What are the items required to build a complete security protocol?
- Handshake: Alice, Bob use their certificates and private keys to authenticate each other, share secret
- Key derivation: Alice, Bob use shared secret to derive keys
- Data Transfer: Series of messages (“records”)
- Connection Termination: securely close connection
What are the steps in a security protocol handshake?
1) Bob establishes TCP connection with Alice
2) Bob verifies Alice’s identity (certificate)
3) Bob sends Alice master secret key MS (used to generate all other keys for session)
Potential Issue: 3 RTTs before client can start receiving data
What are the steps in the key derivation process in a security protocol?
- Alice and Bob generate the same four keys (Kb, Mb, KA, MA
Note: keys are derived from predetermined key derivation function (KDF) - Process could be as simple as splitting MS into 4 parts
What layer of the protocol stack does TLS sit in?
Technically the Application layer, but could be considered in-between Application and Transport layer
What protocol does TLS replace?
Secure Socket Layer (SSL)
What types of applications is TLS built to support?
Any type of application (e.g. HTTPS is HTTP with messages sent over TLS / SSL)
How does TLS enforce confidentiality?
Through symmetric encryption.
How does TLS enforce integrity?
Through MAC
How does TLS enforce authentication?
Through public key cryptography and certificates
TLS supports several algorithms for different security functions. Which are these functions?
- Key generation
- Encryption
- MAC
- Digital Signature
How does TLS choose a cipher suite?
- The choice of algorithms is negotiated during the handshake
- Client sends list of supported cipher suites
- Server chooses one of the supported cipher suites
Describe QUIC
- Transport layer protocol running on top of UDP
- Provides reliability of TCP plus security of TLS (can combine connection establishment and security handshake)
