TLS Protocol Quiz

Questions and Answers

Which of the following is the primary function of the TLS Handshake Protocol?

• Providing secure connections between web servers and clients only.
• Establishing a secure session with certificate exchange and key generation (correct)
• Securing transport-layer connections.
• Data fragmentation and compression

What is a key characteristic of TLS connections?

• They are persistent and directly associated with multiple sessions.
• They're application-layer connections.
• They persist indefinitely within a session.
• They are transient, transport-layer, peer-to-peer relationships. (correct)

Which protocol is responsible for providing basic security services in TLS?

• Handshake Protocol
• TLS Record Protocol (correct)
• Change Cipher Spec Protocol
• Heartbeat Protocol

Which of the listed items are components of the TLS protocol stack?

Handshake Protocol, Change Cipher Spec Protocol, Alert Protocol. (A)

What is the primary purpose of a TLS Session?

To define cryptographic security parameters that can be reused among multiple connections. (B)

Which of the following functions is NOT a component of the TLS Record Protocol?

Server Authentication (C)

How does TLS help in securing web traffic?

By securing connections between web servers and clients, often used in protocols like HTTPS. (A)

What does the term 'transient' describe in the context of TLS connections?

They are temporary and may not be maintained between a client and server. (A)

What is the primary purpose of the Handshake Protocol in TLS?

To establish a shared secret key for secure communication. (B)

What is the function of the HMAC algorithm in TLS?

To ensure the message's integrity and authenticity. (C)

Which of the following is NOT a valid encryption method used by the TLS Record Protocol?

RSA (B)

What does the 'Content Type' field in the TLS record format specify?

The higher-layer protocol used to process the fragment. (B)

What is the function of the 'Change Cipher Spec Protocol'?

To copy the pending connection state into the current state. (D)

Which of the following best describes a 'fatal' alert level in the TLS Alert Protocol?

A signal for immediate connection termination. (B)

In the HMAC algorithm, what do ipad and opad represent?

Fixed byte sequences used in the HMAC process. (D)

What does the 'Compressed Length' field in the TLS record format indicate?

The length of the compressed or uncompressed fragment. (A)

What is the primary purpose of the session identifier in TLS?

To identify an active or resumable session state. (B)

Within the Secure Shell protocol stack, what is the primary function of the Transport Layer Protocol?

Providing server authentication, data confidentiality, and data integrity. (C)

What does the Cipher Spec define in TLS?

The algorithms for both bulk data encryption and MAC calculation. (C)

In the context of SSH server authentication, what is the role of the server's public/private key pair?

To provide server authentication at the transport layer. (B)

What is the role of the 'resumable flag' in the session state?

To indicate whether a session can be used to initiate new connections. (A)

What is a common trust model used by clients for verifying host keys in SSH?

The client relies on a local database associating host names with public keys. (A)

What are Server and Client Random in the TLS connection state?

They are byte sequences that are randomly chosen for each connection. (D)

What is the purpose of Initialization Vectors (IVs) in TLS?

To ensure that repeating plaintext values do not produce the same ciphertext. (A)

What does 'forward secrecy' mean in the context of the Transport Layer Protocol?

If a key is compromised in one session, it does not affect the security of previous sessions. (D)

Which protocol within the SSH stack is responsible for managing multiple logical communication channels over a single connection?

Connection Protocol (A)

How are Initialization Vectors (IVs) initialized in TLS?

Through the TLS Handshake protocol. (A)

In the context of SSH, what role does a Certification Authority (CA) play?

It certifies the host name-to-key association, ensuring the host key's validity. (C)

What is the significance of sequence numbers in TLS?

They track the order of transmitted and received messages for each connection. (C)

When is the sequence number reset in TLS?

After a change cipher spec message is sent or received. (C)

What is the primary purpose of the User Authentication Protocol within the Secure Shell stack?

To authenticate the client to the server. (D)

Regarding server host keys, what statement is correct?

A server may have multiple host keys using different asymmetric algorithms. (C)

During the TLS handshake, what is the purpose of the 'finished' message?

To verify the successful completion of the key exchange and authentication processes. (B)

Which of the following describes the correct order of actions taken by the client after receiving the server's change_cipher_spec message?

Send change_cipher_spec, copy pending to current spec, send finished message. (A)

What is derived from the master secret using the PRF function?

The key_block, which provides the cryptographic parameters. (A)

During the master secret creation for a TLS session, where does the 'pre_master_secret' originate in an RSA key exchange?

It's generated by the client, encrypted with the server’s public key. (B)

In the calculation of the master_secret, which of the following values are used as input to the PRF function?

The pre_master_secret, 'master secret' label, and the concatenated client and server random values. (C)

What is the primary purpose of the Pseudo-Random Function (PRF) in the context of TLS?

