IPSec and TLS

Question 1

S/MIME

Answer 1

a security enhancement to the MIME internet email format standard, based on technology from RSA Data Security

Question 2

MIME

Answer 2

Internet email format

Adds to RFC 822 header (To, From, Subject) fields for to define:

• -body
• -format of body
• -encoding of body
• -content formats (text, image, audio, video) that support multimedia

Question 3

S/MIME provides support for these 4 additional content-types

Answer 3

Enveloped data

Signed data

Clear-signed data

Signed and enveloped data

Question 4

Signed data

Answer 4

Digital signature formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer.

The content plus signature are then encoded using base64 encoding.

Signed data message can only be viewed by a recipient with S/MIME capability

Default algorithm is DSS and SHA-1

Question 5

Enveloped data

Answer 5

encrypted content of any type and encrypted content encryption keys for one or more recipients

Default algorithm is 3DES and EIGamal (based on Diffie-Hellman)

Question 6

Clear-signed data

Answer 6

Digital signature of the content is formed

Only the digital signature is encoded using base64 (unlike enveloped data)

Recipients without S/MIME capability can view the message content, although they cannot verify the signature

Default algorithm is DSS and SHA-1

Question 7

Signed and enveloped data

Answer 7

Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted

Question 8

DomainKeys Identified Mail (DKIM)

Answer 8

Specification for cryptography signing email messages, permitting a signing domain to claim responsibility for a message in the mail stream

Question 9

Internet Mail Architecture key components

Answer 9

Message User Agent

Mail submission agent

Message transfer agent

Mail delivery agent

Message store

Question 10

Administrative management domain

Answer 10

Internet email provider

Question 11

Domain name system

Answer 11

directory lookup service that provides a mapping between the name of a host on the Internet and its numerical address

Question 12

Spoofing

Answer 12

IP spoofing is a common technique in cyber attacks

Bots spoof the an IP address of a victim web site
Then send DNS queries to DNS servers
The DNS servers respond, sending large amounts of data to the victim

Result: a denial-of-service attack

Question 13

Goal of IPSec

Answer 13

Prevent spoofing by verifying sources of IP packets

Provide Authentication that is lacking in IPv4

Protect integrity and/or confidentiality of packets

Prevent replaying of old packets

Provide security automatically for upper layer protocols and applications

Question 14

two operation modes in IPSec

Answer 14

transport mode
security protection is provided to traffic from one end host to another, so, it is an end-to-end.

tunnel mode
security protection is typically provided to traffic from the gateway of a network to the gateway of another network. This is how the so-called virtual private network, or VPN, is implemented.

Question 15

encapsulated security payload

Answer 15

Encrypt and authenticate each packet

Encryption is applied to packet payload

Authentication is applied to data in the IPSec header as well as the data contained as payload, after encryption is applied

ESP can provide both confidentiality and integrity protection

If the authentication option of ESP is chosen, message integrity code is computed AFTER encryption

To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with authentication option in tunnel mode

Question 16

Authentication Header (AH)

Answer 16

Authentication is applied to the entire packet, with the mutable fields in the IP header “zeroed out”

If both ESP and AH are applied to a packet, AH follows ESP

In AH, the integrity hash covers the IP header

Question 17

TLS three higher layer protocols

Answer 17

Handshake protocol

Change cipher spec protocol

Alert protocol

Question 18

TLS concepts

Answer 18

TLS Connection

TLS Session

Question 19

TLS Connection

Answer 19

A connection is a transport that provides suitable type of service

Such connections are peer-to-peer

Connections are transient

Every connection is associated with one session

Question 20

TLS Session

Answer 20

TLS session is an association between a client and a server

Sessions are created by the Handshake Protocol

Sessions define a set of cryptographic security parameters, which can be shared among multiple connections

Sessions are used to avoid negotiation of new security parameters for each connection

Question 21

SSL Record Protocol services

Answer 21

Confidentiality
–Handshake Protocol defines shared secret key for symmetric encryption of SSL payloads

Message Integrity
–Handshake Protocol defines shared secret key used to form a MAC

Question 22

Change Cipher Spec Protocol

Answer 22

Consists of single message, which consists of single byte with the value 1

Purpose is to cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection

Question 23

Alert Protocol

Answer 23

Used to convey TLS related alerts to the peer entity

Message consists of:

1. first byte takes value warning(1) or fatal(2) to convey severity of message
2. second byte contains code that indicates the specific alert

Question 24

Handshake Protocol

Answer 24

Allows server and client to authenticate each other, negotiate an encryption algorithm and MAC algorithm and cryptographic keys

The Parameters:
Version: the highest TLS version understood by the client

Random: a 32-bit timestamp and 28 bytes generated by a secure random number generator

Session ID: a variable-length session identifier

CipherSuite: a list containing the combinations of cryptographic algorithms supported by the client

Compression Method: a list of compression methods supported by the client

Question 25

Handshake Protocol four phases

Answer 25

Phase 1 used to initiate logical connection between client and server and to establishes security capabilities. Initiated by client with client_hello message and parameters

Phase 2 is server_hello message and parameters

Phase 3 client verifies that server provided valid certificate, check server_hello paramters. Client sends messages back

Phase 4 completes setting up of secure connection

Question 26

Heartbeat Protocol

Answer 26

Heartbeat is periodic signal generated by hardware or software to indicate normal operation

Heartbeat protocol used to monitor availability of protocol entity

Question 27

4 SSL/TLS Attack Categories

Answer 27

Attacks on the Handshake Protocol

Attacks on the record and application data protocols

Attacks on the PKI

Other attacks

Question 28

HTTPS

Answer 28

combination HTTP and SSL to implement secure communications between web browser and web server

Following elements encrypted:
URL of requested document
Contents of the document
Contents of browser forms
Cookies sent from browser to server and from server to browser
Contents of HTTP header

Question 29

IP-level security functional areas

Answer 29

Authentication

Confidentiality

Key management

Question 30

IPSec functions

Answer 30

Combined authentication/encryption function called Encapsulating Security Payload

Key exchange function