Professional Documents
Culture Documents
ITNE 3013 Advanced Network and Information Security
ITNE 3013 Advanced Network and Information Security
TUTORIALS WEEK – 2
Name: Rupesh Pandey
Student no. 40290
CONTENTS
1. What are the advantages of each of the three approaches shown in the figure below?
Advantage of IP/IPsec
Advantage of SSL
1. SSL Protects Data
2. SSL Affirms Your Identity
3. Better Search Engine Ranking
a. SSL Handshake Protocol b. SSL change cipher spec Protocol c. SSL Alert Protocol d. SSL Record
Protocol e. TCP/IP Protocol
Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable
type of service. For SSL, such connections are peer-topeer relationships. The connections are
transient. Every connection is associated with one session.
Session: An SSL session is an association between a client and a server. Sessions are created by the
Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be
shared among multiple connections. Sessions are used to avoid the expensive negotiation of new
security parameters for each connection."
4) List and briefly define the parameters that define an SSL session state.
Session Identifier: An arbitrary byte sequence chosen by the server to identify an active or
resumable session state
Peer Certificate: An X509.v3 certificate of the peer; this element of the state may
Compression method: The algorithm used to compress data prior to encryption
Cipher spec: Specifies the bulk data encryption algorithm and a hash algorithm used for MAC
calculation; also defines cryptographic attributes such as the hash_size.
Master Secret: 48-byte secret shared between the client and the server.
Is resumable: A flag indicating whether the session can be used to initiate new connections.
5) List and briefly define the parameters that define an SSL session connection.
Server and client random: Byte sequences that are chosen by the server and client for each
connection
Server write MAC secret: The secret key used in MAC operations on data sent by the server
Client write MAC secret: The secret key used in MAC operations on data sent by the client.
Server write key: The secret encryption key for data encrypted by the server and decrypted
by the client.
Client write key: The symmetric encryption key for data encrypted by the client and
decrypted by the server
The SSL Record Protocol provides two services for SSL connections:
1. Confidentiality: The Handshake Protocol defines a shared secret key that is used for
conventional encryption of SSL payloads
2. Message integrity: The Handshake Protocol also defines a shared secret key that is used to
form a message authentication code (MAC).
1. Fragmentation
2. Compression
3. Message authentication code
4. Preparing header
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary
protocol used to send data between a web browser and a website. HTTPS is encrypted in order to
increase security of data transfer
1. SSH User Authentication Protocol: Authenticates the client-side user to the server.
2. SSH Transport Layer Protocol: Provides server authentication, confidentiality, and integrity. It may
optionally also provide compression.
3. SSH Connection Protocol: Multiplexes the encrypted tunnel into several logical channels.
11. Consider the following threats to Web security and describe how each is countered by a
particular feature of SSL.
i) Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional
encryption algorithm.
Given that both RC4 and RC2 ciphers have 128-bit encryption, they each have approximately 3.4 *
1038 possible keys, making them very difficult to crack. Assuming that a hacker could test 10,000
(104) keys every second, it could take up to one octillian (1.08 * 10 27) years to break the cipher. Only
when an octillian keys can be tested every second, is it possible that the cipher can be broken within
a year.
ii) Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the
HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the
known-plaintext message. When an encrypted message is intercepted, the attacker takes the
portion containing the encrypted known plaintext and looks up the ciphertext in the dictionary. The
ciphertext should match against an entry that was encrypted with the same secret key. If there are
several matches, each of these can be tried against the full ciphertext to determine the right one.
This attack is especially effective against small key
This attack is defeated the same way the earlier attack is addressed. Since there are so many
different sets of keys available, the size of the dictionary required would be too large to be created.
For small key sizes, it could be possible to hack into after a certain amount of time, resources and
money. However, for larger key sizes, specifically 128-bit, it could take a very long time
The replay attack is countered through the usage of a timestamp in the server authentication
process. The client will check to see if the server's certificate is valid and during that process, a
timestamp would be used to verify that the messages are not old.
iv) Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the
server and as the server to the client.
The client application checks the server domain name specified in the server certificate is the same
as the actual domain name of the server. If they are not the same, the authentication fails.
vi) IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
If the server requests client authentication, the SSL protocol requires that the client create a digital
signature by creating a one-way hash from randomly generated data during the handshake and
known only to the client and server. The hash data is encrypted with the client's private key that
corresponds to the public key in the certificate received by the server.
vii) IP Hijacking: An active, authenticated connection between two hosts is disrupted and the
attacker takes the place of one of the hosts.
SSL uses HMAC, a simple, fast, hash-based construction with strong theoretical evidence for its
security. Authentication can be requested during the connection in order to protect the confidential
nature of data being passed.
viii) SYN Flooding: An attacker sends TCP SYN messages to request a connection but does not
respond to the final message to establish the connection fully. The attacked TCP module typically
leaves the “half-open connection” around for a few minutes. Repeated SYN messages can clog the
TCP module.
SYN flooding is also handled by SSL in that the source of the message has to be authenticated before
a response is generated. The messages that are continuously sent, can be removed if the source of
the requests are considered invalid.