To generate sequences of pseudorandom bytes to be used for keys and secrets. (A)

What input parameters are used to generate the 'key_block'?

master_secret, 'key expansion' label, client_random concatenated with server_random. (D)

Which of the following describes the iterative process used inside of the Pseudo Random Function(PRF)?

A(i) = HMAC_hash(secret, A(i-1)) (C)

What does the server verify during SSH authentication?

The validity of the provided key and signature associated with a host. (D)

What does the SSH Connection Protocol assume about the underlying connection?

It is a secure and authenticated connection. (A)

What is the purpose of 'channels' in SSH Connection Protocol?

To multiplex various types of communication over the secure connection. (A)

When can data be sent to a channel?

Only after a window space message is received. (D)

What does a 'session' channel primarily facilitate within SSH?

Remote execution of programs. (C)

What is the purpose of the X11 channel type in SSH?

Enabling graphical user interfaces on remote servers to be displayed on local machines. (D)

What is the main function of 'forwarded-tcpip' channel type?

Creating a secure tunnel to transmit any TCP data. (C)

Which of the following is a key feature of SSH channels?

Channels enable multiplexing of different communications. (C)

Flashcards

Transport Layer Security (TLS)

A protocol that provides security for communications over a computer network, using both symmetric and asymmetric encryption.

Handshake Protocol

A process in TLS for exchanging certificates and generating a session key for secure communication.

Record Protocol

Handles the secure transmission of data, including fragmentation, compression, and encryption under TLS.

Session

An association created by the Handshake Protocol, defining security parameters for multiple connections.

Connections

Transient transport-layer relationships between two endpoints that utilize a session.

IETF RFC 8446

The Request for Comments document that defines the TLS 1.3 protocol standard.

Certificate Exchange

Process in TLS Handshake where public keys are shared to authenticate the server and client.

Data encryption

The process of converting data into a secure format to prevent unauthorized access, used in TLS.

Message Authentication Code (MAC)

Ensures message integrity by verifying it's not altered during transmission.

HMAC algorithm

A specific type of MAC that uses a cryptographic hash function with a secret key.

Encrypted Data

Data that has been transformed to ensure confidentiality in TLS, using algorithms like AES or 3DES.

Change Cipher Spec Protocol

Updates the cipher suite and copies the pending state into the current state in TLS.

Alert Protocol

Communicates TLS-related alerts to inform peers about warnings or fatal errors in a connection.

Session Identifier

An arbitrary byte sequence to identify an active or resumable session state.

Cipher Spec

Specifies the bulk data encryption algorithm and hash algorithm for MAC calculation.

Peer Certificate

X.509 certificate of the peer used in establishing secure connections.

Master Secret

A 48-byte secret shared between client and server for encryption.

Initialization Vectors

Byte sequences maintained for each key; they ensure uniqueness in data encryption.

Write MAC Secret

Secret key used in MAC operations to ensure message integrity.

Write Key

The secret encryption key used for encrypting data from server to client or vice versa.

Sequence Numbers

Each party maintains separate numbers for tracking transmitted and received messages.

Change Cipher Spec Message

Message sent during TLS handshake to indicate that subsequent messages will be encrypted with the new Cipher Spec.

Finished Message

Message sent to verify that key exchange and authentication processes succeeded during a TLS handshake.

Pre-Master Secret

Value generated by the client, encrypted with the server's public RSA key, for use in creating the Master Secret.

Pseudo-Random Function

A function that generates a series of outputs from a given seed in cryptographic applications.

Key Expansion

Process of generating cryptographic parameters from the Master Secret to secure the session.

Transport Layer Protocol

A protocol ensuring server authentication, confidentiality, and integrity with forward secrecy.

Forward Secrecy

A property ensuring that compromising one session key does not affect past session keys.

User Authentication Protocol

Protocol that verifies the identity of a client/user to the server.

Connection Protocol

Multiplexes multiple channels over a single SSH connection for efficient communication.

Server Authentication

Verification of a server's identity using a public/private key pair.

Host Key

Public key associated with a server, used for authenticating the identity during key exchange.

Certification Authority (CA)

An entity that certifies the association of host names with their public host keys.

Key Exchange

The process during which server host keys are used to authenticate the host's identity.

Authentication in SSH

Verification of the client's host identity using a signature created with the client's private key.

Secure Authentication Connection

Also known as a tunnel, it multiplexes several logical channels over a secure connection in SSH.

SSH Connection Protocol

Runs on top of the SSH Transport Layer, enabling secure communication between a client and server.

Channel Mechanism

Allows separate communication pathways within an SSH connection, each assigned a unique channel number.

Flow Control in Channels

Utilizes a window mechanism to manage how data is sent and received in each channel, ensuring no data is sent until window space is available.

