11 - TLS & Cyber-Security

Question 1

SSL implements 3 cryptographic assurances

Answer 1

• authentication
• confidentiality
• message integrity

Question 2

What is used in https?

Answer 2

SSL uses TLS (transport layer security)

Question 3

What does TLS do?

Answer 3

• Secure the session layer on top of TCP
• Provides stream abstraction like TCP
• Adds confidentiality, integrity, authenticity

Question 4

What four ciphers does a TLS session have?

Answer 4

• Auth of server and (opt. client)
• key exchange (RSA, DHE)
• symmetric confidentiality (RC4, AES, DES)
• integrity (HMAC-MD5, HMAC -SHA)

Question 5

What does MAC stand for?

Answer 5

Message Authentication Code

Question 6

TLS Message Format

Answer 6

TLS breaks down stream of data from apps into records
- 1-2^14 bytes length
- records are compressed
Appl -> record -> segment

Question 7

Session key Generation

Answer 7

C->S write (encryption)
C->S MAC
S->C with (encrypt)
S->C MAC
Client/Server Init Vector

Question 8

SSL attack procedure

Answer 8

• SSL can be SUBVERTED by a hacker getting a client to connect its site first
• Hacker then creates separate SSL connection to the real site and relays messages
• Client only knows that it has connected to a different has name

Question 9

Definition of MitM attack

Answer 9

Man in the Middle Attack

Question 10

Prevention of SSL Stripping?

Answer 10

Servers can uses HSTS (HTTP Strict Transport Security)

Question 11

Network Attacks (3)

Answer 11

• Listening in: Sniff and record network data
• Modify, delete, insert and actively tamper with data
• Prevent comms (DoS)

Question 12

Desirability of Network (4)

Answer 12

• Secrecy/confidentiality (encrypt)
• Integrity (MACs)
• Authentication
• Uninterrupted Comm

Question 13

Layer 2 Attack (3)

Answer 13

• Listening in, promiscuous mode (esp wireless)
• Force packets to broadcast then use passive listening
• Masquerade as DHCP/ARP server, then redirect packets to end host

Question 14

Layer 2 Attacks in Practice (3)

Answer 14

• MAC Overflow attack; attacks sent packets with new etc addr to flood forwarding tables
• Rogue DHCP server responds faster than real DHCP server
• Rogue ARP server

Question 15

Layer 3 Attacks (2)

Answer 15

• ICMP to tell source end-hosts to redirect traffic

- IP Hacking, where ISP advertises prefixes belonging to someone else to capture traffic

Question 16

DoS Attack Method

Answer 16

Flood server with too many packets, such as ICMP ping requests

Question 17

Distributed DoS

Answer 17

• penetrate many machines in semi-automatic fashion
• Make hosts into zombies that attack on command
• later start simultaneous attack on a victim

Question 18

Motivation for DoS (5)

Answer 18

• Extortion
• Revenge
• Hacktivism
• Bragging Rights
• Lulz

Question 19

Simple DoS Attacks (4)

Answer 19

• Wireless Jamming
• Exploit Net Allocation Vector (NAT) at 802.11 link Layer
• Flood attack (ping)
• Amplification attacks, EDNS (Ext for DNS), request is for 60 bytes but response is 3000 bytes

Question 20

SMURF Attack

Answer 20

Floods server with ICMP each (pings)

Question 21

SYN-bomb attack

Answer 21

Sends SYN (synchronise) packets from bogus address, filling up tables and stop accepting connections/disable server