Transport Level Security

Questions and Answers

PDF Questions PDF Answers

What does SSL do?

Provides security services between TCP and applications that use TCP

What is the internet standard version called?

Transport Layer Services

Why are protocol mechanisms involved in SSL/TLS?

Protocol mechanisms to enable 2 TCP users to determine the security mechanisms and services they will use

What are the threats in web security in terms of integrity?

Change in user data, trojan horse browser and modification of memory

What are the consequences in web security in terms of integrity?

Information being lost, machine is compromised, become vulnerable to threats

What are the countermeasures in web security in terms of integrity?

Crytographic checksums

What are the threats in web security in terms of Confidentiality?

Network being eavesdropped, info from server being stolen, data from client being stolen, info about network configuration

What are the consequences in web security in terms of confidentiality ?

Information and privacy being lost

What are the countermeasures in web security in terms of confidentiality ?

Encryption and web proxies

What are the threats in web security in terms of denial of service?

Machine is filled with ridiculous requests, filling up disk or memory, isolating machine by DNS attacks

What are the consequences in web security in terms of denial of service?

Annoying, could not get work done, disruptive

What are the countermeasures in web security in terms of denial of service?

Difficult to prevent

What are the threats in web security in terms of authentication?

Impersonation of legitimate users, data forgery

What are the consequences in web security in terms of authentication?

Misrepresantation of user, believing false info

What are the countermeasures in web security in terms of authentication?

Cryptographic techniques

What is the adavantage IP/IPSec in the network level of TCP/IP protocol stack?

It is transparent to end users and applications and provides a general purpose solution

What are the advantages of SSL or TLS in the transport level of TCP/IP protocol stack?

Transparent to applications or embedded in specific packages

What are the securiy features in application level of TCP/IP protocol stack?

Kerberos, S/MIME, PGP, SET. They are embedded within an application. Service can be tailored to specific needs of a given application

How is SSL designed?

SSL is designed to make use of the TCP to provide a reliable end to end secure service. It is a two layer protocol

What is SSL handshake protocol used for?

Management of SSL exchanges

What is the used of SSL record protocol?

Provides basic security to various higher layered protocols

What is the handshake protocol?

Negotiation of security algorithm and parameters, key exchange, server authentication and optionally client authentication

What is the record protocol?

Fragmentation, compression, message authentication and integrity protection, encryption

What is the Alert protocol?

Error messages

What is the change cipher spec protocol?

A single message that indicates the end of a SSL handshake

What is a SSL session?

A session created between the server and the client using the handshake protocol. A session defines a set of cryptographic security parameters which can be shared among multiple connections.

What is SSL connection?

A connection is transport that provides a suitable type of service

What are the parameters defining an SSL session?

Session identifier, peer ceritificate, compression method, cipher spec, master secret, is resumable

What are the parameters defining a SSL connection state?

Server and client random, server write MAC secret, client write MAC secret, server write key, client write key, initialisation vectors, sequence numbers

What is the confidentiality service provided by the SSL handshake protocol?

Defines a shared secret key that is used for conventional encryption of SSL payloads.

What is the message integrity service provided by the SSL handshake protocol?

Defines a shared key that is used to form a message authentication code(MAC)

What is transport layer security?

Derived from secure sockets layer and used to provide security at the transport layer

What does TLS prevent and who does it protect?

Eavesdropping, tampering and message forgery. Protecting communicating applications and their users on the internet

Why is the handshake protocol the most complex part of SSL?

Allows the server and client to authenticate each other. Negotiation of encryption, MAC algorithm and cryptographic keys. Used before any application data is transmitted.