Session Channel Type

Establishes remote program execution, enabling running commands or applications on a remote server.

X11 Channel Type

Allows graphical user interface applications to run on a network, displaying output on a local machine.

Forwarded-TCPIP Channel Type

Facilitates forwarding TCP connections over an SSH channel, allowing remote network communication.

Study Notes

Network Security

• The presentation covers Network Security, specifically Transport Level Security (TLS)
• It was presented by Prof. Dr. Torsten Braun at the University of Bern (18.11.2024 - 25.11.2024)

Transport Layer Security

• TLS is a protocol used for secure communication on the internet.

Table of Contents

• Introduction
• Transport Layer Security
• Datagram Transport Layer Security
• Hypertext Transfer Protocol Secure
• Secure Shell

Threats on the Web

• Integrity: Modification of user data, Trojan horse browsers, modification of memory, modification of message traffic
• Confidentiality: Eavesdropping on the network, theft of information from servers, theft of data from clients, info about network configuration, info about which client talks to server.
• Denial of Service: Killing of user threads, flooding machine with bogus requests, filling up disk or memory, isolating machine by DNS attacks
• Authentication: Impersonation of legitimate users, data forgery (misrepresentation)
• Consequences: Loss of information, machine compromise, vulnerability to other threats, loss of privacy
• Countermeasures: Cryptographic checksums, encryption, Web proxies, difficult to prevent

Web Traffic Security Approaches

• Network Level: HTTP, FTP, SMTP, TCP, IP/IPSec, IP
• Transport Level: HTTP, FTP, SMTP, TCP, SSL or TLS, IP
• Application Level: HTTP, FTP, SMTP, TCP, S/MIME, Kerberos, UDP, IP

Transport Layer Security (TLS) Overview

• Functions: Client and server authentication with public keys, sessions encrypted with symmetric keys, handshake protocol, certificate exchange, generation of a secret session key, record protocol (data exchange), fragmentation, compression and encryption
• Handshake Protocol: Authentication, key exchange,
• Record Protocol: Data exchange

TLS Protocol Stack

• IETF RFC 8446 defines TLS record protocol, providing basic security services
• Higher-layer protocols in TLS include Handshake Protocol, Change Cipher Spec Protocol, Alert Protocol, and Heartbeat Protocol
• These are all defined within the RFC 8446 standard

TLS Connections and Sessions

• Transport-layer connections are between two endpoints; peer-to-peer relationships—transient
• Every connection has one session
• A session is an association between a client and server, created by the Handshake Protocol
• Cryptographic Security Parameters defined
• session identifier
• peer certificate
• compression method

Session State

• Session Id: arbitrary byte sequence
• Peer certificate: X.509 certificate
• Compression method: algorithm
• Cipher Spec: specifies encryption and hash algorithms, and cryptographic attributes such as hash size.
• Resumable Flag: indicates whether a session can be used to initiate new connections.

Connection State

• Server and Client random: byte sequences chosen by client and server for each connection
• Server (Client) write MAC secret: secret keys used for MAC operations on data
• Server (Client) write key: the secret encryption key
• Initialisation Vectors: for block ciphers in CBC mode
• Sequence Numbers: separate numbers maintained for transmitted and received messages for each connection

Record Protocol Services

• Confidentiality: Handshake protocol defines a shared secret key used for conventional encryption of TLS payloads
• Message Integrity: Handshake protocol defines a shared secret key for forming a Message Authentication Code (MAC)

Record Protocol Operation

• Application Data, Fragment, Compress, Add MAC, Encrypt, Append TLS Record Header
• HMAC Algorithm (RFC 2104) - H[(K+⊕opad) || (K+⊕ipad) || M], where H is MD5 or SHA-1, and M is the message. K+ is the secret key padded with 0’s. ipad/opad are 36/5C repeated 64 times
• Encryption: AES-128/256, 3DES, or Stream Cipher (RC4-128).

Record Format

• Content Type: higher-layer protocol used to process the enclosed fragment.
• Major/Minor Version Numbers:
• Compressed Length (16 bits): length of plaintext fragment, or compressed if compressed, is (2^14 + 2048)
• MAC (0, 16 or 20 bytes)

Specific Protocols

• Change Cipher Spec Protocol: copies pending state into current state, to update the cipher suite used in a connection.
• Alert Protocol: conveys TLS-related alerts to the peer entity; levels are warning or fatal (immediate termination), code to indicate alert.

Handshake Protocol Messages

• hello_request, client_hello, server_hello, certificate, server_key_exchange, certificate_request, server_done, certificate_verify, client_key_exchange, finished.

