Cryptography

Question 1

Schemes: MAC and Encryption

Answer 1

• Encrypt-then-MAC
• MAC-then-encrypt
• Encrypt-and-MAC

Question 2

Reasons for failure of Crypto Systems

Answer 2

• Application should use cryptography but does not
  -> sometimes: ignorance, clumsy interfaces, licensing issues
  -> often: deployment violates designer’s assumptions
• Application uses crypto but the wrong one
  -> Insecure cryptography
  -> Using encryption for integrity protection
  -> Using asymmetric cryptography without need
  -> Using digital signatures where it does not fit the business process
• Secrets are not secret
• Right crypto, but unusable (too complicated, over engineered)
• Right crypto, usable but weaker links

Question 3

Blind signatures

Answer 3

Message is blinded/disguised before being signed

Question 4

Secret sharing

Answer 4

Partition secret between several parties where the secret can only be constructed with all (or a specified number of) parts

Question 5

Zero knowledge proofs

Answer 5

• Convince other party of some properties of your secret without revealing it
  -> Completeness: if the statement is true, an honest verifier (that is, one following the protocol properly) will be convinced of this fact by an honest prover.
  -> Soundness: if the statement is false, no cheating prover can convince an honest verifier that it is true, except with some small probability.
  -> Zero-knowledge: if the statement is true, no verifier learns anything other than the fact that the statement is true.

Question 6

TLS Advantages

Answer 6

• Easy to implement and use
• Deployed in most browsers & servers

Question 7

TLS Disadvantages

Answer 7

• Protects only if used by the application
• More vulnerable to DoS attacks (malicious packets cannot be removed at the IP level)
• Can only be used in End-to-End mode

Question 8

Security Parameters for a TLS session

Answer 8

• Connection end (Who is server/Who is client?)
• Pseudo random function algorithm
• MAC algorithm
• Bulk encryption algorithm
• Compression algorithm
• Master secret and other cryptographic keys

Question 9

TLS ChangeCipherSpecProtocol

Answer 9

• Not explicitly needed in TLS 1.3, but sent to prevent middleboxes from trying to parse the following encrypted data
• Consists only of ChangeCipherSpec message which itself consists of a single byte with value 1
• From here on everything is encrypted but not authenticated yet

Question 10

TLS Server Authentication

Answer 10

• Server sends CertificateChain
• Server proves that he is the certificate’s owner using CertificateVerify message
  -> Signs hash of ClientHello, ServerHello, Certificate with the private key associated with the certificate

Question 11

TLS End of Server Hello

Answer 11

• Server may require client to authenticate by sending CertificateRequest
• Sends Finished

Question 12

TLS Finished Message Properties

Answer 12

• Contains a hash of all previously sent messages

Question 13

Wie stellt man Confidentiality sicher?

Answer 13

• Within one system: User identification, access control
• In a distributed system: Encryption
• Through a distributed system: Secret sharing

Question 14

Wie stellt man Integrity sicher?

Answer 14

• Within one system: User identification, access control
• In a distributed system: MAC, digital signature
• Through a distributed system: Verifiable secret sharing, secure multiparty computations

Question 15

Wie stellt man Availability sicher?

Answer 15

• Within one system: User identification, perfection, redundancy
• In a distributed system: Redundancy
• Through a distributed system: Reliable and secure multiparty computations

Question 16

Wie stellt man Accountability sicher?

Answer 16

• Within one system: User identification, Logging
• In a distributed system: digital signature, hash chains
• Through a distributed system: secure multiparty computations

Question 17

Hash Functions Eigenschaften

Answer 17

• Collision resistance
• Pre-image resistance: Computationally infeasible to find a x, given y, so that h(x) = y

Question 18

Services provided by TLS

Answer 18

• Server authentication
• Client authentication
• Secure connection
  -> Authentication and integrity of messages
  -> Confidentiality of messages
  -> Reliability of messages
• Efficiency

Question 19

TLS Handshake

Answer 19

• ClientHello
• ServerHello
  ( - ChangeCipherSpec)
• Encrypted Extensions
• Certificate*
• CertificateVerify*
• CertificateRequest*
• Finished
  ( - ChangeCipherSpec)
• Certificate* (Client)
• CertificateVerify*
• Finished
  ( - ApplicationData)

Question 20

Heartbleed Attack

Answer 20

• In OpenSSL TLS
• Heartbeat: Check, ob Verbindung zum Server noch besteht
• Payload Größe wurde nicht mit actual Payload Größe geprüft und so wurden sensible Daten ausgelesen

Question 21

Logjam attack

Answer 21

• TLS: downgrade connection to export-grad Diffie-Hellman
• Could be mainly pre-computed
• Many servers used the same prime

Question 22

Padding Oracle

Answer 22

Use padding validation as an “oracle” to decrypt the ciphertext

Question 23

TLS 0-RTT handshake

Answer 23

• ClientHello
  (- Early Application Data)
• ServerHello
  (- Application Data)
• End of early data
• Finished
  (- Application Data)
• Kein Schutz gegen Replay Attacken
• Keine perfect forward secrecy
• Vorher muss schon einmal ein vollständiger Handshake durchgeführt worden sein

Question 24

Secure Multiparty Computation

Answer 24

• Several parties hold secrets which should be used for a computation
• Other parties should not gain knowledge of secrets
• No central trusted party which could do computation but parties need to exchange information

Question 25

Oblivious transfer

Answer 25

- Sender has m messages - Receiver wants to receive n of the m messages - Sender does not want receiver to know which messages have been sent (only wants him to know the one he requested) - Receiver does not want sender to know which messages were not chosen