Lesson 4 (Security basics & TLS) Flashcards
What does TLS stand for?
Transport Layer Security
Where is the TLS encryption used for?
Authorisation, Authentication, Confidentiality (information only for intented users), Integrety (information not changed)
At what layer position is TLS between: Application layer, TCP layer and IP layer?
Between Application and TCP
What is the new name for SSL?
TLS
What is HTTPS?
HTTPS is HTTP-within-SSL/TLS. SSL (TLS) establishes a secured, bidirectional tunnel for arbitrary binary data between two hosts.
How does HTTP run over HTTPS?
HTTPS is a tunnel/connection, which is encrypted. The HTTP traffic runs over this collection. Its also referred as SSL/TLS
At what layer position is TLS in network apps? Between Application, http and tcp
Between Application and HTTP.
Name 4 of commonly used programs which usually make use of a TLS connection/encryption
HTTPS (websites), VOIP, VPN and Email
What is the latest stable released version of TLS and in what year?
TLS 1.2, in 2008.
What is the new upcoming version of TLS?
1.3
What is a cipher suite?
Is a named combination os authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a SSL/TLS connection.
Name some examples of Authentication encryption algorithms
RSA, DSA, ECDSA
Name some examples of key exchange algorithms
RSA, Diffie-Hellman, ECDH, SRP, PSK
Name some examples of bulk encryption algorithms
RC4, Triple DES, AES, IDEA, DES, or Camellia. In older versions of SSL, RC2 was also used.
Name some examples of message authentication code algorithms
for TLS, a Hash-based Message Authentication Code using MD5 or one of the SHA hash functions is used. For SSL, SHA, MD5, MD4, and MD2 are used.
In which type of encryption algorithms is the encryption key the same as the decryption key?
In Symmetric key cyptography like AES. Its a key used to encrypt AND decrypt data, with this specific key.
What is the most common used algorithm for public and private key pairs?
RSA. Named after researchers: Rivest, Shamir and Adleman
Hows does RSA work with public-private key encryption?
Data gets encrypted with the public key. The encrypted data can only be decrypted by using the private key AND the public key.
What standard certificates are used for TLS?
X509 certificates
How are certificates checked?
They can be checked on domain and organization level. The company that provides the certificate and the browsers have a database of trusted sites.
What three levels of CA trustchains are there (above an implemented certificate on a website)
First the ROOT CA of the origanization. Then the Intermediate CA and finally the Leaf CA. Then comes the real end certificates for domains.
What types of Hash methods are there?
SHA1 to SHA3 and MD5.
Wat are vonurabilities of hash functions?
You can predict the outcome, because the hash value can be the same. Which could also result in a collision.
What is a man in the middle (attack) ?
They can manipulate encrypted data by replacing hash functions/value or certificate verifiying