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Services provided by TLS

A
  • Confidentiality (symmetric crypto; keys negotiated with public-key)
  • Server authentication (certificate, signature)
  • Client authentication (optional)
  • Data integrity (MAC included)
  • Replay prevention
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TLS is where in the protocol stack?

A

Between the application and transport layers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TLS sub-protocols

A
  • Handshake
  • Change Cipher
  • Alert
  • Record (below the other three in layers)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TLS Handshake Protocol

A

At the beginning:
- client/server agree on which crypto algo to use
- establish secret keys
- authenticate server
- authenticate client (optional)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

TLS Handshake clientHello

A
  • Protocol version
  • Random number (nonce): to prevent replay
  • Cipher suite, algos supported in order of pref:
    • key exchange
    • for authenticated symmetric encryption
    • for signatures
  • key (DH key shares or labels of pre-shared keys)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TLS Handshake ServerHello

A
  • highest protocol version supported by both
  • random number (diff from ClientHello)
  • Ciphersuite: algos chosen by server
  • Key (One DH key share w/ same params or pre-shared)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TLS Handshake Auth phase

A
  • Server sends X.509 certificate(s) of server. Client checks.
  • Server sends signature on all data so far
  • finished: MAC on all handshake data so far
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Example of ephemeral DH in TLS Handshake

A

ClientHello
- send id from list of acceptable primes/primitive elements from spec
- chooses a private exponent a (each session) then sends g^a mod p to the server

ServerHello
- Server chooses a private exponent b and sends g^b mod p to client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TLS Handshake secret keys required

A
  • Client and server keys for MAC
  • client write key, client write IV
  • server write key, server write IV
    ( two symmetric pairs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HKDF

A

Hash based Key Derivation Function

Input:
- Shared secret (from DH exch or PSK pre-shared key)
- Data from client hello and server hello
- pre-define strings specific to each key or IV
- For IV for app data packets, the sequence number of the packet

Apply the hash function several times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Replay Prevention (TLS)

A

Server creates new keys on new connection so replays wont work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TLS Record Protocol provides

A
  • confidentiality (symmetric encryption)
  • message integrity by using auth encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

TLS 1.3 vs 1.2

A
  • Weaker ciphers no longer allowed
  • Forward secrecy compulsory (DH required)
  • Handshake reorganised for speed
  • record protocol now authenticated encryption; compression not allowed

CryptoGraphy (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions