Chapter 6: Transport-Level Security Flashcards
Transport-Level Security
What are some Web Security Threats and how can they be countered?
Integrity:
- Modification of data/memory/messages in transit
- Trojan horse browser
Countermeasures = crypto checksums
Confidentiality:
- Eavesdropping
- Theft of info from client/server
- Network configuration info
- Info about client-server connections
Countermeasures = encryption, web proxies
DoS:
Countermeasures = difficult to prevent
Authentication:
Countermeasures = crypto techniques
What is TLS?
Transport Layer Security, evolved from SSL.
A general-purpose service implemented as a set of protocols that rely on TCP.
Security mechanisms based on (or on top of) the transport layer, providing secure services to the application layer.
What does the TLS architecture look like?
Designed to make use of TCP to provide a reliable end-to-end secure service.
It consists of two layers of protocols.
The Record protocol provides basic security services to various higher-layer protocols.
On the “top” layer there is 5 different protocols.
HTTP provides transfer services for Web client/server interaction
Heartbeat protocol
The Handshake, Change Cipher Spec and Alert Protocol are TLS specific protocols used in the management of TLS exchange.
Describe the TLS concepts TLS connection and TLS session
Connection: A transport (OSI definition) that provides a suitable type of service. For TLS that is peer-to-peer relationships. They are transient and every connection is associated with one session
Session: an association between a client and a server. Created by the handshake protocol. They define a set of cryptographic security parameters, which can be shared among multiple connections.
What three services does the record protocol provide?
Confidentiality: the handshake protocol defines a shared secret key that is used for conventional encryption of TLS payloads.
Message Integrity: the handshake protocol also defines a shared secret key that is used to form MACs.
Message authentication: The handshake protocol allows both peers to authenticate their identity
In simple terms, how does the record protocol operate?
- Fragmentation of messages
- (optional) compression, must be lossless, may not increase length by more than 1024 bytes
- compute MAC on the compressed data
- Encrypt the message and the MAC, may not increase length by more than 1024 bytes
- Prepend a header
Describe the Change Cipher Spec Protocol
Consist of a single message (1 byte with the value 1).
Purpose: To cause the pending state to be copied into the current state, this updates the cipher suite to be used on this connection.
Describe the alert protocol
Used to convey TLS-related alerts to the peer-entity.
The alerts are (optionally) compressed and (not optionally) encrypted.
Contains a value warning on the severity of the message, (warning, or fatal).
Fatal connections are terminated immediately.
Describe the TLS handshake protocol
It allows the server and client to:
1. authenticate each other
2. agree on an encryption, MAC algorithm and cryptographic keys
Used before any application data is transmitted.
Consists of a series of messages exchanged by client and server in four phases:
Phase 1:
- Hello
Phase 2:
- Server sends certificates, key exchange, requests certificate.
Phase 3:
Client sends certificate, key exchange, and may send certificate verification
Phase 4:
- change cipher suite and finish
What key exchange methods does the handshake protocol support?
RSA
Fixed DH
Ephemeral DH
Anonymous DH
What are the different phases of the handshake protocol?
Phase 1: Establish security capabilities: initiates a logical connection and established the security capabilities that will be associated with it. Initiated by client with a hello message.
Phase 2: Server authentication and key exchange: server sends its certificate if it needs to be authenticated. If necessary a key exchange message is sent. A certificate request can be sent to the client.
Phase 3: Client authentication and key exchange: verification of servers certificate (if required). If requested, client sends certificate to server.
Phase 4: completes setting up a secure connection. Change cipher spec message. Verification of successful process.
What is master secret creation?
It creates a shared master secret by means of the key exchange.
It is a one-time 48-byte value generated for this session by means of secure key exchange.
Shortly describe TLS pseudorandom function
It is referred to as PRF.
The input to the PRF is a secret value, an identifying label and a seed.
It is based on a data expansion function that makes use of the HMAC algorithm.
It uses two hash algorithms, this should ensure the security of it as long as one of the algorithms remain secure.
What is the heartbeat protocol?
Established during phase 1 of the handshake protocol.
Consists of two messages: heartbeat_request/response
Serves two purposes:
- Assures the sender that the recipient is still alive.
- Generates activity across the connection during idle periods, which avoids closure by firewalls that do not allow idle connections.
What is HTTPS?
HTTP over SSL. The combo of HTTP and SSL to implement secure communication between a Web browser and a Web server.
When HTTPS is used, which elements of the communication are encrypted?
