Key Management in Networking Systems

Questions and Answers

What service does Authentication Header (AH) provide?

Integrity and authentication services (correct)

Encryption service only

Confidentiality service only

Availability service only

Which protocol provides combined encryption and authentication services in IPsec?

Secure Socket Layer (SSL)

Internet Key Exchange (IKE)

Encapsulating Security Payload (ESP) (correct)

Authentication Header (AH)

Which function does IPsec key management perform?

Transfer data between routers securely

Put in place any cryptographic keys required for services (correct)

Select required security protocols

Determine the algorithm(s) to use for the service(s)

What does ESP tunnel Security Association (SA) provide in IPsec?

Confidentiality protection for the IP packet's entire contents

What is the primary purpose of AH transport Security Association (SA) in IPsec?

Authenticate the sender of the IP packet

In IPsec, what role does the Encapsulating Security Payload (ESP) play?

Providing confidentiality and integrity services for IP traffic

What is the advantage of using authentication before encryption in IPsec?

Prevents anyone from intercepting and altering the authentication data without detection

In the context of IPsec key management, how many keys are typically required for communication between two applications?

Four pairs - transmit and receive keys for integrity and confidentiality

Why might using authentication before encryption be preferable in IPsec?

To prevent message interception and tampering without detection

What is the purpose of having an inner AH transport SA and an outer ESP tunnel SA in a bundle?

To allow for storing authentication information at the destination

How does ESP SA function when used without its authentication option?

Applies encryption to the IP payload without authentication

Which aspect of IPsec key management involves determining and distributing secret keys?

Key management

What is the main difference between manual and automated key management in IPsec?

Manual key management requires less administrative effort, while automated key management enables on-demand key creation.

What does ISAKMP stand for in the context of IPsec key management?

Internet Security Association and Key Management Protocol

What is the main purpose of Oakley Key Determination Protocol in IPsec?

To establish a shared secret key between two parties involved in communication

Which functional areas does IPsec encompass according to the text?

Authentication, Confidentiality, and Key Management

What aspect makes IPsec specifications particularly challenging to comprehend?

The extensive coverage across various RFCs and IETF documents

Which protocol is considered the default automated key management protocol of IPsec?

ISAKMP/OAKLEY