Lecture 9 Flashcards
What are block ciphers?
Block ciphers transform a block of bits at a time, this means that the effect of plain-text bits should be distributed throughout the cipher-text bits within the block. These block sizes do not have to be large, 64-128 bits are common.
What do block cipher modes determine? What are some common examples?
Block cipher modes determine what to do when there is more than one block of plain-text, common examples include ECB (electronic codebook), CBC (Cipher-block chaining), CFB (Cipher feedback), OFB (Output feedback), CTR (Counter).
How do ECB and CBC work?
ECB directly uses the key on the plaintext via block cipher encryption, this is repeated for each block. Cipher Block Chaining uses the XOR of the previous block’s ciphertext on the plaintext of the next block before performing the encryption, this means that the same key can be used for all blocks.
What is the benefit of OFB? What about counter mode?
OFB only needs to perform block encryption, even for decryption, Counter mode is similar but also allows random access.
Why do block ciphers typically need padding? What are some ways to do this?
Plain text could be a non-multiple of the block size, we could use cipher text stealing, where the last two blocks are shuffled, or pad with a final 1 and all 0s afterwards.
How does HTTP basic authentication occur?
Client sends a HTTP GET / POST / ETC.
The server responds with 401 including header.
The client prompts the user for authentication.
The client sends the original request, with the authorization header.
What is TLS?
Transport Level security / Secure Sockets Layer.
Puts security at a lower layer of the network stack than HTTP.
It establishes a secure end-to-end connection via a handshaking protocol to establish identities.
What is the TLS/SSL handshake?
Used in HTTPS, the client opens a TCP connection to port 443 and starts negotiating the session details by sending {Session ID, cipher schemes and their key sizes, compression algorithms}.
Server may resume based on session ID or create a new session by sending back:{Selected cipher + key size, selected compression algorithm, server certificate, optional client authentication request}.
The client then authenticates the server’s certificate and generates the symmetric key known as the pre-master, encrypted with the server’s public key. The server then authenticates the client’s certificate and uses it’s private key to decrypt and get the pre-master key. The pre master can then be used to generate the session key (Master key).
The client then sends a message saying it will start using the master key and sends another message saying that it has finished handshaking, encrypted with the master key. The server does the same back to the client.
What does SSL/TLS not achieve?
Transport layer security encrypts end to end, but only as a stream between two hosts. The server-side could benefit from not decrypting all content on its arrival due to complex caching and load-balancing in the cloud.
TLS also needs lots of management: e.g certificate management, filtering allowed algorithms, and randomness checks.
What is a digital certificate?
A digital certificate proves you own a public key, they will typically store: a public key, issue details, allowed uses and other metadata, and a digital signature which can be checked using the public key.
What are Root certificates?
Machines often come pre loaded with root certificates, this can make knowing whether you are dealing with the company you think you are easier.
Why might perfect certificates need to be revoked?
If the public key is revealed/stolen the certificate becomes invalid and dangerous, the owner must then request the certificate’s serial number be added to the Certificate Revocation list.
