P2L10: IPSec and TLS

Question 1

What are the goals of IP security (IPSec)?

Answer 1

• Verify sources of packets (providing authentication that is lacking in IPV4)
• Protect integrity/packet confidentiality
• Prevent replaying old packets
• Provide security automatically for higher level applications

Question 2

What two modes are in IPSec?

Answer 2

• Transport mode - End To End

* Tunnel mode (VPN) - Gateway To Gateway

Question 3

What are the 3 parts to IPSec Architecture?

Answer 3

• Encapsulating Security Payload (ESP)
  
  • Encrypts applied to packet payload
  • Authentication applied to IPSec header & payload after encryption is applied
• Authentication Header (AH)
• The Internet Key Exchange (IKE)

Question 4

Which ESP modes are secure? Encryption only, Authentication only, or Encryption + Authentication

Answer 4

All of them

Question 5

Authentication Header

Answer 5

• Applied to entire packet
  
  • Mutable fields in IP header are “zeroed out”
  • If both ESP and AH are used, AH is applied last

Question 6

What is Internet Key Exchange?

Answer 6

• Used when an outbound packet requires IPSec but does not yet have an SA
• 2 phases:
  • Establish an IKE SA -> establish shared secret and authenticate it
  • Use the IKE SA to negotiate IPSec SAs -> if no perfect secret key then keys for IPSec SA derived from secret, otherwise use new key
• Allows computers to exchange and negotiate security policies
• Establish parameters
  
  • Security Associations
• Shared parameters

Question 7

What are Security Associations?

Answer 7

• They are a one-way relationship between a sender and a receiver defined by IPSec parameters
  
  • One SA for inbound traffic
  • One SA for outbound traffic
• Uses database called Security Association Database (SADB)
• Security Parameters Index (SPI)
  
  • A unique index for each entry in the SADB
  • Identifies the SA associated with a packet

Question 8

What is Anti-Replay?

Answer 8

• It is used only if authentication is selected
• Window should not be advanced until the packet has been authenticated
• Duplicates are rejected!

Question 9

What is Secure Socket Layer (SSL) and Transport Layer Security (TLS)?

Answer 9

• One of the most widely used security services that rely on TCP
• It’s the internet standard
• Two implementation choices
  
  • Provided as part of underlying protocol suite
  • Embedded in specific packages

Question 10

TLS Concepts

Answer 10

• TLS Session

* TLS Connections

Question 11

TLS Session

Answer 11

• An association between a client and a server
• Created by the Handshake Protocol
• Defines set of cryptographic security parameters
• Used to avoid expensive negotiation of each new security parameter for each connection

Question 12

TLS Connections

Answer 12

• A transport that provides a suitable type of service
• Peer to peer relationships
• Every connection is associated with one session