Key Management in Networking Systems

Questions and Answers

What service does Authentication Header (AH) provide?

• Integrity and authentication services (correct)
• Encryption service only
• Confidentiality service only
• Availability service only

Which protocol provides combined encryption and authentication services in IPsec?

• Secure Socket Layer (SSL)
• Internet Key Exchange (IKE)
• Encapsulating Security Payload (ESP) (correct)
• Authentication Header (AH)

Which function does IPsec key management perform?

• Transfer data between routers securely
• Put in place any cryptographic keys required for services (correct)
• Select required security protocols
• Determine the algorithm(s) to use for the service(s)

What does ESP tunnel Security Association (SA) provide in IPsec?

Confidentiality protection for the IP packet's entire contents (A)

What is the primary purpose of AH transport Security Association (SA) in IPsec?

Authenticate the sender of the IP packet (A)

In IPsec, what role does the Encapsulating Security Payload (ESP) play?

Providing confidentiality and integrity services for IP traffic (B)

What is the advantage of using authentication before encryption in IPsec?

Prevents anyone from intercepting and altering the authentication data without detection (A)

In the context of IPsec key management, how many keys are typically required for communication between two applications?

Four pairs - transmit and receive keys for integrity and confidentiality (A)

Why might using authentication before encryption be preferable in IPsec?

To prevent message interception and tampering without detection (C)

What is the purpose of having an inner AH transport SA and an outer ESP tunnel SA in a bundle?

To allow for storing authentication information at the destination (C)

How does ESP SA function when used without its authentication option?

Applies encryption to the IP payload without authentication (D)

Which aspect of IPsec key management involves determining and distributing secret keys?

Key management (C)

What is the main difference between manual and automated key management in IPsec?

Manual key management requires less administrative effort, while automated key management enables on-demand key creation. (B)

What does ISAKMP stand for in the context of IPsec key management?

Internet Security Association and Key Management Protocol (B)

What is the main purpose of Oakley Key Determination Protocol in IPsec?

To establish a shared secret key between two parties involved in communication (C)

Which functional areas does IPsec encompass according to the text?

Authentication, Confidentiality, and Key Management (D)

What aspect makes IPsec specifications particularly challenging to comprehend?

The extensive coverage across various RFCs and IETF documents (B)

Which protocol is considered the default automated key management protocol of IPsec?

ISAKMP/OAKLEY (A)