- URL of the requested document
- Contents of document
- Contents of browser forms (filled in by user)
- Cookies sent from browser to server and vice versa
- Contents of HTTP header
What is SSH?
Secure Shell is a protocol for secure network communications.
Designed to be simple and inexpensive to implement.
Provides general server/client capabilities and can be used for such network functions as file transfer and e-mails.
Its the primary choice for remote logon and X tunnelling, and is rapidly becoming one of the most pervasive applications for encryption technology outside embedded systems.
How is SSH organised?
With 3 protocols, that typically run on top of TCP.
- SSH Transport Layer Protocol: provides server authentication, data confidentiality, and data integrity with forward secrecy. (optionally) compression.
- SSH User authentication protocol: authenticates client-side user to the server.
- SSH Connection protocol: multiplexes multiple logical communications channels over a single, underlying SSH connection.
What is forward secrecy?
It means that if a key is compromised during one session, the knowledge does not affect the security of earlier sessions.
Briefly describe how the transport layer protocol works
- Host keys: Server authentication. The server host key is used during key exchange to authenticate the identity of the host. The client must have knowledge about the server’s public host key for this to work either via (1) local database or (2) a trusted CA, that keeps track of host name-to-key associations.
- Packet exchange: the client establishes a TCP connection to the server. Done via the TCP protocol. When the connection is established the client/server can exchange data (packets) with each other. The packets are protected by encryption and MAC.
- Key generation: the keys used for encryption and MAC are generated from the shared secret key, hash value from the key exchange and the session identifier.
Which steps does the transport layer protocol packet exchange consist of?
- Identification string exchange
- Algorithm negotiation
- Key exchange: the two sides share a master key and the server has been authenticated via signing using the private key.
- Service request
What is the user authentication protocol?
It provides the means by which the client is authenticated to the server.
What is the connection protocol?
It runs on top of the SSH transport layer protocol and assumes that a secure authentication connection is in use. The secure authentication connection, (aka tunnel) is used by the connection protocol to multiplex a number of logical channels
What is channel mechanism?
A logical communication such as:
- a remote execution of a program
- X11 –> GUI for networked computers
What 4 types of channels does SSH recognise?
- Session: The remote execution of a program.
- x11: X window system, a computer software and network protocol that provides a GUI for networked computers.
- Forwarded-tcpip: remote port forwarding
- Direct-tcpip: local port forwarding
What is port forwarding?
It provides the ability to convert any insecure TCP connection into a secure SSH connection.
What is the difference between local and remote port forwarding?
Local: the client sets up a “hijacker” process that intercepts selected application level traffic and redirects it from an unsecured TCP connection to a secure SSH connection.
Remote: the client acts on the servers behalf. The client receives traffic with a given destination port, places the traffic in the correct port and sends it to the destination the user chooses.
Why use transport layer security, why not other methods?
Applications require security on top of reliable and ordered data transmission.
Application layer = not convenient, high cost
IPSec = has too much overhead.
What is the format of the record protocol?
- Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment.
- Major Version (8 bits): Indicates major version of TLS in use.
- Minor Version (8 bits): Indicates minor version in use.
- Compressed Length (16 bits): The length in bytes of the plaintext fragment
What is the difference between SSL and TLS?
SSL and TSL provide security between web browsers and web servers.
Main difference: in SSL the Message digest is used to create a master secret and It provides authentication and confidentiality.
In TLS, a Pseudo-random function is used to create a master secret.
SSL is an older technology, and TSL is the updated more secure version
What parameters define a session state?
Session ID
Peer certificate
Compression method
Cipher spec
Master secret: 48-byte
Is resumable
What parameters define a connection state?
Server & client random: byte sequence chosen by server and client for each connection
Server/Client write MAC secret: secret key used in MAC operations on data sent by server/client
Server/client write key: the key used for encryption by the server/client and used for decryption by the server/client
IV
Sequence numbers
How does connection initiation work in HTTPS?
The agent acting as the http client also acts as the TLS client
- Client initiates a connection to the server –> sends a TLS hello to begin TLS handshake.
- When handshake = finished –> client can initiate first request
- All data is to be sent as TLS application data
What are the 3 levels of connections in HTTPS?
- HTTP connection: http client requests a connection to an http server
- TSL/SSL session/connection: a session is established between a TLS client and server
- TCP connection: a TLS request to establish a connection begins with the establishment of a TCP connection between the TCP entity on the client and server side
What does the transport layer protocol offer for security?
Server authentication Data confidentiality
Integrity
What methods does the user authentication protocol use for authentication?
Public key
Password
Host based:
