N11. Security Flashcards
What is a firewall?
Programmable packet filter
- situated on border router
- implements filter policy
Prevents:
- packets leaving site network
- packets entering site network
Access control lists (ACLs) - what is and is not allowed
Deep packet inspection (DPI) - looks beyond header of packet
Stateful packet inspection - looks beyond single packet at flow of packets and monitors state
Disadvantage of firewalls
Can be a performance bottleneck
What is the difference between security and privacy?
Security - protection from things on the wire
Privacy - protection from sharing information that shouldn’t be publicly shared (helps with security but they are distinct, beyond packet layer to application layer)
List 3 parts of security analysis to consider:
- Security threats - what to protect against
- Security services - to protect against threats
- Security mechanisms - algorithms and protocols to implement security services chosen
(Implementation - specific hardware, software and policy required)
Give examples of common security threats
Eavesdropping (traffic monitoring) - inspection of traffic contents, traffic patterns. Control-plane and user-plane.
Traffic modification - changing ‘genuine’ packets, forging of packets and data
Man in the Middle (MitM) - forged identities, fake servers/services, fake clients
What is the secret-key system of key-based cryptography?
Secret-key system:
- single key, k1 == k2
- used for both encryption and decryption
- must be known and kept secret by both parties
What is the public-key system of key-based cryptography?
Public-key system
- pair of matched keys - one for encryption, one for decryption
- k1 and k2 different but complementary - one secret, one public
- harder to break than private-key encryption but more computationally expensive
How are hash algorithms used in security?
Creates a fixed size bit pattern from any input of bits (strong checksum)
1. fixed size hash value as output
2. cannot reproduce original message from hash value
3. very low probability of producing two messages with same hash
Message Authentication Code
What is a Message Authentication Code?
Based on hash algorithm, alternative to public-key encryption
- use secret key k
- combine secret key with plain text and hash
- check that MAC output matches expected (even one bit changed indicates tampering with content)
Explain how Digital Signatures are used in security?
Digital signature is like a strong, secure checksum
Gives high assurance of message authenticity and integrity
Signature - with public key (create hash, encrypt with secret key, check at receiver using public key) - if hash given to receiver doesn’t match hash from decrypting with public key then document has changed
How are certificates used in security?
Certification Authority issues a certificate (and public key to user) and authenticates the certificate with a digital signature.
Certificate contains:
- user ID
- user public key
- dates of validity
- CA’s ID and signature
On receiving a certificate, user should check signature using public key, check for revocation and use directory service (must trust CA)
What is TLS?
Transport Layer Security (formerly SSL)
- originally for secure HTTP sessions - HTTPS
- general API can potentially be used by any protocol over TCP
TLS is end-to-end - sits above normal sockets interface
What services does TLS provide?
- a client to authenticate a server
- a serve to authenticate a client (optional)
- client and server to select crypto protocols for a communication session
- client and server exchange session keys securely
- confidential sessions between client and server
Describe the TLS handshake
- client hello - TLS options proposed
- server hello - TLS options selected by server
- server key exchange - certificate (with public key)
- server hello complete
- client key exchange - sends session key encrypted with server’s public key
- client change cipher spec - activate new session state
- client finished - secure session established
- server change cipher spec - activate new session state
- server finished - secure session established
