Deck 6: Transport-Level Security

Sessions are used to avoid the expensive negotiation of new security parameters for each connection that shares security parameters.

The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record Protocol.

One way to classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server.

The TLS Record Format is the same as that of the SSL Record Format.

The shared master secret is a one-time 48-byte value generated for a session by means of secure key exchange.

The _________ Protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm along with cryptographic keys to be used to protect data sent in an SSL Record.

The first element of the CipherSuite parameter is the key exchange method.

Server authentication occurs at the transport layer, based on the server possessing a public/private key pair.

The encryption of the compressed message plus the MAC must increase the content length by more than 1024 bytes.

The _________ takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.

The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets.

__________ provides security services between Transport Layer Protocol and applications that use TCP.

The certificate message is required for any agreed on key exchange method except fixed Diffie-Hellman.

The SSL Record Protocol is used before any application data is transmitted.

Phase 3 completes the setting up of a secure connection of the Handshake Protocol.

Microsoft Explorer originated SSL.

__________ provides confidentiality using symmetric encryption and message integrity using a message authentication code.

ISSl/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

_________ attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted.

Three higher-layer protocols defined as part of SSL and used in the management of SSL exchanges are: The Handshake Protocol, The Change Cipher Spec Protocol, and the __________ .

The handshake is complete and the client and server may begin to exchange application layer data after the server sends its finished message in phase _________ of the Handshake Protocol.

__________ refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server.

__________ allows the client to set up a "hijacker" process that will intercept selected application-level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel.

A signature is created by taking the hash of a message and encrypting it with the sender's _________ .

_________ require a client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV, which are generated from the master secret in that order.

_________ would appear to be the most secure of the three Diffie-Hellman options because it results in a temporary, authenticated key.

TLS makes use of a pseudorandom function referred to as __________ to expand secrets into blocks of data for purposes of key generation or validation.

Three standardized schemes that are becoming increasingly important as part of Web commerce and that focus on security at the transport layer are: SSL/TLS, HTTPS, and _________.

Two important SSL concepts are the SSL session and the SSL _________ .