SSL and TLS Flashcards

1
Q

What are SSL and TLS used for?

A

Secure Socket Layer and Transport Layer Security are used to protect TCP connections on the web, when communicating with web servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What can SSL and TLS protect against?

A

Application level threats such as server impersonation, but not IP level threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two main protocols of SSL?

A

A handshake, which establishes a shared key, and a record protocol, which encapsulates the higher level data being exchanged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do SSL and TLS use public key encryption?

A

For authentication and session key transfer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do SSL and TLS use symmetric key encryption?

A

For confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do SSL and TLS ensure integrity?

A

By hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a “master secret”?

A

This is in TLS. We have a master secret which is used to generate all the various secret information which is needed, including the encryption key, the IVs, and integrity protection keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the TLS handshake.

A

Client (C) sends…
ClientHello: C, version(c), ciphersuite(c), nonce(c).

Server (S) sends…
ServerHello: version(s), ciphersuite(s), nonce(s).
Certificate: sigCA(S, server’s public key).
ServerHelloDone.

Client sends …
ClientKeyExchange: Server’s public key(secret(c))
ChangeCipherSpec
Finished: hash(c)

The server sends…
ChangeCipherSpec
Finished: hash(s)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do we compute the hashes in the TLS handshake?

A

The hashes are computed on all the messages you have sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is included in the ciphersuite in a TLS handshake?

A

The Key Exchange algorithm, the encryption algorithm, and the hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a chosen protocol attack in TLS?

A

Newer versions of TLS are backwards compatible, and older versions may have vulnerabilities. So, if an attacker can fool someone into using an older version, they can exploit these weaknesses. For example, in version 2.0, there is no hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Javascript attack?

A

Javascript is executed in the browser, and the attacker can use this to their advantage by using this to execute some code on the user’s machine. An example would be inserting malicious javascript into a web page or HTML email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly