What can a computer firewall protect against?
unwanted traffic
unsecure computer from attacks from the internet
attacks against protocols or services that the firewall blocke
What is the difference between stateful and stateless filtering?
stateless:
make NEW decision for every packet not considering any state (e.g. established…)
=> decision only based on infor related to packet (and thus contained in packet like IP addresses, ports, protocols, …)
Stateful:
keep track of state of network connections
e.g. know wether incominc packet belongs to already established ftp connectoin
-> take state of connectoin packet belong to into consideration
What are the two possible policies for Firewalls?
whitelisting
deny all except rules state otherwise
hard to manage (has to consider everything that should be whitelisted to not break some functionality); more secure
blacklisting
allow all except rules state otherwise
less secure but easier to manage
What can’t a computer firewall protect against?
attacks on the firewall itself
malware
Where do packet filtering firewalls NOT help?
viruses
social engineering
internal attacker
tunnelled traffic that is forwarded by an internal host
When is the complete network NOT open for an attacker after breach of a webserver?
when the webserver is in a DMZ
What are the three security goals we discussed ?
confidentiality
only entiteled entities may be able to read the data
integrity
tampering with message will be detected
authenticity
communicating parties can be identified / verified
non-repudiation
communication partner cannot deny a message originated from him
forward secrecy
compromise at this point in time does not lead to compromise of past connections
What is the chosen plaintext attack?
attacker attacks cipher and has ability to let his chosen plaintext be encrypted
-> can perform crypto analysis…
What does chosen plaintext security does not help against?
active attacker
-> can manipulate and forge messages…
How to increase security against active attackers?
authenticators such as MAC tags …
When does an algo provide authenticity? What is this called?=
attacker can get authentication tag for arbitrary messages by requesting encryption
-> but cannot compute valid authenticatoin tag for a new message itself…
=> Security under chosen ciper text attack
-> provides message authentication
What are the two major cryptography types?
private-key cryptography (symmetric cryptography)
public-key cryptography (asymmetric cryptography)
What is an assumption in symmetric cryptography? How long are the keys usually?
parties have exchanged the key securely…
usually 128 bit
Is there only one key used in symmetric encryption?
different keys have be used for each comm. directoin and each purpose
-> encryption and authentication…
What are examples for encryption codes and MACs?
encryption:
AES-CTR
ChaCha20
MACs:
HMAC-SHA2
What are the main three purposes to use assymetric cryptography?
authentication
key exchange
What keys are there in pub key crypto?
each participant has
private key
public key
What do signatures provide in pub key crypto? How is it created?
signatures -> created with private key, verified with corresponding public key
provide authenticity and non-repudiation
What is a downside of pub key crypto? Where is is thus usually used?
slower than symmetric crypto
-> used for handshakes in order to generate shared secred keys (diffie hellman)
What is a digital signature?
attached to message to provide assurances of the sender and integrity of the message
What are certificates? (formal)
data structures that bind key values to subjects
What do X.509 certs ensure? On what assumption does this base?
link identity to a pub key
=> private key only known by the identity certifed…
How are certifiactes validated?
by a trusted third party
-> signs the certificate with its private key
=> pub key usually shipped in e.g. os, allowing to check the certificate…
How to ensure trust using pub keys?-
alice was there when bob signed it -> bob personally provides pub key
alice has already bobs key and thus can compare it
alice trusts trusted third party
What does TLS stand for? What does it secure?
transport layer security
Secures layer 4 traffic
What is the predecessor of TLS?
SSL
secure socket layer
What are the improvements of TLS 1.3 over TLS 1.2?
drop of support for older, less secure cryptographic features
accelerated TLS handshake
one RTT instead of two; support for 0-RTT
=> faster and more secure in a nutshell
When can a 0-RTT handshake be used?
=> already have pre-shared key
either obtained externally
or from previous handshake process
What does a 0-RTT handshake allow?
transmit data at the first flight
-> as it can already be encrypted…
Name some things TLS 1.3 does not support anymore
RSA key transport (no forward secrecy)
CBC mode ciphers
RC4 stream cipher
arbitrary diffie-hellman groups
What is diffie hellman used for?
exchange keys without having anyone get to know them
or to generate it themselves
wile partners share same key
What is the basic scheme of diffie hellmann?
alice and bob aggre on two parameters, g and p, for key creation
-> e.g. alice simply sending them to bob
then both generate random number
only known to them…
alice computes A = g^a mod p
bob cmoputes B = g^b mod p
=> transmit A and B to partner
=> shared key K = B ^a mod p = A ^b mod p…
On what layer is TLS working?
sessino / application
How is MAC and encryption combined?
Enc(X, MAC(X))
-> hash then encrypt
What does TLS use to encrypt data?
symmetric cryptography
-> as it is much faster than assymetric encryption
By which components is a cipher suite name defined?
protocol
key exchange method
authentication algorithm
cipher for data transfer
Message authentication code (MAC)
Does TLS prescribe a specific encryption algorithm?
no -> client and server are able to negotiate it
Can TLS be used with UDP?
no, not unless QUIC is used
-> requires reliable transport layer protocol
Is TLS data transfer always encrypted?
no
-> there exists the option of ‘no encryption’
Do TLS client and server always need to authenticate themselves using certificates?
Can a passive attacker derive the key form a DH key exchange?
Is DH secure against MitM?
-> pairwise key exchange…
Does DH require a pre-shared secret?
Can the messages of a DH key exchange be read by an attacker?
yes
Can public key cryptography work with only the communicating parties?
-> requres way to verify that the pub key belong to communication partner…
-> and that the communication partner is who he is…
How is the dilemma of knowing the identity and that the pub key belings to the other party solved?
certificates
and PKI
=> trusted third parties that ensrue this…
What is an essential player in the PKI?
the certificate authority (CA)
How does PKI basically work?
have CA (institution) with public key
CAs issue certificates (pub key <-> identity linkage)
registration authorities sign these with their private key (often the CA itself)
=> Have to trust CA …. (RA)
have certificates themselves
-> continue verifying until reach root CA -> self-signed certificate…
What is the chain of trust in PKI?
trust root CA
-> can verify certs that were signed by it
-> trust CA that have these
-> …
=> usually browser comes up with pre-installed list of trusted CAs
How can one retrieve a certificate? What is required?
certificatoin request
-> provdie identity (e.g. company name), distinguished name (i.e. domain name), public key
key pair created locally by server, private key kept secret
=> wrap data in certification request (PKCS#10 format)
has to be signed with private key (to ensure server has private key…)
receiving the request, CA has to verify CSR (e.g. show up with passport, …)
-> if verified, CA issues signed certificate (e.g. X.509)
How is it possible to bind an identifying string to the public key of the server?
certificaet sent along with signed, hashed version of the certificate
certificate contains servers public key and string which identifies the server
CA uses its private key to sign the servers certificate
Is verifying the chain of trust a top-down approach=
no, bottom up until we reach the root (or already trusted CA)
What is a reason for the establishment of the chain of trust?
not a single authority
-> scaling
-> if single, who should it be=
-> single point of attack…
Can there be multiple reasonable chain of trusts for the same X.509 cert?
no -> only one
Why do we need CAs?
to have a trusted third paryt
to sign certificates
What is cryptography and what is it not?
it is
tool to protect inforamtion in computer systems
basis of many security mechanisms
its not
holy grail solving all security problems
sth one should invent or implement oneself
What does Kerckoffs principle state?
security should not be acheived by obscurity…
How do block ciphers basically work? What are some examples?
chop up the data into blocks of equal size, pad the last block
encrypt all blocks
examples:
electronic codebook
cipher block chaining
ciper feedback
output feedback
counter
What are stream ciphers?
key stream xor plaintext
-> key stream generated by key and nonce
What can hashing be used for outside of encryption? What is a trade-off?
error detection
computational overhead
increase of message lenght
vs
error deteciton or even correction…
What types of hash functions are used in a security perspectiove? What is tried to achieve (and what not)=
cryptographioc hash functions
-> ensure integrity
but completely other topic whether integrity was broken on purpose (or sth like transmisison error…)
What should cryptographic hash funcitons provide?
should be computatonally infeasible to recalculate them…
=> and by thus comp. infeasible to forge it
For what thing are crypto hash functions used?
message authenticaion codes
What are properties of crypto hash funcitons?
one way function
easy to compute
variable length input
fixed length output
What must hold for crypto hash funciotnß
first pre image resistancy (one way fct)
x -> y : given y, comp. infeasible to calculate x
second pre image resistance
given x, cannot find other x’ that maps to same y (comp infeasibe)
collision resistance
cannot efficiently find pair x, x’ that map to same y (second pre image -> one x was given…)
random oracle property
computationally infeasible to distinguish y from random n-bit value
Why are crypt. hash only part of MAC?
applying only crypt hash not sufficient…
=> Kerckhoffs principle -> hash functions are known
-> need to protect them…
What is a soluion to protect the crypt hash to ensure integrity?
include secret in hash value…
=> only person with secret can re-calculate hash value… (=> MAC)
What can MAC do and what can’t they do?
prove message integrity
detect tampering
cannot be forged
can be replayed
Do MACs prove authenticity?
depends on definition and scenario
if k shared between alice an bob and k only used by alice to compute MACs of messages from her to bob
-> bob can be sure its alice
if k shared group key -> not sure who sent it
also, external observer cannot validate MAC
Why do we need PKI?
ciphers and authenticaion (most of them) require common, pre-shared secret key
out of band sharing not always an option
key exchange needs to be conducted securely
vast amount of symm. keys needed if one for each comm. partner… => O(n^2)
=> with symmetric: everyone has single key pair -> 2n (O(n))
What functions are there for digital signatures?
signing function S(m, sk) -> sigma (signature)
sk: signing key / secret / privat key
verification funciton V(pk, m, sigma) -> True/False
What is transmitted when signing a message?
the message and the signature (sigma)
-> can be verified by applying verificatoin function to the message, the signa and the public key…
Where are digital signatures used?
code signing
What are problems with asymmetric cryptography?
pubilc keys need to be managed
computationally more expensive due to math properties
=> often hybrid used (DH key exchange)
What are some hybrid encryption schemes?
use assym. crypto for authenticaiton and key exchange / establishement
use symmetric encryption for real data transfer
=> TLS makes use of this…
What can symmetric crypto provide?
integrity (with hashes)
authenticity (somewhat)
no key exchange
What can assym, crypto provide?
integrity (with signatures)
key exchnage
How can we protect against MitM key exchange attacks? (no DH)
use certificates and signatures to vlaidate public key
What is domain validation?
validate ownership over domain
-> publish DNS TXT record with challenge value
-> publish nonce provided by issuer
respond to email sent to mail in whois
…
Over what informaiton is a certificate created?
pub key
entity name
vaildity period
signer information
+ signature over all these files
=> signed with private key of CA
What is the general cert issuing process for domains?
issued by CA
prove control over domain to CA -> e.g. DNS TXT, nonce on website, respond to mail,…
CA signs with private key
your pub key, other certificate information
certificate is sent to you
How are certs revocated?
e.g. when private key is compromised
collected in signed certificate revocation list
query the CA with the online certificaet status protocol (OCSP)
esentially unsolved right now
When is a cert considered verified?
trusted CA has signed it
name correct
validity period not over
valid signature
not revoked
What is the CA/Browser Forum?
voluntary association
negotiates rules and controls for issuance
different levels of assureances without security benefit
What are problems with our current PKI structure?
many trusted CAs
very difficult to remove CAs
any CA may sign a certificate for anyone, anywhere
tons of misissuances • CAs by governments
CAs have been compromised
CAs have sold person-in-the-middle boxes
certificate revocation problematic
complicated format
What is the idea of certificaet transparency?
irrevocably publish issuances
enable everybody to check if presented certificate was published
no hiding of misissuances anymore
open and public
multiple logs
efficient check if certificate is in log
efficient check if only append operations have been done in this log
What is the browser sutiatoin on certificate transparency?
Chrome demanded CT starting April 2018
Safari demanded CT starting October 2018
Firefox: unclear, some work has been done
Where is TLS in the OSI layers?
above TCP
What does TLS provide?
confidentiality and data integrity
peer authenticatroin
client-server principle
transparent for applications e.g. IMAPS, HTTPS
What are the subprotocols in TLS?
handshake
change cipher spec
alert
application data
record
When should we revocate certificates? How is it done?
e.g. private key compromised
-> query the CA with the online certificate status protocol
What is the record protocol?
sub protocol of TLS
-> responsible for verifying integrity and origin of application data
-> responsible for its securing
What is the concept of the record protocol?
-> random, DH
x random, DH, compute DH
<- random, cert, DH, signature(DH, randoms)
x compute DH, verify certificate, verify signature, compute auth
What TLS handshake modes are there?
1-RTT: DH
DH moved into clientHello, serverHello
authenticatio: hash over all messages signed with server public key
0-RTT:
server sends long-term DH public key previously
client uses this for encrypting first message
What TLS versions are secure=
1.3
1.2 with GCM
What does nftables basically do?
packet traversal rules
rule: match header and take action
modules provide wide variety of matching options
actions. go to other chain, drop, accept, reject, SNAT
rules added to empty predefined and custom chains
chains organized in tables
How is the cipher suite negotiated in TLS?
client sends list of supported cipher suites to server
-> server chooses
choice of actual suite provided in server hello
Zuletzt geändertvor 2 Jahren