Handshake Protocol Operation, Phase 1

• Client highest version understood, server lowest suggested; highest supported by server.
• Random structure: 32-bit timestamp, 28 bytes; used as nonces for key exchanges. Prevents replay attacks.
• Session ID: variable length; non-zero value indicates client wishes to update existing or create new conncetion; zero value means new conncetion.
• Cipher suites, compression methods

Handshake Protocol Operation, Phase 2

• Server authentication and key exchange
• Anonymous DH, 2 global DH values + server's public DH key, Ephemeral DH, RSA key exchange, temporary public/private RSA key pair.
• server_key_exchange

Handshake Protocol Operation, Phase 3

• Client authentication and key exchange. RSA 48-byte pre-master secret, encrypted using public key for second phase; Ephemeral/Anonymous DH parameters

Handshake Protocol Operation, Phase 4

• Client sends change cipher spec message. Copies pending state into current cipher spec; sends finished message to verify key exchange success.
• Server sends own change cipher spec message, transfers to current cipher spec; sends finished message.
• PRF is used, a function that generates the master secret values

Master Secret Creation

• Shared master secret: 48-byte value
• Stages 1 & 2: RSA and DH (Diffie-Hellman)
• master_secret - PRF(pre_master_secret, “master secret”, ClientHello.Random || ServerHello.Random)
• Cryptopgraphic parameters - MD5(master_secret, ServerHello.random, SHA("A" or "B" || master_secret || ClientHello.random))

TLS Pseudo-Random Function

• Generates pseudo-random key material from a seed value and a cryptographic secret key

Generation of Cryptographic Parameters

• Parameters generated from master secret by hashing, ordered by sufficient length for all parameters

Attacks

• Attacks on Handshake Protocol (e.g., compromising handshake, exploiting formatting)
• Attacks on Record and Application data Protocols (e.g., Browser Exploits, Chosen Plaintext Attack)
• Attacks on PKI (e.g., checking validity of X.509 certificates)

TLSv1.3

• TLSv1.3 removes several options & functions (e.g., compression and ciphers).
• Elliptic Curve DH for key exchange and doesn't permit RSA
• Encrypts all handshake messages after server_hello
• "1 round trip time" handshake order

Datagram Transport Layer Security (DTLS)

• DTLS is a protocol based on TLS, designed for UDP communication. DTLS is closely similar to TLS.
• Uses reliable transmission of handshakes and retransmission for communication

RSA Handshake

• Cookies prevent denial-of-service attacks by requiring a "cookie" from the server to demonstrate ability to handle packets

Hyper Text Transfer Protocol Secure (HTTPS)

• Secure version of HTTP; encrypts communications, provides encryption, data integrity, and authentication.
• Data sent using HTTPS

HTTPS Connection Initiation

• Agent acting as HTTP client also acts as a TLS client. Client initiates a connection, sends TLS client hello to begin TLS handshake.
• After handshake, client sends first HTTP request, all HTTP data sent as TLS application data.

HTTPS Connection Closure

• HTTP indicates closing of the connection; TLS protocol closes the connection with peer TLS entity, this involves closing underlying TCP connection.
• Use Alert Protocol to send close_notify alert to close connections appropriately

Secure Shell (SSH)

• Initial version provided secure remote logon facility. Replaced TELNET and similar protocols.
• SSH provided a more general client/server capability for applications like file transfer and e-mail.

SSH Protocol Stack

• User authentication protocol: authenticates client to server
• SSH Transport Layer Protocol: provides server authentication, confidentiality, integrity and optional compression.
• TCP: Reliable connection end-to-end delivery
• IP: Datagram delivery across multiple networks

SSH Transport Layer Protocol

• Server authentication based on public/private key pair. Server may have multiple host keys for different asymmetric encryption algorithms.
• Multiple hosts may use the same host key. Host key is used during key exchange.

SSH Packet Exchange

• TCP connection established, identification string exchange, algorithm negotiation, key exchange, end of key exchange, SSH messages exchanged, service request.

SSH Cryptographic Algorithms

• Lists various cryptographic algorithms including 3DES, Blowfish, Twofish, AES, Serpent, RC4, and CAST-128. Also lists MAC algorithms and compression algorithms.

SSH Key Generation

• Encryption and MAC keys are generated from shared secret key (K), which comes from DH key exchange, calculated from hash value (H). Session identifier equal to H
• Subsequent key exchange occurs after initial key exchange.

SSH User Authentication Protocol

• Client sends SSH_MSG_USERAUTH_REQUEST with method specified; server validates the user name; responds with SSH_MSG_USERAUTH_FAILURE if validation fails; returns a list of authentication methods used

SSH Authentication Methods

• Public Key: client sends a message containing public key, signed by the client's private key. The server verifies the key (client's public key is acceptable for authentication) and signature
• Password: Client sends a password that's protected by encryption. Authentication on Host-based (client's host, not its client)