Network Security: Standards and Protocols Flashcards
How does S/MIME differ from MIME?
Regular MIME is an extension of the original mail format and supports headers, multimedia content etc.
Since MIME had no support for security, S/MIME was created. S/MIME supports:
- enveloped data (confidentiality),
- signed data (integrity)
- clear-signed data (integrity)
- signed AND enveloped data (confidentiality and integrity)
How does S/MIME create signed and enveloped messaged?
Alice wants to send Bob a message:
- Alice adds a digital signature to the message by using her private key.
- Alice encrypts the message (including signature) with a pseudorandomly generated one-time session key.
- The one-time session key is encrypted using Bob’s public key, and is then added to the beginning of the message.
- The encrypted message containing encrypted signature and key is then converted to Radix-64 and sent to Bob.
What is Pretty Good Privacy (PGP)?
An email encryption scheme.
The design is largely the same as S/MIME’s signed and enveloped format.
What is DKIM?
DomainKeys Identified Mail.
Since not many users are using S/MIME, S/MIME is not very effective.
For that reason, DKIM was created. It works between domains instead of end users.
Email messages are signed by private domain key.
Adds integrity, but no confidentiality.
What is SSL and TLS?
Secure Sockets layer and Transport Layer Security.
TLS is the successor to SSL.
Works on top of the TCP & IP layers.
The ‘s’ in ‘https’ indicates that SSL or TLS is being used.
What is the record protocol and how does it work?
The record protocol is the most important sub-protocol of TLS and is responsible for converting higher level data into encrypted fragments. It works in the following way:
- Split higher level data into fragments
- Compress fragments so they are more compact
- Add MAC to each fragment
- Encrypt fragments (including MAC)
- Prepend SSL record header to the encrypted fragments
https://imgur.com/a/T8GGpvr
Which sub-protocols does TLS have?
The record protocol, in addition to higher layer protocols such as:
- Change Cipher Spec protocol
- Alert protocol
- Handshake protocol
Besides the record protocol, the handshake protocol also seems to be emphasized. It is the most complicated sub-protocol and allows servers and clients to authenticate each other and agree on keys.
What is SSL and TLS vulnerable to, and how can the vulnerability be mitigated?
Attackers removing, re-ordering or replacing TCP blocks. It will only become clear that something is wrong when the data is passed to the application layer.
Solution: have additional sequence numbers specifically for SSL. TCP sequence numbers are not sufficient.
What is the heartbeat protocol and how does it work?
Messages to indicate that a connection is still alive.
Simply put, the client asks the server:
“are you there, if so reply with this specific string S of length n.”
What is the heartbleed bug?
The heartbeat protocol did not check that the specified length matched the specified word’s length. By saying that the word length is much larger than the specified word, servers could end up replying with other contents from their RAM.
What is HTTPS?
HTTP combined with SSL or TLS.
Provides secure communication between web browser and web server.
Regular HTTP uses port 80
HTTPS uses port 443
What is a VPN?
Virtual Private Network
Orker ikke forklare denne haha
TO DO
How can IP be secured?
IP Security provides general security and is not application-specific like S/MIME and SSL/TLS.
IP security encompasses 3 functional areas:
- confidentiality: encryption to prevent eavesdropping
- authentication: authenticates source as well as integrity of packet
- key management: secure exchange of keys needed for the the two above.
IPsecV3 provides confidentiality and authentication
IKEv2 provides key management
What is the two main functions that IPSec provides?
Authentication Header (AH): -Provides authentication only
Encapsulation Security Payload (ESP):
-provides confidentiality and authentication
Authentication Header is deprecated because ESP is better, but is included in IPsecV3 for backwards compability
What is Security Associations (SA) in IPsec?
One way relationships between sender and receiver that provides security in one direction.
For a connection, two SAs are required.
IPsec implementation includes a database of SAs.
