IT-Security (Chapter 2) Flashcards
Applications of Cryptographic Protocols
•Authentication
-Data origin authentication
-Entity authentication
•Key exchange
Data origin authentication
• For ensuring integrity of data
• Via cryptographic protocols
MDCs or MACs
Entity authentication
- Enables communication partners to verify each others identities
- Fundamental as most security functionality is built on top
Two Categories of Autehntication
Arbitrated Authentication (TTP involved) Direct Authentication
What does X.509 do?
- Certification of public keys and certificate handling:
- Certificate format
- Certificate hierarchy
- Certificate revocation lists
Transport Layer
Transport layer provides end-to-end communication between application processes (SSL,TLS,DTLS,SSH)
Transport layer security goals
- Confidentiality
* Data integrity
SSL/TLS Security Services
• Peer entity authentication:
After successful completion, TLS session established between peers
• Data integrity (optional)
Message Authentication Code (MAC) computed by cryptographic hash function,
and that includes negotiated secret is appended to data
• Confidentiality (optional)
User data encrypted by a secret key
SSL/TLS Components
- Record protocol
- Handshake protocol
- Change cipher spec protocol
- Alert protocol
- Application data protocol
SSL/TLS Handshake Protocol
- Peer authentication
- Negotiation of pre-master secret
- Negotiation of crypto protocols
two methods for establishing a pre-master secret
RSA
Diffie-Hellmann key exchange
Problems of Practical System Security
It is impossible to prove security of any moderately complex system
Software is at root of all common security problems
Main Techniques for Attacking Systems
Buffer Overflows
SQL-Injection
Placing Malware
Countermeasures to implementation flaws
Implementing it the right way! Secure the weakest link Practice defense in depth Fail securely Least privilege Compartmentalize Be careful with trust
