Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

6035 supplement > P2L10 IPSec and TLS > Flashcards

P2L10 IPSec and TLS Flashcards

1
Q

goals of ipsec

A

verify source of IP packets, integrity of packets, avoid replay of packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IPSec modes

A
  1. transport mode (host to host) and 2. tunnel mode (gateway of one network to gateway of another network)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tunnel packets from gateway A to gateway B

A

packet is encapsulated in additional headers (source gateway address, destination gateway address, IPSec header)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security mechanisms of IPSec

A

Key Exchange Protocol, ESP (Encapsulating Security Payload), AH (Authentication Header)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ESP

A

Encrypts and authenticates each packet (applied to payload). Authentication is applied to data in the IPSec header and packet payload (after encryption applied)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ESP can provide both confidentiality and integrity protection

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If the authentication option of ESP is chosen, message integrity code is computed before encryption

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with the authentication option in tunnel mode

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In AH, the integrity hash covers the IP header

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

internet key exchange protocol

A

needed for IPSec, allows two parties to decide security policies for traffic between them and agree security parameters (algorithms for hashing), establishes shared keys between two parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SPI

A

used to look up SA in SADB, included in IPSEC header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Outbound processing of packet

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Inbound processing of packet

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Anti-replay mechanism

A

Sequence number added to IPSEC header. Only used when AH is present.

A sequence scale is used. If packet contains sequence number below sequence window, it is rejected. If it contains sequence # above, the window is advanced. If # within window, it is checked to see if used before.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IKE SA

A

Internet Key Exchange Security Association. It is bidirectional and used to define encryption and authentication of IKE traffic.

TWO PHASES:

  1. Establish IKE SA
  2. Use IKE SA to negotiate IPSec SAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IKE Phase 1 steps

A
  1. negotiate protection suite, crypto algorithms
  2. Establish shared secret (i.e. diffie helman)
  3. authenticate the shared secret (eg pre shared key, digital signatures, public key encryption)
17
Q

More than two parties can participate in Diffie Hellman key exchange: true or false

A

true

18
Q

PFS

A

Perfect Forward Secrecy:

in IKE phase II keys are created based on the pre-shared key and new exchanged information. (new nonce values, new diffie hellman keys, etc)

19
Q

TLS session vs connection

A
20
Q

SSL Record Protocol

A
21
Q

In most applications of TLS, public keys are used for authentication and key exchange

A

True

22
Q
A

6035 supplement (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions