Chap5_2 Flashcards

1
Q

S-BGP:

A

Secure BGP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

S-BGP makes three major additions to BGP

A

1-) It introduces a Public Key Infrastructure (PKI)
2-) A new transitive attribute is introduced to BGP updates. That attribute ensures the authorization of routing UPDATEs
3-) All routing message can be secured using IPsec, if routing confidentiality is a requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Address Attestations (AA)

A

Owner of one or more prefixes certifies that the origin
AS is authorized to advertise the prefixes
 Need a public-key infrastructure (PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Route Attestations (RA)

Attestation= proof

 Need a ………… public-key infrastructure - Certificates

A

 Router belonging to an AS (autonomous system) certifies that the next AS is authorized to propagate this route to its neighbors

 Need a separate public-key infrastructure - Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

S-BGP Protocol Operation

A

 When generating an UPDATE, a router
generates a new RA that encompasses the path
and prefixes plus the AS number of the neighbor AS
 When receiving an UPDATE from a neighbor, it
 Verifies that its AS # is in the first RA
 Validates the signature on each RA in the UPDATE,
verifying that the signer represents the AS # in the
path
 Checks the corresponding AA to verify that the
origin AS was authorized to advertise the prefix by
the prefix “owner”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Slide 6

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Limitations of S-BGP

A

 Hierarchical PKI trusted by all participating ISPs.
 cryptographically intensive
 Routers may need a large memory space
 S-BGP cannot prevent “collusion attacks” (or the wormhole attack). Such attacks are possible when two compromised routers fake the presence of a direct link between them. For the rest of the Internet, it then appears as if those two ASes are connected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which security features most

desirable for e-mail?

A

 Confidentiality
 Integrity
 Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Confidentiality in E-mail is done by

A

 Secret key cryptography

 Public key cryptography

 Symmetric session key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

 Alice wants to send confidential e-mail, m, to Bob

A
Alice:
 Generates random symmetric session key, KS
.
 Encrypts message with KS
(for efficiency)
 Also encrypts KS with Bob’s public key.
 Sends both KS
(m) and KB
(KS) to Bob.
 Bob:
 Uses his private key to decrypt and recover KS
 Uses KS to decrypt KS(m) to recover m
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

 Alice wants to provide sender authentication, message integrity.

A

 Alice:
 Applies a hash function to obtain a message digest
 Digitally signs with her private key
 Sends both message (in the clear) and digital signature.

Bob:
 Applies Alice’s public key to obtain a message digest;
 Compares with his own hash of the message;
 if same, pretty confident that the message came from Alice
and is unaltered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Alice wants to provide confidentiality, sender authentication, message integrity.

A

 Note: Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Secure e-mail

One more important issue

A
 Requires
 Alice to obtain Bob’s public key
 Bob to obtain Alice’s public key
 Public Key management and distribution
 Publish at web page
 Send email
 Certificate authority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pretty Good Privacy (PGP)
 Internet e-mail encryption scheme, de-facto standard
 Uses symmetric key cryptography, public key
cryptography, hash function, and digital signature as
described
 Provides secrecy, sender authentication, integrity

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PGP Operational Description

 Consist of five services:

A
 Authentication and integrity
 Confidentiality
 Compression
 E-mail compatibility
 Segmentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Slide 26-27

17
Q

Why is PGP Popular?

A

It is available free on a variety of platforms.
 Based on well known algorithms
 Wide range of applicability
 Not developed or controlled by governmental
or standards organizations

18
Q

S/MIME

A

 Secure/Multipurpose Internet Mail Extension
 S/MIME will probably emerge as the industry
standard
 PGP for personal e-mail securit

19
Q

SSL

A

Secure Socket Layer
SSL is considered a presentation layer protocol
Can be used by any application

20
Q

TLS

A

Transport Layer Security

21
Q

HTTPs

A

HTTP + SSL

22
Q

SSL runs above ……. and below …….

A

SSL runs above TCP/IP and below high-level application protocols

23
Q

SSL server authentication allows a user to confirm a …….. identity

A

server’s

24
Q

SSL client authentication allows a server to confirm a ………… identity

25
An encrypted SSL connection allows ............... , and detects .........
confidentiality tampering
26
SSL Services
 Fragmentation: Divide data into blocks of 214 bytes or less  Compression: Using negotiated lossless compression method. (Optional)  Message Integrity: Keyed Hash to create MAC  Confidentiality: Data and MAC encrypted using symmetric cryptography  Framing: Add header
27
SSL Record Protocol
 When an SSL connection is in place, all browser-toserver and server-to-browser are encrypted, including:  The URL of the requested document  The contents of the requested documents  The contents of any submitted fill-out forms  Cookies sent from browser to server  Cookies sent from server to browser  The contents of the HTTP header
28
SSL Handshake Protocol
 Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.  Authenticate the server to the client.  Authenticate the client to the server (optionally)  Use public-key encryption techniques to generate shared secrets.  Establish an encrypted SSL connection.
29
Slide 52
TRUE
30
SSL Cipher Suites
 Combination of key exchange, hash and encryption algorithm | defines a cipher suite for the SSL session
31
ChangeCipherSpec Protocol
ChangeCipherSpec message is sent to signal that the | security parameters can be used
32
Alert Protocol
 Used by SSL to report errors and abnormal conditions  The alert message describes the problem and its level (warning or fatal)
33
SSL-Summary
 Transport layer security to any TCP-based app using SSL services.  Used between Web browsers, servers for ecommerce.  Security services: server authentication - data encryption - client authentication (optional)  Server authentication:  SSL-enabled browser includes public keys for trusted CAs.  Browser requests server certificate, issued by trusted CA.  Browser uses CA’s public key to extract server’s public key from certificate.  Check your browser’s security menu to see its trusted CAs.
34
Encrypted SSL session:
 Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server.  Using private key, server decrypts session key.  Browser, server know session key: All data sent into TCP socket (by client or server) encrypted with session key.  SSL can be used for non-Web applications, ex. IMAP.  Client authentication can be done with client certificates
35
Transport Layer Security (TLS
 TLS is the IETF standard version of SSL
36
TLS vs SSL
Differences in the:  Version number  Cipher suites: TLS doesn’t support all suites  Generation of cryptographic secrets more complex in TLS  Alert codes: TLS supports all alerts except NoCertificate. Adds new alerts  Certificate verify and Finished message: Are different  Message authentication code  Pseudorandom function  Client certificate types  Cryptographic computations  Padding placement
37
Secure Electronic Transactions | SET
 An open encryption and security specification. |  Protect credit card transaction on the Internet.